Cluster

name string

The unique name of the resource.

args ClusterArgs

The arguments to resource properties.

opts CustomResourceOptions

Bag of options to control resource's behavior.

resource_name str

The unique name of the resource.

opts ResourceOptions

A bag of options that control this resource's behavior.

ctx Context

Context object for the current deployment.

name string

The unique name of the resource.

args ClusterArgs

The arguments to resource properties.

opts ResourceOption

Bag of options to control resource's behavior.

name string

The unique name of the resource.

args ClusterArgs

The arguments to resource properties.

opts CustomResourceOptions

Bag of options to control resource's behavior.

AddonsConfig ClusterAddonsConfigArgs

The configuration for addons supported by GKE. Structure is documented below.

AuthenticatorGroupsConfig ClusterAuthenticatorGroupsConfigArgs

Configuration for the Google Groups for GKE feature. Structure is documented below.

ClusterAutoscaling ClusterClusterAutoscalingArgs

Per-cluster configuration of Node Auto-Provisioning with Cluster Autoscaler to automatically adjust the size of the cluster and create/delete node pools based on the current needs of the cluster’s workload. See the guide to using Node Auto-Provisioning for more details. Structure is documented below.

ClusterIpv4Cidr string

The IP address range of the Kubernetes pods in this cluster in CIDR notation (e.g. 10.96.0.0/14). Leave blank to have one automatically chosen or specify a /14 block in 10.0.0.0/8. This field will only work for routes-based clusters, where ip_allocation_policy is not defined.

ClusterTelemetry ClusterClusterTelemetryArgs

) Configuration for ClusterTelemetry feature, Structure is documented below.

DatabaseEncryption ClusterDatabaseEncryptionArgs

Structure is documented below.

DefaultMaxPodsPerNode int

The default maximum number of pods per node in this cluster. This doesn’t work on “routes-based” clusters, clusters that don’t have IP Aliasing enabled. See the official documentation for more information.

Description string

Description of the cluster.

EnableBinaryAuthorization bool

Enable Binary Authorization for this cluster. If enabled, all container images will be validated by Google Binary Authorization.

EnableIntranodeVisibility bool

Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network.

EnableKubernetesAlpha bool

Whether to enable Kubernetes Alpha features for this cluster. Note that when this option is enabled, the cluster cannot be upgraded and will be automatically deleted after 30 days.

EnableLegacyAbac bool

Whether the ABAC authorizer is enabled for this cluster. When enabled, identities in the system, including service accounts, nodes, and controllers, will have statically granted permissions beyond those provided by the RBAC configuration or IAM. Defaults to false

EnableShieldedNodes bool

Enable Shielded Nodes features on all nodes in this cluster. Defaults to false.

EnableTpu bool

Whether to enable Cloud TPU resources in this cluster. See the official documentation.

InitialNodeCount int

The number of nodes to create in this cluster’s default node pool. In regional or multi-zonal clusters, this is the number of nodes per zone. Must be set if node_pool is not set. If you’re using gcp.container.NodePool objects with no default node pool, you’ll need to set this to a value of at least 1, alongside setting remove_default_node_pool to true.

IpAllocationPolicy ClusterIpAllocationPolicyArgs

Configuration of cluster IP allocation for VPC-native clusters. Adding this block enables IP aliasing, making the cluster VPC-native instead of routes-based. Structure is documented below.

Location string

The location (region or zone) in which the cluster master will be created, as well as the default node location. If you specify a zone (such as us-central1-a), the cluster will be a zonal cluster with a single cluster master. If you specify a region (such as us-west1), the cluster will be a regional cluster with multiple masters spread across zones in the region, and with default node locations in those zones as well

LoggingService string

The logging service that the cluster should write logs to. Available options include logging.googleapis.com(Legacy Stackdriver), logging.googleapis.com/kubernetes(Stackdriver Kubernetes Engine Logging), and none. Defaults to logging.googleapis.com/kubernetes

MaintenancePolicy ClusterMaintenancePolicyArgs

The maintenance policy to use for the cluster. Structure is documented below.

MasterAuth ClusterMasterAuthArgs

The authentication information for accessing the Kubernetes master. Some values in this block are only returned by the API if your service account has permission to get credentials for your GKE cluster. If you see an unexpected diff removing a username/password or unsetting your client cert, ensure you have the container.clusters.getCredentials permission. Structure is documented below.

MasterAuthorizedNetworksConfig ClusterMasterAuthorizedNetworksConfigArgs

The desired configuration options for master authorized networks. Omit the nested cidr_blocks attribute to disallow external access (except the cluster node IPs, which GKE automatically whitelists).

MinMasterVersion string

The minimum version of the master. GKE will auto-update the master to new versions, so this does not guarantee the current master version–use the read-only master_version field to obtain that. If unset, the cluster’s version will be set by GKE to the version of the most recent official release (which is not necessarily the latest version). Most users will find the gcp.container.getEngineVersions data source useful - it indicates which versions are available. If you intend to specify versions manually, the docs describe the various acceptable formats for this field.

MonitoringService string

The monitoring service that the cluster should write metrics to. Automatically send metrics from pods in the cluster to the Google Cloud Monitoring API. VM metrics will be collected by Google Compute Engine regardless of this setting Available options include monitoring.googleapis.com(Legacy Stackdriver), monitoring.googleapis.com/kubernetes(Stackdriver Kubernetes Engine Monitoring), and none. Defaults to monitoring.googleapis.com/kubernetes

Name string

The name of the cluster, unique within the project and location.

Network string

The name or self_link of the Google Compute Engine network to which the cluster is connected. For Shared VPC, set this to the self link of the shared network.

NetworkPolicy ClusterNetworkPolicyArgs

Configuration options for the NetworkPolicy feature. Structure is documented below.

NetworkingMode string

Determines whether alias IPs or routes will be used for pod IPs in the cluster. Options are VPC_NATIVE or ROUTES. VPC_NATIVE enables IP aliasing, and requires the ip_allocation_policy block to be defined. By default when this field is unspecified, GKE will create a ROUTES-based cluster.

NodeConfig ClusterNodeConfigArgs

Parameters used in creating the default node pool. Generally, this field should not be used at the same time as a gcp.container.NodePool or a node_pool block; this configuration manages the default node pool, which isn’t recommended to be used. Structure is documented below.

NodeLocations List<string>

The list of zones in which the cluster’s nodes are located. Nodes must be in the region of their regional cluster or in the same region as their cluster’s zone for zonal clusters. If this is specified for a zonal cluster, omit the cluster’s zone.

NodePools List<ClusterNodePoolArgs>

List of node pools associated with this cluster. See gcp.container.NodePool for schema. Warning: node pools defined inside a cluster can’t be changed (or added/removed) after cluster creation without deleting and recreating the entire cluster. Unless you absolutely need the ability to say “these are the only node pools associated with this cluster”, use the gcp.container.NodePool resource instead of this property.

NodeVersion string

The Kubernetes version on the nodes. Must either be unset or set to the same value as min_master_version on create. Defaults to the default version set by GKE which is not necessarily the latest version. This only affects nodes in the default node pool. While a fuzzy version can be specified, it’s recommended that you specify explicit versions as the provider will see spurious diffs when fuzzy versions are used. See the gcp.container.getEngineVersions data source’s version_prefix field to approximate fuzzy versions. To update nodes in other node pools, use the version attribute on the node pool.

PodSecurityPolicyConfig ClusterPodSecurityPolicyConfigArgs

Configuration for the PodSecurityPolicy feature. Structure is documented below.

PrivateClusterConfig ClusterPrivateClusterConfigArgs

Configuration for private clusters, clusters with private nodes. Structure is documented below.

Project string

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

ReleaseChannel ClusterReleaseChannelArgs

Configuration options for the Release channel feature, which provide more control over automatic upgrades of your GKE clusters. When updating this field, GKE imposes specific version requirements. See Migrating between release channels for more details; the gcp.container.getEngineVersions datasource can provide the default version for a channel. Note that removing the release_channel field from your config will cause this provider to stop managing your cluster’s release channel, but will not unenroll it. Instead, use the "UNSPECIFIED" channel. Structure is documented below.

RemoveDefaultNodePool bool

If true, deletes the default node pool upon cluster creation. If you’re using gcp.container.NodePool resources with no default node pool, this should be set to true, alongside setting initial_node_count to at least 1.

ResourceLabels Dictionary<string, string>

The GCE resource labels (a map of key/value pairs) to be applied to the cluster.

ResourceUsageExportConfig ClusterResourceUsageExportConfigArgs

Configuration for the ResourceUsageExportConfig feature. Structure is documented below.

Subnetwork string

The name or self_link of the Google Compute Engine subnetwork in which the cluster’s instances are launched.

VerticalPodAutoscaling ClusterVerticalPodAutoscalingArgs

Vertical Pod Autoscaling automatically adjusts the resources of pods controlled by it. Structure is documented below.

WorkloadIdentityConfig ClusterWorkloadIdentityConfigArgs

Workload Identity allows Kubernetes service accounts to act as a user-managed Google IAM Service Account. Structure is documented below.

AddonsConfig ClusterAddonsConfig

The configuration for addons supported by GKE. Structure is documented below.

AuthenticatorGroupsConfig ClusterAuthenticatorGroupsConfig

Configuration for the Google Groups for GKE feature. Structure is documented below.

ClusterAutoscaling ClusterClusterAutoscaling

Per-cluster configuration of Node Auto-Provisioning with Cluster Autoscaler to automatically adjust the size of the cluster and create/delete node pools based on the current needs of the cluster’s workload. See the guide to using Node Auto-Provisioning for more details. Structure is documented below.

ClusterIpv4Cidr string

The IP address range of the Kubernetes pods in this cluster in CIDR notation (e.g. 10.96.0.0/14). Leave blank to have one automatically chosen or specify a /14 block in 10.0.0.0/8. This field will only work for routes-based clusters, where ip_allocation_policy is not defined.

ClusterTelemetry ClusterClusterTelemetry

) Configuration for ClusterTelemetry feature, Structure is documented below.

DatabaseEncryption ClusterDatabaseEncryption

Structure is documented below.

DefaultMaxPodsPerNode int

The default maximum number of pods per node in this cluster. This doesn’t work on “routes-based” clusters, clusters that don’t have IP Aliasing enabled. See the official documentation for more information.

Description string

Description of the cluster.

EnableBinaryAuthorization bool

Enable Binary Authorization for this cluster. If enabled, all container images will be validated by Google Binary Authorization.

EnableIntranodeVisibility bool

Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network.

EnableKubernetesAlpha bool

Whether to enable Kubernetes Alpha features for this cluster. Note that when this option is enabled, the cluster cannot be upgraded and will be automatically deleted after 30 days.

EnableLegacyAbac bool

Whether the ABAC authorizer is enabled for this cluster. When enabled, identities in the system, including service accounts, nodes, and controllers, will have statically granted permissions beyond those provided by the RBAC configuration or IAM. Defaults to false

EnableShieldedNodes bool

Enable Shielded Nodes features on all nodes in this cluster. Defaults to false.

EnableTpu bool

Whether to enable Cloud TPU resources in this cluster. See the official documentation.

InitialNodeCount int

The number of nodes to create in this cluster’s default node pool. In regional or multi-zonal clusters, this is the number of nodes per zone. Must be set if node_pool is not set. If you’re using gcp.container.NodePool objects with no default node pool, you’ll need to set this to a value of at least 1, alongside setting remove_default_node_pool to true.

IpAllocationPolicy ClusterIpAllocationPolicy

Configuration of cluster IP allocation for VPC-native clusters. Adding this block enables IP aliasing, making the cluster VPC-native instead of routes-based. Structure is documented below.

Location string

The location (region or zone) in which the cluster master will be created, as well as the default node location. If you specify a zone (such as us-central1-a), the cluster will be a zonal cluster with a single cluster master. If you specify a region (such as us-west1), the cluster will be a regional cluster with multiple masters spread across zones in the region, and with default node locations in those zones as well

LoggingService string

The logging service that the cluster should write logs to. Available options include logging.googleapis.com(Legacy Stackdriver), logging.googleapis.com/kubernetes(Stackdriver Kubernetes Engine Logging), and none. Defaults to logging.googleapis.com/kubernetes

MaintenancePolicy ClusterMaintenancePolicy

The maintenance policy to use for the cluster. Structure is documented below.

MasterAuth ClusterMasterAuth

The authentication information for accessing the Kubernetes master. Some values in this block are only returned by the API if your service account has permission to get credentials for your GKE cluster. If you see an unexpected diff removing a username/password or unsetting your client cert, ensure you have the container.clusters.getCredentials permission. Structure is documented below.

MasterAuthorizedNetworksConfig ClusterMasterAuthorizedNetworksConfig

The desired configuration options for master authorized networks. Omit the nested cidr_blocks attribute to disallow external access (except the cluster node IPs, which GKE automatically whitelists).

MinMasterVersion string

The minimum version of the master. GKE will auto-update the master to new versions, so this does not guarantee the current master version–use the read-only master_version field to obtain that. If unset, the cluster’s version will be set by GKE to the version of the most recent official release (which is not necessarily the latest version). Most users will find the gcp.container.getEngineVersions data source useful - it indicates which versions are available. If you intend to specify versions manually, the docs describe the various acceptable formats for this field.

