Cluster is the Schema for the Clusters API. Creates a Google Kubernetes Engine (GKE) cluster.
Type
CRD
Group
container.gcp.upbound.io
Version
v1beta1
apiVersion: container.gcp.upbound.io/v1beta1
kind: Cluster
ClusterSpec defines the desired state of Cluster
No description provided.
The configuration for addons supported by GKE. Structure is documented below.
. Structure is documented below.
The status of the Filestore CSI driver addon, which allows the usage of filestore instance as volumes. It is disabled by default; set enabled = true to enable.
The status of the Horizontal Pod Autoscaling addon, which increases or decreases the number of replica pods a replication controller has based on the resource usage of the existing pods. It is enabled by default; set disabled = true to disable.
The status of the HTTP (L7) load balancing controller addon, which makes it easy to set up HTTP load balancers for services in a cluster. It is enabled by default; set disabled = true to disable.
Whether we should enable the network policy addon for the master. This must be enabled in order to enable network policy for the nodes. To enable this, you must also define a network_policy block, otherwise nothing will happen. It can only be disabled if the nodes already do not have network policies enabled. Defaults to disabled; set disabled = false to enable.
Configuration for the Google Groups for GKE feature. Structure is documented below.
Per-cluster configuration of Node Auto-Provisioning with Cluster Autoscaler to automatically adjust the size of the cluster and create/delete node pools based on the current needs of the cluster's workload. See the guide to using Node Auto-Provisioning for more details. Structure is documented below.
Contains defaults for a node pool created by NAP. Structure is documented below.
The set of Google API scopes to be made available on all of the node VMs under the "default" service account. Use the "https://www.googleapis.com/auth/cloud-platform" scope to grant access to all APIs. It is recommended that you set service_account to a non-default service account and grant IAM roles to that service account for only the resources that it needs.
Global constraints for machine resources in the cluster. Configuring the cpu and memory types is required if node auto-provisioning is enabled. These limits will apply to node pool autoscaling in addition to node auto-provisioning. Structure is documented below.
Configuration for Confidential Nodes feature. Structure is documented below documented below.
GKE SNAT DefaultSnatStatus contains the desired state of whether default sNAT should be disabled on the cluster, API doc. Structure is documented below
Configuration for Using Cloud DNS for GKE. Structure is documented below.
Configuration of cluster IP allocation for VPC-native clusters. Adding this block enables IP aliasing, making the cluster VPC-native instead of routes-based. Structure is documented below.
Logging configuration for the cluster. Structure is documented below.
The GKE components exposing logs. Supported values include: SYSTEM_COMPONENTS and WORKLOADS.
The maintenance policy to use for the cluster. Structure is documented below.
structure documented below.
structure documented below
MaintenanceExclusionOptions provides maintenance exclusion related options.
structure documented below
The authentication information for accessing the Kubernetes master. Some values in this block are only returned by the API if your service account has permission to get credentials for your GKE cluster. If you see an unexpected diff unsetting your client cert, ensure you have the container.clusters.getCredentials permission. Structure is documented below.
Whether client certificate authorization is enabled for this cluster. For example:
The desired configuration options for master authorized networks. Omit the nested cidr_blocks attribute to disallow external access (except the cluster node IPs, which GKE automatically whitelists). Structure is documented below.
External networks that can access the Kubernetes cluster master through HTTPS.
Monitoring configuration for the cluster. Structure is documented below.
The GKE components exposing logs. SYSTEM_COMPONENTS and in beta provider, both SYSTEM_COMPONENTS and WORKLOADS are supported.
Reference to a Network in compute to populate network.
Policies for referencing.
Selector for a Network in compute to populate network.
Policies for selection.
Parameters used in creating the default node pool. Structure is documented below.
Parameters for the Google Container Filesystem (GCFS). If unspecified, GCFS will not be enabled on the node pool. When enabling this feature you must specify image_type = "COS_CONTAINERD" and node_version from GKE versions 1.19 or later to use it. For GKE versions 1.19, 1.20, and 1.21, the recommended minimum node_version would be 1.19.15-gke.1300, 1.20.11-gke.1300, and 1.21.5-gke.1300 respectively. A machine_type that has more than 16 GiB of memory is also recommended. GCFS must be enabled in order to use image streaming. Structure is documented below.
