import * as pulumi from "@pulumi/pulumi"; import * as inputs from "../types/input"; import * as outputs from "../types/output"; /** * Manages a Google Kubernetes Engine (GKE) cluster. * * To get more information about GKE clusters, see: * * [The API reference](https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1beta1/projects.locations.clusters) * * How-to guides * * [GKE overview](https://cloud.google.com/kubernetes-engine/docs/concepts/kubernetes-engine-overview) * * [About cluster configuration choices](https://cloud.google.com/kubernetes-engine/docs/concepts/types-of-clusters) * * > On version 5.0.0+ of the provider, you must explicitly set `deletionProtection = false` * and run `pulumi up` to write the field to state in order to destroy a cluster. * * > All arguments and attributes (including certificate outputs) will be stored in the raw state as * plaintext. Read more about sensitive data in state. * * ## Example Usage * * ### With A Separately Managed Node Pool (Recommended) * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const _default = new gcp.serviceaccount.Account("default", { * accountId: "service-account-id", * displayName: "Service Account", * }); * const primary = new gcp.container.Cluster("primary", { * name: "my-gke-cluster", * location: "us-central1", * removeDefaultNodePool: true, * initialNodeCount: 1, * }); * const primaryPreemptibleNodes = new gcp.container.NodePool("primary_preemptible_nodes", { * name: "my-node-pool", * location: "us-central1", * cluster: primary.name, * nodeCount: 1, * nodeConfig: { * preemptible: true, * machineType: "e2-medium", * serviceAccount: _default.email, * oauthScopes: ["https://www.googleapis.com/auth/cloud-platform"], * }, * }); * ``` * * > **Note:** It is recommended that node pools be created and managed as separate resources as in the example above. * This allows node pools to be added and removed without recreating the cluster. Node pools defined directly in the * `gcp.container.Cluster` resource cannot be removed without re-creating the cluster. * * ### With The Default Node Pool * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const _default = new gcp.serviceaccount.Account("default", { * accountId: "service-account-id", * displayName: "Service Account", * }); * const primary = new gcp.container.Cluster("primary", { * name: "marcellus-wallace", * location: "us-central1-a", * initialNodeCount: 3, * nodeConfig: { * serviceAccount: _default.email, * oauthScopes: ["https://www.googleapis.com/auth/cloud-platform"], * labels: { * foo: "bar", * }, * tags: [ * "foo", * "bar", * ], * }, * }); * ``` * * ### Autopilot * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const _default = new gcp.serviceaccount.Account("default", { * accountId: "service-account-id", * displayName: "Service Account", * }); * const primary = new gcp.container.Cluster("primary", { * name: "marcellus-wallace", * location: "us-central1-a", * enableAutopilot: true, * }); * ``` * * ## Import * * GKE clusters can be imported using the `project` , `location`, and `name`. If the project is omitted, the default * provider value will be used. Examples: * * * `projects/{{project_id}}/locations/{{location}}/clusters/{{cluster_id}}` * * `{{project_id}}/{{location}}/{{cluster_id}}` * * `{{location}}/{{cluster_id}}` * * When using the `pulumi import` command, GKE clusters can be imported using one of the formats above. For example: * * ```sh * $ pulumi import gcp:container/cluster:Cluster default projects/{{project_id}}/locations/{{location}}/clusters/{{cluster_id}} * * $ pulumi import gcp:container/cluster:Cluster default {{project_id}}/{{location}}/{{cluster_id}} * * $ pulumi import gcp:container/cluster:Cluster default {{location}}/{{cluster_id}} * ``` * * > **Note:** This resource has several fields that control Terraform-specific behavior and aren't present in the API. If they are set in config and you import a cluster, Terraform may need to perform an update immediately after import. Most of these updates should be no-ops but some may modify your cluster if the imported state differs. * * For example, the following fields will show diffs if set in config: * * - `minMasterVersion` * - `removeDefaultNodePool` */ export declare class Cluster extends pulumi.CustomResource { /** * Get an existing Cluster resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input, state?: ClusterState, opts?: pulumi.CustomResourceOptions): Cluster; /** * Returns true if the given object is an instance of Cluster. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is Cluster; /** * The configuration for addons supported by GKE. * Structure is documented below. */ readonly addonsConfig: pulumi.Output; /** * Enable NET_ADMIN for the cluster. Defaults to * `false`. This field should only be enabled for Autopilot clusters (`enableAutopilot` * set to `true`). */ readonly allowNetAdmin: pulumi.Output; /** * Configuration for [anonymous authentication restrictions](https://cloud.google.com/kubernetes-engine/docs/how-to/hardening-your-cluster#restrict-anon-access). Structure is documented below. */ readonly anonymousAuthenticationConfig: pulumi.Output; /** * Configuration for the * [Google Groups for GKE](https://cloud.google.com/kubernetes-engine/docs/how-to/role-based-access-control#groups-setup-gsuite) feature. * Structure is documented below. */ readonly authenticatorGroupsConfig: pulumi.Output; /** * Per-cluster configuration of Autopilot cluster policies in GKE clusters. This field can only be configured in non Autopilot clusters. Structure is documented below. */ readonly autopilotClusterPolicyConfig: pulumi.Output; /** * The customer * allowlist Cloud Storage paths for the cluster. These paths are used with the * `--autopilot-privileged-admission` flag to authorize privileged workloads in * Autopilot clusters. See the Cluster API's * [PrivilegedAdmissionConfig](https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1/projects.locations.clusters#privilegedadmissionconfig) * documentation for more details. */ readonly autopilotPrivilegedAdmissions: pulumi.Output; /** * Configuration options for the Binary * Authorization feature. Structure is documented below. */ readonly binaryAuthorization: pulumi.Output; /** * Per-cluster configuration of Node Auto-Provisioning with Cluster Autoscaler to * automatically adjust the size of the cluster and create/delete node pools based * on the current needs of the cluster's workload. See the * [guide to using Node Auto-Provisioning](https://cloud.google.com/kubernetes-engine/docs/how-to/node-auto-provisioning) * for more details. Structure is documented below. */ readonly clusterAutoscaling: pulumi.Output; /** * The IP address range of the Kubernetes pods * in this cluster in CIDR notation (e.g. `10.96.0.0/14`). Leave blank to have one * automatically chosen or specify a `/14` block in `10.0.0.0/8`. This field will * default a new cluster to routes-based, where `ipAllocationPolicy` is not defined. */ readonly clusterIpv4Cidr: pulumi.Output; /** * ) Configuration for * [ClusterTelemetry](https://cloud.google.com/monitoring/kubernetes-engine/installing#controlling_the_collection_of_application_logs) feature, * Structure is documented below. */ readonly clusterTelemetry: pulumi.Output; /** * Configuration for [Confidential Nodes](https://cloud.google.com/kubernetes-engine/docs/how-to/confidential-gke-nodes) feature. Structure is documented below documented below. */ readonly confidentialNodes: pulumi.Output; /** * Configuration for all of the cluster's control plane endpoints. * Structure is documented below. */ readonly controlPlaneEndpointsConfig: pulumi.Output; /** * Configuration for the * [Cost Allocation](https://cloud.google.com/kubernetes-engine/docs/how-to/cost-allocations) feature. * Structure is documented below. */ readonly costManagementConfig: pulumi.Output; /** * Structure is documented below. */ readonly databaseEncryption: pulumi.Output; /** * The desired datapath provider for this cluster. This is set to `LEGACY_DATAPATH` by default, which uses the IPTables-based kube-proxy implementation. Set to `ADVANCED_DATAPATH` to enable Dataplane v2. */ readonly datapathProvider: pulumi.Output; /** * The default maximum number of pods * per node in this cluster. This doesn't work on "routes-based" clusters, clusters * that don't have IP Aliasing enabled. See the [official documentation](https://cloud.google.com/kubernetes-engine/docs/how-to/flexible-pod-cidr) * for more information. */ readonly defaultMaxPodsPerNode: pulumi.Output; /** * [GKE SNAT](https://cloud.google.com/kubernetes-engine/docs/how-to/ip-masquerade-agent#how_ipmasq_works) DefaultSnatStatus contains the desired state of whether default sNAT should be disabled on the cluster, [API doc](https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1beta1/projects.locations.clusters#networkconfig). Structure is documented below */ readonly defaultSnatStatus: pulumi.Output; /** * (Optional) Whether Terraform will be prevented from destroying the resource. Defaults to "DELETE". * When a 'terraform destroy' or 'pulumi up' would delete the resource, * the command will fail if this field is set to "PREVENT" in Terraform state. * When set to "ABANDON", the command will remove the resource from Terraform * management without updating or deleting the resource in the API. * When set to "DELETE", deleting the resource is allowed. * * The `defaultSnatStatus` block supports */ readonly deletionPolicy: pulumi.Output; /** * Whether Terraform will be prevented from * destroying the cluster. Deleting this cluster via `terraform destroy` or * `pulumi up` will only succeed if this field is `false` in the Terraform * state. */ readonly deletionProtection: pulumi.Output; /** * Description of the cluster. */ readonly description: pulumi.Output; /** * Disable L4 load balancer VPC firewalls to enable firewall policies. */ readonly disableL4LbFirewallReconciliation: pulumi.Output; /** * Configuration for [Using Cloud DNS for GKE](https://cloud.google.com/kubernetes-engine/docs/how-to/cloud-dns). Structure is documented below. */ readonly dnsConfig: pulumi.Output; /** * All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services. */ readonly effectiveLabels: pulumi.Output<{ [key: string]: string; }>; /** * Enable Autopilot for this cluster. Defaults to `false`. * Note that when this option is enabled, certain features of Standard GKE are not available. * See the [official documentation](https://cloud.google.com/kubernetes-engine/docs/concepts/autopilot-overview#comparison) * for available features. */ readonly enableAutopilot: pulumi.Output; /** * Whether CiliumClusterWideNetworkPolicy is enabled on this cluster. Defaults to false. */ readonly enableCiliumClusterwideNetworkPolicy: pulumi.Output; /** * Whether FQDN Network Policy is enabled on this cluster. Users who enable this feature for existing Standard clusters must restart the GKE Dataplane V2 `anetd` DaemonSet after enabling it. See the [Enable FQDN Network Policy in an existing cluster](https://cloud.google.com/kubernetes-engine/docs/how-to/fqdn-network-policies#enable_fqdn_network_policy_in_an_existing_cluster) for more information. */ readonly enableFqdnNetworkPolicy: pulumi.Output; /** * Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network. */ readonly enableIntranodeVisibility: pulumi.Output; /** * Configuration for Kubernetes Beta APIs. * Structure is documented below. */ readonly enableK8sBetaApis: pulumi.Output; /** * Whether to enable Kubernetes Alpha features for * this cluster. Note that when this option is enabled, the cluster cannot be upgraded * and will be automatically deleted after 30 days. */ readonly enableKubernetesAlpha: pulumi.Output; /** * Whether L4ILB Subsetting is enabled for this cluster. */ readonly enableL4IlbSubsetting: pulumi.Output; /** * Whether the ABAC authorizer is enabled for this cluster. * When enabled, identities in the system, including service accounts, nodes, and controllers, * will have statically granted permissions beyond those provided by the RBAC configuration or IAM. * Defaults to `false` */ readonly enableLegacyAbac: pulumi.Output; /** * Whether multi-networking is enabled for this cluster. */ readonly enableMultiNetworking: pulumi.Output; /** * Enable Shielded Nodes features on all nodes in this cluster. Defaults to `true`. */ readonly enableShieldedNodes: pulumi.Output; /** * Whether to enable Cloud TPU resources in this cluster. * See the [official documentation](https://cloud.google.com/tpu/docs/kubernetes-engine-setup). */ readonly enableTpu: pulumi.Output; /** * The IP address of this cluster's Kubernetes master. */ readonly endpoint: pulumi.Output; /** * (DEPRECATED) Configuration for [Enterprise edition].(https://cloud.google.com/kubernetes-engine/enterprise/docs/concepts/gke-editions). Structure is documented below. Deprecated as GKE Enterprise features are now available without an Enterprise tier. See https://cloud.google.com/blog/products/containers-kubernetes/gke-gets-new-pricing-and-capabilities-on-10th-birthday for the announcement of this change. * * @deprecated GKE Enterprise features are now available without an Enterprise tier. This field is deprecated and will be removed in a future major release */ readonly enterpriseConfig: pulumi.Output; /** * Fleet configuration for the cluster. Structure is documented below. */ readonly fleet: pulumi.Output; /** * Configuration for [GKE Gateway API controller](https://cloud.google.com/kubernetes-engine/docs/concepts/gateway-api). Structure is documented below. */ readonly gatewayApiConfig: pulumi.Output; /** * Configuration options for the auto-upgrade patch type feature, which provide more control over the speed of automatic upgrades of your GKE clusters. * Structure is documented below. */ readonly gkeAutoUpgradeConfig: pulumi.Output; /** * . Structure is documented below. */ readonly identityServiceConfig: pulumi.Output; /** * Defines the config of in-transit encryption. Valid values are `IN_TRANSIT_ENCRYPTION_DISABLED` and `IN_TRANSIT_ENCRYPTION_INTER_NODE_TRANSPARENT`. */ readonly inTransitEncryptionConfig: pulumi.Output; /** * The number of nodes to create in this * cluster's default node pool. In regional or multi-zonal clusters, this is the * number of nodes per zone. Must be set if `nodePool` is not set. If you're using * `gcp.container.NodePool` objects with no default node pool, you'll need to * set this to a value of at least `1`, alongside setting * `removeDefaultNodePool` to `true`. */ readonly initialNodeCount: pulumi.Output; /** * Configuration of cluster IP allocation for * VPC-native clusters. If this block is unset during creation, it will be set by the GKE backend. * Structure is documented below. */ readonly ipAllocationPolicy: pulumi.Output; /** * The fingerprint of the set of labels for this cluster. */ readonly labelFingerprint: pulumi.Output; /** * The location (region or zone) in which the cluster * master will be created, as well as the default node location. If you specify a * zone (such as `us-central1-a`), the cluster will be a zonal cluster with a * single cluster master. If you specify a region (such as `us-west1`), the * cluster will be a regional cluster with multiple masters spread across zones in * the region, and with default node locations in those zones as well */ readonly location: pulumi.Output; /** * Logging configuration for the cluster. * Structure is documented below. */ readonly loggingConfig: pulumi.Output; /** * The logging service that the cluster should * write logs to. Available options include `logging.googleapis.com`(Legacy Stackdriver), * `logging.googleapis.com/kubernetes`(Stackdriver Kubernetes Engine Logging), and `none`. Defaults to `logging.googleapis.com/kubernetes` */ readonly loggingService: pulumi.Output; /** * The maintenance policy to use for the cluster. Structure is * documented below. */ readonly maintenancePolicy: pulumi.Output; /** * ) Configuration for the [GKE Managed ML Diagnostics](https://docs.cloud.google.com/kubernetes-engine/docs/concepts/TODO) feature. Structure is documented below. */ readonly managedMachineLearningDiagnosticsConfig: pulumi.Output; /** * ) Configuration for the [GKE Managed OpenTelemetry](https://docs.cloud.google.com/kubernetes-engine/docs/concepts/managed-otel-gke) feature. Structure is documented below. */ readonly managedOpentelemetryConfig: pulumi.Output; /** * The authentication information for accessing the * Kubernetes master. Some values in this block are only returned by the API if * your service account has permission to get credentials for your GKE cluster. If * you see an unexpected diff unsetting your client cert, ensure you have the * `container.clusters.getCredentials` permission. * Structure is documented below. */ readonly masterAuth: pulumi.Output; /** * The desired * configuration options for master authorized networks. Omit the * nested `cidrBlocks` attribute to disallow external access (except * the cluster node IPs, which GKE automatically whitelists). * Structure is documented below. */ readonly masterAuthorizedNetworksConfig: pulumi.Output; /** * The current version of the master in the cluster. This may * be different than the `minMasterVersion` set in the config if the master * has been updated by GKE. */ readonly masterVersion: pulumi.Output; /** * Structure is documented below. */ readonly meshCertificates: pulumi.Output; /** * The minimum version of the master. GKE * will auto-update the master to new versions, so this does not guarantee the * current master version--use the read-only `masterVersion` field to obtain that. * If unset, the cluster's version will be set by GKE to the version of the most recent * official release (which is not necessarily the latest version). Most users will find * the `gcp.container.getEngineVersions` data source useful - it indicates which versions * are available. If you intend to specify versions manually, * [the docs](https://cloud.google.com/kubernetes-engine/versioning-and-upgrades#specifying_cluster_version) * describe the various acceptable formats for this field. * * > If you are using the `gcp.container.getEngineVersions` datasource with a regional cluster, ensure that you have provided a `location` * to the datasource. A region can have a different set of supported versions than its corresponding zones, and not all zones in a * region are guaranteed to support the same version. */ readonly minMasterVersion: pulumi.Output; /** * Monitoring configuration for the cluster. * Structure is documented below. */ readonly monitoringConfig: pulumi.Output; /** * The monitoring service that the cluster * should write metrics to. * Automatically send metrics from pods in the cluster to the Google Cloud Monitoring API. * VM metrics will be collected by Google Compute Engine regardless of this setting * Available options include * `monitoring.googleapis.com`(Legacy Stackdriver), `monitoring.googleapis.com/kubernetes`(Stackdriver Kubernetes Engine Monitoring), and `none`. * Defaults to `monitoring.googleapis.com/kubernetes` */ readonly monitoringService: pulumi.Output; /** * The name of the cluster, unique within the project and * location. * * - - - */ readonly name: pulumi.Output; /** * The name or selfLink of the Google Compute Engine * network to which the cluster is connected. For Shared VPC, set this to the self link of the * shared network. */ readonly network: pulumi.Output; /** * Network bandwidth tier configuration. */ readonly networkPerformanceConfig: pulumi.Output; /** * Configuration options for the * [NetworkPolicy](https://kubernetes.io/docs/concepts/services-networking/networkpolicies/) * feature. Structure is documented below. */ readonly networkPolicy: pulumi.Output; /** * Determines whether alias IPs or routes will be used for pod IPs in the cluster. * Options are `VPC_NATIVE` or `ROUTES`. `VPC_NATIVE` enables [IP aliasing](https://cloud.google.com/kubernetes-engine/docs/how-to/ip-aliases). Newly created clusters will default to `VPC_NATIVE`. */ readonly networkingMode: pulumi.Output; /** * Parameters used in creating the default node pool. * Generally, this field should not be used at the same time as a * `gcp.container.NodePool` or a `nodePool` block; this configuration * manages the default node pool, which isn't recommended to be used. * Structure is documented below. */ readonly nodeConfig: pulumi.Output; /** * The list of zones in which the cluster's nodes * are located. Nodes must be in the region of their regional cluster or in the * same region as their cluster's zone for zonal clusters. If this is specified for * a zonal cluster, omit the cluster's zone. * * > A "multi-zonal" cluster is a zonal cluster with at least one additional zone * defined; in a multi-zonal cluster, the cluster master is only present in a * single zone while nodes are present in each of the primary zone and the node * locations. In contrast, in a regional cluster, cluster master nodes are present * in multiple zones in the region. For that reason, regional clusters should be * preferred. */ readonly nodeLocations: pulumi.Output; /** * Node pool configs that apply to auto-provisioned node pools in * [autopilot](https://cloud.google.com/kubernetes-engine/docs/concepts/autopilot-overview#comparison) clusters and * [node auto-provisioning](https://cloud.google.com/kubernetes-engine/docs/how-to/node-auto-provisioning)-enabled clusters. Structure is documented below. */ readonly nodePoolAutoConfig: pulumi.Output; /** * Default NodePool settings for the entire cluster. These settings are overridden if specified on the specific NodePool object. Structure is documented below. */ readonly nodePoolDefaults: pulumi.Output; /** * List of node pools associated with this cluster. * See gcp.container.NodePool for schema. * **Warning:** node pools defined inside a cluster can't be changed (or added/removed) after * cluster creation without deleting and recreating the entire cluster. Unless you absolutely need the ability * to say "these are the _only_ node pools associated with this cluster", use the * gcp.container.NodePool resource instead of this property. */ readonly nodePools: pulumi.Output; /** * The Kubernetes version on the nodes. Must either be unset * or set to the same value as `minMasterVersion` on create. Defaults to the default * version set by GKE which is not necessarily the latest version. This only affects * nodes in the default node pool. While a fuzzy version can be specified, it's * recommended that you specify explicit versions as the provider will see spurious diffs * when fuzzy versions are used. See the `gcp.container.getEngineVersions` data source's * `versionPrefix` field to approximate fuzzy versions. * To update nodes in other node pools, use the `version` attribute on the node pool. */ readonly nodeVersion: pulumi.Output; /** * Configuration for the [cluster upgrade notifications](https://cloud.google.com/kubernetes-engine/docs/how-to/cluster-upgrade-notifications) feature. Structure is documented below. */ readonly notificationConfig: pulumi.Output; readonly operation: pulumi.Output; /** * Configuration for the * Structure is documented below. */ readonly podAutoscaling: pulumi.Output; /** * ) Configuration for the * [PodSecurityPolicy](https://cloud.google.com/kubernetes-engine/docs/how-to/pod-security-policies) feature. * Structure is documented below. */ readonly podSecurityPolicyConfig: pulumi.Output; /** * Configuration for [private clusters](https://cloud.google.com/kubernetes-engine/docs/how-to/private-clusters), * clusters with private nodes. Structure is documented below. */ readonly privateClusterConfig: pulumi.Output; /** * The desired state of IPv6 connectivity to Google Services. By default, no private IPv6 access to or from Google Services (all access will be via IPv4). */ readonly privateIpv6GoogleAccess: pulumi.Output; /** * The ID of the project in which the resource belongs. If it * is not provided, the provider project is used. */ readonly project: pulumi.Output; /** * ) * Enable/Disable Protect API features for the cluster. Structure is documented below. */ readonly protectConfig: pulumi.Output; /** * The combination of labels configured directly on the resource and default labels configured on the provider. */ readonly pulumiLabels: pulumi.Output<{ [key: string]: string; }>; /** * RBACBindingConfig allows user to restrict ClusterRoleBindings an RoleBindings that can be created. Structure is documented below. */ readonly rbacBindingConfig: pulumi.Output; /** * Configuration options for the [Release channel](https://cloud.google.com/kubernetes-engine/docs/concepts/release-channels) * feature, which provide more control over automatic upgrades of your GKE clusters. * When updating this field, GKE imposes specific version requirements. See * [Selecting a new release channel](https://cloud.google.com/kubernetes-engine/docs/concepts/release-channels#selecting_a_new_release_channel) * for more details; the `gcp.container.getEngineVersions` datasource can provide * the default version for a channel. Note that removing the `releaseChannel` * field from your config will cause the provider to stop managing your cluster's * release channel, but will not unenroll it. Instead, use the `"UNSPECIFIED"` * channel. Structure is documented below. */ readonly releaseChannel: pulumi.Output; /** * If `true`, deletes the default node * pool upon cluster creation. If you're using `gcp.container.NodePool` * resources with no default node pool, this should be set to `true`, alongside * setting `initialNodeCount` to at least `1`. */ readonly removeDefaultNodePool: pulumi.Output; /** * The GCE resource labels (a map of key/value pairs) to be applied to the cluster. * * **Note**: This field is non-authoritative, and will only manage the labels present in your configuration. * Please refer to the field 'effective_labels' for all of the labels present on the resource. */ readonly resourceLabels: pulumi.Output<{ [key: string]: string; } | undefined>; /** * Configuration for the * [ResourceUsageExportConfig](https://cloud.google.com/kubernetes-engine/docs/how-to/cluster-usage-metering) feature. * Structure is documented below. */ readonly resourceUsageExportConfig: pulumi.Output; /** * Configuration for the * [SecretManagerConfig](https://cloud.google.com/secret-manager/docs/secret-manager-managed-csi-component) feature. * Structure is documented below. */ readonly secretManagerConfig: pulumi.Output; /** * Configuration for the * [SecretSyncConfig](https://cloud.google.com/secret-manager/docs/sync-k8-secrets) feature. * Structure is documented below. */ readonly secretSyncConfig: pulumi.Output; /** * Enable/Disable Security Posture API features for the cluster. Structure is documented below. */ readonly securityPostureConfig: pulumi.Output; /** * The server-defined URL for the resource. */ readonly selfLink: pulumi.Output; /** * Structure is documented below. */ readonly serviceExternalIpsConfig: pulumi.Output; /** * The IP address range of the Kubernetes services in this * cluster, in [CIDR](http://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing) * notation (e.g. `1.2.3.4/29`). Service addresses are typically put in the last * `/16` from the container CIDR. */ readonly servicesIpv4Cidr: pulumi.Output; /** * The name or selfLink of the Google Compute Engine * subnetwork in which the cluster's instances are launched. */ readonly subnetwork: pulumi.Output; /** * TPU configuration for the cluster. */ readonly tpuConfig: pulumi.Output; /** * The IP address range of the Cloud TPUs in this cluster, in * [CIDR](http://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing) * notation (e.g. `1.2.3.4/29`). */ readonly tpuIpv4CidrBlock: pulumi.Output; /** * The custom keys configuration of the cluster Structure is documented