이 페이지는 아직 한국어로 제공되지 않으며 번역 작업 중입니다. 번역에 관한 질문이나 의견이 있으시면 언제든지 저희에게 연락해 주십시오.

gcp_kubernetes_engine_cluster

`addons_config`

Type: STRUCT
Provider name: addonsConfig
Description: Configurations for the various addons available to run in the cluster.

cloud_run_config
Type: STRUCT
Provider name: cloudRunConfig
Description: Configuration for the Cloud Run addon. The IstioConfig addon must be enabled in order to enable Cloud Run addon. This option can only be enabled at cluster creation time.
- disabled
  Type: BOOLEAN
  Provider name: disabled
  Description: Whether Cloud Run addon is enabled for this cluster.
- load_balancer_type
  Type: STRING
  Provider name: loadBalancerType
  Description: Which load balancer type is installed for Cloud Run.
  Possible values:
  - LOAD_BALANCER_TYPE_UNSPECIFIED - Load balancer type for Cloud Run is unspecified.
  - LOAD_BALANCER_TYPE_EXTERNAL - Install external load balancer for Cloud Run.
  - LOAD_BALANCER_TYPE_INTERNAL - Install internal load balancer for Cloud Run.
config_connector_config
Type: STRUCT
Provider name: configConnectorConfig
Description: Configuration for the ConfigConnector add-on, a Kubernetes extension to manage hosted GCP services through the Kubernetes API
- enabled
  Type: BOOLEAN
  Provider name: enabled
  Description: Whether Cloud Connector is enabled for this cluster.
dns_cache_config
Type: STRUCT
Provider name: dnsCacheConfig
Description: Configuration for NodeLocalDNS, a dns cache running on cluster nodes
- enabled
  Type: BOOLEAN
  Provider name: enabled
  Description: Whether NodeLocal DNSCache is enabled for this cluster.
gce_persistent_disk_csi_driver_config
Type: STRUCT
Provider name: gcePersistentDiskCsiDriverConfig
Description: Configuration for the Compute Engine Persistent Disk CSI driver.
- enabled
  Type: BOOLEAN
  Provider name: enabled
  Description: Whether the Compute Engine PD CSI driver is enabled for this cluster.
gcp_filestore_csi_driver_config
Type: STRUCT
Provider name: gcpFilestoreCsiDriverConfig
Description: Configuration for the GCP Filestore CSI driver.
- enabled
  Type: BOOLEAN
  Provider name: enabled
  Description: Whether the GCP Filestore CSI driver is enabled for this cluster.
gcs_fuse_csi_driver_config
Type: STRUCT
Provider name: gcsFuseCsiDriverConfig
Description: Configuration for the Cloud Storage Fuse CSI driver.
- enabled
  Type: BOOLEAN
  Provider name: enabled
  Description: Whether the Cloud Storage Fuse CSI driver is enabled for this cluster.
gke_backup_agent_config
Type: STRUCT
Provider name: gkeBackupAgentConfig
Description: Configuration for the Backup for GKE agent addon.
- enabled
  Type: BOOLEAN
  Provider name: enabled
  Description: Whether the Backup for GKE agent is enabled for this cluster.
horizontal_pod_autoscaling
Type: STRUCT
Provider name: horizontalPodAutoscaling
Description: Configuration for the horizontal pod autoscaling feature, which increases or decreases the number of replica pods a replication controller has based on the resource usage of the existing pods.
- disabled
  Type: BOOLEAN
  Provider name: disabled
  Description: Whether the Horizontal Pod Autoscaling feature is enabled in the cluster. When enabled, it ensures that metrics are collected into Stackdriver Monitoring.
http_load_balancing
Type: STRUCT
Provider name: httpLoadBalancing
Description: Configuration for the HTTP (L7) load balancing controller addon, which makes it easy to set up HTTP load balancers for services in a cluster.
- disabled
  Type: BOOLEAN
  Provider name: disabled
  Description: Whether the HTTP Load Balancing controller is enabled in the cluster. When enabled, it runs a small pod in the cluster that manages the load balancers.
istio_config
Type: STRUCT
Provider name: istioConfig
Description: Configuration for Istio, an open platform to connect, manage, and secure microservices.
- auth
  Type: STRING
  Provider name: auth
  Description: The specified Istio auth mode, either none, or mutual TLS.
  Possible values:
  - AUTH_NONE - auth not enabled
  - AUTH_MUTUAL_TLS - auth mutual TLS enabled
- disabled
  Type: BOOLEAN
  Provider name: disabled
  Description: Whether Istio is enabled for this cluster.
kalm_config
Type: STRUCT
Provider name: kalmConfig
Description: Configuration for the KALM addon, which manages the lifecycle of k8s applications.
- enabled
  Type: BOOLEAN
  Provider name: enabled
  Description: Whether KALM is enabled for this cluster.
kubernetes_dashboard
Type: STRUCT
Provider name: kubernetesDashboard
Description: Configuration for the Kubernetes Dashboard. This addon is deprecated, and will be disabled in 1.15. It is recommended to use the Cloud Console to manage and monitor your Kubernetes clusters, workloads and applications. For more information, see: https://cloud.google.com/kubernetes-engine/docs/concepts/dashboards
- disabled
  Type: BOOLEAN
  Provider name: disabled
  Description: Whether the Kubernetes Dashboard is enabled for this cluster.
network_policy_config
Type: STRUCT
Provider name: networkPolicyConfig
Description: Configuration for NetworkPolicy. This only tracks whether the addon is enabled or not on the Master, it does not track whether network policy is enabled for the nodes.
- disabled
  Type: BOOLEAN
  Provider name: disabled
  Description: Whether NetworkPolicy is enabled for this cluster.
ray_operator_config
Type: STRUCT
Provider name: rayOperatorConfig
Description: Optional. Configuration for Ray Operator addon.
- enabled
  Type: BOOLEAN
  Provider name: enabled
  Description: Whether the Ray addon is enabled for this cluster.
- ray_cluster_logging_config
  Type: STRUCT
  Provider name: rayClusterLoggingConfig
  Description: Optional. Logging configuration for Ray clusters.
  - enabled
    Type: BOOLEAN
    Provider name: enabled
    Description: Enable log collection for Ray clusters.
- ray_cluster_monitoring_config
  Type: STRUCT
  Provider name: rayClusterMonitoringConfig
  Description: Optional. Monitoring configuration for Ray clusters.
  - enabled
    Type: BOOLEAN
    Provider name: enabled
    Description: Enable metrics collection for Ray clusters.
stateful_ha_config
Type: STRUCT
Provider name: statefulHaConfig
Description: Optional. Configuration for the StatefulHA add-on.
- enabled
  Type: BOOLEAN
  Provider name: enabled
  Description: Whether the Stateful HA add-on is enabled for this cluster.

`ancestors`

Type: UNORDERED_LIST_STRING

`authenticator_groups_config`

Type: STRUCT
Provider name: authenticatorGroupsConfig
Description: Configuration controlling RBAC group membership information.

enabled
Type: BOOLEAN
Provider name: enabled
Description: Whether this cluster should return group membership lookups during authentication using a group of security groups.
security_group
Type: STRING
Provider name: securityGroup
Description: The name of the security group-of-groups to be used. Only relevant if enabled = true.

`autopilot`

Type: STRUCT
Provider name: autopilot
Description: Autopilot configuration for the cluster.

conversion_status
Type: STRUCT
Provider name: conversionStatus
Description: Output only. ConversionStatus shows conversion status.
- state
  Type: STRING
  Provider name: state
  Description: Output only. The current state of the conversion.
  Possible values:
  - STATE_UNSPECIFIED - STATE_UNSPECIFIED indicates the state is unspecified.
  - DONE - DONE indicates the conversion has been completed. Old node pools will continue being deleted in the background.
enabled
Type: BOOLEAN
Provider name: enabled
Description: Enable Autopilot
workload_policy_config
Type: STRUCT
Provider name: workloadPolicyConfig
Description: Workload policy configuration for Autopilot.
- allow_net_admin
  Type: BOOLEAN
  Provider name: allowNetAdmin
  Description: If true, workloads can use NET_ADMIN capability.

`autoscaling`

Type: STRUCT
Provider name: autoscaling
Description: Cluster-level autoscaling configuration.

autoprovisioning_locations
Type: UNORDERED_LIST_STRING
Provider name: autoprovisioningLocations
Description: The list of Google Compute Engine zones in which the NodePool’s nodes can be created by NAP.
autoprovisioning_node_pool_defaults
Type: STRUCT
Provider name: autoprovisioningNodePoolDefaults
Description: AutoprovisioningNodePoolDefaults contains defaults for a node pool created by NAP.
- boot_disk_kms_key
  Type: STRING
  Provider name: bootDiskKmsKey
  Description: The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool. This should be of the form projects/[KEY_PROJECT_ID]/locations/[LOCATION]/keyRings/[RING_NAME]/cryptoKeys/[KEY_NAME]. For more information about protecting resources with Cloud KMS Keys please see: https://cloud.google.com/compute/docs/disks/customer-managed-encryption
- disk_size_gb
  Type: INT32
  Provider name: diskSizeGb
  Description: Size of the disk attached to each node, specified in GB. The smallest allowed disk size is 10GB. If unspecified, the default disk size is 100GB.
- disk_type
  Type: STRING
  Provider name: diskType
  Description: Type of the disk attached to each node (e.g. ‘pd-standard’, ‘pd-ssd’ or ‘pd-balanced’) If unspecified, the default disk type is ‘pd-standard’
- image_type
  Type: STRING
  Provider name: imageType
  Description: The image type to use for NAP created node. Please see https://cloud.google.com/kubernetes-engine/docs/concepts/node-images for available image types.
- insecure_kubelet_readonly_port_enabled
  Type: BOOLEAN
  Provider name: insecureKubeletReadonlyPortEnabled
  Description: Enable or disable Kubelet read only port.
- management
  Type: STRUCT
  Provider name: management
  Description: NodeManagement configuration for this NodePool.
  - auto_repair
    Type: BOOLEAN
    Provider name: autoRepair
    Description: Whether the nodes will be automatically repaired.
  - auto_upgrade
    Type: BOOLEAN
    Provider name: autoUpgrade
    Description: Whether the nodes will be automatically upgraded.
  - upgrade_options
    Type: STRUCT
    Provider name: upgradeOptions
    Description: Specifies the Auto Upgrade knobs for the node pool.
    - auto_upgrade_start_time
      Type: STRING
      Provider name: autoUpgradeStartTime
      Description: Output only. This field is set when upgrades are about to commence with the approximate start time for the upgrades, in RFC3339 text format.
    - description
      Type: STRING
      Provider name: description
      Description: Output only. This field is set when upgrades are about to commence with the description of the upgrade.
- min_cpu_platform
  Type: STRING
  Provider name: minCpuPlatform
  Description: Deprecated. Minimum CPU platform to be used for NAP created node pools. The instance may be scheduled on the specified or newer CPU platform. Applicable values are the friendly names of CPU platforms, such as minCpuPlatform: Intel Haswell or minCpuPlatform: Intel Sandy Bridge. For more information, read how to specify min CPU platform. This field is deprecated, min_cpu_platform should be specified using cloud.google.com/requested-min-cpu-platform label selector on the pod. To unset the min cpu platform field pass “automatic” as field value.
- oauth_scopes
  Type: UNORDERED_LIST_STRING
  Provider name: oauthScopes
  Description: The set of Google API scopes to be made available on all of the node VMs under the “default” service account. The following scopes are recommended, but not required, and by default are not included: * https://www.googleapis.com/auth/compute is required for mounting persistent storage on your nodes. * https://www.googleapis.com/auth/devstorage.read_only is required for communicating with gcr.io (the Google Container Registry). If unspecified, no scopes are added, unless Cloud Logging or Cloud Monitoring are enabled, in which case their required scopes will be added.
- service_account
  Type: STRING
  Provider name: serviceAccount
  Description: The Google Cloud Platform Service Account to be used by the node VMs. Specify the email address of the Service Account; otherwise, if no Service Account is specified, the “default” service account is used.
- shielded_instance_config
  Type: STRUCT
  Provider name: shieldedInstanceConfig
  Description: Shielded Instance options.
  - enable_integrity_monitoring
    Type: BOOLEAN
    Provider name: enableIntegrityMonitoring
    Description: Defines whether the instance has integrity monitoring enabled. Enables monitoring and attestation of the boot integrity of the instance. The attestation is performed against the integrity policy baseline. This baseline is initially derived from the implicitly trusted boot image when the instance is created.
  - enable_secure_boot
    Type: BOOLEAN
    Provider name: enableSecureBoot
    Description: Defines whether the instance has Secure Boot enabled. Secure Boot helps ensure that the system only runs authentic software by verifying the digital signature of all boot components, and halting the boot process if signature verification fails.
- upgrade_settings
  Type: STRUCT
  Provider name: upgradeSettings
  Description: Upgrade settings control disruption and speed of the upgrade.
  - blue_green_settings
    Type: STRUCT
    Provider name: blueGreenSettings
    Description: Settings for blue-green upgrade strategy.
    - autoscaled_rollout_policy
      Type: STRUCT
      Provider name: autoscaledRolloutPolicy
      Description: Autoscaled policy for cluster autoscaler enabled blue-green upgrade.
    - node_pool_soak_duration
      Type: STRING
      Provider name: nodePoolSoakDuration
      Description: Time needed after draining entire blue pool. After this period, blue pool will be cleaned up.
    - standard_rollout_policy
      Type: STRUCT
      Provider name: standardRolloutPolicy
      Description: Standard policy for the blue-green upgrade.
      - batch_node_count
        Type: INT32
        Provider name: batchNodeCount
        Description: Number of blue nodes to drain in a batch.
      - batch_percentage
        Type: FLOAT
        Provider name: batchPercentage
        Description: Percentage of the blue pool nodes to drain in a batch. The range of this field should be (0.0, 1.0].
      - batch_soak_duration
        Type: STRING
        Provider name: batchSoakDuration
        Description: Soak time after each batch gets drained. Default to zero.
  - max_surge
    Type: INT32
    Provider name: maxSurge
    Description: The maximum number of nodes that can be created beyond the current size of the node pool during the upgrade process.
  - max_unavailable
    Type: INT32
    Provider name: maxUnavailable
    Description: The maximum number of nodes that can be simultaneously unavailable during the upgrade process. A node is considered available if its status is Ready.
  - strategy
    Type: STRING
    Provider name: strategy
    Description: Update strategy of the node pool.
    Possible values:
    - NODE_POOL_UPDATE_STRATEGY_UNSPECIFIED - Default value if unset. GKE internally defaults the update strategy to SURGE for unspecified strategies.
    - BLUE_GREEN - blue-green upgrade.
    - SURGE - SURGE is the traditional way of upgrading a node pool. max_surge and max_unavailable determines the level of upgrade parallelism.
autoscaling_profile
Type: STRING
Provider name: autoscalingProfile
Description: Defines autoscaling behaviour.
Possible values:
- PROFILE_UNSPECIFIED - No change to autoscaling configuration.
- OPTIMIZE_UTILIZATION - Prioritize optimizing utilization of resources.
- BALANCED - Use default (balanced) autoscaling configuration.
enable_node_autoprovisioning
Type: BOOLEAN
Provider name: enableNodeAutoprovisioning
Description: Enables automatic node pool creation and deletion.
resource_limits
Type: UNORDERED_LIST_STRUCT
Provider name: resourceLimits
Description: Contains global constraints regarding minimum and maximum amount of resources in the cluster.
- maximum
  Type: INT64
  Provider name: maximum
  Description: Maximum amount of the resource in the cluster.
- minimum
  Type: INT64
  Provider name: minimum
  Description: Minimum amount of the resource in the cluster.
- resource_type
  Type: STRING
  Provider name: resourceType
  Description: Resource name “cpu”, “memory” or gpu-specific string.

`binary_authorization`

Type: STRUCT
Provider name: binaryAuthorization
Description: Configuration for Binary Authorization.

enabled
Type: BOOLEAN
Provider name: enabled
Description: This field is deprecated. Leave this unset and instead configure BinaryAuthorization using evaluation_mode. If evaluation_mode is set to anything other than EVALUATION_MODE_UNSPECIFIED, this field is ignored.
evaluation_mode
Type: STRING
Provider name: evaluationMode
Description: Mode of operation for binauthz policy evaluation. If unspecified, defaults to DISABLED.
Possible values:
- EVALUATION_MODE_UNSPECIFIED - Default value
- DISABLED - Disable BinaryAuthorization
- PROJECT_SINGLETON_POLICY_ENFORCE - Enforce Kubernetes admission requests with BinaryAuthorization using the project’s singleton policy. This is equivalent to setting the enabled boolean to true.
- POLICY_BINDINGS - Use Binary Authorization Continuous Validation with the policies specified in policy_bindings.
- POLICY_BINDINGS_AND_PROJECT_SINGLETON_POLICY_ENFORCE - Use Binary Authorization Continuous Validation with the policies specified in policy_bindings and enforce Kubernetes admission requests with Binary Authorization using the project’s singleton policy.
policy_bindings
Type: UNORDERED_LIST_STRUCT
Provider name: policyBindings
Description: Optional. Binauthz policies that apply to this cluster.
- name
  Type: STRING
  Provider name: name
  Description: The relative resource name of the binauthz platform policy to evaluate. GKE platform policies have the following format: projects/{project_number}/platforms/gke/policies/{policy_id}.

`cluster_ipv4_cidr`

Type: STRING
Provider name: clusterIpv4Cidr
Description: The IP address range of the container pods in this cluster, in CIDR notation (e.g. 10.96.0.0/14). Leave blank to have one automatically chosen or specify a /14 block in 10.0.0.0/8.

`cluster_telemetry`

Type: STRUCT
Provider name: clusterTelemetry
Description: Telemetry integration for the cluster.

type
Type: STRING
Provider name: type
Description: Type of the integration.
Possible values:
- UNSPECIFIED - Not set.
- DISABLED - Monitoring integration is disabled.
- ENABLED - Monitoring integration is enabled.
- SYSTEM_ONLY - Only system components are monitored and logged.

`compliance_posture_config`

Type: STRUCT
Provider name: compliancePostureConfig
Description: Enable/Disable Compliance Posture features for the cluster.

compliance_standards
Type: UNORDERED_LIST_STRUCT
Provider name: complianceStandards
Description: List of enabled compliance standards.
- standard
  Type: STRING
  Provider name: standard
  Description: Name of the compliance standard.
mode
Type: STRING
Provider name: mode
Description: Defines the enablement mode for Compliance Posture.
Possible values:
- MODE_UNSPECIFIED - Default value not specified.
- DISABLED - Disables Compliance Posture features on the cluster.
- ENABLED - Enables Compliance Posture features on the cluster.

