- 필수 기능
- 시작하기
- Glossary
- 표준 속성
- Guides
- Agent
- 통합
- 개방형텔레메트리
- 개발자
- API
- Datadog Mobile App
- CoScreen
- Cloudcraft
- 앱 내
- 서비스 관리
- 인프라스트럭처
- 애플리케이션 성능
- APM
- Continuous Profiler
- 스팬 시각화
- 데이터 스트림 모니터링
- 데이터 작업 모니터링
- 디지털 경험
- 소프트웨어 제공
- 보안
- AI Observability
- 로그 관리
- 관리
addons_config
Type: STRUCT
Provider name: addonsConfig
Description: Configurations for the various addons available to run in the cluster.
cloud_run_config
STRUCT
cloudRunConfig
IstioConfig
addon must be enabled in order to enable Cloud Run addon. This option can only be enabled at cluster creation time.disabled
BOOLEAN
disabled
load_balancer_type
STRING
loadBalancerType
LOAD_BALANCER_TYPE_UNSPECIFIED
- Load balancer type for Cloud Run is unspecified.LOAD_BALANCER_TYPE_EXTERNAL
- Install external load balancer for Cloud Run.LOAD_BALANCER_TYPE_INTERNAL
- Install internal load balancer for Cloud Run.config_connector_config
STRUCT
configConnectorConfig
enabled
BOOLEAN
enabled
dns_cache_config
STRUCT
dnsCacheConfig
enabled
BOOLEAN
enabled
gce_persistent_disk_csi_driver_config
STRUCT
gcePersistentDiskCsiDriverConfig
enabled
BOOLEAN
enabled
gcp_filestore_csi_driver_config
STRUCT
gcpFilestoreCsiDriverConfig
enabled
BOOLEAN
enabled
gcs_fuse_csi_driver_config
STRUCT
gcsFuseCsiDriverConfig
enabled
BOOLEAN
enabled
gke_backup_agent_config
STRUCT
gkeBackupAgentConfig
enabled
BOOLEAN
enabled
horizontal_pod_autoscaling
STRUCT
horizontalPodAutoscaling
disabled
BOOLEAN
disabled
http_load_balancing
STRUCT
httpLoadBalancing
disabled
BOOLEAN
disabled
istio_config
STRUCT
istioConfig
auth
STRING
auth
AUTH_NONE
- auth not enabledAUTH_MUTUAL_TLS
- auth mutual TLS enableddisabled
BOOLEAN
disabled
kalm_config
STRUCT
kalmConfig
enabled
BOOLEAN
enabled
kubernetes_dashboard
STRUCT
kubernetesDashboard
disabled
BOOLEAN
disabled
network_policy_config
STRUCT
networkPolicyConfig
disabled
BOOLEAN
disabled
ray_operator_config
STRUCT
rayOperatorConfig
enabled
BOOLEAN
enabled
ray_cluster_logging_config
STRUCT
rayClusterLoggingConfig
enabled
BOOLEAN
enabled
ray_cluster_monitoring_config
STRUCT
rayClusterMonitoringConfig
enabled
BOOLEAN
enabled
stateful_ha_config
STRUCT
statefulHaConfig
enabled
BOOLEAN
enabled
ancestors
Type: UNORDERED_LIST_STRING
authenticator_groups_config
Type: STRUCT
Provider name: authenticatorGroupsConfig
Description: Configuration controlling RBAC group membership information.
enabled
BOOLEAN
enabled
security_group
STRING
securityGroup
autopilot
Type: STRUCT
Provider name: autopilot
Description: Autopilot configuration for the cluster.
conversion_status
STRUCT
conversionStatus
state
STRING
state
STATE_UNSPECIFIED
- STATE_UNSPECIFIED indicates the state is unspecified.DONE
- DONE indicates the conversion has been completed. Old node pools will continue being deleted in the background.enabled
BOOLEAN
enabled
workload_policy_config
STRUCT
workloadPolicyConfig
allow_net_admin
BOOLEAN
allowNetAdmin
autoscaling
Type: STRUCT
Provider name: autoscaling
Description: Cluster-level autoscaling configuration.
autoprovisioning_locations
UNORDERED_LIST_STRING
autoprovisioningLocations
autoprovisioning_node_pool_defaults
STRUCT
autoprovisioningNodePoolDefaults
boot_disk_kms_key
STRING
bootDiskKmsKey
disk_size_gb
INT32
diskSizeGb
disk_type
STRING
diskType
image_type
STRING
imageType
insecure_kubelet_readonly_port_enabled
BOOLEAN
insecureKubeletReadonlyPortEnabled
management
STRUCT
management
auto_repair
BOOLEAN
autoRepair
auto_upgrade
BOOLEAN
autoUpgrade
upgrade_options
STRUCT
upgradeOptions
auto_upgrade_start_time
STRING
autoUpgradeStartTime
description
STRING
description
min_cpu_platform
STRING
minCpuPlatform
cloud.google.com/requested-min-cpu-platform
label selector on the pod. To unset the min cpu platform field pass “automatic” as field value.oauth_scopes
UNORDERED_LIST_STRING
oauthScopes
https://www.googleapis.com/auth/compute
is required for mounting persistent storage on your nodes. * https://www.googleapis.com/auth/devstorage.read_only
is required for communicating with gcr.io (the Google Container Registry). If unspecified, no scopes are added, unless Cloud Logging or Cloud Monitoring are enabled, in which case their required scopes will be added.service_account
STRING
serviceAccount
shielded_instance_config
STRUCT
shieldedInstanceConfig
enable_integrity_monitoring
BOOLEAN
enableIntegrityMonitoring
enable_secure_boot
BOOLEAN
enableSecureBoot
upgrade_settings
STRUCT
upgradeSettings
blue_green_settings
STRUCT
blueGreenSettings
autoscaled_rollout_policy
Type: STRUCT
Provider name: autoscaledRolloutPolicy
Description: Autoscaled policy for cluster autoscaler enabled blue-green upgrade.
node_pool_soak_duration
Type: STRING
Provider name: nodePoolSoakDuration
Description: Time needed after draining entire blue pool. After this period, blue pool will be cleaned up.
standard_rollout_policy
Type: STRUCT
Provider name: standardRolloutPolicy
Description: Standard policy for the blue-green upgrade.
batch_node_count
INT32
batchNodeCount
batch_percentage
FLOAT
batchPercentage
batch_soak_duration
STRING
batchSoakDuration
max_surge
INT32
maxSurge
max_unavailable
INT32
maxUnavailable
strategy
STRING
strategy
NODE_POOL_UPDATE_STRATEGY_UNSPECIFIED
- Default value if unset. GKE internally defaults the update strategy to SURGE for unspecified strategies.BLUE_GREEN
- blue-green upgrade.SURGE
- SURGE is the traditional way of upgrading a node pool. max_surge and max_unavailable determines the level of upgrade parallelism.autoscaling_profile
STRING
autoscalingProfile
PROFILE_UNSPECIFIED
- No change to autoscaling configuration.OPTIMIZE_UTILIZATION
- Prioritize optimizing utilization of resources.BALANCED
- Use default (balanced) autoscaling configuration.enable_node_autoprovisioning
BOOLEAN
enableNodeAutoprovisioning
resource_limits
UNORDERED_LIST_STRUCT
resourceLimits
maximum
INT64
maximum
minimum
INT64
minimum
resource_type
STRING
resourceType
binary_authorization
Type: STRUCT
Provider name: binaryAuthorization
Description: Configuration for Binary Authorization.
enabled
BOOLEAN
enabled
evaluation_mode
STRING
evaluationMode
EVALUATION_MODE_UNSPECIFIED
- Default valueDISABLED
- Disable BinaryAuthorizationPROJECT_SINGLETON_POLICY_ENFORCE
- Enforce Kubernetes admission requests with BinaryAuthorization using the project’s singleton policy. This is equivalent to setting the enabled boolean to true.POLICY_BINDINGS
- Use Binary Authorization Continuous Validation with the policies specified in policy_bindings.POLICY_BINDINGS_AND_PROJECT_SINGLETON_POLICY_ENFORCE
- Use Binary Authorization Continuous Validation with the policies specified in policy_bindings and enforce Kubernetes admission requests with Binary Authorization using the project’s singleton policy.policy_bindings
UNORDERED_LIST_STRUCT
policyBindings
name
STRING
name
projects/{project_number}/platforms/gke/policies/{policy_id}
.cluster_ipv4_cidr
Type: STRING
Provider name: clusterIpv4Cidr
Description: The IP address range of the container pods in this cluster, in CIDR notation (e.g. 10.96.0.0/14
). Leave blank to have one automatically chosen or specify a /14
block in 10.0.0.0/8
.
cluster_telemetry
Type: STRUCT
Provider name: clusterTelemetry
Description: Telemetry integration for the cluster.
type
STRING
type
UNSPECIFIED
- Not set.DISABLED
- Monitoring integration is disabled.ENABLED
- Monitoring integration is enabled.SYSTEM_ONLY
- Only system components are monitored and logged.compliance_posture_config
Type: STRUCT
Provider name: compliancePostureConfig
Description: Enable/Disable Compliance Posture features for the cluster.
compliance_standards
UNORDERED_LIST_STRUCT
complianceStandards
standard
STRING
standard
mode
STRING
mode
MODE_UNSPECIFIED
- Default value not specified.DISABLED
- Disables Compliance Posture features on the cluster.ENABLED
- Enables Compliance Posture features on the cluster.conditions
Type: UNORDERED_LIST_STRUCT
Provider name: conditions
Description: Which conditions caused the current cluster state.
