1# Copyright 2020 Google LLC
2#
3# Licensed under the Apache License, Version 2.0 (the "License");
4# you may not use this file except in compliance with the License.
5# You may obtain a copy of the License at
6#
7# http://www.apache.org/licenses/LICENSE-2.0
8#
9# Unless required by applicable law or agreed to in writing, software
10# distributed under the License is distributed on an "AS IS" BASIS,
11# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12# See the License for the specific language governing permissions and
13# limitations under the License.
14
15apiVersion: apiextensions.k8s.io/v1
16kind: CustomResourceDefinition
17metadata:
18 annotations:
19 cnrm.cloud.google.com/version: 1.106.0
20 creationTimestamp: null
21 labels:
22 cnrm.cloud.google.com/managed-by-kcc: "true"
23 cnrm.cloud.google.com/stability-level: stable
24 cnrm.cloud.google.com/system: "true"
25 cnrm.cloud.google.com/tf2crd: "true"
26 name: containerclusters.container.cnrm.cloud.google.com
27spec:
28 group: container.cnrm.cloud.google.com
29 names:
30 categories:
31 - gcp
32 kind: ContainerCluster
33 plural: containerclusters
34 shortNames:
35 - gcpcontainercluster
36 - gcpcontainerclusters
37 singular: containercluster
38 scope: Namespaced
39 versions:
40 - additionalPrinterColumns:
41 - jsonPath: .metadata.creationTimestamp
42 name: Age
43 type: date
44 - description: When 'True', the most recent reconcile of the resource succeeded
45 jsonPath: .status.conditions[?(@.type=='Ready')].status
46 name: Ready
47 type: string
48 - description: The reason for the value in 'Ready'
49 jsonPath: .status.conditions[?(@.type=='Ready')].reason
50 name: Status
51 type: string
52 - description: The last transition time for the value in 'Status'
53 jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime
54 name: Status Age
55 type: date
56 name: v1beta1
57 schema:
58 openAPIV3Schema:
59 properties:
60 apiVersion:
61 description: 'apiVersion defines the versioned schema of this representation
62 of an object. Servers should convert recognized schemas to the latest
63 internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources'
64 type: string
65 kind:
66 description: 'kind is a string value representing the REST resource this
67 object represents. Servers may infer this from the endpoint the client
68 submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds'
69 type: string
70 metadata:
71 type: object
72 spec:
73 properties:
74 addonsConfig:
75 description: The configuration for addons supported by GKE.
76 properties:
77 cloudrunConfig:
78 description: The status of the CloudRun addon. It is disabled
79 by default. Set disabled = false to enable.
80 properties:
81 disabled:
82 type: boolean
83 loadBalancerType:
84 type: string
85 required:
86 - disabled
87 type: object
88 configConnectorConfig:
89 description: The of the Config Connector addon.
90 properties:
91 enabled:
92 type: boolean
93 required:
94 - enabled
95 type: object
96 dnsCacheConfig:
97 description: The status of the NodeLocal DNSCache addon. It is
98 disabled by default. Set enabled = true to enable.
99 properties:
100 enabled:
101 type: boolean
102 required:
103 - enabled
104 type: object
105 gcePersistentDiskCsiDriverConfig:
106 description: Whether this cluster should enable the Google Compute
107 Engine Persistent Disk Container Storage Interface (CSI) Driver.
108 Defaults to enabled; set disabled = true to disable.
109 properties:
110 enabled:
111 type: boolean
112 required:
113 - enabled
114 type: object
115 gcpFilestoreCsiDriverConfig:
116 description: The status of the Filestore CSI driver addon, which
117 allows the usage of filestore instance as volumes. Defaults
118 to disabled; set enabled = true to enable.
119 properties:
120 enabled:
121 type: boolean
122 required:
123 - enabled
124 type: object
125 gcsFuseCsiDriverConfig:
126 description: The status of the GCS Fuse CSI driver addon, which
127 allows the usage of gcs bucket as volumes. Defaults to disabled;
128 set enabled = true to enable.
129 properties:
130 enabled:
131 type: boolean
132 required:
133 - enabled
134 type: object
135 gkeBackupAgentConfig:
136 description: The status of the Backup for GKE Agent addon. It
137 is disabled by default. Set enabled = true to enable.
138 properties:
139 enabled:
140 type: boolean
141 required:
142 - enabled
143 type: object
144 horizontalPodAutoscaling:
145 description: The status of the Horizontal Pod Autoscaling addon,
146 which increases or decreases the number of replica pods a replication
147 controller has based on the resource usage of the existing pods.
148 It ensures that a Heapster pod is running in the cluster, which
149 is also used by the Cloud Monitoring service. It is enabled
150 by default; set disabled = true to disable.
151 properties:
152 disabled:
153 type: boolean
154 required:
155 - disabled
156 type: object
157 httpLoadBalancing:
158 description: The status of the HTTP (L7) load balancing controller
159 addon, which makes it easy to set up HTTP load balancers for
160 services in a cluster. It is enabled by default; set disabled
161 = true to disable.
162 properties:
163 disabled:
164 type: boolean
165 required:
166 - disabled
167 type: object
168 istioConfig:
169 description: The status of the Istio addon.
170 properties:
171 auth:
172 description: The authentication type between services in Istio.
173 Available options include AUTH_MUTUAL_TLS.
174 type: string
175 disabled:
176 description: The status of the Istio addon, which makes it
177 easy to set up Istio for services in a cluster. It is disabled
178 by default. Set disabled = false to enable.
179 type: boolean
180 required:
181 - disabled
182 type: object
183 kalmConfig:
184 description: Configuration for the KALM addon, which manages the
185 lifecycle of k8s. It is disabled by default; Set enabled = true
186 to enable.
187 properties:
188 enabled:
189 type: boolean
190 required:
191 - enabled
192 type: object
193 networkPolicyConfig:
194 description: Whether we should enable the network policy addon
195 for the master. This must be enabled in order to enable network
196 policy for the nodes. To enable this, you must also define a
197 network_policy block, otherwise nothing will happen. It can
198 only be disabled if the nodes already do not have network policies
199 enabled. Defaults to disabled; set disabled = false to enable.
200 properties:
201 disabled:
202 type: boolean
203 required:
204 - disabled
205 type: object
206 type: object
207 authenticatorGroupsConfig:
208 description: Configuration for the Google Groups for GKE feature.
209 properties:
210 securityGroup:
211 description: The name of the RBAC security group for use with
212 Google security groups in Kubernetes RBAC. Group name must be
213 in format gke-security-groups@yourdomain.com.
