| location |
The location where this cluster should live. (Required) |
| name |
The name of this cluster. (Required) |
| description |
The optional description of this cluster. |
| master-auth-config subresource |
The authentication information for accessing the master endpoint.
- client-certificate-config subresource
The configuration for client certificate authentication on the cluster. (Required)
- issue-client-certificate
- When set to
true, a client certificate is issued. (Required)
|
| logging-service |
The logging service the cluster should use to write logs. Defaults to logging.googleapis.com/kubernetes for GKE 1.14+ or logging.googleapis.com for earlier versions. Valid values are logging.googleapis.com/kubernetes or logging.googleapis.com. |
| monitoring-service |
The monitoring service the cluster should use to write metrics. Defaults to monitoring.googleapis.com/kubernetes for GKE 1.14+ or monitoring.googleapis.com for earlier versions. Valid values are monitoring.googleapis.com/kubernetes or monitoring.googleapis.com. |
| network |
The Google Compute Engine network to which the cluster is connected. If left unspecified, the default network will be used. |
| cluster-ipv4-cidr |
The IP address range of the container pods in this cluster. Leave blank to have one automatically chosen or specify a /14 block in 10.0.0.0/8. |
| addons-config subresource |
The configurations for the various addons available to run in the cluster.
- http-load-balancing subresource
The configuration for the HTTP (L7) load balancing controller addon, which makes it easy to set up HTTP load balancers for services in a cluster.
- disabled
- When set to
true, the HTTP Load Balancing controller is disabled in the cluster. (Required)
- horizontal-pod-autoscaling subresource
The configuration for the horizontal pod autoscaling feature, which increases or decreases the number of replica pods a replication controller has based on the resource usage of the existing pods.
- disabled
- When set to
true, the Horizontal Pod Autoscaling feature is disabled in the cluster. (Required)
- network-policy-config subresource
The configuration for NetworkPolicy.
- disabled
- When set to
true, NetworkPolicy is disabled for this cluster. (Required)
- cloud-run-config subresource
The configuration for the Cloud Run addon, which allows the user to use a managed Knative service.
- disabled
- When set to
true, the Cloud Run addon is disabled for this cluster. (Required)
- load-balancer-type
- The load balancer type which is installed for Cloud Run. Valid values are
LOAD_BALANCER_TYPE_EXTERNAL or LOAD_BALANCER_TYPE_INTERNAL.
- dns-cache-config subresource
The configuration for NodeLocalDNS, a dns cache running on cluster nodes.
- enabled
- When set to
true the NodeLocal DNSCache is enabled for this cluster. (Required)
- config-connector-config subresource
The configuration for the ConfigConnector add-on, a Kubernetes extension to manage hosted GCP services through the Kubernetes API.
- enabled
- When set to
true, the Cloud Connector is enabled for this cluster. (Required)
|
| subnetwork |
The Google Compute Engine subnetwork to which the cluster is connected. |
| node-locations list |
The list of Google Compute Engine zones in which the cluster’s nodes should be located. |
| enable-kubernetes-alpha |
When set to true, kubernetes alpha features are enabled on this cluster. This includes alpha API groups (e.g. v1alpha1) and features that may not be production ready in the kubernetes version of the master and nodes. The cluster has no SLA for uptime and master/node upgrades are disabled. Alpha enabled clusters are automatically deleted thirty days after creation. |
| legacy-abac-config subresource |
The configuration for the legacy Attribute Based Access Control authorization mode.
- enabled
- When se to
true, the ABAC authorizer is enabled for this cluster. Identities in the system, including service accounts, nodes, and controllers, will have statically granted permissions beyond those provided by the RBAC configuration or IAM. (Required)
|
| network-policy-config subresource |
The configuration for the cluster networking. Cannot be set if autopilot is set.
- enabled
- When set to
true, the network policy is enabled on the cluster. (Required)
- provider
- The selected network policy provider. Currently the only supported value is
CALICO.
|
| ip-allocation-policy subresource |
The configuration for controlling how IPs are allocated in the cluster.