canonical_code
STRING
canonicalCode
OK
- Not an error; returned on success. HTTP Mapping: 200 OKCANCELLED
- The operation was cancelled, typically by the caller. HTTP Mapping: 499 Client Closed RequestUNKNOWN
- Unknown error. For example, this error may be returned when a Status
value received from another address space belongs to an error space that is not known in this address space. Also errors raised by APIs that do not return enough error information may be converted to this error. HTTP Mapping: 500 Internal Server ErrorINVALID_ARGUMENT
- The client specified an invalid argument. Note that this differs from FAILED_PRECONDITION
. INVALID_ARGUMENT
indicates arguments that are problematic regardless of the state of the system (e.g., a malformed file name). HTTP Mapping: 400 Bad RequestDEADLINE_EXCEEDED
- The deadline expired before the operation could complete. For operations that change the state of the system, this error may be returned even if the operation has completed successfully. For example, a successful response from a server could have been delayed long enough for the deadline to expire. HTTP Mapping: 504 Gateway TimeoutNOT_FOUND
- Some requested entity (e.g., file or directory) was not found. Note to server developers: if a request is denied for an entire class of users, such as gradual feature rollout or undocumented allowlist, NOT_FOUND
may be used. If a request is denied for some users within a class of users, such as user-based access control, PERMISSION_DENIED
must be used. HTTP Mapping: 404 Not FoundALREADY_EXISTS
- The entity that a client attempted to create (e.g., file or directory) already exists. HTTP Mapping: 409 ConflictPERMISSION_DENIED
- The caller does not have permission to execute the specified operation. PERMISSION_DENIED
must not be used for rejections caused by exhausting some resource (use RESOURCE_EXHAUSTED
instead for those errors). PERMISSION_DENIED
must not be used if the caller can not be identified (use UNAUTHENTICATED
instead for those errors). This error code does not imply the request is valid or the requested entity exists or satisfies other pre-conditions. HTTP Mapping: 403 ForbiddenUNAUTHENTICATED
- The request does not have valid authentication credentials for the operation. HTTP Mapping: 401 UnauthorizedRESOURCE_EXHAUSTED
- Some resource has been exhausted, perhaps a per-user quota, or perhaps the entire file system is out of space. HTTP Mapping: 429 Too Many RequestsFAILED_PRECONDITION
- The operation was rejected because the system is not in a state required for the operation's execution. For example, the directory to be deleted is non-empty, an rmdir operation is applied to a non-directory, etc. Service implementors can use the following guidelines to decide between FAILED_PRECONDITION
, ABORTED
, and UNAVAILABLE
: (a) Use UNAVAILABLE
if the client can retry just the failing call. (b) Use ABORTED
if the client should retry at a higher level. For example, when a client-specified test-and-set fails, indicating the client should restart a read-modify-write sequence. (c) Use FAILED_PRECONDITION
if the client should not retry until the system state has been explicitly fixed. For example, if an ‘rmdir’ fails because the directory is non-empty, FAILED_PRECONDITION
should be returned since the client should not retry unless the files are deleted from the directory. HTTP Mapping: 400 Bad RequestABORTED
- The operation was aborted, typically due to a concurrency issue such as a sequencer check failure or transaction abort. See the guidelines above for deciding between FAILED_PRECONDITION
, ABORTED
, and UNAVAILABLE
. HTTP Mapping: 409 ConflictOUT_OF_RANGE
- The operation was attempted past the valid range. E.g., seeking or reading past end-of-file. Unlike INVALID_ARGUMENT
, this error indicates a problem that may be fixed if the system state changes. For example, a 32-bit file system will generate INVALID_ARGUMENT
if asked to read at an offset that is not in the range [0,2^32-1], but it will generate OUT_OF_RANGE
if asked to read from an offset past the current file size. There is a fair bit of overlap between FAILED_PRECONDITION
and OUT_OF_RANGE
. We recommend using OUT_OF_RANGE
(the more specific error) when it applies so that callers who are iterating through a space can easily look for an OUT_OF_RANGE
error to detect when they are done. HTTP Mapping: 400 Bad RequestUNIMPLEMENTED
- The operation is not implemented or is not supported/enabled in this service. HTTP Mapping: 501 Not ImplementedINTERNAL
- Internal errors. This means that some invariants expected by the underlying system have been broken. This error code is reserved for serious errors. HTTP Mapping: 500 Internal Server ErrorUNAVAILABLE
- The service is currently unavailable. This is most likely a transient condition, which can be corrected by retrying with a backoff. Note that it is not always safe to retry non-idempotent operations. See the guidelines above for deciding between FAILED_PRECONDITION
, ABORTED
, and UNAVAILABLE
. HTTP Mapping: 503 Service UnavailableDATA_LOSS
- Unrecoverable data loss or corruption. HTTP Mapping: 500 Internal Server Errorcode
STRING
code
UNKNOWN
- UNKNOWN indicates a generic condition.GCE_STOCKOUT
- GCE_STOCKOUT indicates that Google Compute Engine resources are temporarily unavailable.GKE_SERVICE_ACCOUNT_DELETED
- GKE_SERVICE_ACCOUNT_DELETED indicates that the user deleted their robot service account.GCE_QUOTA_EXCEEDED
- Google Compute Engine quota was exceeded.SET_BY_OPERATOR
- Cluster state was manually changed by an SRE due to a system logic error.CLOUD_KMS_KEY_ERROR
- Unable to perform an encrypt operation against the CloudKMS key used for etcd level encryption.CA_EXPIRING
- Cluster CA is expiring soon. More codes TBAmessage
STRING
message
confidential_nodes
Type: STRUCT
Provider name: confidentialNodes
Description: Configuration of Confidential Nodes. All the nodes in the cluster will be Confidential VM once enabled.
enabled
BOOLEAN
enabled
cost_management_config
Type: STRUCT
Provider name: costManagementConfig
Description: Configuration for the fine-grained cost management feature.
enabled
BOOLEAN
enabled
create_time
Type: STRING
Provider name: createTime
Description: Output only. The time the cluster was created, in RFC3339 text format.
current_master_version
Type: STRING
Provider name: currentMasterVersion
Description: Output only. The current software version of the master endpoint.
current_node_count
Type: INT32
Provider name: currentNodeCount
Description: Output only. The number of nodes currently in the cluster. Deprecated. Call Kubernetes API directly to retrieve node information.
current_node_version
Type: STRING
Provider name: currentNodeVersion
Description: Output only. Deprecated, use NodePool.version instead. The current version of the node software components. If they are currently at multiple versions because they’re in the process of being upgraded, this reflects the minimum version of all nodes.
database_encryption
Type: STRUCT
Provider name: databaseEncryption
Description: Configuration of etcd encryption.
current_state
STRING
currentState
CURRENT_STATE_UNSPECIFIED
- Should never be setCURRENT_STATE_ENCRYPTED
- Secrets in etcd are encrypted.CURRENT_STATE_DECRYPTED
- Secrets in etcd are stored in plain text (at etcd level) - this is unrelated to Compute Engine level full disk encryption.CURRENT_STATE_ENCRYPTION_PENDING
- Encryption (or re-encryption with a different CloudKMS key) of Secrets is in progress.CURRENT_STATE_ENCRYPTION_ERROR
- Encryption (or re-encryption with a different CloudKMS key) of Secrets in etcd encountered an error.CURRENT_STATE_DECRYPTION_PENDING
- De-crypting Secrets to plain text in etcd is in progress.CURRENT_STATE_DECRYPTION_ERROR
- De-crypting Secrets to plain text in etcd encountered an error.decryption_keys
UNORDERED_LIST_STRING
decryptionKeys
key_name
. Each item is a CloudKMS key resource.key_name
STRING
keyName
last_operation_errors
UNORDERED_LIST_STRUCT
lastOperationErrors
error_message
STRING
errorMessage
key_name
STRING
keyName
timestamp
TIMESTAMP
timestamp
state
STRING
state
UNKNOWN
- Should never be setENCRYPTED
- Secrets in etcd are encrypted.DECRYPTED
- Secrets in etcd are stored in plain text (at etcd level) - this is unrelated to Compute Engine level full disk encryption.default_max_pods_constraint
Type: STRUCT
Provider name: defaultMaxPodsConstraint
Description: The default constraint on the maximum number of pods that can be run simultaneously on a node in the node pool of this cluster. Only honored if cluster created with IP Alias support.
max_pods_per_node
INT64
maxPodsPerNode
description
Type: STRING
Provider name: description
Description: An optional description of this cluster.
enable_k8s_beta_apis
Type: STRUCT
Provider name: enableK8sBetaApis
Description: Kubernetes open source beta apis enabled on the cluster. Only beta apis.
enabled_apis
UNORDERED_LIST_STRING
enabledApis
enable_kubernetes_alpha
Type: BOOLEAN
Provider name: enableKubernetesAlpha
Description: Kubernetes alpha features are enabled on this cluster. This includes alpha API groups (e.g. v1beta1) and features that may not be production ready in the kubernetes version of the master and nodes. The cluster has no SLA for uptime and master/node upgrades are disabled. Alpha enabled clusters are automatically deleted thirty days after creation.
enable_tpu
Type: BOOLEAN
Provider name: enableTpu
Description: Enable the ability to use Cloud TPUs in this cluster. This field is deprecated, use tpu_config.enabled instead.
endpoint
Type: STRING
Provider name: endpoint
Description: Output only. The IP address of this cluster’s master endpoint. The endpoint can be accessed from the internet at https://username:password@endpoint/
. See the masterAuth
property of this resource for username and password information.
enterprise_config
Type: STRUCT
Provider name: enterpriseConfig
Description: GKE Enterprise Configuration.
cluster_tier
STRING
clusterTier
CLUSTER_TIER_UNSPECIFIED
- CLUSTER_TIER_UNSPECIFIED is when cluster_tier is not set.STANDARD
- STANDARD indicates a standard GKE cluster.ENTERPRISE
- ENTERPRISE indicates a GKE Enterprise cluster.etag
Type: STRING
Provider name: etag
Description: This checksum is computed by the server based on the value of cluster fields, and may be sent on update requests to ensure the client has an up-to-date value before proceeding.
expire_time
Type: STRING
Provider name: expireTime
Description: Output only. The time the cluster will be automatically deleted in RFC3339 text format.
fleet
Type: STRUCT
Provider name: fleet
Description: Fleet information for the cluster.
membership
STRING
membership
//gkehub.googleapis.com/projects/*/locations/*/memberships/*
.pre_registered
BOOLEAN
preRegistered
project
STRING
project
gcp_status
Type: STRING
Provider name: status
Description: Output only. The current status of this cluster.
Possible values:
STATUS_UNSPECIFIED
- Not set.PROVISIONING
- The PROVISIONING state indicates the cluster is being created.RUNNING
- The RUNNING state indicates the cluster has been created and is fully usable.RECONCILING
- The RECONCILING state indicates that some work is actively being done on the cluster, such as upgrading the master or node software. Details can be found in the statusMessage
field.STOPPING
- The STOPPING state indicates the cluster is being deleted.ERROR
- The ERROR state indicates the cluster may be unusable. Details can be found in the statusMessage
field.DEGRADED
- The DEGRADED state indicates the cluster requires user action to restore full functionality. Details can be found in the statusMessage
field.id
Type: STRING
Provider name: id
Description: Output only. Unique id for the cluster.
identity_service_config
Type: STRUCT
Provider name: identityServiceConfig
Description: Configuration for Identity Service component.
enabled
BOOLEAN
enabled
initial_cluster_version
Type: STRING
Provider name: initialClusterVersion
Description: The initial Kubernetes version for this cluster. Valid versions are those found in validMasterVersions returned by getServerConfig. The version can be upgraded over time; such upgrades are reflected in currentMasterVersion and currentNodeVersion. Users may specify either explicit versions offered by Kubernetes Engine or version aliases, which have the following behavior: - “latest”: picks the highest valid Kubernetes version - “1.X”: picks the highest valid patch+gke.N patch in the 1.X version - “1.X.Y”: picks the highest valid gke.N patch in the 1.X.Y version - “1.X.Y-gke.N”: picks an explicit Kubernetes version - “”,"-": picks the default Kubernetes version
initial_node_count
Type: INT32
Provider name: initialNodeCount
Description: The number of nodes to create in this cluster. You must ensure that your Compute Engine resource quota is sufficient for this number of instances. You must also have available firewall and routes quota. For requests, this field should only be used in lieu of a “node_pool” object, since this configuration (along with the “node_config”) will be used to create a “NodePool” object with an auto-generated name. Do not use this and a node_pool at the same time. This field is deprecated, use node_pool.initial_node_count instead.
instance_group_urls
Type: UNORDERED_LIST_STRING
Provider name: instanceGroupUrls
Description: Output only. Deprecated. Use node_pools.instance_group_urls.
ip_allocation_policy
Type: STRUCT
Provider name: ipAllocationPolicy
Description: Configuration for cluster IP allocation.