`conditions`

Type: UNORDERED_LIST_STRUCT
Provider name: conditions
Description: Which conditions caused the current cluster state.

canonical_code
Type: STRING
Provider name: canonicalCode
Description: Canonical code of the condition.
Possible values:
- OK - Not an error; returned on success. HTTP Mapping: 200 OK
- CANCELLED - The operation was cancelled, typically by the caller. HTTP Mapping: 499 Client Closed Request
- UNKNOWN - Unknown error. For example, this error may be returned when a Status value received from another address space belongs to an error space that is not known in this address space. Also errors raised by APIs that do not return enough error information may be converted to this error. HTTP Mapping: 500 Internal Server Error
- INVALID_ARGUMENT - The client specified an invalid argument. Note that this differs from FAILED_PRECONDITION. INVALID_ARGUMENT indicates arguments that are problematic regardless of the state of the system (e.g., a malformed file name). HTTP Mapping: 400 Bad Request
- DEADLINE_EXCEEDED - The deadline expired before the operation could complete. For operations that change the state of the system, this error may be returned even if the operation has completed successfully. For example, a successful response from a server could have been delayed long enough for the deadline to expire. HTTP Mapping: 504 Gateway Timeout
- NOT_FOUND - Some requested entity (e.g., file or directory) was not found. Note to server developers: if a request is denied for an entire class of users, such as gradual feature rollout or undocumented allowlist, NOT_FOUND may be used. If a request is denied for some users within a class of users, such as user-based access control, PERMISSION_DENIED must be used. HTTP Mapping: 404 Not Found
- ALREADY_EXISTS - The entity that a client attempted to create (e.g., file or directory) already exists. HTTP Mapping: 409 Conflict
- PERMISSION_DENIED - The caller does not have permission to execute the specified operation. PERMISSION_DENIED must not be used for rejections caused by exhausting some resource (use RESOURCE_EXHAUSTED instead for those errors). PERMISSION_DENIED must not be used if the caller can not be identified (use UNAUTHENTICATED instead for those errors). This error code does not imply the request is valid or the requested entity exists or satisfies other pre-conditions. HTTP Mapping: 403 Forbidden
- UNAUTHENTICATED - The request does not have valid authentication credentials for the operation. HTTP Mapping: 401 Unauthorized
- RESOURCE_EXHAUSTED - Some resource has been exhausted, perhaps a per-user quota, or perhaps the entire file system is out of space. HTTP Mapping: 429 Too Many Requests
- FAILED_PRECONDITION - The operation was rejected because the system is not in a state required for the operation's execution. For example, the directory to be deleted is non-empty, an rmdir operation is applied to a non-directory, etc. Service implementors can use the following guidelines to decide between FAILED_PRECONDITION, ABORTED, and UNAVAILABLE: (a) Use UNAVAILABLE if the client can retry just the failing call. (b) Use ABORTED if the client should retry at a higher level. For example, when a client-specified test-and-set fails, indicating the client should restart a read-modify-write sequence. (c) Use FAILED_PRECONDITION if the client should not retry until the system state has been explicitly fixed. For example, if an ‘rmdir’ fails because the directory is non-empty, FAILED_PRECONDITION should be returned since the client should not retry unless the files are deleted from the directory. HTTP Mapping: 400 Bad Request
- ABORTED - The operation was aborted, typically due to a concurrency issue such as a sequencer check failure or transaction abort. See the guidelines above for deciding between FAILED_PRECONDITION, ABORTED, and UNAVAILABLE. HTTP Mapping: 409 Conflict
- OUT_OF_RANGE - The operation was attempted past the valid range. E.g., seeking or reading past end-of-file. Unlike INVALID_ARGUMENT, this error indicates a problem that may be fixed if the system state changes. For example, a 32-bit file system will generate INVALID_ARGUMENT if asked to read at an offset that is not in the range [0,2^32-1], but it will generate OUT_OF_RANGE if asked to read from an offset past the current file size. There is a fair bit of overlap between FAILED_PRECONDITION and OUT_OF_RANGE. We recommend using OUT_OF_RANGE (the more specific error) when it applies so that callers who are iterating through a space can easily look for an OUT_OF_RANGE error to detect when they are done. HTTP Mapping: 400 Bad Request
- UNIMPLEMENTED - The operation is not implemented or is not supported/enabled in this service. HTTP Mapping: 501 Not Implemented
- INTERNAL - Internal errors. This means that some invariants expected by the underlying system have been broken. This error code is reserved for serious errors. HTTP Mapping: 500 Internal Server Error
- UNAVAILABLE - The service is currently unavailable. This is most likely a transient condition, which can be corrected by retrying with a backoff. Note that it is not always safe to retry non-idempotent operations. See the guidelines above for deciding between FAILED_PRECONDITION, ABORTED, and UNAVAILABLE. HTTP Mapping: 503 Service Unavailable
- DATA_LOSS - Unrecoverable data loss or corruption. HTTP Mapping: 500 Internal Server Error
code
Type: STRING
Provider name: code
Description: Machine-friendly representation of the condition Deprecated. Use canonical_code instead.
Possible values:
- UNKNOWN - UNKNOWN indicates a generic condition.
- GCE_STOCKOUT - GCE_STOCKOUT indicates that Google Compute Engine resources are temporarily unavailable.
- GKE_SERVICE_ACCOUNT_DELETED - GKE_SERVICE_ACCOUNT_DELETED indicates that the user deleted their robot service account.
- GCE_QUOTA_EXCEEDED - Google Compute Engine quota was exceeded.
- SET_BY_OPERATOR - Cluster state was manually changed by an SRE due to a system logic error.
- CLOUD_KMS_KEY_ERROR - Unable to perform an encrypt operation against the CloudKMS key used for etcd level encryption.
- CA_EXPIRING - Cluster CA is expiring soon. More codes TBA
message
Type: STRING
Provider name: message
Description: Human-friendly representation of the condition

`confidential_nodes`

Type: STRUCT
Provider name: confidentialNodes
Description: Configuration of Confidential Nodes. All the nodes in the cluster will be Confidential VM once enabled.

enabled
Type: BOOLEAN
Provider name: enabled
Description: Whether Confidential Nodes feature is enabled.

`cost_management_config`

Type: STRUCT
Provider name: costManagementConfig
Description: Configuration for the fine-grained cost management feature.

enabled
Type: BOOLEAN
Provider name: enabled
Description: Whether the feature is enabled or not.

`create_time`

Type: STRING
Provider name: createTime
Description: Output only. The time the cluster was created, in RFC3339 text format.

`current_master_version`

Type: STRING
Provider name: currentMasterVersion
Description: Output only. The current software version of the master endpoint.

`current_node_count`

Type: INT32
Provider name: currentNodeCount
Description: Output only. The number of nodes currently in the cluster. Deprecated. Call Kubernetes API directly to retrieve node information.

`current_node_version`

Type: STRING
Provider name: currentNodeVersion
Description: Output only. Deprecated, use NodePool.version instead. The current version of the node software components. If they are currently at multiple versions because they’re in the process of being upgraded, this reflects the minimum version of all nodes.

`database_encryption`

Type: STRUCT
Provider name: databaseEncryption
Description: Configuration of etcd encryption.

current_state
Type: STRING
Provider name: currentState
Description: Output only. The current state of etcd encryption.
Possible values:
- CURRENT_STATE_UNSPECIFIED - Should never be set
- CURRENT_STATE_ENCRYPTED - Secrets in etcd are encrypted.
- CURRENT_STATE_DECRYPTED - Secrets in etcd are stored in plain text (at etcd level) - this is unrelated to Compute Engine level full disk encryption.
- CURRENT_STATE_ENCRYPTION_PENDING - Encryption (or re-encryption with a different CloudKMS key) of Secrets is in progress.
- CURRENT_STATE_ENCRYPTION_ERROR - Encryption (or re-encryption with a different CloudKMS key) of Secrets in etcd encountered an error.
- CURRENT_STATE_DECRYPTION_PENDING - De-crypting Secrets to plain text in etcd is in progress.
- CURRENT_STATE_DECRYPTION_ERROR - De-crypting Secrets to plain text in etcd encountered an error.
decryption_keys
Type: UNORDERED_LIST_STRING
Provider name: decryptionKeys
Description: Output only. Keys in use by the cluster for decrypting existing objects, in addition to the key in key_name. Each item is a CloudKMS key resource.
key_name
Type: STRING
Provider name: keyName
Description: Name of CloudKMS key to use for the encryption of secrets in etcd. Ex. projects/my-project/locations/global/keyRings/my-ring/cryptoKeys/my-key
last_operation_errors
Type: UNORDERED_LIST_STRUCT
Provider name: lastOperationErrors
Description: Output only. Records errors seen during DatabaseEncryption update operations.
- error_message
  Type: STRING
  Provider name: errorMessage
  Description: Description of the error seen during the operation.
- key_name
  Type: STRING
  Provider name: keyName
  Description: CloudKMS key resource that had the error.
- timestamp
  Type: TIMESTAMP
  Provider name: timestamp
  Description: Time when the CloudKMS error was seen.
state
Type: STRING
Provider name: state
Description: The desired state of etcd encryption.
Possible values:
- UNKNOWN - Should never be set
- ENCRYPTED - Secrets in etcd are encrypted.
- DECRYPTED - Secrets in etcd are stored in plain text (at etcd level) - this is unrelated to Compute Engine level full disk encryption.

`default_max_pods_constraint`

Type: STRUCT
Provider name: defaultMaxPodsConstraint
Description: The default constraint on the maximum number of pods that can be run simultaneously on a node in the node pool of this cluster. Only honored if cluster created with IP Alias support.

max_pods_per_node
Type: INT64
Provider name: maxPodsPerNode
Description: Constraint enforced on the max num of pods per node.

`description`

Type: STRING
Provider name: description
Description: An optional description of this cluster.

`enable_k8s_beta_apis`

Type: STRUCT
Provider name: enableK8sBetaApis
Description: Kubernetes open source beta apis enabled on the cluster. Only beta apis.

enabled_apis
Type: UNORDERED_LIST_STRING
Provider name: enabledApis
Description: api name, e.g. storage.k8s.io/v1beta1/csistoragecapacities.

`enable_kubernetes_alpha`

Type: BOOLEAN
Provider name: enableKubernetesAlpha
Description: Kubernetes alpha features are enabled on this cluster. This includes alpha API groups (e.g. v1beta1) and features that may not be production ready in the kubernetes version of the master and nodes. The cluster has no SLA for uptime and master/node upgrades are disabled. Alpha enabled clusters are automatically deleted thirty days after creation.

`enable_tpu`

Type: BOOLEAN
Provider name: enableTpu
Description: Enable the ability to use Cloud TPUs in this cluster. This field is deprecated, use tpu_config.enabled instead.

`endpoint`

Type: STRING
Provider name: endpoint
Description: Output only. The IP address of this cluster’s master endpoint. The endpoint can be accessed from the internet at https://username:password@endpoint/. See the masterAuth property of this resource for username and password information.

`enterprise_config`

Type: STRUCT
Provider name: enterpriseConfig
Description: GKE Enterprise Configuration.

cluster_tier
Type: STRING
Provider name: clusterTier
Description: Output only. cluster_tier specifies the premium tier of the cluster.
Possible values:
- CLUSTER_TIER_UNSPECIFIED - CLUSTER_TIER_UNSPECIFIED is when cluster_tier is not set.
- STANDARD - STANDARD indicates a standard GKE cluster.
- ENTERPRISE - ENTERPRISE indicates a GKE Enterprise cluster.

`etag`

Type: STRING
Provider name: etag
Description: This checksum is computed by the server based on the value of cluster fields, and may be sent on update requests to ensure the client has an up-to-date value before proceeding.

`expire_time`

Type: STRING
Provider name: expireTime
Description: Output only. The time the cluster will be automatically deleted in RFC3339 text format.

`fleet`

Type: STRUCT
Provider name: fleet
Description: Fleet information for the cluster.

membership
Type: STRING
Provider name: membership
Description: Output only. The full resource name of the registered fleet membership of the cluster, in the format //gkehub.googleapis.com/projects/*/locations/*/memberships/*.
pre_registered
Type: BOOLEAN
Provider name: preRegistered
Description: Output only. Whether the cluster has been registered through the fleet API.
project
Type: STRING
Provider name: project
Description: The Fleet host project(project ID or project number) where this cluster will be registered to. This field cannot be changed after the cluster has been registered.

`gcp_status`

Type: STRING
Provider name: status
Description: Output only. The current status of this cluster.
Possible values:

STATUS_UNSPECIFIED - Not set.
PROVISIONING - The PROVISIONING state indicates the cluster is being created.
RUNNING - The RUNNING state indicates the cluster has been created and is fully usable.
RECONCILING - The RECONCILING state indicates that some work is actively being done on the cluster, such as upgrading the master or node software. Details can be found in the statusMessage field.
STOPPING - The STOPPING state indicates the cluster is being deleted.
ERROR - The ERROR state indicates the cluster may be unusable. Details can be found in the statusMessage field.
DEGRADED - The DEGRADED state indicates the cluster requires user action to restore full functionality. Details can be found in the statusMessage field.

`id`

Type: STRING
Provider name: id
Description: Output only. Unique id for the cluster.

`identity_service_config`

Type: STRUCT
Provider name: identityServiceConfig
Description: Configuration for Identity Service component.

enabled
Type: BOOLEAN
Provider name: enabled
Description: Whether to enable the Identity Service component

`initial_cluster_version`

Type: STRING
Provider name: initialClusterVersion
Description: The initial Kubernetes version for this cluster. Valid versions are those found in validMasterVersions returned by getServerConfig. The version can be upgraded over time; such upgrades are reflected in currentMasterVersion and currentNodeVersion. Users may specify either explicit versions offered by Kubernetes Engine or version aliases, which have the following behavior: - “latest”: picks the highest valid Kubernetes version - “1.X”: picks the highest valid patch+gke.N patch in the 1.X version - “1.X.Y”: picks the highest valid gke.N patch in the 1.X.Y version - “1.X.Y-gke.N”: picks an explicit Kubernetes version - “”,"-": picks the default Kubernetes version

`initial_node_count`

Type: INT32
Provider name: initialNodeCount
Description: The number of nodes to create in this cluster. You must ensure that your Compute Engine resource quota is sufficient for this number of instances. You must also have available firewall and routes quota. For requests, this field should only be used in lieu of a “node_pool” object, since this configuration (along with the “node_config”) will be used to create a “NodePool” object with an auto-generated name. Do not use this and a node_pool at the same time. This field is deprecated, use node_pool.initial_node_count instead.

`instance_group_urls`

Type: UNORDERED_LIST_STRING
Provider name: instanceGroupUrls
Description: Output only. Deprecated. Use node_pools.instance_group_urls.

`ip_allocation_policy`

Type: STRUCT
Provider name: ipAllocationPolicy
Description: Configuration for cluster IP allocation.

additional_pod_ranges_config
Type: STRUCT
Provider name: additionalPodRangesConfig
Description: Output only. The additional pod ranges that are added to the cluster. These pod ranges can be used by new node pools to allocate pod IPs automatically. Once the range is removed it will not show up in IPAllocationPolicy.
- pod_range_info
  Type: UNORDERED_LIST_STRUCT
  Provider name: podRangeInfo
  Description: Output only. Information for additional pod range.
  - range_name
    Type: STRING
    Provider name: rangeName
    Description: Output only. Name of a range.
  - utilization
    Type: DOUBLE
    Provider name: utilization
    Description: Output only. The utilization of the range.
- pod_range_names
  Type: UNORDERED_LIST_STRING
  Provider name: podRangeNames
  Description: Name for pod secondary ipv4 range which has the actual range defined ahead.
allow_route_overlap
Type: BOOLEAN
Provider name: allowRouteOverlap
Description: If true, allow allocation of cluster CIDR ranges that overlap with certain kinds of network routes. By default we do not allow cluster CIDR ranges to intersect with any user declared routes. With allow_route_overlap == true, we allow overlapping with CIDR ranges that are larger than the cluster CIDR range. If this field is set to true, then cluster and services CIDRs must be fully-specified (e.g. 10.96.0.0/14, but not /14), which means: 1) When use_ip_aliases is true, cluster_ipv4_cidr_block and services_ipv4_cidr_block must be fully-specified. 2) When use_ip_aliases is false, cluster.cluster_ipv4_cidr muse be fully-specified.
cluster_ipv4_cidr
Type: STRING
Provider name: clusterIpv4Cidr
Description: This field is deprecated, use cluster_ipv4_cidr_block.
cluster_ipv4_cidr_block
Type: STRING
Provider name: clusterIpv4CidrBlock
Description: The IP address range for the cluster pod IPs. If this field is set, then cluster.cluster_ipv4_cidr must be left blank. This field is only applicable when use_ip_aliases is true. Set to blank to have a range chosen with the default size. Set to /netmask (e.g. /14) to have a range chosen with a specific netmask. Set to a CIDR notation (e.g. 10.96.0.0/14) from the RFC-1918 private networks (e.g. 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) to pick a specific range to use.
cluster_secondary_range_name
Type: STRING
Provider name: clusterSecondaryRangeName
Description: The name of the secondary range to be used for the cluster CIDR block. The secondary range will be used for pod IP addresses. This must be an existing secondary range associated with the cluster subnetwork. This field is only applicable with use_ip_aliases and create_subnetwork is false.
create_subnetwork
Type: BOOLEAN
Provider name: createSubnetwork
Description: Whether a new subnetwork will be created automatically for the cluster. This field is only applicable when use_ip_aliases is true.
default_pod_ipv4_range_utilization
Type: DOUBLE
Provider name: defaultPodIpv4RangeUtilization
Description: Output only. The utilization of the cluster default IPv4 range for the pod. The ratio is Usage/[Total number of IPs in the secondary range], Usage=numNodesnumZonespodIPsPerNode.
ipv6_access_type
Type: STRING
Provider name: ipv6AccessType
Description: The ipv6 access type (internal or external) when create_subnetwork is true
Possible values:
- IPV6_ACCESS_TYPE_UNSPECIFIED - Default value, will be defaulted as type external.
- INTERNAL - Access type internal (all v6 addresses are internal IPs)
- EXTERNAL - Access type external (all v6 addresses are external IPs)
node_ipv4_cidr
Type: STRING
Provider name: nodeIpv4Cidr
Description: This field is deprecated, use node_ipv4_cidr_block.
node_ipv4_cidr_block
Type: STRING
Provider name: nodeIpv4CidrBlock
Description: The IP address range of the instance IPs in this cluster. This is applicable only if create_subnetwork is true. Set to blank to have a range chosen with the default size. Set to /netmask (e.g. /14) to have a range chosen with a specific netmask. Set to a CIDR notation (e.g. 10.96.0.0/14) from the RFC-1918 private networks (e.g. 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) to pick a specific range to use.
pod_cidr_overprovision_config
Type: STRUCT
Provider name: podCidrOverprovisionConfig
Description: [PRIVATE FIELD] Pod CIDR size overprovisioning config for the cluster. Pod CIDR size per node depends on max_pods_per_node. By default, the value of max_pods_per_node is doubled and then rounded off to next power of 2 to get the size of pod CIDR block per node. Example: max_pods_per_node of 30 would result in 64 IPs (/26). This config can disable the doubling of IPs (we still round off to next power of 2) Example: max_pods_per_node of 30 will result in 32 IPs (/27) when overprovisioning is disabled.
- disable
  Type: BOOLEAN
  Provider name: disable
  Description: Whether Pod CIDR overprovisioning is disabled. Note: Pod CIDR overprovisioning is enabled by default.
services_ipv4_cidr
Type: STRING
Provider name: servicesIpv4Cidr
Description: This field is deprecated, use services_ipv4_cidr_block.
services_ipv4_cidr_block
Type: STRING
Provider name: servicesIpv4CidrBlock
Description: The IP address range of the services IPs in this cluster. If blank, a range will be automatically chosen with the default size. This field is only applicable when use_ip_aliases is true. Set to blank to have a range chosen with the default size. Set to /netmask (e.g. /14) to have a range chosen with a specific netmask. Set to a CIDR notation (e.g. 10.96.0.0/14) from the RFC-1918 private networks (e.g. 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) to pick a specific range to use.
services_ipv6_cidr_block
Type: STRING
Provider name: servicesIpv6CidrBlock
Description: Output only. The services IPv6 CIDR block for the cluster.
services_secondary_range_name
Type: STRING
Provider name: servicesSecondaryRangeName
Description: The name of the secondary range to be used as for the services CIDR block. The secondary range will be used for service ClusterIPs. This must be an existing secondary range associated with the cluster subnetwork. This field is only applicable with use_ip_aliases and create_subnetwork is false.
stack_type
Type: STRING
Provider name: stackType
Description: IP stack type
Possible values:
- STACK_TYPE_UNSPECIFIED - By default, the clusters will be IPV4 only
- IPV4 - The value used if the cluster is a IPV4 only
- IPV4_IPV6 - The value used if the cluster is a dual stack cluster
subnet_ipv6_cidr_block
Type: STRING
Provider name: subnetIpv6CidrBlock
Description: Output only. The subnet’s IPv6 CIDR block used by nodes and pods.
subnetwork_name
Type: STRING
Provider name: subnetworkName
Description: A custom subnetwork name to be used if create_subnetwork is true. If this field is empty, then an automatic name will be chosen for the new subnetwork.
tpu_ipv4_cidr_block
Type: STRING
Provider name: tpuIpv4CidrBlock
Description: The IP address range of the Cloud TPUs in this cluster. If unspecified, a range will be automatically chosen with the default size. This field is only applicable when use_ip_aliases is true. If unspecified, the range will use the default size. Set to /netmask (e.g. /14) to have a range chosen with a specific netmask. Set to a CIDR notation (e.g. 10.96.0.0/14) from the RFC-1918 private networks (e.g. 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) to pick a specific range to use. This field is deprecated, use cluster.tpu_config.ipv4_cidr_block instead.
use_ip_aliases
Type: BOOLEAN
Provider name: useIpAliases
Description: Whether alias IPs will be used for pod IPs in the cluster. This is used in conjunction with use_routes. It cannot be true if use_routes is true. If both use_ip_aliases and use_routes are false, then the server picks the default IP allocation mode
use_routes
Type: BOOLEAN
Provider name: useRoutes
Description: Whether routes will be used for pod IPs in the cluster. This is used in conjunction with use_ip_aliases. It cannot be true if use_ip_aliases is true. If both use_ip_aliases and use_routes are false, then the server picks the default IP allocation mode

