This product is not supported for your selected Datadog site. ().

gcp_gkemulticloud_aws_cluster

ancestors

Type: UNORDERED_LIST_STRING

annotations

Type: MAP_STRING_STRING
Provider name: annotations
Description: Optional. Annotations on the cluster. This field has the same restrictions as Kubernetes annotations. The total size of all keys and values combined is limited to 256k. Key can have 2 segments: prefix (optional) and name (required), separated by a slash (/). Prefix must be a DNS subdomain. Name must be 63 characters or less, begin and end with alphanumerics, with dashes (-), underscores (_), dots (.), and alphanumerics between.

authorization

Type: STRUCT
Provider name: authorization
Description: Required. Configuration related to the cluster RBAC settings.

  • admin_groups
    Type: UNORDERED_LIST_STRUCT
    Provider name: adminGroups
    Description: Optional. Groups of users that can perform operations as a cluster admin. A managed ClusterRoleBinding will be created to grant the cluster-admin ClusterRole to the groups. Up to ten admin groups can be provided. For more info on RBAC, see https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles
    • group
      Type: STRING
      Provider name: group
      Description: Required. The name of the group, e.g. my-group@domain.com.
  • admin_users
    Type: UNORDERED_LIST_STRUCT
    Provider name: adminUsers
    Description: Optional. Users that can perform operations as a cluster admin. A managed ClusterRoleBinding will be created to grant the cluster-admin ClusterRole to the users. Up to ten admin users can be provided. For more info on RBAC, see https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles
    • username
      Type: STRING
      Provider name: username
      Description: Required. The name of the user, e.g. my-gcp-id@gmail.com.

aws_region

Type: STRING
Provider name: awsRegion
Description: Required. The AWS region where the cluster runs. Each Google Cloud region supports a subset of nearby AWS regions. You can call GetAwsServerConfig to list all supported AWS regions within a given Google Cloud region.

binary_authorization

Type: STRUCT
Provider name: binaryAuthorization
Description: Optional. Binary Authorization configuration for this cluster.

  • evaluation_mode
    Type: STRING
    Provider name: evaluationMode
    Description: Mode of operation for binauthz policy evaluation. If unspecified, defaults to DISABLED.
    Possible values:
    • EVALUATION_MODE_UNSPECIFIED - Default value
    • DISABLED - Disable BinaryAuthorization
    • PROJECT_SINGLETON_POLICY_ENFORCE - Enforce Kubernetes admission requests with BinaryAuthorization using the project’s singleton policy.

cluster_ca_certificate

Type: STRING
Provider name: clusterCaCertificate
Description: Output only. PEM encoded x509 certificate of the cluster root of trust.

control_plane

Type: STRUCT
Provider name: controlPlane
Description: Required. Configuration related to the cluster control plane.