MonitoringService string

The monitoring service that the cluster should write metrics to. Automatically send metrics from pods in the cluster to the Google Cloud Monitoring API. VM metrics will be collected by Google Compute Engine regardless of this setting Available options include monitoring.googleapis.com(Legacy Stackdriver), monitoring.googleapis.com/kubernetes(Stackdriver Kubernetes Engine Monitoring), and none. Defaults to monitoring.googleapis.com/kubernetes

Name string

The name of the cluster, unique within the project and location.

Network string

The name or self_link of the Google Compute Engine network to which the cluster is connected. For Shared VPC, set this to the self link of the shared network.

NetworkPolicy ClusterNetworkPolicy

Configuration options for the NetworkPolicy feature. Structure is documented below.

NetworkingMode string

Determines whether alias IPs or routes will be used for pod IPs in the cluster. Options are VPC_NATIVE or ROUTES. VPC_NATIVE enables IP aliasing, and requires the ip_allocation_policy block to be defined. By default when this field is unspecified, GKE will create a ROUTES-based cluster.

NodeConfig ClusterNodeConfig

Parameters used in creating the default node pool. Generally, this field should not be used at the same time as a gcp.container.NodePool or a node_pool block; this configuration manages the default node pool, which isn’t recommended to be used. Structure is documented below.

NodeLocations []string

The list of zones in which the cluster’s nodes are located. Nodes must be in the region of their regional cluster or in the same region as their cluster’s zone for zonal clusters. If this is specified for a zonal cluster, omit the cluster’s zone.

NodePools []ClusterNodePool

List of node pools associated with this cluster. See gcp.container.NodePool for schema. Warning: node pools defined inside a cluster can’t be changed (or added/removed) after cluster creation without deleting and recreating the entire cluster. Unless you absolutely need the ability to say “these are the only node pools associated with this cluster”, use the gcp.container.NodePool resource instead of this property.

NodeVersion string

The Kubernetes version on the nodes. Must either be unset or set to the same value as min_master_version on create. Defaults to the default version set by GKE which is not necessarily the latest version. This only affects nodes in the default node pool. While a fuzzy version can be specified, it’s recommended that you specify explicit versions as the provider will see spurious diffs when fuzzy versions are used. See the gcp.container.getEngineVersions data source’s version_prefix field to approximate fuzzy versions. To update nodes in other node pools, use the version attribute on the node pool.

PodSecurityPolicyConfig ClusterPodSecurityPolicyConfig

Configuration for the PodSecurityPolicy feature. Structure is documented below.

PrivateClusterConfig ClusterPrivateClusterConfig

Configuration for private clusters, clusters with private nodes. Structure is documented below.

Project string

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

ReleaseChannel ClusterReleaseChannel

Configuration options for the Release channel feature, which provide more control over automatic upgrades of your GKE clusters. When updating this field, GKE imposes specific version requirements. See Migrating between release channels for more details; the gcp.container.getEngineVersions datasource can provide the default version for a channel. Note that removing the release_channel field from your config will cause this provider to stop managing your cluster’s release channel, but will not unenroll it. Instead, use the "UNSPECIFIED" channel. Structure is documented below.

RemoveDefaultNodePool bool

If true, deletes the default node pool upon cluster creation. If you’re using gcp.container.NodePool resources with no default node pool, this should be set to true, alongside setting initial_node_count to at least 1.

ResourceLabels map[string]string

The GCE resource labels (a map of key/value pairs) to be applied to the cluster.

ResourceUsageExportConfig ClusterResourceUsageExportConfig

Configuration for the ResourceUsageExportConfig feature. Structure is documented below.

Subnetwork string

The name or self_link of the Google Compute Engine subnetwork in which the cluster’s instances are launched.

VerticalPodAutoscaling ClusterVerticalPodAutoscaling

Vertical Pod Autoscaling automatically adjusts the resources of pods controlled by it. Structure is documented below.

WorkloadIdentityConfig ClusterWorkloadIdentityConfig

Workload Identity allows Kubernetes service accounts to act as a user-managed Google IAM Service Account. Structure is documented below.

addonsConfig ClusterAddonsConfig

The configuration for addons supported by GKE. Structure is documented below.

authenticatorGroupsConfig ClusterAuthenticatorGroupsConfig

Configuration for the Google Groups for GKE feature. Structure is documented below.

clusterAutoscaling ClusterClusterAutoscaling

Per-cluster configuration of Node Auto-Provisioning with Cluster Autoscaler to automatically adjust the size of the cluster and create/delete node pools based on the current needs of the cluster’s workload. See the guide to using Node Auto-Provisioning for more details. Structure is documented below.

clusterIpv4Cidr string

The IP address range of the Kubernetes pods in this cluster in CIDR notation (e.g. 10.96.0.0/14). Leave blank to have one automatically chosen or specify a /14 block in 10.0.0.0/8. This field will only work for routes-based clusters, where ip_allocation_policy is not defined.

clusterTelemetry ClusterClusterTelemetry

) Configuration for ClusterTelemetry feature, Structure is documented below.

databaseEncryption ClusterDatabaseEncryption

Structure is documented below.

defaultMaxPodsPerNode number

The default maximum number of pods per node in this cluster. This doesn’t work on “routes-based” clusters, clusters that don’t have IP Aliasing enabled. See the official documentation for more information.

description string

Description of the cluster.

enableBinaryAuthorization boolean

Enable Binary Authorization for this cluster. If enabled, all container images will be validated by Google Binary Authorization.

enableIntranodeVisibility boolean

Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network.

enableKubernetesAlpha boolean

Whether to enable Kubernetes Alpha features for this cluster. Note that when this option is enabled, the cluster cannot be upgraded and will be automatically deleted after 30 days.

enableLegacyAbac boolean

Whether the ABAC authorizer is enabled for this cluster. When enabled, identities in the system, including service accounts, nodes, and controllers, will have statically granted permissions beyond those provided by the RBAC configuration or IAM. Defaults to false

enableShieldedNodes boolean

Enable Shielded Nodes features on all nodes in this cluster. Defaults to false.

enableTpu boolean

Whether to enable Cloud TPU resources in this cluster. See the official documentation.

initialNodeCount number

The number of nodes to create in this cluster’s default node pool. In regional or multi-zonal clusters, this is the number of nodes per zone. Must be set if node_pool is not set. If you’re using gcp.container.NodePool objects with no default node pool, you’ll need to set this to a value of at least 1, alongside setting remove_default_node_pool to true.

ipAllocationPolicy ClusterIpAllocationPolicy

Configuration of cluster IP allocation for VPC-native clusters. Adding this block enables IP aliasing, making the cluster VPC-native instead of routes-based. Structure is documented below.

location string

The location (region or zone) in which the cluster master will be created, as well as the default node location. If you specify a zone (such as us-central1-a), the cluster will be a zonal cluster with a single cluster master. If you specify a region (such as us-west1), the cluster will be a regional cluster with multiple masters spread across zones in the region, and with default node locations in those zones as well

loggingService string

The logging service that the cluster should write logs to. Available options include logging.googleapis.com(Legacy Stackdriver), logging.googleapis.com/kubernetes(Stackdriver Kubernetes Engine Logging), and none. Defaults to logging.googleapis.com/kubernetes

maintenancePolicy ClusterMaintenancePolicy

The maintenance policy to use for the cluster. Structure is documented below.

masterAuth ClusterMasterAuth

The authentication information for accessing the Kubernetes master. Some values in this block are only returned by the API if your service account has permission to get credentials for your GKE cluster. If you see an unexpected diff removing a username/password or unsetting your client cert, ensure you have the container.clusters.getCredentials permission. Structure is documented below.

masterAuthorizedNetworksConfig ClusterMasterAuthorizedNetworksConfig

The desired configuration options for master authorized networks. Omit the nested cidr_blocks attribute to disallow external access (except the cluster node IPs, which GKE automatically whitelists).

minMasterVersion string

The minimum version of the master. GKE will auto-update the master to new versions, so this does not guarantee the current master version–use the read-only master_version field to obtain that. If unset, the cluster’s version will be set by GKE to the version of the most recent official release (which is not necessarily the latest version). Most users will find the gcp.container.getEngineVersions data source useful - it indicates which versions are available. If you intend to specify versions manually, the docs describe the various acceptable formats for this field.

monitoringService string

The monitoring service that the cluster should write metrics to. Automatically send metrics from pods in the cluster to the Google Cloud Monitoring API. VM metrics will be collected by Google Compute Engine regardless of this setting Available options include monitoring.googleapis.com(Legacy Stackdriver), monitoring.googleapis.com/kubernetes(Stackdriver Kubernetes Engine Monitoring), and none. Defaults to monitoring.googleapis.com/kubernetes

name string

The name of the cluster, unique within the project and location.

network string

The name or self_link of the Google Compute Engine network to which the cluster is connected. For Shared VPC, set this to the self link of the shared network.

networkPolicy ClusterNetworkPolicy

Configuration options for the NetworkPolicy feature. Structure is documented below.

networkingMode string

Determines whether alias IPs or routes will be used for pod IPs in the cluster. Options are VPC_NATIVE or ROUTES. VPC_NATIVE enables IP aliasing, and requires the ip_allocation_policy block to be defined. By default when this field is unspecified, GKE will create a ROUTES-based cluster.

nodeConfig ClusterNodeConfig

Parameters used in creating the default node pool. Generally, this field should not be used at the same time as a gcp.container.NodePool or a node_pool block; this configuration manages the default node pool, which isn’t recommended to be used. Structure is documented below.

nodeLocations string[]

The list of zones in which the cluster’s nodes are located. Nodes must be in the region of their regional cluster or in the same region as their cluster’s zone for zonal clusters. If this is specified for a zonal cluster, omit the cluster’s zone.

nodePools ClusterNodePool[]

List of node pools associated with this cluster. See gcp.container.NodePool for schema. Warning: node pools defined inside a cluster can’t be changed (or added/removed) after cluster creation without deleting and recreating the entire cluster. Unless you absolutely need the ability to say “these are the only node pools associated with this cluster”, use the gcp.container.NodePool resource instead of this property.

nodeVersion string

The Kubernetes version on the nodes. Must either be unset or set to the same value as min_master_version on create. Defaults to the default version set by GKE which is not necessarily the latest version. This only affects nodes in the default node pool. While a fuzzy version can be specified, it’s recommended that you specify explicit versions as the provider will see spurious diffs when fuzzy versions are used. See the gcp.container.getEngineVersions data source’s version_prefix field to approximate fuzzy versions. To update nodes in other node pools, use the version attribute on the node pool.

podSecurityPolicyConfig ClusterPodSecurityPolicyConfig

Configuration for the PodSecurityPolicy feature. Structure is documented below.

privateClusterConfig ClusterPrivateClusterConfig

Configuration for private clusters, clusters with private nodes. Structure is documented below.

project string

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

releaseChannel ClusterReleaseChannel

Configuration options for the Release channel feature, which provide more control over automatic upgrades of your GKE clusters. When updating this field, GKE imposes specific version requirements. See Migrating between release channels for more details; the gcp.container.getEngineVersions datasource can provide the default version for a channel. Note that removing the release_channel field from your config will cause this provider to stop managing your cluster’s release channel, but will not unenroll it. Instead, use the "UNSPECIFIED" channel. Structure is documented below.

removeDefaultNodePool boolean

If true, deletes the default node pool upon cluster creation. If you’re using gcp.container.NodePool resources with no default node pool, this should be set to true, alongside setting initial_node_count to at least 1.

resourceLabels {[key: string]: string}

The GCE resource labels (a map of key/value pairs) to be applied to the cluster.

resourceUsageExportConfig ClusterResourceUsageExportConfig

Configuration for the ResourceUsageExportConfig feature. Structure is documented below.

subnetwork string

The name or self_link of the Google Compute Engine subnetwork in which the cluster’s instances are launched.

verticalPodAutoscaling ClusterVerticalPodAutoscaling

Vertical Pod Autoscaling automatically adjusts the resources of pods controlled by it. Structure is documented below.

workloadIdentityConfig ClusterWorkloadIdentityConfig

Workload Identity allows Kubernetes service accounts to act as a user-managed Google IAM Service Account. Structure is documented below.

addons_config Dict[ClusterAddonsConfig]

The configuration for addons supported by GKE. Structure is documented below.

authenticator_groups_config Dict[ClusterAuthenticatorGroupsConfig]

Configuration for the Google Groups for GKE feature. Structure is documented below.

cluster_autoscaling Dict[ClusterClusterAutoscaling]

Per-cluster configuration of Node Auto-Provisioning with Cluster Autoscaler to automatically adjust the size of the cluster and create/delete node pools based on the current needs of the cluster’s workload. See the guide to using Node Auto-Provisioning for more details. Structure is documented below.

cluster_ipv4_cidr str

The IP address range of the Kubernetes pods in this cluster in CIDR notation (e.g. 10.96.0.0/14). Leave blank to have one automatically chosen or specify a /14 block in 10.0.0.0/8. This field will only work for routes-based clusters, where ip_allocation_policy is not defined.

