1. Packages
  2. Google Cloud (GCP) Classic
  3. API Docs
  4. container
  5. Cluster
Google Cloud Classic v8.9.3 published on Monday, Nov 18, 2024 by Pulumi

gcp.container.Cluster

Explore with Pulumi AI

gcp logo
Google Cloud Classic v8.9.3 published on Monday, Nov 18, 2024 by Pulumi

    Manages a Google Kubernetes Engine (GKE) cluster.

    To get more information about GKE clusters, see:

    On version 5.0.0+ of the provider, you must explicitly set deletion_protection = false and run pulumi up to write the field to state in order to destroy a cluster.

    All arguments and attributes (including certificate outputs) will be stored in the raw state as plaintext. Read more about secrets in state.

    Example Usage

    import * as pulumi from "@pulumi/pulumi";
    import * as gcp from "@pulumi/gcp";
    
    const _default = new gcp.serviceaccount.Account("default", {
        accountId: "service-account-id",
        displayName: "Service Account",
    });
    const primary = new gcp.container.Cluster("primary", {
        name: "my-gke-cluster",
        location: "us-central1",
        removeDefaultNodePool: true,
        initialNodeCount: 1,
    });
    const primaryPreemptibleNodes = new gcp.container.NodePool("primary_preemptible_nodes", {
        name: "my-node-pool",
        location: "us-central1",
        cluster: primary.name,
        nodeCount: 1,
        nodeConfig: {
            preemptible: true,
            machineType: "e2-medium",
            serviceAccount: _default.email,
            oauthScopes: ["https://www.googleapis.com/auth/cloud-platform"],
        },
    });
    
    import pulumi
    import pulumi_gcp as gcp
    
    default = gcp.serviceaccount.Account("default",
        account_id="service-account-id",
        display_name="Service Account")
    primary = gcp.container.Cluster("primary",
        name="my-gke-cluster",
        location="us-central1",
        remove_default_node_pool=True,
        initial_node_count=1)
    primary_preemptible_nodes = gcp.container.NodePool("primary_preemptible_nodes",
        name="my-node-pool",
        location="us-central1",
        cluster=primary.name,
        node_count=1,
        node_config={
            "preemptible": True,
            "machine_type": "e2-medium",
            "service_account": default.email,
            "oauth_scopes": ["https://www.googleapis.com/auth/cloud-platform"],
        })
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/container"
    	"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/serviceaccount"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := serviceaccount.NewAccount(ctx, "default", &serviceaccount.AccountArgs{
    			AccountId:   pulumi.String("service-account-id"),
    			DisplayName: pulumi.String("Service Account"),
    		})
    		if err != nil {
    			return err
    		}
    		primary, err := container.NewCluster(ctx, "primary", &container.ClusterArgs{
    			Name:                  pulumi.String("my-gke-cluster"),
    			Location:              pulumi.String("us-central1"),
    			RemoveDefaultNodePool: pulumi.Bool(true),
    			InitialNodeCount:      pulumi.Int(1),
    		})
    		if err != nil {
    			return err
    		}
    		_, err = container.NewNodePool(ctx, "primary_preemptible_nodes", &container.NodePoolArgs{
    			Name:      pulumi.String("my-node-pool"),
    			Location:  pulumi.String("us-central1"),
    			Cluster:   primary.Name,
    			NodeCount: pulumi.Int(1),
    			NodeConfig: &container.NodePoolNodeConfigArgs{
    				Preemptible:    pulumi.Bool(true),
    				MachineType:    pulumi.String("e2-medium"),
    				ServiceAccount: _default.Email,
    				OauthScopes: pulumi.StringArray{
    					pulumi.String("https://www.googleapis.com/auth/cloud-platform"),
    				},
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Gcp = Pulumi.Gcp;
    
    return await Deployment.RunAsync(() => 
    {
        var @default = new Gcp.ServiceAccount.Account("default", new()
        {
            AccountId = "service-account-id",
            DisplayName = "Service Account",
        });
    
        var primary = new Gcp.Container.Cluster("primary", new()
        {
            Name = "my-gke-cluster",
            Location = "us-central1",
            RemoveDefaultNodePool = true,
            InitialNodeCount = 1,
        });
    
        var primaryPreemptibleNodes = new Gcp.Container.NodePool("primary_preemptible_nodes", new()
        {
            Name = "my-node-pool",
            Location = "us-central1",
            Cluster = primary.Name,
            NodeCount = 1,
            NodeConfig = new Gcp.Container.Inputs.NodePoolNodeConfigArgs
            {
                Preemptible = true,
                MachineType = "e2-medium",
                ServiceAccount = @default.Email,
                OauthScopes = new[]
                {
                    "https://www.googleapis.com/auth/cloud-platform",
                },
            },
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.gcp.serviceaccount.Account;
    import com.pulumi.gcp.serviceaccount.AccountArgs;
    import com.pulumi.gcp.container.Cluster;
    import com.pulumi.gcp.container.ClusterArgs;
    import com.pulumi.gcp.container.NodePool;
    import com.pulumi.gcp.container.NodePoolArgs;
    import com.pulumi.gcp.container.inputs.NodePoolNodeConfigArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var default_ = new Account("default", AccountArgs.builder()
                .accountId("service-account-id")
                .displayName("Service Account")
                .build());
    
            var primary = new Cluster("primary", ClusterArgs.builder()
                .name("my-gke-cluster")
                .location("us-central1")
                .removeDefaultNodePool(true)
                .initialNodeCount(1)
                .build());
    
            var primaryPreemptibleNodes = new NodePool("primaryPreemptibleNodes", NodePoolArgs.builder()
                .name("my-node-pool")
                .location("us-central1")
                .cluster(primary.name())
                .nodeCount(1)
                .nodeConfig(NodePoolNodeConfigArgs.builder()
                    .preemptible(true)
                    .machineType("e2-medium")
                    .serviceAccount(default_.email())
                    .oauthScopes("https://www.googleapis.com/auth/cloud-platform")
                    .build())
                .build());
    
        }
    }
    
    resources:
      default:
        type: gcp:serviceaccount:Account
        properties:
          accountId: service-account-id
          displayName: Service Account
      primary:
        type: gcp:container:Cluster
        properties:
          name: my-gke-cluster
          location: us-central1
          removeDefaultNodePool: true
          initialNodeCount: 1
      primaryPreemptibleNodes:
        type: gcp:container:NodePool
        name: primary_preemptible_nodes
        properties:
          name: my-node-pool
          location: us-central1
          cluster: ${primary.name}
          nodeCount: 1
          nodeConfig:
            preemptible: true
            machineType: e2-medium
            serviceAccount: ${default.email}
            oauthScopes:
              - https://www.googleapis.com/auth/cloud-platform
    

    Note: It is recommended that node pools be created and managed as separate resources as in the example above. This allows node pools to be added and removed without recreating the cluster. Node pools defined directly in the gcp.container.Cluster resource cannot be removed without re-creating the cluster.

    With The Default Node Pool

    import * as pulumi from "@pulumi/pulumi";
    import * as gcp from "@pulumi/gcp";
    
    const _default = new gcp.serviceaccount.Account("default", {
        accountId: "service-account-id",
        displayName: "Service Account",
    });
    const primary = new gcp.container.Cluster("primary", {
        name: "marcellus-wallace",
        location: "us-central1-a",
        initialNodeCount: 3,
        nodeConfig: {
            serviceAccount: _default.email,
            oauthScopes: ["https://www.googleapis.com/auth/cloud-platform"],
            labels: {
                foo: "bar",
            },
            tags: [
                "foo",
                "bar",
            ],
        },
    });
    
    import pulumi
    import pulumi_gcp as gcp
    
    default = gcp.serviceaccount.Account("default",
        account_id="service-account-id",
        display_name="Service Account")
    primary = gcp.container.Cluster("primary",
        name="marcellus-wallace",
        location="us-central1-a",
        initial_node_count=3,
        node_config={
            "service_account": default.email,
            "oauth_scopes": ["https://www.googleapis.com/auth/cloud-platform"],
            "labels": {
                "foo": "bar",
            },
            "tags": [
                "foo",
                "bar",
            ],
        })
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/container"
    	"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/serviceaccount"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := serviceaccount.NewAccount(ctx, "default", &serviceaccount.AccountArgs{
    			AccountId:   pulumi.String("service-account-id"),
    			DisplayName: pulumi.String("Service Account"),
    		})
    		if err != nil {
    			return err
    		}
    		_, err = container.NewCluster(ctx, "primary", &container.ClusterArgs{
    			Name:             pulumi.String("marcellus-wallace"),
    			Location:         pulumi.String("us-central1-a"),
    			InitialNodeCount: pulumi.Int(3),
    			NodeConfig: &container.ClusterNodeConfigArgs{
    				ServiceAccount: _default.Email,
    				OauthScopes: pulumi.StringArray{
    					pulumi.String("https://www.googleapis.com/auth/cloud-platform"),
    				},
    				Labels: pulumi.StringMap{
    					"foo": pulumi.String("bar"),
    				},
    				Tags: pulumi.StringArray{
    					pulumi.String("foo"),
    					pulumi.String("bar"),
    				},
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Gcp = Pulumi.Gcp;
    
    return await Deployment.RunAsync(() => 
    {
        var @default = new Gcp.ServiceAccount.Account("default", new()
        {
            AccountId = "service-account-id",
            DisplayName = "Service Account",
        });
    
        var primary = new Gcp.Container.Cluster("primary", new()
        {
            Name = "marcellus-wallace",
            Location = "us-central1-a",
            InitialNodeCount = 3,
            NodeConfig = new Gcp.Container.Inputs.ClusterNodeConfigArgs
            {
                ServiceAccount = @default.Email,
                OauthScopes = new[]
                {
                    "https://www.googleapis.com/auth/cloud-platform",
                },
                Labels = 
                {
                    { "foo", "bar" },
                },
                Tags = new[]
                {
                    "foo",
                    "bar",
                },
            },
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.gcp.serviceaccount.Account;
    import com.pulumi.gcp.serviceaccount.AccountArgs;
    import com.pulumi.gcp.container.Cluster;
    import com.pulumi.gcp.container.ClusterArgs;
    import com.pulumi.gcp.container.inputs.ClusterNodeConfigArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var default_ = new Account("default", AccountArgs.builder()
                .accountId("service-account-id")
                .displayName("Service Account")
                .build());
    
            var primary = new Cluster("primary", ClusterArgs.builder()
                .name("marcellus-wallace")
                .location("us-central1-a")
                .initialNodeCount(3)
                .nodeConfig(ClusterNodeConfigArgs.builder()
                    .serviceAccount(default_.email())
                    .oauthScopes("https://www.googleapis.com/auth/cloud-platform")
                    .labels(Map.of("foo", "bar"))
                    .tags(                
                        "foo",
                        "bar")
                    .build())
                .build());
    
        }
    }
    
    resources:
      default:
        type: gcp:serviceaccount:Account
        properties:
          accountId: service-account-id
          displayName: Service Account
      primary:
        type: gcp:container:Cluster
        properties:
          name: marcellus-wallace
          location: us-central1-a
          initialNodeCount: 3
          nodeConfig:
            serviceAccount: ${default.email}
            oauthScopes:
              - https://www.googleapis.com/auth/cloud-platform
            labels:
              foo: bar
            tags:
              - foo
              - bar
    

    Autopilot

    import * as pulumi from "@pulumi/pulumi";
    import * as gcp from "@pulumi/gcp";
    
    const _default = new gcp.serviceaccount.Account("default", {
        accountId: "service-account-id",
        displayName: "Service Account",
    });
    const primary = new gcp.container.Cluster("primary", {
        name: "marcellus-wallace",
        location: "us-central1-a",
        enableAutopilot: true,
    });
    
    import pulumi
    import pulumi_gcp as gcp
    
    default = gcp.serviceaccount.Account("default",
        account_id="service-account-id",
        display_name="Service Account")
    primary = gcp.container.Cluster("primary",
        name="marcellus-wallace",
        location="us-central1-a",
        enable_autopilot=True)
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/container"
    	"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/serviceaccount"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := serviceaccount.NewAccount(ctx, "default", &serviceaccount.AccountArgs{
    			AccountId:   pulumi.String("service-account-id"),
    			DisplayName: pulumi.String("Service Account"),
    		})
    		if err != nil {
    			return err
    		}
    		_, err = container.NewCluster(ctx, "primary", &container.ClusterArgs{
    			Name:            pulumi.String("marcellus-wallace"),
    			Location:        pulumi.String("us-central1-a"),
    			EnableAutopilot: pulumi.Bool(true),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Gcp = Pulumi.Gcp;
    
    return await Deployment.RunAsync(() => 
    {
        var @default = new Gcp.ServiceAccount.Account("default", new()
        {
            AccountId = "service-account-id",
            DisplayName = "Service Account",
        });
    
        var primary = new Gcp.Container.Cluster("primary", new()
        {
            Name = "marcellus-wallace",
            Location = "us-central1-a",
            EnableAutopilot = true,
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.gcp.serviceaccount.Account;
    import com.pulumi.gcp.serviceaccount.AccountArgs;
    import com.pulumi.gcp.container.Cluster;
    import com.pulumi.gcp.container.ClusterArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var default_ = new Account("default", AccountArgs.builder()
                .accountId("service-account-id")
                .displayName("Service Account")
                .build());
    
            var primary = new Cluster("primary", ClusterArgs.builder()
                .name("marcellus-wallace")
                .location("us-central1-a")
                .enableAutopilot(true)
                .build());
    
        }
    }
    
    resources:
      default:
        type: gcp:serviceaccount:Account
        properties:
          accountId: service-account-id
          displayName: Service Account
      primary:
        type: gcp:container:Cluster
        properties:
          name: marcellus-wallace
          location: us-central1-a
          enableAutopilot: true
    

    Create Cluster Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new Cluster(name: string, args?: ClusterArgs, opts?: CustomResourceOptions);
    @overload
    def Cluster(resource_name: str,
                args: Optional[ClusterArgs] = None,
                opts: Optional[ResourceOptions] = None)
    
    @overload
    def Cluster(resource_name: str,
                opts: Optional[ResourceOptions] = None,
                addons_config: Optional[ClusterAddonsConfigArgs] = None,
                allow_net_admin: Optional[bool] = None,
                authenticator_groups_config: Optional[ClusterAuthenticatorGroupsConfigArgs] = None,
                binary_authorization: Optional[ClusterBinaryAuthorizationArgs] = None,
                cluster_autoscaling: Optional[ClusterClusterAutoscalingArgs] = None,
                cluster_ipv4_cidr: Optional[str] = None,
                cluster_telemetry: Optional[ClusterClusterTelemetryArgs] = None,
                confidential_nodes: Optional[ClusterConfidentialNodesArgs] = None,
                control_plane_endpoints_config: Optional[ClusterControlPlaneEndpointsConfigArgs] = None,
                cost_management_config: Optional[ClusterCostManagementConfigArgs] = None,
                database_encryption: Optional[ClusterDatabaseEncryptionArgs] = None,
                datapath_provider: Optional[str] = None,
                default_max_pods_per_node: Optional[int] = None,
                default_snat_status: Optional[ClusterDefaultSnatStatusArgs] = None,
                deletion_protection: Optional[bool] = None,
                description: Optional[str] = None,
                dns_config: Optional[ClusterDnsConfigArgs] = None,
                enable_autopilot: Optional[bool] = None,
                enable_cilium_clusterwide_network_policy: Optional[bool] = None,
                enable_fqdn_network_policy: Optional[bool] = None,
                enable_intranode_visibility: Optional[bool] = None,
                enable_k8s_beta_apis: Optional[ClusterEnableK8sBetaApisArgs] = None,
                enable_kubernetes_alpha: Optional[bool] = None,
                enable_l4_ilb_subsetting: Optional[bool] = None,
                enable_legacy_abac: Optional[bool] = None,
                enable_multi_networking: Optional[bool] = None,
                enable_shielded_nodes: Optional[bool] = None,
                enable_tpu: Optional[bool] = None,
                fleet: Optional[ClusterFleetArgs] = None,
                gateway_api_config: Optional[ClusterGatewayApiConfigArgs] = None,
                identity_service_config: Optional[ClusterIdentityServiceConfigArgs] = None,
                initial_node_count: Optional[int] = None,
                ip_allocation_policy: Optional[ClusterIpAllocationPolicyArgs] = None,
                location: Optional[str] = None,
                logging_config: Optional[ClusterLoggingConfigArgs] = None,
                logging_service: Optional[str] = None,
                maintenance_policy: Optional[ClusterMaintenancePolicyArgs] = None,
                master_auth: Optional[ClusterMasterAuthArgs] = None,
                master_authorized_networks_config: Optional[ClusterMasterAuthorizedNetworksConfigArgs] = None,
                mesh_certificates: Optional[ClusterMeshCertificatesArgs] = None,
                min_master_version: Optional[str] = None,
                monitoring_config: Optional[ClusterMonitoringConfigArgs] = None,
                monitoring_service: Optional[str] = None,
                name: Optional[str] = None,
                network: Optional[str] = None,
                network_policy: Optional[ClusterNetworkPolicyArgs] = None,
                networking_mode: Optional[str] = None,
                node_config: Optional[ClusterNodeConfigArgs] = None,
                node_locations: Optional[Sequence[str]] = None,
                node_pool_auto_config: Optional[ClusterNodePoolAutoConfigArgs] = None,
                node_pool_defaults: Optional[ClusterNodePoolDefaultsArgs] = None,
                node_pools: Optional[Sequence[ClusterNodePoolArgs]] = None,
                node_version: Optional[str] = None,
                notification_config: Optional[ClusterNotificationConfigArgs] = None,
                pod_security_policy_config: Optional[ClusterPodSecurityPolicyConfigArgs] = None,
                private_cluster_config: Optional[ClusterPrivateClusterConfigArgs] = None,
                private_ipv6_google_access: Optional[str] = None,
                project: Optional[str] = None,
                protect_config: Optional[ClusterProtectConfigArgs] = None,
                release_channel: Optional[ClusterReleaseChannelArgs] = None,
                remove_default_node_pool: Optional[bool] = None,
                resource_labels: Optional[Mapping[str, str]] = None,
                resource_usage_export_config: Optional[ClusterResourceUsageExportConfigArgs] = None,
                secret_manager_config: Optional[ClusterSecretManagerConfigArgs] = None,
                security_posture_config: Optional[ClusterSecurityPostureConfigArgs] = None,
                service_external_ips_config: Optional[ClusterServiceExternalIpsConfigArgs] = None,
                subnetwork: Optional[str] = None,
                tpu_config: Optional[ClusterTpuConfigArgs] = None,
                user_managed_keys_config: Optional[ClusterUserManagedKeysConfigArgs] = None,
                vertical_pod_autoscaling: Optional[ClusterVerticalPodAutoscalingArgs] = None,
                workload_alts_config: Optional[ClusterWorkloadAltsConfigArgs] = None,
                workload_identity_config: Optional[ClusterWorkloadIdentityConfigArgs] = None)
    func NewCluster(ctx *Context, name string, args *ClusterArgs, opts ...ResourceOption) (*Cluster, error)
    public Cluster(string name, ClusterArgs? args = null, CustomResourceOptions? opts = null)
    public Cluster(String name, ClusterArgs args)
    public Cluster(String name, ClusterArgs args, CustomResourceOptions options)
    
    type: gcp:container:Cluster
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args ClusterArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args ClusterArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args ClusterArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args ClusterArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args ClusterArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Constructor example

    The following reference example uses placeholder values for all input properties.

    var gcpClusterResource = new Gcp.Container.Cluster("gcpClusterResource", new()
    {
        AddonsConfig = new Gcp.Container.Inputs.ClusterAddonsConfigArgs
        {
            CloudrunConfig = new Gcp.Container.Inputs.ClusterAddonsConfigCloudrunConfigArgs
            {
                Disabled = false,
                LoadBalancerType = "string",
            },
            ConfigConnectorConfig = new Gcp.Container.Inputs.ClusterAddonsConfigConfigConnectorConfigArgs
            {
                Enabled = false,
            },
            DnsCacheConfig = new Gcp.Container.Inputs.ClusterAddonsConfigDnsCacheConfigArgs
            {
                Enabled = false,
            },
            GcePersistentDiskCsiDriverConfig = new Gcp.Container.Inputs.ClusterAddonsConfigGcePersistentDiskCsiDriverConfigArgs
            {
                Enabled = false,
            },
            GcpFilestoreCsiDriverConfig = new Gcp.Container.Inputs.ClusterAddonsConfigGcpFilestoreCsiDriverConfigArgs
            {
                Enabled = false,
            },
            GcsFuseCsiDriverConfig = new Gcp.Container.Inputs.ClusterAddonsConfigGcsFuseCsiDriverConfigArgs
            {
                Enabled = false,
            },
            GkeBackupAgentConfig = new Gcp.Container.Inputs.ClusterAddonsConfigGkeBackupAgentConfigArgs
            {
                Enabled = false,
            },
            HorizontalPodAutoscaling = new Gcp.Container.Inputs.ClusterAddonsConfigHorizontalPodAutoscalingArgs
            {
                Disabled = false,
            },
            HttpLoadBalancing = new Gcp.Container.Inputs.ClusterAddonsConfigHttpLoadBalancingArgs
            {
                Disabled = false,
            },
            IstioConfig = new Gcp.Container.Inputs.ClusterAddonsConfigIstioConfigArgs
            {
                Disabled = false,
                Auth = "string",
            },
            KalmConfig = new Gcp.Container.Inputs.ClusterAddonsConfigKalmConfigArgs
            {
                Enabled = false,
            },
            NetworkPolicyConfig = new Gcp.Container.Inputs.ClusterAddonsConfigNetworkPolicyConfigArgs
            {
                Disabled = false,
            },
            ParallelstoreCsiDriverConfig = new Gcp.Container.Inputs.ClusterAddonsConfigParallelstoreCsiDriverConfigArgs
            {
                Enabled = false,
            },
            RayOperatorConfigs = new[]
            {
                new Gcp.Container.Inputs.ClusterAddonsConfigRayOperatorConfigArgs
                {
                    Enabled = false,
                    RayClusterLoggingConfig = new Gcp.Container.Inputs.ClusterAddonsConfigRayOperatorConfigRayClusterLoggingConfigArgs
                    {
                        Enabled = false,
                    },
                    RayClusterMonitoringConfig = new Gcp.Container.Inputs.ClusterAddonsConfigRayOperatorConfigRayClusterMonitoringConfigArgs
                    {
                        Enabled = false,
                    },
                },
            },
            StatefulHaConfig = new Gcp.Container.Inputs.ClusterAddonsConfigStatefulHaConfigArgs
            {
                Enabled = false,
            },
        },
        AllowNetAdmin = false,
        AuthenticatorGroupsConfig = new Gcp.Container.Inputs.ClusterAuthenticatorGroupsConfigArgs
        {
            SecurityGroup = "string",
        },
        BinaryAuthorization = new Gcp.Container.Inputs.ClusterBinaryAuthorizationArgs
        {
            EvaluationMode = "string",
        },
        ClusterAutoscaling = new Gcp.Container.Inputs.ClusterClusterAutoscalingArgs
        {
            AutoProvisioningDefaults = new Gcp.Container.Inputs.ClusterClusterAutoscalingAutoProvisioningDefaultsArgs
            {
                BootDiskKmsKey = "string",
                DiskSize = 0,
                DiskType = "string",
                ImageType = "string",
                Management = new Gcp.Container.Inputs.ClusterClusterAutoscalingAutoProvisioningDefaultsManagementArgs
                {
                    AutoRepair = false,
                    AutoUpgrade = false,
                    UpgradeOptions = new[]
                    {
                        new Gcp.Container.Inputs.ClusterClusterAutoscalingAutoProvisioningDefaultsManagementUpgradeOptionArgs
                        {
                            AutoUpgradeStartTime = "string",
                            Description = "string",
                        },
                    },
                },
                MinCpuPlatform = "string",
                OauthScopes = new[]
                {
                    "string",
                },
                ServiceAccount = "string",
                ShieldedInstanceConfig = new Gcp.Container.Inputs.ClusterClusterAutoscalingAutoProvisioningDefaultsShieldedInstanceConfigArgs
                {
                    EnableIntegrityMonitoring = false,
                    EnableSecureBoot = false,
                },
                UpgradeSettings = new Gcp.Container.Inputs.ClusterClusterAutoscalingAutoProvisioningDefaultsUpgradeSettingsArgs
                {
                    BlueGreenSettings = new Gcp.Container.Inputs.ClusterClusterAutoscalingAutoProvisioningDefaultsUpgradeSettingsBlueGreenSettingsArgs
                    {
                        NodePoolSoakDuration = "string",
                        StandardRolloutPolicy = new Gcp.Container.Inputs.ClusterClusterAutoscalingAutoProvisioningDefaultsUpgradeSettingsBlueGreenSettingsStandardRolloutPolicyArgs
                        {
                            BatchNodeCount = 0,
                            BatchPercentage = 0,
                            BatchSoakDuration = "string",
                        },
                    },
                    MaxSurge = 0,
                    MaxUnavailable = 0,
                    Strategy = "string",
                },
            },
            AutoProvisioningLocations = new[]
            {
                "string",
            },
            AutoscalingProfile = "string",
            Enabled = false,
            ResourceLimits = new[]
            {
                new Gcp.Container.Inputs.ClusterClusterAutoscalingResourceLimitArgs
                {
                    ResourceType = "string",
                    Maximum = 0,
                    Minimum = 0,
                },
            },
        },
        ClusterIpv4Cidr = "string",
        ClusterTelemetry = new Gcp.Container.Inputs.ClusterClusterTelemetryArgs
        {
            Type = "string",
        },
        ConfidentialNodes = new Gcp.Container.Inputs.ClusterConfidentialNodesArgs
        {
            Enabled = false,
        },
        ControlPlaneEndpointsConfig = new Gcp.Container.Inputs.ClusterControlPlaneEndpointsConfigArgs
        {
            DnsEndpointConfig = new Gcp.Container.Inputs.ClusterControlPlaneEndpointsConfigDnsEndpointConfigArgs
            {
                AllowExternalTraffic = false,
                Endpoint = "string",
            },
        },
        CostManagementConfig = new Gcp.Container.Inputs.ClusterCostManagementConfigArgs
        {
            Enabled = false,
        },
        DatabaseEncryption = new Gcp.Container.Inputs.ClusterDatabaseEncryptionArgs
        {
            State = "string",
            KeyName = "string",
        },
        DatapathProvider = "string",
        DefaultMaxPodsPerNode = 0,
        DefaultSnatStatus = new Gcp.Container.Inputs.ClusterDefaultSnatStatusArgs
        {
            Disabled = false,
        },
        DeletionProtection = false,
        Description = "string",
        DnsConfig = new Gcp.Container.Inputs.ClusterDnsConfigArgs
        {
            AdditiveVpcScopeDnsDomain = "string",
            ClusterDns = "string",
            ClusterDnsDomain = "string",
            ClusterDnsScope = "string",
        },
        EnableAutopilot = false,
        EnableCiliumClusterwideNetworkPolicy = false,
        EnableFqdnNetworkPolicy = false,
        EnableIntranodeVisibility = false,
        EnableK8sBetaApis = new Gcp.Container.Inputs.ClusterEnableK8sBetaApisArgs
        {
            EnabledApis = new[]
            {
                "string",
            },
        },
        EnableKubernetesAlpha = false,
        EnableL4IlbSubsetting = false,
        EnableLegacyAbac = false,
        EnableMultiNetworking = false,
        EnableShieldedNodes = false,
        EnableTpu = false,
        Fleet = new Gcp.Container.Inputs.ClusterFleetArgs
        {
            Membership = "string",
            MembershipId = "string",
            MembershipLocation = "string",
            PreRegistered = false,
            Project = "string",
        },
        GatewayApiConfig = new Gcp.Container.Inputs.ClusterGatewayApiConfigArgs
        {
            Channel = "string",
        },
        IdentityServiceConfig = new Gcp.Container.Inputs.ClusterIdentityServiceConfigArgs
        {
            Enabled = false,
        },
        InitialNodeCount = 0,
        IpAllocationPolicy = new Gcp.Container.Inputs.ClusterIpAllocationPolicyArgs
        {
            AdditionalPodRangesConfig = new Gcp.Container.Inputs.ClusterIpAllocationPolicyAdditionalPodRangesConfigArgs
            {
                PodRangeNames = new[]
                {
                    "string",
                },
            },
            ClusterIpv4CidrBlock = "string",
            ClusterSecondaryRangeName = "string",
            PodCidrOverprovisionConfig = new Gcp.Container.Inputs.ClusterIpAllocationPolicyPodCidrOverprovisionConfigArgs
            {
                Disabled = false,
            },
            ServicesIpv4CidrBlock = "string",
            ServicesSecondaryRangeName = "string",
            StackType = "string",
        },
        Location = "string",
        LoggingConfig = new Gcp.Container.Inputs.ClusterLoggingConfigArgs
        {
            EnableComponents = new[]
            {
                "string",
            },
        },
        LoggingService = "string",
        MaintenancePolicy = new Gcp.Container.Inputs.ClusterMaintenancePolicyArgs
        {
            DailyMaintenanceWindow = new Gcp.Container.Inputs.ClusterMaintenancePolicyDailyMaintenanceWindowArgs
            {
                StartTime = "string",
                Duration = "string",
            },
            MaintenanceExclusions = new[]
            {
                new Gcp.Container.Inputs.ClusterMaintenancePolicyMaintenanceExclusionArgs
                {
                    EndTime = "string",
                    ExclusionName = "string",
                    StartTime = "string",
                    ExclusionOptions = new Gcp.Container.Inputs.ClusterMaintenancePolicyMaintenanceExclusionExclusionOptionsArgs
                    {
                        Scope = "string",
                    },
                },
            },
            RecurringWindow = new Gcp.Container.Inputs.ClusterMaintenancePolicyRecurringWindowArgs
            {
                EndTime = "string",
                Recurrence = "string",
                StartTime = "string",
            },
        },
        MasterAuth = new Gcp.Container.Inputs.ClusterMasterAuthArgs
        {
            ClientCertificateConfig = new Gcp.Container.Inputs.ClusterMasterAuthClientCertificateConfigArgs
            {
                IssueClientCertificate = false,
            },
            ClientCertificate = "string",
            ClientKey = "string",
            ClusterCaCertificate = "string",
        },
        MasterAuthorizedNetworksConfig = new Gcp.Container.Inputs.ClusterMasterAuthorizedNetworksConfigArgs
        {
            CidrBlocks = new[]
            {
                new Gcp.Container.Inputs.ClusterMasterAuthorizedNetworksConfigCidrBlockArgs
                {
                    CidrBlock = "string",
                    DisplayName = "string",
                },
            },
            GcpPublicCidrsAccessEnabled = false,
            PrivateEndpointEnforcementEnabled = false,
        },
        MeshCertificates = new Gcp.Container.Inputs.ClusterMeshCertificatesArgs
        {
            EnableCertificates = false,
        },
        MinMasterVersion = "string",
        MonitoringConfig = new Gcp.Container.Inputs.ClusterMonitoringConfigArgs
        {
            AdvancedDatapathObservabilityConfig = new Gcp.Container.Inputs.ClusterMonitoringConfigAdvancedDatapathObservabilityConfigArgs
            {
                EnableMetrics = false,
                EnableRelay = false,
            },
            EnableComponents = new[]
            {
                "string",
            },
            ManagedPrometheus = new Gcp.Container.Inputs.ClusterMonitoringConfigManagedPrometheusArgs
            {
                Enabled = false,
            },
        },
        MonitoringService = "string",
        Name = "string",
        Network = "string",
        NetworkPolicy = new Gcp.Container.Inputs.ClusterNetworkPolicyArgs
        {
            Enabled = false,
            Provider = "string",
        },
        NetworkingMode = "string",
        NodeConfig = new Gcp.Container.Inputs.ClusterNodeConfigArgs
        {
            AdvancedMachineFeatures = new Gcp.Container.Inputs.ClusterNodeConfigAdvancedMachineFeaturesArgs
            {
                ThreadsPerCore = 0,
                EnableNestedVirtualization = false,
            },
            BootDiskKmsKey = "string",
            ConfidentialNodes = new Gcp.Container.Inputs.ClusterNodeConfigConfidentialNodesArgs
            {
                Enabled = false,
            },
            ContainerdConfig = new Gcp.Container.Inputs.ClusterNodeConfigContainerdConfigArgs
            {
                PrivateRegistryAccessConfig = new Gcp.Container.Inputs.ClusterNodeConfigContainerdConfigPrivateRegistryAccessConfigArgs
                {
                    Enabled = false,
                    CertificateAuthorityDomainConfigs = new[]
                    {
                        new Gcp.Container.Inputs.ClusterNodeConfigContainerdConfigPrivateRegistryAccessConfigCertificateAuthorityDomainConfigArgs
                        {
                            Fqdns = new[]
                            {
                                "string",
                            },
                            GcpSecretManagerCertificateConfig = new Gcp.Container.Inputs.ClusterNodeConfigContainerdConfigPrivateRegistryAccessConfigCertificateAuthorityDomainConfigGcpSecretManagerCertificateConfigArgs
                            {
                                SecretUri = "string",
                            },
                        },
                    },
                },
            },
            DiskSizeGb = 0,
            DiskType = "string",
            EffectiveTaints = new[]
            {
                new Gcp.Container.Inputs.ClusterNodeConfigEffectiveTaintArgs
                {
                    Effect = "string",
                    Key = "string",
                    Value = "string",
                },
            },
            EnableConfidentialStorage = false,
            EphemeralStorageConfig = new Gcp.Container.Inputs.ClusterNodeConfigEphemeralStorageConfigArgs
            {
                LocalSsdCount = 0,
            },
            EphemeralStorageLocalSsdConfig = new Gcp.Container.Inputs.ClusterNodeConfigEphemeralStorageLocalSsdConfigArgs
            {
                LocalSsdCount = 0,
            },
            FastSocket = new Gcp.Container.Inputs.ClusterNodeConfigFastSocketArgs
            {
                Enabled = false,
            },
            GcfsConfig = new Gcp.Container.Inputs.ClusterNodeConfigGcfsConfigArgs
            {
                Enabled = false,
            },
            GuestAccelerators = new[]
            {
                new Gcp.Container.Inputs.ClusterNodeConfigGuestAcceleratorArgs
                {
                    Count = 0,
                    Type = "string",
                    GpuDriverInstallationConfig = new Gcp.Container.Inputs.ClusterNodeConfigGuestAcceleratorGpuDriverInstallationConfigArgs
                    {
                        GpuDriverVersion = "string",
                    },
                    GpuPartitionSize = "string",
                    GpuSharingConfig = new Gcp.Container.Inputs.ClusterNodeConfigGuestAcceleratorGpuSharingConfigArgs
                    {
                        GpuSharingStrategy = "string",
                        MaxSharedClientsPerGpu = 0,
                    },
                },
            },
            Gvnic = new Gcp.Container.Inputs.ClusterNodeConfigGvnicArgs
            {
                Enabled = false,
            },
            HostMaintenancePolicy = new Gcp.Container.Inputs.ClusterNodeConfigHostMaintenancePolicyArgs
            {
                MaintenanceInterval = "string",
            },
            ImageType = "string",
            KubeletConfig = new Gcp.Container.Inputs.ClusterNodeConfigKubeletConfigArgs
            {
                CpuCfsQuota = false,
                CpuCfsQuotaPeriod = "string",
                CpuManagerPolicy = "string",
                InsecureKubeletReadonlyPortEnabled = "string",
                PodPidsLimit = 0,
            },
            Labels = 
            {
                { "string", "string" },
            },
            LinuxNodeConfig = new Gcp.Container.Inputs.ClusterNodeConfigLinuxNodeConfigArgs
            {
                CgroupMode = "string",
                HugepagesConfig = new Gcp.Container.Inputs.ClusterNodeConfigLinuxNodeConfigHugepagesConfigArgs
                {
                    HugepageSize1g = 0,
                    HugepageSize2m = 0,
                },
                Sysctls = 
                {
                    { "string", "string" },
                },
            },
            LocalNvmeSsdBlockConfig = new Gcp.Container.Inputs.ClusterNodeConfigLocalNvmeSsdBlockConfigArgs
            {
                LocalSsdCount = 0,
            },
            LocalSsdCount = 0,
            LoggingVariant = "string",
            MachineType = "string",
            Metadata = 
            {
                { "string", "string" },
            },
            MinCpuPlatform = "string",
            NodeGroup = "string",
            OauthScopes = new[]
            {
                "string",
            },
            Preemptible = false,
            ReservationAffinity = new Gcp.Container.Inputs.ClusterNodeConfigReservationAffinityArgs
            {
                ConsumeReservationType = "string",
                Key = "string",
                Values = new[]
                {
                    "string",
                },
            },
            ResourceLabels = 
            {
                { "string", "string" },
            },
            ResourceManagerTags = 
            {
                { "string", "string" },
            },
            SandboxConfig = new Gcp.Container.Inputs.ClusterNodeConfigSandboxConfigArgs
            {
                SandboxType = "string",
            },
            SecondaryBootDisks = new[]
            {
                new Gcp.Container.Inputs.ClusterNodeConfigSecondaryBootDiskArgs
                {
                    DiskImage = "string",
                    Mode = "string",
                },
            },
            ServiceAccount = "string",
            ShieldedInstanceConfig = new Gcp.Container.Inputs.ClusterNodeConfigShieldedInstanceConfigArgs
            {
                EnableIntegrityMonitoring = false,
                EnableSecureBoot = false,
            },
            SoleTenantConfig = new Gcp.Container.Inputs.ClusterNodeConfigSoleTenantConfigArgs
            {
                NodeAffinities = new[]
                {
                    new Gcp.Container.Inputs.ClusterNodeConfigSoleTenantConfigNodeAffinityArgs
                    {
                        Key = "string",
                        Operator = "string",
                        Values = new[]
                        {
                            "string",
                        },
                    },
                },
            },
            Spot = false,
            StoragePools = new[]
            {
                "string",
            },
            Tags = new[]
            {
                "string",
            },
            Taints = new[]
            {
                new Gcp.Container.Inputs.ClusterNodeConfigTaintArgs
                {
                    Effect = "string",
                    Key = "string",
                    Value = "string",
                },
            },
            WorkloadMetadataConfig = new Gcp.Container.Inputs.ClusterNodeConfigWorkloadMetadataConfigArgs
            {
                Mode = "string",
            },
        },
        NodeLocations = new[]
        {
            "string",
        },
        NodePoolAutoConfig = new Gcp.Container.Inputs.ClusterNodePoolAutoConfigArgs
        {
            NetworkTags = new Gcp.Container.Inputs.ClusterNodePoolAutoConfigNetworkTagsArgs
            {
                Tags = new[]
                {
                    "string",
                },
            },
            NodeKubeletConfig = new Gcp.Container.Inputs.ClusterNodePoolAutoConfigNodeKubeletConfigArgs
            {
                InsecureKubeletReadonlyPortEnabled = "string",
            },
            ResourceManagerTags = 
            {
                { "string", "string" },
            },
        },
        NodePoolDefaults = new Gcp.Container.Inputs.ClusterNodePoolDefaultsArgs
        {
            NodeConfigDefaults = new Gcp.Container.Inputs.ClusterNodePoolDefaultsNodeConfigDefaultsArgs
            {
                ContainerdConfig = new Gcp.Container.Inputs.ClusterNodePoolDefaultsNodeConfigDefaultsContainerdConfigArgs
                {
                    PrivateRegistryAccessConfig = new Gcp.Container.Inputs.ClusterNodePoolDefaultsNodeConfigDefaultsContainerdConfigPrivateRegistryAccessConfigArgs
                    {
                        Enabled = false,
                        CertificateAuthorityDomainConfigs = new[]
                        {
                            new Gcp.Container.Inputs.ClusterNodePoolDefaultsNodeConfigDefaultsContainerdConfigPrivateRegistryAccessConfigCertificateAuthorityDomainConfigArgs
                            {
                                Fqdns = new[]
                                {
                                    "string",
                                },
                                GcpSecretManagerCertificateConfig = new Gcp.Container.Inputs.ClusterNodePoolDefaultsNodeConfigDefaultsContainerdConfigPrivateRegistryAccessConfigCertificateAuthorityDomainConfigGcpSecretManagerCertificateConfigArgs
                                {
                                    SecretUri = "string",
                                },
                            },
                        },
                    },
                },
                GcfsConfig = new Gcp.Container.Inputs.ClusterNodePoolDefaultsNodeConfigDefaultsGcfsConfigArgs
                {
                    Enabled = false,
                },
                InsecureKubeletReadonlyPortEnabled = "string",
                LoggingVariant = "string",
            },
        },
        NodePools = new[]
        {
            new Gcp.Container.Inputs.ClusterNodePoolArgs
            {
                Autoscaling = new Gcp.Container.Inputs.ClusterNodePoolAutoscalingArgs
                {
                    LocationPolicy = "string",
                    MaxNodeCount = 0,
                    MinNodeCount = 0,
                    TotalMaxNodeCount = 0,
                    TotalMinNodeCount = 0,
                },
                InitialNodeCount = 0,
                InstanceGroupUrls = new[]
                {
                    "string",
                },
                ManagedInstanceGroupUrls = new[]
                {
                    "string",
                },
                Management = new Gcp.Container.Inputs.ClusterNodePoolManagementArgs
                {
                    AutoRepair = false,
                    AutoUpgrade = false,
                },
                MaxPodsPerNode = 0,
                Name = "string",
                NamePrefix = "string",
                NetworkConfig = new Gcp.Container.Inputs.ClusterNodePoolNetworkConfigArgs
                {
                    AdditionalNodeNetworkConfigs = new[]
                    {
                        new Gcp.Container.Inputs.ClusterNodePoolNetworkConfigAdditionalNodeNetworkConfigArgs
                        {
                            Network = "string",
                            Subnetwork = "string",
                        },
                    },
                    AdditionalPodNetworkConfigs = new[]
                    {
                        new Gcp.Container.Inputs.ClusterNodePoolNetworkConfigAdditionalPodNetworkConfigArgs
                        {
                            MaxPodsPerNode = 0,
                            SecondaryPodRange = "string",
                            Subnetwork = "string",
                        },
                    },
                    CreatePodRange = false,
                    EnablePrivateNodes = false,
                    NetworkPerformanceConfig = new Gcp.Container.Inputs.ClusterNodePoolNetworkConfigNetworkPerformanceConfigArgs
                    {
                        TotalEgressBandwidthTier = "string",
                    },
                    PodCidrOverprovisionConfig = new Gcp.Container.Inputs.ClusterNodePoolNetworkConfigPodCidrOverprovisionConfigArgs
                    {
                        Disabled = false,
                    },
                    PodIpv4CidrBlock = "string",
                    PodRange = "string",
                },
                NodeConfig = new Gcp.Container.Inputs.ClusterNodePoolNodeConfigArgs
                {
                    AdvancedMachineFeatures = new Gcp.Container.Inputs.ClusterNodePoolNodeConfigAdvancedMachineFeaturesArgs
                    {
                        ThreadsPerCore = 0,
                        EnableNestedVirtualization = false,
                    },
                    BootDiskKmsKey = "string",
                    ConfidentialNodes = new Gcp.Container.Inputs.ClusterNodePoolNodeConfigConfidentialNodesArgs
                    {
                        Enabled = false,
                    },
                    ContainerdConfig = new Gcp.Container.Inputs.ClusterNodePoolNodeConfigContainerdConfigArgs
                    {
                        PrivateRegistryAccessConfig = new Gcp.Container.Inputs.ClusterNodePoolNodeConfigContainerdConfigPrivateRegistryAccessConfigArgs
                        {
                            Enabled = false,
                            CertificateAuthorityDomainConfigs = new[]
                            {
                                new Gcp.Container.Inputs.ClusterNodePoolNodeConfigContainerdConfigPrivateRegistryAccessConfigCertificateAuthorityDomainConfigArgs
                                {
                                    Fqdns = new[]
                                    {
                                        "string",
                                    },
                                    GcpSecretManagerCertificateConfig = new Gcp.Container.Inputs.ClusterNodePoolNodeConfigContainerdConfigPrivateRegistryAccessConfigCertificateAuthorityDomainConfigGcpSecretManagerCertificateConfigArgs
                                    {
                                        SecretUri = "string",
                                    },
                                },
                            },
                        },
                    },
                    DiskSizeGb = 0,
                    DiskType = "string",
                    EffectiveTaints = new[]
                    {
                        new Gcp.Container.Inputs.ClusterNodePoolNodeConfigEffectiveTaintArgs
                        {
                            Effect = "string",
                            Key = "string",
                            Value = "string",
                        },
                    },
                    EnableConfidentialStorage = false,
                    EphemeralStorageConfig = new Gcp.Container.Inputs.ClusterNodePoolNodeConfigEphemeralStorageConfigArgs
                    {
                        LocalSsdCount = 0,
                    },
                    EphemeralStorageLocalSsdConfig = new Gcp.Container.Inputs.ClusterNodePoolNodeConfigEphemeralStorageLocalSsdConfigArgs
                    {
                        LocalSsdCount = 0,
                    },
                    FastSocket = new Gcp.Container.Inputs.ClusterNodePoolNodeConfigFastSocketArgs
                    {
                        Enabled = false,
                    },
                    GcfsConfig = new Gcp.Container.Inputs.ClusterNodePoolNodeConfigGcfsConfigArgs
                    {
                        Enabled = false,
                    },
                    GuestAccelerators = new[]
                    {
                        new Gcp.Container.Inputs.ClusterNodePoolNodeConfigGuestAcceleratorArgs
                        {
                            Count = 0,
                            Type = "string",
                            GpuDriverInstallationConfig = new Gcp.Container.Inputs.ClusterNodePoolNodeConfigGuestAcceleratorGpuDriverInstallationConfigArgs
                            {
                                GpuDriverVersion = "string",
                            },
                            GpuPartitionSize = "string",
                            GpuSharingConfig = new Gcp.Container.Inputs.ClusterNodePoolNodeConfigGuestAcceleratorGpuSharingConfigArgs
                            {
                                GpuSharingStrategy = "string",
                                MaxSharedClientsPerGpu = 0,
                            },
                        },
                    },
                    Gvnic = new Gcp.Container.Inputs.ClusterNodePoolNodeConfigGvnicArgs
                    {
                        Enabled = false,
                    },
                    HostMaintenancePolicy = new Gcp.Container.Inputs.ClusterNodePoolNodeConfigHostMaintenancePolicyArgs
                    {
                        MaintenanceInterval = "string",
                    },
                    ImageType = "string",
                    KubeletConfig = new Gcp.Container.Inputs.ClusterNodePoolNodeConfigKubeletConfigArgs
                    {
                        CpuCfsQuota = false,
                        CpuCfsQuotaPeriod = "string",
                        CpuManagerPolicy = "string",
                        InsecureKubeletReadonlyPortEnabled = "string",
                        PodPidsLimit = 0,
                    },
                    Labels = 
                    {
                        { "string", "string" },
                    },
                    LinuxNodeConfig = new Gcp.Container.Inputs.ClusterNodePoolNodeConfigLinuxNodeConfigArgs
                    {
                        CgroupMode = "string",
                        HugepagesConfig = new Gcp.Container.Inputs.ClusterNodePoolNodeConfigLinuxNodeConfigHugepagesConfigArgs
                        {
                            HugepageSize1g = 0,
                            HugepageSize2m = 0,
                        },
                        Sysctls = 
                        {
                            { "string", "string" },
                        },
                    },
                    LocalNvmeSsdBlockConfig = new Gcp.Container.Inputs.ClusterNodePoolNodeConfigLocalNvmeSsdBlockConfigArgs
                    {
                        LocalSsdCount = 0,
                    },
                    LocalSsdCount = 0,
                    LoggingVariant = "string",
                    MachineType = "string",
                    Metadata = 
                    {
                        { "string", "string" },
                    },
                    MinCpuPlatform = "string",
                    NodeGroup = "string",
                    OauthScopes = new[]
                    {
                        "string",
                    },
                    Preemptible = false,
                    ReservationAffinity = new Gcp.Container.Inputs.ClusterNodePoolNodeConfigReservationAffinityArgs
                    {
                        ConsumeReservationType = "string",
                        Key = "string",
                        Values = new[]
                        {
                            "string",
                        },
                    },
                    ResourceLabels = 
                    {
                        { "string", "string" },
                    },
                    ResourceManagerTags = 
                    {
                        { "string", "string" },
                    },
                    SandboxConfig = new Gcp.Container.Inputs.ClusterNodePoolNodeConfigSandboxConfigArgs
                    {
                        SandboxType = "string",
                    },
                    SecondaryBootDisks = new[]
                    {
                        new Gcp.Container.Inputs.ClusterNodePoolNodeConfigSecondaryBootDiskArgs
                        {
                            DiskImage = "string",
                            Mode = "string",
                        },
                    },
                    ServiceAccount = "string",
                    ShieldedInstanceConfig = new Gcp.Container.Inputs.ClusterNodePoolNodeConfigShieldedInstanceConfigArgs
                    {
                        EnableIntegrityMonitoring = false,
                        EnableSecureBoot = false,
                    },
                    SoleTenantConfig = new Gcp.Container.Inputs.ClusterNodePoolNodeConfigSoleTenantConfigArgs
                    {
                        NodeAffinities = new[]
                        {
                            new Gcp.Container.Inputs.ClusterNodePoolNodeConfigSoleTenantConfigNodeAffinityArgs
                            {
                                Key = "string",
                                Operator = "string",
                                Values = new[]
                                {
                                    "string",
                                },
                            },
                        },
                    },
                    Spot = false,
                    StoragePools = new[]
                    {
                        "string",
                    },
                    Tags = new[]
                    {
                        "string",
                    },
                    Taints = new[]
                    {
                        new Gcp.Container.Inputs.ClusterNodePoolNodeConfigTaintArgs
                        {
                            Effect = "string",
                            Key = "string",
                            Value = "string",
                        },
                    },
                    WorkloadMetadataConfig = new Gcp.Container.Inputs.ClusterNodePoolNodeConfigWorkloadMetadataConfigArgs
                    {
                        Mode = "string",
                    },
                },
                NodeCount = 0,
                NodeLocations = new[]
                {
                    "string",
                },
                PlacementPolicy = new Gcp.Container.Inputs.ClusterNodePoolPlacementPolicyArgs
                {
                    Type = "string",
                    PolicyName = "string",
                    TpuTopology = "string",
                },
                QueuedProvisioning = new Gcp.Container.Inputs.ClusterNodePoolQueuedProvisioningArgs
                {
                    Enabled = false,
                },
                UpgradeSettings = new Gcp.Container.Inputs.ClusterNodePoolUpgradeSettingsArgs
                {
                    BlueGreenSettings = new Gcp.Container.Inputs.ClusterNodePoolUpgradeSettingsBlueGreenSettingsArgs
                    {
                        StandardRolloutPolicy = new Gcp.Container.Inputs.ClusterNodePoolUpgradeSettingsBlueGreenSettingsStandardRolloutPolicyArgs
                        {
                            BatchNodeCount = 0,
                            BatchPercentage = 0,
                            BatchSoakDuration = "string",
                        },
                        NodePoolSoakDuration = "string",
                    },
                    MaxSurge = 0,
                    MaxUnavailable = 0,
                    Strategy = "string",
                },
                Version = "string",
            },
        },
        NodeVersion = "string",
        NotificationConfig = new Gcp.Container.Inputs.ClusterNotificationConfigArgs
        {
            Pubsub = new Gcp.Container.Inputs.ClusterNotificationConfigPubsubArgs
            {
                Enabled = false,
                Filter = new Gcp.Container.Inputs.ClusterNotificationConfigPubsubFilterArgs
                {
                    EventTypes = new[]
                    {
                        "string",
                    },
                },
                Topic = "string",
            },
        },
        PodSecurityPolicyConfig = new Gcp.Container.Inputs.ClusterPodSecurityPolicyConfigArgs
        {
            Enabled = false,
        },
        PrivateClusterConfig = new Gcp.Container.Inputs.ClusterPrivateClusterConfigArgs
        {
            EnablePrivateEndpoint = false,
            EnablePrivateNodes = false,
            MasterGlobalAccessConfig = new Gcp.Container.Inputs.ClusterPrivateClusterConfigMasterGlobalAccessConfigArgs
            {
                Enabled = false,
            },
            MasterIpv4CidrBlock = "string",
            PeeringName = "string",
            PrivateEndpoint = "string",
            PrivateEndpointSubnetwork = "string",
            PublicEndpoint = "string",
        },
        PrivateIpv6GoogleAccess = "string",
        Project = "string",
        ProtectConfig = new Gcp.Container.Inputs.ClusterProtectConfigArgs
        {
            WorkloadConfig = new Gcp.Container.Inputs.ClusterProtectConfigWorkloadConfigArgs
            {
                AuditMode = "string",
            },
            WorkloadVulnerabilityMode = "string",
        },
        ReleaseChannel = new Gcp.Container.Inputs.ClusterReleaseChannelArgs
        {
            Channel = "string",
        },
        RemoveDefaultNodePool = false,
        ResourceLabels = 
        {
            { "string", "string" },
        },
        ResourceUsageExportConfig = new Gcp.Container.Inputs.ClusterResourceUsageExportConfigArgs
        {
            BigqueryDestination = new Gcp.Container.Inputs.ClusterResourceUsageExportConfigBigqueryDestinationArgs
            {
                DatasetId = "string",
            },
            EnableNetworkEgressMetering = false,
            EnableResourceConsumptionMetering = false,
        },
        SecretManagerConfig = new Gcp.Container.Inputs.ClusterSecretManagerConfigArgs
        {
            Enabled = false,
        },
        SecurityPostureConfig = new Gcp.Container.Inputs.ClusterSecurityPostureConfigArgs
        {
            Mode = "string",
            VulnerabilityMode = "string",
        },
        ServiceExternalIpsConfig = new Gcp.Container.Inputs.ClusterServiceExternalIpsConfigArgs
        {
            Enabled = false,
        },
        Subnetwork = "string",
        TpuConfig = new Gcp.Container.Inputs.ClusterTpuConfigArgs
        {
            Enabled = false,
            Ipv4CidrBlock = "string",
            UseServiceNetworking = false,
        },
        UserManagedKeysConfig = new Gcp.Container.Inputs.ClusterUserManagedKeysConfigArgs
        {
            AggregationCa = "string",
            ClusterCa = "string",
            ControlPlaneDiskEncryptionKey = "string",
            EtcdApiCa = "string",
            EtcdPeerCa = "string",
            GkeopsEtcdBackupEncryptionKey = "string",
            ServiceAccountSigningKeys = new[]
            {
                "string",
            },
            ServiceAccountVerificationKeys = new[]
            {
                "string",
            },
        },
        VerticalPodAutoscaling = new Gcp.Container.Inputs.ClusterVerticalPodAutoscalingArgs
        {
            Enabled = false,
        },
        WorkloadAltsConfig = new Gcp.Container.Inputs.ClusterWorkloadAltsConfigArgs
        {
            EnableAlts = false,
        },
        WorkloadIdentityConfig = new Gcp.Container.Inputs.ClusterWorkloadIdentityConfigArgs
        {
            WorkloadPool = "string",
        },
    });
    
    example, err := container.NewCluster(ctx, "gcpClusterResource", &container.ClusterArgs{
    	AddonsConfig: &container.ClusterAddonsConfigArgs{
    		CloudrunConfig: &container.ClusterAddonsConfigCloudrunConfigArgs{
    			Disabled:         pulumi.Bool(false),
    			LoadBalancerType: pulumi.String("string"),
    		},
    		ConfigConnectorConfig: &container.ClusterAddonsConfigConfigConnectorConfigArgs{
    			Enabled: pulumi.Bool(false),
    		},
    		DnsCacheConfig: &container.ClusterAddonsConfigDnsCacheConfigArgs{
    			Enabled: pulumi.Bool(false),
    		},
    		GcePersistentDiskCsiDriverConfig: &container.ClusterAddonsConfigGcePersistentDiskCsiDriverConfigArgs{
    			Enabled: pulumi.Bool(false),
    		},
    		GcpFilestoreCsiDriverConfig: &container.ClusterAddonsConfigGcpFilestoreCsiDriverConfigArgs{
    			Enabled: pulumi.Bool(false),
    		},
    		GcsFuseCsiDriverConfig: &container.ClusterAddonsConfigGcsFuseCsiDriverConfigArgs{
    			Enabled: pulumi.Bool(false),
    		},
    		GkeBackupAgentConfig: &container.ClusterAddonsConfigGkeBackupAgentConfigArgs{
    			Enabled: pulumi.Bool(false),
    		},
    		HorizontalPodAutoscaling: &container.ClusterAddonsConfigHorizontalPodAutoscalingArgs{
    			Disabled: pulumi.Bool(false),
    		},
    		HttpLoadBalancing: &container.ClusterAddonsConfigHttpLoadBalancingArgs{
    			Disabled: pulumi.Bool(false),
    		},
    		IstioConfig: &container.ClusterAddonsConfigIstioConfigArgs{
    			Disabled: pulumi.Bool(false),
    			Auth:     pulumi.String("string"),
    		},
    		KalmConfig: &container.ClusterAddonsConfigKalmConfigArgs{
    			Enabled: pulumi.Bool(false),
    		},
    		NetworkPolicyConfig: &container.ClusterAddonsConfigNetworkPolicyConfigArgs{
    			Disabled: pulumi.Bool(false),
    		},
    		ParallelstoreCsiDriverConfig: &container.ClusterAddonsConfigParallelstoreCsiDriverConfigArgs{
    			Enabled: pulumi.Bool(false),
    		},
    		RayOperatorConfigs: container.ClusterAddonsConfigRayOperatorConfigArray{
    			&container.ClusterAddonsConfigRayOperatorConfigArgs{
    				Enabled: pulumi.Bool(false),
    				RayClusterLoggingConfig: &container.ClusterAddonsConfigRayOperatorConfigRayClusterLoggingConfigArgs{
    					Enabled: pulumi.Bool(false),
    				},
    				RayClusterMonitoringConfig: &container.ClusterAddonsConfigRayOperatorConfigRayClusterMonitoringConfigArgs{
    					Enabled: pulumi.Bool(false),
    				},
    			},
    		},
    		StatefulHaConfig: &container.ClusterAddonsConfigStatefulHaConfigArgs{
    			Enabled: pulumi.Bool(false),
    		},
    	},
    	AllowNetAdmin: pulumi.Bool(false),
    	AuthenticatorGroupsConfig: &container.ClusterAuthenticatorGroupsConfigArgs{
    		SecurityGroup: pulumi.String("string"),
    	},
    	BinaryAuthorization: &container.ClusterBinaryAuthorizationArgs{
    		EvaluationMode: pulumi.String("string"),
    	},
    	ClusterAutoscaling: &container.ClusterClusterAutoscalingArgs{
    		AutoProvisioningDefaults: &container.ClusterClusterAutoscalingAutoProvisioningDefaultsArgs{
    			BootDiskKmsKey: pulumi.String("string"),
    			DiskSize:       pulumi.Int(0),
    			DiskType:       pulumi.String("string"),
    			ImageType:      pulumi.String("string"),
    			Management: &container.ClusterClusterAutoscalingAutoProvisioningDefaultsManagementArgs{
    				AutoRepair:  pulumi.Bool(false),
    				AutoUpgrade: pulumi.Bool(false),
    				UpgradeOptions: container.ClusterClusterAutoscalingAutoProvisioningDefaultsManagementUpgradeOptionArray{
    					&container.ClusterClusterAutoscalingAutoProvisioningDefaultsManagementUpgradeOptionArgs{
    						AutoUpgradeStartTime: pulumi.String("string"),
    						Description:          pulumi.String("string"),
    					},
    				},
    			},
    			MinCpuPlatform: pulumi.String("string"),
    			OauthScopes: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    			ServiceAccount: pulumi.String("string"),
    			ShieldedInstanceConfig: &container.ClusterClusterAutoscalingAutoProvisioningDefaultsShieldedInstanceConfigArgs{
    				EnableIntegrityMonitoring: pulumi.Bool(false),
    				EnableSecureBoot:          pulumi.Bool(false),
    			},
    			UpgradeSettings: &container.ClusterClusterAutoscalingAutoProvisioningDefaultsUpgradeSettingsArgs{
    				BlueGreenSettings: &container.ClusterClusterAutoscalingAutoProvisioningDefaultsUpgradeSettingsBlueGreenSettingsArgs{
    					NodePoolSoakDuration: pulumi.String("string"),
    					StandardRolloutPolicy: &container.ClusterClusterAutoscalingAutoProvisioningDefaultsUpgradeSettingsBlueGreenSettingsStandardRolloutPolicyArgs{
    						BatchNodeCount:    pulumi.Int(0),
    						BatchPercentage:   pulumi.Float64(0),
    						BatchSoakDuration: pulumi.String("string"),
    					},
    				},
    				MaxSurge:       pulumi.Int(0),
    				MaxUnavailable: pulumi.Int(0),
    				Strategy:       pulumi.String("string"),
    			},
    		},
    		AutoProvisioningLocations: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    		AutoscalingProfile: pulumi.String("string"),
    		Enabled:            pulumi.Bool(false),
    		ResourceLimits: container.ClusterClusterAutoscalingResourceLimitArray{
    			&container.ClusterClusterAutoscalingResourceLimitArgs{
    				ResourceType: pulumi.String("string"),
    				Maximum:      pulumi.Int(0),
    				Minimum:      pulumi.Int(0),
    			},
    		},
    	},
    	ClusterIpv4Cidr: pulumi.String("string"),
    	ClusterTelemetry: &container.ClusterClusterTelemetryArgs{
    		Type: pulumi.String("string"),
    	},
    	ConfidentialNodes: &container.ClusterConfidentialNodesArgs{
    		Enabled: pulumi.Bool(false),
    	},
    	ControlPlaneEndpointsConfig: &container.ClusterControlPlaneEndpointsConfigArgs{
    		DnsEndpointConfig: &container.ClusterControlPlaneEndpointsConfigDnsEndpointConfigArgs{
    			AllowExternalTraffic: pulumi.Bool(false),
    			Endpoint:             pulumi.String("string"),
    		},
    	},
    	CostManagementConfig: &container.ClusterCostManagementConfigArgs{
    		Enabled: pulumi.Bool(false),
    	},
    	DatabaseEncryption: &container.ClusterDatabaseEncryptionArgs{
    		State:   pulumi.String("string"),
    		KeyName: pulumi.String("string"),
    	},
    	DatapathProvider:      pulumi.String("string"),
    	DefaultMaxPodsPerNode: pulumi.Int(0),
    	DefaultSnatStatus: &container.ClusterDefaultSnatStatusArgs{
    		Disabled: pulumi.Bool(false),
    	},
    	DeletionProtection: pulumi.Bool(false),
    	Description:        pulumi.String("string"),
    	DnsConfig: &container.ClusterDnsConfigArgs{
    		AdditiveVpcScopeDnsDomain: pulumi.String("string"),
    		ClusterDns:                pulumi.String("string"),
    		ClusterDnsDomain:          pulumi.String("string"),
    		ClusterDnsScope:           pulumi.String("string"),
    	},
    	EnableAutopilot:                      pulumi.Bool(false),
    	EnableCiliumClusterwideNetworkPolicy: pulumi.Bool(false),
    	EnableFqdnNetworkPolicy:              pulumi.Bool(false),
    	EnableIntranodeVisibility:            pulumi.Bool(false),
    	EnableK8sBetaApis: &container.ClusterEnableK8sBetaApisArgs{
    		EnabledApis: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    	},
    	EnableKubernetesAlpha: pulumi.Bool(false),
    	EnableL4IlbSubsetting: pulumi.Bool(false),
    	EnableLegacyAbac:      pulumi.Bool(false),
    	EnableMultiNetworking: pulumi.Bool(false),
    	EnableShieldedNodes:   pulumi.Bool(false),
    	EnableTpu:             pulumi.Bool(false),
    	Fleet: &container.ClusterFleetArgs{
    		Membership:         pulumi.String("string"),
    		MembershipId:       pulumi.String("string"),
    		MembershipLocation: pulumi.String("string"),
    		PreRegistered:      pulumi.Bool(false),
    		Project:            pulumi.String("string"),
    	},
    	GatewayApiConfig: &container.ClusterGatewayApiConfigArgs{
    		Channel: pulumi.String("string"),
    	},
    	IdentityServiceConfig: &container.ClusterIdentityServiceConfigArgs{
    		Enabled: pulumi.Bool(false),
    	},
    	InitialNodeCount: pulumi.Int(0),
    	IpAllocationPolicy: &container.ClusterIpAllocationPolicyArgs{
    		AdditionalPodRangesConfig: &container.ClusterIpAllocationPolicyAdditionalPodRangesConfigArgs{
    			PodRangeNames: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    		},
    		ClusterIpv4CidrBlock:      pulumi.String("string"),
    		ClusterSecondaryRangeName: pulumi.String("string"),
    		PodCidrOverprovisionConfig: &container.ClusterIpAllocationPolicyPodCidrOverprovisionConfigArgs{
    			Disabled: pulumi.Bool(false),
    		},
    		ServicesIpv4CidrBlock:      pulumi.String("string"),
    		ServicesSecondaryRangeName: pulumi.String("string"),
    		StackType:                  pulumi.String("string"),
    	},
    	Location: pulumi.String("string"),
    	LoggingConfig: &container.ClusterLoggingConfigArgs{
    		EnableComponents: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    	},
    	LoggingService: pulumi.String("string"),
    	MaintenancePolicy: &container.ClusterMaintenancePolicyArgs{
    		DailyMaintenanceWindow: &container.ClusterMaintenancePolicyDailyMaintenanceWindowArgs{
    			StartTime: pulumi.String("string"),
    			Duration:  pulumi.String("string"),
    		},
    		MaintenanceExclusions: container.ClusterMaintenancePolicyMaintenanceExclusionArray{
    			&container.ClusterMaintenancePolicyMaintenanceExclusionArgs{
    				EndTime:       pulumi.String("string"),
    				ExclusionName: pulumi.String("string"),
    				StartTime:     pulumi.String("string"),
    				ExclusionOptions: &container.ClusterMaintenancePolicyMaintenanceExclusionExclusionOptionsArgs{
    					Scope: pulumi.String("string"),
    				},
    			},
    		},
    		RecurringWindow: &container.ClusterMaintenancePolicyRecurringWindowArgs{
    			EndTime:    pulumi.String("string"),
    			Recurrence: pulumi.String("string"),
    			StartTime:  pulumi.String("string"),
    		},
    	},
    	MasterAuth: &container.ClusterMasterAuthArgs{
    		ClientCertificateConfig: &container.ClusterMasterAuthClientCertificateConfigArgs{
    			IssueClientCertificate: pulumi.Bool(false),
    		},
    		ClientCertificate:    pulumi.String("string"),
    		ClientKey:            pulumi.String("string"),
    		ClusterCaCertificate: pulumi.String("string"),
    	},
    	MasterAuthorizedNetworksConfig: &container.ClusterMasterAuthorizedNetworksConfigArgs{
    		CidrBlocks: container.ClusterMasterAuthorizedNetworksConfigCidrBlockArray{
    			&container.ClusterMasterAuthorizedNetworksConfigCidrBlockArgs{
    				CidrBlock:   pulumi.String("string"),
    				DisplayName: pulumi.String("string"),
    			},
    		},
    		GcpPublicCidrsAccessEnabled:       pulumi.Bool(false),
    		PrivateEndpointEnforcementEnabled: pulumi.Bool(false),
    	},
    	MeshCertificates: &container.ClusterMeshCertificatesArgs{
    		EnableCertificates: pulumi.Bool(false),
    	},
    	MinMasterVersion: pulumi.String("string"),
    	MonitoringConfig: &container.ClusterMonitoringConfigArgs{
    		AdvancedDatapathObservabilityConfig: &container.ClusterMonitoringConfigAdvancedDatapathObservabilityConfigArgs{
    			EnableMetrics: pulumi.Bool(false),
    			EnableRelay:   pulumi.Bool(false),
    		},
    		EnableComponents: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    		ManagedPrometheus: &container.ClusterMonitoringConfigManagedPrometheusArgs{
    			Enabled: pulumi.Bool(false),
    		},
    	},
    	MonitoringService: pulumi.String("string"),
    	Name:              pulumi.String("string"),
    	Network:           pulumi.String("string"),
    	NetworkPolicy: &container.ClusterNetworkPolicyArgs{
    		Enabled:  pulumi.Bool(false),
    		Provider: pulumi.String("string"),
    	},
    	NetworkingMode: pulumi.String("string"),
    	NodeConfig: &container.ClusterNodeConfigArgs{
    		AdvancedMachineFeatures: &container.ClusterNodeConfigAdvancedMachineFeaturesArgs{
    			ThreadsPerCore:             pulumi.Int(0),
    			EnableNestedVirtualization: pulumi.Bool(false),
    		},
    		BootDiskKmsKey: pulumi.String("string"),
    		ConfidentialNodes: &container.ClusterNodeConfigConfidentialNodesArgs{
    			Enabled: pulumi.Bool(false),
    		},
    		ContainerdConfig: &container.ClusterNodeConfigContainerdConfigArgs{
    			PrivateRegistryAccessConfig: &container.ClusterNodeConfigContainerdConfigPrivateRegistryAccessConfigArgs{
    				Enabled: pulumi.Bool(false),
    				CertificateAuthorityDomainConfigs: container.ClusterNodeConfigContainerdConfigPrivateRegistryAccessConfigCertificateAuthorityDomainConfigArray{
    					&container.ClusterNodeConfigContainerdConfigPrivateRegistryAccessConfigCertificateAuthorityDomainConfigArgs{
    						Fqdns: pulumi.StringArray{
    							pulumi.String("string"),
    						},
    						GcpSecretManagerCertificateConfig: &container.ClusterNodeConfigContainerdConfigPrivateRegistryAccessConfigCertificateAuthorityDomainConfigGcpSecretManagerCertificateConfigArgs{
    							SecretUri: pulumi.String("string"),
    						},
    					},
    				},
    			},
    		},
    		DiskSizeGb: pulumi.Int(0),
    		DiskType:   pulumi.String("string"),
    		EffectiveTaints: container.ClusterNodeConfigEffectiveTaintArray{
    			&container.ClusterNodeConfigEffectiveTaintArgs{
    				Effect: pulumi.String("string"),
    				Key:    pulumi.String("string"),
    				Value:  pulumi.String("string"),
    			},
    		},
    		EnableConfidentialStorage: pulumi.Bool(false),
    		EphemeralStorageConfig: &container.ClusterNodeConfigEphemeralStorageConfigArgs{
    			LocalSsdCount: pulumi.Int(0),
    		},
    		EphemeralStorageLocalSsdConfig: &container.ClusterNodeConfigEphemeralStorageLocalSsdConfigArgs{
    			LocalSsdCount: pulumi.Int(0),
    		},
    		FastSocket: &container.ClusterNodeConfigFastSocketArgs{
    			Enabled: pulumi.Bool(false),
    		},
    		GcfsConfig: &container.ClusterNodeConfigGcfsConfigArgs{
    			Enabled: pulumi.Bool(false),
    		},
    		GuestAccelerators: container.ClusterNodeConfigGuestAcceleratorArray{
    			&container.ClusterNodeConfigGuestAcceleratorArgs{
    				Count: pulumi.Int(0),
    				Type:  pulumi.String("string"),
    				GpuDriverInstallationConfig: &container.ClusterNodeConfigGuestAcceleratorGpuDriverInstallationConfigArgs{
    					GpuDriverVersion: pulumi.String("string"),
    				},
    				GpuPartitionSize: pulumi.String("string"),
    				GpuSharingConfig: &container.ClusterNodeConfigGuestAcceleratorGpuSharingConfigArgs{
    					GpuSharingStrategy:     pulumi.String("string"),
    					MaxSharedClientsPerGpu: pulumi.Int(0),
    				},
    			},
    		},
    		Gvnic: &container.ClusterNodeConfigGvnicArgs{
    			Enabled: pulumi.Bool(false),
    		},
    		HostMaintenancePolicy: &container.ClusterNodeConfigHostMaintenancePolicyArgs{
    			MaintenanceInterval: pulumi.String("string"),
    		},
    		ImageType: pulumi.String("string"),
    		KubeletConfig: &container.ClusterNodeConfigKubeletConfigArgs{
    			CpuCfsQuota:                        pulumi.Bool(false),
    			CpuCfsQuotaPeriod:                  pulumi.String("string"),
    			CpuManagerPolicy:                   pulumi.String("string"),
    			InsecureKubeletReadonlyPortEnabled: pulumi.String("string"),
    			PodPidsLimit:                       pulumi.Int(0),
    		},
    		Labels: pulumi.StringMap{
    			"string": pulumi.String("string"),
    		},
    		LinuxNodeConfig: &container.ClusterNodeConfigLinuxNodeConfigArgs{
    			CgroupMode: pulumi.String("string"),
    			HugepagesConfig: &container.ClusterNodeConfigLinuxNodeConfigHugepagesConfigArgs{
    				HugepageSize1g: pulumi.Int(0),
    				HugepageSize2m: pulumi.Int(0),
    			},
    			Sysctls: pulumi.StringMap{
    				"string": pulumi.String("string"),
    			},
    		},
    		LocalNvmeSsdBlockConfig: &container.ClusterNodeConfigLocalNvmeSsdBlockConfigArgs{
    			LocalSsdCount: pulumi.Int(0),
    		},
    		LocalSsdCount:  pulumi.Int(0),
    		LoggingVariant: pulumi.String("string"),
    		MachineType:    pulumi.String("string"),
    		Metadata: pulumi.StringMap{
    			"string": pulumi.String("string"),
    		},
    		MinCpuPlatform: pulumi.String("string"),
    		NodeGroup:      pulumi.String("string"),
    		OauthScopes: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    		Preemptible: pulumi.Bool(false),
    		ReservationAffinity: &container.ClusterNodeConfigReservationAffinityArgs{
    			ConsumeReservationType: pulumi.String("string"),
    			Key:                    pulumi.String("string"),
    			Values: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    		},
    		ResourceLabels: pulumi.StringMap{
    			"string": pulumi.String("string"),
    		},
    		ResourceManagerTags: pulumi.StringMap{
    			"string": pulumi.String("string"),
    		},
    		SandboxConfig: &container.ClusterNodeConfigSandboxConfigArgs{
    			SandboxType: pulumi.String("string"),
    		},
    		SecondaryBootDisks: container.ClusterNodeConfigSecondaryBootDiskArray{
    			&container.ClusterNodeConfigSecondaryBootDiskArgs{
    				DiskImage: pulumi.String("string"),
    				Mode:      pulumi.String("string"),
    			},
    		},
    		ServiceAccount: pulumi.String("string"),
    		ShieldedInstanceConfig: &container.ClusterNodeConfigShieldedInstanceConfigArgs{
    			EnableIntegrityMonitoring: pulumi.Bool(false),
    			EnableSecureBoot:          pulumi.Bool(false),
    		},
    		SoleTenantConfig: &container.ClusterNodeConfigSoleTenantConfigArgs{
    			NodeAffinities: container.ClusterNodeConfigSoleTenantConfigNodeAffinityArray{
    				&container.ClusterNodeConfigSoleTenantConfigNodeAffinityArgs{
    					Key:      pulumi.String("string"),
    					Operator: pulumi.String("string"),
    					Values: pulumi.StringArray{
    						pulumi.String("string"),
    					},
    				},
    			},
    		},
    		Spot: pulumi.Bool(false),
    		StoragePools: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    		Tags: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    		Taints: container.ClusterNodeConfigTaintArray{
    			&container.ClusterNodeConfigTaintArgs{
    				Effect: pulumi.String("string"),
    				Key:    pulumi.String("string"),
    				Value:  pulumi.String("string"),
    			},
    		},
    		WorkloadMetadataConfig: &container.ClusterNodeConfigWorkloadMetadataConfigArgs{
    			Mode: pulumi.String("string"),
    		},
    	},
    	NodeLocations: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	NodePoolAutoConfig: &container.ClusterNodePoolAutoConfigArgs{
    		NetworkTags: &container.ClusterNodePoolAutoConfigNetworkTagsArgs{
    			Tags: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    		},
    		NodeKubeletConfig: &container.ClusterNodePoolAutoConfigNodeKubeletConfigArgs{
    			InsecureKubeletReadonlyPortEnabled: pulumi.String("string"),
    		},
    		ResourceManagerTags: pulumi.StringMap{
    			"string": pulumi.String("string"),
    		},
    	},
    	NodePoolDefaults: &container.ClusterNodePoolDefaultsArgs{
    		NodeConfigDefaults: &container.ClusterNodePoolDefaultsNodeConfigDefaultsArgs{
    			ContainerdConfig: &container.ClusterNodePoolDefaultsNodeConfigDefaultsContainerdConfigArgs{
    				PrivateRegistryAccessConfig: &container.ClusterNodePoolDefaultsNodeConfigDefaultsContainerdConfigPrivateRegistryAccessConfigArgs{
    					Enabled: pulumi.Bool(false),
    					CertificateAuthorityDomainConfigs: container.ClusterNodePoolDefaultsNodeConfigDefaultsContainerdConfigPrivateRegistryAccessConfigCertificateAuthorityDomainConfigArray{
    						&container.ClusterNodePoolDefaultsNodeConfigDefaultsContainerdConfigPrivateRegistryAccessConfigCertificateAuthorityDomainConfigArgs{
    							Fqdns: pulumi.StringArray{
    								pulumi.String("string"),
    							},
    							GcpSecretManagerCertificateConfig: &container.ClusterNodePoolDefaultsNodeConfigDefaultsContainerdConfigPrivateRegistryAccessConfigCertificateAuthorityDomainConfigGcpSecretManagerCertificateConfigArgs{
    								SecretUri: pulumi.String("string"),
    							},
    						},
    					},
    				},
    			},
    			GcfsConfig: &container.ClusterNodePoolDefaultsNodeConfigDefaultsGcfsConfigArgs{
    				Enabled: pulumi.Bool(false),
    			},
    			InsecureKubeletReadonlyPortEnabled: pulumi.String("string"),
    			LoggingVariant:                     pulumi.String("string"),
    		},
    	},
    	NodePools: container.ClusterNodePoolArray{
    		&container.ClusterNodePoolArgs{
    			Autoscaling: &container.ClusterNodePoolAutoscalingArgs{
    				LocationPolicy:    pulumi.String("string"),
    				MaxNodeCount:      pulumi.Int(0),
    				MinNodeCount:      pulumi.Int(0),
    				TotalMaxNodeCount: pulumi.Int(0),
    				TotalMinNodeCount: pulumi.Int(0),
    			},
    			InitialNodeCount: pulumi.Int(0),
    			InstanceGroupUrls: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    			ManagedInstanceGroupUrls: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    			Management: &container.ClusterNodePoolManagementArgs{
    				AutoRepair:  pulumi.Bool(false),
    				AutoUpgrade: pulumi.Bool(false),
    			},
    			MaxPodsPerNode: pulumi.Int(0),
    			Name:           pulumi.String("string"),
    			NamePrefix:     pulumi.String("string"),
    			NetworkConfig: &container.ClusterNodePoolNetworkConfigArgs{
    				AdditionalNodeNetworkConfigs: container.ClusterNodePoolNetworkConfigAdditionalNodeNetworkConfigArray{
    					&container.ClusterNodePoolNetworkConfigAdditionalNodeNetworkConfigArgs{
    						Network:    pulumi.String("string"),
    						Subnetwork: pulumi.String("string"),
    					},
    				},
    				AdditionalPodNetworkConfigs: container.ClusterNodePoolNetworkConfigAdditionalPodNetworkConfigArray{
    					&container.ClusterNodePoolNetworkConfigAdditionalPodNetworkConfigArgs{
    						MaxPodsPerNode:    pulumi.Int(0),
    						SecondaryPodRange: pulumi.String("string"),
    						Subnetwork:        pulumi.String("string"),
    					},
    				},
    				CreatePodRange:     pulumi.Bool(false),
    				EnablePrivateNodes: pulumi.Bool(false),
    				NetworkPerformanceConfig: &container.ClusterNodePoolNetworkConfigNetworkPerformanceConfigArgs{
    					TotalEgressBandwidthTier: pulumi.String("string"),
    				},
    				PodCidrOverprovisionConfig: &container.ClusterNodePoolNetworkConfigPodCidrOverprovisionConfigArgs{
    					Disabled: pulumi.Bool(false),
    				},
    				PodIpv4CidrBlock: pulumi.String("string"),
    				PodRange:         pulumi.String("string"),
    			},
    			NodeConfig: &container.ClusterNodePoolNodeConfigArgs{
    				AdvancedMachineFeatures: &container.ClusterNodePoolNodeConfigAdvancedMachineFeaturesArgs{
    					ThreadsPerCore:             pulumi.Int(0),
    					EnableNestedVirtualization: pulumi.Bool(false),
    				},
    				BootDiskKmsKey: pulumi.String("string"),
    				ConfidentialNodes: &container.ClusterNodePoolNodeConfigConfidentialNodesArgs{
    					Enabled: pulumi.Bool(false),
    				},
    				ContainerdConfig: &container.ClusterNodePoolNodeConfigContainerdConfigArgs{
    					PrivateRegistryAccessConfig: &container.ClusterNodePoolNodeConfigContainerdConfigPrivateRegistryAccessConfigArgs{
    						Enabled: pulumi.Bool(false),
    						CertificateAuthorityDomainConfigs: container.ClusterNodePoolNodeConfigContainerdConfigPrivateRegistryAccessConfigCertificateAuthorityDomainConfigArray{
    							&container.ClusterNodePoolNodeConfigContainerdConfigPrivateRegistryAccessConfigCertificateAuthorityDomainConfigArgs{
    								Fqdns: pulumi.StringArray{
    									pulumi.String("string"),
    								},
    								GcpSecretManagerCertificateConfig: &container.ClusterNodePoolNodeConfigContainerdConfigPrivateRegistryAccessConfigCertificateAuthorityDomainConfigGcpSecretManagerCertificateConfigArgs{
    									SecretUri: pulumi.String("string"),
    								},
    							},
    						},
    					},
    				},
    				DiskSizeGb: pulumi.Int(0),
    				DiskType:   pulumi.String("string"),
    				EffectiveTaints: container.ClusterNodePoolNodeConfigEffectiveTaintArray{
    					&container.ClusterNodePoolNodeConfigEffectiveTaintArgs{
    						Effect: pulumi.String("string"),
    						Key:    pulumi.String("string"),
    						Value:  pulumi.String("string"),
    					},
    				},
    				EnableConfidentialStorage: pulumi.Bool(false),
    				EphemeralStorageConfig: &container.ClusterNodePoolNodeConfigEphemeralStorageConfigArgs{
    					LocalSsdCount: pulumi.Int(0),
    				},
    				EphemeralStorageLocalSsdConfig: &container.ClusterNodePoolNodeConfigEphemeralStorageLocalSsdConfigArgs{
    					LocalSsdCount: pulumi.Int(0),
    				},
    				FastSocket: &container.ClusterNodePoolNodeConfigFastSocketArgs{
    					Enabled: pulumi.Bool(false),
    				},
    				GcfsConfig: &container.ClusterNodePoolNodeConfigGcfsConfigArgs{
    					Enabled: pulumi.Bool(false),
    				},
    				GuestAccelerators: container.ClusterNodePoolNodeConfigGuestAcceleratorArray{
    					&container.ClusterNodePoolNodeConfigGuestAcceleratorArgs{
    						Count: pulumi.Int(0),
    						Type:  pulumi.String("string"),
    						GpuDriverInstallationConfig: &container.ClusterNodePoolNodeConfigGuestAcceleratorGpuDriverInstallationConfigArgs{
    							GpuDriverVersion: pulumi.String("string"),
    						},
    						GpuPartitionSize: pulumi.String("string"),
    						GpuSharingConfig: &container.ClusterNodePoolNodeConfigGuestAcceleratorGpuSharingConfigArgs{
    							GpuSharingStrategy:     pulumi.String("string"),
    							MaxSharedClientsPerGpu: pulumi.Int(0),
    						},
    					},
    				},
    				Gvnic: &container.ClusterNodePoolNodeConfigGvnicArgs{
    					Enabled: pulumi.Bool(false),
    				},
    				HostMaintenancePolicy: &container.ClusterNodePoolNodeConfigHostMaintenancePolicyArgs{
    					MaintenanceInterval: pulumi.String("string"),
    				},
    				ImageType: pulumi.String("string"),
    				KubeletConfig: &container.ClusterNodePoolNodeConfigKubeletConfigArgs{
    					CpuCfsQuota:                        pulumi.Bool(false),
    					CpuCfsQuotaPeriod:                  pulumi.String("string"),
    					CpuManagerPolicy:                   pulumi.String("string"),
    					InsecureKubeletReadonlyPortEnabled: pulumi.String("string"),
    					PodPidsLimit:                       pulumi.Int(0),
    				},
    				Labels: pulumi.StringMap{
    					"string": pulumi.String("string"),
    				},
    				LinuxNodeConfig: &container.ClusterNodePoolNodeConfigLinuxNodeConfigArgs{
    					CgroupMode: pulumi.String("string"),
    					HugepagesConfig: &container.ClusterNodePoolNodeConfigLinuxNodeConfigHugepagesConfigArgs{
    						HugepageSize1g: pulumi.Int(0),
    						HugepageSize2m: pulumi.Int(0),
    					},
    					Sysctls: pulumi.StringMap{
    						"string": pulumi.String("string"),
    					},
    				},
    				LocalNvmeSsdBlockConfig: &container.ClusterNodePoolNodeConfigLocalNvmeSsdBlockConfigArgs{
    					LocalSsdCount: pulumi.Int(0),
    				},
    				LocalSsdCount:  pulumi.Int(0),
    				LoggingVariant: pulumi.String("string"),
    				MachineType:    pulumi.String("string"),
    				Metadata: pulumi.StringMap{
    					"string": pulumi.String("string"),
    				},
    				MinCpuPlatform: pulumi.String("string"),
    				NodeGroup:      pulumi.String("string"),
    				OauthScopes: pulumi.StringArray{
    					pulumi.String("string"),
    				},
    				Preemptible: pulumi.Bool(false),
    				ReservationAffinity: &container.ClusterNodePoolNodeConfigReservationAffinityArgs{
    					ConsumeReservationType: pulumi.String("string"),
    					Key:                    pulumi.String("string"),
    					Values: pulumi.StringArray{
    						pulumi.String("string"),
    					},
    				},
    				ResourceLabels: pulumi.StringMap{
    					"string": pulumi.String("string"),
    				},
    				ResourceManagerTags: pulumi.StringMap{
    					"string": pulumi.String("string"),
    				},
    				SandboxConfig: &container.ClusterNodePoolNodeConfigSandboxConfigArgs{
    					SandboxType: pulumi.String("string"),
    				},
    				SecondaryBootDisks: container.ClusterNodePoolNodeConfigSecondaryBootDiskArray{
    					&container.ClusterNodePoolNodeConfigSecondaryBootDiskArgs{
    						DiskImage: pulumi.String("string"),
    						Mode:      pulumi.String("string"),
    					},
    				},
    				ServiceAccount: pulumi.String("string"),
    				ShieldedInstanceConfig: &container.ClusterNodePoolNodeConfigShieldedInstanceConfigArgs{
    					EnableIntegrityMonitoring: pulumi.Bool(false),
    					EnableSecureBoot:          pulumi.Bool(false),
    				},
    				SoleTenantConfig: &container.ClusterNodePoolNodeConfigSoleTenantConfigArgs{
    					NodeAffinities: container.ClusterNodePoolNodeConfigSoleTenantConfigNodeAffinityArray{
    						&container.ClusterNodePoolNodeConfigSoleTenantConfigNodeAffinityArgs{
    							Key:      pulumi.String("string"),
    							Operator: pulumi.String("string"),
    							Values: pulumi.StringArray{
    								pulumi.String("string"),
    							},
    						},
    					},
    				},
    				Spot: pulumi.Bool(false),
    				StoragePools: pulumi.StringArray{
    					pulumi.String("string"),
    				},
    				Tags: pulumi.StringArray{
    					pulumi.String("string"),
    				},
    				Taints: container.ClusterNodePoolNodeConfigTaintArray{
    					&container.ClusterNodePoolNodeConfigTaintArgs{
    						Effect: pulumi.String("string"),
    						Key:    pulumi.String("string"),
    						Value:  pulumi.String("string"),
    					},
    				},
    				WorkloadMetadataConfig: &container.ClusterNodePoolNodeConfigWorkloadMetadataConfigArgs{
    					Mode: pulumi.String("string"),
    				},
    			},
    			NodeCount: pulumi.Int(0),
    			NodeLocations: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    			PlacementPolicy: &container.ClusterNodePoolPlacementPolicyArgs{
    				Type:        pulumi.String("string"),
    				PolicyName:  pulumi.String("string"),
    				TpuTopology: pulumi.String("string"),
    			},
    			QueuedProvisioning: &container.ClusterNodePoolQueuedProvisioningArgs{
    				Enabled: pulumi.Bool(false),
    			},
    			UpgradeSettings: &container.ClusterNodePoolUpgradeSettingsArgs{
    				BlueGreenSettings: &container.ClusterNodePoolUpgradeSettingsBlueGreenSettingsArgs{
    					StandardRolloutPolicy: &container.ClusterNodePoolUpgradeSettingsBlueGreenSettingsStandardRolloutPolicyArgs{
    						BatchNodeCount:    pulumi.Int(0),
    						BatchPercentage:   pulumi.Float64(0),
    						BatchSoakDuration: pulumi.String("string"),
    					},
    					NodePoolSoakDuration: pulumi.String("string"),
    				},
    				MaxSurge:       pulumi.Int(0),
    				MaxUnavailable: pulumi.Int(0),
    				Strategy:       pulumi.String("string"),
    			},
    			Version: pulumi.String("string"),
    		},
    	},
    	NodeVersion: pulumi.String("string"),
    	NotificationConfig: &container.ClusterNotificationConfigArgs{
    		Pubsub: &container.ClusterNotificationConfigPubsubArgs{
    			Enabled: pulumi.Bool(false),
    			Filter: &container.ClusterNotificationConfigPubsubFilterArgs{
    				EventTypes: pulumi.StringArray{
    					pulumi.String("string"),
    				},
    			},
    			Topic: pulumi.String("string"),
    		},
    	},
    	PodSecurityPolicyConfig: &container.ClusterPodSecurityPolicyConfigArgs{
    		Enabled: pulumi.Bool(false),
    	},
    	PrivateClusterConfig: &container.ClusterPrivateClusterConfigArgs{
    		EnablePrivateEndpoint: pulumi.Bool(false),
    		EnablePrivateNodes:    pulumi.Bool(false),
    		MasterGlobalAccessConfig: &container.ClusterPrivateClusterConfigMasterGlobalAccessConfigArgs{
    			Enabled: pulumi.Bool(false),
    		},
    		MasterIpv4CidrBlock:       pulumi.String("string"),
    		PeeringName:               pulumi.String("string"),
    		PrivateEndpoint:           pulumi.String("string"),
    		PrivateEndpointSubnetwork: pulumi.String("string"),
    		PublicEndpoint:            pulumi.String("string"),
    	},
    	PrivateIpv6GoogleAccess: pulumi.String("string"),
    	Project:                 pulumi.String("string"),
    	ProtectConfig: &container.ClusterProtectConfigArgs{
    		WorkloadConfig: &container.ClusterProtectConfigWorkloadConfigArgs{
    			AuditMode: pulumi.String("string"),
    		},
    		WorkloadVulnerabilityMode: pulumi.String("string"),
    	},
    	ReleaseChannel: &container.ClusterReleaseChannelArgs{
    		Channel: pulumi.String("string"),
    	},
    	RemoveDefaultNodePool: pulumi.Bool(false),
    	ResourceLabels: pulumi.StringMap{
    		"string": pulumi.String("string"),
    	},
    	ResourceUsageExportConfig: &container.ClusterResourceUsageExportConfigArgs{
    		BigqueryDestination: &container.ClusterResourceUsageExportConfigBigqueryDestinationArgs{
    			DatasetId: pulumi.String("string"),
    		},
    		EnableNetworkEgressMetering:       pulumi.Bool(false),
    		EnableResourceConsumptionMetering: pulumi.Bool(false),
    	},
    	SecretManagerConfig: &container.ClusterSecretManagerConfigArgs{
    		Enabled: pulumi.Bool(false),
    	},
    	SecurityPostureConfig: &container.ClusterSecurityPostureConfigArgs{
    		Mode:              pulumi.String("string"),
    		VulnerabilityMode: pulumi.String("string"),
    	},
    	ServiceExternalIpsConfig: &container.ClusterServiceExternalIpsConfigArgs{
    		Enabled: pulumi.Bool(false),
    	},
    	Subnetwork: pulumi.String("string"),
    	TpuConfig: &container.ClusterTpuConfigArgs{
    		Enabled:              pulumi.Bool(false),
    		Ipv4CidrBlock:        pulumi.String("string"),
    		UseServiceNetworking: pulumi.Bool(false),
    	},
    	UserManagedKeysConfig: &container.ClusterUserManagedKeysConfigArgs{
    		AggregationCa:                 pulumi.String("string"),
    		ClusterCa:                     pulumi.String("string"),
    		ControlPlaneDiskEncryptionKey: pulumi.String("string"),
    		EtcdApiCa:                     pulumi.String("string"),
    		EtcdPeerCa:                    pulumi.String("string"),
    		GkeopsEtcdBackupEncryptionKey: pulumi.String("string"),
    		ServiceAccountSigningKeys: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    		ServiceAccountVerificationKeys: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    	},
    	VerticalPodAutoscaling: &container.ClusterVerticalPodAutoscalingArgs{
    		Enabled: pulumi.Bool(false),
    	},
    	WorkloadAltsConfig: &container.ClusterWorkloadAltsConfigArgs{
    		EnableAlts: pulumi.Bool(false),
    	},
    	WorkloadIdentityConfig: &container.ClusterWorkloadIdentityConfigArgs{
    		WorkloadPool: pulumi.String("string"),
    	},
    })
    