  • aws_services_authentication
    Type: STRUCT
    Provider name: awsServicesAuthentication
    Description: Required. Authentication configuration for management of AWS resources.
    • role_arn
      Type: STRING
      Provider name: roleArn
      Description: Required. The Amazon Resource Name (ARN) of the role that the Anthos Multi-Cloud API will assume when managing AWS resources on your account.
    • role_session_name
      Type: STRING
      Provider name: roleSessionName
      Description: Optional. An identifier for the assumed role session. When unspecified, it defaults to multicloud-service-agent.
  • config_encryption
    Type: STRUCT
    Provider name: configEncryption
    Description: Required. Config encryption for user data.
    • kms_key_arn
      Type: STRING
      Provider name: kmsKeyArn
      Description: Required. The ARN of the AWS KMS key used to encrypt user data.
  • database_encryption
    Type: STRUCT
    Provider name: databaseEncryption
    Description: Required. The ARN of the AWS KMS key used to encrypt cluster secrets.
    • kms_key_arn
      Type: STRING
      Provider name: kmsKeyArn
      Description: Required. The ARN of the AWS KMS key used to encrypt cluster secrets.
  • iam_instance_profile
    Type: STRING
    Provider name: iamInstanceProfile
    Description: Required. The name or ARN of the AWS IAM instance profile to assign to each control plane replica.
  • instance_placement
    Type: STRUCT
    Provider name: instancePlacement
    Description: Optional. The placement to use on control plane instances. When unspecified, the VPC’s default tenancy will be used.
    • tenancy
      Type: STRING
      Provider name: tenancy
      Description: Required. The tenancy for instance.
      Possible values:
      • TENANCY_UNSPECIFIED - Not set.
      • DEFAULT - Use default VPC tenancy.
      • DEDICATED - Run a dedicated instance.
      • HOST - Launch this instance to a dedicated host.
  • instance_type
    Type: STRING
    Provider name: instanceType
    Description: Optional. The AWS instance type. When unspecified, it uses a default based on the cluster’s version.
  • main_volume
    Type: STRUCT
    Provider name: mainVolume
    Description: Optional. Configuration related to the main volume provisioned for each control plane replica. The main volume is in charge of storing all of the cluster’s etcd state. Volumes will be provisioned in the availability zone associated with the corresponding subnet. When unspecified, it defaults to 8 GiB with the GP2 volume type.
    • iops
      Type: INT32
      Provider name: iops
      Description: Optional. The number of I/O operations per second (IOPS) to provision for GP3 volume.
    • kms_key_arn
      Type: STRING
      Provider name: kmsKeyArn
      Description: Optional. The Amazon Resource Name (ARN) of the Customer Managed Key (CMK) used to encrypt AWS EBS volumes. If not specified, the default Amazon managed key associated to the AWS region where this cluster runs will be used.
    • size_gib
      Type: INT32
      Provider name: sizeGib
      Description: Optional. The size of the volume, in GiBs. When unspecified, a default value is provided. See the specific reference in the parent resource.
    • throughput
      Type: INT32
      Provider name: throughput
      Description: Optional. The throughput that the volume supports, in MiB/s. Only valid if volume_type is GP3. If the volume_type is GP3 and this is not specified, it defaults to 125.
    • volume_type
      Type: STRING
      Provider name: volumeType
      Description: Optional. Type of the EBS volume. When unspecified, it defaults to GP2 volume.
      Possible values:
      • VOLUME_TYPE_UNSPECIFIED - Not set.
      • GP2 - GP2 (General Purpose SSD volume type).
      • GP3 - GP3 (General Purpose SSD volume type).
  • proxy_config
    Type: STRUCT
    Provider name: proxyConfig
    Description: Optional. Proxy configuration for outbound HTTP(S) traffic.
  • root_volume
    Type: STRUCT
    Provider name: rootVolume
    Description: Optional. Configuration related to the root volume provisioned for each control plane replica. Volumes will be provisioned in the availability zone associated with the corresponding subnet. When unspecified, it defaults to 32 GiB with the GP2 volume type.
    • iops
      Type: INT32
      Provider name: iops
      Description: Optional. The number of I/O operations per second (IOPS) to provision for GP3 volume.
    • kms_key_arn
      Type: STRING
      Provider name: kmsKeyArn
      Description: Optional. The Amazon Resource Name (ARN) of the Customer Managed Key (CMK) used to encrypt AWS EBS volumes. If not specified, the default Amazon managed key associated to the AWS region where this cluster runs will be used.
    • size_gib
      Type: INT32
      Provider name: sizeGib
      Description: Optional. The size of the volume, in GiBs. When unspecified, a default value is provided. See the specific reference in the parent resource.
    • throughput
      Type: INT32
      Provider name: throughput
      Description: Optional. The throughput that the volume supports, in MiB/s. Only valid if volume_type is GP3. If the volume_type is GP3 and this is not specified, it defaults to 125.
    • volume_type
      Type: STRING
      Provider name: volumeType
      Description: Optional. Type of the EBS volume. When unspecified, it defaults to GP2 volume.
      Possible values:
      • VOLUME_TYPE_UNSPECIFIED - Not set.
      • GP2 - GP2 (General Purpose SSD volume type).
      • GP3 - GP3 (General Purpose SSD volume type).
  • security_group_ids
    Type: UNORDERED_LIST_STRING
    Provider name: securityGroupIds
    Description: Optional. The IDs of additional security groups to add to control plane replicas. The Anthos Multi-Cloud API will automatically create and manage security groups with the minimum rules needed for a functioning cluster.
  • ssh_config
    Type: STRUCT
    Provider name: sshConfig
    Description: Optional. SSH configuration for how to access the underlying control plane machines.
    • ec2_key_pair
      Type: STRING
      Provider name: ec2KeyPair
      Description: Required. The name of the EC2 key pair used to login into cluster machines.
  • subnet_ids
    Type: UNORDERED_LIST_STRING
    Provider name: subnetIds
    Description: Required. The list of subnets where control plane replicas will run. A replica will be provisioned on each subnet and up to three values can be provided. Each subnet must be in a different AWS Availability Zone (AZ).
  • version
    Type: STRING
    Provider name: version
    Description: Required. The Kubernetes version to run on control plane replicas (e.g. 1.19.10-gke.1000). You can list all supported versions on a given Google Cloud region by calling GetAwsServerConfig.

create_time

Type: TIMESTAMP
Provider name: createTime
Description: Output only. The time at which this cluster was created.

description

Type: STRING
Provider name: description
Description: Optional. A human readable description of this cluster. Cannot be longer than 255 UTF-8 encoded bytes.

endpoint

Type: STRING
Provider name: endpoint
Description: Output only. The endpoint of the cluster’s API server.

errors

Type: UNORDERED_LIST_STRUCT
Provider name: errors
Description: Output only. A set of errors found in the cluster.