- use-ip-aliases
- When set to
true, alias IPs will be used for pod IPs in the cluster. (Required)
- create-subnetwork
- When set to
true, a new subnetwork will be created automatically for the cluster.
- subnetwork-name
- The name for the subnetwork that should be created.
- cluster-secondary-range-name
- The name of the secondary range to be used for the cluster CIDR block.
- services-secondary-range-name
- The name of the secondary range to be used for the services CIDR block.
- cluster-ipv4-cidr-block
- The IP address range for the cluster pod IPs.
- node-ipv4-cidr-block
- The IP address range of the instance IPs in this cluster.
- services-ipv4-cidr-block
- The IP address range of the services IPs in this cluster.
- tpu-ipv4-cidr-block
- The IP address range of the Cloud TPUs in this cluster.
- use-routes
- When set to
true, routes will be used for pod IPs in the cluster.
|
| master-authorized-networks-config subresource |
The configuration options for master authorized networks feature.
- enabled
- When set to
true, master authorized networks is enabled. (Required)
- cidr-block list subresource
The list of cidr blocks for the master authorized networks.
- cidr-block
- The CIDR block. (Required)
- name
- The name of the CIDR block.
|
| maintenance-policy subresource |
The configuration for the maintenance policy for this cluster.
- version
- The hash identifying the version of this policy, so that updates to fields of the policy won’t accidentally undo intermediate changes (and so that users of the API unaware of some fields won’t accidentally remove other fields).
- maintenance-window subresource
The maintenance window in which maintenance may be performed.
- maintenance-exclusion list subresource
The exceptions to the maintenance window. Non-emergency maintenance should not occur in these windows.
- start-time
- The start time of the time window. Must be a string matching the
mm/dd/yyyy format. Valid values satisfy the regex: [^(1[0-2]|0[1-9])\/(3[01]|[012][0-9]|)\/[0-9]{4}$].
- end-time
- The end time of the time window. Must be a string matching the
mm/dd/yyyy format. Valid values satisfy the regex: [^(1[0-2]|0[1-9])\/(3[01]|[012][0-9]|)\/[0-9]{4}$].
- name
- The name of the time window.
- daily-maintenance-window subresource
The daily maintenance operation window.
- start-time
- The start time of the maintenance window Must be Time format should be in RFC3339 format
HH:MM, where HH : [00-23] and MM : [00-59] GMT. Valid values satisfy the regex: [^([01]?[0-9]|2[0-3]):[0-5][0-9]$]. (Required)
- recurring-time-window subresource
The recurring time periods for maintenance to occur. The time windows may be overlapping. If no maintenance windows are set, maintenance can occur at any time.
- window subresource
The window of the first recurrence.
- start-time
- The start time of the time window. Must be a string matching the
mm/dd/yyyy format. Valid values satisfy the regex: [^(1[0-2]|0[1-9])\/(3[01]|[012][0-9]|)\/[0-9]{4}$].
- end-time
- The end time of the time window. Must be a string matching the
mm/dd/yyyy format. Valid values satisfy the regex: [^(1[0-2]|0[1-9])\/(3[01]|[012][0-9]|)\/[0-9]{4}$].
- name
- The name of the time window.
- recurrence
- The RRULE for how this window reccurs. They go on for the span of time between the start and end time.
|
| binary-authorization-config subresource |
The configuration for Binary Authorization.
- enabled
- When set to
true, all container images will be validated by Binary Authorization. (Required)
|
| cluster-autoscaling-config subresource |
The cluster-level autoscaling configuration.
- enable-node-autoprovisioning
- When set to
true, node pools are created and deleted automatically. (Required)
- resource-limit list subresource
The list of global constraints regarding minimum and maximum amount of resources in the cluster.
- resource-type
- The resource name. (Required)
- minimum
- The minimum amount of the resource in the cluster.