    var gcpClusterResource = new Cluster("gcpClusterResource", ClusterArgs.builder()
        .addonsConfig(ClusterAddonsConfigArgs.builder()
            .cloudrunConfig(ClusterAddonsConfigCloudrunConfigArgs.builder()
                .disabled(false)
                .loadBalancerType("string")
                .build())
            .configConnectorConfig(ClusterAddonsConfigConfigConnectorConfigArgs.builder()
                .enabled(false)
                .build())
            .dnsCacheConfig(ClusterAddonsConfigDnsCacheConfigArgs.builder()
                .enabled(false)
                .build())
            .gcePersistentDiskCsiDriverConfig(ClusterAddonsConfigGcePersistentDiskCsiDriverConfigArgs.builder()
                .enabled(false)
                .build())
            .gcpFilestoreCsiDriverConfig(ClusterAddonsConfigGcpFilestoreCsiDriverConfigArgs.builder()
                .enabled(false)
                .build())
            .gcsFuseCsiDriverConfig(ClusterAddonsConfigGcsFuseCsiDriverConfigArgs.builder()
                .enabled(false)
                .build())
            .gkeBackupAgentConfig(ClusterAddonsConfigGkeBackupAgentConfigArgs.builder()
                .enabled(false)
                .build())
            .horizontalPodAutoscaling(ClusterAddonsConfigHorizontalPodAutoscalingArgs.builder()
                .disabled(false)
                .build())
            .httpLoadBalancing(ClusterAddonsConfigHttpLoadBalancingArgs.builder()
                .disabled(false)
                .build())
            .istioConfig(ClusterAddonsConfigIstioConfigArgs.builder()
                .disabled(false)
                .auth("string")
                .build())
            .kalmConfig(ClusterAddonsConfigKalmConfigArgs.builder()
                .enabled(false)
                .build())
            .networkPolicyConfig(ClusterAddonsConfigNetworkPolicyConfigArgs.builder()
                .disabled(false)
                .build())
            .parallelstoreCsiDriverConfig(ClusterAddonsConfigParallelstoreCsiDriverConfigArgs.builder()
                .enabled(false)
                .build())
            .rayOperatorConfigs(ClusterAddonsConfigRayOperatorConfigArgs.builder()
                .enabled(false)
                .rayClusterLoggingConfig(ClusterAddonsConfigRayOperatorConfigRayClusterLoggingConfigArgs.builder()
                    .enabled(false)
                    .build())
                .rayClusterMonitoringConfig(ClusterAddonsConfigRayOperatorConfigRayClusterMonitoringConfigArgs.builder()
                    .enabled(false)
                    .build())
                .build())
            .statefulHaConfig(ClusterAddonsConfigStatefulHaConfigArgs.builder()
                .enabled(false)
                .build())
            .build())
        .allowNetAdmin(false)
        .authenticatorGroupsConfig(ClusterAuthenticatorGroupsConfigArgs.builder()
            .securityGroup("string")
            .build())
        .binaryAuthorization(ClusterBinaryAuthorizationArgs.builder()
            .evaluationMode("string")
            .build())
        .clusterAutoscaling(ClusterClusterAutoscalingArgs.builder()
            .autoProvisioningDefaults(ClusterClusterAutoscalingAutoProvisioningDefaultsArgs.builder()
                .bootDiskKmsKey("string")
                .diskSize(0)
                .diskType("string")
                .imageType("string")
                .management(ClusterClusterAutoscalingAutoProvisioningDefaultsManagementArgs.builder()
                    .autoRepair(false)
                    .autoUpgrade(false)
                    .upgradeOptions(ClusterClusterAutoscalingAutoProvisioningDefaultsManagementUpgradeOptionArgs.builder()
                        .autoUpgradeStartTime("string")
                        .description("string")
                        .build())
                    .build())
                .minCpuPlatform("string")
                .oauthScopes("string")
                .serviceAccount("string")
                .shieldedInstanceConfig(ClusterClusterAutoscalingAutoProvisioningDefaultsShieldedInstanceConfigArgs.builder()
                    .enableIntegrityMonitoring(false)
                    .enableSecureBoot(false)
                    .build())
                .upgradeSettings(ClusterClusterAutoscalingAutoProvisioningDefaultsUpgradeSettingsArgs.builder()
                    .blueGreenSettings(ClusterClusterAutoscalingAutoProvisioningDefaultsUpgradeSettingsBlueGreenSettingsArgs.builder()
                        .nodePoolSoakDuration("string")
                        .standardRolloutPolicy(ClusterClusterAutoscalingAutoProvisioningDefaultsUpgradeSettingsBlueGreenSettingsStandardRolloutPolicyArgs.builder()
                            .batchNodeCount(0)
                            .batchPercentage(0)
                            .batchSoakDuration("string")
                            .build())
                        .build())
                    .maxSurge(0)
                    .maxUnavailable(0)
                    .strategy("string")
                    .build())
                .build())
            .autoProvisioningLocations("string")
            .autoscalingProfile("string")
            .enabled(false)
            .resourceLimits(ClusterClusterAutoscalingResourceLimitArgs.builder()
                .resourceType("string")
                .maximum(0)
                .minimum(0)
                .build())
            .build())
        .clusterIpv4Cidr("string")
        .clusterTelemetry(ClusterClusterTelemetryArgs.builder()
            .type("string")
            .build())
        .confidentialNodes(ClusterConfidentialNodesArgs.builder()
            .enabled(false)
            .build())
        .controlPlaneEndpointsConfig(ClusterControlPlaneEndpointsConfigArgs.builder()
            .dnsEndpointConfig(ClusterControlPlaneEndpointsConfigDnsEndpointConfigArgs.builder()
                .allowExternalTraffic(false)
                .endpoint("string")
                .build())
            .build())
        .costManagementConfig(ClusterCostManagementConfigArgs.builder()
            .enabled(false)
            .build())
        .databaseEncryption(ClusterDatabaseEncryptionArgs.builder()
            .state("string")
            .keyName("string")
            .build())
        .datapathProvider("string")
        .defaultMaxPodsPerNode(0)
        .defaultSnatStatus(ClusterDefaultSnatStatusArgs.builder()
            .disabled(false)
            .build())
        .deletionProtection(false)
        .description("string")
        .dnsConfig(ClusterDnsConfigArgs.builder()
            .additiveVpcScopeDnsDomain("string")
            .clusterDns("string")
            .clusterDnsDomain("string")
            .clusterDnsScope("string")
            .build())
        .enableAutopilot(false)
        .enableCiliumClusterwideNetworkPolicy(false)
        .enableFqdnNetworkPolicy(false)
        .enableIntranodeVisibility(false)
        .enableK8sBetaApis(ClusterEnableK8sBetaApisArgs.builder()
            .enabledApis("string")
            .build())
        .enableKubernetesAlpha(false)
        .enableL4IlbSubsetting(false)
        .enableLegacyAbac(false)
        .enableMultiNetworking(false)
        .enableShieldedNodes(false)
        .enableTpu(false)
        .fleet(ClusterFleetArgs.builder()
            .membership("string")
            .membershipId("string")
            .membershipLocation("string")
            .preRegistered(false)
            .project("string")
            .build())
        .gatewayApiConfig(ClusterGatewayApiConfigArgs.builder()
            .channel("string")
            .build())
        .identityServiceConfig(ClusterIdentityServiceConfigArgs.builder()
            .enabled(false)
            .build())
        .initialNodeCount(0)
        .ipAllocationPolicy(ClusterIpAllocationPolicyArgs.builder()
            .additionalPodRangesConfig(ClusterIpAllocationPolicyAdditionalPodRangesConfigArgs.builder()
                .podRangeNames("string")
                .build())
            .clusterIpv4CidrBlock("string")
            .clusterSecondaryRangeName("string")
            .podCidrOverprovisionConfig(ClusterIpAllocationPolicyPodCidrOverprovisionConfigArgs.builder()
                .disabled(false)
                .build())
            .servicesIpv4CidrBlock("string")
            .servicesSecondaryRangeName("string")
            .stackType("string")
            .build())
        .location("string")
        .loggingConfig(ClusterLoggingConfigArgs.builder()
            .enableComponents("string")
            .build())
        .loggingService("string")
        .maintenancePolicy(ClusterMaintenancePolicyArgs.builder()
            .dailyMaintenanceWindow(ClusterMaintenancePolicyDailyMaintenanceWindowArgs.builder()
                .startTime("string")
                .duration("string")
                .build())
            .maintenanceExclusions(ClusterMaintenancePolicyMaintenanceExclusionArgs.builder()
                .endTime("string")
                .exclusionName("string")
                .startTime("string")
                .exclusionOptions(ClusterMaintenancePolicyMaintenanceExclusionExclusionOptionsArgs.builder()
                    .scope("string")
                    .build())
                .build())
            .recurringWindow(ClusterMaintenancePolicyRecurringWindowArgs.builder()
                .endTime("string")
                .recurrence("string")
                .startTime("string")
                .build())
            .build())
        .masterAuth(ClusterMasterAuthArgs.builder()
            .clientCertificateConfig(ClusterMasterAuthClientCertificateConfigArgs.builder()
                .issueClientCertificate(false)
                .build())
            .clientCertificate("string")
            .clientKey("string")
            .clusterCaCertificate("string")
            .build())
        .masterAuthorizedNetworksConfig(ClusterMasterAuthorizedNetworksConfigArgs.builder()
            .cidrBlocks(ClusterMasterAuthorizedNetworksConfigCidrBlockArgs.builder()
                .cidrBlock("string")
                .displayName("string")
                .build())
            .gcpPublicCidrsAccessEnabled(false)
            .privateEndpointEnforcementEnabled(false)
            .build())
        .meshCertificates(ClusterMeshCertificatesArgs.builder()
            .enableCertificates(false)
            .build())
        .minMasterVersion("string")
        .monitoringConfig(ClusterMonitoringConfigArgs.builder()
            .advancedDatapathObservabilityConfig(ClusterMonitoringConfigAdvancedDatapathObservabilityConfigArgs.builder()
                .enableMetrics(false)
                .enableRelay(false)
                .build())
            .enableComponents("string")
            .managedPrometheus(ClusterMonitoringConfigManagedPrometheusArgs.builder()
                .enabled(false)
                .build())
            .build())
        .monitoringService("string")
        .name("string")
        .network("string")
        .networkPolicy(ClusterNetworkPolicyArgs.builder()
            .enabled(false)
            .provider("string")
            .build())
        .networkingMode("string")
        .nodeConfig(ClusterNodeConfigArgs.builder()
            .advancedMachineFeatures(ClusterNodeConfigAdvancedMachineFeaturesArgs.builder()
                .threadsPerCore(0)
                .enableNestedVirtualization(false)
                .build())
            .bootDiskKmsKey("string")
            .confidentialNodes(ClusterNodeConfigConfidentialNodesArgs.builder()
                .enabled(false)
                .build())
            .containerdConfig(ClusterNodeConfigContainerdConfigArgs.builder()
                .privateRegistryAccessConfig(ClusterNodeConfigContainerdConfigPrivateRegistryAccessConfigArgs.builder()
                    .enabled(false)
                    .certificateAuthorityDomainConfigs(ClusterNodeConfigContainerdConfigPrivateRegistryAccessConfigCertificateAuthorityDomainConfigArgs.builder()
                        .fqdns("string")
                        .gcpSecretManagerCertificateConfig(ClusterNodeConfigContainerdConfigPrivateRegistryAccessConfigCertificateAuthorityDomainConfigGcpSecretManagerCertificateConfigArgs.builder()
                            .secretUri("string")
                            .build())
                        .build())
                    .build())
                .build())
            .diskSizeGb(0)
            .diskType("string")
            .effectiveTaints(ClusterNodeConfigEffectiveTaintArgs.builder()
                .effect("string")
                .key("string")
                .value("string")
                .build())
            .enableConfidentialStorage(false)
            .ephemeralStorageConfig(ClusterNodeConfigEphemeralStorageConfigArgs.builder()
                .localSsdCount(0)
                .build())
            .ephemeralStorageLocalSsdConfig(ClusterNodeConfigEphemeralStorageLocalSsdConfigArgs.builder()
                .localSsdCount(0)
                .build())
            .fastSocket(ClusterNodeConfigFastSocketArgs.builder()
                .enabled(false)
                .build())
            .gcfsConfig(ClusterNodeConfigGcfsConfigArgs.builder()
                .enabled(false)
                .build())
            .guestAccelerators(ClusterNodeConfigGuestAcceleratorArgs.builder()
                .count(0)
                .type("string")
                .gpuDriverInstallationConfig(ClusterNodeConfigGuestAcceleratorGpuDriverInstallationConfigArgs.builder()
                    .gpuDriverVersion("string")
                    .build())
                .gpuPartitionSize("string")
                .gpuSharingConfig(ClusterNodeConfigGuestAcceleratorGpuSharingConfigArgs.builder()
                    .gpuSharingStrategy("string")
                    .maxSharedClientsPerGpu(0)
                    .build())
                .build())
            .gvnic(ClusterNodeConfigGvnicArgs.builder()
                .enabled(false)
                .build())
            .hostMaintenancePolicy(ClusterNodeConfigHostMaintenancePolicyArgs.builder()
                .maintenanceInterval("string")
                .build())
            .imageType("string")
            .kubeletConfig(ClusterNodeConfigKubeletConfigArgs.builder()
                .cpuCfsQuota(false)
                .cpuCfsQuotaPeriod("string")
                .cpuManagerPolicy("string")
                .insecureKubeletReadonlyPortEnabled("string")
                .podPidsLimit(0)
                .build())
            .labels(Map.of("string", "string"))
            .linuxNodeConfig(ClusterNodeConfigLinuxNodeConfigArgs.builder()
                .cgroupMode("string")
                .hugepagesConfig(ClusterNodeConfigLinuxNodeConfigHugepagesConfigArgs.builder()
                    .hugepageSize1g(0)
                    .hugepageSize2m(0)
                    .build())
                .sysctls(Map.of("string", "string"))
                .build())
            .localNvmeSsdBlockConfig(ClusterNodeConfigLocalNvmeSsdBlockConfigArgs.builder()
                .localSsdCount(0)
                .build())
            .localSsdCount(0)
            .loggingVariant("string")
            .machineType("string")
            .metadata(Map.of("string", "string"))
            .minCpuPlatform("string")
            .nodeGroup("string")
            .oauthScopes("string")
            .preemptible(false)
            .reservationAffinity(ClusterNodeConfigReservationAffinityArgs.builder()
                .consumeReservationType("string")
                .key("string")
                .values("string")
                .build())
            .resourceLabels(Map.of("string", "string"))
            .resourceManagerTags(Map.of("string", "string"))
            .sandboxConfig(ClusterNodeConfigSandboxConfigArgs.builder()
                .sandboxType("string")
                .build())
            .secondaryBootDisks(ClusterNodeConfigSecondaryBootDiskArgs.builder()
                .diskImage("string")
                .mode("string")
                .build())
            .serviceAccount("string")
            .shieldedInstanceConfig(ClusterNodeConfigShieldedInstanceConfigArgs.builder()
                .enableIntegrityMonitoring(false)
                .enableSecureBoot(false)
                .build())
            .soleTenantConfig(ClusterNodeConfigSoleTenantConfigArgs.builder()
                .nodeAffinities(ClusterNodeConfigSoleTenantConfigNodeAffinityArgs.builder()
                    .key("string")
                    .operator("string")
                    .values("string")
                    .build())
                .build())
            .spot(false)
            .storagePools("string")
            .tags("string")
            .taints(ClusterNodeConfigTaintArgs.builder()
                .effect("string")
                .key("string")
                .value("string")
                .build())
            .workloadMetadataConfig(ClusterNodeConfigWorkloadMetadataConfigArgs.builder()
                .mode("string")
                .build())
            .build())
        .nodeLocations("string")
        .nodePoolAutoConfig(ClusterNodePoolAutoConfigArgs.builder()
            .networkTags(ClusterNodePoolAutoConfigNetworkTagsArgs.builder()
                .tags("string")
                .build())
            .nodeKubeletConfig(ClusterNodePoolAutoConfigNodeKubeletConfigArgs.builder()
                .insecureKubeletReadonlyPortEnabled("string")
                .build())
            .resourceManagerTags(Map.of("string", "string"))
            .build())
        .nodePoolDefaults(ClusterNodePoolDefaultsArgs.builder()
            .nodeConfigDefaults(ClusterNodePoolDefaultsNodeConfigDefaultsArgs.builder()
                .containerdConfig(ClusterNodePoolDefaultsNodeConfigDefaultsContainerdConfigArgs.builder()
                    .privateRegistryAccessConfig(ClusterNodePoolDefaultsNodeConfigDefaultsContainerdConfigPrivateRegistryAccessConfigArgs.builder()
                        .enabled(false)
                        .certificateAuthorityDomainConfigs(ClusterNodePoolDefaultsNodeConfigDefaultsContainerdConfigPrivateRegistryAccessConfigCertificateAuthorityDomainConfigArgs.builder()
                            .fqdns("string")
                            .gcpSecretManagerCertificateConfig(ClusterNodePoolDefaultsNodeConfigDefaultsContainerdConfigPrivateRegistryAccessConfigCertificateAuthorityDomainConfigGcpSecretManagerCertificateConfigArgs.builder()
                                .secretUri("string")
                                .build())
                            .build())
                        .build())
                    .build())
                .gcfsConfig(ClusterNodePoolDefaultsNodeConfigDefaultsGcfsConfigArgs.builder()
                    .enabled(false)
                    .build())
                .insecureKubeletReadonlyPortEnabled("string")
                .loggingVariant("string")
                .build())
            .build())
        .nodePools(ClusterNodePoolArgs.builder()
            .autoscaling(ClusterNodePoolAutoscalingArgs.builder()
                .locationPolicy("string")
                .maxNodeCount(0)
                .minNodeCount(0)
                .totalMaxNodeCount(0)
                .totalMinNodeCount(0)
                .build())
            .initialNodeCount(0)
            .instanceGroupUrls("string")
            .managedInstanceGroupUrls("string")
            .management(ClusterNodePoolManagementArgs.builder()
                .autoRepair(false)
                .autoUpgrade(false)
                .build())
            .maxPodsPerNode(0)
            .name("string")
            .namePrefix("string")
            .networkConfig(ClusterNodePoolNetworkConfigArgs.builder()
                .additionalNodeNetworkConfigs(ClusterNodePoolNetworkConfigAdditionalNodeNetworkConfigArgs.builder()
                    .network("string")
                    .subnetwork("string")
                    .build())
                .additionalPodNetworkConfigs(ClusterNodePoolNetworkConfigAdditionalPodNetworkConfigArgs.builder()
                    .maxPodsPerNode(0)
                    .secondaryPodRange("string")
                    .subnetwork("string")
                    .build())
                .createPodRange(false)
                .enablePrivateNodes(false)
                .networkPerformanceConfig(ClusterNodePoolNetworkConfigNetworkPerformanceConfigArgs.builder()
                    .totalEgressBandwidthTier("string")
                    .build())
                .podCidrOverprovisionConfig(ClusterNodePoolNetworkConfigPodCidrOverprovisionConfigArgs.builder()
                    .disabled(false)
                    .build())
                .podIpv4CidrBlock("string")
                .podRange("string")
                .build())
            .nodeConfig(ClusterNodePoolNodeConfigArgs.builder()
                .advancedMachineFeatures(ClusterNodePoolNodeConfigAdvancedMachineFeaturesArgs.builder()
                    .threadsPerCore(0)
                    .enableNestedVirtualization(false)
                    .build())
                .bootDiskKmsKey("string")
                .confidentialNodes(ClusterNodePoolNodeConfigConfidentialNodesArgs.builder()
                    .enabled(false)
                    .build())
                .containerdConfig(ClusterNodePoolNodeConfigContainerdConfigArgs.builder()
                    .privateRegistryAccessConfig(ClusterNodePoolNodeConfigContainerdConfigPrivateRegistryAccessConfigArgs.builder()
                        .enabled(false)
                        .certificateAuthorityDomainConfigs(ClusterNodePoolNodeConfigContainerdConfigPrivateRegistryAccessConfigCertificateAuthorityDomainConfigArgs.builder()
                            .fqdns("string")
                            .gcpSecretManagerCertificateConfig(ClusterNodePoolNodeConfigContainerdConfigPrivateRegistryAccessConfigCertificateAuthorityDomainConfigGcpSecretManagerCertificateConfigArgs.builder()
                                .secretUri("string")
                                .build())
                            .build())
                        .build())
                    .build())
                .diskSizeGb(0)
                .diskType("string")
                .effectiveTaints(ClusterNodePoolNodeConfigEffectiveTaintArgs.builder()
                    .effect("string")
                    .key("string")
                    .value("string")
                    .build())
                .enableConfidentialStorage(false)
                .ephemeralStorageConfig(ClusterNodePoolNodeConfigEphemeralStorageConfigArgs.builder()
                    .localSsdCount(0)
                    .build())
                .ephemeralStorageLocalSsdConfig(ClusterNodePoolNodeConfigEphemeralStorageLocalSsdConfigArgs.builder()
                    .localSsdCount(0)
                    .build())
                .fastSocket(ClusterNodePoolNodeConfigFastSocketArgs.builder()
                    .enabled(false)
                    .build())
                .gcfsConfig(ClusterNodePoolNodeConfigGcfsConfigArgs.builder()
                    .enabled(false)
                    .build())
                .guestAccelerators(ClusterNodePoolNodeConfigGuestAcceleratorArgs.builder()
                    .count(0)
                    .type("string")
                    .gpuDriverInstallationConfig(ClusterNodePoolNodeConfigGuestAcceleratorGpuDriverInstallationConfigArgs.builder()
                        .gpuDriverVersion("string")
                        .build())
                    .gpuPartitionSize("string")
                    .gpuSharingConfig(ClusterNodePoolNodeConfigGuestAcceleratorGpuSharingConfigArgs.builder()
                        .gpuSharingStrategy("string")
                        .maxSharedClientsPerGpu(0)
                        .build())
                    .build())
                .gvnic(ClusterNodePoolNodeConfigGvnicArgs.builder()
                    .enabled(false)
                    .build())
                .hostMaintenancePolicy(ClusterNodePoolNodeConfigHostMaintenancePolicyArgs.builder()
                    .maintenanceInterval("string")
                    .build())
                .imageType("string")
                .kubeletConfig(ClusterNodePoolNodeConfigKubeletConfigArgs.builder()
                    .cpuCfsQuota(false)
                    .cpuCfsQuotaPeriod("string")
                    .cpuManagerPolicy("string")
                    .insecureKubeletReadonlyPortEnabled("string")
                    .podPidsLimit(0)
                    .build())
                .labels(Map.of("string", "string"))
                .linuxNodeConfig(ClusterNodePoolNodeConfigLinuxNodeConfigArgs.builder()
                    .cgroupMode("string")
                    .hugepagesConfig(ClusterNodePoolNodeConfigLinuxNodeConfigHugepagesConfigArgs.builder()
                        .hugepageSize1g(0)
                        .hugepageSize2m(0)
                        .build())
                    .sysctls(Map.of("string", "string"))
                    .build())
                .localNvmeSsdBlockConfig(ClusterNodePoolNodeConfigLocalNvmeSsdBlockConfigArgs.builder()
                    .localSsdCount(0)
                    .build())
                .localSsdCount(0)
                .loggingVariant("string")
                .machineType("string")
                .metadata(Map.of("string", "string"))
                .minCpuPlatform("string")
                .nodeGroup("string")
                .oauthScopes("string")
                .preemptible(false)
                .reservationAffinity(ClusterNodePoolNodeConfigReservationAffinityArgs.builder()
                    .consumeReservationType("string")
                    .key("string")
                    .values("string")
                    .build())
                .resourceLabels(Map.of("string", "string"))
                .resourceManagerTags(Map.of("string", "string"))
                .sandboxConfig(ClusterNodePoolNodeConfigSandboxConfigArgs.builder()
                    .sandboxType("string")
                    .build())
                .secondaryBootDisks(ClusterNodePoolNodeConfigSecondaryBootDiskArgs.builder()
                    .diskImage("string")
                    .mode("string")
                    .build())
                .serviceAccount("string")
                .shieldedInstanceConfig(ClusterNodePoolNodeConfigShieldedInstanceConfigArgs.builder()
                    .enableIntegrityMonitoring(false)
                    .enableSecureBoot(false)
                    .build())
                .soleTenantConfig(ClusterNodePoolNodeConfigSoleTenantConfigArgs.builder()
                    .nodeAffinities(ClusterNodePoolNodeConfigSoleTenantConfigNodeAffinityArgs.builder()
                        .key("string")
                        .operator("string")
                        .values("string")
                        .build())
                    .build())
                .spot(false)
                .storagePools("string")
                .tags("string")
                .taints(ClusterNodePoolNodeConfigTaintArgs.builder()
                    .effect("string")
                    .key("string")
                    .value("string")
                    .build())
                .workloadMetadataConfig(ClusterNodePoolNodeConfigWorkloadMetadataConfigArgs.builder()
                    .mode("string")
                    .build())
                .build())
            .nodeCount(0)
            .nodeLocations("string")
            .placementPolicy(ClusterNodePoolPlacementPolicyArgs.builder()
                .type("string")
                .policyName("string")
                .tpuTopology("string")
                .build())
            .queuedProvisioning(ClusterNodePoolQueuedProvisioningArgs.builder()
                .enabled(false)
                .build())
            .upgradeSettings(ClusterNodePoolUpgradeSettingsArgs.builder()
                .blueGreenSettings(ClusterNodePoolUpgradeSettingsBlueGreenSettingsArgs.builder()
                    .standardRolloutPolicy(ClusterNodePoolUpgradeSettingsBlueGreenSettingsStandardRolloutPolicyArgs.builder()
                        .batchNodeCount(0)
                        .batchPercentage(0)
                        .batchSoakDuration("string")
                        .build())
                    .nodePoolSoakDuration("string")
                    .build())
                .maxSurge(0)
                .maxUnavailable(0)
                .strategy("string")
                .build())
            .version("string")
            .build())
        .nodeVersion("string")
        .notificationConfig(ClusterNotificationConfigArgs.builder()
            .pubsub(ClusterNotificationConfigPubsubArgs.builder()
                .enabled(false)
                .filter(ClusterNotificationConfigPubsubFilterArgs.builder()
                    .eventTypes("string")
                    .build())
                .topic("string")
                .build())
            .build())
        .podSecurityPolicyConfig(ClusterPodSecurityPolicyConfigArgs.builder()
            .enabled(false)
            .build())
        .privateClusterConfig(ClusterPrivateClusterConfigArgs.builder()
            .enablePrivateEndpoint(false)
            .enablePrivateNodes(false)
            .masterGlobalAccessConfig(ClusterPrivateClusterConfigMasterGlobalAccessConfigArgs.builder()
                .enabled(false)
                .build())
            .masterIpv4CidrBlock("string")
            .peeringName("string")
            .privateEndpoint("string")
            .privateEndpointSubnetwork("string")
            .publicEndpoint("string")
            .build())
        .privateIpv6GoogleAccess("string")
        .project("string")
        .protectConfig(ClusterProtectConfigArgs.builder()
            .workloadConfig(ClusterProtectConfigWorkloadConfigArgs.builder()
                .auditMode("string")
                .build())
            .workloadVulnerabilityMode("string")
            .build())
        .releaseChannel(ClusterReleaseChannelArgs.builder()
            .channel("string")
            .build())
        .removeDefaultNodePool(false)
        .resourceLabels(Map.of("string", "string"))
        .resourceUsageExportConfig(ClusterResourceUsageExportConfigArgs.builder()
            .bigqueryDestination(ClusterResourceUsageExportConfigBigqueryDestinationArgs.builder()
                .datasetId("string")
                .build())
            .enableNetworkEgressMetering(false)
            .enableResourceConsumptionMetering(false)
            .build())
        .secretManagerConfig(ClusterSecretManagerConfigArgs.builder()
            .enabled(false)
            .build())
        .securityPostureConfig(ClusterSecurityPostureConfigArgs.builder()
            .mode("string")
            .vulnerabilityMode("string")
            .build())
        .serviceExternalIpsConfig(ClusterServiceExternalIpsConfigArgs.builder()
            .enabled(false)
            .build())
        .subnetwork("string")
        .tpuConfig(ClusterTpuConfigArgs.builder()
            .enabled(false)
            .ipv4CidrBlock("string")
            .useServiceNetworking(false)
            .build())
        .userManagedKeysConfig(ClusterUserManagedKeysConfigArgs.builder()
            .aggregationCa("string")
            .clusterCa("string")
            .controlPlaneDiskEncryptionKey("string")
            .etcdApiCa("string")
            .etcdPeerCa("string")
            .gkeopsEtcdBackupEncryptionKey("string")
            .serviceAccountSigningKeys("string")
            .serviceAccountVerificationKeys("string")
            .build())
        .verticalPodAutoscaling(ClusterVerticalPodAutoscalingArgs.builder()
            .enabled(false)
            .build())
        .workloadAltsConfig(ClusterWorkloadAltsConfigArgs.builder()
            .enableAlts(false)
            .build())
        .workloadIdentityConfig(ClusterWorkloadIdentityConfigArgs.builder()
            .workloadPool("string")
            .build())
        .build());
    
    gcp_cluster_resource = gcp.container.Cluster("gcpClusterResource",
        addons_config={
            "cloudrun_config": {
                "disabled": False,
                "load_balancer_type": "string",
            },
            "config_connector_config": {
                "enabled": False,
            },
            "dns_cache_config": {
                "enabled": False,
            },
            "gce_persistent_disk_csi_driver_config": {
                "enabled": False,
            },
            "gcp_filestore_csi_driver_config": {
                "enabled": False,
            },
            "gcs_fuse_csi_driver_config": {
                "enabled": False,
            },
            "gke_backup_agent_config": {
                "enabled": False,
            },
            "horizontal_pod_autoscaling": {
                "disabled": False,
            },
            "http_load_balancing": {
                "disabled": False,
            },
            "istio_config": {
                "disabled": False,
                "auth": "string",
            },
            "kalm_config": {
                "enabled": False,
            },
            "network_policy_config": {
                "disabled": False,
            },
            "parallelstore_csi_driver_config": {
                "enabled": False,
            },
            "ray_operator_configs": [{
                "enabled": False,
                "ray_cluster_logging_config": {
                    "enabled": False,
                },
                "ray_cluster_monitoring_config": {
                    "enabled": False,
                },
            }],
            "stateful_ha_config": {
                "enabled": False,
            },
        },
        allow_net_admin=False,
        authenticator_groups_config={
            "security_group": "string",
        },
        binary_authorization={
            "evaluation_mode": "string",
        },
        cluster_autoscaling={
            "auto_provisioning_defaults": {
                "boot_disk_kms_key": "string",
                "disk_size": 0,
                "disk_type": "string",
                "image_type": "string",
                "management": {
                    "auto_repair": False,
                    "auto_upgrade": False,
                    "upgrade_options": [{
                        "auto_upgrade_start_time": "string",
                        "description": "string",
                    }],
                },
                "min_cpu_platform": "string",
                "oauth_scopes": ["string"],
                "service_account": "string",
                "shielded_instance_config": {
                    "enable_integrity_monitoring": False,
                    "enable_secure_boot": False,
                },
                "upgrade_settings": {
                    "blue_green_settings": {
                        "node_pool_soak_duration": "string",
                        "standard_rollout_policy": {
                            "batch_node_count": 0,
                            "batch_percentage": 0,
                            "batch_soak_duration": "string",
                        },
                    },
                    "max_surge": 0,
                    "max_unavailable": 0,
                    "strategy": "string",
                },
            },
            "auto_provisioning_locations": ["string"],
            "autoscaling_profile": "string",
            "enabled": False,
            "resource_limits": [{
                "resource_type": "string",
                "maximum": 0,
                "minimum": 0,
            }],
        },
        cluster_ipv4_cidr="string",
        cluster_telemetry={
            "type": "string",
        },
        confidential_nodes={
            "enabled": False,
        },
        control_plane_endpoints_config={
            "dns_endpoint_config": {
                "allow_external_traffic": False,
                "endpoint": "string",
            },
        },
        cost_management_config={
            "enabled": False,
        },
        database_encryption={
            "state": "string",
            "key_name": "string",
        },
        datapath_provider="string",
        default_max_pods_per_node=0,
        default_snat_status={
            "disabled": False,
        },
        deletion_protection=False,
        description="string",
        dns_config={
            "additive_vpc_scope_dns_domain": "string",
            "cluster_dns": "string",
            "cluster_dns_domain": "string",
            "cluster_dns_scope": "string",
        },
        enable_autopilot=False,
        enable_cilium_clusterwide_network_policy=False,
        enable_fqdn_network_policy=False,
        enable_intranode_visibility=False,
        enable_k8s_beta_apis={
            "enabled_apis": ["string"],
        },
        enable_kubernetes_alpha=False,
        enable_l4_ilb_subsetting=False,
        enable_legacy_abac=False,
        enable_multi_networking=False,
        enable_shielded_nodes=False,
        enable_tpu=False,
        fleet={
            "membership": "string",
            "membership_id": "string",
            "membership_location": "string",
            "pre_registered": False,
            "project": "string",
        },
        gateway_api_config={
            "channel": "string",
        },
        identity_service_config={
            "enabled": False,
        },
        initial_node_count=0,
        ip_allocation_policy={
            "additional_pod_ranges_config": {
                "pod_range_names": ["string"],
            },
            "cluster_ipv4_cidr_block": "string",
            "cluster_secondary_range_name": "string",
            "pod_cidr_overprovision_config": {
                "disabled": False,
            },
            "services_ipv4_cidr_block": "string",
            "services_secondary_range_name": "string",
            "stack_type": "string",
        },
        location="string",
        logging_config={
            "enable_components": ["string"],
        },
        logging_service="string",
        maintenance_policy={
            "daily_maintenance_window": {
                "start_time": "string",
                "duration": "string",
            },
            "maintenance_exclusions": [{
                "end_time": "string",
                "exclusion_name": "string",
                "start_time": "string",
                "exclusion_options": {
                    "scope": "string",
                },
            }],
            "recurring_window": {
                "end_time": "string",
                "recurrence": "string",
                "start_time": "string",
            },
        },
        master_auth={
            "client_certificate_config": {
                "issue_client_certificate": False,
            },
            "client_certificate": "string",
            "client_key": "string",
            "cluster_ca_certificate": "string",
        },
        master_authorized_networks_config={
            "cidr_blocks": [{
                "cidr_block": "string",
                "display_name": "string",
            }],
            "gcp_public_cidrs_access_enabled": False,
            "private_endpoint_enforcement_enabled": False,
        },
        mesh_certificates={
            "enable_certificates": False,
        },
        min_master_version="string",
        monitoring_config={
            "advanced_datapath_observability_config": {
                "enable_metrics": False,
                "enable_relay": False,
            },
            "enable_components": ["string"],
            "managed_prometheus": {
                "enabled": False,
            },
        },
        monitoring_service="string",
        name="string",
        network="string",
        network_policy={
            "enabled": False,
            "provider": "string",
        },
        networking_mode="string",
        node_config={
            "advanced_machine_features": {
                "threads_per_core": 0,
                "enable_nested_virtualization": False,
            },
            "boot_disk_kms_key": "string",
            "confidential_nodes": {
                "enabled": False,
            },
            "containerd_config": {
                "private_registry_access_config": {
                    "enabled": False,
                    "certificate_authority_domain_configs": [{
                        "fqdns": ["string"],
                        "gcp_secret_manager_certificate_config": {
                            "secret_uri": "string",
                        },
                    }],
                },
            },
            "disk_size_gb": 0,
            "disk_type": "string",
            "effective_taints": [{
                "effect": "string",
                "key": "string",
                "value": "string",
            }],
            "enable_confidential_storage": False,
            "ephemeral_storage_config": {
                "local_ssd_count": 0,
            },
            "ephemeral_storage_local_ssd_config": {
                "local_ssd_count": 0,
            },
            "fast_socket": {
                "enabled": False,
            },
            "gcfs_config": {
                "enabled": False,
            },
            "guest_accelerators": [{
                "count": 0,
                "type": "string",
                "gpu_driver_installation_config": {
                    "gpu_driver_version": "string",
                },
                "gpu_partition_size": "string",
                "gpu_sharing_config": {
                    "gpu_sharing_strategy": "string",
                    "max_shared_clients_per_gpu": 0,
                },
            }],
            "gvnic": {
                "enabled": False,
            },
            "host_maintenance_policy": {
                "maintenance_interval": "string",
            },
            "image_type": "string",
            "kubelet_config": {
                "cpu_cfs_quota": False,
                "cpu_cfs_quota_period": "string",
                "cpu_manager_policy": "string",
                "insecure_kubelet_readonly_port_enabled": "string",
                "pod_pids_limit": 0,
            },
            "labels": {
                "string": "string",
            },
            "linux_node_config": {
                "cgroup_mode": "string",
                "hugepages_config": {
                    "hugepage_size1g": 0,
                    "hugepage_size2m": 0,
                },
                "sysctls": {
                    "string": "string",
                },
            },
            "local_nvme_ssd_block_config": {
                "local_ssd_count": 0,
            },
            "local_ssd_count": 0,
            "logging_variant": "string",
            "machine_type": "string",
            "metadata": {
                "string": "string",
            },
            "min_cpu_platform": "string",
            "node_group": "string",
            "oauth_scopes": ["string"],
            "preemptible": False,
            "reservation_affinity": {
                "consume_reservation_type": "string",
                "key": "string",
                "values": ["string"],
            },
            "resource_labels": {
                "string": "string",
            },
            "resource_manager_tags": {
                "string": "string",
            },
            "sandbox_config": {
                "sandbox_type": "string",
            },
            "secondary_boot_disks": [{
                "disk_image": "string",
                "mode": "string",
            }],
            "service_account": "string",
            "shielded_instance_config": {
                "enable_integrity_monitoring": False,
                "enable_secure_boot": False,
            },
            "sole_tenant_config": {
                "node_affinities": [{
                    "key": "string",
                    "operator": "string",
                    "values": ["string"],
                }],
            },
            "spot": False,
            "storage_pools": ["string"],
            "tags": ["string"],
            "taints": [{
                "effect": "string",
                "key": "string",
                "value": "string",
            }],
            "workload_metadata_config": {
                "mode": "string",
            },
        },
        node_locations=["string"],
        node_pool_auto_config={
            "network_tags": {
                "tags": ["string"],
            },
            "node_kubelet_config": {
                "insecure_kubelet_readonly_port_enabled": "string",
            },
            "resource_manager_tags": {
                "string": "string",
            },
        },
        node_pool_defaults={
            "node_config_defaults": {
                "containerd_config": {
                    "private_registry_access_config": {
                        "enabled": False,
                        "certificate_authority_domain_configs": [{
                            "fqdns": ["string"],
                            "gcp_secret_manager_certificate_config": {
                                "secret_uri": "string",
                            },
                        }],
                    },
                },
                "gcfs_config": {
                    "enabled": False,
                },
                "insecure_kubelet_readonly_port_enabled": "string",
                "logging_variant": "string",
            },
        },
        node_pools=[{
            "autoscaling": {
                "location_policy": "string",
                "max_node_count": 0,
                "min_node_count": 0,
                "total_max_node_count": 0,
                "total_min_node_count": 0,
            },
            "initial_node_count": 0,
            "instance_group_urls": ["string"],
            "managed_instance_group_urls": ["string"],
            "management": {
                "auto_repair": False,
                "auto_upgrade": False,
            },
            "max_pods_per_node": 0,
            "name": "string",
            "name_prefix": "string",
            "network_config": {
                "additional_node_network_configs": [{
                    "network": "string",
                    "subnetwork": "string",
                }],
                "additional_pod_network_configs": [{
                    "max_pods_per_node": 0,
                    "secondary_pod_range": "string",
                    "subnetwork": "string",
                }],
                "create_pod_range": False,
                "enable_private_nodes": False,
                "network_performance_config": {
                    "total_egress_bandwidth_tier": "string",
                },
                "pod_cidr_overprovision_config": {
                    "disabled": False,
                },
                "pod_ipv4_cidr_block": "string",
                "pod_range": "string",
            },
            "node_config": {
                "advanced_machine_features": {
                    "threads_per_core": 0,
                    "enable_nested_virtualization": False,
                },
                "boot_disk_kms_key": "string",
                "confidential_nodes": {
                    "enabled": False,
                },
                "containerd_config": {
                    "private_registry_access_config": {
                        "enabled": False,
                        "certificate_authority_domain_configs": [{
                            "fqdns": ["string"],
                            "gcp_secret_manager_certificate_config": {
                                "secret_uri": "string",
                            },
                        }],
                    },
                },
                "disk_size_gb": 0,
                "disk_type": "string",
                "effective_taints": [{
                    "effect": "string",
                    "key": "string",
                    "value": "string",
                }],
                "enable_confidential_storage": False,
                "ephemeral_storage_config": {
                    "local_ssd_count": 0,
                },
                "ephemeral_storage_local_ssd_config": {
                    "local_ssd_count": 0,
                },
                "fast_socket": {
                    "enabled": False,
                },
                "gcfs_config": {
                    "enabled": False,
                },
                "guest_accelerators": [{
                    "count": 0,
                    "type": "string",
                    "gpu_driver_installation_config": {
                        "gpu_driver_version": "string",
                    },
                    "gpu_partition_size": "string",
                    "gpu_sharing_config": {
                        "gpu_sharing_strategy": "string",
                        "max_shared_clients_per_gpu": 0,
                    },
                }],
                "gvnic": {
                    "enabled": False,
                },
                "host_maintenance_policy": {
                    "maintenance_interval": "string",
                },
                "image_type": "string",
                "kubelet_config": {
                    "cpu_cfs_quota": False,
                    "cpu_cfs_quota_period": "string",
                    "cpu_manager_policy": "string",
                    "insecure_kubelet_readonly_port_enabled": "string",
                    "pod_pids_limit": 0,
                },
                "labels": {
                    "string": "string",
                },
                "linux_node_config": {
                    "cgroup_mode": "string",
                    "hugepages_config": {
                        "hugepage_size1g": 0,
                        "hugepage_size2m": 0,
                    },
                    "sysctls": {
                        "string": "string",
                    },
                },
                "local_nvme_ssd_block_config": {
                    "local_ssd_count": 0,
                },
                "local_ssd_count": 0,
                "logging_variant": "string",
                "machine_type": "string",
                "metadata": {
                    "string": "string",
                },
                "min_cpu_platform": "string",
                "node_group": "string",
                "oauth_scopes": ["string"],
                "preemptible": False,
                "reservation_affinity": {
                    "consume_reservation_type": "string",
                    "key": "string",
                    "values": ["string"],
                },
                "resource_labels": {
                    "string": "string",
                },
                "resource_manager_tags": {
                    "string": "string",
                },
                "sandbox_config": {
                    "sandbox_type": "string",
                },
                "secondary_boot_disks": [{
                    "disk_image": "string",
                    "mode": "string",
                }],
                "service_account": "string",
                "shielded_instance_config": {
                    "enable_integrity_monitoring": False,
                    "enable_secure_boot": False,
                },
                "sole_tenant_config": {
                    "node_affinities": [{
                        "key": "string",
                        "operator": "string",
                        "values": ["string"],
                    }],
                },
                "spot": False,
                "storage_pools": ["string"],
                "tags": ["string"],
                "taints": [{
                    "effect": "string",
                    "key": "string",
                    "value": "string",
                }],
                "workload_metadata_config": {
                    "mode": "string",
                },
            },
            "node_count": 0,
            "node_locations": ["string"],
            "placement_policy": {
                "type": "string",
                "policy_name": "string",
                "tpu_topology": "string",
            },
            "queued_provisioning": {
                "enabled": False,
            },
            "upgrade_settings": {
                "blue_green_settings": {
                    "standard_rollout_policy": {
                        "batch_node_count": 0,
                        "batch_percentage": 0,
                        "batch_soak_duration": "string",
                    },
                    "node_pool_soak_duration": "string",
                },
                "max_surge": 0,
                "max_unavailable": 0,
                "strategy": "string",
            },
            "version": "string",
        }],
        node_version="string",
        notification_config={
            "pubsub": {
                "enabled": False,
                "filter": {
                    "event_types": ["string"],
                },
                "topic": "string",
            },
        },
        pod_security_policy_config={
            "enabled": False,
        },
        private_cluster_config={
            "enable_private_endpoint": False,
            "enable_private_nodes": False,
            "master_global_access_config": {
                "enabled": False,
            },
            "master_ipv4_cidr_block": "string",
            "peering_name": "string",
            "private_endpoint": "string",
            "private_endpoint_subnetwork": "string",
            "public_endpoint": "string",
        },
        private_ipv6_google_access="string",
        project="string",
        protect_config={
            "workload_config": {
                "audit_mode": "string",
            },
            "workload_vulnerability_mode": "string",
        },
        release_channel={
            "channel": "string",
        },
        remove_default_node_pool=False,
        resource_labels={
            "string": "string",
        },
        resource_usage_export_config={
            "bigquery_destination": {
                "dataset_id": "string",
            },
            "enable_network_egress_metering": False,
            "enable_resource_consumption_metering": False,
        },
        secret_manager_config={
            "enabled": False,
        },
        security_posture_config={
            "mode": "string",
            "vulnerability_mode": "string",
        },
        service_external_ips_config={
            "enabled": False,
        },
        subnetwork="string",
        tpu_config={
            "enabled": False,
            "ipv4_cidr_block": "string",
            "use_service_networking": False,
        },
        user_managed_keys_config={
            "aggregation_ca": "string",
            "cluster_ca": "string",
            "control_plane_disk_encryption_key": "string",
            "etcd_api_ca": "string",
            "etcd_peer_ca": "string",
            "gkeops_etcd_backup_encryption_key": "string",
            "service_account_signing_keys": ["string"],
            "service_account_verification_keys": ["string"],
        },
        vertical_pod_autoscaling={
            "enabled": False,
        },
        workload_alts_config={
            "enable_alts": False,
        },
        workload_identity_config={
            "workload_pool": "string",
        })
    
    const gcpClusterResource = new gcp.container.Cluster("gcpClusterResource", {
        addonsConfig: {
            cloudrunConfig: {
                disabled: false,
                loadBalancerType: "string",
            },
            configConnectorConfig: {
                enabled: false,
            },
            dnsCacheConfig: {
                enabled: false,
            },
            gcePersistentDiskCsiDriverConfig: {
                enabled: false,
            },
            gcpFilestoreCsiDriverConfig: {
                enabled: false,
            },
            gcsFuseCsiDriverConfig: {
                enabled: false,
            },
            gkeBackupAgentConfig: {
                enabled: false,
            },
            horizontalPodAutoscaling: {
                disabled: false,
            },
            httpLoadBalancing: {
                disabled: false,
            },
            istioConfig: {
                disabled: false,
                auth: "string",
            },
            kalmConfig: {
                enabled: false,
            },
            networkPolicyConfig: {
                disabled: false,
            },
            parallelstoreCsiDriverConfig: {
                enabled: false,
            },
            rayOperatorConfigs: [{
                enabled: false,
                rayClusterLoggingConfig: {
                    enabled: false,
                },
                rayClusterMonitoringConfig: {
                    enabled: false,
                },
            }],
            statefulHaConfig: {
                enabled: false,
            },
        },
        allowNetAdmin: false,
        authenticatorGroupsConfig: {
            securityGroup: "string",
        },
        binaryAuthorization: {
            evaluationMode: "string",
        },
        clusterAutoscaling: {
            autoProvisioningDefaults: {
                bootDiskKmsKey: "string",
                diskSize: 0,
                diskType: "string",
                imageType: "string",
                management: {
                    autoRepair: false,
                    autoUpgrade: false,
                    upgradeOptions: [{
                        autoUpgradeStartTime: "string",
                        description: "string",
                    }],
                },
                minCpuPlatform: "string",
                oauthScopes: ["string"],
                serviceAccount: "string",
                shieldedInstanceConfig: {
                    enableIntegrityMonitoring: false,
                    enableSecureBoot: false,
                },
                upgradeSettings: {
                    blueGreenSettings: {
                        nodePoolSoakDuration: "string",
                        standardRolloutPolicy: {
                            batchNodeCount: 0,
                            batchPercentage: 0,
                            batchSoakDuration: "string",
                        },
                    },
                    maxSurge: 0,
                    maxUnavailable: 0,
                    strategy: "string",
                },
            },
            autoProvisioningLocations: ["string"],
            autoscalingProfile: "string",
            enabled: false,
            resourceLimits: [{
                resourceType: "string",
                maximum: 0,
                minimum: 0,
            }],
        },
        clusterIpv4Cidr: "string",
        clusterTelemetry: {
            type: "string",
        },
        confidentialNodes: {
            enabled: false,
        },
        controlPlaneEndpointsConfig: {
            dnsEndpointConfig: {
                allowExternalTraffic: false,
                endpoint: "string",
            },
        },
        costManagementConfig: {
            enabled: false,
        },
        databaseEncryption: {
            state: "string",
            keyName: "string",
        },
        datapathProvider: "string",
        defaultMaxPodsPerNode: 0,
        defaultSnatStatus: {
            disabled: false,
        },
        deletionProtection: false,
        description: "string",
        dnsConfig: {
            additiveVpcScopeDnsDomain: "string",
            clusterDns: "string",
            clusterDnsDomain: "string",
            clusterDnsScope: "string",
        },
        enableAutopilot: false,
        enableCiliumClusterwideNetworkPolicy: false,
        enableFqdnNetworkPolicy: false,
        enableIntranodeVisibility: false,
        enableK8sBetaApis: {
            enabledApis: ["string"],
        },
        enableKubernetesAlpha: false,
        enableL4IlbSubsetting: false,
        enableLegacyAbac: false,
        enableMultiNetworking: false,
        enableShieldedNodes: false,
        enableTpu: false,
        fleet: {
            membership: "string",
            membershipId: "string",
            membershipLocation: "string",
            preRegistered: false,
            project: "string",
        },
        gatewayApiConfig: {
            channel: "string",
        },
        identityServiceConfig: {
            enabled: false,
        },
        initialNodeCount: 0,
        ipAllocationPolicy: {
            additionalPodRangesConfig: {
                podRangeNames: ["string"],
            },
            clusterIpv4CidrBlock: "string",
            clusterSecondaryRangeName: "string",
            podCidrOverprovisionConfig: {
                disabled: false,
            },
            servicesIpv4CidrBlock: "string",
            servicesSecondaryRangeName: "string",
            stackType: "string",
        },
        location: "string",
        loggingConfig: {
            enableComponents: ["string"],
        },
        loggingService: "string",
        maintenancePolicy: {
            dailyMaintenanceWindow: {
                startTime: "string",
                duration: "string",
            },
            maintenanceExclusions: [{
                endTime: "string",
                exclusionName: "string",
                startTime: "string",
                exclusionOptions: {
                    scope: "string",
                },
            }],
            recurringWindow: {
                endTime: "string",
                recurrence: "string",
                startTime: "string",
            },
        },
        masterAuth: {
            clientCertificateConfig: {
                issueClientCertificate: false,
            },
            clientCertificate: "string",
            clientKey: "string",
            clusterCaCertificate: "string",
        },
        masterAuthorizedNetworksConfig: {
            cidrBlocks: [{
                cidrBlock: "string",
                displayName: "string",
            }],
            gcpPublicCidrsAccessEnabled: false,
            privateEndpointEnforcementEnabled: false,
        },
        meshCertificates: {
            enableCertificates: false,
        },
        minMasterVersion: "string",
        monitoringConfig: {
            advancedDatapathObservabilityConfig: {
                enableMetrics: false,
                enableRelay: false,
            },
            enableComponents: ["string"],
            managedPrometheus: {
                enabled: false,
            },
        },
        monitoringService: "string",
        name: "string",
        network: "string",
        networkPolicy: {
            enabled: false,
            provider: "string",
        },
        networkingMode: "string",
        nodeConfig: {
            advancedMachineFeatures: {
                threadsPerCore: 0,
                enableNestedVirtualization: false,
            },
            bootDiskKmsKey: "string",
            confidentialNodes: {
                enabled: false,
            },
            containerdConfig: {
                privateRegistryAccessConfig: {
                    enabled: false,
                    certificateAuthorityDomainConfigs: [{
                        fqdns: ["string"],
                        gcpSecretManagerCertificateConfig: {
                            secretUri: "string",
                        },
                    }],
                },
            },
            diskSizeGb: 0,
            diskType: "string",
            effectiveTaints: [{
                effect: "string",
                key: "string",
                value: "string",
            }],
            enableConfidentialStorage: false,
            ephemeralStorageConfig: {
                localSsdCount: 0,
            },
            ephemeralStorageLocalSsdConfig: {
                localSsdCount: 0,
            },
            fastSocket: {
                enabled: false,
            },
            gcfsConfig: {
                enabled: false,
            },
            guestAccelerators: [{
                count: 0,
                type: "string",
                gpuDriverInstallationConfig: {
                    gpuDriverVersion: "string",
                },
                gpuPartitionSize: "string",
                gpuSharingConfig: {
                    gpuSharingStrategy: "string",
                    maxSharedClientsPerGpu: 0,
                },
            }],
            gvnic: {
                enabled: false,
            },
            hostMaintenancePolicy: {
                maintenanceInterval: "string",
            },
            imageType: "string",
            kubeletConfig: {
                cpuCfsQuota: false,
                cpuCfsQuotaPeriod: "string",
                cpuManagerPolicy: "string",
                insecureKubeletReadonlyPortEnabled: "string",
                podPidsLimit: 0,
            },
            labels: {
                string: "string",
            },
            linuxNodeConfig: {
                cgroupMode: "string",
                hugepagesConfig: {
                    hugepageSize1g: 0,
                    hugepageSize2m: 0,
                },
                sysctls: {
                    string: "string",
                },
            },
            localNvmeSsdBlockConfig: {
                localSsdCount: 0,
            },
            localSsdCount: 0,
            loggingVariant: "string",
            machineType: "string",
            metadata: {
                string: "string",
            },
            minCpuPlatform: "string",
            nodeGroup: "string",
            oauthScopes: ["string"],
            preemptible: false,
            reservationAffinity: {
                consumeReservationType: "string",
                key: "string",
                values: ["string"],
            },
            resourceLabels: {
                string: "string",
            },
            resourceManagerTags: {
                string: "string",
            },
            sandboxConfig: {
                sandboxType: "string",
            },
            secondaryBootDisks: [{
                diskImage: "string",
                mode: "string",
            }],
            serviceAccount: "string",
            shieldedInstanceConfig: {
                enableIntegrityMonitoring: false,
                enableSecureBoot: false,
            },
            soleTenantConfig: {
                nodeAffinities: [{
                    key: "string",
                    operator: "string",
                    values: ["string"],
                }],
            },
            spot: false,
            storagePools: ["string"],
            tags: ["string"],
            taints: [{
                effect: "string",
                key: "string",
                value: "string",
            }],
            workloadMetadataConfig: {
                mode: "string",
            },
        },
        nodeLocations: ["string"],
        nodePoolAutoConfig: {
            networkTags: {
                tags: ["string"],
            },
            nodeKubeletConfig: {
                insecureKubeletReadonlyPortEnabled: "string",
            },
            resourceManagerTags: {
                string: "string",
            },
        },
        nodePoolDefaults: {
            nodeConfigDefaults: {
                containerdConfig: {
                    privateRegistryAccessConfig: {
                        enabled: false,
                        certificateAuthorityDomainConfigs: [{
                            fqdns: ["string"],
                            gcpSecretManagerCertificateConfig: {
                                secretUri: "string",
                            },
                        }],
                    },
                },
                gcfsConfig: {
                    enabled: false,
                },
                insecureKubeletReadonlyPortEnabled: "string",
                loggingVariant: "string",
            },
        },
        nodePools: [{
            autoscaling: {
                locationPolicy: "string",
                maxNodeCount: 0,
                minNodeCount: 0,
                totalMaxNodeCount: 0,
                totalMinNodeCount: 0,
            },
            initialNodeCount: 0,
            instanceGroupUrls: ["string"],
            managedInstanceGroupUrls: ["string"],
            management: {
                autoRepair: false,
                autoUpgrade: false,
            },
            maxPodsPerNode: 0,
            name: "string",
            namePrefix: "string",
            networkConfig: {
                additionalNodeNetworkConfigs: [{
                    network: "string",
                    subnetwork: "string",
                }],
                additionalPodNetworkConfigs: [{
                    maxPodsPerNode: 0,
                    secondaryPodRange: "string",
                    subnetwork: "string",
                }],
                createPodRange: false,
                enablePrivateNodes: false,
                networkPerformanceConfig: {
                    totalEgressBandwidthTier: "string",
                },
                podCidrOverprovisionConfig: {
                    disabled: false,
                },
                podIpv4CidrBlock: "string",
                podRange: "string",
            },
            nodeConfig: {
                advancedMachineFeatures: {
                    threadsPerCore: 0,
                    enableNestedVirtualization: false,
                },
                bootDiskKmsKey: "string",
                confidentialNodes: {
                    enabled: false,
                },
                containerdConfig: {
                    privateRegistryAccessConfig: {
                        enabled: false,
                        certificateAuthorityDomainConfigs: [{
                            fqdns: ["string"],
                            gcpSecretManagerCertificateConfig: {
                                secretUri: "string",
                            },
                        }],
                    },
                },
                diskSizeGb: 0,
                diskType: "string",
                effectiveTaints: [{
                    effect: "string",
                    key: "string",
                    value: "string",
                }],
                enableConfidentialStorage: false,
                ephemeralStorageConfig: {
                    localSsdCount: 0,
                },
                ephemeralStorageLocalSsdConfig: {
                    localSsdCount: 0,
                },
                fastSocket: {
                    enabled: false,
                },
                gcfsConfig: {
                    enabled: false,
                },
                guestAccelerators: [{
                    count: 0,
                    type: "string",
                    gpuDriverInstallationConfig: {
                        gpuDriverVersion: "string",
                    },
                    gpuPartitionSize: "string",
                    gpuSharingConfig: {
                        gpuSharingStrategy: "string",
                        maxSharedClientsPerGpu: 0,
                    },
                }],
                gvnic: {
                    enabled: false,
                },
                hostMaintenancePolicy: {
                    maintenanceInterval: "string",
                },
                imageType: "string",
                kubeletConfig: {
                    cpuCfsQuota: false,
                    cpuCfsQuotaPeriod: "string",
                    cpuManagerPolicy: "string",
                    insecureKubeletReadonlyPortEnabled: "string",
                    podPidsLimit: 0,
                },
                labels: {
                    string: "string",
                },
                linuxNodeConfig: {
                    cgroupMode: "string",
                    hugepagesConfig: {
                        hugepageSize1g: 0,
                        hugepageSize2m: 0,
                    },
                    sysctls: {
                        string: "string",
                    },
                },
                localNvmeSsdBlockConfig: {
                    localSsdCount: 0,
                },
                localSsdCount: 0,
                loggingVariant: "string",
                machineType: "string",
                metadata: {
                    string: "string",
                },
                minCpuPlatform: "string",
                nodeGroup: "string",
                oauthScopes: ["string"],
                preemptible: false,
                reservationAffinity: {
                    consumeReservationType: "string",
                    key: "string",
                    values: ["string"],
                },
                resourceLabels: {
                    string: "string",
                },
                resourceManagerTags: {
                    string: "string",
                },
                sandboxConfig: {
                    sandboxType: "string",
                },
                secondaryBootDisks: [{
                    diskImage: "string",
                    mode: "string",
                }],
                serviceAccount: "string",
                shieldedInstanceConfig: {
                    enableIntegrityMonitoring: false,
                    enableSecureBoot: false,
                },
                soleTenantConfig: {
                    nodeAffinities: [{
                        key: "string",
                        operator: "string",
                        values: ["string"],
                    }],
                },
                spot: false,
                storagePools: ["string"],
                tags: ["string"],
                taints: [{
                    effect: "string",
                    key: "string",
                    value: "string",
                }],
                workloadMetadataConfig: {
                    mode: "string",
                },
            },
            nodeCount: 0,
            nodeLocations: ["string"],
            placementPolicy: {
                type: "string",
                policyName: "string",
                tpuTopology: "string",
            },
            queuedProvisioning: {
                enabled: false,
            },
            upgradeSettings: {
                blueGreenSettings: {
                    standardRolloutPolicy: {
                        batchNodeCount: 0,
                        batchPercentage: 0,
                        batchSoakDuration: "string",
                    },
                    nodePoolSoakDuration: "string",
                },
                maxSurge: 0,
                maxUnavailable: 0,
                strategy: "string",
            },
            version: "string",
        }],
        nodeVersion: "string",
        notificationConfig: {
            pubsub: {
                enabled: false,
                filter: {
                    eventTypes: ["string"],
                },
                topic: "string",
            },
        },
        podSecurityPolicyConfig: {
            enabled: false,
        },
        privateClusterConfig: {
            enablePrivateEndpoint: false,
            enablePrivateNodes: false,
            masterGlobalAccessConfig: {
                enabled: false,
            },
            masterIpv4CidrBlock: "string",
            peeringName: "string",
            privateEndpoint: "string",
            privateEndpointSubnetwork: "string",
            publicEndpoint: "string",
        },
        privateIpv6GoogleAccess: "string",
        project: "string",
        protectConfig: {
            workloadConfig: {
                auditMode: "string",
            },
            workloadVulnerabilityMode: "string",
        },
        releaseChannel: {
            channel: "string",
        },
        removeDefaultNodePool: false,
        resourceLabels: {
            string: "string",
        },
        resourceUsageExportConfig: {
            bigqueryDestination: {
                datasetId: "string",
            },
            enableNetworkEgressMetering: false,
            enableResourceConsumptionMetering: false,
        },
        secretManagerConfig: {
            enabled: false,
        },
        securityPostureConfig: {
            mode: "string",
            vulnerabilityMode: "string",
        },
        serviceExternalIpsConfig: {
            enabled: false,
        },
        subnetwork: "string",
        tpuConfig: {
            enabled: false,
            ipv4CidrBlock: "string",
            useServiceNetworking: false,
        },
        userManagedKeysConfig: {
            aggregationCa: "string",
            clusterCa: "string",
            controlPlaneDiskEncryptionKey: "string",
            etcdApiCa: "string",
            etcdPeerCa: "string",
            gkeopsEtcdBackupEncryptionKey: "string",
            serviceAccountSigningKeys: ["string"],
            serviceAccountVerificationKeys: ["string"],
        },
        verticalPodAutoscaling: {
            enabled: false,
        },
        workloadAltsConfig: {
            enableAlts: false,
        },
        workloadIdentityConfig: {
            workloadPool: "string",
        },
    });
    
    type: gcp:container:Cluster
    properties:
        addonsConfig:
            cloudrunConfig:
                disabled: false
                loadBalancerType: string
            configConnectorConfig:
                enabled: false
            dnsCacheConfig:
                enabled: false
            gcePersistentDiskCsiDriverConfig:
                enabled: false
            gcpFilestoreCsiDriverConfig:
                enabled: false
            gcsFuseCsiDriverConfig:
                enabled: false
            gkeBackupAgentConfig:
                enabled: false
            horizontalPodAutoscaling:
                disabled: false
            httpLoadBalancing:
                disabled: false
            istioConfig:
                auth: string
                disabled: false
            kalmConfig:
                enabled: false
            networkPolicyConfig:
                disabled: false
            parallelstoreCsiDriverConfig:
                enabled: false
            rayOperatorConfigs:
                - enabled: false
                  rayClusterLoggingConfig:
                    enabled: false
                  rayClusterMonitoringConfig:
                    enabled: false
            statefulHaConfig:
                enabled: false
        allowNetAdmin: false
        authenticatorGroupsConfig:
            securityGroup: string
        binaryAuthorization:
            evaluationMode: string
        clusterAutoscaling:
            autoProvisioningDefaults:
                bootDiskKmsKey: string
                diskSize: 0
                diskType: string
                imageType: string
                management:
                    autoRepair: false
                    autoUpgrade: false
                    upgradeOptions:
                        - autoUpgradeStartTime: string
                          description: string
                minCpuPlatform: string
                oauthScopes:
                    - string
                serviceAccount: string
                shieldedInstanceConfig:
                    enableIntegrityMonitoring: false
                    enableSecureBoot: false
                upgradeSettings:
                    blueGreenSettings:
                        nodePoolSoakDuration: string
                        standardRolloutPolicy:
                            batchNodeCount: 0
                            batchPercentage: 0
                            batchSoakDuration: string
                    maxSurge: 0
                    maxUnavailable: 0
                    strategy: string
            autoProvisioningLocations:
                - string
            autoscalingProfile: string
            enabled: false
            resourceLimits:
                - maximum: 0
                  minimum: 0
                  resourceType: string
        clusterIpv4Cidr: string
        clusterTelemetry:
            type: string
        confidentialNodes:
            enabled: false
        controlPlaneEndpointsConfig:
            dnsEndpointConfig:
                allowExternalTraffic: false
                endpoint: string
        costManagementConfig:
            enabled: false
        databaseEncryption:
            keyName: string
            state: string
        datapathProvider: string
        defaultMaxPodsPerNode: 0
        defaultSnatStatus:
            disabled: false
        deletionProtection: false
        description: string
        dnsConfig:
            additiveVpcScopeDnsDomain: string
            clusterDns: string
            clusterDnsDomain: string
            clusterDnsScope: string
        enableAutopilot: false
        enableCiliumClusterwideNetworkPolicy: false
        enableFqdnNetworkPolicy: false
        enableIntranodeVisibility: false
        enableK8sBetaApis:
            enabledApis:
                - string
        enableKubernetesAlpha: false
        enableL4IlbSubsetting: false
        enableLegacyAbac: false
        enableMultiNetworking: false
        enableShieldedNodes: false
        enableTpu: false
        fleet:
            membership: string
            membershipId: string
            membershipLocation: string
            preRegistered: false
            project: string
        gatewayApiConfig:
            channel: string
        identityServiceConfig:
            enabled: false
        initialNodeCount: 0
        ipAllocationPolicy:
            additionalPodRangesConfig:
                podRangeNames:
                    - string
            clusterIpv4CidrBlock: string
            clusterSecondaryRangeName: string
            podCidrOverprovisionConfig:
                disabled: false
            servicesIpv4CidrBlock: string
            servicesSecondaryRangeName: string
            stackType: string
        location: string
        loggingConfig:
            enableComponents:
                - string
        loggingService: string
        maintenancePolicy:
            dailyMaintenanceWindow:
                duration: string
                startTime: string
            maintenanceExclusions:
                - endTime: string
                  exclusionName: string
                  exclusionOptions:
                    scope: string
                  startTime: string
            recurringWindow:
                endTime: string
                recurrence: string
                startTime: string
        masterAuth:
            clientCertificate: string
            clientCertificateConfig:
                issueClientCertificate: false
            clientKey: string
            clusterCaCertificate: string
        masterAuthorizedNetworksConfig:
            cidrBlocks:
                - cidrBlock: string
                  displayName: string
            gcpPublicCidrsAccessEnabled: false
            privateEndpointEnforcementEnabled: false
        meshCertificates:
            enableCertificates: false
        minMasterVersion: string
        monitoringConfig:
            advancedDatapathObservabilityConfig:
                enableMetrics: false
                enableRelay: false
            enableComponents:
                - string
            managedPrometheus:
                enabled: false
        monitoringService: string
        name: string
        network: string
        networkPolicy:
            enabled: false
            provider: string
        networkingMode: string
        nodeConfig:
            advancedMachineFeatures:
                enableNestedVirtualization: false
                threadsPerCore: 0
            bootDiskKmsKey: string
            confidentialNodes:
                enabled: false
            containerdConfig:
                privateRegistryAccessConfig:
                    certificateAuthorityDomainConfigs:
                        - fqdns:
                            - string
                          gcpSecretManagerCertificateConfig:
                            secretUri: string
                    enabled: false
            diskSizeGb: 0
            diskType: string
            effectiveTaints:
                - effect: string
                  key: string
                  value: string
            enableConfidentialStorage: false
            ephemeralStorageConfig:
                localSsdCount: 0
            ephemeralStorageLocalSsdConfig:
                localSsdCount: 0
            fastSocket:
                enabled: false
            gcfsConfig:
                enabled: false
            guestAccelerators:
                - count: 0
                  gpuDriverInstallationConfig:
                    gpuDriverVersion: string
                  gpuPartitionSize: string
                  gpuSharingConfig:
                    gpuSharingStrategy: string
                    maxSharedClientsPerGpu: 0
                  type: string
            gvnic:
                enabled: false
            hostMaintenancePolicy:
                maintenanceInterval: string
            imageType: string
            kubeletConfig:
                cpuCfsQuota: false
                cpuCfsQuotaPeriod: string
                cpuManagerPolicy: string
                insecureKubeletReadonlyPortEnabled: string
                podPidsLimit: 0
            labels:
                string: string
            linuxNodeConfig:
                cgroupMode: string
                hugepagesConfig:
                    hugepageSize1g: 0
                    hugepageSize2m: 0
                sysctls:
                    string: string
            localNvmeSsdBlockConfig:
                localSsdCount: 0
            localSsdCount: 0
            loggingVariant: string
            machineType: string
            metadata:
                string: string
            minCpuPlatform: string
            nodeGroup: string
            oauthScopes:
                - string
            preemptible: false
            reservationAffinity:
                consumeReservationType: string
                key: string
                values:
                    - string
            resourceLabels:
                string: string
            resourceManagerTags:
                string: string
            sandboxConfig:
                sandboxType: string
            secondaryBootDisks:
                - diskImage: string
                  mode: string
            serviceAccount: string
            shieldedInstanceConfig:
                enableIntegrityMonitoring: false
                enableSecureBoot: false
            soleTenantConfig:
                nodeAffinities:
                    - key: string
                      operator: string
                      values:
                        - string
            spot: false
            storagePools:
                - string
            tags:
                - string
            taints:
                - effect: string
                  key: string
                  value: string
            workloadMetadataConfig:
                mode: string
        nodeLocations:
            - string
        nodePoolAutoConfig:
            networkTags:
                tags:
                    - string
            nodeKubeletConfig:
                insecureKubeletReadonlyPortEnabled: string
            resourceManagerTags:
                string: string
        nodePoolDefaults:
            nodeConfigDefaults:
                containerdConfig:
                    privateRegistryAccessConfig:
                        certificateAuthorityDomainConfigs:
                            - fqdns:
                                - string
                              gcpSecretManagerCertificateConfig:
                                secretUri: string
                        enabled: false
                gcfsConfig:
                    enabled: false
                insecureKubeletReadonlyPortEnabled: string
                loggingVariant: string
        nodePools:
            - autoscaling:
                locationPolicy: string
                maxNodeCount: 0
                minNodeCount: 0
                totalMaxNodeCount: 0
                totalMinNodeCount: 0
              initialNodeCount: 0
              instanceGroupUrls:
                - string
              managedInstanceGroupUrls:
                - string
              management:
                autoRepair: false
                autoUpgrade: false
              maxPodsPerNode: 0
              name: string
              namePrefix: string
              networkConfig:
                additionalNodeNetworkConfigs:
                    - network: string
                      subnetwork: string
                additionalPodNetworkConfigs:
                    - maxPodsPerNode: 0
                      secondaryPodRange: string
                      subnetwork: string
                createPodRange: false
                enablePrivateNodes: false
                networkPerformanceConfig:
                    totalEgressBandwidthTier: string
                podCidrOverprovisionConfig:
                    disabled: false
                podIpv4CidrBlock: string
                podRange: string
              nodeConfig:
                advancedMachineFeatures:
                    enableNestedVirtualization: false
                    threadsPerCore: 0
                bootDiskKmsKey: string
                confidentialNodes:
                    enabled: false
                containerdConfig:
                    privateRegistryAccessConfig:
                        certificateAuthorityDomainConfigs:
                            - fqdns:
                                - string
                              gcpSecretManagerCertificateConfig:
                                secretUri: string
                        enabled: false
                diskSizeGb: 0
                diskType: string
                effectiveTaints:
                    - effect: string
                      key: string
                      value: string
                enableConfidentialStorage: false
                ephemeralStorageConfig:
                    localSsdCount: 0
                ephemeralStorageLocalSsdConfig:
                    localSsdCount: 0
                fastSocket:
                    enabled: false
                gcfsConfig:
                    enabled: false
                guestAccelerators:
                    - count: 0
                      gpuDriverInstallationConfig:
                        gpuDriverVersion: string
                      gpuPartitionSize: string
                      gpuSharingConfig:
                        gpuSharingStrategy: string
                        maxSharedClientsPerGpu: 0
                      type: string
                gvnic:
                    enabled: false
                hostMaintenancePolicy:
                    maintenanceInterval: string
                imageType: string
                kubeletConfig:
                    cpuCfsQuota: false
                    cpuCfsQuotaPeriod: string
                    cpuManagerPolicy: string
                    insecureKubeletReadonlyPortEnabled: string
                    podPidsLimit: 0
                labels:
                    string: string
                linuxNodeConfig:
                    cgroupMode: string
                    hugepagesConfig:
                        hugepageSize1g: 0
                        hugepageSize2m: 0
                    sysctls:
                        string: string
                localNvmeSsdBlockConfig:
                    localSsdCount: 0
                localSsdCount: 0
                loggingVariant: string
                machineType: string
                metadata:
                    string: string
                minCpuPlatform: string
                nodeGroup: string
                oauthScopes:
                    - string
                preemptible: false
                reservationAffinity:
                    consumeReservationType: string
                    key: string
                    values:
                        - string
                resourceLabels:
                    string: string
                resourceManagerTags:
                    string: string
                sandboxConfig:
                    sandboxType: string
                secondaryBootDisks:
                    - diskImage: string
                      mode: string
                serviceAccount: string
                shieldedInstanceConfig:
                    enableIntegrityMonitoring: false
                    enableSecureBoot: false
                soleTenantConfig:
                    nodeAffinities:
                        - key: string
                          operator: string
                          values:
                            - string
                spot: false
                storagePools:
                    - string
                tags:
                    - string
                taints:
                    - effect: string
                      key: string
                      value: string
                workloadMetadataConfig:
                    mode: string
              nodeCount: 0
              nodeLocations:
                - string
              placementPolicy:
                policyName: string
                tpuTopology: string
                type: string
              queuedProvisioning:
                enabled: false
              upgradeSettings:
                blueGreenSettings:
                    nodePoolSoakDuration: string
                    standardRolloutPolicy:
                        batchNodeCount: 0
                        batchPercentage: 0
                        batchSoakDuration: string
                maxSurge: 0
                maxUnavailable: 0
                strategy: string
              version: string
        nodeVersion: string
        notificationConfig:
            pubsub:
                enabled: false
                filter:
                    eventTypes:
                        - string
                topic: string
        podSecurityPolicyConfig:
            enabled: false
        privateClusterConfig:
            enablePrivateEndpoint: false
            enablePrivateNodes: false
            masterGlobalAccessConfig:
                enabled: false
            masterIpv4CidrBlock: string
            peeringName: string
            privateEndpoint: string
            privateEndpointSubnetwork: string
            publicEndpoint: string
        privateIpv6GoogleAccess: string
        project: string
        protectConfig:
            workloadConfig:
                auditMode: string
            workloadVulnerabilityMode: string
        releaseChannel:
            channel: string
        removeDefaultNodePool: false
        resourceLabels:
            string: string
        resourceUsageExportConfig:
            bigqueryDestination:
                datasetId: string
            enableNetworkEgressMetering: false
            enableResourceConsumptionMetering: false
        secretManagerConfig:
            enabled: false
        securityPostureConfig:
            mode: string
            vulnerabilityMode: string
        serviceExternalIpsConfig:
            enabled: false
        subnetwork: string
        tpuConfig:
            enabled: false
            ipv4CidrBlock: string
            useServiceNetworking: false
        userManagedKeysConfig:
            aggregationCa: string
            clusterCa: string
            controlPlaneDiskEncryptionKey: string
            etcdApiCa: string
            etcdPeerCa: string
            gkeopsEtcdBackupEncryptionKey: string
            serviceAccountSigningKeys:
                - string
            serviceAccountVerificationKeys:
                - string
        verticalPodAutoscaling:
            enabled: false
        workloadAltsConfig:
            enableAlts: false
        workloadIdentityConfig:
            workloadPool: string
    

    Cluster Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

    The Cluster resource accepts the following input properties:

    AddonsConfig ClusterAddonsConfig
    The configuration for addons supported by GKE. Structure is documented below.
    AllowNetAdmin bool
    Enable NET_ADMIN for the cluster. Defaults to false. This field should only be enabled for Autopilot clusters (enable_autopilot set to true).
    AuthenticatorGroupsConfig ClusterAuthenticatorGroupsConfig
    Configuration for the Google Groups for GKE feature. Structure is documented below.
    BinaryAuthorization ClusterBinaryAuthorization
    Configuration options for the Binary Authorization feature. Structure is documented below.
    ClusterAutoscaling ClusterClusterAutoscaling
    Per-cluster configuration of Node Auto-Provisioning with Cluster Autoscaler to automatically adjust the size of the cluster and create/delete node pools based on the current needs of the cluster's workload. See the guide to using Node Auto-Provisioning for more details. Structure is documented below.
    ClusterIpv4Cidr string
    The IP address range of the Kubernetes pods in this cluster in CIDR notation (e.g. 10.96.0.0/14). Leave blank to have one automatically chosen or specify a /14 block in 10.0.0.0/8. This field will default a new cluster to routes-based, where ip_allocation_policy is not defined.
    ClusterTelemetry ClusterClusterTelemetry
    Configuration for ClusterTelemetry feature, Structure is documented below.
    ConfidentialNodes ClusterConfidentialNodes
    Configuration for Confidential Nodes feature. Structure is documented below documented below.
    ControlPlaneEndpointsConfig ClusterControlPlaneEndpointsConfig
    Configuration for all of the cluster's control plane endpoints. Structure is documented below.
    CostManagementConfig ClusterCostManagementConfig
    Configuration for the Cost Allocation feature. Structure is documented below.
    DatabaseEncryption ClusterDatabaseEncryption
    Structure is documented below.
    DatapathProvider string
    The desired datapath provider for this cluster. This is set to LEGACY_DATAPATH by default, which uses the IPTables-based kube-proxy implementation. Set to ADVANCED_DATAPATH to enable Dataplane v2.
    DefaultMaxPodsPerNode int
    The default maximum number of pods per node in this cluster. This doesn't work on "routes-based" clusters, clusters that don't have IP Aliasing enabled. See the official documentation for more information.
    DefaultSnatStatus ClusterDefaultSnatStatus
    GKE SNAT DefaultSnatStatus contains the desired state of whether default sNAT should be disabled on the cluster, API doc. Structure is documented below
    DeletionProtection bool
    Description string
    Description of the cluster.
    DnsConfig ClusterDnsConfig
    Configuration for Using Cloud DNS for GKE. Structure is documented below.
    EnableAutopilot bool
    Enable Autopilot for this cluster. Defaults to false. Note that when this option is enabled, certain features of Standard GKE are not available. See the official documentation for available features.
    EnableCiliumClusterwideNetworkPolicy bool
    Whether CiliumClusterWideNetworkPolicy is enabled on this cluster. Defaults to false.
    EnableFqdnNetworkPolicy bool
    Whether FQDN Network Policy is enabled on this cluster. Users who enable this feature for existing Standard clusters must restart the GKE Dataplane V2 anetd DaemonSet after enabling it. See the Enable FQDN Network Policy in an existing cluster for more information.
    EnableIntranodeVisibility bool
    Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network.
    EnableK8sBetaApis ClusterEnableK8sBetaApis
    Configuration for Kubernetes Beta APIs. Structure is documented below.
    EnableKubernetesAlpha bool
    Whether to enable Kubernetes Alpha features for this cluster. Note that when this option is enabled, the cluster cannot be upgraded and will be automatically deleted after 30 days.
    EnableL4IlbSubsetting bool
    Whether L4ILB Subsetting is enabled for this cluster.
    EnableLegacyAbac bool
    Whether the ABAC authorizer is enabled for this cluster. When enabled, identities in the system, including service accounts, nodes, and controllers, will have statically granted permissions beyond those provided by the RBAC configuration or IAM. Defaults to false
    EnableMultiNetworking bool
    Whether multi-networking is enabled for this cluster.
    EnableShieldedNodes bool
    Enable Shielded Nodes features on all nodes in this cluster. Defaults to true.
    EnableTpu bool
    Whether to enable Cloud TPU resources in this cluster. See the official documentation.
    Fleet ClusterFleet
    Fleet configuration for the cluster. Structure is documented below.
    GatewayApiConfig ClusterGatewayApiConfig
    Configuration for GKE Gateway API controller. Structure is documented below.
    IdentityServiceConfig ClusterIdentityServiceConfig
    . Structure is documented below.
    InitialNodeCount int
    The number of nodes to create in this cluster's default node pool. In regional or multi-zonal clusters, this is the number of nodes per zone. Must be set if node_pool is not set. If you're using gcp.container.NodePool objects with no default node pool, you'll need to set this to a value of at least 1, alongside setting remove_default_node_pool to true.
    IpAllocationPolicy ClusterIpAllocationPolicy
    Configuration of cluster IP allocation for VPC-native clusters. If this block is unset during creation, it will be set by the GKE backend. Structure is documented below.
    Location string
    The location (region or zone) in which the cluster master will be created, as well as the default node location. If you specify a zone (such as us-central1-a), the cluster will be a zonal cluster with a single cluster master. If you specify a region (such as us-west1), the cluster will be a regional cluster with multiple masters spread across zones in the region, and with default node locations in those zones as well
    LoggingConfig ClusterLoggingConfig
    Logging configuration for the cluster. Structure is documented below.
    LoggingService string
    The logging service that the cluster should write logs to. Available options include logging.googleapis.com(Legacy Stackdriver), logging.googleapis.com/kubernetes(Stackdriver Kubernetes Engine Logging), and none. Defaults to logging.googleapis.com/kubernetes
    MaintenancePolicy ClusterMaintenancePolicy
    The maintenance policy to use for the cluster. Structure is documented below.
    MasterAuth ClusterMasterAuth
    The authentication information for accessing the Kubernetes master. Some values in this block are only returned by the API if your service account has permission to get credentials for your GKE cluster. If you see an unexpected diff unsetting your client cert, ensure you have the container.clusters.getCredentials permission. Structure is documented below.
    MasterAuthorizedNetworksConfig ClusterMasterAuthorizedNetworksConfig
    The desired configuration options for master authorized networks. Omit the nested cidr_blocks attribute to disallow external access (except the cluster node IPs, which GKE automatically whitelists). Structure is documented below.
    MeshCertificates ClusterMeshCertificates
    Structure is documented below.
    MinMasterVersion string

    The minimum version of the master. GKE will auto-update the master to new versions, so this does not guarantee the current master version--use the read-only master_version field to obtain that. If unset, the cluster's version will be set by GKE to the version of the most recent official release (which is not necessarily the latest version). Most users will find the gcp.container.getEngineVersions data source useful - it indicates which versions are available. If you intend to specify versions manually, the docs describe the various acceptable formats for this field.

    If you are using the gcp.container.getEngineVersions datasource with a regional cluster, ensure that you have provided a location to the datasource. A region can have a different set of supported versions than its corresponding zones, and not all zones in a region are guaranteed to support the same version.

    MonitoringConfig ClusterMonitoringConfig
    Monitoring configuration for the cluster. Structure is documented below.
    MonitoringService string
    The monitoring service that the cluster should write metrics to. Automatically send metrics from pods in the cluster to the Google Cloud Monitoring API. VM metrics will be collected by Google Compute Engine regardless of this setting Available options include monitoring.googleapis.com(Legacy Stackdriver), monitoring.googleapis.com/kubernetes(Stackdriver Kubernetes Engine Monitoring), and none. Defaults to monitoring.googleapis.com/kubernetes
    Name string
    The name of the cluster, unique within the project and location.


    Network string
    The name or self_link of the Google Compute Engine network to which the cluster is connected. For Shared VPC, set this to the self link of the shared network.
    NetworkPolicy ClusterNetworkPolicy
    Configuration options for the NetworkPolicy feature. Structure is documented below.
    NetworkingMode string
    Determines whether alias IPs or routes will be used for pod IPs in the cluster. Options are VPC_NATIVE or ROUTES. VPC_NATIVE enables IP aliasing. Newly created clusters will default to VPC_NATIVE.
    NodeConfig ClusterNodeConfig
    Parameters used in creating the default node pool. Generally, this field should not be used at the same time as a gcp.container.NodePool or a node_pool block; this configuration manages the default node pool, which isn't recommended to be used. Structure is documented below.
    NodeLocations List<string>

    The list of zones in which the cluster's nodes are located. Nodes must be in the region of their regional cluster or in the same region as their cluster's zone for zonal clusters. If this is specified for a zonal cluster, omit the cluster's zone.

    A "multi-zonal" cluster is a zonal cluster with at least one additional zone defined; in a multi-zonal cluster, the cluster master is only present in a single zone while nodes are present in each of the primary zone and the node locations. In contrast, in a regional cluster, cluster master nodes are present in multiple zones in the region. For that reason, regional clusters should be preferred.

    NodePoolAutoConfig ClusterNodePoolAutoConfig
    Node pool configs that apply to auto-provisioned node pools in autopilot clusters and node auto-provisioning-enabled clusters. Structure is documented below.
    NodePoolDefaults ClusterNodePoolDefaults
    Default NodePool settings for the entire cluster. These settings are overridden if specified on the specific NodePool object. Structure is documented below.
    NodePools List<ClusterNodePool>
    List of node pools associated with this cluster. See gcp.container.NodePool for schema. Warning: node pools defined inside a cluster can't be changed (or added/removed) after cluster creation without deleting and recreating the entire cluster. Unless you absolutely need the ability to say "these are the only node pools associated with this cluster", use the gcp.container.NodePool resource instead of this property.
    NodeVersion string
    The Kubernetes version on the nodes. Must either be unset or set to the same value as min_master_version on create. Defaults to the default version set by GKE which is not necessarily the latest version. This only affects nodes in the default node pool. While a fuzzy version can be specified, it's recommended that you specify explicit versions as the provider will see spurious diffs when fuzzy versions are used. See the gcp.container.getEngineVersions data source's version_prefix field to approximate fuzzy versions. To update nodes in other node pools, use the version attribute on the node pool.
    NotificationConfig ClusterNotificationConfig
    Configuration for the cluster upgrade notifications feature. Structure is documented below.
    PodSecurityPolicyConfig ClusterPodSecurityPolicyConfig
    Configuration for the PodSecurityPolicy feature. Structure is documented below.
    PrivateClusterConfig ClusterPrivateClusterConfig
    Configuration for private clusters, clusters with private nodes. Structure is documented below.
    PrivateIpv6GoogleAccess string
    The desired state of IPv6 connectivity to Google Services. By default, no private IPv6 access to or from Google Services (all access will be via IPv4).
    Project string
    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
    ProtectConfig ClusterProtectConfig
    Enable/Disable Protect API features for the cluster. Structure is documented below.
    ReleaseChannel ClusterReleaseChannel
    Configuration options for the Release channel feature, which provide more control over automatic upgrades of your GKE clusters. When updating this field, GKE imposes specific version requirements. See Selecting a new release channel for more details; the gcp.container.getEngineVersions datasource can provide the default version for a channel. Note that removing the release_channel field from your config will cause the provider to stop managing your cluster's release channel, but will not unenroll it. Instead, use the "UNSPECIFIED" channel. Structure is documented below.
    RemoveDefaultNodePool bool
    If true, deletes the default node pool upon cluster creation. If you're using gcp.container.NodePool resources with no default node pool, this should be set to true, alongside setting initial_node_count to at least 1.
    ResourceLabels Dictionary<string, string>

    The GCE resource labels (a map of key/value pairs) to be applied to the cluster.

    Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field 'effective_labels' for all of the labels present on the resource.

    ResourceUsageExportConfig ClusterResourceUsageExportConfig
    Configuration for the ResourceUsageExportConfig feature. Structure is documented below.
    SecretManagerConfig ClusterSecretManagerConfig
    Configuration for the SecretManagerConfig feature. Structure is documented below.
    SecurityPostureConfig ClusterSecurityPostureConfig
    Enable/Disable Security Posture API features for the cluster. Structure is documented below.
    ServiceExternalIpsConfig ClusterServiceExternalIpsConfig
    Structure is documented below.
    Subnetwork string
    The name or self_link of the Google Compute Engine subnetwork in which the cluster's instances are launched.
    TpuConfig ClusterTpuConfig
    TPU configuration for the cluster.
    UserManagedKeysConfig ClusterUserManagedKeysConfig
    The custom keys configuration of the cluster.
    VerticalPodAutoscaling ClusterVerticalPodAutoscaling
    Vertical Pod Autoscaling automatically adjusts the resources of pods controlled by it. Structure is documented below.
    WorkloadAltsConfig ClusterWorkloadAltsConfig

    Configuration for direct-path (via ALTS) with workload identity.. Structure is documented below.

    The default_snat_status block supports

    WorkloadIdentityConfig ClusterWorkloadIdentityConfig
    Workload Identity allows Kubernetes service accounts to act as a user-managed Google IAM Service Account. Structure is documented below.
    AddonsConfig ClusterAddonsConfigArgs
    The configuration for addons supported by GKE. Structure is documented below.
    AllowNetAdmin bool
    Enable NET_ADMIN for the cluster. Defaults to false. This field should only be enabled for Autopilot clusters (enable_autopilot set to true).
    AuthenticatorGroupsConfig ClusterAuthenticatorGroupsConfigArgs
    Configuration for the Google Groups for GKE feature. Structure is documented below.
    BinaryAuthorization ClusterBinaryAuthorizationArgs
    Configuration options for the Binary Authorization feature. Structure is documented below.
    ClusterAutoscaling ClusterClusterAutoscalingArgs
    Per-cluster configuration of Node Auto-Provisioning with Cluster Autoscaler to automatically adjust the size of the cluster and create/delete node pools based on the current needs of the cluster's workload. See the guide to using Node Auto-Provisioning for more details. Structure is documented below.
    ClusterIpv4Cidr string
    The IP address range of the Kubernetes pods in this cluster in CIDR notation (e.g. 10.96.0.0/14). Leave blank to have one automatically chosen or specify a /14 block in 10.0.0.0/8. This field will default a new cluster to routes-based, where ip_allocation_policy is not defined.
    ClusterTelemetry ClusterClusterTelemetryArgs
    Configuration for ClusterTelemetry feature, Structure is documented below.
    ConfidentialNodes ClusterConfidentialNodesArgs
    Configuration for Confidential Nodes feature. Structure is documented below documented below.
    ControlPlaneEndpointsConfig ClusterControlPlaneEndpointsConfigArgs
    Configuration for all of the cluster's control plane endpoints. Structure is documented below.
    CostManagementConfig ClusterCostManagementConfigArgs
    Configuration for the Cost Allocation feature. Structure is documented below.
    DatabaseEncryption ClusterDatabaseEncryptionArgs
    Structure is documented below.
    DatapathProvider string
    The desired datapath provider for this cluster. This is set to LEGACY_DATAPATH by default, which uses the IPTables-based kube-proxy implementation. Set to ADVANCED_DATAPATH to enable Dataplane v2.
    DefaultMaxPodsPerNode int
    The default maximum number of pods per node in this cluster. This doesn't work on "routes-based" clusters, clusters that don't have IP Aliasing enabled. See the official documentation for more information.
    DefaultSnatStatus ClusterDefaultSnatStatusArgs
    GKE SNAT DefaultSnatStatus contains the desired state of whether default sNAT should be disabled on the cluster, API doc. Structure is documented below
    DeletionProtection bool
    Description string
    Description of the cluster.
    DnsConfig ClusterDnsConfigArgs
    Configuration for Using Cloud DNS for GKE. Structure is documented below.
    EnableAutopilot bool
    Enable Autopilot for this cluster. Defaults to false. Note that when this option is enabled, certain features of Standard GKE are not available. See the official documentation for available features.
    EnableCiliumClusterwideNetworkPolicy bool
    Whether CiliumClusterWideNetworkPolicy is enabled on this cluster. Defaults to false.
    EnableFqdnNetworkPolicy bool
    Whether FQDN Network Policy is enabled on this cluster. Users who enable this feature for existing Standard clusters must restart the GKE Dataplane V2 anetd DaemonSet after enabling it. See the Enable FQDN Network Policy in an existing cluster for more information.
    EnableIntranodeVisibility bool
    Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network.
    EnableK8sBetaApis ClusterEnableK8sBetaApisArgs
    Configuration for Kubernetes Beta APIs. Structure is documented below.
    EnableKubernetesAlpha bool
    Whether to enable Kubernetes Alpha features for this cluster. Note that when this option is enabled, the cluster cannot be upgraded and will be automatically deleted after 30 days.
    EnableL4IlbSubsetting bool
    Whether L4ILB Subsetting is enabled for this cluster.
    EnableLegacyAbac bool
    Whether the ABAC authorizer is enabled for this cluster. When enabled, identities in the system, including service accounts, nodes, and controllers, will have statically granted permissions beyond those provided by the RBAC configuration or IAM. Defaults to false
    EnableMultiNetworking bool
    Whether multi-networking is enabled for this cluster.
    EnableShieldedNodes bool
    Enable Shielded Nodes features on all nodes in this cluster. Defaults to true.
    EnableTpu bool
    Whether to enable Cloud TPU resources in this cluster. See the official documentation.
    Fleet ClusterFleetArgs
    Fleet configuration for the cluster. Structure is documented below.
    GatewayApiConfig ClusterGatewayApiConfigArgs
    Configuration for GKE Gateway API controller. Structure is documented below.
    IdentityServiceConfig ClusterIdentityServiceConfigArgs
    . Structure is documented below.
    InitialNodeCount int
    The number of nodes to create in this cluster's default node pool. In regional or multi-zonal clusters, this is the number of nodes per zone. Must be set if node_pool is not set. If you're using gcp.container.NodePool objects with no default node pool, you'll need to set this to a value of at least 1, alongside setting remove_default_node_pool to true.
    IpAllocationPolicy ClusterIpAllocationPolicyArgs
    Configuration of cluster IP allocation for VPC-native clusters. If this block is unset during creation, it will be set by the GKE backend. Structure is documented below.
    Location string
    The location (region or zone) in which the cluster master will be created, as well as the default node location. If you specify a zone (such as us-central1-a), the cluster will be a zonal cluster with a single cluster master. If you specify a region (such as us-west1), the cluster will be a regional cluster with multiple masters spread across zones in the region, and with default node locations in those zones as well
    LoggingConfig ClusterLoggingConfigArgs
    Logging configuration for the cluster. Structure is documented below.
    LoggingService string
    The logging service that the cluster should write logs to. Available options include logging.googleapis.com(Legacy Stackdriver), logging.googleapis.com/kubernetes(Stackdriver Kubernetes Engine Logging), and none. Defaults to logging.googleapis.com/kubernetes
    MaintenancePolicy ClusterMaintenancePolicyArgs
    The maintenance policy to use for the cluster. Structure is documented below.
    MasterAuth ClusterMasterAuthArgs
    The authentication information for accessing the Kubernetes master. Some values in this block are only returned by the API if your service account has permission to get credentials for your GKE cluster. If you see an unexpected diff unsetting your client cert, ensure you have the container.clusters.getCredentials permission. Structure is documented below.
    MasterAuthorizedNetworksConfig ClusterMasterAuthorizedNetworksConfigArgs
    The desired configuration options for master authorized networks. Omit the nested cidr_blocks attribute to disallow external access (except the cluster node IPs, which GKE automatically whitelists). Structure is documented below.
    MeshCertificates ClusterMeshCertificatesArgs
    Structure is documented below.
    MinMasterVersion string

    The minimum version of the master. GKE will auto-update the master to new versions, so this does not guarantee the current master version--use the read-only master_version field to obtain that. If unset, the cluster's version will be set by GKE to the version of the most recent official release (which is not necessarily the latest version). Most users will find the gcp.container.getEngineVersions data source useful - it indicates which versions are available. If you intend to specify versions manually, the docs describe the various acceptable formats for this field.