cluster_telemetry Dict[ClusterClusterTelemetry]

) Configuration for ClusterTelemetry feature, Structure is documented below.

database_encryption Dict[ClusterDatabaseEncryption]

Structure is documented below.

default_max_pods_per_node float

The default maximum number of pods per node in this cluster. This doesn’t work on “routes-based” clusters, clusters that don’t have IP Aliasing enabled. See the official documentation for more information.

description str

Description of the cluster.

enable_binary_authorization bool

Enable Binary Authorization for this cluster. If enabled, all container images will be validated by Google Binary Authorization.

enable_intranode_visibility bool

Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network.

enable_kubernetes_alpha bool

Whether to enable Kubernetes Alpha features for this cluster. Note that when this option is enabled, the cluster cannot be upgraded and will be automatically deleted after 30 days.

enable_legacy_abac bool

Whether the ABAC authorizer is enabled for this cluster. When enabled, identities in the system, including service accounts, nodes, and controllers, will have statically granted permissions beyond those provided by the RBAC configuration or IAM. Defaults to false

enable_shielded_nodes bool

Enable Shielded Nodes features on all nodes in this cluster. Defaults to false.

enable_tpu bool

Whether to enable Cloud TPU resources in this cluster. See the official documentation.

initial_node_count float

The number of nodes to create in this cluster’s default node pool. In regional or multi-zonal clusters, this is the number of nodes per zone. Must be set if node_pool is not set. If you’re using gcp.container.NodePool objects with no default node pool, you’ll need to set this to a value of at least 1, alongside setting remove_default_node_pool to true.

ip_allocation_policy Dict[ClusterIpAllocationPolicy]

Configuration of cluster IP allocation for VPC-native clusters. Adding this block enables IP aliasing, making the cluster VPC-native instead of routes-based. Structure is documented below.

location str

The location (region or zone) in which the cluster master will be created, as well as the default node location. If you specify a zone (such as us-central1-a), the cluster will be a zonal cluster with a single cluster master. If you specify a region (such as us-west1), the cluster will be a regional cluster with multiple masters spread across zones in the region, and with default node locations in those zones as well

logging_service str

The logging service that the cluster should write logs to. Available options include logging.googleapis.com(Legacy Stackdriver), logging.googleapis.com/kubernetes(Stackdriver Kubernetes Engine Logging), and none. Defaults to logging.googleapis.com/kubernetes

maintenance_policy Dict[ClusterMaintenancePolicy]

The maintenance policy to use for the cluster. Structure is documented below.

master_auth Dict[ClusterMasterAuth]

The authentication information for accessing the Kubernetes master. Some values in this block are only returned by the API if your service account has permission to get credentials for your GKE cluster. If you see an unexpected diff removing a username/password or unsetting your client cert, ensure you have the container.clusters.getCredentials permission. Structure is documented below.

master_authorized_networks_config Dict[ClusterMasterAuthorizedNetworksConfig]

The desired configuration options for master authorized networks. Omit the nested cidr_blocks attribute to disallow external access (except the cluster node IPs, which GKE automatically whitelists).

min_master_version str

The minimum version of the master. GKE will auto-update the master to new versions, so this does not guarantee the current master version–use the read-only master_version field to obtain that. If unset, the cluster’s version will be set by GKE to the version of the most recent official release (which is not necessarily the latest version). Most users will find the gcp.container.getEngineVersions data source useful - it indicates which versions are available. If you intend to specify versions manually, the docs describe the various acceptable formats for this field.

monitoring_service str

The monitoring service that the cluster should write metrics to. Automatically send metrics from pods in the cluster to the Google Cloud Monitoring API. VM metrics will be collected by Google Compute Engine regardless of this setting Available options include monitoring.googleapis.com(Legacy Stackdriver), monitoring.googleapis.com/kubernetes(Stackdriver Kubernetes Engine Monitoring), and none. Defaults to monitoring.googleapis.com/kubernetes

name str

The name of the cluster, unique within the project and location.

network str

The name or self_link of the Google Compute Engine network to which the cluster is connected. For Shared VPC, set this to the self link of the shared network.

network_policy Dict[ClusterNetworkPolicy]

Configuration options for the NetworkPolicy feature. Structure is documented below.

networking_mode str

Determines whether alias IPs or routes will be used for pod IPs in the cluster. Options are VPC_NATIVE or ROUTES. VPC_NATIVE enables IP aliasing, and requires the ip_allocation_policy block to be defined. By default when this field is unspecified, GKE will create a ROUTES-based cluster.

node_config Dict[ClusterNodeConfig]

Parameters used in creating the default node pool. Generally, this field should not be used at the same time as a gcp.container.NodePool or a node_pool block; this configuration manages the default node pool, which isn’t recommended to be used. Structure is documented below.

node_locations List[str]

The list of zones in which the cluster’s nodes are located. Nodes must be in the region of their regional cluster or in the same region as their cluster’s zone for zonal clusters. If this is specified for a zonal cluster, omit the cluster’s zone.

node_pools List[ClusterNodePool]

List of node pools associated with this cluster. See gcp.container.NodePool for schema. Warning: node pools defined inside a cluster can’t be changed (or added/removed) after cluster creation without deleting and recreating the entire cluster. Unless you absolutely need the ability to say “these are the only node pools associated with this cluster”, use the gcp.container.NodePool resource instead of this property.

node_version str

The Kubernetes version on the nodes. Must either be unset or set to the same value as min_master_version on create. Defaults to the default version set by GKE which is not necessarily the latest version. This only affects nodes in the default node pool. While a fuzzy version can be specified, it’s recommended that you specify explicit versions as the provider will see spurious diffs when fuzzy versions are used. See the gcp.container.getEngineVersions data source’s version_prefix field to approximate fuzzy versions. To update nodes in other node pools, use the version attribute on the node pool.

pod_security_policy_config Dict[ClusterPodSecurityPolicyConfig]

Configuration for the PodSecurityPolicy feature. Structure is documented below.

private_cluster_config Dict[ClusterPrivateClusterConfig]

Configuration for private clusters, clusters with private nodes. Structure is documented below.

project str

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

release_channel Dict[ClusterReleaseChannel]

Configuration options for the Release channel feature, which provide more control over automatic upgrades of your GKE clusters. When updating this field, GKE imposes specific version requirements. See Migrating between release channels for more details; the gcp.container.getEngineVersions datasource can provide the default version for a channel. Note that removing the release_channel field from your config will cause this provider to stop managing your cluster’s release channel, but will not unenroll it. Instead, use the "UNSPECIFIED" channel. Structure is documented below.

remove_default_node_pool bool

If true, deletes the default node pool upon cluster creation. If you’re using gcp.container.NodePool resources with no default node pool, this should be set to true, alongside setting initial_node_count to at least 1.

resource_labels Dict[str, str]

The GCE resource labels (a map of key/value pairs) to be applied to the cluster.

resource_usage_export_config Dict[ClusterResourceUsageExportConfig]

Configuration for the ResourceUsageExportConfig feature. Structure is documented below.

subnetwork str

The name or self_link of the Google Compute Engine subnetwork in which the cluster’s instances are launched.

vertical_pod_autoscaling Dict[ClusterVerticalPodAutoscaling]

Vertical Pod Autoscaling automatically adjusts the resources of pods controlled by it. Structure is documented below.

workload_identity_config Dict[ClusterWorkloadIdentityConfig]

Workload Identity allows Kubernetes service accounts to act as a user-managed Google IAM Service Account. Structure is documented below.

Endpoint string

The IP address of this cluster’s Kubernetes master.

Id string

The provider-assigned unique ID for this managed resource.

InstanceGroupUrls List<string>

List of instance group URLs which have been assigned to the cluster.

LabelFingerprint string

The fingerprint of the set of labels for this cluster.

MasterVersion string

The current version of the master in the cluster. This may be different than the min_master_version set in the config if the master has been updated by GKE.

Operation string

ServicesIpv4Cidr string

The IP address range of the Kubernetes services in this cluster, in CIDR notation (e.g. 1.2.3.4/29). Service addresses are typically put in the last /16 from the container CIDR.

TpuIpv4CidrBlock string

The IP address range of the Cloud TPUs in this cluster, in CIDR notation (e.g. 1.2.3.4/29).

Endpoint string

The IP address of this cluster’s Kubernetes master.

Id string

The provider-assigned unique ID for this managed resource.

InstanceGroupUrls []string

List of instance group URLs which have been assigned to the cluster.

LabelFingerprint string

The fingerprint of the set of labels for this cluster.

MasterVersion string

The current version of the master in the cluster. This may be different than the min_master_version set in the config if the master has been updated by GKE.

Operation string

ServicesIpv4Cidr string

The IP address range of the Kubernetes services in this cluster, in CIDR notation (e.g. 1.2.3.4/29). Service addresses are typically put in the last /16 from the container CIDR.

TpuIpv4CidrBlock string

The IP address range of the Cloud TPUs in this cluster, in CIDR notation (e.g. 1.2.3.4/29).

endpoint string

The IP address of this cluster’s Kubernetes master.

id string

The provider-assigned unique ID for this managed resource.

instanceGroupUrls string[]

List of instance group URLs which have been assigned to the cluster.

labelFingerprint string

The fingerprint of the set of labels for this cluster.

masterVersion string

The current version of the master in the cluster. This may be different than the min_master_version set in the config if the master has been updated by GKE.

operation string

servicesIpv4Cidr string

The IP address range of the Kubernetes services in this cluster, in CIDR notation (e.g. 1.2.3.4/29). Service addresses are typically put in the last /16 from the container CIDR.

tpuIpv4CidrBlock string

The IP address range of the Cloud TPUs in this cluster, in CIDR notation (e.g. 1.2.3.4/29).

endpoint str

The IP address of this cluster’s Kubernetes master.

id str

The provider-assigned unique ID for this managed resource.

instance_group_urls List[str]

List of instance group URLs which have been assigned to the cluster.

label_fingerprint str

The fingerprint of the set of labels for this cluster.

master_version str

The current version of the master in the cluster. This may be different than the min_master_version set in the config if the master has been updated by GKE.

operation str

services_ipv4_cidr str

The IP address range of the Kubernetes services in this cluster, in CIDR notation (e.g. 1.2.3.4/29). Service addresses are typically put in the last /16 from the container CIDR.

tpu_ipv4_cidr_block str

The IP address range of the Cloud TPUs in this cluster, in CIDR notation (e.g. 1.2.3.4/29).

name

The unique name of the resulting resource.

id

The unique provider ID of the resource to lookup.

state

Any extra arguments used during the lookup.

opts

A bag of options that control this resource's behavior.

resource_name

The unique name of the resulting resource.

id

The unique provider ID of the resource to lookup.

name

The unique name of the resulting resource.

id

The unique provider ID of the resource to lookup.

state

Any extra arguments used during the lookup.

opts

A bag of options that control this resource's behavior.

name

The unique name of the resulting resource.

id

The unique provider ID of the resource to lookup.

state

Any extra arguments used during the lookup.

opts

A bag of options that control this resource's behavior.

AddonsConfig ClusterAddonsConfigArgs

The configuration for addons supported by GKE. Structure is documented below.

AuthenticatorGroupsConfig ClusterAuthenticatorGroupsConfigArgs

Configuration for the Google Groups for GKE feature. Structure is documented below.

ClusterAutoscaling ClusterClusterAutoscalingArgs

Per-cluster configuration of Node Auto-Provisioning with Cluster Autoscaler to automatically adjust the size of the cluster and create/delete node pools based on the current needs of the cluster’s workload. See the guide to using Node Auto-Provisioning for more details. Structure is documented below.

ClusterIpv4Cidr string

The IP address range of the Kubernetes pods in this cluster in CIDR notation (e.g. 10.96.0.0/14). Leave blank to have one automatically chosen or specify a /14 block in 10.0.0.0/8. This field will only work for routes-based clusters, where ip_allocation_policy is not defined.

ClusterTelemetry ClusterClusterTelemetryArgs

) Configuration for ClusterTelemetry feature, Structure is documented below.

DatabaseEncryption ClusterDatabaseEncryptionArgs

Structure is documented below.

DefaultMaxPodsPerNode int

The default maximum number of pods per node in this cluster. This doesn’t work on “routes-based” clusters, clusters that don’t have IP Aliasing enabled. See the official documentation for more information.

Description string

Description of the cluster.

EnableBinaryAuthorization bool

Enable Binary Authorization for this cluster. If enabled, all container images will be validated by Google Binary Authorization.

EnableIntranodeVisibility bool

Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network.

EnableKubernetesAlpha bool

Whether to enable Kubernetes Alpha features for this cluster. Note that when this option is enabled, the cluster cannot be upgraded and will be automatically deleted after 30 days.

EnableLegacyAbac bool

Whether the ABAC authorizer is enabled for this cluster. When enabled, identities in the system, including service accounts, nodes, and controllers, will have statically granted permissions beyond those provided by the RBAC configuration or IAM. Defaults to false

EnableShieldedNodes bool

Enable Shielded Nodes features on all nodes in this cluster. Defaults to false.

