Cluster is the Schema for the Clusters API. Creates a Google Kubernetes Engine (GKE) cluster.
Type
CRD
Group
container.gcp.upbound.io
Version
v1beta1
apiVersion: container.gcp.upbound.io/v1beta1
kind: Cluster
ClusterSpec defines the desired state of Cluster
No description provided.
The configuration for addons supported by GKE. Structure is documented below.
. Structure is documented below.
. The status of the ConfigConnector addon. It is disabled by default; Set enabled = true to enable.
. The status of the NodeLocal DNSCache addon. It is disabled by default. Set enabled = true to enable.
. Whether this cluster should enable the Google Compute Engine Persistent Disk Container Storage Interface (CSI) Driver. Defaults to disabled; set enabled = true to enabled.
The status of the Filestore CSI driver addon, which allows the usage of filestore instance as volumes. It is disabled by default; set enabled = true to enable.
The status of the GCSFuse CSI driver addon, which allows the usage of a gcs bucket as volumes. It is disabled by default; set enabled = true to enable.
. The status of the Backup for GKE agent addon. It is disabled by default; Set enabled = true to enable.
The status of the Horizontal Pod Autoscaling addon, which increases or decreases the number of replica pods a replication controller has based on the resource usage of the existing pods. It is enabled by default; set disabled = true to disable.
The status of the HTTP (L7) load balancing controller addon, which makes it easy to set up HTTP load balancers for services in a cluster. It is enabled by default; set disabled = true to disable.
Whether we should enable the network policy addon for the master. This must be enabled in order to enable network policy for the nodes. To enable this, you must also define a network_policy block, otherwise nothing will happen. It can only be disabled if the nodes already do not have network policies enabled. Defaults to disabled; set disabled = false to enable.
Configuration for the Google Groups for GKE feature. Structure is documented below.
Configuration options for the Binary Authorization feature. Structure is documented below.
Per-cluster configuration of Node Auto-Provisioning with Cluster Autoscaler to automatically adjust the size of the cluster and create/delete node pools based on the current needs of the cluster's workload. See the guide to using Node Auto-Provisioning for more details. Structure is documented below.
Contains defaults for a node pool created by NAP. A subset of fields also apply to GKE Autopilot clusters. Structure is documented below.
NodeManagement configuration for this NodePool. Structure is documented below.
The set of Google API scopes to be made available on all of the node VMs under the "default" service account. Use the "https://www.googleapis.com/auth/cloud-platform" scope to grant access to all APIs. It is recommended that you set service_account to a non-default service account and grant IAM roles to that service account for only the resources that it needs.
Shielded Instance options. Structure is documented below.
Specifies the upgrade settings for NAP created node pools. Structure is documented below.
Settings for blue-green upgrade strategy. To be specified when strategy is set to BLUE_GREEN. Structure is documented below.
green upgrade. To be specified when strategy is set to BLUE_GREEN. Structure is documented below.
Global constraints for machine resources in the cluster. Configuring the cpu and memory types is required if node auto-provisioning is enabled. These limits will apply to node pool autoscaling in addition to node auto-provisioning. Structure is documented below.
Configuration for Confidential Nodes feature. Structure is documented below documented below.
Configuration for the Cost Allocation feature. Structure is documented below.
GKE SNAT DefaultSnatStatus contains the desired state of whether default sNAT should be disabled on the cluster, API doc. Structure is documented below
Configuration for Using Cloud DNS for GKE. Structure is documented below.
Configuration for Kubernetes Beta APIs. Structure is documented below.
Enabled Kubernetes Beta APIs. To list a Beta API resource, use the representation {group}/{version}/{resource}. The version must be a Beta version. Note that you cannot disable beta APIs that are already enabled on a cluster without recreating it. See the Configure beta APIs for more information.
Configuration for GKE Gateway API controller. Structure is documented below.
Configuration of cluster IP allocation for VPC-native clusters. Adding this block enables IP aliasing, making the cluster VPC-native instead of routes-based. Structure is documented below.
No description provided.
Logging configuration for the cluster. Structure is documented below.
The GKE components exposing logs. Supported values include: SYSTEM_COMPONENTS, APISERVER, CONTROLLER_MANAGER, SCHEDULER, and WORKLOADS.
The maintenance policy to use for the cluster. Structure is documented below.
structure documented below.
structure documented below
MaintenanceExclusionOptions provides maintenance exclusion related options.
structure documented below
The authentication information for accessing the Kubernetes master. Some values in this block are only returned by the API if your service account has permission to get credentials for your GKE cluster. If you see an unexpected diff unsetting your client cert, ensure you have the container.clusters.getCredentials permission. Structure is documented below.
