import * as pulumi from "@pulumi/pulumi"; import * as inputs from "../types/input"; import * as outputs from "../types/output"; /** * An Anthos cluster running on customer owned infrastructure. * * To get more information about Cluster, see: * * * [API documentation](https://cloud.google.com/anthos/clusters/docs/multi-cloud/reference/rest) * * How-to Guides * * [API reference](https://cloud.google.com/anthos/clusters/docs/multi-cloud/reference/rest/v1/projects.locations.attachedClusters) * * [Multicloud overview](https://cloud.google.com/anthos/clusters/docs/multi-cloud) * * ## Example Usage * * ### Container Attached Cluster Basic * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const project = gcp.organizations.getProject({}); * const versions = project.then(project => gcp.container.getAttachedVersions({ * location: "us-west1", * project: project.projectId, * })); * const primary = new gcp.container.AttachedCluster("primary", { * name: "basic", * location: "us-west1", * project: project.then(project => project.projectId), * description: "Test cluster", * distribution: "aks", * oidcConfig: { * issuerUrl: "https://oidc.issuer.url", * }, * platformVersion: versions.then(versions => versions.validVersions?.[0]), * fleet: { * project: project.then(project => `projects/${project.number}`), * }, * }); * ``` * ### Container Attached Cluster Full * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * import * as std from "@pulumi/std"; * * const project = gcp.organizations.getProject({}); * const versions = project.then(project => gcp.container.getAttachedVersions({ * location: "us-west1", * project: project.projectId, * })); * const primary = new gcp.container.AttachedCluster("primary", { * name: "basic", * project: project.then(project => project.projectId), * location: "us-west1", * description: "Test cluster", * distribution: "aks", * annotations: { * "label-one": "value-one", * }, * authorization: { * adminUsers: [ * "user1@example.com", * "user2@example.com", * ], * adminGroups: [ * "group1@example.com", * "group2@example.com", * ], * }, * oidcConfig: { * issuerUrl: "https://oidc.issuer.url", * jwks: std.base64encode({ * input: "{\"keys\":[{\"use\":\"sig\",\"kty\":\"RSA\",\"kid\":\"testid\",\"alg\":\"RS256\",\"n\":\"somedata\",\"e\":\"AQAB\"}]}", * }).then(invoke => invoke.result), * }, * platformVersion: versions.then(versions => versions.validVersions?.[0]), * fleet: { * project: project.then(project => `projects/${project.number}`), * }, * loggingConfig: { * componentConfig: { * enableComponents: [ * "SYSTEM_COMPONENTS", * "WORKLOADS", * ], * }, * }, * monitoringConfig: { * managedPrometheusConfig: { * enabled: true, * }, * }, * binaryAuthorization: { * evaluationMode: "PROJECT_SINGLETON_POLICY_ENFORCE", * }, * proxyConfig: { * kubernetesSecret: { * name: "proxy-config", * namespace: "default", * }, * }, * }); * ``` * ### Container Attached Cluster Ignore Errors * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const project = gcp.organizations.getProject({}); * const versions = project.then(project => gcp.container.getAttachedVersions({ * location: "us-west1", * project: project.projectId, * })); * const primary = new gcp.container.AttachedCluster("primary", { * name: "basic", * location: "us-west1", * project: project.then(project => project.projectId), * description: "Test cluster", * distribution: "aks", * oidcConfig: { * issuerUrl: "https://oidc.issuer.url", * }, * platformVersion: versions.then(versions => versions.validVersions?.[0]), * fleet: { * project: project.then(project => `projects/${project.number}`), * }, * deletionPolicy: "DELETE_IGNORE_ERRORS", * }); * ``` * * ## Import * * Cluster can be imported using any of these accepted formats: * * * `projects/{{project}}/locations/{{location}}/attachedClusters/{{name}}` * * * `{{project}}/{{location}}/{{name}}` * * * `{{location}}/{{name}}` * * When using the `pulumi import` command, Cluster can be imported using one of the formats above. For example: * * ```sh * $ pulumi import gcp:container/attachedCluster:AttachedCluster default projects/{{project}}/locations/{{location}}/attachedClusters/{{name}} * ``` * * ```sh * $ pulumi import gcp:container/attachedCluster:AttachedCluster default {{project}}/{{location}}/{{name}} * ``` * * ```sh * $ pulumi import gcp:container/attachedCluster:AttachedCluster default {{location}}/{{name}} * ``` */ export declare class AttachedCluster extends pulumi.CustomResource { /** * Get an existing AttachedCluster resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input, state?: AttachedClusterState, opts?: pulumi.CustomResourceOptions): AttachedCluster; /** * Returns true if the given object is an instance of AttachedCluster. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is AttachedCluster; /** * Optional. Annotations on the cluster. This field has the same restrictions as Kubernetes annotations. The total size of * all keys and values combined is limited to 256k. Key can have 2 segments: prefix (optional) and name (required), * separated by a slash (/). Prefix must be a DNS subdomain. Name must be 63 characters or less, begin and end with * alphanumerics, with dashes (-), underscores (_), dots (.), and alphanumerics between. **Note**: This field is * non-authoritative, and will only manage the annotations present in your configuration. Please refer to the field * 'effective_annotations' for all of the annotations present on the resource. */ readonly annotations: pulumi.Output<{ [key: string]: string; } | undefined>; /** * Configuration related to the cluster RBAC settings. */ readonly authorization: pulumi.Output; /** * Binary Authorization configuration. */ readonly binaryAuthorization: pulumi.Output; /** * Output only. The region where this cluster runs. * For EKS clusters, this is an AWS region. For AKS clusters, * this is an Azure region. */ readonly clusterRegion: pulumi.Output; /** * Output only. The time at which this cluster was created. */ readonly createTime: pulumi.Output; /** * Policy to determine what flags to send on delete. Possible values: DELETE, DELETE_IGNORE_ERRORS */ readonly deletionPolicy: pulumi.Output; /** * A human readable description of this attached cluster. Cannot be longer than 255 UTF-8 encoded bytes. */ readonly description: pulumi.Output; /** * The Kubernetes distribution of the underlying attached cluster. Supported values: * "eks", "aks", "generic". The generic distribution provides the ability to register * or migrate any CNCF conformant cluster. */ readonly distribution: pulumi.Output; readonly effectiveAnnotations: pulumi.Output<{ [key: string]: string; }>; /** * A set of errors found in the cluster. * Structure is documented below. */ readonly errors: pulumi.Output; /** * Fleet configuration. * Structure is documented below. */ readonly fleet: pulumi.Output; /** * The Kubernetes version of the cluster. */ readonly kubernetesVersion: pulumi.Output; /** * The location for the resource */ readonly location: pulumi.Output; /** * Logging configuration. */ readonly loggingConfig: pulumi.Output; /** * Monitoring configuration. */ readonly monitoringConfig: pulumi.Output; /** * The name of this resource. */ readonly name: pulumi.Output; /** * OIDC discovery information of the target cluster. * Kubernetes Service Account (KSA) tokens are JWT tokens signed by the cluster * API server. This fields indicates how GCP services * validate KSA tokens in order to allow system workloads (such as GKE Connect * and telemetry agents) to authenticate back to GCP. * Both clusters with public and private issuer URLs are supported. * Clusters with public issuers only need to specify the `issuerUrl` field * while clusters with private issuers need to provide both * `issuerUrl` and `jwks`. * Structure is documented below. */ readonly oidcConfig: pulumi.Output; /** * The platform version for the cluster (e.g. `1.23.0-gke.1`). */ readonly platformVersion: pulumi.Output; readonly project: pulumi.Output; /** * Support for proxy configuration. */ readonly proxyConfig: pulumi.Output; /** * If set, there are currently changes in flight to the cluster. */ readonly reconciling: pulumi.Output; /** * Enable/Disable Security Posture API features for the cluster. * * @deprecated `securityPostureConfig` is deprecated and will be removed in a future major release. */ readonly securityPostureConfig: pulumi.Output; /** * The current state of the cluster. Possible values: * STATE_UNSPECIFIED, PROVISIONING, RUNNING, RECONCILING, STOPPING, ERROR, * DEGRADED */ readonly state: pulumi.Output; /** * A globally unique identifier for the cluster. */ readonly uid: pulumi.Output; /** * The time at which this cluster was last updated. */ readonly updateTime: pulumi.Output; /** * Workload Identity settings. * Structure is documented below. */ readonly workloadIdentityConfigs: pulumi.Output; /** * Create a AttachedCluster resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args: AttachedClusterArgs, opts?: pulumi.CustomResourceOptions); } /** * Input properties used for looking up and filtering AttachedCluster resources. */ export interface AttachedClusterState { /** * Optional. Annotations on the cluster. This field has the same restrictions as Kubernetes annotations. The total size of * all keys and values combined is limited to 256k. Key can have 2 segments: prefix (optional) and name (required), * separated by a slash (/). Prefix must be a DNS subdomain. Name must be 63 characters or less, begin and end with * alphanumerics, with dashes (-), underscores (_), dots (.), and alphanumerics between. **Note**: This field is * non-authoritative, and will only manage the annotations present in your configuration. Please refer to the field * 'effective_annotations' for all of the annotations present on the resource. */ annotations?: pulumi.Input<{ [key: string]: pulumi.Input; }>; /** * Configuration related to the cluster RBAC settings. */ authorization?: pulumi.Input; /** * Binary Authorization configuration. */ binaryAuthorization?: pulumi.Input; /** * Output only. The region where this cluster runs. * For EKS clusters, this is an AWS region. For AKS clusters, * this is an Azure region. */ clusterRegion?: pulumi.Input; /** * Output only. The time at which this cluster was created. */ createTime?: pulumi.Input; /** * Policy to determine what flags to send on delete. Possible values: DELETE, DELETE_IGNORE_ERRORS */ deletionPolicy?: pulumi.Input; /** * A human readable description of this attached cluster. Cannot be longer than 255 UTF-8 encoded bytes. */ description?: pulumi.Input; /** * The Kubernetes distribution of the underlying attached cluster. Supported values: * "eks", "aks", "generic". The generic distribution provides the ability to register * or migrate any CNCF conformant cluster. */ distribution?: pulumi.Input; effectiveAnnotations?: pulumi.Input<{ [key: string]: pulumi.Input; }>; /** * A set of errors found in the cluster. * Structure is documented below. */ errors?: pulumi.Input[]>; /** * Fleet configuration. * Structure is documented below. */ fleet?: pulumi.Input; /** * The Kubernetes version of the cluster. */ kubernetesVersion?: pulumi.Input; /** * The location for the resource */ location?: pulumi.Input; /** * Logging configuration. */ loggingConfig?: pulumi.Input; /** * Monitoring configuration. */ monitoringConfig?: pulumi.Input; /** * The name of this resource. */ name?: pulumi.Input; /** * OIDC discovery information of the target cluster. * Kubernetes Service Account (KSA) tokens are JWT tokens signed by the cluster * API server. This fields indicates how GCP services * validate KSA tokens in order to allow system workloads (such as GKE Connect * and telemetry agents) to authenticate back to GCP. * Both clusters with public and private issuer URLs are supported. * Clusters with public issuers only need to specify the `issuerUrl` field * while clusters with private issuers need to provide both * `issuerUrl` and `jwks`. * Structure is documented below. */ oidcConfig?: pulumi.Input; /** * The platform version for the cluster (e.g. `1.23.0-gke.1`). */ platformVersion?: pulumi.Input; project?: pulumi.Input; /** * Support for proxy configuration. */ proxyConfig?: pulumi.Input; /** * If set, there are currently changes in flight to the cluster. */ reconciling?: pulumi.Input; /** * Enable/Disable Security Posture API features for the cluster. * * @deprecated `securityPostureConfig` is deprecated and will be removed in a future major release. */ securityPostureConfig?: pulumi.Input; /** * The current state of the cluster. Possible values: * STATE_UNSPECIFIED, PROVISIONING, RUNNING, RECONCILING, STOPPING, ERROR, * DEGRADED */ state?: pulumi.Input; /** * A globally unique identifier for the cluster. */ uid?: pulumi.Input; /** * The time at which this cluster was last updated. */ updateTime?: pulumi.Input; /** * Workload Identity settings. * Structure is documented below. */ workloadIdentityConfigs?: pulumi.Input[]>; } /** * The set of arguments for constructing a AttachedCluster resource. */ export interface AttachedClusterArgs { /** * Optional. Annotations on the cluster. This field has the same restrictions as Kubernetes annotations. The total size of * all keys and values combined is limited to 256k. Key can have 2 segments: prefix (optional) and name (required), * separated by a slash (/). Prefix must be a DNS subdomain. Name must be 63 characters or less, begin and end with * alphanumerics, with dashes (-), underscores (_), dots (.), and alphanumerics between. **Note**: This field is * non-authoritative, and will only manage the annotations present in your configuration. Please refer to the field * 'effective_annotations' for all of the annotations present on the resource. */ annotations?: pulumi.Input<{ [key: string]: pulumi.Input; }>; /** * Configuration related to the cluster RBAC settings. */ authorization?: pulumi.Input; /** * Binary Authorization configuration. */ binaryAuthorization?: pulumi.Input; /** * Policy to determine what flags to send on delete. Possible values: DELETE, DELETE_IGNORE_ERRORS */ deletionPolicy?: pulumi.Input; /** * A human readable description of this attached cluster. Cannot be longer than 255 UTF-8 encoded bytes. */ description?: pulumi.Input; /** * The Kubernetes distribution of the underlying attached cluster. Supported values: * "eks", "aks", "generic". The generic distribution provides the ability to register * or migrate any CNCF conformant cluster. */ distribution: pulumi.Input; /** * Fleet configuration. * Structure is documented below. */ fleet: pulumi.Input; /** * The location for the resource */ location: pulumi.Input; /** * Logging configuration. */ loggingConfig?: pulumi.Input; /** * Monitoring configuration. */ monitoringConfig?: pulumi.Input; /** * The name of this resource. */ name?: pulumi.Input; /** * OIDC discovery information of the target cluster. * Kubernetes Service Account (KSA) tokens are JWT tokens signed by the cluster * API server. This fields indicates how GCP services * validate KSA tokens in order to allow system workloads (such as GKE Connect * and telemetry agents) to authenticate back to GCP. * Both clusters with public and private issuer URLs are supported. * Clusters with public issuers only need to specify the `issuerUrl` field * while clusters with private issuers need to provide both * `issuerUrl` and `jwks`. * Structure is documented below. */ oidcConfig: pulumi.Input; /** * The platform version for the cluster (e.g. `1.23.0-gke.1`). */ platformVersion: pulumi.Input; project?: pulumi.Input; /** * Support for proxy configuration. */ proxyConfig?: pulumi.Input; /** * Enable/Disable Security Posture API features for the cluster. * * @deprecated `securityPostureConfig` is deprecated and will be removed in a future major release. */ securityPostureConfig?: pulumi.Input; }