A Cluster is a managed resource that represents a Google Kubernetes Engine cluster.
Type
CRD
Group
container.gcp.crossplane.io
Version
v1beta2
apiVersion: container.gcp.crossplane.io/v1beta2
kind: Cluster
A ClusterSpec defines the desired state of a Cluster.
ClusterParameters define the desired state of a Google Kubernetes Engine cluster. Most of its fields are direct mirror of GCP Cluster object. See https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1/projects.locations.clusters#Cluster
AddonsConfig: Configurations for the various addons available to run in the cluster.
CloudRunConfig: Configuration for the Cloud Run addon. The IstioConfig addon must be enabled in order to enable Cloud Run addon. This option can only be enabled at cluster creation time.
ConfigConnectorConfig: Configuration for the ConfigConnector add-on, a Kubernetes extension to manage hosted GCP services through the Kubernetes API
DNSCacheConfig: Configuration for NodeLocalDNS, a dns cache running on cluster nodes
GCEPersistentDiskCSIDriverConfig: Configuration for the GCP Compute Persistent Disk CSI driver.
HorizontalPodAutoscaling: Configuration for the horizontal pod autoscaling feature, which increases or decreases the number of replica pods a replication controller has based on the resource usage of the existing pods.
HTTpLoadBalancing: Configuration for the HTTP (L7) load balancing controller addon, which makes it easy to set up HTTP load balancers for services in a cluster.
KubernetesDashboard: Configuration for the Kubernetes Dashboard. This addon is deprecated, and will be disabled in 1.15. It is recommended to use the Cloud Console to manage and monitor your Kubernetes clusters, workloads and applications. For more information, see: https://cloud.google.com/kubernetes-engine/docs/concepts/dashboards
NetworkPolicyConfig: Configuration for NetworkPolicy. This only tracks whether the addon is enabled or not on the Master, it does not track whether network policy is enabled for the nodes.
AuthenticatorGroupsConfig: Configuration controlling RBAC group membership information.
Autoscaling: Cluster-level autoscaling configuration.
AutoprovisioningLocations: The list of Google Compute Engine zones in which the NodePool's nodes can be created by NAP.
AutoprovisioningNodePoolDefaults: AutoprovisioningNodePoolDefaults contains defaults for a node pool created by NAP.
Management: Specifies the node management options for NAP created node-pools.
OauthScopes: Scopes that are used by NAP when creating node pools. If oauth_scopes are specified, service_account should be empty.
ShieldedInstanceConfig: Shielded Instance options.
UpgradeSettings: Specifies the upgrade settings for NAP created node pools
ResourceLimits: Contains global constraints regarding minimum and maximum amount of resources in the cluster.
BinaryAuthorization: Configuration for Binary Authorization.
ConfidentialNodes: Configuration of Confidential Nodes
DefaultMaxPodsConstraint: The default constraint on the maximum number of pods that can be run simultaneously on a node in the node pool of this cluster. Only honored if cluster created with IP Alias support.
IPAllocationPolicy: Configuration for cluster IP allocation.
LegacyAbac: Configuration for the legacy ABAC authorization mode.
Locations: The list of Google Compute Engine zones in which the cluster's nodes should be located.
MaintenancePolicy: Configure the maintenance policy for this cluster.
Window: Specifies the maintenance window in which maintenance may be performed.
DailyMaintenanceWindow: DailyMaintenanceWindow specifies a daily maintenance operation window.
RecurringWindow: RecurringWindow specifies some number of recurring time periods for maintenance to occur. The time windows may be overlapping. If no maintenance windows are set, maintenance can occur at any time.
MasterAuth: The authentication information for accessing the master endpoint. If unspecified, the defaults are used: For clusters before v1.12, if master_auth is unspecified, username will be set to "admin", a random password will be generated, and a client certificate will be issued.
ClientCertificateConfig: Configuration for client certificate authentication on the cluster. For clusters before v1.12, if no configuration is specified, a client certificate is issued.
MasterAuthorizedNetworksConfig: The configuration options for master authorized networks feature.
CidrBlocks: cidr_blocks define up to 50 external networks that could access Kubernetes master through HTTPS.
NetworkConfig: Configuration for cluster networking.
DefaultSnatStatus: Whether the cluster disables default in-node sNAT rules. In-node sNAT rules will be disabled when default_snat_status is disabled. When disabled is set to false, default IP masquerade rules will be applied to the nodes to prevent sNAT on cluster internal traffic.
DNSConfig contains the desired set of options for configuring clusterDNS.
NetworkRef references to a Network and retrieves its URI
Policies for referencing.