additional_pod_ranges_config
STRUCT
additionalPodRangesConfig
pod_range_info
UNORDERED_LIST_STRUCT
podRangeInfo
range_name
STRING
rangeName
utilization
DOUBLE
utilization
pod_range_names
UNORDERED_LIST_STRING
podRangeNames
allow_route_overlap
BOOLEAN
allowRouteOverlap
10.96.0.0/14
, but not /14
), which means: 1) When use_ip_aliases
is true, cluster_ipv4_cidr_block
and services_ipv4_cidr_block
must be fully-specified. 2) When use_ip_aliases
is false, cluster.cluster_ipv4_cidr
muse be fully-specified.cluster_ipv4_cidr
STRING
clusterIpv4Cidr
cluster_ipv4_cidr_block
STRING
clusterIpv4CidrBlock
cluster.cluster_ipv4_cidr
must be left blank. This field is only applicable when use_ip_aliases
is true. Set to blank to have a range chosen with the default size. Set to /netmask (e.g. /14
) to have a range chosen with a specific netmask. Set to a CIDR notation (e.g. 10.96.0.0/14
) from the RFC-1918 private networks (e.g. 10.0.0.0/8
, 172.16.0.0/12
, 192.168.0.0/16
) to pick a specific range to use.cluster_secondary_range_name
STRING
clusterSecondaryRangeName
create_subnetwork
BOOLEAN
createSubnetwork
use_ip_aliases
is true.default_pod_ipv4_range_utilization
DOUBLE
defaultPodIpv4RangeUtilization
ipv6_access_type
STRING
ipv6AccessType
IPV6_ACCESS_TYPE_UNSPECIFIED
- Default value, will be defaulted as type external.INTERNAL
- Access type internal (all v6 addresses are internal IPs)EXTERNAL
- Access type external (all v6 addresses are external IPs)node_ipv4_cidr
STRING
nodeIpv4Cidr
node_ipv4_cidr_block
STRING
nodeIpv4CidrBlock
create_subnetwork
is true. Set to blank to have a range chosen with the default size. Set to /netmask (e.g. /14
) to have a range chosen with a specific netmask. Set to a CIDR notation (e.g. 10.96.0.0/14
) from the RFC-1918 private networks (e.g. 10.0.0.0/8
, 172.16.0.0/12
, 192.168.0.0/16
) to pick a specific range to use.pod_cidr_overprovision_config
STRUCT
podCidrOverprovisionConfig
disable
BOOLEAN
disable
services_ipv4_cidr
STRING
servicesIpv4Cidr
services_ipv4_cidr_block
STRING
servicesIpv4CidrBlock
use_ip_aliases
is true. Set to blank to have a range chosen with the default size. Set to /netmask (e.g. /14
) to have a range chosen with a specific netmask. Set to a CIDR notation (e.g. 10.96.0.0/14
) from the RFC-1918 private networks (e.g. 10.0.0.0/8
, 172.16.0.0/12
, 192.168.0.0/16
) to pick a specific range to use.services_ipv6_cidr_block
STRING
servicesIpv6CidrBlock
services_secondary_range_name
STRING
servicesSecondaryRangeName
stack_type
STRING
stackType
STACK_TYPE_UNSPECIFIED
- By default, the clusters will be IPV4 onlyIPV4
- The value used if the cluster is a IPV4 onlyIPV4_IPV6
- The value used if the cluster is a dual stack clustersubnet_ipv6_cidr_block
STRING
subnetIpv6CidrBlock
subnetwork_name
STRING
subnetworkName
create_subnetwork
is true. If this field is empty, then an automatic name will be chosen for the new subnetwork.tpu_ipv4_cidr_block
STRING
tpuIpv4CidrBlock
use_ip_aliases
is true. If unspecified, the range will use the default size. Set to /netmask (e.g. /14
) to have a range chosen with a specific netmask. Set to a CIDR notation (e.g. 10.96.0.0/14
) from the RFC-1918 private networks (e.g. 10.0.0.0/8
, 172.16.0.0/12
, 192.168.0.0/16
) to pick a specific range to use. This field is deprecated, use cluster.tpu_config.ipv4_cidr_block instead.use_ip_aliases
BOOLEAN
useIpAliases
use_routes
BOOLEAN
useRoutes
label_fingerprint
Type: STRING
Provider name: labelFingerprint
Description: The fingerprint of the set of labels for this cluster.
labels
Type: UNORDERED_LIST_STRING
legacy_abac
Type: STRUCT
Provider name: legacyAbac
Description: Configuration for the legacy ABAC authorization mode.
enabled
BOOLEAN
enabled
location
Type: STRING
Provider name: location
Description: Output only. The name of the Google Compute Engine zone or region in which the cluster resides.
locations
Type: UNORDERED_LIST_STRING
Provider name: locations
Description: The list of Google Compute Engine zones in which the cluster’s nodes should be located. This field provides a default value if NodePool.Locations are not specified during node pool creation. Warning: changing cluster locations will update the NodePool.Locations of all node pools and will result in nodes being added and/or removed.
logging_config
Type: STRUCT
Provider name: loggingConfig
Description: Logging configuration for the cluster.
component_config
STRUCT
componentConfig
enable_components
UNORDERED_LIST_STRING
enableComponents
logging_service
Type: STRING
Provider name: loggingService
Description: The logging service the cluster should use to write logs. Currently available options: * logging.googleapis.com/kubernetes
- The Cloud Logging service with a Kubernetes-native resource model * logging.googleapis.com
- The legacy Cloud Logging service (no longer available as of GKE 1.15). * none
- no logs will be exported from the cluster. If left as an empty string,logging.googleapis.com/kubernetes
will be used for GKE 1.14+ or logging.googleapis.com
for earlier versions.
maintenance_policy
Type: STRUCT
Provider name: maintenancePolicy
Description: Configure the maintenance policy for this cluster.
resource_version
STRING
resourceVersion
get()
request to the cluster to get the current resource version and include it with requests to set the policy.window
STRUCT
window
daily_maintenance_window
STRUCT
dailyMaintenanceWindow
duration
STRING
duration
start_time
STRING
startTime
recurring_window
STRUCT
recurringWindow
recurrence
STRING
recurrence
FREQ=WEEKLY;BYDAY=MO,TU,WE,TH,FR
To repeat some window daily (equivalent to the DailyMaintenanceWindow): FREQ=DAILY
For the first weekend of every month: FREQ=MONTHLY;BYSETPOS=1;BYDAY=SA,SU
This specifies how frequently the window starts. Eg, if you wanted to have a 9-5 UTC-4 window every weekday, you’d use something like: start time = 2019-01-01T09:00:00-0400 end time = 2019-01-01T17:00:00-0400 recurrence = FREQ=WEEKLY;BYDAY=MO,TU,WE,TH,FR
Windows can span multiple days. Eg, to make the window encompass every weekend from midnight Saturday till the last minute of Sunday UTC: start time = 2019-01-05T00:00:00Z end time = 2019-01-07T23:59:00Z recurrence = FREQ=WEEKLY;BYDAY=SA
Note the start and end time’s specific dates are largely arbitrary except to specify duration of the window and when it first starts. The FREQ values of HOURLY, MINUTELY, and SECONDLY are not supported.window
STRUCT
window
end_time
TIMESTAMP
endTime
maintenance_exclusion_options
STRUCT
maintenanceExclusionOptions
scope
STRING
scope
NO_UPGRADES
- NO_UPGRADES excludes all upgrades, including patch upgrades and minor upgrades across control planes and nodes. This is the default exclusion behavior.NO_MINOR_UPGRADES
- NO_MINOR_UPGRADES excludes all minor upgrades for the cluster, only patches are allowed.NO_MINOR_OR_NODE_UPGRADES
- NO_MINOR_OR_NODE_UPGRADES excludes all minor upgrades for the cluster, and also exclude all node pool upgrades. Only control plane patches are allowed.start_time
TIMESTAMP
startTime
master
Type: STRUCT
Provider name: master
Description: Configuration for master components.
master_auth
Type: STRUCT
Provider name: masterAuth
Description: The authentication information for accessing the master endpoint. If unspecified, the defaults are used: For clusters before v1.12, if master_auth is unspecified, username
will be set to “admin”, a random password will be generated, and a client certificate will be issued.
client_certificate
STRING
clientCertificate
client_certificate_config
STRUCT
clientCertificateConfig
issue_client_certificate
BOOLEAN
issueClientCertificate
client_key
STRING
clientKey
cluster_ca_certificate
STRING
clusterCaCertificate
password
STRING
password
username
STRING
username
master_authorized_networks_config
Type: STRUCT
Provider name: masterAuthorizedNetworksConfig
Description: The configuration options for master authorized networks feature.
cidr_blocks
UNORDERED_LIST_STRUCT
cidrBlocks
cidr_block
STRING
cidrBlock
gcp_display_name
STRING
displayName
enabled
BOOLEAN
enabled
gcp_public_cidrs_access_enabled
BOOLEAN
gcpPublicCidrsAccessEnabled
master_ipv4_cidr_block
Type: STRING
Provider name: masterIpv4CidrBlock
Description: The IP prefix in CIDR notation to use for the hosted master network. This prefix will be used for assigning private IP addresses to the master or set of masters, as well as the ILB VIP. This field is deprecated, use private_cluster_config.master_ipv4_cidr_block instead.
mesh_certificates
Type: STRUCT
Provider name: meshCertificates
Description: Configuration for issuance of mTLS keys and certificates to Kubernetes pods.
enable_certificates
BOOLEAN
enableCertificates
monitoring_config
Type: STRUCT
Provider name: monitoringConfig
Description: Monitoring configuration for the cluster.
advanced_datapath_observability_config
STRUCT
advancedDatapathObservabilityConfig
enable_metrics
BOOLEAN
enableMetrics
enable_relay
BOOLEAN
enableRelay
relay_mode
STRING
relayMode
RELAY_MODE_UNSPECIFIED
- Default value. This shouldn’t be used.DISABLED
- disabledINTERNAL_VPC_LB
- exposed via internal load balancerEXTERNAL_LB
- exposed via external load balancercomponent_config
STRUCT
componentConfig
enable_components
UNORDERED_LIST_STRING
enableComponents
managed_prometheus_config
STRUCT
managedPrometheusConfig
enabled
BOOLEAN
enabled
monitoring_service
Type: STRING
Provider name: monitoringService
Description: The monitoring service the cluster should use to write metrics. Currently available options: * “monitoring.googleapis.com/kubernetes” - The Cloud Monitoring service with a Kubernetes-native resource model * monitoring.googleapis.com
- The legacy Cloud Monitoring service (no longer available as of GKE 1.15). * none
- No metrics will be exported from the cluster. If left as an empty string,monitoring.googleapis.com/kubernetes
will be used for GKE 1.14+ or monitoring.googleapis.com
for earlier versions.
name
Type: STRING
Provider name: name
Description: The name of this cluster. The name must be unique within this project and location (e.g. zone or region), and can be up to 40 characters with the following restrictions: * Lowercase letters, numbers, and hyphens only. * Must start with a letter. * Must end with a number or a letter.
network
Type: STRING
Provider name: network
Description: The name of the Google Compute Engine network to which the cluster is connected. If left unspecified, the default
network will be used. On output this shows the network ID instead of the name.
network_config
Type: STRUCT
Provider name: networkConfig
Description: Configuration for cluster networking.