Whether client certificate authorization is enabled for this cluster. For example:
The desired configuration options for master authorized networks. Omit the nested cidr_blocks attribute to disallow external access (except the cluster node IPs, which GKE automatically whitelists). Structure is documented below.
External networks that can access the Kubernetes cluster master through HTTPS.
Structure is documented below.
Monitoring configuration for the cluster. Structure is documented below.
The GKE components exposing metrics. Supported values include: SYSTEM_COMPONENTS, APISERVER, CONTROLLER_MANAGER, and SCHEDULER. In beta provider, WORKLOADS is supported on top of those 4 values. (WORKLOADS is deprecated and removed in GKE 1.24.)
Configuration for Managed Service for Prometheus. Structure is documented below.
Reference to a Network in compute to populate network.
Policies for referencing.
Selector for a Network in compute to populate network.
Policies for selection.
Parameters used in creating the default node pool. Structure is documented below.
Specifies options for controlling advanced machine features. Structure is documented below.
Parameters for the ephemeral storage filesystem. If unspecified, ephemeral storage is backed by the boot disk. Structure is documented below.
Parameters for the Google Container Filesystem (GCFS). If unspecified, GCFS will not be enabled on the node pool. When enabling this feature you must specify image_type = "COS_CONTAINERD" and node_version from GKE versions 1.19 or later to use it. For GKE versions 1.19, 1.20, and 1.21, the recommended minimum node_version would be 1.19.15-gke.1300, 1.20.11-gke.1300, and 1.21.5-gke.1300 respectively. A machine_type that has more than 16 GiB of memory is also recommended. GCFS must be enabled in order to use image streaming. Structure is documented below.
List of the type and count of accelerator cards attached to the instance. Structure documented below.12 this field is an Attribute as Block
Configuration for auto installation of GPU driver. Structure is documented below.
Configuration for GPU sharing. Structure is documented below.
Google Virtual NIC (gVNIC) is a virtual network interface. Installing the gVNIC driver allows for more efficient traffic transmission across the Google network infrastructure. gVNIC is an alternative to the virtIO-based ethernet driver. GKE nodes must use a Container-Optimized OS node image. GKE node version 1.15.11-gke.15 or later Structure is documented below.
The maintenance policy to use for the cluster. Structure is documented below.
Kubelet configuration, currently supported attributes can be found here. Structure is documented below.
Linux node configuration, currently supported attributes can be found here. Note that validations happen all server side. All attributes are optional. Structure is documented below.
Parameters for the local NVMe SSDs. Structure is documented below.
The set of Google API scopes to be made available on all of the node VMs under the "default" service account. Use the "https://www.googleapis.com/auth/cloud-platform" scope to grant access to all APIs. It is recommended that you set service_account to a non-default service account and grant IAM roles to that service account for only the resources that it needs.
The configuration of the desired reservation which instances could take capacity from. Structure is documented below.
Reference to a ServiceAccount in cloudplatform to populate serviceAccount.
Policies for referencing.
Selector for a ServiceAccount in cloudplatform to populate serviceAccount.
Policies for selection.
Shielded Instance options. Structure is documented below.
Allows specifying multiple node affinities useful for running workloads on sole tenant nodes. node_affinity structure is documented below.
The list of instance tags applied to all nodes. Tags are used to identify valid sources or targets for network firewalls.
A list of Kubernetes taints to apply to nodes. GKE's API can only set this field on cluster creation. However, GKE will add taints to your nodes if you enable certain features such as GPUs. Taint values can be updated safely in Kubernetes (eg. through kubectl), and it's recommended that you do not use this field to manage taints. If you do, lifecycle.ignore_changes is recommended. Structure is documented below.
Metadata configuration to expose to workloads on the node pool. Structure is documented below.
The list of zones in which the cluster's nodes are located. Nodes must be in the region of their regional cluster or in the same region as their cluster's zone for zonal clusters. If this is specified for a zonal cluster, omit the cluster's zone.
Default NodePool settings for the entire cluster. These settings are overridden if specified on the specific NodePool object. Structure is documented below.
Subset of NodeConfig message that has defaults.
Configuration for the cluster upgrade notifications feature. Structure is documented below.
The pubsub config for the cluster's upgrade notifications.
Choose what type of notifications you want to receive. If no filters are applied, you'll receive all notification types. Structure is documented below.
Can be used to filter what notifications are sent. Accepted values are UPGRADE_AVAILABLE_EVENT, UPGRADE_EVENT and SECURITY_BULLETIN_EVENT. See Filtering notifications for more details.
Configuration for private clusters, clusters with private nodes. Structure is documented below.