EnableTpu bool

Whether to enable Cloud TPU resources in this cluster. See the official documentation.

Endpoint string

The IP address of this cluster’s Kubernetes master.

InitialNodeCount int

The number of nodes to create in this cluster’s default node pool. In regional or multi-zonal clusters, this is the number of nodes per zone. Must be set if node_pool is not set. If you’re using gcp.container.NodePool objects with no default node pool, you’ll need to set this to a value of at least 1, alongside setting remove_default_node_pool to true.

InstanceGroupUrls List<string>

List of instance group URLs which have been assigned to the cluster.

IpAllocationPolicy ClusterIpAllocationPolicyArgs

Configuration of cluster IP allocation for VPC-native clusters. Adding this block enables IP aliasing, making the cluster VPC-native instead of routes-based. Structure is documented below.

LabelFingerprint string

The fingerprint of the set of labels for this cluster.

Location string

The location (region or zone) in which the cluster master will be created, as well as the default node location. If you specify a zone (such as us-central1-a), the cluster will be a zonal cluster with a single cluster master. If you specify a region (such as us-west1), the cluster will be a regional cluster with multiple masters spread across zones in the region, and with default node locations in those zones as well

LoggingService string

The logging service that the cluster should write logs to. Available options include logging.googleapis.com(Legacy Stackdriver), logging.googleapis.com/kubernetes(Stackdriver Kubernetes Engine Logging), and none. Defaults to logging.googleapis.com/kubernetes

MaintenancePolicy ClusterMaintenancePolicyArgs

The maintenance policy to use for the cluster. Structure is documented below.

MasterAuth ClusterMasterAuthArgs

The authentication information for accessing the Kubernetes master. Some values in this block are only returned by the API if your service account has permission to get credentials for your GKE cluster. If you see an unexpected diff removing a username/password or unsetting your client cert, ensure you have the container.clusters.getCredentials permission. Structure is documented below.

MasterAuthorizedNetworksConfig ClusterMasterAuthorizedNetworksConfigArgs

The desired configuration options for master authorized networks. Omit the nested cidr_blocks attribute to disallow external access (except the cluster node IPs, which GKE automatically whitelists).

MasterVersion string

The current version of the master in the cluster. This may be different than the min_master_version set in the config if the master has been updated by GKE.

MinMasterVersion string

The minimum version of the master. GKE will auto-update the master to new versions, so this does not guarantee the current master version–use the read-only master_version field to obtain that. If unset, the cluster’s version will be set by GKE to the version of the most recent official release (which is not necessarily the latest version). Most users will find the gcp.container.getEngineVersions data source useful - it indicates which versions are available. If you intend to specify versions manually, the docs describe the various acceptable formats for this field.

MonitoringService string

The monitoring service that the cluster should write metrics to. Automatically send metrics from pods in the cluster to the Google Cloud Monitoring API. VM metrics will be collected by Google Compute Engine regardless of this setting Available options include monitoring.googleapis.com(Legacy Stackdriver), monitoring.googleapis.com/kubernetes(Stackdriver Kubernetes Engine Monitoring), and none. Defaults to monitoring.googleapis.com/kubernetes

Name string

The name of the cluster, unique within the project and location.

Network string

The name or self_link of the Google Compute Engine network to which the cluster is connected. For Shared VPC, set this to the self link of the shared network.

NetworkPolicy ClusterNetworkPolicyArgs

Configuration options for the NetworkPolicy feature. Structure is documented below.

NetworkingMode string

Determines whether alias IPs or routes will be used for pod IPs in the cluster. Options are VPC_NATIVE or ROUTES. VPC_NATIVE enables IP aliasing, and requires the ip_allocation_policy block to be defined. By default when this field is unspecified, GKE will create a ROUTES-based cluster.

NodeConfig ClusterNodeConfigArgs

Parameters used in creating the default node pool. Generally, this field should not be used at the same time as a gcp.container.NodePool or a node_pool block; this configuration manages the default node pool, which isn’t recommended to be used. Structure is documented below.

NodeLocations List<string>

The list of zones in which the cluster’s nodes are located. Nodes must be in the region of their regional cluster or in the same region as their cluster’s zone for zonal clusters. If this is specified for a zonal cluster, omit the cluster’s zone.

NodePools List<ClusterNodePoolArgs>

List of node pools associated with this cluster. See gcp.container.NodePool for schema. Warning: node pools defined inside a cluster can’t be changed (or added/removed) after cluster creation without deleting and recreating the entire cluster. Unless you absolutely need the ability to say “these are the only node pools associated with this cluster”, use the gcp.container.NodePool resource instead of this property.

NodeVersion string

The Kubernetes version on the nodes. Must either be unset or set to the same value as min_master_version on create. Defaults to the default version set by GKE which is not necessarily the latest version. This only affects nodes in the default node pool. While a fuzzy version can be specified, it’s recommended that you specify explicit versions as the provider will see spurious diffs when fuzzy versions are used. See the gcp.container.getEngineVersions data source’s version_prefix field to approximate fuzzy versions. To update nodes in other node pools, use the version attribute on the node pool.

Operation string

PodSecurityPolicyConfig ClusterPodSecurityPolicyConfigArgs

Configuration for the PodSecurityPolicy feature. Structure is documented below.

PrivateClusterConfig ClusterPrivateClusterConfigArgs

Configuration for private clusters, clusters with private nodes. Structure is documented below.

Project string

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

ReleaseChannel ClusterReleaseChannelArgs

Configuration options for the Release channel feature, which provide more control over automatic upgrades of your GKE clusters. When updating this field, GKE imposes specific version requirements. See Migrating between release channels for more details; the gcp.container.getEngineVersions datasource can provide the default version for a channel. Note that removing the release_channel field from your config will cause this provider to stop managing your cluster’s release channel, but will not unenroll it. Instead, use the "UNSPECIFIED" channel. Structure is documented below.

RemoveDefaultNodePool bool

If true, deletes the default node pool upon cluster creation. If you’re using gcp.container.NodePool resources with no default node pool, this should be set to true, alongside setting initial_node_count to at least 1.

ResourceLabels Dictionary<string, string>

The GCE resource labels (a map of key/value pairs) to be applied to the cluster.

ResourceUsageExportConfig ClusterResourceUsageExportConfigArgs

Configuration for the ResourceUsageExportConfig feature. Structure is documented below.

ServicesIpv4Cidr string

The IP address range of the Kubernetes services in this cluster, in CIDR notation (e.g. 1.2.3.4/29). Service addresses are typically put in the last /16 from the container CIDR.

Subnetwork string

The name or self_link of the Google Compute Engine subnetwork in which the cluster’s instances are launched.

TpuIpv4CidrBlock string

The IP address range of the Cloud TPUs in this cluster, in CIDR notation (e.g. 1.2.3.4/29).

VerticalPodAutoscaling ClusterVerticalPodAutoscalingArgs

Vertical Pod Autoscaling automatically adjusts the resources of pods controlled by it. Structure is documented below.

WorkloadIdentityConfig ClusterWorkloadIdentityConfigArgs

Workload Identity allows Kubernetes service accounts to act as a user-managed Google IAM Service Account. Structure is documented below.

AddonsConfig ClusterAddonsConfig

The configuration for addons supported by GKE. Structure is documented below.

AuthenticatorGroupsConfig ClusterAuthenticatorGroupsConfig

Configuration for the Google Groups for GKE feature. Structure is documented below.

ClusterAutoscaling ClusterClusterAutoscaling

Per-cluster configuration of Node Auto-Provisioning with Cluster Autoscaler to automatically adjust the size of the cluster and create/delete node pools based on the current needs of the cluster’s workload. See the guide to using Node Auto-Provisioning for more details. Structure is documented below.

ClusterIpv4Cidr string

The IP address range of the Kubernetes pods in this cluster in CIDR notation (e.g. 10.96.0.0/14). Leave blank to have one automatically chosen or specify a /14 block in 10.0.0.0/8. This field will only work for routes-based clusters, where ip_allocation_policy is not defined.

ClusterTelemetry ClusterClusterTelemetry

) Configuration for ClusterTelemetry feature, Structure is documented below.

DatabaseEncryption ClusterDatabaseEncryption

Structure is documented below.

DefaultMaxPodsPerNode int

The default maximum number of pods per node in this cluster. This doesn’t work on “routes-based” clusters, clusters that don’t have IP Aliasing enabled. See the official documentation for more information.

Description string

Description of the cluster.

EnableBinaryAuthorization bool

Enable Binary Authorization for this cluster. If enabled, all container images will be validated by Google Binary Authorization.

EnableIntranodeVisibility bool

Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network.

EnableKubernetesAlpha bool

Whether to enable Kubernetes Alpha features for this cluster. Note that when this option is enabled, the cluster cannot be upgraded and will be automatically deleted after 30 days.

EnableLegacyAbac bool

Whether the ABAC authorizer is enabled for this cluster. When enabled, identities in the system, including service accounts, nodes, and controllers, will have statically granted permissions beyond those provided by the RBAC configuration or IAM. Defaults to false

EnableShieldedNodes bool

Enable Shielded Nodes features on all nodes in this cluster. Defaults to false.

EnableTpu bool

Whether to enable Cloud TPU resources in this cluster. See the official documentation.

Endpoint string

The IP address of this cluster’s Kubernetes master.

InitialNodeCount int

The number of nodes to create in this cluster’s default node pool. In regional or multi-zonal clusters, this is the number of nodes per zone. Must be set if node_pool is not set. If you’re using gcp.container.NodePool objects with no default node pool, you’ll need to set this to a value of at least 1, alongside setting remove_default_node_pool to true.

InstanceGroupUrls []string

List of instance group URLs which have been assigned to the cluster.

IpAllocationPolicy ClusterIpAllocationPolicy

Configuration of cluster IP allocation for VPC-native clusters. Adding this block enables IP aliasing, making the cluster VPC-native instead of routes-based. Structure is documented below.

LabelFingerprint string

The fingerprint of the set of labels for this cluster.

Location string

The location (region or zone) in which the cluster master will be created, as well as the default node location. If you specify a zone (such as us-central1-a), the cluster will be a zonal cluster with a single cluster master. If you specify a region (such as us-west1), the cluster will be a regional cluster with multiple masters spread across zones in the region, and with default node locations in those zones as well

LoggingService string

The logging service that the cluster should write logs to. Available options include logging.googleapis.com(Legacy Stackdriver), logging.googleapis.com/kubernetes(Stackdriver Kubernetes Engine Logging), and none. Defaults to logging.googleapis.com/kubernetes

MaintenancePolicy ClusterMaintenancePolicy

The maintenance policy to use for the cluster. Structure is documented below.

MasterAuth ClusterMasterAuth

The authentication information for accessing the Kubernetes master. Some values in this block are only returned by the API if your service account has permission to get credentials for your GKE cluster. If you see an unexpected diff removing a username/password or unsetting your client cert, ensure you have the container.clusters.getCredentials permission. Structure is documented below.

MasterAuthorizedNetworksConfig ClusterMasterAuthorizedNetworksConfig

The desired configuration options for master authorized networks. Omit the nested cidr_blocks attribute to disallow external access (except the cluster node IPs, which GKE automatically whitelists).

MasterVersion string

The current version of the master in the cluster. This may be different than the min_master_version set in the config if the master has been updated by GKE.

MinMasterVersion string

The minimum version of the master. GKE will auto-update the master to new versions, so this does not guarantee the current master version–use the read-only master_version field to obtain that. If unset, the cluster’s version will be set by GKE to the version of the most recent official release (which is not necessarily the latest version). Most users will find the gcp.container.getEngineVersions data source useful - it indicates which versions are available. If you intend to specify versions manually, the docs describe the various acceptable formats for this field.

MonitoringService string

The monitoring service that the cluster should write metrics to. Automatically send metrics from pods in the cluster to the Google Cloud Monitoring API. VM metrics will be collected by Google Compute Engine regardless of this setting Available options include monitoring.googleapis.com(Legacy Stackdriver), monitoring.googleapis.com/kubernetes(Stackdriver Kubernetes Engine Monitoring), and none. Defaults to monitoring.googleapis.com/kubernetes

Name string

The name of the cluster, unique within the project and location.

Network string

The name or self_link of the Google Compute Engine network to which the cluster is connected. For Shared VPC, set this to the self link of the shared network.

NetworkPolicy ClusterNetworkPolicy

Configuration options for the NetworkPolicy feature. Structure is documented below.

NetworkingMode string

Determines whether alias IPs or routes will be used for pod IPs in the cluster. Options are VPC_NATIVE or ROUTES. VPC_NATIVE enables IP aliasing, and requires the ip_allocation_policy block to be defined. By default when this field is unspecified, GKE will create a ROUTES-based cluster.

NodeConfig ClusterNodeConfig

Parameters used in creating the default node pool. Generally, this field should not be used at the same time as a gcp.container.NodePool or a node_pool block; this configuration manages the default node pool, which isn’t recommended to be used. Structure is documented below.

NodeLocations []string

The list of zones in which the cluster’s nodes are located. Nodes must be in the region of their regional cluster or in the same region as their cluster’s zone for zonal clusters. If this is specified for a zonal cluster, omit the cluster’s zone.