214 type: string
215 required:
216 - securityGroup
217 type: object
218 binaryAuthorization:
219 description: Configuration options for the Binary Authorization feature.
220 properties:
221 enabled:
222 description: DEPRECATED. Deprecated in favor of evaluation_mode.
223 Enable Binary Authorization for this cluster.
224 type: boolean
225 evaluationMode:
226 description: Mode of operation for Binary Authorization policy
227 evaluation.
228 type: string
229 type: object
230 clusterAutoscaling:
231 description: Per-cluster configuration of Node Auto-Provisioning with
232 Cluster Autoscaler to automatically adjust the size of the cluster
233 and create/delete node pools based on the current needs of the cluster's
234 workload. See the guide to using Node Auto-Provisioning for more
235 details.
236 properties:
237 autoProvisioningDefaults:
238 description: Contains defaults for a node pool created by NAP.
239 properties:
240 bootDiskKMSKeyRef:
241 description: |-
242 Immutable. The Customer Managed Encryption Key used to encrypt the
243 boot disk attached to each node in the node pool.
244 oneOf:
245 - not:
246 required:
247 - external
248 required:
249 - name
250 - not:
251 anyOf:
252 - required:
253 - name
254 - required:
255 - namespace
256 required:
257 - external
258 properties:
259 external:
260 description: 'Allowed value: The `selfLink` field of a
261 `KMSCryptoKey` resource.'
262 type: string
263 name:
264 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
265 type: string
266 namespace:
267 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
268 type: string
269 type: object
270 diskSize:
271 description: Size of the disk attached to each node, specified
272 in GB. The smallest allowed disk size is 10GB.
273 type: integer
274 imageType:
275 description: The default image type used by NAP once a new
276 node pool is being created.
277 type: string
278 management:
279 description: NodeManagement configuration for this NodePool.
280 properties:
281 autoRepair:
282 description: Specifies whether the node auto-repair is
283 enabled for the node pool. If enabled, the nodes in
284 this node pool will be monitored and, if they fail health
285 checks too many times, an automatic repair action will
286 be triggered.
287 type: boolean
288 autoUpgrade:
289 description: Specifies whether node auto-upgrade is enabled
290 for the node pool. If enabled, node auto-upgrade helps
291 keep the nodes in your node pool up to date with the
292 latest release version of Kubernetes.
293 type: boolean
294 upgradeOptions:
295 description: Specifies the Auto Upgrade knobs for the
296 node pool.
297 items:
298 properties:
299 autoUpgradeStartTime:
300 description: This field is set when upgrades are
301 about to commence with the approximate start time
302 for the upgrades, in RFC3339 text format.
303 type: string
304 description:
305 description: This field is set when upgrades are
306 about to commence with the description of the
307 upgrade.
308 type: string
309 type: object
310 type: array
311 type: object
312 minCpuPlatform:
313 description: Minimum CPU platform to be used by this instance.
314 The instance may be scheduled on the specified or newer
315 CPU platform. Applicable values are the friendly names of
316 CPU platforms, such as Intel Haswell.
317 type: string
318 oauthScopes:
319 description: Scopes that are used by NAP when creating node
320 pools.
321 items:
322 type: string
323 type: array
324 serviceAccountRef:
325 oneOf:
326 - not:
327 required:
328 - external
329 required:
330 - name
331 - not:
332 anyOf:
333 - required:
334 - name
335 - required:
336 - namespace
337 required:
338 - external
339 properties:
340 external:
341 description: 'Allowed value: The `email` field of an `IAMServiceAccount`
342 resource.'
343 type: string
344 name:
345 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
346 type: string
347 namespace:
348 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
349 type: string
350 type: object
351 shieldedInstanceConfig:
352 description: Shielded Instance options.
353 properties:
354 enableIntegrityMonitoring:
355 description: Defines whether the instance has integrity
356 monitoring enabled.
357 type: boolean
358 enableSecureBoot:
359 description: Defines whether the instance has Secure Boot
360 enabled.
361 type: boolean
362 type: object
363 upgradeSettings:
364 description: Specifies the upgrade settings for NAP created
365 node pools.
366 properties:
367 blueGreenSettings:
368 description: Settings for blue-green upgrade strategy.
369 properties:
370 nodePoolSoakDuration:
371 description: "Time needed after draining entire blue
372 pool. After this period, blue pool will be cleaned
373 up.\n\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tA duration
374 in seconds with up to nine fractional digits, ending
375 with 's'. Example: \"3.5s\"."
376 type: string
377 standardRolloutPolicy:
378 description: Standard policy for the blue-green upgrade.
379 properties:
380 batchNodeCount:
381 description: Number of blue nodes to drain in
382 a batch.
383 type: integer
384 batchPercentage:
385 description: Percentage of the bool pool nodes
386 to drain in a batch. The range of this field
387 should be (0.0, 1.0].
388 type: number
389 batchSoakDuration:
390 description: "Soak time after each batch gets
391 drained.\n\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tA
392 duration in seconds with up to nine fractional
393 digits, ending with 's'. Example: \"3.5s\"."
394 type: string
395 type: object
396 type: object
397 maxSurge:
398 description: The maximum number of nodes that can be created
399 beyond the current size of the node pool during the
400 upgrade process.
401 type: integer
402 maxUnavailable:
403 description: The maximum number of nodes that can be simultaneously
404 unavailable during the upgrade process.
405 type: integer
406 strategy:
407 description: Update strategy of the node pool.
408 type: string
409 type: object
410 type: object
411 autoscalingProfile:
412 description: Configuration options for the Autoscaling profile
413 feature, which lets you choose whether the cluster autoscaler
414 should optimize for resource utilization or resource availability
415 when deciding to remove nodes from a cluster. Can be BALANCED
416 or OPTIMIZE_UTILIZATION. Defaults to BALANCED.
417 type: string
418 enabled:
419 description: Whether node auto-provisioning is enabled. Resource
420 limits for cpu and memory must be defined to enable node auto-provisioning.
421 type: boolean
422 resourceLimits:
423 description: Global constraints for machine resources in the cluster.
424 Configuring the cpu and memory types is required if node auto-provisioning
425 is enabled. These limits will apply to node pool autoscaling
426 in addition to node auto-provisioning.
427 items:
428 properties:
429 maximum:
430 description: Maximum amount of the resource in the cluster.
431 type: integer
432 minimum:
433 description: Minimum amount of the resource in the cluster.
434 type: integer
435 resourceType:
436 description: The type of the resource. For example, cpu
437 and memory. See the guide to using Node Auto-Provisioning
438 for a list of types.