datapath_provider
STRING
datapathProvider
DATAPATH_PROVIDER_UNSPECIFIED
- Default value.LEGACY_DATAPATH
- Use the IPTables implementation based on kube-proxy.ADVANCED_DATAPATH
- Use the eBPF based GKE Dataplane V2 with additional features. See the GKE Dataplane V2 documentation for more.default_snat_status
STRUCT
defaultSnatStatus
disabled
BOOLEAN
disabled
dns_config
STRUCT
dnsConfig
additive_vpc_scope_dns_domain
STRING
additiveVpcScopeDnsDomain
cluster_dns
STRING
clusterDns
PROVIDER_UNSPECIFIED
- Default valuePLATFORM_DEFAULT
- Use GKE default DNS provider(kube-dns) for DNS resolution.CLOUD_DNS
- Use CloudDNS for DNS resolution.KUBE_DNS
- Use KubeDNS for DNS resolution.cluster_dns_domain
STRING
clusterDnsDomain
cluster_dns_scope
STRING
clusterDnsScope
DNS_SCOPE_UNSPECIFIED
- Default value, will be inferred as cluster scope.CLUSTER_SCOPE
- DNS records are accessible from within the cluster.VPC_SCOPE
- DNS records are accessible from within the VPC.enable_cilium_clusterwide_network_policy
BOOLEAN
enableCiliumClusterwideNetworkPolicy
enable_fqdn_network_policy
BOOLEAN
enableFqdnNetworkPolicy
enable_intra_node_visibility
BOOLEAN
enableIntraNodeVisibility
enable_l4ilb_subsetting
BOOLEAN
enableL4ilbSubsetting
enable_multi_networking
BOOLEAN
enableMultiNetworking
gateway_api_config
STRUCT
gatewayApiConfig
channel
STRING
channel
CHANNEL_UNSPECIFIED
- Default value.CHANNEL_DISABLED
- Gateway API support is disabledCHANNEL_EXPERIMENTAL
- Deprecated: use CHANNEL_STANDARD instead. Gateway API support is enabled, experimental CRDs are installedCHANNEL_STANDARD
- Gateway API support is enabled, standard CRDs are installedin_transit_encryption_config
STRING
inTransitEncryptionConfig
IN_TRANSIT_ENCRYPTION_CONFIG_UNSPECIFIED
- Unspecified, will be inferred as default - IN_TRANSIT_ENCRYPTION_UNSPECIFIED.IN_TRANSIT_ENCRYPTION_DISABLED
- In-transit encryption is disabled.IN_TRANSIT_ENCRYPTION_INTER_NODE_TRANSPARENT
- Data in-transit is encrypted using inter-node transparent encryption.network
STRING
network
network_performance_config
STRUCT
networkPerformanceConfig
total_egress_bandwidth_tier
STRING
totalEgressBandwidthTier
TIER_UNSPECIFIED
- Default valueTIER_1
- Higher bandwidth, actual values based on VM size.private_ipv6_google_access
STRING
privateIpv6GoogleAccess
PRIVATE_IPV6_GOOGLE_ACCESS_UNSPECIFIED
- Default value. Same as DISABLEDPRIVATE_IPV6_GOOGLE_ACCESS_DISABLED
- No private access to or from Google ServicesPRIVATE_IPV6_GOOGLE_ACCESS_TO_GOOGLE
- Enables private IPv6 access to Google Services from GKEPRIVATE_IPV6_GOOGLE_ACCESS_BIDIRECTIONAL
- Enables private IPv6 access to and from Google Servicesservice_external_ips_config
STRUCT
serviceExternalIpsConfig
enabled
BOOLEAN
enabled
subnetwork
STRING
subnetwork
network_policy
Type: STRUCT
Provider name: networkPolicy
Description: Configuration options for the NetworkPolicy feature.
enabled
BOOLEAN
enabled
provider
STRING
provider
PROVIDER_UNSPECIFIED
- Not setCALICO
- Tigera (Calico Felix).node_config
Type: STRUCT
Provider name: nodeConfig
Description: Parameters used in creating the cluster’s nodes. For requests, this field should only be used in lieu of a “node_pool” object, since this configuration (along with the “initial_node_count”) will be used to create a “NodePool” object with an auto-generated name. Do not use this and a node_pool at the same time. For responses, this field will be populated with the node configuration of the first node pool. (For configuration of each node pool, see node_pool.config
) If unspecified, the defaults are used. This field is deprecated, use node_pool.config instead.
accelerators
Type: UNORDERED_LIST_STRUCT
Provider name: accelerators
Description: A list of hardware accelerators to be attached to each node. See https://cloud.google.com/compute/docs/gpus for more information about support for GPUs.
accelerator_count
INT64
acceleratorCount
accelerator_type
STRING
acceleratorType
gpu_driver_installation_config
STRUCT
gpuDriverInstallationConfig
gpu_driver_version
STRING
gpuDriverVersion
GPU_DRIVER_VERSION_UNSPECIFIED
- Default value is to not install any GPU driver.INSTALLATION_DISABLED
- Disable GPU driver auto installation and needs manual installationDEFAULT
- Default’ GPU driver in COS and Ubuntu.LATEST
- Latest’ GPU driver in COS.gpu_partition_size
STRING
gpuPartitionSize
gpu_sharing_config
STRUCT
gpuSharingConfig
gpu_sharing_strategy
STRING
gpuSharingStrategy
GPU_SHARING_STRATEGY_UNSPECIFIED
- Default value.TIME_SHARING
- GPUs are time-shared between containers.MPS
- GPUs are shared between containers with NVIDIA MPS.max_shared_clients_per_gpu
INT64
maxSharedClientsPerGpu
max_time_shared_clients_per_gpu
INT64
maxTimeSharedClientsPerGpu
advanced_machine_features
Type: STRUCT
Provider name: advancedMachineFeatures
Description: Advanced features for the Compute Engine VM.
enable_nested_virtualization
BOOLEAN
enableNestedVirtualization
threads_per_core
INT64
threadsPerCore
boot_disk_kms_key
Type: STRING
Provider name: bootDiskKmsKey
Description: The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool. This should be of the form projects/[KEY_PROJECT_ID]/locations/[LOCATION]/keyRings/[RING_NAME]/cryptoKeys/[KEY_NAME]. For more information about protecting resources with Cloud KMS Keys please see: https://cloud.google.com/compute/docs/disks/customer-managed-encryption
confidential_nodes
Type: STRUCT
Provider name: confidentialNodes
Description: Confidential nodes config. All the nodes in the node pool will be Confidential VM once enabled.
enabled
BOOLEAN
enabled
containerd_config
Type: STRUCT
Provider name: containerdConfig
Description: Parameters for containerd customization.
private_registry_access_config
STRUCT
privateRegistryAccessConfig
certificate_authority_domain_config
UNORDERED_LIST_STRUCT
certificateAuthorityDomainConfig
fqdns
UNORDERED_LIST_STRING
fqdns
gcp_secret_manager_certificate_config
STRUCT
gcpSecretManagerCertificateConfig
secret_uri
STRING
secretUri
enabled
BOOLEAN
enabled
disk_size_gb
Type: INT32
Provider name: diskSizeGb
Description: Size of the disk attached to each node, specified in GB. The smallest allowed disk size is 10GB. If unspecified, the default disk size is 100GB.
disk_type
Type: STRING
Provider name: diskType
Description: Type of the disk attached to each node (e.g. ‘pd-standard’, ‘pd-ssd’ or ‘pd-balanced’) If unspecified, the default disk type is ‘pd-standard’
enable_confidential_storage
Type: BOOLEAN
Provider name: enableConfidentialStorage
Description: Optional. Reserved for future use.
ephemeral_storage_config
Type: STRUCT
Provider name: ephemeralStorageConfig
Description: Parameters for the ephemeral storage filesystem. If unspecified, ephemeral storage is backed by the boot disk.
local_ssd_count
INT32
localSsdCount
ephemeral_storage_local_ssd_config
Type: STRUCT
Provider name: ephemeralStorageLocalSsdConfig
Description: Parameters for the node ephemeral storage using Local SSDs. If unspecified, ephemeral storage is backed by the boot disk. This field is functionally equivalent to the ephemeral_storage_config
local_ssd_count
INT32
localSsdCount
fast_socket
Type: STRUCT
Provider name: fastSocket
Description: Enable or disable NCCL fast socket for the node pool.
enabled
BOOLEAN
enabled
gcfs_config
Type: STRUCT
Provider name: gcfsConfig
Description: GCFS (Google Container File System) configs.
enabled
BOOLEAN
enabled
gvnic
Type: STRUCT
Provider name: gvnic
Description: Enable or disable gvnic on the node pool.
enabled
BOOLEAN
enabled
host_maintenance_policy
Type: STRUCT
Provider name: hostMaintenancePolicy
Description: HostMaintenancePolicy contains the desired maintenance policy for the Google Compute Engine hosts.
maintenance_interval
STRING
maintenanceInterval
MAINTENANCE_INTERVAL_UNSPECIFIED
- The maintenance interval is not explicitly specified.AS_NEEDED
- Nodes are eligible to receive infrastructure and hypervisor updates as they become available. This may result in more maintenance operations (live migrations or terminations) for the node than the PERIODIC option.PERIODIC
- Nodes receive infrastructure and hypervisor updates on a periodic basis, minimizing the number of maintenance operations (live migrations or terminations) on an individual VM. This may mean underlying VMs will take longer to receive an update than if it was configured for AS_NEEDED. Security updates will still be applied as soon as they are available.opportunistic_maintenance_strategy
STRUCT
opportunisticMaintenanceStrategy
maintenance_availability_window
STRING
maintenanceAvailabilityWindow
PERIODIC
maintenance is set 28 days in advance).min_nodes_per_pool
INT64
minNodesPerPool
node_idle_time_window
STRING
nodeIdleTimeWindow
image_type
Type: STRING
Provider name: imageType
Description: The image type to use for this node. Note that for a given image type, the latest version of it will be used. Please see https://cloud.google.com/kubernetes-engine/docs/concepts/node-images for available image types.
kubelet_config
Type: STRUCT
Provider name: kubeletConfig
Description: Node kubelet configs.
cpu_cfs_quota
BOOLEAN
cpuCfsQuota
cpu_cfs_quota_period
STRING
cpuCfsQuotaPeriod
cpu_manager_policy
STRING
cpuManagerPolicy
insecure_kubelet_readonly_port_enabled
BOOLEAN
insecureKubeletReadonlyPortEnabled
pod_pids_limit
INT64
podPidsLimit
linux_node_config
Type: STRUCT
Provider name: linuxNodeConfig
Description: Parameters that can be configured on Linux nodes.
cgroup_mode
STRING
cgroupMode
CGROUP_MODE_UNSPECIFIED
- CGROUP_MODE_UNSPECIFIED is when unspecified cgroup configuration is used. The default for the GKE node OS image will be used.CGROUP_MODE_V1
- CGROUP_MODE_V1 specifies to use cgroupv1 for the cgroup configuration on the node image.CGROUP_MODE_V2
- CGROUP_MODE_V2 specifies to use cgroupv2 for the cgroup configuration on the node image.hugepages
STRUCT
hugepages
hugepage_size1g
INT32
hugepageSize1g
hugepage_size2m
INT32
hugepageSize2m
local_nvme_ssd_block_config
Type: STRUCT
Provider name: localNvmeSsdBlockConfig
Description: Parameters for using raw-block Local NVMe SSDs.
local_ssd_count
INT32
localSsdCount
local_ssd_count
Type: INT32
Provider name: localSsdCount
Description: The number of local SSD disks to be attached to the node. The limit for this value is dependent upon the maximum number of disks available on a machine per zone. See: https://cloud.google.com/compute/docs/disks/local-ssd for more information.
logging_config
Type: STRUCT
Provider name: loggingConfig
Description: Logging configuration.