List of the type and count of accelerator cards attached to the instance. Structure documented below.12 this field is an Attribute as Block
Google Virtual NIC (gVNIC) is a virtual network interface. Installing the gVNIC driver allows for more efficient traffic transmission across the Google network infrastructure. gVNIC is an alternative to the virtIO-based ethernet driver. GKE nodes must use a Container-Optimized OS node image. GKE node version 1.15.11-gke.15 or later Structure is documented below.
The set of Google API scopes to be made available on all of the node VMs under the "default" service account. Use the "https://www.googleapis.com/auth/cloud-platform" scope to grant access to all APIs. It is recommended that you set service_account to a non-default service account and grant IAM roles to that service account for only the resources that it needs.
Reference to a ServiceAccount in cloudplatform to populate serviceAccount.
Policies for referencing.
Selector for a ServiceAccount in cloudplatform to populate serviceAccount.
Policies for selection.
Shielded Instance options. Structure is documented below.
The list of instance tags applied to all nodes. Tags are used to identify valid sources or targets for network firewalls.
A list of Kubernetes taints to apply to nodes. GKE's API can only set this field on cluster creation. However, GKE will add taints to your nodes if you enable certain features such as GPUs. Taint values can be updated safely in Kubernetes (eg. through kubectl), and it's recommended that you do not use this field to manage taints. If you do, lifecycle.ignore_changes is recommended. Structure is documented below.
Metadata configuration to expose to workloads on the node pool. Structure is documented below.
The list of zones in which the cluster's nodes are located. Nodes must be in the region of their regional cluster or in the same region as their cluster's zone for zonal clusters. If this is specified for a zonal cluster, omit the cluster's zone.
Configuration for private clusters, clusters with private nodes. Structure is documented below.
Controls cluster master global access settings. Structure is documented below.
Configuration options for the Release channel feature, which provide more control over automatic upgrades of your GKE clusters. When updating this field, GKE imposes specific version requirements. See Selecting a new release channel for more details; the google_container_engine_versions datasource can provide the default version for a channel. Instead, use the "UNSPECIFIED" channel. Structure is documented below.
Configuration for the ResourceUsageExportConfig feature. Structure is documented below.
Parameters for using BigQuery as the destination of resource usage export.
Reference to a Subnetwork in compute to populate subnetwork.
Policies for referencing.
Selector for a Subnetwork in compute to populate subnetwork.
Policies for selection.
Vertical Pod Autoscaling automatically adjusts the resources of pods controlled by it. Structure is documented below.
Workload Identity allows Kubernetes service accounts to act as a user-managed Google IAM Service Account. Structure is documented below.
ProviderConfigReference specifies how the provider that will be used to create, observe, update, and delete this managed resource should be configured.
Policies for referencing.
ProviderReference specifies the provider that will be used to create, observe, update, and delete this managed resource. Deprecated: Please use ProviderConfigReference, i.e. providerConfigRef
Policies for referencing.
PublishConnectionDetailsTo specifies the connection secret config which contains a name, metadata and a reference to secret store config to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource.
WriteConnectionSecretToReference specifies the namespace and name of a Secret to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource. This field is planned to be replaced in a future release in favor of PublishConnectionDetailsTo. Currently, both could be set independently and connection details would be published to both without affecting each other.
ClusterStatus defines the observed state of Cluster.
No description provided.
The maintenance policy to use for the cluster. Structure is documented below.
structure documented below.
The authentication information for accessing the Kubernetes master. Some values in this block are only returned by the API if your service account has permission to get credentials for your GKE cluster. If you see an unexpected diff unsetting your client cert, ensure you have the container.clusters.getCredentials permission. Structure is documented below.
List of node pools associated with this cluster. See google_container_node_pool for schema. Warning: node pools defined inside a cluster can't be changed (or added/removed) after cluster creation without deleting and recreating the entire cluster. Unless you absolutely need the ability to say "these are the only node pools associated with this cluster", use the google_container_node_pool resource instead of this property.
No description provided.
No description provided.
No description provided.
No description provided.
Parameters used in creating the default node pool. Structure is documented below.