439 type: string
440 required:
441 - resourceType
442 type: object
443 type: array
444 type: object
445 clusterIpv4Cidr:
446 description: Immutable. The IP address range of the Kubernetes pods
447 in this cluster in CIDR notation (e.g. 10.96.0.0/14). Leave blank
448 to have one automatically chosen or specify a /14 block in 10.0.0.0/8.
449 This field will only work for routes-based clusters, where ip_allocation_policy
450 is not defined.
451 type: string
452 clusterTelemetry:
453 description: Telemetry integration for the cluster.
454 properties:
455 type:
456 description: Type of the integration.
457 type: string
458 required:
459 - type
460 type: object
461 confidentialNodes:
462 description: 'Immutable. Configuration for the confidential nodes
463 feature, which makes nodes run on confidential VMs. Warning: This
464 configuration can''t be changed (or added/removed) after cluster
465 creation without deleting and recreating the entire cluster.'
466 properties:
467 enabled:
468 description: Immutable. Whether Confidential Nodes feature is
469 enabled for all nodes in this cluster.
470 type: boolean
471 required:
472 - enabled
473 type: object
474 costManagementConfig:
475 description: Cost management configuration for the cluster.
476 properties:
477 enabled:
478 description: Whether to enable GKE cost allocation. When you enable
479 GKE cost allocation, the cluster name and namespace of your
480 GKE workloads appear in the labels field of the billing export
481 to BigQuery. Defaults to false.
482 type: boolean
483 required:
484 - enabled
485 type: object
486 databaseEncryption:
487 description: 'Application-layer Secrets Encryption settings. The object
488 format is {state = string, key_name = string}. Valid values of state
489 are: "ENCRYPTED"; "DECRYPTED". key_name is the name of a CloudKMS
490 key.'
491 properties:
492 keyName:
493 description: The key to use to encrypt/decrypt secrets.
494 type: string
495 state:
496 description: ENCRYPTED or DECRYPTED.
497 type: string
498 required:
499 - state
500 type: object
501 datapathProvider:
502 description: Immutable. The desired datapath provider for this cluster.
503 By default, uses the IPTables-based kube-proxy implementation.
504 type: string
505 defaultMaxPodsPerNode:
506 description: Immutable. The default maximum number of pods per node
507 in this cluster. This doesn't work on "routes-based" clusters, clusters
508 that don't have IP Aliasing enabled.
509 type: integer
510 defaultSnatStatus:
511 description: Whether the cluster disables default in-node sNAT rules.
512 In-node sNAT rules will be disabled when defaultSnatStatus is disabled.
513 properties:
514 disabled:
515 description: When disabled is set to false, default IP masquerade
516 rules will be applied to the nodes to prevent sNAT on cluster
517 internal traffic.
518 type: boolean
519 required:
520 - disabled
521 type: object
522 description:
523 description: Immutable. Description of the cluster.
524 type: string
525 dnsConfig:
526 description: Immutable. Configuration for Cloud DNS for Kubernetes
527 Engine.
528 properties:
529 clusterDns:
530 description: Which in-cluster DNS provider should be used.
531 type: string
532 clusterDnsDomain:
533 description: The suffix used for all cluster service records.
534 type: string
535 clusterDnsScope:
536 description: The scope of access to cluster DNS records.
537 type: string
538 type: object
539 enableAutopilot:
540 description: Immutable. Enable Autopilot for this cluster.
541 type: boolean
542 enableBinaryAuthorization:
543 description: DEPRECATED. Deprecated in favor of binary_authorization.
544 Enable Binary Authorization for this cluster. If enabled, all container
545 images will be validated by Google Binary Authorization.
546 type: boolean
547 enableIntranodeVisibility:
548 description: Whether Intra-node visibility is enabled for this cluster.
549 This makes same node pod to pod traffic visible for VPC network.
550 type: boolean
551 enableKubernetesAlpha:
552 description: Immutable. Whether to enable Kubernetes Alpha features
553 for this cluster. Note that when this option is enabled, the cluster
554 cannot be upgraded and will be automatically deleted after 30 days.
555 type: boolean
556 enableL4IlbSubsetting:
557 description: Whether L4ILB Subsetting is enabled for this cluster.
558 type: boolean
559 enableLegacyAbac:
560 description: Whether the ABAC authorizer is enabled for this cluster.
561 When enabled, identities in the system, including service accounts,
562 nodes, and controllers, will have statically granted permissions
563 beyond those provided by the RBAC configuration or IAM. Defaults
564 to false.
565 type: boolean
566 enableShieldedNodes:
567 description: Enable Shielded Nodes features on all nodes in this cluster.
568 Defaults to true.
569 type: boolean
570 enableTpu:
571 description: Immutable. Whether to enable Cloud TPU resources in this
572 cluster.
573 type: boolean
574 gatewayApiConfig:
575 description: Configuration for GKE Gateway API controller.
576 properties:
577 channel:
578 description: The Gateway API release channel to use for Gateway
579 API.
580 type: string
581 required:
582 - channel
583 type: object
584 identityServiceConfig:
585 description: Configuration for Identity Service which allows customers
586 to use external identity providers with the K8S API.
587 properties:
588 enabled:
589 description: Whether to enable the Identity Service component.
590 type: boolean
591 type: object
592 initialNodeCount:
593 description: Immutable. The number of nodes to create in this cluster's
594 default node pool. In regional or multi-zonal clusters, this is
595 the number of nodes per zone. Must be set if node_pool is not set.
596 If you're using google_container_node_pool objects with no default
597 node pool, you'll need to set this to a value of at least 1, alongside
598 setting remove_default_node_pool to true.
599 type: integer
600 ipAllocationPolicy:
601 description: Immutable. Configuration of cluster IP allocation for
602 VPC-native clusters. Adding this block enables IP aliasing, making
603 the cluster VPC-native instead of routes-based.
604 properties:
605 clusterIpv4CidrBlock:
606 description: Immutable. The IP address range for the cluster pod
607 IPs. Set to blank to have a range chosen with the default size.
608 Set to /netmask (e.g. /14) to have a range chosen with a specific
609 netmask. Set to a CIDR notation (e.g. 10.96.0.0/14) from the
610 RFC-1918 private networks (e.g. 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16)
611 to pick a specific range to use.
612 type: string
613 clusterSecondaryRangeName:
614 description: Immutable. The name of the existing secondary range
615 in the cluster's subnetwork to use for pod IP addresses. Alternatively,
616 cluster_ipv4_cidr_block can be used to automatically create
617 a GKE-managed one.
618 type: string
619 podCidrOverprovisionConfig:
620 description: Immutable. Configuration for cluster level pod cidr
621 overprovision. Default is disabled=false.
