1apiVersion: apiextensions.k8s.io/v1
2kind: CustomResourceDefinition
3metadata:
4 annotations:
5 cnrm.cloud.google.com/version: 0.0.0-dev
6 creationTimestamp: null
7 labels:
8 cnrm.cloud.google.com/managed-by-kcc: "true"
9 cnrm.cloud.google.com/stability-level: stable
10 cnrm.cloud.google.com/system: "true"
11 cnrm.cloud.google.com/tf2crd: "true"
12 name: containerclusters.container.cnrm.cloud.google.com
13spec:
14 group: container.cnrm.cloud.google.com
15 names:
16 categories:
17 - gcp
18 kind: ContainerCluster
19 plural: containerclusters
20 shortNames:
21 - gcpcontainercluster
22 - gcpcontainerclusters
23 singular: containercluster
24 preserveUnknownFields: false
25 scope: Namespaced
26 versions:
27 - additionalPrinterColumns:
28 - jsonPath: .metadata.creationTimestamp
29 name: Age
30 type: date
31 - description: When 'True', the most recent reconcile of the resource succeeded
32 jsonPath: .status.conditions[?(@.type=='Ready')].status
33 name: Ready
34 type: string
35 - description: The reason for the value in 'Ready'
36 jsonPath: .status.conditions[?(@.type=='Ready')].reason
37 name: Status
38 type: string
39 - description: The last transition time for the value in 'Status'
40 jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime
41 name: Status Age
42 type: date
43 name: v1beta1
44 schema:
45 openAPIV3Schema:
46 properties:
47 apiVersion:
48 description: 'apiVersion defines the versioned schema of this representation
49 of an object. Servers should convert recognized schemas to the latest
50 internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources'
51 type: string
52 kind:
53 description: 'kind is a string value representing the REST resource this
54 object represents. Servers may infer this from the endpoint the client
55 submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds'
56 type: string
57 metadata:
58 type: object
59 spec:
60 properties:
61 addonsConfig:
62 description: The configuration for addons supported by GKE.
63 properties:
64 cloudrunConfig:
65 description: The status of the CloudRun addon. It is disabled
66 by default. Set disabled = false to enable.
67 properties:
68 disabled:
69 type: boolean
70 loadBalancerType:
71 type: string
72 required:
73 - disabled
74 type: object
75 configConnectorConfig:
76 description: The of the Config Connector addon.
77 properties:
78 enabled:
79 type: boolean
80 required:
81 - enabled
82 type: object
83 dnsCacheConfig:
84 description: The status of the NodeLocal DNSCache addon. It is
85 disabled by default. Set enabled = true to enable.
86 properties:
87 enabled:
88 type: boolean
89 required:
90 - enabled
91 type: object
92 gcePersistentDiskCsiDriverConfig:
93 description: Whether this cluster should enable the Google Compute
94 Engine Persistent Disk Container Storage Interface (CSI) Driver.
95 Defaults to enabled; set disabled = true to disable.
96 properties:
97 enabled:
98 type: boolean
99 required:
100 - enabled
101 type: object
102 gcpFilestoreCsiDriverConfig:
103 description: The status of the Filestore CSI driver addon, which
104 allows the usage of filestore instance as volumes. Defaults
105 to disabled; set enabled = true to enable.
106 properties:
107 enabled:
108 type: boolean
109 required:
110 - enabled
111 type: object
112 gcsFuseCsiDriverConfig:
113 description: The status of the GCS Fuse CSI driver addon, which
114 allows the usage of gcs bucket as volumes. Defaults to disabled;
115 set enabled = true to enable.
116 properties:
117 enabled:
118 type: boolean
119 required:
120 - enabled
121 type: object
122 gkeBackupAgentConfig:
123 description: The status of the Backup for GKE Agent addon. It
124 is disabled by default. Set enabled = true to enable.
125 properties:
126 enabled:
127 type: boolean
128 required:
129 - enabled
130 type: object
131 horizontalPodAutoscaling:
132 description: The status of the Horizontal Pod Autoscaling addon,
133 which increases or decreases the number of replica pods a replication
134 controller has based on the resource usage of the existing pods.
135 It ensures that a Heapster pod is running in the cluster, which
136 is also used by the Cloud Monitoring service. It is enabled
137 by default; set disabled = true to disable.
138 properties:
139 disabled:
140 type: boolean
141 required:
142 - disabled
143 type: object
144 httpLoadBalancing:
145 description: The status of the HTTP (L7) load balancing controller
146 addon, which makes it easy to set up HTTP load balancers for
147 services in a cluster. It is enabled by default; set disabled
148 = true to disable.
149 properties:
150 disabled:
151 type: boolean
152 required:
153 - disabled
154 type: object
155 istioConfig:
156 description: The status of the Istio addon.
157 properties:
158 auth:
159 description: The authentication type between services in Istio.
160 Available options include AUTH_MUTUAL_TLS.
161 type: string
162 disabled:
163 description: The status of the Istio addon, which makes it
164 easy to set up Istio for services in a cluster. It is disabled
165 by default. Set disabled = false to enable.
166 type: boolean
167 required:
168 - disabled
169 type: object
170 kalmConfig:
171 description: Configuration for the KALM addon, which manages the
172 lifecycle of k8s. It is disabled by default; Set enabled = true
173 to enable.
174 properties:
175 enabled:
176 type: boolean
177 required:
178 - enabled
179 type: object
180 networkPolicyConfig:
181 description: Whether we should enable the network policy addon
182 for the master. This must be enabled in order to enable network
183 policy for the nodes. To enable this, you must also define a
184 network_policy block, otherwise nothing will happen. It can
185 only be disabled if the nodes already do not have network policies
186 enabled. Defaults to disabled; set disabled = false to enable.
187 properties:
188 disabled:
189 type: boolean
190 required:
191 - disabled
192 type: object
193 type: object
194 authenticatorGroupsConfig:
195 description: Configuration for the Google Groups for GKE feature.
196 properties:
197 securityGroup:
198 description: The name of the RBAC security group for use with
199 Google security groups in Kubernetes RBAC. Group name must be
200 in format gke-security-groups@yourdomain.com.
201 type: string
202 required:
203 - securityGroup
204 type: object
205 binaryAuthorization:
206 description: Configuration options for the Binary Authorization feature.
207 properties:
208 enabled:
209 description: DEPRECATED. Deprecated in favor of evaluation_mode.
210 Enable Binary Authorization for this cluster.
211 type: boolean
212 evaluationMode:
213 description: Mode of operation for Binary Authorization policy
214 evaluation.