NodePools []ClusterNodePool

List of node pools associated with this cluster. See gcp.container.NodePool for schema. Warning: node pools defined inside a cluster can’t be changed (or added/removed) after cluster creation without deleting and recreating the entire cluster. Unless you absolutely need the ability to say “these are the only node pools associated with this cluster”, use the gcp.container.NodePool resource instead of this property.

NodeVersion string

The Kubernetes version on the nodes. Must either be unset or set to the same value as min_master_version on create. Defaults to the default version set by GKE which is not necessarily the latest version. This only affects nodes in the default node pool. While a fuzzy version can be specified, it’s recommended that you specify explicit versions as the provider will see spurious diffs when fuzzy versions are used. See the gcp.container.getEngineVersions data source’s version_prefix field to approximate fuzzy versions. To update nodes in other node pools, use the version attribute on the node pool.

Operation string

PodSecurityPolicyConfig ClusterPodSecurityPolicyConfig

Configuration for the PodSecurityPolicy feature. Structure is documented below.

PrivateClusterConfig ClusterPrivateClusterConfig

Configuration for private clusters, clusters with private nodes. Structure is documented below.

Project string

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

ReleaseChannel ClusterReleaseChannel

Configuration options for the Release channel feature, which provide more control over automatic upgrades of your GKE clusters. When updating this field, GKE imposes specific version requirements. See Migrating between release channels for more details; the gcp.container.getEngineVersions datasource can provide the default version for a channel. Note that removing the release_channel field from your config will cause this provider to stop managing your cluster’s release channel, but will not unenroll it. Instead, use the "UNSPECIFIED" channel. Structure is documented below.

RemoveDefaultNodePool bool

If true, deletes the default node pool upon cluster creation. If you’re using gcp.container.NodePool resources with no default node pool, this should be set to true, alongside setting initial_node_count to at least 1.

ResourceLabels map[string]string

The GCE resource labels (a map of key/value pairs) to be applied to the cluster.

ResourceUsageExportConfig ClusterResourceUsageExportConfig

Configuration for the ResourceUsageExportConfig feature. Structure is documented below.

ServicesIpv4Cidr string

The IP address range of the Kubernetes services in this cluster, in CIDR notation (e.g. 1.2.3.4/29). Service addresses are typically put in the last /16 from the container CIDR.

Subnetwork string

The name or self_link of the Google Compute Engine subnetwork in which the cluster’s instances are launched.

TpuIpv4CidrBlock string

The IP address range of the Cloud TPUs in this cluster, in CIDR notation (e.g. 1.2.3.4/29).

VerticalPodAutoscaling ClusterVerticalPodAutoscaling

Vertical Pod Autoscaling automatically adjusts the resources of pods controlled by it. Structure is documented below.

WorkloadIdentityConfig ClusterWorkloadIdentityConfig

Workload Identity allows Kubernetes service accounts to act as a user-managed Google IAM Service Account. Structure is documented below.

addonsConfig ClusterAddonsConfig

The configuration for addons supported by GKE. Structure is documented below.

authenticatorGroupsConfig ClusterAuthenticatorGroupsConfig

Configuration for the Google Groups for GKE feature. Structure is documented below.

clusterAutoscaling ClusterClusterAutoscaling

Per-cluster configuration of Node Auto-Provisioning with Cluster Autoscaler to automatically adjust the size of the cluster and create/delete node pools based on the current needs of the cluster’s workload. See the guide to using Node Auto-Provisioning for more details. Structure is documented below.

clusterIpv4Cidr string

The IP address range of the Kubernetes pods in this cluster in CIDR notation (e.g. 10.96.0.0/14). Leave blank to have one automatically chosen or specify a /14 block in 10.0.0.0/8. This field will only work for routes-based clusters, where ip_allocation_policy is not defined.

clusterTelemetry ClusterClusterTelemetry

) Configuration for ClusterTelemetry feature, Structure is documented below.

databaseEncryption ClusterDatabaseEncryption

Structure is documented below.

defaultMaxPodsPerNode number

The default maximum number of pods per node in this cluster. This doesn’t work on “routes-based” clusters, clusters that don’t have IP Aliasing enabled. See the official documentation for more information.

description string

Description of the cluster.

enableBinaryAuthorization boolean

Enable Binary Authorization for this cluster. If enabled, all container images will be validated by Google Binary Authorization.

enableIntranodeVisibility boolean

Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network.

enableKubernetesAlpha boolean

Whether to enable Kubernetes Alpha features for this cluster. Note that when this option is enabled, the cluster cannot be upgraded and will be automatically deleted after 30 days.

enableLegacyAbac boolean

Whether the ABAC authorizer is enabled for this cluster. When enabled, identities in the system, including service accounts, nodes, and controllers, will have statically granted permissions beyond those provided by the RBAC configuration or IAM. Defaults to false

enableShieldedNodes boolean

Enable Shielded Nodes features on all nodes in this cluster. Defaults to false.

enableTpu boolean

Whether to enable Cloud TPU resources in this cluster. See the official documentation.

endpoint string

The IP address of this cluster’s Kubernetes master.

initialNodeCount number

The number of nodes to create in this cluster’s default node pool. In regional or multi-zonal clusters, this is the number of nodes per zone. Must be set if node_pool is not set. If you’re using gcp.container.NodePool objects with no default node pool, you’ll need to set this to a value of at least 1, alongside setting remove_default_node_pool to true.

instanceGroupUrls string[]

List of instance group URLs which have been assigned to the cluster.

ipAllocationPolicy ClusterIpAllocationPolicy

Configuration of cluster IP allocation for VPC-native clusters. Adding this block enables IP aliasing, making the cluster VPC-native instead of routes-based. Structure is documented below.

labelFingerprint string

The fingerprint of the set of labels for this cluster.

location string

The location (region or zone) in which the cluster master will be created, as well as the default node location. If you specify a zone (such as us-central1-a), the cluster will be a zonal cluster with a single cluster master. If you specify a region (such as us-west1), the cluster will be a regional cluster with multiple masters spread across zones in the region, and with default node locations in those zones as well

loggingService string

The logging service that the cluster should write logs to. Available options include logging.googleapis.com(Legacy Stackdriver), logging.googleapis.com/kubernetes(Stackdriver Kubernetes Engine Logging), and none. Defaults to logging.googleapis.com/kubernetes

maintenancePolicy ClusterMaintenancePolicy

The maintenance policy to use for the cluster. Structure is documented below.

masterAuth ClusterMasterAuth

The authentication information for accessing the Kubernetes master. Some values in this block are only returned by the API if your service account has permission to get credentials for your GKE cluster. If you see an unexpected diff removing a username/password or unsetting your client cert, ensure you have the container.clusters.getCredentials permission. Structure is documented below.

masterAuthorizedNetworksConfig ClusterMasterAuthorizedNetworksConfig

The desired configuration options for master authorized networks. Omit the nested cidr_blocks attribute to disallow external access (except the cluster node IPs, which GKE automatically whitelists).

masterVersion string

The current version of the master in the cluster. This may be different than the min_master_version set in the config if the master has been updated by GKE.

minMasterVersion string

The minimum version of the master. GKE will auto-update the master to new versions, so this does not guarantee the current master version–use the read-only master_version field to obtain that. If unset, the cluster’s version will be set by GKE to the version of the most recent official release (which is not necessarily the latest version). Most users will find the gcp.container.getEngineVersions data source useful - it indicates which versions are available. If you intend to specify versions manually, the docs describe the various acceptable formats for this field.

monitoringService string

The monitoring service that the cluster should write metrics to. Automatically send metrics from pods in the cluster to the Google Cloud Monitoring API. VM metrics will be collected by Google Compute Engine regardless of this setting Available options include monitoring.googleapis.com(Legacy Stackdriver), monitoring.googleapis.com/kubernetes(Stackdriver Kubernetes Engine Monitoring), and none. Defaults to monitoring.googleapis.com/kubernetes

name string

The name of the cluster, unique within the project and location.

network string

The name or self_link of the Google Compute Engine network to which the cluster is connected. For Shared VPC, set this to the self link of the shared network.

networkPolicy ClusterNetworkPolicy

Configuration options for the NetworkPolicy feature. Structure is documented below.

networkingMode string

Determines whether alias IPs or routes will be used for pod IPs in the cluster. Options are VPC_NATIVE or ROUTES. VPC_NATIVE enables IP aliasing, and requires the ip_allocation_policy block to be defined. By default when this field is unspecified, GKE will create a ROUTES-based cluster.

nodeConfig ClusterNodeConfig

Parameters used in creating the default node pool. Generally, this field should not be used at the same time as a gcp.container.NodePool or a node_pool block; this configuration manages the default node pool, which isn’t recommended to be used. Structure is documented below.

nodeLocations string[]

The list of zones in which the cluster’s nodes are located. Nodes must be in the region of their regional cluster or in the same region as their cluster’s zone for zonal clusters. If this is specified for a zonal cluster, omit the cluster’s zone.

nodePools ClusterNodePool[]

List of node pools associated with this cluster. See gcp.container.NodePool for schema. Warning: node pools defined inside a cluster can’t be changed (or added/removed) after cluster creation without deleting and recreating the entire cluster. Unless you absolutely need the ability to say “these are the only node pools associated with this cluster”, use the gcp.container.NodePool resource instead of this property.

nodeVersion string

The Kubernetes version on the nodes. Must either be unset or set to the same value as min_master_version on create. Defaults to the default version set by GKE which is not necessarily the latest version. This only affects nodes in the default node pool. While a fuzzy version can be specified, it’s recommended that you specify explicit versions as the provider will see spurious diffs when fuzzy versions are used. See the gcp.container.getEngineVersions data source’s version_prefix field to approximate fuzzy versions. To update nodes in other node pools, use the version attribute on the node pool.

operation string

podSecurityPolicyConfig ClusterPodSecurityPolicyConfig

Configuration for the PodSecurityPolicy feature. Structure is documented below.

privateClusterConfig ClusterPrivateClusterConfig

Configuration for private clusters, clusters with private nodes. Structure is documented below.

project string

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

releaseChannel ClusterReleaseChannel

Configuration options for the Release channel feature, which provide more control over automatic upgrades of your GKE clusters. When updating this field, GKE imposes specific version requirements. See Migrating between release channels for more details; the gcp.container.getEngineVersions datasource can provide the default version for a channel. Note that removing the release_channel field from your config will cause this provider to stop managing your cluster’s release channel, but will not unenroll it. Instead, use the "UNSPECIFIED" channel. Structure is documented below.

removeDefaultNodePool boolean

If true, deletes the default node pool upon cluster creation. If you’re using gcp.container.NodePool resources with no default node pool, this should be set to true, alongside setting initial_node_count to at least 1.

resourceLabels {[key: string]: string}

The GCE resource labels (a map of key/value pairs) to be applied to the cluster.

resourceUsageExportConfig ClusterResourceUsageExportConfig

Configuration for the ResourceUsageExportConfig feature. Structure is documented below.

servicesIpv4Cidr string

The IP address range of the Kubernetes services in this cluster, in CIDR notation (e.g. 1.2.3.4/29). Service addresses are typically put in the last /16 from the container CIDR.

subnetwork string

The name or self_link of the Google Compute Engine subnetwork in which the cluster’s instances are launched.

tpuIpv4CidrBlock string

The IP address range of the Cloud TPUs in this cluster, in CIDR notation (e.g. 1.2.3.4/29).

verticalPodAutoscaling ClusterVerticalPodAutoscaling

Vertical Pod Autoscaling automatically adjusts the resources of pods controlled by it. Structure is documented below.

workloadIdentityConfig ClusterWorkloadIdentityConfig

Workload Identity allows Kubernetes service accounts to act as a user-managed Google IAM Service Account. Structure is documented below.

addons_config Dict[ClusterAddonsConfig]

The configuration for addons supported by GKE. Structure is documented below.

authenticator_groups_config Dict[ClusterAuthenticatorGroupsConfig]

Configuration for the Google Groups for GKE feature. Structure is documented below.

cluster_autoscaling Dict[ClusterClusterAutoscaling]

Per-cluster configuration of Node Auto-Provisioning with Cluster Autoscaler to automatically adjust the size of the cluster and create/delete node pools based on the current needs of the cluster’s workload. See the guide to using Node Auto-Provisioning for more details. Structure is documented below.

cluster_ipv4_cidr str

The IP address range of the Kubernetes pods in this cluster in CIDR notation (e.g. 10.96.0.0/14). Leave blank to have one automatically chosen or specify a /14 block in 10.0.0.0/8. This field will only work for routes-based clusters, where ip_allocation_policy is not defined.

cluster_telemetry Dict[ClusterClusterTelemetry]

) Configuration for ClusterTelemetry feature, Structure is documented below.

database_encryption Dict[ClusterDatabaseEncryption]

Structure is documented below.

default_max_pods_per_node float

The default maximum number of pods per node in this cluster. This doesn’t work on “routes-based” clusters, clusters that don’t have IP Aliasing enabled. See the official documentation for more information.

description str

Description of the cluster.