622 properties:
623 disabled:
624 type: boolean
625 required:
626 - disabled
627 type: object
628 servicesIpv4CidrBlock:
629 description: Immutable. The IP address range of the services IPs
630 in this cluster. Set to blank to have a range chosen with the
631 default size. Set to /netmask (e.g. /14) to have a range chosen
632 with a specific netmask. Set to a CIDR notation (e.g. 10.96.0.0/14)
633 from the RFC-1918 private networks (e.g. 10.0.0.0/8, 172.16.0.0/12,
634 192.168.0.0/16) to pick a specific range to use.
635 type: string
636 servicesSecondaryRangeName:
637 description: Immutable. The name of the existing secondary range
638 in the cluster's subnetwork to use for service ClusterIPs. Alternatively,
639 services_ipv4_cidr_block can be used to automatically create
640 a GKE-managed one.
641 type: string
642 stackType:
643 description: Immutable. The IP Stack type of the cluster. Choose
644 between IPV4 and IPV4_IPV6. Default type is IPV4 Only if not
645 set.
646 type: string
647 type: object
648 location:
649 description: Immutable. The location (region or zone) in which the
650 cluster master will be created, as well as the default node location.
651 If you specify a zone (such as us-central1-a), the cluster will
652 be a zonal cluster with a single cluster master. If you specify
653 a region (such as us-west1), the cluster will be a regional cluster
654 with multiple masters spread across zones in the region, and with
655 default node locations in those zones as well.
656 type: string
657 loggingConfig:
658 description: Logging configuration for the cluster.
659 properties:
660 enableComponents:
661 description: GKE components exposing logs. Valid values include
662 SYSTEM_COMPONENTS, APISERVER, CONTROLLER_MANAGER, SCHEDULER,
663 and WORKLOADS.
664 items:
665 type: string
666 type: array
667 required:
668 - enableComponents
669 type: object
670 loggingService:
671 description: The logging service that the cluster should write logs
672 to. Available options include logging.googleapis.com(Legacy Stackdriver),
673 logging.googleapis.com/kubernetes(Stackdriver Kubernetes Engine
674 Logging), and none. Defaults to logging.googleapis.com/kubernetes.
675 type: string
676 maintenancePolicy:
677 description: The maintenance policy to use for the cluster.
678 properties:
679 dailyMaintenanceWindow:
680 description: 'Time window specified for daily maintenance operations.
681 Specify start_time in RFC3339 format "HH:MM”, where HH : [00-23]
682 and MM : [00-59] GMT.'
683 properties:
684 duration:
685 type: string
686 startTime:
687 type: string
688 required:
689 - startTime
690 type: object
691 maintenanceExclusion:
692 description: Exceptions to maintenance window. Non-emergency maintenance
693 should not occur in these windows.
694 items:
695 properties:
696 endTime:
697 type: string
698 exclusionName:
699 type: string
700 exclusionOptions:
701 description: Maintenance exclusion related options.
702 properties:
703 scope:
704 description: The scope of automatic upgrades to restrict
705 in the exclusion window.
706 type: string
707 required:
708 - scope
709 type: object
710 startTime:
711 type: string
712 required:
713 - endTime
714 - exclusionName
715 - startTime
716 type: object
717 type: array
718 recurringWindow:
719 description: Time window for recurring maintenance operations.
720 properties:
721 endTime:
722 type: string
723 recurrence:
724 type: string
725 startTime:
726 type: string
727 required:
728 - endTime
729 - recurrence
730 - startTime
731 type: object
732 type: object
733 masterAuth:
734 description: DEPRECATED. Basic authentication was removed for GKE
735 cluster versions >= 1.19. The authentication information for accessing
736 the Kubernetes master. Some values in this block are only returned
737 by the API if your service account has permission to get credentials
738 for your GKE cluster. If you see an unexpected diff unsetting your
739 client cert, ensure you have the container.clusters.getCredentials
740 permission.
741 properties:
742 clientCertificate:
743 description: Base64 encoded public certificate used by clients
744 to authenticate to the cluster endpoint.
745 type: string
746 clientCertificateConfig:
747 description: Immutable. Whether client certificate authorization
748 is enabled for this cluster.
749 properties:
750 issueClientCertificate:
751 description: Immutable. Whether client certificate authorization
752 is enabled for this cluster.
753 type: boolean
754 required:
755 - issueClientCertificate
756 type: object
757 clientKey:
758 description: Base64 encoded private key used by clients to authenticate
759 to the cluster endpoint.
760 type: string
761 clusterCaCertificate:
762 description: Base64 encoded public certificate that is the root
763 of trust for the cluster.
764 type: string
765 password:
766 description: The password to use for HTTP basic authentication
767 when accessing the Kubernetes master endpoint.
768 oneOf:
769 - not:
770 required:
771 - valueFrom
772 required:
773 - value
774 - not:
775 required:
776 - value
777 required:
778 - valueFrom
779 properties:
780 value:
781 description: Value of the field. Cannot be used if 'valueFrom'
782 is specified.
783 type: string
784 valueFrom:
785 description: Source for the field's value. Cannot be used
786 if 'value' is specified.
787 properties:
788 secretKeyRef:
789 description: Reference to a value with the given key in
790 the given Secret in the resource's namespace.
791 properties:
792 key:
793 description: Key that identifies the value to be extracted.
794 type: string
795 name:
796 description: Name of the Secret to extract a value
797 from.
798 type: string
799 required:
800 - name
801 - key
802 type: object
803 type: object
804 type: object
805 username:
806 description: The username to use for HTTP basic authentication
807 when accessing the Kubernetes master endpoint. If not present
808 basic auth will be disabled.
809 type: string
810 type: object
811 masterAuthorizedNetworksConfig:
812 description: The desired configuration options for master authorized
813 networks. Omit the nested cidr_blocks attribute to disallow external
814 access (except the cluster node IPs, which GKE automatically whitelists).
815 properties:
816 cidrBlocks:
817 description: External networks that can access the Kubernetes
818 cluster master through HTTPS.
819 items:
820 properties:
821 cidrBlock:
822 description: External network that can access Kubernetes
823 master through HTTPS. Must be specified in CIDR notation.
824 type: string
825 displayName:
826 description: Field for users to identify CIDR blocks.
827 type: string
828 required:
829 - cidrBlock
830 type: object
831 type: array
832 gcpPublicCidrsAccessEnabled:
833 description: Whether master is accessbile via Google Compute Engine
834 Public IP addresses.
835 type: boolean
836 type: object
837 meshCertificates:
838 description: If set, and enable_certificates=true, the GKE Workload
839 Identity Certificates controller and node agent will be deployed
840 in the cluster.