variant_config
STRUCT
variantConfig
variant
STRING
variant
VARIANT_UNSPECIFIED
- Default value. This shouldn’t be used.DEFAULT
- default logging variant.MAX_THROUGHPUT
- maximum logging throughput variant.machine_type
Type: STRING
Provider name: machineType
Description: The name of a Google Compute Engine machine type. If unspecified, the default machine type is e2-medium
.
min_cpu_platform
Type: STRING
Provider name: minCpuPlatform
Description: Minimum CPU platform to be used by this instance. The instance may be scheduled on the specified or newer CPU platform. Applicable values are the friendly names of CPU platforms, such as minCpuPlatform: "Intel Haswell"
or minCpuPlatform: "Intel Sandy Bridge"
. For more information, read how to specify min CPU platform.
node_group
Type: STRING
Provider name: nodeGroup
Description: Setting this field will assign instances of this pool to run on the specified node group. This is useful for running workloads on sole tenant nodes.
oauth_scopes
Type: UNORDERED_LIST_STRING
Provider name: oauthScopes
Description: The set of Google API scopes to be made available on all of the node VMs under the “default” service account. The following scopes are recommended, but not required, and by default are not included: * https://www.googleapis.com/auth/compute
is required for mounting persistent storage on your nodes. * https://www.googleapis.com/auth/devstorage.read_only
is required for communicating with gcr.io (the Google Container Registry). If unspecified, no scopes are added, unless Cloud Logging or Cloud Monitoring are enabled, in which case their required scopes will be added.
preemptible
Type: BOOLEAN
Provider name: preemptible
Description: Whether the nodes are created as preemptible VM instances. See: https://cloud.google.com/compute/docs/instances/preemptible for more information about preemptible VM instances.
reservation_affinity
Type: STRUCT
Provider name: reservationAffinity
Description: The optional reservation affinity. Setting this field will apply the specified Zonal Compute Reservation to this node pool.
consume_reservation_type
STRING
consumeReservationType
UNSPECIFIED
- Default value. This should not be used.NO_RESERVATION
- Do not consume from any reserved capacity.ANY_RESERVATION
- Consume any reservation available.SPECIFIC_RESERVATION
- Must consume from a specific reservation. Must specify key value fields for specifying the reservations.key
STRING
key
values
UNORDERED_LIST_STRING
values
resource_manager_tags
Type: STRUCT
Provider name: resourceManagerTags
Description: A map of resource manager tag keys and values to be attached to the nodes.
sandbox_config
Type: STRUCT
Provider name: sandboxConfig
Description: Sandbox configuration for this node.
sandbox_type
STRING
sandboxType
type
STRING
type
UNSPECIFIED
- Default value. This should not be used.GVISOR
- Run sandbox using gvisor.secondary_boot_disk_update_strategy
Type: STRUCT
Provider name: secondaryBootDiskUpdateStrategy
Description: Secondary boot disk update strategy.
secondary_boot_disks
Type: UNORDERED_LIST_STRUCT
Provider name: secondaryBootDisks
Description: List of secondary boot disks attached to the nodes.
disk_image
STRING
diskImage
mode
STRING
mode
MODE_UNSPECIFIED
- MODE_UNSPECIFIED is when mode is not set.CONTAINER_IMAGE_CACHE
- CONTAINER_IMAGE_CACHE is for using the secondary boot disk as a container image cache.service_account
Type: STRING
Provider name: serviceAccount
Description: The Google Cloud Platform Service Account to be used by the node VMs. Specify the email address of the Service Account; otherwise, if no Service Account is specified, the “default” service account is used.
shielded_instance_config
Type: STRUCT
Provider name: shieldedInstanceConfig
Description: Shielded Instance options.
enable_integrity_monitoring
BOOLEAN
enableIntegrityMonitoring
enable_secure_boot
BOOLEAN
enableSecureBoot
sole_tenant_config
Type: STRUCT
Provider name: soleTenantConfig
Description: Parameters for node pools to be backed by shared sole tenant node groups.
node_affinities
UNORDERED_LIST_STRUCT
nodeAffinities
key
STRING
key
operator
STRING
operator
OPERATOR_UNSPECIFIED
- Invalid or unspecified affinity operator.IN
- Affinity operator.NOT_IN
- Anti-affinity operator.values
UNORDERED_LIST_STRING
values
spot
Type: BOOLEAN
Provider name: spot
Description: Spot flag for enabling Spot VM, which is a rebrand of the existing preemptible flag.
taints
Type: UNORDERED_LIST_STRUCT
Provider name: taints
Description: List of kubernetes taints to be applied to each node. For more information, including usage and the valid values, see: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
effect
STRING
effect
EFFECT_UNSPECIFIED
- Not setNO_SCHEDULE
- NoSchedulePREFER_NO_SCHEDULE
- PreferNoScheduleNO_EXECUTE
- NoExecutekey
STRING
key
value
STRING
value
windows_node_config
Type: STRUCT
Provider name: windowsNodeConfig
Description: Parameters that can be configured on Windows nodes.
os_version
STRING
osVersion
OS_VERSION_UNSPECIFIED
- When OSVersion is not specifiedOS_VERSION_LTSC2019
- LTSC2019 specifies to use LTSC2019 as the Windows Servercore Base ImageOS_VERSION_LTSC2022
- LTSC2022 specifies to use LTSC2022 as the Windows Servercore Base Imageworkload_metadata_config
Type: STRUCT
Provider name: workloadMetadataConfig
Description: The workload metadata configuration for this node.
mode
STRING
mode
MODE_UNSPECIFIED
- Not set.GCE_METADATA
- Expose all Compute Engine metadata to pods.GKE_METADATA
- Run the GKE Metadata Server on this node. The GKE Metadata Server exposes a metadata API to workloads that is compatible with the V1 Compute Metadata APIs exposed by the Compute Engine and App Engine Metadata Servers. This feature can only be enabled if Workload Identity is enabled at the cluster level.node_metadata
STRING
nodeMetadata
UNSPECIFIED
- Not set.SECURE
- Prevent workloads not in hostNetwork from accessing certain VM metadata, specifically kube-env, which contains Kubelet credentials, and the instance identity token. Metadata concealment is a temporary security solution available while the bootstrapping process for cluster nodes is being redesigned with significant security improvements. This feature is scheduled to be deprecated in the future and later removed.EXPOSE
- Expose all VM metadata to pods.GKE_METADATA_SERVER
- Run the GKE Metadata Server on this node. The GKE Metadata Server exposes a metadata API to workloads that is compatible with the V1 Compute Metadata APIs exposed by the Compute Engine and App Engine Metadata Servers. This feature can only be enabled if Workload Identity is enabled at the cluster level.node_ipv4_cidr_size
Type: INT32
Provider name: nodeIpv4CidrSize
Description: Output only. The size of the address space on each node for hosting containers. This is provisioned from within the container_ipv4_cidr
range. This field will only be set when cluster is in route-based network mode.
node_pool_auto_config
Type: STRUCT
Provider name: nodePoolAutoConfig
Description: Node pool configs that apply to all auto-provisioned node pools in autopilot clusters and node auto-provisioning enabled clusters.
network_tags
Type: STRUCT
Provider name: networkTags
Description: The list of instance tags applied to all nodes. Tags are used to identify valid sources or targets for network firewalls and are specified by the client during cluster creation. Each tag within the list must comply with RFC1035.
node_kubelet_config
Type: STRUCT
Provider name: nodeKubeletConfig
Description: NodeKubeletConfig controls the defaults for autoprovisioned node-pools. Currently only insecure_kubelet_readonly_port_enabled
can be set here.
cpu_cfs_quota
BOOLEAN
cpuCfsQuota
cpu_cfs_quota_period
STRING
cpuCfsQuotaPeriod
cpu_manager_policy
STRING
cpuManagerPolicy
insecure_kubelet_readonly_port_enabled
BOOLEAN
insecureKubeletReadonlyPortEnabled
pod_pids_limit
INT64
podPidsLimit
resource_manager_tags
Type: STRUCT
Provider name: resourceManagerTags
Description: Resource manager tag keys and values to be attached to the nodes for managing Compute Engine firewalls using Network Firewall Policies.
node_pool_defaults
Type: STRUCT
Provider name: nodePoolDefaults
Description: Default NodePool settings for the entire cluster. These settings are overridden if specified on the specific NodePool object.
node_config_defaults
STRUCT
nodeConfigDefaults
containerd_config
STRUCT
containerdConfig
private_registry_access_config
STRUCT
privateRegistryAccessConfig
certificate_authority_domain_config
UNORDERED_LIST_STRUCT
certificateAuthorityDomainConfig
fqdns
UNORDERED_LIST_STRING
fqdns
gcp_secret_manager_certificate_config
STRUCT
gcpSecretManagerCertificateConfig
secret_uri
STRING
secretUri
enabled
BOOLEAN
enabled
gcfs_config
STRUCT
gcfsConfig
enabled
BOOLEAN
enabled
host_maintenance_policy
STRUCT
hostMaintenancePolicy
maintenance_interval
STRING
maintenanceInterval
MAINTENANCE_INTERVAL_UNSPECIFIED
- The maintenance interval is not explicitly specified.AS_NEEDED
- Nodes are eligible to receive infrastructure and hypervisor updates as they become available. This may result in more maintenance operations (live migrations or terminations) for the node than the PERIODIC option.PERIODIC
- Nodes receive infrastructure and hypervisor updates on a periodic basis, minimizing the number of maintenance operations (live migrations or terminations) on an individual VM. This may mean underlying VMs will take longer to receive an update than if it was configured for AS_NEEDED. Security updates will still be applied as soon as they are available.opportunistic_maintenance_strategy
STRUCT
opportunisticMaintenanceStrategy
maintenance_availability_window
STRING
maintenanceAvailabilityWindow
PERIODIC
maintenance is set 28 days in advance).min_nodes_per_pool
INT64
minNodesPerPool
node_idle_time_window
STRING
nodeIdleTimeWindow
logging_config
STRUCT
loggingConfig
variant_config
STRUCT
variantConfig
variant
STRING
variant
VARIANT_UNSPECIFIED
- Default value. This shouldn’t be used.DEFAULT
- default logging variant.MAX_THROUGHPUT
- maximum logging throughput variant.node_kubelet_config
STRUCT
nodeKubeletConfig
insecure_kubelet_readonly_port_enabled
can be set here.cpu_cfs_quota
BOOLEAN
cpuCfsQuota
cpu_cfs_quota_period
STRING
cpuCfsQuotaPeriod
cpu_manager_policy
STRING
cpuManagerPolicy
insecure_kubelet_readonly_port_enabled
BOOLEAN
insecureKubeletReadonlyPortEnabled
pod_pids_limit
INT64
podPidsLimit
node_pools
Type: UNORDERED_LIST_STRUCT
Provider name: nodePools
Description: The node pools associated with this cluster. This field should not be set if “node_config” or “initial_node_count” are specified.