  • message
    Type: STRING
    Provider name: message
    Description: Human-friendly description of the error.

etag

Type: STRING
Provider name: etag
Description: Allows clients to perform consistent read-modify-writes through optimistic concurrency control. Can be sent on update and delete requests to ensure the client has an up-to-date value before proceeding.

fleet

Type: STRUCT
Provider name: fleet
Description: Required. Fleet configuration.

  • membership
    Type: STRING
    Provider name: membership
    Description: Output only. The name of the managed Hub Membership resource associated to this cluster. Membership names are formatted as projects//locations/global/membership/.
  • project
    Type: STRING
    Provider name: project
    Description: Required. The name of the Fleet host project where this cluster will be registered. Project names are formatted as projects/.

labels

Type: UNORDERED_LIST_STRING

logging_config

Type: STRUCT
Provider name: loggingConfig
Description: Optional. Logging configuration for this cluster.

  • component_config
    Type: STRUCT
    Provider name: componentConfig
    Description: The configuration of the logging components;
    • enable_components
      Type: UNORDERED_LIST_STRING
      Provider name: enableComponents
      Description: The components to be enabled.

monitoring_config

Type: STRUCT
Provider name: monitoringConfig
Description: Optional. Monitoring configuration for this cluster.

  • cloud_monitoring_config
    Type: STRUCT
    Provider name: cloudMonitoringConfig
    Description: Optionally enable GKE metrics. Only for Attached Clusters.
    • enabled
      Type: BOOLEAN
      Provider name: enabled
      Description: Enable GKE-native logging and metrics. Only for Attached Clusters.
  • managed_prometheus_config
    Type: STRUCT
    Provider name: managedPrometheusConfig
    Description: Enable Google Cloud Managed Service for Prometheus in the cluster.
    • enabled
      Type: BOOLEAN
      Provider name: enabled
      Description: Enable Managed Collection.

name

Type: STRING
Provider name: name
Description: The name of this resource. Cluster names are formatted as projects//locations//awsClusters/. See Resource Names for more details on Google Cloud Platform resource names.

networking

Type: STRUCT
Provider name: networking
Description: Required. Cluster-wide networking configuration.

  • per_node_pool_sg_rules_disabled
    Type: BOOLEAN
    Provider name: perNodePoolSgRulesDisabled
    Description: Optional. Disable the per node pool subnet security group rules on the control plane security group. When set to true, you must also provide one or more security groups that ensure node pools are able to send requests to the control plane on TCP/443 and TCP/8132. Failure to do so may result in unavailable node pools.
  • pod_address_cidr_blocks
    Type: UNORDERED_LIST_STRING
    Provider name: podAddressCidrBlocks
    Description: Required. All pods in the cluster are assigned an IPv4 address from these ranges. Only a single range is supported. This field cannot be changed after creation.
  • service_address_cidr_blocks
    Type: UNORDERED_LIST_STRING
    Provider name: serviceAddressCidrBlocks
    Description: Required. All services in the cluster are assigned an IPv4 address from these ranges. Only a single range is supported. This field cannot be changed after creation.
  • vpc_id
    Type: STRING
    Provider name: vpcId
    Description: Required. The VPC associated with the cluster. All component clusters (i.e. control plane and node pools) run on a single VPC. This field cannot be changed after creation.

organization_id

Type: STRING

parent

Type: STRING

project_id

Type: STRING

project_number

Type: STRING

reconciling

Type: BOOLEAN
Provider name: reconciling
Description: Output only. If set, there are currently changes in flight to the cluster.

resource_name

Type: STRING

state

Type: STRING
Provider name: state
Description: Output only. The current state of the cluster.
Possible values:

  • STATE_UNSPECIFIED - Not set.
  • PROVISIONING - The PROVISIONING state indicates the cluster is being created.
  • RUNNING - The RUNNING state indicates the cluster has been created and is fully usable.
  • RECONCILING - The RECONCILING state indicates that some work is actively being done on the cluster, such as upgrading the control plane replicas.
  • STOPPING - The STOPPING state indicates the cluster is being deleted.
  • ERROR - The ERROR state indicates the cluster is in a broken unrecoverable state.
  • DEGRADED - The DEGRADED state indicates the cluster requires user action to restore full functionality.

tags

Type: UNORDERED_LIST_STRING

uid

Type: STRING
Provider name: uid
Description: Output only. A globally unique identifier for the cluster.

update_time

Type: TIMESTAMP
Provider name: updateTime
Description: Output only. The time at which this cluster was last updated.

workload_identity_config

Type: STRUCT
Provider name: workloadIdentityConfig
Description: Output only. Workload Identity settings.

  • identity_provider
    Type: STRING
    Provider name: identityProvider
    Description: The ID of the OIDC Identity Provider (IdP) associated to the Workload Identity Pool.
  • issuer_uri
    Type: STRING
    Provider name: issuerUri
    Description: The OIDC issuer URL for this cluster.
  • workload_pool
    Type: STRING
    Provider name: workloadPool
    Description: The Workload Identity Pool associated to the cluster.