Controls cluster master global access settings. Structure is documented below.
Configuration options for the Release channel feature, which provide more control over automatic upgrades of your GKE clusters. When updating this field, GKE imposes specific version requirements. See Selecting a new release channel for more details; the google_container_engine_versions datasource can provide the default version for a channel. Instead, use the "UNSPECIFIED" channel. Structure is documented below.
Configuration for the ResourceUsageExportConfig feature. Structure is documented below.
Parameters for using BigQuery as the destination of resource usage export.
Enable/Disable Security Posture API features for the cluster. Structure is documented below.
Structure is documented below.
Reference to a Subnetwork in compute to populate subnetwork.
Policies for referencing.
Selector for a Subnetwork in compute to populate subnetwork.
Policies for selection.
Vertical Pod Autoscaling automatically adjusts the resources of pods controlled by it. Structure is documented below.
Workload Identity allows Kubernetes service accounts to act as a user-managed Google IAM Service Account. Structure is documented below.
THIS IS A BETA FIELD. It will be honored unless the Management Policies feature flag is disabled. InitProvider holds the same fields as ForProvider, with the exception of Identifier and other resource reference fields. The fields that are in InitProvider are merged into ForProvider when the resource is created. The same fields are also added to the terraform ignore_changes hook, to avoid updating them after creation. This is useful for fields that are required on creation, but we do not desire to update them after creation, for example because of an external controller is managing them, like an autoscaler.
The configuration for addons supported by GKE. Structure is documented below.
. Structure is documented below.
. The status of the ConfigConnector addon. It is disabled by default; Set enabled = true to enable.
. The status of the NodeLocal DNSCache addon. It is disabled by default. Set enabled = true to enable.
. Whether this cluster should enable the Google Compute Engine Persistent Disk Container Storage Interface (CSI) Driver. Defaults to disabled; set enabled = true to enabled.
The status of the Filestore CSI driver addon, which allows the usage of filestore instance as volumes. It is disabled by default; set enabled = true to enable.
The status of the GCSFuse CSI driver addon, which allows the usage of a gcs bucket as volumes. It is disabled by default; set enabled = true to enable.
. The status of the Backup for GKE agent addon. It is disabled by default; Set enabled = true to enable.
The status of the Horizontal Pod Autoscaling addon, which increases or decreases the number of replica pods a replication controller has based on the resource usage of the existing pods. It is enabled by default; set disabled = true to disable.
The status of the HTTP (L7) load balancing controller addon, which makes it easy to set up HTTP load balancers for services in a cluster. It is enabled by default; set disabled = true to disable.
Whether we should enable the network policy addon for the master. This must be enabled in order to enable network policy for the nodes. To enable this, you must also define a network_policy block, otherwise nothing will happen. It can only be disabled if the nodes already do not have network policies enabled. Defaults to disabled; set disabled = false to enable.
Configuration for the Google Groups for GKE feature. Structure is documented below.
Configuration options for the Binary Authorization feature. Structure is documented below.
Per-cluster configuration of Node Auto-Provisioning with Cluster Autoscaler to automatically adjust the size of the cluster and create/delete node pools based on the current needs of the cluster's workload. See the guide to using Node Auto-Provisioning for more details. Structure is documented below.
Contains defaults for a node pool created by NAP. A subset of fields also apply to GKE Autopilot clusters. Structure is documented below.
NodeManagement configuration for this NodePool. Structure is documented below.
The set of Google API scopes to be made available on all of the node VMs under the "default" service account. Use the "https://www.googleapis.com/auth/cloud-platform" scope to grant access to all APIs. It is recommended that you set service_account to a non-default service account and grant IAM roles to that service account for only the resources that it needs.
Shielded Instance options. Structure is documented below.
Specifies the upgrade settings for NAP created node pools. Structure is documented below.
Settings for blue-green upgrade strategy. To be specified when strategy is set to BLUE_GREEN. Structure is documented below.
green upgrade. To be specified when strategy is set to BLUE_GREEN. Structure is documented below.
Global constraints for machine resources in the cluster. Configuring the cpu and memory types is required if node auto-provisioning is enabled. These limits will apply to node pool autoscaling in addition to node auto-provisioning. Structure is documented below.
Configuration for Confidential Nodes feature. Structure is documented below documented below.
Configuration for the Cost Allocation feature. Structure is documented below.
GKE SNAT DefaultSnatStatus contains the desired state of whether default sNAT should be disabled on the cluster, API doc. Structure is documented below
Configuration for Using Cloud DNS for GKE. Structure is documented below.
Configuration for Kubernetes Beta APIs. Structure is documented below.