enable_binary_authorization bool

Enable Binary Authorization for this cluster. If enabled, all container images will be validated by Google Binary Authorization.

enable_intranode_visibility bool

Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network.

enable_kubernetes_alpha bool

Whether to enable Kubernetes Alpha features for this cluster. Note that when this option is enabled, the cluster cannot be upgraded and will be automatically deleted after 30 days.

enable_legacy_abac bool

Whether the ABAC authorizer is enabled for this cluster. When enabled, identities in the system, including service accounts, nodes, and controllers, will have statically granted permissions beyond those provided by the RBAC configuration or IAM. Defaults to false

enable_shielded_nodes bool

Enable Shielded Nodes features on all nodes in this cluster. Defaults to false.

enable_tpu bool

Whether to enable Cloud TPU resources in this cluster. See the official documentation.

endpoint str

The IP address of this cluster’s Kubernetes master.

initial_node_count float

The number of nodes to create in this cluster’s default node pool. In regional or multi-zonal clusters, this is the number of nodes per zone. Must be set if node_pool is not set. If you’re using gcp.container.NodePool objects with no default node pool, you’ll need to set this to a value of at least 1, alongside setting remove_default_node_pool to true.

instance_group_urls List[str]

List of instance group URLs which have been assigned to the cluster.

ip_allocation_policy Dict[ClusterIpAllocationPolicy]

Configuration of cluster IP allocation for VPC-native clusters. Adding this block enables IP aliasing, making the cluster VPC-native instead of routes-based. Structure is documented below.

label_fingerprint str

The fingerprint of the set of labels for this cluster.

location str

The location (region or zone) in which the cluster master will be created, as well as the default node location. If you specify a zone (such as us-central1-a), the cluster will be a zonal cluster with a single cluster master. If you specify a region (such as us-west1), the cluster will be a regional cluster with multiple masters spread across zones in the region, and with default node locations in those zones as well

logging_service str

The logging service that the cluster should write logs to. Available options include logging.googleapis.com(Legacy Stackdriver), logging.googleapis.com/kubernetes(Stackdriver Kubernetes Engine Logging), and none. Defaults to logging.googleapis.com/kubernetes

maintenance_policy Dict[ClusterMaintenancePolicy]

The maintenance policy to use for the cluster. Structure is documented below.

master_auth Dict[ClusterMasterAuth]

The authentication information for accessing the Kubernetes master. Some values in this block are only returned by the API if your service account has permission to get credentials for your GKE cluster. If you see an unexpected diff removing a username/password or unsetting your client cert, ensure you have the container.clusters.getCredentials permission. Structure is documented below.

master_authorized_networks_config Dict[ClusterMasterAuthorizedNetworksConfig]

The desired configuration options for master authorized networks. Omit the nested cidr_blocks attribute to disallow external access (except the cluster node IPs, which GKE automatically whitelists).

master_version str

The current version of the master in the cluster. This may be different than the min_master_version set in the config if the master has been updated by GKE.

min_master_version str

The minimum version of the master. GKE will auto-update the master to new versions, so this does not guarantee the current master version–use the read-only master_version field to obtain that. If unset, the cluster’s version will be set by GKE to the version of the most recent official release (which is not necessarily the latest version). Most users will find the gcp.container.getEngineVersions data source useful - it indicates which versions are available. If you intend to specify versions manually, the docs describe the various acceptable formats for this field.

monitoring_service str

The monitoring service that the cluster should write metrics to. Automatically send metrics from pods in the cluster to the Google Cloud Monitoring API. VM metrics will be collected by Google Compute Engine regardless of this setting Available options include monitoring.googleapis.com(Legacy Stackdriver), monitoring.googleapis.com/kubernetes(Stackdriver Kubernetes Engine Monitoring), and none. Defaults to monitoring.googleapis.com/kubernetes

name str

The name of the cluster, unique within the project and location.

network str

The name or self_link of the Google Compute Engine network to which the cluster is connected. For Shared VPC, set this to the self link of the shared network.

network_policy Dict[ClusterNetworkPolicy]

Configuration options for the NetworkPolicy feature. Structure is documented below.

networking_mode str

Determines whether alias IPs or routes will be used for pod IPs in the cluster. Options are VPC_NATIVE or ROUTES. VPC_NATIVE enables IP aliasing, and requires the ip_allocation_policy block to be defined. By default when this field is unspecified, GKE will create a ROUTES-based cluster.

node_config Dict[ClusterNodeConfig]

Parameters used in creating the default node pool. Generally, this field should not be used at the same time as a gcp.container.NodePool or a node_pool block; this configuration manages the default node pool, which isn’t recommended to be used. Structure is documented below.

node_locations List[str]

The list of zones in which the cluster’s nodes are located. Nodes must be in the region of their regional cluster or in the same region as their cluster’s zone for zonal clusters. If this is specified for a zonal cluster, omit the cluster’s zone.

node_pools List[ClusterNodePool]

List of node pools associated with this cluster. See gcp.container.NodePool for schema. Warning: node pools defined inside a cluster can’t be changed (or added/removed) after cluster creation without deleting and recreating the entire cluster. Unless you absolutely need the ability to say “these are the only node pools associated with this cluster”, use the gcp.container.NodePool resource instead of this property.

node_version str

The Kubernetes version on the nodes. Must either be unset or set to the same value as min_master_version on create. Defaults to the default version set by GKE which is not necessarily the latest version. This only affects nodes in the default node pool. While a fuzzy version can be specified, it’s recommended that you specify explicit versions as the provider will see spurious diffs when fuzzy versions are used. See the gcp.container.getEngineVersions data source’s version_prefix field to approximate fuzzy versions. To update nodes in other node pools, use the version attribute on the node pool.

operation str

pod_security_policy_config Dict[ClusterPodSecurityPolicyConfig]

Configuration for the PodSecurityPolicy feature. Structure is documented below.

private_cluster_config Dict[ClusterPrivateClusterConfig]

Configuration for private clusters, clusters with private nodes. Structure is documented below.

project str

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

release_channel Dict[ClusterReleaseChannel]

Configuration options for the Release channel feature, which provide more control over automatic upgrades of your GKE clusters. When updating this field, GKE imposes specific version requirements. See Migrating between release channels for more details; the gcp.container.getEngineVersions datasource can provide the default version for a channel. Note that removing the release_channel field from your config will cause this provider to stop managing your cluster’s release channel, but will not unenroll it. Instead, use the "UNSPECIFIED" channel. Structure is documented below.

remove_default_node_pool bool

If true, deletes the default node pool upon cluster creation. If you’re using gcp.container.NodePool resources with no default node pool, this should be set to true, alongside setting initial_node_count to at least 1.

resource_labels Dict[str, str]

The GCE resource labels (a map of key/value pairs) to be applied to the cluster.

resource_usage_export_config Dict[ClusterResourceUsageExportConfig]

Configuration for the ResourceUsageExportConfig feature. Structure is documented below.

services_ipv4_cidr str

The IP address range of the Kubernetes services in this cluster, in CIDR notation (e.g. 1.2.3.4/29). Service addresses are typically put in the last /16 from the container CIDR.

subnetwork str

The name or self_link of the Google Compute Engine subnetwork in which the cluster’s instances are launched.

tpu_ipv4_cidr_block str

The IP address range of the Cloud TPUs in this cluster, in CIDR notation (e.g. 1.2.3.4/29).

vertical_pod_autoscaling Dict[ClusterVerticalPodAutoscaling]

Vertical Pod Autoscaling automatically adjusts the resources of pods controlled by it. Structure is documented below.

workload_identity_config Dict[ClusterWorkloadIdentityConfig]

Workload Identity allows Kubernetes service accounts to act as a user-managed Google IAM Service Account. Structure is documented below.

See the input and output API doc for this type.

See the input and output API doc for this type.

See the input and output API doc for this type.

CloudrunConfig ClusterAddonsConfigCloudrunConfigArgs

. The status of the CloudRun addon. It is disabled by default. Set disabled = false to enable.

ConfigConnectorConfig ClusterAddonsConfigConfigConnectorConfigArgs

. The status of the ConfigConnector addon. It is disabled by default; Set enabled = true to enable.

DnsCacheConfig ClusterAddonsConfigDnsCacheConfigArgs

. The status of the NodeLocal DNSCache addon. It is disabled by default. Set enabled = true to enable.

GcePersistentDiskCsiDriverConfig ClusterAddonsConfigGcePersistentDiskCsiDriverConfigArgs

. Whether this cluster should enable the Google Compute Engine Persistent Disk Container Storage Interface (CSI) Driver. Defaults to disabled; set enabled = true to enable.

HorizontalPodAutoscaling ClusterAddonsConfigHorizontalPodAutoscalingArgs

The status of the Horizontal Pod Autoscaling addon, which increases or decreases the number of replica pods a replication controller has based on the resource usage of the existing pods. It ensures that a Heapster pod is running in the cluster, which is also used by the Cloud Monitoring service. It is enabled by default; set disabled = true to disable.

HttpLoadBalancing ClusterAddonsConfigHttpLoadBalancingArgs

The status of the HTTP (L7) load balancing controller addon, which makes it easy to set up HTTP load balancers for services in a cluster. It is enabled by default; set disabled = true to disable.

IstioConfig ClusterAddonsConfigIstioConfigArgs

. Structure is documented below.

KalmConfig ClusterAddonsConfigKalmConfigArgs

. Configuration for the KALM addon, which manages the lifecycle of k8s. It is disabled by default; Set enabled = true to enable.

NetworkPolicyConfig ClusterAddonsConfigNetworkPolicyConfigArgs

Whether we should enable the network policy addon for the master. This must be enabled in order to enable network policy for the nodes. To enable this, you must also define a network_policy block, otherwise nothing will happen. It can only be disabled if the nodes already do not have network policies enabled. Defaults to disabled; set disabled = false to enable.

CloudrunConfig ClusterAddonsConfigCloudrunConfig

. The status of the CloudRun addon. It is disabled by default. Set disabled = false to enable.

ConfigConnectorConfig ClusterAddonsConfigConfigConnectorConfig

. The status of the ConfigConnector addon. It is disabled by default; Set enabled = true to enable.

DnsCacheConfig ClusterAddonsConfigDnsCacheConfig

. The status of the NodeLocal DNSCache addon. It is disabled by default. Set enabled = true to enable.

GcePersistentDiskCsiDriverConfig ClusterAddonsConfigGcePersistentDiskCsiDriverConfig

. Whether this cluster should enable the Google Compute Engine Persistent Disk Container Storage Interface (CSI) Driver. Defaults to disabled; set enabled = true to enable.

HorizontalPodAutoscaling ClusterAddonsConfigHorizontalPodAutoscaling

The status of the Horizontal Pod Autoscaling addon, which increases or decreases the number of replica pods a replication controller has based on the resource usage of the existing pods. It ensures that a Heapster pod is running in the cluster, which is also used by the Cloud Monitoring service. It is enabled by default; set disabled = true to disable.

HttpLoadBalancing ClusterAddonsConfigHttpLoadBalancing

The status of the HTTP (L7) load balancing controller addon, which makes it easy to set up HTTP load balancers for services in a cluster. It is enabled by default; set disabled = true to disable.

IstioConfig ClusterAddonsConfigIstioConfig

. Structure is documented below.

KalmConfig ClusterAddonsConfigKalmConfig

. Configuration for the KALM addon, which manages the lifecycle of k8s. It is disabled by default; Set enabled = true to enable.