215 type: string
216 type: object
217 clusterAutoscaling:
218 description: Per-cluster configuration of Node Auto-Provisioning with
219 Cluster Autoscaler to automatically adjust the size of the cluster
220 and create/delete node pools based on the current needs of the cluster's
221 workload. See the guide to using Node Auto-Provisioning for more
222 details.
223 properties:
224 autoProvisioningDefaults:
225 description: Contains defaults for a node pool created by NAP.
226 properties:
227 bootDiskKMSKeyRef:
228 description: |-
229 Immutable. The Customer Managed Encryption Key used to encrypt the
230 boot disk attached to each node in the node pool.
231 oneOf:
232 - not:
233 required:
234 - external
235 required:
236 - name
237 - not:
238 anyOf:
239 - required:
240 - name
241 - required:
242 - namespace
243 required:
244 - external
245 properties:
246 external:
247 description: 'Allowed value: The `selfLink` field of a
248 `KMSCryptoKey` resource.'
249 type: string
250 name:
251 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
252 type: string
253 namespace:
254 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
255 type: string
256 type: object
257 diskSize:
258 description: Size of the disk attached to each node, specified
259 in GB. The smallest allowed disk size is 10GB.
260 type: integer
261 imageType:
262 description: The default image type used by NAP once a new
263 node pool is being created.
264 type: string
265 management:
266 description: NodeManagement configuration for this NodePool.
267 properties:
268 autoRepair:
269 description: Specifies whether the node auto-repair is
270 enabled for the node pool. If enabled, the nodes in
271 this node pool will be monitored and, if they fail health
272 checks too many times, an automatic repair action will
273 be triggered.
274 type: boolean
275 autoUpgrade:
276 description: Specifies whether node auto-upgrade is enabled
277 for the node pool. If enabled, node auto-upgrade helps
278 keep the nodes in your node pool up to date with the
279 latest release version of Kubernetes.
280 type: boolean
281 upgradeOptions:
282 description: Specifies the Auto Upgrade knobs for the
283 node pool.
284 items:
285 properties:
286 autoUpgradeStartTime:
287 description: This field is set when upgrades are
288 about to commence with the approximate start time
289 for the upgrades, in RFC3339 text format.
290 type: string
291 description:
292 description: This field is set when upgrades are
293 about to commence with the description of the
294 upgrade.
295 type: string
296 type: object
297 type: array
298 type: object
299 minCpuPlatform:
300 description: Minimum CPU platform to be used by this instance.
301 The instance may be scheduled on the specified or newer
302 CPU platform. Applicable values are the friendly names of
303 CPU platforms, such as Intel Haswell.
304 type: string
305 oauthScopes:
306 description: Scopes that are used by NAP when creating node
307 pools.
308 items:
309 type: string
310 type: array
311 serviceAccountRef:
312 oneOf:
313 - not:
314 required:
315 - external
316 required:
317 - name
318 - not:
319 anyOf:
320 - required:
321 - name
322 - required:
323 - namespace
324 required:
325 - external
326 properties:
327 external:
328 description: 'Allowed value: The `email` field of an `IAMServiceAccount`
329 resource.'
330 type: string
331 name:
332 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
333 type: string
334 namespace:
335 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
336 type: string
337 type: object
338 shieldedInstanceConfig:
339 description: Shielded Instance options.
340 properties:
341 enableIntegrityMonitoring:
342 description: Defines whether the instance has integrity
343 monitoring enabled.
344 type: boolean
345 enableSecureBoot:
346 description: Defines whether the instance has Secure Boot
347 enabled.
348 type: boolean
349 type: object
350 upgradeSettings:
351 description: Specifies the upgrade settings for NAP created
352 node pools.
353 properties:
354 blueGreenSettings:
355 description: Settings for blue-green upgrade strategy.
356 properties:
357 nodePoolSoakDuration:
358 description: "Time needed after draining entire blue
359 pool. After this period, blue pool will be cleaned
360 up.\n\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tA duration
361 in seconds with up to nine fractional digits, ending
362 with 's'. Example: \"3.5s\"."
363 type: string
364 standardRolloutPolicy:
365 description: Standard policy for the blue-green upgrade.
366 properties:
367 batchNodeCount:
368 description: Number of blue nodes to drain in
369 a batch.
370 type: integer
371 batchPercentage:
372 description: Percentage of the bool pool nodes
373 to drain in a batch. The range of this field
374 should be (0.0, 1.0].
375 type: number
376 batchSoakDuration:
377 description: "Soak time after each batch gets
378 drained.\n\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tA
379 duration in seconds with up to nine fractional
380 digits, ending with 's'. Example: \"3.5s\"."
381 type: string
382 type: object
383 type: object
384 maxSurge:
385 description: The maximum number of nodes that can be created
386 beyond the current size of the node pool during the
387 upgrade process.
388 type: integer
389 maxUnavailable:
390 description: The maximum number of nodes that can be simultaneously
391 unavailable during the upgrade process.
392 type: integer
393 strategy:
394 description: Update strategy of the node pool.
395 type: string
396 type: object
397 type: object
398 autoscalingProfile:
399 description: Configuration options for the Autoscaling profile
400 feature, which lets you choose whether the cluster autoscaler
401 should optimize for resource utilization or resource availability
402 when deciding to remove nodes from a cluster. Can be BALANCED
403 or OPTIMIZE_UTILIZATION. Defaults to BALANCED.
404 type: string
405 enabled:
406 description: Whether node auto-provisioning is enabled. Resource
407 limits for cpu and memory must be defined to enable node auto-provisioning.
408 type: boolean
409 resourceLimits:
410 description: Global constraints for machine resources in the cluster.
411 Configuring the cpu and memory types is required if node auto-provisioning
412 is enabled. These limits will apply to node pool autoscaling
413 in addition to node auto-provisioning.
414 items:
415 properties:
416 maximum:
417 description: Maximum amount of the resource in the cluster.
418 type: integer
419 minimum:
420 description: Minimum amount of the resource in the cluster.
421 type: integer
422 resourceType:
423 description: The type of the resource. For example, cpu
424 and memory. See the guide to using Node Auto-Provisioning
425 for a list of types.
426 type: string
427 required:
428 - resourceType
429 type: object
430 type: array
431 type: object
432 clusterIpv4Cidr:
433 description: Immutable. The IP address range of the Kubernetes pods
434 in this cluster in CIDR notation (e.g. 10.96.0.0/14). Leave blank
435 to have one automatically chosen or specify a /14 block in 10.0.0.0/8.