`label_fingerprint`

Type: STRING
Provider name: labelFingerprint
Description: The fingerprint of the set of labels for this cluster.

`labels`

Type: UNORDERED_LIST_STRING

`legacy_abac`

Type: STRUCT
Provider name: legacyAbac
Description: Configuration for the legacy ABAC authorization mode.

enabled
Type: BOOLEAN
Provider name: enabled
Description: Whether the ABAC authorizer is enabled for this cluster. When enabled, identities in the system, including service accounts, nodes, and controllers, will have statically granted permissions beyond those provided by the RBAC configuration or IAM.

`location`

Type: STRING
Provider name: location
Description: Output only. The name of the Google Compute Engine zone or region in which the cluster resides.

`locations`

Type: UNORDERED_LIST_STRING
Provider name: locations
Description: The list of Google Compute Engine zones in which the cluster’s nodes should be located. This field provides a default value if NodePool.Locations are not specified during node pool creation. Warning: changing cluster locations will update the NodePool.Locations of all node pools and will result in nodes being added and/or removed.

`logging_config`

Type: STRUCT
Provider name: loggingConfig
Description: Logging configuration for the cluster.

component_config
Type: STRUCT
Provider name: componentConfig
Description: Logging components configuration
- enable_components
  Type: UNORDERED_LIST_STRING
  Provider name: enableComponents
  Description: Select components to collect logs. An empty set would disable all logging.

`logging_service`

Type: STRING
Provider name: loggingService
Description: The logging service the cluster should use to write logs. Currently available options: * logging.googleapis.com/kubernetes - The Cloud Logging service with a Kubernetes-native resource model * logging.googleapis.com - The legacy Cloud Logging service (no longer available as of GKE 1.15). * none - no logs will be exported from the cluster. If left as an empty string,logging.googleapis.com/kubernetes will be used for GKE 1.14+ or logging.googleapis.com for earlier versions.

`maintenance_policy`

Type: STRUCT
Provider name: maintenancePolicy
Description: Configure the maintenance policy for this cluster.

resource_version
Type: STRING
Provider name: resourceVersion
Description: A hash identifying the version of this policy, so that updates to fields of the policy won’t accidentally undo intermediate changes (and so that users of the API unaware of some fields won’t accidentally remove other fields). Make a get() request to the cluster to get the current resource version and include it with requests to set the policy.
window
Type: STRUCT
Provider name: window
Description: Specifies the maintenance window in which maintenance may be performed.
- daily_maintenance_window
  Type: STRUCT
  Provider name: dailyMaintenanceWindow
  Description: DailyMaintenanceWindow specifies a daily maintenance operation window.
  - duration
    Type: STRING
    Provider name: duration
    Description: Output only. Duration of the time window, automatically chosen to be smallest possible in the given scenario.
  - start_time
    Type: STRING
    Provider name: startTime
    Description: Time within the maintenance window to start the maintenance operations. It must be in format “HH:MM”, where HH : [00-23] and MM : [00-59] GMT.
- recurring_window
  Type: STRUCT
  Provider name: recurringWindow
  Description: RecurringWindow specifies some number of recurring time periods for maintenance to occur. The time windows may be overlapping. If no maintenance windows are set, maintenance can occur at any time.
  - recurrence
    Type: STRING
    Provider name: recurrence
    Description: An RRULE (https://tools.ietf.org/html/rfc5545#section-3.8.5.3) for how this window reccurs. They go on for the span of time between the start and end time. For example, to have something repeat every weekday, you’d use: FREQ=WEEKLY;BYDAY=MO,TU,WE,TH,FR To repeat some window daily (equivalent to the DailyMaintenanceWindow): FREQ=DAILY For the first weekend of every month: FREQ=MONTHLY;BYSETPOS=1;BYDAY=SA,SU This specifies how frequently the window starts. Eg, if you wanted to have a 9-5 UTC-4 window every weekday, you’d use something like: start time = 2019-01-01T09:00:00-0400 end time = 2019-01-01T17:00:00-0400 recurrence = FREQ=WEEKLY;BYDAY=MO,TU,WE,TH,FR Windows can span multiple days. Eg, to make the window encompass every weekend from midnight Saturday till the last minute of Sunday UTC: start time = 2019-01-05T00:00:00Z end time = 2019-01-07T23:59:00Z recurrence = FREQ=WEEKLY;BYDAY=SA Note the start and end time’s specific dates are largely arbitrary except to specify duration of the window and when it first starts. The FREQ values of HOURLY, MINUTELY, and SECONDLY are not supported.
  - window
    Type: STRUCT
    Provider name: window
    Description: The window of the first recurrence.
    - end_time
      Type: TIMESTAMP
      Provider name: endTime
      Description: The time that the window ends. The end time should take place after the start time.
    - maintenance_exclusion_options
      Type: STRUCT
      Provider name: maintenanceExclusionOptions
      Description: MaintenanceExclusionOptions provides maintenance exclusion related options.
      - scope
        Type: STRING
        Provider name: scope
        Description: Scope specifies the upgrade scope which upgrades are blocked by the exclusion.
        Possible values:
        NO_UPGRADES - NO_UPGRADES excludes all upgrades, including patch upgrades and minor upgrades across control planes and nodes. This is the default exclusion behavior.
        NO_MINOR_UPGRADES - NO_MINOR_UPGRADES excludes all minor upgrades for the cluster, only patches are allowed.
        NO_MINOR_OR_NODE_UPGRADES - NO_MINOR_OR_NODE_UPGRADES excludes all minor upgrades for the cluster, and also exclude all node pool upgrades. Only control plane patches are allowed.
    - start_time
      Type: TIMESTAMP
      Provider name: startTime
      Description: The time that the window first starts.

`master`

Type: STRUCT
Provider name: master
Description: Configuration for master components.

`master_auth`

Type: STRUCT
Provider name: masterAuth
Description: The authentication information for accessing the master endpoint. If unspecified, the defaults are used: For clusters before v1.12, if master_auth is unspecified, username will be set to “admin”, a random password will be generated, and a client certificate will be issued.

client_certificate
Type: STRING
Provider name: clientCertificate
Description: Output only. Base64-encoded public certificate used by clients to authenticate to the cluster endpoint.
client_certificate_config
Type: STRUCT
Provider name: clientCertificateConfig
Description: Configuration for client certificate authentication on the cluster. For clusters before v1.12, if no configuration is specified, a client certificate is issued.
- issue_client_certificate
  Type: BOOLEAN
  Provider name: issueClientCertificate
  Description: Issue a client certificate.
client_key
Type: STRING
Provider name: clientKey
Description: Output only. Base64-encoded private key used by clients to authenticate to the cluster endpoint.
cluster_ca_certificate
Type: STRING
Provider name: clusterCaCertificate
Description: Output only. Base64-encoded public certificate that is the root of trust for the cluster.
password
Type: STRING
Provider name: password
Description: The password to use for HTTP basic authentication to the master endpoint. Because the master endpoint is open to the Internet, you should create a strong password. If a password is provided for cluster creation, username must be non-empty. Warning: basic authentication is deprecated, and will be removed in GKE control plane versions 1.19 and newer. For a list of recommended authentication methods, see: https://cloud.google.com/kubernetes-engine/docs/how-to/api-server-authentication
username
Type: STRING
Provider name: username
Description: The username to use for HTTP basic authentication to the master endpoint. For clusters v1.6.0 and later, basic authentication can be disabled by leaving username unspecified (or setting it to the empty string). Warning: basic authentication is deprecated, and will be removed in GKE control plane versions 1.19 and newer. For a list of recommended authentication methods, see: https://cloud.google.com/kubernetes-engine/docs/how-to/api-server-authentication

`master_authorized_networks_config`

Type: STRUCT
Provider name: masterAuthorizedNetworksConfig
Description: The configuration options for master authorized networks feature.

cidr_blocks
Type: UNORDERED_LIST_STRUCT
Provider name: cidrBlocks
Description: cidr_blocks define up to 10 external networks that could access Kubernetes master through HTTPS.
- cidr_block
  Type: STRING
  Provider name: cidrBlock
  Description: cidr_block must be specified in CIDR notation.
- gcp_display_name
  Type: STRING
  Provider name: displayName
  Description: display_name is an optional field for users to identify CIDR blocks.
enabled
Type: BOOLEAN
Provider name: enabled
Description: Whether or not master authorized networks is enabled.
gcp_public_cidrs_access_enabled
Type: BOOLEAN
Provider name: gcpPublicCidrsAccessEnabled
Description: Whether master is accessbile via Google Compute Engine Public IP addresses.

`master_ipv4_cidr_block`

Type: STRING
Provider name: masterIpv4CidrBlock
Description: The IP prefix in CIDR notation to use for the hosted master network. This prefix will be used for assigning private IP addresses to the master or set of masters, as well as the ILB VIP. This field is deprecated, use private_cluster_config.master_ipv4_cidr_block instead.

`mesh_certificates`

Type: STRUCT
Provider name: meshCertificates
Description: Configuration for issuance of mTLS keys and certificates to Kubernetes pods.

enable_certificates
Type: BOOLEAN
Provider name: enableCertificates
Description: enable_certificates controls issuance of workload mTLS certificates. If set, the GKE Workload Identity Certificates controller and node agent will be deployed in the cluster, which can then be configured by creating a WorkloadCertificateConfig Custom Resource. Requires Workload Identity (workload_pool must be non-empty).

`monitoring_config`

Type: STRUCT
Provider name: monitoringConfig
Description: Monitoring configuration for the cluster.

advanced_datapath_observability_config
Type: STRUCT
Provider name: advancedDatapathObservabilityConfig
Description: Configuration of Advanced Datapath Observability features.
- enable_metrics
  Type: BOOLEAN
  Provider name: enableMetrics
  Description: Expose flow metrics on nodes
- enable_relay
  Type: BOOLEAN
  Provider name: enableRelay
  Description: Enable Relay component
- relay_mode
  Type: STRING
  Provider name: relayMode
  Description: Method used to make Relay available
  Possible values:
  - RELAY_MODE_UNSPECIFIED - Default value. This shouldn’t be used.
  - DISABLED - disabled
  - INTERNAL_VPC_LB - exposed via internal load balancer
  - EXTERNAL_LB - exposed via external load balancer
component_config
Type: STRUCT
Provider name: componentConfig
Description: Monitoring components configuration
- enable_components
  Type: UNORDERED_LIST_STRING
  Provider name: enableComponents
  Description: Select components to collect metrics. An empty set would disable all monitoring.
managed_prometheus_config
Type: STRUCT
Provider name: managedPrometheusConfig
Description: Enable Google Cloud Managed Service for Prometheus in the cluster.
- enabled
  Type: BOOLEAN
  Provider name: enabled
  Description: Enable Managed Collection.

`monitoring_service`

Type: STRING
Provider name: monitoringService
Description: The monitoring service the cluster should use to write metrics. Currently available options: * “monitoring.googleapis.com/kubernetes” - The Cloud Monitoring service with a Kubernetes-native resource model * monitoring.googleapis.com - The legacy Cloud Monitoring service (no longer available as of GKE 1.15). * none - No metrics will be exported from the cluster. If left as an empty string,monitoring.googleapis.com/kubernetes will be used for GKE 1.14+ or monitoring.googleapis.com for earlier versions.

`name`

Type: STRING
Provider name: name
Description: The name of this cluster. The name must be unique within this project and location (e.g. zone or region), and can be up to 40 characters with the following restrictions: * Lowercase letters, numbers, and hyphens only. * Must start with a letter. * Must end with a number or a letter.

`network`

Type: STRING
Provider name: network
Description: The name of the Google Compute Engine network to which the cluster is connected. If left unspecified, the default network will be used. On output this shows the network ID instead of the name.

`network_config`

Type: STRUCT
Provider name: networkConfig
Description: Configuration for cluster networking.

datapath_provider
Type: STRING
Provider name: datapathProvider
Description: The desired datapath provider for this cluster. By default, uses the IPTables-based kube-proxy implementation.
Possible values:
- DATAPATH_PROVIDER_UNSPECIFIED - Default value.
- LEGACY_DATAPATH - Use the IPTables implementation based on kube-proxy.
- ADVANCED_DATAPATH - Use the eBPF based GKE Dataplane V2 with additional features. See the GKE Dataplane V2 documentation for more.
default_snat_status
Type: STRUCT
Provider name: defaultSnatStatus
Description: Whether the cluster disables default in-node sNAT rules. In-node sNAT rules will be disabled when default_snat_status is disabled. When disabled is set to false, default IP masquerade rules will be applied to the nodes to prevent sNAT on cluster internal traffic.
- disabled
  Type: BOOLEAN
  Provider name: disabled
  Description: Disables cluster default sNAT rules.
dns_config
Type: STRUCT
Provider name: dnsConfig
Description: DNSConfig contains clusterDNS config for this cluster.
- additive_vpc_scope_dns_domain
  Type: STRING
  Provider name: additiveVpcScopeDnsDomain
  Description: Optional. The domain used in Additive VPC scope.
- cluster_dns
  Type: STRING
  Provider name: clusterDns
  Description: cluster_dns indicates which in-cluster DNS provider should be used.
  Possible values:
  - PROVIDER_UNSPECIFIED - Default value
  - PLATFORM_DEFAULT - Use GKE default DNS provider(kube-dns) for DNS resolution.
  - CLOUD_DNS - Use CloudDNS for DNS resolution.
  - KUBE_DNS - Use KubeDNS for DNS resolution.
- cluster_dns_domain
  Type: STRING
  Provider name: clusterDnsDomain
  Description: cluster_dns_domain is the suffix used for all cluster service records.
- cluster_dns_scope
  Type: STRING
  Provider name: clusterDnsScope
  Description: cluster_dns_scope indicates the scope of access to cluster DNS records.
  Possible values:
  - DNS_SCOPE_UNSPECIFIED - Default value, will be inferred as cluster scope.
  - CLUSTER_SCOPE - DNS records are accessible from within the cluster.
  - VPC_SCOPE - DNS records are accessible from within the VPC.
enable_cilium_clusterwide_network_policy
Type: BOOLEAN
Provider name: enableCiliumClusterwideNetworkPolicy
Description: Whether CiliumClusterWideNetworkPolicy is enabled on this cluster.
enable_fqdn_network_policy
Type: BOOLEAN
Provider name: enableFqdnNetworkPolicy
Description: Whether FQDN Network Policy is enabled on this cluster.
enable_intra_node_visibility
Type: BOOLEAN
Provider name: enableIntraNodeVisibility
Description: Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network.
enable_l4ilb_subsetting
Type: BOOLEAN
Provider name: enableL4ilbSubsetting
Description: Whether L4ILB Subsetting is enabled for this cluster.
enable_multi_networking
Type: BOOLEAN
Provider name: enableMultiNetworking
Description: Whether multi-networking is enabled for this cluster.
gateway_api_config
Type: STRUCT
Provider name: gatewayApiConfig
Description: GatewayAPIConfig contains the desired config of Gateway API on this cluster.
- channel
  Type: STRING
  Provider name: channel
  Description: The Gateway API release channel to use for Gateway API.
  Possible values:
  - CHANNEL_UNSPECIFIED - Default value.
  - CHANNEL_DISABLED - Gateway API support is disabled
  - CHANNEL_EXPERIMENTAL - Deprecated: use CHANNEL_STANDARD instead. Gateway API support is enabled, experimental CRDs are installed
  - CHANNEL_STANDARD - Gateway API support is enabled, standard CRDs are installed
in_transit_encryption_config
Type: STRING
Provider name: inTransitEncryptionConfig
Description: Specify the details of in-transit encryption.
Possible values:
- IN_TRANSIT_ENCRYPTION_CONFIG_UNSPECIFIED - Unspecified, will be inferred as default - IN_TRANSIT_ENCRYPTION_UNSPECIFIED.
- IN_TRANSIT_ENCRYPTION_DISABLED - In-transit encryption is disabled.
- IN_TRANSIT_ENCRYPTION_INTER_NODE_TRANSPARENT - Data in-transit is encrypted using inter-node transparent encryption.
network
Type: STRING
Provider name: network
Description: Output only. The relative name of the Google Compute Engine network(https://cloud.google.com/compute/docs/networks-and-firewalls#networks) to which the cluster is connected. Example: projects/my-project/global/networks/my-network
network_performance_config
Type: STRUCT
Provider name: networkPerformanceConfig
Description: Network bandwidth tier configuration.
- total_egress_bandwidth_tier
  Type: STRING
  Provider name: totalEgressBandwidthTier
  Description: Specifies the total network bandwidth tier for the NodePool.
  Possible values:
  - TIER_UNSPECIFIED - Default value
  - TIER_1 - Higher bandwidth, actual values based on VM size.
private_ipv6_google_access
Type: STRING
Provider name: privateIpv6GoogleAccess
Description: The desired state of IPv6 connectivity to Google Services. By default, no private IPv6 access to or from Google Services (all access will be via IPv4)
Possible values:
- PRIVATE_IPV6_GOOGLE_ACCESS_UNSPECIFIED - Default value. Same as DISABLED
- PRIVATE_IPV6_GOOGLE_ACCESS_DISABLED - No private access to or from Google Services
- PRIVATE_IPV6_GOOGLE_ACCESS_TO_GOOGLE - Enables private IPv6 access to Google Services from GKE
- PRIVATE_IPV6_GOOGLE_ACCESS_BIDIRECTIONAL - Enables private IPv6 access to and from Google Services
service_external_ips_config
Type: STRUCT
Provider name: serviceExternalIpsConfig
Description: ServiceExternalIPsConfig specifies if services with externalIPs field are blocked or not.
- enabled
  Type: BOOLEAN
  Provider name: enabled
  Description: Whether Services with ExternalIPs field are allowed or not.
subnetwork
Type: STRING
Provider name: subnetwork
Description: Output only. The relative name of the Google Compute Engine subnetwork to which the cluster is connected. Example: projects/my-project/regions/us-central1/subnetworks/my-subnet