    If you are using the gcp.container.getEngineVersions datasource with a regional cluster, ensure that you have provided a location to the datasource. A region can have a different set of supported versions than its corresponding zones, and not all zones in a region are guaranteed to support the same version.

    MonitoringConfig ClusterMonitoringConfigArgs
    Monitoring configuration for the cluster. Structure is documented below.
    MonitoringService string
    The monitoring service that the cluster should write metrics to. Automatically send metrics from pods in the cluster to the Google Cloud Monitoring API. VM metrics will be collected by Google Compute Engine regardless of this setting Available options include monitoring.googleapis.com(Legacy Stackdriver), monitoring.googleapis.com/kubernetes(Stackdriver Kubernetes Engine Monitoring), and none. Defaults to monitoring.googleapis.com/kubernetes
    Name string
    The name of the cluster, unique within the project and location.


    Network string
    The name or self_link of the Google Compute Engine network to which the cluster is connected. For Shared VPC, set this to the self link of the shared network.
    NetworkPolicy ClusterNetworkPolicyArgs
    Configuration options for the NetworkPolicy feature. Structure is documented below.
    NetworkingMode string
    Determines whether alias IPs or routes will be used for pod IPs in the cluster. Options are VPC_NATIVE or ROUTES. VPC_NATIVE enables IP aliasing. Newly created clusters will default to VPC_NATIVE.
    NodeConfig ClusterNodeConfigArgs
    Parameters used in creating the default node pool. Generally, this field should not be used at the same time as a gcp.container.NodePool or a node_pool block; this configuration manages the default node pool, which isn't recommended to be used. Structure is documented below.
    NodeLocations []string

    The list of zones in which the cluster's nodes are located. Nodes must be in the region of their regional cluster or in the same region as their cluster's zone for zonal clusters. If this is specified for a zonal cluster, omit the cluster's zone.

    A "multi-zonal" cluster is a zonal cluster with at least one additional zone defined; in a multi-zonal cluster, the cluster master is only present in a single zone while nodes are present in each of the primary zone and the node locations. In contrast, in a regional cluster, cluster master nodes are present in multiple zones in the region. For that reason, regional clusters should be preferred.

    NodePoolAutoConfig ClusterNodePoolAutoConfigArgs
    Node pool configs that apply to auto-provisioned node pools in autopilot clusters and node auto-provisioning-enabled clusters. Structure is documented below.
    NodePoolDefaults ClusterNodePoolDefaultsArgs
    Default NodePool settings for the entire cluster. These settings are overridden if specified on the specific NodePool object. Structure is documented below.
    NodePools []ClusterNodePoolArgs
    List of node pools associated with this cluster. See gcp.container.NodePool for schema. Warning: node pools defined inside a cluster can't be changed (or added/removed) after cluster creation without deleting and recreating the entire cluster. Unless you absolutely need the ability to say "these are the only node pools associated with this cluster", use the gcp.container.NodePool resource instead of this property.
    NodeVersion string
    The Kubernetes version on the nodes. Must either be unset or set to the same value as min_master_version on create. Defaults to the default version set by GKE which is not necessarily the latest version. This only affects nodes in the default node pool. While a fuzzy version can be specified, it's recommended that you specify explicit versions as the provider will see spurious diffs when fuzzy versions are used. See the gcp.container.getEngineVersions data source's version_prefix field to approximate fuzzy versions. To update nodes in other node pools, use the version attribute on the node pool.
    NotificationConfig ClusterNotificationConfigArgs
    Configuration for the cluster upgrade notifications feature. Structure is documented below.
    PodSecurityPolicyConfig ClusterPodSecurityPolicyConfigArgs
    Configuration for the PodSecurityPolicy feature. Structure is documented below.
    PrivateClusterConfig ClusterPrivateClusterConfigArgs
    Configuration for private clusters, clusters with private nodes. Structure is documented below.
    PrivateIpv6GoogleAccess string
    The desired state of IPv6 connectivity to Google Services. By default, no private IPv6 access to or from Google Services (all access will be via IPv4).
    Project string
    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
    ProtectConfig ClusterProtectConfigArgs
    Enable/Disable Protect API features for the cluster. Structure is documented below.
    ReleaseChannel ClusterReleaseChannelArgs
    Configuration options for the Release channel feature, which provide more control over automatic upgrades of your GKE clusters. When updating this field, GKE imposes specific version requirements. See Selecting a new release channel for more details; the gcp.container.getEngineVersions datasource can provide the default version for a channel. Note that removing the release_channel field from your config will cause the provider to stop managing your cluster's release channel, but will not unenroll it. Instead, use the "UNSPECIFIED" channel. Structure is documented below.
    RemoveDefaultNodePool bool
    If true, deletes the default node pool upon cluster creation. If you're using gcp.container.NodePool resources with no default node pool, this should be set to true, alongside setting initial_node_count to at least 1.
    ResourceLabels map[string]string

    The GCE resource labels (a map of key/value pairs) to be applied to the cluster.

    Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field 'effective_labels' for all of the labels present on the resource.

    ResourceUsageExportConfig ClusterResourceUsageExportConfigArgs
    Configuration for the ResourceUsageExportConfig feature. Structure is documented below.
    SecretManagerConfig ClusterSecretManagerConfigArgs
    Configuration for the SecretManagerConfig feature. Structure is documented below.
    SecurityPostureConfig ClusterSecurityPostureConfigArgs
    Enable/Disable Security Posture API features for the cluster. Structure is documented below.
    ServiceExternalIpsConfig ClusterServiceExternalIpsConfigArgs
    Structure is documented below.
    Subnetwork string
    The name or self_link of the Google Compute Engine subnetwork in which the cluster's instances are launched.
    TpuConfig ClusterTpuConfigArgs
    TPU configuration for the cluster.
    UserManagedKeysConfig ClusterUserManagedKeysConfigArgs
    The custom keys configuration of the cluster.
    VerticalPodAutoscaling ClusterVerticalPodAutoscalingArgs
    Vertical Pod Autoscaling automatically adjusts the resources of pods controlled by it. Structure is documented below.
    WorkloadAltsConfig ClusterWorkloadAltsConfigArgs

    Configuration for direct-path (via ALTS) with workload identity.. Structure is documented below.

    The default_snat_status block supports

    WorkloadIdentityConfig ClusterWorkloadIdentityConfigArgs
    Workload Identity allows Kubernetes service accounts to act as a user-managed Google IAM Service Account. Structure is documented below.
    addonsConfig ClusterAddonsConfig
    The configuration for addons supported by GKE. Structure is documented below.
    allowNetAdmin Boolean
    Enable NET_ADMIN for the cluster. Defaults to false. This field should only be enabled for Autopilot clusters (enable_autopilot set to true).
    authenticatorGroupsConfig ClusterAuthenticatorGroupsConfig
    Configuration for the Google Groups for GKE feature. Structure is documented below.
    binaryAuthorization ClusterBinaryAuthorization
    Configuration options for the Binary Authorization feature. Structure is documented below.
    clusterAutoscaling ClusterClusterAutoscaling
    Per-cluster configuration of Node Auto-Provisioning with Cluster Autoscaler to automatically adjust the size of the cluster and create/delete node pools based on the current needs of the cluster's workload. See the guide to using Node Auto-Provisioning for more details. Structure is documented below.
    clusterIpv4Cidr String
    The IP address range of the Kubernetes pods in this cluster in CIDR notation (e.g. 10.96.0.0/14). Leave blank to have one automatically chosen or specify a /14 block in 10.0.0.0/8. This field will default a new cluster to routes-based, where ip_allocation_policy is not defined.
    clusterTelemetry ClusterClusterTelemetry
    Configuration for ClusterTelemetry feature, Structure is documented below.
    confidentialNodes ClusterConfidentialNodes
    Configuration for Confidential Nodes feature. Structure is documented below documented below.
    controlPlaneEndpointsConfig ClusterControlPlaneEndpointsConfig
    Configuration for all of the cluster's control plane endpoints. Structure is documented below.
    costManagementConfig ClusterCostManagementConfig
    Configuration for the Cost Allocation feature. Structure is documented below.
    databaseEncryption ClusterDatabaseEncryption
    Structure is documented below.
    datapathProvider String
    The desired datapath provider for this cluster. This is set to LEGACY_DATAPATH by default, which uses the IPTables-based kube-proxy implementation. Set to ADVANCED_DATAPATH to enable Dataplane v2.
    defaultMaxPodsPerNode Integer
    The default maximum number of pods per node in this cluster. This doesn't work on "routes-based" clusters, clusters that don't have IP Aliasing enabled. See the official documentation for more information.
    defaultSnatStatus ClusterDefaultSnatStatus
    GKE SNAT DefaultSnatStatus contains the desired state of whether default sNAT should be disabled on the cluster, API doc. Structure is documented below
    deletionProtection Boolean
    description String
    Description of the cluster.
    dnsConfig ClusterDnsConfig
    Configuration for Using Cloud DNS for GKE. Structure is documented below.
    enableAutopilot Boolean
    Enable Autopilot for this cluster. Defaults to false. Note that when this option is enabled, certain features of Standard GKE are not available. See the official documentation for available features.
    enableCiliumClusterwideNetworkPolicy Boolean
    Whether CiliumClusterWideNetworkPolicy is enabled on this cluster. Defaults to false.
    enableFqdnNetworkPolicy Boolean
    Whether FQDN Network Policy is enabled on this cluster. Users who enable this feature for existing Standard clusters must restart the GKE Dataplane V2 anetd DaemonSet after enabling it. See the Enable FQDN Network Policy in an existing cluster for more information.
    enableIntranodeVisibility Boolean
    Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network.
    enableK8sBetaApis ClusterEnableK8sBetaApis
    Configuration for Kubernetes Beta APIs. Structure is documented below.
    enableKubernetesAlpha Boolean
    Whether to enable Kubernetes Alpha features for this cluster. Note that when this option is enabled, the cluster cannot be upgraded and will be automatically deleted after 30 days.
    enableL4IlbSubsetting Boolean
    Whether L4ILB Subsetting is enabled for this cluster.
    enableLegacyAbac Boolean
    Whether the ABAC authorizer is enabled for this cluster. When enabled, identities in the system, including service accounts, nodes, and controllers, will have statically granted permissions beyond those provided by the RBAC configuration or IAM. Defaults to false
    enableMultiNetworking Boolean
    Whether multi-networking is enabled for this cluster.
    enableShieldedNodes Boolean
    Enable Shielded Nodes features on all nodes in this cluster. Defaults to true.
    enableTpu Boolean
    Whether to enable Cloud TPU resources in this cluster. See the official documentation.
    fleet ClusterFleet
    Fleet configuration for the cluster. Structure is documented below.
    gatewayApiConfig ClusterGatewayApiConfig
    Configuration for GKE Gateway API controller. Structure is documented below.
    identityServiceConfig ClusterIdentityServiceConfig
    . Structure is documented below.
    initialNodeCount Integer
    The number of nodes to create in this cluster's default node pool. In regional or multi-zonal clusters, this is the number of nodes per zone. Must be set if node_pool is not set. If you're using gcp.container.NodePool objects with no default node pool, you'll need to set this to a value of at least 1, alongside setting remove_default_node_pool to true.
    ipAllocationPolicy ClusterIpAllocationPolicy
    Configuration of cluster IP allocation for VPC-native clusters. If this block is unset during creation, it will be set by the GKE backend. Structure is documented below.
    location String
    The location (region or zone) in which the cluster master will be created, as well as the default node location. If you specify a zone (such as us-central1-a), the cluster will be a zonal cluster with a single cluster master. If you specify a region (such as us-west1), the cluster will be a regional cluster with multiple masters spread across zones in the region, and with default node locations in those zones as well
    loggingConfig ClusterLoggingConfig
    Logging configuration for the cluster. Structure is documented below.
    loggingService String
    The logging service that the cluster should write logs to. Available options include logging.googleapis.com(Legacy Stackdriver), logging.googleapis.com/kubernetes(Stackdriver Kubernetes Engine Logging), and none. Defaults to logging.googleapis.com/kubernetes
    maintenancePolicy ClusterMaintenancePolicy
    The maintenance policy to use for the cluster. Structure is documented below.
    masterAuth ClusterMasterAuth
    The authentication information for accessing the Kubernetes master. Some values in this block are only returned by the API if your service account has permission to get credentials for your GKE cluster. If you see an unexpected diff unsetting your client cert, ensure you have the container.clusters.getCredentials permission. Structure is documented below.
    masterAuthorizedNetworksConfig ClusterMasterAuthorizedNetworksConfig
    The desired configuration options for master authorized networks. Omit the nested cidr_blocks attribute to disallow external access (except the cluster node IPs, which GKE automatically whitelists). Structure is documented below.
    meshCertificates ClusterMeshCertificates
    Structure is documented below.
    minMasterVersion String

    The minimum version of the master. GKE will auto-update the master to new versions, so this does not guarantee the current master version--use the read-only master_version field to obtain that. If unset, the cluster's version will be set by GKE to the version of the most recent official release (which is not necessarily the latest version). Most users will find the gcp.container.getEngineVersions data source useful - it indicates which versions are available. If you intend to specify versions manually, the docs describe the various acceptable formats for this field.

    If you are using the gcp.container.getEngineVersions datasource with a regional cluster, ensure that you have provided a location to the datasource. A region can have a different set of supported versions than its corresponding zones, and not all zones in a region are guaranteed to support the same version.

    monitoringConfig ClusterMonitoringConfig
    Monitoring configuration for the cluster. Structure is documented below.
    monitoringService String
    The monitoring service that the cluster should write metrics to. Automatically send metrics from pods in the cluster to the Google Cloud Monitoring API. VM metrics will be collected by Google Compute Engine regardless of this setting Available options include monitoring.googleapis.com(Legacy Stackdriver), monitoring.googleapis.com/kubernetes(Stackdriver Kubernetes Engine Monitoring), and none. Defaults to monitoring.googleapis.com/kubernetes
    name String
    The name of the cluster, unique within the project and location.


    network String
    The name or self_link of the Google Compute Engine network to which the cluster is connected. For Shared VPC, set this to the self link of the shared network.
    networkPolicy ClusterNetworkPolicy
    Configuration options for the NetworkPolicy feature. Structure is documented below.
    networkingMode String
    Determines whether alias IPs or routes will be used for pod IPs in the cluster. Options are VPC_NATIVE or ROUTES. VPC_NATIVE enables IP aliasing. Newly created clusters will default to VPC_NATIVE.
    nodeConfig ClusterNodeConfig
    Parameters used in creating the default node pool. Generally, this field should not be used at the same time as a gcp.container.NodePool or a node_pool block; this configuration manages the default node pool, which isn't recommended to be used. Structure is documented below.
    nodeLocations List<String>

    The list of zones in which the cluster's nodes are located. Nodes must be in the region of their regional cluster or in the same region as their cluster's zone for zonal clusters. If this is specified for a zonal cluster, omit the cluster's zone.

    A "multi-zonal" cluster is a zonal cluster with at least one additional zone defined; in a multi-zonal cluster, the cluster master is only present in a single zone while nodes are present in each of the primary zone and the node locations. In contrast, in a regional cluster, cluster master nodes are present in multiple zones in the region. For that reason, regional clusters should be preferred.

    nodePoolAutoConfig ClusterNodePoolAutoConfig
    Node pool configs that apply to auto-provisioned node pools in autopilot clusters and node auto-provisioning-enabled clusters. Structure is documented below.
    nodePoolDefaults ClusterNodePoolDefaults
    Default NodePool settings for the entire cluster. These settings are overridden if specified on the specific NodePool object. Structure is documented below.
    nodePools List<ClusterNodePool>
    List of node pools associated with this cluster. See gcp.container.NodePool for schema. Warning: node pools defined inside a cluster can't be changed (or added/removed) after cluster creation without deleting and recreating the entire cluster. Unless you absolutely need the ability to say "these are the only node pools associated with this cluster", use the gcp.container.NodePool resource instead of this property.
    nodeVersion String
    The Kubernetes version on the nodes. Must either be unset or set to the same value as min_master_version on create. Defaults to the default version set by GKE which is not necessarily the latest version. This only affects nodes in the default node pool. While a fuzzy version can be specified, it's recommended that you specify explicit versions as the provider will see spurious diffs when fuzzy versions are used. See the gcp.container.getEngineVersions data source's version_prefix field to approximate fuzzy versions. To update nodes in other node pools, use the version attribute on the node pool.
    notificationConfig ClusterNotificationConfig
    Configuration for the cluster upgrade notifications feature. Structure is documented below.
    podSecurityPolicyConfig ClusterPodSecurityPolicyConfig
    Configuration for the PodSecurityPolicy feature. Structure is documented below.
    privateClusterConfig ClusterPrivateClusterConfig
    Configuration for private clusters, clusters with private nodes. Structure is documented below.
    privateIpv6GoogleAccess String
    The desired state of IPv6 connectivity to Google Services. By default, no private IPv6 access to or from Google Services (all access will be via IPv4).
    project String
    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
    protectConfig ClusterProtectConfig
    Enable/Disable Protect API features for the cluster. Structure is documented below.
    releaseChannel ClusterReleaseChannel
    Configuration options for the Release channel feature, which provide more control over automatic upgrades of your GKE clusters. When updating this field, GKE imposes specific version requirements. See Selecting a new release channel for more details; the gcp.container.getEngineVersions datasource can provide the default version for a channel. Note that removing the release_channel field from your config will cause the provider to stop managing your cluster's release channel, but will not unenroll it. Instead, use the "UNSPECIFIED" channel. Structure is documented below.
    removeDefaultNodePool Boolean
    If true, deletes the default node pool upon cluster creation. If you're using gcp.container.NodePool resources with no default node pool, this should be set to true, alongside setting initial_node_count to at least 1.
    resourceLabels Map<String,String>

    The GCE resource labels (a map of key/value pairs) to be applied to the cluster.

    Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field 'effective_labels' for all of the labels present on the resource.

    resourceUsageExportConfig ClusterResourceUsageExportConfig
    Configuration for the ResourceUsageExportConfig feature. Structure is documented below.
    secretManagerConfig ClusterSecretManagerConfig
    Configuration for the SecretManagerConfig feature. Structure is documented below.
    securityPostureConfig ClusterSecurityPostureConfig
    Enable/Disable Security Posture API features for the cluster. Structure is documented below.
    serviceExternalIpsConfig ClusterServiceExternalIpsConfig
    Structure is documented below.
    subnetwork String
    The name or self_link of the Google Compute Engine subnetwork in which the cluster's instances are launched.
    tpuConfig ClusterTpuConfig
    TPU configuration for the cluster.
    userManagedKeysConfig ClusterUserManagedKeysConfig
    The custom keys configuration of the cluster.
    verticalPodAutoscaling ClusterVerticalPodAutoscaling
    Vertical Pod Autoscaling automatically adjusts the resources of pods controlled by it. Structure is documented below.
    workloadAltsConfig ClusterWorkloadAltsConfig

    Configuration for direct-path (via ALTS) with workload identity.. Structure is documented below.

    The default_snat_status block supports

    workloadIdentityConfig ClusterWorkloadIdentityConfig
    Workload Identity allows Kubernetes service accounts to act as a user-managed Google IAM Service Account. Structure is documented below.
    addonsConfig ClusterAddonsConfig
    The configuration for addons supported by GKE. Structure is documented below.
    allowNetAdmin boolean
    Enable NET_ADMIN for the cluster. Defaults to false. This field should only be enabled for Autopilot clusters (enable_autopilot set to true).
    authenticatorGroupsConfig ClusterAuthenticatorGroupsConfig
    Configuration for the Google Groups for GKE feature. Structure is documented below.
    binaryAuthorization ClusterBinaryAuthorization
    Configuration options for the Binary Authorization feature. Structure is documented below.
    clusterAutoscaling ClusterClusterAutoscaling
    Per-cluster configuration of Node Auto-Provisioning with Cluster Autoscaler to automatically adjust the size of the cluster and create/delete node pools based on the current needs of the cluster's workload. See the guide to using Node Auto-Provisioning for more details. Structure is documented below.
    clusterIpv4Cidr string
    The IP address range of the Kubernetes pods in this cluster in CIDR notation (e.g. 10.96.0.0/14). Leave blank to have one automatically chosen or specify a /14 block in 10.0.0.0/8. This field will default a new cluster to routes-based, where ip_allocation_policy is not defined.
    clusterTelemetry ClusterClusterTelemetry
    Configuration for ClusterTelemetry feature, Structure is documented below.
    confidentialNodes ClusterConfidentialNodes
    Configuration for Confidential Nodes feature. Structure is documented below documented below.
    controlPlaneEndpointsConfig ClusterControlPlaneEndpointsConfig
    Configuration for all of the cluster's control plane endpoints. Structure is documented below.
    costManagementConfig ClusterCostManagementConfig
    Configuration for the Cost Allocation feature. Structure is documented below.
    databaseEncryption ClusterDatabaseEncryption
    Structure is documented below.
    datapathProvider string
    The desired datapath provider for this cluster. This is set to LEGACY_DATAPATH by default, which uses the IPTables-based kube-proxy implementation. Set to ADVANCED_DATAPATH to enable Dataplane v2.
    defaultMaxPodsPerNode number
    The default maximum number of pods per node in this cluster. This doesn't work on "routes-based" clusters, clusters that don't have IP Aliasing enabled. See the official documentation for more information.
    defaultSnatStatus ClusterDefaultSnatStatus
    GKE SNAT DefaultSnatStatus contains the desired state of whether default sNAT should be disabled on the cluster, API doc. Structure is documented below
    deletionProtection boolean
    description string
    Description of the cluster.
    dnsConfig ClusterDnsConfig
    Configuration for Using Cloud DNS for GKE. Structure is documented below.
    enableAutopilot boolean
    Enable Autopilot for this cluster. Defaults to false. Note that when this option is enabled, certain features of Standard GKE are not available. See the official documentation for available features.
    enableCiliumClusterwideNetworkPolicy boolean
    Whether CiliumClusterWideNetworkPolicy is enabled on this cluster. Defaults to false.
    enableFqdnNetworkPolicy boolean
    Whether FQDN Network Policy is enabled on this cluster. Users who enable this feature for existing Standard clusters must restart the GKE Dataplane V2 anetd DaemonSet after enabling it. See the Enable FQDN Network Policy in an existing cluster for more information.
    enableIntranodeVisibility boolean
    Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network.
    enableK8sBetaApis ClusterEnableK8sBetaApis
    Configuration for Kubernetes Beta APIs. Structure is documented below.
    enableKubernetesAlpha boolean
    Whether to enable Kubernetes Alpha features for this cluster. Note that when this option is enabled, the cluster cannot be upgraded and will be automatically deleted after 30 days.
    enableL4IlbSubsetting boolean
    Whether L4ILB Subsetting is enabled for this cluster.
    enableLegacyAbac boolean
    Whether the ABAC authorizer is enabled for this cluster. When enabled, identities in the system, including service accounts, nodes, and controllers, will have statically granted permissions beyond those provided by the RBAC configuration or IAM. Defaults to false
    enableMultiNetworking boolean
    Whether multi-networking is enabled for this cluster.
    enableShieldedNodes boolean
    Enable Shielded Nodes features on all nodes in this cluster. Defaults to true.
    enableTpu boolean
    Whether to enable Cloud TPU resources in this cluster. See the official documentation.
    fleet ClusterFleet
    Fleet configuration for the cluster. Structure is documented below.
    gatewayApiConfig ClusterGatewayApiConfig
    Configuration for GKE Gateway API controller. Structure is documented below.
    identityServiceConfig ClusterIdentityServiceConfig
    . Structure is documented below.
    initialNodeCount number
    The number of nodes to create in this cluster's default node pool. In regional or multi-zonal clusters, this is the number of nodes per zone. Must be set if node_pool is not set. If you're using gcp.container.NodePool objects with no default node pool, you'll need to set this to a value of at least 1, alongside setting remove_default_node_pool to true.
    ipAllocationPolicy ClusterIpAllocationPolicy
    Configuration of cluster IP allocation for VPC-native clusters. If this block is unset during creation, it will be set by the GKE backend. Structure is documented below.
    location string
    The location (region or zone) in which the cluster master will be created, as well as the default node location. If you specify a zone (such as us-central1-a), the cluster will be a zonal cluster with a single cluster master. If you specify a region (such as us-west1), the cluster will be a regional cluster with multiple masters spread across zones in the region, and with default node locations in those zones as well
    loggingConfig ClusterLoggingConfig
    Logging configuration for the cluster. Structure is documented below.
    loggingService string
    The logging service that the cluster should write logs to. Available options include logging.googleapis.com(Legacy Stackdriver), logging.googleapis.com/kubernetes(Stackdriver Kubernetes Engine Logging), and none. Defaults to logging.googleapis.com/kubernetes
    maintenancePolicy ClusterMaintenancePolicy
    The maintenance policy to use for the cluster. Structure is documented below.
    masterAuth ClusterMasterAuth
    The authentication information for accessing the Kubernetes master. Some values in this block are only returned by the API if your service account has permission to get credentials for your GKE cluster. If you see an unexpected diff unsetting your client cert, ensure you have the container.clusters.getCredentials permission. Structure is documented below.
    masterAuthorizedNetworksConfig ClusterMasterAuthorizedNetworksConfig
    The desired configuration options for master authorized networks. Omit the nested cidr_blocks attribute to disallow external access (except the cluster node IPs, which GKE automatically whitelists). Structure is documented below.
    meshCertificates ClusterMeshCertificates
    Structure is documented below.
    minMasterVersion string

    The minimum version of the master. GKE will auto-update the master to new versions, so this does not guarantee the current master version--use the read-only master_version field to obtain that. If unset, the cluster's version will be set by GKE to the version of the most recent official release (which is not necessarily the latest version). Most users will find the gcp.container.getEngineVersions data source useful - it indicates which versions are available. If you intend to specify versions manually, the docs describe the various acceptable formats for this field.

    If you are using the gcp.container.getEngineVersions datasource with a regional cluster, ensure that you have provided a location to the datasource. A region can have a different set of supported versions than its corresponding zones, and not all zones in a region are guaranteed to support the same version.

    monitoringConfig ClusterMonitoringConfig
    Monitoring configuration for the cluster. Structure is documented below.
    monitoringService string
    The monitoring service that the cluster should write metrics to. Automatically send metrics from pods in the cluster to the Google Cloud Monitoring API. VM metrics will be collected by Google Compute Engine regardless of this setting Available options include monitoring.googleapis.com(Legacy Stackdriver), monitoring.googleapis.com/kubernetes(Stackdriver Kubernetes Engine Monitoring), and none. Defaults to monitoring.googleapis.com/kubernetes
    name string
    The name of the cluster, unique within the project and location.


    network string
    The name or self_link of the Google Compute Engine network to which the cluster is connected. For Shared VPC, set this to the self link of the shared network.
    networkPolicy ClusterNetworkPolicy
    Configuration options for the NetworkPolicy feature. Structure is documented below.
    networkingMode string
    Determines whether alias IPs or routes will be used for pod IPs in the cluster. Options are VPC_NATIVE or ROUTES. VPC_NATIVE enables IP aliasing. Newly created clusters will default to VPC_NATIVE.
    nodeConfig ClusterNodeConfig
    Parameters used in creating the default node pool. Generally, this field should not be used at the same time as a gcp.container.NodePool or a node_pool block; this configuration manages the default node pool, which isn't recommended to be used. Structure is documented below.
    nodeLocations string[]

    The list of zones in which the cluster's nodes are located. Nodes must be in the region of their regional cluster or in the same region as their cluster's zone for zonal clusters. If this is specified for a zonal cluster, omit the cluster's zone.

    A "multi-zonal" cluster is a zonal cluster with at least one additional zone defined; in a multi-zonal cluster, the cluster master is only present in a single zone while nodes are present in each of the primary zone and the node locations. In contrast, in a regional cluster, cluster master nodes are present in multiple zones in the region. For that reason, regional clusters should be preferred.

    nodePoolAutoConfig ClusterNodePoolAutoConfig
    Node pool configs that apply to auto-provisioned node pools in autopilot clusters and node auto-provisioning-enabled clusters. Structure is documented below.
    nodePoolDefaults ClusterNodePoolDefaults
    Default NodePool settings for the entire cluster. These settings are overridden if specified on the specific NodePool object. Structure is documented below.
    nodePools ClusterNodePool[]
    List of node pools associated with this cluster. See gcp.container.NodePool for schema. Warning: node pools defined inside a cluster can't be changed (or added/removed) after cluster creation without deleting and recreating the entire cluster. Unless you absolutely need the ability to say "these are the only node pools associated with this cluster", use the gcp.container.NodePool resource instead of this property.
    nodeVersion string
    The Kubernetes version on the nodes. Must either be unset or set to the same value as min_master_version on create. Defaults to the default version set by GKE which is not necessarily the latest version. This only affects nodes in the default node pool. While a fuzzy version can be specified, it's recommended that you specify explicit versions as the provider will see spurious diffs when fuzzy versions are used. See the gcp.container.getEngineVersions data source's version_prefix field to approximate fuzzy versions. To update nodes in other node pools, use the version attribute on the node pool.
    notificationConfig ClusterNotificationConfig
    Configuration for the cluster upgrade notifications feature. Structure is documented below.
    podSecurityPolicyConfig ClusterPodSecurityPolicyConfig
    Configuration for the PodSecurityPolicy feature. Structure is documented below.
    privateClusterConfig ClusterPrivateClusterConfig
    Configuration for private clusters, clusters with private nodes. Structure is documented below.
    privateIpv6GoogleAccess string
    The desired state of IPv6 connectivity to Google Services. By default, no private IPv6 access to or from Google Services (all access will be via IPv4).
    project string
    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
    protectConfig ClusterProtectConfig
    Enable/Disable Protect API features for the cluster. Structure is documented below.
    releaseChannel ClusterReleaseChannel
    Configuration options for the Release channel feature, which provide more control over automatic upgrades of your GKE clusters. When updating this field, GKE imposes specific version requirements. See Selecting a new release channel for more details; the gcp.container.getEngineVersions datasource can provide the default version for a channel. Note that removing the release_channel field from your config will cause the provider to stop managing your cluster's release channel, but will not unenroll it. Instead, use the "UNSPECIFIED" channel. Structure is documented below.
    removeDefaultNodePool boolean
    If true, deletes the default node pool upon cluster creation. If you're using gcp.container.NodePool resources with no default node pool, this should be set to true, alongside setting initial_node_count to at least 1.
    resourceLabels {[key: string]: string}

    The GCE resource labels (a map of key/value pairs) to be applied to the cluster.

    Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field 'effective_labels' for all of the labels present on the resource.

    resourceUsageExportConfig ClusterResourceUsageExportConfig
    Configuration for the ResourceUsageExportConfig feature. Structure is documented below.
    secretManagerConfig ClusterSecretManagerConfig
    Configuration for the SecretManagerConfig feature. Structure is documented below.
    securityPostureConfig ClusterSecurityPostureConfig
    Enable/Disable Security Posture API features for the cluster. Structure is documented below.
    serviceExternalIpsConfig ClusterServiceExternalIpsConfig
    Structure is documented below.
    subnetwork string
    The name or self_link of the Google Compute Engine subnetwork in which the cluster's instances are launched.
    tpuConfig ClusterTpuConfig
    TPU configuration for the cluster.
    userManagedKeysConfig ClusterUserManagedKeysConfig
    The custom keys configuration of the cluster.
    verticalPodAutoscaling ClusterVerticalPodAutoscaling
    Vertical Pod Autoscaling automatically adjusts the resources of pods controlled by it. Structure is documented below.
    workloadAltsConfig ClusterWorkloadAltsConfig

    Configuration for direct-path (via ALTS) with workload identity.. Structure is documented below.

    The default_snat_status block supports

    workloadIdentityConfig ClusterWorkloadIdentityConfig
    Workload Identity allows Kubernetes service accounts to act as a user-managed Google IAM Service Account. Structure is documented below.
    addons_config ClusterAddonsConfigArgs
    The configuration for addons supported by GKE. Structure is documented below.
    allow_net_admin bool
    Enable NET_ADMIN for the cluster. Defaults to false. This field should only be enabled for Autopilot clusters (enable_autopilot set to true).
    authenticator_groups_config ClusterAuthenticatorGroupsConfigArgs
    Configuration for the Google Groups for GKE feature. Structure is documented below.
    binary_authorization ClusterBinaryAuthorizationArgs
    Configuration options for the Binary Authorization feature. Structure is documented below.
    cluster_autoscaling ClusterClusterAutoscalingArgs
    Per-cluster configuration of Node Auto-Provisioning with Cluster Autoscaler to automatically adjust the size of the cluster and create/delete node pools based on the current needs of the cluster's workload. See the guide to using Node Auto-Provisioning for more details. Structure is documented below.
    cluster_ipv4_cidr str
    The IP address range of the Kubernetes pods in this cluster in CIDR notation (e.g. 10.96.0.0/14). Leave blank to have one automatically chosen or specify a /14 block in 10.0.0.0/8. This field will default a new cluster to routes-based, where ip_allocation_policy is not defined.
    cluster_telemetry ClusterClusterTelemetryArgs
    Configuration for ClusterTelemetry feature, Structure is documented below.
    confidential_nodes ClusterConfidentialNodesArgs
    Configuration for Confidential Nodes feature. Structure is documented below documented below.
    control_plane_endpoints_config ClusterControlPlaneEndpointsConfigArgs
    Configuration for all of the cluster's control plane endpoints. Structure is documented below.
    cost_management_config ClusterCostManagementConfigArgs
    Configuration for the Cost Allocation feature. Structure is documented below.
    database_encryption ClusterDatabaseEncryptionArgs
    Structure is documented below.
    datapath_provider str
    The desired datapath provider for this cluster. This is set to LEGACY_DATAPATH by default, which uses the IPTables-based kube-proxy implementation. Set to ADVANCED_DATAPATH to enable Dataplane v2.
    default_max_pods_per_node int
    The default maximum number of pods per node in this cluster. This doesn't work on "routes-based" clusters, clusters that don't have IP Aliasing enabled. See the official documentation for more information.
    default_snat_status ClusterDefaultSnatStatusArgs
    GKE SNAT DefaultSnatStatus contains the desired state of whether default sNAT should be disabled on the cluster, API doc. Structure is documented below
    deletion_protection bool
    description str
    Description of the cluster.
    dns_config ClusterDnsConfigArgs
    Configuration for Using Cloud DNS for GKE. Structure is documented below.
    enable_autopilot bool
    Enable Autopilot for this cluster. Defaults to false. Note that when this option is enabled, certain features of Standard GKE are not available. See the official documentation for available features.
    enable_cilium_clusterwide_network_policy bool
    Whether CiliumClusterWideNetworkPolicy is enabled on this cluster. Defaults to false.
    enable_fqdn_network_policy bool
    Whether FQDN Network Policy is enabled on this cluster. Users who enable this feature for existing Standard clusters must restart the GKE Dataplane V2 anetd DaemonSet after enabling it. See the Enable FQDN Network Policy in an existing cluster for more information.
    enable_intranode_visibility bool
    Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network.
    enable_k8s_beta_apis ClusterEnableK8sBetaApisArgs
    Configuration for Kubernetes Beta APIs. Structure is documented below.
    enable_kubernetes_alpha bool
    Whether to enable Kubernetes Alpha features for this cluster. Note that when this option is enabled, the cluster cannot be upgraded and will be automatically deleted after 30 days.
    enable_l4_ilb_subsetting bool
    Whether L4ILB Subsetting is enabled for this cluster.
    enable_legacy_abac bool
    Whether the ABAC authorizer is enabled for this cluster. When enabled, identities in the system, including service accounts, nodes, and controllers, will have statically granted permissions beyond those provided by the RBAC configuration or IAM. Defaults to false
    enable_multi_networking bool
    Whether multi-networking is enabled for this cluster.
    enable_shielded_nodes bool
    Enable Shielded Nodes features on all nodes in this cluster. Defaults to true.
    enable_tpu bool
    Whether to enable Cloud TPU resources in this cluster. See the official documentation.
    fleet ClusterFleetArgs
    Fleet configuration for the cluster. Structure is documented below.
    gateway_api_config ClusterGatewayApiConfigArgs
    Configuration for GKE Gateway API controller. Structure is documented below.
    identity_service_config ClusterIdentityServiceConfigArgs
    . Structure is documented below.
    initial_node_count int
    The number of nodes to create in this cluster's default node pool. In regional or multi-zonal clusters, this is the number of nodes per zone. Must be set if node_pool is not set. If you're using gcp.container.NodePool objects with no default node pool, you'll need to set this to a value of at least 1, alongside setting remove_default_node_pool to true.
    ip_allocation_policy ClusterIpAllocationPolicyArgs
    Configuration of cluster IP allocation for VPC-native clusters. If this block is unset during creation, it will be set by the GKE backend. Structure is documented below.
    location str
    The location (region or zone) in which the cluster master will be created, as well as the default node location. If you specify a zone (such as us-central1-a), the cluster will be a zonal cluster with a single cluster master. If you specify a region (such as us-west1), the cluster will be a regional cluster with multiple masters spread across zones in the region, and with default node locations in those zones as well
    logging_config ClusterLoggingConfigArgs
    Logging configuration for the cluster. Structure is documented below.
    logging_service str
    The logging service that the cluster should write logs to. Available options include logging.googleapis.com(Legacy Stackdriver), logging.googleapis.com/kubernetes(Stackdriver Kubernetes Engine Logging), and none. Defaults to logging.googleapis.com/kubernetes
    maintenance_policy ClusterMaintenancePolicyArgs
    The maintenance policy to use for the cluster. Structure is documented below.
    master_auth ClusterMasterAuthArgs
    The authentication information for accessing the Kubernetes master. Some values in this block are only returned by the API if your service account has permission to get credentials for your GKE cluster. If you see an unexpected diff unsetting your client cert, ensure you have the container.clusters.getCredentials permission. Structure is documented below.
    master_authorized_networks_config ClusterMasterAuthorizedNetworksConfigArgs
    The desired configuration options for master authorized networks. Omit the nested cidr_blocks attribute to disallow external access (except the cluster node IPs, which GKE automatically whitelists). Structure is documented below.
    mesh_certificates ClusterMeshCertificatesArgs
    Structure is documented below.
    min_master_version str

    The minimum version of the master. GKE will auto-update the master to new versions, so this does not guarantee the current master version--use the read-only master_version field to obtain that. If unset, the cluster's version will be set by GKE to the version of the most recent official release (which is not necessarily the latest version). Most users will find the gcp.container.getEngineVersions data source useful - it indicates which versions are available. If you intend to specify versions manually, the docs describe the various acceptable formats for this field.

    If you are using the gcp.container.getEngineVersions datasource with a regional cluster, ensure that you have provided a location to the datasource. A region can have a different set of supported versions than its corresponding zones, and not all zones in a region are guaranteed to support the same version.

    monitoring_config ClusterMonitoringConfigArgs
    Monitoring configuration for the cluster. Structure is documented below.
    monitoring_service str
    The monitoring service that the cluster should write metrics to. Automatically send metrics from pods in the cluster to the Google Cloud Monitoring API. VM metrics will be collected by Google Compute Engine regardless of this setting Available options include monitoring.googleapis.com(Legacy Stackdriver), monitoring.googleapis.com/kubernetes(Stackdriver Kubernetes Engine Monitoring), and none. Defaults to monitoring.googleapis.com/kubernetes
    name str
    The name of the cluster, unique within the project and location.


    network str
    The name or self_link of the Google Compute Engine network to which the cluster is connected. For Shared VPC, set this to the self link of the shared network.
    network_policy ClusterNetworkPolicyArgs
    Configuration options for the NetworkPolicy feature. Structure is documented below.
    networking_mode str
    Determines whether alias IPs or routes will be used for pod IPs in the cluster. Options are VPC_NATIVE or ROUTES. VPC_NATIVE enables IP aliasing. Newly created clusters will default to VPC_NATIVE.
    node_config ClusterNodeConfigArgs
    Parameters used in creating the default node pool. Generally, this field should not be used at the same time as a gcp.container.NodePool or a node_pool block; this configuration manages the default node pool, which isn't recommended to be used. Structure is documented below.
    node_locations Sequence[str]

    The list of zones in which the cluster's nodes are located. Nodes must be in the region of their regional cluster or in the same region as their cluster's zone for zonal clusters. If this is specified for a zonal cluster, omit the cluster's zone.

    A "multi-zonal" cluster is a zonal cluster with at least one additional zone defined; in a multi-zonal cluster, the cluster master is only present in a single zone while nodes are present in each of the primary zone and the node locations. In contrast, in a regional cluster, cluster master nodes are present in multiple zones in the region. For that reason, regional clusters should be preferred.

    node_pool_auto_config ClusterNodePoolAutoConfigArgs
    Node pool configs that apply to auto-provisioned node pools in autopilot clusters and node auto-provisioning-enabled clusters. Structure is documented below.
    node_pool_defaults ClusterNodePoolDefaultsArgs
    Default NodePool settings for the entire cluster. These settings are overridden if specified on the specific NodePool object. Structure is documented below.
    node_pools Sequence[ClusterNodePoolArgs]
    List of node pools associated with this cluster. See gcp.container.NodePool for schema. Warning: node pools defined inside a cluster can't be changed (or added/removed) after cluster creation without deleting and recreating the entire cluster. Unless you absolutely need the ability to say "these are the only node pools associated with this cluster", use the gcp.container.NodePool resource instead of this property.
    node_version str
    The Kubernetes version on the nodes. Must either be unset or set to the same value as min_master_version on create. Defaults to the default version set by GKE which is not necessarily the latest version. This only affects nodes in the default node pool. While a fuzzy version can be specified, it's recommended that you specify explicit versions as the provider will see spurious diffs when fuzzy versions are used. See the gcp.container.getEngineVersions data source's version_prefix field to approximate fuzzy versions. To update nodes in other node pools, use the version attribute on the node pool.
    notification_config ClusterNotificationConfigArgs
    Configuration for the cluster upgrade notifications feature. Structure is documented below.
    pod_security_policy_config ClusterPodSecurityPolicyConfigArgs
    Configuration for the PodSecurityPolicy feature. Structure is documented below.
    private_cluster_config ClusterPrivateClusterConfigArgs
    Configuration for private clusters, clusters with private nodes. Structure is documented below.
    private_ipv6_google_access str
    The desired state of IPv6 connectivity to Google Services. By default, no private IPv6 access to or from Google Services (all access will be via IPv4).
    project str
    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
    protect_config ClusterProtectConfigArgs
    Enable/Disable Protect API features for the cluster. Structure is documented below.
    release_channel ClusterReleaseChannelArgs
    Configuration options for the Release channel feature, which provide more control over automatic upgrades of your GKE clusters. When updating this field, GKE imposes specific version requirements. See Selecting a new release channel for more details; the gcp.container.getEngineVersions datasource can provide the default version for a channel. Note that removing the release_channel field from your config will cause the provider to stop managing your cluster's release channel, but will not unenroll it. Instead, use the "UNSPECIFIED" channel. Structure is documented below.
    remove_default_node_pool bool
    If true, deletes the default node pool upon cluster creation. If you're using gcp.container.NodePool resources with no default node pool, this should be set to true, alongside setting initial_node_count to at least 1.
    resource_labels Mapping[str, str]

    The GCE resource labels (a map of key/value pairs) to be applied to the cluster.

    Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field 'effective_labels' for all of the labels present on the resource.

    resource_usage_export_config ClusterResourceUsageExportConfigArgs
    Configuration for the ResourceUsageExportConfig feature. Structure is documented below.
    secret_manager_config ClusterSecretManagerConfigArgs
    Configuration for the SecretManagerConfig feature. Structure is documented below.
    security_posture_config ClusterSecurityPostureConfigArgs
    Enable/Disable Security Posture API features for the cluster. Structure is documented below.
    service_external_ips_config ClusterServiceExternalIpsConfigArgs
    Structure is documented below.
    subnetwork str
    The name or self_link of the Google Compute Engine subnetwork in which the cluster's instances are launched.
    tpu_config ClusterTpuConfigArgs
    TPU configuration for the cluster.
    user_managed_keys_config ClusterUserManagedKeysConfigArgs
    The custom keys configuration of the cluster.
    vertical_pod_autoscaling ClusterVerticalPodAutoscalingArgs
    Vertical Pod Autoscaling automatically adjusts the resources of pods controlled by it. Structure is documented below.
    workload_alts_config ClusterWorkloadAltsConfigArgs

    Configuration for direct-path (via ALTS) with workload identity.. Structure is documented below.

    The default_snat_status block supports

    workload_identity_config ClusterWorkloadIdentityConfigArgs
    Workload Identity allows Kubernetes service accounts to act as a user-managed Google IAM Service Account. Structure is documented below.
    addonsConfig Property Map
    The configuration for addons supported by GKE. Structure is documented below.
    allowNetAdmin Boolean
    Enable NET_ADMIN for the cluster. Defaults to false. This field should only be enabled for Autopilot clusters (enable_autopilot set to true).
    authenticatorGroupsConfig Property Map
    Configuration for the Google Groups for GKE feature. Structure is documented below.
    binaryAuthorization Property Map
    Configuration options for the Binary Authorization feature. Structure is documented below.
    clusterAutoscaling Property Map
    Per-cluster configuration of Node Auto-Provisioning with Cluster Autoscaler to automatically adjust the size of the cluster and create/delete node pools based on the current needs of the cluster's workload. See the guide to using Node Auto-Provisioning for more details. Structure is documented below.
    clusterIpv4Cidr String
    The IP address range of the Kubernetes pods in this cluster in CIDR notation (e.g. 10.96.0.0/14). Leave blank to have one automatically chosen or specify a /14 block in 10.0.0.0/8. This field will default a new cluster to routes-based, where ip_allocation_policy is not defined.
    clusterTelemetry Property Map
    Configuration for ClusterTelemetry feature, Structure is documented below.
    confidentialNodes Property Map
    Configuration for Confidential Nodes feature. Structure is documented below documented below.
    controlPlaneEndpointsConfig Property Map
    Configuration for all of the cluster's control plane endpoints. Structure is documented below.
    costManagementConfig Property Map
    Configuration for the Cost Allocation feature. Structure is documented below.
    databaseEncryption Property Map
    Structure is documented below.
    datapathProvider String
    The desired datapath provider for this cluster. This is set to LEGACY_DATAPATH by default, which uses the IPTables-based kube-proxy implementation. Set to ADVANCED_DATAPATH to enable Dataplane v2.
    defaultMaxPodsPerNode Number
    The default maximum number of pods per node in this cluster. This doesn't work on "routes-based" clusters, clusters that don't have IP Aliasing enabled. See the official documentation for more information.
    defaultSnatStatus Property Map
    GKE SNAT DefaultSnatStatus contains the desired state of whether default sNAT should be disabled on the cluster, API doc. Structure is documented below
    deletionProtection Boolean
    description String
    Description of the cluster.
    dnsConfig Property Map
    Configuration for Using Cloud DNS for GKE. Structure is documented below.
    enableAutopilot Boolean
    Enable Autopilot for this cluster. Defaults to false. Note that when this option is enabled, certain features of Standard GKE are not available. See the official documentation for available features.
    enableCiliumClusterwideNetworkPolicy Boolean
    Whether CiliumClusterWideNetworkPolicy is enabled on this cluster. Defaults to false.
    enableFqdnNetworkPolicy Boolean
    Whether FQDN Network Policy is enabled on this cluster. Users who enable this feature for existing Standard clusters must restart the GKE Dataplane V2 anetd DaemonSet after enabling it. See the Enable FQDN Network Policy in an existing cluster for more information.
    enableIntranodeVisibility Boolean
    Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network.
    enableK8sBetaApis Property Map
    Configuration for Kubernetes Beta APIs. Structure is documented below.
    enableKubernetesAlpha Boolean
    Whether to enable Kubernetes Alpha features for this cluster. Note that when this option is enabled, the cluster cannot be upgraded and will be automatically deleted after 30 days.
    enableL4IlbSubsetting Boolean
    Whether L4ILB Subsetting is enabled for this cluster.
    enableLegacyAbac Boolean
    Whether the ABAC authorizer is enabled for this cluster. When enabled, identities in the system, including service accounts, nodes, and controllers, will have statically granted permissions beyond those provided by the RBAC configuration or IAM. Defaults to false
    enableMultiNetworking Boolean
    Whether multi-networking is enabled for this cluster.
    enableShieldedNodes Boolean
    Enable Shielded Nodes features on all nodes in this cluster. Defaults to true.
    enableTpu Boolean
    Whether to enable Cloud TPU resources in this cluster. See the official documentation.
    fleet Property Map
    Fleet configuration for the cluster. Structure is documented below.
    gatewayApiConfig Property Map
    Configuration for GKE Gateway API controller. Structure is documented below.
    identityServiceConfig Property Map
    . Structure is documented below.
    initialNodeCount Number
    The number of nodes to create in this cluster's default node pool. In regional or multi-zonal clusters, this is the number of nodes per zone. Must be set if node_pool is not set. If you're using gcp.container.NodePool objects with no default node pool, you'll need to set this to a value of at least 1, alongside setting remove_default_node_pool to true.
    ipAllocationPolicy Property Map
    Configuration of cluster IP allocation for VPC-native clusters. If this block is unset during creation, it will be set by the GKE backend. Structure is documented below.
    location String
    The location (region or zone) in which the cluster master will be created, as well as the default node location. If you specify a zone (such as us-central1-a), the cluster will be a zonal cluster with a single cluster master. If you specify a region (such as us-west1), the cluster will be a regional cluster with multiple masters spread across zones in the region, and with default node locations in those zones as well
    loggingConfig Property Map
    Logging configuration for the cluster. Structure is documented below.
    loggingService String
    The logging service that the cluster should write logs to. Available options include logging.googleapis.com(Legacy Stackdriver), logging.googleapis.com/kubernetes(Stackdriver Kubernetes Engine Logging), and none. Defaults to logging.googleapis.com/kubernetes
    maintenancePolicy Property Map
    The maintenance policy to use for the cluster. Structure is documented below.
    masterAuth Property Map
    The authentication information for accessing the Kubernetes master. Some values in this block are only returned by the API if your service account has permission to get credentials for your GKE cluster. If you see an unexpected diff unsetting your client cert, ensure you have the container.clusters.getCredentials permission. Structure is documented below.
    masterAuthorizedNetworksConfig Property Map
    The desired configuration options for master authorized networks. Omit the nested cidr_blocks attribute to disallow external access (except the cluster node IPs, which GKE automatically whitelists). Structure is documented below.
    meshCertificates Property Map
    Structure is documented below.
    minMasterVersion String

    The minimum version of the master. GKE will auto-update the master to new versions, so this does not guarantee the current master version--use the read-only master_version field to obtain that. If unset, the cluster's version will be set by GKE to the version of the most recent official release (which is not necessarily the latest version). Most users will find the gcp.container.getEngineVersions data source useful - it indicates which versions are available. If you intend to specify versions manually, the docs describe the various acceptable formats for this field.

    If you are using the gcp.container.getEngineVersions datasource with a regional cluster, ensure that you have provided a location to the datasource. A region can have a different set of supported versions than its corresponding zones, and not all zones in a region are guaranteed to support the same version.

    monitoringConfig Property Map
    Monitoring configuration for the cluster. Structure is documented below.
    monitoringService String
    The monitoring service that the cluster should write metrics to. Automatically send metrics from pods in the cluster to the Google Cloud Monitoring API. VM metrics will be collected by Google Compute Engine regardless of this setting Available options include monitoring.googleapis.com(Legacy Stackdriver), monitoring.googleapis.com/kubernetes(Stackdriver Kubernetes Engine Monitoring), and none. Defaults to monitoring.googleapis.com/kubernetes
    name String
    The name of the cluster, unique within the project and location.


    network String
    The name or self_link of the Google Compute Engine network to which the cluster is connected. For Shared VPC, set this to the self link of the shared network.
    networkPolicy Property Map
    Configuration options for the NetworkPolicy feature. Structure is documented below.
    networkingMode String
    Determines whether alias IPs or routes will be used for pod IPs in the cluster. Options are VPC_NATIVE or ROUTES. VPC_NATIVE enables IP aliasing. Newly created clusters will default to VPC_NATIVE.
    nodeConfig Property Map
    Parameters used in creating the default node pool. Generally, this field should not be used at the same time as a gcp.container.NodePool or a node_pool block; this configuration manages the default node pool, which isn't recommended to be used. Structure is documented below.
    nodeLocations List<String>

    The list of zones in which the cluster's nodes are located. Nodes must be in the region of their regional cluster or in the same region as their cluster's zone for zonal clusters. If this is specified for a zonal cluster, omit the cluster's zone.

    A "multi-zonal" cluster is a zonal cluster with at least one additional zone defined; in a multi-zonal cluster, the cluster master is only present in a single zone while nodes are present in each of the primary zone and the node locations. In contrast, in a regional cluster, cluster master nodes are present in multiple zones in the region. For that reason, regional clusters should be preferred.

    nodePoolAutoConfig Property Map
    Node pool configs that apply to auto-provisioned node pools in autopilot clusters and node auto-provisioning-enabled clusters. Structure is documented below.
    nodePoolDefaults Property Map
    Default NodePool settings for the entire cluster. These settings are overridden if specified on the specific NodePool object. Structure is documented below.
    nodePools List<Property Map>
    List of node pools associated with this cluster. See gcp.container.NodePool for schema. Warning: node pools defined inside a cluster can't be changed (or added/removed) after cluster creation without deleting and recreating the entire cluster. Unless you absolutely need the ability to say "these are the only node pools associated with this cluster", use the gcp.container.NodePool resource instead of this property.
    nodeVersion String
    The Kubernetes version on the nodes. Must either be unset or set to the same value as min_master_version on create. Defaults to the default version set by GKE which is not necessarily the latest version. This only affects nodes in the default node pool. While a fuzzy version can be specified, it's recommended that you specify explicit versions as the provider will see spurious diffs when fuzzy versions are used. See the gcp.container.getEngineVersions data source's version_prefix field to approximate fuzzy versions. To update nodes in other node pools, use the version attribute on the node pool.
    notificationConfig Property Map
    Configuration for the cluster upgrade notifications feature. Structure is documented below.
    podSecurityPolicyConfig Property Map
    Configuration for the PodSecurityPolicy feature. Structure is documented below.
    privateClusterConfig Property Map
    Configuration for private clusters, clusters with private nodes. Structure is documented below.
    privateIpv6GoogleAccess String
    The desired state of IPv6 connectivity to Google Services. By default, no private IPv6 access to or from Google Services (all access will be via IPv4).
    project String
    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
    protectConfig Property Map
    Enable/Disable Protect API features for the cluster. Structure is documented below.
    releaseChannel Property Map
    Configuration options for the Release channel feature, which provide more control over automatic upgrades of your GKE clusters. When updating this field, GKE imposes specific version requirements. See Selecting a new release channel for more details; the gcp.container.getEngineVersions datasource can provide the default version for a channel. Note that removing the release_channel field from your config will cause the provider to stop managing your cluster's release channel, but will not unenroll it. Instead, use the "UNSPECIFIED" channel. Structure is documented below.
    removeDefaultNodePool Boolean
    If true, deletes the default node pool upon cluster creation. If you're using gcp.container.NodePool resources with no default node pool, this should be set to true, alongside setting initial_node_count to at least 1.
    resourceLabels Map<String>

    The GCE resource labels (a map of key/value pairs) to be applied to the cluster.

    Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field 'effective_labels' for all of the labels present on the resource.

    resourceUsageExportConfig Property Map
    Configuration for the ResourceUsageExportConfig feature. Structure is documented below.
    secretManagerConfig Property Map
    Configuration for the SecretManagerConfig feature. Structure is documented below.
    securityPostureConfig Property Map
    Enable/Disable Security Posture API features for the cluster. Structure is documented below.
    serviceExternalIpsConfig Property Map
    Structure is documented below.
    subnetwork String
    The name or self_link of the Google Compute Engine subnetwork in which the cluster's instances are launched.
    tpuConfig Property Map
    TPU configuration for the cluster.
    userManagedKeysConfig Property Map
    The custom keys configuration of the cluster.
    verticalPodAutoscaling Property Map
    Vertical Pod Autoscaling automatically adjusts the resources of pods controlled by it. Structure is documented below.
    workloadAltsConfig Property Map

    Configuration for direct-path (via ALTS) with workload identity.. Structure is documented below.

    The default_snat_status block supports

    workloadIdentityConfig Property Map
    Workload Identity allows Kubernetes service accounts to act as a user-managed Google IAM Service Account. Structure is documented below.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the Cluster resource produces the following output properties:

    EffectiveLabels Dictionary<string, string>
    All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
    Endpoint string
    The IP address of this cluster's Kubernetes master.
    Id string
    The provider-assigned unique ID for this managed resource.
    LabelFingerprint string
    The fingerprint of the set of labels for this cluster.
    MasterVersion string
    The current version of the master in the cluster. This may be different than the min_master_version set in the config if the master has been updated by GKE.
    Operation string
    PulumiLabels Dictionary<string, string>
    The combination of labels configured directly on the resource and default labels configured on the provider.
    SelfLink string
    The server-defined URL for the resource.
    ServicesIpv4Cidr string
    The IP address range of the Kubernetes services in this cluster, in CIDR notation (e.g. 1.2.3.4/29). Service addresses are typically put in the last /16 from the container CIDR.
    TpuIpv4CidrBlock string
    The IP address range of the Cloud TPUs in this cluster, in CIDR notation (e.g. 1.2.3.4/29).
    EffectiveLabels map[string]string
    All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
    Endpoint string
    The IP address of this cluster's Kubernetes master.
    Id string
    The provider-assigned unique ID for this managed resource.
    LabelFingerprint string
    The fingerprint of the set of labels for this cluster.
    MasterVersion string
    The current version of the master in the cluster. This may be different than the min_master_version set in the config if the master has been updated by GKE.
    Operation string
    PulumiLabels map[string]string
    The combination of labels configured directly on the resource and default labels configured on the provider.
    SelfLink string
    The server-defined URL for the resource.
    ServicesIpv4Cidr string
    The IP address range of the Kubernetes services in this cluster, in CIDR notation (e.g. 1.2.3.4/29). Service addresses are typically put in the last /16 from the container CIDR.
    TpuIpv4CidrBlock string
    The IP address range of the Cloud TPUs in this cluster, in CIDR notation (e.g. 1.2.3.4/29).
    effectiveLabels Map<String,String>
    All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
    endpoint String
    The IP address of this cluster's Kubernetes master.
    id String
    The provider-assigned unique ID for this managed resource.
    labelFingerprint String
    The fingerprint of the set of labels for this cluster.
    masterVersion String
    The current version of the master in the cluster. This may be different than the min_master_version set in the config if the master has been updated by GKE.
    operation String
    pulumiLabels Map<String,String>
    The combination of labels configured directly on the resource and default labels configured on the provider.
    selfLink String
    The server-defined URL for the resource.
    servicesIpv4Cidr String
    The IP address range of the Kubernetes services in this cluster, in CIDR notation (e.g. 1.2.3.4/29). Service addresses are typically put in the last /16 from the container CIDR.
    tpuIpv4CidrBlock String
    The IP address range of the Cloud TPUs in this cluster, in CIDR notation (e.g. 1.2.3.4/29).
    effectiveLabels {[key: string]: string}
    All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
    endpoint string
    The IP address of this cluster's Kubernetes master.
    id string
    The provider-assigned unique ID for this managed resource.
    labelFingerprint string
    The fingerprint of the set of labels for this cluster.
    masterVersion string
    The current version of the master in the cluster. This may be different than the min_master_version set in the config if the master has been updated by GKE.
    operation string
    pulumiLabels {[key: string]: string}
    The combination of labels configured directly on the resource and default labels configured on the provider.
    selfLink string
    The server-defined URL for the resource.
    servicesIpv4Cidr string
    The IP address range of the Kubernetes services in this cluster, in CIDR notation (e.g. 1.2.3.4/29). Service addresses are typically put in the last /16 from the container CIDR.
    tpuIpv4CidrBlock string
    The IP address range of the Cloud TPUs in this cluster, in CIDR notation (e.g. 1.2.3.4/29).
    effective_labels Mapping[str, str]
    All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
    endpoint str
    The IP address of this cluster's Kubernetes master.
    id str
    The provider-assigned unique ID for this managed resource.
    label_fingerprint str
    The fingerprint of the set of labels for this cluster.
    master_version str
    The current version of the master in the cluster. This may be different than the min_master_version set in the config if the master has been updated by GKE.
    operation str
    pulumi_labels Mapping[str, str]
    The combination of labels configured directly on the resource and default labels configured on the provider.
    self_link str
    The server-defined URL for the resource.
    services_ipv4_cidr str
    The IP address range of the Kubernetes services in this cluster, in CIDR notation (e.g. 1.2.3.4/29). Service addresses are typically put in the last /16 from the container CIDR.
    tpu_ipv4_cidr_block str
    The IP address range of the Cloud TPUs in this cluster, in CIDR notation (e.g. 1.2.3.4/29).
    effectiveLabels Map<String>
    All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
    endpoint String
    The IP address of this cluster's Kubernetes master.
    id String
    The provider-assigned unique ID for this managed resource.
    labelFingerprint String
    The fingerprint of the set of labels for this cluster.
    masterVersion String
    The current version of the master in the cluster. This may be different than the min_master_version set in the config if the master has been updated by GKE.
    operation String
    pulumiLabels Map<String>
    The combination of labels configured directly on the resource and default labels configured on the provider.
    selfLink String
    The server-defined URL for the resource.
    servicesIpv4Cidr String
    The IP address range of the Kubernetes services in this cluster, in CIDR notation (e.g. 1.2.3.4/29). Service addresses are typically put in the last /16 from the container CIDR.
    tpuIpv4CidrBlock String
    The IP address range of the Cloud TPUs in this cluster, in CIDR notation (e.g. 1.2.3.4/29).

    Look up Existing Cluster Resource

    Get an existing Cluster resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: ClusterState, opts?: CustomResourceOptions): Cluster
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            addons_config: Optional[ClusterAddonsConfigArgs] = None,
            allow_net_admin: Optional[bool] = None,
            authenticator_groups_config: Optional[ClusterAuthenticatorGroupsConfigArgs] = None,
            binary_authorization: Optional[ClusterBinaryAuthorizationArgs] = None,
            cluster_autoscaling: Optional[ClusterClusterAutoscalingArgs] = None,
            cluster_ipv4_cidr: Optional[str] = None,
            cluster_telemetry: Optional[ClusterClusterTelemetryArgs] = None,
            confidential_nodes: Optional[ClusterConfidentialNodesArgs] = None,
            control_plane_endpoints_config: Optional[ClusterControlPlaneEndpointsConfigArgs] = None,
            cost_management_config: Optional[ClusterCostManagementConfigArgs] = None,
            database_encryption: Optional[ClusterDatabaseEncryptionArgs] = None,
            datapath_provider: Optional[str] = None,
            default_max_pods_per_node: Optional[int] = None,
            default_snat_status: Optional[ClusterDefaultSnatStatusArgs] = None,
            deletion_protection: Optional[bool] = None,
            description: Optional[str] = None,
            dns_config: Optional[ClusterDnsConfigArgs] = None,
            effective_labels: Optional[Mapping[str, str]] = None,
            enable_autopilot: Optional[bool] = None,
            enable_cilium_clusterwide_network_policy: Optional[bool] = None,
            enable_fqdn_network_policy: Optional[bool] = None,
            enable_intranode_visibility: Optional[bool] = None,
            enable_k8s_beta_apis: Optional[ClusterEnableK8sBetaApisArgs] = None,
            enable_kubernetes_alpha: Optional[bool] = None,
            enable_l4_ilb_subsetting: Optional[bool] = None,
            enable_legacy_abac: Optional[bool] = None,
            enable_multi_networking: Optional[bool] = None,
            enable_shielded_nodes: Optional[bool] = None,
            enable_tpu: Optional[bool] = None,
            endpoint: Optional[str] = None,
            fleet: Optional[ClusterFleetArgs] = None,
            gateway_api_config: Optional[ClusterGatewayApiConfigArgs] = None,
            identity_service_config: Optional[ClusterIdentityServiceConfigArgs] = None,
            initial_node_count: Optional[int] = None,
            ip_allocation_policy: Optional[ClusterIpAllocationPolicyArgs] = None,
            label_fingerprint: Optional[str] = None,
            location: Optional[str] = None,
            logging_config: Optional[ClusterLoggingConfigArgs] = None,
            logging_service: Optional[str] = None,
            maintenance_policy: Optional[ClusterMaintenancePolicyArgs] = None,
            master_auth: Optional[ClusterMasterAuthArgs] = None,
            master_authorized_networks_config: Optional[ClusterMasterAuthorizedNetworksConfigArgs] = None,
            master_version: Optional[str] = None,
            mesh_certificates: Optional[ClusterMeshCertificatesArgs] = None,
            min_master_version: Optional[str] = None,
            monitoring_config: Optional[ClusterMonitoringConfigArgs] = None,
            monitoring_service: Optional[str] = None,
            name: Optional[str] = None,
            network: Optional[str] = None,
            network_policy: Optional[ClusterNetworkPolicyArgs] = None,
            networking_mode: Optional[str] = None,
            node_config: Optional[ClusterNodeConfigArgs] = None,
            node_locations: Optional[Sequence[str]] = None,
            node_pool_auto_config: Optional[ClusterNodePoolAutoConfigArgs] = None,
            node_pool_defaults: Optional[ClusterNodePoolDefaultsArgs] = None,
            node_pools: Optional[Sequence[ClusterNodePoolArgs]] = None,
            node_version: Optional[str] = None,
            notification_config: Optional[ClusterNotificationConfigArgs] = None,
            operation: Optional[str] = None,
            pod_security_policy_config: Optional[ClusterPodSecurityPolicyConfigArgs] = None,
            private_cluster_config: Optional[ClusterPrivateClusterConfigArgs] = None,
            private_ipv6_google_access: Optional[str] = None,
            project: Optional[str] = None,
            protect_config: Optional[ClusterProtectConfigArgs] = None,
            pulumi_labels: Optional[Mapping[str, str]] = None,
            release_channel: Optional[ClusterReleaseChannelArgs] = None,
            remove_default_node_pool: Optional[bool] = None,
            resource_labels: Optional[Mapping[str, str]] = None,
            resource_usage_export_config: Optional[ClusterResourceUsageExportConfigArgs] = None,
            secret_manager_config: Optional[ClusterSecretManagerConfigArgs] = None,
            security_posture_config: Optional[ClusterSecurityPostureConfigArgs] = None,
            self_link: Optional[str] = None,
            service_external_ips_config: Optional[ClusterServiceExternalIpsConfigArgs] = None,
            services_ipv4_cidr: Optional[str] = None,
            subnetwork: Optional[str] = None,
            tpu_config: Optional[ClusterTpuConfigArgs] = None,
            tpu_ipv4_cidr_block: Optional[str] = None,
            user_managed_keys_config: Optional[ClusterUserManagedKeysConfigArgs] = None,
            vertical_pod_autoscaling: Optional[ClusterVerticalPodAutoscalingArgs] = None,
            workload_alts_config: Optional[ClusterWorkloadAltsConfigArgs] = None,
            workload_identity_config: Optional[ClusterWorkloadIdentityConfigArgs] = None) -> Cluster
    func GetCluster(ctx *Context, name string, id IDInput, state *ClusterState, opts ...ResourceOption) (*Cluster, error)
    public static Cluster Get(string name, Input<string> id, ClusterState? state, CustomResourceOptions? opts = null)
    public static Cluster get(String name, Output<String> id, ClusterState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    AddonsConfig ClusterAddonsConfig
    The configuration for addons supported by GKE. Structure is documented below.
    AllowNetAdmin bool
    Enable NET_ADMIN for the cluster. Defaults to false. This field should only be enabled for Autopilot clusters (enable_autopilot set to true).
    AuthenticatorGroupsConfig ClusterAuthenticatorGroupsConfig
    Configuration for the Google Groups for GKE feature. Structure is documented below.
    BinaryAuthorization ClusterBinaryAuthorization
    Configuration options for the Binary Authorization feature. Structure is documented below.
    ClusterAutoscaling ClusterClusterAutoscaling
    Per-cluster configuration of Node Auto-Provisioning with Cluster Autoscaler to automatically adjust the size of the cluster and create/delete node pools based on the current needs of the cluster's workload. See the guide to using Node Auto-Provisioning for more details. Structure is documented below.
    ClusterIpv4Cidr string
    The IP address range of the Kubernetes pods in this cluster in CIDR notation (e.g. 10.96.0.0/14). Leave blank to have one automatically chosen or specify a /14 block in 10.0.0.0/8. This field will default a new cluster to routes-based, where ip_allocation_policy is not defined.
    ClusterTelemetry ClusterClusterTelemetry
    Configuration for ClusterTelemetry feature, Structure is documented below.
    ConfidentialNodes ClusterConfidentialNodes
    Configuration for Confidential Nodes feature. Structure is documented below documented below.
    ControlPlaneEndpointsConfig ClusterControlPlaneEndpointsConfig
    Configuration for all of the cluster's control plane endpoints. Structure is documented below.
    CostManagementConfig ClusterCostManagementConfig
    Configuration for the Cost Allocation feature. Structure is documented below.
    DatabaseEncryption ClusterDatabaseEncryption
    Structure is documented below.
    DatapathProvider string
    The desired datapath provider for this cluster. This is set to LEGACY_DATAPATH by default, which uses the IPTables-based kube-proxy implementation. Set to ADVANCED_DATAPATH to enable Dataplane v2.
    DefaultMaxPodsPerNode int
    The default maximum number of pods per node in this cluster. This doesn't work on "routes-based" clusters, clusters that don't have IP Aliasing enabled. See the official documentation for more information.
    DefaultSnatStatus ClusterDefaultSnatStatus
    GKE SNAT DefaultSnatStatus contains the desired state of whether default sNAT should be disabled on the cluster, API doc. Structure is documented below
    DeletionProtection bool
    Description string
    Description of the cluster.
    DnsConfig ClusterDnsConfig
    Configuration for Using Cloud DNS for GKE. Structure is documented below.
    EffectiveLabels Dictionary<string, string>
    All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
    EnableAutopilot bool
    Enable Autopilot for this cluster. Defaults to false. Note that when this option is enabled, certain features of Standard GKE are not available. See the official documentation for available features.
    EnableCiliumClusterwideNetworkPolicy bool
    Whether CiliumClusterWideNetworkPolicy is enabled on this cluster. Defaults to false.
    EnableFqdnNetworkPolicy bool
    Whether FQDN Network Policy is enabled on this cluster. Users who enable this feature for existing Standard clusters must restart the GKE Dataplane V2 anetd DaemonSet after enabling it. See the Enable FQDN Network Policy in an existing cluster for more information.
    EnableIntranodeVisibility bool
    Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network.
    EnableK8sBetaApis ClusterEnableK8sBetaApis
    Configuration for Kubernetes Beta APIs. Structure is documented below.
    EnableKubernetesAlpha bool
    Whether to enable Kubernetes Alpha features for this cluster. Note that when this option is enabled, the cluster cannot be upgraded and will be automatically deleted after 30 days.
    EnableL4IlbSubsetting bool
    Whether L4ILB Subsetting is enabled for this cluster.
    EnableLegacyAbac bool
    Whether the ABAC authorizer is enabled for this cluster. When enabled, identities in the system, including service accounts, nodes, and controllers, will have statically granted permissions beyond those provided by the RBAC configuration or IAM. Defaults to false
    EnableMultiNetworking bool
    Whether multi-networking is enabled for this cluster.
    EnableShieldedNodes bool
    Enable Shielded Nodes features on all nodes in this cluster. Defaults to true.
    EnableTpu bool
    Whether to enable Cloud TPU resources in this cluster. See the official documentation.
    Endpoint string
    The IP address of this cluster's Kubernetes master.
    Fleet ClusterFleet
    Fleet configuration for the cluster. Structure is documented below.
    GatewayApiConfig ClusterGatewayApiConfig
    Configuration for GKE Gateway API controller. Structure is documented below.
    IdentityServiceConfig ClusterIdentityServiceConfig
    . Structure is documented below.
    InitialNodeCount int
    The number of nodes to create in this cluster's default node pool. In regional or multi-zonal clusters, this is the number of nodes per zone. Must be set if node_pool is not set. If you're using gcp.container.NodePool objects with no default node pool, you'll need to set this to a value of at least 1, alongside setting remove_default_node_pool to true.
    IpAllocationPolicy ClusterIpAllocationPolicy
    Configuration of cluster IP allocation for VPC-native clusters. If this block is unset during creation, it will be set by the GKE backend. Structure is documented below.
    LabelFingerprint string
    The fingerprint of the set of labels for this cluster.
    Location string
    The location (region or zone) in which the cluster master will be created, as well as the default node location. If you specify a zone (such as us-central1-a), the cluster will be a zonal cluster with a single cluster master. If you specify a region (such as us-west1), the cluster will be a regional cluster with multiple masters spread across zones in the region, and with default node locations in those zones as well
    LoggingConfig ClusterLoggingConfig
    Logging configuration for the cluster. Structure is documented below.
    LoggingService string
    The logging service that the cluster should write logs to. Available options include logging.googleapis.com(Legacy Stackdriver), logging.googleapis.com/kubernetes(Stackdriver Kubernetes Engine Logging), and none. Defaults to logging.googleapis.com/kubernetes
    MaintenancePolicy ClusterMaintenancePolicy
    The maintenance policy to use for the cluster. Structure is documented below.
    MasterAuth ClusterMasterAuth
    The authentication information for accessing the Kubernetes master. Some values in this block are only returned by the API if your service account has permission to get credentials for your GKE cluster. If you see an unexpected diff unsetting your client cert, ensure you have the container.clusters.getCredentials permission. Structure is documented below.
    MasterAuthorizedNetworksConfig ClusterMasterAuthorizedNetworksConfig
    The desired configuration options for master authorized networks. Omit the nested cidr_blocks attribute to disallow external access (except the cluster node IPs, which GKE automatically whitelists). Structure is documented below.
    MasterVersion string
    The current version of the master in the cluster. This may be different than the min_master_version set in the config if the master has been updated by GKE.
    MeshCertificates ClusterMeshCertificates
    Structure is documented below.
    MinMasterVersion string

    The minimum version of the master. GKE will auto-update the master to new versions, so this does not guarantee the current master version--use the read-only master_version field to obtain that. If unset, the cluster's version will be set by GKE to the version of the most recent official release (which is not necessarily the latest version). Most users will find the gcp.container.getEngineVersions data source useful - it indicates which versions are available. If you intend to specify versions manually, the docs describe the various acceptable formats for this field.

    If you are using the gcp.container.getEngineVersions datasource with a regional cluster, ensure that you have provided a location to the datasource. A region can have a different set of supported versions than its corresponding zones, and not all zones in a region are guaranteed to support the same version.

    MonitoringConfig ClusterMonitoringConfig
    Monitoring configuration for the cluster. Structure is documented below.
    MonitoringService string
    The monitoring service that the cluster should write metrics to. Automatically send metrics from pods in the cluster to the Google Cloud Monitoring API. VM metrics will be collected by Google Compute Engine regardless of this setting Available options include monitoring.googleapis.com(Legacy Stackdriver), monitoring.googleapis.com/kubernetes(Stackdriver Kubernetes Engine Monitoring), and none. Defaults to monitoring.googleapis.com/kubernetes
    Name string
    The name of the cluster, unique within the project and location.


    Network string
    The name or self_link of the Google Compute Engine network to which the cluster is connected. For Shared VPC, set this to the self link of the shared network.
    NetworkPolicy ClusterNetworkPolicy
    Configuration options for the NetworkPolicy feature. Structure is documented below.
    NetworkingMode string
    Determines whether alias IPs or routes will be used for pod IPs in the cluster. Options are VPC_NATIVE or ROUTES. VPC_NATIVE enables IP aliasing. Newly created clusters will default to VPC_NATIVE.
    NodeConfig ClusterNodeConfig
    Parameters used in creating the default node pool. Generally, this field should not be used at the same time as a gcp.container.NodePool or a node_pool block; this configuration manages the default node pool, which isn't recommended to be used. Structure is documented below.
    NodeLocations List<string>

    The list of zones in which the cluster's nodes are located. Nodes must be in the region of their regional cluster or in the same region as their cluster's zone for zonal clusters. If this is specified for a zonal cluster, omit the cluster's zone.

    A "multi-zonal" cluster is a zonal cluster with at least one additional zone defined; in a multi-zonal cluster, the cluster master is only present in a single zone while nodes are present in each of the primary zone and the node locations. In contrast, in a regional cluster, cluster master nodes are present in multiple zones in the region. For that reason, regional clusters should be preferred.

    NodePoolAutoConfig ClusterNodePoolAutoConfig
    Node pool configs that apply to auto-provisioned node pools in autopilot clusters and node auto-provisioning-enabled clusters. Structure is documented below.
    NodePoolDefaults ClusterNodePoolDefaults
    Default NodePool settings for the entire cluster. These settings are overridden if specified on the specific NodePool object. Structure is documented below.
    NodePools List<ClusterNodePool>
    List of node pools associated with this cluster. See gcp.container.NodePool for schema. Warning: node pools defined inside a cluster can't be changed (or added/removed) after cluster creation without deleting and recreating the entire cluster. Unless you absolutely need the ability to say "these are the only node pools associated with this cluster", use the gcp.container.NodePool resource instead of this property.
    NodeVersion string
    The Kubernetes version on the nodes. Must either be unset or set to the same value as min_master_version on create. Defaults to the default version set by GKE which is not necessarily the latest version. This only affects nodes in the default node pool. While a fuzzy version can be specified, it's recommended that you specify explicit versions as the provider will see spurious diffs when fuzzy versions are used. See the gcp.container.getEngineVersions data source's version_prefix field to approximate fuzzy versions. To update nodes in other node pools, use the version attribute on the node pool.
    NotificationConfig ClusterNotificationConfig
    Configuration for the cluster upgrade notifications feature. Structure is documented below.
    Operation string
    PodSecurityPolicyConfig ClusterPodSecurityPolicyConfig
    Configuration for the PodSecurityPolicy feature. Structure is documented below.
    PrivateClusterConfig ClusterPrivateClusterConfig
    Configuration for private clusters, clusters with private nodes. Structure is documented below.
    PrivateIpv6GoogleAccess string
    The desired state of IPv6 connectivity to Google Services. By default, no private IPv6 access to or from Google Services (all access will be via IPv4).
    Project string
    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
    ProtectConfig ClusterProtectConfig
    Enable/Disable Protect API features for the cluster. Structure is documented below.
    PulumiLabels Dictionary<string, string>
    The combination of labels configured directly on the resource and default labels configured on the provider.
    ReleaseChannel ClusterReleaseChannel
    Configuration options for the Release channel feature, which provide more control over automatic upgrades of your GKE clusters. When updating this field, GKE imposes specific version requirements. See Selecting a new release channel for more details; the gcp.container.getEngineVersions datasource can provide the default version for a channel. Note that removing the release_channel field from your config will cause the provider to stop managing your cluster's release channel, but will not unenroll it. Instead, use the "UNSPECIFIED" channel. Structure is documented below.
    RemoveDefaultNodePool bool
    If true, deletes the default node pool upon cluster creation. If you're using gcp.container.NodePool resources with no default node pool, this should be set to true, alongside setting initial_node_count to at least 1.
    ResourceLabels Dictionary<string, string>

    The GCE resource labels (a map of key/value pairs) to be applied to the cluster.

    Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field 'effective_labels' for all of the labels present on the resource.

    ResourceUsageExportConfig ClusterResourceUsageExportConfig
    Configuration for the ResourceUsageExportConfig feature. Structure is documented below.
    SecretManagerConfig ClusterSecretManagerConfig
    Configuration for the SecretManagerConfig feature. Structure is documented below.
    SecurityPostureConfig ClusterSecurityPostureConfig
    Enable/Disable Security Posture API features for the cluster. Structure is documented below.
    SelfLink string
    The server-defined URL for the resource.
    ServiceExternalIpsConfig ClusterServiceExternalIpsConfig
    Structure is documented below.
    ServicesIpv4Cidr string
    The IP address range of the Kubernetes services in this cluster, in CIDR notation (e.g. 1.2.3.4/29). Service addresses are typically put in the last /16 from the container CIDR.
    Subnetwork string
    The name or self_link of the Google Compute Engine subnetwork in which the cluster's instances are launched.
    TpuConfig ClusterTpuConfig
    TPU configuration for the cluster.
    TpuIpv4CidrBlock string
    The IP address range of the Cloud TPUs in this cluster, in CIDR notation (e.g. 1.2.3.4/29).
    UserManagedKeysConfig ClusterUserManagedKeysConfig
    The custom keys configuration of the cluster.
    VerticalPodAutoscaling ClusterVerticalPodAutoscaling
    Vertical Pod Autoscaling automatically adjusts the resources of pods controlled by it. Structure is documented below.
    WorkloadAltsConfig ClusterWorkloadAltsConfig

    Configuration for direct-path (via ALTS) with workload identity.. Structure is documented below.

    The default_snat_status block supports

    WorkloadIdentityConfig ClusterWorkloadIdentityConfig
    Workload Identity allows Kubernetes service accounts to act as a user-managed Google IAM Service Account. Structure is documented below.
    AddonsConfig ClusterAddonsConfigArgs
    The configuration for addons supported by GKE. Structure is documented below.
    AllowNetAdmin bool
    Enable NET_ADMIN for the cluster. Defaults to false. This field should only be enabled for Autopilot clusters (enable_autopilot set to true).
    AuthenticatorGroupsConfig ClusterAuthenticatorGroupsConfigArgs
    Configuration for the Google Groups for GKE feature. Structure is documented below.
    BinaryAuthorization ClusterBinaryAuthorizationArgs
    Configuration options for the Binary Authorization feature. Structure is documented below.
    ClusterAutoscaling ClusterClusterAutoscalingArgs
    Per-cluster configuration of Node Auto-Provisioning with Cluster Autoscaler to automatically adjust the size of the cluster and create/delete node pools based on the current needs of the cluster's workload. See the guide to using Node Auto-Provisioning for more details. Structure is documented below.
    ClusterIpv4Cidr string
    The IP address range of the Kubernetes pods in this cluster in CIDR notation (e.g. 10.96.0.0/14). Leave blank to have one automatically chosen or specify a /14 block in 10.0.0.0/8. This field will default a new cluster to routes-based, where ip_allocation_policy is not defined.
    ClusterTelemetry ClusterClusterTelemetryArgs
    Configuration for ClusterTelemetry feature, Structure is documented below.
    ConfidentialNodes ClusterConfidentialNodesArgs
    Configuration for Confidential Nodes feature. Structure is documented below documented below.
    ControlPlaneEndpointsConfig ClusterControlPlaneEndpointsConfigArgs
    Configuration for all of the cluster's control plane endpoints. Structure is documented below.
    CostManagementConfig ClusterCostManagementConfigArgs
    Configuration for the Cost Allocation feature. Structure is documented below.
    DatabaseEncryption ClusterDatabaseEncryptionArgs
    Structure is documented below.
    DatapathProvider string
    The desired datapath provider for this cluster. This is set to LEGACY_DATAPATH by default, which uses the IPTables-based kube-proxy implementation. Set to ADVANCED_DATAPATH to enable Dataplane v2.
    DefaultMaxPodsPerNode int
    The default maximum number of pods per node in this cluster. This doesn't work on "routes-based" clusters, clusters that don't have IP Aliasing enabled. See the official documentation for more information.
    DefaultSnatStatus ClusterDefaultSnatStatusArgs
    GKE SNAT DefaultSnatStatus contains the desired state of whether default sNAT should be disabled on the cluster, API doc. Structure is documented below
    DeletionProtection bool
    Description string
    Description of the cluster.
    DnsConfig ClusterDnsConfigArgs
    Configuration for Using Cloud DNS for GKE. Structure is documented below.
    EffectiveLabels map[string]string
    All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
    EnableAutopilot bool
    Enable Autopilot for this cluster. Defaults to false. Note that when this option is enabled, certain features of Standard GKE are not available. See the official documentation for available features.
    EnableCiliumClusterwideNetworkPolicy bool
    Whether CiliumClusterWideNetworkPolicy is enabled on this cluster. Defaults to false.
    EnableFqdnNetworkPolicy bool
    Whether FQDN Network Policy is enabled on this cluster. Users who enable this feature for existing Standard clusters must restart the GKE Dataplane V2 anetd DaemonSet after enabling it. See the Enable FQDN Network Policy in an existing cluster for more information.
    EnableIntranodeVisibility bool
    Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network.
    EnableK8sBetaApis ClusterEnableK8sBetaApisArgs
    Configuration for Kubernetes Beta APIs. Structure is documented below.
    EnableKubernetesAlpha bool
    Whether to enable Kubernetes Alpha features for this cluster. Note that when this option is enabled, the cluster cannot be upgraded and will be automatically deleted after 30 days.
    EnableL4IlbSubsetting bool
    Whether L4ILB Subsetting is enabled for this cluster.
    EnableLegacyAbac bool
    Whether the ABAC authorizer is enabled for this cluster. When enabled, identities in the system, including service accounts, nodes, and controllers, will have statically granted permissions beyond those provided by the RBAC configuration or IAM. Defaults to false
    EnableMultiNetworking bool
    Whether multi-networking is enabled for this cluster.
    EnableShieldedNodes bool
    Enable Shielded Nodes features on all nodes in this cluster. Defaults to true.
    EnableTpu bool
    Whether to enable Cloud TPU resources in this cluster. See the official documentation.
    Endpoint string
    The IP address of this cluster's Kubernetes master.
    Fleet ClusterFleetArgs
    Fleet configuration for the cluster. Structure is documented below.
    GatewayApiConfig ClusterGatewayApiConfigArgs
    Configuration for GKE Gateway API controller. Structure is documented below.
    IdentityServiceConfig ClusterIdentityServiceConfigArgs
    . Structure is documented below.
    InitialNodeCount int
    The number of nodes to create in this cluster's default node pool. In regional or multi-zonal clusters, this is the number of nodes per zone. Must be set if node_pool is not set. If you're using gcp.container.NodePool objects with no default node pool, you'll need to set this to a value of at least 1, alongside setting remove_default_node_pool to true.
    IpAllocationPolicy ClusterIpAllocationPolicyArgs
    Configuration of cluster IP allocation for VPC-native clusters. If this block is unset during creation, it will be set by the GKE backend. Structure is documented below.
    LabelFingerprint string
    The fingerprint of the set of labels for this cluster.
    Location string
    The location (region or zone) in which the cluster master will be created, as well as the default node location. If you specify a zone (such as us-central1-a), the cluster will be a zonal cluster with a single cluster master. If you specify a region (such as us-west1), the cluster will be a regional cluster with multiple masters spread across zones in the region, and with default node locations in those zones as well
    LoggingConfig ClusterLoggingConfigArgs
    Logging configuration for the cluster. Structure is documented below.
    LoggingService string
    The logging service that the cluster should write logs to. Available options include logging.googleapis.com(Legacy Stackdriver), logging.googleapis.com/kubernetes(Stackdriver Kubernetes Engine Logging), and none. Defaults to logging.googleapis.com/kubernetes
    MaintenancePolicy ClusterMaintenancePolicyArgs
    The maintenance policy to use for the cluster. Structure is documented below.
    MasterAuth ClusterMasterAuthArgs
    The authentication information for accessing the Kubernetes master. Some values in this block are only returned by the API if your service account has permission to get credentials for your GKE cluster. If you see an unexpected diff unsetting your client cert, ensure you have the container.clusters.getCredentials permission. Structure is documented below.
    MasterAuthorizedNetworksConfig ClusterMasterAuthorizedNetworksConfigArgs
    The desired configuration options for master authorized networks. Omit the nested cidr_blocks attribute to disallow external access (except the cluster node IPs, which GKE automatically whitelists). Structure is documented below.
    MasterVersion string
    The current version of the master in the cluster. This may be different than the min_master_version set in the config if the master has been updated by GKE.
    MeshCertificates ClusterMeshCertificatesArgs
    Structure is documented below.
    MinMasterVersion string

    The minimum version of the master. GKE will auto-update the master to new versions, so this does not guarantee the current master version--use the read-only master_version field to obtain that. If unset, the cluster's version will be set by GKE to the version of the most recent official release (which is not necessarily the latest version). Most users will find the gcp.container.getEngineVersions data source useful - it indicates which versions are available. If you intend to specify versions manually, the docs describe the various acceptable formats for this field.

    If you are using the gcp.container.getEngineVersions datasource with a regional cluster, ensure that you have provided a location to the datasource. A region can have a different set of supported versions than its corresponding zones, and not all zones in a region are guaranteed to support the same version.

    MonitoringConfig ClusterMonitoringConfigArgs
    Monitoring configuration for the cluster. Structure is documented below.
    MonitoringService string
    The monitoring service that the cluster should write metrics to. Automatically send metrics from pods in the cluster to the Google Cloud Monitoring API. VM metrics will be collected by Google Compute Engine regardless of this setting Available options include monitoring.googleapis.com(Legacy Stackdriver), monitoring.googleapis.com/kubernetes(Stackdriver Kubernetes Engine Monitoring), and none. Defaults to monitoring.googleapis.com/kubernetes
    Name string
    The name of the cluster, unique within the project and location.


    Network string
    The name or self_link of the Google Compute Engine network to which the cluster is connected. For Shared VPC, set this to the self link of the shared network.
    NetworkPolicy ClusterNetworkPolicyArgs
    Configuration options for the NetworkPolicy feature. Structure is documented below.
    NetworkingMode string
    Determines whether alias IPs or routes will be used for pod IPs in the cluster. Options are VPC_NATIVE or ROUTES. VPC_NATIVE enables IP aliasing. Newly created clusters will default to VPC_NATIVE.
    NodeConfig ClusterNodeConfigArgs
    Parameters used in creating the default node pool. Generally, this field should not be used at the same time as a gcp.container.NodePool or a node_pool block; this configuration manages the default node pool, which isn't recommended to be used. Structure is documented below.
    NodeLocations []string

    The list of zones in which the cluster's nodes are located. Nodes must be in the region of their regional cluster or in the same region as their cluster's zone for zonal clusters. If this is specified for a zonal cluster, omit the cluster's zone.

    A "multi-zonal" cluster is a zonal cluster with at least one additional zone defined; in a multi-zonal cluster, the cluster master is only present in a single zone while nodes are present in each of the primary zone and the node locations. In contrast, in a regional cluster, cluster master nodes are present in multiple zones in the region. For that reason, regional clusters should be preferred.

    NodePoolAutoConfig ClusterNodePoolAutoConfigArgs
    Node pool configs that apply to auto-provisioned node pools in autopilot clusters and node auto-provisioning-enabled clusters. Structure is documented below.
    NodePoolDefaults ClusterNodePoolDefaultsArgs
    Default NodePool settings for the entire cluster. These settings are overridden if specified on the specific NodePool object. Structure is documented below.
    NodePools []ClusterNodePoolArgs
    List of node pools associated with this cluster. See gcp.container.NodePool for schema. Warning: node pools defined inside a cluster can't be changed (or added/removed) after cluster creation without deleting and recreating the entire cluster. Unless you absolutely need the ability to say "these are the only node pools associated with this cluster", use the gcp.container.NodePool resource instead of this property.
    NodeVersion string
    The Kubernetes version on the nodes. Must either be unset or set to the same value as min_master_version on create. Defaults to the default version set by GKE which is not necessarily the latest version. This only affects nodes in the default node pool. While a fuzzy version can be specified, it's recommended that you specify explicit versions as the provider will see spurious diffs when fuzzy versions are used. See the gcp.container.getEngineVersions data source's version_prefix field to approximate fuzzy versions. To update nodes in other node pools, use the version attribute on the node pool.
    NotificationConfig ClusterNotificationConfigArgs
    Configuration for the cluster upgrade notifications feature. Structure is documented below.
    Operation string
    PodSecurityPolicyConfig ClusterPodSecurityPolicyConfigArgs
    Configuration for the PodSecurityPolicy feature. Structure is documented below.
    PrivateClusterConfig ClusterPrivateClusterConfigArgs
    Configuration for private clusters, clusters with private nodes. Structure is documented below.
    PrivateIpv6GoogleAccess string
    The desired state of IPv6 connectivity to Google Services. By default, no private IPv6 access to or from Google Services (all access will be via IPv4).
    Project string
    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
    ProtectConfig ClusterProtectConfigArgs
    Enable/Disable Protect API features for the cluster. Structure is documented below.
    PulumiLabels map[string]string
    The combination of labels configured directly on the resource and default labels configured on the provider.
    ReleaseChannel ClusterReleaseChannelArgs
    Configuration options for the Release channel feature, which provide more control over automatic upgrades of your GKE clusters. When updating this field, GKE imposes specific version requirements. See Selecting a new release channel for more details; the gcp.container.getEngineVersions datasource can provide the default version for a channel. Note that removing the release_channel field from your config will cause the provider to stop managing your cluster's release channel, but will not unenroll it. Instead, use the "UNSPECIFIED" channel. Structure is documented below.
    RemoveDefaultNodePool bool
    If true, deletes the default node pool upon cluster creation. If you're using gcp.container.NodePool resources with no default node pool, this should be set to true, alongside setting initial_node_count to at least 1.
    ResourceLabels map[string]string

    The GCE resource labels (a map of key/value pairs) to be applied to the cluster.

    Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field 'effective_labels' for all of the labels present on the resource.

    ResourceUsageExportConfig ClusterResourceUsageExportConfigArgs
    Configuration for the ResourceUsageExportConfig feature. Structure is documented below.
    SecretManagerConfig ClusterSecretManagerConfigArgs
    Configuration for the SecretManagerConfig feature. Structure is documented below.
    SecurityPostureConfig ClusterSecurityPostureConfigArgs
    Enable/Disable Security Posture API features for the cluster. Structure is documented below.
    SelfLink string
    The server-defined URL for the resource.
    ServiceExternalIpsConfig ClusterServiceExternalIpsConfigArgs
    Structure is documented below.
    ServicesIpv4Cidr string
    The IP address range of the Kubernetes services in this cluster, in CIDR notation (e.g. 1.2.3.4/29). Service addresses are typically put in the last /16 from the container CIDR.
    Subnetwork string
    The name or self_link of the Google Compute Engine subnetwork in which the cluster's instances are launched.
    TpuConfig ClusterTpuConfigArgs
    TPU configuration for the cluster.
    TpuIpv4CidrBlock string
    The IP address range of the Cloud TPUs in this cluster, in CIDR notation (e.g. 1.2.3.4/29).
    UserManagedKeysConfig ClusterUserManagedKeysConfigArgs
    The custom keys configuration of the cluster.
    VerticalPodAutoscaling ClusterVerticalPodAutoscalingArgs
    Vertical Pod Autoscaling automatically adjusts the resources of pods controlled by it. Structure is documented below.
    WorkloadAltsConfig ClusterWorkloadAltsConfigArgs

    Configuration for direct-path (via ALTS) with workload identity.. Structure is documented below.