NetworkSelector selects a reference to a Network and retrieves its URI
Policies for selection.
PrivateClusterConfig: Configuration for private cluster.
MasterGlobalAccessConfig: Controls master global access settings.
ReleaseChannel: Release channel configuration.
ResourceUsageExportConfig: Configuration for exporting resource usages. Resource usage export is disabled when this config is unspecified.
BigqueryDestination: Configuration to use BigQuery as usage export destination.
ConsumptionMeteringConfig: Configuration to enable resource consumption metering.
SubnetworkRef references to a Subnetwork and retrieves its URI
Policies for referencing.
SubnetworkSelector selects a reference to a Subnetwork and retrieves its URI
Policies for selection.
VerticalPodAutoscaling: Cluster-level Vertical Pod Autoscaling configuration.
WorkloadIdentityConfig: Configuration for the use of Kubernetes Service Accounts in GCP IAM policies.
ProviderConfigReference specifies how the provider that will be used to create, observe, update, and delete this managed resource should be configured.
Policies for referencing.
ProviderReference specifies the provider that will be used to create, observe, update, and delete this managed resource. Deprecated: Please use ProviderConfigReference, i.e. providerConfigRef
Policies for referencing.
PublishConnectionDetailsTo specifies the connection secret config which contains a name, metadata and a reference to secret store config to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource.
WriteConnectionSecretToReference specifies the namespace and name of a Secret to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource. This field is planned to be replaced in a future release in favor of PublishConnectionDetailsTo. Currently, both could be set independently and connection details would be published to both without affecting each other.
A ClusterStatus represents the observed state of a Cluster.
ClusterObservation is used to show the observed state of the GKE cluster resource on GCP.
MaintenancePolicy: Configure the maintenance policy for this cluster.
Window: Specifies the maintenance window in which maintenance may be performed.
DailyMaintenanceWindow: DailyMaintenanceWindow specifies a daily maintenance operation window.
NetworkConfig: Configuration for cluster networking.
NodePools: The node pools associated with this cluster. This field should not be set if "node_config" or "initial_node_count" are specified.
Autoscaling: Autoscaler configuration for this NodePool. Autoscaler is enabled only if a valid configuration is present.
Config: The node configuration of the pool.
Accelerators: A list of hardware accelerators to be attached to each node. See https://cloud.google.com/compute/docs/gpus for more information about support for GPUs.
OauthScopes: The set of Google API scopes to be made available on all of the node VMs under the "default" service account. The following scopes are recommended, but not required, and by default are not included:
https://www.googleapis.com/auth/computeis required for mounting persistent storage on your nodes. *https://www.googleapis.com/auth/devstorage.read_onlyis required for communicating with gcr.io (the Google Container Registry). If unspecified, no scopes are added, unless Cloud Logging or Cloud Monitoring are enabled, in which case their required scopes will be added.
SandboxConfig: Sandbox configuration for this node.
ShieldedInstanceConfig: Shielded Instance options.
Tags: The list of instance tags applied to all nodes. Tags are used to identify valid sources or targets for network firewalls and are specified by the client during cluster or node pool creation. Each tag within the list must comply with RFC1035.
Taints: List of kubernetes taints to be applied to each node. For more information, including usage and the valid values, see: https://kubernetes.io/docs/concepts/configuration/taint-and-toler ation/
InstanceGroupUrls: The resource URLs of the managed instance groups associated with this node pool.
Locations: The list of Google Compute Engine zones in which the NodePool's nodes should be located.
Management: NodeManagement configuration for this NodePool.
UpgradeOptions: Specifies the Auto Upgrade knobs for the node pool.
MaxPodsConstraint: The constraint on the maximum number of pods that can be run simultaneously on a node in the node pool.
PrivateClusterConfig: Configuration for private cluster.
Conditions of the resource.
example-cluster
apiVersion: container.gcp.crossplane.io/v1beta2
kind: Cluster
metadata:
name: example-cluster
spec:
forProvider:
addonsConfig:
gcePersistentDiskCsiDriverConfig:
enabled: true
autoscaling:
autoprovisioningNodePoolDefaults:
serviceAccount: sa-test
initialClusterVersion: "1.20"
location: us-west2
loggingService: logging.googleapis.com/kubernetes
monitoringService: monitoring.googleapis.com/kubernetes
network: default
networkConfig:
enableIntraNodeVisibility: true
writeConnectionSecretToRef:
name: gke-conn
namespace: default
© 2022 Upbound, Inc.
Discover the building blocksfor your internal cloud platform.