`network_policy`

Type: STRUCT
Provider name: networkPolicy
Description: Configuration options for the NetworkPolicy feature.

enabled
Type: BOOLEAN
Provider name: enabled
Description: Whether network policy is enabled on the cluster.
provider
Type: STRING
Provider name: provider
Description: The selected network policy provider.
Possible values:
- PROVIDER_UNSPECIFIED - Not set
- CALICO - Tigera (Calico Felix).

`node_config`

Type: STRUCT
Provider name: nodeConfig
Description: Parameters used in creating the cluster’s nodes. For requests, this field should only be used in lieu of a “node_pool” object, since this configuration (along with the “initial_node_count”) will be used to create a “NodePool” object with an auto-generated name. Do not use this and a node_pool at the same time. For responses, this field will be populated with the node configuration of the first node pool. (For configuration of each node pool, see node_pool.config) If unspecified, the defaults are used. This field is deprecated, use node_pool.config instead.

accelerators
Type: UNORDERED_LIST_STRUCT
Provider name: accelerators
Description: A list of hardware accelerators to be attached to each node. See https://cloud.google.com/compute/docs/gpus for more information about support for GPUs.
- accelerator_count
  Type: INT64
  Provider name: acceleratorCount
  Description: The number of the accelerator cards exposed to an instance.
- accelerator_type
  Type: STRING
  Provider name: acceleratorType
  Description: The accelerator type resource name. List of supported accelerators here
- gpu_driver_installation_config
  Type: STRUCT
  Provider name: gpuDriverInstallationConfig
  Description: The configuration for auto installation of GPU driver.
  - gpu_driver_version
    Type: STRING
    Provider name: gpuDriverVersion
    Description: Mode for how the GPU driver is installed.
    Possible values:
    - GPU_DRIVER_VERSION_UNSPECIFIED - Default value is to not install any GPU driver.
    - INSTALLATION_DISABLED - Disable GPU driver auto installation and needs manual installation
    - DEFAULT - Default’ GPU driver in COS and Ubuntu.
    - LATEST - Latest’ GPU driver in COS.
- gpu_partition_size
  Type: STRING
  Provider name: gpuPartitionSize
  Description: Size of partitions to create on the GPU. Valid values are described in the NVIDIA mig user guide.
- gpu_sharing_config
  Type: STRUCT
  Provider name: gpuSharingConfig
  Description: The configuration for GPU sharing options.
  - gpu_sharing_strategy
    Type: STRING
    Provider name: gpuSharingStrategy
    Description: The type of GPU sharing strategy to enable on the GPU node.
    Possible values:
    - GPU_SHARING_STRATEGY_UNSPECIFIED - Default value.
    - TIME_SHARING - GPUs are time-shared between containers.
    - MPS - GPUs are shared between containers with NVIDIA MPS.
  - max_shared_clients_per_gpu
    Type: INT64
    Provider name: maxSharedClientsPerGpu
    Description: The max number of containers that can share a physical GPU.
- max_time_shared_clients_per_gpu
  Type: INT64
  Provider name: maxTimeSharedClientsPerGpu
  Description: The number of time-shared GPU resources to expose for each physical GPU.
advanced_machine_features
Type: STRUCT
Provider name: advancedMachineFeatures
Description: Advanced features for the Compute Engine VM.
- enable_nested_virtualization
  Type: BOOLEAN
  Provider name: enableNestedVirtualization
  Description: Whether or not to enable nested virtualization (defaults to false).
- threads_per_core
  Type: INT64
  Provider name: threadsPerCore
  Description: The number of threads per physical core. To disable simultaneous multithreading (SMT) set this to 1. If unset, the maximum number of threads supported per core by the underlying processor is assumed.
boot_disk_kms_key
Type: STRING
Provider name: bootDiskKmsKey
Description: The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool. This should be of the form projects/[KEY_PROJECT_ID]/locations/[LOCATION]/keyRings/[RING_NAME]/cryptoKeys/[KEY_NAME]. For more information about protecting resources with Cloud KMS Keys please see: https://cloud.google.com/compute/docs/disks/customer-managed-encryption
confidential_nodes
Type: STRUCT
Provider name: confidentialNodes
Description: Confidential nodes config. All the nodes in the node pool will be Confidential VM once enabled.
- enabled
  Type: BOOLEAN
  Provider name: enabled
  Description: Whether Confidential Nodes feature is enabled.
containerd_config
Type: STRUCT
Provider name: containerdConfig
Description: Parameters for containerd customization.
- private_registry_access_config
  Type: STRUCT
  Provider name: privateRegistryAccessConfig
  Description: PrivateRegistryAccessConfig is used to configure access configuration for private container registries.
  - certificate_authority_domain_config
    Type: UNORDERED_LIST_STRUCT
    Provider name: certificateAuthorityDomainConfig
    Description: Private registry access configuration.
    - fqdns
      Type: UNORDERED_LIST_STRING
      Provider name: fqdns
      Description: List of fully qualified domain names (FQDN). Specifying port is supported. Wilcards are NOT supported. Examples: - my.customdomain.com - 10.0.1.2:5000
    - gcp_secret_manager_certificate_config
      Type: STRUCT
      Provider name: gcpSecretManagerCertificateConfig
      Description: Google Secret Manager (GCP) certificate configuration.
      - secret_uri
        Type: STRING
        Provider name: secretUri
        Description: Secret URI, in the form “projects/$PROJECT_ID/secrets/$SECRET_NAME/versions/$VERSION”. Version can be fixed (e.g. “2”) or “latest”
  - enabled
    Type: BOOLEAN
    Provider name: enabled
    Description: Private registry access is enabled.
disk_size_gb
Type: INT32
Provider name: diskSizeGb
Description: Size of the disk attached to each node, specified in GB. The smallest allowed disk size is 10GB. If unspecified, the default disk size is 100GB.
disk_type
Type: STRING
Provider name: diskType
Description: Type of the disk attached to each node (e.g. ‘pd-standard’, ‘pd-ssd’ or ‘pd-balanced’) If unspecified, the default disk type is ‘pd-standard’
enable_confidential_storage
Type: BOOLEAN
Provider name: enableConfidentialStorage
Description: Optional. Reserved for future use.
ephemeral_storage_config
Type: STRUCT
Provider name: ephemeralStorageConfig
Description: Parameters for the ephemeral storage filesystem. If unspecified, ephemeral storage is backed by the boot disk.
- local_ssd_count
  Type: INT32
  Provider name: localSsdCount
  Description: Number of local SSDs to use to back ephemeral storage. Uses NVMe interfaces. The limit for this value is dependent upon the maximum number of disk available on a machine per zone. See: https://cloud.google.com/compute/docs/disks/local-ssd for more information. A zero (or unset) value has different meanings depending on machine type being used: 1. For pre-Gen3 machines, which support flexible numbers of local ssds, zero (or unset) means to disable using local SSDs as ephemeral storage. 2. For Gen3 machines which dictate a specific number of local ssds, zero (or unset) means to use the default number of local ssds that goes with that machine type. For example, for a c3-standard-8-lssd machine, 2 local ssds would be provisioned. For c3-standard-8 (which doesn’t support local ssds), 0 will be provisioned. See https://cloud.google.com/compute/docs/disks/local-ssd#choose_number_local_ssds for more info.
ephemeral_storage_local_ssd_config
Type: STRUCT
Provider name: ephemeralStorageLocalSsdConfig
Description: Parameters for the node ephemeral storage using Local SSDs. If unspecified, ephemeral storage is backed by the boot disk. This field is functionally equivalent to the ephemeral_storage_config
- local_ssd_count
  Type: INT32
  Provider name: localSsdCount
  Description: Number of local SSDs to use to back ephemeral storage. Uses NVMe interfaces. A zero (or unset) value has different meanings depending on machine type being used: 1. For pre-Gen3 machines, which support flexible numbers of local ssds, zero (or unset) means to disable using local SSDs as ephemeral storage. The limit for this value is dependent upon the maximum number of disk available on a machine per zone. See: https://cloud.google.com/compute/docs/disks/local-ssd for more information. 2. For Gen3 machines which dictate a specific number of local ssds, zero (or unset) means to use the default number of local ssds that goes with that machine type. For example, for a c3-standard-8-lssd machine, 2 local ssds would be provisioned. For c3-standard-8 (which doesn’t support local ssds), 0 will be provisioned. See https://cloud.google.com/compute/docs/disks/local-ssd#choose_number_local_ssds for more info.
fast_socket
Type: STRUCT
Provider name: fastSocket
Description: Enable or disable NCCL fast socket for the node pool.
- enabled
  Type: BOOLEAN
  Provider name: enabled
  Description: Whether Fast Socket features are enabled in the node pool.
gcfs_config
Type: STRUCT
Provider name: gcfsConfig
Description: GCFS (Google Container File System) configs.
- enabled
  Type: BOOLEAN
  Provider name: enabled
  Description: Whether to use GCFS.
gvnic
Type: STRUCT
Provider name: gvnic
Description: Enable or disable gvnic on the node pool.
- enabled
  Type: BOOLEAN
  Provider name: enabled
  Description: Whether gVNIC features are enabled in the node pool.
host_maintenance_policy
Type: STRUCT
Provider name: hostMaintenancePolicy
Description: HostMaintenancePolicy contains the desired maintenance policy for the Google Compute Engine hosts.
- maintenance_interval
  Type: STRING
  Provider name: maintenanceInterval
  Description: Specifies the frequency of planned maintenance events.
  Possible values:
  - MAINTENANCE_INTERVAL_UNSPECIFIED - The maintenance interval is not explicitly specified.
  - AS_NEEDED - Nodes are eligible to receive infrastructure and hypervisor updates as they become available. This may result in more maintenance operations (live migrations or terminations) for the node than the PERIODIC option.
  - PERIODIC - Nodes receive infrastructure and hypervisor updates on a periodic basis, minimizing the number of maintenance operations (live migrations or terminations) on an individual VM. This may mean underlying VMs will take longer to receive an update than if it was configured for AS_NEEDED. Security updates will still be applied as soon as they are available.
- opportunistic_maintenance_strategy
  Type: STRUCT
  Provider name: opportunisticMaintenanceStrategy
  Description: Strategy that will trigger maintenance on behalf of the customer.
  - maintenance_availability_window
    Type: STRING
    Provider name: maintenanceAvailabilityWindow
    Description: The window of time that opportunistic maintenance can run. Example: A setting of 14 days implies that opportunistic maintenance can only be ran in the 2 weeks leading up to the scheduled maintenance date. Setting 28 days allows opportunistic maintenance to run at any time in the scheduled maintenance window (all PERIODIC maintenance is set 28 days in advance).
  - min_nodes_per_pool
    Type: INT64
    Provider name: minNodesPerPool
    Description: The minimum nodes required to be available in a pool. Blocks maintenance if it would cause the number of running nodes to dip below this value.
  - node_idle_time_window
    Type: STRING
    Provider name: nodeIdleTimeWindow
    Description: The amount of time that a node can remain idle (no customer owned workloads running), before triggering maintenance.
image_type
Type: STRING
Provider name: imageType
Description: The image type to use for this node. Note that for a given image type, the latest version of it will be used. Please see https://cloud.google.com/kubernetes-engine/docs/concepts/node-images for available image types.
kubelet_config
Type: STRUCT
Provider name: kubeletConfig
Description: Node kubelet configs.
- cpu_cfs_quota
  Type: BOOLEAN
  Provider name: cpuCfsQuota
  Description: Enable CPU CFS quota enforcement for containers that specify CPU limits. This option is enabled by default which makes kubelet use CFS quota (https://www.kernel.org/doc/Documentation/scheduler/sched-bwc.txt) to enforce container CPU limits. Otherwise, CPU limits will not be enforced at all. Disable this option to mitigate CPU throttling problems while still having your pods to be in Guaranteed QoS class by specifying the CPU limits. The default value is ’true’ if unspecified.
- cpu_cfs_quota_period
  Type: STRING
  Provider name: cpuCfsQuotaPeriod
  Description: Set the CPU CFS quota period value ‘cpu.cfs_period_us’. The string must be a sequence of decimal numbers, each with optional fraction and a unit suffix, such as “300ms”. Valid time units are “ns”, “us” (or “µs”), “ms”, “s”, “m”, “h”. The value must be a positive duration.
- cpu_manager_policy
  Type: STRING
  Provider name: cpuManagerPolicy
  Description: Control the CPU management policy on the node. See https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/ The following values are allowed. * “none”: the default, which represents the existing scheduling behavior. * “static”: allows pods with certain resource characteristics to be granted increased CPU affinity and exclusivity on the node. The default value is ’none’ if unspecified.
- insecure_kubelet_readonly_port_enabled
  Type: BOOLEAN
  Provider name: insecureKubeletReadonlyPortEnabled
  Description: Enable or disable Kubelet read only port.
- pod_pids_limit
  Type: INT64
  Provider name: podPidsLimit
  Description: Set the Pod PID limits. See https://kubernetes.io/docs/concepts/policy/pid-limiting/#pod-pid-limits Controls the maximum number of processes allowed to run in a pod. The value must be greater than or equal to 1024 and less than 4194304.
linux_node_config
Type: STRUCT
Provider name: linuxNodeConfig
Description: Parameters that can be configured on Linux nodes.
- cgroup_mode
  Type: STRING
  Provider name: cgroupMode
  Description: cgroup_mode specifies the cgroup mode to be used on the node.
  Possible values:
  - CGROUP_MODE_UNSPECIFIED - CGROUP_MODE_UNSPECIFIED is when unspecified cgroup configuration is used. The default for the GKE node OS image will be used.
  - CGROUP_MODE_V1 - CGROUP_MODE_V1 specifies to use cgroupv1 for the cgroup configuration on the node image.
  - CGROUP_MODE_V2 - CGROUP_MODE_V2 specifies to use cgroupv2 for the cgroup configuration on the node image.
- hugepages
  Type: STRUCT
  Provider name: hugepages
  Description: Optional. Amounts for 2M and 1G hugepages
  - hugepage_size1g
    Type: INT32
    Provider name: hugepageSize1g
    Description: Optional. Amount of 1G hugepages
  - hugepage_size2m
    Type: INT32
    Provider name: hugepageSize2m
    Description: Optional. Amount of 2M hugepages
local_nvme_ssd_block_config
Type: STRUCT
Provider name: localNvmeSsdBlockConfig
Description: Parameters for using raw-block Local NVMe SSDs.
- local_ssd_count
  Type: INT32
  Provider name: localSsdCount
  Description: Number of local NVMe SSDs to use. The limit for this value is dependent upon the maximum number of disk available on a machine per zone. See: https://cloud.google.com/compute/docs/disks/local-ssd for more information. A zero (or unset) value has different meanings depending on machine type being used: 1. For pre-Gen3 machines, which support flexible numbers of local ssds, zero (or unset) means to disable using local SSDs as ephemeral storage. 2. For Gen3 machines which dictate a specific number of local ssds, zero (or unset) means to use the default number of local ssds that goes with that machine type. For example, for a c3-standard-8-lssd machine, 2 local ssds would be provisioned. For c3-standard-8 (which doesn’t support local ssds), 0 will be provisioned. See https://cloud.google.com/compute/docs/disks/local-ssd#choose_number_local_ssds for more info.
local_ssd_count
Type: INT32
Provider name: localSsdCount
Description: The number of local SSD disks to be attached to the node. The limit for this value is dependent upon the maximum number of disks available on a machine per zone. See: https://cloud.google.com/compute/docs/disks/local-ssd for more information.
logging_config
Type: STRUCT
Provider name: loggingConfig
Description: Logging configuration.
- variant_config
  Type: STRUCT
  Provider name: variantConfig
  Description: Logging variant configuration.
  - variant
    Type: STRING
    Provider name: variant
    Description: Logging variant deployed on nodes.
    Possible values:
    - VARIANT_UNSPECIFIED - Default value. This shouldn’t be used.
    - DEFAULT - default logging variant.
    - MAX_THROUGHPUT - maximum logging throughput variant.
machine_type
Type: STRING
Provider name: machineType
Description: The name of a Google Compute Engine machine type. If unspecified, the default machine type is e2-medium.
min_cpu_platform
Type: STRING
Provider name: minCpuPlatform
Description: Minimum CPU platform to be used by this instance. The instance may be scheduled on the specified or newer CPU platform. Applicable values are the friendly names of CPU platforms, such as minCpuPlatform: "Intel Haswell" or minCpuPlatform: "Intel Sandy Bridge". For more information, read how to specify min CPU platform.
node_group
Type: STRING
Provider name: nodeGroup
Description: Setting this field will assign instances of this pool to run on the specified node group. This is useful for running workloads on sole tenant nodes.
oauth_scopes
Type: UNORDERED_LIST_STRING
Provider name: oauthScopes
Description: The set of Google API scopes to be made available on all of the node VMs under the “default” service account. The following scopes are recommended, but not required, and by default are not included: * https://www.googleapis.com/auth/compute is required for mounting persistent storage on your nodes. * https://www.googleapis.com/auth/devstorage.read_only is required for communicating with gcr.io (the Google Container Registry). If unspecified, no scopes are added, unless Cloud Logging or Cloud Monitoring are enabled, in which case their required scopes will be added.
preemptible
Type: BOOLEAN
Provider name: preemptible
Description: Whether the nodes are created as preemptible VM instances. See: https://cloud.google.com/compute/docs/instances/preemptible for more information about preemptible VM instances.
reservation_affinity
Type: STRUCT
Provider name: reservationAffinity
Description: The optional reservation affinity. Setting this field will apply the specified Zonal Compute Reservation to this node pool.
- consume_reservation_type
  Type: STRING
  Provider name: consumeReservationType
  Description: Corresponds to the type of reservation consumption.
  Possible values:
  - UNSPECIFIED - Default value. This should not be used.
  - NO_RESERVATION - Do not consume from any reserved capacity.
  - ANY_RESERVATION - Consume any reservation available.
  - SPECIFIC_RESERVATION - Must consume from a specific reservation. Must specify key value fields for specifying the reservations.
- key
  Type: STRING
  Provider name: key
  Description: Corresponds to the label key of a reservation resource. To target a SPECIFIC_RESERVATION by name, specify “compute.googleapis.com/reservation-name” as the key and specify the name of your reservation as its value.
- values
  Type: UNORDERED_LIST_STRING
  Provider name: values
  Description: Corresponds to the label value(s) of reservation resource(s).
resource_manager_tags
Type: STRUCT
Provider name: resourceManagerTags
Description: A map of resource manager tag keys and values to be attached to the nodes.
sandbox_config
Type: STRUCT
Provider name: sandboxConfig
Description: Sandbox configuration for this node.
- sandbox_type
  Type: STRING
  Provider name: sandboxType
  Description: Type of the sandbox to use for the node (e.g. ‘gvisor’)
- type
  Type: STRING
  Provider name: type
  Description: Type of the sandbox to use for the node.
  Possible values:
  - UNSPECIFIED - Default value. This should not be used.
  - GVISOR - Run sandbox using gvisor.
secondary_boot_disk_update_strategy
Type: STRUCT
Provider name: secondaryBootDiskUpdateStrategy
Description: Secondary boot disk update strategy.
secondary_boot_disks
Type: UNORDERED_LIST_STRUCT
Provider name: secondaryBootDisks
Description: List of secondary boot disks attached to the nodes.
- disk_image
  Type: STRING
  Provider name: diskImage
  Description: Fully-qualified resource ID for an existing disk image.
- mode
  Type: STRING
  Provider name: mode
  Description: Disk mode (container image cache, etc.)
  Possible values:
  - MODE_UNSPECIFIED - MODE_UNSPECIFIED is when mode is not set.
  - CONTAINER_IMAGE_CACHE - CONTAINER_IMAGE_CACHE is for using the secondary boot disk as a container image cache.
service_account
Type: STRING
Provider name: serviceAccount
Description: The Google Cloud Platform Service Account to be used by the node VMs. Specify the email address of the Service Account; otherwise, if no Service Account is specified, the “default” service account is used.
shielded_instance_config
Type: STRUCT
Provider name: shieldedInstanceConfig
Description: Shielded Instance options.
- enable_integrity_monitoring
  Type: BOOLEAN
  Provider name: enableIntegrityMonitoring
  Description: Defines whether the instance has integrity monitoring enabled. Enables monitoring and attestation of the boot integrity of the instance. The attestation is performed against the integrity policy baseline. This baseline is initially derived from the implicitly trusted boot image when the instance is created.
- enable_secure_boot
  Type: BOOLEAN
  Provider name: enableSecureBoot
  Description: Defines whether the instance has Secure Boot enabled. Secure Boot helps ensure that the system only runs authentic software by verifying the digital signature of all boot components, and halting the boot process if signature verification fails.
sole_tenant_config
Type: STRUCT
Provider name: soleTenantConfig
Description: Parameters for node pools to be backed by shared sole tenant node groups.
- node_affinities
  Type: UNORDERED_LIST_STRUCT
  Provider name: nodeAffinities
  Description: NodeAffinities used to match to a shared sole tenant node group.
  - key
    Type: STRING
    Provider name: key
    Description: Key for NodeAffinity.
  - operator
    Type: STRING
    Provider name: operator
    Description: Operator for NodeAffinity.
    Possible values:
    - OPERATOR_UNSPECIFIED - Invalid or unspecified affinity operator.
    - IN - Affinity operator.
    - NOT_IN - Anti-affinity operator.
  - values
    Type: UNORDERED_LIST_STRING
    Provider name: values
    Description: Values for NodeAffinity.
spot
Type: BOOLEAN
Provider name: spot
Description: Spot flag for enabling Spot VM, which is a rebrand of the existing preemptible flag.
taints
Type: UNORDERED_LIST_STRUCT
Provider name: taints
Description: List of kubernetes taints to be applied to each node. For more information, including usage and the valid values, see: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
- effect
  Type: STRING
  Provider name: effect
  Description: Effect for taint.
  Possible values:
  - EFFECT_UNSPECIFIED - Not set
  - NO_SCHEDULE - NoSchedule
  - PREFER_NO_SCHEDULE - PreferNoSchedule
  - NO_EXECUTE - NoExecute
- key
  Type: STRING
  Provider name: key
  Description: Key for taint.
- value
  Type: STRING
  Provider name: value
  Description: Value for taint.
windows_node_config
Type: STRUCT
Provider name: windowsNodeConfig
Description: Parameters that can be configured on Windows nodes.
- os_version
  Type: STRING
  Provider name: osVersion
  Description: OSVersion specifies the Windows node config to be used on the node
  Possible values:
  - OS_VERSION_UNSPECIFIED - When OSVersion is not specified
  - OS_VERSION_LTSC2019 - LTSC2019 specifies to use LTSC2019 as the Windows Servercore Base Image
  - OS_VERSION_LTSC2022 - LTSC2022 specifies to use LTSC2022 as the Windows Servercore Base Image
workload_metadata_config
Type: STRUCT
Provider name: workloadMetadataConfig
Description: The workload metadata configuration for this node.
- mode
  Type: STRING
  Provider name: mode
  Description: Mode is the configuration for how to expose metadata to workloads running on the node pool.
  Possible values:
  - MODE_UNSPECIFIED - Not set.
  - GCE_METADATA - Expose all Compute Engine metadata to pods.
  - GKE_METADATA - Run the GKE Metadata Server on this node. The GKE Metadata Server exposes a metadata API to workloads that is compatible with the V1 Compute Metadata APIs exposed by the Compute Engine and App Engine Metadata Servers. This feature can only be enabled if Workload Identity is enabled at the cluster level.
- node_metadata
  Type: STRING
  Provider name: nodeMetadata
  Description: NodeMetadata is the configuration for how to expose metadata to the workloads running on the node.
  Possible values:
  - UNSPECIFIED - Not set.
  - SECURE - Prevent workloads not in hostNetwork from accessing certain VM metadata, specifically kube-env, which contains Kubelet credentials, and the instance identity token. Metadata concealment is a temporary security solution available while the bootstrapping process for cluster nodes is being redesigned with significant security improvements. This feature is scheduled to be deprecated in the future and later removed.
  - EXPOSE - Expose all VM metadata to pods.
  - GKE_METADATA_SERVER - Run the GKE Metadata Server on this node. The GKE Metadata Server exposes a metadata API to workloads that is compatible with the V1 Compute Metadata APIs exposed by the Compute Engine and App Engine Metadata Servers. This feature can only be enabled if Workload Identity is enabled at the cluster level.