Enabled Kubernetes Beta APIs. To list a Beta API resource, use the representation {group}/{version}/{resource}. The version must be a Beta version. Note that you cannot disable beta APIs that are already enabled on a cluster without recreating it. See the Configure beta APIs for more information.
Configuration for GKE Gateway API controller. Structure is documented below.
Configuration of cluster IP allocation for VPC-native clusters. Adding this block enables IP aliasing, making the cluster VPC-native instead of routes-based. Structure is documented below.
No description provided.
Logging configuration for the cluster. Structure is documented below.
The GKE components exposing logs. Supported values include: SYSTEM_COMPONENTS, APISERVER, CONTROLLER_MANAGER, SCHEDULER, and WORKLOADS.
The maintenance policy to use for the cluster. Structure is documented below.
structure documented below.
structure documented below
MaintenanceExclusionOptions provides maintenance exclusion related options.
structure documented below
The authentication information for accessing the Kubernetes master. Some values in this block are only returned by the API if your service account has permission to get credentials for your GKE cluster. If you see an unexpected diff unsetting your client cert, ensure you have the container.clusters.getCredentials permission. Structure is documented below.
Whether client certificate authorization is enabled for this cluster. For example:
The desired configuration options for master authorized networks. Omit the nested cidr_blocks attribute to disallow external access (except the cluster node IPs, which GKE automatically whitelists). Structure is documented below.
External networks that can access the Kubernetes cluster master through HTTPS.
Structure is documented below.
Monitoring configuration for the cluster. Structure is documented below.
The GKE components exposing metrics. Supported values include: SYSTEM_COMPONENTS, APISERVER, CONTROLLER_MANAGER, and SCHEDULER. In beta provider, WORKLOADS is supported on top of those 4 values. (WORKLOADS is deprecated and removed in GKE 1.24.)
Configuration for Managed Service for Prometheus. Structure is documented below.
Parameters used in creating the default node pool. Structure is documented below.
Specifies options for controlling advanced machine features. Structure is documented below.
Parameters for the ephemeral storage filesystem. If unspecified, ephemeral storage is backed by the boot disk. Structure is documented below.
Parameters for the Google Container Filesystem (GCFS). If unspecified, GCFS will not be enabled on the node pool. When enabling this feature you must specify image_type = "COS_CONTAINERD" and node_version from GKE versions 1.19 or later to use it. For GKE versions 1.19, 1.20, and 1.21, the recommended minimum node_version would be 1.19.15-gke.1300, 1.20.11-gke.1300, and 1.21.5-gke.1300 respectively. A machine_type that has more than 16 GiB of memory is also recommended. GCFS must be enabled in order to use image streaming. Structure is documented below.
List of the type and count of accelerator cards attached to the instance. Structure documented below.12 this field is an Attribute as Block
Configuration for auto installation of GPU driver. Structure is documented below.
Configuration for GPU sharing. Structure is documented below.
Google Virtual NIC (gVNIC) is a virtual network interface. Installing the gVNIC driver allows for more efficient traffic transmission across the Google network infrastructure. gVNIC is an alternative to the virtIO-based ethernet driver. GKE nodes must use a Container-Optimized OS node image. GKE node version 1.15.11-gke.15 or later Structure is documented below.
The maintenance policy to use for the cluster. Structure is documented below.
Kubelet configuration, currently supported attributes can be found here. Structure is documented below.
Linux node configuration, currently supported attributes can be found here. Note that validations happen all server side. All attributes are optional. Structure is documented below.
Parameters for the local NVMe SSDs. Structure is documented below.
The set of Google API scopes to be made available on all of the node VMs under the "default" service account. Use the "https://www.googleapis.com/auth/cloud-platform" scope to grant access to all APIs. It is recommended that you set service_account to a non-default service account and grant IAM roles to that service account for only the resources that it needs.
The configuration of the desired reservation which instances could take capacity from. Structure is documented below.
Shielded Instance options. Structure is documented below.
Allows specifying multiple node affinities useful for running workloads on sole tenant nodes. node_affinity structure is documented below.
The list of instance tags applied to all nodes. Tags are used to identify valid sources or targets for network firewalls.
A list of Kubernetes taints to apply to nodes. GKE's API can only set this field on cluster creation. However, GKE will add taints to your nodes if you enable certain features such as GPUs. Taint values can be updated safely in Kubernetes (eg. through kubectl), and it's recommended that you do not use this field to manage taints. If you do, lifecycle.ignore_changes is recommended. Structure is documented below.
Metadata configuration to expose to workloads on the node pool. Structure is documented below.