below. */ readonly userManagedKeysConfig: pulumi.Output; /** * Vertical Pod Autoscaling automatically adjusts the resources of pods controlled by it. * Structure is documented below. */ readonly verticalPodAutoscaling: pulumi.Output; /** * ) * Configuration for [direct-path (via ALTS) with workload identity.](https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1beta1/projects.locations.clusters#workloadaltsconfig). Structure is documented below. */ readonly workloadAltsConfig: pulumi.Output; /** * Workload Identity allows Kubernetes service accounts to act as a user-managed * [Google IAM Service Account](https://cloud.google.com/iam/docs/service-accounts#user-managed_service_accounts). * Structure is documented below. */ readonly workloadIdentityConfig: pulumi.Output; /** * Create a Cluster resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args?: ClusterArgs, opts?: pulumi.CustomResourceOptions); } /** * Input properties used for looking up and filtering Cluster resources. */ export interface ClusterState { /** * The configuration for addons supported by GKE. * Structure is documented below. */ addonsConfig?: pulumi.Input; /** * Enable NET_ADMIN for the cluster. Defaults to * `false`. This field should only be enabled for Autopilot clusters (`enableAutopilot` * set to `true`). */ allowNetAdmin?: pulumi.Input; /** * Configuration for [anonymous authentication restrictions](https://cloud.google.com/kubernetes-engine/docs/how-to/hardening-your-cluster#restrict-anon-access). Structure is documented below. */ anonymousAuthenticationConfig?: pulumi.Input; /** * Configuration for the * [Google Groups for GKE](https://cloud.google.com/kubernetes-engine/docs/how-to/role-based-access-control#groups-setup-gsuite) feature. * Structure is documented below. */ authenticatorGroupsConfig?: pulumi.Input; /** * Per-cluster configuration of Autopilot cluster policies in GKE clusters. This field can only be configured in non Autopilot clusters. Structure is documented below. */ autopilotClusterPolicyConfig?: pulumi.Input; /** * The customer * allowlist Cloud Storage paths for the cluster. These paths are used with the * `--autopilot-privileged-admission` flag to authorize privileged workloads in * Autopilot clusters. See the Cluster API's * [PrivilegedAdmissionConfig](https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1/projects.locations.clusters#privilegedadmissionconfig) * documentation for more details. */ autopilotPrivilegedAdmissions?: pulumi.Input[] | undefined>; /** * Configuration options for the Binary * Authorization feature. Structure is documented below. */ binaryAuthorization?: pulumi.Input; /** * Per-cluster configuration of Node Auto-Provisioning with Cluster Autoscaler to * automatically adjust the size of the cluster and create/delete node pools based * on the current needs of the cluster's workload. See the * [guide to using Node Auto-Provisioning](https://cloud.google.com/kubernetes-engine/docs/how-to/node-auto-provisioning) * for more details. Structure is documented below. */ clusterAutoscaling?: pulumi.Input; /** * The IP address range of the Kubernetes pods * in this cluster in CIDR notation (e.g. `10.96.0.0/14`). Leave blank to have one * automatically chosen or specify a `/14` block in `10.0.0.0/8`. This field will * default a new cluster to routes-based, where `ipAllocationPolicy` is not defined. */ clusterIpv4Cidr?: pulumi.Input; /** * ) Configuration for * [ClusterTelemetry](https://cloud.google.com/monitoring/kubernetes-engine/installing#controlling_the_collection_of_application_logs) feature, * Structure is documented below. */ clusterTelemetry?: pulumi.Input; /** * Configuration for [Confidential Nodes](https://cloud.google.com/kubernetes-engine/docs/how-to/confidential-gke-nodes) feature. Structure is documented below documented below. */ confidentialNodes?: pulumi.Input; /** * Configuration for all of the cluster's control plane endpoints. * Structure is documented below. */ controlPlaneEndpointsConfig?: pulumi.Input; /** * Configuration for the * [Cost Allocation](https://cloud.google.com/kubernetes-engine/docs/how-to/cost-allocations) feature. * Structure is documented below. */ costManagementConfig?: pulumi.Input; /** * Structure is documented below. */ databaseEncryption?: pulumi.Input; /** * The desired datapath provider for this cluster. This is set to `LEGACY_DATAPATH` by default, which uses the IPTables-based kube-proxy implementation. Set to `ADVANCED_DATAPATH` to enable Dataplane v2. */ datapathProvider?: pulumi.Input; /** * The default maximum number of pods * per node in this cluster. This doesn't work on "routes-based" clusters, clusters * that don't have IP Aliasing enabled. See the [official documentation](https://cloud.google.com/kubernetes-engine/docs/how-to/flexible-pod-cidr) * for more information. */ defaultMaxPodsPerNode?: pulumi.Input; /** * [GKE SNAT](https://cloud.google.com/kubernetes-engine/docs/how-to/ip-masquerade-agent#how_ipmasq_works) DefaultSnatStatus contains the desired state of whether default sNAT should be disabled on the cluster, [API doc](https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1beta1/projects.locations.clusters#networkconfig). Structure is documented below */ defaultSnatStatus?: pulumi.Input; /** * (Optional) Whether Terraform will be prevented from destroying the resource. Defaults to "DELETE". * When a 'terraform destroy' or 'pulumi up' would delete the resource, * the command will fail if this field is set to "PREVENT" in Terraform state. * When set to "ABANDON", the command will remove the resource from Terraform * management without updating or deleting the resource in the API. * When set to "DELETE", deleting the resource is allowed. * * The `defaultSnatStatus` block supports */ deletionPolicy?: pulumi.Input; /** * Whether Terraform will be prevented from * destroying the cluster. Deleting this cluster via `terraform destroy` or * `pulumi up` will only succeed if this field is `false` in the Terraform * state. */ deletionProtection?: pulumi.Input; /** * Description of the cluster. */ description?: pulumi.Input; /** * Disable L4 load balancer VPC firewalls to enable firewall policies. */ disableL4LbFirewallReconciliation?: pulumi.Input; /** * Configuration for [Using Cloud DNS for GKE](https://cloud.google.com/kubernetes-engine/docs/how-to/cloud-dns). Structure is documented below. */ dnsConfig?: pulumi.Input; /** * All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services. */ effectiveLabels?: pulumi.Input<{ [key: string]: pulumi.Input; } | undefined>; /** * Enable Autopilot for this cluster. Defaults to `false`. * Note that when this option is enabled, certain features of Standard GKE are not available. * See the [official documentation](https://cloud.google.com/kubernetes-engine/docs/concepts/autopilot-overview#comparison) * for available features. */ enableAutopilot?: pulumi.Input; /** * Whether CiliumClusterWideNetworkPolicy is enabled on this cluster. Defaults to false. */ enableCiliumClusterwideNetworkPolicy?: pulumi.Input; /** * Whether FQDN Network Policy is enabled on this cluster. Users who enable this feature for existing Standard clusters must restart the GKE Dataplane V2 `anetd` DaemonSet after enabling it. See the [Enable FQDN Network Policy in an existing cluster](https://cloud.google.com/kubernetes-engine/docs/how-to/fqdn-network-policies#enable_fqdn_network_policy_in_an_existing_cluster) for more information. */ enableFqdnNetworkPolicy?: pulumi.Input; /** * Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network. */ enableIntranodeVisibility?: pulumi.Input; /** * Configuration for Kubernetes Beta APIs. * Structure is documented below. */ enableK8sBetaApis?: pulumi.Input; /** * Whether to enable Kubernetes Alpha features for * this cluster. Note that when this option is enabled, the cluster cannot be upgraded * and will be automatically deleted after 30 days. */ enableKubernetesAlpha?: pulumi.Input; /** * Whether L4ILB Subsetting is enabled for this cluster. */ enableL4IlbSubsetting?: pulumi.Input; /** * Whether the ABAC authorizer is enabled for this cluster. * When enabled, identities in the system, including service accounts, nodes, and controllers, * will have statically granted permissions beyond those provided by the RBAC configuration or IAM. * Defaults to `false` */ enableLegacyAbac?: pulumi.Input; /** * Whether multi-networking is enabled for this cluster. */ enableMultiNetworking?: pulumi.Input; /** * Enable Shielded Nodes features on all nodes in this cluster. Defaults to `true`. */ enableShieldedNodes?: pulumi.Input; /** * Whether to enable Cloud TPU resources in this cluster. * See the [official documentation](https://cloud.google.com/tpu/docs/kubernetes-engine-setup). */ enableTpu?: pulumi.Input; /** * The IP address of this cluster's Kubernetes master. */ endpoint?: pulumi.Input; /** * (DEPRECATED) Configuration for [Enterprise edition].