436 This field will only work for routes-based clusters, where ip_allocation_policy
437 is not defined.
438 type: string
439 clusterTelemetry:
440 description: Telemetry integration for the cluster.
441 properties:
442 type:
443 description: Type of the integration.
444 type: string
445 required:
446 - type
447 type: object
448 confidentialNodes:
449 description: 'Immutable. Configuration for the confidential nodes
450 feature, which makes nodes run on confidential VMs. Warning: This
451 configuration can''t be changed (or added/removed) after cluster
452 creation without deleting and recreating the entire cluster.'
453 properties:
454 enabled:
455 description: Immutable. Whether Confidential Nodes feature is
456 enabled for all nodes in this cluster.
457 type: boolean
458 required:
459 - enabled
460 type: object
461 costManagementConfig:
462 description: Cost management configuration for the cluster.
463 properties:
464 enabled:
465 description: Whether to enable GKE cost allocation. When you enable
466 GKE cost allocation, the cluster name and namespace of your
467 GKE workloads appear in the labels field of the billing export
468 to BigQuery. Defaults to false.
469 type: boolean
470 required:
471 - enabled
472 type: object
473 databaseEncryption:
474 description: 'Application-layer Secrets Encryption settings. The object
475 format is {state = string, key_name = string}. Valid values of state
476 are: "ENCRYPTED"; "DECRYPTED". key_name is the name of a CloudKMS
477 key.'
478 properties:
479 keyName:
480 description: The key to use to encrypt/decrypt secrets.
481 type: string
482 state:
483 description: ENCRYPTED or DECRYPTED.
484 type: string
485 required:
486 - state
487 type: object
488 datapathProvider:
489 description: Immutable. The desired datapath provider for this cluster.
490 By default, uses the IPTables-based kube-proxy implementation.
491 type: string
492 defaultMaxPodsPerNode:
493 description: Immutable. The default maximum number of pods per node
494 in this cluster. This doesn't work on "routes-based" clusters, clusters
495 that don't have IP Aliasing enabled.
496 type: integer
497 defaultSnatStatus:
498 description: Whether the cluster disables default in-node sNAT rules.
499 In-node sNAT rules will be disabled when defaultSnatStatus is disabled.
500 properties:
501 disabled:
502 description: When disabled is set to false, default IP masquerade
503 rules will be applied to the nodes to prevent sNAT on cluster
504 internal traffic.
505 type: boolean
506 required:
507 - disabled
508 type: object
509 description:
510 description: Immutable. Description of the cluster.
511 type: string
512 dnsConfig:
513 description: Immutable. Configuration for Cloud DNS for Kubernetes
514 Engine.
515 properties:
516 clusterDns:
517 description: Which in-cluster DNS provider should be used.
518 type: string
519 clusterDnsDomain:
520 description: The suffix used for all cluster service records.
521 type: string
522 clusterDnsScope:
523 description: The scope of access to cluster DNS records.
524 type: string
525 type: object
526 enableAutopilot:
527 description: Immutable. Enable Autopilot for this cluster.
528 type: boolean
529 enableBinaryAuthorization:
530 description: DEPRECATED. Deprecated in favor of binary_authorization.
531 Enable Binary Authorization for this cluster. If enabled, all container
532 images will be validated by Google Binary Authorization.
533 type: boolean
534 enableIntranodeVisibility:
535 description: Whether Intra-node visibility is enabled for this cluster.
536 This makes same node pod to pod traffic visible for VPC network.
537 type: boolean
538 enableKubernetesAlpha:
539 description: Immutable. Whether to enable Kubernetes Alpha features
540 for this cluster. Note that when this option is enabled, the cluster
541 cannot be upgraded and will be automatically deleted after 30 days.
542 type: boolean
543 enableL4IlbSubsetting:
544 description: Whether L4ILB Subsetting is enabled for this cluster.
545 type: boolean
546 enableLegacyAbac:
547 description: Whether the ABAC authorizer is enabled for this cluster.
548 When enabled, identities in the system, including service accounts,
549 nodes, and controllers, will have statically granted permissions
550 beyond those provided by the RBAC configuration or IAM. Defaults
551 to false.
552 type: boolean
553 enableShieldedNodes:
554 description: Enable Shielded Nodes features on all nodes in this cluster.
555 Defaults to true.
556 type: boolean
557 enableTpu:
558 description: Immutable. Whether to enable Cloud TPU resources in this
559 cluster.
560 type: boolean
561 gatewayApiConfig:
562 description: Configuration for GKE Gateway API controller.
563 properties:
564 channel:
565 description: The Gateway API release channel to use for Gateway
566 API.
567 type: string
568 required:
569 - channel
570 type: object
571 identityServiceConfig:
572 description: Configuration for Identity Service which allows customers
573 to use external identity providers with the K8S API.
574 properties:
575 enabled:
576 description: Whether to enable the Identity Service component.
577 type: boolean
578 type: object
579 initialNodeCount:
580 description: Immutable. The number of nodes to create in this cluster's
581 default node pool. In regional or multi-zonal clusters, this is
582 the number of nodes per zone. Must be set if node_pool is not set.
583 If you're using google_container_node_pool objects with no default
584 node pool, you'll need to set this to a value of at least 1, alongside
585 setting remove_default_node_pool to true.
586 type: integer
587 ipAllocationPolicy:
588 description: Immutable. Configuration of cluster IP allocation for
589 VPC-native clusters. Adding this block enables IP aliasing, making
590 the cluster VPC-native instead of routes-based.
591 properties:
592 clusterIpv4CidrBlock:
593 description: Immutable. The IP address range for the cluster pod
594 IPs. Set to blank to have a range chosen with the default size.
595 Set to /netmask (e.g. /14) to have a range chosen with a specific
596 netmask. Set to a CIDR notation (e.g. 10.96.0.0/14) from the
597 RFC-1918 private networks (e.g. 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16)
598 to pick a specific range to use.
599 type: string
600 clusterSecondaryRangeName:
601 description: Immutable. The name of the existing secondary range
602 in the cluster's subnetwork to use for pod IP addresses. Alternatively,
603 cluster_ipv4_cidr_block can be used to automatically create
604 a GKE-managed one.
605 type: string
606 podCidrOverprovisionConfig:
607 description: Immutable. Configuration for cluster level pod cidr
608 overprovision. Default is disabled=false.