The list of zones in which the cluster's nodes are located. Nodes must be in the region of their regional cluster or in the same region as their cluster's zone for zonal clusters. If this is specified for a zonal cluster, omit the cluster's zone.
Default NodePool settings for the entire cluster. These settings are overridden if specified on the specific NodePool object. Structure is documented below.
Subset of NodeConfig message that has defaults.
Configuration for the cluster upgrade notifications feature. Structure is documented below.
The pubsub config for the cluster's upgrade notifications.
Choose what type of notifications you want to receive. If no filters are applied, you'll receive all notification types. Structure is documented below.
Can be used to filter what notifications are sent. Accepted values are UPGRADE_AVAILABLE_EVENT, UPGRADE_EVENT and SECURITY_BULLETIN_EVENT. See Filtering notifications for more details.
Configuration for private clusters, clusters with private nodes. Structure is documented below.
Controls cluster master global access settings. Structure is documented below.
Configuration options for the Release channel feature, which provide more control over automatic upgrades of your GKE clusters. When updating this field, GKE imposes specific version requirements. See Selecting a new release channel for more details; the google_container_engine_versions datasource can provide the default version for a channel. Instead, use the "UNSPECIFIED" channel. Structure is documented below.
Configuration for the ResourceUsageExportConfig feature. Structure is documented below.
Parameters for using BigQuery as the destination of resource usage export.
Enable/Disable Security Posture API features for the cluster. Structure is documented below.
Structure is documented below.
Vertical Pod Autoscaling automatically adjusts the resources of pods controlled by it. Structure is documented below.
Workload Identity allows Kubernetes service accounts to act as a user-managed Google IAM Service Account. Structure is documented below.
THIS IS A BETA FIELD. It is on by default but can be opted out through a Crossplane feature flag. ManagementPolicies specify the array of actions Crossplane is allowed to take on the managed and external resources. This field is planned to replace the DeletionPolicy field in a future release. Currently, both could be set independently and non-default values would be honored if the feature flag is enabled. If both are custom, the DeletionPolicy field will be ignored. See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md
ProviderConfigReference specifies how the provider that will be used to create, observe, update, and delete this managed resource should be configured.
Policies for referencing.
PublishConnectionDetailsTo specifies the connection secret config which contains a name, metadata and a reference to secret store config to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource.
WriteConnectionSecretToReference specifies the namespace and name of a Secret to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource. This field is planned to be replaced in a future release in favor of PublishConnectionDetailsTo. Currently, both could be set independently and connection details would be published to both without affecting each other.
ClusterStatus defines the observed state of Cluster.
No description provided.
The configuration for addons supported by GKE. Structure is documented below.
. Structure is documented below.
. The status of the ConfigConnector addon. It is disabled by default; Set enabled = true to enable.
. The status of the NodeLocal DNSCache addon. It is disabled by default. Set enabled = true to enable.
. Whether this cluster should enable the Google Compute Engine Persistent Disk Container Storage Interface (CSI) Driver. Defaults to disabled; set enabled = true to enabled.
The status of the Filestore CSI driver addon, which allows the usage of filestore instance as volumes. It is disabled by default; set enabled = true to enable.
The status of the GCSFuse CSI driver addon, which allows the usage of a gcs bucket as volumes. It is disabled by default; set enabled = true to enable.
. The status of the Backup for GKE agent addon. It is disabled by default; Set enabled = true to enable.
The status of the Horizontal Pod Autoscaling addon, which increases or decreases the number of replica pods a replication controller has based on the resource usage of the existing pods. It is enabled by default; set disabled = true to disable.
The status of the HTTP (L7) load balancing controller addon, which makes it easy to set up HTTP load balancers for services in a cluster. It is enabled by default; set disabled = true to disable.
Whether we should enable the network policy addon for the master. This must be enabled in order to enable network policy for the nodes. To enable this, you must also define a network_policy block, otherwise nothing will happen. It can only be disabled if the nodes already do not have network policies enabled. Defaults to disabled; set disabled = false to enable.
Configuration for the Google Groups for GKE feature. Structure is documented below.
Configuration options for the Binary Authorization feature. Structure is documented below.
Per-cluster configuration of Node Auto-Provisioning with Cluster Autoscaler to automatically adjust the size of the cluster and create/delete node pools based on the current needs of the cluster's workload. See the guide to using Node Auto-Provisioning for more details. Structure is documented below.
Contains defaults for a node pool created by NAP. A subset of fields also apply to GKE Autopilot clusters. Structure is documented below.
NodeManagement configuration for this NodePool. Structure is documented below.
Specifies the Auto Upgrade knobs for the node pool.