841 properties:
842 enableCertificates:
843 description: When enabled the GKE Workload Identity Certificates
844 controller and node agent will be deployed in the cluster.
845 type: boolean
846 required:
847 - enableCertificates
848 type: object
849 minMasterVersion:
850 description: The minimum version of the master. GKE will auto-update
851 the master to new versions, so this does not guarantee the current
852 master version--use the read-only master_version field to obtain
853 that. If unset, the cluster's version will be set by GKE to the
854 version of the most recent official release (which is not necessarily
855 the latest version).
856 type: string
857 monitoringConfig:
858 description: Monitoring configuration for the cluster.
859 properties:
860 enableComponents:
861 description: GKE components exposing metrics. Valid values include
862 SYSTEM_COMPONENTS, APISERVER, CONTROLLER_MANAGER, SCHEDULER,
863 and WORKLOADS.
864 items:
865 type: string
866 type: array
867 managedPrometheus:
868 description: Configuration for Google Cloud Managed Services for
869 Prometheus.
870 properties:
871 enabled:
872 description: Whether or not the managed collection is enabled.
873 type: boolean
874 required:
875 - enabled
876 type: object
877 type: object
878 monitoringService:
879 description: The monitoring service that the cluster should write
880 metrics to. Automatically send metrics from pods in the cluster
881 to the Google Cloud Monitoring API. VM metrics will be collected
882 by Google Compute Engine regardless of this setting Available options
883 include monitoring.googleapis.com(Legacy Stackdriver), monitoring.googleapis.com/kubernetes(Stackdriver
884 Kubernetes Engine Monitoring), and none. Defaults to monitoring.googleapis.com/kubernetes.
885 type: string
886 networkPolicy:
887 description: Configuration options for the NetworkPolicy feature.
888 properties:
889 enabled:
890 description: Whether network policy is enabled on the cluster.
891 type: boolean
892 provider:
893 description: The selected network policy provider. Defaults to
894 PROVIDER_UNSPECIFIED.
895 type: string
896 required:
897 - enabled
898 type: object
899 networkRef:
900 oneOf:
901 - not:
902 required:
903 - external
904 required:
905 - name
906 - not:
907 anyOf:
908 - required:
909 - name
910 - required:
911 - namespace
912 required:
913 - external
914 properties:
915 external:
916 description: 'Allowed value: The `selfLink` field of a `ComputeNetwork`
917 resource.'
918 type: string
919 name:
920 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
921 type: string
922 namespace:
923 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
924 type: string
925 type: object
926 networkingMode:
927 description: Immutable. Determines whether alias IPs or routes will
928 be used for pod IPs in the cluster.
929 type: string
930 nodeConfig:
931 description: Immutable. The configuration of the nodepool.
932 properties:
933 advancedMachineFeatures:
934 description: Immutable. Specifies options for controlling advanced
935 machine features.
936 properties:
937 threadsPerCore:
938 description: Immutable. The number of threads per physical
939 core. To disable simultaneous multithreading (SMT) set this
940 to 1. If unset, the maximum number of threads supported
941 per core by the underlying processor is assumed.
942 type: integer
943 required:
944 - threadsPerCore
945 type: object
946 bootDiskKMSCryptoKeyRef:
947 oneOf:
948 - not:
949 required:
950 - external
951 required:
952 - name
953 - not:
954 anyOf:
955 - required:
956 - name
957 - required:
958 - namespace
959 required:
960 - external
961 properties:
962 external:
963 description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey`
964 resource.'
965 type: string
966 name:
967 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
968 type: string
969 namespace:
970 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
971 type: string
972 type: object
973 diskSizeGb:
974 description: Immutable. Size of the disk attached to each node,
975 specified in GB. The smallest allowed disk size is 10GB.
976 type: integer
977 diskType:
978 description: Immutable. Type of the disk attached to each node.
979 Such as pd-standard, pd-balanced or pd-ssd.
980 type: string
981 ephemeralStorageConfig:
982 description: Immutable. Parameters for the ephemeral storage filesystem.
983 If unspecified, ephemeral storage is backed by the boot disk.
984 properties:
985 localSsdCount:
986 description: Immutable. Number of local SSDs to use to back
987 ephemeral storage. Uses NVMe interfaces. Each local SSD
988 must be 375 or 3000 GB in size, and all local SSDs must
989 share the same size.
990 type: integer
991 required:
992 - localSsdCount
993 type: object
994 ephemeralStorageLocalSsdConfig:
995 description: Immutable. Parameters for the ephemeral storage filesystem.
996 If unspecified, ephemeral storage is backed by the boot disk.
997 properties:
998 localSsdCount:
999 description: Immutable. Number of local SSDs to use to back
1000 ephemeral storage. Uses NVMe interfaces. Each local SSD
1001 must be 375 or 3000 GB in size, and all local SSDs must
1002 share the same size.
1003 type: integer
1004 required:
1005 - localSsdCount
1006 type: object
1007 gcfsConfig:
1008 description: Immutable. GCFS configuration for this node.
1009 properties:
1010 enabled:
1011 description: Immutable. Whether or not GCFS is enabled.
1012 type: boolean
1013 required:
1014 - enabled
1015 type: object
1016 guestAccelerator:
1017 description: Immutable. List of the type and count of accelerator
1018 cards attached to the instance.
1019 items:
1020 properties:
1021 count:
1022 description: Immutable. The number of the accelerator cards
1023 exposed to an instance.
1024 type: integer
1025 gpuPartitionSize:
1026 description: Immutable. Size of partitions to create on
1027 the GPU. Valid values are described in the NVIDIA mig
1028 user guide (https://docs.nvidia.com/datacenter/tesla/mig-user-guide/#partitioning).
1029 type: string
1030 gpuSharingConfig:
1031 description: Immutable. Configuration for GPU sharing.
1032 properties:
1033 gpuSharingStrategy:
1034 description: Immutable. The type of GPU sharing strategy
1035 to enable on the GPU node. Possible values are described
1036 in the API package (https://pkg.go.dev/google.golang.org/api/container/v1#GPUSharingConfig).
1037 type: string
1038 maxSharedClientsPerGpu:
1039 description: Immutable. The maximum number of containers
1040 that can share a GPU.
1041 type: integer
1042 required:
1043 - gpuSharingStrategy
1044 - maxSharedClientsPerGpu
1045 type: object
1046 type:
1047 description: Immutable. The accelerator type resource name.
1048 type: string
1049 required:
1050 - count
1051 - type
1052 type: object
1053 type: array
1054 gvnic:
1055 description: Immutable. Enable or disable gvnic in the node pool.
