---
title: Getting Started with Datadog
description: Datadog, the leading service for cloud-scale monitoring.
breadcrumbs: Docs > Infrastructure > Datadog Resource Catalog
---

# gcp_gkemulticloud_azure_cluster{% #gcp_gkemulticloud_azure_cluster %}

## `ancestors`{% #ancestors %}

**Type**: `UNORDERED_LIST_STRING`

## `annotations`{% #annotations %}

**Type**: `MAP_STRING_STRING`**Provider name**: `annotations`**Description**: Optional. Annotations on the cluster. This field has the same restrictions as Kubernetes annotations. The total size of all keys and values combined is limited to 256k. Keys can have 2 segments: prefix (optional) and name (required), separated by a slash (/). Prefix must be a DNS subdomain. Name must be 63 characters or less, begin and end with alphanumerics, with dashes (-), underscores (_), dots (.), and alphanumerics between.

## `authorization`{% #authorization %}

**Type**: `STRUCT`**Provider name**: `authorization`**Description**: Required. Configuration related to the cluster RBAC settings.

- `admin_groups`**Type**: `UNORDERED_LIST_STRUCT`**Provider name**: `adminGroups`**Description**: Optional. Groups of users that can perform operations as a cluster admin. A managed ClusterRoleBinding will be created to grant the `cluster-admin` ClusterRole to the groups. Up to ten admin groups can be provided. For more info on RBAC, see [https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles](https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles)
  - `group`**Type**: `STRING`**Provider name**: `group`**Description**: Required. The name of the group, e.g. `my-group@domain.com`.
- `admin_users`**Type**: `UNORDERED_LIST_STRUCT`**Provider name**: `adminUsers`**Description**: Optional. Users that can perform operations as a cluster admin. A managed ClusterRoleBinding will be created to grant the `cluster-admin` ClusterRole to the users. Up to ten admin users can be provided. For more info on RBAC, see [https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles](https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles)
  - `username`**Type**: `STRING`**Provider name**: `username`**Description**: Required. The name of the user, e.g. `my-gcp-id@gmail.com`.

## `azure_client`{% #azure_client %}

**Type**: `STRING`**Provider name**: `azureClient`**Description**: Optional. Name of the AzureClient that contains authentication configuration for how the Anthos Multi-Cloud API connects to Azure APIs. Either azure_client or azure_services_authentication should be provided. The `AzureClient` resource must reside on the same Google Cloud Platform project and region as the `AzureCluster`. `AzureClient` names are formatted as `projects//locations//azureClients/`. See [Resource Names](https://cloud.google.com/apis/design/resource_names) for more details on Google Cloud resource names.

## `azure_region`{% #azure_region %}

**Type**: `STRING`**Provider name**: `azureRegion`**Description**: Required. The Azure region where the cluster runs. Each Google Cloud region supports a subset of nearby Azure regions. You can call GetAzureServerConfig to list all supported Azure regions within a given Google Cloud region.

## `azure_services_authentication`{% #azure_services_authentication %}

**Type**: `STRUCT`**Provider name**: `azureServicesAuthentication`**Description**: Optional. Authentication configuration for management of Azure resources. Either azure_client or azure_services_authentication should be provided.

- `application_id`**Type**: `STRING`**Provider name**: `applicationId`**Description**: Required. The Azure Active Directory Application ID.
- `tenant_id`**Type**: `STRING`**Provider name**: `tenantId`**Description**: Required. The Azure Active Directory Tenant ID.

## `cluster_ca_certificate`{% #cluster_ca_certificate %}

**Type**: `STRING`**Provider name**: `clusterCaCertificate`**Description**: Output only. PEM encoded x509 certificate of the cluster root of trust.

## `control_plane`{% #control_plane %}

**Type**: `STRUCT`**Provider name**: `controlPlane`**Description**: Required. Configuration related to the cluster control plane.