(https://cloud.google.com/kubernetes-engine/enterprise/docs/concepts/gke-editions). Structure is documented below. Deprecated as GKE Enterprise features are now available without an Enterprise tier. See https://cloud.google.com/blog/products/containers-kubernetes/gke-gets-new-pricing-and-capabilities-on-10th-birthday for the announcement of this change. * * @deprecated GKE Enterprise features are now available without an Enterprise tier. This field is deprecated and will be removed in a future major release */ enterpriseConfig?: pulumi.Input; /** * Fleet configuration for the cluster. Structure is documented below. */ fleet?: pulumi.Input; /** * Configuration for [GKE Gateway API controller](https://cloud.google.com/kubernetes-engine/docs/concepts/gateway-api). Structure is documented below. */ gatewayApiConfig?: pulumi.Input; /** * Configuration options for the auto-upgrade patch type feature, which provide more control over the speed of automatic upgrades of your GKE clusters. * Structure is documented below. */ gkeAutoUpgradeConfig?: pulumi.Input; /** * . Structure is documented below. */ identityServiceConfig?: pulumi.Input; /** * Defines the config of in-transit encryption. Valid values are `IN_TRANSIT_ENCRYPTION_DISABLED` and `IN_TRANSIT_ENCRYPTION_INTER_NODE_TRANSPARENT`. */ inTransitEncryptionConfig?: pulumi.Input; /** * The number of nodes to create in this * cluster's default node pool. In regional or multi-zonal clusters, this is the * number of nodes per zone. Must be set if `nodePool` is not set. If you're using * `gcp.container.NodePool` objects with no default node pool, you'll need to * set this to a value of at least `1`, alongside setting * `removeDefaultNodePool` to `true`. */ initialNodeCount?: pulumi.Input; /** * Configuration of cluster IP allocation for * VPC-native clusters. If this block is unset during creation, it will be set by the GKE backend. * Structure is documented below. */ ipAllocationPolicy?: pulumi.Input; /** * The fingerprint of the set of labels for this cluster. */ labelFingerprint?: pulumi.Input; /** * The location (region or zone) in which the cluster * master will be created, as well as the default node location. If you specify a * zone (such as `us-central1-a`), the cluster will be a zonal cluster with a * single cluster master. If you specify a region (such as `us-west1`), the * cluster will be a regional cluster with multiple masters spread across zones in * the region, and with default node locations in those zones as well */ location?: pulumi.Input; /** * Logging configuration for the cluster. * Structure is documented below. */ loggingConfig?: pulumi.Input; /** * The logging service that the cluster should * write logs to. Available options include `logging.googleapis.com`(Legacy Stackdriver), * `logging.googleapis.com/kubernetes`(Stackdriver Kubernetes Engine Logging), and `none`. Defaults to `logging.googleapis.com/kubernetes` */ loggingService?: pulumi.Input; /** * The maintenance policy to use for the cluster. Structure is * documented below. */ maintenancePolicy?: pulumi.Input; /** * ) Configuration for the [GKE Managed ML Diagnostics](https://docs.cloud.google.com/kubernetes-engine/docs/concepts/TODO) feature. Structure is documented below. */ managedMachineLearningDiagnosticsConfig?: pulumi.Input; /** * ) Configuration for the [GKE Managed OpenTelemetry](https://docs.cloud.google.com/kubernetes-engine/docs/concepts/managed-otel-gke) feature. Structure is documented below. */ managedOpentelemetryConfig?: pulumi.Input; /** * The authentication information for accessing the * Kubernetes master. Some values in this block are only returned by the API if * your service account has permission to get credentials for your GKE cluster. If * you see an unexpected diff unsetting your client cert, ensure you have the * `container.clusters.getCredentials` permission. * Structure is documented below. */ masterAuth?: pulumi.Input; /** * The desired * configuration options for master authorized networks. Omit the * nested `cidrBlocks` attribute to disallow external access (except * the cluster node IPs, which GKE automatically whitelists). * Structure is documented below. */ masterAuthorizedNetworksConfig?: pulumi.Input; /** * The current version of the master in the cluster. This may * be different than the `minMasterVersion` set in the config if the master * has been updated by GKE. */ masterVersion?: pulumi.Input; /** * Structure is documented below. */ meshCertificates?: pulumi.Input; /** * The minimum version of the master. GKE * will auto-update the master to new versions, so this does not guarantee the * current master version--use the read-only `masterVersion` field to obtain that. * If unset, the cluster's version will be set by GKE to the version of the most recent * official release (which is not necessarily the latest version). Most users will find * the `gcp.container.getEngineVersions` data source useful - it indicates which versions * are available. If you intend to specify versions manually, * [the docs](https://cloud.google.com/kubernetes-engine/versioning-and-upgrades#specifying_cluster_version) * describe the various acceptable formats for this field. * * > If you are using the `gcp.container.getEngineVersions` datasource with a regional cluster, ensure that you have provided a `location` * to the datasource. A region can have a different set of supported versions than its corresponding zones, and not all zones in a * region are guaranteed to support the same version. */ minMasterVersion?: pulumi.Input; /** * Monitoring configuration for the cluster. * Structure is documented below. */ monitoringConfig?: pulumi.Input; /** * The monitoring service that the cluster * should write metrics to. * Automatically send metrics from pods in the cluster to the Google Cloud Monitoring API. * VM metrics will be collected by Google Compute Engine regardless of this setting * Available options include * `monitoring.googleapis.com`(Legacy Stackdriver), `monitoring.googleapis.com/kubernetes`(Stackdriver Kubernetes Engine Monitoring), and `none`. * Defaults to `monitoring.googleapis.com/kubernetes` */ monitoringService?: pulumi.Input; /** * The name of the cluster, unique within the project and * location. * * - - - */ name?: pulumi.Input; /** * The name or selfLink of the Google Compute Engine * network to which the cluster is connected. For Shared VPC, set this to the self link of the * shared network. */ network?: pulumi.Input; /** * Network bandwidth tier configuration. */ networkPerformanceConfig?: pulumi.Input; /** * Configuration options for the * [NetworkPolicy](https://kubernetes.io/docs/concepts/services-networking/networkpolicies/) * feature. Structure is documented below. */ networkPolicy?: pulumi.Input; /** * Determines whether alias IPs or routes will be used for pod IPs in the cluster. * Options are `VPC_NATIVE` or `ROUTES`. `VPC_NATIVE` enables [IP aliasing](https://cloud.google.com/kubernetes-engine/docs/how-to/ip-aliases). Newly created clusters will default to `VPC_NATIVE`. */ networkingMode?: pulumi.Input; /** * Parameters used in creating the default node pool. * Generally, this field should not be used at the same time as a * `gcp.container.NodePool` or a `nodePool` block; this configuration * manages the default node pool, which isn't recommended to be used. * Structure is documented below. */ nodeConfig?: pulumi.Input; /** * The list of zones in which the cluster's nodes * are located. Nodes must be in the region of their regional cluster or in the * same region as their cluster's zone for zonal clusters. If this is specified for * a zonal cluster, omit the cluster's zone. * * > A "multi-zonal" cluster is a zonal cluster with at least one additional zone * defined; in a multi-zonal cluster, the cluster master is only present in a * single zone while nodes are present in each of the primary zone and the node * locations. In contrast, in a regional cluster, cluster master nodes are present * in multiple zones in the region. For that reason, regional clusters should be * preferred. */ nodeLocations?: pulumi.Input[] | undefined>; /** * Node pool configs that apply to auto-provisioned node pools in * [autopilot](https://cloud.google.com/kubernetes-engine/docs/concepts/autopilot-overview#comparison) clusters and * [node auto-provisioning](https://cloud.google.com/kubernetes-engine/docs/how-to/node-auto-provisioning)-enabled clusters. Structure is documented below. */ nodePoolAutoConfig?: pulumi.Input; /** * Default NodePool settings for the entire cluster. These settings are overridden if specified on the specific NodePool object. Structure is documented below. */ nodePoolDefaults?: pulumi.Input; /** * List of node pools associated with this cluster. * See gcp.container.NodePool for schema. * **Warning:** node pools defined inside a cluster can't be changed (or added/removed) after * cluster creation without deleting and recreating the entire cluster. Unless you absolutely need the ability * to say "these are the _only_ node pools associated with this cluster", use the * gcp.container.NodePool resource instead of this property. */ nodePools?: pulumi.Input[] | undefined>; /** * The Kubernetes version on the nodes. Must either be unset * or set to the same value as `minMasterVersion` on create. Defaults to the default * version set by GKE which is not necessarily the latest version. This only affects * nodes in the default node pool. While a fuzzy version can be specified, it's * recommended that you specify explicit versions as the provider will see spurious diffs * when fuzzy versions are used. See the `gcp.container.getEngineVersions` data source's * `versionPrefix` field to approximate fuzzy versions. * To update nodes in other node pools, use the `version` attribute on the node pool. */ nodeVersion?: pulumi.Input; /** * Configuration for the [cluster upgrade notifications](https://cloud.google.com/kubernetes-engine/docs/how-to/cluster-upgrade-notifications) feature. Structure is documented below. */ notificationConfig?: pulumi.Input; operation?: pulumi.Input; /** * Configuration for the * Structure is documented below. */ podAutoscaling?: pulumi.Input; /** * ) Configuration for the * [PodSecurityPolicy](https://cloud.google.com/kubernetes-engine/docs/how-to/pod-security-policies) feature. * Structure is documented below. */ podSecurityPolicyConfig?: pulumi.Input; /** * Configuration for [private clusters](https://cloud.google.com/kubernetes-engine/docs/how-to/private-clusters), * clusters with private nodes. Structure is documented below. */ privateClusterConfig?: pulumi.Input; /** * The desired state of IPv6 connectivity to Google Services. By default, no private IPv6 access to or from Google Services (all access will be via IPv4). */ privateIpv6GoogleAccess?: pulumi.Input; /** * The ID of the project in which the resource belongs. If it * is not provided, the provider project is used. */ project?: pulumi.Input; /** * ) * Enable/Disable Protect API features for the cluster. Structure is documented below. */ protectConfig?: pulumi.Input; /** * The combination of labels configured directly on the resource and default labels configured on the provider. */ pulumiLabels?: pulumi.Input<{ [key: string]: pulumi.Input; } | undefined>; /** * RBACBindingConfig allows user to restrict ClusterRoleBindings an RoleBindings that can be created. Structure is documented below. */ rbacBindingConfig?: pulumi.Input; /** * Configuration options for the [Release channel](https://cloud.google.com/kubernetes-engine/docs/concepts/release-channels) * feature, which provide more control over automatic upgrades of your GKE clusters. * When updating this field, GKE imposes specific version requirements. See * [Selecting a new release channel](https://cloud.google.com/kubernetes-engine/docs/concepts/release-channels#selecting_a_new_release_channel) * for more details; the `gcp.container.getEngineVersions` datasource can provide * the default version for a channel. Note that removing the `releaseChannel` * field from your config will cause the provider to stop managing your cluster's * release channel, but will not unenroll it. Instead, use the `"UNSPECIFIED"` * channel. Structure is documented below. */ releaseChannel?: pulumi.Input; /** * If `true`, deletes the default node * pool upon cluster creation. If you're using `gcp.container.NodePool` * resources with no default node pool, this should be set to `true`, alongside * setting `initialNodeCount` to at least `1`. */ removeDefaultNodePool?: pulumi.Input; /** * The GCE resource labels (a map of key/value pairs) to be applied to the cluster. * * **Note**: This field is non-authoritative, and will only manage the labels present in your configuration. * Please refer to the field 'effective_labels' for all of the labels present on the resource. */ resourceLabels?: pulumi.Input<{ [key: string]: pulumi.Input; } | undefined>; /** * Configuration for the * [ResourceUsageExportConfig](https://cloud.google.com/kubernetes-engine/docs/how-to/cluster-usage-metering) feature. * Structure is documented below. */ resourceUsageExportConfig?: pulumi.Input; /** * Configuration for the * [SecretManagerConfig](https://cloud.google.com/secret-manager/docs/secret-manager-managed-csi-component) feature. * Structure is documented below. */ secretManagerConfig?: pulumi.Input; /** * Configuration for the * [SecretSyncConfig](https://cloud.google.com/secret-manager/docs/sync-k8-secrets) feature. * Structure is documented below. */ secretSyncConfig?: pulumi.Input; /** * Enable/Disable Security Posture API features for the cluster. Structure is documented below. */ securityPostureConfig?: pulumi.Input; /** * The server-defined URL for the resource. */ selfLink?: pulumi.Input; /** * Structure is documented below. */ serviceExternalIpsConfig?: pulumi.Input; /** * The IP address range of the Kubernetes services in this * cluster, in [CIDR](http://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing) * notation (e.g. `1.2.3.4/29`). Service addresses are typically put in the last * `/16` from the container CIDR. */ servicesIpv4Cidr?: pulumi.Input; /** * The name or selfLink of the Google Compute Engine * subnetwork in which the cluster's instances are launched. */ subnetwork?: pulumi.Input; /** * TPU configuration for the cluster. */ tpuConfig?: pulumi.Input; /** * The IP address range of the Cloud TPUs in this cluster, in * [CIDR](http://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing) * notation (e.g. `1.2.3.4/29`). */ tpuIpv4CidrBlock?: pulumi.Input; /** * The custom keys configuration of the cluster Structure is documented below. */ userManagedKeysConfig?: pulumi.Input; /** * Vertical Pod Autoscaling automatically adjusts the resources of pods controlled by it. * Structure is documented below. */ verticalPodAutoscaling?: pulumi.Input; /** * ) * Configuration for [direct-path (via ALTS) with workload identity.](https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1beta1/projects.locations.clusters#workloadaltsconfig). Structure is documented below. */ workloadAltsConfig?: pulumi.Input; /** * Workload Identity allows Kubernetes service accounts to act as a user-managed * [Google IAM Service Account](https://cloud.google.com/iam/docs/service-accounts#user-managed_service_accounts). * Structure is documented below. */ workloadIdentityConfig?: pulumi.Input; } /** * The set of arguments for constructing a Cluster resource. */ export interface ClusterArgs { /** * The configuration for addons supported by GKE. * Structure is documented below. */ addonsConfig?: pulumi.Input; /** * Enable NET_ADMIN for the cluster. Defaults to * `false`. This field should only be enabled for Autopilot clusters (`enableAutopilot` * set to `true`). */ allowNetAdmin?: pulumi.Input; /** * Configuration for [anonymous authentication restrictions](https://cloud.google.com/kubernetes-engine/docs/how-to/hardening-your-cluster#restrict-anon-access). Structure is documented below. */ anonymousAuthenticationConfig?: pulumi.Input; /** * Configuration for the * [Google Groups for GKE](https://cloud.google.com/kubernetes-engine/docs/how-to/role-based-access-control#groups-setup-gsuite) feature. * Structure is documented below. */ authenticatorGroupsConfig?: pulumi.Input; /** * Per-cluster configuration of Autopilot cluster policies in GKE clusters. This field can only be configured in non Autopilot clusters. Structure is documented below. */ autopilotClusterPolicyConfig?: pulumi.Input; /** * The customer * allowlist Cloud Storage paths for the cluster. These paths are used with the * `--autopilot-privileged-admission` flag to authorize privileged workloads in * Autopilot clusters. See the Cluster API's * [PrivilegedAdmissionConfig](https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1/projects.locations.clusters#privilegedadmissionconfig) * documentation for more details. */ autopilotPrivilegedAdmissions?: pulumi.Input[] | undefined>; /** * Configuration options for the Binary * Authorization feature. Structure is documented below. */ binaryAuthorization?: pulumi.Input; /** * Per-cluster configuration of Node Auto-Provisioning with Cluster Autoscaler to * automatically adjust the size of the cluster and create/delete node pools based * on the current needs of the cluster's workload. See the * [guide to using Node Auto-Provisioning](https://cloud.google.com/kubernetes-engine/docs/how-to/node-auto-provisioning) * for more details. Structure is documented below. */ clusterAutoscaling?: pulumi.Input; /** * The IP address range of the Kubernetes pods * in this cluster in CIDR notation (e.g. `10.96.0.0/14`). Leave blank to have one * automatically chosen or specify a `/14` block in `10.0.0.0/8`. This field will * default a new cluster to routes-based, where `ipAllocationPolicy` is not defined. */ clusterIpv4Cidr?: pulumi.Input; /** * ) Configuration for * [ClusterTelemetry](https://cloud.google.com/monitoring/kubernetes-engine/installing#controlling_the_collection_of_application_logs) feature, * Structure is documented below. */ clusterTelemetry?: pulumi.Input; /** * Configuration for [Confidential Nodes](https://cloud.google.com/kubernetes-engine/docs/how-to/confidential-gke-nodes) feature. Structure is documented below documented below. */ confidentialNodes?: pulumi.Input; /** * Configuration for all of the cluster's control plane endpoints. * Structure is documented below. */ controlPlaneEndpointsConfig?: pulumi.Input; /** * Configuration for the * [Cost Allocation](https://cloud.google.com/kubernetes-engine/docs/how-to/cost-allocations) feature. * Structure is documented below. */ costManagementConfig?: pulumi.Input; /** * Structure is documented below. */ databaseEncryption?: pulumi.Input; /** * The desired datapath provider for this cluster. This is set to `LEGACY_DATAPATH` by default, which uses the IPTables-based kube-proxy implementation. Set to `ADVANCED_DATAPATH` to enable Dataplane v2. */ datapathProvider?: pulumi.Input; /** * The default maximum number of pods * per node in this cluster. This doesn't work on "routes-based" clusters, clusters * that don't have IP Aliasing enabled. See the [official documentation](https://cloud.google.com/kubernetes-engine/docs/how-to/flexible-pod-cidr) * for more information. */ defaultMaxPodsPerNode?: pulumi.Input; /** * [GKE SNAT](https://cloud.google.com/kubernetes-engine/docs/how-to/ip-masquerade-agent#how_ipmasq_works) DefaultSnatStatus contains the desired state of whether default sNAT should be disabled on the cluster, [API doc](https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1beta1/projects.locations.clusters#networkconfig). Structure is documented below */ defaultSnatStatus?: pulumi.Input; /** * (Optional) Whether Terraform will be prevented from destroying the resource. Defaults to "DELETE". * When a 'terraform destroy' or 'pulumi up' would delete the resource, * the command will fail if this field is set to "PREVENT" in Terraform state. * When set to "ABANDON", the command will remove the resource from Terraform * management without updating or deleting the resource in the API. * When set to "DELETE", deleting the resource is allowed. * * The `defaultSnatStatus` block supports */ deletionPolicy?: pulumi.Input; /** * Whether Terraform will be prevented from * destroying the cluster. Deleting this cluster via `terraform destroy` or * `pulumi up` will only succeed if this field is `false` in the Terraform * state. */ deletionProtection?: pulumi.Input; /** * Description of the cluster. */ description?: pulumi.Input; /** * Disable L4 load balancer VPC firewalls to enable firewall policies. */ disableL4LbFirewallReconciliation?: pulumi.Input; /** * Configuration for [Using Cloud DNS for GKE](https://cloud.google.com/kubernetes-engine/docs/how-to/cloud-dns). Structure is documented below. */ dnsConfig?: pulumi.Input; /** * Enable Autopilot for this cluster. Defaults to `false`. * Note that when this option is enabled, certain features of Standard GKE are not available. * See the [official documentation](https://cloud.google.com/kubernetes-engine/docs/concepts/autopilot-overview#comparison) * for available features. */ enableAutopilot?: pulumi.Input; /** * Whether CiliumClusterWideNetworkPolicy is enabled on this cluster. Defaults to false. */ enableCiliumClusterwideNetworkPolicy?: pulumi.Input; /** * Whether FQDN Network Policy is enabled on this cluster. Users who enable this feature for existing Standard clusters must restart the GKE Dataplane V2 `anetd` DaemonSet after enabling it. See the [Enable FQDN Network Policy in an existing cluster](https://cloud.google.com/kubernetes-engine/docs/how-to/fqdn-network-policies#enable_fqdn_network_policy_in_an_existing_cluster) for more information. */ enableFqdnNetworkPolicy?: pulumi.Input; /** * Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network. */ enableIntranodeVisibility?: pulumi.Input; /** * Configuration for Kubernetes Beta APIs. * Structure is documented below. */ enableK8sBetaApis?: pulumi.Input; /** * Whether to enable Kubernetes Alpha features for * this cluster. Note that when this option is enabled, the cluster cannot be upgraded * and will be automatically deleted after 30 days. */ enableKubernetesAlpha?: pulumi.Input; /** * Whether L4ILB Subsetting is enabled for this cluster. */ enableL4IlbSubsetting?: pulumi.Input; /** * Whether the ABAC authorizer is enabled for this cluster. * When enabled, identities in the system, including service accounts, nodes, and controllers, * will have statically granted permissions beyond those provided by the RBAC configuration or IAM. * Defaults to `false` */ enableLegacyAbac?: pulumi.Input; /** * Whether multi-networking is enabled for this cluster. */ enableMultiNetworking?: pulumi.Input; /** * Enable Shielded Nodes features on all nodes in this cluster. Defaults to `true`. */ enableShieldedNodes?: pulumi.Input; /** * Whether to enable Cloud TPU resources in this cluster. * See the [official documentation](https://cloud.google.com/tpu/docs/kubernetes-engine-setup). */ enableTpu?: pulumi.Input; /** * (DEPRECATED) Configuration for [Enterprise edition].(https://cloud.google.com/kubernetes-engine/enterprise/docs/concepts/gke-editions). Structure is documented below. Deprecated as GKE Enterprise features are now available without an Enterprise tier. See https://cloud.google.com/blog/products/containers-kubernetes/gke-gets-new-pricing-and-capabilities-on-10th-birthday for the announcement of this change. * * @deprecated GKE Enterprise features are now available without an Enterprise tier. This field is deprecated and will be removed in a future major release */ enterpriseConfig?: pulumi.Input; /** * Fleet configuration for the cluster. Structure is documented below. */ fleet?: pulumi.Input; /** * Configuration for [GKE Gateway API controller](https://cloud.google.com/kubernetes-engine/docs/concepts/gateway-api). Structure is documented below. */ gatewayApiConfig?: pulumi.Input; /** * Configuration options for the auto-upgrade patch type feature, which provide more control over the speed of automatic upgrades of your GKE clusters. * Structure is documented below. */ gkeAutoUpgradeConfig?: pulumi.Input; /** * . Structure is documented below. */ identityServiceConfig?: pulumi.Input; /** * Defines the config of in-transit encryption. Valid values are `IN_TRANSIT_ENCRYPTION_DISABLED` and `IN_TRANSIT_ENCRYPTION_INTER_NODE_TRANSPARENT`. */ inTransitEncryptionConfig?: pulumi.Input; /** * The number of nodes to create in this * cluster's default node pool. In regional or multi-zonal clusters, this is the * number of nodes per zone. Must be set if `nodePool` is not set. If you're using * `gcp.container.NodePool` objects with no default node pool, you'll need to * set this to a value of at least `1`, alongside setting * `removeDefaultNodePool` to `true`. */ initialNodeCount?: pulumi.Input; /** * Configuration of cluster IP allocation for * VPC-native clusters. If this block is unset during creation, it will be set by the GKE backend. * Structure is documented below. */ ipAllocationPolicy?: pulumi.Input; /** * The location (region or zone) in which the cluster * master will be created, as well as the default node location. If you specify a * zone (such as `us-central1-a`), the cluster will be a zonal cluster with a * single cluster master. If you specify a region (such as `us-west1`), the * cluster will be a regional cluster with multiple masters spread across zones in * the region, and with default node locations in those zones as well */ location?: pulumi.Input; /** * Logging configuration for the cluster. * Structure is documented below. */ loggingConfig?: pulumi.Input; /** * The logging service that the cluster should * write logs to. Available options include `logging.googleapis.com`(Legacy Stackdriver), * `logging.googleapis.com/kubernetes`(Stackdriver Kubernetes Engine Logging), and `none`. Defaults to `logging.googleapis.com/kubernetes` */ loggingService?: pulumi.Input; /** * The maintenance policy to use for the cluster. Structure is * documented below. */ maintenancePolicy?: pulumi.Input; /** * ) Configuration for the [GKE Managed ML Diagnostics](https://docs.cloud.google.com/kubernetes-engine/docs/concepts/TODO) feature. Structure is documented below. */ managedMachineLearningDiagnosticsConfig?: pulumi.Input; /** * ) Configuration for the [GKE Managed OpenTelemetry](https://docs.cloud.google.com/kubernetes-engine/docs/concepts/managed-otel-gke) feature. Structure is documented below. */ managedOpentelemetryConfig?: pulumi.Input; /** * The authentication information for accessing the * Kubernetes master. Some values in this block are only returned by the API if * your service account has permission to get credentials for your GKE cluster. If * you see an unexpected diff unsetting your client cert, ensure you have the * `container.clusters.getCredentials` permission. * Structure is documented below. */ masterAuth?: pulumi.Input; /** * The desired * configuration options for master authorized networks. Omit the * nested `cidrBlocks` attribute to disallow external access (except * the cluster node IPs, which GKE automatically whitelists). * Structure is documented below. */ masterAuthorizedNetworksConfig?: pulumi.Input; /** * Structure is documented below. */ meshCertificates?: pulumi.Input; /** * The minimum version of the master. GKE * will auto-update the master to new versions, so this does not guarantee the * current master version--use the read-only `masterVersion` field to obtain that. * If unset, the cluster's version will be set by GKE to the version of the most recent * official release (which is not necessarily the latest version). Most users will find * the `gcp.container.getEngineVersions` data source useful - it indicates which versions * are available. If you intend to specify versions manually, * [the docs](https://cloud.google.com/kubernetes-engine/versioning-and-upgrades#specifying_cluster_version) * describe the various acceptable formats for this field. * * > If you are using the `gcp.container.getEngineVersions` datasource with a regional cluster, ensure that you have provided a `location` * to the datasource. A