    The default_snat_status block supports

    WorkloadIdentityConfig ClusterWorkloadIdentityConfigArgs
    Workload Identity allows Kubernetes service accounts to act as a user-managed Google IAM Service Account. Structure is documented below.
    addonsConfig ClusterAddonsConfig
    The configuration for addons supported by GKE. Structure is documented below.
    allowNetAdmin Boolean
    Enable NET_ADMIN for the cluster. Defaults to false. This field should only be enabled for Autopilot clusters (enable_autopilot set to true).
    authenticatorGroupsConfig ClusterAuthenticatorGroupsConfig
    Configuration for the Google Groups for GKE feature. Structure is documented below.
    binaryAuthorization ClusterBinaryAuthorization
    Configuration options for the Binary Authorization feature. Structure is documented below.
    clusterAutoscaling ClusterClusterAutoscaling
    Per-cluster configuration of Node Auto-Provisioning with Cluster Autoscaler to automatically adjust the size of the cluster and create/delete node pools based on the current needs of the cluster's workload. See the guide to using Node Auto-Provisioning for more details. Structure is documented below.
    clusterIpv4Cidr String
    The IP address range of the Kubernetes pods in this cluster in CIDR notation (e.g. 10.96.0.0/14). Leave blank to have one automatically chosen or specify a /14 block in 10.0.0.0/8. This field will default a new cluster to routes-based, where ip_allocation_policy is not defined.
    clusterTelemetry ClusterClusterTelemetry
    Configuration for ClusterTelemetry feature, Structure is documented below.
    confidentialNodes ClusterConfidentialNodes
    Configuration for Confidential Nodes feature. Structure is documented below documented below.
    controlPlaneEndpointsConfig ClusterControlPlaneEndpointsConfig
    Configuration for all of the cluster's control plane endpoints. Structure is documented below.
    costManagementConfig ClusterCostManagementConfig
    Configuration for the Cost Allocation feature. Structure is documented below.
    databaseEncryption ClusterDatabaseEncryption
    Structure is documented below.
    datapathProvider String
    The desired datapath provider for this cluster. This is set to LEGACY_DATAPATH by default, which uses the IPTables-based kube-proxy implementation. Set to ADVANCED_DATAPATH to enable Dataplane v2.
    defaultMaxPodsPerNode Integer
    The default maximum number of pods per node in this cluster. This doesn't work on "routes-based" clusters, clusters that don't have IP Aliasing enabled. See the official documentation for more information.
    defaultSnatStatus ClusterDefaultSnatStatus
    GKE SNAT DefaultSnatStatus contains the desired state of whether default sNAT should be disabled on the cluster, API doc. Structure is documented below
    deletionProtection Boolean
    description String
    Description of the cluster.
    dnsConfig ClusterDnsConfig
    Configuration for Using Cloud DNS for GKE. Structure is documented below.
    effectiveLabels Map<String,String>
    All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
    enableAutopilot Boolean
    Enable Autopilot for this cluster. Defaults to false. Note that when this option is enabled, certain features of Standard GKE are not available. See the official documentation for available features.
    enableCiliumClusterwideNetworkPolicy Boolean
    Whether CiliumClusterWideNetworkPolicy is enabled on this cluster. Defaults to false.
    enableFqdnNetworkPolicy Boolean
    Whether FQDN Network Policy is enabled on this cluster. Users who enable this feature for existing Standard clusters must restart the GKE Dataplane V2 anetd DaemonSet after enabling it. See the Enable FQDN Network Policy in an existing cluster for more information.
    enableIntranodeVisibility Boolean
    Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network.
    enableK8sBetaApis ClusterEnableK8sBetaApis
    Configuration for Kubernetes Beta APIs. Structure is documented below.
    enableKubernetesAlpha Boolean
    Whether to enable Kubernetes Alpha features for this cluster. Note that when this option is enabled, the cluster cannot be upgraded and will be automatically deleted after 30 days.
    enableL4IlbSubsetting Boolean
    Whether L4ILB Subsetting is enabled for this cluster.
    enableLegacyAbac Boolean
    Whether the ABAC authorizer is enabled for this cluster. When enabled, identities in the system, including service accounts, nodes, and controllers, will have statically granted permissions beyond those provided by the RBAC configuration or IAM. Defaults to false
    enableMultiNetworking Boolean
    Whether multi-networking is enabled for this cluster.
    enableShieldedNodes Boolean
    Enable Shielded Nodes features on all nodes in this cluster. Defaults to true.
    enableTpu Boolean
    Whether to enable Cloud TPU resources in this cluster. See the official documentation.
    endpoint String
    The IP address of this cluster's Kubernetes master.
    fleet ClusterFleet
    Fleet configuration for the cluster. Structure is documented below.
    gatewayApiConfig ClusterGatewayApiConfig
    Configuration for GKE Gateway API controller. Structure is documented below.
    identityServiceConfig ClusterIdentityServiceConfig
    . Structure is documented below.
    initialNodeCount Integer
    The number of nodes to create in this cluster's default node pool. In regional or multi-zonal clusters, this is the number of nodes per zone. Must be set if node_pool is not set. If you're using gcp.container.NodePool objects with no default node pool, you'll need to set this to a value of at least 1, alongside setting remove_default_node_pool to true.
    ipAllocationPolicy ClusterIpAllocationPolicy
    Configuration of cluster IP allocation for VPC-native clusters. If this block is unset during creation, it will be set by the GKE backend. Structure is documented below.
    labelFingerprint String
    The fingerprint of the set of labels for this cluster.
    location String
    The location (region or zone) in which the cluster master will be created, as well as the default node location. If you specify a zone (such as us-central1-a), the cluster will be a zonal cluster with a single cluster master. If you specify a region (such as us-west1), the cluster will be a regional cluster with multiple masters spread across zones in the region, and with default node locations in those zones as well
    loggingConfig ClusterLoggingConfig
    Logging configuration for the cluster. Structure is documented below.
    loggingService String
    The logging service that the cluster should write logs to. Available options include logging.googleapis.com(Legacy Stackdriver), logging.googleapis.com/kubernetes(Stackdriver Kubernetes Engine Logging), and none. Defaults to logging.googleapis.com/kubernetes
    maintenancePolicy ClusterMaintenancePolicy
    The maintenance policy to use for the cluster. Structure is documented below.
    masterAuth ClusterMasterAuth
    The authentication information for accessing the Kubernetes master. Some values in this block are only returned by the API if your service account has permission to get credentials for your GKE cluster. If you see an unexpected diff unsetting your client cert, ensure you have the container.clusters.getCredentials permission. Structure is documented below.
    masterAuthorizedNetworksConfig ClusterMasterAuthorizedNetworksConfig
    The desired configuration options for master authorized networks. Omit the nested cidr_blocks attribute to disallow external access (except the cluster node IPs, which GKE automatically whitelists). Structure is documented below.
    masterVersion String
    The current version of the master in the cluster. This may be different than the min_master_version set in the config if the master has been updated by GKE.
    meshCertificates ClusterMeshCertificates
    Structure is documented below.
    minMasterVersion String

    The minimum version of the master. GKE will auto-update the master to new versions, so this does not guarantee the current master version--use the read-only master_version field to obtain that. If unset, the cluster's version will be set by GKE to the version of the most recent official release (which is not necessarily the latest version). Most users will find the gcp.container.getEngineVersions data source useful - it indicates which versions are available. If you intend to specify versions manually, the docs describe the various acceptable formats for this field.

    If you are using the gcp.container.getEngineVersions datasource with a regional cluster, ensure that you have provided a location to the datasource. A region can have a different set of supported versions than its corresponding zones, and not all zones in a region are guaranteed to support the same version.

    monitoringConfig ClusterMonitoringConfig
    Monitoring configuration for the cluster. Structure is documented below.
    monitoringService String
    The monitoring service that the cluster should write metrics to. Automatically send metrics from pods in the cluster to the Google Cloud Monitoring API. VM metrics will be collected by Google Compute Engine regardless of this setting Available options include monitoring.googleapis.com(Legacy Stackdriver), monitoring.googleapis.com/kubernetes(Stackdriver Kubernetes Engine Monitoring), and none. Defaults to monitoring.googleapis.com/kubernetes
    name String
    The name of the cluster, unique within the project and location.


    network String
    The name or self_link of the Google Compute Engine network to which the cluster is connected. For Shared VPC, set this to the self link of the shared network.
    networkPolicy ClusterNetworkPolicy
    Configuration options for the NetworkPolicy feature. Structure is documented below.
    networkingMode String
    Determines whether alias IPs or routes will be used for pod IPs in the cluster. Options are VPC_NATIVE or ROUTES. VPC_NATIVE enables IP aliasing. Newly created clusters will default to VPC_NATIVE.
    nodeConfig ClusterNodeConfig
    Parameters used in creating the default node pool. Generally, this field should not be used at the same time as a gcp.container.NodePool or a node_pool block; this configuration manages the default node pool, which isn't recommended to be used. Structure is documented below.
    nodeLocations List<String>

    The list of zones in which the cluster's nodes are located. Nodes must be in the region of their regional cluster or in the same region as their cluster's zone for zonal clusters. If this is specified for a zonal cluster, omit the cluster's zone.

    A "multi-zonal" cluster is a zonal cluster with at least one additional zone defined; in a multi-zonal cluster, the cluster master is only present in a single zone while nodes are present in each of the primary zone and the node locations. In contrast, in a regional cluster, cluster master nodes are present in multiple zones in the region. For that reason, regional clusters should be preferred.

    nodePoolAutoConfig ClusterNodePoolAutoConfig
    Node pool configs that apply to auto-provisioned node pools in autopilot clusters and node auto-provisioning-enabled clusters. Structure is documented below.
    nodePoolDefaults ClusterNodePoolDefaults
    Default NodePool settings for the entire cluster. These settings are overridden if specified on the specific NodePool object. Structure is documented below.
    nodePools List<ClusterNodePool>
    List of node pools associated with this cluster. See gcp.container.NodePool for schema. Warning: node pools defined inside a cluster can't be changed (or added/removed) after cluster creation without deleting and recreating the entire cluster. Unless you absolutely need the ability to say "these are the only node pools associated with this cluster", use the gcp.container.NodePool resource instead of this property.
    nodeVersion String
    The Kubernetes version on the nodes. Must either be unset or set to the same value as min_master_version on create. Defaults to the default version set by GKE which is not necessarily the latest version. This only affects nodes in the default node pool. While a fuzzy version can be specified, it's recommended that you specify explicit versions as the provider will see spurious diffs when fuzzy versions are used. See the gcp.container.getEngineVersions data source's version_prefix field to approximate fuzzy versions. To update nodes in other node pools, use the version attribute on the node pool.
    notificationConfig ClusterNotificationConfig
    Configuration for the cluster upgrade notifications feature. Structure is documented below.
    operation String
    podSecurityPolicyConfig ClusterPodSecurityPolicyConfig
    Configuration for the PodSecurityPolicy feature. Structure is documented below.
    privateClusterConfig ClusterPrivateClusterConfig
    Configuration for private clusters, clusters with private nodes. Structure is documented below.
    privateIpv6GoogleAccess String
    The desired state of IPv6 connectivity to Google Services. By default, no private IPv6 access to or from Google Services (all access will be via IPv4).
    project String
    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
    protectConfig ClusterProtectConfig
    Enable/Disable Protect API features for the cluster. Structure is documented below.
    pulumiLabels Map<String,String>
    The combination of labels configured directly on the resource and default labels configured on the provider.
    releaseChannel ClusterReleaseChannel
    Configuration options for the Release channel feature, which provide more control over automatic upgrades of your GKE clusters. When updating this field, GKE imposes specific version requirements. See Selecting a new release channel for more details; the gcp.container.getEngineVersions datasource can provide the default version for a channel. Note that removing the release_channel field from your config will cause the provider to stop managing your cluster's release channel, but will not unenroll it. Instead, use the "UNSPECIFIED" channel. Structure is documented below.
    removeDefaultNodePool Boolean
    If true, deletes the default node pool upon cluster creation. If you're using gcp.container.NodePool resources with no default node pool, this should be set to true, alongside setting initial_node_count to at least 1.
    resourceLabels Map<String,String>

    The GCE resource labels (a map of key/value pairs) to be applied to the cluster.

    Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field 'effective_labels' for all of the labels present on the resource.

    resourceUsageExportConfig ClusterResourceUsageExportConfig
    Configuration for the ResourceUsageExportConfig feature. Structure is documented below.
    secretManagerConfig ClusterSecretManagerConfig
    Configuration for the SecretManagerConfig feature. Structure is documented below.
    securityPostureConfig ClusterSecurityPostureConfig
    Enable/Disable Security Posture API features for the cluster. Structure is documented below.
    selfLink String
    The server-defined URL for the resource.
    serviceExternalIpsConfig ClusterServiceExternalIpsConfig
    Structure is documented below.
    servicesIpv4Cidr String
    The IP address range of the Kubernetes services in this cluster, in CIDR notation (e.g. 1.2.3.4/29). Service addresses are typically put in the last /16 from the container CIDR.
    subnetwork String
    The name or self_link of the Google Compute Engine subnetwork in which the cluster's instances are launched.
    tpuConfig ClusterTpuConfig
    TPU configuration for the cluster.
    tpuIpv4CidrBlock String
    The IP address range of the Cloud TPUs in this cluster, in CIDR notation (e.g. 1.2.3.4/29).
    userManagedKeysConfig ClusterUserManagedKeysConfig
    The custom keys configuration of the cluster.
    verticalPodAutoscaling ClusterVerticalPodAutoscaling
    Vertical Pod Autoscaling automatically adjusts the resources of pods controlled by it. Structure is documented below.
    workloadAltsConfig ClusterWorkloadAltsConfig

    Configuration for direct-path (via ALTS) with workload identity.. Structure is documented below.

    The default_snat_status block supports

    workloadIdentityConfig ClusterWorkloadIdentityConfig
    Workload Identity allows Kubernetes service accounts to act as a user-managed Google IAM Service Account. Structure is documented below.
    addonsConfig ClusterAddonsConfig
    The configuration for addons supported by GKE. Structure is documented below.
    allowNetAdmin boolean
    Enable NET_ADMIN for the cluster. Defaults to false. This field should only be enabled for Autopilot clusters (enable_autopilot set to true).
    authenticatorGroupsConfig ClusterAuthenticatorGroupsConfig
    Configuration for the Google Groups for GKE feature. Structure is documented below.
    binaryAuthorization ClusterBinaryAuthorization
    Configuration options for the Binary Authorization feature. Structure is documented below.
    clusterAutoscaling ClusterClusterAutoscaling
    Per-cluster configuration of Node Auto-Provisioning with Cluster Autoscaler to automatically adjust the size of the cluster and create/delete node pools based on the current needs of the cluster's workload. See the guide to using Node Auto-Provisioning for more details. Structure is documented below.
    clusterIpv4Cidr string
    The IP address range of the Kubernetes pods in this cluster in CIDR notation (e.g. 10.96.0.0/14). Leave blank to have one automatically chosen or specify a /14 block in 10.0.0.0/8. This field will default a new cluster to routes-based, where ip_allocation_policy is not defined.
    clusterTelemetry ClusterClusterTelemetry
    Configuration for ClusterTelemetry feature, Structure is documented below.
    confidentialNodes ClusterConfidentialNodes
    Configuration for Confidential Nodes feature. Structure is documented below documented below.
    controlPlaneEndpointsConfig ClusterControlPlaneEndpointsConfig
    Configuration for all of the cluster's control plane endpoints. Structure is documented below.
    costManagementConfig ClusterCostManagementConfig
    Configuration for the Cost Allocation feature. Structure is documented below.
    databaseEncryption ClusterDatabaseEncryption
    Structure is documented below.
    datapathProvider string
    The desired datapath provider for this cluster. This is set to LEGACY_DATAPATH by default, which uses the IPTables-based kube-proxy implementation. Set to ADVANCED_DATAPATH to enable Dataplane v2.
    defaultMaxPodsPerNode number
    The default maximum number of pods per node in this cluster. This doesn't work on "routes-based" clusters, clusters that don't have IP Aliasing enabled. See the official documentation for more information.
    defaultSnatStatus ClusterDefaultSnatStatus
    GKE SNAT DefaultSnatStatus contains the desired state of whether default sNAT should be disabled on the cluster, API doc. Structure is documented below
    deletionProtection boolean
    description string
    Description of the cluster.
    dnsConfig ClusterDnsConfig
    Configuration for Using Cloud DNS for GKE. Structure is documented below.
    effectiveLabels {[key: string]: string}
    All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
    enableAutopilot boolean
    Enable Autopilot for this cluster. Defaults to false. Note that when this option is enabled, certain features of Standard GKE are not available. See the official documentation for available features.
    enableCiliumClusterwideNetworkPolicy boolean
    Whether CiliumClusterWideNetworkPolicy is enabled on this cluster. Defaults to false.
    enableFqdnNetworkPolicy boolean
    Whether FQDN Network Policy is enabled on this cluster. Users who enable this feature for existing Standard clusters must restart the GKE Dataplane V2 anetd DaemonSet after enabling it. See the Enable FQDN Network Policy in an existing cluster for more information.
    enableIntranodeVisibility boolean
    Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network.
    enableK8sBetaApis ClusterEnableK8sBetaApis
    Configuration for Kubernetes Beta APIs. Structure is documented below.
    enableKubernetesAlpha boolean
    Whether to enable Kubernetes Alpha features for this cluster. Note that when this option is enabled, the cluster cannot be upgraded and will be automatically deleted after 30 days.
    enableL4IlbSubsetting boolean
    Whether L4ILB Subsetting is enabled for this cluster.
    enableLegacyAbac boolean
    Whether the ABAC authorizer is enabled for this cluster. When enabled, identities in the system, including service accounts, nodes, and controllers, will have statically granted permissions beyond those provided by the RBAC configuration or IAM. Defaults to false
    enableMultiNetworking boolean
    Whether multi-networking is enabled for this cluster.
    enableShieldedNodes boolean
    Enable Shielded Nodes features on all nodes in this cluster. Defaults to true.
    enableTpu boolean
    Whether to enable Cloud TPU resources in this cluster. See the official documentation.
    endpoint string
    The IP address of this cluster's Kubernetes master.
    fleet ClusterFleet
    Fleet configuration for the cluster. Structure is documented below.
    gatewayApiConfig ClusterGatewayApiConfig
    Configuration for GKE Gateway API controller. Structure is documented below.
    identityServiceConfig ClusterIdentityServiceConfig
    . Structure is documented below.
    initialNodeCount number
    The number of nodes to create in this cluster's default node pool. In regional or multi-zonal clusters, this is the number of nodes per zone. Must be set if node_pool is not set. If you're using gcp.container.NodePool objects with no default node pool, you'll need to set this to a value of at least 1, alongside setting remove_default_node_pool to true.
    ipAllocationPolicy ClusterIpAllocationPolicy
    Configuration of cluster IP allocation for VPC-native clusters. If this block is unset during creation, it will be set by the GKE backend. Structure is documented below.
    labelFingerprint string
    The fingerprint of the set of labels for this cluster.
    location string
    The location (region or zone) in which the cluster master will be created, as well as the default node location. If you specify a zone (such as us-central1-a), the cluster will be a zonal cluster with a single cluster master. If you specify a region (such as us-west1), the cluster will be a regional cluster with multiple masters spread across zones in the region, and with default node locations in those zones as well
    loggingConfig ClusterLoggingConfig
    Logging configuration for the cluster. Structure is documented below.
    loggingService string
    The logging service that the cluster should write logs to. Available options include logging.googleapis.com(Legacy Stackdriver), logging.googleapis.com/kubernetes(Stackdriver Kubernetes Engine Logging), and none. Defaults to logging.googleapis.com/kubernetes
    maintenancePolicy ClusterMaintenancePolicy
    The maintenance policy to use for the cluster. Structure is documented below.
    masterAuth ClusterMasterAuth
    The authentication information for accessing the Kubernetes master. Some values in this block are only returned by the API if your service account has permission to get credentials for your GKE cluster. If you see an unexpected diff unsetting your client cert, ensure you have the container.clusters.getCredentials permission. Structure is documented below.
    masterAuthorizedNetworksConfig ClusterMasterAuthorizedNetworksConfig
    The desired configuration options for master authorized networks. Omit the nested cidr_blocks attribute to disallow external access (except the cluster node IPs, which GKE automatically whitelists). Structure is documented below.
    masterVersion string
    The current version of the master in the cluster. This may be different than the min_master_version set in the config if the master has been updated by GKE.
    meshCertificates ClusterMeshCertificates
    Structure is documented below.
    minMasterVersion string

    The minimum version of the master. GKE will auto-update the master to new versions, so this does not guarantee the current master version--use the read-only master_version field to obtain that. If unset, the cluster's version will be set by GKE to the version of the most recent official release (which is not necessarily the latest version). Most users will find the gcp.container.getEngineVersions data source useful - it indicates which versions are available. If you intend to specify versions manually, the docs describe the various acceptable formats for this field.

    If you are using the gcp.container.getEngineVersions datasource with a regional cluster, ensure that you have provided a location to the datasource. A region can have a different set of supported versions than its corresponding zones, and not all zones in a region are guaranteed to support the same version.

    monitoringConfig ClusterMonitoringConfig
    Monitoring configuration for the cluster. Structure is documented below.
    monitoringService string
    The monitoring service that the cluster should write metrics to. Automatically send metrics from pods in the cluster to the Google Cloud Monitoring API. VM metrics will be collected by Google Compute Engine regardless of this setting Available options include monitoring.googleapis.com(Legacy Stackdriver), monitoring.googleapis.com/kubernetes(Stackdriver Kubernetes Engine Monitoring), and none. Defaults to monitoring.googleapis.com/kubernetes
    name string
    The name of the cluster, unique within the project and location.


    network string
    The name or self_link of the Google Compute Engine network to which the cluster is connected. For Shared VPC, set this to the self link of the shared network.
    networkPolicy ClusterNetworkPolicy
    Configuration options for the NetworkPolicy feature. Structure is documented below.
    networkingMode string
    Determines whether alias IPs or routes will be used for pod IPs in the cluster. Options are VPC_NATIVE or ROUTES. VPC_NATIVE enables IP aliasing. Newly created clusters will default to VPC_NATIVE.
    nodeConfig ClusterNodeConfig
    Parameters used in creating the default node pool. Generally, this field should not be used at the same time as a gcp.container.NodePool or a node_pool block; this configuration manages the default node pool, which isn't recommended to be used. Structure is documented below.
    nodeLocations string[]

    The list of zones in which the cluster's nodes are located. Nodes must be in the region of their regional cluster or in the same region as their cluster's zone for zonal clusters. If this is specified for a zonal cluster, omit the cluster's zone.

    A "multi-zonal" cluster is a zonal cluster with at least one additional zone defined; in a multi-zonal cluster, the cluster master is only present in a single zone while nodes are present in each of the primary zone and the node locations. In contrast, in a regional cluster, cluster master nodes are present in multiple zones in the region. For that reason, regional clusters should be preferred.

    nodePoolAutoConfig ClusterNodePoolAutoConfig
    Node pool configs that apply to auto-provisioned node pools in autopilot clusters and node auto-provisioning-enabled clusters. Structure is documented below.
    nodePoolDefaults ClusterNodePoolDefaults
    Default NodePool settings for the entire cluster. These settings are overridden if specified on the specific NodePool object. Structure is documented below.
    nodePools ClusterNodePool[]
    List of node pools associated with this cluster. See gcp.container.NodePool for schema. Warning: node pools defined inside a cluster can't be changed (or added/removed) after cluster creation without deleting and recreating the entire cluster. Unless you absolutely need the ability to say "these are the only node pools associated with this cluster", use the gcp.container.NodePool resource instead of this property.
    nodeVersion string
    The Kubernetes version on the nodes. Must either be unset or set to the same value as min_master_version on create. Defaults to the default version set by GKE which is not necessarily the latest version. This only affects nodes in the default node pool. While a fuzzy version can be specified, it's recommended that you specify explicit versions as the provider will see spurious diffs when fuzzy versions are used. See the gcp.container.getEngineVersions data source's version_prefix field to approximate fuzzy versions. To update nodes in other node pools, use the version attribute on the node pool.
    notificationConfig ClusterNotificationConfig
    Configuration for the cluster upgrade notifications feature. Structure is documented below.
    operation string
    podSecurityPolicyConfig ClusterPodSecurityPolicyConfig
    Configuration for the PodSecurityPolicy feature. Structure is documented below.
    privateClusterConfig ClusterPrivateClusterConfig
    Configuration for private clusters, clusters with private nodes. Structure is documented below.
    privateIpv6GoogleAccess string
    The desired state of IPv6 connectivity to Google Services. By default, no private IPv6 access to or from Google Services (all access will be via IPv4).
    project string
    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
    protectConfig ClusterProtectConfig
    Enable/Disable Protect API features for the cluster. Structure is documented below.
    pulumiLabels {[key: string]: string}
    The combination of labels configured directly on the resource and default labels configured on the provider.
    releaseChannel ClusterReleaseChannel
    Configuration options for the Release channel feature, which provide more control over automatic upgrades of your GKE clusters. When updating this field, GKE imposes specific version requirements. See Selecting a new release channel for more details; the gcp.container.getEngineVersions datasource can provide the default version for a channel. Note that removing the release_channel field from your config will cause the provider to stop managing your cluster's release channel, but will not unenroll it. Instead, use the "UNSPECIFIED" channel. Structure is documented below.
    removeDefaultNodePool boolean
    If true, deletes the default node pool upon cluster creation. If you're using gcp.container.NodePool resources with no default node pool, this should be set to true, alongside setting initial_node_count to at least 1.
    resourceLabels {[key: string]: string}

    The GCE resource labels (a map of key/value pairs) to be applied to the cluster.

    Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field 'effective_labels' for all of the labels present on the resource.

    resourceUsageExportConfig ClusterResourceUsageExportConfig
    Configuration for the ResourceUsageExportConfig feature. Structure is documented below.
    secretManagerConfig ClusterSecretManagerConfig
    Configuration for the SecretManagerConfig feature. Structure is documented below.
    securityPostureConfig ClusterSecurityPostureConfig
    Enable/Disable Security Posture API features for the cluster. Structure is documented below.
    selfLink string
    The server-defined URL for the resource.
    serviceExternalIpsConfig ClusterServiceExternalIpsConfig
    Structure is documented below.
    servicesIpv4Cidr string
    The IP address range of the Kubernetes services in this cluster, in CIDR notation (e.g. 1.2.3.4/29). Service addresses are typically put in the last /16 from the container CIDR.
    subnetwork string
    The name or self_link of the Google Compute Engine subnetwork in which the cluster's instances are launched.
    tpuConfig ClusterTpuConfig
    TPU configuration for the cluster.
    tpuIpv4CidrBlock string
    The IP address range of the Cloud TPUs in this cluster, in CIDR notation (e.g. 1.2.3.4/29).
    userManagedKeysConfig ClusterUserManagedKeysConfig
    The custom keys configuration of the cluster.
    verticalPodAutoscaling ClusterVerticalPodAutoscaling
    Vertical Pod Autoscaling automatically adjusts the resources of pods controlled by it. Structure is documented below.
    workloadAltsConfig ClusterWorkloadAltsConfig

    Configuration for direct-path (via ALTS) with workload identity.. Structure is documented below.

    The default_snat_status block supports

    workloadIdentityConfig ClusterWorkloadIdentityConfig
    Workload Identity allows Kubernetes service accounts to act as a user-managed Google IAM Service Account. Structure is documented below.
    addons_config ClusterAddonsConfigArgs
    The configuration for addons supported by GKE. Structure is documented below.
    allow_net_admin bool
    Enable NET_ADMIN for the cluster. Defaults to false. This field should only be enabled for Autopilot clusters (enable_autopilot set to true).
    authenticator_groups_config ClusterAuthenticatorGroupsConfigArgs
    Configuration for the Google Groups for GKE feature. Structure is documented below.
    binary_authorization ClusterBinaryAuthorizationArgs
    Configuration options for the Binary Authorization feature. Structure is documented below.
    cluster_autoscaling ClusterClusterAutoscalingArgs
    Per-cluster configuration of Node Auto-Provisioning with Cluster Autoscaler to automatically adjust the size of the cluster and create/delete node pools based on the current needs of the cluster's workload. See the guide to using Node Auto-Provisioning for more details. Structure is documented below.
    cluster_ipv4_cidr str
    The IP address range of the Kubernetes pods in this cluster in CIDR notation (e.g. 10.96.0.0/14). Leave blank to have one automatically chosen or specify a /14 block in 10.0.0.0/8. This field will default a new cluster to routes-based, where ip_allocation_policy is not defined.
    cluster_telemetry ClusterClusterTelemetryArgs
    Configuration for ClusterTelemetry feature, Structure is documented below.
    confidential_nodes ClusterConfidentialNodesArgs
    Configuration for Confidential Nodes feature. Structure is documented below documented below.
    control_plane_endpoints_config ClusterControlPlaneEndpointsConfigArgs
    Configuration for all of the cluster's control plane endpoints. Structure is documented below.
    cost_management_config ClusterCostManagementConfigArgs
    Configuration for the Cost Allocation feature. Structure is documented below.
    database_encryption ClusterDatabaseEncryptionArgs
    Structure is documented below.
    datapath_provider str
    The desired datapath provider for this cluster. This is set to LEGACY_DATAPATH by default, which uses the IPTables-based kube-proxy implementation. Set to ADVANCED_DATAPATH to enable Dataplane v2.
    default_max_pods_per_node int
    The default maximum number of pods per node in this cluster. This doesn't work on "routes-based" clusters, clusters that don't have IP Aliasing enabled. See the official documentation for more information.
    default_snat_status ClusterDefaultSnatStatusArgs
    GKE SNAT DefaultSnatStatus contains the desired state of whether default sNAT should be disabled on the cluster, API doc. Structure is documented below
    deletion_protection bool
    description str
    Description of the cluster.
    dns_config ClusterDnsConfigArgs
    Configuration for Using Cloud DNS for GKE. Structure is documented below.
    effective_labels Mapping[str, str]
    All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
    enable_autopilot bool
    Enable Autopilot for this cluster. Defaults to false. Note that when this option is enabled, certain features of Standard GKE are not available. See the official documentation for available features.
    enable_cilium_clusterwide_network_policy bool
    Whether CiliumClusterWideNetworkPolicy is enabled on this cluster. Defaults to false.
    enable_fqdn_network_policy bool
    Whether FQDN Network Policy is enabled on this cluster. Users who enable this feature for existing Standard clusters must restart the GKE Dataplane V2 anetd DaemonSet after enabling it. See the Enable FQDN Network Policy in an existing cluster for more information.
    enable_intranode_visibility bool
    Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network.
    enable_k8s_beta_apis ClusterEnableK8sBetaApisArgs
    Configuration for Kubernetes Beta APIs. Structure is documented below.
    enable_kubernetes_alpha bool
    Whether to enable Kubernetes Alpha features for this cluster. Note that when this option is enabled, the cluster cannot be upgraded and will be automatically deleted after 30 days.
    enable_l4_ilb_subsetting bool
    Whether L4ILB Subsetting is enabled for this cluster.
    enable_legacy_abac bool
    Whether the ABAC authorizer is enabled for this cluster. When enabled, identities in the system, including service accounts, nodes, and controllers, will have statically granted permissions beyond those provided by the RBAC configuration or IAM. Defaults to false
    enable_multi_networking bool
    Whether multi-networking is enabled for this cluster.
    enable_shielded_nodes bool
    Enable Shielded Nodes features on all nodes in this cluster. Defaults to true.
    enable_tpu bool
    Whether to enable Cloud TPU resources in this cluster. See the official documentation.
    endpoint str
    The IP address of this cluster's Kubernetes master.
    fleet ClusterFleetArgs
    Fleet configuration for the cluster. Structure is documented below.
    gateway_api_config ClusterGatewayApiConfigArgs
    Configuration for GKE Gateway API controller. Structure is documented below.
    identity_service_config ClusterIdentityServiceConfigArgs
    . Structure is documented below.
    initial_node_count int
    The number of nodes to create in this cluster's default node pool. In regional or multi-zonal clusters, this is the number of nodes per zone. Must be set if node_pool is not set. If you're using gcp.container.NodePool objects with no default node pool, you'll need to set this to a value of at least 1, alongside setting remove_default_node_pool to true.
    ip_allocation_policy ClusterIpAllocationPolicyArgs
    Configuration of cluster IP allocation for VPC-native clusters. If this block is unset during creation, it will be set by the GKE backend. Structure is documented below.
    label_fingerprint str
    The fingerprint of the set of labels for this cluster.
    location str
    The location (region or zone) in which the cluster master will be created, as well as the default node location. If you specify a zone (such as us-central1-a), the cluster will be a zonal cluster with a single cluster master. If you specify a region (such as us-west1), the cluster will be a regional cluster with multiple masters spread across zones in the region, and with default node locations in those zones as well
    logging_config ClusterLoggingConfigArgs
    Logging configuration for the cluster. Structure is documented below.
    logging_service str
    The logging service that the cluster should write logs to. Available options include logging.googleapis.com(Legacy Stackdriver), logging.googleapis.com/kubernetes(Stackdriver Kubernetes Engine Logging), and none. Defaults to logging.googleapis.com/kubernetes
    maintenance_policy ClusterMaintenancePolicyArgs
    The maintenance policy to use for the cluster. Structure is documented below.
    master_auth ClusterMasterAuthArgs
    The authentication information for accessing the Kubernetes master. Some values in this block are only returned by the API if your service account has permission to get credentials for your GKE cluster. If you see an unexpected diff unsetting your client cert, ensure you have the container.clusters.getCredentials permission. Structure is documented below.
    master_authorized_networks_config ClusterMasterAuthorizedNetworksConfigArgs
    The desired configuration options for master authorized networks. Omit the nested cidr_blocks attribute to disallow external access (except the cluster node IPs, which GKE automatically whitelists). Structure is documented below.
    master_version str
    The current version of the master in the cluster. This may be different than the min_master_version set in the config if the master has been updated by GKE.
    mesh_certificates ClusterMeshCertificatesArgs
    Structure is documented below.
    min_master_version str

    The minimum version of the master. GKE will auto-update the master to new versions, so this does not guarantee the current master version--use the read-only master_version field to obtain that. If unset, the cluster's version will be set by GKE to the version of the most recent official release (which is not necessarily the latest version). Most users will find the gcp.container.getEngineVersions data source useful - it indicates which versions are available. If you intend to specify versions manually, the docs describe the various acceptable formats for this field.

    If you are using the gcp.container.getEngineVersions datasource with a regional cluster, ensure that you have provided a location to the datasource. A region can have a different set of supported versions than its corresponding zones, and not all zones in a region are guaranteed to support the same version.

    monitoring_config ClusterMonitoringConfigArgs
    Monitoring configuration for the cluster. Structure is documented below.
    monitoring_service str
    The monitoring service that the cluster should write metrics to. Automatically send metrics from pods in the cluster to the Google Cloud Monitoring API. VM metrics will be collected by Google Compute Engine regardless of this setting Available options include monitoring.googleapis.com(Legacy Stackdriver), monitoring.googleapis.com/kubernetes(Stackdriver Kubernetes Engine Monitoring), and none. Defaults to monitoring.googleapis.com/kubernetes
    name str
    The name of the cluster, unique within the project and location.


    network str
    The name or self_link of the Google Compute Engine network to which the cluster is connected. For Shared VPC, set this to the self link of the shared network.
    network_policy ClusterNetworkPolicyArgs
    Configuration options for the NetworkPolicy feature. Structure is documented below.
    networking_mode str
    Determines whether alias IPs or routes will be used for pod IPs in the cluster. Options are VPC_NATIVE or ROUTES. VPC_NATIVE enables IP aliasing. Newly created clusters will default to VPC_NATIVE.
    node_config ClusterNodeConfigArgs
    Parameters used in creating the default node pool. Generally, this field should not be used at the same time as a gcp.container.NodePool or a node_pool block; this configuration manages the default node pool, which isn't recommended to be used. Structure is documented below.
    node_locations Sequence[str]

    The list of zones in which the cluster's nodes are located. Nodes must be in the region of their regional cluster or in the same region as their cluster's zone for zonal clusters. If this is specified for a zonal cluster, omit the cluster's zone.

    A "multi-zonal" cluster is a zonal cluster with at least one additional zone defined; in a multi-zonal cluster, the cluster master is only present in a single zone while nodes are present in each of the primary zone and the node locations. In contrast, in a regional cluster, cluster master nodes are present in multiple zones in the region. For that reason, regional clusters should be preferred.

    node_pool_auto_config ClusterNodePoolAutoConfigArgs
    Node pool configs that apply to auto-provisioned node pools in autopilot clusters and node auto-provisioning-enabled clusters. Structure is documented below.
    node_pool_defaults ClusterNodePoolDefaultsArgs
    Default NodePool settings for the entire cluster. These settings are overridden if specified on the specific NodePool object. Structure is documented below.
    node_pools Sequence[ClusterNodePoolArgs]
    List of node pools associated with this cluster. See gcp.container.NodePool for schema. Warning: node pools defined inside a cluster can't be changed (or added/removed) after cluster creation without deleting and recreating the entire cluster. Unless you absolutely need the ability to say "these are the only node pools associated with this cluster", use the gcp.container.NodePool resource instead of this property.
    node_version str
    The Kubernetes version on the nodes. Must either be unset or set to the same value as min_master_version on create. Defaults to the default version set by GKE which is not necessarily the latest version. This only affects nodes in the default node pool. While a fuzzy version can be specified, it's recommended that you specify explicit versions as the provider will see spurious diffs when fuzzy versions are used. See the gcp.container.getEngineVersions data source's version_prefix field to approximate fuzzy versions. To update nodes in other node pools, use the version attribute on the node pool.
    notification_config ClusterNotificationConfigArgs
    Configuration for the cluster upgrade notifications feature. Structure is documented below.
    operation str
    pod_security_policy_config ClusterPodSecurityPolicyConfigArgs
    Configuration for the PodSecurityPolicy feature. Structure is documented below.
    private_cluster_config ClusterPrivateClusterConfigArgs
    Configuration for private clusters, clusters with private nodes. Structure is documented below.
    private_ipv6_google_access str
    The desired state of IPv6 connectivity to Google Services. By default, no private IPv6 access to or from Google Services (all access will be via IPv4).
    project str
    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
    protect_config ClusterProtectConfigArgs
    Enable/Disable Protect API features for the cluster. Structure is documented below.
    pulumi_labels Mapping[str, str]
    The combination of labels configured directly on the resource and default labels configured on the provider.
    release_channel ClusterReleaseChannelArgs
    Configuration options for the Release channel feature, which provide more control over automatic upgrades of your GKE clusters. When updating this field, GKE imposes specific version requirements. See Selecting a new release channel for more details; the gcp.container.getEngineVersions datasource can provide the default version for a channel. Note that removing the release_channel field from your config will cause the provider to stop managing your cluster's release channel, but will not unenroll it. Instead, use the "UNSPECIFIED" channel. Structure is documented below.
    remove_default_node_pool bool
    If true, deletes the default node pool upon cluster creation. If you're using gcp.container.NodePool resources with no default node pool, this should be set to true, alongside setting initial_node_count to at least 1.
    resource_labels Mapping[str, str]

    The GCE resource labels (a map of key/value pairs) to be applied to the cluster.

    Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field 'effective_labels' for all of the labels present on the resource.

    resource_usage_export_config ClusterResourceUsageExportConfigArgs
    Configuration for the ResourceUsageExportConfig feature. Structure is documented below.
    secret_manager_config ClusterSecretManagerConfigArgs
    Configuration for the SecretManagerConfig feature. Structure is documented below.
    security_posture_config ClusterSecurityPostureConfigArgs
    Enable/Disable Security Posture API features for the cluster. Structure is documented below.
    self_link str
    The server-defined URL for the resource.
    service_external_ips_config ClusterServiceExternalIpsConfigArgs
    Structure is documented below.
    services_ipv4_cidr str
    The IP address range of the Kubernetes services in this cluster, in CIDR notation (e.g. 1.2.3.4/29). Service addresses are typically put in the last /16 from the container CIDR.
    subnetwork str
    The name or self_link of the Google Compute Engine subnetwork in which the cluster's instances are launched.
    tpu_config ClusterTpuConfigArgs
    TPU configuration for the cluster.
    tpu_ipv4_cidr_block str
    The IP address range of the Cloud TPUs in this cluster, in CIDR notation (e.g. 1.2.3.4/29).
    user_managed_keys_config ClusterUserManagedKeysConfigArgs
    The custom keys configuration of the cluster.
    vertical_pod_autoscaling ClusterVerticalPodAutoscalingArgs
    Vertical Pod Autoscaling automatically adjusts the resources of pods controlled by it. Structure is documented below.
    workload_alts_config ClusterWorkloadAltsConfigArgs

    Configuration for direct-path (via ALTS) with workload identity.. Structure is documented below.

    The default_snat_status block supports

    workload_identity_config ClusterWorkloadIdentityConfigArgs
    Workload Identity allows Kubernetes service accounts to act as a user-managed Google IAM Service Account. Structure is documented below.
    addonsConfig Property Map
    The configuration for addons supported by GKE. Structure is documented below.
    allowNetAdmin Boolean
    Enable NET_ADMIN for the cluster. Defaults to false. This field should only be enabled for Autopilot clusters (enable_autopilot set to true).
    authenticatorGroupsConfig Property Map
    Configuration for the Google Groups for GKE feature. Structure is documented below.
    binaryAuthorization Property Map
    Configuration options for the Binary Authorization feature. Structure is documented below.
    clusterAutoscaling Property Map
    Per-cluster configuration of Node Auto-Provisioning with Cluster Autoscaler to automatically adjust the size of the cluster and create/delete node pools based on the current needs of the cluster's workload. See the guide to using Node Auto-Provisioning for more details. Structure is documented below.
    clusterIpv4Cidr String
    The IP address range of the Kubernetes pods in this cluster in CIDR notation (e.g. 10.96.0.0/14). Leave blank to have one automatically chosen or specify a /14 block in 10.0.0.0/8. This field will default a new cluster to routes-based, where ip_allocation_policy is not defined.
    clusterTelemetry Property Map
    Configuration for ClusterTelemetry feature, Structure is documented below.
    confidentialNodes Property Map
    Configuration for Confidential Nodes feature. Structure is documented below documented below.
    controlPlaneEndpointsConfig Property Map
    Configuration for all of the cluster's control plane endpoints. Structure is documented below.
    costManagementConfig Property Map
    Configuration for the Cost Allocation feature. Structure is documented below.
    databaseEncryption Property Map
    Structure is documented below.
    datapathProvider String
    The desired datapath provider for this cluster. This is set to LEGACY_DATAPATH by default, which uses the IPTables-based kube-proxy implementation. Set to ADVANCED_DATAPATH to enable Dataplane v2.
    defaultMaxPodsPerNode Number
    The default maximum number of pods per node in this cluster. This doesn't work on "routes-based" clusters, clusters that don't have IP Aliasing enabled. See the official documentation for more information.
    defaultSnatStatus Property Map
    GKE SNAT DefaultSnatStatus contains the desired state of whether default sNAT should be disabled on the cluster, API doc. Structure is documented below
    deletionProtection Boolean
    description String
    Description of the cluster.
    dnsConfig Property Map
    Configuration for Using Cloud DNS for GKE. Structure is documented below.
    effectiveLabels Map<String>
    All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
    enableAutopilot Boolean
    Enable Autopilot for this cluster. Defaults to false. Note that when this option is enabled, certain features of Standard GKE are not available. See the official documentation for available features.
    enableCiliumClusterwideNetworkPolicy Boolean
    Whether CiliumClusterWideNetworkPolicy is enabled on this cluster. Defaults to false.
    enableFqdnNetworkPolicy Boolean
    Whether FQDN Network Policy is enabled on this cluster. Users who enable this feature for existing Standard clusters must restart the GKE Dataplane V2 anetd DaemonSet after enabling it. See the Enable FQDN Network Policy in an existing cluster for more information.
    enableIntranodeVisibility Boolean
    Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network.
    enableK8sBetaApis Property Map
    Configuration for Kubernetes Beta APIs. Structure is documented below.
    enableKubernetesAlpha Boolean
    Whether to enable Kubernetes Alpha features for this cluster. Note that when this option is enabled, the cluster cannot be upgraded and will be automatically deleted after 30 days.
    enableL4IlbSubsetting Boolean
    Whether L4ILB Subsetting is enabled for this cluster.
    enableLegacyAbac Boolean
    Whether the ABAC authorizer is enabled for this cluster. When enabled, identities in the system, including service accounts, nodes, and controllers, will have statically granted permissions beyond those provided by the RBAC configuration or IAM. Defaults to false
    enableMultiNetworking Boolean
    Whether multi-networking is enabled for this cluster.
    enableShieldedNodes Boolean
    Enable Shielded Nodes features on all nodes in this cluster. Defaults to true.
    enableTpu Boolean
    Whether to enable Cloud TPU resources in this cluster. See the official documentation.
    endpoint String
    The IP address of this cluster's Kubernetes master.
    fleet Property Map
    Fleet configuration for the cluster. Structure is documented below.
    gatewayApiConfig Property Map
    Configuration for GKE Gateway API controller. Structure is documented below.
    identityServiceConfig Property Map
    . Structure is documented below.
    initialNodeCount Number
    The number of nodes to create in this cluster's default node pool. In regional or multi-zonal clusters, this is the number of nodes per zone. Must be set if node_pool is not set. If you're using gcp.container.NodePool objects with no default node pool, you'll need to set this to a value of at least 1, alongside setting remove_default_node_pool to true.
    ipAllocationPolicy Property Map
    Configuration of cluster IP allocation for VPC-native clusters. If this block is unset during creation, it will be set by the GKE backend. Structure is documented below.
    labelFingerprint String
    The fingerprint of the set of labels for this cluster.
    location String
    The location (region or zone) in which the cluster master will be created, as well as the default node location. If you specify a zone (such as us-central1-a), the cluster will be a zonal cluster with a single cluster master. If you specify a region (such as us-west1), the cluster will be a regional cluster with multiple masters spread across zones in the region, and with default node locations in those zones as well
    loggingConfig Property Map
    Logging configuration for the cluster. Structure is documented below.
    loggingService String
    The logging service that the cluster should write logs to. Available options include logging.googleapis.com(Legacy Stackdriver), logging.googleapis.com/kubernetes(Stackdriver Kubernetes Engine Logging), and none. Defaults to logging.googleapis.com/kubernetes
    maintenancePolicy Property Map
    The maintenance policy to use for the cluster. Structure is documented below.
    masterAuth Property Map
    The authentication information for accessing the Kubernetes master. Some values in this block are only returned by the API if your service account has permission to get credentials for your GKE cluster. If you see an unexpected diff unsetting your client cert, ensure you have the container.clusters.getCredentials permission. Structure is documented below.
    masterAuthorizedNetworksConfig Property Map
    The desired configuration options for master authorized networks. Omit the nested cidr_blocks attribute to disallow external access (except the cluster node IPs, which GKE automatically whitelists). Structure is documented below.
    masterVersion String
    The current version of the master in the cluster. This may be different than the min_master_version set in the config if the master has been updated by GKE.
    meshCertificates Property Map
    Structure is documented below.
    minMasterVersion String

    The minimum version of the master. GKE will auto-update the master to new versions, so this does not guarantee the current master version--use the read-only master_version field to obtain that. If unset, the cluster's version will be set by GKE to the version of the most recent official release (which is not necessarily the latest version). Most users will find the gcp.container.getEngineVersions data source useful - it indicates which versions are available. If you intend to specify versions manually, the docs describe the various acceptable formats for this field.

    If you are using the gcp.container.getEngineVersions datasource with a regional cluster, ensure that you have provided a location to the datasource. A region can have a different set of supported versions than its corresponding zones, and not all zones in a region are guaranteed to support the same version.

    monitoringConfig Property Map
    Monitoring configuration for the cluster. Structure is documented below.
    monitoringService String
    The monitoring service that the cluster should write metrics to. Automatically send metrics from pods in the cluster to the Google Cloud Monitoring API. VM metrics will be collected by Google Compute Engine regardless of this setting Available options include monitoring.googleapis.com(Legacy Stackdriver), monitoring.googleapis.com/kubernetes(Stackdriver Kubernetes Engine Monitoring), and none. Defaults to monitoring.googleapis.com/kubernetes
    name String
    The name of the cluster, unique within the project and location.


    network String
    The name or self_link of the Google Compute Engine network to which the cluster is connected. For Shared VPC, set this to the self link of the shared network.
    networkPolicy Property Map
    Configuration options for the NetworkPolicy feature. Structure is documented below.
    networkingMode String
    Determines whether alias IPs or routes will be used for pod IPs in the cluster. Options are VPC_NATIVE or ROUTES. VPC_NATIVE enables IP aliasing. Newly created clusters will default to VPC_NATIVE.
    nodeConfig Property Map
    Parameters used in creating the default node pool. Generally, this field should not be used at the same time as a gcp.container.NodePool or a node_pool block; this configuration manages the default node pool, which isn't recommended to be used. Structure is documented below.
    nodeLocations List<String>

    The list of zones in which the cluster's nodes are located. Nodes must be in the region of their regional cluster or in the same region as their cluster's zone for zonal clusters. If this is specified for a zonal cluster, omit the cluster's zone.

    A "multi-zonal" cluster is a zonal cluster with at least one additional zone defined; in a multi-zonal cluster, the cluster master is only present in a single zone while nodes are present in each of the primary zone and the node locations. In contrast, in a regional cluster, cluster master nodes are present in multiple zones in the region. For that reason, regional clusters should be preferred.

    nodePoolAutoConfig Property Map
    Node pool configs that apply to auto-provisioned node pools in autopilot clusters and node auto-provisioning-enabled clusters. Structure is documented below.
    nodePoolDefaults Property Map
    Default NodePool settings for the entire cluster. These settings are overridden if specified on the specific NodePool object. Structure is documented below.
    nodePools List<Property Map>
    List of node pools associated with this cluster. See gcp.container.NodePool for schema. Warning: node pools defined inside a cluster can't be changed (or added/removed) after cluster creation without deleting and recreating the entire cluster. Unless you absolutely need the ability to say "these are the only node pools associated with this cluster", use the gcp.container.NodePool resource instead of this property.
    nodeVersion String
    The Kubernetes version on the nodes. Must either be unset or set to the same value as min_master_version on create. Defaults to the default version set by GKE which is not necessarily the latest version. This only affects nodes in the default node pool. While a fuzzy version can be specified, it's recommended that you specify explicit versions as the provider will see spurious diffs when fuzzy versions are used. See the gcp.container.getEngineVersions data source's version_prefix field to approximate fuzzy versions. To update nodes in other node pools, use the version attribute on the node pool.
    notificationConfig Property Map
    Configuration for the cluster upgrade notifications feature. Structure is documented below.
    operation String
    podSecurityPolicyConfig Property Map
    Configuration for the PodSecurityPolicy feature. Structure is documented below.
    privateClusterConfig Property Map
    Configuration for private clusters, clusters with private nodes. Structure is documented below.
    privateIpv6GoogleAccess String
    The desired state of IPv6 connectivity to Google Services. By default, no private IPv6 access to or from Google Services (all access will be via IPv4).
    project String
    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
    protectConfig Property Map
    Enable/Disable Protect API features for the cluster. Structure is documented below.
    pulumiLabels Map<String>
    The combination of labels configured directly on the resource and default labels configured on the provider.
    releaseChannel Property Map
    Configuration options for the Release channel feature, which provide more control over automatic upgrades of your GKE clusters. When updating this field, GKE imposes specific version requirements. See Selecting a new release channel for more details; the gcp.container.getEngineVersions datasource can provide the default version for a channel. Note that removing the release_channel field from your config will cause the provider to stop managing your cluster's release channel, but will not unenroll it. Instead, use the "UNSPECIFIED" channel. Structure is documented below.
    removeDefaultNodePool Boolean
    If true, deletes the default node pool upon cluster creation. If you're using gcp.container.NodePool resources with no default node pool, this should be set to true, alongside setting initial_node_count to at least 1.
    resourceLabels Map<String>

    The GCE resource labels (a map of key/value pairs) to be applied to the cluster.

    Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field 'effective_labels' for all of the labels present on the resource.

    resourceUsageExportConfig Property Map
    Configuration for the ResourceUsageExportConfig feature. Structure is documented below.
    secretManagerConfig Property Map
    Configuration for the SecretManagerConfig feature. Structure is documented below.
    securityPostureConfig Property Map
    Enable/Disable Security Posture API features for the cluster. Structure is documented below.
    selfLink String
    The server-defined URL for the resource.
    serviceExternalIpsConfig Property Map
    Structure is documented below.
    servicesIpv4Cidr String
    The IP address range of the Kubernetes services in this cluster, in CIDR notation (e.g. 1.2.3.4/29). Service addresses are typically put in the last /16 from the container CIDR.
    subnetwork String
    The name or self_link of the Google Compute Engine subnetwork in which the cluster's instances are launched.
    tpuConfig Property Map
    TPU configuration for the cluster.
    tpuIpv4CidrBlock String
    The IP address range of the Cloud TPUs in this cluster, in CIDR notation (e.g. 1.2.3.4/29).
    userManagedKeysConfig Property Map
    The custom keys configuration of the cluster.
    verticalPodAutoscaling Property Map
    Vertical Pod Autoscaling automatically adjusts the resources of pods controlled by it. Structure is documented below.
    workloadAltsConfig Property Map

    Configuration for direct-path (via ALTS) with workload identity.. Structure is documented below.

    The default_snat_status block supports

    workloadIdentityConfig Property Map
    Workload Identity allows Kubernetes service accounts to act as a user-managed Google IAM Service Account. Structure is documented below.

    Supporting Types

    ClusterAddonsConfig, ClusterAddonsConfigArgs

    CloudrunConfig ClusterAddonsConfigCloudrunConfig
    . Structure is documented below.
    ConfigConnectorConfig ClusterAddonsConfigConfigConnectorConfig
    . The status of the ConfigConnector addon. It is disabled by default; Set enabled = true to enable.
    DnsCacheConfig ClusterAddonsConfigDnsCacheConfig

    . The status of the NodeLocal DNSCache addon. It is disabled by default. Set enabled = true to enable.

    Enabling/Disabling NodeLocal DNSCache in an existing cluster is a disruptive operation. All cluster nodes running GKE 1.15 and higher are recreated.

    GcePersistentDiskCsiDriverConfig ClusterAddonsConfigGcePersistentDiskCsiDriverConfig

    . Whether this cluster should enable the Google Compute Engine Persistent Disk Container Storage Interface (CSI) Driver. Set enabled = true to enable.

    Note: The Compute Engine persistent disk CSI Driver is enabled by default on newly created clusters for the following versions: Linux clusters: GKE version 1.18.10-gke.2100 or later, or 1.19.3-gke.2100 or later.

    GcpFilestoreCsiDriverConfig ClusterAddonsConfigGcpFilestoreCsiDriverConfig
    The status of the Filestore CSI driver addon, which allows the usage of filestore instance as volumes. It is disabled by default; set enabled = true to enable.
    GcsFuseCsiDriverConfig ClusterAddonsConfigGcsFuseCsiDriverConfig
    The status of the GCSFuse CSI driver addon, which allows the usage of a gcs bucket as volumes. It is disabled by default for Standard clusters; set enabled = true to enable. It is enabled by default for Autopilot clusters with version 1.24 or later; set enabled = true to enable it explicitly. See Enable the Cloud Storage FUSE CSI driver for more information.
    GkeBackupAgentConfig ClusterAddonsConfigGkeBackupAgentConfig
    . The status of the Backup for GKE agent addon. It is disabled by default; Set enabled = true to enable.
    HorizontalPodAutoscaling ClusterAddonsConfigHorizontalPodAutoscaling
    The status of the Horizontal Pod Autoscaling addon, which increases or decreases the number of replica pods a replication controller has based on the resource usage of the existing pods. It is enabled by default; set disabled = true to disable.
    HttpLoadBalancing ClusterAddonsConfigHttpLoadBalancing
    The status of the HTTP (L7) load balancing controller addon, which makes it easy to set up HTTP load balancers for services in a cluster. It is enabled by default; set disabled = true to disable.
    IstioConfig ClusterAddonsConfigIstioConfig
    . Structure is documented below.
    KalmConfig ClusterAddonsConfigKalmConfig
    . Configuration for the KALM addon, which manages the lifecycle of k8s. It is disabled by default; Set enabled = true to enable.
    NetworkPolicyConfig ClusterAddonsConfigNetworkPolicyConfig
    Whether we should enable the network policy addon for the master. This must be enabled in order to enable network policy for the nodes. To enable this, you must also define a network_policy block, otherwise nothing will happen. It can only be disabled if the nodes already do not have network policies enabled. Defaults to disabled; set disabled = false to enable.
    ParallelstoreCsiDriverConfig ClusterAddonsConfigParallelstoreCsiDriverConfig

    The status of the Parallelstore CSI driver addon, which allows the usage of a Parallelstore instances as volumes. It is disabled by default for Standard clusters; set enabled = true to enable. It is enabled by default for Autopilot clusters with version 1.29 or later; set enabled = true to enable it explicitly. See Enable the Parallelstore CSI driver for more information.

    This example addons_config disables two addons:

    RayOperatorConfigs List<ClusterAddonsConfigRayOperatorConfig>

    . The status of the Ray Operator addon. It is disabled by default. Set enabled = true to enable. The minimum cluster version to enable Ray is 1.30.0-gke.1747000.

    Ray Operator config has optional subfields ray_cluster_logging_config.enabled and ray_cluster_monitoring_config.enabled which control Ray Cluster logging and monitoring respectively. See Collect and view logs and metrics for Ray clusters on GKE for more information.

    StatefulHaConfig ClusterAddonsConfigStatefulHaConfig
    . The status of the Stateful HA addon, which provides automatic configurable failover for stateful applications. It is disabled by default for Standard clusters. Set enabled = true to enable.
    CloudrunConfig ClusterAddonsConfigCloudrunConfig
    . Structure is documented below.
    ConfigConnectorConfig ClusterAddonsConfigConfigConnectorConfig
    . The status of the ConfigConnector addon. It is disabled by default; Set enabled = true to enable.
    DnsCacheConfig ClusterAddonsConfigDnsCacheConfig

    . The status of the NodeLocal DNSCache addon. It is disabled by default. Set enabled = true to enable.

    Enabling/Disabling NodeLocal DNSCache in an existing cluster is a disruptive operation. All cluster nodes running GKE 1.15 and higher are recreated.

    GcePersistentDiskCsiDriverConfig ClusterAddonsConfigGcePersistentDiskCsiDriverConfig

    . Whether this cluster should enable the Google Compute Engine Persistent Disk Container Storage Interface (CSI) Driver. Set enabled = true to enable.

    Note: The Compute Engine persistent disk CSI Driver is enabled by default on newly created clusters for the following versions: Linux clusters: GKE version 1.18.10-gke.2100 or later, or 1.19.3-gke.2100 or later.

    GcpFilestoreCsiDriverConfig ClusterAddonsConfigGcpFilestoreCsiDriverConfig
    The status of the Filestore CSI driver addon, which allows the usage of filestore instance as volumes. It is disabled by default; set enabled = true to enable.
    GcsFuseCsiDriverConfig ClusterAddonsConfigGcsFuseCsiDriverConfig
    The status of the GCSFuse CSI driver addon, which allows the usage of a gcs bucket as volumes. It is disabled by default for Standard clusters; set enabled = true to enable. It is enabled by default for Autopilot clusters with version 1.24 or later; set enabled = true to enable it explicitly. See Enable the Cloud Storage FUSE CSI driver for more information.
    GkeBackupAgentConfig ClusterAddonsConfigGkeBackupAgentConfig
    . The status of the Backup for GKE agent addon. It is disabled by default; Set enabled = true to enable.
    HorizontalPodAutoscaling ClusterAddonsConfigHorizontalPodAutoscaling
    The status of the Horizontal Pod Autoscaling addon, which increases or decreases the number of replica pods a replication controller has based on the resource usage of the existing pods. It is enabled by default; set disabled = true to disable.
    HttpLoadBalancing ClusterAddonsConfigHttpLoadBalancing
    The status of the HTTP (L7) load balancing controller addon, which makes it easy to set up HTTP load balancers for services in a cluster. It is enabled by default; set disabled = true to disable.
    IstioConfig ClusterAddonsConfigIstioConfig
    . Structure is documented below.
    KalmConfig ClusterAddonsConfigKalmConfig
    . Configuration for the KALM addon, which manages the lifecycle of k8s. It is disabled by default; Set enabled = true to enable.
    NetworkPolicyConfig ClusterAddonsConfigNetworkPolicyConfig
    Whether we should enable the network policy addon for the master. This must be enabled in order to enable network policy for the nodes. To enable this, you must also define a network_policy block, otherwise nothing will happen. It can only be disabled if the nodes already do not have network policies enabled. Defaults to disabled; set disabled = false to enable.
    ParallelstoreCsiDriverConfig ClusterAddonsConfigParallelstoreCsiDriverConfig

    The status of the Parallelstore CSI driver addon, which allows the usage of a Parallelstore instances as volumes. It is disabled by default for Standard clusters; set enabled = true to enable. It is enabled by default for Autopilot clusters with version 1.29 or later; set enabled = true to enable it explicitly. See Enable the Parallelstore CSI driver for more information.

    This example addons_config disables two addons:

    RayOperatorConfigs []ClusterAddonsConfigRayOperatorConfig

    . The status of the Ray Operator addon. It is disabled by default. Set enabled = true to enable. The minimum cluster version to enable Ray is 1.30.0-gke.1747000.

    Ray Operator config has optional subfields ray_cluster_logging_config.enabled and ray_cluster_monitoring_config.enabled which control Ray Cluster logging and monitoring respectively. See Collect and view logs and metrics for Ray clusters on GKE for more information.

    StatefulHaConfig ClusterAddonsConfigStatefulHaConfig
    . The status of the Stateful HA addon, which provides automatic configurable failover for stateful applications. It is disabled by default for Standard clusters. Set enabled = true to enable.
    cloudrunConfig ClusterAddonsConfigCloudrunConfig
    . Structure is documented below.
    configConnectorConfig ClusterAddonsConfigConfigConnectorConfig
    . The status of the ConfigConnector addon. It is disabled by default; Set enabled = true to enable.
    dnsCacheConfig ClusterAddonsConfigDnsCacheConfig

    . The status of the NodeLocal DNSCache addon. It is disabled by default. Set enabled = true to enable.

    Enabling/Disabling NodeLocal DNSCache in an existing cluster is a disruptive operation. All cluster nodes running GKE 1.15 and higher are recreated.

    gcePersistentDiskCsiDriverConfig ClusterAddonsConfigGcePersistentDiskCsiDriverConfig

    . Whether this cluster should enable the Google Compute Engine Persistent Disk Container Storage Interface (CSI) Driver. Set enabled = true to enable.

    Note: The Compute Engine persistent disk CSI Driver is enabled by default on newly created clusters for the following versions: Linux clusters: GKE version 1.18.10-gke.2100 or later, or 1.19.3-gke.2100 or later.

    gcpFilestoreCsiDriverConfig ClusterAddonsConfigGcpFilestoreCsiDriverConfig
    The status of the Filestore CSI driver addon, which allows the usage of filestore instance as volumes. It is disabled by default; set enabled = true to enable.
    gcsFuseCsiDriverConfig ClusterAddonsConfigGcsFuseCsiDriverConfig
    The status of the GCSFuse CSI driver addon, which allows the usage of a gcs bucket as volumes. It is disabled by default for Standard clusters; set enabled = true to enable. It is enabled by default for Autopilot clusters with version 1.24 or later; set enabled = true to enable it explicitly. See Enable the Cloud Storage FUSE CSI driver for more information.
    gkeBackupAgentConfig ClusterAddonsConfigGkeBackupAgentConfig
    . The status of the Backup for GKE agent addon. It is disabled by default; Set enabled = true to enable.
    horizontalPodAutoscaling ClusterAddonsConfigHorizontalPodAutoscaling
    The status of the Horizontal Pod Autoscaling addon, which increases or decreases the number of replica pods a replication controller has based on the resource usage of the existing pods. It is enabled by default; set disabled = true to disable.
    httpLoadBalancing ClusterAddonsConfigHttpLoadBalancing
    The status of the HTTP (L7) load balancing controller addon, which makes it easy to set up HTTP load balancers for services in a cluster. It is enabled by default; set disabled = true to disable.
    istioConfig ClusterAddonsConfigIstioConfig
    . Structure is documented below.
    kalmConfig ClusterAddonsConfigKalmConfig
    . Configuration for the KALM addon, which manages the lifecycle of k8s. It is disabled by default; Set enabled = true to enable.
    networkPolicyConfig ClusterAddonsConfigNetworkPolicyConfig
    Whether we should enable the network policy addon for the master. This must be enabled in order to enable network policy for the nodes. To enable this, you must also define a network_policy block, otherwise nothing will happen. It can only be disabled if the nodes already do not have network policies enabled. Defaults to disabled; set disabled = false to enable.
    parallelstoreCsiDriverConfig ClusterAddonsConfigParallelstoreCsiDriverConfig

    The status of the Parallelstore CSI driver addon, which allows the usage of a Parallelstore instances as volumes. It is disabled by default for Standard clusters; set enabled = true to enable. It is enabled by default for Autopilot clusters with version 1.29 or later; set enabled = true to enable it explicitly. See Enable the Parallelstore CSI driver for more information.

    This example addons_config disables two addons:

    rayOperatorConfigs List<ClusterAddonsConfigRayOperatorConfig>

    . The status of the Ray Operator addon. It is disabled by default. Set enabled = true to enable. The minimum cluster version to enable Ray is 1.30.0-gke.1747000.

    Ray Operator config has optional subfields ray_cluster_logging_config.enabled and ray_cluster_monitoring_config.enabled which control Ray Cluster logging and monitoring respectively. See Collect and view logs and metrics for Ray clusters on GKE for more information.

    statefulHaConfig ClusterAddonsConfigStatefulHaConfig
    . The status of the Stateful HA addon, which provides automatic configurable failover for stateful applications. It is disabled by default for Standard clusters. Set enabled = true to enable.
    cloudrunConfig ClusterAddonsConfigCloudrunConfig
    . Structure is documented below.
    configConnectorConfig ClusterAddonsConfigConfigConnectorConfig
    . The status of the ConfigConnector addon. It is disabled by default; Set enabled = true to enable.
    dnsCacheConfig ClusterAddonsConfigDnsCacheConfig

    . The status of the NodeLocal DNSCache addon. It is disabled by default. Set enabled = true to enable.

    Enabling/Disabling NodeLocal DNSCache in an existing cluster is a disruptive operation. All cluster nodes running GKE 1.15 and higher are recreated.

    gcePersistentDiskCsiDriverConfig ClusterAddonsConfigGcePersistentDiskCsiDriverConfig

    . Whether this cluster should enable the Google Compute Engine Persistent Disk Container Storage Interface (CSI) Driver. Set enabled = true to enable.

    Note: The Compute Engine persistent disk CSI Driver is enabled by default on newly created clusters for the following versions: Linux clusters: GKE version 1.18.10-gke.2100 or later, or 1.19.3-gke.2100 or later.

    gcpFilestoreCsiDriverConfig ClusterAddonsConfigGcpFilestoreCsiDriverConfig
    The status of the Filestore CSI driver addon, which allows the usage of filestore instance as volumes. It is disabled by default; set enabled = true to enable.
    gcsFuseCsiDriverConfig ClusterAddonsConfigGcsFuseCsiDriverConfig
    The status of the GCSFuse CSI driver addon, which allows the usage of a gcs bucket as volumes. It is disabled by default for Standard clusters; set enabled = true to enable. It is enabled by default for Autopilot clusters with version 1.24 or later; set enabled = true to enable it explicitly. See Enable the Cloud Storage FUSE CSI driver for more information.
    gkeBackupAgentConfig ClusterAddonsConfigGkeBackupAgentConfig
    . The status of the Backup for GKE agent addon. It is disabled by default; Set enabled = true to enable.
    horizontalPodAutoscaling ClusterAddonsConfigHorizontalPodAutoscaling
    The status of the Horizontal Pod Autoscaling addon, which increases or decreases the number of replica pods a replication controller has based on the resource usage of the existing pods. It is enabled by default; set disabled = true to disable.
    httpLoadBalancing ClusterAddonsConfigHttpLoadBalancing
    The status of the HTTP (L7) load balancing controller addon, which makes it easy to set up HTTP load balancers for services in a cluster. It is enabled by default; set disabled = true to disable.
    istioConfig ClusterAddonsConfigIstioConfig
    . Structure is documented below.
    kalmConfig ClusterAddonsConfigKalmConfig
    . Configuration for the KALM addon, which manages the lifecycle of k8s. It is disabled by default; Set enabled = true to enable.
    networkPolicyConfig ClusterAddonsConfigNetworkPolicyConfig
    Whether we should enable the network policy addon for the master. This must be enabled in order to enable network policy for the nodes. To enable this, you must also define a network_policy block, otherwise nothing will happen. It can only be disabled if the nodes already do not have network policies enabled. Defaults to disabled; set disabled = false to enable.
    parallelstoreCsiDriverConfig ClusterAddonsConfigParallelstoreCsiDriverConfig

    The status of the Parallelstore CSI driver addon, which allows the usage of a Parallelstore instances as volumes. It is disabled by default for Standard clusters; set enabled = true to enable. It is enabled by default for Autopilot clusters with version 1.29 or later; set enabled = true to enable it explicitly. See Enable the Parallelstore CSI driver for more information.

    This example addons_config disables two addons:

    rayOperatorConfigs ClusterAddonsConfigRayOperatorConfig[]

    . The status of the Ray Operator addon. It is disabled by default. Set enabled = true to enable. The minimum cluster version to enable Ray is 1.30.0-gke.1747000.

    Ray Operator config has optional subfields ray_cluster_logging_config.enabled and ray_cluster_monitoring_config.enabled which control Ray Cluster logging and monitoring respectively. See Collect and view logs and metrics for Ray clusters on GKE for more information.

    statefulHaConfig ClusterAddonsConfigStatefulHaConfig
    . The status of the Stateful HA addon, which provides automatic configurable failover for stateful applications. It is disabled by default for Standard clusters. Set enabled = true to enable.
    cloudrun_config ClusterAddonsConfigCloudrunConfig
    . Structure is documented below.
    config_connector_config ClusterAddonsConfigConfigConnectorConfig
    . The status of the ConfigConnector addon. It is disabled by default; Set enabled = true to enable.
    dns_cache_config ClusterAddonsConfigDnsCacheConfig

    . The status of the NodeLocal DNSCache addon. It is disabled by default. Set enabled = true to enable.

    Enabling/Disabling NodeLocal DNSCache in an existing cluster is a disruptive operation. All cluster nodes running GKE 1.15 and higher are recreated.

    gce_persistent_disk_csi_driver_config ClusterAddonsConfigGcePersistentDiskCsiDriverConfig

    . Whether this cluster should enable the Google Compute Engine Persistent Disk Container Storage Interface (CSI) Driver. Set enabled = true to enable.

    Note: The Compute Engine persistent disk CSI Driver is enabled by default on newly created clusters for the following versions: Linux clusters: GKE version 1.18.10-gke.2100 or later, or 1.19.3-gke.2100 or later.

    gcp_filestore_csi_driver_config ClusterAddonsConfigGcpFilestoreCsiDriverConfig
    The status of the Filestore CSI driver addon, which allows the usage of filestore instance as volumes. It is disabled by default; set enabled = true to enable.
    gcs_fuse_csi_driver_config ClusterAddonsConfigGcsFuseCsiDriverConfig
    The status of the GCSFuse CSI driver addon, which allows the usage of a gcs bucket as volumes. It is disabled by default for Standard clusters; set enabled = true to enable. It is enabled by default for Autopilot clusters with version 1.24 or later; set enabled = true to enable it explicitly. See Enable the Cloud Storage FUSE CSI driver for more information.
    gke_backup_agent_config ClusterAddonsConfigGkeBackupAgentConfig
    . The status of the Backup for GKE agent addon. It is disabled by default; Set enabled = true to enable.
    horizontal_pod_autoscaling ClusterAddonsConfigHorizontalPodAutoscaling
    The status of the Horizontal Pod Autoscaling addon, which increases or decreases the number of replica pods a replication controller has based on the resource usage of the existing pods. It is enabled by default; set disabled = true to disable.
    http_load_balancing ClusterAddonsConfigHttpLoadBalancing
    The status of the HTTP (L7) load balancing controller addon, which makes it easy to set up HTTP load balancers for services in a cluster. It is enabled by default; set disabled = true to disable.
    istio_config ClusterAddonsConfigIstioConfig
    . Structure is documented below.
    kalm_config ClusterAddonsConfigKalmConfig
    . Configuration for the KALM addon, which manages the lifecycle of k8s. It is disabled by default; Set enabled = true to enable.
    network_policy_config ClusterAddonsConfigNetworkPolicyConfig
    Whether we should enable the network policy addon for the master. This must be enabled in order to enable network policy for the nodes. To enable this, you must also define a network_policy block, otherwise nothing will happen. It can only be disabled if the nodes already do not have network policies enabled. Defaults to disabled; set disabled = false to enable.
    parallelstore_csi_driver_config ClusterAddonsConfigParallelstoreCsiDriverConfig

    The status of the Parallelstore CSI driver addon, which allows the usage of a Parallelstore instances as volumes. It is disabled by default for Standard clusters; set enabled = true to enable. It is enabled by default for Autopilot clusters with version 1.29 or later; set enabled = true to enable it explicitly. See Enable the Parallelstore CSI driver for more information.

    This example addons_config disables two addons:

    ray_operator_configs Sequence[ClusterAddonsConfigRayOperatorConfig]

    . The status of the Ray Operator addon. It is disabled by default. Set enabled = true to enable. The minimum cluster version to enable Ray is 1.30.0-gke.1747000.

    Ray Operator config has optional subfields ray_cluster_logging_config.enabled and ray_cluster_monitoring_config.enabled which control Ray Cluster logging and monitoring respectively. See Collect and view logs and metrics for Ray clusters on GKE for more information.

    stateful_ha_config ClusterAddonsConfigStatefulHaConfig
    . The status of the Stateful HA addon, which provides automatic configurable failover for stateful applications. It is disabled by default for Standard clusters. Set enabled = true to enable.
    cloudrunConfig Property Map
    . Structure is documented below.
    configConnectorConfig Property Map
    . The status of the ConfigConnector addon. It is disabled by default; Set enabled = true to enable.
    dnsCacheConfig Property Map

    . The status of the NodeLocal DNSCache addon. It is disabled by default. Set enabled = true to enable.

    Enabling/Disabling NodeLocal DNSCache in an existing cluster is a disruptive operation. All cluster nodes running GKE 1.15 and higher are recreated.

    gcePersistentDiskCsiDriverConfig Property Map

    . Whether this cluster should enable the Google Compute Engine Persistent Disk Container Storage Interface (CSI) Driver. Set enabled = true to enable.

    Note: The Compute Engine persistent disk CSI Driver is enabled by default on newly created clusters for the following versions: Linux clusters: GKE version 1.18.10-gke.2100 or later, or 1.19.3-gke.2100 or later.

    gcpFilestoreCsiDriverConfig Property Map
    The status of the Filestore CSI driver addon, which allows the usage of filestore instance as volumes. It is disabled by default; set enabled = true to enable.
    gcsFuseCsiDriverConfig Property Map
    The status of the GCSFuse CSI driver addon, which allows the usage of a gcs bucket as volumes. It is disabled by default for Standard clusters; set enabled = true to enable. It is enabled by default for Autopilot clusters with version 1.24 or later; set enabled = true to enable it explicitly. See Enable the Cloud Storage FUSE CSI driver for more information.
    gkeBackupAgentConfig Property Map
    . The status of the Backup for GKE agent addon. It is disabled by default; Set enabled = true to enable.
    horizontalPodAutoscaling Property Map
    The status of the Horizontal Pod Autoscaling addon, which increases or decreases the number of replica pods a replication controller has based on the resource usage of the existing pods. It is enabled by default; set disabled = true to disable.
    httpLoadBalancing Property Map
    The status of the HTTP (L7) load balancing controller addon, which makes it easy to set up HTTP load balancers for services in a cluster. It is enabled by default; set disabled = true to disable.
    istioConfig Property Map
    . Structure is documented below.
    kalmConfig Property Map
    . Configuration for the KALM addon, which manages the lifecycle of k8s. It is disabled by default; Set enabled = true to enable.
    networkPolicyConfig Property Map
    Whether we should enable the network policy addon for the master. This must be enabled in order to enable network policy for the nodes. To enable this, you must also define a network_policy block, otherwise nothing will happen. It can only be disabled if the nodes already do not have network policies enabled. Defaults to disabled; set disabled = false to enable.
    parallelstoreCsiDriverConfig Property Map

    The status of the Parallelstore CSI driver addon, which allows the usage of a Parallelstore instances as volumes. It is disabled by default for Standard clusters; set enabled = true to enable. It is enabled by default for Autopilot clusters with version 1.29 or later; set enabled = true to enable it explicitly. See Enable the Parallelstore CSI driver for more information.

    This example addons_config disables two addons:

    rayOperatorConfigs List<Property Map>

    . The status of the Ray Operator addon. It is disabled by default. Set enabled = true to enable. The minimum cluster version to enable Ray is 1.30.0-gke.1747000.

    Ray Operator config has optional subfields ray_cluster_logging_config.enabled and ray_cluster_monitoring_config.enabled which control Ray Cluster logging and monitoring respectively. See Collect and view logs and metrics for Ray clusters on GKE for more information.

    statefulHaConfig Property Map
    . The status of the Stateful HA addon, which provides automatic configurable failover for stateful applications. It is disabled by default for Standard clusters. Set enabled = true to enable.

    ClusterAddonsConfigCloudrunConfig, ClusterAddonsConfigCloudrunConfigArgs

    Disabled bool
    The status of the CloudRun addon. It is disabled by default. Set disabled=false to enable.
    LoadBalancerType string
    The load balancer type of CloudRun ingress service. It is external load balancer by default. Set load_balancer_type=LOAD_BALANCER_TYPE_INTERNAL to configure it as internal load balancer.
    Disabled bool
    The status of the CloudRun addon. It is disabled by default. Set disabled=false to enable.
    LoadBalancerType string
    The load balancer type of CloudRun ingress service. It is external load balancer by default. Set load_balancer_type=LOAD_BALANCER_TYPE_INTERNAL to configure it as internal load balancer.
    disabled Boolean
    The status of the CloudRun addon. It is disabled by default. Set disabled=false to enable.
    loadBalancerType String
    The load balancer type of CloudRun ingress service. It is external load balancer by default. Set load_balancer_type=LOAD_BALANCER_TYPE_INTERNAL to configure it as internal load balancer.
    disabled boolean
    The status of the CloudRun addon. It is disabled by default. Set disabled=false to enable.
    loadBalancerType string
    The load balancer type of CloudRun ingress service. It is external load balancer by default. Set load_balancer_type=LOAD_BALANCER_TYPE_INTERNAL to configure it as internal load balancer.
    disabled bool
    The status of the CloudRun addon. It is disabled by default. Set disabled=false to enable.
    load_balancer_type str
    The load balancer type of CloudRun ingress service. It is external load balancer by default. Set load_balancer_type=LOAD_BALANCER_TYPE_INTERNAL to configure it as internal load balancer.
    disabled Boolean
    The status of the CloudRun addon. It is disabled by default. Set disabled=false to enable.
    loadBalancerType String
    The load balancer type of CloudRun ingress service. It is external load balancer by default. Set load_balancer_type=LOAD_BALANCER_TYPE_INTERNAL to configure it as internal load balancer.

    ClusterAddonsConfigConfigConnectorConfig, ClusterAddonsConfigConfigConnectorConfigArgs

    Enabled bool
    Enabled bool
    enabled Boolean
    enabled boolean
    enabled bool
    enabled Boolean

    ClusterAddonsConfigDnsCacheConfig, ClusterAddonsConfigDnsCacheConfigArgs

    Enabled bool
    Enabled bool
    enabled Boolean
    enabled boolean
    enabled bool
    enabled Boolean

    ClusterAddonsConfigGcePersistentDiskCsiDriverConfig, ClusterAddonsConfigGcePersistentDiskCsiDriverConfigArgs

    Enabled bool
    Enabled bool
    enabled Boolean
    enabled boolean
    enabled bool
    enabled Boolean

    ClusterAddonsConfigGcpFilestoreCsiDriverConfig, ClusterAddonsConfigGcpFilestoreCsiDriverConfigArgs

    Enabled bool
    Enabled bool
    enabled Boolean
    enabled boolean
    enabled bool
    enabled Boolean

    ClusterAddonsConfigGcsFuseCsiDriverConfig, ClusterAddonsConfigGcsFuseCsiDriverConfigArgs

    Enabled bool
    Enabled bool
    enabled Boolean
    enabled boolean
    enabled bool
    enabled Boolean

    ClusterAddonsConfigGkeBackupAgentConfig, ClusterAddonsConfigGkeBackupAgentConfigArgs

    Enabled bool
    Enabled bool
    enabled Boolean
    enabled boolean
    enabled bool
    enabled Boolean

    ClusterAddonsConfigHorizontalPodAutoscaling, ClusterAddonsConfigHorizontalPodAutoscalingArgs

    Disabled bool

    Whether the cluster disables default in-node sNAT rules. In-node sNAT rules will be disabled when defaultSnatStatus is disabled.When disabled is set to false, default IP masquerade rules will be applied to the nodes to prevent sNAT on cluster internal traffic

    The cluster_telemetry block supports

    Disabled bool

    Whether the cluster disables default in-node sNAT rules. In-node sNAT rules will be disabled when defaultSnatStatus is disabled.When disabled is set to false, default IP masquerade rules will be applied to the nodes to prevent sNAT on cluster internal traffic

    The cluster_telemetry block supports

    disabled Boolean

    Whether the cluster disables default in-node sNAT rules. In-node sNAT rules will be disabled when defaultSnatStatus is disabled.When disabled is set to false, default IP masquerade rules will be applied to the nodes to prevent sNAT on cluster internal traffic

    The cluster_telemetry block supports

    disabled boolean

    Whether the cluster disables default in-node sNAT rules. In-node sNAT rules will be disabled when defaultSnatStatus is disabled.When disabled is set to false, default IP masquerade rules will be applied to the nodes to prevent sNAT on cluster internal traffic

    The cluster_telemetry block supports

    disabled bool

    Whether the cluster disables default in-node sNAT rules. In-node sNAT rules will be disabled when defaultSnatStatus is disabled.When disabled is set to false, default IP masquerade rules will be applied to the nodes to prevent sNAT on cluster internal traffic

    The cluster_telemetry block supports

    disabled Boolean

    Whether the cluster disables default in-node sNAT rules. In-node sNAT rules will be disabled when defaultSnatStatus is disabled.When disabled is set to false, default IP masquerade rules will be applied to the nodes to prevent sNAT on cluster internal traffic

    The cluster_telemetry block supports

    ClusterAddonsConfigHttpLoadBalancing, ClusterAddonsConfigHttpLoadBalancingArgs

    Disabled bool

    Whether the cluster disables default in-node sNAT rules. In-node sNAT rules will be disabled when defaultSnatStatus is disabled.When disabled is set to false, default IP masquerade rules will be applied to the nodes to prevent sNAT on cluster internal traffic

    The cluster_telemetry block supports

    Disabled bool

    Whether the cluster disables default in-node sNAT rules. In-node sNAT rules will be disabled when defaultSnatStatus is disabled.When disabled is set to false, default IP masquerade rules will be applied to the nodes to prevent sNAT on cluster internal traffic

    The cluster_telemetry block supports

    disabled Boolean

    Whether the cluster disables default in-node sNAT rules. In-node sNAT rules will be disabled when defaultSnatStatus is disabled.When disabled is set to false, default IP masquerade rules will be applied to the nodes to prevent sNAT on cluster internal traffic

    The cluster_telemetry block supports

    disabled boolean

    Whether the cluster disables default in-node sNAT rules. In-node sNAT rules will be disabled when defaultSnatStatus is disabled.When disabled is set to false, default IP masquerade rules will be applied to the nodes to prevent sNAT on cluster internal traffic

    The cluster_telemetry block supports

    disabled bool

    Whether the cluster disables default in-node sNAT rules. In-node sNAT rules will be disabled when defaultSnatStatus is disabled.When disabled is set to false, default IP masquerade rules will be applied to the nodes to prevent sNAT on cluster internal traffic

    The cluster_telemetry block supports

    disabled Boolean

    Whether the cluster disables default in-node sNAT rules. In-node sNAT rules will be disabled when defaultSnatStatus is disabled.When disabled is set to false, default IP masquerade rules will be applied to the nodes to prevent sNAT on cluster internal traffic

    The cluster_telemetry block supports

    ClusterAddonsConfigIstioConfig, ClusterAddonsConfigIstioConfigArgs

    Disabled bool
    The status of the Istio addon, which makes it easy to set up Istio for services in a cluster. It is disabled by default. Set disabled = false to enable.
    Auth string
    The authentication type between services in Istio. Available options include AUTH_MUTUAL_TLS.
    Disabled bool
    The status of the Istio addon, which makes it easy to set up Istio for services in a cluster. It is disabled by default. Set disabled = false to enable.
    Auth string
    The authentication type between services in Istio. Available options include AUTH_MUTUAL_TLS.
    disabled Boolean
    The status of the Istio addon, which makes it easy to set up Istio for services in a cluster. It is disabled by default. Set disabled = false to enable.
    auth String
    The authentication type between services in Istio. Available options include AUTH_MUTUAL_TLS.
    disabled boolean
    The status of the Istio addon, which makes it easy to set up Istio for services in a cluster. It is disabled by default. Set disabled = false to enable.
    auth string
    The authentication type between services in Istio. Available options include AUTH_MUTUAL_TLS.
    disabled bool
    The status of the Istio addon, which makes it easy to set up Istio for services in a cluster. It is disabled by default. Set disabled = false to enable.
    auth str
    The authentication type between services in Istio. Available options include AUTH_MUTUAL_TLS.
    disabled Boolean
    The status of the Istio addon, which makes it easy to set up Istio for services in a cluster. It is disabled by default. Set disabled = false to enable.
    auth String
    The authentication type between services in Istio. Available options include AUTH_MUTUAL_TLS.

    ClusterAddonsConfigKalmConfig, ClusterAddonsConfigKalmConfigArgs

    Enabled bool
    Enabled bool
    enabled Boolean
    enabled boolean
    enabled bool
    enabled Boolean

    ClusterAddonsConfigNetworkPolicyConfig, ClusterAddonsConfigNetworkPolicyConfigArgs

    Disabled bool

    Whether the cluster disables default in-node sNAT rules. In-node sNAT rules will be disabled when defaultSnatStatus is disabled.When disabled is set to false, default IP masquerade rules will be applied to the nodes to prevent sNAT on cluster internal traffic

    The cluster_telemetry block supports

    Disabled bool

    Whether the cluster disables default in-node sNAT rules. In-node sNAT rules will be disabled when defaultSnatStatus is disabled.When disabled is set to false, default IP masquerade rules will be applied to the nodes to prevent sNAT on cluster internal traffic

    The cluster_telemetry block supports

    disabled Boolean

    Whether the cluster disables default in-node sNAT rules. In-node sNAT rules will be disabled when defaultSnatStatus is disabled.When disabled is set to false, default IP masquerade rules will be applied to the nodes to prevent sNAT on cluster internal traffic

    The cluster_telemetry block supports

    disabled boolean

    Whether the cluster disables default in-node sNAT rules. In-node sNAT rules will be disabled when defaultSnatStatus is disabled.When disabled is set to false, default IP masquerade rules will be applied to the nodes to prevent sNAT on cluster internal traffic

    The cluster_telemetry block supports

    disabled bool

    Whether the cluster disables default in-node sNAT rules. In-node sNAT rules will be disabled when defaultSnatStatus is disabled.When disabled is set to false, default IP masquerade rules will be applied to the nodes to prevent sNAT on cluster internal traffic

    The cluster_telemetry block supports

    disabled Boolean

    Whether the cluster disables default in-node sNAT rules. In-node sNAT rules will be disabled when defaultSnatStatus is disabled.When disabled is set to false, default IP masquerade rules will be applied to the nodes to prevent sNAT on cluster internal traffic

    The cluster_telemetry block supports

    ClusterAddonsConfigParallelstoreCsiDriverConfig, ClusterAddonsConfigParallelstoreCsiDriverConfigArgs

    Enabled bool
    Enabled bool
    enabled Boolean
    enabled boolean
    enabled bool
    enabled Boolean

    ClusterAddonsConfigRayOperatorConfig, ClusterAddonsConfigRayOperatorConfigArgs

    Enabled bool
    RayClusterLoggingConfig ClusterAddonsConfigRayOperatorConfigRayClusterLoggingConfig
    The status of Ray Logging, which scrapes Ray cluster logs to Cloud Logging. Defaults to disabled; set enabled = true to enable.
    RayClusterMonitoringConfig ClusterAddonsConfigRayOperatorConfigRayClusterMonitoringConfig
    The status of Ray Cluster monitoring, which shows Ray cluster metrics in Cloud Console. Defaults to disabled; set enabled = true to enable.
    Enabled bool
    RayClusterLoggingConfig ClusterAddonsConfigRayOperatorConfigRayClusterLoggingConfig
    The status of Ray Logging, which scrapes Ray cluster logs to Cloud Logging. Defaults to disabled; set enabled = true to enable.
    RayClusterMonitoringConfig ClusterAddonsConfigRayOperatorConfigRayClusterMonitoringConfig
    The status of Ray Cluster monitoring, which shows Ray cluster metrics in Cloud Console. Defaults to disabled; set enabled = true to enable.
    enabled Boolean
    rayClusterLoggingConfig ClusterAddonsConfigRayOperatorConfigRayClusterLoggingConfig
    The status of Ray Logging, which scrapes Ray cluster logs to Cloud Logging. Defaults to disabled; set enabled = true to enable.
    rayClusterMonitoringConfig ClusterAddonsConfigRayOperatorConfigRayClusterMonitoringConfig
    The status of Ray Cluster monitoring, which shows Ray cluster metrics in Cloud Console. Defaults to disabled; set enabled = true to enable.
    enabled boolean
    rayClusterLoggingConfig ClusterAddonsConfigRayOperatorConfigRayClusterLoggingConfig
    The status of Ray Logging, which scrapes Ray cluster logs to Cloud Logging. Defaults to disabled; set enabled = true to enable.
    rayClusterMonitoringConfig ClusterAddonsConfigRayOperatorConfigRayClusterMonitoringConfig
    The status of Ray Cluster monitoring, which shows Ray cluster metrics in Cloud Console. Defaults to disabled; set enabled = true to enable.
    enabled bool
    ray_cluster_logging_config ClusterAddonsConfigRayOperatorConfigRayClusterLoggingConfig
    The status of Ray Logging, which scrapes Ray cluster logs to Cloud Logging. Defaults to disabled; set enabled = true to enable.
    ray_cluster_monitoring_config ClusterAddonsConfigRayOperatorConfigRayClusterMonitoringConfig
    The status of Ray Cluster monitoring, which shows Ray cluster metrics in Cloud Console. Defaults to disabled; set enabled = true to enable.
    enabled Boolean
    rayClusterLoggingConfig Property Map
    The status of Ray Logging, which scrapes Ray cluster logs to Cloud Logging. Defaults to disabled; set enabled = true to enable.
    rayClusterMonitoringConfig Property Map
    The status of Ray Cluster monitoring, which shows Ray cluster metrics in Cloud Console. Defaults to disabled; set enabled = true to enable.

    ClusterAddonsConfigRayOperatorConfigRayClusterLoggingConfig, ClusterAddonsConfigRayOperatorConfigRayClusterLoggingConfigArgs

    Enabled bool
    Enabled bool
    enabled Boolean
    enabled boolean
    enabled bool
    enabled Boolean

    ClusterAddonsConfigRayOperatorConfigRayClusterMonitoringConfig, ClusterAddonsConfigRayOperatorConfigRayClusterMonitoringConfigArgs

    Enabled bool
    Enabled bool
    enabled Boolean
    enabled boolean
    enabled bool
    enabled Boolean

    ClusterAddonsConfigStatefulHaConfig, ClusterAddonsConfigStatefulHaConfigArgs

    Enabled bool
    Enabled bool
    enabled Boolean
    enabled boolean
    enabled bool
    enabled Boolean

    ClusterAuthenticatorGroupsConfig, ClusterAuthenticatorGroupsConfigArgs

    SecurityGroup string
    The name of the RBAC security group for use with Google security groups in Kubernetes RBAC. Group name must be in format gke-security-groups@yourdomain.com.
    SecurityGroup string
    The name of the RBAC security group for use with Google security groups in Kubernetes RBAC. Group name must be in format gke-security-groups@yourdomain.com.
    securityGroup String
    The name of the RBAC security group for use with Google security groups in Kubernetes RBAC. Group name must be in format gke-security-groups@yourdomain.com.
    securityGroup string
    The name of the RBAC security group for use with Google security groups in Kubernetes RBAC. Group name must be in format gke-security-groups@yourdomain.com.
    security_group str
    The name of the RBAC security group for use with Google security groups in Kubernetes RBAC. Group name must be in format gke-security-groups@yourdomain.com.
    securityGroup String
    The name of the RBAC security group for use with Google security groups in Kubernetes RBAC. Group name must be in format gke-security-groups@yourdomain.com.

    ClusterBinaryAuthorization, ClusterBinaryAuthorizationArgs

    Enabled bool
    Enable Binary Authorization for this cluster.

    Deprecated: Deprecated in favor of evaluation_mode.

    EvaluationMode string
    Mode of operation for Binary Authorization policy evaluation.
    Enabled bool
    Enable Binary Authorization for this cluster.

    Deprecated: Deprecated in favor of evaluation_mode.

    EvaluationMode string
    Mode of operation for Binary Authorization policy evaluation.
    enabled Boolean
    Enable Binary Authorization for this cluster.

    Deprecated: Deprecated in favor of evaluation_mode.

    evaluationMode String
    Mode of operation for Binary Authorization policy evaluation.
    enabled boolean
    Enable Binary Authorization for this cluster.

    Deprecated: Deprecated in favor of evaluation_mode.

    evaluationMode string
    Mode of operation for Binary Authorization policy evaluation.
    enabled bool
    Enable Binary Authorization for this cluster.

    Deprecated: Deprecated in favor of evaluation_mode.

    evaluation_mode str
    Mode of operation for Binary Authorization policy evaluation.
    enabled Boolean
    Enable Binary Authorization for this cluster.

    Deprecated: Deprecated in favor of evaluation_mode.

    evaluationMode String
    Mode of operation for Binary Authorization policy evaluation.