- maximum
- The maximum amount of the resource in the cluster.
- autoprovisioning-node-pool-defaults subresource
The defaults for a node pool created by NAP.
- oauth-scopes list
- The scopes that are used by NAP when creating node pools.
- service-account
- The Google Cloud Platform Service Account to be used by the node VMs.
- upgrade-settings subresource
The upgrade settings for NAP created node pools.
- max-surge
- The maximum number of nodes that can be created beyond the current size of the node pool during the upgrade process.
- max-unavailable
- The maximum number of nodes that can be simultaneously unavailable during the upgrade process.
- management subresource
The node management options for NAP created node-pools.
- auto-upgrade
- When set to
true, the node auto-upgrade is enabled for the node pool.
- auto-repair
- When set to
true, the node auto-repair is enabled for the node pool.
- min-cpu-platform
- The minimum CPU platform to be used for NAP created node pools.
- disk-size-gb
- The size of the disk attached to each node, specified in GB.
- disk-type
- The type of the disk attached to each node. Valid values are
pd-standard, pd-ssd or pd-balanced.
- shielded-instance-config subresource
The shielded instance options.
- enable-secure-boot
- When set to
true, instance has Secure Boot enabled.
- enable-integrity-monitoring
- When set to
true, the instance has integrity monitoring enabled.
- boot-disk-kms-key
- The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool.
- autoprovisioning-locations list
- The list of Google Compute Engine in which the NodePool’s nodes can be created by NAP.
|
| network-config subresource |
The configuration for cluster networking.
- enable-intra-node-visibility
- When set to
true, the Intra-node visibility is enabled for this cluster.
- default-snat-status subresource
The configuration for the default in-node SNAT rules.
- disabled
- When set to
true, the cluster default SNAT rules are disabled. (Required)
- datapath-provider
- The datapath provider. Valid values are
LEGACY_DATAPATH or ADVANCED_DATAPATH.
|
| default-max-pods-constraint subresource |
The default constraint on the maximum number of pods that can be run simultaneously on a node in the node pool of this cluster.
- max-pods-per-node
- The max num of pods per node. (Required)
|
| resource-usage-export-config subresource |
The configuration for exporting resource usages.
- enable-network-egress-metering
- When set to
true, a daemonset will be created in the cluster to meter network egress traffic.
- bigquery-destination subresource
The configuration to use BigQuery as usage export destination.
- data-set-id
- The ID of a BigQuery Dataset. (Required)
- consumption-metering-config subresource
The configuration to enable resource consumption metering.
- enabled
- When set to
true, consumption metering in enabled for this cluster. (Required)
|
| authenticator-groups-config subresource |
The configuration for the authenticator groups.
- enabled
- When set to
true this cluster returns group membership lookups during authentication using a group of security groups. (Required)
- security-group
- The name of the security group-of-groups to be used. Can only be set if
enabled is set.
|
| private-cluster-config subresource |
The configuration for private cluster.
- enable-private-nodes
- When set to
true the nodes have internal IP addresses only and all nodes are given only RFC 1918 private addresses and communicate with the master via private networking.
- enable-private-endpoint
- When set to
true the master’s internal IP address is used as the cluster endpoint.
- master-ipv4-cidr-block
- The IP range in CIDR notation to use for the hosted master network. This range will be used for assigning internal IP addresses to the master or set of masters, as well as the ILB VIP. This range must not overlap with any other ranges in use within the cluster’s network. (Required)
- master-global-access-config subresource
The master global access settings.
- enabled
- When set to
true master is accessible globally. (Required)
|
| database-encryption subresource |
The configuration of etcd encryption.
- state
- The state of etcd encryption. Valid values are
ENCRYPTED or DECRYPTED.
- key
- The CloudKMS key to use for the encryption of secrets in etcd.
|
| vertical-pod-autoscaling subresource |
The cluster-level Vertical Pod Autoscaling configuration.