1056 properties:
1057 enabled:
1058 description: Immutable. Whether or not gvnic is enabled.
1059 type: boolean
1060 required:
1061 - enabled
1062 type: object
1063 imageType:
1064 description: The image type to use for this node. Note that for
1065 a given image type, the latest version of it will be used.
1066 type: string
1067 kubeletConfig:
1068 description: Node kubelet configs.
1069 properties:
1070 cpuCfsQuota:
1071 description: Enable CPU CFS quota enforcement for containers
1072 that specify CPU limits.
1073 type: boolean
1074 cpuCfsQuotaPeriod:
1075 description: Set the CPU CFS quota period value 'cpu.cfs_period_us'.
1076 type: string
1077 cpuManagerPolicy:
1078 description: Control the CPU management policy on the node.
1079 type: string
1080 podPidsLimit:
1081 description: Controls the maximum number of processes allowed
1082 to run in a pod.
1083 type: integer
1084 required:
1085 - cpuManagerPolicy
1086 type: object
1087 labels:
1088 additionalProperties:
1089 type: string
1090 description: Immutable. The map of Kubernetes labels (key/value
1091 pairs) to be applied to each node. These will added in addition
1092 to any default label(s) that Kubernetes may apply to the node.
1093 type: object
1094 linuxNodeConfig:
1095 description: Parameters that can be configured on Linux nodes.
1096 properties:
1097 sysctls:
1098 additionalProperties:
1099 type: string
1100 description: The Linux kernel parameters to be applied to
1101 the nodes and all pods running on the nodes.
1102 type: object
1103 required:
1104 - sysctls
1105 type: object
1106 localNvmeSsdBlockConfig:
1107 description: Immutable. Parameters for raw-block local NVMe SSDs.
1108 properties:
1109 localSsdCount:
1110 description: Immutable. Number of raw-block local NVMe SSD
1111 disks to be attached to the node. Each local SSD is 375
1112 GB in size.
1113 type: integer
1114 required:
1115 - localSsdCount
1116 type: object
1117 localSsdCount:
1118 description: Immutable. The number of local SSD disks to be attached
1119 to the node.
1120 type: integer
1121 loggingVariant:
1122 description: Type of logging agent that is used as the default
1123 value for node pools in the cluster. Valid values include DEFAULT
1124 and MAX_THROUGHPUT.
1125 type: string
1126 machineType:
1127 description: Immutable. The name of a Google Compute Engine machine
1128 type.
1129 type: string
1130 metadata:
1131 additionalProperties:
1132 type: string
1133 description: Immutable. The metadata key/value pairs assigned
1134 to instances in the cluster.
1135 type: object
1136 minCpuPlatform:
1137 description: Immutable. Minimum CPU platform to be used by this
1138 instance. The instance may be scheduled on the specified or
1139 newer CPU platform.
1140 type: string
1141 nodeGroupRef:
1142 description: |-
1143 Immutable. Setting this field will assign instances
1144 of this pool to run on the specified node group. This is useful
1145 for running workloads on sole tenant nodes.
1146 oneOf:
1147 - not:
1148 required:
1149 - external
1150 required:
1151 - name
1152 - not:
1153 anyOf:
1154 - required:
1155 - name
1156 - required:
1157 - namespace
1158 required:
1159 - external
1160 properties:
1161 external:
1162 description: 'Allowed value: The `name` field of a `ComputeNodeGroup`
1163 resource.'
1164 type: string
1165 name:
1166 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
1167 type: string
1168 namespace:
1169 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
1170 type: string
1171 type: object
1172 oauthScopes:
1173 description: Immutable. The set of Google API scopes to be made
1174 available on all of the node VMs.
1175 items:
1176 type: string
1177 type: array
1178 preemptible:
1179 description: Immutable. Whether the nodes are created as preemptible
1180 VM instances.
1181 type: boolean
1182 reservationAffinity:
1183 description: Immutable. The reservation affinity configuration
1184 for the node pool.
1185 properties:
1186 consumeReservationType:
1187 description: Immutable. Corresponds to the type of reservation
1188 consumption.
1189 type: string
1190 key:
1191 description: Immutable. The label key of a reservation resource.
1192 type: string
1193 values:
1194 description: Immutable. The label values of the reservation
1195 resource.
1196 items:
1197 type: string
1198 type: array
1199 required:
1200 - consumeReservationType
1201 type: object
1202 resourceLabels:
1203 additionalProperties:
1204 type: string
1205 description: The GCE resource labels (a map of key/value pairs)
1206 to be applied to the node pool.
1207 type: object
1208 sandboxConfig:
1209 description: Immutable. Sandbox configuration for this node.
1210 properties:
1211 sandboxType:
1212 description: Type of the sandbox to use for the node (e.g.
1213 'gvisor').
1214 type: string
1215 required:
1216 - sandboxType
1217 type: object
1218 serviceAccountRef:
1219 oneOf:
1220 - not:
1221 required:
1222 - external
1223 required:
1224 - name
1225 - not:
1226 anyOf:
1227 - required:
1228 - name
1229 - required:
1230 - namespace
1231 required:
1232 - external
1233 properties:
1234 external:
1235 description: 'Allowed value: The `email` field of an `IAMServiceAccount`
1236 resource.'
1237 type: string
1238 name:
1239 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
1240 type: string
1241 namespace:
1242 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
1243 type: string
1244 type: object
1245 shieldedInstanceConfig:
1246 description: Immutable. Shielded Instance options.
1247 properties:
1248 enableIntegrityMonitoring:
1249 description: Immutable. Defines whether the instance has integrity
1250 monitoring enabled.
1251 type: boolean
1252 enableSecureBoot:
1253 description: Immutable. Defines whether the instance has Secure
1254 Boot enabled.
1255 type: boolean
1256 type: object
1257 spot:
1258 description: Immutable. Whether the nodes are created as spot
1259 VM instances.
1260 type: boolean
1261 tags:
1262 description: The list of instance tags applied to all nodes.
1263 items:
1264 type: string
1265 type: array
1266 taint:
1267 description: Immutable. List of Kubernetes taints to be applied
1268 to each node.
1269 items:
1270 properties:
1271 effect:
1272 description: Immutable. Effect for taint.
1273 type: string
1274 key:
1275 description: Immutable. Key for taint.
1276 type: string
1277 value:
1278 description: Immutable. Value for taint.
1279 type: string
1280 required:
1281 - effect
1282 - key
1283 - value
1284 type: object
1285 type: array
1286 workloadMetadataConfig:
1287 description: Immutable. The workload metadata configuration for
1288 this node.