609 properties:
610 disabled:
611 type: boolean
612 required:
613 - disabled
614 type: object
615 servicesIpv4CidrBlock:
616 description: Immutable. The IP address range of the services IPs
617 in this cluster. Set to blank to have a range chosen with the
618 default size. Set to /netmask (e.g. /14) to have a range chosen
619 with a specific netmask. Set to a CIDR notation (e.g. 10.96.0.0/14)
620 from the RFC-1918 private networks (e.g. 10.0.0.0/8, 172.16.0.0/12,
621 192.168.0.0/16) to pick a specific range to use.
622 type: string
623 servicesSecondaryRangeName:
624 description: Immutable. The name of the existing secondary range
625 in the cluster's subnetwork to use for service ClusterIPs. Alternatively,
626 services_ipv4_cidr_block can be used to automatically create
627 a GKE-managed one.
628 type: string
629 stackType:
630 description: Immutable. The IP Stack type of the cluster. Choose
631 between IPV4 and IPV4_IPV6. Default type is IPV4 Only if not
632 set.
633 type: string
634 type: object
635 location:
636 description: Immutable. The location (region or zone) in which the
637 cluster master will be created, as well as the default node location.
638 If you specify a zone (such as us-central1-a), the cluster will
639 be a zonal cluster with a single cluster master. If you specify
640 a region (such as us-west1), the cluster will be a regional cluster
641 with multiple masters spread across zones in the region, and with
642 default node locations in those zones as well.
643 type: string
644 loggingConfig:
645 description: Logging configuration for the cluster.
646 properties:
647 enableComponents:
648 description: GKE components exposing logs. Valid values include
649 SYSTEM_COMPONENTS, APISERVER, CONTROLLER_MANAGER, SCHEDULER,
650 and WORKLOADS.
651 items:
652 type: string
653 type: array
654 required:
655 - enableComponents
656 type: object
657 loggingService:
658 description: The logging service that the cluster should write logs
659 to. Available options include logging.googleapis.com(Legacy Stackdriver),
660 logging.googleapis.com/kubernetes(Stackdriver Kubernetes Engine
661 Logging), and none. Defaults to logging.googleapis.com/kubernetes.
662 type: string
663 maintenancePolicy:
664 description: The maintenance policy to use for the cluster.
665 properties:
666 dailyMaintenanceWindow:
667 description: 'Time window specified for daily maintenance operations.
668 Specify start_time in RFC3339 format "HH:MM”, where HH : [00-23]
669 and MM : [00-59] GMT.'
670 properties:
671 duration:
672 type: string
673 startTime:
674 type: string
675 required:
676 - startTime
677 type: object
678 maintenanceExclusion:
679 description: Exceptions to maintenance window. Non-emergency maintenance
680 should not occur in these windows.
681 items:
682 properties:
683 endTime:
684 type: string
685 exclusionName:
686 type: string
687 exclusionOptions:
688 description: Maintenance exclusion related options.
689 properties:
690 scope:
691 description: The scope of automatic upgrades to restrict
692 in the exclusion window.
693 type: string
694 required:
695 - scope
696 type: object
697 startTime:
698 type: string
699 required:
700 - endTime
701 - exclusionName
702 - startTime
703 type: object
704 type: array
705 recurringWindow:
706 description: Time window for recurring maintenance operations.
707 properties:
708 endTime:
709 type: string
710 recurrence:
711 type: string
712 startTime:
713 type: string
714 required:
715 - endTime
716 - recurrence
717 - startTime
718 type: object
719 type: object
720 masterAuth:
721 description: DEPRECATED. Basic authentication was removed for GKE
722 cluster versions >= 1.19. The authentication information for accessing
723 the Kubernetes master. Some values in this block are only returned
724 by the API if your service account has permission to get credentials
725 for your GKE cluster. If you see an unexpected diff unsetting your
726 client cert, ensure you have the container.clusters.getCredentials
727 permission.
728 properties:
729 clientCertificate:
730 description: Base64 encoded public certificate used by clients
731 to authenticate to the cluster endpoint.
732 type: string
733 clientCertificateConfig:
734 description: Immutable. Whether client certificate authorization
735 is enabled for this cluster.
736 properties:
737 issueClientCertificate:
738 description: Immutable. Whether client certificate authorization
739 is enabled for this cluster.
740 type: boolean
741 required:
742 - issueClientCertificate
743 type: object
744 clientKey:
745 description: Base64 encoded private key used by clients to authenticate
746 to the cluster endpoint.
747 type: string
748 clusterCaCertificate:
749 description: Base64 encoded public certificate that is the root
750 of trust for the cluster.
751 type: string
752 password:
753 description: The password to use for HTTP basic authentication
754 when accessing the Kubernetes master endpoint.
755 oneOf:
756 - not:
757 required:
758 - valueFrom
759 required:
760 - value
761 - not:
762 required:
763 - value
764 required:
765 - valueFrom
766 properties:
767 value:
768 description: Value of the field. Cannot be used if 'valueFrom'
769 is specified.
770 type: string
771 valueFrom:
772 description: Source for the field's value. Cannot be used
773 if 'value' is specified.
774 properties:
775 secretKeyRef:
776 description: Reference to a value with the given key in
777 the given Secret in the resource's namespace.
778 properties:
779 key:
780 description: Key that identifies the value to be extracted.
781 type: string
782 name:
783 description: Name of the Secret to extract a value
784 from.
785 type: string
786 required:
787 - name
788 - key
789 type: object
790 type: object
791 type: object
792 username:
793 description: The username to use for HTTP basic authentication
794 when accessing the Kubernetes master endpoint. If not present
795 basic auth will be disabled.
796 type: string
797 type: object
798 masterAuthorizedNetworksConfig:
799 description: The desired configuration options for master authorized
800 networks. Omit the nested cidr_blocks attribute to disallow external
801 access (except the cluster node IPs, which GKE automatically whitelists).
802 properties:
803 cidrBlocks:
804 description: External networks that can access the Kubernetes
805 cluster master through HTTPS.
806 items:
807 properties:
808 cidrBlock:
809 description: External network that can access Kubernetes
810 master through HTTPS. Must be specified in CIDR notation.
811 type: string
812 displayName:
813 description: Field for users to identify CIDR blocks.
814 type: string
815 required:
816 - cidrBlock
817 type: object
818 type: array
819 gcpPublicCidrsAccessEnabled:
820 description: Whether master is accessbile via Google Compute Engine
821 Public IP addresses.
822 type: boolean
823 type: object
824 meshCertificates:
825 description: If set, and enable_certificates=true, the GKE Workload
826 Identity Certificates controller and node agent will be deployed
827 in the cluster.
828 properties:
829 enableCertificates:
830 description: When enabled the GKE Workload Identity Certificates
831 controller and node agent will be deployed in the cluster.