    ClusterClusterAutoscaling, ClusterClusterAutoscalingArgs

    AutoProvisioningDefaults ClusterClusterAutoscalingAutoProvisioningDefaults
    Contains defaults for a node pool created by NAP. A subset of fields also apply to GKE Autopilot clusters. Structure is documented below.
    AutoProvisioningLocations List<string>
    The list of Google Compute Engine zones in which the NodePool's nodes can be created by NAP.
    AutoscalingProfile string
    Configuration options for the Autoscaling profile feature, which lets you choose whether the cluster autoscaler should optimize for resource utilization or resource availability when deciding to remove nodes from a cluster. Can be BALANCED or OPTIMIZE_UTILIZATION. Defaults to BALANCED.
    Enabled bool
    Whether node auto-provisioning is enabled. Must be supplied for GKE Standard clusters, true is implied for autopilot clusters. Resource limits for cpu and memory must be defined to enable node auto-provisioning for GKE Standard.
    ResourceLimits List<ClusterClusterAutoscalingResourceLimit>
    Global constraints for machine resources in the cluster. Configuring the cpu and memory types is required if node auto-provisioning is enabled. These limits will apply to node pool autoscaling in addition to node auto-provisioning. Structure is documented below.
    AutoProvisioningDefaults ClusterClusterAutoscalingAutoProvisioningDefaults
    Contains defaults for a node pool created by NAP. A subset of fields also apply to GKE Autopilot clusters. Structure is documented below.
    AutoProvisioningLocations []string
    The list of Google Compute Engine zones in which the NodePool's nodes can be created by NAP.
    AutoscalingProfile string
    Configuration options for the Autoscaling profile feature, which lets you choose whether the cluster autoscaler should optimize for resource utilization or resource availability when deciding to remove nodes from a cluster. Can be BALANCED or OPTIMIZE_UTILIZATION. Defaults to BALANCED.
    Enabled bool
    Whether node auto-provisioning is enabled. Must be supplied for GKE Standard clusters, true is implied for autopilot clusters. Resource limits for cpu and memory must be defined to enable node auto-provisioning for GKE Standard.
    ResourceLimits []ClusterClusterAutoscalingResourceLimit
    Global constraints for machine resources in the cluster. Configuring the cpu and memory types is required if node auto-provisioning is enabled. These limits will apply to node pool autoscaling in addition to node auto-provisioning. Structure is documented below.
    autoProvisioningDefaults ClusterClusterAutoscalingAutoProvisioningDefaults
    Contains defaults for a node pool created by NAP. A subset of fields also apply to GKE Autopilot clusters. Structure is documented below.
    autoProvisioningLocations List<String>
    The list of Google Compute Engine zones in which the NodePool's nodes can be created by NAP.
    autoscalingProfile String
    Configuration options for the Autoscaling profile feature, which lets you choose whether the cluster autoscaler should optimize for resource utilization or resource availability when deciding to remove nodes from a cluster. Can be BALANCED or OPTIMIZE_UTILIZATION. Defaults to BALANCED.
    enabled Boolean
    Whether node auto-provisioning is enabled. Must be supplied for GKE Standard clusters, true is implied for autopilot clusters. Resource limits for cpu and memory must be defined to enable node auto-provisioning for GKE Standard.
    resourceLimits List<ClusterClusterAutoscalingResourceLimit>
    Global constraints for machine resources in the cluster. Configuring the cpu and memory types is required if node auto-provisioning is enabled. These limits will apply to node pool autoscaling in addition to node auto-provisioning. Structure is documented below.
    autoProvisioningDefaults ClusterClusterAutoscalingAutoProvisioningDefaults
    Contains defaults for a node pool created by NAP. A subset of fields also apply to GKE Autopilot clusters. Structure is documented below.
    autoProvisioningLocations string[]
    The list of Google Compute Engine zones in which the NodePool's nodes can be created by NAP.
    autoscalingProfile string
    Configuration options for the Autoscaling profile feature, which lets you choose whether the cluster autoscaler should optimize for resource utilization or resource availability when deciding to remove nodes from a cluster. Can be BALANCED or OPTIMIZE_UTILIZATION. Defaults to BALANCED.
    enabled boolean
    Whether node auto-provisioning is enabled. Must be supplied for GKE Standard clusters, true is implied for autopilot clusters. Resource limits for cpu and memory must be defined to enable node auto-provisioning for GKE Standard.
    resourceLimits ClusterClusterAutoscalingResourceLimit[]
    Global constraints for machine resources in the cluster. Configuring the cpu and memory types is required if node auto-provisioning is enabled. These limits will apply to node pool autoscaling in addition to node auto-provisioning. Structure is documented below.
    auto_provisioning_defaults ClusterClusterAutoscalingAutoProvisioningDefaults
    Contains defaults for a node pool created by NAP. A subset of fields also apply to GKE Autopilot clusters. Structure is documented below.
    auto_provisioning_locations Sequence[str]
    The list of Google Compute Engine zones in which the NodePool's nodes can be created by NAP.
    autoscaling_profile str
    Configuration options for the Autoscaling profile feature, which lets you choose whether the cluster autoscaler should optimize for resource utilization or resource availability when deciding to remove nodes from a cluster. Can be BALANCED or OPTIMIZE_UTILIZATION. Defaults to BALANCED.
    enabled bool
    Whether node auto-provisioning is enabled. Must be supplied for GKE Standard clusters, true is implied for autopilot clusters. Resource limits for cpu and memory must be defined to enable node auto-provisioning for GKE Standard.
    resource_limits Sequence[ClusterClusterAutoscalingResourceLimit]
    Global constraints for machine resources in the cluster. Configuring the cpu and memory types is required if node auto-provisioning is enabled. These limits will apply to node pool autoscaling in addition to node auto-provisioning. Structure is documented below.
    autoProvisioningDefaults Property Map
    Contains defaults for a node pool created by NAP. A subset of fields also apply to GKE Autopilot clusters. Structure is documented below.
    autoProvisioningLocations List<String>
    The list of Google Compute Engine zones in which the NodePool's nodes can be created by NAP.
    autoscalingProfile String
    Configuration options for the Autoscaling profile feature, which lets you choose whether the cluster autoscaler should optimize for resource utilization or resource availability when deciding to remove nodes from a cluster. Can be BALANCED or OPTIMIZE_UTILIZATION. Defaults to BALANCED.
    enabled Boolean
    Whether node auto-provisioning is enabled. Must be supplied for GKE Standard clusters, true is implied for autopilot clusters. Resource limits for cpu and memory must be defined to enable node auto-provisioning for GKE Standard.
    resourceLimits List<Property Map>
    Global constraints for machine resources in the cluster. Configuring the cpu and memory types is required if node auto-provisioning is enabled. These limits will apply to node pool autoscaling in addition to node auto-provisioning. Structure is documented below.

    ClusterClusterAutoscalingAutoProvisioningDefaults, ClusterClusterAutoscalingAutoProvisioningDefaultsArgs

    BootDiskKmsKey string
    The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool. This should be of the form projects/[KEY_PROJECT_ID]/locations/[LOCATION]/keyRings/[RING_NAME]/cryptoKeys/[KEY_NAME]. For more information about protecting resources with Cloud KMS Keys please see: https://cloud.google.com/compute/docs/disks/customer-managed-encryption
    DiskSize int
    Size of the disk attached to each node, specified in GB. The smallest allowed disk size is 10GB. Defaults to 100
    DiskType string
    Type of the disk attached to each node (e.g. 'pd-standard', 'pd-ssd' or 'pd-balanced'). Defaults to pd-standard
    ImageType string
    The default image type used by NAP once a new node pool is being created. Please note that according to the official documentation the value must be one of the [COS_CONTAINERD, COS, UBUNTU_CONTAINERD, UBUNTU]. NOTE : COS AND UBUNTU are deprecated as of GKE 1.24
    Management ClusterClusterAutoscalingAutoProvisioningDefaultsManagement
    NodeManagement configuration for this NodePool. Structure is documented below.
    MinCpuPlatform string
    Minimum CPU platform to be used for NAP created node pools. The instance may be scheduled on the specified or newer CPU platform. Applicable values are the friendly names of CPU platforms, such as "Intel Haswell" or "Intel Sandy Bridge".
    OauthScopes List<string>

    Scopes that are used by NAP and GKE Autopilot when creating node pools. Use the "https://www.googleapis.com/auth/cloud-platform" scope to grant access to all APIs. It is recommended that you set service_account to a non-default service account and grant IAM roles to that service account for only the resources that it needs.

    monitoring.write is always enabled regardless of user input. monitoring and logging.write may also be enabled depending on the values for monitoring_service and logging_service.

    ServiceAccount string
    The Google Cloud Platform Service Account to be used by the node VMs created by GKE Autopilot or NAP.
    ShieldedInstanceConfig ClusterClusterAutoscalingAutoProvisioningDefaultsShieldedInstanceConfig
    Shielded Instance options. Structure is documented below.
    UpgradeSettings ClusterClusterAutoscalingAutoProvisioningDefaultsUpgradeSettings
    Specifies the upgrade settings for NAP created node pools
    BootDiskKmsKey string
    The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool. This should be of the form projects/[KEY_PROJECT_ID]/locations/[LOCATION]/keyRings/[RING_NAME]/cryptoKeys/[KEY_NAME]. For more information about protecting resources with Cloud KMS Keys please see: https://cloud.google.com/compute/docs/disks/customer-managed-encryption
    DiskSize int
    Size of the disk attached to each node, specified in GB. The smallest allowed disk size is 10GB. Defaults to 100
    DiskType string
    Type of the disk attached to each node (e.g. 'pd-standard', 'pd-ssd' or 'pd-balanced'). Defaults to pd-standard
    ImageType string
    The default image type used by NAP once a new node pool is being created. Please note that according to the official documentation the value must be one of the [COS_CONTAINERD, COS, UBUNTU_CONTAINERD, UBUNTU]. NOTE : COS AND UBUNTU are deprecated as of GKE 1.24
    Management ClusterClusterAutoscalingAutoProvisioningDefaultsManagement
    NodeManagement configuration for this NodePool. Structure is documented below.
    MinCpuPlatform string
    Minimum CPU platform to be used for NAP created node pools. The instance may be scheduled on the specified or newer CPU platform. Applicable values are the friendly names of CPU platforms, such as "Intel Haswell" or "Intel Sandy Bridge".
    OauthScopes []string

    Scopes that are used by NAP and GKE Autopilot when creating node pools. Use the "https://www.googleapis.com/auth/cloud-platform" scope to grant access to all APIs. It is recommended that you set service_account to a non-default service account and grant IAM roles to that service account for only the resources that it needs.

    monitoring.write is always enabled regardless of user input. monitoring and logging.write may also be enabled depending on the values for monitoring_service and logging_service.

    ServiceAccount string
    The Google Cloud Platform Service Account to be used by the node VMs created by GKE Autopilot or NAP.
    ShieldedInstanceConfig ClusterClusterAutoscalingAutoProvisioningDefaultsShieldedInstanceConfig
    Shielded Instance options. Structure is documented below.
    UpgradeSettings ClusterClusterAutoscalingAutoProvisioningDefaultsUpgradeSettings
    Specifies the upgrade settings for NAP created node pools
    bootDiskKmsKey String
    The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool. This should be of the form projects/[KEY_PROJECT_ID]/locations/[LOCATION]/keyRings/[RING_NAME]/cryptoKeys/[KEY_NAME]. For more information about protecting resources with Cloud KMS Keys please see: https://cloud.google.com/compute/docs/disks/customer-managed-encryption
    diskSize Integer
    Size of the disk attached to each node, specified in GB. The smallest allowed disk size is 10GB. Defaults to 100
    diskType String
    Type of the disk attached to each node (e.g. 'pd-standard', 'pd-ssd' or 'pd-balanced'). Defaults to pd-standard
    imageType String
    The default image type used by NAP once a new node pool is being created. Please note that according to the official documentation the value must be one of the [COS_CONTAINERD, COS, UBUNTU_CONTAINERD, UBUNTU]. NOTE : COS AND UBUNTU are deprecated as of GKE 1.24
    management ClusterClusterAutoscalingAutoProvisioningDefaultsManagement
    NodeManagement configuration for this NodePool. Structure is documented below.
    minCpuPlatform String
    Minimum CPU platform to be used for NAP created node pools. The instance may be scheduled on the specified or newer CPU platform. Applicable values are the friendly names of CPU platforms, such as "Intel Haswell" or "Intel Sandy Bridge".
    oauthScopes List<String>

    Scopes that are used by NAP and GKE Autopilot when creating node pools. Use the "https://www.googleapis.com/auth/cloud-platform" scope to grant access to all APIs. It is recommended that you set service_account to a non-default service account and grant IAM roles to that service account for only the resources that it needs.

    monitoring.write is always enabled regardless of user input. monitoring and logging.write may also be enabled depending on the values for monitoring_service and logging_service.

    serviceAccount String
    The Google Cloud Platform Service Account to be used by the node VMs created by GKE Autopilot or NAP.
    shieldedInstanceConfig ClusterClusterAutoscalingAutoProvisioningDefaultsShieldedInstanceConfig
    Shielded Instance options. Structure is documented below.
    upgradeSettings ClusterClusterAutoscalingAutoProvisioningDefaultsUpgradeSettings
    Specifies the upgrade settings for NAP created node pools
    bootDiskKmsKey string
    The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool. This should be of the form projects/[KEY_PROJECT_ID]/locations/[LOCATION]/keyRings/[RING_NAME]/cryptoKeys/[KEY_NAME]. For more information about protecting resources with Cloud KMS Keys please see: https://cloud.google.com/compute/docs/disks/customer-managed-encryption
    diskSize number
    Size of the disk attached to each node, specified in GB. The smallest allowed disk size is 10GB. Defaults to 100
    diskType string
    Type of the disk attached to each node (e.g. 'pd-standard', 'pd-ssd' or 'pd-balanced'). Defaults to pd-standard
    imageType string
    The default image type used by NAP once a new node pool is being created. Please note that according to the official documentation the value must be one of the [COS_CONTAINERD, COS, UBUNTU_CONTAINERD, UBUNTU]. NOTE : COS AND UBUNTU are deprecated as of GKE 1.24
    management ClusterClusterAutoscalingAutoProvisioningDefaultsManagement
    NodeManagement configuration for this NodePool. Structure is documented below.
    minCpuPlatform string
    Minimum CPU platform to be used for NAP created node pools. The instance may be scheduled on the specified or newer CPU platform. Applicable values are the friendly names of CPU platforms, such as "Intel Haswell" or "Intel Sandy Bridge".
    oauthScopes string[]

    Scopes that are used by NAP and GKE Autopilot when creating node pools. Use the "https://www.googleapis.com/auth/cloud-platform" scope to grant access to all APIs. It is recommended that you set service_account to a non-default service account and grant IAM roles to that service account for only the resources that it needs.

    monitoring.write is always enabled regardless of user input. monitoring and logging.write may also be enabled depending on the values for monitoring_service and logging_service.

    serviceAccount string
    The Google Cloud Platform Service Account to be used by the node VMs created by GKE Autopilot or NAP.
    shieldedInstanceConfig ClusterClusterAutoscalingAutoProvisioningDefaultsShieldedInstanceConfig
    Shielded Instance options. Structure is documented below.
    upgradeSettings ClusterClusterAutoscalingAutoProvisioningDefaultsUpgradeSettings
    Specifies the upgrade settings for NAP created node pools
    boot_disk_kms_key str
    The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool. This should be of the form projects/[KEY_PROJECT_ID]/locations/[LOCATION]/keyRings/[RING_NAME]/cryptoKeys/[KEY_NAME]. For more information about protecting resources with Cloud KMS Keys please see: https://cloud.google.com/compute/docs/disks/customer-managed-encryption
    disk_size int
    Size of the disk attached to each node, specified in GB. The smallest allowed disk size is 10GB. Defaults to 100
    disk_type str
    Type of the disk attached to each node (e.g. 'pd-standard', 'pd-ssd' or 'pd-balanced'). Defaults to pd-standard
    image_type str
    The default image type used by NAP once a new node pool is being created. Please note that according to the official documentation the value must be one of the [COS_CONTAINERD, COS, UBUNTU_CONTAINERD, UBUNTU]. NOTE : COS AND UBUNTU are deprecated as of GKE 1.24
    management ClusterClusterAutoscalingAutoProvisioningDefaultsManagement
    NodeManagement configuration for this NodePool. Structure is documented below.
    min_cpu_platform str
    Minimum CPU platform to be used for NAP created node pools. The instance may be scheduled on the specified or newer CPU platform. Applicable values are the friendly names of CPU platforms, such as "Intel Haswell" or "Intel Sandy Bridge".
    oauth_scopes Sequence[str]

    Scopes that are used by NAP and GKE Autopilot when creating node pools. Use the "https://www.googleapis.com/auth/cloud-platform" scope to grant access to all APIs. It is recommended that you set service_account to a non-default service account and grant IAM roles to that service account for only the resources that it needs.

    monitoring.write is always enabled regardless of user input. monitoring and logging.write may also be enabled depending on the values for monitoring_service and logging_service.

    service_account str
    The Google Cloud Platform Service Account to be used by the node VMs created by GKE Autopilot or NAP.
    shielded_instance_config ClusterClusterAutoscalingAutoProvisioningDefaultsShieldedInstanceConfig
    Shielded Instance options. Structure is documented below.
    upgrade_settings ClusterClusterAutoscalingAutoProvisioningDefaultsUpgradeSettings
    Specifies the upgrade settings for NAP created node pools
    bootDiskKmsKey String
    The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool. This should be of the form projects/[KEY_PROJECT_ID]/locations/[LOCATION]/keyRings/[RING_NAME]/cryptoKeys/[KEY_NAME]. For more information about protecting resources with Cloud KMS Keys please see: https://cloud.google.com/compute/docs/disks/customer-managed-encryption
    diskSize Number
    Size of the disk attached to each node, specified in GB. The smallest allowed disk size is 10GB. Defaults to 100
    diskType String
    Type of the disk attached to each node (e.g. 'pd-standard', 'pd-ssd' or 'pd-balanced'). Defaults to pd-standard
    imageType String
    The default image type used by NAP once a new node pool is being created. Please note that according to the official documentation the value must be one of the [COS_CONTAINERD, COS, UBUNTU_CONTAINERD, UBUNTU]. NOTE : COS AND UBUNTU are deprecated as of GKE 1.24
    management Property Map
    NodeManagement configuration for this NodePool. Structure is documented below.
    minCpuPlatform String
    Minimum CPU platform to be used for NAP created node pools. The instance may be scheduled on the specified or newer CPU platform. Applicable values are the friendly names of CPU platforms, such as "Intel Haswell" or "Intel Sandy Bridge".
    oauthScopes List<String>

    Scopes that are used by NAP and GKE Autopilot when creating node pools. Use the "https://www.googleapis.com/auth/cloud-platform" scope to grant access to all APIs. It is recommended that you set service_account to a non-default service account and grant IAM roles to that service account for only the resources that it needs.

    monitoring.write is always enabled regardless of user input. monitoring and logging.write may also be enabled depending on the values for monitoring_service and logging_service.

    serviceAccount String
    The Google Cloud Platform Service Account to be used by the node VMs created by GKE Autopilot or NAP.
    shieldedInstanceConfig Property Map
    Shielded Instance options. Structure is documented below.
    upgradeSettings Property Map
    Specifies the upgrade settings for NAP created node pools

    ClusterClusterAutoscalingAutoProvisioningDefaultsManagement, ClusterClusterAutoscalingAutoProvisioningDefaultsManagementArgs

    AutoRepair bool

    Specifies whether the node auto-repair is enabled for the node pool. If enabled, the nodes in this node pool will be monitored and, if they fail health checks too many times, an automatic repair action will be triggered.

    This block also contains several computed attributes, documented below.

    AutoUpgrade bool
    Specifies whether node auto-upgrade is enabled for the node pool. If enabled, node auto-upgrade helps keep the nodes in your node pool up to date with the latest release version of Kubernetes.
    UpgradeOptions List<ClusterClusterAutoscalingAutoProvisioningDefaultsManagementUpgradeOption>
    Specifies the Auto Upgrade knobs for the node pool.
    AutoRepair bool

    Specifies whether the node auto-repair is enabled for the node pool. If enabled, the nodes in this node pool will be monitored and, if they fail health checks too many times, an automatic repair action will be triggered.

    This block also contains several computed attributes, documented below.

    AutoUpgrade bool
    Specifies whether node auto-upgrade is enabled for the node pool. If enabled, node auto-upgrade helps keep the nodes in your node pool up to date with the latest release version of Kubernetes.
    UpgradeOptions []ClusterClusterAutoscalingAutoProvisioningDefaultsManagementUpgradeOption
    Specifies the Auto Upgrade knobs for the node pool.
    autoRepair Boolean

    Specifies whether the node auto-repair is enabled for the node pool. If enabled, the nodes in this node pool will be monitored and, if they fail health checks too many times, an automatic repair action will be triggered.

    This block also contains several computed attributes, documented below.

    autoUpgrade Boolean
    Specifies whether node auto-upgrade is enabled for the node pool. If enabled, node auto-upgrade helps keep the nodes in your node pool up to date with the latest release version of Kubernetes.
    upgradeOptions List<ClusterClusterAutoscalingAutoProvisioningDefaultsManagementUpgradeOption>
    Specifies the Auto Upgrade knobs for the node pool.
    autoRepair boolean

    Specifies whether the node auto-repair is enabled for the node pool. If enabled, the nodes in this node pool will be monitored and, if they fail health checks too many times, an automatic repair action will be triggered.

    This block also contains several computed attributes, documented below.

    autoUpgrade boolean
    Specifies whether node auto-upgrade is enabled for the node pool. If enabled, node auto-upgrade helps keep the nodes in your node pool up to date with the latest release version of Kubernetes.
    upgradeOptions ClusterClusterAutoscalingAutoProvisioningDefaultsManagementUpgradeOption[]
    Specifies the Auto Upgrade knobs for the node pool.
    auto_repair bool

    Specifies whether the node auto-repair is enabled for the node pool. If enabled, the nodes in this node pool will be monitored and, if they fail health checks too many times, an automatic repair action will be triggered.

    This block also contains several computed attributes, documented below.

    auto_upgrade bool
    Specifies whether node auto-upgrade is enabled for the node pool. If enabled, node auto-upgrade helps keep the nodes in your node pool up to date with the latest release version of Kubernetes.
    upgrade_options Sequence[ClusterClusterAutoscalingAutoProvisioningDefaultsManagementUpgradeOption]
    Specifies the Auto Upgrade knobs for the node pool.
    autoRepair Boolean

    Specifies whether the node auto-repair is enabled for the node pool. If enabled, the nodes in this node pool will be monitored and, if they fail health checks too many times, an automatic repair action will be triggered.

    This block also contains several computed attributes, documented below.

    autoUpgrade Boolean
    Specifies whether node auto-upgrade is enabled for the node pool. If enabled, node auto-upgrade helps keep the nodes in your node pool up to date with the latest release version of Kubernetes.
    upgradeOptions List<Property Map>
    Specifies the Auto Upgrade knobs for the node pool.

    ClusterClusterAutoscalingAutoProvisioningDefaultsManagementUpgradeOption, ClusterClusterAutoscalingAutoProvisioningDefaultsManagementUpgradeOptionArgs

    AutoUpgradeStartTime string
    This field is set when upgrades are about to commence with the approximate start time for the upgrades, in RFC3339 text format.
    Description string
    Description of the cluster.
    AutoUpgradeStartTime string
    This field is set when upgrades are about to commence with the approximate start time for the upgrades, in RFC3339 text format.
    Description string
    Description of the cluster.
    autoUpgradeStartTime String
    This field is set when upgrades are about to commence with the approximate start time for the upgrades, in RFC3339 text format.
    description String
    Description of the cluster.
    autoUpgradeStartTime string
    This field is set when upgrades are about to commence with the approximate start time for the upgrades, in RFC3339 text format.
    description string
    Description of the cluster.
    auto_upgrade_start_time str
    This field is set when upgrades are about to commence with the approximate start time for the upgrades, in RFC3339 text format.
    description str
    Description of the cluster.
    autoUpgradeStartTime String
    This field is set when upgrades are about to commence with the approximate start time for the upgrades, in RFC3339 text format.
    description String
    Description of the cluster.

    ClusterClusterAutoscalingAutoProvisioningDefaultsShieldedInstanceConfig, ClusterClusterAutoscalingAutoProvisioningDefaultsShieldedInstanceConfigArgs

    EnableIntegrityMonitoring bool

    Defines if the instance has integrity monitoring enabled.

    Enables monitoring and attestation of the boot integrity of the instance. The attestation is performed against the integrity policy baseline. This baseline is initially derived from the implicitly trusted boot image when the instance is created. Defaults to true.

    EnableSecureBoot bool

    Defines if the instance has Secure Boot enabled.

    Secure Boot helps ensure that the system only runs authentic software by verifying the digital signature of all boot components, and halting the boot process if signature verification fails. Defaults to false.

    EnableIntegrityMonitoring bool

    Defines if the instance has integrity monitoring enabled.

    Enables monitoring and attestation of the boot integrity of the instance. The attestation is performed against the integrity policy baseline. This baseline is initially derived from the implicitly trusted boot image when the instance is created. Defaults to true.

    EnableSecureBoot bool

    Defines if the instance has Secure Boot enabled.

    Secure Boot helps ensure that the system only runs authentic software by verifying the digital signature of all boot components, and halting the boot process if signature verification fails. Defaults to false.

    enableIntegrityMonitoring Boolean

    Defines if the instance has integrity monitoring enabled.

    Enables monitoring and attestation of the boot integrity of the instance. The attestation is performed against the integrity policy baseline. This baseline is initially derived from the implicitly trusted boot image when the instance is created. Defaults to true.

    enableSecureBoot Boolean

    Defines if the instance has Secure Boot enabled.

    Secure Boot helps ensure that the system only runs authentic software by verifying the digital signature of all boot components, and halting the boot process if signature verification fails. Defaults to false.

    enableIntegrityMonitoring boolean

    Defines if the instance has integrity monitoring enabled.

    Enables monitoring and attestation of the boot integrity of the instance. The attestation is performed against the integrity policy baseline. This baseline is initially derived from the implicitly trusted boot image when the instance is created. Defaults to true.

    enableSecureBoot boolean

    Defines if the instance has Secure Boot enabled.

    Secure Boot helps ensure that the system only runs authentic software by verifying the digital signature of all boot components, and halting the boot process if signature verification fails. Defaults to false.

    enable_integrity_monitoring bool

    Defines if the instance has integrity monitoring enabled.

    Enables monitoring and attestation of the boot integrity of the instance. The attestation is performed against the integrity policy baseline. This baseline is initially derived from the implicitly trusted boot image when the instance is created. Defaults to true.

    enable_secure_boot bool

    Defines if the instance has Secure Boot enabled.

    Secure Boot helps ensure that the system only runs authentic software by verifying the digital signature of all boot components, and halting the boot process if signature verification fails. Defaults to false.

    enableIntegrityMonitoring Boolean

    Defines if the instance has integrity monitoring enabled.

    Enables monitoring and attestation of the boot integrity of the instance. The attestation is performed against the integrity policy baseline. This baseline is initially derived from the implicitly trusted boot image when the instance is created. Defaults to true.

    enableSecureBoot Boolean

    Defines if the instance has Secure Boot enabled.

    Secure Boot helps ensure that the system only runs authentic software by verifying the digital signature of all boot components, and halting the boot process if signature verification fails. Defaults to false.

    ClusterClusterAutoscalingAutoProvisioningDefaultsUpgradeSettings, ClusterClusterAutoscalingAutoProvisioningDefaultsUpgradeSettingsArgs

    BlueGreenSettings ClusterClusterAutoscalingAutoProvisioningDefaultsUpgradeSettingsBlueGreenSettings
    Settings for blue-green upgrade strategy. To be specified when strategy is set to BLUE_GREEN. Structure is documented below.
    MaxSurge int
    The maximum number of nodes that can be created beyond the current size of the node pool during the upgrade process. To be used when strategy is set to SURGE. Default is 0.
    MaxUnavailable int
    The maximum number of nodes that can be simultaneously unavailable during the upgrade process. To be used when strategy is set to SURGE. Default is 0.
    Strategy string
    Strategy used for node pool update. Strategy can only be one of BLUE_GREEN or SURGE. The default is value is SURGE.
    BlueGreenSettings ClusterClusterAutoscalingAutoProvisioningDefaultsUpgradeSettingsBlueGreenSettings
    Settings for blue-green upgrade strategy. To be specified when strategy is set to BLUE_GREEN. Structure is documented below.
    MaxSurge int
    The maximum number of nodes that can be created beyond the current size of the node pool during the upgrade process. To be used when strategy is set to SURGE. Default is 0.
    MaxUnavailable int
    The maximum number of nodes that can be simultaneously unavailable during the upgrade process. To be used when strategy is set to SURGE. Default is 0.
    Strategy string
    Strategy used for node pool update. Strategy can only be one of BLUE_GREEN or SURGE. The default is value is SURGE.
    blueGreenSettings ClusterClusterAutoscalingAutoProvisioningDefaultsUpgradeSettingsBlueGreenSettings
    Settings for blue-green upgrade strategy. To be specified when strategy is set to BLUE_GREEN. Structure is documented below.
    maxSurge Integer
    The maximum number of nodes that can be created beyond the current size of the node pool during the upgrade process. To be used when strategy is set to SURGE. Default is 0.
    maxUnavailable Integer
    The maximum number of nodes that can be simultaneously unavailable during the upgrade process. To be used when strategy is set to SURGE. Default is 0.
    strategy String
    Strategy used for node pool update. Strategy can only be one of BLUE_GREEN or SURGE. The default is value is SURGE.
    blueGreenSettings ClusterClusterAutoscalingAutoProvisioningDefaultsUpgradeSettingsBlueGreenSettings
    Settings for blue-green upgrade strategy. To be specified when strategy is set to BLUE_GREEN. Structure is documented below.
    maxSurge number
    The maximum number of nodes that can be created beyond the current size of the node pool during the upgrade process. To be used when strategy is set to SURGE. Default is 0.
    maxUnavailable number
    The maximum number of nodes that can be simultaneously unavailable during the upgrade process. To be used when strategy is set to SURGE. Default is 0.
    strategy string
    Strategy used for node pool update. Strategy can only be one of BLUE_GREEN or SURGE. The default is value is SURGE.
    blue_green_settings ClusterClusterAutoscalingAutoProvisioningDefaultsUpgradeSettingsBlueGreenSettings
    Settings for blue-green upgrade strategy. To be specified when strategy is set to BLUE_GREEN. Structure is documented below.
    max_surge int
    The maximum number of nodes that can be created beyond the current size of the node pool during the upgrade process. To be used when strategy is set to SURGE. Default is 0.
    max_unavailable int
    The maximum number of nodes that can be simultaneously unavailable during the upgrade process. To be used when strategy is set to SURGE. Default is 0.
    strategy str
    Strategy used for node pool update. Strategy can only be one of BLUE_GREEN or SURGE. The default is value is SURGE.
    blueGreenSettings Property Map
    Settings for blue-green upgrade strategy. To be specified when strategy is set to BLUE_GREEN. Structure is documented below.
    maxSurge Number
    The maximum number of nodes that can be created beyond the current size of the node pool during the upgrade process. To be used when strategy is set to SURGE. Default is 0.
    maxUnavailable Number
    The maximum number of nodes that can be simultaneously unavailable during the upgrade process. To be used when strategy is set to SURGE. Default is 0.
    strategy String
    Strategy used for node pool update. Strategy can only be one of BLUE_GREEN or SURGE. The default is value is SURGE.

    ClusterClusterAutoscalingAutoProvisioningDefaultsUpgradeSettingsBlueGreenSettings, ClusterClusterAutoscalingAutoProvisioningDefaultsUpgradeSettingsBlueGreenSettingsArgs

    NodePoolSoakDuration string
    Time needed after draining entire blue pool. After this period, blue pool will be cleaned up. A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s".
    StandardRolloutPolicy ClusterClusterAutoscalingAutoProvisioningDefaultsUpgradeSettingsBlueGreenSettingsStandardRolloutPolicy
    Standard policy for the blue-green upgrade. To be specified when strategy is set to BLUE_GREEN. Structure is documented below.
    NodePoolSoakDuration string
    Time needed after draining entire blue pool. After this period, blue pool will be cleaned up. A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s".
    StandardRolloutPolicy ClusterClusterAutoscalingAutoProvisioningDefaultsUpgradeSettingsBlueGreenSettingsStandardRolloutPolicy
    Standard policy for the blue-green upgrade. To be specified when strategy is set to BLUE_GREEN. Structure is documented below.
    nodePoolSoakDuration String
    Time needed after draining entire blue pool. After this period, blue pool will be cleaned up. A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s".
    standardRolloutPolicy ClusterClusterAutoscalingAutoProvisioningDefaultsUpgradeSettingsBlueGreenSettingsStandardRolloutPolicy
    Standard policy for the blue-green upgrade. To be specified when strategy is set to BLUE_GREEN. Structure is documented below.
    nodePoolSoakDuration string
    Time needed after draining entire blue pool. After this period, blue pool will be cleaned up. A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s".
    standardRolloutPolicy ClusterClusterAutoscalingAutoProvisioningDefaultsUpgradeSettingsBlueGreenSettingsStandardRolloutPolicy
    Standard policy for the blue-green upgrade. To be specified when strategy is set to BLUE_GREEN. Structure is documented below.
    node_pool_soak_duration str
    Time needed after draining entire blue pool. After this period, blue pool will be cleaned up. A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s".
    standard_rollout_policy ClusterClusterAutoscalingAutoProvisioningDefaultsUpgradeSettingsBlueGreenSettingsStandardRolloutPolicy
    Standard policy for the blue-green upgrade. To be specified when strategy is set to BLUE_GREEN. Structure is documented below.
    nodePoolSoakDuration String
    Time needed after draining entire blue pool. After this period, blue pool will be cleaned up. A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s".
    standardRolloutPolicy Property Map
    Standard policy for the blue-green upgrade. To be specified when strategy is set to BLUE_GREEN. Structure is documented below.

    ClusterClusterAutoscalingAutoProvisioningDefaultsUpgradeSettingsBlueGreenSettingsStandardRolloutPolicy, ClusterClusterAutoscalingAutoProvisioningDefaultsUpgradeSettingsBlueGreenSettingsStandardRolloutPolicyArgs

    BatchNodeCount int
    Number of blue nodes to drain in a batch. Only one of the batch_percentage or batch_node_count can be specified.
    BatchPercentage double
    Percentage of the bool pool nodes to drain in a batch. The range of this field should be (0.0, 1.0). Only one of the batch_percentage or batch_node_count can be specified.
    BatchSoakDuration string
    Soak time after each batch gets drained. A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s".`.
    BatchNodeCount int
    Number of blue nodes to drain in a batch. Only one of the batch_percentage or batch_node_count can be specified.
    BatchPercentage float64
    Percentage of the bool pool nodes to drain in a batch. The range of this field should be (0.0, 1.0). Only one of the batch_percentage or batch_node_count can be specified.
    BatchSoakDuration string
    Soak time after each batch gets drained. A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s".`.
    batchNodeCount Integer
    Number of blue nodes to drain in a batch. Only one of the batch_percentage or batch_node_count can be specified.
    batchPercentage Double
    Percentage of the bool pool nodes to drain in a batch. The range of this field should be (0.0, 1.0). Only one of the batch_percentage or batch_node_count can be specified.
    batchSoakDuration String
    Soak time after each batch gets drained. A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s".`.
    batchNodeCount number
    Number of blue nodes to drain in a batch. Only one of the batch_percentage or batch_node_count can be specified.
    batchPercentage number
    Percentage of the bool pool nodes to drain in a batch. The range of this field should be (0.0, 1.0). Only one of the batch_percentage or batch_node_count can be specified.
    batchSoakDuration string
    Soak time after each batch gets drained. A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s".`.
    batch_node_count int
    Number of blue nodes to drain in a batch. Only one of the batch_percentage or batch_node_count can be specified.
    batch_percentage float
    Percentage of the bool pool nodes to drain in a batch. The range of this field should be (0.0, 1.0). Only one of the batch_percentage or batch_node_count can be specified.
    batch_soak_duration str
    Soak time after each batch gets drained. A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s".`.
    batchNodeCount Number
    Number of blue nodes to drain in a batch. Only one of the batch_percentage or batch_node_count can be specified.
    batchPercentage Number
    Percentage of the bool pool nodes to drain in a batch. The range of this field should be (0.0, 1.0). Only one of the batch_percentage or batch_node_count can be specified.
    batchSoakDuration String
    Soak time after each batch gets drained. A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s".`.

    ClusterClusterAutoscalingResourceLimit, ClusterClusterAutoscalingResourceLimitArgs

    ResourceType string
    The type of the resource. For example, cpu and memory. See the guide to using Node Auto-Provisioning for a list of types.
    Maximum int
    Maximum amount of the resource in the cluster.
    Minimum int
    Minimum amount of the resource in the cluster.
    ResourceType string
    The type of the resource. For example, cpu and memory. See the guide to using Node Auto-Provisioning for a list of types.
    Maximum int
    Maximum amount of the resource in the cluster.
    Minimum int
    Minimum amount of the resource in the cluster.
    resourceType String
    The type of the resource. For example, cpu and memory. See the guide to using Node Auto-Provisioning for a list of types.
    maximum Integer
    Maximum amount of the resource in the cluster.
    minimum Integer
    Minimum amount of the resource in the cluster.
    resourceType string
    The type of the resource. For example, cpu and memory. See the guide to using Node Auto-Provisioning for a list of types.
    maximum number
    Maximum amount of the resource in the cluster.
    minimum number
    Minimum amount of the resource in the cluster.
    resource_type str
    The type of the resource. For example, cpu and memory. See the guide to using Node Auto-Provisioning for a list of types.
    maximum int
    Maximum amount of the resource in the cluster.
    minimum int
    Minimum amount of the resource in the cluster.
    resourceType String
    The type of the resource. For example, cpu and memory. See the guide to using Node Auto-Provisioning for a list of types.
    maximum Number
    Maximum amount of the resource in the cluster.
    minimum Number
    Minimum amount of the resource in the cluster.

    ClusterClusterTelemetry, ClusterClusterTelemetryArgs

    Type string
    Telemetry integration for the cluster. Supported values (ENABLED, DISABLED, SYSTEM_ONLY); SYSTEM_ONLY (Only system components are monitored and logged) is only available in GKE versions 1.15 and later.
    Type string
    Telemetry integration for the cluster. Supported values (ENABLED, DISABLED, SYSTEM_ONLY); SYSTEM_ONLY (Only system components are monitored and logged) is only available in GKE versions 1.15 and later.
    type String
    Telemetry integration for the cluster. Supported values (ENABLED, DISABLED, SYSTEM_ONLY); SYSTEM_ONLY (Only system components are monitored and logged) is only available in GKE versions 1.15 and later.
    type string
    Telemetry integration for the cluster. Supported values (ENABLED, DISABLED, SYSTEM_ONLY); SYSTEM_ONLY (Only system components are monitored and logged) is only available in GKE versions 1.15 and later.
    type str
    Telemetry integration for the cluster. Supported values (ENABLED, DISABLED, SYSTEM_ONLY); SYSTEM_ONLY (Only system components are monitored and logged) is only available in GKE versions 1.15 and later.
    type String
    Telemetry integration for the cluster. Supported values (ENABLED, DISABLED, SYSTEM_ONLY); SYSTEM_ONLY (Only system components are monitored and logged) is only available in GKE versions 1.15 and later.

    ClusterConfidentialNodes, ClusterConfidentialNodesArgs

    Enabled bool
    Enable Confidential GKE Nodes for this cluster, to enforce encryption of data in-use.
    Enabled bool
    Enable Confidential GKE Nodes for this cluster, to enforce encryption of data in-use.
    enabled Boolean
    Enable Confidential GKE Nodes for this cluster, to enforce encryption of data in-use.
    enabled boolean
    Enable Confidential GKE Nodes for this cluster, to enforce encryption of data in-use.
    enabled bool
    Enable Confidential GKE Nodes for this cluster, to enforce encryption of data in-use.
    enabled Boolean
    Enable Confidential GKE Nodes for this cluster, to enforce encryption of data in-use.

    ClusterControlPlaneEndpointsConfig, ClusterControlPlaneEndpointsConfigArgs

    dnsEndpointConfig Property Map
    DNS endpoint configuration.

    ClusterControlPlaneEndpointsConfigDnsEndpointConfig, ClusterControlPlaneEndpointsConfigDnsEndpointConfigArgs

    AllowExternalTraffic bool
    Controls whether user traffic is allowed over this endpoint. Note that GCP-managed services may still use the endpoint even if this is false.
    Endpoint string
    The cluster's DNS endpoint.
    AllowExternalTraffic bool
    Controls whether user traffic is allowed over this endpoint. Note that GCP-managed services may still use the endpoint even if this is false.
    Endpoint string
    The cluster's DNS endpoint.
    allowExternalTraffic Boolean
    Controls whether user traffic is allowed over this endpoint. Note that GCP-managed services may still use the endpoint even if this is false.
    endpoint String
    The cluster's DNS endpoint.
    allowExternalTraffic boolean
    Controls whether user traffic is allowed over this endpoint. Note that GCP-managed services may still use the endpoint even if this is false.
    endpoint string
    The cluster's DNS endpoint.
    allow_external_traffic bool
    Controls whether user traffic is allowed over this endpoint. Note that GCP-managed services may still use the endpoint even if this is false.
    endpoint str
    The cluster's DNS endpoint.
    allowExternalTraffic Boolean
    Controls whether user traffic is allowed over this endpoint. Note that GCP-managed services may still use the endpoint even if this is false.
    endpoint String
    The cluster's DNS endpoint.

    ClusterCostManagementConfig, ClusterCostManagementConfigArgs

    Enabled bool
    Whether to enable the cost allocation feature.
    Enabled bool
    Whether to enable the cost allocation feature.
    enabled Boolean
    Whether to enable the cost allocation feature.
    enabled boolean
    Whether to enable the cost allocation feature.
    enabled bool
    Whether to enable the cost allocation feature.
    enabled Boolean
    Whether to enable the cost allocation feature.

    ClusterDatabaseEncryption, ClusterDatabaseEncryptionArgs

    State string
    ENCRYPTED or DECRYPTED
    KeyName string

    the key to use to encrypt/decrypt secrets. See the DatabaseEncryption definition for more information.

    The enable_k8s_beta_apis block supports:

    State string
    ENCRYPTED or DECRYPTED
    KeyName string

    the key to use to encrypt/decrypt secrets. See the DatabaseEncryption definition for more information.

    The enable_k8s_beta_apis block supports:

    state String
    ENCRYPTED or DECRYPTED
    keyName String

    the key to use to encrypt/decrypt secrets. See the DatabaseEncryption definition for more information.

    The enable_k8s_beta_apis block supports:

    state string
    ENCRYPTED or DECRYPTED
    keyName string

    the key to use to encrypt/decrypt secrets. See the DatabaseEncryption definition for more information.

    The enable_k8s_beta_apis block supports:

    state str
    ENCRYPTED or DECRYPTED
    key_name str

    the key to use to encrypt/decrypt secrets. See the DatabaseEncryption definition for more information.

    The enable_k8s_beta_apis block supports:

    state String
    ENCRYPTED or DECRYPTED
    keyName String

    the key to use to encrypt/decrypt secrets. See the DatabaseEncryption definition for more information.

    The enable_k8s_beta_apis block supports:

    ClusterDefaultSnatStatus, ClusterDefaultSnatStatusArgs

    Disabled bool

    Whether the cluster disables default in-node sNAT rules. In-node sNAT rules will be disabled when defaultSnatStatus is disabled.When disabled is set to false, default IP masquerade rules will be applied to the nodes to prevent sNAT on cluster internal traffic

    The cluster_telemetry block supports

    Disabled bool

    Whether the cluster disables default in-node sNAT rules. In-node sNAT rules will be disabled when defaultSnatStatus is disabled.When disabled is set to false, default IP masquerade rules will be applied to the nodes to prevent sNAT on cluster internal traffic

    The cluster_telemetry block supports

    disabled Boolean

    Whether the cluster disables default in-node sNAT rules. In-node sNAT rules will be disabled when defaultSnatStatus is disabled.When disabled is set to false, default IP masquerade rules will be applied to the nodes to prevent sNAT on cluster internal traffic

    The cluster_telemetry block supports

    disabled boolean

    Whether the cluster disables default in-node sNAT rules. In-node sNAT rules will be disabled when defaultSnatStatus is disabled.When disabled is set to false, default IP masquerade rules will be applied to the nodes to prevent sNAT on cluster internal traffic

    The cluster_telemetry block supports

    disabled bool

    Whether the cluster disables default in-node sNAT rules. In-node sNAT rules will be disabled when defaultSnatStatus is disabled.When disabled is set to false, default IP masquerade rules will be applied to the nodes to prevent sNAT on cluster internal traffic

    The cluster_telemetry block supports

    disabled Boolean

    Whether the cluster disables default in-node sNAT rules. In-node sNAT rules will be disabled when defaultSnatStatus is disabled.When disabled is set to false, default IP masquerade rules will be applied to the nodes to prevent sNAT on cluster internal traffic

    The cluster_telemetry block supports

    ClusterDnsConfig, ClusterDnsConfigArgs

    AdditiveVpcScopeDnsDomain string
    This will enable Cloud DNS additive VPC scope. Must provide a domain name that is unique within the VPC. For this to work cluster_dns = "CLOUD_DNS" and cluster_dns_scope = "CLUSTER_SCOPE" must both be set as well.
    ClusterDns string
    Which in-cluster DNS provider should be used. PROVIDER_UNSPECIFIED (default) or PLATFORM_DEFAULT or CLOUD_DNS.
    ClusterDnsDomain string
    The suffix used for all cluster service records.
    ClusterDnsScope string
    The scope of access to cluster DNS records. DNS_SCOPE_UNSPECIFIED (default) or CLUSTER_SCOPE or VPC_SCOPE.
    AdditiveVpcScopeDnsDomain string
    This will enable Cloud DNS additive VPC scope. Must provide a domain name that is unique within the VPC. For this to work cluster_dns = "CLOUD_DNS" and cluster_dns_scope = "CLUSTER_SCOPE" must both be set as well.
    ClusterDns string
    Which in-cluster DNS provider should be used. PROVIDER_UNSPECIFIED (default) or PLATFORM_DEFAULT or CLOUD_DNS.
    ClusterDnsDomain string
    The suffix used for all cluster service records.
    ClusterDnsScope string
    The scope of access to cluster DNS records. DNS_SCOPE_UNSPECIFIED (default) or CLUSTER_SCOPE or VPC_SCOPE.
    additiveVpcScopeDnsDomain String
    This will enable Cloud DNS additive VPC scope. Must provide a domain name that is unique within the VPC. For this to work cluster_dns = "CLOUD_DNS" and cluster_dns_scope = "CLUSTER_SCOPE" must both be set as well.
    clusterDns String
    Which in-cluster DNS provider should be used. PROVIDER_UNSPECIFIED (default) or PLATFORM_DEFAULT or CLOUD_DNS.
    clusterDnsDomain String
    The suffix used for all cluster service records.
    clusterDnsScope String
    The scope of access to cluster DNS records. DNS_SCOPE_UNSPECIFIED (default) or CLUSTER_SCOPE or VPC_SCOPE.
    additiveVpcScopeDnsDomain string
    This will enable Cloud DNS additive VPC scope. Must provide a domain name that is unique within the VPC. For this to work cluster_dns = "CLOUD_DNS" and cluster_dns_scope = "CLUSTER_SCOPE" must both be set as well.
    clusterDns string
    Which in-cluster DNS provider should be used. PROVIDER_UNSPECIFIED (default) or PLATFORM_DEFAULT or CLOUD_DNS.
    clusterDnsDomain string
    The suffix used for all cluster service records.
    clusterDnsScope string
    The scope of access to cluster DNS records. DNS_SCOPE_UNSPECIFIED (default) or CLUSTER_SCOPE or VPC_SCOPE.
    additive_vpc_scope_dns_domain str
    This will enable Cloud DNS additive VPC scope. Must provide a domain name that is unique within the VPC. For this to work cluster_dns = "CLOUD_DNS" and cluster_dns_scope = "CLUSTER_SCOPE" must both be set as well.
    cluster_dns str
    Which in-cluster DNS provider should be used. PROVIDER_UNSPECIFIED (default) or PLATFORM_DEFAULT or CLOUD_DNS.
    cluster_dns_domain str
    The suffix used for all cluster service records.
    cluster_dns_scope str
    The scope of access to cluster DNS records. DNS_SCOPE_UNSPECIFIED (default) or CLUSTER_SCOPE or VPC_SCOPE.
    additiveVpcScopeDnsDomain String
    This will enable Cloud DNS additive VPC scope. Must provide a domain name that is unique within the VPC. For this to work cluster_dns = "CLOUD_DNS" and cluster_dns_scope = "CLUSTER_SCOPE" must both be set as well.
    clusterDns String
    Which in-cluster DNS provider should be used. PROVIDER_UNSPECIFIED (default) or PLATFORM_DEFAULT or CLOUD_DNS.
    clusterDnsDomain String
    The suffix used for all cluster service records.
    clusterDnsScope String
    The scope of access to cluster DNS records. DNS_SCOPE_UNSPECIFIED (default) or CLUSTER_SCOPE or VPC_SCOPE.

    ClusterEnableK8sBetaApis, ClusterEnableK8sBetaApisArgs

    EnabledApis List<string>
    Enabled Kubernetes Beta APIs.
    EnabledApis []string
    Enabled Kubernetes Beta APIs.
    enabledApis List<String>
    Enabled Kubernetes Beta APIs.
    enabledApis string[]
    Enabled Kubernetes Beta APIs.
    enabled_apis Sequence[str]
    Enabled Kubernetes Beta APIs.
    enabledApis List<String>
    Enabled Kubernetes Beta APIs.

    ClusterFleet, ClusterFleetArgs

    Membership string
    The resource name of the fleet Membership resource associated to this cluster with format //gkehub.googleapis.com/projects/{{project}}/locations/{{location}}/memberships/{{name}}. See the official doc for fleet management.
    MembershipId string
    The short name of the fleet membership, extracted from fleet.0.membership. You can use this field to configure membership_id under google_gkehub_feature_membership.
    MembershipLocation string
    The location of the fleet membership, extracted from fleet.0.membership. You can use this field to configure membership_location under google_gkehub_feature_membership.
    PreRegistered bool
    Whether the cluster has been registered via the fleet API.
    Project string
    The name of the Fleet host project where this cluster will be registered.
    Membership string
    The resource name of the fleet Membership resource associated to this cluster with format //gkehub.googleapis.com/projects/{{project}}/locations/{{location}}/memberships/{{name}}. See the official doc for fleet management.
    MembershipId string
    The short name of the fleet membership, extracted from fleet.0.membership. You can use this field to configure membership_id under google_gkehub_feature_membership.
    MembershipLocation string
    The location of the fleet membership, extracted from fleet.0.membership. You can use this field to configure membership_location under google_gkehub_feature_membership.
    PreRegistered bool
    Whether the cluster has been registered via the fleet API.
    Project string
    The name of the Fleet host project where this cluster will be registered.
    membership String
    The resource name of the fleet Membership resource associated to this cluster with format //gkehub.googleapis.com/projects/{{project}}/locations/{{location}}/memberships/{{name}}. See the official doc for fleet management.
    membershipId String
    The short name of the fleet membership, extracted from fleet.0.membership. You can use this field to configure membership_id under google_gkehub_feature_membership.
    membershipLocation String
    The location of the fleet membership, extracted from fleet.0.membership. You can use this field to configure membership_location under google_gkehub_feature_membership.
    preRegistered Boolean
    Whether the cluster has been registered via the fleet API.
    project String
    The name of the Fleet host project where this cluster will be registered.
    membership string
    The resource name of the fleet Membership resource associated to this cluster with format //gkehub.googleapis.com/projects/{{project}}/locations/{{location}}/memberships/{{name}}. See the official doc for fleet management.
    membershipId string
    The short name of the fleet membership, extracted from fleet.0.membership. You can use this field to configure membership_id under google_gkehub_feature_membership.
    membershipLocation string
    The location of the fleet membership, extracted from fleet.0.membership. You can use this field to configure membership_location under google_gkehub_feature_membership.
    preRegistered boolean
    Whether the cluster has been registered via the fleet API.
    project string
    The name of the Fleet host project where this cluster will be registered.
    membership str
    The resource name of the fleet Membership resource associated to this cluster with format //gkehub.googleapis.com/projects/{{project}}/locations/{{location}}/memberships/{{name}}. See the official doc for fleet management.
    membership_id str
    The short name of the fleet membership, extracted from fleet.0.membership. You can use this field to configure membership_id under google_gkehub_feature_membership.
    membership_location str
    The location of the fleet membership, extracted from fleet.0.membership. You can use this field to configure membership_location under google_gkehub_feature_membership.
    pre_registered bool
    Whether the cluster has been registered via the fleet API.
    project str
    The name of the Fleet host project where this cluster will be registered.
    membership String
    The resource name of the fleet Membership resource associated to this cluster with format //gkehub.googleapis.com/projects/{{project}}/locations/{{location}}/memberships/{{name}}. See the official doc for fleet management.
    membershipId String
    The short name of the fleet membership, extracted from fleet.0.membership. You can use this field to configure membership_id under google_gkehub_feature_membership.
    membershipLocation String
    The location of the fleet membership, extracted from fleet.0.membership. You can use this field to configure membership_location under google_gkehub_feature_membership.
    preRegistered Boolean
    Whether the cluster has been registered via the fleet API.
    project String
    The name of the Fleet host project where this cluster will be registered.

    ClusterGatewayApiConfig, ClusterGatewayApiConfigArgs

    Channel string
    Which Gateway Api channel should be used. CHANNEL_DISABLED, CHANNEL_EXPERIMENTAL or CHANNEL_STANDARD.
    Channel string
    Which Gateway Api channel should be used. CHANNEL_DISABLED, CHANNEL_EXPERIMENTAL or CHANNEL_STANDARD.
    channel String
    Which Gateway Api channel should be used. CHANNEL_DISABLED, CHANNEL_EXPERIMENTAL or CHANNEL_STANDARD.
    channel string
    Which Gateway Api channel should be used. CHANNEL_DISABLED, CHANNEL_EXPERIMENTAL or CHANNEL_STANDARD.
    channel str
    Which Gateway Api channel should be used. CHANNEL_DISABLED, CHANNEL_EXPERIMENTAL or CHANNEL_STANDARD.
    channel String
    Which Gateway Api channel should be used. CHANNEL_DISABLED, CHANNEL_EXPERIMENTAL or CHANNEL_STANDARD.

    ClusterIdentityServiceConfig, ClusterIdentityServiceConfigArgs

    Enabled bool
    Whether to enable the Identity Service component. It is disabled by default. Set enabled=true to enable.
    Enabled bool
    Whether to enable the Identity Service component. It is disabled by default. Set enabled=true to enable.
    enabled Boolean
    Whether to enable the Identity Service component. It is disabled by default. Set enabled=true to enable.
    enabled boolean
    Whether to enable the Identity Service component. It is disabled by default. Set enabled=true to enable.
    enabled bool
    Whether to enable the Identity Service component. It is disabled by default. Set enabled=true to enable.
    enabled Boolean
    Whether to enable the Identity Service component. It is disabled by default. Set enabled=true to enable.

    ClusterIpAllocationPolicy, ClusterIpAllocationPolicyArgs

    AdditionalPodRangesConfig ClusterIpAllocationPolicyAdditionalPodRangesConfig
    The configuration for additional pod secondary ranges at the cluster level. Used for Autopilot clusters and Standard clusters with which control of the secondary Pod IP address assignment to node pools isn't needed. Structure is documented below.
    ClusterIpv4CidrBlock string
    The IP address range for the cluster pod IPs. Set to blank to have a range chosen with the default size. Set to /netmask (e.g. /14) to have a range chosen with a specific netmask. Set to a CIDR notation (e.g. 10.96.0.0/14) from the RFC-1918 private networks (e.g. 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) to pick a specific range to use.
    ClusterSecondaryRangeName string
    The name of the existing secondary range in the cluster's subnetwork to use for pod IP addresses. Alternatively, cluster_ipv4_cidr_block can be used to automatically create a GKE-managed one.
    PodCidrOverprovisionConfig ClusterIpAllocationPolicyPodCidrOverprovisionConfig
    Configuration for cluster level pod cidr overprovision. Default is disabled=false.
    ServicesIpv4CidrBlock string
    The IP address range of the services IPs in this cluster. Set to blank to have a range chosen with the default size. Set to /netmask (e.g. /14) to have a range chosen with a specific netmask. Set to a CIDR notation (e.g. 10.96.0.0/14) from the RFC-1918 private networks (e.g. 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) to pick a specific range to use.
    ServicesSecondaryRangeName string
    The name of the existing secondary range in the cluster's subnetwork to use for service ClusterIPs. Alternatively, services_ipv4_cidr_block can be used to automatically create a GKE-managed one.
    StackType string
    The IP Stack Type of the cluster. Default value is IPV4. Possible values are IPV4 and IPV4_IPV6.
    AdditionalPodRangesConfig ClusterIpAllocationPolicyAdditionalPodRangesConfig
    The configuration for additional pod secondary ranges at the cluster level. Used for Autopilot clusters and Standard clusters with which control of the secondary Pod IP address assignment to node pools isn't needed. Structure is documented below.
    ClusterIpv4CidrBlock string
    The IP address range for the cluster pod IPs. Set to blank to have a range chosen with the default size. Set to /netmask (e.g. /14) to have a range chosen with a specific netmask. Set to a CIDR notation (e.g. 10.96.0.0/14) from the RFC-1918 private networks (e.g. 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) to pick a specific range to use.
    ClusterSecondaryRangeName string
    The name of the existing secondary range in the cluster's subnetwork to use for pod IP addresses. Alternatively, cluster_ipv4_cidr_block can be used to automatically create a GKE-managed one.
    PodCidrOverprovisionConfig ClusterIpAllocationPolicyPodCidrOverprovisionConfig
    Configuration for cluster level pod cidr overprovision. Default is disabled=false.
    ServicesIpv4CidrBlock string
    The IP address range of the services IPs in this cluster. Set to blank to have a range chosen with the default size. Set to /netmask (e.g. /14) to have a range chosen with a specific netmask. Set to a CIDR notation (e.g. 10.96.0.0/14) from the RFC-1918 private networks (e.g. 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) to pick a specific range to use.
    ServicesSecondaryRangeName string
    The name of the existing secondary range in the cluster's subnetwork to use for service ClusterIPs. Alternatively, services_ipv4_cidr_block can be used to automatically create a GKE-managed one.
    StackType string
    The IP Stack Type of the cluster. Default value is IPV4. Possible values are IPV4 and IPV4_IPV6.
    additionalPodRangesConfig ClusterIpAllocationPolicyAdditionalPodRangesConfig
    The configuration for additional pod secondary ranges at the cluster level. Used for Autopilot clusters and Standard clusters with which control of the secondary Pod IP address assignment to node pools isn't needed. Structure is documented below.
    clusterIpv4CidrBlock String
    The IP address range for the cluster pod IPs. Set to blank to have a range chosen with the default size. Set to /netmask (e.g. /14) to have a range chosen with a specific netmask. Set to a CIDR notation (e.g. 10.96.0.0/14) from the RFC-1918 private networks (e.g. 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) to pick a specific range to use.
    clusterSecondaryRangeName String
    The name of the existing secondary range in the cluster's subnetwork to use for pod IP addresses. Alternatively, cluster_ipv4_cidr_block can be used to automatically create a GKE-managed one.
    podCidrOverprovisionConfig ClusterIpAllocationPolicyPodCidrOverprovisionConfig
    Configuration for cluster level pod cidr overprovision. Default is disabled=false.
    servicesIpv4CidrBlock String
    The IP address range of the services IPs in this cluster. Set to blank to have a range chosen with the default size. Set to /netmask (e.g. /14) to have a range chosen with a specific netmask. Set to a CIDR notation (e.g. 10.96.0.0/14) from the RFC-1918 private networks (e.g. 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) to pick a specific range to use.
    servicesSecondaryRangeName String
    The name of the existing secondary range in the cluster's subnetwork to use for service ClusterIPs. Alternatively, services_ipv4_cidr_block can be used to automatically create a GKE-managed one.
    stackType String
    The IP Stack Type of the cluster. Default value is IPV4. Possible values are IPV4 and IPV4_IPV6.
    additionalPodRangesConfig ClusterIpAllocationPolicyAdditionalPodRangesConfig
    The configuration for additional pod secondary ranges at the cluster level. Used for Autopilot clusters and Standard clusters with which control of the secondary Pod IP address assignment to node pools isn't needed. Structure is documented below.
    clusterIpv4CidrBlock string
    The IP address range for the cluster pod IPs. Set to blank to have a range chosen with the default size. Set to /netmask (e.g. /14) to have a range chosen with a specific netmask. Set to a CIDR notation (e.g. 10.96.0.0/14) from the RFC-1918 private networks (e.g. 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) to pick a specific range to use.
    clusterSecondaryRangeName string
    The name of the existing secondary range in the cluster's subnetwork to use for pod IP addresses. Alternatively, cluster_ipv4_cidr_block can be used to automatically create a GKE-managed one.
    podCidrOverprovisionConfig ClusterIpAllocationPolicyPodCidrOverprovisionConfig
    Configuration for cluster level pod cidr overprovision. Default is disabled=false.
    servicesIpv4CidrBlock string
    The IP address range of the services IPs in this cluster. Set to blank to have a range chosen with the default size. Set to /netmask (e.g. /14) to have a range chosen with a specific netmask. Set to a CIDR notation (e.g. 10.96.0.0/14) from the RFC-1918 private networks (e.g. 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) to pick a specific range to use.
    servicesSecondaryRangeName string
    The name of the existing secondary range in the cluster's subnetwork to use for service ClusterIPs. Alternatively, services_ipv4_cidr_block can be used to automatically create a GKE-managed one.
    stackType string
    The IP Stack Type of the cluster. Default value is IPV4. Possible values are IPV4 and IPV4_IPV6.
    additional_pod_ranges_config ClusterIpAllocationPolicyAdditionalPodRangesConfig
    The configuration for additional pod secondary ranges at the cluster level. Used for Autopilot clusters and Standard clusters with which control of the secondary Pod IP address assignment to node pools isn't needed. Structure is documented below.
    cluster_ipv4_cidr_block str
    The IP address range for the cluster pod IPs. Set to blank to have a range chosen with the default size. Set to /netmask (e.g. /14) to have a range chosen with a specific netmask. Set to a CIDR notation (e.g. 10.96.0.0/14) from the RFC-1918 private networks (e.g. 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) to pick a specific range to use.
    cluster_secondary_range_name str
    The name of the existing secondary range in the cluster's subnetwork to use for pod IP addresses. Alternatively, cluster_ipv4_cidr_block can be used to automatically create a GKE-managed one.
    pod_cidr_overprovision_config ClusterIpAllocationPolicyPodCidrOverprovisionConfig
    Configuration for cluster level pod cidr overprovision. Default is disabled=false.
    services_ipv4_cidr_block str
    The IP address range of the services IPs in this cluster. Set to blank to have a range chosen with the default size. Set to /netmask (e.g. /14) to have a range chosen with a specific netmask. Set to a CIDR notation (e.g. 10.96.0.0/14) from the RFC-1918 private networks (e.g. 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) to pick a specific range to use.
    services_secondary_range_name str
    The name of the existing secondary range in the cluster's subnetwork to use for service ClusterIPs. Alternatively, services_ipv4_cidr_block can be used to automatically create a GKE-managed one.
    stack_type str
    The IP Stack Type of the cluster. Default value is IPV4. Possible values are IPV4 and IPV4_IPV6.
    additionalPodRangesConfig Property Map
    The configuration for additional pod secondary ranges at the cluster level. Used for Autopilot clusters and Standard clusters with which control of the secondary Pod IP address assignment to node pools isn't needed. Structure is documented below.
    clusterIpv4CidrBlock String
    The IP address range for the cluster pod IPs. Set to blank to have a range chosen with the default size. Set to /netmask (e.g. /14) to have a range chosen with a specific netmask. Set to a CIDR notation (e.g. 10.96.0.0/14) from the RFC-1918 private networks (e.g. 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) to pick a specific range to use.
    clusterSecondaryRangeName String
    The name of the existing secondary range in the cluster's subnetwork to use for pod IP addresses. Alternatively, cluster_ipv4_cidr_block can be used to automatically create a GKE-managed one.
    podCidrOverprovisionConfig Property Map
    Configuration for cluster level pod cidr overprovision. Default is disabled=false.
    servicesIpv4CidrBlock String
    The IP address range of the services IPs in this cluster. Set to blank to have a range chosen with the default size. Set to /netmask (e.g. /14) to have a range chosen with a specific netmask. Set to a CIDR notation (e.g. 10.96.0.0/14) from the RFC-1918 private networks (e.g. 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) to pick a specific range to use.
    servicesSecondaryRangeName String
    The name of the existing secondary range in the cluster's subnetwork to use for service ClusterIPs. Alternatively, services_ipv4_cidr_block can be used to automatically create a GKE-managed one.
    stackType String
    The IP Stack Type of the cluster. Default value is IPV4. Possible values are IPV4 and IPV4_IPV6.

    ClusterIpAllocationPolicyAdditionalPodRangesConfig, ClusterIpAllocationPolicyAdditionalPodRangesConfigArgs

    PodRangeNames List<string>
    The names of the Pod ranges to add to the cluster.
    PodRangeNames []string
    The names of the Pod ranges to add to the cluster.
    podRangeNames List<String>
    The names of the Pod ranges to add to the cluster.
    podRangeNames string[]
    The names of the Pod ranges to add to the cluster.
    pod_range_names Sequence[str]
    The names of the Pod ranges to add to the cluster.
    podRangeNames List<String>
    The names of the Pod ranges to add to the cluster.

    ClusterIpAllocationPolicyPodCidrOverprovisionConfig, ClusterIpAllocationPolicyPodCidrOverprovisionConfigArgs

    Disabled bool

    Whether the cluster disables default in-node sNAT rules. In-node sNAT rules will be disabled when defaultSnatStatus is disabled.When disabled is set to false, default IP masquerade rules will be applied to the nodes to prevent sNAT on cluster internal traffic

    The cluster_telemetry block supports

    Disabled bool

    Whether the cluster disables default in-node sNAT rules. In-node sNAT rules will be disabled when defaultSnatStatus is disabled.When disabled is set to false, default IP masquerade rules will be applied to the nodes to prevent sNAT on cluster internal traffic

    The cluster_telemetry block supports

    disabled Boolean

    Whether the cluster disables default in-node sNAT rules. In-node sNAT rules will be disabled when defaultSnatStatus is disabled.When disabled is set to false, default IP masquerade rules will be applied to the nodes to prevent sNAT on cluster internal traffic

    The cluster_telemetry block supports

    disabled boolean

    Whether the cluster disables default in-node sNAT rules. In-node sNAT rules will be disabled when defaultSnatStatus is disabled.When disabled is set to false, default IP masquerade rules will be applied to the nodes to prevent sNAT on cluster internal traffic

    The cluster_telemetry block supports

    disabled bool

    Whether the cluster disables default in-node sNAT rules. In-node sNAT rules will be disabled when defaultSnatStatus is disabled.When disabled is set to false, default IP masquerade rules will be applied to the nodes to prevent sNAT on cluster internal traffic

    The cluster_telemetry block supports

    disabled Boolean

    Whether the cluster disables default in-node sNAT rules. In-node sNAT rules will be disabled when defaultSnatStatus is disabled.When disabled is set to false, default IP masquerade rules will be applied to the nodes to prevent sNAT on cluster internal traffic

    The cluster_telemetry block supports

    ClusterLoggingConfig, ClusterLoggingConfigArgs

    EnableComponents List<string>
    The GKE components exposing logs. Supported values include: SYSTEM_COMPONENTS, APISERVER, CONTROLLER_MANAGER, SCHEDULER, and WORKLOADS.
    EnableComponents []string
    The GKE components exposing logs. Supported values include: SYSTEM_COMPONENTS, APISERVER, CONTROLLER_MANAGER, SCHEDULER, and WORKLOADS.
    enableComponents List<String>
    The GKE components exposing logs. Supported values include: SYSTEM_COMPONENTS, APISERVER, CONTROLLER_MANAGER, SCHEDULER, and WORKLOADS.
    enableComponents string[]
    The GKE components exposing logs. Supported values include: SYSTEM_COMPONENTS, APISERVER, CONTROLLER_MANAGER, SCHEDULER, and WORKLOADS.
    enable_components Sequence[str]
    The GKE components exposing logs. Supported values include: SYSTEM_COMPONENTS, APISERVER, CONTROLLER_MANAGER, SCHEDULER, and WORKLOADS.
    enableComponents List<String>
    The GKE components exposing logs. Supported values include: SYSTEM_COMPONENTS, APISERVER, CONTROLLER_MANAGER, SCHEDULER, and WORKLOADS.

    ClusterMaintenancePolicy, ClusterMaintenancePolicyArgs

    DailyMaintenanceWindow ClusterMaintenancePolicyDailyMaintenanceWindow

    Time window specified for daily maintenance operations. Specify start_time in RFC3339 format "HH:MM”, where HH : [00-23] and MM : [00-59] GMT. For example:

    Examples:

    MaintenanceExclusions List<ClusterMaintenancePolicyMaintenanceExclusion>
    Exceptions to maintenance window. Non-emergency maintenance should not occur in these windows. A cluster can have up to 20 maintenance exclusions at a time Maintenance Window and Exclusions
    RecurringWindow ClusterMaintenancePolicyRecurringWindow

    Time window for recurring maintenance operations.

    Specify start_time and end_time in RFC3339 "Zulu" date format. The start time's date is the initial date that the window starts, and the end time is used for calculating duration. Specify recurrence in RFC5545 RRULE format, to specify when this recurs. Note that GKE may accept other formats, but will return values in UTC, causing a permanent diff.

    Examples:

    maintenance_policy {
    recurring_window {
    start_time = "2019-08-01T02:00:00Z"
    end_time = "2019-08-01T06:00:00Z"
    recurrence = "FREQ=DAILY"
    }
    }
    
    maintenance_policy {
    recurring_window {
    start_time = "2019-01-01T09:00:00Z"
    end_time = "2019-01-01T17:00:00Z"
    recurrence = "FREQ=WEEKLY;BYDAY=MO,TU,WE,TH,FR"
    }
    }
    
    DailyMaintenanceWindow ClusterMaintenancePolicyDailyMaintenanceWindow

    Time window specified for daily maintenance operations. Specify start_time in RFC3339 format "HH:MM”, where HH : [00-23] and MM : [00-59] GMT. For example:

    Examples:

    MaintenanceExclusions []ClusterMaintenancePolicyMaintenanceExclusion
    Exceptions to maintenance window. Non-emergency maintenance should not occur in these windows. A cluster can have up to 20 maintenance exclusions at a time Maintenance Window and Exclusions
    RecurringWindow ClusterMaintenancePolicyRecurringWindow

    Time window for recurring maintenance operations.

    Specify start_time and end_time in RFC3339 "Zulu" date format. The start time's date is the initial date that the window starts, and the end time is used for calculating duration. Specify recurrence in RFC5545 RRULE format, to specify when this recurs. Note that GKE may accept other formats, but will return values in UTC, causing a permanent diff.

    Examples:

    maintenance_policy {
    recurring_window {
    start_time = "2019-08-01T02:00:00Z"
    end_time = "2019-08-01T06:00:00Z"
    recurrence = "FREQ=DAILY"
    }
    }
    
    maintenance_policy {
    recurring_window {
    start_time = "2019-01-01T09:00:00Z"
    end_time = "2019-01-01T17:00:00Z"
    recurrence = "FREQ=WEEKLY;BYDAY=MO,TU,WE,TH,FR"
    }
    }
    
    dailyMaintenanceWindow ClusterMaintenancePolicyDailyMaintenanceWindow

    Time window specified for daily maintenance operations. Specify start_time in RFC3339 format "HH:MM”, where HH : [00-23] and MM : [00-59] GMT. For example:

    Examples:

    maintenanceExclusions List<ClusterMaintenancePolicyMaintenanceExclusion>
    Exceptions to maintenance window. Non-emergency maintenance should not occur in these windows. A cluster can have up to 20 maintenance exclusions at a time Maintenance Window and Exclusions
    recurringWindow ClusterMaintenancePolicyRecurringWindow

    Time window for recurring maintenance operations.

    Specify start_time and end_time in RFC3339 "Zulu" date format. The start time's date is the initial date that the window starts, and the end time is used for calculating duration. Specify recurrence in RFC5545 RRULE format, to specify when this recurs. Note that GKE may accept other formats, but will return values in UTC, causing a permanent diff.

    Examples:

    maintenance_policy {
    recurring_window {
    start_time = "2019-08-01T02:00:00Z"
    end_time = "2019-08-01T06:00:00Z"
    recurrence = "FREQ=DAILY"
    }
    }
    
    maintenance_policy {
    recurring_window {
    start_time = "2019-01-01T09:00:00Z"
    end_time = "2019-01-01T17:00:00Z"
    recurrence = "FREQ=WEEKLY;BYDAY=MO,TU,WE,TH,FR"
    }
    }
    
    dailyMaintenanceWindow ClusterMaintenancePolicyDailyMaintenanceWindow

    Time window specified for daily maintenance operations. Specify start_time in RFC3339 format "HH:MM”, where HH : [00-23] and MM : [00-59] GMT. For example:

    Examples:

    maintenanceExclusions ClusterMaintenancePolicyMaintenanceExclusion[]
    Exceptions to maintenance window. Non-emergency maintenance should not occur in these windows. A cluster can have up to 20 maintenance exclusions at a time Maintenance Window and Exclusions
    recurringWindow ClusterMaintenancePolicyRecurringWindow

    Time window for recurring maintenance operations.

    Specify start_time and end_time in RFC3339 "Zulu" date format. The start time's date is the initial date that the window starts, and the end time is used for calculating duration. Specify recurrence in RFC5545 RRULE format, to specify when this recurs. Note that GKE may accept other formats, but will return values in UTC, causing a permanent diff.

    Examples:

    maintenance_policy {
    recurring_window {
    start_time = "2019-08-01T02:00:00Z"
    end_time = "2019-08-01T06:00:00Z"
    recurrence = "FREQ=DAILY"
    }
    }
    
    maintenance_policy {
    recurring_window {
    start_time = "2019-01-01T09:00:00Z"
    end_time = "2019-01-01T17:00:00Z"
    recurrence = "FREQ=WEEKLY;BYDAY=MO,TU,WE,TH,FR"
    }
    }
    
    daily_maintenance_window ClusterMaintenancePolicyDailyMaintenanceWindow

    Time window specified for daily maintenance operations. Specify start_time in RFC3339 format "HH:MM”, where HH : [00-23] and MM : [00-59] GMT. For example:

    Examples:

    maintenance_exclusions Sequence[ClusterMaintenancePolicyMaintenanceExclusion]
    Exceptions to maintenance window. Non-emergency maintenance should not occur in these windows. A cluster can have up to 20 maintenance exclusions at a time Maintenance Window and Exclusions
    recurring_window ClusterMaintenancePolicyRecurringWindow

    Time window for recurring maintenance operations.

    Specify start_time and end_time in RFC3339 "Zulu" date format. The start time's date is the initial date that the window starts, and the end time is used for calculating duration. Specify recurrence in RFC5545 RRULE format, to specify when this recurs. Note that GKE may accept other formats, but will return values in UTC, causing a permanent diff.

    Examples:

    maintenance_policy {
    recurring_window {
    start_time = "2019-08-01T02:00:00Z"
    end_time = "2019-08-01T06:00:00Z"
    recurrence = "FREQ=DAILY"
    }
    }
    
    maintenance_policy {
    recurring_window {
    start_time = "2019-01-01T09:00:00Z"
    end_time = "2019-01-01T17:00:00Z"
    recurrence = "FREQ=WEEKLY;BYDAY=MO,TU,WE,TH,FR"
    }
    }
    
    dailyMaintenanceWindow Property Map

    Time window specified for daily maintenance operations. Specify start_time in RFC3339 format "HH:MM”, where HH : [00-23] and MM : [00-59] GMT. For example:

    Examples:

    maintenanceExclusions List<Property Map>
    Exceptions to maintenance window. Non-emergency maintenance should not occur in these windows. A cluster can have up to 20 maintenance exclusions at a time Maintenance Window and Exclusions
    recurringWindow Property Map

    Time window for recurring maintenance operations.

    Specify start_time and end_time in RFC3339 "Zulu" date format. The start time's date is the initial date that the window starts, and the end time is used for calculating duration. Specify recurrence in RFC5545 RRULE format, to specify when this recurs. Note that GKE may accept other formats, but will return values in UTC, causing a permanent diff.

    Examples:

    maintenance_policy {
    recurring_window {
    start_time = "2019-08-01T02:00:00Z"
    end_time = "2019-08-01T06:00:00Z"
    recurrence = "FREQ=DAILY"
    }
    }
    
    maintenance_policy {
    recurring_window {
    start_time = "2019-01-01T09:00:00Z"
    end_time = "2019-01-01T17:00:00Z"
    recurrence = "FREQ=WEEKLY;BYDAY=MO,TU,WE,TH,FR"
    }
    }
    

    ClusterMaintenancePolicyDailyMaintenanceWindow, ClusterMaintenancePolicyDailyMaintenanceWindowArgs

    StartTime string
    Duration string
    Duration of the time window, automatically chosen to be smallest possible in the given scenario. Duration will be in RFC3339 format "PTnHnMnS".
    StartTime string
    Duration string
    Duration of the time window, automatically chosen to be smallest possible in the given scenario. Duration will be in RFC3339 format "PTnHnMnS".
    startTime String
    duration String
    Duration of the time window, automatically chosen to be smallest possible in the given scenario. Duration will be in RFC3339 format "PTnHnMnS".
    startTime string
    duration string
    Duration of the time window, automatically chosen to be smallest possible in the given scenario. Duration will be in RFC3339 format "PTnHnMnS".
    start_time str
    duration str
    Duration of the time window, automatically chosen to be smallest possible in the given scenario. Duration will be in RFC3339 format "PTnHnMnS".
    startTime String
    duration String
    Duration of the time window, automatically chosen to be smallest possible in the given scenario. Duration will be in RFC3339 format "PTnHnMnS".

    ClusterMaintenancePolicyMaintenanceExclusion, ClusterMaintenancePolicyMaintenanceExclusionArgs

    EndTime string
    ExclusionName string
    StartTime string
    ExclusionOptions ClusterMaintenancePolicyMaintenanceExclusionExclusionOptions
    MaintenanceExclusionOptions provides maintenance exclusion related options.
    EndTime string
    ExclusionName string
    StartTime string
    ExclusionOptions ClusterMaintenancePolicyMaintenanceExclusionExclusionOptions
    MaintenanceExclusionOptions provides maintenance exclusion related options.
    endTime String
    exclusionName String
    startTime String
    exclusionOptions ClusterMaintenancePolicyMaintenanceExclusionExclusionOptions
    MaintenanceExclusionOptions provides maintenance exclusion related options.
    endTime string
    exclusionName string
    startTime string
    exclusionOptions ClusterMaintenancePolicyMaintenanceExclusionExclusionOptions
    MaintenanceExclusionOptions provides maintenance exclusion related options.
    end_time str
    exclusion_name str
    start_time str
    exclusion_options ClusterMaintenancePolicyMaintenanceExclusionExclusionOptions
    MaintenanceExclusionOptions provides maintenance exclusion related options.
    endTime String
    exclusionName String
    startTime String
    exclusionOptions Property Map
    MaintenanceExclusionOptions provides maintenance exclusion related options.

    ClusterMaintenancePolicyMaintenanceExclusionExclusionOptions, ClusterMaintenancePolicyMaintenanceExclusionExclusionOptionsArgs

    Scope string

    The scope of automatic upgrades to restrict in the exclusion window. One of: NO_UPGRADES | NO_MINOR_UPGRADES | NO_MINOR_OR_NODE_UPGRADES

    Specify start_time and end_time in RFC3339 "Zulu" date format. The start time's date is the initial date that the window starts, and the end time is used for calculating duration.Specify recurrence in RFC5545 RRULE format, to specify when this recurs. Note that GKE may accept other formats, but will return values in UTC, causing a permanent diff.

    Examples:

    maintenance_policy {
    recurring_window {
    start_time = "2019-01-01T00:00:00Z"
    end_time = "2019-01-02T00:00:00Z"
    recurrence = "FREQ=DAILY"
    }
    maintenance_exclusion{
    exclusion_name = "batch job"
    start_time = "2019-01-01T00:00:00Z"
    end_time = "2019-01-02T00:00:00Z"
    exclusion_options {
    scope = "NO_UPGRADES"
    }
    }
    maintenance_exclusion{
    exclusion_name = "holiday data load"
    start_time = "2019-05-01T00:00:00Z"
    end_time = "2019-05-02T00:00:00Z"
    exclusion_options {
    scope = "NO_MINOR_UPGRADES"
    }
    }
    }
    
    Scope string

    The scope of automatic upgrades to restrict in the exclusion window. One of: NO_UPGRADES | NO_MINOR_UPGRADES | NO_MINOR_OR_NODE_UPGRADES

    Specify start_time and end_time in RFC3339 "Zulu" date format. The start time's date is the initial date that the window starts, and the end time is used for calculating duration.Specify recurrence in RFC5545 RRULE format, to specify when this recurs. Note that GKE may accept other formats, but will return values in UTC, causing a permanent diff.

    Examples:

    maintenance_policy {
    recurring_window {
    start_time = "2019-01-01T00:00:00Z"
    end_time = "2019-01-02T00:00:00Z"
    recurrence = "FREQ=DAILY"
    }
    maintenance_exclusion{
    exclusion_name = "batch job"
    start_time = "2019-01-01T00:00:00Z"
    end_time = "2019-01-02T00:00:00Z"
    exclusion_options {
    scope = "NO_UPGRADES"
    }
    }
    maintenance_exclusion{
    exclusion_name = "holiday data load"
    start_time = "2019-05-01T00:00:00Z"
    end_time = "2019-05-02T00:00:00Z"
    exclusion_options {
    scope = "NO_MINOR_UPGRADES"
    }
    }
    }
    
    scope String

    The scope of automatic upgrades to restrict in the exclusion window. One of: NO_UPGRADES | NO_MINOR_UPGRADES | NO_MINOR_OR_NODE_UPGRADES

    Specify start_time and end_time in RFC3339 "Zulu" date format. The start time's date is the initial date that the window starts, and the end time is used for calculating duration.Specify recurrence in RFC5545 RRULE format, to specify when this recurs. Note that GKE may accept other formats, but will return values in UTC, causing a permanent diff.

    Examples:

    maintenance_policy {
    recurring_window {
    start_time = "2019-01-01T00:00:00Z"
    end_time = "2019-01-02T00:00:00Z"
    recurrence = "FREQ=DAILY"
    }
    maintenance_exclusion{
    exclusion_name = "batch job"
    start_time = "2019-01-01T00:00:00Z"
    end_time = "2019-01-02T00:00:00Z"
    exclusion_options {
    scope = "NO_UPGRADES"
    }
    }
    maintenance_exclusion{
    exclusion_name = "holiday data load"
    start_time = "2019-05-01T00:00:00Z"
    end_time = "2019-05-02T00:00:00Z"
    exclusion_options {
    scope = "NO_MINOR_UPGRADES"
    }
    }
    }
    
    scope string

    The scope of automatic upgrades to restrict in the exclusion window. One of: NO_UPGRADES | NO_MINOR_UPGRADES | NO_MINOR_OR_NODE_UPGRADES

    Specify start_time and end_time in RFC3339 "Zulu" date format. The start time's date is the initial date that the window starts, and the end time is used for calculating duration.Specify recurrence in RFC5545 RRULE format, to specify when this recurs. Note that GKE may accept other formats, but will return values in UTC, causing a permanent diff.

    Examples:

    maintenance_policy {
    recurring_window {
    start_time = "2019-01-01T00:00:00Z"
    end_time = "2019-01-02T00:00:00Z"
    recurrence = "FREQ=DAILY"
    }
    maintenance_exclusion{
    exclusion_name = "batch job"
    start_time = "2019-01-01T00:00:00Z"
    end_time = "2019-01-02T00:00:00Z"
    exclusion_options {
    scope = "NO_UPGRADES"
    }
    }
    maintenance_exclusion{
    exclusion_name = "holiday data load"
    start_time = "2019-05-01T00:00:00Z"
    end_time = "2019-05-02T00:00:00Z"
    exclusion_options {
    scope = "NO_MINOR_UPGRADES"
    }
    }
    }
    
    scope str

    The scope of automatic upgrades to restrict in the exclusion window. One of: NO_UPGRADES | NO_MINOR_UPGRADES | NO_MINOR_OR_NODE_UPGRADES

    Specify start_time and end_time in RFC3339 "Zulu" date format. The start time's date is the initial date that the window starts, and the end time is used for calculating duration.Specify recurrence in RFC5545 RRULE format, to specify when this recurs. Note that GKE may accept other formats, but will return values in UTC, causing a permanent diff.

    Examples:

    maintenance_policy {
    recurring_window {
    start_time = "2019-01-01T00:00:00Z"
    end_time = "2019-01-02T00:00:00Z"
    recurrence = "FREQ=DAILY"
    }
    maintenance_exclusion{
    exclusion_name = "batch job"
    start_time = "2019-01-01T00:00:00Z"
    end_time = "2019-01-02T00:00:00Z"
    exclusion_options {
    scope = "NO_UPGRADES"
    }
    }
    maintenance_exclusion{
    exclusion_name = "holiday data load"
    start_time = "2019-05-01T00:00:00Z"
    end_time = "2019-05-02T00:00:00Z"
    exclusion_options {
    scope = "NO_MINOR_UPGRADES"
    }
    }
    }
    
    scope String

    The scope of automatic upgrades to restrict in the exclusion window. One of: NO_UPGRADES | NO_MINOR_UPGRADES | NO_MINOR_OR_NODE_UPGRADES

    Specify start_time and end_time in RFC3339 "Zulu" date format. The start time's date is the initial date that the window starts, and the end time is used for calculating duration.Specify recurrence in RFC5545 RRULE format, to specify when this recurs. Note that GKE may accept other formats, but will return values in UTC, causing a permanent diff.

    Examples:

    maintenance_policy {
    recurring_window {
    start_time = "2019-01-01T00:00:00Z"
    end_time = "2019-01-02T00:00:00Z"
    recurrence = "FREQ=DAILY"
    }
    maintenance_exclusion{
    exclusion_name = "batch job"
    start_time = "2019-01-01T00:00:00Z"
    end_time = "2019-01-02T00:00:00Z"
    exclusion_options {
    scope = "NO_UPGRADES"
    }
    }
    maintenance_exclusion{
    exclusion_name = "holiday data load"
    start_time = "2019-05-01T00:00:00Z"
    end_time = "2019-05-02T00:00:00Z"
    exclusion_options {
    scope = "NO_MINOR_UPGRADES"
    }
    }
    }
    

    ClusterMaintenancePolicyRecurringWindow, ClusterMaintenancePolicyRecurringWindowArgs

    EndTime string
    Recurrence string
    StartTime string
    EndTime string
    Recurrence string
    StartTime string
    endTime String
    recurrence String
    startTime String
    endTime string
    recurrence string
    startTime string
    endTime String
    recurrence String
    startTime String

    ClusterMasterAuth, ClusterMasterAuthArgs

    ClientCertificateConfig ClusterMasterAuthClientCertificateConfig
    Whether client certificate authorization is enabled for this cluster. For example:
    ClientCertificate string
    Base64 encoded public certificate used by clients to authenticate to the cluster endpoint.
    ClientKey string
    Base64 encoded private key used by clients to authenticate to the cluster endpoint.
    ClusterCaCertificate string
    Base64 encoded public certificate that is the root certificate of the cluster.
    ClientCertificateConfig ClusterMasterAuthClientCertificateConfig
    Whether client certificate authorization is enabled for this cluster. For example:
    ClientCertificate string
    Base64 encoded public certificate used by clients to authenticate to the cluster endpoint.
    ClientKey string
    Base64 encoded private key used by clients to authenticate to the cluster endpoint.
    ClusterCaCertificate string
    Base64 encoded public certificate that is the root certificate of the cluster.
    clientCertificateConfig ClusterMasterAuthClientCertificateConfig
    Whether client certificate authorization is enabled for this cluster. For example:
    clientCertificate String
    Base64 encoded public certificate used by clients to authenticate to the cluster endpoint.
    clientKey String
    Base64 encoded private key used by clients to authenticate to the cluster endpoint.
    clusterCaCertificate String
    Base64 encoded public certificate that is the root certificate of the cluster.
    clientCertificateConfig ClusterMasterAuthClientCertificateConfig
    Whether client certificate authorization is enabled for this cluster. For example:
    clientCertificate string
    Base64 encoded public certificate used by clients to authenticate to the cluster endpoint.
    clientKey string
    Base64 encoded private key used by clients to authenticate to the cluster endpoint.
    clusterCaCertificate string
    Base64 encoded public certificate that is the root certificate of the cluster.
    client_certificate_config ClusterMasterAuthClientCertificateConfig
    Whether client certificate authorization is enabled for this cluster. For example:
    client_certificate str
    Base64 encoded public certificate used by clients to authenticate to the cluster endpoint.
    client_key str
    Base64 encoded private key used by clients to authenticate to the cluster endpoint.
    cluster_ca_certificate str
    Base64 encoded public certificate that is the root certificate of the cluster.
    clientCertificateConfig Property Map
    Whether client certificate authorization is enabled for this cluster. For example:
    clientCertificate String
    Base64 encoded public certificate used by clients to authenticate to the cluster endpoint.
    clientKey String
    Base64 encoded private key used by clients to authenticate to the cluster endpoint.
    clusterCaCertificate String
    Base64 encoded public certificate that is the root certificate of the cluster.

    ClusterMasterAuthClientCertificateConfig, ClusterMasterAuthClientCertificateConfigArgs

    IssueClientCertificate bool
    Whether client certificate authorization is enabled for this cluster.
    IssueClientCertificate bool
    Whether client certificate authorization is enabled for this cluster.
    issueClientCertificate Boolean
    Whether client certificate authorization is enabled for this cluster.
    issueClientCertificate boolean
    Whether client certificate authorization is enabled for this cluster.
    issue_client_certificate bool
    Whether client certificate authorization is enabled for this cluster.
    issueClientCertificate Boolean
    Whether client certificate authorization is enabled for this cluster.

    ClusterMasterAuthorizedNetworksConfig, ClusterMasterAuthorizedNetworksConfigArgs

    CidrBlocks List<ClusterMasterAuthorizedNetworksConfigCidrBlock>
    External networks that can access the Kubernetes cluster master through HTTPS.
    GcpPublicCidrsAccessEnabled bool
    Whether Kubernetes master is accessible via Google Compute Engine Public IPs.
    PrivateEndpointEnforcementEnabled bool
    Whether authorized networks is enforced on the private endpoint or not. Defaults to false.
    CidrBlocks []ClusterMasterAuthorizedNetworksConfigCidrBlock
    External networks that can access the Kubernetes cluster master through HTTPS.
    GcpPublicCidrsAccessEnabled bool
    Whether Kubernetes master is accessible via Google Compute Engine Public IPs.
    PrivateEndpointEnforcementEnabled bool
    Whether authorized networks is enforced on the private endpoint or not. Defaults to false.
    cidrBlocks List<ClusterMasterAuthorizedNetworksConfigCidrBlock>
    External networks that can access the Kubernetes cluster master through HTTPS.
    gcpPublicCidrsAccessEnabled Boolean
    Whether Kubernetes master is accessible via Google Compute Engine Public IPs.
    privateEndpointEnforcementEnabled Boolean
    Whether authorized networks is enforced on the private endpoint or not. Defaults to false.
    cidrBlocks ClusterMasterAuthorizedNetworksConfigCidrBlock[]
    External networks that can access the Kubernetes cluster master through HTTPS.
    gcpPublicCidrsAccessEnabled boolean
    Whether Kubernetes master is accessible via Google Compute Engine Public IPs.
    privateEndpointEnforcementEnabled boolean
    Whether authorized networks is enforced on the private endpoint or not. Defaults to false.
    cidr_blocks Sequence[ClusterMasterAuthorizedNetworksConfigCidrBlock]
    External networks that can access the Kubernetes cluster master through HTTPS.
    gcp_public_cidrs_access_enabled bool
    Whether Kubernetes master is accessible via Google Compute Engine Public IPs.
    private_endpoint_enforcement_enabled bool
    Whether authorized networks is enforced on the private endpoint or not. Defaults to false.
    cidrBlocks List<Property Map>
    External networks that can access the Kubernetes cluster master through HTTPS.
    gcpPublicCidrsAccessEnabled Boolean
    Whether Kubernetes master is accessible via Google Compute Engine Public IPs.
    privateEndpointEnforcementEnabled Boolean
    Whether authorized networks is enforced on the private endpoint or not. Defaults to false.

    ClusterMasterAuthorizedNetworksConfigCidrBlock, ClusterMasterAuthorizedNetworksConfigCidrBlockArgs

    CidrBlock string
    External network that can access Kubernetes master through HTTPS. Must be specified in CIDR notation.
    DisplayName string
    Field for users to identify CIDR blocks.
    CidrBlock string
    External network that can access Kubernetes master through HTTPS. Must be specified in CIDR notation.
    DisplayName string
    Field for users to identify CIDR blocks.
    cidrBlock String
    External network that can access Kubernetes master through HTTPS. Must be specified in CIDR notation.
    displayName String
    Field for users to identify CIDR blocks.
    cidrBlock string
    External network that can access Kubernetes master through HTTPS. Must be specified in CIDR notation.
    displayName string
    Field for users to identify CIDR blocks.
    cidr_block str
    External network that can access Kubernetes master through HTTPS. Must be specified in CIDR notation.
    display_name str
    Field for users to identify CIDR blocks.
    cidrBlock String
    External network that can access Kubernetes master through HTTPS. Must be specified in CIDR notation.
    displayName String
    Field for users to identify CIDR blocks.

    ClusterMeshCertificates, ClusterMeshCertificatesArgs

    EnableCertificates bool
    Controls the issuance of workload mTLS certificates. It is enabled by default. Workload Identity is required, see workload_config.
    EnableCertificates bool
    Controls the issuance of workload mTLS certificates. It is enabled by default. Workload Identity is required, see workload_config.
    enableCertificates Boolean
    Controls the issuance of workload mTLS certificates. It is enabled by default. Workload Identity is required, see workload_config.
    enableCertificates boolean
    Controls the issuance of workload mTLS certificates. It is enabled by default. Workload Identity is required, see workload_config.
    enable_certificates bool
    Controls the issuance of workload mTLS certificates. It is enabled by default. Workload Identity is required, see workload_config.
    enableCertificates Boolean
    Controls the issuance of workload mTLS certificates. It is enabled by default. Workload Identity is required, see workload_config.