The set of Google API scopes to be made available on all of the node VMs under the "default" service account. Use the "https://www.googleapis.com/auth/cloud-platform" scope to grant access to all APIs. It is recommended that you set service_account to a non-default service account and grant IAM roles to that service account for only the resources that it needs.
Shielded Instance options. Structure is documented below.
Specifies the upgrade settings for NAP created node pools. Structure is documented below.
Settings for blue-green upgrade strategy. To be specified when strategy is set to BLUE_GREEN. Structure is documented below.
green upgrade. To be specified when strategy is set to BLUE_GREEN. Structure is documented below.
Global constraints for machine resources in the cluster. Configuring the cpu and memory types is required if node auto-provisioning is enabled. These limits will apply to node pool autoscaling in addition to node auto-provisioning. Structure is documented below.
Configuration for Confidential Nodes feature. Structure is documented below documented below.
Configuration for the Cost Allocation feature. Structure is documented below.
GKE SNAT DefaultSnatStatus contains the desired state of whether default sNAT should be disabled on the cluster, API doc. Structure is documented below
Configuration for Using Cloud DNS for GKE. Structure is documented below.
Configuration for Kubernetes Beta APIs. Structure is documented below.
Enabled Kubernetes Beta APIs. To list a Beta API resource, use the representation {group}/{version}/{resource}. The version must be a Beta version. Note that you cannot disable beta APIs that are already enabled on a cluster without recreating it. See the Configure beta APIs for more information.
Configuration for GKE Gateway API controller. Structure is documented below.
Configuration of cluster IP allocation for VPC-native clusters. Adding this block enables IP aliasing, making the cluster VPC-native instead of routes-based. Structure is documented below.
No description provided.
Logging configuration for the cluster. Structure is documented below.
The GKE components exposing logs. Supported values include: SYSTEM_COMPONENTS, APISERVER, CONTROLLER_MANAGER, SCHEDULER, and WORKLOADS.
The maintenance policy to use for the cluster. Structure is documented below.
structure documented below
MaintenanceExclusionOptions provides maintenance exclusion related options.
structure documented below
The authentication information for accessing the Kubernetes master. Some values in this block are only returned by the API if your service account has permission to get credentials for your GKE cluster. If you see an unexpected diff unsetting your client cert, ensure you have the container.clusters.getCredentials permission. Structure is documented below.
Whether client certificate authorization is enabled for this cluster. For example:
The desired configuration options for master authorized networks. Omit the nested cidr_blocks attribute to disallow external access (except the cluster node IPs, which GKE automatically whitelists). Structure is documented below.
External networks that can access the Kubernetes cluster master through HTTPS.
Structure is documented below.
Monitoring configuration for the cluster. Structure is documented below.
The GKE components exposing metrics. Supported values include: SYSTEM_COMPONENTS, APISERVER, CONTROLLER_MANAGER, and SCHEDULER. In beta provider, WORKLOADS is supported on top of those 4 values. (WORKLOADS is deprecated and removed in GKE 1.24.)
Configuration for Managed Service for Prometheus. Structure is documented below.
Parameters used in creating the default node pool. Structure is documented below.
Specifies options for controlling advanced machine features. Structure is documented below.
Parameters for the ephemeral storage filesystem. If unspecified, ephemeral storage is backed by the boot disk. Structure is documented below.
Parameters for the Google Container Filesystem (GCFS). If unspecified, GCFS will not be enabled on the node pool. When enabling this feature you must specify image_type = "COS_CONTAINERD" and node_version from GKE versions 1.19 or later to use it. For GKE versions 1.19, 1.20, and 1.21, the recommended minimum node_version would be 1.19.15-gke.1300, 1.20.11-gke.1300, and 1.21.5-gke.1300 respectively. A machine_type that has more than 16 GiB of memory is also recommended. GCFS must be enabled in order to use image streaming. Structure is documented below.
List of the type and count of accelerator cards attached to the instance. Structure documented below.12 this field is an Attribute as Block
Configuration for auto installation of GPU driver. Structure is documented below.
Configuration for GPU sharing. Structure is documented below.
Google Virtual NIC (gVNIC) is a virtual network interface. Installing the gVNIC driver allows for more efficient traffic transmission across the Google network infrastructure. gVNIC is an alternative to the virtIO-based ethernet driver. GKE nodes must use a Container-Optimized OS node image. GKE node version 1.15.11-gke.15 or later Structure is documented below.
The maintenance policy to use for the cluster. Structure is documented below.
Kubelet configuration, currently supported attributes can be found here. Structure is documented below.
Linux node configuration, currently supported attributes can be found here. Note that validations happen all server side. All attributes are optional. Structure is documented below.