832 type: boolean
833 required:
834 - enableCertificates
835 type: object
836 minMasterVersion:
837 description: The minimum version of the master. GKE will auto-update
838 the master to new versions, so this does not guarantee the current
839 master version--use the read-only master_version field to obtain
840 that. If unset, the cluster's version will be set by GKE to the
841 version of the most recent official release (which is not necessarily
842 the latest version).
843 type: string
844 monitoringConfig:
845 description: Monitoring configuration for the cluster.
846 properties:
847 enableComponents:
848 description: GKE components exposing metrics. Valid values include
849 SYSTEM_COMPONENTS, APISERVER, CONTROLLER_MANAGER, SCHEDULER,
850 and WORKLOADS.
851 items:
852 type: string
853 type: array
854 managedPrometheus:
855 description: Configuration for Google Cloud Managed Services for
856 Prometheus.
857 properties:
858 enabled:
859 description: Whether or not the managed collection is enabled.
860 type: boolean
861 required:
862 - enabled
863 type: object
864 type: object
865 monitoringService:
866 description: The monitoring service that the cluster should write
867 metrics to. Automatically send metrics from pods in the cluster
868 to the Google Cloud Monitoring API. VM metrics will be collected
869 by Google Compute Engine regardless of this setting Available options
870 include monitoring.googleapis.com(Legacy Stackdriver), monitoring.googleapis.com/kubernetes(Stackdriver
871 Kubernetes Engine Monitoring), and none. Defaults to monitoring.googleapis.com/kubernetes.
872 type: string
873 networkPolicy:
874 description: Configuration options for the NetworkPolicy feature.
875 properties:
876 enabled:
877 description: Whether network policy is enabled on the cluster.
878 type: boolean
879 provider:
880 description: The selected network policy provider. Defaults to
881 PROVIDER_UNSPECIFIED.
882 type: string
883 required:
884 - enabled
885 type: object
886 networkRef:
887 oneOf:
888 - not:
889 required:
890 - external
891 required:
892 - name
893 - not:
894 anyOf:
895 - required:
896 - name
897 - required:
898 - namespace
899 required:
900 - external
901 properties:
902 external:
903 description: 'Allowed value: The `selfLink` field of a `ComputeNetwork`
904 resource.'
905 type: string
906 name:
907 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
908 type: string
909 namespace:
910 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
911 type: string
912 type: object
913 networkingMode:
914 description: Immutable. Determines whether alias IPs or routes will
915 be used for pod IPs in the cluster.
916 type: string
917 nodeConfig:
918 description: Immutable. The configuration of the nodepool.
919 properties:
920 advancedMachineFeatures:
921 description: Immutable. Specifies options for controlling advanced
922 machine features.
923 properties:
924 threadsPerCore:
925 description: Immutable. The number of threads per physical
926 core. To disable simultaneous multithreading (SMT) set this
927 to 1. If unset, the maximum number of threads supported
928 per core by the underlying processor is assumed.
929 type: integer
930 required:
931 - threadsPerCore
932 type: object
933 bootDiskKMSCryptoKeyRef:
934 oneOf:
935 - not:
936 required:
937 - external
938 required:
939 - name
940 - not:
941 anyOf:
942 - required:
943 - name
944 - required:
945 - namespace
946 required:
947 - external
948 properties:
949 external:
950 description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey`
951 resource.'
952 type: string
953 name:
954 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
955 type: string
956 namespace:
957 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
958 type: string
959 type: object
960 diskSizeGb:
961 description: Immutable. Size of the disk attached to each node,
962 specified in GB. The smallest allowed disk size is 10GB.
963 type: integer
964 diskType:
965 description: Immutable. Type of the disk attached to each node.
966 Such as pd-standard, pd-balanced or pd-ssd.
967 type: string
968 ephemeralStorageConfig:
969 description: Immutable. Parameters for the ephemeral storage filesystem.
970 If unspecified, ephemeral storage is backed by the boot disk.
971 properties:
972 localSsdCount:
973 description: Immutable. Number of local SSDs to use to back
974 ephemeral storage. Uses NVMe interfaces. Each local SSD
975 must be 375 or 3000 GB in size, and all local SSDs must
976 share the same size.
977 type: integer
978 required:
979 - localSsdCount
980 type: object
981 ephemeralStorageLocalSsdConfig:
982 description: Immutable. Parameters for the ephemeral storage filesystem.
983 If unspecified, ephemeral storage is backed by the boot disk.
984 properties:
985 localSsdCount:
986 description: Immutable. Number of local SSDs to use to back
987 ephemeral storage. Uses NVMe interfaces. Each local SSD
988 must be 375 or 3000 GB in size, and all local SSDs must
989 share the same size.
990 type: integer
991 required:
992 - localSsdCount
993 type: object
994 gcfsConfig:
995 description: Immutable. GCFS configuration for this node.
996 properties:
997 enabled:
998 description: Immutable. Whether or not GCFS is enabled.
999 type: boolean
1000 required:
1001 - enabled
1002 type: object
1003 guestAccelerator:
1004 description: Immutable. List of the type and count of accelerator
1005 cards attached to the instance.
1006 items:
1007 properties:
1008 count:
1009 description: Immutable. The number of the accelerator cards
1010 exposed to an instance.
1011 type: integer
1012 gpuPartitionSize:
1013 description: Immutable. Size of partitions to create on
1014 the GPU. Valid values are described in the NVIDIA mig
1015 user guide (https://docs.nvidia.com/datacenter/tesla/mig-user-guide/#partitioning).
1016 type: string
1017 gpuSharingConfig:
1018 description: Immutable. Configuration for GPU sharing.
1019 properties:
1020 gpuSharingStrategy:
1021 description: Immutable. The type of GPU sharing strategy
1022 to enable on the GPU node. Possible values are described
1023 in the API package (https://pkg.go.dev/google.golang.org/api/container/v1#GPUSharingConfig).
1024 type: string
1025 maxSharedClientsPerGpu:
1026 description: Immutable. The maximum number of containers
1027 that can share a GPU.
1028 type: integer
1029 required:
1030 - gpuSharingStrategy
1031 - maxSharedClientsPerGpu
1032 type: object
1033 type:
1034 description: Immutable. The accelerator type resource name.
1035 type: string
1036 required:
1037 - count
1038 - type
1039 type: object
1040 type: array
1041 gvnic:
1042 description: Immutable. Enable or disable gvnic in the node pool.
1043 properties:
1044 enabled:
1045 description: Immutable. Whether or not gvnic is enabled.