    ClusterMonitoringConfig, ClusterMonitoringConfigArgs

    AdvancedDatapathObservabilityConfig ClusterMonitoringConfigAdvancedDatapathObservabilityConfig
    Configuration for Advanced Datapath Monitoring. Structure is documented below.
    EnableComponents List<string>
    The GKE components exposing metrics. Supported values include: SYSTEM_COMPONENTS, APISERVER, SCHEDULER, CONTROLLER_MANAGER, STORAGE, HPA, POD, DAEMONSET, DEPLOYMENT, STATEFULSET, KUBELET, CADVISOR and DCGM. In beta provider, WORKLOADS is supported on top of those 12 values. (WORKLOADS is deprecated and removed in GKE 1.24.) KUBELET and CADVISOR are only supported in GKE 1.29.3-gke.1093000 and above.
    ManagedPrometheus ClusterMonitoringConfigManagedPrometheus
    Configuration for Managed Service for Prometheus. Structure is documented below.
    AdvancedDatapathObservabilityConfig ClusterMonitoringConfigAdvancedDatapathObservabilityConfig
    Configuration for Advanced Datapath Monitoring. Structure is documented below.
    EnableComponents []string
    The GKE components exposing metrics. Supported values include: SYSTEM_COMPONENTS, APISERVER, SCHEDULER, CONTROLLER_MANAGER, STORAGE, HPA, POD, DAEMONSET, DEPLOYMENT, STATEFULSET, KUBELET, CADVISOR and DCGM. In beta provider, WORKLOADS is supported on top of those 12 values. (WORKLOADS is deprecated and removed in GKE 1.24.) KUBELET and CADVISOR are only supported in GKE 1.29.3-gke.1093000 and above.
    ManagedPrometheus ClusterMonitoringConfigManagedPrometheus
    Configuration for Managed Service for Prometheus. Structure is documented below.
    advancedDatapathObservabilityConfig ClusterMonitoringConfigAdvancedDatapathObservabilityConfig
    Configuration for Advanced Datapath Monitoring. Structure is documented below.
    enableComponents List<String>
    The GKE components exposing metrics. Supported values include: SYSTEM_COMPONENTS, APISERVER, SCHEDULER, CONTROLLER_MANAGER, STORAGE, HPA, POD, DAEMONSET, DEPLOYMENT, STATEFULSET, KUBELET, CADVISOR and DCGM. In beta provider, WORKLOADS is supported on top of those 12 values. (WORKLOADS is deprecated and removed in GKE 1.24.) KUBELET and CADVISOR are only supported in GKE 1.29.3-gke.1093000 and above.
    managedPrometheus ClusterMonitoringConfigManagedPrometheus
    Configuration for Managed Service for Prometheus. Structure is documented below.
    advancedDatapathObservabilityConfig ClusterMonitoringConfigAdvancedDatapathObservabilityConfig
    Configuration for Advanced Datapath Monitoring. Structure is documented below.
    enableComponents string[]
    The GKE components exposing metrics. Supported values include: SYSTEM_COMPONENTS, APISERVER, SCHEDULER, CONTROLLER_MANAGER, STORAGE, HPA, POD, DAEMONSET, DEPLOYMENT, STATEFULSET, KUBELET, CADVISOR and DCGM. In beta provider, WORKLOADS is supported on top of those 12 values. (WORKLOADS is deprecated and removed in GKE 1.24.) KUBELET and CADVISOR are only supported in GKE 1.29.3-gke.1093000 and above.
    managedPrometheus ClusterMonitoringConfigManagedPrometheus
    Configuration for Managed Service for Prometheus. Structure is documented below.
    advanced_datapath_observability_config ClusterMonitoringConfigAdvancedDatapathObservabilityConfig
    Configuration for Advanced Datapath Monitoring. Structure is documented below.
    enable_components Sequence[str]
    The GKE components exposing metrics. Supported values include: SYSTEM_COMPONENTS, APISERVER, SCHEDULER, CONTROLLER_MANAGER, STORAGE, HPA, POD, DAEMONSET, DEPLOYMENT, STATEFULSET, KUBELET, CADVISOR and DCGM. In beta provider, WORKLOADS is supported on top of those 12 values. (WORKLOADS is deprecated and removed in GKE 1.24.) KUBELET and CADVISOR are only supported in GKE 1.29.3-gke.1093000 and above.
    managed_prometheus ClusterMonitoringConfigManagedPrometheus
    Configuration for Managed Service for Prometheus. Structure is documented below.
    advancedDatapathObservabilityConfig Property Map
    Configuration for Advanced Datapath Monitoring. Structure is documented below.
    enableComponents List<String>
    The GKE components exposing metrics. Supported values include: SYSTEM_COMPONENTS, APISERVER, SCHEDULER, CONTROLLER_MANAGER, STORAGE, HPA, POD, DAEMONSET, DEPLOYMENT, STATEFULSET, KUBELET, CADVISOR and DCGM. In beta provider, WORKLOADS is supported on top of those 12 values. (WORKLOADS is deprecated and removed in GKE 1.24.) KUBELET and CADVISOR are only supported in GKE 1.29.3-gke.1093000 and above.
    managedPrometheus Property Map
    Configuration for Managed Service for Prometheus. Structure is documented below.

    ClusterMonitoringConfigAdvancedDatapathObservabilityConfig, ClusterMonitoringConfigAdvancedDatapathObservabilityConfigArgs

    EnableMetrics bool
    Whether or not to enable advanced datapath metrics.
    EnableRelay bool
    Whether or not Relay is enabled.
    EnableMetrics bool
    Whether or not to enable advanced datapath metrics.
    EnableRelay bool
    Whether or not Relay is enabled.
    enableMetrics Boolean
    Whether or not to enable advanced datapath metrics.
    enableRelay Boolean
    Whether or not Relay is enabled.
    enableMetrics boolean
    Whether or not to enable advanced datapath metrics.
    enableRelay boolean
    Whether or not Relay is enabled.
    enable_metrics bool
    Whether or not to enable advanced datapath metrics.
    enable_relay bool
    Whether or not Relay is enabled.
    enableMetrics Boolean
    Whether or not to enable advanced datapath metrics.
    enableRelay Boolean
    Whether or not Relay is enabled.

    ClusterMonitoringConfigManagedPrometheus, ClusterMonitoringConfigManagedPrometheusArgs

    Enabled bool
    Whether or not the managed collection is enabled.
    Enabled bool
    Whether or not the managed collection is enabled.
    enabled Boolean
    Whether or not the managed collection is enabled.
    enabled boolean
    Whether or not the managed collection is enabled.
    enabled bool
    Whether or not the managed collection is enabled.
    enabled Boolean
    Whether or not the managed collection is enabled.

    ClusterNetworkPolicy, ClusterNetworkPolicyArgs

    Enabled bool
    Whether network policy is enabled on the cluster.
    Provider string
    The selected network policy provider. Defaults to PROVIDER_UNSPECIFIED.
    Enabled bool
    Whether network policy is enabled on the cluster.
    Provider string
    The selected network policy provider. Defaults to PROVIDER_UNSPECIFIED.
    enabled Boolean
    Whether network policy is enabled on the cluster.
    provider String
    The selected network policy provider. Defaults to PROVIDER_UNSPECIFIED.
    enabled boolean
    Whether network policy is enabled on the cluster.
    provider string
    The selected network policy provider. Defaults to PROVIDER_UNSPECIFIED.
    enabled bool
    Whether network policy is enabled on the cluster.
    provider str
    The selected network policy provider. Defaults to PROVIDER_UNSPECIFIED.
    enabled Boolean
    Whether network policy is enabled on the cluster.
    provider String
    The selected network policy provider. Defaults to PROVIDER_UNSPECIFIED.

    ClusterNodeConfig, ClusterNodeConfigArgs

    AdvancedMachineFeatures ClusterNodeConfigAdvancedMachineFeatures
    Specifies options for controlling advanced machine features. Structure is documented below.
    BootDiskKmsKey string
    The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool. This should be of the form projects/[KEY_PROJECT_ID]/locations/[LOCATION]/keyRings/[RING_NAME]/cryptoKeys/[KEY_NAME]. For more information about protecting resources with Cloud KMS Keys please see: https://cloud.google.com/compute/docs/disks/customer-managed-encryption
    ConfidentialNodes ClusterNodeConfigConfidentialNodes
    Configuration for Confidential Nodes feature. Structure is documented below.
    ContainerdConfig ClusterNodeConfigContainerdConfig
    Parameters to customize containerd runtime. Structure is documented below.
    DiskSizeGb int
    Size of the disk attached to each node, specified in GB. The smallest allowed disk size is 10GB. Defaults to 100GB.
    DiskType string
    Type of the disk attached to each node (e.g. 'pd-standard', 'pd-balanced' or 'pd-ssd'). If unspecified, the default disk type is 'pd-standard'
    EffectiveTaints List<ClusterNodeConfigEffectiveTaint>
    List of kubernetes taints applied to each node. Structure is documented above.
    EnableConfidentialStorage bool
    Enabling Confidential Storage will create boot disk with confidential mode. It is disabled by default.
    EphemeralStorageConfig ClusterNodeConfigEphemeralStorageConfig
    Parameters for the ephemeral storage filesystem. If unspecified, ephemeral storage is backed by the boot disk. Structure is documented below.
    EphemeralStorageLocalSsdConfig ClusterNodeConfigEphemeralStorageLocalSsdConfig
    Parameters for the ephemeral storage filesystem. If unspecified, ephemeral storage is backed by the boot disk. Structure is documented below.
    FastSocket ClusterNodeConfigFastSocket
    Parameters for the NCCL Fast Socket feature. If unspecified, NCCL Fast Socket will not be enabled on the node pool. Node Pool must enable gvnic. GKE version 1.25.2-gke.1700 or later. Structure is documented below.
    GcfsConfig ClusterNodeConfigGcfsConfig
    Parameters for the Google Container Filesystem (GCFS). If unspecified, GCFS will not be enabled on the node pool. When enabling this feature you must specify image_type = "COS_CONTAINERD" and node_version from GKE versions 1.19 or later to use it. For GKE versions 1.19, 1.20, and 1.21, the recommended minimum node_version would be 1.19.15-gke.1300, 1.20.11-gke.1300, and 1.21.5-gke.1300 respectively. A machine_type that has more than 16 GiB of memory is also recommended. GCFS must be enabled in order to use image streaming. Structure is documented below.
    GuestAccelerators List<ClusterNodeConfigGuestAccelerator>
    List of the type and count of accelerator cards attached to the instance. Structure documented below.
    Gvnic ClusterNodeConfigGvnic
    Google Virtual NIC (gVNIC) is a virtual network interface. Installing the gVNIC driver allows for more efficient traffic transmission across the Google network infrastructure. gVNIC is an alternative to the virtIO-based ethernet driver. GKE nodes must use a Container-Optimized OS node image. GKE node version 1.15.11-gke.15 or later Structure is documented below.
    HostMaintenancePolicy ClusterNodeConfigHostMaintenancePolicy
    The maintenance policy for the hosts on which the GKE VMs run on.
    ImageType string
    The image type to use for this node. Note that changing the image type will delete and recreate all nodes in the node pool.
    KubeletConfig ClusterNodeConfigKubeletConfig
    Kubelet configuration, currently supported attributes can be found here. Structure is documented below.

    kubelet_config {
    cpu_manager_policy   = "static"
    cpu_cfs_quota        = true
    cpu_cfs_quota_period = "100us"
    pod_pids_limit       = 1024
    }
    
    Labels Dictionary<string, string>
    The Kubernetes labels (key/value pairs) to be applied to each node. The kubernetes.io/ and k8s.io/ prefixes are reserved by Kubernetes Core components and cannot be specified.
    LinuxNodeConfig ClusterNodeConfigLinuxNodeConfig
    Parameters that can be configured on Linux nodes. Structure is documented below.
    LocalNvmeSsdBlockConfig ClusterNodeConfigLocalNvmeSsdBlockConfig
    Parameters for the local NVMe SSDs. Structure is documented below.
    LocalSsdCount int
    The amount of local SSD disks that will be attached to each cluster node. Defaults to 0.
    LoggingVariant string
    Parameter for specifying the type of logging agent used in a node pool. This will override any cluster-wide default value. Valid values include DEFAULT and MAX_THROUGHPUT. See Increasing logging agent throughput for more information.
    MachineType string
    The name of a Google Compute Engine machine type. Defaults to e2-medium. To create a custom machine type, value should be set as specified here.
    Metadata Dictionary<string, string>
    The metadata key/value pairs assigned to instances in the cluster. From GKE 1.12 onwards, disable-legacy-endpoints is set to true by the API; if metadata is set but that default value is not included, the provider will attempt to unset the value. To avoid this, set the value in your config.
    MinCpuPlatform string
    Minimum CPU platform to be used by this instance. The instance may be scheduled on the specified or newer CPU platform. Applicable values are the friendly names of CPU platforms, such as Intel Haswell. See the official documentation for more information.
    NodeGroup string
    Setting this field will assign instances of this pool to run on the specified node group. This is useful for running workloads on sole tenant nodes.
    OauthScopes List<string>

    The set of Google API scopes to be made available on all of the node VMs under the "default" service account. Use the "https://www.googleapis.com/auth/cloud-platform" scope to grant access to all APIs. It is recommended that you set service_account to a non-default service account and grant IAM roles to that service account for only the resources that it needs.

    See the official documentation for information on migrating off of legacy access scopes.

    Preemptible bool
    A boolean that represents whether or not the underlying node VMs are preemptible. See the official documentation for more information. Defaults to false.
    ReservationAffinity ClusterNodeConfigReservationAffinity
    The configuration of the desired reservation which instances could take capacity from. Structure is documented below.
    ResourceLabels Dictionary<string, string>
    The GCP labels (key/value pairs) to be applied to each node. Refer here for how these labels are applied to clusters, node pools and nodes.
    ResourceManagerTags Dictionary<string, string>
    A map of resource manager tag keys and values to be attached to the nodes for managing Compute Engine firewalls using Network Firewall Policies. Tags must be according to specifications found here. A maximum of 5 tag key-value pairs can be specified. Existing tags will be replaced with new values. Tags must be in one of the following formats ([KEY]=[VALUE]) 1. tagKeys/{tag_key_id}=tagValues/{tag_value_id} 2. {org_id}/{tag_key_name}={tag_value_name} 3. {project_id}/{tag_key_name}={tag_value_name}.
    SandboxConfig ClusterNodeConfigSandboxConfig
    Sandbox configuration for this node.
    SecondaryBootDisks List<ClusterNodeConfigSecondaryBootDisk>
    Parameters for secondary boot disks to preload container images and data on new nodes. Structure is documented below. gcfs_config must be enabled=true for this feature to work. min_master_version must also be set to use GKE 1.28.3-gke.106700 or later versions.
    ServiceAccount string
    The service account to be used by the Node VMs. If not specified, the "default" service account is used.
    ShieldedInstanceConfig ClusterNodeConfigShieldedInstanceConfig
    Shielded Instance options. Structure is documented below.
    SoleTenantConfig ClusterNodeConfigSoleTenantConfig
    Allows specifying multiple node affinities useful for running workloads on sole tenant nodes. node_affinity structure is documented below.
    Spot bool
    A boolean that represents whether the underlying node VMs are spot. See the official documentation for more information. Defaults to false.
    StoragePools List<string>
    The list of Storage Pools where boot disks are provisioned.
    Tags List<string>
    The list of instance tags applied to all nodes. Tags are used to identify valid sources or targets for network firewalls.
    Taints List<ClusterNodeConfigTaint>
    A list of Kubernetes taints to apply to nodes. GKE's API can only set this field on cluster creation. However, GKE will add taints to your nodes if you enable certain features such as GPUs. If this field is set, any diffs on this field will cause the provider to recreate the underlying resource. Taint values can be updated safely in Kubernetes (eg. through kubectl), and it's recommended that you do not use this field to manage taints. If you do, lifecycle.ignore_changes is recommended. Structure is documented below.
    WorkloadMetadataConfig ClusterNodeConfigWorkloadMetadataConfig
    Metadata configuration to expose to workloads on the node pool. Structure is documented below.
    AdvancedMachineFeatures ClusterNodeConfigAdvancedMachineFeatures
    Specifies options for controlling advanced machine features. Structure is documented below.
    BootDiskKmsKey string
    The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool. This should be of the form projects/[KEY_PROJECT_ID]/locations/[LOCATION]/keyRings/[RING_NAME]/cryptoKeys/[KEY_NAME]. For more information about protecting resources with Cloud KMS Keys please see: https://cloud.google.com/compute/docs/disks/customer-managed-encryption
    ConfidentialNodes ClusterNodeConfigConfidentialNodes
    Configuration for Confidential Nodes feature. Structure is documented below.
    ContainerdConfig ClusterNodeConfigContainerdConfig
    Parameters to customize containerd runtime. Structure is documented below.
    DiskSizeGb int
    Size of the disk attached to each node, specified in GB. The smallest allowed disk size is 10GB. Defaults to 100GB.
    DiskType string
    Type of the disk attached to each node (e.g. 'pd-standard', 'pd-balanced' or 'pd-ssd'). If unspecified, the default disk type is 'pd-standard'
    EffectiveTaints []ClusterNodeConfigEffectiveTaint
    List of kubernetes taints applied to each node. Structure is documented above.
    EnableConfidentialStorage bool
    Enabling Confidential Storage will create boot disk with confidential mode. It is disabled by default.
    EphemeralStorageConfig ClusterNodeConfigEphemeralStorageConfig
    Parameters for the ephemeral storage filesystem. If unspecified, ephemeral storage is backed by the boot disk. Structure is documented below.
    EphemeralStorageLocalSsdConfig ClusterNodeConfigEphemeralStorageLocalSsdConfig
    Parameters for the ephemeral storage filesystem. If unspecified, ephemeral storage is backed by the boot disk. Structure is documented below.
    FastSocket ClusterNodeConfigFastSocket
    Parameters for the NCCL Fast Socket feature. If unspecified, NCCL Fast Socket will not be enabled on the node pool. Node Pool must enable gvnic. GKE version 1.25.2-gke.1700 or later. Structure is documented below.
    GcfsConfig ClusterNodeConfigGcfsConfig
    Parameters for the Google Container Filesystem (GCFS). If unspecified, GCFS will not be enabled on the node pool. When enabling this feature you must specify image_type = "COS_CONTAINERD" and node_version from GKE versions 1.19 or later to use it. For GKE versions 1.19, 1.20, and 1.21, the recommended minimum node_version would be 1.19.15-gke.1300, 1.20.11-gke.1300, and 1.21.5-gke.1300 respectively. A machine_type that has more than 16 GiB of memory is also recommended. GCFS must be enabled in order to use image streaming. Structure is documented below.
    GuestAccelerators []ClusterNodeConfigGuestAccelerator
    List of the type and count of accelerator cards attached to the instance. Structure documented below.
    Gvnic ClusterNodeConfigGvnic
    Google Virtual NIC (gVNIC) is a virtual network interface. Installing the gVNIC driver allows for more efficient traffic transmission across the Google network infrastructure. gVNIC is an alternative to the virtIO-based ethernet driver. GKE nodes must use a Container-Optimized OS node image. GKE node version 1.15.11-gke.15 or later Structure is documented below.
    HostMaintenancePolicy ClusterNodeConfigHostMaintenancePolicy
    The maintenance policy for the hosts on which the GKE VMs run on.
    ImageType string
    The image type to use for this node. Note that changing the image type will delete and recreate all nodes in the node pool.
    KubeletConfig ClusterNodeConfigKubeletConfig
    Kubelet configuration, currently supported attributes can be found here. Structure is documented below.

    kubelet_config {
    cpu_manager_policy   = "static"
    cpu_cfs_quota        = true
    cpu_cfs_quota_period = "100us"
    pod_pids_limit       = 1024
    }
    
    Labels map[string]string
    The Kubernetes labels (key/value pairs) to be applied to each node. The kubernetes.io/ and k8s.io/ prefixes are reserved by Kubernetes Core components and cannot be specified.
    LinuxNodeConfig ClusterNodeConfigLinuxNodeConfig
    Parameters that can be configured on Linux nodes. Structure is documented below.
    LocalNvmeSsdBlockConfig ClusterNodeConfigLocalNvmeSsdBlockConfig
    Parameters for the local NVMe SSDs. Structure is documented below.
    LocalSsdCount int
    The amount of local SSD disks that will be attached to each cluster node. Defaults to 0.
    LoggingVariant string
    Parameter for specifying the type of logging agent used in a node pool. This will override any cluster-wide default value. Valid values include DEFAULT and MAX_THROUGHPUT. See Increasing logging agent throughput for more information.
    MachineType string
    The name of a Google Compute Engine machine type. Defaults to e2-medium. To create a custom machine type, value should be set as specified here.
    Metadata map[string]string
    The metadata key/value pairs assigned to instances in the cluster. From GKE 1.12 onwards, disable-legacy-endpoints is set to true by the API; if metadata is set but that default value is not included, the provider will attempt to unset the value. To avoid this, set the value in your config.
    MinCpuPlatform string
    Minimum CPU platform to be used by this instance. The instance may be scheduled on the specified or newer CPU platform. Applicable values are the friendly names of CPU platforms, such as Intel Haswell. See the official documentation for more information.
    NodeGroup string
    Setting this field will assign instances of this pool to run on the specified node group. This is useful for running workloads on sole tenant nodes.
    OauthScopes []string

    The set of Google API scopes to be made available on all of the node VMs under the "default" service account. Use the "https://www.googleapis.com/auth/cloud-platform" scope to grant access to all APIs. It is recommended that you set service_account to a non-default service account and grant IAM roles to that service account for only the resources that it needs.

    See the official documentation for information on migrating off of legacy access scopes.

    Preemptible bool
    A boolean that represents whether or not the underlying node VMs are preemptible. See the official documentation for more information. Defaults to false.
    ReservationAffinity ClusterNodeConfigReservationAffinity
    The configuration of the desired reservation which instances could take capacity from. Structure is documented below.
    ResourceLabels map[string]string
    The GCP labels (key/value pairs) to be applied to each node. Refer here for how these labels are applied to clusters, node pools and nodes.
    ResourceManagerTags map[string]string
    A map of resource manager tag keys and values to be attached to the nodes for managing Compute Engine firewalls using Network Firewall Policies. Tags must be according to specifications found here. A maximum of 5 tag key-value pairs can be specified. Existing tags will be replaced with new values. Tags must be in one of the following formats ([KEY]=[VALUE]) 1. tagKeys/{tag_key_id}=tagValues/{tag_value_id} 2. {org_id}/{tag_key_name}={tag_value_name} 3. {project_id}/{tag_key_name}={tag_value_name}.
    SandboxConfig ClusterNodeConfigSandboxConfig
    Sandbox configuration for this node.
    SecondaryBootDisks []ClusterNodeConfigSecondaryBootDisk
    Parameters for secondary boot disks to preload container images and data on new nodes. Structure is documented below. gcfs_config must be enabled=true for this feature to work. min_master_version must also be set to use GKE 1.28.3-gke.106700 or later versions.
    ServiceAccount string
    The service account to be used by the Node VMs. If not specified, the "default" service account is used.
    ShieldedInstanceConfig ClusterNodeConfigShieldedInstanceConfig
    Shielded Instance options. Structure is documented below.
    SoleTenantConfig ClusterNodeConfigSoleTenantConfig
    Allows specifying multiple node affinities useful for running workloads on sole tenant nodes. node_affinity structure is documented below.
    Spot bool
    A boolean that represents whether the underlying node VMs are spot. See the official documentation for more information. Defaults to false.
    StoragePools []string
    The list of Storage Pools where boot disks are provisioned.
    Tags []string
    The list of instance tags applied to all nodes. Tags are used to identify valid sources or targets for network firewalls.
    Taints []ClusterNodeConfigTaint
    A list of Kubernetes taints to apply to nodes. GKE's API can only set this field on cluster creation. However, GKE will add taints to your nodes if you enable certain features such as GPUs. If this field is set, any diffs on this field will cause the provider to recreate the underlying resource. Taint values can be updated safely in Kubernetes (eg. through kubectl), and it's recommended that you do not use this field to manage taints. If you do, lifecycle.ignore_changes is recommended. Structure is documented below.
    WorkloadMetadataConfig ClusterNodeConfigWorkloadMetadataConfig
    Metadata configuration to expose to workloads on the node pool. Structure is documented below.
    advancedMachineFeatures ClusterNodeConfigAdvancedMachineFeatures
    Specifies options for controlling advanced machine features. Structure is documented below.
    bootDiskKmsKey String
    The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool. This should be of the form projects/[KEY_PROJECT_ID]/locations/[LOCATION]/keyRings/[RING_NAME]/cryptoKeys/[KEY_NAME]. For more information about protecting resources with Cloud KMS Keys please see: https://cloud.google.com/compute/docs/disks/customer-managed-encryption
    confidentialNodes ClusterNodeConfigConfidentialNodes
    Configuration for Confidential Nodes feature. Structure is documented below.
    containerdConfig ClusterNodeConfigContainerdConfig
    Parameters to customize containerd runtime. Structure is documented below.
    diskSizeGb Integer
    Size of the disk attached to each node, specified in GB. The smallest allowed disk size is 10GB. Defaults to 100GB.
    diskType String
    Type of the disk attached to each node (e.g. 'pd-standard', 'pd-balanced' or 'pd-ssd'). If unspecified, the default disk type is 'pd-standard'
    effectiveTaints List<ClusterNodeConfigEffectiveTaint>
    List of kubernetes taints applied to each node. Structure is documented above.
    enableConfidentialStorage Boolean
    Enabling Confidential Storage will create boot disk with confidential mode. It is disabled by default.
    ephemeralStorageConfig ClusterNodeConfigEphemeralStorageConfig
    Parameters for the ephemeral storage filesystem. If unspecified, ephemeral storage is backed by the boot disk. Structure is documented below.
    ephemeralStorageLocalSsdConfig ClusterNodeConfigEphemeralStorageLocalSsdConfig
    Parameters for the ephemeral storage filesystem. If unspecified, ephemeral storage is backed by the boot disk. Structure is documented below.
    fastSocket ClusterNodeConfigFastSocket
    Parameters for the NCCL Fast Socket feature. If unspecified, NCCL Fast Socket will not be enabled on the node pool. Node Pool must enable gvnic. GKE version 1.25.2-gke.1700 or later. Structure is documented below.
    gcfsConfig ClusterNodeConfigGcfsConfig
    Parameters for the Google Container Filesystem (GCFS). If unspecified, GCFS will not be enabled on the node pool. When enabling this feature you must specify image_type = "COS_CONTAINERD" and node_version from GKE versions 1.19 or later to use it. For GKE versions 1.19, 1.20, and 1.21, the recommended minimum node_version would be 1.19.15-gke.1300, 1.20.11-gke.1300, and 1.21.5-gke.1300 respectively. A machine_type that has more than 16 GiB of memory is also recommended. GCFS must be enabled in order to use image streaming. Structure is documented below.
    guestAccelerators List<ClusterNodeConfigGuestAccelerator>
    List of the type and count of accelerator cards attached to the instance. Structure documented below.
    gvnic ClusterNodeConfigGvnic
    Google Virtual NIC (gVNIC) is a virtual network interface. Installing the gVNIC driver allows for more efficient traffic transmission across the Google network infrastructure. gVNIC is an alternative to the virtIO-based ethernet driver. GKE nodes must use a Container-Optimized OS node image. GKE node version 1.15.11-gke.15 or later Structure is documented below.
    hostMaintenancePolicy ClusterNodeConfigHostMaintenancePolicy
    The maintenance policy for the hosts on which the GKE VMs run on.
    imageType String
    The image type to use for this node. Note that changing the image type will delete and recreate all nodes in the node pool.
    kubeletConfig ClusterNodeConfigKubeletConfig
    Kubelet configuration, currently supported attributes can be found here. Structure is documented below.

    kubelet_config {
    cpu_manager_policy   = "static"
    cpu_cfs_quota        = true
    cpu_cfs_quota_period = "100us"
    pod_pids_limit       = 1024
    }
    
    labels Map<String,String>
    The Kubernetes labels (key/value pairs) to be applied to each node. The kubernetes.io/ and k8s.io/ prefixes are reserved by Kubernetes Core components and cannot be specified.
    linuxNodeConfig ClusterNodeConfigLinuxNodeConfig
    Parameters that can be configured on Linux nodes. Structure is documented below.
    localNvmeSsdBlockConfig ClusterNodeConfigLocalNvmeSsdBlockConfig
    Parameters for the local NVMe SSDs. Structure is documented below.
    localSsdCount Integer
    The amount of local SSD disks that will be attached to each cluster node. Defaults to 0.
    loggingVariant String
    Parameter for specifying the type of logging agent used in a node pool. This will override any cluster-wide default value. Valid values include DEFAULT and MAX_THROUGHPUT. See Increasing logging agent throughput for more information.
    machineType String
    The name of a Google Compute Engine machine type. Defaults to e2-medium. To create a custom machine type, value should be set as specified here.
    metadata Map<String,String>
    The metadata key/value pairs assigned to instances in the cluster. From GKE 1.12 onwards, disable-legacy-endpoints is set to true by the API; if metadata is set but that default value is not included, the provider will attempt to unset the value. To avoid this, set the value in your config.
    minCpuPlatform String
    Minimum CPU platform to be used by this instance. The instance may be scheduled on the specified or newer CPU platform. Applicable values are the friendly names of CPU platforms, such as Intel Haswell. See the official documentation for more information.
    nodeGroup String
    Setting this field will assign instances of this pool to run on the specified node group. This is useful for running workloads on sole tenant nodes.
    oauthScopes List<String>

    The set of Google API scopes to be made available on all of the node VMs under the "default" service account. Use the "https://www.googleapis.com/auth/cloud-platform" scope to grant access to all APIs. It is recommended that you set service_account to a non-default service account and grant IAM roles to that service account for only the resources that it needs.

    See the official documentation for information on migrating off of legacy access scopes.

    preemptible Boolean
    A boolean that represents whether or not the underlying node VMs are preemptible. See the official documentation for more information. Defaults to false.
    reservationAffinity ClusterNodeConfigReservationAffinity
    The configuration of the desired reservation which instances could take capacity from. Structure is documented below.
    resourceLabels Map<String,String>
    The GCP labels (key/value pairs) to be applied to each node. Refer here for how these labels are applied to clusters, node pools and nodes.
    resourceManagerTags Map<String,String>
    A map of resource manager tag keys and values to be attached to the nodes for managing Compute Engine firewalls using Network Firewall Policies. Tags must be according to specifications found here. A maximum of 5 tag key-value pairs can be specified. Existing tags will be replaced with new values. Tags must be in one of the following formats ([KEY]=[VALUE]) 1. tagKeys/{tag_key_id}=tagValues/{tag_value_id} 2. {org_id}/{tag_key_name}={tag_value_name} 3. {project_id}/{tag_key_name}={tag_value_name}.
    sandboxConfig ClusterNodeConfigSandboxConfig
    Sandbox configuration for this node.
    secondaryBootDisks List<ClusterNodeConfigSecondaryBootDisk>
    Parameters for secondary boot disks to preload container images and data on new nodes. Structure is documented below. gcfs_config must be enabled=true for this feature to work. min_master_version must also be set to use GKE 1.28.3-gke.106700 or later versions.
    serviceAccount String
    The service account to be used by the Node VMs. If not specified, the "default" service account is used.
    shieldedInstanceConfig ClusterNodeConfigShieldedInstanceConfig
    Shielded Instance options. Structure is documented below.
    soleTenantConfig ClusterNodeConfigSoleTenantConfig
    Allows specifying multiple node affinities useful for running workloads on sole tenant nodes. node_affinity structure is documented below.
    spot Boolean
    A boolean that represents whether the underlying node VMs are spot. See the official documentation for more information. Defaults to false.
    storagePools List<String>
    The list of Storage Pools where boot disks are provisioned.
    tags List<String>
    The list of instance tags applied to all nodes. Tags are used to identify valid sources or targets for network firewalls.
    taints List<ClusterNodeConfigTaint>
    A list of Kubernetes taints to apply to nodes. GKE's API can only set this field on cluster creation. However, GKE will add taints to your nodes if you enable certain features such as GPUs. If this field is set, any diffs on this field will cause the provider to recreate the underlying resource. Taint values can be updated safely in Kubernetes (eg. through kubectl), and it's recommended that you do not use this field to manage taints. If you do, lifecycle.ignore_changes is recommended. Structure is documented below.
    workloadMetadataConfig ClusterNodeConfigWorkloadMetadataConfig
    Metadata configuration to expose to workloads on the node pool. Structure is documented below.
    advancedMachineFeatures ClusterNodeConfigAdvancedMachineFeatures
    Specifies options for controlling advanced machine features. Structure is documented below.
    bootDiskKmsKey string
    The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool. This should be of the form projects/[KEY_PROJECT_ID]/locations/[LOCATION]/keyRings/[RING_NAME]/cryptoKeys/[KEY_NAME]. For more information about protecting resources with Cloud KMS Keys please see: https://cloud.google.com/compute/docs/disks/customer-managed-encryption
    confidentialNodes ClusterNodeConfigConfidentialNodes
    Configuration for Confidential Nodes feature. Structure is documented below.
    containerdConfig ClusterNodeConfigContainerdConfig
    Parameters to customize containerd runtime. Structure is documented below.
    diskSizeGb number
    Size of the disk attached to each node, specified in GB. The smallest allowed disk size is 10GB. Defaults to 100GB.
    diskType string
    Type of the disk attached to each node (e.g. 'pd-standard', 'pd-balanced' or 'pd-ssd'). If unspecified, the default disk type is 'pd-standard'
    effectiveTaints ClusterNodeConfigEffectiveTaint[]
    List of kubernetes taints applied to each node. Structure is documented above.
    enableConfidentialStorage boolean
    Enabling Confidential Storage will create boot disk with confidential mode. It is disabled by default.
    ephemeralStorageConfig ClusterNodeConfigEphemeralStorageConfig
    Parameters for the ephemeral storage filesystem. If unspecified, ephemeral storage is backed by the boot disk. Structure is documented below.
    ephemeralStorageLocalSsdConfig ClusterNodeConfigEphemeralStorageLocalSsdConfig
    Parameters for the ephemeral storage filesystem. If unspecified, ephemeral storage is backed by the boot disk. Structure is documented below.
    fastSocket ClusterNodeConfigFastSocket
    Parameters for the NCCL Fast Socket feature. If unspecified, NCCL Fast Socket will not be enabled on the node pool. Node Pool must enable gvnic. GKE version 1.25.2-gke.1700 or later. Structure is documented below.
    gcfsConfig ClusterNodeConfigGcfsConfig
    Parameters for the Google Container Filesystem (GCFS). If unspecified, GCFS will not be enabled on the node pool. When enabling this feature you must specify image_type = "COS_CONTAINERD" and node_version from GKE versions 1.19 or later to use it. For GKE versions 1.19, 1.20, and 1.21, the recommended minimum node_version would be 1.19.15-gke.1300, 1.20.11-gke.1300, and 1.21.5-gke.1300 respectively. A machine_type that has more than 16 GiB of memory is also recommended. GCFS must be enabled in order to use image streaming. Structure is documented below.
    guestAccelerators ClusterNodeConfigGuestAccelerator[]
    List of the type and count of accelerator cards attached to the instance. Structure documented below.
    gvnic ClusterNodeConfigGvnic
    Google Virtual NIC (gVNIC) is a virtual network interface. Installing the gVNIC driver allows for more efficient traffic transmission across the Google network infrastructure. gVNIC is an alternative to the virtIO-based ethernet driver. GKE nodes must use a Container-Optimized OS node image. GKE node version 1.15.11-gke.15 or later Structure is documented below.
    hostMaintenancePolicy ClusterNodeConfigHostMaintenancePolicy
    The maintenance policy for the hosts on which the GKE VMs run on.
    imageType string
    The image type to use for this node. Note that changing the image type will delete and recreate all nodes in the node pool.
    kubeletConfig ClusterNodeConfigKubeletConfig
    Kubelet configuration, currently supported attributes can be found here. Structure is documented below.

    kubelet_config {
    cpu_manager_policy   = "static"
    cpu_cfs_quota        = true
    cpu_cfs_quota_period = "100us"
    pod_pids_limit       = 1024
    }
    
    labels {[key: string]: string}
    The Kubernetes labels (key/value pairs) to be applied to each node. The kubernetes.io/ and k8s.io/ prefixes are reserved by Kubernetes Core components and cannot be specified.
    linuxNodeConfig ClusterNodeConfigLinuxNodeConfig
    Parameters that can be configured on Linux nodes. Structure is documented below.
    localNvmeSsdBlockConfig ClusterNodeConfigLocalNvmeSsdBlockConfig
    Parameters for the local NVMe SSDs. Structure is documented below.
    localSsdCount number
    The amount of local SSD disks that will be attached to each cluster node. Defaults to 0.
    loggingVariant string
    Parameter for specifying the type of logging agent used in a node pool. This will override any cluster-wide default value. Valid values include DEFAULT and MAX_THROUGHPUT. See Increasing logging agent throughput for more information.
    machineType string
    The name of a Google Compute Engine machine type. Defaults to e2-medium. To create a custom machine type, value should be set as specified here.
    metadata {[key: string]: string}
    The metadata key/value pairs assigned to instances in the cluster. From GKE 1.12 onwards, disable-legacy-endpoints is set to true by the API; if metadata is set but that default value is not included, the provider will attempt to unset the value. To avoid this, set the value in your config.
    minCpuPlatform string
    Minimum CPU platform to be used by this instance. The instance may be scheduled on the specified or newer CPU platform. Applicable values are the friendly names of CPU platforms, such as Intel Haswell. See the official documentation for more information.
    nodeGroup string
    Setting this field will assign instances of this pool to run on the specified node group. This is useful for running workloads on sole tenant nodes.
    oauthScopes string[]

    The set of Google API scopes to be made available on all of the node VMs under the "default" service account. Use the "https://www.googleapis.com/auth/cloud-platform" scope to grant access to all APIs. It is recommended that you set service_account to a non-default service account and grant IAM roles to that service account for only the resources that it needs.

    See the official documentation for information on migrating off of legacy access scopes.

    preemptible boolean
    A boolean that represents whether or not the underlying node VMs are preemptible. See the official documentation for more information. Defaults to false.
    reservationAffinity ClusterNodeConfigReservationAffinity
    The configuration of the desired reservation which instances could take capacity from. Structure is documented below.
    resourceLabels {[key: string]: string}
    The GCP labels (key/value pairs) to be applied to each node. Refer here for how these labels are applied to clusters, node pools and nodes.
    resourceManagerTags {[key: string]: string}
    A map of resource manager tag keys and values to be attached to the nodes for managing Compute Engine firewalls using Network Firewall Policies. Tags must be according to specifications found here. A maximum of 5 tag key-value pairs can be specified. Existing tags will be replaced with new values. Tags must be in one of the following formats ([KEY]=[VALUE]) 1. tagKeys/{tag_key_id}=tagValues/{tag_value_id} 2. {org_id}/{tag_key_name}={tag_value_name} 3. {project_id}/{tag_key_name}={tag_value_name}.
    sandboxConfig ClusterNodeConfigSandboxConfig
    Sandbox configuration for this node.
    secondaryBootDisks ClusterNodeConfigSecondaryBootDisk[]
    Parameters for secondary boot disks to preload container images and data on new nodes. Structure is documented below. gcfs_config must be enabled=true for this feature to work. min_master_version must also be set to use GKE 1.28.3-gke.106700 or later versions.
    serviceAccount string
    The service account to be used by the Node VMs. If not specified, the "default" service account is used.
    shieldedInstanceConfig ClusterNodeConfigShieldedInstanceConfig
    Shielded Instance options. Structure is documented below.
    soleTenantConfig ClusterNodeConfigSoleTenantConfig
    Allows specifying multiple node affinities useful for running workloads on sole tenant nodes. node_affinity structure is documented below.
    spot boolean
    A boolean that represents whether the underlying node VMs are spot. See the official documentation for more information. Defaults to false.
    storagePools string[]
    The list of Storage Pools where boot disks are provisioned.
    tags string[]
    The list of instance tags applied to all nodes. Tags are used to identify valid sources or targets for network firewalls.
    taints ClusterNodeConfigTaint[]
    A list of Kubernetes taints to apply to nodes. GKE's API can only set this field on cluster creation. However, GKE will add taints to your nodes if you enable certain features such as GPUs. If this field is set, any diffs on this field will cause the provider to recreate the underlying resource. Taint values can be updated safely in Kubernetes (eg. through kubectl), and it's recommended that you do not use this field to manage taints. If you do, lifecycle.ignore_changes is recommended. Structure is documented below.
    workloadMetadataConfig ClusterNodeConfigWorkloadMetadataConfig
    Metadata configuration to expose to workloads on the node pool. Structure is documented below.
    advanced_machine_features ClusterNodeConfigAdvancedMachineFeatures
    Specifies options for controlling advanced machine features. Structure is documented below.
    boot_disk_kms_key str
    The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool. This should be of the form projects/[KEY_PROJECT_ID]/locations/[LOCATION]/keyRings/[RING_NAME]/cryptoKeys/[KEY_NAME]. For more information about protecting resources with Cloud KMS Keys please see: https://cloud.google.com/compute/docs/disks/customer-managed-encryption
    confidential_nodes ClusterNodeConfigConfidentialNodes
    Configuration for Confidential Nodes feature. Structure is documented below.
    containerd_config ClusterNodeConfigContainerdConfig
    Parameters to customize containerd runtime. Structure is documented below.
    disk_size_gb int
    Size of the disk attached to each node, specified in GB. The smallest allowed disk size is 10GB. Defaults to 100GB.
    disk_type str
    Type of the disk attached to each node (e.g. 'pd-standard', 'pd-balanced' or 'pd-ssd'). If unspecified, the default disk type is 'pd-standard'
    effective_taints Sequence[ClusterNodeConfigEffectiveTaint]
    List of kubernetes taints applied to each node. Structure is documented above.
    enable_confidential_storage bool
    Enabling Confidential Storage will create boot disk with confidential mode. It is disabled by default.
    ephemeral_storage_config ClusterNodeConfigEphemeralStorageConfig
    Parameters for the ephemeral storage filesystem. If unspecified, ephemeral storage is backed by the boot disk. Structure is documented below.
    ephemeral_storage_local_ssd_config ClusterNodeConfigEphemeralStorageLocalSsdConfig
    Parameters for the ephemeral storage filesystem. If unspecified, ephemeral storage is backed by the boot disk. Structure is documented below.
    fast_socket ClusterNodeConfigFastSocket
    Parameters for the NCCL Fast Socket feature. If unspecified, NCCL Fast Socket will not be enabled on the node pool. Node Pool must enable gvnic. GKE version 1.25.2-gke.1700 or later. Structure is documented below.
    gcfs_config ClusterNodeConfigGcfsConfig
    Parameters for the Google Container Filesystem (GCFS). If unspecified, GCFS will not be enabled on the node pool. When enabling this feature you must specify image_type = "COS_CONTAINERD" and node_version from GKE versions 1.19 or later to use it. For GKE versions 1.19, 1.20, and 1.21, the recommended minimum node_version would be 1.19.15-gke.1300, 1.20.11-gke.1300, and 1.21.5-gke.1300 respectively. A machine_type that has more than 16 GiB of memory is also recommended. GCFS must be enabled in order to use image streaming. Structure is documented below.
    guest_accelerators Sequence[ClusterNodeConfigGuestAccelerator]
    List of the type and count of accelerator cards attached to the instance. Structure documented below.
    gvnic ClusterNodeConfigGvnic
    Google Virtual NIC (gVNIC) is a virtual network interface. Installing the gVNIC driver allows for more efficient traffic transmission across the Google network infrastructure. gVNIC is an alternative to the virtIO-based ethernet driver. GKE nodes must use a Container-Optimized OS node image. GKE node version 1.15.11-gke.15 or later Structure is documented below.
    host_maintenance_policy ClusterNodeConfigHostMaintenancePolicy
    The maintenance policy for the hosts on which the GKE VMs run on.
    image_type str
    The image type to use for this node. Note that changing the image type will delete and recreate all nodes in the node pool.
    kubelet_config ClusterNodeConfigKubeletConfig
    Kubelet configuration, currently supported attributes can be found here. Structure is documented below.

    kubelet_config {
    cpu_manager_policy   = "static"
    cpu_cfs_quota        = true
    cpu_cfs_quota_period = "100us"
    pod_pids_limit       = 1024
    }
    
    labels Mapping[str, str]
    The Kubernetes labels (key/value pairs) to be applied to each node. The kubernetes.io/ and k8s.io/ prefixes are reserved by Kubernetes Core components and cannot be specified.
    linux_node_config ClusterNodeConfigLinuxNodeConfig
    Parameters that can be configured on Linux nodes. Structure is documented below.
    local_nvme_ssd_block_config ClusterNodeConfigLocalNvmeSsdBlockConfig
    Parameters for the local NVMe SSDs. Structure is documented below.
    local_ssd_count int
    The amount of local SSD disks that will be attached to each cluster node. Defaults to 0.
    logging_variant str
    Parameter for specifying the type of logging agent used in a node pool. This will override any cluster-wide default value. Valid values include DEFAULT and MAX_THROUGHPUT. See Increasing logging agent throughput for more information.
    machine_type str
    The name of a Google Compute Engine machine type. Defaults to e2-medium. To create a custom machine type, value should be set as specified here.
    metadata Mapping[str, str]
    The metadata key/value pairs assigned to instances in the cluster. From GKE 1.12 onwards, disable-legacy-endpoints is set to true by the API; if metadata is set but that default value is not included, the provider will attempt to unset the value. To avoid this, set the value in your config.
    min_cpu_platform str
    Minimum CPU platform to be used by this instance. The instance may be scheduled on the specified or newer CPU platform. Applicable values are the friendly names of CPU platforms, such as Intel Haswell. See the official documentation for more information.
    node_group str
    Setting this field will assign instances of this pool to run on the specified node group. This is useful for running workloads on sole tenant nodes.
    oauth_scopes Sequence[str]

    The set of Google API scopes to be made available on all of the node VMs under the "default" service account. Use the "https://www.googleapis.com/auth/cloud-platform" scope to grant access to all APIs. It is recommended that you set service_account to a non-default service account and grant IAM roles to that service account for only the resources that it needs.

    See the official documentation for information on migrating off of legacy access scopes.

    preemptible bool
    A boolean that represents whether or not the underlying node VMs are preemptible. See the official documentation for more information. Defaults to false.
    reservation_affinity ClusterNodeConfigReservationAffinity
    The configuration of the desired reservation which instances could take capacity from. Structure is documented below.
    resource_labels Mapping[str, str]
    The GCP labels (key/value pairs) to be applied to each node. Refer here for how these labels are applied to clusters, node pools and nodes.
    resource_manager_tags Mapping[str, str]
    A map of resource manager tag keys and values to be attached to the nodes for managing Compute Engine firewalls using Network Firewall Policies. Tags must be according to specifications found here. A maximum of 5 tag key-value pairs can be specified. Existing tags will be replaced with new values. Tags must be in one of the following formats ([KEY]=[VALUE]) 1. tagKeys/{tag_key_id}=tagValues/{tag_value_id} 2. {org_id}/{tag_key_name}={tag_value_name} 3. {project_id}/{tag_key_name}={tag_value_name}.
    sandbox_config ClusterNodeConfigSandboxConfig
    Sandbox configuration for this node.
    secondary_boot_disks Sequence[ClusterNodeConfigSecondaryBootDisk]
    Parameters for secondary boot disks to preload container images and data on new nodes. Structure is documented below. gcfs_config must be enabled=true for this feature to work. min_master_version must also be set to use GKE 1.28.3-gke.106700 or later versions.
    service_account str
    The service account to be used by the Node VMs. If not specified, the "default" service account is used.
    shielded_instance_config ClusterNodeConfigShieldedInstanceConfig
    Shielded Instance options. Structure is documented below.
    sole_tenant_config ClusterNodeConfigSoleTenantConfig
    Allows specifying multiple node affinities useful for running workloads on sole tenant nodes. node_affinity structure is documented below.
    spot bool
    A boolean that represents whether the underlying node VMs are spot. See the official documentation for more information. Defaults to false.
    storage_pools Sequence[str]
    The list of Storage Pools where boot disks are provisioned.
    tags Sequence[str]
    The list of instance tags applied to all nodes. Tags are used to identify valid sources or targets for network firewalls.
    taints Sequence[ClusterNodeConfigTaint]
    A list of Kubernetes taints to apply to nodes. GKE's API can only set this field on cluster creation. However, GKE will add taints to your nodes if you enable certain features such as GPUs. If this field is set, any diffs on this field will cause the provider to recreate the underlying resource. Taint values can be updated safely in Kubernetes (eg. through kubectl), and it's recommended that you do not use this field to manage taints. If you do, lifecycle.ignore_changes is recommended. Structure is documented below.
    workload_metadata_config ClusterNodeConfigWorkloadMetadataConfig
    Metadata configuration to expose to workloads on the node pool. Structure is documented below.
    advancedMachineFeatures Property Map
    Specifies options for controlling advanced machine features. Structure is documented below.
    bootDiskKmsKey String
    The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool. This should be of the form projects/[KEY_PROJECT_ID]/locations/[LOCATION]/keyRings/[RING_NAME]/cryptoKeys/[KEY_NAME]. For more information about protecting resources with Cloud KMS Keys please see: https://cloud.google.com/compute/docs/disks/customer-managed-encryption
    confidentialNodes Property Map
    Configuration for Confidential Nodes feature. Structure is documented below.
    containerdConfig Property Map
    Parameters to customize containerd runtime. Structure is documented below.
    diskSizeGb Number
    Size of the disk attached to each node, specified in GB. The smallest allowed disk size is 10GB. Defaults to 100GB.
    diskType String
    Type of the disk attached to each node (e.g. 'pd-standard', 'pd-balanced' or 'pd-ssd'). If unspecified, the default disk type is 'pd-standard'
    effectiveTaints List<Property Map>
    List of kubernetes taints applied to each node. Structure is documented above.
    enableConfidentialStorage Boolean
    Enabling Confidential Storage will create boot disk with confidential mode. It is disabled by default.
    ephemeralStorageConfig Property Map
    Parameters for the ephemeral storage filesystem. If unspecified, ephemeral storage is backed by the boot disk. Structure is documented below.
    ephemeralStorageLocalSsdConfig Property Map
    Parameters for the ephemeral storage filesystem. If unspecified, ephemeral storage is backed by the boot disk. Structure is documented below.
    fastSocket Property Map
    Parameters for the NCCL Fast Socket feature. If unspecified, NCCL Fast Socket will not be enabled on the node pool. Node Pool must enable gvnic. GKE version 1.25.2-gke.1700 or later. Structure is documented below.
    gcfsConfig Property Map
    Parameters for the Google Container Filesystem (GCFS). If unspecified, GCFS will not be enabled on the node pool. When enabling this feature you must specify image_type = "COS_CONTAINERD" and node_version from GKE versions 1.19 or later to use it. For GKE versions 1.19, 1.20, and 1.21, the recommended minimum node_version would be 1.19.15-gke.1300, 1.20.11-gke.1300, and 1.21.5-gke.1300 respectively. A machine_type that has more than 16 GiB of memory is also recommended. GCFS must be enabled in order to use image streaming. Structure is documented below.
    guestAccelerators List<Property Map>
    List of the type and count of accelerator cards attached to the instance. Structure documented below.
    gvnic Property Map
    Google Virtual NIC (gVNIC) is a virtual network interface. Installing the gVNIC driver allows for more efficient traffic transmission across the Google network infrastructure. gVNIC is an alternative to the virtIO-based ethernet driver. GKE nodes must use a Container-Optimized OS node image. GKE node version 1.15.11-gke.15 or later Structure is documented below.
    hostMaintenancePolicy Property Map
    The maintenance policy for the hosts on which the GKE VMs run on.
    imageType String
    The image type to use for this node. Note that changing the image type will delete and recreate all nodes in the node pool.
    kubeletConfig Property Map
    Kubelet configuration, currently supported attributes can be found here. Structure is documented below.

    kubelet_config {
    cpu_manager_policy   = "static"
    cpu_cfs_quota        = true
    cpu_cfs_quota_period = "100us"
    pod_pids_limit       = 1024
    }
    
    labels Map<String>
    The Kubernetes labels (key/value pairs) to be applied to each node. The kubernetes.io/ and k8s.io/ prefixes are reserved by Kubernetes Core components and cannot be specified.
    linuxNodeConfig Property Map
    Parameters that can be configured on Linux nodes. Structure is documented below.
    localNvmeSsdBlockConfig Property Map
    Parameters for the local NVMe SSDs. Structure is documented below.
    localSsdCount Number
    The amount of local SSD disks that will be attached to each cluster node. Defaults to 0.
    loggingVariant String
    Parameter for specifying the type of logging agent used in a node pool. This will override any cluster-wide default value. Valid values include DEFAULT and MAX_THROUGHPUT. See Increasing logging agent throughput for more information.
    machineType String
    The name of a Google Compute Engine machine type. Defaults to e2-medium. To create a custom machine type, value should be set as specified here.
    metadata Map<String>
    The metadata key/value pairs assigned to instances in the cluster. From GKE 1.12 onwards, disable-legacy-endpoints is set to true by the API; if metadata is set but that default value is not included, the provider will attempt to unset the value. To avoid this, set the value in your config.
    minCpuPlatform String
    Minimum CPU platform to be used by this instance. The instance may be scheduled on the specified or newer CPU platform. Applicable values are the friendly names of CPU platforms, such as Intel Haswell. See the official documentation for more information.
    nodeGroup String
    Setting this field will assign instances of this pool to run on the specified node group. This is useful for running workloads on sole tenant nodes.
    oauthScopes List<String>

    The set of Google API scopes to be made available on all of the node VMs under the "default" service account. Use the "https://www.googleapis.com/auth/cloud-platform" scope to grant access to all APIs. It is recommended that you set service_account to a non-default service account and grant IAM roles to that service account for only the resources that it needs.

    See the official documentation for information on migrating off of legacy access scopes.

    preemptible Boolean
    A boolean that represents whether or not the underlying node VMs are preemptible. See the official documentation for more information. Defaults to false.
    reservationAffinity Property Map
    The configuration of the desired reservation which instances could take capacity from. Structure is documented below.
    resourceLabels Map<String>
    The GCP labels (key/value pairs) to be applied to each node. Refer here for how these labels are applied to clusters, node pools and nodes.
    resourceManagerTags Map<String>
    A map of resource manager tag keys and values to be attached to the nodes for managing Compute Engine firewalls using Network Firewall Policies. Tags must be according to specifications found here. A maximum of 5 tag key-value pairs can be specified. Existing tags will be replaced with new values. Tags must be in one of the following formats ([KEY]=[VALUE]) 1. tagKeys/{tag_key_id}=tagValues/{tag_value_id} 2. {org_id}/{tag_key_name}={tag_value_name} 3. {project_id}/{tag_key_name}={tag_value_name}.
    sandboxConfig Property Map
    Sandbox configuration for this node.
    secondaryBootDisks List<Property Map>
    Parameters for secondary boot disks to preload container images and data on new nodes. Structure is documented below. gcfs_config must be enabled=true for this feature to work. min_master_version must also be set to use GKE 1.28.3-gke.106700 or later versions.
    serviceAccount String
    The service account to be used by the Node VMs. If not specified, the "default" service account is used.
    shieldedInstanceConfig Property Map
    Shielded Instance options. Structure is documented below.
    soleTenantConfig Property Map
    Allows specifying multiple node affinities useful for running workloads on sole tenant nodes. node_affinity structure is documented below.
    spot Boolean
    A boolean that represents whether the underlying node VMs are spot. See the official documentation for more information. Defaults to false.
    storagePools List<String>
    The list of Storage Pools where boot disks are provisioned.
    tags List<String>
    The list of instance tags applied to all nodes. Tags are used to identify valid sources or targets for network firewalls.
    taints List<Property Map>
    A list of Kubernetes taints to apply to nodes. GKE's API can only set this field on cluster creation. However, GKE will add taints to your nodes if you enable certain features such as GPUs. If this field is set, any diffs on this field will cause the provider to recreate the underlying resource. Taint values can be updated safely in Kubernetes (eg. through kubectl), and it's recommended that you do not use this field to manage taints. If you do, lifecycle.ignore_changes is recommended. Structure is documented below.
    workloadMetadataConfig Property Map
    Metadata configuration to expose to workloads on the node pool. Structure is documented below.

    ClusterNodeConfigAdvancedMachineFeatures, ClusterNodeConfigAdvancedMachineFeaturesArgs

    ThreadsPerCore int
    The number of threads per physical core. To disable simultaneous multithreading (SMT) set this to 1. If unset, the maximum number of threads supported per core by the underlying processor is assumed.
    EnableNestedVirtualization bool
    Defines whether the instance should have nested virtualization enabled. Defaults to false.
    ThreadsPerCore int
    The number of threads per physical core. To disable simultaneous multithreading (SMT) set this to 1. If unset, the maximum number of threads supported per core by the underlying processor is assumed.
    EnableNestedVirtualization bool
    Defines whether the instance should have nested virtualization enabled. Defaults to false.
    threadsPerCore Integer
    The number of threads per physical core. To disable simultaneous multithreading (SMT) set this to 1. If unset, the maximum number of threads supported per core by the underlying processor is assumed.
    enableNestedVirtualization Boolean
    Defines whether the instance should have nested virtualization enabled. Defaults to false.
    threadsPerCore number
    The number of threads per physical core. To disable simultaneous multithreading (SMT) set this to 1. If unset, the maximum number of threads supported per core by the underlying processor is assumed.
    enableNestedVirtualization boolean
    Defines whether the instance should have nested virtualization enabled. Defaults to false.
    threads_per_core int
    The number of threads per physical core. To disable simultaneous multithreading (SMT) set this to 1. If unset, the maximum number of threads supported per core by the underlying processor is assumed.
    enable_nested_virtualization bool
    Defines whether the instance should have nested virtualization enabled. Defaults to false.
    threadsPerCore Number
    The number of threads per physical core. To disable simultaneous multithreading (SMT) set this to 1. If unset, the maximum number of threads supported per core by the underlying processor is assumed.
    enableNestedVirtualization Boolean
    Defines whether the instance should have nested virtualization enabled. Defaults to false.

    ClusterNodeConfigConfidentialNodes, ClusterNodeConfigConfidentialNodesArgs

    Enabled bool
    Enable Confidential GKE Nodes for this cluster, to enforce encryption of data in-use.
    Enabled bool
    Enable Confidential GKE Nodes for this cluster, to enforce encryption of data in-use.
    enabled Boolean
    Enable Confidential GKE Nodes for this cluster, to enforce encryption of data in-use.
    enabled boolean
    Enable Confidential GKE Nodes for this cluster, to enforce encryption of data in-use.
    enabled bool
    Enable Confidential GKE Nodes for this cluster, to enforce encryption of data in-use.
    enabled Boolean
    Enable Confidential GKE Nodes for this cluster, to enforce encryption of data in-use.

    ClusterNodeConfigContainerdConfig, ClusterNodeConfigContainerdConfigArgs

    PrivateRegistryAccessConfig ClusterNodeConfigContainerdConfigPrivateRegistryAccessConfig
    Configuration for private container registries. There are two fields in this config:
    PrivateRegistryAccessConfig ClusterNodeConfigContainerdConfigPrivateRegistryAccessConfig
    Configuration for private container registries. There are two fields in this config:
    privateRegistryAccessConfig ClusterNodeConfigContainerdConfigPrivateRegistryAccessConfig
    Configuration for private container registries. There are two fields in this config:
    privateRegistryAccessConfig ClusterNodeConfigContainerdConfigPrivateRegistryAccessConfig
    Configuration for private container registries. There are two fields in this config:
    private_registry_access_config ClusterNodeConfigContainerdConfigPrivateRegistryAccessConfig
    Configuration for private container registries. There are two fields in this config:
    privateRegistryAccessConfig Property Map
    Configuration for private container registries. There are two fields in this config:

    ClusterNodeConfigContainerdConfigPrivateRegistryAccessConfig, ClusterNodeConfigContainerdConfigPrivateRegistryAccessConfigArgs

    Enabled bool
    Enables private registry config. If set to false, all other fields in this object must not be set.
    CertificateAuthorityDomainConfigs List<ClusterNodeConfigContainerdConfigPrivateRegistryAccessConfigCertificateAuthorityDomainConfig>
    List of configuration objects for CA and domains. Each object identifies a certificate and its assigned domains. See how to configure for private container registries for more detail. Example:
    Enabled bool
    Enables private registry config. If set to false, all other fields in this object must not be set.
    CertificateAuthorityDomainConfigs []ClusterNodeConfigContainerdConfigPrivateRegistryAccessConfigCertificateAuthorityDomainConfig
    List of configuration objects for CA and domains. Each object identifies a certificate and its assigned domains. See how to configure for private container registries for more detail. Example:
    enabled Boolean
    Enables private registry config. If set to false, all other fields in this object must not be set.
    certificateAuthorityDomainConfigs List<ClusterNodeConfigContainerdConfigPrivateRegistryAccessConfigCertificateAuthorityDomainConfig>
    List of configuration objects for CA and domains. Each object identifies a certificate and its assigned domains. See how to configure for private container registries for more detail. Example:
    enabled boolean
    Enables private registry config. If set to false, all other fields in this object must not be set.
    certificateAuthorityDomainConfigs ClusterNodeConfigContainerdConfigPrivateRegistryAccessConfigCertificateAuthorityDomainConfig[]
    List of configuration objects for CA and domains. Each object identifies a certificate and its assigned domains. See how to configure for private container registries for more detail. Example:
    enabled bool
    Enables private registry config. If set to false, all other fields in this object must not be set.
    certificate_authority_domain_configs Sequence[ClusterNodeConfigContainerdConfigPrivateRegistryAccessConfigCertificateAuthorityDomainConfig]
    List of configuration objects for CA and domains. Each object identifies a certificate and its assigned domains. See how to configure for private container registries for more detail. Example:
    enabled Boolean
    Enables private registry config. If set to false, all other fields in this object must not be set.
    certificateAuthorityDomainConfigs List<Property Map>
    List of configuration objects for CA and domains. Each object identifies a certificate and its assigned domains. See how to configure for private container registries for more detail. Example:

    ClusterNodeConfigContainerdConfigPrivateRegistryAccessConfigCertificateAuthorityDomainConfig, ClusterNodeConfigContainerdConfigPrivateRegistryAccessConfigCertificateAuthorityDomainConfigArgs

    Fqdns List<string>
    List of fully-qualified-domain-names. IPv4s and port specification are supported.
    GcpSecretManagerCertificateConfig ClusterNodeConfigContainerdConfigPrivateRegistryAccessConfigCertificateAuthorityDomainConfigGcpSecretManagerCertificateConfig
    Parameters for configuring a certificate hosted in GCP SecretManager.
    Fqdns []string
    List of fully-qualified-domain-names. IPv4s and port specification are supported.
    GcpSecretManagerCertificateConfig ClusterNodeConfigContainerdConfigPrivateRegistryAccessConfigCertificateAuthorityDomainConfigGcpSecretManagerCertificateConfig
    Parameters for configuring a certificate hosted in GCP SecretManager.
    fqdns List<String>
    List of fully-qualified-domain-names. IPv4s and port specification are supported.
    gcpSecretManagerCertificateConfig ClusterNodeConfigContainerdConfigPrivateRegistryAccessConfigCertificateAuthorityDomainConfigGcpSecretManagerCertificateConfig
    Parameters for configuring a certificate hosted in GCP SecretManager.
    fqdns string[]
    List of fully-qualified-domain-names. IPv4s and port specification are supported.
    gcpSecretManagerCertificateConfig ClusterNodeConfigContainerdConfigPrivateRegistryAccessConfigCertificateAuthorityDomainConfigGcpSecretManagerCertificateConfig
    Parameters for configuring a certificate hosted in GCP SecretManager.
    fqdns Sequence[str]
    List of fully-qualified-domain-names. IPv4s and port specification are supported.
    gcp_secret_manager_certificate_config ClusterNodeConfigContainerdConfigPrivateRegistryAccessConfigCertificateAuthorityDomainConfigGcpSecretManagerCertificateConfig
    Parameters for configuring a certificate hosted in GCP SecretManager.
    fqdns List<String>
    List of fully-qualified-domain-names. IPv4s and port specification are supported.
    gcpSecretManagerCertificateConfig Property Map
    Parameters for configuring a certificate hosted in GCP SecretManager.

    ClusterNodeConfigContainerdConfigPrivateRegistryAccessConfigCertificateAuthorityDomainConfigGcpSecretManagerCertificateConfig, ClusterNodeConfigContainerdConfigPrivateRegistryAccessConfigCertificateAuthorityDomainConfigGcpSecretManagerCertificateConfigArgs

    SecretUri string
    URI for the secret that hosts a certificate. Must be in the format 'projects/PROJECT_NUM/secrets/SECRET_NAME/versions/VERSION_OR_LATEST'.
    SecretUri string
    URI for the secret that hosts a certificate. Must be in the format 'projects/PROJECT_NUM/secrets/SECRET_NAME/versions/VERSION_OR_LATEST'.
    secretUri String
    URI for the secret that hosts a certificate. Must be in the format 'projects/PROJECT_NUM/secrets/SECRET_NAME/versions/VERSION_OR_LATEST'.
    secretUri string
    URI for the secret that hosts a certificate. Must be in the format 'projects/PROJECT_NUM/secrets/SECRET_NAME/versions/VERSION_OR_LATEST'.
    secret_uri str
    URI for the secret that hosts a certificate. Must be in the format 'projects/PROJECT_NUM/secrets/SECRET_NAME/versions/VERSION_OR_LATEST'.
    secretUri String
    URI for the secret that hosts a certificate. Must be in the format 'projects/PROJECT_NUM/secrets/SECRET_NAME/versions/VERSION_OR_LATEST'.

    ClusterNodeConfigEffectiveTaint, ClusterNodeConfigEffectiveTaintArgs

    Effect string
    Effect for taint.
    Key string
    Key for taint.
    Value string
    Value for taint.
    Effect string
    Effect for taint.
    Key string
    Key for taint.
    Value string
    Value for taint.
    effect String
    Effect for taint.
    key String
    Key for taint.
    value String
    Value for taint.
    effect string
    Effect for taint.
    key string
    Key for taint.
    value string
    Value for taint.
    effect str
    Effect for taint.
    key str
    Key for taint.
    value str
    Value for taint.
    effect String
    Effect for taint.
    key String
    Key for taint.
    value String
    Value for taint.

    ClusterNodeConfigEphemeralStorageConfig, ClusterNodeConfigEphemeralStorageConfigArgs

    LocalSsdCount int
    Number of local SSDs to use to back ephemeral storage. Uses NVMe interfaces. Each local SSD is 375 GB in size. If zero, it means to disable using local SSDs as ephemeral storage.
    LocalSsdCount int
    Number of local SSDs to use to back ephemeral storage. Uses NVMe interfaces. Each local SSD is 375 GB in size. If zero, it means to disable using local SSDs as ephemeral storage.
    localSsdCount Integer
    Number of local SSDs to use to back ephemeral storage. Uses NVMe interfaces. Each local SSD is 375 GB in size. If zero, it means to disable using local SSDs as ephemeral storage.
    localSsdCount number
    Number of local SSDs to use to back ephemeral storage. Uses NVMe interfaces. Each local SSD is 375 GB in size. If zero, it means to disable using local SSDs as ephemeral storage.
    local_ssd_count int
    Number of local SSDs to use to back ephemeral storage. Uses NVMe interfaces. Each local SSD is 375 GB in size. If zero, it means to disable using local SSDs as ephemeral storage.
    localSsdCount Number
    Number of local SSDs to use to back ephemeral storage. Uses NVMe interfaces. Each local SSD is 375 GB in size. If zero, it means to disable using local SSDs as ephemeral storage.

    ClusterNodeConfigEphemeralStorageLocalSsdConfig, ClusterNodeConfigEphemeralStorageLocalSsdConfigArgs

    LocalSsdCount int
    Number of local SSDs to use to back ephemeral storage. Uses NVMe interfaces. Each local SSD is 375 GB in size. If zero, it means to disable using local SSDs as ephemeral storage.
    LocalSsdCount int
    Number of local SSDs to use to back ephemeral storage. Uses NVMe interfaces. Each local SSD is 375 GB in size. If zero, it means to disable using local SSDs as ephemeral storage.
    localSsdCount Integer
    Number of local SSDs to use to back ephemeral storage. Uses NVMe interfaces. Each local SSD is 375 GB in size. If zero, it means to disable using local SSDs as ephemeral storage.
    localSsdCount number
    Number of local SSDs to use to back ephemeral storage. Uses NVMe interfaces. Each local SSD is 375 GB in size. If zero, it means to disable using local SSDs as ephemeral storage.
    local_ssd_count int
    Number of local SSDs to use to back ephemeral storage. Uses NVMe interfaces. Each local SSD is 375 GB in size. If zero, it means to disable using local SSDs as ephemeral storage.
    localSsdCount Number
    Number of local SSDs to use to back ephemeral storage. Uses NVMe interfaces. Each local SSD is 375 GB in size. If zero, it means to disable using local SSDs as ephemeral storage.

    ClusterNodeConfigFastSocket, ClusterNodeConfigFastSocketArgs

    Enabled bool
    Whether or not the NCCL Fast Socket is enabled
    Enabled bool
    Whether or not the NCCL Fast Socket is enabled
    enabled Boolean
    Whether or not the NCCL Fast Socket is enabled
    enabled boolean
    Whether or not the NCCL Fast Socket is enabled
    enabled bool
    Whether or not the NCCL Fast Socket is enabled
    enabled Boolean
    Whether or not the NCCL Fast Socket is enabled

    ClusterNodeConfigGcfsConfig, ClusterNodeConfigGcfsConfigArgs

    Enabled bool
    Whether or not the Google Container Filesystem (GCFS) is enabled
    Enabled bool
    Whether or not the Google Container Filesystem (GCFS) is enabled
    enabled Boolean
    Whether or not the Google Container Filesystem (GCFS) is enabled
    enabled boolean
    Whether or not the Google Container Filesystem (GCFS) is enabled
    enabled bool
    Whether or not the Google Container Filesystem (GCFS) is enabled
    enabled Boolean
    Whether or not the Google Container Filesystem (GCFS) is enabled

    ClusterNodeConfigGuestAccelerator, ClusterNodeConfigGuestAcceleratorArgs

    Count int
    The number of the guest accelerator cards exposed to this instance.
    Type string
    The accelerator type resource to expose to this instance. E.g. nvidia-tesla-k80.
    GpuDriverInstallationConfig ClusterNodeConfigGuestAcceleratorGpuDriverInstallationConfig
    Configuration for auto installation of GPU driver. Structure is documented below.
    GpuPartitionSize string
    Size of partitions to create on the GPU. Valid values are described in the NVIDIA mig user guide.
    GpuSharingConfig ClusterNodeConfigGuestAcceleratorGpuSharingConfig
    Configuration for GPU sharing. Structure is documented below.
    Count int
    The number of the guest accelerator cards exposed to this instance.
    Type string
    The accelerator type resource to expose to this instance. E.g. nvidia-tesla-k80.
    GpuDriverInstallationConfig ClusterNodeConfigGuestAcceleratorGpuDriverInstallationConfig
    Configuration for auto installation of GPU driver. Structure is documented below.
    GpuPartitionSize string
    Size of partitions to create on the GPU. Valid values are described in the NVIDIA mig user guide.
    GpuSharingConfig ClusterNodeConfigGuestAcceleratorGpuSharingConfig
    Configuration for GPU sharing. Structure is documented below.
    count Integer
    The number of the guest accelerator cards exposed to this instance.
    type String
    The accelerator type resource to expose to this instance. E.g. nvidia-tesla-k80.
    gpuDriverInstallationConfig ClusterNodeConfigGuestAcceleratorGpuDriverInstallationConfig
    Configuration for auto installation of GPU driver. Structure is documented below.
    gpuPartitionSize String
    Size of partitions to create on the GPU. Valid values are described in the NVIDIA mig user guide.
    gpuSharingConfig ClusterNodeConfigGuestAcceleratorGpuSharingConfig
    Configuration for GPU sharing. Structure is documented below.
    count number
    The number of the guest accelerator cards exposed to this instance.
    type string
    The accelerator type resource to expose to this instance. E.g. nvidia-tesla-k80.
    gpuDriverInstallationConfig ClusterNodeConfigGuestAcceleratorGpuDriverInstallationConfig
    Configuration for auto installation of GPU driver. Structure is documented below.
    gpuPartitionSize string
    Size of partitions to create on the GPU. Valid values are described in the NVIDIA mig user guide.
    gpuSharingConfig ClusterNodeConfigGuestAcceleratorGpuSharingConfig
    Configuration for GPU sharing. Structure is documented below.
    count int
    The number of the guest accelerator cards exposed to this instance.
    type str
    The accelerator type resource to expose to this instance. E.g. nvidia-tesla-k80.
    gpu_driver_installation_config ClusterNodeConfigGuestAcceleratorGpuDriverInstallationConfig
    Configuration for auto installation of GPU driver. Structure is documented below.
    gpu_partition_size str
    Size of partitions to create on the GPU. Valid values are described in the NVIDIA mig user guide.
    gpu_sharing_config ClusterNodeConfigGuestAcceleratorGpuSharingConfig
    Configuration for GPU sharing. Structure is documented below.
    count Number
    The number of the guest accelerator cards exposed to this instance.
    type String
    The accelerator type resource to expose to this instance. E.g. nvidia-tesla-k80.
    gpuDriverInstallationConfig Property Map
    Configuration for auto installation of GPU driver. Structure is documented below.
    gpuPartitionSize String
    Size of partitions to create on the GPU. Valid values are described in the NVIDIA mig user guide.
    gpuSharingConfig Property Map
    Configuration for GPU sharing. Structure is documented below.

    ClusterNodeConfigGuestAcceleratorGpuDriverInstallationConfig, ClusterNodeConfigGuestAcceleratorGpuDriverInstallationConfigArgs

    GpuDriverVersion string
    Mode for how the GPU driver is installed. Accepted values are:

    • "GPU_DRIVER_VERSION_UNSPECIFIED": Default value is to not install any GPU driver.
    • "INSTALLATION_DISABLED": Disable GPU driver auto installation and needs manual installation.
    • "DEFAULT": "Default" GPU driver in COS and Ubuntu.
    • "LATEST": "Latest" GPU driver in COS.
    GpuDriverVersion string
    Mode for how the GPU driver is installed. Accepted values are:

    • "GPU_DRIVER_VERSION_UNSPECIFIED": Default value is to not install any GPU driver.
    • "INSTALLATION_DISABLED": Disable GPU driver auto installation and needs manual installation.
    • "DEFAULT": "Default" GPU driver in COS and Ubuntu.
    • "LATEST": "Latest" GPU driver in COS.
    gpuDriverVersion String
    Mode for how the GPU driver is installed. Accepted values are:

    • "GPU_DRIVER_VERSION_UNSPECIFIED": Default value is to not install any GPU driver.
    • "INSTALLATION_DISABLED": Disable GPU driver auto installation and needs manual installation.
    • "DEFAULT": "Default" GPU driver in COS and Ubuntu.
    • "LATEST": "Latest" GPU driver in COS.
    gpuDriverVersion string
    Mode for how the GPU driver is installed. Accepted values are:

    • "GPU_DRIVER_VERSION_UNSPECIFIED": Default value is to not install any GPU driver.
    • "INSTALLATION_DISABLED": Disable GPU driver auto installation and needs manual installation.
    • "DEFAULT": "Default" GPU driver in COS and Ubuntu.
    • "LATEST": "Latest" GPU driver in COS.
    gpu_driver_version str
    Mode for how the GPU driver is installed. Accepted values are:

    • "GPU_DRIVER_VERSION_UNSPECIFIED": Default value is to not install any GPU driver.
    • "INSTALLATION_DISABLED": Disable GPU driver auto installation and needs manual installation.
    • "DEFAULT": "Default" GPU driver in COS and Ubuntu.
    • "LATEST": "Latest" GPU driver in COS.
    gpuDriverVersion String
    Mode for how the GPU driver is installed. Accepted values are:

    • "GPU_DRIVER_VERSION_UNSPECIFIED": Default value is to not install any GPU driver.
    • "INSTALLATION_DISABLED": Disable GPU driver auto installation and needs manual installation.
    • "DEFAULT": "Default" GPU driver in COS and Ubuntu.
    • "LATEST": "Latest" GPU driver in COS.

    ClusterNodeConfigGuestAcceleratorGpuSharingConfig, ClusterNodeConfigGuestAcceleratorGpuSharingConfigArgs

    GpuSharingStrategy string
    The type of GPU sharing strategy to enable on the GPU node. Accepted values are:

    • "TIME_SHARING": Allow multiple containers to have time-shared access to a single GPU device.
    • "MPS": Enable co-operative multi-process CUDA workloads to run concurrently on a single GPU device with MPS
    MaxSharedClientsPerGpu int
    The maximum number of containers that can share a GPU.
    GpuSharingStrategy string
    The type of GPU sharing strategy to enable on the GPU node. Accepted values are:

    • "TIME_SHARING": Allow multiple containers to have time-shared access to a single GPU device.
    • "MPS": Enable co-operative multi-process CUDA workloads to run concurrently on a single GPU device with MPS
    MaxSharedClientsPerGpu int
    The maximum number of containers that can share a GPU.
    gpuSharingStrategy String
    The type of GPU sharing strategy to enable on the GPU node. Accepted values are:

    • "TIME_SHARING": Allow multiple containers to have time-shared access to a single GPU device.
    • "MPS": Enable co-operative multi-process CUDA workloads to run concurrently on a single GPU device with MPS
    maxSharedClientsPerGpu Integer
    The maximum number of containers that can share a GPU.
    gpuSharingStrategy string
    The type of GPU sharing strategy to enable on the GPU node. Accepted values are:

    • "TIME_SHARING": Allow multiple containers to have time-shared access to a single GPU device.
    • "MPS": Enable co-operative multi-process CUDA workloads to run concurrently on a single GPU device with MPS
    maxSharedClientsPerGpu number
    The maximum number of containers that can share a GPU.
    gpu_sharing_strategy str
    The type of GPU sharing strategy to enable on the GPU node. Accepted values are:

    • "TIME_SHARING": Allow multiple containers to have time-shared access to a single GPU device.
    • "MPS": Enable co-operative multi-process CUDA workloads to run concurrently on a single GPU device with MPS
    max_shared_clients_per_gpu int
    The maximum number of containers that can share a GPU.
    gpuSharingStrategy String
    The type of GPU sharing strategy to enable on the GPU node. Accepted values are:

    • "TIME_SHARING": Allow multiple containers to have time-shared access to a single GPU device.
    • "MPS": Enable co-operative multi-process CUDA workloads to run concurrently on a single GPU device with MPS
    maxSharedClientsPerGpu Number
    The maximum number of containers that can share a GPU.

    ClusterNodeConfigGvnic, ClusterNodeConfigGvnicArgs

    Enabled bool
    Whether or not the Google Virtual NIC (gVNIC) is enabled
    Enabled bool
    Whether or not the Google Virtual NIC (gVNIC) is enabled
    enabled Boolean
    Whether or not the Google Virtual NIC (gVNIC) is enabled
    enabled boolean
    Whether or not the Google Virtual NIC (gVNIC) is enabled
    enabled bool
    Whether or not the Google Virtual NIC (gVNIC) is enabled
    enabled Boolean
    Whether or not the Google Virtual NIC (gVNIC) is enabled

    ClusterNodeConfigHostMaintenancePolicy, ClusterNodeConfigHostMaintenancePolicyArgs

    ClusterNodeConfigKubeletConfig, ClusterNodeConfigKubeletConfigArgs

    CpuCfsQuota bool
    If true, enables CPU CFS quota enforcement for containers that specify CPU limits.
    CpuCfsQuotaPeriod string
    The CPU CFS quota period value. Specified as a sequence of decimal numbers, each with optional fraction and a unit suffix, such as "300ms". Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h". The value must be a positive duration.
    CpuManagerPolicy string
    The CPU management policy on the node. See K8S CPU Management Policies. One of "none" or "static". If unset (or set to the empty string ""), the API will treat the field as if set to "none". Prior to the 6.4.0 this field was marked as required. The workaround for the required field is setting the empty string "", which will function identically to not setting this field.
    InsecureKubeletReadonlyPortEnabled string
    Controls whether the kubelet read-only port is enabled. It is strongly recommended to set this to FALSE. Possible values: TRUE, FALSE.
    PodPidsLimit int
    Controls the maximum number of processes allowed to run in a pod. The value must be greater than or equal to 1024 and less than 4194304.
    CpuCfsQuota bool
    If true, enables CPU CFS quota enforcement for containers that specify CPU limits.
    CpuCfsQuotaPeriod string
    The CPU CFS quota period value. Specified as a sequence of decimal numbers, each with optional fraction and a unit suffix, such as "300ms". Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h". The value must be a positive duration.
    CpuManagerPolicy string
    The CPU management policy on the node. See K8S CPU Management Policies. One of "none" or "static". If unset (or set to the empty string ""), the API will treat the field as if set to "none". Prior to the 6.4.0 this field was marked as required. The workaround for the required field is setting the empty string "", which will function identically to not setting this field.
    InsecureKubeletReadonlyPortEnabled string
    Controls whether the kubelet read-only port is enabled. It is strongly recommended to set this to FALSE. Possible values: TRUE, FALSE.
    PodPidsLimit int
    Controls the maximum number of processes allowed to run in a pod. The value must be greater than or equal to 1024 and less than 4194304.
    cpuCfsQuota Boolean
    If true, enables CPU CFS quota enforcement for containers that specify CPU limits.
    cpuCfsQuotaPeriod String
    The CPU CFS quota period value. Specified as a sequence of decimal numbers, each with optional fraction and a unit suffix, such as "300ms". Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h". The value must be a positive duration.
    cpuManagerPolicy String
    The CPU management policy on the node. See K8S CPU Management Policies. One of "none" or "static". If unset (or set to the empty string ""), the API will treat the field as if set to "none". Prior to the 6.4.0 this field was marked as required. The workaround for the required field is setting the empty string "", which will function identically to not setting this field.
    insecureKubeletReadonlyPortEnabled String
    Controls whether the kubelet read-only port is enabled. It is strongly recommended to set this to FALSE. Possible values: TRUE, FALSE.
    podPidsLimit Integer
    Controls the maximum number of processes allowed to run in a pod. The value must be greater than or equal to 1024 and less than 4194304.
    cpuCfsQuota boolean
    If true, enables CPU CFS quota enforcement for containers that specify CPU limits.
    cpuCfsQuotaPeriod string
    The CPU CFS quota period value. Specified as a sequence of decimal numbers, each with optional fraction and a unit suffix, such as "300ms". Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h". The value must be a positive duration.
    cpuManagerPolicy string
    The CPU management policy on the node. See K8S CPU Management Policies. One of "none" or "static". If unset (or set to the empty string ""), the API will treat the field as if set to "none". Prior to the 6.4.0 this field was marked as required. The workaround for the required field is setting the empty string "", which will function identically to not setting this field.
    insecureKubeletReadonlyPortEnabled string
    Controls whether the kubelet read-only port is enabled. It is strongly recommended to set this to FALSE. Possible values: TRUE, FALSE.
    podPidsLimit number
    Controls the maximum number of processes allowed to run in a pod. The value must be greater than or equal to 1024 and less than 4194304.
    cpu_cfs_quota bool
    If true, enables CPU CFS quota enforcement for containers that specify CPU limits.
    cpu_cfs_quota_period str
    The CPU CFS quota period value. Specified as a sequence of decimal numbers, each with optional fraction and a unit suffix, such as "300ms". Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h". The value must be a positive duration.
    cpu_manager_policy str
    The CPU management policy on the node. See K8S CPU Management Policies. One of "none" or "static". If unset (or set to the empty string ""), the API will treat the field as if set to "none". Prior to the 6.4.0 this field was marked as required. The workaround for the required field is setting the empty string "", which will function identically to not setting this field.
    insecure_kubelet_readonly_port_enabled str
    Controls whether the kubelet read-only port is enabled. It is strongly recommended to set this to FALSE. Possible values: TRUE, FALSE.
    pod_pids_limit int
    Controls the maximum number of processes allowed to run in a pod. The value must be greater than or equal to 1024 and less than 4194304.
    cpuCfsQuota Boolean
    If true, enables CPU CFS quota enforcement for containers that specify CPU limits.
    cpuCfsQuotaPeriod String
    The CPU CFS quota period value. Specified as a sequence of decimal numbers, each with optional fraction and a unit suffix, such as "300ms". Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h". The value must be a positive duration.
    cpuManagerPolicy String
    The CPU management policy on the node. See K8S CPU Management Policies. One of "none" or "static". If unset (or set to the empty string ""), the API will treat the field as if set to "none". Prior to the 6.4.0 this field was marked as required. The workaround for the required field is setting the empty string "", which will function identically to not setting this field.
    insecureKubeletReadonlyPortEnabled String
    Controls whether the kubelet read-only port is enabled. It is strongly recommended to set this to FALSE. Possible values: TRUE, FALSE.
    podPidsLimit Number
    Controls the maximum number of processes allowed to run in a pod. The value must be greater than or equal to 1024 and less than 4194304.

    ClusterNodeConfigLinuxNodeConfig, ClusterNodeConfigLinuxNodeConfigArgs

    CgroupMode string
    Possible cgroup modes that can be used. Accepted values are:

    • CGROUP_MODE_UNSPECIFIED: CGROUP_MODE_UNSPECIFIED is when unspecified cgroup configuration is used. The default for the GKE node OS image will be used.
    • CGROUP_MODE_V1: CGROUP_MODE_V1 specifies to use cgroupv1 for the cgroup configuration on the node image.
    • CGROUP_MODE_V2: CGROUP_MODE_V2 specifies to use cgroupv2 for the cgroup configuration on the node image.
    HugepagesConfig ClusterNodeConfigLinuxNodeConfigHugepagesConfig
    Amounts for 2M and 1G hugepages. Structure is documented below.
    Sysctls Dictionary<string, string>
    The Linux kernel parameters to be applied to the nodes and all pods running on the nodes. Specified as a map from the key, such as net.core.wmem_max, to a string value. Currently supported attributes can be found here. Note that validations happen all server side. All attributes are optional.
    CgroupMode string
    Possible cgroup modes that can be used. Accepted values are:

    • CGROUP_MODE_UNSPECIFIED: CGROUP_MODE_UNSPECIFIED is when unspecified cgroup configuration is used. The default for the GKE node OS image will be used.
    • CGROUP_MODE_V1: CGROUP_MODE_V1 specifies to use cgroupv1 for the cgroup configuration on the node image.
    • CGROUP_MODE_V2: CGROUP_MODE_V2 specifies to use cgroupv2 for the cgroup configuration on the node image.
    HugepagesConfig ClusterNodeConfigLinuxNodeConfigHugepagesConfig
    Amounts for 2M and 1G hugepages. Structure is documented below.
    Sysctls map[string]string
    The Linux kernel parameters to be applied to the nodes and all pods running on the nodes. Specified as a map from the key, such as net.core.wmem_max, to a string value. Currently supported attributes can be found here. Note that validations happen all server side. All attributes are optional.
    cgroupMode String
    Possible cgroup modes that can be used. Accepted values are:

    • CGROUP_MODE_UNSPECIFIED: CGROUP_MODE_UNSPECIFIED is when unspecified cgroup configuration is used. The default for the GKE node OS image will be used.
    • CGROUP_MODE_V1: CGROUP_MODE_V1 specifies to use cgroupv1 for the cgroup configuration on the node image.
    • CGROUP_MODE_V2: CGROUP_MODE_V2 specifies to use cgroupv2 for the cgroup configuration on the node image.
    hugepagesConfig ClusterNodeConfigLinuxNodeConfigHugepagesConfig
    Amounts for 2M and 1G hugepages. Structure is documented below.
    sysctls Map<String,String>
    The Linux kernel parameters to be applied to the nodes and all pods running on the nodes. Specified as a map from the key, such as net.core.wmem_max, to a string value. Currently supported attributes can be found here. Note that validations happen all server side. All attributes are optional.
    cgroupMode string
    Possible cgroup modes that can be used. Accepted values are:

    • CGROUP_MODE_UNSPECIFIED: CGROUP_MODE_UNSPECIFIED is when unspecified cgroup configuration is used. The default for the GKE node OS image will be used.
    • CGROUP_MODE_V1: CGROUP_MODE_V1 specifies to use cgroupv1 for the cgroup configuration on the node image.
    • CGROUP_MODE_V2: CGROUP_MODE_V2 specifies to use cgroupv2 for the cgroup configuration on the node image.
    hugepagesConfig ClusterNodeConfigLinuxNodeConfigHugepagesConfig
    Amounts for 2M and 1G hugepages. Structure is documented below.
    sysctls {[key: string]: string}
    The Linux kernel parameters to be applied to the nodes and all pods running on the nodes. Specified as a map from the key, such as net.core.wmem_max, to a string value. Currently supported attributes can be found here. Note that validations happen all server side. All attributes are optional.
    cgroup_mode str
    Possible cgroup modes that can be used. Accepted values are:

    • CGROUP_MODE_UNSPECIFIED: CGROUP_MODE_UNSPECIFIED is when unspecified cgroup configuration is used. The default for the GKE node OS image will be used.
    • CGROUP_MODE_V1: CGROUP_MODE_V1 specifies to use cgroupv1 for the cgroup configuration on the node image.
    • CGROUP_MODE_V2: CGROUP_MODE_V2 specifies to use cgroupv2 for the cgroup configuration on the node image.
    hugepages_config ClusterNodeConfigLinuxNodeConfigHugepagesConfig
    Amounts for 2M and 1G hugepages. Structure is documented below.
    sysctls Mapping[str, str]
    The Linux kernel parameters to be applied to the nodes and all pods running on the nodes. Specified as a map from the key, such as net.core.wmem_max, to a string value. Currently supported attributes can be found here. Note that validations happen all server side. All attributes are optional.
    cgroupMode String
    Possible cgroup modes that can be used. Accepted values are:

    • CGROUP_MODE_UNSPECIFIED: CGROUP_MODE_UNSPECIFIED is when unspecified cgroup configuration is used. The default for the GKE node OS image will be used.
    • CGROUP_MODE_V1: CGROUP_MODE_V1 specifies to use cgroupv1 for the cgroup configuration on the node image.
    • CGROUP_MODE_V2: CGROUP_MODE_V2 specifies to use cgroupv2 for the cgroup configuration on the node image.
    hugepagesConfig Property Map
    Amounts for 2M and 1G hugepages. Structure is documented below.
    sysctls Map<String>
    The Linux kernel parameters to be applied to the nodes and all pods running on the nodes. Specified as a map from the key, such as net.core.wmem_max, to a string value. Currently supported attributes can be found here. Note that validations happen all server side. All attributes are optional.

    ClusterNodeConfigLinuxNodeConfigHugepagesConfig, ClusterNodeConfigLinuxNodeConfigHugepagesConfigArgs

    HugepageSize1g int
    Amount of 1G hugepages.
    HugepageSize2m int
    Amount of 2M hugepages.
    HugepageSize1g int
    Amount of 1G hugepages.
    HugepageSize2m int
    Amount of 2M hugepages.
    hugepageSize1g Integer
    Amount of 1G hugepages.
    hugepageSize2m Integer
    Amount of 2M hugepages.
    hugepageSize1g number
    Amount of 1G hugepages.
    hugepageSize2m number
    Amount of 2M hugepages.
    hugepage_size1g int
    Amount of 1G hugepages.
    hugepage_size2m int
    Amount of 2M hugepages.
    hugepageSize1g Number
    Amount of 1G hugepages.
    hugepageSize2m Number
    Amount of 2M hugepages.

    ClusterNodeConfigLocalNvmeSsdBlockConfig, ClusterNodeConfigLocalNvmeSsdBlockConfigArgs

    LocalSsdCount int

    Number of raw-block local NVMe SSD disks to be attached to the node. Each local SSD is 375 GB in size. If zero, it means no raw-block local NVMe SSD disks to be attached to the node.

    Note: Local NVMe SSD storage available in GKE versions v1.25.3-gke.1800 and later.

    LocalSsdCount int

    Number of raw-block local NVMe SSD disks to be attached to the node. Each local SSD is 375 GB in size. If zero, it means no raw-block local NVMe SSD disks to be attached to the node.

    Note: Local NVMe SSD storage available in GKE versions v1.25.3-gke.1800 and later.

    localSsdCount Integer

    Number of raw-block local NVMe SSD disks to be attached to the node. Each local SSD is 375 GB in size. If zero, it means no raw-block local NVMe SSD disks to be attached to the node.

    Note: Local NVMe SSD storage available in GKE versions v1.25.3-gke.1800 and later.

    localSsdCount number

    Number of raw-block local NVMe SSD disks to be attached to the node. Each local SSD is 375 GB in size. If zero, it means no raw-block local NVMe SSD disks to be attached to the node.

    Note: Local NVMe SSD storage available in GKE versions v1.25.3-gke.1800 and later.

    local_ssd_count int

    Number of raw-block local NVMe SSD disks to be attached to the node. Each local SSD is 375 GB in size. If zero, it means no raw-block local NVMe SSD disks to be attached to the node.

    Note: Local NVMe SSD storage available in GKE versions v1.25.3-gke.1800 and later.

    localSsdCount Number

    Number of raw-block local NVMe SSD disks to be attached to the node. Each local SSD is 375 GB in size. If zero, it means no raw-block local NVMe SSD disks to be attached to the node.

    Note: Local NVMe SSD storage available in GKE versions v1.25.3-gke.1800 and later.