`node_ipv4_cidr_size`

Type: INT32
Provider name: nodeIpv4CidrSize
Description: Output only. The size of the address space on each node for hosting containers. This is provisioned from within the container_ipv4_cidr range. This field will only be set when cluster is in route-based network mode.

`node_pool_auto_config`

Type: STRUCT
Provider name: nodePoolAutoConfig
Description: Node pool configs that apply to all auto-provisioned node pools in autopilot clusters and node auto-provisioning enabled clusters.

network_tags
Type: STRUCT
Provider name: networkTags
Description: The list of instance tags applied to all nodes. Tags are used to identify valid sources or targets for network firewalls and are specified by the client during cluster creation. Each tag within the list must comply with RFC1035.
node_kubelet_config
Type: STRUCT
Provider name: nodeKubeletConfig
Description: NodeKubeletConfig controls the defaults for autoprovisioned node-pools. Currently only insecure_kubelet_readonly_port_enabled can be set here.
- cpu_cfs_quota
  Type: BOOLEAN
  Provider name: cpuCfsQuota
  Description: Enable CPU CFS quota enforcement for containers that specify CPU limits. This option is enabled by default which makes kubelet use CFS quota (https://www.kernel.org/doc/Documentation/scheduler/sched-bwc.txt) to enforce container CPU limits. Otherwise, CPU limits will not be enforced at all. Disable this option to mitigate CPU throttling problems while still having your pods to be in Guaranteed QoS class by specifying the CPU limits. The default value is ’true’ if unspecified.
- cpu_cfs_quota_period
  Type: STRING
  Provider name: cpuCfsQuotaPeriod
  Description: Set the CPU CFS quota period value ‘cpu.cfs_period_us’. The string must be a sequence of decimal numbers, each with optional fraction and a unit suffix, such as “300ms”. Valid time units are “ns”, “us” (or “µs”), “ms”, “s”, “m”, “h”. The value must be a positive duration.
- cpu_manager_policy
  Type: STRING
  Provider name: cpuManagerPolicy
  Description: Control the CPU management policy on the node. See https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/ The following values are allowed. * “none”: the default, which represents the existing scheduling behavior. * “static”: allows pods with certain resource characteristics to be granted increased CPU affinity and exclusivity on the node. The default value is ’none’ if unspecified.
- insecure_kubelet_readonly_port_enabled
  Type: BOOLEAN
  Provider name: insecureKubeletReadonlyPortEnabled
  Description: Enable or disable Kubelet read only port.
- pod_pids_limit
  Type: INT64
  Provider name: podPidsLimit
  Description: Set the Pod PID limits. See https://kubernetes.io/docs/concepts/policy/pid-limiting/#pod-pid-limits Controls the maximum number of processes allowed to run in a pod. The value must be greater than or equal to 1024 and less than 4194304.
resource_manager_tags
Type: STRUCT
Provider name: resourceManagerTags
Description: Resource manager tag keys and values to be attached to the nodes for managing Compute Engine firewalls using Network Firewall Policies.

`node_pool_defaults`

Type: STRUCT
Provider name: nodePoolDefaults
Description: Default NodePool settings for the entire cluster. These settings are overridden if specified on the specific NodePool object.

node_config_defaults
Type: STRUCT
Provider name: nodeConfigDefaults
Description: Subset of NodeConfig message that has defaults.
- containerd_config
  Type: STRUCT
  Provider name: containerdConfig
  Description: Parameters for containerd customization.
  - private_registry_access_config
    Type: STRUCT
    Provider name: privateRegistryAccessConfig
    Description: PrivateRegistryAccessConfig is used to configure access configuration for private container registries.
    - certificate_authority_domain_config
      Type: UNORDERED_LIST_STRUCT
      Provider name: certificateAuthorityDomainConfig
      Description: Private registry access configuration.
      - fqdns
        Type: UNORDERED_LIST_STRING
        Provider name: fqdns
        Description: List of fully qualified domain names (FQDN). Specifying port is supported. Wilcards are NOT supported. Examples: - my.customdomain.com - 10.0.1.2:5000
      - gcp_secret_manager_certificate_config
        Type: STRUCT
        Provider name: gcpSecretManagerCertificateConfig
        Description: Google Secret Manager (GCP) certificate configuration.
        secret_uri
        Type: STRING
        Provider name: secretUri
        Description: Secret URI, in the form “projects/$PROJECT_ID/secrets/$SECRET_NAME/versions/$VERSION”. Version can be fixed (e.g. “2”) or “latest”
    - enabled
      Type: BOOLEAN
      Provider name: enabled
      Description: Private registry access is enabled.
- gcfs_config
  Type: STRUCT
  Provider name: gcfsConfig
  Description: GCFS (Google Container File System, also known as Riptide) options.
  - enabled
    Type: BOOLEAN
    Provider name: enabled
    Description: Whether to use GCFS.
- host_maintenance_policy
  Type: STRUCT
  Provider name: hostMaintenancePolicy
  Description: HostMaintenancePolicy contains the desired maintenance policy for the Google Compute Engine hosts.
  - maintenance_interval
    Type: STRING
    Provider name: maintenanceInterval
    Description: Specifies the frequency of planned maintenance events.
    Possible values:
    - MAINTENANCE_INTERVAL_UNSPECIFIED - The maintenance interval is not explicitly specified.
    - AS_NEEDED - Nodes are eligible to receive infrastructure and hypervisor updates as they become available. This may result in more maintenance operations (live migrations or terminations) for the node than the PERIODIC option.
    - PERIODIC - Nodes receive infrastructure and hypervisor updates on a periodic basis, minimizing the number of maintenance operations (live migrations or terminations) on an individual VM. This may mean underlying VMs will take longer to receive an update than if it was configured for AS_NEEDED. Security updates will still be applied as soon as they are available.
  - opportunistic_maintenance_strategy
    Type: STRUCT
    Provider name: opportunisticMaintenanceStrategy
    Description: Strategy that will trigger maintenance on behalf of the customer.
    - maintenance_availability_window
      Type: STRING
      Provider name: maintenanceAvailabilityWindow
      Description: The window of time that opportunistic maintenance can run. Example: A setting of 14 days implies that opportunistic maintenance can only be ran in the 2 weeks leading up to the scheduled maintenance date. Setting 28 days allows opportunistic maintenance to run at any time in the scheduled maintenance window (all PERIODIC maintenance is set 28 days in advance).
    - min_nodes_per_pool
      Type: INT64
      Provider name: minNodesPerPool
      Description: The minimum nodes required to be available in a pool. Blocks maintenance if it would cause the number of running nodes to dip below this value.
    - node_idle_time_window
      Type: STRING
      Provider name: nodeIdleTimeWindow
      Description: The amount of time that a node can remain idle (no customer owned workloads running), before triggering maintenance.
- logging_config
  Type: STRUCT
  Provider name: loggingConfig
  Description: Logging configuration for node pools.
  - variant_config
    Type: STRUCT
    Provider name: variantConfig
    Description: Logging variant configuration.
    - variant
      Type: STRING
      Provider name: variant
      Description: Logging variant deployed on nodes.
      Possible values:
      - VARIANT_UNSPECIFIED - Default value. This shouldn’t be used.
      - DEFAULT - default logging variant.
      - MAX_THROUGHPUT - maximum logging throughput variant.
- node_kubelet_config
  Type: STRUCT
  Provider name: nodeKubeletConfig
  Description: NodeKubeletConfig controls the defaults for new node-pools. Currently only insecure_kubelet_readonly_port_enabled can be set here.
  - cpu_cfs_quota
    Type: BOOLEAN
    Provider name: cpuCfsQuota
    Description: Enable CPU CFS quota enforcement for containers that specify CPU limits. This option is enabled by default which makes kubelet use CFS quota (https://www.kernel.org/doc/Documentation/scheduler/sched-bwc.txt) to enforce container CPU limits. Otherwise, CPU limits will not be enforced at all. Disable this option to mitigate CPU throttling problems while still having your pods to be in Guaranteed QoS class by specifying the CPU limits. The default value is ’true’ if unspecified.
  - cpu_cfs_quota_period
    Type: STRING
    Provider name: cpuCfsQuotaPeriod
    Description: Set the CPU CFS quota period value ‘cpu.cfs_period_us’. The string must be a sequence of decimal numbers, each with optional fraction and a unit suffix, such as “300ms”. Valid time units are “ns”, “us” (or “µs”), “ms”, “s”, “m”, “h”. The value must be a positive duration.
  - cpu_manager_policy
    Type: STRING
    Provider name: cpuManagerPolicy
    Description: Control the CPU management policy on the node. See https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/ The following values are allowed. * “none”: the default, which represents the existing scheduling behavior. * “static”: allows pods with certain resource characteristics to be granted increased CPU affinity and exclusivity on the node. The default value is ’none’ if unspecified.
  - insecure_kubelet_readonly_port_enabled
    Type: BOOLEAN
    Provider name: insecureKubeletReadonlyPortEnabled
    Description: Enable or disable Kubelet read only port.
  - pod_pids_limit
    Type: INT64
    Provider name: podPidsLimit
    Description: Set the Pod PID limits. See https://kubernetes.io/docs/concepts/policy/pid-limiting/#pod-pid-limits Controls the maximum number of processes allowed to run in a pod. The value must be greater than or equal to 1024 and less than 4194304.