- enabled
- When set to
true vertical pod autoscaling is enabled. (Required)
|
| shielded-nodes subresource |
The configuration to enable shielded nodes in the cluster.
- enabled
- When set to
true the Shielded Nodes feature is enabled on all nodes in this cluster. (Required)
|
| release-channel subresource |
The configuration for the release channel that the cluster is subscribed to.
- channel
- The release channel the cluster is subscribed to. Valid values are
RAPID, REGULAR or STABLE. (Required)
|
| workload-identity-config subresource |
The configuration for the use of Kubernetes Service Accounts in GCP IAM policies.
- workload-pool
- The workload pool to attach all Kubernetes service accounts to. (Required)
|
| initial-cluster-version |
The initial Kubernetes version for this cluster. |
| condition list subresource |
The conditions which caused the current cluster state.
- message
- The human-friendly representation of the condition
- canonical-code
- The canonical code of the condition. Valid values are
GCE_STOCKOUT, GKE_SERVICE_ACCOUNT_DELETED, GCE_QUOTA_EXCEEDED, SET_BY_OPERATOR or CLOUD_KMS_KEY_ERROR.
|
| enable-tpu |
When set to true Cloud TPUs can be used in this cluster. |
| labels map |
The resource labels for the cluster to use to annotate any related Google Compute Engine resources. |
| node-pool list subresource |
The node pools associated with this cluster. (Required)
- autoscaling subresource
The autoscaler configuration for this NodePool.
- autoprovisioned
- When set to
true, the node pool be deleted automatically.
- enabled
- When set to
true, autoscaling is enabled for this node pool. (Required)
- max-node-count
- The maximum number of nodes in the NodePool. Minimum allowed value is
1.
- min-node-count
- The minimum number of nodes in the NodePool. Minimum allowed value is
1.
- condition list subresource
The conditions which caused the current node pool state.
- message
- The human-friendly representation of the condition
- canonical-code
- The canonical code of the condition. Valid values are
GCE_STOCKOUT, GKE_SERVICE_ACCOUNT_DELETED, GCE_QUOTA_EXCEEDED, SET_BY_OPERATOR or CLOUD_KMS_KEY_ERROR.
- config subresource
The node configuration of the pool.
- machine-type
- The name of a Google Compute Engine machine type. Defaults to
e2-medium.
- disk-size-gb
- The size of the disk attached to each node, specified in GB. The smallest allowed disk size is
10. Defaults to 100. Minimum allowed value is 10.
- oauth-scopes set
The set of Google API scopes to be made available on all of the node VMs under the default service account.
The following scopes are recommended, but not required, and by default are not included:
`https://www.googleapis.com/auth/compute`_ is required for mounting persistent storage on your nodes.
`https://www.googleapis.com/auth/devstorage.read_only`_ is required for communicating with gcr.io (the Google Container Registry).
If unspecified, no scopes are added, unless Cloud Logging or Cloud Monitoring are enabled, in which case their required scopes will be added.
- service-account
- The Google Cloud Platform Service Account to be used by the node VMs. Specify the email address of the Service Account; otherwise, if no Service Account is specified, the “default” service account is used.
- metadata map
- The metadata key/value pairs assigned to instances in the cluster.
- image-type
- The image type to use for this node. Note that for a given image type, the latest version of it will be used.
- labels map
- The map of Kubernetes labels (key/value pairs) to be applied to each node. These will added in addition to any default label(s) that Kubernetes may apply to the node. In case of conflict in label keys, the applied set may differ depending on the Kubernetes version – it’s best to assume the behavior is undefined and conflicts should be avoided. For more information, including usage and the valid values, see Working with objects.
- local-ssd-count
- The number of local SSD disks to be attached to the node. The limit for this value is dependent upon the maximum number of disks available on a machine per zone. See also Local SSD.