    ClusterNodeConfigReservationAffinity, ClusterNodeConfigReservationAffinityArgs

    ConsumeReservationType string
    The type of reservation consumption Accepted values are:

    • "UNSPECIFIED": Default value. This should not be used.
    • "NO_RESERVATION": Do not consume from any reserved capacity.
    • "ANY_RESERVATION": Consume any reservation available.
    • "SPECIFIC_RESERVATION": Must consume from a specific reservation. Must specify key value fields for specifying the reservations.
    Key string
    The label key of a reservation resource. To target a SPECIFIC_RESERVATION by name, specify "compute.googleapis.com/reservation-name" as the key and specify the name of your reservation as its value.
    Values List<string>
    The list of label values of reservation resources. For example: the name of the specific reservation when using a key of "compute.googleapis.com/reservation-name"
    ConsumeReservationType string
    The type of reservation consumption Accepted values are:

    • "UNSPECIFIED": Default value. This should not be used.
    • "NO_RESERVATION": Do not consume from any reserved capacity.
    • "ANY_RESERVATION": Consume any reservation available.
    • "SPECIFIC_RESERVATION": Must consume from a specific reservation. Must specify key value fields for specifying the reservations.
    Key string
    The label key of a reservation resource. To target a SPECIFIC_RESERVATION by name, specify "compute.googleapis.com/reservation-name" as the key and specify the name of your reservation as its value.
    Values []string
    The list of label values of reservation resources. For example: the name of the specific reservation when using a key of "compute.googleapis.com/reservation-name"
    consumeReservationType String
    The type of reservation consumption Accepted values are:

    • "UNSPECIFIED": Default value. This should not be used.
    • "NO_RESERVATION": Do not consume from any reserved capacity.
    • "ANY_RESERVATION": Consume any reservation available.
    • "SPECIFIC_RESERVATION": Must consume from a specific reservation. Must specify key value fields for specifying the reservations.
    key String
    The label key of a reservation resource. To target a SPECIFIC_RESERVATION by name, specify "compute.googleapis.com/reservation-name" as the key and specify the name of your reservation as its value.
    values List<String>
    The list of label values of reservation resources. For example: the name of the specific reservation when using a key of "compute.googleapis.com/reservation-name"
    consumeReservationType string
    The type of reservation consumption Accepted values are:

    • "UNSPECIFIED": Default value. This should not be used.
    • "NO_RESERVATION": Do not consume from any reserved capacity.
    • "ANY_RESERVATION": Consume any reservation available.
    • "SPECIFIC_RESERVATION": Must consume from a specific reservation. Must specify key value fields for specifying the reservations.
    key string
    The label key of a reservation resource. To target a SPECIFIC_RESERVATION by name, specify "compute.googleapis.com/reservation-name" as the key and specify the name of your reservation as its value.
    values string[]
    The list of label values of reservation resources. For example: the name of the specific reservation when using a key of "compute.googleapis.com/reservation-name"
    consume_reservation_type str
    The type of reservation consumption Accepted values are:

    • "UNSPECIFIED": Default value. This should not be used.
    • "NO_RESERVATION": Do not consume from any reserved capacity.
    • "ANY_RESERVATION": Consume any reservation available.
    • "SPECIFIC_RESERVATION": Must consume from a specific reservation. Must specify key value fields for specifying the reservations.
    key str
    The label key of a reservation resource. To target a SPECIFIC_RESERVATION by name, specify "compute.googleapis.com/reservation-name" as the key and specify the name of your reservation as its value.
    values Sequence[str]
    The list of label values of reservation resources. For example: the name of the specific reservation when using a key of "compute.googleapis.com/reservation-name"
    consumeReservationType String
    The type of reservation consumption Accepted values are:

    • "UNSPECIFIED": Default value. This should not be used.
    • "NO_RESERVATION": Do not consume from any reserved capacity.
    • "ANY_RESERVATION": Consume any reservation available.
    • "SPECIFIC_RESERVATION": Must consume from a specific reservation. Must specify key value fields for specifying the reservations.
    key String
    The label key of a reservation resource. To target a SPECIFIC_RESERVATION by name, specify "compute.googleapis.com/reservation-name" as the key and specify the name of your reservation as its value.
    values List<String>
    The list of label values of reservation resources. For example: the name of the specific reservation when using a key of "compute.googleapis.com/reservation-name"

    ClusterNodeConfigSandboxConfig, ClusterNodeConfigSandboxConfigArgs

    SandboxType string
    Which sandbox to use for pods in the node pool. Accepted values are:

    • "gvisor": Pods run within a gVisor sandbox.
    SandboxType string
    Which sandbox to use for pods in the node pool. Accepted values are:

    • "gvisor": Pods run within a gVisor sandbox.
    sandboxType String
    Which sandbox to use for pods in the node pool. Accepted values are:

    • "gvisor": Pods run within a gVisor sandbox.
    sandboxType string
    Which sandbox to use for pods in the node pool. Accepted values are:

    • "gvisor": Pods run within a gVisor sandbox.
    sandbox_type str
    Which sandbox to use for pods in the node pool. Accepted values are:

    • "gvisor": Pods run within a gVisor sandbox.
    sandboxType String
    Which sandbox to use for pods in the node pool. Accepted values are:

    • "gvisor": Pods run within a gVisor sandbox.

    ClusterNodeConfigSecondaryBootDisk, ClusterNodeConfigSecondaryBootDiskArgs

    DiskImage string
    Path to disk image to create the secondary boot disk from. After using the gke-disk-image-builder, this argument should be global/images/DISK_IMAGE_NAME.
    Mode string
    Mode for how the secondary boot disk is used. An example mode is CONTAINER_IMAGE_CACHE.
    DiskImage string
    Path to disk image to create the secondary boot disk from. After using the gke-disk-image-builder, this argument should be global/images/DISK_IMAGE_NAME.
    Mode string
    Mode for how the secondary boot disk is used. An example mode is CONTAINER_IMAGE_CACHE.
    diskImage String
    Path to disk image to create the secondary boot disk from. After using the gke-disk-image-builder, this argument should be global/images/DISK_IMAGE_NAME.
    mode String
    Mode for how the secondary boot disk is used. An example mode is CONTAINER_IMAGE_CACHE.
    diskImage string
    Path to disk image to create the secondary boot disk from. After using the gke-disk-image-builder, this argument should be global/images/DISK_IMAGE_NAME.
    mode string
    Mode for how the secondary boot disk is used. An example mode is CONTAINER_IMAGE_CACHE.
    disk_image str
    Path to disk image to create the secondary boot disk from. After using the gke-disk-image-builder, this argument should be global/images/DISK_IMAGE_NAME.
    mode str
    Mode for how the secondary boot disk is used. An example mode is CONTAINER_IMAGE_CACHE.
    diskImage String
    Path to disk image to create the secondary boot disk from. After using the gke-disk-image-builder, this argument should be global/images/DISK_IMAGE_NAME.
    mode String
    Mode for how the secondary boot disk is used. An example mode is CONTAINER_IMAGE_CACHE.

    ClusterNodeConfigShieldedInstanceConfig, ClusterNodeConfigShieldedInstanceConfigArgs

    EnableIntegrityMonitoring bool

    Defines if the instance has integrity monitoring enabled.

    Enables monitoring and attestation of the boot integrity of the instance. The attestation is performed against the integrity policy baseline. This baseline is initially derived from the implicitly trusted boot image when the instance is created. Defaults to true.

    EnableSecureBoot bool

    Defines if the instance has Secure Boot enabled.

    Secure Boot helps ensure that the system only runs authentic software by verifying the digital signature of all boot components, and halting the boot process if signature verification fails. Defaults to false.

    EnableIntegrityMonitoring bool

    Defines if the instance has integrity monitoring enabled.

    Enables monitoring and attestation of the boot integrity of the instance. The attestation is performed against the integrity policy baseline. This baseline is initially derived from the implicitly trusted boot image when the instance is created. Defaults to true.

    EnableSecureBoot bool

    Defines if the instance has Secure Boot enabled.

    Secure Boot helps ensure that the system only runs authentic software by verifying the digital signature of all boot components, and halting the boot process if signature verification fails. Defaults to false.

    enableIntegrityMonitoring Boolean

    Defines if the instance has integrity monitoring enabled.

    Enables monitoring and attestation of the boot integrity of the instance. The attestation is performed against the integrity policy baseline. This baseline is initially derived from the implicitly trusted boot image when the instance is created. Defaults to true.

    enableSecureBoot Boolean

    Defines if the instance has Secure Boot enabled.

    Secure Boot helps ensure that the system only runs authentic software by verifying the digital signature of all boot components, and halting the boot process if signature verification fails. Defaults to false.

    enableIntegrityMonitoring boolean

    Defines if the instance has integrity monitoring enabled.

    Enables monitoring and attestation of the boot integrity of the instance. The attestation is performed against the integrity policy baseline. This baseline is initially derived from the implicitly trusted boot image when the instance is created. Defaults to true.

    enableSecureBoot boolean

    Defines if the instance has Secure Boot enabled.

    Secure Boot helps ensure that the system only runs authentic software by verifying the digital signature of all boot components, and halting the boot process if signature verification fails. Defaults to false.

    enable_integrity_monitoring bool

    Defines if the instance has integrity monitoring enabled.

    Enables monitoring and attestation of the boot integrity of the instance. The attestation is performed against the integrity policy baseline. This baseline is initially derived from the implicitly trusted boot image when the instance is created. Defaults to true.

    enable_secure_boot bool

    Defines if the instance has Secure Boot enabled.

    Secure Boot helps ensure that the system only runs authentic software by verifying the digital signature of all boot components, and halting the boot process if signature verification fails. Defaults to false.

    enableIntegrityMonitoring Boolean

    Defines if the instance has integrity monitoring enabled.

    Enables monitoring and attestation of the boot integrity of the instance. The attestation is performed against the integrity policy baseline. This baseline is initially derived from the implicitly trusted boot image when the instance is created. Defaults to true.

    enableSecureBoot Boolean

    Defines if the instance has Secure Boot enabled.

    Secure Boot helps ensure that the system only runs authentic software by verifying the digital signature of all boot components, and halting the boot process if signature verification fails. Defaults to false.

    ClusterNodeConfigSoleTenantConfig, ClusterNodeConfigSoleTenantConfigArgs

    ClusterNodeConfigSoleTenantConfigNodeAffinity, ClusterNodeConfigSoleTenantConfigNodeAffinityArgs

    Key string
    The default or custom node affinity label key name.
    Operator string
    Specifies affinity or anti-affinity. Accepted values are "IN" or "NOT_IN"
    Values List<string>
    List of node affinity label values as strings.
    Key string
    The default or custom node affinity label key name.
    Operator string
    Specifies affinity or anti-affinity. Accepted values are "IN" or "NOT_IN"
    Values []string
    List of node affinity label values as strings.
    key String
    The default or custom node affinity label key name.
    operator String
    Specifies affinity or anti-affinity. Accepted values are "IN" or "NOT_IN"
    values List<String>
    List of node affinity label values as strings.
    key string
    The default or custom node affinity label key name.
    operator string
    Specifies affinity or anti-affinity. Accepted values are "IN" or "NOT_IN"
    values string[]
    List of node affinity label values as strings.
    key str
    The default or custom node affinity label key name.
    operator str
    Specifies affinity or anti-affinity. Accepted values are "IN" or "NOT_IN"
    values Sequence[str]
    List of node affinity label values as strings.
    key String
    The default or custom node affinity label key name.
    operator String
    Specifies affinity or anti-affinity. Accepted values are "IN" or "NOT_IN"
    values List<String>
    List of node affinity label values as strings.

    ClusterNodeConfigTaint, ClusterNodeConfigTaintArgs

    Effect string
    Effect for taint. Accepted values are NO_SCHEDULE, PREFER_NO_SCHEDULE, and NO_EXECUTE.
    Key string
    Key for taint.
    Value string
    Value for taint.
    Effect string
    Effect for taint. Accepted values are NO_SCHEDULE, PREFER_NO_SCHEDULE, and NO_EXECUTE.
    Key string
    Key for taint.
    Value string
    Value for taint.
    effect String
    Effect for taint. Accepted values are NO_SCHEDULE, PREFER_NO_SCHEDULE, and NO_EXECUTE.
    key String
    Key for taint.
    value String
    Value for taint.
    effect string
    Effect for taint. Accepted values are NO_SCHEDULE, PREFER_NO_SCHEDULE, and NO_EXECUTE.
    key string
    Key for taint.
    value string
    Value for taint.
    effect str
    Effect for taint. Accepted values are NO_SCHEDULE, PREFER_NO_SCHEDULE, and NO_EXECUTE.
    key str
    Key for taint.
    value str
    Value for taint.
    effect String
    Effect for taint. Accepted values are NO_SCHEDULE, PREFER_NO_SCHEDULE, and NO_EXECUTE.
    key String
    Key for taint.
    value String
    Value for taint.

    ClusterNodeConfigWorkloadMetadataConfig, ClusterNodeConfigWorkloadMetadataConfigArgs

    Mode string
    How to expose the node metadata to the workload running on the node. Accepted values are:

    • UNSPECIFIED: Not Set
    • GCE_METADATA: Expose all Compute Engine metadata to pods.
    • GKE_METADATA: Run the GKE Metadata Server on this node. The GKE Metadata Server exposes a metadata API to workloads that is compatible with the V1 Compute Metadata APIs exposed by the Compute Engine and App Engine Metadata Servers. This feature can only be enabled if workload identity is enabled at the cluster level.
    Mode string
    How to expose the node metadata to the workload running on the node. Accepted values are:

    • UNSPECIFIED: Not Set
    • GCE_METADATA: Expose all Compute Engine metadata to pods.
    • GKE_METADATA: Run the GKE Metadata Server on this node. The GKE Metadata Server exposes a metadata API to workloads that is compatible with the V1 Compute Metadata APIs exposed by the Compute Engine and App Engine Metadata Servers. This feature can only be enabled if workload identity is enabled at the cluster level.
    mode String
    How to expose the node metadata to the workload running on the node. Accepted values are:

    • UNSPECIFIED: Not Set
    • GCE_METADATA: Expose all Compute Engine metadata to pods.
    • GKE_METADATA: Run the GKE Metadata Server on this node. The GKE Metadata Server exposes a metadata API to workloads that is compatible with the V1 Compute Metadata APIs exposed by the Compute Engine and App Engine Metadata Servers. This feature can only be enabled if workload identity is enabled at the cluster level.
    mode string
    How to expose the node metadata to the workload running on the node. Accepted values are:

    • UNSPECIFIED: Not Set
    • GCE_METADATA: Expose all Compute Engine metadata to pods.
    • GKE_METADATA: Run the GKE Metadata Server on this node. The GKE Metadata Server exposes a metadata API to workloads that is compatible with the V1 Compute Metadata APIs exposed by the Compute Engine and App Engine Metadata Servers. This feature can only be enabled if workload identity is enabled at the cluster level.
    mode str
    How to expose the node metadata to the workload running on the node. Accepted values are:

    • UNSPECIFIED: Not Set
    • GCE_METADATA: Expose all Compute Engine metadata to pods.
    • GKE_METADATA: Run the GKE Metadata Server on this node. The GKE Metadata Server exposes a metadata API to workloads that is compatible with the V1 Compute Metadata APIs exposed by the Compute Engine and App Engine Metadata Servers. This feature can only be enabled if workload identity is enabled at the cluster level.
    mode String
    How to expose the node metadata to the workload running on the node. Accepted values are:

    • UNSPECIFIED: Not Set
    • GCE_METADATA: Expose all Compute Engine metadata to pods.
    • GKE_METADATA: Run the GKE Metadata Server on this node. The GKE Metadata Server exposes a metadata API to workloads that is compatible with the V1 Compute Metadata APIs exposed by the Compute Engine and App Engine Metadata Servers. This feature can only be enabled if workload identity is enabled at the cluster level.

    ClusterNodePool, ClusterNodePoolArgs

    Autoscaling ClusterNodePoolAutoscaling
    Configuration required by cluster autoscaler to adjust the size of the node pool to the current cluster usage.
    InitialNodeCount int
    The number of nodes to create in this cluster's default node pool. In regional or multi-zonal clusters, this is the number of nodes per zone. Must be set if node_pool is not set. If you're using gcp.container.NodePool objects with no default node pool, you'll need to set this to a value of at least 1, alongside setting remove_default_node_pool to true.
    InstanceGroupUrls List<string>
    The resource URLs of the managed instance groups associated with this node pool.
    ManagedInstanceGroupUrls List<string>
    List of instance group URLs which have been assigned to this node pool.
    Management ClusterNodePoolManagement
    Node management configuration, wherein auto-repair and auto-upgrade is configured.
    MaxPodsPerNode int
    The maximum number of pods per node in this node pool. Note that this does not work on node pools which are "route-based" - that is, node pools belonging to clusters that do not have IP Aliasing enabled.
    Name string
    The name of the cluster, unique within the project and location.


    NamePrefix string
    Creates a unique name for the node pool beginning with the specified prefix. Conflicts with name.
    NetworkConfig ClusterNodePoolNetworkConfig
    Configuration for Adding Pod IP address ranges) to the node pool. Structure is documented below
    NodeConfig ClusterNodePoolNodeConfig
    Parameters used in creating the default node pool. Generally, this field should not be used at the same time as a gcp.container.NodePool or a node_pool block; this configuration manages the default node pool, which isn't recommended to be used. Structure is documented below.
    NodeCount int
    The number of nodes per instance group. This field can be used to update the number of nodes per instance group but should not be used alongside autoscaling.
    NodeLocations List<string>

    The list of zones in which the cluster's nodes are located. Nodes must be in the region of their regional cluster or in the same region as their cluster's zone for zonal clusters. If this is specified for a zonal cluster, omit the cluster's zone.

    A "multi-zonal" cluster is a zonal cluster with at least one additional zone defined; in a multi-zonal cluster, the cluster master is only present in a single zone while nodes are present in each of the primary zone and the node locations. In contrast, in a regional cluster, cluster master nodes are present in multiple zones in the region. For that reason, regional clusters should be preferred.

    PlacementPolicy ClusterNodePoolPlacementPolicy
    Specifies the node placement policy
    QueuedProvisioning ClusterNodePoolQueuedProvisioning
    Specifies the configuration of queued provisioning
    UpgradeSettings ClusterNodePoolUpgradeSettings
    Specify node upgrade settings to change how many nodes GKE attempts to upgrade at once. The number of nodes upgraded simultaneously is the sum of max_surge and max_unavailable. The maximum number of nodes upgraded simultaneously is limited to 20.
    Version string
    Autoscaling ClusterNodePoolAutoscaling
    Configuration required by cluster autoscaler to adjust the size of the node pool to the current cluster usage.
    InitialNodeCount int
    The number of nodes to create in this cluster's default node pool. In regional or multi-zonal clusters, this is the number of nodes per zone. Must be set if node_pool is not set. If you're using gcp.container.NodePool objects with no default node pool, you'll need to set this to a value of at least 1, alongside setting remove_default_node_pool to true.
    InstanceGroupUrls []string
    The resource URLs of the managed instance groups associated with this node pool.
    ManagedInstanceGroupUrls []string
    List of instance group URLs which have been assigned to this node pool.
    Management ClusterNodePoolManagement
    Node management configuration, wherein auto-repair and auto-upgrade is configured.
    MaxPodsPerNode int
    The maximum number of pods per node in this node pool. Note that this does not work on node pools which are "route-based" - that is, node pools belonging to clusters that do not have IP Aliasing enabled.
    Name string
    The name of the cluster, unique within the project and location.


    NamePrefix string
    Creates a unique name for the node pool beginning with the specified prefix. Conflicts with name.
    NetworkConfig ClusterNodePoolNetworkConfig
    Configuration for Adding Pod IP address ranges) to the node pool. Structure is documented below
    NodeConfig ClusterNodePoolNodeConfig
    Parameters used in creating the default node pool. Generally, this field should not be used at the same time as a gcp.container.NodePool or a node_pool block; this configuration manages the default node pool, which isn't recommended to be used. Structure is documented below.
    NodeCount int
    The number of nodes per instance group. This field can be used to update the number of nodes per instance group but should not be used alongside autoscaling.
    NodeLocations []string

    The list of zones in which the cluster's nodes are located. Nodes must be in the region of their regional cluster or in the same region as their cluster's zone for zonal clusters. If this is specified for a zonal cluster, omit the cluster's zone.

    A "multi-zonal" cluster is a zonal cluster with at least one additional zone defined; in a multi-zonal cluster, the cluster master is only present in a single zone while nodes are present in each of the primary zone and the node locations. In contrast, in a regional cluster, cluster master nodes are present in multiple zones in the region. For that reason, regional clusters should be preferred.

    PlacementPolicy ClusterNodePoolPlacementPolicy
    Specifies the node placement policy
    QueuedProvisioning ClusterNodePoolQueuedProvisioning
    Specifies the configuration of queued provisioning
    UpgradeSettings ClusterNodePoolUpgradeSettings
    Specify node upgrade settings to change how many nodes GKE attempts to upgrade at once. The number of nodes upgraded simultaneously is the sum of max_surge and max_unavailable. The maximum number of nodes upgraded simultaneously is limited to 20.
    Version string
    autoscaling ClusterNodePoolAutoscaling
    Configuration required by cluster autoscaler to adjust the size of the node pool to the current cluster usage.
    initialNodeCount Integer
    The number of nodes to create in this cluster's default node pool. In regional or multi-zonal clusters, this is the number of nodes per zone. Must be set if node_pool is not set. If you're using gcp.container.NodePool objects with no default node pool, you'll need to set this to a value of at least 1, alongside setting remove_default_node_pool to true.
    instanceGroupUrls List<String>
    The resource URLs of the managed instance groups associated with this node pool.
    managedInstanceGroupUrls List<String>
    List of instance group URLs which have been assigned to this node pool.
    management ClusterNodePoolManagement
    Node management configuration, wherein auto-repair and auto-upgrade is configured.
    maxPodsPerNode Integer
    The maximum number of pods per node in this node pool. Note that this does not work on node pools which are "route-based" - that is, node pools belonging to clusters that do not have IP Aliasing enabled.
    name String
    The name of the cluster, unique within the project and location.


    namePrefix String
    Creates a unique name for the node pool beginning with the specified prefix. Conflicts with name.
    networkConfig ClusterNodePoolNetworkConfig
    Configuration for Adding Pod IP address ranges) to the node pool. Structure is documented below
    nodeConfig ClusterNodePoolNodeConfig
    Parameters used in creating the default node pool. Generally, this field should not be used at the same time as a gcp.container.NodePool or a node_pool block; this configuration manages the default node pool, which isn't recommended to be used. Structure is documented below.
    nodeCount Integer
    The number of nodes per instance group. This field can be used to update the number of nodes per instance group but should not be used alongside autoscaling.
    nodeLocations List<String>

    The list of zones in which the cluster's nodes are located. Nodes must be in the region of their regional cluster or in the same region as their cluster's zone for zonal clusters. If this is specified for a zonal cluster, omit the cluster's zone.

    A "multi-zonal" cluster is a zonal cluster with at least one additional zone defined; in a multi-zonal cluster, the cluster master is only present in a single zone while nodes are present in each of the primary zone and the node locations. In contrast, in a regional cluster, cluster master nodes are present in multiple zones in the region. For that reason, regional clusters should be preferred.

    placementPolicy ClusterNodePoolPlacementPolicy
    Specifies the node placement policy
    queuedProvisioning ClusterNodePoolQueuedProvisioning
    Specifies the configuration of queued provisioning
    upgradeSettings ClusterNodePoolUpgradeSettings
    Specify node upgrade settings to change how many nodes GKE attempts to upgrade at once. The number of nodes upgraded simultaneously is the sum of max_surge and max_unavailable. The maximum number of nodes upgraded simultaneously is limited to 20.
    version String
    autoscaling ClusterNodePoolAutoscaling
    Configuration required by cluster autoscaler to adjust the size of the node pool to the current cluster usage.
    initialNodeCount number
    The number of nodes to create in this cluster's default node pool. In regional or multi-zonal clusters, this is the number of nodes per zone. Must be set if node_pool is not set. If you're using gcp.container.NodePool objects with no default node pool, you'll need to set this to a value of at least 1, alongside setting remove_default_node_pool to true.
    instanceGroupUrls string[]
    The resource URLs of the managed instance groups associated with this node pool.
    managedInstanceGroupUrls string[]
    List of instance group URLs which have been assigned to this node pool.
    management ClusterNodePoolManagement
    Node management configuration, wherein auto-repair and auto-upgrade is configured.
    maxPodsPerNode number
    The maximum number of pods per node in this node pool. Note that this does not work on node pools which are "route-based" - that is, node pools belonging to clusters that do not have IP Aliasing enabled.
    name string
    The name of the cluster, unique within the project and location.


    namePrefix string
    Creates a unique name for the node pool beginning with the specified prefix. Conflicts with name.
    networkConfig ClusterNodePoolNetworkConfig
    Configuration for Adding Pod IP address ranges) to the node pool. Structure is documented below
    nodeConfig ClusterNodePoolNodeConfig
    Parameters used in creating the default node pool. Generally, this field should not be used at the same time as a gcp.container.NodePool or a node_pool block; this configuration manages the default node pool, which isn't recommended to be used. Structure is documented below.
    nodeCount number
    The number of nodes per instance group. This field can be used to update the number of nodes per instance group but should not be used alongside autoscaling.
    nodeLocations string[]

    The list of zones in which the cluster's nodes are located. Nodes must be in the region of their regional cluster or in the same region as their cluster's zone for zonal clusters. If this is specified for a zonal cluster, omit the cluster's zone.

    A "multi-zonal" cluster is a zonal cluster with at least one additional zone defined; in a multi-zonal cluster, the cluster master is only present in a single zone while nodes are present in each of the primary zone and the node locations. In contrast, in a regional cluster, cluster master nodes are present in multiple zones in the region. For that reason, regional clusters should be preferred.

    placementPolicy ClusterNodePoolPlacementPolicy
    Specifies the node placement policy
    queuedProvisioning ClusterNodePoolQueuedProvisioning
    Specifies the configuration of queued provisioning
    upgradeSettings ClusterNodePoolUpgradeSettings
    Specify node upgrade settings to change how many nodes GKE attempts to upgrade at once. The number of nodes upgraded simultaneously is the sum of max_surge and max_unavailable. The maximum number of nodes upgraded simultaneously is limited to 20.
    version string
    autoscaling ClusterNodePoolAutoscaling
    Configuration required by cluster autoscaler to adjust the size of the node pool to the current cluster usage.
    initial_node_count int
    The number of nodes to create in this cluster's default node pool. In regional or multi-zonal clusters, this is the number of nodes per zone. Must be set if node_pool is not set. If you're using gcp.container.NodePool objects with no default node pool, you'll need to set this to a value of at least 1, alongside setting remove_default_node_pool to true.
    instance_group_urls Sequence[str]
    The resource URLs of the managed instance groups associated with this node pool.
    managed_instance_group_urls Sequence[str]
    List of instance group URLs which have been assigned to this node pool.
    management ClusterNodePoolManagement
    Node management configuration, wherein auto-repair and auto-upgrade is configured.
    max_pods_per_node int
    The maximum number of pods per node in this node pool. Note that this does not work on node pools which are "route-based" - that is, node pools belonging to clusters that do not have IP Aliasing enabled.
    name str
    The name of the cluster, unique within the project and location.


    name_prefix str
    Creates a unique name for the node pool beginning with the specified prefix. Conflicts with name.
    network_config ClusterNodePoolNetworkConfig
    Configuration for Adding Pod IP address ranges) to the node pool. Structure is documented below
    node_config ClusterNodePoolNodeConfig
    Parameters used in creating the default node pool. Generally, this field should not be used at the same time as a gcp.container.NodePool or a node_pool block; this configuration manages the default node pool, which isn't recommended to be used. Structure is documented below.
    node_count int
    The number of nodes per instance group. This field can be used to update the number of nodes per instance group but should not be used alongside autoscaling.
    node_locations Sequence[str]

    The list of zones in which the cluster's nodes are located. Nodes must be in the region of their regional cluster or in the same region as their cluster's zone for zonal clusters. If this is specified for a zonal cluster, omit the cluster's zone.

    A "multi-zonal" cluster is a zonal cluster with at least one additional zone defined; in a multi-zonal cluster, the cluster master is only present in a single zone while nodes are present in each of the primary zone and the node locations. In contrast, in a regional cluster, cluster master nodes are present in multiple zones in the region. For that reason, regional clusters should be preferred.

    placement_policy ClusterNodePoolPlacementPolicy
    Specifies the node placement policy
    queued_provisioning ClusterNodePoolQueuedProvisioning
    Specifies the configuration of queued provisioning
    upgrade_settings ClusterNodePoolUpgradeSettings
    Specify node upgrade settings to change how many nodes GKE attempts to upgrade at once. The number of nodes upgraded simultaneously is the sum of max_surge and max_unavailable. The maximum number of nodes upgraded simultaneously is limited to 20.
    version str
    autoscaling Property Map
    Configuration required by cluster autoscaler to adjust the size of the node pool to the current cluster usage.
    initialNodeCount Number
    The number of nodes to create in this cluster's default node pool. In regional or multi-zonal clusters, this is the number of nodes per zone. Must be set if node_pool is not set. If you're using gcp.container.NodePool objects with no default node pool, you'll need to set this to a value of at least 1, alongside setting remove_default_node_pool to true.
    instanceGroupUrls List<String>
    The resource URLs of the managed instance groups associated with this node pool.
    managedInstanceGroupUrls List<String>
    List of instance group URLs which have been assigned to this node pool.
    management Property Map
    Node management configuration, wherein auto-repair and auto-upgrade is configured.
    maxPodsPerNode Number
    The maximum number of pods per node in this node pool. Note that this does not work on node pools which are "route-based" - that is, node pools belonging to clusters that do not have IP Aliasing enabled.
    name String
    The name of the cluster, unique within the project and location.


    namePrefix String
    Creates a unique name for the node pool beginning with the specified prefix. Conflicts with name.
    networkConfig Property Map
    Configuration for Adding Pod IP address ranges) to the node pool. Structure is documented below
    nodeConfig Property Map
    Parameters used in creating the default node pool. Generally, this field should not be used at the same time as a gcp.container.NodePool or a node_pool block; this configuration manages the default node pool, which isn't recommended to be used. Structure is documented below.
    nodeCount Number
    The number of nodes per instance group. This field can be used to update the number of nodes per instance group but should not be used alongside autoscaling.
    nodeLocations List<String>

    The list of zones in which the cluster's nodes are located. Nodes must be in the region of their regional cluster or in the same region as their cluster's zone for zonal clusters. If this is specified for a zonal cluster, omit the cluster's zone.

    A "multi-zonal" cluster is a zonal cluster with at least one additional zone defined; in a multi-zonal cluster, the cluster master is only present in a single zone while nodes are present in each of the primary zone and the node locations. In contrast, in a regional cluster, cluster master nodes are present in multiple zones in the region. For that reason, regional clusters should be preferred.

    placementPolicy Property Map
    Specifies the node placement policy
    queuedProvisioning Property Map
    Specifies the configuration of queued provisioning
    upgradeSettings Property Map
    Specify node upgrade settings to change how many nodes GKE attempts to upgrade at once. The number of nodes upgraded simultaneously is the sum of max_surge and max_unavailable. The maximum number of nodes upgraded simultaneously is limited to 20.
    version String

    ClusterNodePoolAutoConfig, ClusterNodePoolAutoConfigArgs

    NetworkTags ClusterNodePoolAutoConfigNetworkTags
    The network tag config for the cluster's automatically provisioned node pools. Structure is documented below.
    NodeKubeletConfig ClusterNodePoolAutoConfigNodeKubeletConfig
    Kubelet configuration for Autopilot clusters. Currently, only insecure_kubelet_readonly_port_enabled is supported here. Structure is documented below.
    ResourceManagerTags Dictionary<string, string>
    A map of resource manager tag keys and values to be attached to the nodes for managing Compute Engine firewalls using Network Firewall Policies. Tags must be according to specifications found here. A maximum of 5 tag key-value pairs can be specified. Existing tags will be replaced with new values. Tags must be in one of the following formats ([KEY]=[VALUE]) 1. tagKeys/{tag_key_id}=tagValues/{tag_value_id} 2. {org_id}/{tag_key_name}={tag_value_name} 3. {project_id}/{tag_key_name}={tag_value_name}.
    NetworkTags ClusterNodePoolAutoConfigNetworkTags
    The network tag config for the cluster's automatically provisioned node pools. Structure is documented below.
    NodeKubeletConfig ClusterNodePoolAutoConfigNodeKubeletConfig
    Kubelet configuration for Autopilot clusters. Currently, only insecure_kubelet_readonly_port_enabled is supported here. Structure is documented below.
    ResourceManagerTags map[string]string
    A map of resource manager tag keys and values to be attached to the nodes for managing Compute Engine firewalls using Network Firewall Policies. Tags must be according to specifications found here. A maximum of 5 tag key-value pairs can be specified. Existing tags will be replaced with new values. Tags must be in one of the following formats ([KEY]=[VALUE]) 1. tagKeys/{tag_key_id}=tagValues/{tag_value_id} 2. {org_id}/{tag_key_name}={tag_value_name} 3. {project_id}/{tag_key_name}={tag_value_name}.
    networkTags ClusterNodePoolAutoConfigNetworkTags
    The network tag config for the cluster's automatically provisioned node pools. Structure is documented below.
    nodeKubeletConfig ClusterNodePoolAutoConfigNodeKubeletConfig
    Kubelet configuration for Autopilot clusters. Currently, only insecure_kubelet_readonly_port_enabled is supported here. Structure is documented below.
    resourceManagerTags Map<String,String>
    A map of resource manager tag keys and values to be attached to the nodes for managing Compute Engine firewalls using Network Firewall Policies. Tags must be according to specifications found here. A maximum of 5 tag key-value pairs can be specified. Existing tags will be replaced with new values. Tags must be in one of the following formats ([KEY]=[VALUE]) 1. tagKeys/{tag_key_id}=tagValues/{tag_value_id} 2. {org_id}/{tag_key_name}={tag_value_name} 3. {project_id}/{tag_key_name}={tag_value_name}.
    networkTags ClusterNodePoolAutoConfigNetworkTags
    The network tag config for the cluster's automatically provisioned node pools. Structure is documented below.
    nodeKubeletConfig ClusterNodePoolAutoConfigNodeKubeletConfig
    Kubelet configuration for Autopilot clusters. Currently, only insecure_kubelet_readonly_port_enabled is supported here. Structure is documented below.
    resourceManagerTags {[key: string]: string}
    A map of resource manager tag keys and values to be attached to the nodes for managing Compute Engine firewalls using Network Firewall Policies. Tags must be according to specifications found here. A maximum of 5 tag key-value pairs can be specified. Existing tags will be replaced with new values. Tags must be in one of the following formats ([KEY]=[VALUE]) 1. tagKeys/{tag_key_id}=tagValues/{tag_value_id} 2. {org_id}/{tag_key_name}={tag_value_name} 3. {project_id}/{tag_key_name}={tag_value_name}.
    network_tags ClusterNodePoolAutoConfigNetworkTags
    The network tag config for the cluster's automatically provisioned node pools. Structure is documented below.
    node_kubelet_config ClusterNodePoolAutoConfigNodeKubeletConfig
    Kubelet configuration for Autopilot clusters. Currently, only insecure_kubelet_readonly_port_enabled is supported here. Structure is documented below.
    resource_manager_tags Mapping[str, str]
    A map of resource manager tag keys and values to be attached to the nodes for managing Compute Engine firewalls using Network Firewall Policies. Tags must be according to specifications found here. A maximum of 5 tag key-value pairs can be specified. Existing tags will be replaced with new values. Tags must be in one of the following formats ([KEY]=[VALUE]) 1. tagKeys/{tag_key_id}=tagValues/{tag_value_id} 2. {org_id}/{tag_key_name}={tag_value_name} 3. {project_id}/{tag_key_name}={tag_value_name}.
    networkTags Property Map
    The network tag config for the cluster's automatically provisioned node pools. Structure is documented below.
    nodeKubeletConfig Property Map
    Kubelet configuration for Autopilot clusters. Currently, only insecure_kubelet_readonly_port_enabled is supported here. Structure is documented below.
    resourceManagerTags Map<String>
    A map of resource manager tag keys and values to be attached to the nodes for managing Compute Engine firewalls using Network Firewall Policies. Tags must be according to specifications found here. A maximum of 5 tag key-value pairs can be specified. Existing tags will be replaced with new values. Tags must be in one of the following formats ([KEY]=[VALUE]) 1. tagKeys/{tag_key_id}=tagValues/{tag_value_id} 2. {org_id}/{tag_key_name}={tag_value_name} 3. {project_id}/{tag_key_name}={tag_value_name}.

    ClusterNodePoolAutoConfigNetworkTags, ClusterNodePoolAutoConfigNetworkTagsArgs

    Tags List<string>
    List of network tags applied to auto-provisioned node pools.
    Tags []string
    List of network tags applied to auto-provisioned node pools.
    tags List<String>
    List of network tags applied to auto-provisioned node pools.
    tags string[]
    List of network tags applied to auto-provisioned node pools.
    tags Sequence[str]
    List of network tags applied to auto-provisioned node pools.
    tags List<String>
    List of network tags applied to auto-provisioned node pools.

    ClusterNodePoolAutoConfigNodeKubeletConfig, ClusterNodePoolAutoConfigNodeKubeletConfigArgs

    InsecureKubeletReadonlyPortEnabled string
    Controls whether the kubelet read-only port is enabled. It is strongly recommended to set this to FALSE. Possible values: TRUE, FALSE.
    InsecureKubeletReadonlyPortEnabled string
    Controls whether the kubelet read-only port is enabled. It is strongly recommended to set this to FALSE. Possible values: TRUE, FALSE.
    insecureKubeletReadonlyPortEnabled String
    Controls whether the kubelet read-only port is enabled. It is strongly recommended to set this to FALSE. Possible values: TRUE, FALSE.
    insecureKubeletReadonlyPortEnabled string
    Controls whether the kubelet read-only port is enabled. It is strongly recommended to set this to FALSE. Possible values: TRUE, FALSE.
    insecure_kubelet_readonly_port_enabled str
    Controls whether the kubelet read-only port is enabled. It is strongly recommended to set this to FALSE. Possible values: TRUE, FALSE.
    insecureKubeletReadonlyPortEnabled String
    Controls whether the kubelet read-only port is enabled. It is strongly recommended to set this to FALSE. Possible values: TRUE, FALSE.

    ClusterNodePoolAutoscaling, ClusterNodePoolAutoscalingArgs

    LocationPolicy string
    Location policy specifies the algorithm used when scaling-up the node pool. "BALANCED" - Is a best effort policy that aims to balance the sizes of available zones. "ANY" - Instructs the cluster autoscaler to prioritize utilization of unused reservations, and reduces preemption risk for Spot VMs.
    MaxNodeCount int
    Maximum number of nodes per zone in the node pool. Must be >= min_node_count. Cannot be used with total limits.
    MinNodeCount int
    Minimum number of nodes per zone in the node pool. Must be >=0 and <= max_node_count. Cannot be used with total limits.
    TotalMaxNodeCount int
    Maximum number of all nodes in the node pool. Must be >= total_min_node_count. Cannot be used with per zone limits.
    TotalMinNodeCount int
    Minimum number of all nodes in the node pool. Must be >=0 and <= total_max_node_count. Cannot be used with per zone limits.
    LocationPolicy string
    Location policy specifies the algorithm used when scaling-up the node pool. "BALANCED" - Is a best effort policy that aims to balance the sizes of available zones. "ANY" - Instructs the cluster autoscaler to prioritize utilization of unused reservations, and reduces preemption risk for Spot VMs.
    MaxNodeCount int
    Maximum number of nodes per zone in the node pool. Must be >= min_node_count. Cannot be used with total limits.
    MinNodeCount int
    Minimum number of nodes per zone in the node pool. Must be >=0 and <= max_node_count. Cannot be used with total limits.
    TotalMaxNodeCount int
    Maximum number of all nodes in the node pool. Must be >= total_min_node_count. Cannot be used with per zone limits.
    TotalMinNodeCount int
    Minimum number of all nodes in the node pool. Must be >=0 and <= total_max_node_count. Cannot be used with per zone limits.
    locationPolicy String
    Location policy specifies the algorithm used when scaling-up the node pool. "BALANCED" - Is a best effort policy that aims to balance the sizes of available zones. "ANY" - Instructs the cluster autoscaler to prioritize utilization of unused reservations, and reduces preemption risk for Spot VMs.
    maxNodeCount Integer
    Maximum number of nodes per zone in the node pool. Must be >= min_node_count. Cannot be used with total limits.
    minNodeCount Integer
    Minimum number of nodes per zone in the node pool. Must be >=0 and <= max_node_count. Cannot be used with total limits.
    totalMaxNodeCount Integer
    Maximum number of all nodes in the node pool. Must be >= total_min_node_count. Cannot be used with per zone limits.
    totalMinNodeCount Integer
    Minimum number of all nodes in the node pool. Must be >=0 and <= total_max_node_count. Cannot be used with per zone limits.
    locationPolicy string
    Location policy specifies the algorithm used when scaling-up the node pool. "BALANCED" - Is a best effort policy that aims to balance the sizes of available zones. "ANY" - Instructs the cluster autoscaler to prioritize utilization of unused reservations, and reduces preemption risk for Spot VMs.
    maxNodeCount number
    Maximum number of nodes per zone in the node pool. Must be >= min_node_count. Cannot be used with total limits.
    minNodeCount number
    Minimum number of nodes per zone in the node pool. Must be >=0 and <= max_node_count. Cannot be used with total limits.
    totalMaxNodeCount number
    Maximum number of all nodes in the node pool. Must be >= total_min_node_count. Cannot be used with per zone limits.
    totalMinNodeCount number
    Minimum number of all nodes in the node pool. Must be >=0 and <= total_max_node_count. Cannot be used with per zone limits.
    location_policy str
    Location policy specifies the algorithm used when scaling-up the node pool. "BALANCED" - Is a best effort policy that aims to balance the sizes of available zones. "ANY" - Instructs the cluster autoscaler to prioritize utilization of unused reservations, and reduces preemption risk for Spot VMs.
    max_node_count int
    Maximum number of nodes per zone in the node pool. Must be >= min_node_count. Cannot be used with total limits.
    min_node_count int
    Minimum number of nodes per zone in the node pool. Must be >=0 and <= max_node_count. Cannot be used with total limits.
    total_max_node_count int
    Maximum number of all nodes in the node pool. Must be >= total_min_node_count. Cannot be used with per zone limits.
    total_min_node_count int
    Minimum number of all nodes in the node pool. Must be >=0 and <= total_max_node_count. Cannot be used with per zone limits.
    locationPolicy String
    Location policy specifies the algorithm used when scaling-up the node pool. "BALANCED" - Is a best effort policy that aims to balance the sizes of available zones. "ANY" - Instructs the cluster autoscaler to prioritize utilization of unused reservations, and reduces preemption risk for Spot VMs.
    maxNodeCount Number
    Maximum number of nodes per zone in the node pool. Must be >= min_node_count. Cannot be used with total limits.
    minNodeCount Number
    Minimum number of nodes per zone in the node pool. Must be >=0 and <= max_node_count. Cannot be used with total limits.
    totalMaxNodeCount Number
    Maximum number of all nodes in the node pool. Must be >= total_min_node_count. Cannot be used with per zone limits.
    totalMinNodeCount Number
    Minimum number of all nodes in the node pool. Must be >=0 and <= total_max_node_count. Cannot be used with per zone limits.

    ClusterNodePoolDefaults, ClusterNodePoolDefaultsArgs

    NodeConfigDefaults ClusterNodePoolDefaultsNodeConfigDefaults
    Subset of NodeConfig message that has defaults.
    NodeConfigDefaults ClusterNodePoolDefaultsNodeConfigDefaults
    Subset of NodeConfig message that has defaults.
    nodeConfigDefaults ClusterNodePoolDefaultsNodeConfigDefaults
    Subset of NodeConfig message that has defaults.
    nodeConfigDefaults ClusterNodePoolDefaultsNodeConfigDefaults
    Subset of NodeConfig message that has defaults.
    node_config_defaults ClusterNodePoolDefaultsNodeConfigDefaults
    Subset of NodeConfig message that has defaults.
    nodeConfigDefaults Property Map
    Subset of NodeConfig message that has defaults.

    ClusterNodePoolDefaultsNodeConfigDefaults, ClusterNodePoolDefaultsNodeConfigDefaultsArgs

    ContainerdConfig ClusterNodePoolDefaultsNodeConfigDefaultsContainerdConfig
    Parameters for containerd configuration.
    GcfsConfig ClusterNodePoolDefaultsNodeConfigDefaultsGcfsConfig
    The default Google Container Filesystem (GCFS) configuration at the cluster level. e.g. enable image streaming across all the node pools within the cluster. Structure is documented below.
    InsecureKubeletReadonlyPortEnabled string
    Controls whether the kubelet read-only port is enabled for newly created node pools in the cluster. It is strongly recommended to set this to FALSE. Possible values: TRUE, FALSE.
    LoggingVariant string
    The type of logging agent that is deployed by default for newly created node pools in the cluster. Valid values include DEFAULT and MAX_THROUGHPUT. See Increasing logging agent throughput for more information.
    ContainerdConfig ClusterNodePoolDefaultsNodeConfigDefaultsContainerdConfig
    Parameters for containerd configuration.
    GcfsConfig ClusterNodePoolDefaultsNodeConfigDefaultsGcfsConfig
    The default Google Container Filesystem (GCFS) configuration at the cluster level. e.g. enable image streaming across all the node pools within the cluster. Structure is documented below.
    InsecureKubeletReadonlyPortEnabled string
    Controls whether the kubelet read-only port is enabled for newly created node pools in the cluster. It is strongly recommended to set this to FALSE. Possible values: TRUE, FALSE.
    LoggingVariant string
    The type of logging agent that is deployed by default for newly created node pools in the cluster. Valid values include DEFAULT and MAX_THROUGHPUT. See Increasing logging agent throughput for more information.
    containerdConfig ClusterNodePoolDefaultsNodeConfigDefaultsContainerdConfig
    Parameters for containerd configuration.
    gcfsConfig ClusterNodePoolDefaultsNodeConfigDefaultsGcfsConfig
    The default Google Container Filesystem (GCFS) configuration at the cluster level. e.g. enable image streaming across all the node pools within the cluster. Structure is documented below.
    insecureKubeletReadonlyPortEnabled String
    Controls whether the kubelet read-only port is enabled for newly created node pools in the cluster. It is strongly recommended to set this to FALSE. Possible values: TRUE, FALSE.
    loggingVariant String
    The type of logging agent that is deployed by default for newly created node pools in the cluster. Valid values include DEFAULT and MAX_THROUGHPUT. See Increasing logging agent throughput for more information.
    containerdConfig ClusterNodePoolDefaultsNodeConfigDefaultsContainerdConfig
    Parameters for containerd configuration.
    gcfsConfig ClusterNodePoolDefaultsNodeConfigDefaultsGcfsConfig
    The default Google Container Filesystem (GCFS) configuration at the cluster level. e.g. enable image streaming across all the node pools within the cluster. Structure is documented below.
    insecureKubeletReadonlyPortEnabled string
    Controls whether the kubelet read-only port is enabled for newly created node pools in the cluster. It is strongly recommended to set this to FALSE. Possible values: TRUE, FALSE.
    loggingVariant string
    The type of logging agent that is deployed by default for newly created node pools in the cluster. Valid values include DEFAULT and MAX_THROUGHPUT. See Increasing logging agent throughput for more information.
    containerd_config ClusterNodePoolDefaultsNodeConfigDefaultsContainerdConfig
    Parameters for containerd configuration.
    gcfs_config ClusterNodePoolDefaultsNodeConfigDefaultsGcfsConfig
    The default Google Container Filesystem (GCFS) configuration at the cluster level. e.g. enable image streaming across all the node pools within the cluster. Structure is documented below.
    insecure_kubelet_readonly_port_enabled str
    Controls whether the kubelet read-only port is enabled for newly created node pools in the cluster. It is strongly recommended to set this to FALSE. Possible values: TRUE, FALSE.
    logging_variant str
    The type of logging agent that is deployed by default for newly created node pools in the cluster. Valid values include DEFAULT and MAX_THROUGHPUT. See Increasing logging agent throughput for more information.
    containerdConfig Property Map
    Parameters for containerd configuration.
    gcfsConfig Property Map
    The default Google Container Filesystem (GCFS) configuration at the cluster level. e.g. enable image streaming across all the node pools within the cluster. Structure is documented below.
    insecureKubeletReadonlyPortEnabled String
    Controls whether the kubelet read-only port is enabled for newly created node pools in the cluster. It is strongly recommended to set this to FALSE. Possible values: TRUE, FALSE.
    loggingVariant String
    The type of logging agent that is deployed by default for newly created node pools in the cluster. Valid values include DEFAULT and MAX_THROUGHPUT. See Increasing logging agent throughput for more information.

    ClusterNodePoolDefaultsNodeConfigDefaultsContainerdConfig, ClusterNodePoolDefaultsNodeConfigDefaultsContainerdConfigArgs

    PrivateRegistryAccessConfig ClusterNodePoolDefaultsNodeConfigDefaultsContainerdConfigPrivateRegistryAccessConfig
    Configuration for private container registries. There are two fields in this config:
    PrivateRegistryAccessConfig ClusterNodePoolDefaultsNodeConfigDefaultsContainerdConfigPrivateRegistryAccessConfig
    Configuration for private container registries. There are two fields in this config:
    privateRegistryAccessConfig ClusterNodePoolDefaultsNodeConfigDefaultsContainerdConfigPrivateRegistryAccessConfig
    Configuration for private container registries. There are two fields in this config:
    privateRegistryAccessConfig ClusterNodePoolDefaultsNodeConfigDefaultsContainerdConfigPrivateRegistryAccessConfig
    Configuration for private container registries. There are two fields in this config:
    private_registry_access_config ClusterNodePoolDefaultsNodeConfigDefaultsContainerdConfigPrivateRegistryAccessConfig
    Configuration for private container registries. There are two fields in this config:
    privateRegistryAccessConfig Property Map
    Configuration for private container registries. There are two fields in this config:

    ClusterNodePoolDefaultsNodeConfigDefaultsContainerdConfigPrivateRegistryAccessConfig, ClusterNodePoolDefaultsNodeConfigDefaultsContainerdConfigPrivateRegistryAccessConfigArgs

    Enabled bool
    Enables private registry config. If set to false, all other fields in this object must not be set.
    CertificateAuthorityDomainConfigs List<ClusterNodePoolDefaultsNodeConfigDefaultsContainerdConfigPrivateRegistryAccessConfigCertificateAuthorityDomainConfig>
    List of configuration objects for CA and domains. Each object identifies a certificate and its assigned domains. See how to configure for private container registries for more detail. Example:
    Enabled bool
    Enables private registry config. If set to false, all other fields in this object must not be set.
    CertificateAuthorityDomainConfigs []ClusterNodePoolDefaultsNodeConfigDefaultsContainerdConfigPrivateRegistryAccessConfigCertificateAuthorityDomainConfig
    List of configuration objects for CA and domains. Each object identifies a certificate and its assigned domains. See how to configure for private container registries for more detail. Example:
    enabled Boolean
    Enables private registry config. If set to false, all other fields in this object must not be set.
    certificateAuthorityDomainConfigs List<ClusterNodePoolDefaultsNodeConfigDefaultsContainerdConfigPrivateRegistryAccessConfigCertificateAuthorityDomainConfig>
    List of configuration objects for CA and domains. Each object identifies a certificate and its assigned domains. See how to configure for private container registries for more detail. Example:
    enabled boolean
    Enables private registry config. If set to false, all other fields in this object must not be set.
    certificateAuthorityDomainConfigs ClusterNodePoolDefaultsNodeConfigDefaultsContainerdConfigPrivateRegistryAccessConfigCertificateAuthorityDomainConfig[]
    List of configuration objects for CA and domains. Each object identifies a certificate and its assigned domains. See how to configure for private container registries for more detail. Example:
    enabled bool
    Enables private registry config. If set to false, all other fields in this object must not be set.
    certificate_authority_domain_configs Sequence[ClusterNodePoolDefaultsNodeConfigDefaultsContainerdConfigPrivateRegistryAccessConfigCertificateAuthorityDomainConfig]
    List of configuration objects for CA and domains. Each object identifies a certificate and its assigned domains. See how to configure for private container registries for more detail. Example:
    enabled Boolean
    Enables private registry config. If set to false, all other fields in this object must not be set.
    certificateAuthorityDomainConfigs List<Property Map>
    List of configuration objects for CA and domains. Each object identifies a certificate and its assigned domains. See how to configure for private container registries for more detail. Example:

    ClusterNodePoolDefaultsNodeConfigDefaultsContainerdConfigPrivateRegistryAccessConfigCertificateAuthorityDomainConfig, ClusterNodePoolDefaultsNodeConfigDefaultsContainerdConfigPrivateRegistryAccessConfigCertificateAuthorityDomainConfigArgs

    Fqdns List<string>
    List of fully-qualified-domain-names. IPv4s and port specification are supported.
    GcpSecretManagerCertificateConfig ClusterNodePoolDefaultsNodeConfigDefaultsContainerdConfigPrivateRegistryAccessConfigCertificateAuthorityDomainConfigGcpSecretManagerCertificateConfig
    Parameters for configuring a certificate hosted in GCP SecretManager.
    Fqdns []string
    List of fully-qualified-domain-names. IPv4s and port specification are supported.
    GcpSecretManagerCertificateConfig ClusterNodePoolDefaultsNodeConfigDefaultsContainerdConfigPrivateRegistryAccessConfigCertificateAuthorityDomainConfigGcpSecretManagerCertificateConfig
    Parameters for configuring a certificate hosted in GCP SecretManager.
    fqdns List<String>
    List of fully-qualified-domain-names. IPv4s and port specification are supported.
    gcpSecretManagerCertificateConfig ClusterNodePoolDefaultsNodeConfigDefaultsContainerdConfigPrivateRegistryAccessConfigCertificateAuthorityDomainConfigGcpSecretManagerCertificateConfig
    Parameters for configuring a certificate hosted in GCP SecretManager.
    fqdns string[]
    List of fully-qualified-domain-names. IPv4s and port specification are supported.
    gcpSecretManagerCertificateConfig ClusterNodePoolDefaultsNodeConfigDefaultsContainerdConfigPrivateRegistryAccessConfigCertificateAuthorityDomainConfigGcpSecretManagerCertificateConfig
    Parameters for configuring a certificate hosted in GCP SecretManager.
    fqdns Sequence[str]
    List of fully-qualified-domain-names. IPv4s and port specification are supported.
    gcp_secret_manager_certificate_config ClusterNodePoolDefaultsNodeConfigDefaultsContainerdConfigPrivateRegistryAccessConfigCertificateAuthorityDomainConfigGcpSecretManagerCertificateConfig
    Parameters for configuring a certificate hosted in GCP SecretManager.
    fqdns List<String>
    List of fully-qualified-domain-names. IPv4s and port specification are supported.
    gcpSecretManagerCertificateConfig Property Map
    Parameters for configuring a certificate hosted in GCP SecretManager.

    ClusterNodePoolDefaultsNodeConfigDefaultsContainerdConfigPrivateRegistryAccessConfigCertificateAuthorityDomainConfigGcpSecretManagerCertificateConfig, ClusterNodePoolDefaultsNodeConfigDefaultsContainerdConfigPrivateRegistryAccessConfigCertificateAuthorityDomainConfigGcpSecretManagerCertificateConfigArgs

    SecretUri string
    URI for the secret that hosts a certificate. Must be in the format 'projects/PROJECT_NUM/secrets/SECRET_NAME/versions/VERSION_OR_LATEST'.
    SecretUri string
    URI for the secret that hosts a certificate. Must be in the format 'projects/PROJECT_NUM/secrets/SECRET_NAME/versions/VERSION_OR_LATEST'.
    secretUri String
    URI for the secret that hosts a certificate. Must be in the format 'projects/PROJECT_NUM/secrets/SECRET_NAME/versions/VERSION_OR_LATEST'.
    secretUri string
    URI for the secret that hosts a certificate. Must be in the format 'projects/PROJECT_NUM/secrets/SECRET_NAME/versions/VERSION_OR_LATEST'.
    secret_uri str
    URI for the secret that hosts a certificate. Must be in the format 'projects/PROJECT_NUM/secrets/SECRET_NAME/versions/VERSION_OR_LATEST'.
    secretUri String
    URI for the secret that hosts a certificate. Must be in the format 'projects/PROJECT_NUM/secrets/SECRET_NAME/versions/VERSION_OR_LATEST'.

    ClusterNodePoolDefaultsNodeConfigDefaultsGcfsConfig, ClusterNodePoolDefaultsNodeConfigDefaultsGcfsConfigArgs

    Enabled bool
    Whether or not the Google Container Filesystem (GCFS) is enabled
    Enabled bool
    Whether or not the Google Container Filesystem (GCFS) is enabled
    enabled Boolean
    Whether or not the Google Container Filesystem (GCFS) is enabled
    enabled boolean
    Whether or not the Google Container Filesystem (GCFS) is enabled
    enabled bool
    Whether or not the Google Container Filesystem (GCFS) is enabled
    enabled Boolean
    Whether or not the Google Container Filesystem (GCFS) is enabled

    ClusterNodePoolManagement, ClusterNodePoolManagementArgs

    AutoRepair bool

    Specifies whether the node auto-repair is enabled for the node pool. If enabled, the nodes in this node pool will be monitored and, if they fail health checks too many times, an automatic repair action will be triggered.

    This block also contains several computed attributes, documented below.

    AutoUpgrade bool
    Specifies whether node auto-upgrade is enabled for the node pool. If enabled, node auto-upgrade helps keep the nodes in your node pool up to date with the latest release version of Kubernetes.
    AutoRepair bool

    Specifies whether the node auto-repair is enabled for the node pool. If enabled, the nodes in this node pool will be monitored and, if they fail health checks too many times, an automatic repair action will be triggered.

    This block also contains several computed attributes, documented below.

    AutoUpgrade bool
    Specifies whether node auto-upgrade is enabled for the node pool. If enabled, node auto-upgrade helps keep the nodes in your node pool up to date with the latest release version of Kubernetes.
    autoRepair Boolean

    Specifies whether the node auto-repair is enabled for the node pool. If enabled, the nodes in this node pool will be monitored and, if they fail health checks too many times, an automatic repair action will be triggered.

    This block also contains several computed attributes, documented below.

    autoUpgrade Boolean
    Specifies whether node auto-upgrade is enabled for the node pool. If enabled, node auto-upgrade helps keep the nodes in your node pool up to date with the latest release version of Kubernetes.
    autoRepair boolean

    Specifies whether the node auto-repair is enabled for the node pool. If enabled, the nodes in this node pool will be monitored and, if they fail health checks too many times, an automatic repair action will be triggered.

    This block also contains several computed attributes, documented below.

    autoUpgrade boolean
    Specifies whether node auto-upgrade is enabled for the node pool. If enabled, node auto-upgrade helps keep the nodes in your node pool up to date with the latest release version of Kubernetes.
    auto_repair bool

    Specifies whether the node auto-repair is enabled for the node pool. If enabled, the nodes in this node pool will be monitored and, if they fail health checks too many times, an automatic repair action will be triggered.

    This block also contains several computed attributes, documented below.

    auto_upgrade bool
    Specifies whether node auto-upgrade is enabled for the node pool. If enabled, node auto-upgrade helps keep the nodes in your node pool up to date with the latest release version of Kubernetes.
    autoRepair Boolean

    Specifies whether the node auto-repair is enabled for the node pool. If enabled, the nodes in this node pool will be monitored and, if they fail health checks too many times, an automatic repair action will be triggered.

    This block also contains several computed attributes, documented below.

    autoUpgrade Boolean
    Specifies whether node auto-upgrade is enabled for the node pool. If enabled, node auto-upgrade helps keep the nodes in your node pool up to date with the latest release version of Kubernetes.

    ClusterNodePoolNetworkConfig, ClusterNodePoolNetworkConfigArgs

    AdditionalNodeNetworkConfigs List<ClusterNodePoolNetworkConfigAdditionalNodeNetworkConfig>
    We specify the additional node networks for this node pool using this list. Each node network corresponds to an additional interface
    AdditionalPodNetworkConfigs List<ClusterNodePoolNetworkConfigAdditionalPodNetworkConfig>
    We specify the additional pod networks for this node pool using this list. Each pod network corresponds to an additional alias IP range for the node
    CreatePodRange bool
    Whether to create a new range for pod IPs in this node pool. Defaults are provided for pod_range and pod_ipv4_cidr_block if they are not specified.
    EnablePrivateNodes bool
    Whether nodes have internal IP addresses only.
    NetworkPerformanceConfig ClusterNodePoolNetworkConfigNetworkPerformanceConfig
    Network bandwidth tier configuration.
    PodCidrOverprovisionConfig ClusterNodePoolNetworkConfigPodCidrOverprovisionConfig
    Configuration for node-pool level pod cidr overprovision. If not set, the cluster level setting will be inherited
    PodIpv4CidrBlock string
    The IP address range for pod IPs in this node pool. Only applicable if createPodRange is true. Set to blank to have a range chosen with the default size. Set to /netmask (e.g. /14) to have a range chosen with a specific netmask. Set to a CIDR notation (e.g. 10.96.0.0/14) to pick a specific range to use.
    PodRange string
    The ID of the secondary range for pod IPs. If create_pod_range is true, this ID is used for the new range. If create_pod_range is false, uses an existing secondary range with this ID.
    AdditionalNodeNetworkConfigs []ClusterNodePoolNetworkConfigAdditionalNodeNetworkConfig
    We specify the additional node networks for this node pool using this list. Each node network corresponds to an additional interface
    AdditionalPodNetworkConfigs []ClusterNodePoolNetworkConfigAdditionalPodNetworkConfig
    We specify the additional pod networks for this node pool using this list. Each pod network corresponds to an additional alias IP range for the node
    CreatePodRange bool
    Whether to create a new range for pod IPs in this node pool. Defaults are provided for pod_range and pod_ipv4_cidr_block if they are not specified.
    EnablePrivateNodes bool
    Whether nodes have internal IP addresses only.
    NetworkPerformanceConfig ClusterNodePoolNetworkConfigNetworkPerformanceConfig
    Network bandwidth tier configuration.
    PodCidrOverprovisionConfig ClusterNodePoolNetworkConfigPodCidrOverprovisionConfig
    Configuration for node-pool level pod cidr overprovision. If not set, the cluster level setting will be inherited
    PodIpv4CidrBlock string
    The IP address range for pod IPs in this node pool. Only applicable if createPodRange is true. Set to blank to have a range chosen with the default size. Set to /netmask (e.g. /14) to have a range chosen with a specific netmask. Set to a CIDR notation (e.g. 10.96.0.0/14) to pick a specific range to use.
    PodRange string
    The ID of the secondary range for pod IPs. If create_pod_range is true, this ID is used for the new range. If create_pod_range is false, uses an existing secondary range with this ID.
    additionalNodeNetworkConfigs List<ClusterNodePoolNetworkConfigAdditionalNodeNetworkConfig>
    We specify the additional node networks for this node pool using this list. Each node network corresponds to an additional interface
    additionalPodNetworkConfigs List<ClusterNodePoolNetworkConfigAdditionalPodNetworkConfig>
    We specify the additional pod networks for this node pool using this list. Each pod network corresponds to an additional alias IP range for the node
    createPodRange Boolean
    Whether to create a new range for pod IPs in this node pool. Defaults are provided for pod_range and pod_ipv4_cidr_block if they are not specified.
    enablePrivateNodes Boolean
    Whether nodes have internal IP addresses only.
    networkPerformanceConfig ClusterNodePoolNetworkConfigNetworkPerformanceConfig
    Network bandwidth tier configuration.
    podCidrOverprovisionConfig ClusterNodePoolNetworkConfigPodCidrOverprovisionConfig
    Configuration for node-pool level pod cidr overprovision. If not set, the cluster level setting will be inherited
    podIpv4CidrBlock String
    The IP address range for pod IPs in this node pool. Only applicable if createPodRange is true. Set to blank to have a range chosen with the default size. Set to /netmask (e.g. /14) to have a range chosen with a specific netmask. Set to a CIDR notation (e.g. 10.96.0.0/14) to pick a specific range to use.
    podRange String
    The ID of the secondary range for pod IPs. If create_pod_range is true, this ID is used for the new range. If create_pod_range is false, uses an existing secondary range with this ID.
    additionalNodeNetworkConfigs ClusterNodePoolNetworkConfigAdditionalNodeNetworkConfig[]
    We specify the additional node networks for this node pool using this list. Each node network corresponds to an additional interface
    additionalPodNetworkConfigs ClusterNodePoolNetworkConfigAdditionalPodNetworkConfig[]
    We specify the additional pod networks for this node pool using this list. Each pod network corresponds to an additional alias IP range for the node
    createPodRange boolean
    Whether to create a new range for pod IPs in this node pool. Defaults are provided for pod_range and pod_ipv4_cidr_block if they are not specified.
    enablePrivateNodes boolean
    Whether nodes have internal IP addresses only.
    networkPerformanceConfig ClusterNodePoolNetworkConfigNetworkPerformanceConfig
    Network bandwidth tier configuration.
    podCidrOverprovisionConfig ClusterNodePoolNetworkConfigPodCidrOverprovisionConfig
    Configuration for node-pool level pod cidr overprovision. If not set, the cluster level setting will be inherited
    podIpv4CidrBlock string
    The IP address range for pod IPs in this node pool. Only applicable if createPodRange is true. Set to blank to have a range chosen with the default size. Set to /netmask (e.g. /14) to have a range chosen with a specific netmask. Set to a CIDR notation (e.g. 10.96.0.0/14) to pick a specific range to use.
    podRange string
    The ID of the secondary range for pod IPs. If create_pod_range is true, this ID is used for the new range. If create_pod_range is false, uses an existing secondary range with this ID.
    additional_node_network_configs Sequence[ClusterNodePoolNetworkConfigAdditionalNodeNetworkConfig]
    We specify the additional node networks for this node pool using this list. Each node network corresponds to an additional interface
    additional_pod_network_configs Sequence[ClusterNodePoolNetworkConfigAdditionalPodNetworkConfig]
    We specify the additional pod networks for this node pool using this list. Each pod network corresponds to an additional alias IP range for the node
    create_pod_range bool
    Whether to create a new range for pod IPs in this node pool. Defaults are provided for pod_range and pod_ipv4_cidr_block if they are not specified.
    enable_private_nodes bool
    Whether nodes have internal IP addresses only.
    network_performance_config ClusterNodePoolNetworkConfigNetworkPerformanceConfig
    Network bandwidth tier configuration.
    pod_cidr_overprovision_config ClusterNodePoolNetworkConfigPodCidrOverprovisionConfig
    Configuration for node-pool level pod cidr overprovision. If not set, the cluster level setting will be inherited
    pod_ipv4_cidr_block str
    The IP address range for pod IPs in this node pool. Only applicable if createPodRange is true. Set to blank to have a range chosen with the default size. Set to /netmask (e.g. /14) to have a range chosen with a specific netmask. Set to a CIDR notation (e.g. 10.96.0.0/14) to pick a specific range to use.
    pod_range str
    The ID of the secondary range for pod IPs. If create_pod_range is true, this ID is used for the new range. If create_pod_range is false, uses an existing secondary range with this ID.
    additionalNodeNetworkConfigs List<Property Map>
    We specify the additional node networks for this node pool using this list. Each node network corresponds to an additional interface
    additionalPodNetworkConfigs List<Property Map>
    We specify the additional pod networks for this node pool using this list. Each pod network corresponds to an additional alias IP range for the node
    createPodRange Boolean
    Whether to create a new range for pod IPs in this node pool. Defaults are provided for pod_range and pod_ipv4_cidr_block if they are not specified.
    enablePrivateNodes Boolean
    Whether nodes have internal IP addresses only.
    networkPerformanceConfig Property Map
    Network bandwidth tier configuration.
    podCidrOverprovisionConfig Property Map
    Configuration for node-pool level pod cidr overprovision. If not set, the cluster level setting will be inherited
    podIpv4CidrBlock String
    The IP address range for pod IPs in this node pool. Only applicable if createPodRange is true. Set to blank to have a range chosen with the default size. Set to /netmask (e.g. /14) to have a range chosen with a specific netmask. Set to a CIDR notation (e.g. 10.96.0.0/14) to pick a specific range to use.
    podRange String
    The ID of the secondary range for pod IPs. If create_pod_range is true, this ID is used for the new range. If create_pod_range is false, uses an existing secondary range with this ID.

    ClusterNodePoolNetworkConfigAdditionalNodeNetworkConfig, ClusterNodePoolNetworkConfigAdditionalNodeNetworkConfigArgs

    Network string
    The name or self_link of the Google Compute Engine network to which the cluster is connected. For Shared VPC, set this to the self link of the shared network.
    Subnetwork string
    The name or self_link of the Google Compute Engine subnetwork in which the cluster's instances are launched.
    Network string
    The name or self_link of the Google Compute Engine network to which the cluster is connected. For Shared VPC, set this to the self link of the shared network.
    Subnetwork string
    The name or self_link of the Google Compute Engine subnetwork in which the cluster's instances are launched.
    network String
    The name or self_link of the Google Compute Engine network to which the cluster is connected. For Shared VPC, set this to the self link of the shared network.
    subnetwork String
    The name or self_link of the Google Compute Engine subnetwork in which the cluster's instances are launched.
    network string
    The name or self_link of the Google Compute Engine network to which the cluster is connected. For Shared VPC, set this to the self link of the shared network.
    subnetwork string
    The name or self_link of the Google Compute Engine subnetwork in which the cluster's instances are launched.
    network str
    The name or self_link of the Google Compute Engine network to which the cluster is connected. For Shared VPC, set this to the self link of the shared network.
    subnetwork str
    The name or self_link of the Google Compute Engine subnetwork in which the cluster's instances are launched.
    network String
    The name or self_link of the Google Compute Engine network to which the cluster is connected. For Shared VPC, set this to the self link of the shared network.
    subnetwork String
    The name or self_link of the Google Compute Engine subnetwork in which the cluster's instances are launched.

    ClusterNodePoolNetworkConfigAdditionalPodNetworkConfig, ClusterNodePoolNetworkConfigAdditionalPodNetworkConfigArgs

    MaxPodsPerNode int
    The maximum number of pods per node which use this pod network.
    SecondaryPodRange string
    The name of the secondary range on the subnet which provides IP address for this pod range.
    Subnetwork string
    The name or self_link of the Google Compute Engine subnetwork in which the cluster's instances are launched.
    MaxPodsPerNode int
    The maximum number of pods per node which use this pod network.
    SecondaryPodRange string
    The name of the secondary range on the subnet which provides IP address for this pod range.
    Subnetwork string
    The name or self_link of the Google Compute Engine subnetwork in which the cluster's instances are launched.
    maxPodsPerNode Integer
    The maximum number of pods per node which use this pod network.
    secondaryPodRange String
    The name of the secondary range on the subnet which provides IP address for this pod range.
    subnetwork String
    The name or self_link of the Google Compute Engine subnetwork in which the cluster's instances are launched.
    maxPodsPerNode number
    The maximum number of pods per node which use this pod network.
    secondaryPodRange string
    The name of the secondary range on the subnet which provides IP address for this pod range.
    subnetwork string
    The name or self_link of the Google Compute Engine subnetwork in which the cluster's instances are launched.
    max_pods_per_node int
    The maximum number of pods per node which use this pod network.
    secondary_pod_range str
    The name of the secondary range on the subnet which provides IP address for this pod range.
    subnetwork str
    The name or self_link of the Google Compute Engine subnetwork in which the cluster's instances are launched.
    maxPodsPerNode Number
    The maximum number of pods per node which use this pod network.
    secondaryPodRange String
    The name of the secondary range on the subnet which provides IP address for this pod range.
    subnetwork String
    The name or self_link of the Google Compute Engine subnetwork in which the cluster's instances are launched.

    ClusterNodePoolNetworkConfigNetworkPerformanceConfig, ClusterNodePoolNetworkConfigNetworkPerformanceConfigArgs

    TotalEgressBandwidthTier string
    Specifies the total network bandwidth tier for the NodePool.
    TotalEgressBandwidthTier string
    Specifies the total network bandwidth tier for the NodePool.
    totalEgressBandwidthTier String
    Specifies the total network bandwidth tier for the NodePool.
    totalEgressBandwidthTier string
    Specifies the total network bandwidth tier for the NodePool.
    total_egress_bandwidth_tier str
    Specifies the total network bandwidth tier for the NodePool.
    totalEgressBandwidthTier String
    Specifies the total network bandwidth tier for the NodePool.

    ClusterNodePoolNetworkConfigPodCidrOverprovisionConfig, ClusterNodePoolNetworkConfigPodCidrOverprovisionConfigArgs

    Disabled bool

    Whether the cluster disables default in-node sNAT rules. In-node sNAT rules will be disabled when defaultSnatStatus is disabled.When disabled is set to false, default IP masquerade rules will be applied to the nodes to prevent sNAT on cluster internal traffic

    The cluster_telemetry block supports

    Disabled bool

    Whether the cluster disables default in-node sNAT rules. In-node sNAT rules will be disabled when defaultSnatStatus is disabled.When disabled is set to false, default IP masquerade rules will be applied to the nodes to prevent sNAT on cluster internal traffic

    The cluster_telemetry block supports

    disabled Boolean

    Whether the cluster disables default in-node sNAT rules. In-node sNAT rules will be disabled when defaultSnatStatus is disabled.When disabled is set to false, default IP masquerade rules will be applied to the nodes to prevent sNAT on cluster internal traffic

    The cluster_telemetry block supports

    disabled boolean

    Whether the cluster disables default in-node sNAT rules. In-node sNAT rules will be disabled when defaultSnatStatus is disabled.When disabled is set to false, default IP masquerade rules will be applied to the nodes to prevent sNAT on cluster internal traffic

    The cluster_telemetry block supports

    disabled bool

    Whether the cluster disables default in-node sNAT rules. In-node sNAT rules will be disabled when defaultSnatStatus is disabled.When disabled is set to false, default IP masquerade rules will be applied to the nodes to prevent sNAT on cluster internal traffic

    The cluster_telemetry block supports

    disabled Boolean

    Whether the cluster disables default in-node sNAT rules. In-node sNAT rules will be disabled when defaultSnatStatus is disabled.When disabled is set to false, default IP masquerade rules will be applied to the nodes to prevent sNAT on cluster internal traffic

    The cluster_telemetry block supports

    ClusterNodePoolNodeConfig, ClusterNodePoolNodeConfigArgs

    AdvancedMachineFeatures ClusterNodePoolNodeConfigAdvancedMachineFeatures
    Specifies options for controlling advanced machine features. Structure is documented below.
    BootDiskKmsKey string
    The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool. This should be of the form projects/[KEY_PROJECT_ID]/locations/[LOCATION]/keyRings/[RING_NAME]/cryptoKeys/[KEY_NAME]. For more information about protecting resources with Cloud KMS Keys please see: https://cloud.google.com/compute/docs/disks/customer-managed-encryption
    ConfidentialNodes ClusterNodePoolNodeConfigConfidentialNodes
    Configuration for Confidential Nodes feature. Structure is documented below.
    ContainerdConfig ClusterNodePoolNodeConfigContainerdConfig
    Parameters to customize containerd runtime. Structure is documented below.
    DiskSizeGb int
    Size of the disk attached to each node, specified in GB. The smallest allowed disk size is 10GB. Defaults to 100GB.
    DiskType string
    Type of the disk attached to each node (e.g. 'pd-standard', 'pd-balanced' or 'pd-ssd'). If unspecified, the default disk type is 'pd-standard'
    EffectiveTaints List<ClusterNodePoolNodeConfigEffectiveTaint>
    List of kubernetes taints applied to each node. Structure is documented above.
    EnableConfidentialStorage bool
    Enabling Confidential Storage will create boot disk with confidential mode. It is disabled by default.
    EphemeralStorageConfig ClusterNodePoolNodeConfigEphemeralStorageConfig
    Parameters for the ephemeral storage filesystem. If unspecified, ephemeral storage is backed by the boot disk. Structure is documented below.
    EphemeralStorageLocalSsdConfig ClusterNodePoolNodeConfigEphemeralStorageLocalSsdConfig
    Parameters for the ephemeral storage filesystem. If unspecified, ephemeral storage is backed by the boot disk. Structure is documented below.
    FastSocket ClusterNodePoolNodeConfigFastSocket
    Parameters for the NCCL Fast Socket feature. If unspecified, NCCL Fast Socket will not be enabled on the node pool. Node Pool must enable gvnic. GKE version 1.25.2-gke.1700 or later. Structure is documented below.
    GcfsConfig ClusterNodePoolNodeConfigGcfsConfig
    Parameters for the Google Container Filesystem (GCFS). If unspecified, GCFS will not be enabled on the node pool. When enabling this feature you must specify image_type = "COS_CONTAINERD" and node_version from GKE versions 1.19 or later to use it. For GKE versions 1.19, 1.20, and 1.21, the recommended minimum node_version would be 1.19.15-gke.1300, 1.20.11-gke.1300, and 1.21.5-gke.1300 respectively. A machine_type that has more than 16 GiB of memory is also recommended. GCFS must be enabled in order to use image streaming. Structure is documented below.
    GuestAccelerators List<ClusterNodePoolNodeConfigGuestAccelerator>
    List of the type and count of accelerator cards attached to the instance. Structure documented below.
    Gvnic ClusterNodePoolNodeConfigGvnic
    Google Virtual NIC (gVNIC) is a virtual network interface. Installing the gVNIC driver allows for more efficient traffic transmission across the Google network infrastructure. gVNIC is an alternative to the virtIO-based ethernet driver. GKE nodes must use a Container-Optimized OS node image. GKE node version 1.15.11-gke.15 or later Structure is documented below.
    HostMaintenancePolicy ClusterNodePoolNodeConfigHostMaintenancePolicy
    The maintenance policy for the hosts on which the GKE VMs run on.
    ImageType string
    The image type to use for this node. Note that changing the image type will delete and recreate all nodes in the node pool.
    KubeletConfig ClusterNodePoolNodeConfigKubeletConfig
    Kubelet configuration, currently supported attributes can be found here. Structure is documented below.

    kubelet_config {
    cpu_manager_policy   = "static"
    cpu_cfs_quota        = true
    cpu_cfs_quota_period = "100us"
    pod_pids_limit       = 1024
    }
    
    Labels Dictionary<string, string>
    The Kubernetes labels (key/value pairs) to be applied to each node. The kubernetes.io/ and k8s.io/ prefixes are reserved by Kubernetes Core components and cannot be specified.
    LinuxNodeConfig ClusterNodePoolNodeConfigLinuxNodeConfig
    Parameters that can be configured on Linux nodes. Structure is documented below.
    LocalNvmeSsdBlockConfig ClusterNodePoolNodeConfigLocalNvmeSsdBlockConfig
    Parameters for the local NVMe SSDs. Structure is documented below.
    LocalSsdCount int
    The amount of local SSD disks that will be attached to each cluster node. Defaults to 0.
    LoggingVariant string
    Parameter for specifying the type of logging agent used in a node pool. This will override any cluster-wide default value. Valid values include DEFAULT and MAX_THROUGHPUT. See Increasing logging agent throughput for more information.
    MachineType string
    The name of a Google Compute Engine machine type. Defaults to e2-medium. To create a custom machine type, value should be set as specified here.
    Metadata Dictionary<string, string>
    The metadata key/value pairs assigned to instances in the cluster. From GKE 1.12 onwards, disable-legacy-endpoints is set to true by the API; if metadata is set but that default value is not included, the provider will attempt to unset the value. To avoid this, set the value in your config.
    MinCpuPlatform string
    Minimum CPU platform to be used by this instance. The instance may be scheduled on the specified or newer CPU platform. Applicable values are the friendly names of CPU platforms, such as Intel Haswell. See the official documentation for more information.
    NodeGroup string
    Setting this field will assign instances of this pool to run on the specified node group. This is useful for running workloads on sole tenant nodes.
    OauthScopes List<string>

    The set of Google API scopes to be made available on all of the node VMs under the "default" service account. Use the "https://www.googleapis.com/auth/cloud-platform" scope to grant access to all APIs. It is recommended that you set service_account to a non-default service account and grant IAM roles to that service account for only the resources that it needs.

    See the official documentation for information on migrating off of legacy access scopes.

    Preemptible bool
    A boolean that represents whether or not the underlying node VMs are preemptible. See the official documentation for more information. Defaults to false.
    ReservationAffinity ClusterNodePoolNodeConfigReservationAffinity
    The configuration of the desired reservation which instances could take capacity from. Structure is documented below.
    ResourceLabels Dictionary<string, string>
    The GCP labels (key/value pairs) to be applied to each node. Refer here for how these labels are applied to clusters, node pools and nodes.
    ResourceManagerTags Dictionary<string, string>
    A map of resource manager tag keys and values to be attached to the nodes for managing Compute Engine firewalls using Network Firewall Policies. Tags must be according to specifications found here. A maximum of 5 tag key-value pairs can be specified. Existing tags will be replaced with new values. Tags must be in one of the following formats ([KEY]=[VALUE]) 1. tagKeys/{tag_key_id}=tagValues/{tag_value_id} 2. {org_id}/{tag_key_name}={tag_value_name} 3. {project_id}/{tag_key_name}={tag_value_name}.
    SandboxConfig ClusterNodePoolNodeConfigSandboxConfig
    Sandbox configuration for this node.
    SecondaryBootDisks List<ClusterNodePoolNodeConfigSecondaryBootDisk>
    Parameters for secondary boot disks to preload container images and data on new nodes. Structure is documented below. gcfs_config must be enabled=true for this feature to work. min_master_version must also be set to use GKE 1.28.3-gke.106700 or later versions.
    ServiceAccount string
    The service account to be used by the Node VMs. If not specified, the "default" service account is used.
    ShieldedInstanceConfig ClusterNodePoolNodeConfigShieldedInstanceConfig
    Shielded Instance options. Structure is documented below.
    SoleTenantConfig ClusterNodePoolNodeConfigSoleTenantConfig
    Allows specifying multiple node affinities useful for running workloads on sole tenant nodes. node_affinity structure is documented below.
    Spot bool
    A boolean that represents whether the underlying node VMs are spot. See the official documentation for more information. Defaults to false.
    StoragePools List<string>
    The list of Storage Pools where boot disks are provisioned.
    Tags List<string>
    The list of instance tags applied to all nodes. Tags are used to identify valid sources or targets for network firewalls.
    Taints List<ClusterNodePoolNodeConfigTaint>
    A list of Kubernetes taints to apply to nodes. GKE's API can only set this field on cluster creation. However, GKE will add taints to your nodes if you enable certain features such as GPUs. If this field is set, any diffs on this field will cause the provider to recreate the underlying resource. Taint values can be updated safely in Kubernetes (eg. through kubectl), and it's recommended that you do not use this field to manage taints. If you do, lifecycle.ignore_changes is recommended. Structure is documented below.
    WorkloadMetadataConfig ClusterNodePoolNodeConfigWorkloadMetadataConfig
    Metadata configuration to expose to workloads on the node pool. Structure is documented below.
    AdvancedMachineFeatures ClusterNodePoolNodeConfigAdvancedMachineFeatures
    Specifies options for controlling advanced machine features. Structure is documented below.
    BootDiskKmsKey string
    The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool. This should be of the form projects/[KEY_PROJECT_ID]/locations/[LOCATION]/keyRings/[RING_NAME]/cryptoKeys/[KEY_NAME]. For more information about protecting resources with Cloud KMS Keys please see: https://cloud.google.com/compute/docs/disks/customer-managed-encryption
    ConfidentialNodes ClusterNodePoolNodeConfigConfidentialNodes
    Configuration for Confidential Nodes feature. Structure is documented below.
    ContainerdConfig ClusterNodePoolNodeConfigContainerdConfig
    Parameters to customize containerd runtime. Structure is documented below.
    DiskSizeGb int
    Size of the disk attached to each node, specified in GB. The smallest allowed disk size is 10GB. Defaults to 100GB.
    DiskType string
    Type of the disk attached to each node (e.g. 'pd-standard', 'pd-balanced' or 'pd-ssd'). If unspecified, the default disk type is 'pd-standard'
    EffectiveTaints []ClusterNodePoolNodeConfigEffectiveTaint
    List of kubernetes taints applied to each node. Structure is documented above.
    EnableConfidentialStorage bool
    Enabling Confidential Storage will create boot disk with confidential mode. It is disabled by default.
    EphemeralStorageConfig ClusterNodePoolNodeConfigEphemeralStorageConfig
    Parameters for the ephemeral storage filesystem. If unspecified, ephemeral storage is backed by the boot disk. Structure is documented below.
    EphemeralStorageLocalSsdConfig ClusterNodePoolNodeConfigEphemeralStorageLocalSsdConfig
    Parameters for the ephemeral storage filesystem. If unspecified, ephemeral storage is backed by the boot disk. Structure is documented below.
    FastSocket ClusterNodePoolNodeConfigFastSocket
    Parameters for the NCCL Fast Socket feature. If unspecified, NCCL Fast Socket will not be enabled on the node pool. Node Pool must enable gvnic. GKE version 1.25.2-gke.1700 or later. Structure is documented below.
    GcfsConfig ClusterNodePoolNodeConfigGcfsConfig
    Parameters for the Google Container Filesystem (GCFS). If unspecified, GCFS will not be enabled on the node pool. When enabling this feature you must specify image_type = "COS_CONTAINERD" and node_version from GKE versions 1.19 or later to use it. For GKE versions 1.19, 1.20, and 1.21, the recommended minimum node_version would be 1.19.15-gke.1300, 1.20.11-gke.1300, and 1.21.5-gke.1300 respectively. A machine_type that has more than 16 GiB of memory is also recommended. GCFS must be enabled in order to use image streaming. Structure is documented below.
    GuestAccelerators []ClusterNodePoolNodeConfigGuestAccelerator
    List of the type and count of accelerator cards attached to the instance. Structure documented below.
    Gvnic ClusterNodePoolNodeConfigGvnic
    Google Virtual NIC (gVNIC) is a virtual network interface. Installing the gVNIC driver allows for more efficient traffic transmission across the Google network infrastructure. gVNIC is an alternative to the virtIO-based ethernet driver. GKE nodes must use a Container-Optimized OS node image. GKE node version 1.15.11-gke.15 or later Structure is documented below.
    HostMaintenancePolicy ClusterNodePoolNodeConfigHostMaintenancePolicy
    The maintenance policy for the hosts on which the GKE VMs run on.
    ImageType string
    The image type to use for this node. Note that changing the image type will delete and recreate all nodes in the node pool.
    KubeletConfig ClusterNodePoolNodeConfigKubeletConfig
    Kubelet configuration, currently supported attributes can be found here. Structure is documented below.

    kubelet_config {
    cpu_manager_policy   = "static"
    cpu_cfs_quota        = true
    cpu_cfs_quota_period = "100us"
    pod_pids_limit       = 1024
    }
    
    Labels map[string]string
    The Kubernetes labels (key/value pairs) to be applied to each node. The kubernetes.io/ and k8s.io/ prefixes are reserved by Kubernetes Core components and cannot be specified.
    LinuxNodeConfig ClusterNodePoolNodeConfigLinuxNodeConfig
    Parameters that can be configured on Linux nodes. Structure is documented below.
    LocalNvmeSsdBlockConfig ClusterNodePoolNodeConfigLocalNvmeSsdBlockConfig
    Parameters for the local NVMe SSDs. Structure is documented below.
    LocalSsdCount int
    The amount of local SSD disks that will be attached to each cluster node. Defaults to 0.
    LoggingVariant string
    Parameter for specifying the type of logging agent used in a node pool. This will override any cluster-wide default value. Valid values include DEFAULT and MAX_THROUGHPUT. See Increasing logging agent throughput for more information.
    MachineType string
    The name of a Google Compute Engine machine type. Defaults to e2-medium. To create a custom machine type, value should be set as specified here.
    Metadata map[string]string
    The metadata key/value pairs assigned to instances in the cluster. From GKE 1.12 onwards, disable-legacy-endpoints is set to true by the API; if metadata is set but that default value is not included, the provider will attempt to unset the value. To avoid this, set the value in your config.
    MinCpuPlatform string
    Minimum CPU platform to be used by this instance. The instance may be scheduled on the specified or newer CPU platform. Applicable values are the friendly names of CPU platforms, such as Intel Haswell. See the official documentation for more information.
    NodeGroup string
    Setting this field will assign instances of this pool to run on the specified node group. This is useful for running workloads on sole tenant nodes.
    OauthScopes []string

    The set of Google API scopes to be made available on all of the node VMs under the "default" service account. Use the "https://www.googleapis.com/auth/cloud-platform" scope to grant access to all APIs. It is recommended that you set service_account to a non-default service account and grant IAM roles to that service account for only the resources that it needs.

    See the official documentation for information on migrating off of legacy access scopes.

    Preemptible bool
    A boolean that represents whether or not the underlying node VMs are preemptible. See the official documentation for more information. Defaults to false.
    ReservationAffinity ClusterNodePoolNodeConfigReservationAffinity
    The configuration of the desired reservation which instances could take capacity from. Structure is documented below.
    ResourceLabels map[string]string
    The GCP labels (key/value pairs) to be applied to each node. Refer here for how these labels are applied to clusters, node pools and nodes.
    ResourceManagerTags map[string]string
    A map of resource manager tag keys and values to be attached to the nodes for managing Compute Engine firewalls using Network Firewall Policies. Tags must be according to specifications found here. A maximum of 5 tag key-value pairs can be specified. Existing tags will be replaced with new values. Tags must be in one of the following formats ([KEY]=[VALUE]) 1. tagKeys/{tag_key_id}=tagValues/{tag_value_id} 2. {org_id}/{tag_key_name}={tag_value_name} 3. {project_id}/{tag_key_name}={tag_value_name}.
    SandboxConfig ClusterNodePoolNodeConfigSandboxConfig
    Sandbox configuration for this node.
    SecondaryBootDisks []ClusterNodePoolNodeConfigSecondaryBootDisk
    Parameters for secondary boot disks to preload container images and data on new nodes. Structure is documented below. gcfs_config must be enabled=true for this feature to work. min_master_version must also be set to use GKE 1.28.3-gke.106700 or later versions.
    ServiceAccount string
    The service account to be used by the Node VMs. If not specified, the "default" service account is used.
    ShieldedInstanceConfig ClusterNodePoolNodeConfigShieldedInstanceConfig
    Shielded Instance options. Structure is documented below.
    SoleTenantConfig ClusterNodePoolNodeConfigSoleTenantConfig
    Allows specifying multiple node affinities useful for running workloads on sole tenant nodes. node_affinity structure is documented below.
    Spot bool
    A boolean that represents whether the underlying node VMs are spot. See the official documentation for more information. Defaults to false.
    StoragePools []string
    The list of Storage Pools where boot disks are provisioned.
    Tags []string
    The list of instance tags applied to all nodes. Tags are used to identify valid sources or targets for network firewalls.
    Taints []ClusterNodePoolNodeConfigTaint
    A list of Kubernetes taints to apply to nodes. GKE's API can only set this field on cluster creation. However, GKE will add taints to your nodes if you enable certain features such as GPUs. If this field is set, any diffs on this field will cause the provider to recreate the underlying resource. Taint values can be updated safely in Kubernetes (eg. through kubectl), and it's recommended that you do not use this field to manage taints. If you do, lifecycle.ignore_changes is recommended. Structure is documented below.
    WorkloadMetadataConfig ClusterNodePoolNodeConfigWorkloadMetadataConfig
    Metadata configuration to expose to workloads on the node pool. Structure is documented below.
    advancedMachineFeatures ClusterNodePoolNodeConfigAdvancedMachineFeatures
    Specifies options for controlling advanced machine features. Structure is documented below.
    bootDiskKmsKey String
    The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool. This should be of the form projects/[KEY_PROJECT_ID]/locations/[LOCATION]/keyRings/[RING_NAME]/cryptoKeys/[KEY_NAME]. For more information about protecting resources with Cloud KMS Keys please see: https://cloud.google.com/compute/docs/disks/customer-managed-encryption
    confidentialNodes ClusterNodePoolNodeConfigConfidentialNodes
    Configuration for Confidential Nodes feature. Structure is documented below.
    containerdConfig ClusterNodePoolNodeConfigContainerdConfig
    Parameters to customize containerd runtime. Structure is documented below.
    diskSizeGb Integer
    Size of the disk attached to each node, specified in GB. The smallest allowed disk size is 10GB. Defaults to 100GB.
    diskType String
    Type of the disk attached to each node (e.g. 'pd-standard', 'pd-balanced' or 'pd-ssd'). If unspecified, the default disk type is 'pd-standard'
    effectiveTaints List<ClusterNodePoolNodeConfigEffectiveTaint>
    List of kubernetes taints applied to each node. Structure is documented above.
    enableConfidentialStorage Boolean
    Enabling Confidential Storage will create boot disk with confidential mode. It is disabled by default.
    ephemeralStorageConfig ClusterNodePoolNodeConfigEphemeralStorageConfig
    Parameters for the ephemeral storage filesystem. If unspecified, ephemeral storage is backed by the boot disk. Structure is documented below.
    ephemeralStorageLocalSsdConfig ClusterNodePoolNodeConfigEphemeralStorageLocalSsdConfig
    Parameters for the ephemeral storage filesystem. If unspecified, ephemeral storage is backed by the boot disk. Structure is documented below.
    fastSocket ClusterNodePoolNodeConfigFastSocket
    Parameters for the NCCL Fast Socket feature. If unspecified, NCCL Fast Socket will not be enabled on the node pool. Node Pool must enable gvnic. GKE version 1.25.2-gke.1700 or later. Structure is documented below.
    gcfsConfig ClusterNodePoolNodeConfigGcfsConfig
    Parameters for the Google Container Filesystem (GCFS). If unspecified, GCFS will not be enabled on the node pool. When enabling this feature you must specify image_type = "COS_CONTAINERD" and node_version from GKE versions 1.19 or later to use it. For GKE versions 1.19, 1.20, and 1.21, the recommended minimum node_version would be 1.19.15-gke.1300, 1.20.11-gke.1300, and 1.21.5-gke.1300 respectively. A machine_type that has more than 16 GiB of memory is also recommended. GCFS must be enabled in order to use image streaming. Structure is documented below.
    guestAccelerators List<ClusterNodePoolNodeConfigGuestAccelerator>
    List of the type and count of accelerator cards attached to the instance. Structure documented below.
    gvnic ClusterNodePoolNodeConfigGvnic
    Google Virtual NIC (gVNIC) is a virtual network interface. Installing the gVNIC driver allows for more efficient traffic transmission across the Google network infrastructure. gVNIC is an alternative to the virtIO-based ethernet driver. GKE nodes must use a Container-Optimized OS node image. GKE node version 1.15.11-gke.15 or later Structure is documented below.
    hostMaintenancePolicy ClusterNodePoolNodeConfigHostMaintenancePolicy
    The maintenance policy for the hosts on which the GKE VMs run on.
    imageType String
    The image type to use for this node. Note that changing the image type will delete and recreate all nodes in the node pool.
    kubeletConfig ClusterNodePoolNodeConfigKubeletConfig
    Kubelet configuration, currently supported attributes can be found here. Structure is documented below.

    kubelet_config {
    cpu_manager_policy   = "static"
    cpu_cfs_quota        = true
    cpu_cfs_quota_period = "100us"
    pod_pids_limit       = 1024
    }
    
    labels Map<String,String>
    The Kubernetes labels (key/value pairs) to be applied to each node. The kubernetes.io/ and k8s.io/ prefixes are reserved by Kubernetes Core components and cannot be specified.
    linuxNodeConfig ClusterNodePoolNodeConfigLinuxNodeConfig
    Parameters that can be configured on Linux nodes. Structure is documented below.
    localNvmeSsdBlockConfig ClusterNodePoolNodeConfigLocalNvmeSsdBlockConfig
    Parameters for the local NVMe SSDs. Structure is documented below.
    localSsdCount Integer
    The amount of local SSD disks that will be attached to each cluster node. Defaults to 0.
    loggingVariant String
    Parameter for specifying the type of logging agent used in a node pool. This will override any cluster-wide default value. Valid values include DEFAULT and MAX_THROUGHPUT. See Increasing logging agent throughput for more information.
    machineType String
    The name of a Google Compute Engine machine type. Defaults to e2-medium. To create a custom machine type, value should be set as specified here.
    metadata Map<String,String>
    The metadata key/value pairs assigned to instances in the cluster. From GKE 1.12 onwards, disable-legacy-endpoints is set to true by the API; if metadata is set but that default value is not included, the provider will attempt to unset the value. To avoid this, set the value in your config.
    minCpuPlatform String
    Minimum CPU platform to be used by this instance. The instance may be scheduled on the specified or newer CPU platform. Applicable values are the friendly names of CPU platforms, such as Intel Haswell. See the official documentation for more information.
    nodeGroup String
    Setting this field will assign instances of this pool to run on the specified node group. This is useful for running workloads on sole tenant nodes.
    oauthScopes List<String>

    The set of Google API scopes to be made available on all of the node VMs under the "default" service account. Use the "https://www.googleapis.com/auth/cloud-platform" scope to grant access to all APIs. It is recommended that you set service_account to a non-default service account and grant IAM roles to that service account for only the resources that it needs.