Parameters for the local NVMe SSDs. Structure is documented below.
The set of Google API scopes to be made available on all of the node VMs under the "default" service account. Use the "https://www.googleapis.com/auth/cloud-platform" scope to grant access to all APIs. It is recommended that you set service_account to a non-default service account and grant IAM roles to that service account for only the resources that it needs.
The configuration of the desired reservation which instances could take capacity from. Structure is documented below.
Shielded Instance options. Structure is documented below.
Allows specifying multiple node affinities useful for running workloads on sole tenant nodes. node_affinity structure is documented below.
The list of instance tags applied to all nodes. Tags are used to identify valid sources or targets for network firewalls.
A list of Kubernetes taints to apply to nodes. GKE's API can only set this field on cluster creation. However, GKE will add taints to your nodes if you enable certain features such as GPUs. Taint values can be updated safely in Kubernetes (eg. through kubectl), and it's recommended that you do not use this field to manage taints. If you do, lifecycle.ignore_changes is recommended. Structure is documented below.
Metadata configuration to expose to workloads on the node pool. Structure is documented below.
The list of zones in which the cluster's nodes are located. Nodes must be in the region of their regional cluster or in the same region as their cluster's zone for zonal clusters. If this is specified for a zonal cluster, omit the cluster's zone.
List of node pools associated with this cluster. See google_container_node_pool for schema. Warning: node pools defined inside a cluster can't be changed (or added/removed) after cluster creation without deleting and recreating the entire cluster. Unless you absolutely need the ability to say "these are the only node pools associated with this cluster", use the google_container_node_pool resource instead of this property.
No description provided.
No description provided.
No description provided.
NodeManagement configuration for this NodePool. Structure is documented below.
No description provided.
No description provided.
Parameters used in creating the default node pool. Structure is documented below.
Specifies options for controlling advanced machine features. Structure is documented below.
Parameters for the ephemeral storage filesystem. If unspecified, ephemeral storage is backed by the boot disk. Structure is documented below.
The default Google Container Filesystem (GCFS) configuration at the cluster level. e.g. enable image streaming across all the node pools within the cluster. Structure is documented below.
List of the type and count of accelerator cards attached to the instance. Structure documented below.12 this field is an Attribute as Block
Configuration for auto installation of GPU driver. Structure is documented below.
Configuration for GPU sharing. Structure is documented below.
Google Virtual NIC (gVNIC) is a virtual network interface. Installing the gVNIC driver allows for more efficient traffic transmission across the Google network infrastructure. gVNIC is an alternative to the virtIO-based ethernet driver. GKE nodes must use a Container-Optimized OS node image. GKE node version 1.15.11-gke.15 or later Structure is documented below.
The maintenance policy to use for the cluster. Structure is documented below.
Kubelet configuration, currently supported attributes can be found here. Structure is documented below.
Linux node configuration, currently supported attributes can be found here. Note that validations happen all server side. All attributes are optional. Structure is documented below.
Parameters for the local NVMe SSDs. Structure is documented below.
The set of Google API scopes to be made available on all of the node VMs under the "default" service account. Use the "https://www.googleapis.com/auth/cloud-platform" scope to grant access to all APIs. It is recommended that you set service_account to a non-default service account and grant IAM roles to that service account for only the resources that it needs.
The configuration of the desired reservation which instances could take capacity from. Structure is documented below.
Shielded Instance options. Structure is documented below.
Allows specifying multiple node affinities useful for running workloads on sole tenant nodes. node_affinity structure is documented below.
List of network tags applied to auto-provisioned node pools.
A list of Kubernetes taints to apply to nodes. GKE's API can only set this field on cluster creation. However, GKE will add taints to your nodes if you enable certain features such as GPUs. Taint values can be updated safely in Kubernetes (eg. through kubectl), and it's recommended that you do not use this field to manage taints. If you do, lifecycle.ignore_changes is recommended. Structure is documented below.
Metadata configuration to expose to workloads on the node pool. Structure is documented below.
The list of zones in which the cluster's nodes are located. Nodes must be in the region of their regional cluster or in the same region as their cluster's zone for zonal clusters. If this is specified for a zonal cluster, omit the cluster's zone.
No description provided.
Specifies the upgrade settings for NAP created node pools. Structure is documented below.
Settings for blue-green upgrade strategy. To be specified when strategy is set to BLUE_GREEN. Structure is documented below.
green upgrade. To be specified when strategy is set to BLUE_GREEN. Structure is documented below.
Default NodePool settings for the entire cluster. These settings are overridden if specified on the specific NodePool object. Structure is documented below.