autoscaling
STRUCT
autoscaling
autoprovisioned
BOOLEAN
autoprovisioned
enabled
BOOLEAN
enabled
location_policy
STRING
locationPolicy
LOCATION_POLICY_UNSPECIFIED
- Not set.BALANCED
- BALANCED is a best effort policy that aims to balance the sizes of different zones.ANY
- ANY policy picks zones that have the highest capacity available.max_node_count
INT32
maxNodeCount
min_node_count
INT32
minNodeCount
total_max_node_count
INT32
totalMaxNodeCount
total_min_node_count
INT32
totalMinNodeCount
best_effort_provisioning
STRUCT
bestEffortProvisioning
enabled
BOOLEAN
enabled
min_provision_nodes
INT32
minProvisionNodes
conditions
UNORDERED_LIST_STRUCT
conditions
canonical_code
STRING
canonicalCode
OK
- Not an error; returned on success. HTTP Mapping: 200 OKCANCELLED
- The operation was cancelled, typically by the caller. HTTP Mapping: 499 Client Closed RequestUNKNOWN
- Unknown error. For example, this error may be returned when a Status
value received from another address space belongs to an error space that is not known in this address space. Also errors raised by APIs that do not return enough error information may be converted to this error. HTTP Mapping: 500 Internal Server ErrorINVALID_ARGUMENT
- The client specified an invalid argument. Note that this differs from FAILED_PRECONDITION
. INVALID_ARGUMENT
indicates arguments that are problematic regardless of the state of the system (e.g., a malformed file name). HTTP Mapping: 400 Bad RequestDEADLINE_EXCEEDED
- The deadline expired before the operation could complete. For operations that change the state of the system, this error may be returned even if the operation has completed successfully. For example, a successful response from a server could have been delayed long enough for the deadline to expire. HTTP Mapping: 504 Gateway TimeoutNOT_FOUND
- Some requested entity (e.g., file or directory) was not found. Note to server developers: if a request is denied for an entire class of users, such as gradual feature rollout or undocumented allowlist, NOT_FOUND
may be used. If a request is denied for some users within a class of users, such as user-based access control, PERMISSION_DENIED
must be used. HTTP Mapping: 404 Not FoundALREADY_EXISTS
- The entity that a client attempted to create (e.g., file or directory) already exists. HTTP Mapping: 409 ConflictPERMISSION_DENIED
- The caller does not have permission to execute the specified operation. PERMISSION_DENIED
must not be used for rejections caused by exhausting some resource (use RESOURCE_EXHAUSTED
instead for those errors). PERMISSION_DENIED
must not be used if the caller can not be identified (use UNAUTHENTICATED
instead for those errors). This error code does not imply the request is valid or the requested entity exists or satisfies other pre-conditions. HTTP Mapping: 403 ForbiddenUNAUTHENTICATED
- The request does not have valid authentication credentials for the operation. HTTP Mapping: 401 UnauthorizedRESOURCE_EXHAUSTED
- Some resource has been exhausted, perhaps a per-user quota, or perhaps the entire file system is out of space. HTTP Mapping: 429 Too Many RequestsFAILED_PRECONDITION
- The operation was rejected because the system is not in a state required for the operation's execution. For example, the directory to be deleted is non-empty, an rmdir operation is applied to a non-directory, etc. Service implementors can use the following guidelines to decide between FAILED_PRECONDITION
, ABORTED
, and UNAVAILABLE
: (a) Use UNAVAILABLE
if the client can retry just the failing call. (b) Use ABORTED
if the client should retry at a higher level. For example, when a client-specified test-and-set fails, indicating the client should restart a read-modify-write sequence. (c) Use FAILED_PRECONDITION
if the client should not retry until the system state has been explicitly fixed. For example, if an ‘rmdir’ fails because the directory is non-empty, FAILED_PRECONDITION
should be returned since the client should not retry unless the files are deleted from the directory. HTTP Mapping: 400 Bad RequestABORTED
- The operation was aborted, typically due to a concurrency issue such as a sequencer check failure or transaction abort. See the guidelines above for deciding between FAILED_PRECONDITION
, ABORTED
, and UNAVAILABLE
. HTTP Mapping: 409 ConflictOUT_OF_RANGE
- The operation was attempted past the valid range. E.g., seeking or reading past end-of-file. Unlike INVALID_ARGUMENT
, this error indicates a problem that may be fixed if the system state changes. For example, a 32-bit file system will generate INVALID_ARGUMENT
if asked to read at an offset that is not in the range [0,2^32-1], but it will generate OUT_OF_RANGE
if asked to read from an offset past the current file size. There is a fair bit of overlap between FAILED_PRECONDITION
and OUT_OF_RANGE
. We recommend using OUT_OF_RANGE
(the more specific error) when it applies so that callers who are iterating through a space can easily look for an OUT_OF_RANGE
error to detect when they are done. HTTP Mapping: 400 Bad RequestUNIMPLEMENTED
- The operation is not implemented or is not supported/enabled in this service. HTTP Mapping: 501 Not ImplementedINTERNAL
- Internal errors. This means that some invariants expected by the underlying system have been broken. This error code is reserved for serious errors. HTTP Mapping: 500 Internal Server ErrorUNAVAILABLE
- The service is currently unavailable. This is most likely a transient condition, which can be corrected by retrying with a backoff. Note that it is not always safe to retry non-idempotent operations. See the guidelines above for deciding between FAILED_PRECONDITION
, ABORTED
, and UNAVAILABLE
. HTTP Mapping: 503 Service UnavailableDATA_LOSS
- Unrecoverable data loss or corruption. HTTP Mapping: 500 Internal Server Errorcode
STRING
code
UNKNOWN
- UNKNOWN indicates a generic condition.GCE_STOCKOUT
- GCE_STOCKOUT indicates that Google Compute Engine resources are temporarily unavailable.GKE_SERVICE_ACCOUNT_DELETED
- GKE_SERVICE_ACCOUNT_DELETED indicates that the user deleted their robot service account.GCE_QUOTA_EXCEEDED
- Google Compute Engine quota was exceeded.SET_BY_OPERATOR
- Cluster state was manually changed by an SRE due to a system logic error.CLOUD_KMS_KEY_ERROR
- Unable to perform an encrypt operation against the CloudKMS key used for etcd level encryption.CA_EXPIRING
- Cluster CA is expiring soon. More codes TBAmessage
STRING
message
config
STRUCT
config
accelerators
Type: UNORDERED_LIST_STRUCT
Provider name: accelerators
Description: A list of hardware accelerators to be attached to each node. See https://cloud.google.com/compute/docs/gpus for more information about support for GPUs.
accelerator_count
INT64
acceleratorCount
accelerator_type
STRING
acceleratorType
gpu_driver_installation_config
STRUCT
gpuDriverInstallationConfig
gpu_driver_version
STRING
gpuDriverVersion
GPU_DRIVER_VERSION_UNSPECIFIED
- Default value is to not install any GPU driver.INSTALLATION_DISABLED
- Disable GPU driver auto installation and needs manual installationDEFAULT
- Default’ GPU driver in COS and Ubuntu.LATEST
- Latest’ GPU driver in COS.gpu_partition_size
STRING
gpuPartitionSize
gpu_sharing_config
STRUCT
gpuSharingConfig
gpu_sharing_strategy
STRING
gpuSharingStrategy
GPU_SHARING_STRATEGY_UNSPECIFIED
- Default value.TIME_SHARING
- GPUs are time-shared between containers.MPS
- GPUs are shared between containers with NVIDIA MPS.max_shared_clients_per_gpu
INT64
maxSharedClientsPerGpu
max_time_shared_clients_per_gpu
INT64
maxTimeSharedClientsPerGpu
advanced_machine_features
Type: STRUCT
Provider name: advancedMachineFeatures
Description: Advanced features for the Compute Engine VM.
enable_nested_virtualization
BOOLEAN
enableNestedVirtualization
threads_per_core
INT64
threadsPerCore
boot_disk_kms_key
Type: STRING
Provider name: bootDiskKmsKey
Description: The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool. This should be of the form projects/[KEY_PROJECT_ID]/locations/[LOCATION]/keyRings/[RING_NAME]/cryptoKeys/[KEY_NAME]. For more information about protecting resources with Cloud KMS Keys please see: https://cloud.google.com/compute/docs/disks/customer-managed-encryption
confidential_nodes
Type: STRUCT
Provider name: confidentialNodes
Description: Confidential nodes config. All the nodes in the node pool will be Confidential VM once enabled.
enabled
BOOLEAN
enabled
containerd_config
Type: STRUCT
Provider name: containerdConfig
Description: Parameters for containerd customization.
private_registry_access_config
STRUCT
privateRegistryAccessConfig
certificate_authority_domain_config
UNORDERED_LIST_STRUCT
certificateAuthorityDomainConfig
fqdns
UNORDERED_LIST_STRING
fqdns
gcp_secret_manager_certificate_config
STRUCT
gcpSecretManagerCertificateConfig
secret_uri
STRING
secretUri
enabled
BOOLEAN
enabled
disk_size_gb
Type: INT32
Provider name: diskSizeGb
Description: Size of the disk attached to each node, specified in GB. The smallest allowed disk size is 10GB. If unspecified, the default disk size is 100GB.
disk_type
Type: STRING
Provider name: diskType
Description: Type of the disk attached to each node (e.g. ‘pd-standard’, ‘pd-ssd’ or ‘pd-balanced’) If unspecified, the default disk type is ‘pd-standard’
enable_confidential_storage
Type: BOOLEAN
Provider name: enableConfidentialStorage
Description: Optional. Reserved for future use.
ephemeral_storage_config
Type: STRUCT
Provider name: ephemeralStorageConfig
Description: Parameters for the ephemeral storage filesystem. If unspecified, ephemeral storage is backed by the boot disk.
local_ssd_count
INT32
localSsdCount
ephemeral_storage_local_ssd_config
Type: STRUCT
Provider name: ephemeralStorageLocalSsdConfig
Description: Parameters for the node ephemeral storage using Local SSDs. If unspecified, ephemeral storage is backed by the boot disk. This field is functionally equivalent to the ephemeral_storage_config
local_ssd_count
INT32
localSsdCount
fast_socket
Type: STRUCT
Provider name: fastSocket
Description: Enable or disable NCCL fast socket for the node pool.
enabled
BOOLEAN
enabled
gcfs_config
Type: STRUCT
Provider name: gcfsConfig
Description: GCFS (Google Container File System) configs.
enabled
BOOLEAN
enabled
gvnic
Type: STRUCT
Provider name: gvnic
Description: Enable or disable gvnic on the node pool.
enabled
BOOLEAN
enabled
host_maintenance_policy
Type: STRUCT
Provider name: hostMaintenancePolicy
Description: HostMaintenancePolicy contains the desired maintenance policy for the Google Compute Engine hosts.
maintenance_interval
STRING
maintenanceInterval
MAINTENANCE_INTERVAL_UNSPECIFIED
- The maintenance interval is not explicitly specified.AS_NEEDED
- Nodes are eligible to receive infrastructure and hypervisor updates as they become available. This may result in more maintenance operations (live migrations or terminations) for the node than the PERIODIC option.PERIODIC
- Nodes receive infrastructure and hypervisor updates on a periodic basis, minimizing the number of maintenance operations (live migrations or terminations) on an individual VM. This may mean underlying VMs will take longer to receive an update than if it was configured for AS_NEEDED. Security updates will still be applied as soon as they are available.opportunistic_maintenance_strategy
STRUCT
opportunisticMaintenanceStrategy
maintenance_availability_window
STRING
maintenanceAvailabilityWindow
PERIODIC
maintenance is set 28 days in advance).min_nodes_per_pool
INT64
minNodesPerPool
node_idle_time_window
STRING
nodeIdleTimeWindow
image_type
Type: STRING
Provider name: imageType
Description: The image type to use for this node. Note that for a given image type, the latest version of it will be used. Please see https://cloud.google.com/kubernetes-engine/docs/concepts/node-images for available image types.