`node_pools`

Type: UNORDERED_LIST_STRUCT
Provider name: nodePools
Description: The node pools associated with this cluster. This field should not be set if “node_config” or “initial_node_count” are specified.

autoscaling
Type: STRUCT
Provider name: autoscaling
Description: Autoscaler configuration for this NodePool. Autoscaler is enabled only if a valid configuration is present.
- autoprovisioned
  Type: BOOLEAN
  Provider name: autoprovisioned
  Description: Can this node pool be deleted automatically.
- enabled
  Type: BOOLEAN
  Provider name: enabled
  Description: Is autoscaling enabled for this node pool.
- location_policy
  Type: STRING
  Provider name: locationPolicy
  Description: Location policy used when scaling up a nodepool.
  Possible values:
  - LOCATION_POLICY_UNSPECIFIED - Not set.
  - BALANCED - BALANCED is a best effort policy that aims to balance the sizes of different zones.
  - ANY - ANY policy picks zones that have the highest capacity available.
- max_node_count
  Type: INT32
  Provider name: maxNodeCount
  Description: Maximum number of nodes for one location in the NodePool. Must be >= min_node_count. There has to be enough quota to scale up the cluster.
- min_node_count
  Type: INT32
  Provider name: minNodeCount
  Description: Minimum number of nodes for one location in the NodePool. Must be >= 1 and <= max_node_count.
- total_max_node_count
  Type: INT32
  Provider name: totalMaxNodeCount
  Description: Maximum number of nodes in the node pool. Must be greater than total_min_node_count. There has to be enough quota to scale up the cluster. The total_*_node_count fields are mutually exclusive with the *_node_count fields.
- total_min_node_count
  Type: INT32
  Provider name: totalMinNodeCount
  Description: Minimum number of nodes in the node pool. Must be greater than 1 less than total_max_node_count. The total_*_node_count fields are mutually exclusive with the *_node_count fields.
best_effort_provisioning
Type: STRUCT
Provider name: bestEffortProvisioning
Description: Enable best effort provisioning for nodes
- enabled
  Type: BOOLEAN
  Provider name: enabled
  Description: When this is enabled, cluster/node pool creations will ignore non-fatal errors like stockout to best provision as many nodes as possible right now and eventually bring up all target number of nodes
- min_provision_nodes
  Type: INT32
  Provider name: minProvisionNodes
  Description: Minimum number of nodes to be provisioned to be considered as succeeded, and the rest of nodes will be provisioned gradually and eventually when stockout issue has been resolved.
conditions
Type: UNORDERED_LIST_STRUCT
Provider name: conditions
Description: Which conditions caused the current node pool state.
- canonical_code
  Type: STRING
  Provider name: canonicalCode
  Description: Canonical code of the condition.
  Possible values:
  - OK - Not an error; returned on success. HTTP Mapping: 200 OK
  - CANCELLED - The operation was cancelled, typically by the caller. HTTP Mapping: 499 Client Closed Request
  - UNKNOWN - Unknown error. For example, this error may be returned when a Status value received from another address space belongs to an error space that is not known in this address space. Also errors raised by APIs that do not return enough error information may be converted to this error. HTTP Mapping: 500 Internal Server Error
  - INVALID_ARGUMENT - The client specified an invalid argument. Note that this differs from FAILED_PRECONDITION. INVALID_ARGUMENT indicates arguments that are problematic regardless of the state of the system (e.g., a malformed file name). HTTP Mapping: 400 Bad Request
  - DEADLINE_EXCEEDED - The deadline expired before the operation could complete. For operations that change the state of the system, this error may be returned even if the operation has completed successfully. For example, a successful response from a server could have been delayed long enough for the deadline to expire. HTTP Mapping: 504 Gateway Timeout
  - NOT_FOUND - Some requested entity (e.g., file or directory) was not found. Note to server developers: if a request is denied for an entire class of users, such as gradual feature rollout or undocumented allowlist, NOT_FOUND may be used. If a request is denied for some users within a class of users, such as user-based access control, PERMISSION_DENIED must be used. HTTP Mapping: 404 Not Found
  - ALREADY_EXISTS - The entity that a client attempted to create (e.g., file or directory) already exists. HTTP Mapping: 409 Conflict
  - PERMISSION_DENIED - The caller does not have permission to execute the specified operation. PERMISSION_DENIED must not be used for rejections caused by exhausting some resource (use RESOURCE_EXHAUSTED instead for those errors). PERMISSION_DENIED must not be used if the caller can not be identified (use UNAUTHENTICATED instead for those errors). This error code does not imply the request is valid or the requested entity exists or satisfies other pre-conditions. HTTP Mapping: 403 Forbidden
  - UNAUTHENTICATED - The request does not have valid authentication credentials for the operation. HTTP Mapping: 401 Unauthorized
  - RESOURCE_EXHAUSTED - Some resource has been exhausted, perhaps a per-user quota, or perhaps the entire file system is out of space. HTTP Mapping: 429 Too Many Requests
  - FAILED_PRECONDITION - The operation was rejected because the system is not in a state required for the operation's execution. For example, the directory to be deleted is non-empty, an rmdir operation is applied to a non-directory, etc. Service implementors can use the following guidelines to decide between FAILED_PRECONDITION, ABORTED, and UNAVAILABLE: (a) Use UNAVAILABLE if the client can retry just the failing call. (b) Use ABORTED if the client should retry at a higher level. For example, when a client-specified test-and-set fails, indicating the client should restart a read-modify-write sequence. (c) Use FAILED_PRECONDITION if the client should not retry until the system state has been explicitly fixed. For example, if an ‘rmdir’ fails because the directory is non-empty, FAILED_PRECONDITION should be returned since the client should not retry unless the files are deleted from the directory. HTTP Mapping: 400 Bad Request
  - ABORTED - The operation was aborted, typically due to a concurrency issue such as a sequencer check failure or transaction abort. See the guidelines above for deciding between FAILED_PRECONDITION, ABORTED, and UNAVAILABLE. HTTP Mapping: 409 Conflict
  - OUT_OF_RANGE - The operation was attempted past the valid range. E.g., seeking or reading past end-of-file. Unlike INVALID_ARGUMENT, this error indicates a problem that may be fixed if the system state changes. For example, a 32-bit file system will generate INVALID_ARGUMENT if asked to read at an offset that is not in the range [0,2^32-1], but it will generate OUT_OF_RANGE if asked to read from an offset past the current file size. There is a fair bit of overlap between FAILED_PRECONDITION and OUT_OF_RANGE. We recommend using OUT_OF_RANGE (the more specific error) when it applies so that callers who are iterating through a space can easily look for an OUT_OF_RANGE error to detect when they are done. HTTP Mapping: 400 Bad Request
  - UNIMPLEMENTED - The operation is not implemented or is not supported/enabled in this service. HTTP Mapping: 501 Not Implemented
  - INTERNAL - Internal errors. This means that some invariants expected by the underlying system have been broken. This error code is reserved for serious errors. HTTP Mapping: 500 Internal Server Error
  - UNAVAILABLE - The service is currently unavailable. This is most likely a transient condition, which can be corrected by retrying with a backoff. Note that it is not always safe to retry non-idempotent operations. See the guidelines above for deciding between FAILED_PRECONDITION, ABORTED, and UNAVAILABLE. HTTP Mapping: 503 Service Unavailable
  - DATA_LOSS - Unrecoverable data loss or corruption. HTTP Mapping: 500 Internal Server Error
- code
  Type: STRING
  Provider name: code
  Description: Machine-friendly representation of the condition Deprecated. Use canonical_code instead.
  Possible values:
  - UNKNOWN - UNKNOWN indicates a generic condition.
  - GCE_STOCKOUT - GCE_STOCKOUT indicates that Google Compute Engine resources are temporarily unavailable.
  - GKE_SERVICE_ACCOUNT_DELETED - GKE_SERVICE_ACCOUNT_DELETED indicates that the user deleted their robot service account.
  - GCE_QUOTA_EXCEEDED - Google Compute Engine quota was exceeded.
  - SET_BY_OPERATOR - Cluster state was manually changed by an SRE due to a system logic error.
  - CLOUD_KMS_KEY_ERROR - Unable to perform an encrypt operation against the CloudKMS key used for etcd level encryption.
  - CA_EXPIRING - Cluster CA is expiring soon. More codes TBA
- message
  Type: STRING
  Provider name: message
  Description: Human-friendly representation of the condition
config
Type: STRUCT
Provider name: config
Description: The node configuration of the pool.
- accelerators
  Type: UNORDERED_LIST_STRUCT
  Provider name: accelerators
  Description: A list of hardware accelerators to be attached to each node. See https://cloud.google.com/compute/docs/gpus for more information about support for GPUs.
  - accelerator_count
    Type: INT64
    Provider name: acceleratorCount
    Description: The number of the accelerator cards exposed to an instance.
  - accelerator_type
    Type: STRING
    Provider name: acceleratorType
    Description: The accelerator type resource name. List of supported accelerators here
  - gpu_driver_installation_config
    Type: STRUCT
    Provider name: gpuDriverInstallationConfig
    Description: The configuration for auto installation of GPU driver.
    - gpu_driver_version
      Type: STRING
      Provider name: gpuDriverVersion
      Description: Mode for how the GPU driver is installed.
      Possible values:
      - GPU_DRIVER_VERSION_UNSPECIFIED - Default value is to not install any GPU driver.
      - INSTALLATION_DISABLED - Disable GPU driver auto installation and needs manual installation
      - DEFAULT - Default’ GPU driver in COS and Ubuntu.
      - LATEST - Latest’ GPU driver in COS.
  - gpu_partition_size
    Type: STRING
    Provider name: gpuPartitionSize
    Description: Size of partitions to create on the GPU. Valid values are described in the NVIDIA mig user guide.
  - gpu_sharing_config
    Type: STRUCT
    Provider name: gpuSharingConfig
    Description: The configuration for GPU sharing options.
    - gpu_sharing_strategy
      Type: STRING
      Provider name: gpuSharingStrategy
      Description: The type of GPU sharing strategy to enable on the GPU node.
      Possible values:
      - GPU_SHARING_STRATEGY_UNSPECIFIED - Default value.
      - TIME_SHARING - GPUs are time-shared between containers.
      - MPS - GPUs are shared between containers with NVIDIA MPS.
    - max_shared_clients_per_gpu
      Type: INT64
      Provider name: maxSharedClientsPerGpu
      Description: The max number of containers that can share a physical GPU.
  - max_time_shared_clients_per_gpu
    Type: INT64
    Provider name: maxTimeSharedClientsPerGpu
    Description: The number of time-shared GPU resources to expose for each physical GPU.
- advanced_machine_features
  Type: STRUCT
  Provider name: advancedMachineFeatures
  Description: Advanced features for the Compute Engine VM.
  - enable_nested_virtualization
    Type: BOOLEAN
    Provider name: enableNestedVirtualization
    Description: Whether or not to enable nested virtualization (defaults to false).
  - threads_per_core
    Type: INT64
    Provider name: threadsPerCore
    Description: The number of threads per physical core. To disable simultaneous multithreading (SMT) set this to 1. If unset, the maximum number of threads supported per core by the underlying processor is assumed.
- boot_disk_kms_key
  Type: STRING
  Provider name: bootDiskKmsKey
  Description: The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool. This should be of the form projects/[KEY_PROJECT_ID]/locations/[LOCATION]/keyRings/[RING_NAME]/cryptoKeys/[KEY_NAME]. For more information about protecting resources with Cloud KMS Keys please see: https://cloud.google.com/compute/docs/disks/customer-managed-encryption
- confidential_nodes
  Type: STRUCT
  Provider name: confidentialNodes
  Description: Confidential nodes config. All the nodes in the node pool will be Confidential VM once enabled.
  - enabled
    Type: BOOLEAN
    Provider name: enabled
    Description: Whether Confidential Nodes feature is enabled.
- containerd_config
  Type: STRUCT
  Provider name: containerdConfig
  Description: Parameters for containerd customization.
  - private_registry_access_config
    Type: STRUCT
    Provider name: privateRegistryAccessConfig
    Description: PrivateRegistryAccessConfig is used to configure access configuration for private container registries.
    - certificate_authority_domain_config
      Type: UNORDERED_LIST_STRUCT
      Provider name: certificateAuthorityDomainConfig
      Description: Private registry access configuration.
      - fqdns
        Type: UNORDERED_LIST_STRING
        Provider name: fqdns
        Description: List of fully qualified domain names (FQDN). Specifying port is supported. Wilcards are NOT supported. Examples: - my.customdomain.com - 10.0.1.2:5000
      - gcp_secret_manager_certificate_config
        Type: STRUCT
        Provider name: gcpSecretManagerCertificateConfig
        Description: Google Secret Manager (GCP) certificate configuration.
        secret_uri
        Type: STRING
        Provider name: secretUri
        Description: Secret URI, in the form “projects/$PROJECT_ID/secrets/$SECRET_NAME/versions/$VERSION”. Version can be fixed (e.g. “2”) or “latest”
    - enabled
      Type: BOOLEAN
      Provider name: enabled
      Description: Private registry access is enabled.
- disk_size_gb
  Type: INT32
  Provider name: diskSizeGb
  Description: Size of the disk attached to each node, specified in GB. The smallest allowed disk size is 10GB. If unspecified, the default disk size is 100GB.
- disk_type
  Type: STRING
  Provider name: diskType
  Description: Type of the disk attached to each node (e.g. ‘pd-standard’, ‘pd-ssd’ or ‘pd-balanced’) If unspecified, the default disk type is ‘pd-standard’
- enable_confidential_storage
  Type: BOOLEAN
  Provider name: enableConfidentialStorage
  Description: Optional. Reserved for future use.
- ephemeral_storage_config
  Type: STRUCT
  Provider name: ephemeralStorageConfig
  Description: Parameters for the ephemeral storage filesystem. If unspecified, ephemeral storage is backed by the boot disk.
  - local_ssd_count
    Type: INT32
    Provider name: localSsdCount
    Description: Number of local SSDs to use to back ephemeral storage. Uses NVMe interfaces. The limit for this value is dependent upon the maximum number of disk available on a machine per zone. See: https://cloud.google.com/compute/docs/disks/local-ssd for more information. A zero (or unset) value has different meanings depending on machine type being used: 1. For pre-Gen3 machines, which support flexible numbers of local ssds, zero (or unset) means to disable using local SSDs as ephemeral storage. 2. For Gen3 machines which dictate a specific number of local ssds, zero (or unset) means to use the default number of local ssds that goes with that machine type. For example, for a c3-standard-8-lssd machine, 2 local ssds would be provisioned. For c3-standard-8 (which doesn’t support local ssds), 0 will be provisioned. See https://cloud.google.com/compute/docs/disks/local-ssd#choose_number_local_ssds for more info.
- ephemeral_storage_local_ssd_config
  Type: STRUCT
  Provider name: ephemeralStorageLocalSsdConfig
  Description: Parameters for the node ephemeral storage using Local SSDs. If unspecified, ephemeral storage is backed by the boot disk. This field is functionally equivalent to the ephemeral_storage_config
  - local_ssd_count
    Type: INT32
    Provider name: localSsdCount
    Description: Number of local SSDs to use to back ephemeral storage. Uses NVMe interfaces. A zero (or unset) value has different meanings depending on machine type being used: 1. For pre-Gen3 machines, which support flexible numbers of local ssds, zero (or unset) means to disable using local SSDs as ephemeral storage. The limit for this value is dependent upon the maximum number of disk available on a machine per zone. See: https://cloud.google.com/compute/docs/disks/local-ssd for more information. 2. For Gen3 machines which dictate a specific number of local ssds, zero (or unset) means to use the default number of local ssds that goes with that machine type. For example, for a c3-standard-8-lssd machine, 2 local ssds would be provisioned. For c3-standard-8 (which doesn’t support local ssds), 0 will be provisioned. See https://cloud.google.com/compute/docs/disks/local-ssd#choose_number_local_ssds for more info.
- fast_socket
  Type: STRUCT
  Provider name: fastSocket
  Description: Enable or disable NCCL fast socket for the node pool.
  - enabled
    Type: BOOLEAN
    Provider name: enabled
    Description: Whether Fast Socket features are enabled in the node pool.
- gcfs_config
  Type: STRUCT
  Provider name: gcfsConfig
  Description: GCFS (Google Container File System) configs.
  - enabled
    Type: BOOLEAN
    Provider name: enabled
    Description: Whether to use GCFS.
- gvnic
  Type: STRUCT
  Provider name: gvnic
  Description: Enable or disable gvnic on the node pool.
  - enabled
    Type: BOOLEAN
    Provider name: enabled
    Description: Whether gVNIC features are enabled in the node pool.
- host_maintenance_policy
  Type: STRUCT
  Provider name: hostMaintenancePolicy
  Description: HostMaintenancePolicy contains the desired maintenance policy for the Google Compute Engine hosts.
  - maintenance_interval
    Type: STRING
    Provider name: maintenanceInterval
    Description: Specifies the frequency of planned maintenance events.
    Possible values:
    - MAINTENANCE_INTERVAL_UNSPECIFIED - The maintenance interval is not explicitly specified.
    - AS_NEEDED - Nodes are eligible to receive infrastructure and hypervisor updates as they become available. This may result in more maintenance operations (live migrations or terminations) for the node than the PERIODIC option.
    - PERIODIC - Nodes receive infrastructure and hypervisor updates on a periodic basis, minimizing the number of maintenance operations (live migrations or terminations) on an individual VM. This may mean underlying VMs will take longer to receive an update than if it was configured for AS_NEEDED. Security updates will still be applied as soon as they are available.
  - opportunistic_maintenance_strategy
    Type: STRUCT
    Provider name: opportunisticMaintenanceStrategy
    Description: Strategy that will trigger maintenance on behalf of the customer.
    - maintenance_availability_window
      Type: STRING
      Provider name: maintenanceAvailabilityWindow
      Description: The window of time that opportunistic maintenance can run. Example: A setting of 14 days implies that opportunistic maintenance can only be ran in the 2 weeks leading up to the scheduled maintenance date. Setting 28 days allows opportunistic maintenance to run at any time in the scheduled maintenance window (all PERIODIC maintenance is set 28 days in advance).
    - min_nodes_per_pool
      Type: INT64
      Provider name: minNodesPerPool
      Description: The minimum nodes required to be available in a pool. Blocks maintenance if it would cause the number of running nodes to dip below this value.
    - node_idle_time_window
      Type: STRING
      Provider name: nodeIdleTimeWindow
      Description: The amount of time that a node can remain idle (no customer owned workloads running), before triggering maintenance.
- image_type
  Type: STRING
  Provider name: imageType
  Description: The image type to use for this node. Note that for a given image type, the latest version of it will be used. Please see https://cloud.google.com/kubernetes-engine/docs/concepts/node-images for available image types.
- kubelet_config
  Type: STRUCT
  Provider name: kubeletConfig
  Description: Node kubelet configs.
  - cpu_cfs_quota
    Type: BOOLEAN
    Provider name: cpuCfsQuota
    Description: Enable CPU CFS quota enforcement for containers that specify CPU limits. This option is enabled by default which makes kubelet use CFS quota (https://www.kernel.org/doc/Documentation/scheduler/sched-bwc.txt) to enforce container CPU limits. Otherwise, CPU limits will not be enforced at all. Disable this option to mitigate CPU throttling problems while still having your pods to be in Guaranteed QoS class by specifying the CPU limits. The default value is ’true’ if unspecified.
  - cpu_cfs_quota_period
    Type: STRING
    Provider name: cpuCfsQuotaPeriod
    Description: Set the CPU CFS quota period value ‘cpu.cfs_period_us’. The string must be a sequence of decimal numbers, each with optional fraction and a unit suffix, such as “300ms”. Valid time units are “ns”, “us” (or “µs”), “ms”, “s”, “m”, “h”. The value must be a positive duration.
  - cpu_manager_policy
    Type: STRING
    Provider name: cpuManagerPolicy
    Description: Control the CPU management policy on the node. See https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/ The following values are allowed. * “none”: the default, which represents the existing scheduling behavior. * “static”: allows pods with certain resource characteristics to be granted increased CPU affinity and exclusivity on the node. The default value is ’none’ if unspecified.
  - insecure_kubelet_readonly_port_enabled
    Type: BOOLEAN
    Provider name: insecureKubeletReadonlyPortEnabled
    Description: Enable or disable Kubelet read only port.
  - pod_pids_limit
    Type: INT64
    Provider name: podPidsLimit
    Description: Set the Pod PID limits. See https://kubernetes.io/docs/concepts/policy/pid-limiting/#pod-pid-limits Controls the maximum number of processes allowed to run in a pod. The value must be greater than or equal to 1024 and less than 4194304.
- linux_node_config
  Type: STRUCT
  Provider name: linuxNodeConfig
  Description: Parameters that can be configured on Linux nodes.
  - cgroup_mode
    Type: STRING
    Provider name: cgroupMode
    Description: cgroup_mode specifies the cgroup mode to be used on the node.
    Possible values:
    - CGROUP_MODE_UNSPECIFIED - CGROUP_MODE_UNSPECIFIED is when unspecified cgroup configuration is used. The default for the GKE node OS image will be used.
    - CGROUP_MODE_V1 - CGROUP_MODE_V1 specifies to use cgroupv1 for the cgroup configuration on the node image.
    - CGROUP_MODE_V2 - CGROUP_MODE_V2 specifies to use cgroupv2 for the cgroup configuration on the node image.
  - hugepages
    Type: STRUCT
    Provider name: hugepages
    Description: Optional. Amounts for 2M and 1G hugepages
    - hugepage_size1g
      Type: INT32
      Provider name: hugepageSize1g
      Description: Optional. Amount of 1G hugepages
    - hugepage_size2m
      Type: INT32
      Provider name: hugepageSize2m
      Description: Optional. Amount of 2M hugepages
- local_nvme_ssd_block_config
  Type: STRUCT
  Provider name: localNvmeSsdBlockConfig
  Description: Parameters for using raw-block Local NVMe SSDs.
  - local_ssd_count
    Type: INT32
    Provider name: localSsdCount
    Description: Number of local NVMe SSDs to use. The limit for this value is dependent upon the maximum number of disk available on a machine per zone. See: https://cloud.google.com/compute/docs/disks/local-ssd for more information. A zero (or unset) value has different meanings depending on machine type being used: 1. For pre-Gen3 machines, which support flexible numbers of local ssds, zero (or unset) means to disable using local SSDs as ephemeral storage. 2. For Gen3 machines which dictate a specific number of local ssds, zero (or unset) means to use the default number of local ssds that goes with that machine type. For example, for a c3-standard-8-lssd machine, 2 local ssds would be provisioned. For c3-standard-8 (which doesn’t support local ssds), 0 will be provisioned. See https://cloud.google.com/compute/docs/disks/local-ssd#choose_number_local_ssds for more info.
- local_ssd_count
  Type: INT32
  Provider name: localSsdCount