Subset of NodeConfig message that has defaults.
Configuration for the cluster upgrade notifications feature. Structure is documented below.
The pubsub config for the cluster's upgrade notifications.
Choose what type of notifications you want to receive. If no filters are applied, you'll receive all notification types. Structure is documented below.
Can be used to filter what notifications are sent. Accepted values are UPGRADE_AVAILABLE_EVENT, UPGRADE_EVENT and SECURITY_BULLETIN_EVENT. See Filtering notifications for more details.
Configuration for private clusters, clusters with private nodes. Structure is documented below.
Controls cluster master global access settings. Structure is documented below.
Configuration options for the Release channel feature, which provide more control over automatic upgrades of your GKE clusters. When updating this field, GKE imposes specific version requirements. See Selecting a new release channel for more details; the google_container_engine_versions datasource can provide the default version for a channel. Instead, use the "UNSPECIFIED" channel. Structure is documented below.
Configuration for the ResourceUsageExportConfig feature. Structure is documented below.
Parameters for using BigQuery as the destination of resource usage export.
Enable/Disable Security Posture API features for the cluster. Structure is documented below.
Structure is documented below.
Vertical Pod Autoscaling automatically adjusts the resources of pods controlled by it. Structure is documented below.
Workload Identity allows Kubernetes service accounts to act as a user-managed Google IAM Service Account. Structure is documented below.
Conditions of the resource.
membership
apiVersion: container.gcp.upbound.io/v1beta1
kind: Cluster
metadata:
annotations:
meta.upbound.io/example-id: gkehub/v1beta1/membershipiammember
labels:
testing.upbound.io/example-name: membership
name: membership
spec:
forProvider:
initialNodeCount: 2
location: us-central1-a
nodeConfig:
- machineType: e2-standard-8
game-server-cluster
apiVersion: container.gcp.upbound.io/v1beta1
kind: Cluster
metadata:
annotations:
meta.upbound.io/example-id: gkehub/v1beta1/membership
upjet.upbound.io/manual-intervention: "Error 404: Method not found"
labels:
testing.upbound.io/example-name: game-server-cluster
name: game-server-cluster
spec:
forProvider:
initialNodeCount: 1
location: us-central1-a
nodepool
apiVersion: container.gcp.upbound.io/v1beta1
kind: Cluster
metadata:
annotations:
meta.upbound.io/example-id: container/v1beta1/cluster
labels:
testing.upbound.io/example-name: nodepool
name: nodepool
spec:
forProvider:
initialNodeCount: 1
location: us-central1-a
removeDefaultNodePool: true
membership
apiVersion: container.gcp.upbound.io/v1beta1
kind: Cluster
metadata:
annotations:
meta.upbound.io/example-id: gkehub/v1beta1/membership
labels:
testing.upbound.io/example-name: membership
name: membership
spec:
forProvider:
initialNodeCount: 2
location: us-central1-a
nodeConfig:
- machineType: e2-standard-8
instance-group-named-port
apiVersion: container.gcp.upbound.io/v1beta1
kind: Cluster
metadata:
annotations:
meta.upbound.io/example-id: compute/v1beta1/instancegroupnamedport
upjet.upbound.io/manual-intervention: Instance group name is generated
(gke-instance-group-named-default-pool-eb15fe12-grp). Needs explicit
reference
labels:
testing.upbound.io/example-name: instance-group-named-port
name: instance-group-named-port
spec:
forProvider:
initialNodeCount: 1
ipAllocationPolicy:
- clusterIpv4CidrBlock: /19
servicesIpv4CidrBlock: /22
location: us-central1-a
networkSelector:
matchLabels:
testing.upbound.io/example-name: instance-group-named-port
subnetworkSelector:
matchLabels:
testing.upbound.io/example-name: instance-group-named-port
cluster
apiVersion: container.gcp.upbound.io/v1beta1
kind: Cluster
metadata:
annotations:
meta.upbound.io/example-id: container/v1beta1/cluster
labels:
testing.upbound.io/example-name: cluster
name: cluster
spec:
forProvider:
enableAutopilot: true
ipAllocationPolicy:
- {}
location: europe-north1
primary
apiVersion: container.gcp.upbound.io/v1beta1
kind: Cluster
metadata:
annotations:
meta.upbound.io/example-id: gke/v1beta1/backupbackupplan
labels:
testing.upbound.io/example-name: primary
name: primary
spec:
forProvider:
addonsConfig:
- gkeBackupAgentConfig:
- enabled: true
initialNodeCount: 1
location: us-central1
removeDefaultNodePool: false
© 2022 Upbound, Inc.
Discover the building blocksfor your internal cloud platform.