1289 properties:
1290 mode:
1291 description: Mode is the configuration for how to expose metadata
1292 to workloads running on the node.
1293 type: string
1294 nodeMetadata:
1295 description: DEPRECATED. Deprecated in favor of mode. NodeMetadata
1296 is the configuration for how to expose metadata to the workloads
1297 running on the node.
1298 type: string
1299 type: object
1300 type: object
1301 nodeLocations:
1302 description: The list of zones in which the cluster's nodes are located.
1303 Nodes must be in the region of their regional cluster or in the
1304 same region as their cluster's zone for zonal clusters. If this
1305 is specified for a zonal cluster, omit the cluster's zone.
1306 items:
1307 type: string
1308 type: array
1309 nodePoolAutoConfig:
1310 description: Node pool configs that apply to all auto-provisioned
1311 node pools in autopilot clusters and node auto-provisioning enabled
1312 clusters.
1313 properties:
1314 networkTags:
1315 description: Collection of Compute Engine network tags that can
1316 be applied to a node's underlying VM instance.
1317 properties:
1318 tags:
1319 description: List of network tags applied to auto-provisioned
1320 node pools.
1321 items:
1322 type: string
1323 type: array
1324 type: object
1325 type: object
1326 nodePoolDefaults:
1327 description: The default nodel pool settings for the entire cluster.
1328 properties:
1329 nodeConfigDefaults:
1330 description: Subset of NodeConfig message that has defaults.
1331 properties:
1332 gcfsConfig:
1333 description: GCFS configuration for this node.
1334 properties:
1335 enabled:
1336 description: Whether or not GCFS is enabled.
1337 type: boolean
1338 required:
1339 - enabled
1340 type: object
1341 loggingVariant:
1342 description: Type of logging agent that is used as the default
1343 value for node pools in the cluster. Valid values include
1344 DEFAULT and MAX_THROUGHPUT.
1345 type: string
1346 type: object
1347 type: object
1348 nodeVersion:
1349 type: string
1350 notificationConfig:
1351 description: The notification config for sending cluster upgrade notifications.
1352 properties:
1353 pubsub:
1354 description: Notification config for Cloud Pub/Sub.
1355 properties:
1356 enabled:
1357 description: Whether or not the notification config is enabled.
1358 type: boolean
1359 filter:
1360 description: Allows filtering to one or more specific event
1361 types. If event types are present, those and only those
1362 event types will be transmitted to the cluster. Other types
1363 will be skipped. If no filter is specified, or no event
1364 types are present, all event types will be sent.
1365 properties:
1366 eventType:
1367 description: Can be used to filter what notifications
1368 are sent. Valid values include include UPGRADE_AVAILABLE_EVENT,
1369 UPGRADE_EVENT and SECURITY_BULLETIN_EVENT.
1370 items:
1371 type: string
1372 type: array
1373 required:
1374 - eventType
1375 type: object
1376 topicRef:
1377 description: The PubSubTopic to send the notification to.
1378 oneOf:
1379 - not:
1380 required:
1381 - external
1382 required:
1383 - name
1384 - not:
1385 anyOf:
1386 - required:
1387 - name
1388 - required:
1389 - namespace
1390 required:
1391 - external
1392 properties:
1393 external:
1394 description: 'Allowed value: string of the format `projects/{{project}}/topics/{{value}}`,
1395 where {{value}} is the `name` field of a `PubSubTopic`
1396 resource.'
1397 type: string
1398 name:
1399 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
1400 type: string
1401 namespace:
1402 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
1403 type: string
1404 type: object
1405 required:
1406 - enabled
1407 type: object
1408 required:
1409 - pubsub
1410 type: object
1411 podSecurityPolicyConfig:
1412 description: Configuration for the PodSecurityPolicy feature.
1413 properties:
1414 enabled:
1415 description: Enable the PodSecurityPolicy controller for this
1416 cluster. If enabled, pods must be valid under a PodSecurityPolicy
1417 to be created.
1418 type: boolean
1419 required:
1420 - enabled
1421 type: object
1422 privateClusterConfig:
1423 description: Configuration for private clusters, clusters with private
1424 nodes.
1425 properties:
1426 enablePrivateEndpoint:
1427 description: When true, the cluster's private endpoint is used
1428 as the cluster endpoint and access through the public endpoint
1429 is disabled. When false, either endpoint can be used. This field
1430 only applies to private clusters, when enable_private_nodes
1431 is true.
1432 type: boolean
1433 enablePrivateNodes:
1434 description: Immutable. Enables the private cluster feature, creating
1435 a private endpoint on the cluster. In a private cluster, nodes
1436 only have RFC 1918 private addresses and communicate with the
1437 master's private endpoint via private networking.
1438 type: boolean
1439 masterGlobalAccessConfig:
1440 description: Controls cluster master global access settings.
1441 properties:
1442 enabled:
1443 description: Whether the cluster master is accessible globally
1444 or not.
1445 type: boolean
1446 required:
1447 - enabled
1448 type: object
1449 masterIpv4CidrBlock:
1450 description: Immutable. The IP range in CIDR notation to use for
1451 the hosted master network. This range will be used for assigning
1452 private IP addresses to the cluster master(s) and the ILB VIP.
1453 This range must not overlap with any other ranges in use within
1454 the cluster's network, and it must be a /28 subnet. See Private
1455 Cluster Limitations for more details. This field only applies
1456 to private clusters, when enable_private_nodes is true.
1457 type: string
1458 peeringName:
1459 description: The name of the peering between this cluster and
1460 the Google owned VPC.
1461 type: string
1462 privateEndpoint:
1463 description: The internal IP address of this cluster's master
1464 endpoint.
1465 type: string
1466 privateEndpointSubnetworkRef:
1467 description: |-
1468 Immutable. Subnetwork in cluster's network where master's endpoint
1469 will be provisioned.
1470 oneOf:
1471 - not:
1472 required:
1473 - external
1474 required:
1475 - name
1476 - not:
1477 anyOf:
1478 - required:
1479 - name
1480 - required:
1481 - namespace
1482 required:
1483 - external
1484 properties:
1485 external:
1486 description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork`
1487 resource.'
1488 type: string
1489 name:
1490 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
1491 type: string
1492 namespace:
1493 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
1494 type: string
1495 type: object
1496 publicEndpoint:
1497 description: The external IP address of this cluster's master
1498 endpoint.
1499 type: string
1500 type: object
1501 privateIpv6GoogleAccess:
1502 description: The desired state of IPv6 connectivity to Google Services.
1503 By default, no private IPv6 access to or from Google Services (all
1504 access will be via IPv4).