Parameters for the Google Container Filesystem (GCFS). If unspecified, GCFS will not be enabled on the node pool. When enabling this feature you must specify image_type = "COS_CONTAINERD" and node_version from GKE versions 1.19 or later to use it. For GKE versions 1.19, 1.20, and 1.21, the recommended minimum node_version would be 1.19.15-gke.1300, 1.20.11-gke.1300, and 1.21.5-gke.1300 respectively. A machine_type that has more than 16 GiB of memory is also recommended. GCFS must be enabled in order to use image streaming. Structure is documented below.
List of the type and count of accelerator cards attached to the instance. Structure documented below.12 this field is an Attribute as Block
Google Virtual NIC (gVNIC) is a virtual network interface. Installing the gVNIC driver allows for more efficient traffic transmission across the Google network infrastructure. gVNIC is an alternative to the virtIO-based ethernet driver. GKE nodes must use a Container-Optimized OS node image. GKE node version 1.15.11-gke.15 or later Structure is documented below.
The set of Google API scopes to be made available on all of the node VMs under the "default" service account. Use the "https://www.googleapis.com/auth/cloud-platform" scope to grant access to all APIs. It is recommended that you set service_account to a non-default service account and grant IAM roles to that service account for only the resources that it needs.
Shielded Instance options. Structure is documented below.
The list of instance tags applied to all nodes. Tags are used to identify valid sources or targets for network firewalls.
A list of Kubernetes taints to apply to nodes. GKE's API can only set this field on cluster creation. However, GKE will add taints to your nodes if you enable certain features such as GPUs. Taint values can be updated safely in Kubernetes (eg. through kubectl), and it's recommended that you do not use this field to manage taints. If you do, lifecycle.ignore_changes is recommended. Structure is documented below.
Metadata configuration to expose to workloads on the node pool. Structure is documented below.
The list of zones in which the cluster's nodes are located. Nodes must be in the region of their regional cluster or in the same region as their cluster's zone for zonal clusters. If this is specified for a zonal cluster, omit the cluster's zone.
No description provided.
Configuration for private clusters, clusters with private nodes. Structure is documented below.
Conditions of the resource.
game-server-cluster
apiVersion: container.gcp.upbound.io/v1beta1
kind: Cluster
metadata:
annotations:
meta.upbound.io/example-id: gkehub/v1beta1/membership
upjet.upbound.io/manual-intervention: "Error 404: Method not found"
labels:
testing.upbound.io/example-name: game-server-cluster
name: game-server-cluster
spec:
forProvider:
initialNodeCount: 1
location: us-central1-a
nodepool
apiVersion: container.gcp.upbound.io/v1beta1
kind: Cluster
metadata:
annotations:
meta.upbound.io/example-id: container/v1beta1/cluster
labels:
testing.upbound.io/example-name: nodepool
name: nodepool
spec:
forProvider:
initialNodeCount: 1
location: us-central1-a
removeDefaultNodePool: true
membership
apiVersion: container.gcp.upbound.io/v1beta1
kind: Cluster
metadata:
annotations:
meta.upbound.io/example-id: gkehub/v1beta1/membership
labels:
testing.upbound.io/example-name: membership
name: membership
spec:
forProvider:
initialNodeCount: 2
location: us-central1-a
nodeConfig:
- machineType: e2-standard-8
instance-group-named-port
apiVersion: container.gcp.upbound.io/v1beta1
kind: Cluster
metadata:
annotations:
meta.upbound.io/example-id: compute/v1beta1/instancegroupnamedport
upjet.upbound.io/manual-intervention: Instance group name is generated
(gke-instance-group-named-default-pool-eb15fe12-grp). Needs explicit
reference
labels:
testing.upbound.io/example-name: instance-group-named-port
name: instance-group-named-port
spec:
forProvider:
initialNodeCount: 1
ipAllocationPolicy:
- clusterIpv4CidrBlock: /19
servicesIpv4CidrBlock: /22
location: us-central1-a
networkSelector:
matchLabels:
testing.upbound.io/example-name: instance-group-named-port
subnetworkSelector:
matchLabels:
testing.upbound.io/example-name: instance-group-named-port
© 2022 Upbound, Inc.
Discover the building blocksfor your internal cloud platform.