- `config_encryption`**Type**: `STRUCT`**Provider name**: `configEncryption`**Description**: Optional. Configuration related to vm config encryption.
  - `key_id`**Type**: `STRING`**Provider name**: `keyId`**Description**: Required. The ARM ID of the Azure Key Vault key to encrypt / decrypt config data. For example: `/subscriptions//resourceGroups//providers/Microsoft.KeyVault/vaults//keys/`
  - `public_key`**Type**: `STRING`**Provider name**: `publicKey`**Description**: Optional. RSA key of the Azure Key Vault public key to use for encrypting the data. This key must be formatted as a PEM-encoded SubjectPublicKeyInfo (RFC 5280) in ASN.1 DER form. The string must be comprised of a single PEM block of type "PUBLIC KEY".
- `database_encryption`**Type**: `STRUCT`**Provider name**: `databaseEncryption`**Description**: Optional. Configuration related to application-layer secrets encryption.
  - `key_id`**Type**: `STRING`**Provider name**: `keyId`**Description**: Required. The ARM ID of the Azure Key Vault key to encrypt / decrypt data. For example: `/subscriptions//resourceGroups//providers/Microsoft.KeyVault/vaults//keys/` Encryption will always take the latest version of the key and hence specific version is not supported.
- `endpoint_subnet_id`**Type**: `STRING`**Provider name**: `endpointSubnetId`**Description**: Optional. The ARM ID of the subnet where the control plane load balancer is deployed. When unspecified, it defaults to AzureControlPlane.subnet_id. Example: "/subscriptions/d00494d6-6f3c-4280-bbb2-899e163d1d30/resourceGroups/anthos_cluster_gkeust4/providers/Microsoft.Network/virtualNetworks/gke-vnet-gkeust4/subnets/subnetid123"
- `main_volume`**Type**: `STRUCT`**Provider name**: `mainVolume`**Description**: Optional. Configuration related to the main volume provisioned for each control plane replica. The main volume is in charge of storing all of the cluster's etcd state. When unspecified, it defaults to a 8-GiB Azure Disk.
  - `size_gib`**Type**: `INT32`**Provider name**: `sizeGib`**Description**: Optional. The size of the disk, in GiBs. When unspecified, a default value is provided. See the specific reference in the parent resource.
- `proxy_config`**Type**: `STRUCT`**Provider name**: `proxyConfig`**Description**: Optional. Proxy configuration for outbound HTTP(S) traffic.
  - `resource_group_id`**Type**: `STRING`**Provider name**: `resourceGroupId`**Description**: The ARM ID the of the resource group containing proxy keyvault. Resource group ids are formatted as `/subscriptions//resourceGroups/`.
  - `secret_id`**Type**: `STRING`**Provider name**: `secretId`**Description**: The URL the of the proxy setting secret with its version. The secret must be a JSON encoded proxy configuration as described in [https://cloud.google.com/kubernetes-engine/multi-cloud/docs/azure/how-to/use-a-proxy#create_a_proxy_configuration_file](https://cloud.google.com/kubernetes-engine/multi-cloud/docs/azure/how-to/use-a-proxy#create_a_proxy_configuration_file) Secret ids are formatted as `https://.vault.azure.net/secrets//`.
- `replica_placements`**Type**: `UNORDERED_LIST_STRUCT`**Provider name**: `replicaPlacements`**Description**: Optional. Configuration for where to place the control plane replicas. Up to three replica placement instances can be specified. If replica_placements is set, the replica placement instances will be applied to the three control plane replicas as evenly as possible.
  - `azure_availability_zone`**Type**: `STRING`**Provider name**: `azureAvailabilityZone`**Description**: Required. For a given replica, the Azure availability zone where to provision the control plane VM and the ETCD disk.
  - `subnet_id`**Type**: `STRING`**Provider name**: `subnetId`**Description**: Required. For a given replica, the ARM ID of the subnet where the control plane VM is deployed. Make sure it's a subnet under the virtual network in the cluster configuration.
- `root_volume`**Type**: `STRUCT`**Provider name**: `rootVolume`**Description**: Optional. Configuration related to the root volume provisioned for each control plane replica. When unspecified, it defaults to 32-GiB Azure Disk.
  - `size_gib`**Type**: `INT32`**Provider name**: `sizeGib`**Description**: Optional. The size of the disk, in GiBs. When unspecified, a default value is provided. See the specific reference in the parent resource.
- `ssh_config`**Type**: `STRUCT`**Provider name**: `sshConfig`**Description**: Required. SSH configuration for how to access the underlying control plane machines.
  - `authorized_key`**Type**: `STRING`**Provider name**: `authorizedKey`**Description**: Required. The SSH public key data for VMs managed by Anthos. This accepts the authorized_keys file format used in OpenSSH according to the sshd(8) manual page.
- `subnet_id`**Type**: `STRING`**Provider name**: `subnetId`**Description**: Optional. The ARM ID of the default subnet for the control plane. The control plane VMs are deployed in this subnet, unless `AzureControlPlane.replica_placements` is specified. This subnet will also be used as default for `AzureControlPlane.endpoint_subnet_id` if `AzureControlPlane.endpoint_subnet_id` is not specified. Similarly it will be used as default for `AzureClusterNetworking.service_load_balancer_subnet_id`. Example: `/subscriptions//resourceGroups//providers/Microsoft.Network/virtualNetworks//subnets/default`.
- `version`**Type**: `STRING`**Provider name**: `version`**Description**: Required. The Kubernetes version to run on control plane replicas (e.g. `1.19.10-gke.1000`). You can list all supported versions on a given Google Cloud region by calling GetAzureServerConfig.
- `vm_size`**Type**: `STRING`**Provider name**: `vmSize`**Description**: Optional. The Azure VM size name. Example: `Standard_DS2_v2`. For available VM sizes, see [https://docs.microsoft.com/en-us/azure/virtual-machines/vm-naming-conventions](https://docs.microsoft.com/en-us/azure/virtual-machines/vm-naming-conventions). When unspecified, it defaults to `Standard_DS2_v2`.