- tags list
- The list of instance tags applied to all nodes. Tags are used to identify valid sources or targets for network firewalls and are specified by the client during cluster or node pool creation. Each tag within the list must comply with RFC1035.
- preemptible
- When set to
true, the nodes are created as preemptible VM instances. See also `Preemptible <https://cloud.google.com/compute/docs/instances/preemptible>_.
- accelerators list subresource
The list of hardware accelerators to be attached to each node. See also GPUs.
- accelerator-count
- The number of the accelerator cards exposed to an instance.
- accelerator-type
- The accelerator type resource name. List of supported accelerators. Valid values are
nvidia-tesla-k80, nvidia-tesla-p100, nvidia-tesla-p4, nvidia-tesla-v100, nvidia-tesla-t4 or nvidia-tesla-a100. (Required)
- disk-type
- Type of the disk attached to each node. Defaults to
pd-standard.
- min-cpu-platform
- Minimum CPU platform to be used by this instance. The instance may be scheduled on the specified or newer CPU platform. Applicable values are the friendly names of CPU platforms, such as minCpuPlatform: “Intel Haswell” or minCpuPlatform: “Intel Sandy Bridge”.
- workload-metadata-config subresource
The workload metadata configuration for this node.
- mode
- The mode is the configuration for how to expose metadata to workloads running on the node pool. Valid values are
GCE_METADATA or GKE_METADATA. (Required)
- taint set subresource
The list of kubernetes taints to be applied to each node. See also Taint and toleration.
- key
- The key for taint. (Required)
- value
- The value for taint. (Required)
- effect
- The effect for taint. Valid values are
NO_SCHEDULE, PREFER_NO_SCHEDULE or NO_EXECUTE. (Required)
- sandbox-config subresource
The sandbox configuration for this node.
- type
- The type of the sandbox to use for the node. Currently the only supported value is
GVISOR. (Required)
- node-group
- The node group on which to run the instances of this pool. This is useful for running workloads on sole tenant nodes.
- reservation-affinity subresource
The optional reservation affinity. Setting this field will apply the specified Zonal Compute Reservation to this node pool.
- consume-reservation-type
- The type of reservation consumption. Valid values are
NO_RESERVATION, ANY_RESERVATION or SPECIFIC_RESERVATION. (Required)
- key
- The label key of a reservation resource. To target a
SPECIFIC_RESERVATION by name, specify googleapis.com/reservation-name as the key and specify the name of your reservation as its value. (Required)
- values list
- The label value(s) of reservation resource(s). (Required)
- boot-disk-kms-key
- The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool.
- initial-node-count
- The initial node count for the pool. (Required)
- locations list
- The list of Google Compute Engine [zones](https://cloud.google.com/compute/docs/zones#available) in which the NodePool’s nodes should be located.
- management subresource
The node management configuration for this NodePool.
- auto-upgrade
- When set to
true, the node auto-upgrade is enabled for the node pool.
- auto-repair
- When set to
true, the node auto-repair is enabled for the node pool.
- max-pods-constraint subresource
The constraint on the maximum number of pods that can be run simultaneously on a node in the node pool.
- max-pods-per-node
- The max num of pods per node. (Required)
- name
- The name of the node pool. (Required)
- upgrade-settings subresource
The upgrade settings which control disruption and speed of the upgrade.
- max-surge
- The maximum number of nodes that can be created beyond the current size of the node pool during the upgrade process.
- max-unavailable
- The maximum number of nodes that can be simultaneously unavailable during the upgrade process.
- version
- The version of the Kubernetes of this node.
|
| master-version |
The current software version of the master endpoint. |
| identity-service-config subresource |
The identity service configuration.
- enabled
- When set to
true, the identity service will be enabled. (Required)
|
| autopilot subresource |
The autopilot configuration. Cannot be set if network-policy-config is set.
- enabled
- When set to
true, the cluster will be created as an autopilot cluster. (Required)
|
| logging-config subresource |
The logging configuration. |