1505 type: string
1506 protectConfig:
1507 description: Enable/Disable Protect API features for the cluster.
1508 properties:
1509 workloadConfig:
1510 description: WorkloadConfig defines which actions are enabled
1511 for a cluster's workload configurations.
1512 properties:
1513 auditMode:
1514 description: Sets which mode of auditing should be used for
1515 the cluster's workloads. Accepted values are DISABLED, BASIC.
1516 type: string
1517 required:
1518 - auditMode
1519 type: object
1520 workloadVulnerabilityMode:
1521 description: Sets which mode to use for Protect workload vulnerability
1522 scanning feature. Accepted values are DISABLED, BASIC.
1523 type: string
1524 type: object
1525 releaseChannel:
1526 description: Configuration options for the Release channel feature,
1527 which provide more control over automatic upgrades of your GKE clusters.
1528 Note that removing this field from your config will not unenroll
1529 it. Instead, use the "UNSPECIFIED" channel.
1530 properties:
1531 channel:
1532 description: |-
1533 The selected release channel. Accepted values are:
1534 * UNSPECIFIED: Not set.
1535 * RAPID: Weekly upgrade cadence; Early testers and developers who requires new features.
1536 * REGULAR: Multiple per month upgrade cadence; Production users who need features not yet offered in the Stable channel.
1537 * STABLE: Every few months upgrade cadence; Production users who need stability above all else, and for whom frequent upgrades are too risky.
1538 type: string
1539 required:
1540 - channel
1541 type: object
1542 resourceID:
1543 description: Immutable. Optional. The name of the resource. Used for
1544 creation and acquisition. When unset, the value of `metadata.name`
1545 is used as the default.
1546 type: string
1547 resourceUsageExportConfig:
1548 description: Configuration for the ResourceUsageExportConfig feature.
1549 properties:
1550 bigqueryDestination:
1551 description: Parameters for using BigQuery as the destination
1552 of resource usage export.
1553 properties:
1554 datasetId:
1555 description: The ID of a BigQuery Dataset.
1556 type: string
1557 required:
1558 - datasetId
1559 type: object
1560 enableNetworkEgressMetering:
1561 description: Whether to enable network egress metering for this
1562 cluster. If enabled, a daemonset will be created in the cluster
1563 to meter network egress traffic.
1564 type: boolean
1565 enableResourceConsumptionMetering:
1566 description: Whether to enable resource consumption metering on
1567 this cluster. When enabled, a table will be created in the resource
1568 export BigQuery dataset to store resource consumption data.
1569 The resulting table can be joined with the resource usage table
1570 or with BigQuery billing export. Defaults to true.
1571 type: boolean
1572 required:
1573 - bigqueryDestination
1574 type: object
1575 serviceExternalIpsConfig:
1576 description: If set, and enabled=true, services with external ips
1577 field will not be blocked.
1578 properties:
1579 enabled:
1580 description: When enabled, services with exterenal ips specified
1581 will be allowed.
1582 type: boolean
1583 required:
1584 - enabled
1585 type: object
1586 subnetworkRef:
1587 oneOf:
1588 - not:
1589 required:
1590 - external
1591 required:
1592 - name
1593 - not:
1594 anyOf:
1595 - required:
1596 - name
1597 - required:
1598 - namespace
1599 required:
1600 - external
1601 properties:
1602 external:
1603 description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork`
1604 resource.'
1605 type: string
1606 name:
1607 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
1608 type: string
1609 namespace:
1610 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
1611 type: string
1612 type: object
1613 verticalPodAutoscaling:
1614 description: Vertical Pod Autoscaling automatically adjusts the resources
1615 of pods controlled by it.
1616 properties:
1617 enabled:
1618 description: Enables vertical pod autoscaling.
1619 type: boolean
1620 required:
1621 - enabled
1622 type: object
1623 workloadIdentityConfig:
1624 description: Configuration for the use of Kubernetes Service Accounts
1625 in GCP IAM policies.
1626 properties:
1627 identityNamespace:
1628 description: |-
1629 DEPRECATED. This field will be removed in a future major release as it has been deprecated in the API. Use `workloadPool` instead; `workloadPool` field will supersede this field.
1630 Enables workload identity.
1631 type: string
1632 workloadPool:
1633 description: The workload pool to attach all Kubernetes service
1634 accounts to.
1635 type: string
1636 type: object
1637 required:
1638 - location
1639 type: object
1640 status:
1641 properties:
1642 conditions:
1643 description: Conditions represent the latest available observation
1644 of the resource's current state.
1645 items:
1646 properties:
1647 lastTransitionTime:
1648 description: Last time the condition transitioned from one status
1649 to another.
1650 type: string
1651 message:
1652 description: Human-readable message indicating details about
1653 last transition.
1654 type: string
1655 reason:
1656 description: Unique, one-word, CamelCase reason for the condition's
1657 last transition.
1658 type: string
1659 status:
1660 description: Status is the status of the condition. Can be True,
1661 False, Unknown.
1662 type: string
1663 type:
1664 description: Type is the type of the condition.
1665 type: string
1666 type: object
1667 type: array
1668 endpoint:
1669 description: The IP address of this cluster's Kubernetes master.
1670 type: string
1671 labelFingerprint:
1672 description: The fingerprint of the set of labels for this cluster.
1673 type: string
1674 masterVersion:
1675 description: The current version of the master in the cluster. This
1676 may be different than the min_master_version set in the config if
1677 the master has been updated by GKE.
1678 type: string
1679 observedGeneration:
1680 description: ObservedGeneration is the generation of the resource
1681 that was most recently observed by the Config Connector controller.
1682 If this is equal to metadata.generation, then that means that the
1683 current reported status reflects the most recent desired state of
1684 the resource.
1685 type: integer
1686 operation:
1687 type: string
1688 selfLink:
1689 description: Server-defined URL for the resource.
1690 type: string
1691 servicesIpv4Cidr:
1692 description: The IP address range of the Kubernetes services in this
1693 cluster, in CIDR notation (e.g. 1.2.3.4/29). Service addresses are
1694 typically put in the last /16 from the container CIDR.
1695 type: string
1696 tpuIpv4CidrBlock:
1697 description: The IP address range of the Cloud TPUs in this cluster,
1698 in CIDR notation (e.g. 1.2.3.4/29).
1699 type: string
1700 type: object
1701 required:
1702 - spec
1703 type: object
1704 served: true
1705 storage: true
1706 subresources:
1707 status: {}
1708status:
1709 acceptedNames:
1710 kind: ""
1711 plural: ""
1712 conditions: []
1713 storedVersions: []
View as plain text