## `create_time`{% #create_time %}

**Type**: `TIMESTAMP`**Provider name**: `createTime`**Description**: Output only. The time at which this cluster was created.

## `description`{% #description %}

**Type**: `STRING`**Provider name**: `description`**Description**: Optional. A human readable description of this cluster. Cannot be longer than 255 UTF-8 encoded bytes.

## `endpoint`{% #endpoint %}

**Type**: `STRING`**Provider name**: `endpoint`**Description**: Output only. The endpoint of the cluster's API server.

## `errors`{% #errors %}

**Type**: `UNORDERED_LIST_STRUCT`**Provider name**: `errors`**Description**: Output only. A set of errors found in the cluster.

- `message`**Type**: `STRING`**Provider name**: `message`**Description**: Human-friendly description of the error.

## `etag`{% #etag %}

**Type**: `STRING`**Provider name**: `etag`**Description**: Allows clients to perform consistent read-modify-writes through optimistic concurrency control. Can be sent on update and delete requests to ensure the client has an up-to-date value before proceeding.

## `fleet`{% #fleet %}

**Type**: `STRUCT`**Provider name**: `fleet`**Description**: Required. Fleet configuration.

- `membership`**Type**: `STRING`**Provider name**: `membership`**Description**: Output only. The name of the managed Hub Membership resource associated to this cluster. Membership names are formatted as `projects//locations/global/membership/`.
- `project`**Type**: `STRING`**Provider name**: `project`**Description**: Required. The name of the Fleet host project where this cluster will be registered. Project names are formatted as `projects/`.

## `labels`{% #labels %}

**Type**: `UNORDERED_LIST_STRING`

## `logging_config`{% #logging_config %}

**Type**: `STRUCT`**Provider name**: `loggingConfig`**Description**: Optional. Logging configuration for this cluster.

- `component_config`**Type**: `STRUCT`**Provider name**: `componentConfig`**Description**: The configuration of the logging components;
  - `enable_components`**Type**: `UNORDERED_LIST_STRING`**Provider name**: `enableComponents`**Description**: The components to be enabled.

## `managed_resources`{% #managed_resources %}

**Type**: `STRUCT`**Provider name**: `managedResources`**Description**: Output only. Managed Azure resources for this cluster.

- `control_plane_application_security_group_id`**Type**: `STRING`**Provider name**: `controlPlaneApplicationSecurityGroupId`**Description**: Output only. The ARM ID of the control plane application security group.
- `network_security_group_id`**Type**: `STRING`**Provider name**: `networkSecurityGroupId`**Description**: Output only. The ARM ID of the cluster network security group.

## `monitoring_config`{% #monitoring_config %}

**Type**: `STRUCT`**Provider name**: `monitoringConfig`**Description**: Optional. Monitoring configuration for this cluster.

- `cloud_monitoring_config`**Type**: `STRUCT`**Provider name**: `cloudMonitoringConfig`**Description**: Optionally enable GKE metrics. Only for Attached Clusters.
  - `enabled`**Type**: `BOOLEAN`**Provider name**: `enabled`**Description**: Enable GKE-native logging and metrics. Only for Attached Clusters.
- `managed_prometheus_config`**Type**: `STRUCT`**Provider name**: `managedPrometheusConfig`**Description**: Enable Google Cloud Managed Service for Prometheus in the cluster.
  - `enabled`**Type**: `BOOLEAN`**Provider name**: `enabled`**Description**: Enable Managed Collection.

## `name`{% #name %}

**Type**: `STRING`**Provider name**: `name`**Description**: The name of this resource. Cluster names are formatted as `projects//locations//azureClusters/`. See [Resource Names](https://cloud.google.com/apis/design/resource_names) for more details on Google Cloud Platform resource names.