1046 type: boolean
1047 required:
1048 - enabled
1049 type: object
1050 imageType:
1051 description: The image type to use for this node. Note that for
1052 a given image type, the latest version of it will be used.
1053 type: string
1054 kubeletConfig:
1055 description: Node kubelet configs.
1056 properties:
1057 cpuCfsQuota:
1058 description: Enable CPU CFS quota enforcement for containers
1059 that specify CPU limits.
1060 type: boolean
1061 cpuCfsQuotaPeriod:
1062 description: Set the CPU CFS quota period value 'cpu.cfs_period_us'.
1063 type: string
1064 cpuManagerPolicy:
1065 description: Control the CPU management policy on the node.
1066 type: string
1067 podPidsLimit:
1068 description: Controls the maximum number of processes allowed
1069 to run in a pod.
1070 type: integer
1071 required:
1072 - cpuManagerPolicy
1073 type: object
1074 labels:
1075 additionalProperties:
1076 type: string
1077 description: Immutable. The map of Kubernetes labels (key/value
1078 pairs) to be applied to each node. These will added in addition
1079 to any default label(s) that Kubernetes may apply to the node.
1080 type: object
1081 linuxNodeConfig:
1082 description: Parameters that can be configured on Linux nodes.
1083 properties:
1084 sysctls:
1085 additionalProperties:
1086 type: string
1087 description: The Linux kernel parameters to be applied to
1088 the nodes and all pods running on the nodes.
1089 type: object
1090 required:
1091 - sysctls
1092 type: object
1093 localNvmeSsdBlockConfig:
1094 description: Immutable. Parameters for raw-block local NVMe SSDs.
1095 properties:
1096 localSsdCount:
1097 description: Immutable. Number of raw-block local NVMe SSD
1098 disks to be attached to the node. Each local SSD is 375
1099 GB in size.
1100 type: integer
1101 required:
1102 - localSsdCount
1103 type: object
1104 localSsdCount:
1105 description: Immutable. The number of local SSD disks to be attached
1106 to the node.
1107 type: integer
1108 loggingVariant:
1109 description: Type of logging agent that is used as the default
1110 value for node pools in the cluster. Valid values include DEFAULT
1111 and MAX_THROUGHPUT.
1112 type: string
1113 machineType:
1114 description: Immutable. The name of a Google Compute Engine machine
1115 type.
1116 type: string
1117 metadata:
1118 additionalProperties:
1119 type: string
1120 description: Immutable. The metadata key/value pairs assigned
1121 to instances in the cluster.
1122 type: object
1123 minCpuPlatform:
1124 description: Immutable. Minimum CPU platform to be used by this
1125 instance. The instance may be scheduled on the specified or
1126 newer CPU platform.
1127 type: string
1128 nodeGroupRef:
1129 description: |-
1130 Immutable. Setting this field will assign instances
1131 of this pool to run on the specified node group. This is useful
1132 for running workloads on sole tenant nodes.
1133 oneOf:
1134 - not:
1135 required:
1136 - external
1137 required:
1138 - name
1139 - not:
1140 anyOf:
1141 - required:
1142 - name
1143 - required:
1144 - namespace
1145 required:
1146 - external
1147 properties:
1148 external:
1149 description: 'Allowed value: The `name` field of a `ComputeNodeGroup`
1150 resource.'
1151 type: string
1152 name:
1153 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
1154 type: string
1155 namespace:
1156 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
1157 type: string
1158 type: object
1159 oauthScopes:
1160 description: Immutable. The set of Google API scopes to be made
1161 available on all of the node VMs.
1162 items:
1163 type: string
1164 type: array
1165 preemptible:
1166 description: Immutable. Whether the nodes are created as preemptible
1167 VM instances.
1168 type: boolean
1169 reservationAffinity:
1170 description: Immutable. The reservation affinity configuration
1171 for the node pool.
1172 properties:
1173 consumeReservationType:
1174 description: Immutable. Corresponds to the type of reservation
1175 consumption.
1176 type: string
1177 key:
1178 description: Immutable. The label key of a reservation resource.
1179 type: string
1180 values:
1181 description: Immutable. The label values of the reservation
1182 resource.
1183 items:
1184 type: string
1185 type: array
1186 required:
1187 - consumeReservationType
1188 type: object
1189 resourceLabels:
1190 additionalProperties:
1191 type: string
1192 description: The GCE resource labels (a map of key/value pairs)
1193 to be applied to the node pool.
1194 type: object
1195 sandboxConfig:
1196 description: Immutable. Sandbox configuration for this node.
1197 properties:
1198 sandboxType:
1199 description: Type of the sandbox to use for the node (e.g.
1200 'gvisor').
1201 type: string
1202 required:
1203 - sandboxType
1204 type: object
1205 serviceAccountRef:
1206 oneOf:
1207 - not:
1208 required:
1209 - external
1210 required:
1211 - name
1212 - not:
1213 anyOf:
1214 - required:
1215 - name
1216 - required:
1217 - namespace
1218 required:
1219 - external
1220 properties:
1221 external:
1222 description: 'Allowed value: The `email` field of an `IAMServiceAccount`
1223 resource.'
1224 type: string
1225 name:
1226 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
1227 type: string
1228 namespace:
1229 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
1230 type: string
1231 type: object
1232 shieldedInstanceConfig:
1233 description: Immutable. Shielded Instance options.
1234 properties:
1235 enableIntegrityMonitoring:
1236 description: Immutable. Defines whether the instance has integrity
1237 monitoring enabled.
1238 type: boolean
1239 enableSecureBoot:
1240 description: Immutable. Defines whether the instance has Secure
1241 Boot enabled.
1242 type: boolean
1243 type: object
1244 spot:
1245 description: Immutable. Whether the nodes are created as spot
1246 VM instances.
1247 type: boolean
1248 tags:
1249 description: The list of instance tags applied to all nodes.
1250 items:
1251 type: string
1252 type: array
1253 taint:
1254 description: Immutable. List of Kubernetes taints to be applied
1255 to each node.
1256 items:
1257 properties:
1258 effect:
1259 description: Immutable. Effect for taint.
1260 type: string
1261 key:
1262 description: Immutable. Key for taint.
1263 type: string
1264 value:
1265 description: Immutable. Value for taint.
1266 type: string
1267 required:
1268 - effect
1269 - key
1270 - value
1271 type: object
1272 type: array
1273 workloadMetadataConfig:
1274 description: Immutable. The workload metadata configuration for
1275 this node.
1276 properties:
1277 mode:
1278 description: Mode is the configuration for how to expose metadata
1279 to workloads running on the node.