NetworkPolicyConfig ClusterAddonsConfigNetworkPolicyConfig

Whether we should enable the network policy addon for the master. This must be enabled in order to enable network policy for the nodes. To enable this, you must also define a network_policy block, otherwise nothing will happen. It can only be disabled if the nodes already do not have network policies enabled. Defaults to disabled; set disabled = false to enable.

cloudrunConfig ClusterAddonsConfigCloudrunConfig

. The status of the CloudRun addon. It is disabled by default. Set disabled = false to enable.

configConnectorConfig ClusterAddonsConfigConfigConnectorConfig

. The status of the ConfigConnector addon. It is disabled by default; Set enabled = true to enable.

dnsCacheConfig ClusterAddonsConfigDnsCacheConfig

. The status of the NodeLocal DNSCache addon. It is disabled by default. Set enabled = true to enable.

gcePersistentDiskCsiDriverConfig ClusterAddonsConfigGcePersistentDiskCsiDriverConfig

. Whether this cluster should enable the Google Compute Engine Persistent Disk Container Storage Interface (CSI) Driver. Defaults to disabled; set enabled = true to enable.

horizontalPodAutoscaling ClusterAddonsConfigHorizontalPodAutoscaling

The status of the Horizontal Pod Autoscaling addon, which increases or decreases the number of replica pods a replication controller has based on the resource usage of the existing pods. It ensures that a Heapster pod is running in the cluster, which is also used by the Cloud Monitoring service. It is enabled by default; set disabled = true to disable.

httpLoadBalancing ClusterAddonsConfigHttpLoadBalancing

The status of the HTTP (L7) load balancing controller addon, which makes it easy to set up HTTP load balancers for services in a cluster. It is enabled by default; set disabled = true to disable.

istioConfig ClusterAddonsConfigIstioConfig

. Structure is documented below.

kalmConfig ClusterAddonsConfigKalmConfig

. Configuration for the KALM addon, which manages the lifecycle of k8s. It is disabled by default; Set enabled = true to enable.

networkPolicyConfig ClusterAddonsConfigNetworkPolicyConfig

Whether we should enable the network policy addon for the master. This must be enabled in order to enable network policy for the nodes. To enable this, you must also define a network_policy block, otherwise nothing will happen. It can only be disabled if the nodes already do not have network policies enabled. Defaults to disabled; set disabled = false to enable.

cloudrunConfig Dict[ClusterAddonsConfigCloudrunConfig]

. The status of the CloudRun addon. It is disabled by default. Set disabled = false to enable.

configConnectorConfig Dict[ClusterAddonsConfigConfigConnectorConfig]

. The status of the ConfigConnector addon. It is disabled by default; Set enabled = true to enable.

dnsCacheConfig Dict[ClusterAddonsConfigDnsCacheConfig]

. The status of the NodeLocal DNSCache addon. It is disabled by default. Set enabled = true to enable.

gcePersistentDiskCsiDriverConfig Dict[ClusterAddonsConfigGcePersistentDiskCsiDriverConfig]

. Whether this cluster should enable the Google Compute Engine Persistent Disk Container Storage Interface (CSI) Driver. Defaults to disabled; set enabled = true to enable.

horizontalPodAutoscaling Dict[ClusterAddonsConfigHorizontalPodAutoscaling]

The status of the Horizontal Pod Autoscaling addon, which increases or decreases the number of replica pods a replication controller has based on the resource usage of the existing pods. It ensures that a Heapster pod is running in the cluster, which is also used by the Cloud Monitoring service. It is enabled by default; set disabled = true to disable.

httpLoadBalancing Dict[ClusterAddonsConfigHttpLoadBalancing]

The status of the HTTP (L7) load balancing controller addon, which makes it easy to set up HTTP load balancers for services in a cluster. It is enabled by default; set disabled = true to disable.

istioConfig Dict[ClusterAddonsConfigIstioConfig]

. Structure is documented below.

kalmConfig Dict[ClusterAddonsConfigKalmConfig]

. Configuration for the KALM addon, which manages the lifecycle of k8s. It is disabled by default; Set enabled = true to enable.

networkPolicyConfig Dict[ClusterAddonsConfigNetworkPolicyConfig]

Whether we should enable the network policy addon for the master. This must be enabled in order to enable network policy for the nodes. To enable this, you must also define a network_policy block, otherwise nothing will happen. It can only be disabled if the nodes already do not have network policies enabled. Defaults to disabled; set disabled = false to enable.

See the input and output API doc for this type.

See the input and output API doc for this type.

See the input and output API doc for this type.

Disabled bool

The status of the Istio addon, which makes it easy to set up Istio for services in a cluster. It is disabled by default. Set disabled = false to enable.

Disabled bool

The status of the Istio addon, which makes it easy to set up Istio for services in a cluster. It is disabled by default. Set disabled = false to enable.

disabled boolean

The status of the Istio addon, which makes it easy to set up Istio for services in a cluster. It is disabled by default. Set disabled = false to enable.

disabled bool

The status of the Istio addon, which makes it easy to set up Istio for services in a cluster. It is disabled by default. Set disabled = false to enable.

See the input and output API doc for this type.

See the input and output API doc for this type.

See the input and output API doc for this type.

Enabled bool

Enable the PodSecurityPolicy controller for this cluster. If enabled, pods must be valid under a PodSecurityPolicy to be created.

Enabled bool

Enable the PodSecurityPolicy controller for this cluster. If enabled, pods must be valid under a PodSecurityPolicy to be created.

enabled boolean

Enable the PodSecurityPolicy controller for this cluster. If enabled, pods must be valid under a PodSecurityPolicy to be created.

enabled bool

Enable the PodSecurityPolicy controller for this cluster. If enabled, pods must be valid under a PodSecurityPolicy to be created.

See the input and output API doc for this type.

See the input and output API doc for this type.

See the input and output API doc for this type.

Enabled bool

Enable the PodSecurityPolicy controller for this cluster. If enabled, pods must be valid under a PodSecurityPolicy to be created.

Enabled bool

Enable the PodSecurityPolicy controller for this cluster. If enabled, pods must be valid under a PodSecurityPolicy to be created.

enabled boolean

Enable the PodSecurityPolicy controller for this cluster. If enabled, pods must be valid under a PodSecurityPolicy to be created.

enabled bool

Enable the PodSecurityPolicy controller for this cluster. If enabled, pods must be valid under a PodSecurityPolicy to be created.

See the input and output API doc for this type.

See the input and output API doc for this type.

See the input and output API doc for this type.

Enabled bool

Enable the PodSecurityPolicy controller for this cluster. If enabled, pods must be valid under a PodSecurityPolicy to be created.

Enabled bool

Enable the PodSecurityPolicy controller for this cluster. If enabled, pods must be valid under a PodSecurityPolicy to be created.

enabled boolean

Enable the PodSecurityPolicy controller for this cluster. If enabled, pods must be valid under a PodSecurityPolicy to be created.

enabled bool

Enable the PodSecurityPolicy controller for this cluster. If enabled, pods must be valid under a PodSecurityPolicy to be created.

See the input and output API doc for this type.

See the input and output API doc for this type.

See the input and output API doc for this type.

Disabled bool

The status of the Istio addon, which makes it easy to set up Istio for services in a cluster. It is disabled by default. Set disabled = false to enable.

Disabled bool

The status of the Istio addon, which makes it easy to set up Istio for services in a cluster. It is disabled by default. Set disabled = false to enable.

disabled boolean

The status of the Istio addon, which makes it easy to set up Istio for services in a cluster. It is disabled by default. Set disabled = false to enable.

disabled bool

The status of the Istio addon, which makes it easy to set up Istio for services in a cluster. It is disabled by default. Set disabled = false to enable.

See the input and output API doc for this type.

See the input and output API doc for this type.

See the input and output API doc for this type.

Disabled bool

The status of the Istio addon, which makes it easy to set up Istio for services in a cluster. It is disabled by default. Set disabled = false to enable.

Disabled bool

The status of the Istio addon, which makes it easy to set up Istio for services in a cluster. It is disabled by default. Set disabled = false to enable.

disabled boolean

The status of the Istio addon, which makes it easy to set up Istio for services in a cluster. It is disabled by default. Set disabled = false to enable.

disabled bool

The status of the Istio addon, which makes it easy to set up Istio for services in a cluster. It is disabled by default. Set disabled = false to enable.

See the input and output API doc for this type.

See the input and output API doc for this type.

See the input and output API doc for this type.

Disabled bool

The status of the Istio addon, which makes it easy to set up Istio for services in a cluster. It is disabled by default. Set disabled = false to enable.

Auth string

The authentication type between services in Istio. Available options include AUTH_MUTUAL_TLS.

Disabled bool

The status of the Istio addon, which makes it easy to set up Istio for services in a cluster. It is disabled by default. Set disabled = false to enable.

Auth string

The authentication type between services in Istio. Available options include AUTH_MUTUAL_TLS.

disabled boolean

The status of the Istio addon, which makes it easy to set up Istio for services in a cluster. It is disabled by default. Set disabled = false to enable.

auth string

The authentication type between services in Istio. Available options include AUTH_MUTUAL_TLS.

disabled bool

The status of the Istio addon, which makes it easy to set up Istio for services in a cluster. It is disabled by default. Set disabled = false to enable.

auth str

The authentication type between services in Istio. Available options include AUTH_MUTUAL_TLS.

See the input and output API doc for this type.

See the input and output API doc for this type.

See the input and output API doc for this type.

Enabled bool

Enable the PodSecurityPolicy controller for this cluster. If enabled, pods must be valid under a PodSecurityPolicy to be created.

Enabled bool

Enable the PodSecurityPolicy controller for this cluster. If enabled, pods must be valid under a PodSecurityPolicy to be created.

enabled boolean

Enable the PodSecurityPolicy controller for this cluster. If enabled, pods must be valid under a PodSecurityPolicy to be created.

enabled bool

Enable the PodSecurityPolicy controller for this cluster. If enabled, pods must be valid under a PodSecurityPolicy to be created.

See the input and output API doc for this type.

See the input and output API doc for this type.

See the input and output API doc for this type.

Disabled bool

The status of the Istio addon, which makes it easy to set up Istio for services in a cluster. It is disabled by default. Set disabled = false to enable.

Disabled bool

The status of the Istio addon, which makes it easy to set up Istio for services in a cluster. It is disabled by default. Set disabled = false to enable.

disabled boolean

The status of the Istio addon, which makes it easy to set up Istio for services in a cluster. It is disabled by default. Set disabled = false to enable.

disabled bool

The status of the Istio addon, which makes it easy to set up Istio for services in a cluster. It is disabled by default. Set disabled = false to enable.

See the input and output API doc for this type.

See the input and output API doc for this type.

See the input and output API doc for this type.

SecurityGroup string

The name of the RBAC security group for use with Google security groups in Kubernetes RBAC. Group name must be in format gke-security-groups@yourdomain.com.

SecurityGroup string

The name of the RBAC security group for use with Google security groups in Kubernetes RBAC. Group name must be in format gke-security-groups@yourdomain.com.

securityGroup string

The name of the RBAC security group for use with Google security groups in Kubernetes RBAC. Group name must be in format gke-security-groups@yourdomain.com.

securityGroup str

The name of the RBAC security group for use with Google security groups in Kubernetes RBAC. Group name must be in format gke-security-groups@yourdomain.com.

See the input and output API doc for this type.

See the input and output API doc for this type.

See the input and output API doc for this type.

Enabled bool

Enable the PodSecurityPolicy controller for this cluster. If enabled, pods must be valid under a PodSecurityPolicy to be created.

AutoProvisioningDefaults ClusterClusterAutoscalingAutoProvisioningDefaultsArgs

Contains defaults for a node pool created by NAP. Structure is documented below.

AutoscalingProfile string

) Configuration options for the Autoscaling profile feature, which lets you choose whether the cluster autoscaler should optimize for resource utilization or resource availability when deciding to remove nodes from a cluster. Can be BALANCED or OPTIMIZE_UTILIZATION. Defaults to BALANCED.

ResourceLimits List<ClusterClusterAutoscalingResourceLimitArgs>

Global constraints for machine resources in the cluster. Configuring the cpu and memory types is required if node auto-provisioning is enabled. These limits will apply to node pool autoscaling in addition to node auto-provisioning. Structure is documented below.

Enabled bool

Enable the PodSecurityPolicy controller for this cluster. If enabled, pods must be valid under a PodSecurityPolicy to be created.

AutoProvisioningDefaults ClusterClusterAutoscalingAutoProvisioningDefaults

Contains defaults for a node pool created by NAP. Structure is documented below.

AutoscalingProfile string

) Configuration options for the Autoscaling profile feature, which lets you choose whether the cluster autoscaler should optimize for resource utilization or resource availability when deciding to remove nodes from a cluster. Can be BALANCED or OPTIMIZE_UTILIZATION. Defaults to BALANCED.

ResourceLimits []ClusterClusterAutoscalingResourceLimit

Global constraints for machine resources in the cluster. Configuring the cpu and memory types is required if node auto-provisioning is enabled. These limits will apply to node pool autoscaling in addition to node auto-provisioning. Structure is documented below.

enabled boolean

Enable the PodSecurityPolicy controller for this cluster. If enabled, pods must be valid under a PodSecurityPolicy to be created.

autoProvisioningDefaults ClusterClusterAutoscalingAutoProvisioningDefaults

Contains defaults for a node pool created by NAP. Structure is documented below.

autoscalingProfile string

) Configuration options for the Autoscaling profile feature, which lets you choose whether the cluster autoscaler should optimize for resource utilization or resource availability when deciding to remove nodes from a cluster. Can be BALANCED or OPTIMIZE_UTILIZATION. Defaults to BALANCED.

resourceLimits ClusterClusterAutoscalingResourceLimit[]

Global constraints for machine resources in the cluster. Configuring the cpu and memory types is required if node auto-provisioning is enabled. These limits will apply to node pool autoscaling in addition to node auto-provisioning. Structure is documented below.

enabled bool

Enable the PodSecurityPolicy controller for this cluster. If enabled, pods must be valid under a PodSecurityPolicy to be created.

autoProvisioningDefaults Dict[ClusterClusterAutoscalingAutoProvisioningDefaults]

Contains defaults for a node pool created by NAP. Structure is documented below.

autoscalingProfile str

) Configuration options for the Autoscaling profile feature, which lets you choose whether the cluster autoscaler should optimize for resource utilization or resource availability when deciding to remove nodes from a cluster. Can be BALANCED or OPTIMIZE_UTILIZATION. Defaults to BALANCED.

resourceLimits List[ClusterClusterAutoscalingResourceLimit]

Global constraints for machine resources in the cluster. Configuring the cpu and memory types is required if node auto-provisioning is enabled. These limits will apply to node pool autoscaling in addition to node auto-provisioning. Structure is documented below.