## `networking`{% #networking %}

**Type**: `STRUCT`**Provider name**: `networking`**Description**: Required. Cluster-wide networking configuration.

- `pod_address_cidr_blocks`**Type**: `UNORDERED_LIST_STRING`**Provider name**: `podAddressCidrBlocks`**Description**: Required. The IP address range of the pods in this cluster, in CIDR notation (e.g. `10.96.0.0/14`). All pods in the cluster get assigned a unique IPv4 address from these ranges. Only a single range is supported. This field cannot be changed after creation.
- `service_address_cidr_blocks`**Type**: `UNORDERED_LIST_STRING`**Provider name**: `serviceAddressCidrBlocks`**Description**: Required. The IP address range for services in this cluster, in CIDR notation (e.g. `10.96.0.0/14`). All services in the cluster get assigned a unique IPv4 address from these ranges. Only a single range is supported. This field cannot be changed after creating a cluster.
- `service_load_balancer_subnet_id`**Type**: `STRING`**Provider name**: `serviceLoadBalancerSubnetId`**Description**: Optional. The ARM ID of the subnet where Kubernetes private service type load balancers are deployed. When unspecified, it defaults to AzureControlPlane.subnet_id. Example: "/subscriptions/d00494d6-6f3c-4280-bbb2-899e163d1d30/resourceGroups/anthos_cluster_gkeust4/providers/Microsoft.Network/virtualNetworks/gke-vnet-gkeust4/subnets/subnetid456"
- `virtual_network_id`**Type**: `STRING`**Provider name**: `virtualNetworkId`**Description**: Required. The Azure Resource Manager (ARM) ID of the VNet associated with your cluster. All components in the cluster (i.e. control plane and node pools) run on a single VNet. Example: `/subscriptions//resourceGroups//providers/Microsoft.Network/virtualNetworks/` This field cannot be changed after creation.

## `organization_id`{% #organization_id %}

**Type**: `STRING`

## `parent`{% #parent %}

**Type**: `STRING`

## `project_id`{% #project_id %}

**Type**: `STRING`

## `project_number`{% #project_number %}

**Type**: `STRING`

## `reconciling`{% #reconciling %}

**Type**: `BOOLEAN`**Provider name**: `reconciling`**Description**: Output only. If set, there are currently changes in flight to the cluster.

## `region_id`{% #region_id %}

**Type**: `STRING`

## `resource_group_id`{% #resource_group_id %}

**Type**: `STRING`**Provider name**: `resourceGroupId`**Description**: Required. The ARM ID of the resource group where the cluster resources are deployed. For example: `/subscriptions//resourceGroups/`

## `resource_name`{% #resource_name %}

**Type**: `STRING`

## `state`{% #state %}

**Type**: `STRING`**Provider name**: `state`**Description**: Output only. The current state of the cluster.**Possible values**:

- `STATE_UNSPECIFIED` - Not set.
- `PROVISIONING` - The PROVISIONING state indicates the cluster is being created.
- `RUNNING` - The RUNNING state indicates the cluster has been created and is fully usable.
- `RECONCILING` - The RECONCILING state indicates that some work is actively being done on the cluster, such as upgrading the control plane replicas.
- `STOPPING` - The STOPPING state indicates the cluster is being deleted.
- `ERROR` - The ERROR state indicates the cluster is in a broken unrecoverable state.
- `DEGRADED` - The DEGRADED state indicates the cluster requires user action to restore full functionality.

## `tags`{% #tags %}

**Type**: `UNORDERED_LIST_STRING`

## `uid`{% #uid %}

**Type**: `STRING`**Provider name**: `uid`**Description**: Output only. A globally unique identifier for the cluster.

## `update_time`{% #update_time %}

**Type**: `TIMESTAMP`**Provider name**: `updateTime`**Description**: Output only. The time at which this cluster was last updated.

## `workload_identity_config`{% #workload_identity_config %}

**Type**: `STRUCT`**Provider name**: `workloadIdentityConfig`**Description**: Output only. Workload Identity settings.

- `identity_provider`**Type**: `STRING`**Provider name**: `identityProvider`**Description**: The ID of the OIDC Identity Provider (IdP) associated to the Workload Identity Pool.
- `issuer_uri`**Type**: `STRING`**Provider name**: `issuerUri`**Description**: The OIDC issuer URL for this cluster.
- `workload_pool`**Type**: `STRING`**Provider name**: `workloadPool`**Description**: The Workload Identity Pool associated to the cluster.

## `zone_id`{% #zone_id %}

**Type**: `STRING`