region can have a different set of supported versions than its corresponding zones, and not all zones in a * region are guaranteed to support the same version. */ minMasterVersion?: pulumi.Input; /** * Monitoring configuration for the cluster. * Structure is documented below. */ monitoringConfig?: pulumi.Input; /** * The monitoring service that the cluster * should write metrics to. * Automatically send metrics from pods in the cluster to the Google Cloud Monitoring API. * VM metrics will be collected by Google Compute Engine regardless of this setting * Available options include * `monitoring.googleapis.com`(Legacy Stackdriver), `monitoring.googleapis.com/kubernetes`(Stackdriver Kubernetes Engine Monitoring), and `none`. * Defaults to `monitoring.googleapis.com/kubernetes` */ monitoringService?: pulumi.Input; /** * The name of the cluster, unique within the project and * location. * * - - - */ name?: pulumi.Input; /** * The name or selfLink of the Google Compute Engine * network to which the cluster is connected. For Shared VPC, set this to the self link of the * shared network. */ network?: pulumi.Input; /** * Network bandwidth tier configuration. */ networkPerformanceConfig?: pulumi.Input; /** * Configuration options for the * [NetworkPolicy](https://kubernetes.io/docs/concepts/services-networking/networkpolicies/) * feature. Structure is documented below. */ networkPolicy?: pulumi.Input; /** * Determines whether alias IPs or routes will be used for pod IPs in the cluster. * Options are `VPC_NATIVE` or `ROUTES`. `VPC_NATIVE` enables [IP aliasing](https://cloud.google.com/kubernetes-engine/docs/how-to/ip-aliases). Newly created clusters will default to `VPC_NATIVE`. */ networkingMode?: pulumi.Input; /** * Parameters used in creating the default node pool. * Generally, this field should not be used at the same time as a * `gcp.container.NodePool` or a `nodePool` block; this configuration * manages the default node pool, which isn't recommended to be used. * Structure is documented below. */ nodeConfig?: pulumi.Input; /** * The list of zones in which the cluster's nodes * are located. Nodes must be in the region of their regional cluster or in the * same region as their cluster's zone for zonal clusters. If this is specified for * a zonal cluster, omit the cluster's zone. * * > A "multi-zonal" cluster is a zonal cluster with at least one additional zone * defined; in a multi-zonal cluster, the cluster master is only present in a * single zone while nodes are present in each of the primary zone and the node * locations. In contrast, in a regional cluster, cluster master nodes are present * in multiple zones in the region. For that reason, regional clusters should be * preferred. */ nodeLocations?: pulumi.Input[] | undefined>; /** * Node pool configs that apply to auto-provisioned node pools in * [autopilot](https://cloud.google.com/kubernetes-engine/docs/concepts/autopilot-overview#comparison) clusters and * [node auto-provisioning](https://cloud.google.com/kubernetes-engine/docs/how-to/node-auto-provisioning)-enabled clusters. Structure is documented below. */ nodePoolAutoConfig?: pulumi.Input; /** * Default NodePool settings for the entire cluster. These settings are overridden if specified on the specific NodePool object. Structure is documented below. */ nodePoolDefaults?: pulumi.Input; /** * List of node pools associated with this cluster. * See gcp.container.NodePool for schema. * **Warning:** node pools defined inside a cluster can't be changed (or added/removed) after * cluster creation without deleting and recreating the entire cluster. Unless you absolutely need the ability * to say "these are the _only_ node pools associated with this cluster", use the * gcp.container.NodePool resource instead of this property. */ nodePools?: pulumi.Input[] | undefined>; /** * The Kubernetes version on the nodes. Must either be unset * or set to the same value as `minMasterVersion` on create. Defaults to the default * version set by GKE which is not necessarily the latest version. This only affects * nodes in the default node pool. While a fuzzy version can be specified, it's * recommended that you specify explicit versions as the provider will see spurious diffs * when fuzzy versions are used. See the `gcp.container.getEngineVersions` data source's * `versionPrefix` field to approximate fuzzy versions. * To update nodes in other node pools, use the `version` attribute on the node pool. */ nodeVersion?: pulumi.Input; /** * Configuration for the [cluster upgrade notifications](https://cloud.google.com/kubernetes-engine/docs/how-to/cluster-upgrade-notifications) feature. Structure is documented below. */ notificationConfig?: pulumi.Input; /** * Configuration for the * Structure is documented below. */ podAutoscaling?: pulumi.Input; /** * ) Configuration for the * [PodSecurityPolicy](https://cloud.google.com/kubernetes-engine/docs/how-to/pod-security-policies) feature. * Structure is documented below. */ podSecurityPolicyConfig?: pulumi.Input; /** * Configuration for [private clusters](https://cloud.google.com/kubernetes-engine/docs/how-to/private-clusters), * clusters with private nodes. Structure is documented below. */ privateClusterConfig?: pulumi.Input; /** * The desired state of IPv6 connectivity to Google Services. By default, no private IPv6 access to or from Google Services (all access will be via IPv4). */ privateIpv6GoogleAccess?: pulumi.Input; /** * The ID of the project in which the resource belongs. If it * is not provided, the provider project is used. */ project?: pulumi.Input; /** * ) * Enable/Disable Protect API features for the cluster. Structure is documented below. */ protectConfig?: pulumi.Input; /** * RBACBindingConfig allows user to restrict ClusterRoleBindings an RoleBindings that can be created. Structure is documented below. */ rbacBindingConfig?: pulumi.Input; /** * Configuration options for the [Release channel](https://cloud.google.com/kubernetes-engine/docs/concepts/release-channels) * feature, which provide more control over automatic upgrades of your GKE clusters. * When updating this field, GKE imposes specific version requirements. See * [Selecting a new release channel](https://cloud.google.com/kubernetes-engine/docs/concepts/release-channels#selecting_a_new_release_channel) * for more details; the `gcp.container.getEngineVersions` datasource can provide * the default version for a channel. Note that removing the `releaseChannel` * field from your config will cause the provider to stop managing your cluster's * release channel, but will not unenroll it. Instead, use the `"UNSPECIFIED"` * channel. Structure is documented below. */ releaseChannel?: pulumi.Input; /** * If `true`, deletes the default node * pool upon cluster creation. If you're using `gcp.container.NodePool` * resources with no default node pool, this should be set to `true`, alongside * setting `initialNodeCount` to at least `1`. */ removeDefaultNodePool?: pulumi.Input; /** * The GCE resource labels (a map of key/value pairs) to be applied to the cluster. * * **Note**: This field is non-authoritative, and will only manage the labels present in your configuration. * Please refer to the field 'effective_labels' for all of the labels present on the resource. */ resourceLabels?: pulumi.Input<{ [key: string]: pulumi.Input; } | undefined>; /** * Configuration for the * [ResourceUsageExportConfig](https://cloud.google.com/kubernetes-engine/docs/how-to/cluster-usage-metering) feature. * Structure is documented below. */ resourceUsageExportConfig?: pulumi.Input; /** * Configuration for the * [SecretManagerConfig](https://cloud.google.com/secret-manager/docs/secret-manager-managed-csi-component) feature. * Structure is documented below. */ secretManagerConfig?: pulumi.Input; /** * Configuration for the * [SecretSyncConfig](https://cloud.google.com/secret-manager/docs/sync-k8-secrets) feature. * Structure is documented below. */ secretSyncConfig?: pulumi.Input; /** * Enable/Disable Security Posture API features for the cluster. Structure is documented below. */ securityPostureConfig?: pulumi.Input; /** * Structure is documented below. */ serviceExternalIpsConfig?: pulumi.Input; /** * The name or selfLink of the Google Compute Engine * subnetwork in which the cluster's instances are launched. */ subnetwork?: pulumi.Input; /** * TPU configuration for the cluster. */ tpuConfig?: pulumi.Input; /** * The custom keys configuration of the cluster Structure is documented below. */ userManagedKeysConfig?: pulumi.Input; /** * Vertical Pod Autoscaling automatically adjusts the resources of pods controlled by it. * Structure is documented below. */ verticalPodAutoscaling?: pulumi.Input; /** * ) * Configuration for [direct-path (via ALTS) with workload identity.](https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1beta1/projects.locations.clusters#workloadaltsconfig). Structure is documented below. */ workloadAltsConfig?: pulumi.Input; /** * Workload Identity allows Kubernetes service accounts to act as a user-managed * [Google IAM Service Account](https://cloud.google.com/iam/docs/service-accounts#user-managed_service_accounts). * Structure is documented below. */ workloadIdentityConfig?: pulumi.Input; } //# sourceMappingURL=cluster.d.ts.map