1280 type: string
1281 nodeMetadata:
1282 description: DEPRECATED. Deprecated in favor of mode. NodeMetadata
1283 is the configuration for how to expose metadata to the workloads
1284 running on the node.
1285 type: string
1286 type: object
1287 type: object
1288 nodeLocations:
1289 description: The list of zones in which the cluster's nodes are located.
1290 Nodes must be in the region of their regional cluster or in the
1291 same region as their cluster's zone for zonal clusters. If this
1292 is specified for a zonal cluster, omit the cluster's zone.
1293 items:
1294 type: string
1295 type: array
1296 nodePoolAutoConfig:
1297 description: Node pool configs that apply to all auto-provisioned
1298 node pools in autopilot clusters and node auto-provisioning enabled
1299 clusters.
1300 properties:
1301 networkTags:
1302 description: Collection of Compute Engine network tags that can
1303 be applied to a node's underlying VM instance.
1304 properties:
1305 tags:
1306 description: List of network tags applied to auto-provisioned
1307 node pools.
1308 items:
1309 type: string
1310 type: array
1311 type: object
1312 type: object
1313 nodePoolDefaults:
1314 description: The default nodel pool settings for the entire cluster.
1315 properties:
1316 nodeConfigDefaults:
1317 description: Subset of NodeConfig message that has defaults.
1318 properties:
1319 gcfsConfig:
1320 description: GCFS configuration for this node.
1321 properties:
1322 enabled:
1323 description: Whether or not GCFS is enabled.
1324 type: boolean
1325 required:
1326 - enabled
1327 type: object
1328 loggingVariant:
1329 description: Type of logging agent that is used as the default
1330 value for node pools in the cluster. Valid values include
1331 DEFAULT and MAX_THROUGHPUT.
1332 type: string
1333 type: object
1334 type: object
1335 nodeVersion:
1336 type: string
1337 notificationConfig:
1338 description: The notification config for sending cluster upgrade notifications.
1339 properties:
1340 pubsub:
1341 description: Notification config for Cloud Pub/Sub.
1342 properties:
1343 enabled:
1344 description: Whether or not the notification config is enabled.
1345 type: boolean
1346 filter:
1347 description: Allows filtering to one or more specific event
1348 types. If event types are present, those and only those
1349 event types will be transmitted to the cluster. Other types
1350 will be skipped. If no filter is specified, or no event
1351 types are present, all event types will be sent.
1352 properties:
1353 eventType:
1354 description: Can be used to filter what notifications
1355 are sent. Valid values include include UPGRADE_AVAILABLE_EVENT,
1356 UPGRADE_EVENT and SECURITY_BULLETIN_EVENT.
1357 items:
1358 type: string
1359 type: array
1360 required:
1361 - eventType
1362 type: object
1363 topicRef:
1364 description: The PubSubTopic to send the notification to.
1365 oneOf:
1366 - not:
1367 required:
1368 - external
1369 required:
1370 - name
1371 - not:
1372 anyOf:
1373 - required:
1374 - name
1375 - required:
1376 - namespace
1377 required:
1378 - external
1379 properties:
1380 external:
1381 description: 'Allowed value: string of the format `projects/{{project}}/topics/{{value}}`,
1382 where {{value}} is the `name` field of a `PubSubTopic`
1383 resource.'
1384 type: string
1385 name:
1386 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
1387 type: string
1388 namespace:
1389 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
1390 type: string
1391 type: object
1392 required:
1393 - enabled
1394 type: object
1395 required:
1396 - pubsub
1397 type: object
1398 podSecurityPolicyConfig:
1399 description: Configuration for the PodSecurityPolicy feature.
1400 properties:
1401 enabled:
1402 description: Enable the PodSecurityPolicy controller for this
1403 cluster. If enabled, pods must be valid under a PodSecurityPolicy
1404 to be created.
1405 type: boolean
1406 required:
1407 - enabled
1408 type: object
1409 privateClusterConfig:
1410 description: Configuration for private clusters, clusters with private
1411 nodes.
1412 properties:
1413 enablePrivateEndpoint:
1414 description: When true, the cluster's private endpoint is used
1415 as the cluster endpoint and access through the public endpoint
1416 is disabled. When false, either endpoint can be used. This field
1417 only applies to private clusters, when enable_private_nodes
1418 is true.
1419 type: boolean
1420 enablePrivateNodes:
1421 description: Immutable. Enables the private cluster feature, creating
1422 a private endpoint on the cluster. In a private cluster, nodes
1423 only have RFC 1918 private addresses and communicate with the
1424 master's private endpoint via private networking.
1425 type: boolean
1426 masterGlobalAccessConfig:
1427 description: Controls cluster master global access settings.
1428 properties:
1429 enabled:
1430 description: Whether the cluster master is accessible globally
1431 or not.
1432 type: boolean
1433 required:
1434 - enabled
1435 type: object
1436 masterIpv4CidrBlock:
1437 description: Immutable. The IP range in CIDR notation to use for
1438 the hosted master network. This range will be used for assigning
1439 private IP addresses to the cluster master(s) and the ILB VIP.
1440 This range must not overlap with any other ranges in use within
1441 the cluster's network, and it must be a /28 subnet. See Private
1442 Cluster Limitations for more details. This field only applies
1443 to private clusters, when enable_private_nodes is true.
1444 type: string
1445 peeringName:
1446 description: The name of the peering between this cluster and
1447 the Google owned VPC.
1448 type: string
1449 privateEndpoint:
1450 description: The internal IP address of this cluster's master
1451 endpoint.
1452 type: string
1453 privateEndpointSubnetworkRef:
1454 description: |-
1455 Immutable. Subnetwork in cluster's network where master's endpoint
1456 will be provisioned.
1457 oneOf:
1458 - not:
1459 required:
1460 - external
1461 required:
1462 - name
1463 - not:
1464 anyOf:
1465 - required:
1466 - name
1467 - required:
1468 - namespace
1469 required:
1470 - external
1471 properties:
1472 external:
1473 description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork`
1474 resource.'
1475 type: string
1476 name:
1477 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
1478 type: string
1479 namespace:
1480 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
1481 type: string
1482 type: object
1483 publicEndpoint:
1484 description: The external IP address of this cluster's master
1485 endpoint.
1486 type: string
1487 type: object
1488 privateIpv6GoogleAccess:
1489 description: The desired state of IPv6 connectivity to Google Services.
1490 By default, no private IPv6 access to or from Google Services (all
1491 access will be via IPv4).