  Description: The number of local SSD disks to be attached to the node. The limit for this value is dependent upon the maximum number of disks available on a machine per zone. See: https://cloud.google.com/compute/docs/disks/local-ssd for more information.
- logging_config
  Type: STRUCT
  Provider name: loggingConfig
  Description: Logging configuration.
  - variant_config
    Type: STRUCT
    Provider name: variantConfig
    Description: Logging variant configuration.
    - variant
      Type: STRING
      Provider name: variant
      Description: Logging variant deployed on nodes.
      Possible values:
      - VARIANT_UNSPECIFIED - Default value. This shouldn’t be used.
      - DEFAULT - default logging variant.
      - MAX_THROUGHPUT - maximum logging throughput variant.
- machine_type
  Type: STRING
  Provider name: machineType
  Description: The name of a Google Compute Engine machine type. If unspecified, the default machine type is e2-medium.
- min_cpu_platform
  Type: STRING
  Provider name: minCpuPlatform
  Description: Minimum CPU platform to be used by this instance. The instance may be scheduled on the specified or newer CPU platform. Applicable values are the friendly names of CPU platforms, such as minCpuPlatform: "Intel Haswell" or minCpuPlatform: "Intel Sandy Bridge". For more information, read how to specify min CPU platform.
- node_group
  Type: STRING
  Provider name: nodeGroup
  Description: Setting this field will assign instances of this pool to run on the specified node group. This is useful for running workloads on sole tenant nodes.
- oauth_scopes
  Type: UNORDERED_LIST_STRING
  Provider name: oauthScopes
  Description: The set of Google API scopes to be made available on all of the node VMs under the “default” service account. The following scopes are recommended, but not required, and by default are not included: * https://www.googleapis.com/auth/compute is required for mounting persistent storage on your nodes. * https://www.googleapis.com/auth/devstorage.read_only is required for communicating with gcr.io (the Google Container Registry). If unspecified, no scopes are added, unless Cloud Logging or Cloud Monitoring are enabled, in which case their required scopes will be added.
- preemptible
  Type: BOOLEAN
  Provider name: preemptible
  Description: Whether the nodes are created as preemptible VM instances. See: https://cloud.google.com/compute/docs/instances/preemptible for more information about preemptible VM instances.
- reservation_affinity
  Type: STRUCT
  Provider name: reservationAffinity
  Description: The optional reservation affinity. Setting this field will apply the specified Zonal Compute Reservation to this node pool.
  - consume_reservation_type
    Type: STRING
    Provider name: consumeReservationType
    Description: Corresponds to the type of reservation consumption.
    Possible values:
    - UNSPECIFIED - Default value. This should not be used.
    - NO_RESERVATION - Do not consume from any reserved capacity.
    - ANY_RESERVATION - Consume any reservation available.
    - SPECIFIC_RESERVATION - Must consume from a specific reservation. Must specify key value fields for specifying the reservations.
  - key
    Type: STRING
    Provider name: key
    Description: Corresponds to the label key of a reservation resource. To target a SPECIFIC_RESERVATION by name, specify “compute.googleapis.com/reservation-name” as the key and specify the name of your reservation as its value.
  - values
    Type: UNORDERED_LIST_STRING
    Provider name: values
    Description: Corresponds to the label value(s) of reservation resource(s).
- resource_manager_tags
  Type: STRUCT
  Provider name: resourceManagerTags
  Description: A map of resource manager tag keys and values to be attached to the nodes.
- sandbox_config
  Type: STRUCT
  Provider name: sandboxConfig
  Description: Sandbox configuration for this node.
  - sandbox_type
    Type: STRING
    Provider name: sandboxType
    Description: Type of the sandbox to use for the node (e.g. ‘gvisor’)
  - type
    Type: STRING
    Provider name: type
    Description: Type of the sandbox to use for the node.
    Possible values:
    - UNSPECIFIED - Default value. This should not be used.
    - GVISOR - Run sandbox using gvisor.
- secondary_boot_disk_update_strategy
  Type: STRUCT
  Provider name: secondaryBootDiskUpdateStrategy
  Description: Secondary boot disk update strategy.
- secondary_boot_disks
  Type: UNORDERED_LIST_STRUCT
  Provider name: secondaryBootDisks
  Description: List of secondary boot disks attached to the nodes.
  - disk_image
    Type: STRING
    Provider name: diskImage
    Description: Fully-qualified resource ID for an existing disk image.
  - mode
    Type: STRING
    Provider name: mode
    Description: Disk mode (container image cache, etc.)
    Possible values:
    - MODE_UNSPECIFIED - MODE_UNSPECIFIED is when mode is not set.
    - CONTAINER_IMAGE_CACHE - CONTAINER_IMAGE_CACHE is for using the secondary boot disk as a container image cache.
- service_account
  Type: STRING
  Provider name: serviceAccount
  Description: The Google Cloud Platform Service Account to be used by the node VMs. Specify the email address of the Service Account; otherwise, if no Service Account is specified, the “default” service account is used.
- shielded_instance_config
  Type: STRUCT
  Provider name: shieldedInstanceConfig
  Description: Shielded Instance options.
  - enable_integrity_monitoring
    Type: BOOLEAN
    Provider name: enableIntegrityMonitoring
    Description: Defines whether the instance has integrity monitoring enabled. Enables monitoring and attestation of the boot integrity of the instance. The attestation is performed against the integrity policy baseline. This baseline is initially derived from the implicitly trusted boot image when the instance is created.
  - enable_secure_boot
    Type: BOOLEAN
    Provider name: enableSecureBoot
    Description: Defines whether the instance has Secure Boot enabled. Secure Boot helps ensure that the system only runs authentic software by verifying the digital signature of all boot components, and halting the boot process if signature verification fails.
- sole_tenant_config
  Type: STRUCT
  Provider name: soleTenantConfig
  Description: Parameters for node pools to be backed by shared sole tenant node groups.
  - node_affinities
    Type: UNORDERED_LIST_STRUCT
    Provider name: nodeAffinities
    Description: NodeAffinities used to match to a shared sole tenant node group.
    - key
      Type: STRING
      Provider name: key
      Description: Key for NodeAffinity.
    - operator
      Type: STRING
      Provider name: operator
      Description: Operator for NodeAffinity.
      Possible values:
      - OPERATOR_UNSPECIFIED - Invalid or unspecified affinity operator.
      - IN - Affinity operator.
      - NOT_IN - Anti-affinity operator.
    - values
      Type: UNORDERED_LIST_STRING
      Provider name: values
      Description: Values for NodeAffinity.
- spot
  Type: BOOLEAN
  Provider name: spot
  Description: Spot flag for enabling Spot VM, which is a rebrand of the existing preemptible flag.
- taints
  Type: UNORDERED_LIST_STRUCT
  Provider name: taints
  Description: List of kubernetes taints to be applied to each node. For more information, including usage and the valid values, see: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
  - effect
    Type: STRING
    Provider name: effect
    Description: Effect for taint.
    Possible values:
    - EFFECT_UNSPECIFIED - Not set
    - NO_SCHEDULE - NoSchedule
    - PREFER_NO_SCHEDULE - PreferNoSchedule
    - NO_EXECUTE - NoExecute
  - key
    Type: STRING
    Provider name: key
    Description: Key for taint.
  - value
    Type: STRING
    Provider name: value
    Description: Value for taint.
- windows_node_config
  Type: STRUCT
  Provider name: windowsNodeConfig
  Description: Parameters that can be configured on Windows nodes.
  - os_version
    Type: STRING
    Provider name: osVersion
    Description: OSVersion specifies the Windows node config to be used on the node
    Possible values:
    - OS_VERSION_UNSPECIFIED - When OSVersion is not specified
    - OS_VERSION_LTSC2019 - LTSC2019 specifies to use LTSC2019 as the Windows Servercore Base Image
    - OS_VERSION_LTSC2022 - LTSC2022 specifies to use LTSC2022 as the Windows Servercore Base Image
- workload_metadata_config
  Type: STRUCT
  Provider name: workloadMetadataConfig
  Description: The workload metadata configuration for this node.
  - mode
    Type: STRING
    Provider name: mode
    Description: Mode is the configuration for how to expose metadata to workloads running on the node pool.
    Possible values:
    - MODE_UNSPECIFIED - Not set.
    - GCE_METADATA - Expose all Compute Engine metadata to pods.
    - GKE_METADATA - Run the GKE Metadata Server on this node. The GKE Metadata Server exposes a metadata API to workloads that is compatible with the V1 Compute Metadata APIs exposed by the Compute Engine and App Engine Metadata Servers. This feature can only be enabled if Workload Identity is enabled at the cluster level.
  - node_metadata
    Type: STRING
    Provider name: nodeMetadata
    Description: NodeMetadata is the configuration for how to expose metadata to the workloads running on the node.
    Possible values:
    - UNSPECIFIED - Not set.
    - SECURE - Prevent workloads not in hostNetwork from accessing certain VM metadata, specifically kube-env, which contains Kubelet credentials, and the instance identity token. Metadata concealment is a temporary security solution available while the bootstrapping process for cluster nodes is being redesigned with significant security improvements. This feature is scheduled to be deprecated in the future and later removed.
    - EXPOSE - Expose all VM metadata to pods.
    - GKE_METADATA_SERVER - Run the GKE Metadata Server on this node. The GKE Metadata Server exposes a metadata API to workloads that is compatible with the V1 Compute Metadata APIs exposed by the Compute Engine and App Engine Metadata Servers. This feature can only be enabled if Workload Identity is enabled at the cluster level.
etag
Type: STRING
Provider name: etag
Description: This checksum is computed by the server based on the value of node pool fields, and may be sent on update requests to ensure the client has an up-to-date value before proceeding.
gcp_status
Type: STRING
Provider name: status
Description: Output only. The status of the nodes in this pool instance.
Possible values:
- STATUS_UNSPECIFIED - Not set.
- PROVISIONING - The PROVISIONING state indicates the node pool is being created.
- RUNNING - The RUNNING state indicates the node pool has been created and is fully usable.
- RUNNING_WITH_ERROR - The RUNNING_WITH_ERROR state indicates the node pool has been created and is partially usable. Some error state has occurred and some functionality may be impaired. Customer may need to reissue a request or trigger a new update.
- RECONCILING - The RECONCILING state indicates that some work is actively being done on the node pool, such as upgrading node software. Details can be found in the statusMessage field.
- STOPPING - The STOPPING state indicates the node pool is being deleted.
- ERROR - The ERROR state indicates the node pool may be unusable. Details can be found in the statusMessage field.
initial_node_count
Type: INT32
Provider name: initialNodeCount
Description: The initial node count for the pool. You must ensure that your Compute Engine resource quota is sufficient for this number of instances. You must also have available firewall and routes quota.
instance_group_urls
Type: UNORDERED_LIST_STRING
Provider name: instanceGroupUrls
Description: Output only. The resource URLs of the managed instance groups associated with this node pool. During the node pool blue-green upgrade operation, the URLs contain both blue and green resources.
locations
Type: UNORDERED_LIST_STRING
Provider name: locations
Description: The list of Google Compute Engine zones in which the NodePool’s nodes should be located. If this value is unspecified during node pool creation, the Cluster.Locations value will be used, instead. Warning: changing node pool locations will result in nodes being added and/or removed.
management
Type: STRUCT
Provider name: management
Description: NodeManagement configuration for this NodePool.
- auto_repair
  Type: BOOLEAN
  Provider name: autoRepair
  Description: Whether the nodes will be automatically repaired.
- auto_upgrade
  Type: BOOLEAN
  Provider name: autoUpgrade
  Description: Whether the nodes will be automatically upgraded.
- upgrade_options
  Type: STRUCT
  Provider name: upgradeOptions
  Description: Specifies the Auto Upgrade knobs for the node pool.
  - auto_upgrade_start_time
    Type: STRING
    Provider name: autoUpgradeStartTime
    Description: Output only. This field is set when upgrades are about to commence with the approximate start time for the upgrades, in RFC3339 text format.
  - description
    Type: STRING
    Provider name: description
    Description: Output only. This field is set when upgrades are about to commence with the description of the upgrade.
max_pods_constraint
Type: STRUCT
Provider name: maxPodsConstraint
Description: The constraint on the maximum number of pods that can be run simultaneously on a node in the node pool.
- max_pods_per_node
  Type: INT64
  Provider name: maxPodsPerNode
  Description: Constraint enforced on the max num of pods per node.
name
Type: STRING
Provider name: name
Description: The name of the node pool.
network_config
Type: STRUCT
Provider name: networkConfig
Description: Networking configuration for this NodePool. If specified, it overrides the cluster-level defaults.
- additional_node_network_configs
  Type: UNORDERED_LIST_STRUCT
  Provider name: additionalNodeNetworkConfigs
  Description: We specify the additional node networks for this node pool using this list. Each node network corresponds to an additional interface
  - network
    Type: STRING
    Provider name: network
    Description: Name of the VPC where the additional interface belongs
  - subnetwork
    Type: STRING
    Provider name: subnetwork
    Description: Name of the subnetwork where the additional interface belongs
- additional_pod_network_configs
  Type: UNORDERED_LIST_STRUCT
  Provider name: additionalPodNetworkConfigs
  Description: We specify the additional pod networks for this node pool using this list. Each pod network corresponds to an additional alias IP range for the node
  - max_pods_per_node
    Type: STRUCT
    Provider name: maxPodsPerNode
    Description: The maximum number of pods per node which use this pod network.
    - max_pods_per_node
      Type: INT64
      Provider name: maxPodsPerNode
      Description: Constraint enforced on the max num of pods per node.
  - secondary_pod_range
    Type: STRING
    Provider name: secondaryPodRange
    Description: The name of the secondary range on the subnet which provides IP address for this pod range.
  - subnetwork
    Type: STRING
    Provider name: subnetwork
    Description: Name of the subnetwork where the additional pod network belongs.
- create_pod_range
  Type: BOOLEAN
  Provider name: createPodRange
  Description: Input only. Whether to create a new range for pod IPs in this node pool. Defaults are provided for pod_range and pod_ipv4_cidr_block if they are not specified. If neither create_pod_range or pod_range are specified, the cluster-level default (ip_allocation_policy.cluster_ipv4_cidr_block) is used. Only applicable if ip_allocation_policy.use_ip_aliases is true. This field cannot be changed after the node pool has been created.
- enable_private_nodes
  Type: BOOLEAN
  Provider name: enablePrivateNodes
  Description: Whether nodes have internal IP addresses only. If enable_private_nodes is not specified, then the value is derived from cluster.privateClusterConfig.enablePrivateNodes
- network_performance_config
  Type: STRUCT
  Provider name: networkPerformanceConfig
  Description: Network bandwidth tier configuration.
  - external_ip_egress_bandwidth_tier
    Type: STRING
    Provider name: externalIpEgressBandwidthTier
    Description: Specifies the network bandwidth tier for the NodePool for traffic to external/public IP addresses.
    Possible values:
    - TIER_UNSPECIFIED - Default value
    - TIER_1 - Higher bandwidth, actual values based on VM size.
  - total_egress_bandwidth_tier
    Type: STRING
    Provider name: totalEgressBandwidthTier
    Description: Specifies the total network bandwidth tier for the NodePool.
    Possible values:
    - TIER_UNSPECIFIED - Default value
    - TIER_1 - Higher bandwidth, actual values based on VM size.
- pod_cidr_overprovision_config
  Type: STRUCT
  Provider name: podCidrOverprovisionConfig
  Description: [PRIVATE FIELD] Pod CIDR size overprovisioning config for the nodepool. Pod CIDR size per node depends on max_pods_per_node. By default, the value of max_pods_per_node is rounded off to next power of 2 and we then double that to get the size of pod CIDR block per node. Example: max_pods_per_node of 30 would result in 64 IPs (/26). This config can disable the doubling of IPs (we still round off to next power of 2) Example: max_pods_per_node of 30 will result in 32 IPs (/27) when overprovisioning is disabled.
  - disable
    Type: BOOLEAN
    Provider name: disable
    Description: Whether Pod CIDR overprovisioning is disabled. Note: Pod CIDR overprovisioning is enabled by default.
- pod_ipv4_cidr_block
  Type: STRING
  Provider name: podIpv4CidrBlock
  Description: The IP address range for pod IPs in this node pool. Only applicable if create_pod_range is true. Set to blank to have a range chosen with the default size. Set to /netmask (e.g. /14) to have a range chosen with a specific netmask. Set to a CIDR notation (e.g. 10.96.0.0/14) to pick a specific range to use. Only applicable if ip_allocation_policy.use_ip_aliases is true. This field cannot be changed after the node pool has been created.
- pod_ipv4_range_utilization
  Type: DOUBLE
  Provider name: podIpv4RangeUtilization
  Description: Output only. The utilization of the IPv4 range for the pod. The ratio is Usage/[Total number of IPs in the secondary range], Usage=numNodesnumZonespodIPsPerNode.
- pod_range
  Type: STRING
  Provider name: podRange
  Description: The ID of the secondary range for pod IPs. If create_pod_range is true, this ID is used for the new range. If create_pod_range is false, uses an existing secondary range with this ID. Only applicable if ip_allocation_policy.use_ip_aliases is true. This field cannot be changed after the node pool has been created.
placement_policy
Type: STRUCT
Provider name: placementPolicy
Description: Specifies the node placement policy.
- policy_name
  Type: STRING
  Provider name: policyName
  Description: If set, refers to the name of a custom resource policy supplied by the user. The resource policy must be in the same project and region as the node pool. If not found, InvalidArgument error is returned.
- tpu_topology
  Type: STRING
  Provider name: tpuTopology
  Description: TPU placement topology for pod slice node pool. https://cloud.google.com/tpu/docs/types-topologies#tpu_topologies
- type
  Type: STRING
  Provider name: type
  Description: The type of placement.
  Possible values:
  - TYPE_UNSPECIFIED - TYPE_UNSPECIFIED specifies no requirements on nodes placement.
  - COMPACT - COMPACT specifies node placement in the same availability domain to ensure low communication latency.
pod_ipv4_cidr_size
Type: INT32
Provider name: podIpv4CidrSize
Description: Output only. The pod CIDR block size per node in this node pool.
queued_provisioning
Type: STRUCT
Provider name: queuedProvisioning
Description: Specifies the configuration of queued provisioning.
- enabled
  Type: BOOLEAN
  Provider name: enabled
  Description: Denotes that this nodepool is QRM specific, meaning nodes can be only obtained through queuing via the Cluster Autoscaler ProvisioningRequest API.
self_link
Type: STRING
Provider name: selfLink
Description: Output only. Server-defined URL for the resource.
status_message
Type: STRING
Provider name: statusMessage
Description: Output only. Deprecated. Use conditions instead. Additional information about the current status of this node pool instance, if available.
update_info
Type: STRUCT
Provider name: updateInfo
Description: Output only. Update info contains relevant information during a node pool update.
- blue_green_info
  Type: STRUCT
  Provider name: blueGreenInfo
  Description: Information of a blue-green upgrade.
  - blue_instance_group_urls
    Type: UNORDERED_LIST_STRING
    Provider name: blueInstanceGroupUrls
    Description: The resource URLs of the [managed instance groups] (/compute/docs/instance-groups/creating-groups-of-managed-instances) associated with blue pool.
  - blue_pool_deletion_start_time
    Type: STRING
    Provider name: bluePoolDeletionStartTime
    Description: Time to start deleting blue pool to complete blue-green upgrade, in RFC3339 text format.
  - green_instance_group_urls
    Type: UNORDERED_LIST_STRING
    Provider name: greenInstanceGroupUrls
    Description: The resource URLs of the [managed instance groups] (/compute/docs/instance-groups/creating-groups-of-managed-instances) associated with green pool.
  - green_pool_version
    Type: STRING
    Provider name: greenPoolVersion
    Description: Version of green pool.
  - phase
    Type: STRING
    Provider name: phase
    Description: Current blue-green upgrade phase.
    Possible values:
    - PHASE_UNSPECIFIED - Unspecified phase.
    - UPDATE_STARTED - blue-green upgrade has been initiated.
    - CREATING_GREEN_POOL - Start creating green pool nodes.
    - CORDONING_BLUE_POOL - Start cordoning blue pool nodes.
    - WAITING_TO_DRAIN_BLUE_POOL - Start waiting after cordoning the blue pool and before draining it.
    - DRAINING_BLUE_POOL - Start draining blue pool nodes.
    - NODE_POOL_SOAKING - Start soaking time after draining entire blue pool.
    - DELETING_BLUE_POOL - Start deleting blue nodes.
    - ROLLBACK_STARTED - Rollback has been initiated.
upgrade_settings
Type: STRUCT
Provider name: upgradeSettings
Description: Upgrade settings control disruption and speed of the upgrade.
- blue_green_settings
  Type: STRUCT
  Provider name: blueGreenSettings
  Description: Settings for blue-green upgrade strategy.
  - autoscaled_rollout_policy
    Type: STRUCT
    Provider name: autoscaledRolloutPolicy
    Description: Autoscaled policy for cluster autoscaler enabled blue-green upgrade.
  - node_pool_soak_duration
    Type: STRING
    Provider name: nodePoolSoakDuration
    Description: Time needed after draining entire blue pool. After this period, blue pool will be cleaned up.
  - standard_rollout_policy
    Type: STRUCT
    Provider name: standardRolloutPolicy
    Description: Standard policy for the blue-green upgrade.
    - batch_node_count
      Type: INT32
      Provider name: batchNodeCount
      Description: Number of blue nodes to drain in a batch.
    - batch_percentage
      Type: FLOAT
      Provider name: batchPercentage
      Description: Percentage of the blue pool nodes to drain in a batch. The range of this field should be (0.0, 1.0].
    - batch_soak_duration
      Type: STRING
      Provider name: batchSoakDuration
      Description: Soak time after each batch gets drained. Default to zero.
- max_surge
  Type: INT32
  Provider name: maxSurge
  Description: The maximum number of nodes that can be created beyond the current size of the node pool during the upgrade process.
- max_unavailable
  Type: INT32
  Provider name: maxUnavailable
  Description: The maximum number of nodes that can be simultaneously unavailable during the upgrade process. A node is considered available if its status is Ready.
- strategy
  Type: STRING
  Provider name: strategy
  Description: Update strategy of the node pool.
  Possible values:
  - NODE_POOL_UPDATE_STRATEGY_UNSPECIFIED - Default value if unset. GKE internally defaults the update strategy to SURGE for unspecified strategies.
  - BLUE_GREEN - blue-green upgrade.
  - SURGE - SURGE is the traditional way of upgrading a node pool. max_surge and max_unavailable determines the level of upgrade parallelism.
version
Type: STRING
Provider name: version
Description: The version of Kubernetes running on this NodePool’s nodes. If unspecified, it defaults as described here.