See the input and output API doc for this type.

See the input and output API doc for this type.

See the input and output API doc for this type.

MinCpuPlatform string

Minimum CPU platform to be used by this instance. The instance may be scheduled on the specified or newer CPU platform. Applicable values are the friendly names of CPU platforms, such as Intel Haswell. See the official documentation for more information.

OauthScopes List<string>

The set of Google API scopes to be made available on all of the node VMs under the “default” service account. These can be either FQDNs, or scope aliases. The following scopes are necessary to ensure the correct functioning of the cluster:

ServiceAccount string

The service account to be used by the Node VMs. If not specified, the “default” service account is used. In order to use the configured oauth_scopes for logging and monitoring, the service account being used needs the roles/logging.logWriter and roles/monitoring.metricWriter roles.

MinCpuPlatform string

Minimum CPU platform to be used by this instance. The instance may be scheduled on the specified or newer CPU platform. Applicable values are the friendly names of CPU platforms, such as Intel Haswell. See the official documentation for more information.

OauthScopes []string

The set of Google API scopes to be made available on all of the node VMs under the “default” service account. These can be either FQDNs, or scope aliases. The following scopes are necessary to ensure the correct functioning of the cluster:

ServiceAccount string

The service account to be used by the Node VMs. If not specified, the “default” service account is used. In order to use the configured oauth_scopes for logging and monitoring, the service account being used needs the roles/logging.logWriter and roles/monitoring.metricWriter roles.

minCpuPlatform string

Minimum CPU platform to be used by this instance. The instance may be scheduled on the specified or newer CPU platform. Applicable values are the friendly names of CPU platforms, such as Intel Haswell. See the official documentation for more information.

oauthScopes string[]

The set of Google API scopes to be made available on all of the node VMs under the “default” service account. These can be either FQDNs, or scope aliases. The following scopes are necessary to ensure the correct functioning of the cluster:

serviceAccount string

The service account to be used by the Node VMs. If not specified, the “default” service account is used. In order to use the configured oauth_scopes for logging and monitoring, the service account being used needs the roles/logging.logWriter and roles/monitoring.metricWriter roles.

min_cpu_platform str

Minimum CPU platform to be used by this instance. The instance may be scheduled on the specified or newer CPU platform. Applicable values are the friendly names of CPU platforms, such as Intel Haswell. See the official documentation for more information.

oauthScopes List[str]

The set of Google API scopes to be made available on all of the node VMs under the “default” service account. These can be either FQDNs, or scope aliases. The following scopes are necessary to ensure the correct functioning of the cluster:

service_account str

The service account to be used by the Node VMs. If not specified, the “default” service account is used. In order to use the configured oauth_scopes for logging and monitoring, the service account being used needs the roles/logging.logWriter and roles/monitoring.metricWriter roles.

See the input and output API doc for this type.

See the input and output API doc for this type.

See the input and output API doc for this type.

ResourceType string

The type of the resource. For example, cpu and memory. See the guide to using Node Auto-Provisioning for a list of types.

Maximum int

Maximum amount of the resource in the cluster.

Minimum int

Minimum amount of the resource in the cluster.

ResourceType string

The type of the resource. For example, cpu and memory. See the guide to using Node Auto-Provisioning for a list of types.

Maximum int

Maximum amount of the resource in the cluster.

Minimum int

Minimum amount of the resource in the cluster.

resourceType string

The type of the resource. For example, cpu and memory. See the guide to using Node Auto-Provisioning for a list of types.

maximum number

Maximum amount of the resource in the cluster.

minimum number

Minimum amount of the resource in the cluster.

resourceType str

The type of the resource. For example, cpu and memory. See the guide to using Node Auto-Provisioning for a list of types.

maximum float

Maximum amount of the resource in the cluster.

minimum float

Minimum amount of the resource in the cluster.

See the input and output API doc for this type.

See the input and output API doc for this type.

See the input and output API doc for this type.

Type string

The accelerator type resource to expose to this instance. E.g. nvidia-tesla-k80.

Type string

The accelerator type resource to expose to this instance. E.g. nvidia-tesla-k80.

type string

The accelerator type resource to expose to this instance. E.g. nvidia-tesla-k80.

type str

The accelerator type resource to expose to this instance. E.g. nvidia-tesla-k80.

See the input and output API doc for this type.

See the input and output API doc for this type.

See the input and output API doc for this type.

State string

ENCRYPTED or DECRYPTED

KeyName string

the key to use to encrypt/decrypt secrets. See the DatabaseEncryption definition for more information.

State string

ENCRYPTED or DECRYPTED

KeyName string

the key to use to encrypt/decrypt secrets. See the DatabaseEncryption definition for more information.

state string

ENCRYPTED or DECRYPTED

keyName string

the key to use to encrypt/decrypt secrets. See the DatabaseEncryption definition for more information.

state str

ENCRYPTED or DECRYPTED

keyName str

the key to use to encrypt/decrypt secrets. See the DatabaseEncryption definition for more information.

See the input and output API doc for this type.

See the input and output API doc for this type.

See the input and output API doc for this type.

ClusterIpv4CidrBlock string

The IP address range for the cluster pod IPs. Set to blank to have a range chosen with the default size. Set to /netmask (e.g. /14) to have a range chosen with a specific netmask. Set to a CIDR notation (e.g. 10.96.0.0/14) from the RFC-1918 private networks (e.g. 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) to pick a specific range to use.

ClusterSecondaryRangeName string

The name of the existing secondary range in the cluster’s subnetwork to use for pod IP addresses. Alternatively, cluster_ipv4_cidr_block can be used to automatically create a GKE-managed one.

ServicesIpv4CidrBlock string

The IP address range of the services IPs in this cluster. Set to blank to have a range chosen with the default size. Set to /netmask (e.g. /14) to have a range chosen with a specific netmask. Set to a CIDR notation (e.g. 10.96.0.0/14) from the RFC-1918 private networks (e.g. 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) to pick a specific range to use.

ServicesSecondaryRangeName string

The name of the existing secondary range in the cluster’s subnetwork to use for service ClusterIPs. Alternatively, services_ipv4_cidr_block can be used to automatically create a GKE-managed one.

ClusterIpv4CidrBlock string

The IP address range for the cluster pod IPs. Set to blank to have a range chosen with the default size. Set to /netmask (e.g. /14) to have a range chosen with a specific netmask. Set to a CIDR notation (e.g. 10.96.0.0/14) from the RFC-1918 private networks (e.g. 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) to pick a specific range to use.

ClusterSecondaryRangeName string

The name of the existing secondary range in the cluster’s subnetwork to use for pod IP addresses. Alternatively, cluster_ipv4_cidr_block can be used to automatically create a GKE-managed one.

ServicesIpv4CidrBlock string

The IP address range of the services IPs in this cluster. Set to blank to have a range chosen with the default size. Set to /netmask (e.g. /14) to have a range chosen with a specific netmask. Set to a CIDR notation (e.g. 10.96.0.0/14) from the RFC-1918 private networks (e.g. 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) to pick a specific range to use.

ServicesSecondaryRangeName string

The name of the existing secondary range in the cluster’s subnetwork to use for service ClusterIPs. Alternatively, services_ipv4_cidr_block can be used to automatically create a GKE-managed one.

clusterIpv4CidrBlock string

The IP address range for the cluster pod IPs. Set to blank to have a range chosen with the default size. Set to /netmask (e.g. /14) to have a range chosen with a specific netmask. Set to a CIDR notation (e.g. 10.96.0.0/14) from the RFC-1918 private networks (e.g. 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) to pick a specific range to use.

clusterSecondaryRangeName string

The name of the existing secondary range in the cluster’s subnetwork to use for pod IP addresses. Alternatively, cluster_ipv4_cidr_block can be used to automatically create a GKE-managed one.

servicesIpv4CidrBlock string

The IP address range of the services IPs in this cluster. Set to blank to have a range chosen with the default size. Set to /netmask (e.g. /14) to have a range chosen with a specific netmask. Set to a CIDR notation (e.g. 10.96.0.0/14) from the RFC-1918 private networks (e.g. 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) to pick a specific range to use.

servicesSecondaryRangeName string

The name of the existing secondary range in the cluster’s subnetwork to use for service ClusterIPs. Alternatively, services_ipv4_cidr_block can be used to automatically create a GKE-managed one.

clusterIpv4CidrBlock str

The IP address range for the cluster pod IPs. Set to blank to have a range chosen with the default size. Set to /netmask (e.g. /14) to have a range chosen with a specific netmask. Set to a CIDR notation (e.g. 10.96.0.0/14) from the RFC-1918 private networks (e.g. 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) to pick a specific range to use.

clusterSecondaryRangeName str

The name of the existing secondary range in the cluster’s subnetwork to use for pod IP addresses. Alternatively, cluster_ipv4_cidr_block can be used to automatically create a GKE-managed one.

servicesIpv4CidrBlock str

The IP address range of the services IPs in this cluster. Set to blank to have a range chosen with the default size. Set to /netmask (e.g. /14) to have a range chosen with a specific netmask. Set to a CIDR notation (e.g. 10.96.0.0/14) from the RFC-1918 private networks (e.g. 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) to pick a specific range to use.

servicesSecondaryRangeName str

The name of the existing secondary range in the cluster’s subnetwork to use for service ClusterIPs. Alternatively, services_ipv4_cidr_block can be used to automatically create a GKE-managed one.

See the input and output API doc for this type.

See the input and output API doc for this type.

See the input and output API doc for this type.

DailyMaintenanceWindow ClusterMaintenancePolicyDailyMaintenanceWindowArgs

Time window specified for daily maintenance operations. Specify start_time in RFC3339 format “HH:MM”, where HH : [00-23] and MM : [00-59] GMT. For example:

RecurringWindow ClusterMaintenancePolicyRecurringWindowArgs

Time window for recurring maintenance operations.

DailyMaintenanceWindow ClusterMaintenancePolicyDailyMaintenanceWindow

Time window specified for daily maintenance operations. Specify start_time in RFC3339 format “HH:MM”, where HH : [00-23] and MM : [00-59] GMT. For example:

RecurringWindow ClusterMaintenancePolicyRecurringWindow

Time window for recurring maintenance operations.

dailyMaintenanceWindow ClusterMaintenancePolicyDailyMaintenanceWindow

Time window specified for daily maintenance operations. Specify start_time in RFC3339 format “HH:MM”, where HH : [00-23] and MM : [00-59] GMT. For example:

recurringWindow ClusterMaintenancePolicyRecurringWindow

Time window for recurring maintenance operations.

dailyMaintenanceWindow Dict[ClusterMaintenancePolicyDailyMaintenanceWindow]

Time window specified for daily maintenance operations. Specify start_time in RFC3339 format “HH:MM”, where HH : [00-23] and MM : [00-59] GMT. For example:

recurringWindow Dict[ClusterMaintenancePolicyRecurringWindow]

Time window for recurring maintenance operations.

See the input and output API doc for this type.

See the input and output API doc for this type.

See the input and output API doc for this type.

StartTime string

Duration string

StartTime string

Duration string

startTime string

duration string

startTime str

duration str

See the input and output API doc for this type.

See the input and output API doc for this type.

See the input and output API doc for this type.

EndTime string

Recurrence string

StartTime string

EndTime string

Recurrence string

StartTime string

endTime string

recurrence string

startTime string

endTime str

recurrence str

startTime str

See the input and output API doc for this type.

See the input and output API doc for this type.

See the input and output API doc for this type.

ClientCertificate string

ClientCertificateConfig ClusterMasterAuthClientCertificateConfigArgs

Whether client certificate authorization is enabled for this cluster. For example:

ClientKey string

ClusterCaCertificate string

Password string

The password to use for HTTP basic authentication when accessing the Kubernetes master endpoint.

Username string

The username to use for HTTP basic authentication when accessing the Kubernetes master endpoint. If not present basic auth will be disabled.

ClientCertificate string

ClientCertificateConfig ClusterMasterAuthClientCertificateConfig

Whether client certificate authorization is enabled for this cluster. For example:

ClientKey string

ClusterCaCertificate string

Password string

The password to use for HTTP basic authentication when accessing the Kubernetes master endpoint.

Username string

The username to use for HTTP basic authentication when accessing the Kubernetes master endpoint. If not present basic auth will be disabled.

clientCertificate string

clientCertificateConfig ClusterMasterAuthClientCertificateConfig

Whether client certificate authorization is enabled for this cluster. For example:

clientKey string

clusterCaCertificate string

password string

The password to use for HTTP basic authentication when accessing the Kubernetes master endpoint.

username string

The username to use for HTTP basic authentication when accessing the Kubernetes master endpoint. If not present basic auth will be disabled.

clientCertificate str

clientCertificateConfig Dict[ClusterMasterAuthClientCertificateConfig]

Whether client certificate authorization is enabled for this cluster. For example:

clientKey str

clusterCaCertificate str

password str

The password to use for HTTP basic authentication when accessing the Kubernetes master endpoint.

username str

The username to use for HTTP basic authentication when accessing the Kubernetes master endpoint. If not present basic auth will be disabled.