1492 type: string
1493 protectConfig:
1494 description: Enable/Disable Protect API features for the cluster.
1495 properties:
1496 workloadConfig:
1497 description: WorkloadConfig defines which actions are enabled
1498 for a cluster's workload configurations.
1499 properties:
1500 auditMode:
1501 description: Sets which mode of auditing should be used for
1502 the cluster's workloads. Accepted values are DISABLED, BASIC.
1503 type: string
1504 required:
1505 - auditMode
1506 type: object
1507 workloadVulnerabilityMode:
1508 description: Sets which mode to use for Protect workload vulnerability
1509 scanning feature. Accepted values are DISABLED, BASIC.
1510 type: string
1511 type: object
1512 releaseChannel:
1513 description: Configuration options for the Release channel feature,
1514 which provide more control over automatic upgrades of your GKE clusters.
1515 Note that removing this field from your config will not unenroll
1516 it. Instead, use the "UNSPECIFIED" channel.
1517 properties:
1518 channel:
1519 description: |-
1520 The selected release channel. Accepted values are:
1521 * UNSPECIFIED: Not set.
1522 * RAPID: Weekly upgrade cadence; Early testers and developers who requires new features.
1523 * REGULAR: Multiple per month upgrade cadence; Production users who need features not yet offered in the Stable channel.
1524 * STABLE: Every few months upgrade cadence; Production users who need stability above all else, and for whom frequent upgrades are too risky.
1525 type: string
1526 required:
1527 - channel
1528 type: object
1529 resourceID:
1530 description: Immutable. Optional. The name of the resource. Used for
1531 creation and acquisition. When unset, the value of `metadata.name`
1532 is used as the default.
1533 type: string
1534 resourceUsageExportConfig:
1535 description: Configuration for the ResourceUsageExportConfig feature.
1536 properties:
1537 bigqueryDestination:
1538 description: Parameters for using BigQuery as the destination
1539 of resource usage export.
1540 properties:
1541 datasetId:
1542 description: The ID of a BigQuery Dataset.
1543 type: string
1544 required:
1545 - datasetId
1546 type: object
1547 enableNetworkEgressMetering:
1548 description: Whether to enable network egress metering for this
1549 cluster. If enabled, a daemonset will be created in the cluster
1550 to meter network egress traffic.
1551 type: boolean
1552 enableResourceConsumptionMetering:
1553 description: Whether to enable resource consumption metering on
1554 this cluster. When enabled, a table will be created in the resource
1555 export BigQuery dataset to store resource consumption data.
1556 The resulting table can be joined with the resource usage table
1557 or with BigQuery billing export. Defaults to true.
1558 type: boolean
1559 required:
1560 - bigqueryDestination
1561 type: object
1562 serviceExternalIpsConfig:
1563 description: If set, and enabled=true, services with external ips
1564 field will not be blocked.
1565 properties:
1566 enabled:
1567 description: When enabled, services with exterenal ips specified
1568 will be allowed.
1569 type: boolean
1570 required:
1571 - enabled
1572 type: object
1573 subnetworkRef:
1574 oneOf:
1575 - not:
1576 required:
1577 - external
1578 required:
1579 - name
1580 - not:
1581 anyOf:
1582 - required:
1583 - name
1584 - required:
1585 - namespace
1586 required:
1587 - external
1588 properties:
1589 external:
1590 description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork`
1591 resource.'
1592 type: string
1593 name:
1594 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
1595 type: string
1596 namespace:
1597 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
1598 type: string
1599 type: object
1600 verticalPodAutoscaling:
1601 description: Vertical Pod Autoscaling automatically adjusts the resources
1602 of pods controlled by it.
1603 properties:
1604 enabled:
1605 description: Enables vertical pod autoscaling.
1606 type: boolean
1607 required:
1608 - enabled
1609 type: object
1610 workloadIdentityConfig:
1611 description: Configuration for the use of Kubernetes Service Accounts
1612 in GCP IAM policies.
1613 properties:
1614 identityNamespace:
1615 description: |-
1616 DEPRECATED. This field will be removed in a future major release as it has been deprecated in the API. Use `workloadPool` instead; `workloadPool` field will supersede this field.
1617 Enables workload identity.
1618 type: string
1619 workloadPool:
1620 description: The workload pool to attach all Kubernetes service
1621 accounts to.
1622 type: string
1623 type: object
1624 required:
1625 - location
1626 type: object
1627 status:
1628 properties:
1629 conditions:
1630 description: Conditions represent the latest available observation
1631 of the resource's current state.
1632 items:
1633 properties:
1634 lastTransitionTime:
1635 description: Last time the condition transitioned from one status
1636 to another.
1637 type: string
1638 message:
1639 description: Human-readable message indicating details about
1640 last transition.
1641 type: string
1642 reason:
1643 description: Unique, one-word, CamelCase reason for the condition's
1644 last transition.
1645 type: string
1646 status:
1647 description: Status is the status of the condition. Can be True,
1648 False, Unknown.
1649 type: string
1650 type:
1651 description: Type is the type of the condition.
1652 type: string
1653 type: object
1654 type: array
1655 endpoint:
1656 description: The IP address of this cluster's Kubernetes master.
1657 type: string
1658 labelFingerprint:
1659 description: The fingerprint of the set of labels for this cluster.
1660 type: string
1661 masterVersion:
1662 description: The current version of the master in the cluster. This
1663 may be different than the min_master_version set in the config if
1664 the master has been updated by GKE.
1665 type: string
1666 observedGeneration:
1667 description: ObservedGeneration is the generation of the resource
1668 that was most recently observed by the Config Connector controller.
1669 If this is equal to metadata.generation, then that means that the
1670 current reported status reflects the most recent desired state of
1671 the resource.
1672 type: integer
1673 operation:
1674 type: string
1675 selfLink:
1676 description: Server-defined URL for the resource.
1677 type: string
1678 servicesIpv4Cidr:
1679 description: The IP address range of the Kubernetes services in this
1680 cluster, in CIDR notation (e.g. 1.2.3.4/29). Service addresses are
1681 typically put in the last /16 from the container CIDR.
1682 type: string
1683 tpuIpv4CidrBlock:
1684 description: The IP address range of the Cloud TPUs in this cluster,
1685 in CIDR notation (e.g. 1.2.3.4/29).
1686 type: string
1687 type: object
1688 required:
1689 - spec
1690 type: object
1691 served: true
1692 storage: true
1693 subresources:
1694 status: {}
1695status:
1696 acceptedNames:
1697 kind: ""
1698 plural: ""
1699 conditions: []
1700 storedVersions: []
View as plain text