kubelet_config
Type: STRUCT
Provider name: kubeletConfig
Description: Node kubelet configs.
cpu_cfs_quota
BOOLEAN
cpuCfsQuota
cpu_cfs_quota_period
STRING
cpuCfsQuotaPeriod
cpu_manager_policy
STRING
cpuManagerPolicy
insecure_kubelet_readonly_port_enabled
BOOLEAN
insecureKubeletReadonlyPortEnabled
pod_pids_limit
INT64
podPidsLimit
linux_node_config
Type: STRUCT
Provider name: linuxNodeConfig
Description: Parameters that can be configured on Linux nodes.
cgroup_mode
STRING
cgroupMode
CGROUP_MODE_UNSPECIFIED
- CGROUP_MODE_UNSPECIFIED is when unspecified cgroup configuration is used. The default for the GKE node OS image will be used.CGROUP_MODE_V1
- CGROUP_MODE_V1 specifies to use cgroupv1 for the cgroup configuration on the node image.CGROUP_MODE_V2
- CGROUP_MODE_V2 specifies to use cgroupv2 for the cgroup configuration on the node image.hugepages
STRUCT
hugepages
hugepage_size1g
INT32
hugepageSize1g
hugepage_size2m
INT32
hugepageSize2m
local_nvme_ssd_block_config
Type: STRUCT
Provider name: localNvmeSsdBlockConfig
Description: Parameters for using raw-block Local NVMe SSDs.
local_ssd_count
INT32
localSsdCount
local_ssd_count
Type: INT32
Provider name: localSsdCount
Description: The number of local SSD disks to be attached to the node. The limit for this value is dependent upon the maximum number of disks available on a machine per zone. See: https://cloud.google.com/compute/docs/disks/local-ssd for more information.
logging_config
Type: STRUCT
Provider name: loggingConfig
Description: Logging configuration.
variant_config
STRUCT
variantConfig
variant
STRING
variant
VARIANT_UNSPECIFIED
- Default value. This shouldn’t be used.DEFAULT
- default logging variant.MAX_THROUGHPUT
- maximum logging throughput variant.machine_type
Type: STRING
Provider name: machineType
Description: The name of a Google Compute Engine machine type. If unspecified, the default machine type is e2-medium
.
min_cpu_platform
Type: STRING
Provider name: minCpuPlatform
Description: Minimum CPU platform to be used by this instance. The instance may be scheduled on the specified or newer CPU platform. Applicable values are the friendly names of CPU platforms, such as minCpuPlatform: "Intel Haswell"
or minCpuPlatform: "Intel Sandy Bridge"
. For more information, read how to specify min CPU platform.
node_group
Type: STRING
Provider name: nodeGroup
Description: Setting this field will assign instances of this pool to run on the specified node group. This is useful for running workloads on sole tenant nodes.
oauth_scopes
Type: UNORDERED_LIST_STRING
Provider name: oauthScopes
Description: The set of Google API scopes to be made available on all of the node VMs under the “default” service account. The following scopes are recommended, but not required, and by default are not included: * https://www.googleapis.com/auth/compute
is required for mounting persistent storage on your nodes. * https://www.googleapis.com/auth/devstorage.read_only
is required for communicating with gcr.io (the Google Container Registry). If unspecified, no scopes are added, unless Cloud Logging or Cloud Monitoring are enabled, in which case their required scopes will be added.
preemptible
Type: BOOLEAN
Provider name: preemptible
Description: Whether the nodes are created as preemptible VM instances. See: https://cloud.google.com/compute/docs/instances/preemptible for more information about preemptible VM instances.
reservation_affinity
Type: STRUCT
Provider name: reservationAffinity
Description: The optional reservation affinity. Setting this field will apply the specified Zonal Compute Reservation to this node pool.
consume_reservation_type
STRING
consumeReservationType
UNSPECIFIED
- Default value. This should not be used.NO_RESERVATION
- Do not consume from any reserved capacity.ANY_RESERVATION
- Consume any reservation available.SPECIFIC_RESERVATION
- Must consume from a specific reservation. Must specify key value fields for specifying the reservations.key
STRING
key
values
UNORDERED_LIST_STRING
values
resource_manager_tags
Type: STRUCT
Provider name: resourceManagerTags
Description: A map of resource manager tag keys and values to be attached to the nodes.
sandbox_config
Type: STRUCT
Provider name: sandboxConfig
Description: Sandbox configuration for this node.
sandbox_type
STRING
sandboxType
type
STRING
type
UNSPECIFIED
- Default value. This should not be used.GVISOR
- Run sandbox using gvisor.secondary_boot_disk_update_strategy
Type: STRUCT
Provider name: secondaryBootDiskUpdateStrategy
Description: Secondary boot disk update strategy.
secondary_boot_disks
Type: UNORDERED_LIST_STRUCT
Provider name: secondaryBootDisks
Description: List of secondary boot disks attached to the nodes.
disk_image
STRING
diskImage
mode
STRING
mode
MODE_UNSPECIFIED
- MODE_UNSPECIFIED is when mode is not set.CONTAINER_IMAGE_CACHE
- CONTAINER_IMAGE_CACHE is for using the secondary boot disk as a container image cache.service_account
Type: STRING
Provider name: serviceAccount
Description: The Google Cloud Platform Service Account to be used by the node VMs. Specify the email address of the Service Account; otherwise, if no Service Account is specified, the “default” service account is used.
shielded_instance_config
Type: STRUCT
Provider name: shieldedInstanceConfig
Description: Shielded Instance options.
enable_integrity_monitoring
BOOLEAN
enableIntegrityMonitoring
enable_secure_boot
BOOLEAN
enableSecureBoot
sole_tenant_config
Type: STRUCT
Provider name: soleTenantConfig
Description: Parameters for node pools to be backed by shared sole tenant node groups.
node_affinities
UNORDERED_LIST_STRUCT
nodeAffinities
key
STRING
key
operator
STRING
operator
OPERATOR_UNSPECIFIED
- Invalid or unspecified affinity operator.IN
- Affinity operator.NOT_IN
- Anti-affinity operator.values
UNORDERED_LIST_STRING
values
spot
Type: BOOLEAN
Provider name: spot
Description: Spot flag for enabling Spot VM, which is a rebrand of the existing preemptible flag.
taints
Type: UNORDERED_LIST_STRUCT
Provider name: taints
Description: List of kubernetes taints to be applied to each node. For more information, including usage and the valid values, see: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
effect
STRING
effect
EFFECT_UNSPECIFIED
- Not setNO_SCHEDULE
- NoSchedulePREFER_NO_SCHEDULE
- PreferNoScheduleNO_EXECUTE
- NoExecutekey
STRING
key
value
STRING
value
windows_node_config
Type: STRUCT
Provider name: windowsNodeConfig
Description: Parameters that can be configured on Windows nodes.
os_version
STRING
osVersion
OS_VERSION_UNSPECIFIED
- When OSVersion is not specifiedOS_VERSION_LTSC2019
- LTSC2019 specifies to use LTSC2019 as the Windows Servercore Base ImageOS_VERSION_LTSC2022
- LTSC2022 specifies to use LTSC2022 as the Windows Servercore Base Imageworkload_metadata_config
Type: STRUCT
Provider name: workloadMetadataConfig
Description: The workload metadata configuration for this node.
mode
STRING
mode
MODE_UNSPECIFIED
- Not set.GCE_METADATA
- Expose all Compute Engine metadata to pods.GKE_METADATA
- Run the GKE Metadata Server on this node. The GKE Metadata Server exposes a metadata API to workloads that is compatible with the V1 Compute Metadata APIs exposed by the Compute Engine and App Engine Metadata Servers. This feature can only be enabled if Workload Identity is enabled at the cluster level.node_metadata
STRING
nodeMetadata
UNSPECIFIED
- Not set.SECURE
- Prevent workloads not in hostNetwork from accessing certain VM metadata, specifically kube-env, which contains Kubelet credentials, and the instance identity token. Metadata concealment is a temporary security solution available while the bootstrapping process for cluster nodes is being redesigned with significant security improvements. This feature is scheduled to be deprecated in the future and later removed.EXPOSE
- Expose all VM metadata to pods.GKE_METADATA_SERVER
- Run the GKE Metadata Server on this node. The GKE Metadata Server exposes a metadata API to workloads that is compatible with the V1 Compute Metadata APIs exposed by the Compute Engine and App Engine Metadata Servers. This feature can only be enabled if Workload Identity is enabled at the cluster level.etag
STRING
etag
gcp_status
STRING
status
STATUS_UNSPECIFIED
- Not set.PROVISIONING
- The PROVISIONING state indicates the node pool is being created.RUNNING
- The RUNNING state indicates the node pool has been created and is fully usable.RUNNING_WITH_ERROR
- The RUNNING_WITH_ERROR state indicates the node pool has been created and is partially usable. Some error state has occurred and some functionality may be impaired. Customer may need to reissue a request or trigger a new update.RECONCILING
- The RECONCILING state indicates that some work is actively being done on the node pool, such as upgrading node software. Details can be found in the statusMessage
field.STOPPING
- The STOPPING state indicates the node pool is being deleted.ERROR
- The ERROR state indicates the node pool may be unusable. Details can be found in the statusMessage
field.initial_node_count
INT32
initialNodeCount
instance_group_urls
UNORDERED_LIST_STRING
instanceGroupUrls
locations
UNORDERED_LIST_STRING
locations
management
STRUCT
management
auto_repair
BOOLEAN
autoRepair
auto_upgrade
BOOLEAN
autoUpgrade
upgrade_options
STRUCT
upgradeOptions
auto_upgrade_start_time
STRING
autoUpgradeStartTime
description
STRING
description
max_pods_constraint
STRUCT
maxPodsConstraint
max_pods_per_node
INT64
maxPodsPerNode
name
STRING
name
network_config
STRUCT
networkConfig
additional_node_network_configs
UNORDERED_LIST_STRUCT
additionalNodeNetworkConfigs
network
STRING
network
subnetwork
STRING
subnetwork
additional_pod_network_configs
UNORDERED_LIST_STRUCT
additionalPodNetworkConfigs
max_pods_per_node
STRUCT
maxPodsPerNode
max_pods_per_node
INT64
maxPodsPerNode
secondary_pod_range
STRING
secondaryPodRange
subnetwork
STRING
subnetwork
create_pod_range
BOOLEAN
createPodRange
pod_range
and pod_ipv4_cidr_block
if they are not specified. If neither create_pod_range
or pod_range
are specified, the cluster-level default (ip_allocation_policy.cluster_ipv4_cidr_block
) is used. Only applicable if ip_allocation_policy.use_ip_aliases
is true. This field cannot be changed after the node pool has been created.enable_private_nodes
BOOLEAN
enablePrivateNodes
network_performance_config
STRUCT
networkPerformanceConfig
external_ip_egress_bandwidth_tier
STRING
externalIpEgressBandwidthTier
TIER_UNSPECIFIED
- Default valueTIER_1
- Higher bandwidth, actual values based on VM size.total_egress_bandwidth_tier
STRING
totalEgressBandwidthTier
TIER_UNSPECIFIED
- Default valueTIER_1
- Higher bandwidth, actual values based on VM size.pod_cidr_overprovision_config
STRUCT
podCidrOverprovisionConfig
disable
BOOLEAN
disable
pod_ipv4_cidr_block
STRING
podIpv4CidrBlock
create_pod_range
is true. Set to blank to have a range chosen with the default size. Set to /netmask (e.g. /14
) to have a range chosen with a specific netmask. Set to a CIDR notation (e.g. 10.96.0.0/14
) to pick a specific range to use. Only applicable if ip_allocation_policy.use_ip_aliases
is true. This field cannot be changed after the node pool has been created.pod_ipv4_range_utilization
DOUBLE
podIpv4RangeUtilization
pod_range
STRING
podRange
create_pod_range
is true, this ID is used for the new range. If create_pod_range
is false, uses an existing secondary range with this ID. Only applicable if ip_allocation_policy.use_ip_aliases
is true. This field cannot be changed after the node pool has been created.placement_policy
STRUCT
placementPolicy
policy_name
STRING
policyName
tpu_topology
STRING
tpuTopology
type
STRING
type
TYPE_UNSPECIFIED
- TYPE_UNSPECIFIED specifies no requirements on nodes placement.COMPACT
- COMPACT specifies node placement in the same availability domain to ensure low communication latency.pod_ipv4_cidr_size
INT32
podIpv4CidrSize
queued_provisioning
STRUCT
queuedProvisioning
enabled
BOOLEAN
enabled
self_link
STRING
selfLink
status_message
STRING
statusMessage
update_info
STRUCT
updateInfo
blue_green_info
STRUCT
blueGreenInfo
blue_instance_group_urls
UNORDERED_LIST_STRING
blueInstanceGroupUrls
blue_pool_deletion_start_time
STRING
bluePoolDeletionStartTime
green_instance_group_urls
UNORDERED_LIST_STRING
greenInstanceGroupUrls
green_pool_version
STRING
greenPoolVersion
phase
STRING
phase
PHASE_UNSPECIFIED
- Unspecified phase.UPDATE_STARTED
- blue-green upgrade has been initiated.CREATING_GREEN_POOL
- Start creating green pool nodes.CORDONING_BLUE_POOL
- Start cordoning blue pool nodes.WAITING_TO_DRAIN_BLUE_POOL
- Start waiting after cordoning the blue pool and before draining it.DRAINING_BLUE_POOL
- Start draining blue pool nodes.NODE_POOL_SOAKING
- Start soaking time after draining entire blue pool.DELETING_BLUE_POOL
- Start deleting blue nodes.ROLLBACK_STARTED
- Rollback has been initiated.upgrade_settings
STRUCT
upgradeSettings
blue_green_settings
STRUCT
blueGreenSettings
autoscaled_rollout_policy
Type: STRUCT
Provider name: autoscaledRolloutPolicy
Description: Autoscaled policy for cluster autoscaler enabled blue-green upgrade.