`notification_config`

Type: STRUCT
Provider name: notificationConfig
Description: Notification configuration of the cluster.

pubsub
Type: STRUCT
Provider name: pubsub
Description: Notification config for Pub/Sub.
- enabled
  Type: BOOLEAN
  Provider name: enabled
  Description: Enable notifications for Pub/Sub.
- filter
  Type: STRUCT
  Provider name: filter
  Description: Allows filtering to one or more specific event types. If no filter is specified, or if a filter is specified with no event types, all event types will be sent
  - event_type
    Type: UNORDERED_LIST_STRING
    Provider name: eventType
    Description: Event types to allowlist.
- topic
  Type: STRING
  Provider name: topic
  Description: The desired Pub/Sub topic to which notifications will be sent by GKE. Format is projects/{project}/topics/{topic}.

`organization_id`

Type: STRING

`parent`

Type: STRING

`parent_product_config`

Type: STRUCT
Provider name: parentProductConfig
Description: The configuration of the parent product of the cluster. This field is used by Google internal products that are built on top of the GKE cluster and take the ownership of the cluster.

product_name
Type: STRING
Provider name: productName
Description: Name of the parent product associated with the cluster.

`pod_security_policy_config`

Type: STRUCT
Provider name: podSecurityPolicyConfig
Description: Configuration for the PodSecurityPolicy feature.

enabled
Type: BOOLEAN
Provider name: enabled
Description: Enable the PodSecurityPolicy controller for this cluster. If enabled, pods must be valid under a PodSecurityPolicy to be created.

`private_cluster`

Type: BOOLEAN
Provider name: privateCluster
Description: If this is a private cluster setup. Private clusters are clusters that, by default have no external IP addresses on the nodes and where nodes and the master communicate over private IP addresses. This field is deprecated, use private_cluster_config.enable_private_nodes instead.

`private_cluster_config`

Type: STRUCT
Provider name: privateClusterConfig
Description: Configuration for private cluster.

enable_private_endpoint
Type: BOOLEAN
Provider name: enablePrivateEndpoint
Description: Whether the master’s internal IP address is used as the cluster endpoint.
enable_private_nodes
Type: BOOLEAN
Provider name: enablePrivateNodes
Description: Whether nodes have internal IP addresses only. If enabled, all nodes are given only RFC 1918 private addresses and communicate with the master via private networking.
master_global_access_config
Type: STRUCT
Provider name: masterGlobalAccessConfig
Description: Controls master global access settings.
- enabled
  Type: BOOLEAN
  Provider name: enabled
  Description: Whenever master is accessible globally or not.
master_ipv4_cidr_block
Type: STRING
Provider name: masterIpv4CidrBlock
Description: The IP range in CIDR notation to use for the hosted master network. This range will be used for assigning internal IP addresses to the master or set of masters, as well as the ILB VIP. This range must not overlap with any other ranges in use within the cluster’s network.
peering_name
Type: STRING
Provider name: peeringName
Description: Output only. The peering name in the customer VPC used by this cluster.
private_endpoint
Type: STRING
Provider name: privateEndpoint
Description: Output only. The internal IP address of this cluster’s master endpoint.
private_endpoint_subnetwork
Type: STRING
Provider name: privateEndpointSubnetwork
Description: Subnet to provision the master’s private endpoint during cluster creation. Specified in projects//regions//subnetworks/* format.
public_endpoint
Type: STRING
Provider name: publicEndpoint
Description: Output only. The external IP address of this cluster’s master endpoint.

`project_id`

Type: STRING

`project_number`

Type: STRING

`protect_config`

Type: STRUCT
Provider name: protectConfig
Description: Deprecated: Use SecurityPostureConfig instead. Enable/Disable Protect API features for the cluster.

workload_config
Type: STRUCT
Provider name: workloadConfig
Description: WorkloadConfig defines which actions are enabled for a cluster’s workload configurations.
- audit_mode
  Type: STRING
  Provider name: auditMode
  Description: Sets which mode of auditing should be used for the cluster’s workloads.
  Possible values:
  - MODE_UNSPECIFIED - Default value meaning that no mode has been specified.
  - DISABLED - This disables Workload Configuration auditing on the cluster, meaning that nothing is surfaced.
  - BASIC - Applies the default set of policy auditing to a cluster’s workloads.
  - BASELINE - Surfaces configurations that are not in line with the Pod Security Standard Baseline policy.
  - RESTRICTED - Surfaces configurations that are not in line with the Pod Security Standard Restricted policy.
workload_vulnerability_mode
Type: STRING
Provider name: workloadVulnerabilityMode
Description: Sets which mode to use for Protect workload vulnerability scanning feature.
Possible values:
- WORKLOAD_VULNERABILITY_MODE_UNSPECIFIED - Default value not specified.
- DISABLED - Disables Workload Vulnerability Scanning feature on the cluster.
- BASIC - Applies basic vulnerability scanning settings for cluster workloads.

`release_channel`

Type: STRUCT
Provider name: releaseChannel
Description: Release channel configuration. If left unspecified on cluster creation and a version is specified, the cluster is enrolled in the most mature release channel where the version is available (first checking STABLE, then REGULAR, and finally RAPID). Otherwise, if no release channel configuration and no version is specified, the cluster is enrolled in the REGULAR channel with its default version.

channel
Type: STRING
Provider name: channel
Description: channel specifies which release channel the cluster is subscribed to.
Possible values:
- UNSPECIFIED - No channel specified.
- RAPID - RAPID channel is offered on an early access basis for customers who want to test new releases. WARNING: Versions available in the RAPID Channel may be subject to unresolved issues with no known workaround and are not subject to any SLAs.
- REGULAR - Clusters subscribed to REGULAR receive versions that are considered GA quality. REGULAR is intended for production users who want to take advantage of new features.
- STABLE - Clusters subscribed to STABLE receive versions that are known to be stable and reliable in production.
- EXTENDED - Clusters subscribed to EXTENDED receive extended support and availability for versions which are known to be stable and reliable in production.

`resource_name`

Type: STRING

`resource_usage_export_config`

Type: STRUCT
Provider name: resourceUsageExportConfig
Description: Configuration for exporting resource usages. Resource usage export is disabled when this config unspecified.

bigquery_destination
Type: STRUCT
Provider name: bigqueryDestination
Description: Configuration to use BigQuery as usage export destination.
- dataset_id
  Type: STRING
  Provider name: datasetId
  Description: The ID of a BigQuery Dataset.
consumption_metering_config
Type: STRUCT
Provider name: consumptionMeteringConfig
Description: Configuration to enable resource consumption metering.
- enabled
  Type: BOOLEAN
  Provider name: enabled
  Description: Whether to enable consumption metering for this cluster. If enabled, a second BigQuery table will be created to hold resource consumption records.
enable_network_egress_metering
Type: BOOLEAN
Provider name: enableNetworkEgressMetering
Description: Whether to enable network egress metering for this cluster. If enabled, a daemonset will be created in the cluster to meter network egress traffic.

`satisfies_pzi`

Type: BOOLEAN
Provider name: satisfiesPzi
Description: Output only. Reserved for future use.

`satisfies_pzs`

Type: BOOLEAN
Provider name: satisfiesPzs
Description: Output only. Reserved for future use.

`secret_manager_config`

Type: STRUCT
Provider name: secretManagerConfig
Description: Secret CSI driver configuration.

enabled
Type: BOOLEAN
Provider name: enabled
Description: Whether the cluster is configured to use secret manager CSI component.

`security_posture_config`

Type: STRUCT
Provider name: securityPostureConfig
Description: Enable/Disable Security Posture API features for the cluster.

mode
Type: STRING
Provider name: mode
Description: Sets which mode to use for Security Posture features.
Possible values:
- MODE_UNSPECIFIED - Default value not specified.
- DISABLED - Disables Security Posture features on the cluster.
- BASIC - Applies Security Posture features on the cluster.
- ENTERPRISE - Applies the Security Posture off cluster Enterprise level features.
vulnerability_mode
Type: STRING
Provider name: vulnerabilityMode
Description: Sets which mode to use for vulnerability scanning.
Possible values:
- VULNERABILITY_MODE_UNSPECIFIED - Default value not specified.
- VULNERABILITY_DISABLED - Disables vulnerability scanning on the cluster.
- VULNERABILITY_BASIC - Applies basic vulnerability scanning on the cluster.
- VULNERABILITY_ENTERPRISE - Applies the Security Posture’s vulnerability on cluster Enterprise level features.

`self_link`

Type: STRING
Provider name: selfLink
Description: Output only. Server-defined URL for the resource.

`services_ipv4_cidr`

Type: STRING
Provider name: servicesIpv4Cidr
Description: Output only. The IP address range of the Kubernetes services in this cluster, in CIDR notation (e.g. 1.2.3.4/29). Service addresses are typically put in the last /16 from the container CIDR.

`shielded_nodes`

Type: STRUCT
Provider name: shieldedNodes
Description: Shielded Nodes configuration.

enabled
Type: BOOLEAN
Provider name: enabled
Description: Whether Shielded Nodes features are enabled on all nodes in this cluster.

`status_message`

Type: STRING
Provider name: statusMessage
Description: Output only. Deprecated. Use conditions instead. Additional information about the current status of this cluster, if available.

`subnetwork`

Type: STRING
Provider name: subnetwork
Description: The name of the Google Compute Engine subnetwork to which the cluster is connected. On output this shows the subnetwork ID instead of the name.

`tags`

Type: UNORDERED_LIST_STRING

`tpu_config`

Type: STRUCT
Provider name: tpuConfig
Description: Configuration for Cloud TPU support;

enabled
Type: BOOLEAN
Provider name: enabled
Description: Whether Cloud TPU integration is enabled or not.
ipv4_cidr_block
Type: STRING
Provider name: ipv4CidrBlock
Description: IPv4 CIDR block reserved for Cloud TPU in the VPC.
use_service_networking
Type: BOOLEAN
Provider name: useServiceNetworking
Description: Whether to use service networking for Cloud TPU or not.

`tpu_ipv4_cidr_block`

Type: STRING
Provider name: tpuIpv4CidrBlock
Description: Output only. The IP address range of the Cloud TPUs in this cluster, in CIDR notation (e.g. 1.2.3.4/29).

`vertical_pod_autoscaling`

Type: STRUCT
Provider name: verticalPodAutoscaling
Description: Cluster-level Vertical Pod Autoscaling configuration.

enabled
Type: BOOLEAN
Provider name: enabled
Description: Enables vertical pod autoscaling.

`workload_alts_config`

Type: STRUCT
Provider name: workloadAltsConfig
Description: Configuration for direct-path (via ALTS) with workload identity.

enable_alts
Type: BOOLEAN
Provider name: enableAlts
Description: enable_alts controls whether the alts handshaker should be enabled or not for direct-path. Requires Workload Identity (workload_pool must be non-empty).

`workload_certificates`

Type: STRUCT
Provider name: workloadCertificates
Description: Configuration for issuance of mTLS keys and certificates to Kubernetes pods.

enable_certificates
Type: BOOLEAN
Provider name: enableCertificates
Description: enable_certificates controls issuance of workload mTLS certificates. If set, the GKE Workload Identity Certificates controller and node agent will be deployed in the cluster, which can then be configured by creating a WorkloadCertificateConfig Custom Resource. Requires Workload Identity (workload_pool must be non-empty).

`workload_identity_config`

Type: STRUCT
Provider name: workloadIdentityConfig
Description: Configuration for the use of Kubernetes Service Accounts in GCP IAM policies.

identity_namespace
Type: STRING
Provider name: identityNamespace
Description: IAM Identity Namespace to attach all Kubernetes Service Accounts to.
identity_provider
Type: STRING
Provider name: identityProvider
Description: identity provider is the third party identity provider.
workload_pool
Type: STRING
Provider name: workloadPool
Description: The workload pool to attach all Kubernetes service accounts to.

`zone`

Type: STRING
Provider name: zone
Description: Output only. The name of the Google Compute Engine zone in which the cluster resides. This field is deprecated, use location instead.