node_pool_soak_duration
Type: STRING
Provider name: nodePoolSoakDuration
Description: Time needed after draining entire blue pool. After this period, blue pool will be cleaned up.
standard_rollout_policy
Type: STRUCT
Provider name: standardRolloutPolicy
Description: Standard policy for the blue-green upgrade.
batch_node_count
INT32
batchNodeCount
batch_percentage
FLOAT
batchPercentage
batch_soak_duration
STRING
batchSoakDuration
max_surge
INT32
maxSurge
max_unavailable
INT32
maxUnavailable
strategy
STRING
strategy
NODE_POOL_UPDATE_STRATEGY_UNSPECIFIED
- Default value if unset. GKE internally defaults the update strategy to SURGE for unspecified strategies.BLUE_GREEN
- blue-green upgrade.SURGE
- SURGE is the traditional way of upgrading a node pool. max_surge and max_unavailable determines the level of upgrade parallelism.version
STRING
version
notification_config
Type: STRUCT
Provider name: notificationConfig
Description: Notification configuration of the cluster.
pubsub
STRUCT
pubsub
enabled
BOOLEAN
enabled
filter
STRUCT
filter
event_type
UNORDERED_LIST_STRING
eventType
topic
STRING
topic
projects/{project}/topics/{topic}
.organization_id
Type: STRING
parent
Type: STRING
parent_product_config
Type: STRUCT
Provider name: parentProductConfig
Description: The configuration of the parent product of the cluster. This field is used by Google internal products that are built on top of the GKE cluster and take the ownership of the cluster.
product_name
STRING
productName
pod_security_policy_config
Type: STRUCT
Provider name: podSecurityPolicyConfig
Description: Configuration for the PodSecurityPolicy feature.
enabled
BOOLEAN
enabled
private_cluster
Type: BOOLEAN
Provider name: privateCluster
Description: If this is a private cluster setup. Private clusters are clusters that, by default have no external IP addresses on the nodes and where nodes and the master communicate over private IP addresses. This field is deprecated, use private_cluster_config.enable_private_nodes instead.
private_cluster_config
Type: STRUCT
Provider name: privateClusterConfig
Description: Configuration for private cluster.
enable_private_endpoint
BOOLEAN
enablePrivateEndpoint
enable_private_nodes
BOOLEAN
enablePrivateNodes
master_global_access_config
STRUCT
masterGlobalAccessConfig
enabled
BOOLEAN
enabled
master_ipv4_cidr_block
STRING
masterIpv4CidrBlock
peering_name
STRING
peeringName
private_endpoint
STRING
privateEndpoint
private_endpoint_subnetwork
STRING
privateEndpointSubnetwork
public_endpoint
STRING
publicEndpoint
project_id
Type: STRING
project_number
Type: STRING
protect_config
Type: STRUCT
Provider name: protectConfig
Description: Deprecated: Use SecurityPostureConfig instead. Enable/Disable Protect API features for the cluster.
workload_config
STRUCT
workloadConfig
audit_mode
STRING
auditMode
MODE_UNSPECIFIED
- Default value meaning that no mode has been specified.DISABLED
- This disables Workload Configuration auditing on the cluster, meaning that nothing is surfaced.BASIC
- Applies the default set of policy auditing to a cluster’s workloads.BASELINE
- Surfaces configurations that are not in line with the Pod Security Standard Baseline policy.RESTRICTED
- Surfaces configurations that are not in line with the Pod Security Standard Restricted policy.workload_vulnerability_mode
STRING
workloadVulnerabilityMode
WORKLOAD_VULNERABILITY_MODE_UNSPECIFIED
- Default value not specified.DISABLED
- Disables Workload Vulnerability Scanning feature on the cluster.BASIC
- Applies basic vulnerability scanning settings for cluster workloads.release_channel
Type: STRUCT
Provider name: releaseChannel
Description: Release channel configuration. If left unspecified on cluster creation and a version is specified, the cluster is enrolled in the most mature release channel where the version is available (first checking STABLE, then REGULAR, and finally RAPID). Otherwise, if no release channel configuration and no version is specified, the cluster is enrolled in the REGULAR channel with its default version.
channel
STRING
channel
UNSPECIFIED
- No channel specified.RAPID
- RAPID channel is offered on an early access basis for customers who want to test new releases. WARNING: Versions available in the RAPID Channel may be subject to unresolved issues with no known workaround and are not subject to any SLAs.REGULAR
- Clusters subscribed to REGULAR receive versions that are considered GA quality. REGULAR is intended for production users who want to take advantage of new features.STABLE
- Clusters subscribed to STABLE receive versions that are known to be stable and reliable in production.EXTENDED
- Clusters subscribed to EXTENDED receive extended support and availability for versions which are known to be stable and reliable in production.resource_name
Type: STRING
resource_usage_export_config
Type: STRUCT
Provider name: resourceUsageExportConfig
Description: Configuration for exporting resource usages. Resource usage export is disabled when this config unspecified.
bigquery_destination
STRUCT
bigqueryDestination
dataset_id
STRING
datasetId
consumption_metering_config
STRUCT
consumptionMeteringConfig
enabled
BOOLEAN
enabled
enable_network_egress_metering
BOOLEAN
enableNetworkEgressMetering
satisfies_pzi
Type: BOOLEAN
Provider name: satisfiesPzi
Description: Output only. Reserved for future use.
satisfies_pzs
Type: BOOLEAN
Provider name: satisfiesPzs
Description: Output only. Reserved for future use.
secret_manager_config
Type: STRUCT
Provider name: secretManagerConfig
Description: Secret CSI driver configuration.
enabled
BOOLEAN
enabled
security_posture_config
Type: STRUCT
Provider name: securityPostureConfig
Description: Enable/Disable Security Posture API features for the cluster.
mode
STRING
mode
MODE_UNSPECIFIED
- Default value not specified.DISABLED
- Disables Security Posture features on the cluster.BASIC
- Applies Security Posture features on the cluster.ENTERPRISE
- Applies the Security Posture off cluster Enterprise level features.vulnerability_mode
STRING
vulnerabilityMode
VULNERABILITY_MODE_UNSPECIFIED
- Default value not specified.VULNERABILITY_DISABLED
- Disables vulnerability scanning on the cluster.VULNERABILITY_BASIC
- Applies basic vulnerability scanning on the cluster.VULNERABILITY_ENTERPRISE
- Applies the Security Posture’s vulnerability on cluster Enterprise level features.self_link
Type: STRING
Provider name: selfLink
Description: Output only. Server-defined URL for the resource.
services_ipv4_cidr
Type: STRING
Provider name: servicesIpv4Cidr
Description: Output only. The IP address range of the Kubernetes services in this cluster, in CIDR notation (e.g. 1.2.3.4/29
). Service addresses are typically put in the last /16
from the container CIDR.
shielded_nodes
Type: STRUCT
Provider name: shieldedNodes
Description: Shielded Nodes configuration.
enabled
BOOLEAN
enabled
status_message
Type: STRING
Provider name: statusMessage
Description: Output only. Deprecated. Use conditions instead. Additional information about the current status of this cluster, if available.
subnetwork
Type: STRING
Provider name: subnetwork
Description: The name of the Google Compute Engine subnetwork to which the cluster is connected. On output this shows the subnetwork ID instead of the name.
tags
Type: UNORDERED_LIST_STRING
tpu_config
Type: STRUCT
Provider name: tpuConfig
Description: Configuration for Cloud TPU support;
enabled
BOOLEAN
enabled
ipv4_cidr_block
STRING
ipv4CidrBlock
use_service_networking
BOOLEAN
useServiceNetworking
tpu_ipv4_cidr_block
Type: STRING
Provider name: tpuIpv4CidrBlock
Description: Output only. The IP address range of the Cloud TPUs in this cluster, in CIDR notation (e.g. 1.2.3.4/29
).
vertical_pod_autoscaling
Type: STRUCT
Provider name: verticalPodAutoscaling
Description: Cluster-level Vertical Pod Autoscaling configuration.
enabled
BOOLEAN
enabled
workload_alts_config
Type: STRUCT
Provider name: workloadAltsConfig
Description: Configuration for direct-path (via ALTS) with workload identity.
enable_alts
BOOLEAN
enableAlts
workload_certificates
Type: STRUCT
Provider name: workloadCertificates
Description: Configuration for issuance of mTLS keys and certificates to Kubernetes pods.
enable_certificates
BOOLEAN
enableCertificates
workload_identity_config
Type: STRUCT
Provider name: workloadIdentityConfig
Description: Configuration for the use of Kubernetes Service Accounts in GCP IAM policies.
identity_namespace
STRING
identityNamespace
identity_provider
STRING
identityProvider
workload_pool
STRING
workloadPool
zone
Type: STRING
Provider name: zone
Description: Output only. The name of the Google Compute Engine zone in which the cluster resides. This field is deprecated, use location instead.