    See the official documentation for information on migrating off of legacy access scopes.

    preemptible Boolean
    A boolean that represents whether or not the underlying node VMs are preemptible. See the official documentation for more information. Defaults to false.
    reservationAffinity ClusterNodePoolNodeConfigReservationAffinity
    The configuration of the desired reservation which instances could take capacity from. Structure is documented below.
    resourceLabels Map<String,String>
    The GCP labels (key/value pairs) to be applied to each node. Refer here for how these labels are applied to clusters, node pools and nodes.
    resourceManagerTags Map<String,String>
    A map of resource manager tag keys and values to be attached to the nodes for managing Compute Engine firewalls using Network Firewall Policies. Tags must be according to specifications found here. A maximum of 5 tag key-value pairs can be specified. Existing tags will be replaced with new values. Tags must be in one of the following formats ([KEY]=[VALUE]) 1. tagKeys/{tag_key_id}=tagValues/{tag_value_id} 2. {org_id}/{tag_key_name}={tag_value_name} 3. {project_id}/{tag_key_name}={tag_value_name}.
    sandboxConfig ClusterNodePoolNodeConfigSandboxConfig
    Sandbox configuration for this node.
    secondaryBootDisks List<ClusterNodePoolNodeConfigSecondaryBootDisk>
    Parameters for secondary boot disks to preload container images and data on new nodes. Structure is documented below. gcfs_config must be enabled=true for this feature to work. min_master_version must also be set to use GKE 1.28.3-gke.106700 or later versions.
    serviceAccount String
    The service account to be used by the Node VMs. If not specified, the "default" service account is used.
    shieldedInstanceConfig ClusterNodePoolNodeConfigShieldedInstanceConfig
    Shielded Instance options. Structure is documented below.
    soleTenantConfig ClusterNodePoolNodeConfigSoleTenantConfig
    Allows specifying multiple node affinities useful for running workloads on sole tenant nodes. node_affinity structure is documented below.
    spot Boolean
    A boolean that represents whether the underlying node VMs are spot. See the official documentation for more information. Defaults to false.
    storagePools List<String>
    The list of Storage Pools where boot disks are provisioned.
    tags List<String>
    The list of instance tags applied to all nodes. Tags are used to identify valid sources or targets for network firewalls.
    taints List<ClusterNodePoolNodeConfigTaint>
    A list of Kubernetes taints to apply to nodes. GKE's API can only set this field on cluster creation. However, GKE will add taints to your nodes if you enable certain features such as GPUs. If this field is set, any diffs on this field will cause the provider to recreate the underlying resource. Taint values can be updated safely in Kubernetes (eg. through kubectl), and it's recommended that you do not use this field to manage taints. If you do, lifecycle.ignore_changes is recommended. Structure is documented below.
    workloadMetadataConfig ClusterNodePoolNodeConfigWorkloadMetadataConfig
    Metadata configuration to expose to workloads on the node pool. Structure is documented below.
    advancedMachineFeatures ClusterNodePoolNodeConfigAdvancedMachineFeatures
    Specifies options for controlling advanced machine features. Structure is documented below.
    bootDiskKmsKey string
    The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool. This should be of the form projects/[KEY_PROJECT_ID]/locations/[LOCATION]/keyRings/[RING_NAME]/cryptoKeys/[KEY_NAME]. For more information about protecting resources with Cloud KMS Keys please see: https://cloud.google.com/compute/docs/disks/customer-managed-encryption
    confidentialNodes ClusterNodePoolNodeConfigConfidentialNodes
    Configuration for Confidential Nodes feature. Structure is documented below.
    containerdConfig ClusterNodePoolNodeConfigContainerdConfig
    Parameters to customize containerd runtime. Structure is documented below.
    diskSizeGb number
    Size of the disk attached to each node, specified in GB. The smallest allowed disk size is 10GB. Defaults to 100GB.
    diskType string
    Type of the disk attached to each node (e.g. 'pd-standard', 'pd-balanced' or 'pd-ssd'). If unspecified, the default disk type is 'pd-standard'
    effectiveTaints ClusterNodePoolNodeConfigEffectiveTaint[]
    List of kubernetes taints applied to each node. Structure is documented above.
    enableConfidentialStorage boolean
    Enabling Confidential Storage will create boot disk with confidential mode. It is disabled by default.
    ephemeralStorageConfig ClusterNodePoolNodeConfigEphemeralStorageConfig
    Parameters for the ephemeral storage filesystem. If unspecified, ephemeral storage is backed by the boot disk. Structure is documented below.
    ephemeralStorageLocalSsdConfig ClusterNodePoolNodeConfigEphemeralStorageLocalSsdConfig
    Parameters for the ephemeral storage filesystem. If unspecified, ephemeral storage is backed by the boot disk. Structure is documented below.
    fastSocket ClusterNodePoolNodeConfigFastSocket
    Parameters for the NCCL Fast Socket feature. If unspecified, NCCL Fast Socket will not be enabled on the node pool. Node Pool must enable gvnic. GKE version 1.25.2-gke.1700 or later. Structure is documented below.
    gcfsConfig ClusterNodePoolNodeConfigGcfsConfig
    Parameters for the Google Container Filesystem (GCFS). If unspecified, GCFS will not be enabled on the node pool. When enabling this feature you must specify image_type = "COS_CONTAINERD" and node_version from GKE versions 1.19 or later to use it. For GKE versions 1.19, 1.20, and 1.21, the recommended minimum node_version would be 1.19.15-gke.1300, 1.20.11-gke.1300, and 1.21.5-gke.1300 respectively. A machine_type that has more than 16 GiB of memory is also recommended. GCFS must be enabled in order to use image streaming. Structure is documented below.
    guestAccelerators ClusterNodePoolNodeConfigGuestAccelerator[]
    List of the type and count of accelerator cards attached to the instance. Structure documented below.
    gvnic ClusterNodePoolNodeConfigGvnic
    Google Virtual NIC (gVNIC) is a virtual network interface. Installing the gVNIC driver allows for more efficient traffic transmission across the Google network infrastructure. gVNIC is an alternative to the virtIO-based ethernet driver. GKE nodes must use a Container-Optimized OS node image. GKE node version 1.15.11-gke.15 or later Structure is documented below.
    hostMaintenancePolicy ClusterNodePoolNodeConfigHostMaintenancePolicy
    The maintenance policy for the hosts on which the GKE VMs run on.
    imageType string
    The image type to use for this node. Note that changing the image type will delete and recreate all nodes in the node pool.
    kubeletConfig ClusterNodePoolNodeConfigKubeletConfig
    Kubelet configuration, currently supported attributes can be found here. Structure is documented below.

    kubelet_config {
    cpu_manager_policy   = "static"
    cpu_cfs_quota        = true
    cpu_cfs_quota_period = "100us"
    pod_pids_limit       = 1024
    }
    
    labels {[key: string]: string}
    The Kubernetes labels (key/value pairs) to be applied to each node. The kubernetes.io/ and k8s.io/ prefixes are reserved by Kubernetes Core components and cannot be specified.
    linuxNodeConfig ClusterNodePoolNodeConfigLinuxNodeConfig
    Parameters that can be configured on Linux nodes. Structure is documented below.
    localNvmeSsdBlockConfig ClusterNodePoolNodeConfigLocalNvmeSsdBlockConfig
    Parameters for the local NVMe SSDs. Structure is documented below.
    localSsdCount number
    The amount of local SSD disks that will be attached to each cluster node. Defaults to 0.
    loggingVariant string
    Parameter for specifying the type of logging agent used in a node pool. This will override any cluster-wide default value. Valid values include DEFAULT and MAX_THROUGHPUT. See Increasing logging agent throughput for more information.
    machineType string
    The name of a Google Compute Engine machine type. Defaults to e2-medium. To create a custom machine type, value should be set as specified here.
    metadata {[key: string]: string}
    The metadata key/value pairs assigned to instances in the cluster. From GKE 1.12 onwards, disable-legacy-endpoints is set to true by the API; if metadata is set but that default value is not included, the provider will attempt to unset the value. To avoid this, set the value in your config.
    minCpuPlatform string
    Minimum CPU platform to be used by this instance. The instance may be scheduled on the specified or newer CPU platform. Applicable values are the friendly names of CPU platforms, such as Intel Haswell. See the official documentation for more information.
    nodeGroup string
    Setting this field will assign instances of this pool to run on the specified node group. This is useful for running workloads on sole tenant nodes.
    oauthScopes string[]

    The set of Google API scopes to be made available on all of the node VMs under the "default" service account. Use the "https://www.googleapis.com/auth/cloud-platform" scope to grant access to all APIs. It is recommended that you set service_account to a non-default service account and grant IAM roles to that service account for only the resources that it needs.

    See the official documentation for information on migrating off of legacy access scopes.

    preemptible boolean
    A boolean that represents whether or not the underlying node VMs are preemptible. See the official documentation for more information. Defaults to false.
    reservationAffinity ClusterNodePoolNodeConfigReservationAffinity
    The configuration of the desired reservation which instances could take capacity from. Structure is documented below.
    resourceLabels {[key: string]: string}
    The GCP labels (key/value pairs) to be applied to each node. Refer here for how these labels are applied to clusters, node pools and nodes.
    resourceManagerTags {[key: string]: string}
    A map of resource manager tag keys and values to be attached to the nodes for managing Compute Engine firewalls using Network Firewall Policies. Tags must be according to specifications found here. A maximum of 5 tag key-value pairs can be specified. Existing tags will be replaced with new values. Tags must be in one of the following formats ([KEY]=[VALUE]) 1. tagKeys/{tag_key_id}=tagValues/{tag_value_id} 2. {org_id}/{tag_key_name}={tag_value_name} 3. {project_id}/{tag_key_name}={tag_value_name}.
    sandboxConfig ClusterNodePoolNodeConfigSandboxConfig
    Sandbox configuration for this node.
    secondaryBootDisks ClusterNodePoolNodeConfigSecondaryBootDisk[]
    Parameters for secondary boot disks to preload container images and data on new nodes. Structure is documented below. gcfs_config must be enabled=true for this feature to work. min_master_version must also be set to use GKE 1.28.3-gke.106700 or later versions.
    serviceAccount string
    The service account to be used by the Node VMs. If not specified, the "default" service account is used.
    shieldedInstanceConfig ClusterNodePoolNodeConfigShieldedInstanceConfig
    Shielded Instance options. Structure is documented below.
    soleTenantConfig ClusterNodePoolNodeConfigSoleTenantConfig
    Allows specifying multiple node affinities useful for running workloads on sole tenant nodes. node_affinity structure is documented below.
    spot boolean
    A boolean that represents whether the underlying node VMs are spot. See the official documentation for more information. Defaults to false.
    storagePools string[]
    The list of Storage Pools where boot disks are provisioned.
    tags string[]
    The list of instance tags applied to all nodes. Tags are used to identify valid sources or targets for network firewalls.
    taints ClusterNodePoolNodeConfigTaint[]
    A list of Kubernetes taints to apply to nodes. GKE's API can only set this field on cluster creation. However, GKE will add taints to your nodes if you enable certain features such as GPUs. If this field is set, any diffs on this field will cause the provider to recreate the underlying resource. Taint values can be updated safely in Kubernetes (eg. through kubectl), and it's recommended that you do not use this field to manage taints. If you do, lifecycle.ignore_changes is recommended. Structure is documented below.
    workloadMetadataConfig ClusterNodePoolNodeConfigWorkloadMetadataConfig
    Metadata configuration to expose to workloads on the node pool. Structure is documented below.
    advanced_machine_features ClusterNodePoolNodeConfigAdvancedMachineFeatures
    Specifies options for controlling advanced machine features. Structure is documented below.
    boot_disk_kms_key str
    The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool. This should be of the form projects/[KEY_PROJECT_ID]/locations/[LOCATION]/keyRings/[RING_NAME]/cryptoKeys/[KEY_NAME]. For more information about protecting resources with Cloud KMS Keys please see: https://cloud.google.com/compute/docs/disks/customer-managed-encryption
    confidential_nodes ClusterNodePoolNodeConfigConfidentialNodes
    Configuration for Confidential Nodes feature. Structure is documented below.
    containerd_config ClusterNodePoolNodeConfigContainerdConfig
    Parameters to customize containerd runtime. Structure is documented below.
    disk_size_gb int
    Size of the disk attached to each node, specified in GB. The smallest allowed disk size is 10GB. Defaults to 100GB.
    disk_type str
    Type of the disk attached to each node (e.g. 'pd-standard', 'pd-balanced' or 'pd-ssd'). If unspecified, the default disk type is 'pd-standard'
    effective_taints Sequence[ClusterNodePoolNodeConfigEffectiveTaint]
    List of kubernetes taints applied to each node. Structure is documented above.
    enable_confidential_storage bool
    Enabling Confidential Storage will create boot disk with confidential mode. It is disabled by default.
    ephemeral_storage_config ClusterNodePoolNodeConfigEphemeralStorageConfig
    Parameters for the ephemeral storage filesystem. If unspecified, ephemeral storage is backed by the boot disk. Structure is documented below.
    ephemeral_storage_local_ssd_config ClusterNodePoolNodeConfigEphemeralStorageLocalSsdConfig
    Parameters for the ephemeral storage filesystem. If unspecified, ephemeral storage is backed by the boot disk. Structure is documented below.
    fast_socket ClusterNodePoolNodeConfigFastSocket
    Parameters for the NCCL Fast Socket feature. If unspecified, NCCL Fast Socket will not be enabled on the node pool. Node Pool must enable gvnic. GKE version 1.25.2-gke.1700 or later. Structure is documented below.
    gcfs_config ClusterNodePoolNodeConfigGcfsConfig
    Parameters for the Google Container Filesystem (GCFS). If unspecified, GCFS will not be enabled on the node pool. When enabling this feature you must specify image_type = "COS_CONTAINERD" and node_version from GKE versions 1.19 or later to use it. For GKE versions 1.19, 1.20, and 1.21, the recommended minimum node_version would be 1.19.15-gke.1300, 1.20.11-gke.1300, and 1.21.5-gke.1300 respectively. A machine_type that has more than 16 GiB of memory is also recommended. GCFS must be enabled in order to use image streaming. Structure is documented below.
    guest_accelerators Sequence[ClusterNodePoolNodeConfigGuestAccelerator]
    List of the type and count of accelerator cards attached to the instance. Structure documented below.
    gvnic ClusterNodePoolNodeConfigGvnic
    Google Virtual NIC (gVNIC) is a virtual network interface. Installing the gVNIC driver allows for more efficient traffic transmission across the Google network infrastructure. gVNIC is an alternative to the virtIO-based ethernet driver. GKE nodes must use a Container-Optimized OS node image. GKE node version 1.15.11-gke.15 or later Structure is documented below.
    host_maintenance_policy ClusterNodePoolNodeConfigHostMaintenancePolicy
    The maintenance policy for the hosts on which the GKE VMs run on.
    image_type str
    The image type to use for this node. Note that changing the image type will delete and recreate all nodes in the node pool.
    kubelet_config ClusterNodePoolNodeConfigKubeletConfig
    Kubelet configuration, currently supported attributes can be found here. Structure is documented below.

    kubelet_config {
    cpu_manager_policy   = "static"
    cpu_cfs_quota        = true
    cpu_cfs_quota_period = "100us"
    pod_pids_limit       = 1024
    }
    
    labels Mapping[str, str]
    The Kubernetes labels (key/value pairs) to be applied to each node. The kubernetes.io/ and k8s.io/ prefixes are reserved by Kubernetes Core components and cannot be specified.
    linux_node_config ClusterNodePoolNodeConfigLinuxNodeConfig
    Parameters that can be configured on Linux nodes. Structure is documented below.
    local_nvme_ssd_block_config ClusterNodePoolNodeConfigLocalNvmeSsdBlockConfig
    Parameters for the local NVMe SSDs. Structure is documented below.
    local_ssd_count int
    The amount of local SSD disks that will be attached to each cluster node. Defaults to 0.
    logging_variant str
    Parameter for specifying the type of logging agent used in a node pool. This will override any cluster-wide default value. Valid values include DEFAULT and MAX_THROUGHPUT. See Increasing logging agent throughput for more information.
    machine_type str
    The name of a Google Compute Engine machine type. Defaults to e2-medium. To create a custom machine type, value should be set as specified here.
    metadata Mapping[str, str]
    The metadata key/value pairs assigned to instances in the cluster. From GKE 1.12 onwards, disable-legacy-endpoints is set to true by the API; if metadata is set but that default value is not included, the provider will attempt to unset the value. To avoid this, set the value in your config.
    min_cpu_platform str
    Minimum CPU platform to be used by this instance. The instance may be scheduled on the specified or newer CPU platform. Applicable values are the friendly names of CPU platforms, such as Intel Haswell. See the official documentation for more information.
    node_group str
    Setting this field will assign instances of this pool to run on the specified node group. This is useful for running workloads on sole tenant nodes.
    oauth_scopes Sequence[str]

    The set of Google API scopes to be made available on all of the node VMs under the "default" service account. Use the "https://www.googleapis.com/auth/cloud-platform" scope to grant access to all APIs. It is recommended that you set service_account to a non-default service account and grant IAM roles to that service account for only the resources that it needs.

    See the official documentation for information on migrating off of legacy access scopes.

    preemptible bool
    A boolean that represents whether or not the underlying node VMs are preemptible. See the official documentation for more information. Defaults to false.
    reservation_affinity ClusterNodePoolNodeConfigReservationAffinity
    The configuration of the desired reservation which instances could take capacity from. Structure is documented below.
    resource_labels Mapping[str, str]
    The GCP labels (key/value pairs) to be applied to each node. Refer here for how these labels are applied to clusters, node pools and nodes.
    resource_manager_tags Mapping[str, str]
    A map of resource manager tag keys and values to be attached to the nodes for managing Compute Engine firewalls using Network Firewall Policies. Tags must be according to specifications found here. A maximum of 5 tag key-value pairs can be specified. Existing tags will be replaced with new values. Tags must be in one of the following formats ([KEY]=[VALUE]) 1. tagKeys/{tag_key_id}=tagValues/{tag_value_id} 2. {org_id}/{tag_key_name}={tag_value_name} 3. {project_id}/{tag_key_name}={tag_value_name}.
    sandbox_config ClusterNodePoolNodeConfigSandboxConfig
    Sandbox configuration for this node.
    secondary_boot_disks Sequence[ClusterNodePoolNodeConfigSecondaryBootDisk]
    Parameters for secondary boot disks to preload container images and data on new nodes. Structure is documented below. gcfs_config must be enabled=true for this feature to work. min_master_version must also be set to use GKE 1.28.3-gke.106700 or later versions.
    service_account str
    The service account to be used by the Node VMs. If not specified, the "default" service account is used.
    shielded_instance_config ClusterNodePoolNodeConfigShieldedInstanceConfig
    Shielded Instance options. Structure is documented below.
    sole_tenant_config ClusterNodePoolNodeConfigSoleTenantConfig
    Allows specifying multiple node affinities useful for running workloads on sole tenant nodes. node_affinity structure is documented below.
    spot bool
    A boolean that represents whether the underlying node VMs are spot. See the official documentation for more information. Defaults to false.
    storage_pools Sequence[str]
    The list of Storage Pools where boot disks are provisioned.
    tags Sequence[str]
    The list of instance tags applied to all nodes. Tags are used to identify valid sources or targets for network firewalls.
    taints Sequence[ClusterNodePoolNodeConfigTaint]
    A list of Kubernetes taints to apply to nodes. GKE's API can only set this field on cluster creation. However, GKE will add taints to your nodes if you enable certain features such as GPUs. If this field is set, any diffs on this field will cause the provider to recreate the underlying resource. Taint values can be updated safely in Kubernetes (eg. through kubectl), and it's recommended that you do not use this field to manage taints. If you do, lifecycle.ignore_changes is recommended. Structure is documented below.
    workload_metadata_config ClusterNodePoolNodeConfigWorkloadMetadataConfig
    Metadata configuration to expose to workloads on the node pool. Structure is documented below.
    advancedMachineFeatures Property Map
    Specifies options for controlling advanced machine features. Structure is documented below.
    bootDiskKmsKey String
    The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool. This should be of the form projects/[KEY_PROJECT_ID]/locations/[LOCATION]/keyRings/[RING_NAME]/cryptoKeys/[KEY_NAME]. For more information about protecting resources with Cloud KMS Keys please see: https://cloud.google.com/compute/docs/disks/customer-managed-encryption
    confidentialNodes Property Map
    Configuration for Confidential Nodes feature. Structure is documented below.
    containerdConfig Property Map
    Parameters to customize containerd runtime. Structure is documented below.
    diskSizeGb Number
    Size of the disk attached to each node, specified in GB. The smallest allowed disk size is 10GB. Defaults to 100GB.
    diskType String
    Type of the disk attached to each node (e.g. 'pd-standard', 'pd-balanced' or 'pd-ssd'). If unspecified, the default disk type is 'pd-standard'
    effectiveTaints List<Property Map>
    List of kubernetes taints applied to each node. Structure is documented above.
    enableConfidentialStorage Boolean
    Enabling Confidential Storage will create boot disk with confidential mode. It is disabled by default.
    ephemeralStorageConfig Property Map
    Parameters for the ephemeral storage filesystem. If unspecified, ephemeral storage is backed by the boot disk. Structure is documented below.
    ephemeralStorageLocalSsdConfig Property Map
    Parameters for the ephemeral storage filesystem. If unspecified, ephemeral storage is backed by the boot disk. Structure is documented below.
    fastSocket Property Map
    Parameters for the NCCL Fast Socket feature. If unspecified, NCCL Fast Socket will not be enabled on the node pool. Node Pool must enable gvnic. GKE version 1.25.2-gke.1700 or later. Structure is documented below.
    gcfsConfig Property Map
    Parameters for the Google Container Filesystem (GCFS). If unspecified, GCFS will not be enabled on the node pool. When enabling this feature you must specify image_type = "COS_CONTAINERD" and node_version from GKE versions 1.19 or later to use it. For GKE versions 1.19, 1.20, and 1.21, the recommended minimum node_version would be 1.19.15-gke.1300, 1.20.11-gke.1300, and 1.21.5-gke.1300 respectively. A machine_type that has more than 16 GiB of memory is also recommended. GCFS must be enabled in order to use image streaming. Structure is documented below.
    guestAccelerators List<Property Map>
    List of the type and count of accelerator cards attached to the instance. Structure documented below.
    gvnic Property Map
    Google Virtual NIC (gVNIC) is a virtual network interface. Installing the gVNIC driver allows for more efficient traffic transmission across the Google network infrastructure. gVNIC is an alternative to the virtIO-based ethernet driver. GKE nodes must use a Container-Optimized OS node image. GKE node version 1.15.11-gke.15 or later Structure is documented below.
    hostMaintenancePolicy Property Map
    The maintenance policy for the hosts on which the GKE VMs run on.
    imageType String
    The image type to use for this node. Note that changing the image type will delete and recreate all nodes in the node pool.
    kubeletConfig Property Map
    Kubelet configuration, currently supported attributes can be found here. Structure is documented below.

    kubelet_config {
    cpu_manager_policy   = "static"
    cpu_cfs_quota        = true
    cpu_cfs_quota_period = "100us"
    pod_pids_limit       = 1024
    }
    
    labels Map<String>
    The Kubernetes labels (key/value pairs) to be applied to each node. The kubernetes.io/ and k8s.io/ prefixes are reserved by Kubernetes Core components and cannot be specified.
    linuxNodeConfig Property Map
    Parameters that can be configured on Linux nodes. Structure is documented below.
    localNvmeSsdBlockConfig Property Map
    Parameters for the local NVMe SSDs. Structure is documented below.
    localSsdCount Number
    The amount of local SSD disks that will be attached to each cluster node. Defaults to 0.
    loggingVariant String
    Parameter for specifying the type of logging agent used in a node pool. This will override any cluster-wide default value. Valid values include DEFAULT and MAX_THROUGHPUT. See Increasing logging agent throughput for more information.
    machineType String
    The name of a Google Compute Engine machine type. Defaults to e2-medium. To create a custom machine type, value should be set as specified here.
    metadata Map<String>
    The metadata key/value pairs assigned to instances in the cluster. From GKE 1.12 onwards, disable-legacy-endpoints is set to true by the API; if metadata is set but that default value is not included, the provider will attempt to unset the value. To avoid this, set the value in your config.
    minCpuPlatform String
    Minimum CPU platform to be used by this instance. The instance may be scheduled on the specified or newer CPU platform. Applicable values are the friendly names of CPU platforms, such as Intel Haswell. See the official documentation for more information.
    nodeGroup String
    Setting this field will assign instances of this pool to run on the specified node group. This is useful for running workloads on sole tenant nodes.
    oauthScopes List<String>

    The set of Google API scopes to be made available on all of the node VMs under the "default" service account. Use the "https://www.googleapis.com/auth/cloud-platform" scope to grant access to all APIs. It is recommended that you set service_account to a non-default service account and grant IAM roles to that service account for only the resources that it needs.

    See the official documentation for information on migrating off of legacy access scopes.

    preemptible Boolean
    A boolean that represents whether or not the underlying node VMs are preemptible. See the official documentation for more information. Defaults to false.
    reservationAffinity Property Map
    The configuration of the desired reservation which instances could take capacity from. Structure is documented below.
    resourceLabels Map<String>
    The GCP labels (key/value pairs) to be applied to each node. Refer here for how these labels are applied to clusters, node pools and nodes.
    resourceManagerTags Map<String>
    A map of resource manager tag keys and values to be attached to the nodes for managing Compute Engine firewalls using Network Firewall Policies. Tags must be according to specifications found here. A maximum of 5 tag key-value pairs can be specified. Existing tags will be replaced with new values. Tags must be in one of the following formats ([KEY]=[VALUE]) 1. tagKeys/{tag_key_id}=tagValues/{tag_value_id} 2. {org_id}/{tag_key_name}={tag_value_name} 3. {project_id}/{tag_key_name}={tag_value_name}.
    sandboxConfig Property Map
    Sandbox configuration for this node.
    secondaryBootDisks List<Property Map>
    Parameters for secondary boot disks to preload container images and data on new nodes. Structure is documented below. gcfs_config must be enabled=true for this feature to work. min_master_version must also be set to use GKE 1.28.3-gke.106700 or later versions.
    serviceAccount String
    The service account to be used by the Node VMs. If not specified, the "default" service account is used.
    shieldedInstanceConfig Property Map
    Shielded Instance options. Structure is documented below.
    soleTenantConfig Property Map
    Allows specifying multiple node affinities useful for running workloads on sole tenant nodes. node_affinity structure is documented below.
    spot Boolean
    A boolean that represents whether the underlying node VMs are spot. See the official documentation for more information. Defaults to false.
    storagePools List<String>
    The list of Storage Pools where boot disks are provisioned.
    tags List<String>
    The list of instance tags applied to all nodes. Tags are used to identify valid sources or targets for network firewalls.
    taints List<Property Map>
    A list of Kubernetes taints to apply to nodes. GKE's API can only set this field on cluster creation. However, GKE will add taints to your nodes if you enable certain features such as GPUs. If this field is set, any diffs on this field will cause the provider to recreate the underlying resource. Taint values can be updated safely in Kubernetes (eg. through kubectl), and it's recommended that you do not use this field to manage taints. If you do, lifecycle.ignore_changes is recommended. Structure is documented below.
    workloadMetadataConfig Property Map
    Metadata configuration to expose to workloads on the node pool. Structure is documented below.

    ClusterNodePoolNodeConfigAdvancedMachineFeatures, ClusterNodePoolNodeConfigAdvancedMachineFeaturesArgs

    ThreadsPerCore int
    The number of threads per physical core. To disable simultaneous multithreading (SMT) set this to 1. If unset, the maximum number of threads supported per core by the underlying processor is assumed.
    EnableNestedVirtualization bool
    Defines whether the instance should have nested virtualization enabled. Defaults to false.
    ThreadsPerCore int
    The number of threads per physical core. To disable simultaneous multithreading (SMT) set this to 1. If unset, the maximum number of threads supported per core by the underlying processor is assumed.
    EnableNestedVirtualization bool
    Defines whether the instance should have nested virtualization enabled. Defaults to false.
    threadsPerCore Integer
    The number of threads per physical core. To disable simultaneous multithreading (SMT) set this to 1. If unset, the maximum number of threads supported per core by the underlying processor is assumed.
    enableNestedVirtualization Boolean
    Defines whether the instance should have nested virtualization enabled. Defaults to false.
    threadsPerCore number
    The number of threads per physical core. To disable simultaneous multithreading (SMT) set this to 1. If unset, the maximum number of threads supported per core by the underlying processor is assumed.
    enableNestedVirtualization boolean
    Defines whether the instance should have nested virtualization enabled. Defaults to false.
    threads_per_core int
    The number of threads per physical core. To disable simultaneous multithreading (SMT) set this to 1. If unset, the maximum number of threads supported per core by the underlying processor is assumed.
    enable_nested_virtualization bool
    Defines whether the instance should have nested virtualization enabled. Defaults to false.
    threadsPerCore Number
    The number of threads per physical core. To disable simultaneous multithreading (SMT) set this to 1. If unset, the maximum number of threads supported per core by the underlying processor is assumed.
    enableNestedVirtualization Boolean
    Defines whether the instance should have nested virtualization enabled. Defaults to false.

    ClusterNodePoolNodeConfigConfidentialNodes, ClusterNodePoolNodeConfigConfidentialNodesArgs

    Enabled bool
    Enable Confidential GKE Nodes for this cluster, to enforce encryption of data in-use.
    Enabled bool
    Enable Confidential GKE Nodes for this cluster, to enforce encryption of data in-use.
    enabled Boolean
    Enable Confidential GKE Nodes for this cluster, to enforce encryption of data in-use.
    enabled boolean
    Enable Confidential GKE Nodes for this cluster, to enforce encryption of data in-use.
    enabled bool
    Enable Confidential GKE Nodes for this cluster, to enforce encryption of data in-use.
    enabled Boolean
    Enable Confidential GKE Nodes for this cluster, to enforce encryption of data in-use.

    ClusterNodePoolNodeConfigContainerdConfig, ClusterNodePoolNodeConfigContainerdConfigArgs

    PrivateRegistryAccessConfig ClusterNodePoolNodeConfigContainerdConfigPrivateRegistryAccessConfig
    Configuration for private container registries. There are two fields in this config:
    PrivateRegistryAccessConfig ClusterNodePoolNodeConfigContainerdConfigPrivateRegistryAccessConfig
    Configuration for private container registries. There are two fields in this config:
    privateRegistryAccessConfig ClusterNodePoolNodeConfigContainerdConfigPrivateRegistryAccessConfig
    Configuration for private container registries. There are two fields in this config:
    privateRegistryAccessConfig ClusterNodePoolNodeConfigContainerdConfigPrivateRegistryAccessConfig
    Configuration for private container registries. There are two fields in this config:
    private_registry_access_config ClusterNodePoolNodeConfigContainerdConfigPrivateRegistryAccessConfig
    Configuration for private container registries. There are two fields in this config:
    privateRegistryAccessConfig Property Map
    Configuration for private container registries. There are two fields in this config:

    ClusterNodePoolNodeConfigContainerdConfigPrivateRegistryAccessConfig, ClusterNodePoolNodeConfigContainerdConfigPrivateRegistryAccessConfigArgs

    Enabled bool
    Enables private registry config. If set to false, all other fields in this object must not be set.
    CertificateAuthorityDomainConfigs List<ClusterNodePoolNodeConfigContainerdConfigPrivateRegistryAccessConfigCertificateAuthorityDomainConfig>
    List of configuration objects for CA and domains. Each object identifies a certificate and its assigned domains. See how to configure for private container registries for more detail. Example:
    Enabled bool
    Enables private registry config. If set to false, all other fields in this object must not be set.
    CertificateAuthorityDomainConfigs []ClusterNodePoolNodeConfigContainerdConfigPrivateRegistryAccessConfigCertificateAuthorityDomainConfig
    List of configuration objects for CA and domains. Each object identifies a certificate and its assigned domains. See how to configure for private container registries for more detail. Example:
    enabled Boolean
    Enables private registry config. If set to false, all other fields in this object must not be set.
    certificateAuthorityDomainConfigs List<ClusterNodePoolNodeConfigContainerdConfigPrivateRegistryAccessConfigCertificateAuthorityDomainConfig>
    List of configuration objects for CA and domains. Each object identifies a certificate and its assigned domains. See how to configure for private container registries for more detail. Example:
    enabled boolean
    Enables private registry config. If set to false, all other fields in this object must not be set.
    certificateAuthorityDomainConfigs ClusterNodePoolNodeConfigContainerdConfigPrivateRegistryAccessConfigCertificateAuthorityDomainConfig[]
    List of configuration objects for CA and domains. Each object identifies a certificate and its assigned domains. See how to configure for private container registries for more detail. Example:
    enabled bool
    Enables private registry config. If set to false, all other fields in this object must not be set.
    certificate_authority_domain_configs Sequence[ClusterNodePoolNodeConfigContainerdConfigPrivateRegistryAccessConfigCertificateAuthorityDomainConfig]
    List of configuration objects for CA and domains. Each object identifies a certificate and its assigned domains. See how to configure for private container registries for more detail. Example:
    enabled Boolean
    Enables private registry config. If set to false, all other fields in this object must not be set.
    certificateAuthorityDomainConfigs List<Property Map>
    List of configuration objects for CA and domains. Each object identifies a certificate and its assigned domains. See how to configure for private container registries for more detail. Example:

    ClusterNodePoolNodeConfigContainerdConfigPrivateRegistryAccessConfigCertificateAuthorityDomainConfig, ClusterNodePoolNodeConfigContainerdConfigPrivateRegistryAccessConfigCertificateAuthorityDomainConfigArgs

    Fqdns List<string>
    List of fully-qualified-domain-names. IPv4s and port specification are supported.
    GcpSecretManagerCertificateConfig ClusterNodePoolNodeConfigContainerdConfigPrivateRegistryAccessConfigCertificateAuthorityDomainConfigGcpSecretManagerCertificateConfig
    Parameters for configuring a certificate hosted in GCP SecretManager.
    Fqdns []string
    List of fully-qualified-domain-names. IPv4s and port specification are supported.
    GcpSecretManagerCertificateConfig ClusterNodePoolNodeConfigContainerdConfigPrivateRegistryAccessConfigCertificateAuthorityDomainConfigGcpSecretManagerCertificateConfig
    Parameters for configuring a certificate hosted in GCP SecretManager.
    fqdns List<String>
    List of fully-qualified-domain-names. IPv4s and port specification are supported.
    gcpSecretManagerCertificateConfig ClusterNodePoolNodeConfigContainerdConfigPrivateRegistryAccessConfigCertificateAuthorityDomainConfigGcpSecretManagerCertificateConfig
    Parameters for configuring a certificate hosted in GCP SecretManager.
    fqdns string[]
    List of fully-qualified-domain-names. IPv4s and port specification are supported.
    gcpSecretManagerCertificateConfig ClusterNodePoolNodeConfigContainerdConfigPrivateRegistryAccessConfigCertificateAuthorityDomainConfigGcpSecretManagerCertificateConfig
    Parameters for configuring a certificate hosted in GCP SecretManager.
    fqdns Sequence[str]
    List of fully-qualified-domain-names. IPv4s and port specification are supported.
    gcp_secret_manager_certificate_config ClusterNodePoolNodeConfigContainerdConfigPrivateRegistryAccessConfigCertificateAuthorityDomainConfigGcpSecretManagerCertificateConfig
    Parameters for configuring a certificate hosted in GCP SecretManager.
    fqdns List<String>
    List of fully-qualified-domain-names. IPv4s and port specification are supported.
    gcpSecretManagerCertificateConfig Property Map
    Parameters for configuring a certificate hosted in GCP SecretManager.

    ClusterNodePoolNodeConfigContainerdConfigPrivateRegistryAccessConfigCertificateAuthorityDomainConfigGcpSecretManagerCertificateConfig, ClusterNodePoolNodeConfigContainerdConfigPrivateRegistryAccessConfigCertificateAuthorityDomainConfigGcpSecretManagerCertificateConfigArgs

    SecretUri string
    URI for the secret that hosts a certificate. Must be in the format 'projects/PROJECT_NUM/secrets/SECRET_NAME/versions/VERSION_OR_LATEST'.
    SecretUri string
    URI for the secret that hosts a certificate. Must be in the format 'projects/PROJECT_NUM/secrets/SECRET_NAME/versions/VERSION_OR_LATEST'.
    secretUri String
    URI for the secret that hosts a certificate. Must be in the format 'projects/PROJECT_NUM/secrets/SECRET_NAME/versions/VERSION_OR_LATEST'.
    secretUri string
    URI for the secret that hosts a certificate. Must be in the format 'projects/PROJECT_NUM/secrets/SECRET_NAME/versions/VERSION_OR_LATEST'.
    secret_uri str
    URI for the secret that hosts a certificate. Must be in the format 'projects/PROJECT_NUM/secrets/SECRET_NAME/versions/VERSION_OR_LATEST'.
    secretUri String
    URI for the secret that hosts a certificate. Must be in the format 'projects/PROJECT_NUM/secrets/SECRET_NAME/versions/VERSION_OR_LATEST'.

    ClusterNodePoolNodeConfigEffectiveTaint, ClusterNodePoolNodeConfigEffectiveTaintArgs

    Effect string
    Effect for taint.
    Key string
    Key for taint.
    Value string
    Value for taint.
    Effect string
    Effect for taint.
    Key string
    Key for taint.
    Value string
    Value for taint.
    effect String
    Effect for taint.
    key String
    Key for taint.
    value String
    Value for taint.
    effect string
    Effect for taint.
    key string
    Key for taint.
    value string
    Value for taint.
    effect str
    Effect for taint.
    key str
    Key for taint.
    value str
    Value for taint.
    effect String
    Effect for taint.
    key String
    Key for taint.
    value String
    Value for taint.

    ClusterNodePoolNodeConfigEphemeralStorageConfig, ClusterNodePoolNodeConfigEphemeralStorageConfigArgs

    LocalSsdCount int
    Number of local SSDs to use to back ephemeral storage. Uses NVMe interfaces. Each local SSD is 375 GB in size. If zero, it means to disable using local SSDs as ephemeral storage.
    LocalSsdCount int
    Number of local SSDs to use to back ephemeral storage. Uses NVMe interfaces. Each local SSD is 375 GB in size. If zero, it means to disable using local SSDs as ephemeral storage.
    localSsdCount Integer
    Number of local SSDs to use to back ephemeral storage. Uses NVMe interfaces. Each local SSD is 375 GB in size. If zero, it means to disable using local SSDs as ephemeral storage.
    localSsdCount number
    Number of local SSDs to use to back ephemeral storage. Uses NVMe interfaces. Each local SSD is 375 GB in size. If zero, it means to disable using local SSDs as ephemeral storage.
    local_ssd_count int
    Number of local SSDs to use to back ephemeral storage. Uses NVMe interfaces. Each local SSD is 375 GB in size. If zero, it means to disable using local SSDs as ephemeral storage.
    localSsdCount Number
    Number of local SSDs to use to back ephemeral storage. Uses NVMe interfaces. Each local SSD is 375 GB in size. If zero, it means to disable using local SSDs as ephemeral storage.

    ClusterNodePoolNodeConfigEphemeralStorageLocalSsdConfig, ClusterNodePoolNodeConfigEphemeralStorageLocalSsdConfigArgs

    LocalSsdCount int
    Number of local SSDs to use to back ephemeral storage. Uses NVMe interfaces. Each local SSD is 375 GB in size. If zero, it means to disable using local SSDs as ephemeral storage.
    LocalSsdCount int
    Number of local SSDs to use to back ephemeral storage. Uses NVMe interfaces. Each local SSD is 375 GB in size. If zero, it means to disable using local SSDs as ephemeral storage.
    localSsdCount Integer
    Number of local SSDs to use to back ephemeral storage. Uses NVMe interfaces. Each local SSD is 375 GB in size. If zero, it means to disable using local SSDs as ephemeral storage.
    localSsdCount number
    Number of local SSDs to use to back ephemeral storage. Uses NVMe interfaces. Each local SSD is 375 GB in size. If zero, it means to disable using local SSDs as ephemeral storage.
    local_ssd_count int
    Number of local SSDs to use to back ephemeral storage. Uses NVMe interfaces. Each local SSD is 375 GB in size. If zero, it means to disable using local SSDs as ephemeral storage.
    localSsdCount Number
    Number of local SSDs to use to back ephemeral storage. Uses NVMe interfaces. Each local SSD is 375 GB in size. If zero, it means to disable using local SSDs as ephemeral storage.

    ClusterNodePoolNodeConfigFastSocket, ClusterNodePoolNodeConfigFastSocketArgs

    Enabled bool
    Whether or not the NCCL Fast Socket is enabled
    Enabled bool
    Whether or not the NCCL Fast Socket is enabled
    enabled Boolean
    Whether or not the NCCL Fast Socket is enabled
    enabled boolean
    Whether or not the NCCL Fast Socket is enabled
    enabled bool
    Whether or not the NCCL Fast Socket is enabled
    enabled Boolean
    Whether or not the NCCL Fast Socket is enabled

    ClusterNodePoolNodeConfigGcfsConfig, ClusterNodePoolNodeConfigGcfsConfigArgs

    Enabled bool
    Whether or not the Google Container Filesystem (GCFS) is enabled
    Enabled bool
    Whether or not the Google Container Filesystem (GCFS) is enabled
    enabled Boolean
    Whether or not the Google Container Filesystem (GCFS) is enabled
    enabled boolean
    Whether or not the Google Container Filesystem (GCFS) is enabled
    enabled bool
    Whether or not the Google Container Filesystem (GCFS) is enabled
    enabled Boolean
    Whether or not the Google Container Filesystem (GCFS) is enabled

    ClusterNodePoolNodeConfigGuestAccelerator, ClusterNodePoolNodeConfigGuestAcceleratorArgs

    Count int
    The number of the guest accelerator cards exposed to this instance.
    Type string
    The accelerator type resource to expose to this instance. E.g. nvidia-tesla-k80.
    GpuDriverInstallationConfig ClusterNodePoolNodeConfigGuestAcceleratorGpuDriverInstallationConfig
    Configuration for auto installation of GPU driver. Structure is documented below.
    GpuPartitionSize string
    Size of partitions to create on the GPU. Valid values are described in the NVIDIA mig user guide.
    GpuSharingConfig ClusterNodePoolNodeConfigGuestAcceleratorGpuSharingConfig
    Configuration for GPU sharing. Structure is documented below.
    Count int
    The number of the guest accelerator cards exposed to this instance.
    Type string
    The accelerator type resource to expose to this instance. E.g. nvidia-tesla-k80.
    GpuDriverInstallationConfig ClusterNodePoolNodeConfigGuestAcceleratorGpuDriverInstallationConfig
    Configuration for auto installation of GPU driver. Structure is documented below.
    GpuPartitionSize string
    Size of partitions to create on the GPU. Valid values are described in the NVIDIA mig user guide.
    GpuSharingConfig ClusterNodePoolNodeConfigGuestAcceleratorGpuSharingConfig
    Configuration for GPU sharing. Structure is documented below.
    count Integer
    The number of the guest accelerator cards exposed to this instance.
    type String
    The accelerator type resource to expose to this instance. E.g. nvidia-tesla-k80.
    gpuDriverInstallationConfig ClusterNodePoolNodeConfigGuestAcceleratorGpuDriverInstallationConfig
    Configuration for auto installation of GPU driver. Structure is documented below.
    gpuPartitionSize String
    Size of partitions to create on the GPU. Valid values are described in the NVIDIA mig user guide.
    gpuSharingConfig ClusterNodePoolNodeConfigGuestAcceleratorGpuSharingConfig
    Configuration for GPU sharing. Structure is documented below.
    count number
    The number of the guest accelerator cards exposed to this instance.
    type string
    The accelerator type resource to expose to this instance. E.g. nvidia-tesla-k80.
    gpuDriverInstallationConfig ClusterNodePoolNodeConfigGuestAcceleratorGpuDriverInstallationConfig
    Configuration for auto installation of GPU driver. Structure is documented below.
    gpuPartitionSize string
    Size of partitions to create on the GPU. Valid values are described in the NVIDIA mig user guide.
    gpuSharingConfig ClusterNodePoolNodeConfigGuestAcceleratorGpuSharingConfig
    Configuration for GPU sharing. Structure is documented below.
    count int
    The number of the guest accelerator cards exposed to this instance.
    type str
    The accelerator type resource to expose to this instance. E.g. nvidia-tesla-k80.
    gpu_driver_installation_config ClusterNodePoolNodeConfigGuestAcceleratorGpuDriverInstallationConfig
    Configuration for auto installation of GPU driver. Structure is documented below.
    gpu_partition_size str
    Size of partitions to create on the GPU. Valid values are described in the NVIDIA mig user guide.
    gpu_sharing_config ClusterNodePoolNodeConfigGuestAcceleratorGpuSharingConfig
    Configuration for GPU sharing. Structure is documented below.
    count Number
    The number of the guest accelerator cards exposed to this instance.
    type String
    The accelerator type resource to expose to this instance. E.g. nvidia-tesla-k80.
    gpuDriverInstallationConfig Property Map
    Configuration for auto installation of GPU driver. Structure is documented below.
    gpuPartitionSize String
    Size of partitions to create on the GPU. Valid values are described in the NVIDIA mig user guide.
    gpuSharingConfig Property Map
    Configuration for GPU sharing. Structure is documented below.

    ClusterNodePoolNodeConfigGuestAcceleratorGpuDriverInstallationConfig, ClusterNodePoolNodeConfigGuestAcceleratorGpuDriverInstallationConfigArgs

    GpuDriverVersion string
    Mode for how the GPU driver is installed. Accepted values are:

    • "GPU_DRIVER_VERSION_UNSPECIFIED": Default value is to not install any GPU driver.
    • "INSTALLATION_DISABLED": Disable GPU driver auto installation and needs manual installation.
    • "DEFAULT": "Default" GPU driver in COS and Ubuntu.
    • "LATEST": "Latest" GPU driver in COS.
    GpuDriverVersion string
    Mode for how the GPU driver is installed. Accepted values are:

    • "GPU_DRIVER_VERSION_UNSPECIFIED": Default value is to not install any GPU driver.
    • "INSTALLATION_DISABLED": Disable GPU driver auto installation and needs manual installation.
    • "DEFAULT": "Default" GPU driver in COS and Ubuntu.
    • "LATEST": "Latest" GPU driver in COS.
    gpuDriverVersion String
    Mode for how the GPU driver is installed. Accepted values are:

    • "GPU_DRIVER_VERSION_UNSPECIFIED": Default value is to not install any GPU driver.
    • "INSTALLATION_DISABLED": Disable GPU driver auto installation and needs manual installation.
    • "DEFAULT": "Default" GPU driver in COS and Ubuntu.
    • "LATEST": "Latest" GPU driver in COS.
    gpuDriverVersion string
    Mode for how the GPU driver is installed. Accepted values are:

    • "GPU_DRIVER_VERSION_UNSPECIFIED": Default value is to not install any GPU driver.
    • "INSTALLATION_DISABLED": Disable GPU driver auto installation and needs manual installation.
    • "DEFAULT": "Default" GPU driver in COS and Ubuntu.
    • "LATEST": "Latest" GPU driver in COS.
    gpu_driver_version str
    Mode for how the GPU driver is installed. Accepted values are:

    • "GPU_DRIVER_VERSION_UNSPECIFIED": Default value is to not install any GPU driver.
    • "INSTALLATION_DISABLED": Disable GPU driver auto installation and needs manual installation.
    • "DEFAULT": "Default" GPU driver in COS and Ubuntu.
    • "LATEST": "Latest" GPU driver in COS.
    gpuDriverVersion String
    Mode for how the GPU driver is installed. Accepted values are:

    • "GPU_DRIVER_VERSION_UNSPECIFIED": Default value is to not install any GPU driver.
    • "INSTALLATION_DISABLED": Disable GPU driver auto installation and needs manual installation.
    • "DEFAULT": "Default" GPU driver in COS and Ubuntu.
    • "LATEST": "Latest" GPU driver in COS.

    ClusterNodePoolNodeConfigGuestAcceleratorGpuSharingConfig, ClusterNodePoolNodeConfigGuestAcceleratorGpuSharingConfigArgs

    GpuSharingStrategy string
    The type of GPU sharing strategy to enable on the GPU node. Accepted values are:

    • "TIME_SHARING": Allow multiple containers to have time-shared access to a single GPU device.
    • "MPS": Enable co-operative multi-process CUDA workloads to run concurrently on a single GPU device with MPS
    MaxSharedClientsPerGpu int
    The maximum number of containers that can share a GPU.
    GpuSharingStrategy string
    The type of GPU sharing strategy to enable on the GPU node. Accepted values are:

    • "TIME_SHARING": Allow multiple containers to have time-shared access to a single GPU device.
    • "MPS": Enable co-operative multi-process CUDA workloads to run concurrently on a single GPU device with MPS
    MaxSharedClientsPerGpu int
    The maximum number of containers that can share a GPU.
    gpuSharingStrategy String
    The type of GPU sharing strategy to enable on the GPU node. Accepted values are:

    • "TIME_SHARING": Allow multiple containers to have time-shared access to a single GPU device.
    • "MPS": Enable co-operative multi-process CUDA workloads to run concurrently on a single GPU device with MPS
    maxSharedClientsPerGpu Integer
    The maximum number of containers that can share a GPU.
    gpuSharingStrategy string
    The type of GPU sharing strategy to enable on the GPU node. Accepted values are:

    • "TIME_SHARING": Allow multiple containers to have time-shared access to a single GPU device.
    • "MPS": Enable co-operative multi-process CUDA workloads to run concurrently on a single GPU device with MPS
    maxSharedClientsPerGpu number
    The maximum number of containers that can share a GPU.
    gpu_sharing_strategy str
    The type of GPU sharing strategy to enable on the GPU node. Accepted values are:

    • "TIME_SHARING": Allow multiple containers to have time-shared access to a single GPU device.
    • "MPS": Enable co-operative multi-process CUDA workloads to run concurrently on a single GPU device with MPS
    max_shared_clients_per_gpu int
    The maximum number of containers that can share a GPU.
    gpuSharingStrategy String
    The type of GPU sharing strategy to enable on the GPU node. Accepted values are:

    • "TIME_SHARING": Allow multiple containers to have time-shared access to a single GPU device.
    • "MPS": Enable co-operative multi-process CUDA workloads to run concurrently on a single GPU device with MPS
    maxSharedClientsPerGpu Number
    The maximum number of containers that can share a GPU.

    ClusterNodePoolNodeConfigGvnic, ClusterNodePoolNodeConfigGvnicArgs

    Enabled bool
    Whether or not the Google Virtual NIC (gVNIC) is enabled
    Enabled bool
    Whether or not the Google Virtual NIC (gVNIC) is enabled
    enabled Boolean
    Whether or not the Google Virtual NIC (gVNIC) is enabled
    enabled boolean
    Whether or not the Google Virtual NIC (gVNIC) is enabled
    enabled bool
    Whether or not the Google Virtual NIC (gVNIC) is enabled
    enabled Boolean
    Whether or not the Google Virtual NIC (gVNIC) is enabled

    ClusterNodePoolNodeConfigHostMaintenancePolicy, ClusterNodePoolNodeConfigHostMaintenancePolicyArgs

    ClusterNodePoolNodeConfigKubeletConfig, ClusterNodePoolNodeConfigKubeletConfigArgs

    CpuCfsQuota bool
    If true, enables CPU CFS quota enforcement for containers that specify CPU limits.
    CpuCfsQuotaPeriod string
    The CPU CFS quota period value. Specified as a sequence of decimal numbers, each with optional fraction and a unit suffix, such as "300ms". Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h". The value must be a positive duration.
    CpuManagerPolicy string
    The CPU management policy on the node. See K8S CPU Management Policies. One of "none" or "static". If unset (or set to the empty string ""), the API will treat the field as if set to "none". Prior to the 6.4.0 this field was marked as required. The workaround for the required field is setting the empty string "", which will function identically to not setting this field.
    InsecureKubeletReadonlyPortEnabled string
    Controls whether the kubelet read-only port is enabled. It is strongly recommended to set this to FALSE. Possible values: TRUE, FALSE.
    PodPidsLimit int
    Controls the maximum number of processes allowed to run in a pod. The value must be greater than or equal to 1024 and less than 4194304.
    CpuCfsQuota bool
    If true, enables CPU CFS quota enforcement for containers that specify CPU limits.
    CpuCfsQuotaPeriod string
    The CPU CFS quota period value. Specified as a sequence of decimal numbers, each with optional fraction and a unit suffix, such as "300ms". Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h". The value must be a positive duration.
    CpuManagerPolicy string
    The CPU management policy on the node. See K8S CPU Management Policies. One of "none" or "static". If unset (or set to the empty string ""), the API will treat the field as if set to "none". Prior to the 6.4.0 this field was marked as required. The workaround for the required field is setting the empty string "", which will function identically to not setting this field.
    InsecureKubeletReadonlyPortEnabled string
    Controls whether the kubelet read-only port is enabled. It is strongly recommended to set this to FALSE. Possible values: TRUE, FALSE.
    PodPidsLimit int
    Controls the maximum number of processes allowed to run in a pod. The value must be greater than or equal to 1024 and less than 4194304.
    cpuCfsQuota Boolean
    If true, enables CPU CFS quota enforcement for containers that specify CPU limits.
    cpuCfsQuotaPeriod String
    The CPU CFS quota period value. Specified as a sequence of decimal numbers, each with optional fraction and a unit suffix, such as "300ms". Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h". The value must be a positive duration.
    cpuManagerPolicy String
    The CPU management policy on the node. See K8S CPU Management Policies. One of "none" or "static". If unset (or set to the empty string ""), the API will treat the field as if set to "none". Prior to the 6.4.0 this field was marked as required. The workaround for the required field is setting the empty string "", which will function identically to not setting this field.
    insecureKubeletReadonlyPortEnabled String
    Controls whether the kubelet read-only port is enabled. It is strongly recommended to set this to FALSE. Possible values: TRUE, FALSE.
    podPidsLimit Integer
    Controls the maximum number of processes allowed to run in a pod. The value must be greater than or equal to 1024 and less than 4194304.
    cpuCfsQuota boolean
    If true, enables CPU CFS quota enforcement for containers that specify CPU limits.
    cpuCfsQuotaPeriod string
    The CPU CFS quota period value. Specified as a sequence of decimal numbers, each with optional fraction and a unit suffix, such as "300ms". Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h". The value must be a positive duration.
    cpuManagerPolicy string
    The CPU management policy on the node. See K8S CPU Management Policies. One of "none" or "static". If unset (or set to the empty string ""), the API will treat the field as if set to "none". Prior to the 6.4.0 this field was marked as required. The workaround for the required field is setting the empty string "", which will function identically to not setting this field.
    insecureKubeletReadonlyPortEnabled string
    Controls whether the kubelet read-only port is enabled. It is strongly recommended to set this to FALSE. Possible values: TRUE, FALSE.
    podPidsLimit number
    Controls the maximum number of processes allowed to run in a pod. The value must be greater than or equal to 1024 and less than 4194304.
    cpu_cfs_quota bool
    If true, enables CPU CFS quota enforcement for containers that specify CPU limits.
    cpu_cfs_quota_period str
    The CPU CFS quota period value. Specified as a sequence of decimal numbers, each with optional fraction and a unit suffix, such as "300ms". Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h". The value must be a positive duration.
    cpu_manager_policy str
    The CPU management policy on the node. See K8S CPU Management Policies. One of "none" or "static". If unset (or set to the empty string ""), the API will treat the field as if set to "none". Prior to the 6.4.0 this field was marked as required. The workaround for the required field is setting the empty string "", which will function identically to not setting this field.
    insecure_kubelet_readonly_port_enabled str
    Controls whether the kubelet read-only port is enabled. It is strongly recommended to set this to FALSE. Possible values: TRUE, FALSE.
    pod_pids_limit int
    Controls the maximum number of processes allowed to run in a pod. The value must be greater than or equal to 1024 and less than 4194304.
    cpuCfsQuota Boolean
    If true, enables CPU CFS quota enforcement for containers that specify CPU limits.
    cpuCfsQuotaPeriod String
    The CPU CFS quota period value. Specified as a sequence of decimal numbers, each with optional fraction and a unit suffix, such as "300ms". Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h". The value must be a positive duration.
    cpuManagerPolicy String
    The CPU management policy on the node. See K8S CPU Management Policies. One of "none" or "static". If unset (or set to the empty string ""), the API will treat the field as if set to "none". Prior to the 6.4.0 this field was marked as required. The workaround for the required field is setting the empty string "", which will function identically to not setting this field.
    insecureKubeletReadonlyPortEnabled String
    Controls whether the kubelet read-only port is enabled. It is strongly recommended to set this to FALSE. Possible values: TRUE, FALSE.
    podPidsLimit Number
    Controls the maximum number of processes allowed to run in a pod. The value must be greater than or equal to 1024 and less than 4194304.

    ClusterNodePoolNodeConfigLinuxNodeConfig, ClusterNodePoolNodeConfigLinuxNodeConfigArgs

    CgroupMode string
    Possible cgroup modes that can be used. Accepted values are:

    • CGROUP_MODE_UNSPECIFIED: CGROUP_MODE_UNSPECIFIED is when unspecified cgroup configuration is used. The default for the GKE node OS image will be used.
    • CGROUP_MODE_V1: CGROUP_MODE_V1 specifies to use cgroupv1 for the cgroup configuration on the node image.
    • CGROUP_MODE_V2: CGROUP_MODE_V2 specifies to use cgroupv2 for the cgroup configuration on the node image.
    HugepagesConfig ClusterNodePoolNodeConfigLinuxNodeConfigHugepagesConfig
    Amounts for 2M and 1G hugepages. Structure is documented below.
    Sysctls Dictionary<string, string>
    The Linux kernel parameters to be applied to the nodes and all pods running on the nodes. Specified as a map from the key, such as net.core.wmem_max, to a string value. Currently supported attributes can be found here. Note that validations happen all server side. All attributes are optional.
    CgroupMode string
    Possible cgroup modes that can be used. Accepted values are:

    • CGROUP_MODE_UNSPECIFIED: CGROUP_MODE_UNSPECIFIED is when unspecified cgroup configuration is used. The default for the GKE node OS image will be used.
    • CGROUP_MODE_V1: CGROUP_MODE_V1 specifies to use cgroupv1 for the cgroup configuration on the node image.
    • CGROUP_MODE_V2: CGROUP_MODE_V2 specifies to use cgroupv2 for the cgroup configuration on the node image.
    HugepagesConfig ClusterNodePoolNodeConfigLinuxNodeConfigHugepagesConfig
    Amounts for 2M and 1G hugepages. Structure is documented below.
    Sysctls map[string]string
    The Linux kernel parameters to be applied to the nodes and all pods running on the nodes. Specified as a map from the key, such as net.core.wmem_max, to a string value. Currently supported attributes can be found here. Note that validations happen all server side. All attributes are optional.
    cgroupMode String
    Possible cgroup modes that can be used. Accepted values are:

    • CGROUP_MODE_UNSPECIFIED: CGROUP_MODE_UNSPECIFIED is when unspecified cgroup configuration is used. The default for the GKE node OS image will be used.
    • CGROUP_MODE_V1: CGROUP_MODE_V1 specifies to use cgroupv1 for the cgroup configuration on the node image.
    • CGROUP_MODE_V2: CGROUP_MODE_V2 specifies to use cgroupv2 for the cgroup configuration on the node image.
    hugepagesConfig ClusterNodePoolNodeConfigLinuxNodeConfigHugepagesConfig
    Amounts for 2M and 1G hugepages. Structure is documented below.
    sysctls Map<String,String>
    The Linux kernel parameters to be applied to the nodes and all pods running on the nodes. Specified as a map from the key, such as net.core.wmem_max, to a string value. Currently supported attributes can be found here. Note that validations happen all server side. All attributes are optional.
    cgroupMode string
    Possible cgroup modes that can be used. Accepted values are:

    • CGROUP_MODE_UNSPECIFIED: CGROUP_MODE_UNSPECIFIED is when unspecified cgroup configuration is used. The default for the GKE node OS image will be used.
    • CGROUP_MODE_V1: CGROUP_MODE_V1 specifies to use cgroupv1 for the cgroup configuration on the node image.
    • CGROUP_MODE_V2: CGROUP_MODE_V2 specifies to use cgroupv2 for the cgroup configuration on the node image.
    hugepagesConfig ClusterNodePoolNodeConfigLinuxNodeConfigHugepagesConfig
    Amounts for 2M and 1G hugepages. Structure is documented below.
    sysctls {[key: string]: string}
    The Linux kernel parameters to be applied to the nodes and all pods running on the nodes. Specified as a map from the key, such as net.core.wmem_max, to a string value. Currently supported attributes can be found here. Note that validations happen all server side. All attributes are optional.
    cgroup_mode str
    Possible cgroup modes that can be used. Accepted values are:

    • CGROUP_MODE_UNSPECIFIED: CGROUP_MODE_UNSPECIFIED is when unspecified cgroup configuration is used. The default for the GKE node OS image will be used.
    • CGROUP_MODE_V1: CGROUP_MODE_V1 specifies to use cgroupv1 for the cgroup configuration on the node image.
    • CGROUP_MODE_V2: CGROUP_MODE_V2 specifies to use cgroupv2 for the cgroup configuration on the node image.
    hugepages_config ClusterNodePoolNodeConfigLinuxNodeConfigHugepagesConfig
    Amounts for 2M and 1G hugepages. Structure is documented below.
    sysctls Mapping[str, str]
    The Linux kernel parameters to be applied to the nodes and all pods running on the nodes. Specified as a map from the key, such as net.core.wmem_max, to a string value. Currently supported attributes can be found here. Note that validations happen all server side. All attributes are optional.
    cgroupMode String
    Possible cgroup modes that can be used. Accepted values are:

    • CGROUP_MODE_UNSPECIFIED: CGROUP_MODE_UNSPECIFIED is when unspecified cgroup configuration is used. The default for the GKE node OS image will be used.
    • CGROUP_MODE_V1: CGROUP_MODE_V1 specifies to use cgroupv1 for the cgroup configuration on the node image.
    • CGROUP_MODE_V2: CGROUP_MODE_V2 specifies to use cgroupv2 for the cgroup configuration on the node image.
    hugepagesConfig Property Map
    Amounts for 2M and 1G hugepages. Structure is documented below.
    sysctls Map<String>
    The Linux kernel parameters to be applied to the nodes and all pods running on the nodes. Specified as a map from the key, such as net.core.wmem_max, to a string value. Currently supported attributes can be found here. Note that validations happen all server side. All attributes are optional.

    ClusterNodePoolNodeConfigLinuxNodeConfigHugepagesConfig, ClusterNodePoolNodeConfigLinuxNodeConfigHugepagesConfigArgs

    HugepageSize1g int
    Amount of 1G hugepages.
    HugepageSize2m int
    Amount of 2M hugepages.
    HugepageSize1g int
    Amount of 1G hugepages.
    HugepageSize2m int
    Amount of 2M hugepages.
    hugepageSize1g Integer
    Amount of 1G hugepages.
    hugepageSize2m Integer
    Amount of 2M hugepages.
    hugepageSize1g number
    Amount of 1G hugepages.
    hugepageSize2m number
    Amount of 2M hugepages.
    hugepage_size1g int
    Amount of 1G hugepages.
    hugepage_size2m int
    Amount of 2M hugepages.
    hugepageSize1g Number
    Amount of 1G hugepages.
    hugepageSize2m Number
    Amount of 2M hugepages.

    ClusterNodePoolNodeConfigLocalNvmeSsdBlockConfig, ClusterNodePoolNodeConfigLocalNvmeSsdBlockConfigArgs

    LocalSsdCount int

    Number of raw-block local NVMe SSD disks to be attached to the node. Each local SSD is 375 GB in size. If zero, it means no raw-block local NVMe SSD disks to be attached to the node.

    Note: Local NVMe SSD storage available in GKE versions v1.25.3-gke.1800 and later.

    LocalSsdCount int

    Number of raw-block local NVMe SSD disks to be attached to the node. Each local SSD is 375 GB in size. If zero, it means no raw-block local NVMe SSD disks to be attached to the node.

    Note: Local NVMe SSD storage available in GKE versions v1.25.3-gke.1800 and later.

    localSsdCount Integer

    Number of raw-block local NVMe SSD disks to be attached to the node. Each local SSD is 375 GB in size. If zero, it means no raw-block local NVMe SSD disks to be attached to the node.

    Note: Local NVMe SSD storage available in GKE versions v1.25.3-gke.1800 and later.

    localSsdCount number

    Number of raw-block local NVMe SSD disks to be attached to the node. Each local SSD is 375 GB in size. If zero, it means no raw-block local NVMe SSD disks to be attached to the node.

    Note: Local NVMe SSD storage available in GKE versions v1.25.3-gke.1800 and later.

    local_ssd_count int

    Number of raw-block local NVMe SSD disks to be attached to the node. Each local SSD is 375 GB in size. If zero, it means no raw-block local NVMe SSD disks to be attached to the node.

    Note: Local NVMe SSD storage available in GKE versions v1.25.3-gke.1800 and later.

    localSsdCount Number

    Number of raw-block local NVMe SSD disks to be attached to the node. Each local SSD is 375 GB in size. If zero, it means no raw-block local NVMe SSD disks to be attached to the node.

    Note: Local NVMe SSD storage available in GKE versions v1.25.3-gke.1800 and later.

    ClusterNodePoolNodeConfigReservationAffinity, ClusterNodePoolNodeConfigReservationAffinityArgs

    ConsumeReservationType string
    The type of reservation consumption Accepted values are:

    • "UNSPECIFIED": Default value. This should not be used.
    • "NO_RESERVATION": Do not consume from any reserved capacity.
    • "ANY_RESERVATION": Consume any reservation available.
    • "SPECIFIC_RESERVATION": Must consume from a specific reservation. Must specify key value fields for specifying the reservations.
    Key string
    The label key of a reservation resource. To target a SPECIFIC_RESERVATION by name, specify "compute.googleapis.com/reservation-name" as the key and specify the name of your reservation as its value.
    Values List<string>
    The list of label values of reservation resources. For example: the name of the specific reservation when using a key of "compute.googleapis.com/reservation-name"
    ConsumeReservationType string
    The type of reservation consumption Accepted values are:

    • "UNSPECIFIED": Default value. This should not be used.
    • "NO_RESERVATION": Do not consume from any reserved capacity.
    • "ANY_RESERVATION": Consume any reservation available.
    • "SPECIFIC_RESERVATION": Must consume from a specific reservation. Must specify key value fields for specifying the reservations.
    Key string
    The label key of a reservation resource. To target a SPECIFIC_RESERVATION by name, specify "compute.googleapis.com/reservation-name" as the key and specify the name of your reservation as its value.
    Values []string
    The list of label values of reservation resources. For example: the name of the specific reservation when using a key of "compute.googleapis.com/reservation-name"
    consumeReservationType String
    The type of reservation consumption Accepted values are:

    • "UNSPECIFIED": Default value. This should not be used.
    • "NO_RESERVATION": Do not consume from any reserved capacity.
    • "ANY_RESERVATION": Consume any reservation available.
    • "SPECIFIC_RESERVATION": Must consume from a specific reservation. Must specify key value fields for specifying the reservations.
    key String
    The label key of a reservation resource. To target a SPECIFIC_RESERVATION by name, specify "compute.googleapis.com/reservation-name" as the key and specify the name of your reservation as its value.
    values List<String>
    The list of label values of reservation resources. For example: the name of the specific reservation when using a key of "compute.googleapis.com/reservation-name"
    consumeReservationType string
    The type of reservation consumption Accepted values are:

    • "UNSPECIFIED": Default value. This should not be used.
    • "NO_RESERVATION": Do not consume from any reserved capacity.
    • "ANY_RESERVATION": Consume any reservation available.
    • "SPECIFIC_RESERVATION": Must consume from a specific reservation. Must specify key value fields for specifying the reservations.
    key string
    The label key of a reservation resource. To target a SPECIFIC_RESERVATION by name, specify "compute.googleapis.com/reservation-name" as the key and specify the name of your reservation as its value.
    values string[]
    The list of label values of reservation resources. For example: the name of the specific reservation when using a key of "compute.googleapis.com/reservation-name"
    consume_reservation_type str
    The type of reservation consumption Accepted values are:

    • "UNSPECIFIED": Default value. This should not be used.
    • "NO_RESERVATION": Do not consume from any reserved capacity.
    • "ANY_RESERVATION": Consume any reservation available.
    • "SPECIFIC_RESERVATION": Must consume from a specific reservation. Must specify key value fields for specifying the reservations.
    key str
    The label key of a reservation resource. To target a SPECIFIC_RESERVATION by name, specify "compute.googleapis.com/reservation-name" as the key and specify the name of your reservation as its value.
    values Sequence[str]
    The list of label values of reservation resources. For example: the name of the specific reservation when using a key of "compute.googleapis.com/reservation-name"
    consumeReservationType String
    The type of reservation consumption Accepted values are:

    • "UNSPECIFIED": Default value. This should not be used.
    • "NO_RESERVATION": Do not consume from any reserved capacity.
    • "ANY_RESERVATION": Consume any reservation available.
    • "SPECIFIC_RESERVATION": Must consume from a specific reservation. Must specify key value fields for specifying the reservations.
    key String
    The label key of a reservation resource. To target a SPECIFIC_RESERVATION by name, specify "compute.googleapis.com/reservation-name" as the key and specify the name of your reservation as its value.
    values List<String>
    The list of label values of reservation resources. For example: the name of the specific reservation when using a key of "compute.googleapis.com/reservation-name"

    ClusterNodePoolNodeConfigSandboxConfig, ClusterNodePoolNodeConfigSandboxConfigArgs

    SandboxType string
    Which sandbox to use for pods in the node pool. Accepted values are:

    • "gvisor": Pods run within a gVisor sandbox.
    SandboxType string
    Which sandbox to use for pods in the node pool. Accepted values are:

    • "gvisor": Pods run within a gVisor sandbox.
    sandboxType String
    Which sandbox to use for pods in the node pool. Accepted values are:

    • "gvisor": Pods run within a gVisor sandbox.
    sandboxType string
    Which sandbox to use for pods in the node pool. Accepted values are:

    • "gvisor": Pods run within a gVisor sandbox.
    sandbox_type str
    Which sandbox to use for pods in the node pool. Accepted values are:

    • "gvisor": Pods run within a gVisor sandbox.
    sandboxType String
    Which sandbox to use for pods in the node pool. Accepted values are:

    • "gvisor": Pods run within a gVisor sandbox.

    ClusterNodePoolNodeConfigSecondaryBootDisk, ClusterNodePoolNodeConfigSecondaryBootDiskArgs

    DiskImage string
    Path to disk image to create the secondary boot disk from. After using the gke-disk-image-builder, this argument should be global/images/DISK_IMAGE_NAME.
    Mode string
    Mode for how the secondary boot disk is used. An example mode is CONTAINER_IMAGE_CACHE.
    DiskImage string
    Path to disk image to create the secondary boot disk from. After using the gke-disk-image-builder, this argument should be global/images/DISK_IMAGE_NAME.
    Mode string
    Mode for how the secondary boot disk is used. An example mode is CONTAINER_IMAGE_CACHE.
    diskImage String
    Path to disk image to create the secondary boot disk from. After using the gke-disk-image-builder, this argument should be global/images/DISK_IMAGE_NAME.
    mode String
    Mode for how the secondary boot disk is used. An example mode is CONTAINER_IMAGE_CACHE.
    diskImage string
    Path to disk image to create the secondary boot disk from. After using the gke-disk-image-builder, this argument should be global/images/DISK_IMAGE_NAME.
    mode string
    Mode for how the secondary boot disk is used. An example mode is CONTAINER_IMAGE_CACHE.
    disk_image str
    Path to disk image to create the secondary boot disk from. After using the gke-disk-image-builder, this argument should be global/images/DISK_IMAGE_NAME.
    mode str
    Mode for how the secondary boot disk is used. An example mode is CONTAINER_IMAGE_CACHE.
    diskImage String
    Path to disk image to create the secondary boot disk from. After using the gke-disk-image-builder, this argument should be global/images/DISK_IMAGE_NAME.
    mode String
    Mode for how the secondary boot disk is used. An example mode is CONTAINER_IMAGE_CACHE.

    ClusterNodePoolNodeConfigShieldedInstanceConfig, ClusterNodePoolNodeConfigShieldedInstanceConfigArgs

    EnableIntegrityMonitoring bool

    Defines if the instance has integrity monitoring enabled.

    Enables monitoring and attestation of the boot integrity of the instance. The attestation is performed against the integrity policy baseline. This baseline is initially derived from the implicitly trusted boot image when the instance is created. Defaults to true.

    EnableSecureBoot bool

    Defines if the instance has Secure Boot enabled.

    Secure Boot helps ensure that the system only runs authentic software by verifying the digital signature of all boot components, and halting the boot process if signature verification fails. Defaults to false.

    EnableIntegrityMonitoring bool

    Defines if the instance has integrity monitoring enabled.

    Enables monitoring and attestation of the boot integrity of the instance. The attestation is performed against the integrity policy baseline. This baseline is initially derived from the implicitly trusted boot image when the instance is created. Defaults to true.

    EnableSecureBoot bool

    Defines if the instance has Secure Boot enabled.

    Secure Boot helps ensure that the system only runs authentic software by verifying the digital signature of all boot components, and halting the boot process if signature verification fails. Defaults to false.

    enableIntegrityMonitoring Boolean

    Defines if the instance has integrity monitoring enabled.

    Enables monitoring and attestation of the boot integrity of the instance. The attestation is performed against the integrity policy baseline. This baseline is initially derived from the implicitly trusted boot image when the instance is created. Defaults to true.

    enableSecureBoot Boolean

    Defines if the instance has Secure Boot enabled.

    Secure Boot helps ensure that the system only runs authentic software by verifying the digital signature of all boot components, and halting the boot process if signature verification fails. Defaults to false.

    enableIntegrityMonitoring boolean

    Defines if the instance has integrity monitoring enabled.

    Enables monitoring and attestation of the boot integrity of the instance. The attestation is performed against the integrity policy baseline. This baseline is initially derived from the implicitly trusted boot image when the instance is created. Defaults to true.

    enableSecureBoot boolean

    Defines if the instance has Secure Boot enabled.

    Secure Boot helps ensure that the system only runs authentic software by verifying the digital signature of all boot components, and halting the boot process if signature verification fails. Defaults to false.

    enable_integrity_monitoring bool

    Defines if the instance has integrity monitoring enabled.

    Enables monitoring and attestation of the boot integrity of the instance. The attestation is performed against the integrity policy baseline. This baseline is initially derived from the implicitly trusted boot image when the instance is created. Defaults to true.

    enable_secure_boot bool

    Defines if the instance has Secure Boot enabled.

    Secure Boot helps ensure that the system only runs authentic software by verifying the digital signature of all boot components, and halting the boot process if signature verification fails. Defaults to false.

    enableIntegrityMonitoring Boolean

    Defines if the instance has integrity monitoring enabled.

    Enables monitoring and attestation of the boot integrity of the instance. The attestation is performed against the integrity policy baseline. This baseline is initially derived from the implicitly trusted boot image when the instance is created. Defaults to true.

    enableSecureBoot Boolean

    Defines if the instance has Secure Boot enabled.

    Secure Boot helps ensure that the system only runs authentic software by verifying the digital signature of all boot components, and halting the boot process if signature verification fails. Defaults to false.

    ClusterNodePoolNodeConfigSoleTenantConfig, ClusterNodePoolNodeConfigSoleTenantConfigArgs

    ClusterNodePoolNodeConfigSoleTenantConfigNodeAffinity, ClusterNodePoolNodeConfigSoleTenantConfigNodeAffinityArgs

    Key string
    The default or custom node affinity label key name.
    Operator string
    Specifies affinity or anti-affinity. Accepted values are "IN" or "NOT_IN"
    Values List<string>
    List of node affinity label values as strings.
    Key string
    The default or custom node affinity label key name.
    Operator string
    Specifies affinity or anti-affinity. Accepted values are "IN" or "NOT_IN"
    Values []string
    List of node affinity label values as strings.
    key String
    The default or custom node affinity label key name.
    operator String
    Specifies affinity or anti-affinity. Accepted values are "IN" or "NOT_IN"
    values List<String>
    List of node affinity label values as strings.
    key string
    The default or custom node affinity label key name.
    operator string
    Specifies affinity or anti-affinity. Accepted values are "IN" or "NOT_IN"
    values string[]
    List of node affinity label values as strings.
    key str
    The default or custom node affinity label key name.
    operator str
    Specifies affinity or anti-affinity. Accepted values are "IN" or "NOT_IN"
    values Sequence[str]
    List of node affinity label values as strings.
    key String
    The default or custom node affinity label key name.
    operator String
    Specifies affinity or anti-affinity. Accepted values are "IN" or "NOT_IN"
    values List<String>
    List of node affinity label values as strings.

    ClusterNodePoolNodeConfigTaint, ClusterNodePoolNodeConfigTaintArgs

    Effect string
    Effect for taint. Accepted values are NO_SCHEDULE, PREFER_NO_SCHEDULE, and NO_EXECUTE.
    Key string
    Key for taint.
    Value string
    Value for taint.
    Effect string
    Effect for taint. Accepted values are NO_SCHEDULE, PREFER_NO_SCHEDULE, and NO_EXECUTE.
    Key string
    Key for taint.
    Value string
    Value for taint.
    effect String
    Effect for taint. Accepted values are NO_SCHEDULE, PREFER_NO_SCHEDULE, and NO_EXECUTE.
    key String
    Key for taint.
    value String
    Value for taint.
    effect string
    Effect for taint. Accepted values are NO_SCHEDULE, PREFER_NO_SCHEDULE, and NO_EXECUTE.
    key string
    Key for taint.
    value string
    Value for taint.
    effect str
    Effect for taint. Accepted values are NO_SCHEDULE, PREFER_NO_SCHEDULE, and NO_EXECUTE.
    key str
    Key for taint.
    value str
    Value for taint.
    effect String
    Effect for taint. Accepted values are NO_SCHEDULE, PREFER_NO_SCHEDULE, and NO_EXECUTE.
    key String
    Key for taint.
    value String
    Value for taint.

    ClusterNodePoolNodeConfigWorkloadMetadataConfig, ClusterNodePoolNodeConfigWorkloadMetadataConfigArgs

    Mode string
    How to expose the node metadata to the workload running on the node. Accepted values are:

    • UNSPECIFIED: Not Set
    • GCE_METADATA: Expose all Compute Engine metadata to pods.
    • GKE_METADATA: Run the GKE Metadata Server on this node. The GKE Metadata Server exposes a metadata API to workloads that is compatible with the V1 Compute Metadata APIs exposed by the Compute Engine and App Engine Metadata Servers. This feature can only be enabled if workload identity is enabled at the cluster level.
    Mode string
    How to expose the node metadata to the workload running on the node. Accepted values are:

    • UNSPECIFIED: Not Set
    • GCE_METADATA: Expose all Compute Engine metadata to pods.
    • GKE_METADATA: Run the GKE Metadata Server on this node. The GKE Metadata Server exposes a metadata API to workloads that is compatible with the V1 Compute Metadata APIs exposed by the Compute Engine and App Engine Metadata Servers. This feature can only be enabled if workload identity is enabled at the cluster level.
    mode String
    How to expose the node metadata to the workload running on the node. Accepted values are:

    • UNSPECIFIED: Not Set
    • GCE_METADATA: Expose all Compute Engine metadata to pods.
    • GKE_METADATA: Run the GKE Metadata Server on this node. The GKE Metadata Server exposes a metadata API to workloads that is compatible with the V1 Compute Metadata APIs exposed by the Compute Engine and App Engine Metadata Servers. This feature can only be enabled if workload identity is enabled at the cluster level.
    mode string
    How to expose the node metadata to the workload running on the node. Accepted values are:

    • UNSPECIFIED: Not Set
    • GCE_METADATA: Expose all Compute Engine metadata to pods.
    • GKE_METADATA: Run the GKE Metadata Server on this node. The GKE Metadata Server exposes a metadata API to workloads that is compatible with the V1 Compute Metadata APIs exposed by the Compute Engine and App Engine Metadata Servers. This feature can only be enabled if workload identity is enabled at the cluster level.
    mode str
    How to expose the node metadata to the workload running on the node. Accepted values are:

    • UNSPECIFIED: Not Set
    • GCE_METADATA: Expose all Compute Engine metadata to pods.
    • GKE_METADATA: Run the GKE Metadata Server on this node. The GKE Metadata Server exposes a metadata API to workloads that is compatible with the V1 Compute Metadata APIs exposed by the Compute Engine and App Engine Metadata Servers. This feature can only be enabled if workload identity is enabled at the cluster level.
    mode String
    How to expose the node metadata to the workload running on the node. Accepted values are:

    • UNSPECIFIED: Not Set
    • GCE_METADATA: Expose all Compute Engine metadata to pods.
    • GKE_METADATA: Run the GKE Metadata Server on this node. The GKE Metadata Server exposes a metadata API to workloads that is compatible with the V1 Compute Metadata APIs exposed by the Compute Engine and App Engine Metadata Servers. This feature can only be enabled if workload identity is enabled at the cluster level.

    ClusterNodePoolPlacementPolicy, ClusterNodePoolPlacementPolicyArgs

    Type string
    Telemetry integration for the cluster. Supported values (ENABLED, DISABLED, SYSTEM_ONLY); SYSTEM_ONLY (Only system components are monitored and logged) is only available in GKE versions 1.15 and later.
    PolicyName string
    If set, refers to the name of a custom resource policy supplied by the user. The resource policy must be in the same project and region as the node pool. If not found, InvalidArgument error is returned.
    TpuTopology string
    TPU placement topology for pod slice node pool. https://cloud.google.com/tpu/docs/types-topologies#tpu_topologies
    Type string
    Telemetry integration for the cluster. Supported values (ENABLED, DISABLED, SYSTEM_ONLY); SYSTEM_ONLY (Only system components are monitored and logged) is only available in GKE versions 1.15 and later.
    PolicyName string
    If set, refers to the name of a custom resource policy supplied by the user. The resource policy must be in the same project and region as the node pool. If not found, InvalidArgument error is returned.
    TpuTopology string
    TPU placement topology for pod slice node pool. https://cloud.google.com/tpu/docs/types-topologies#tpu_topologies
    type String
    Telemetry integration for the cluster. Supported values (ENABLED, DISABLED, SYSTEM_ONLY); SYSTEM_ONLY (Only system components are monitored and logged) is only available in GKE versions 1.15 and later.
    policyName String
    If set, refers to the name of a custom resource policy supplied by the user. The resource policy must be in the same project and region as the node pool. If not found, InvalidArgument error is returned.
    tpuTopology String
    TPU placement topology for pod slice node pool. https://cloud.google.com/tpu/docs/types-topologies#tpu_topologies
    type string
    Telemetry integration for the cluster. Supported values (ENABLED, DISABLED, SYSTEM_ONLY); SYSTEM_ONLY (Only system components are monitored and logged) is only available in GKE versions 1.15 and later.
    policyName string
    If set, refers to the name of a custom resource policy supplied by the user. The resource policy must be in the same project and region as the node pool. If not found, InvalidArgument error is returned.
    tpuTopology string
    TPU placement topology for pod slice node pool. https://cloud.google.com/tpu/docs/types-topologies#tpu_topologies
    type str
    Telemetry integration for the cluster. Supported values (ENABLED, DISABLED, SYSTEM_ONLY); SYSTEM_ONLY (Only system components are monitored and logged) is only available in GKE versions 1.15 and later.
    policy_name str
    If set, refers to the name of a custom resource policy supplied by the user. The resource policy must be in the same project and region as the node pool. If not found, InvalidArgument error is returned.
    tpu_topology str
    TPU placement topology for pod slice node pool. https://cloud.google.com/tpu/docs/types-topologies#tpu_topologies
    type String
    Telemetry integration for the cluster. Supported values (ENABLED, DISABLED, SYSTEM_ONLY); SYSTEM_ONLY (Only system components are monitored and logged) is only available in GKE versions 1.15 and later.
    policyName String
    If set, refers to the name of a custom resource policy supplied by the user. The resource policy must be in the same project and region as the node pool. If not found, InvalidArgument error is returned.
    tpuTopology String
    TPU placement topology for pod slice node pool. https://cloud.google.com/tpu/docs/types-topologies#tpu_topologies

    ClusterNodePoolQueuedProvisioning, ClusterNodePoolQueuedProvisioningArgs

    Enabled bool
    Whether nodes in this node pool are obtainable solely through the ProvisioningRequest API
    Enabled bool
    Whether nodes in this node pool are obtainable solely through the ProvisioningRequest API
    enabled Boolean
    Whether nodes in this node pool are obtainable solely through the ProvisioningRequest API
    enabled boolean
    Whether nodes in this node pool are obtainable solely through the ProvisioningRequest API
    enabled bool
    Whether nodes in this node pool are obtainable solely through the ProvisioningRequest API
    enabled Boolean
    Whether nodes in this node pool are obtainable solely through the ProvisioningRequest API

    ClusterNodePoolUpgradeSettings, ClusterNodePoolUpgradeSettingsArgs

    BlueGreenSettings ClusterNodePoolUpgradeSettingsBlueGreenSettings
    Settings for blue-green upgrade strategy. To be specified when strategy is set to BLUE_GREEN. Structure is documented below.
    MaxSurge int
    The maximum number of nodes that can be created beyond the current size of the node pool during the upgrade process. To be used when strategy is set to SURGE. Default is 0.
    MaxUnavailable int
    The maximum number of nodes that can be simultaneously unavailable during the upgrade process. To be used when strategy is set to SURGE. Default is 0.
    Strategy string
    Strategy used for node pool update. Strategy can only be one of BLUE_GREEN or SURGE. The default is value is SURGE.
    BlueGreenSettings ClusterNodePoolUpgradeSettingsBlueGreenSettings
    Settings for blue-green upgrade strategy. To be specified when strategy is set to BLUE_GREEN. Structure is documented below.
    MaxSurge int
    The maximum number of nodes that can be created beyond the current size of the node pool during the upgrade process. To be used when strategy is set to SURGE. Default is 0.
    MaxUnavailable int
    The maximum number of nodes that can be simultaneously unavailable during the upgrade process. To be used when strategy is set to SURGE. Default is 0.
    Strategy string
    Strategy used for node pool update. Strategy can only be one of BLUE_GREEN or SURGE. The default is value is SURGE.
    blueGreenSettings ClusterNodePoolUpgradeSettingsBlueGreenSettings
    Settings for blue-green upgrade strategy. To be specified when strategy is set to BLUE_GREEN. Structure is documented below.
    maxSurge Integer
    The maximum number of nodes that can be created beyond the current size of the node pool during the upgrade process. To be used when strategy is set to SURGE. Default is 0.
    maxUnavailable Integer
    The maximum number of nodes that can be simultaneously unavailable during the upgrade process. To be used when strategy is set to SURGE. Default is 0.
    strategy String
    Strategy used for node pool update. Strategy can only be one of BLUE_GREEN or SURGE. The default is value is SURGE.
    blueGreenSettings ClusterNodePoolUpgradeSettingsBlueGreenSettings
    Settings for blue-green upgrade strategy. To be specified when strategy is set to BLUE_GREEN. Structure is documented below.
    maxSurge number
    The maximum number of nodes that can be created beyond the current size of the node pool during the upgrade process. To be used when strategy is set to SURGE. Default is 0.
    maxUnavailable number
    The maximum number of nodes that can be simultaneously unavailable during the upgrade process. To be used when strategy is set to SURGE. Default is 0.
    strategy string
    Strategy used for node pool update. Strategy can only be one of BLUE_GREEN or SURGE. The default is value is SURGE.
    blue_green_settings ClusterNodePoolUpgradeSettingsBlueGreenSettings
    Settings for blue-green upgrade strategy. To be specified when strategy is set to BLUE_GREEN. Structure is documented below.
    max_surge int
    The maximum number of nodes that can be created beyond the current size of the node pool during the upgrade process. To be used when strategy is set to SURGE. Default is 0.
    max_unavailable int
    The maximum number of nodes that can be simultaneously unavailable during the upgrade process. To be used when strategy is set to SURGE. Default is 0.
    strategy str
    Strategy used for node pool update. Strategy can only be one of BLUE_GREEN or SURGE. The default is value is SURGE.
    blueGreenSettings Property Map
    Settings for blue-green upgrade strategy. To be specified when strategy is set to BLUE_GREEN. Structure is documented below.
    maxSurge Number
    The maximum number of nodes that can be created beyond the current size of the node pool during the upgrade process. To be used when strategy is set to SURGE. Default is 0.
    maxUnavailable Number
    The maximum number of nodes that can be simultaneously unavailable during the upgrade process. To be used when strategy is set to SURGE. Default is 0.
    strategy String
    Strategy used for node pool update. Strategy can only be one of BLUE_GREEN or SURGE. The default is value is SURGE.

    ClusterNodePoolUpgradeSettingsBlueGreenSettings, ClusterNodePoolUpgradeSettingsBlueGreenSettingsArgs

    StandardRolloutPolicy ClusterNodePoolUpgradeSettingsBlueGreenSettingsStandardRolloutPolicy
    Standard policy for the blue-green upgrade. To be specified when strategy is set to BLUE_GREEN. Structure is documented below.
    NodePoolSoakDuration string
    Time needed after draining entire blue pool. After this period, blue pool will be cleaned up. A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s".
    StandardRolloutPolicy ClusterNodePoolUpgradeSettingsBlueGreenSettingsStandardRolloutPolicy
    Standard policy for the blue-green upgrade. To be specified when strategy is set to BLUE_GREEN. Structure is documented below.
    NodePoolSoakDuration string
    Time needed after draining entire blue pool. After this period, blue pool will be cleaned up. A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s".
    standardRolloutPolicy ClusterNodePoolUpgradeSettingsBlueGreenSettingsStandardRolloutPolicy
    Standard policy for the blue-green upgrade. To be specified when strategy is set to BLUE_GREEN. Structure is documented below.
    nodePoolSoakDuration String
    Time needed after draining entire blue pool. After this period, blue pool will be cleaned up. A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s".
    standardRolloutPolicy ClusterNodePoolUpgradeSettingsBlueGreenSettingsStandardRolloutPolicy
    Standard policy for the blue-green upgrade. To be specified when strategy is set to BLUE_GREEN. Structure is documented below.
    nodePoolSoakDuration string
    Time needed after draining entire blue pool. After this period, blue pool will be cleaned up. A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s".
    standard_rollout_policy ClusterNodePoolUpgradeSettingsBlueGreenSettingsStandardRolloutPolicy
    Standard policy for the blue-green upgrade. To be specified when strategy is set to BLUE_GREEN. Structure is documented below.
    node_pool_soak_duration str
    Time needed after draining entire blue pool. After this period, blue pool will be cleaned up. A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s".
    standardRolloutPolicy Property Map
    Standard policy for the blue-green upgrade. To be specified when strategy is set to BLUE_GREEN. Structure is documented below.
    nodePoolSoakDuration String
    Time needed after draining entire blue pool. After this period, blue pool will be cleaned up. A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s".

    ClusterNodePoolUpgradeSettingsBlueGreenSettingsStandardRolloutPolicy, ClusterNodePoolUpgradeSettingsBlueGreenSettingsStandardRolloutPolicyArgs

    BatchNodeCount int
    Number of blue nodes to drain in a batch. Only one of the batch_percentage or batch_node_count can be specified.
    BatchPercentage double
    Percentage of the bool pool nodes to drain in a batch. The range of this field should be (0.0, 1.0). Only one of the batch_percentage or batch_node_count can be specified.
    BatchSoakDuration string
    Soak time after each batch gets drained. A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s".`.
    BatchNodeCount int
    Number of blue nodes to drain in a batch. Only one of the batch_percentage or batch_node_count can be specified.
    BatchPercentage float64
    Percentage of the bool pool nodes to drain in a batch. The range of this field should be (0.0, 1.0). Only one of the batch_percentage or batch_node_count can be specified.
    BatchSoakDuration string
    Soak time after each batch gets drained. A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s".`.
    batchNodeCount Integer
    Number of blue nodes to drain in a batch. Only one of the batch_percentage or batch_node_count can be specified.
    batchPercentage Double
    Percentage of the bool pool nodes to drain in a batch. The range of this field should be (0.0, 1.0). Only one of the batch_percentage or batch_node_count can be specified.
    batchSoakDuration String
    Soak time after each batch gets drained. A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s".`.
    batchNodeCount number
    Number of blue nodes to drain in a batch. Only one of the batch_percentage or batch_node_count can be specified.
    batchPercentage number
    Percentage of the bool pool nodes to drain in a batch. The range of this field should be (0.0, 1.0). Only one of the batch_percentage or batch_node_count can be specified.
    batchSoakDuration string
    Soak time after each batch gets drained. A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s".`.
    batch_node_count int
    Number of blue nodes to drain in a batch. Only one of the batch_percentage or batch_node_count can be specified.
    batch_percentage float
    Percentage of the bool pool nodes to drain in a batch. The range of this field should be (0.0, 1.0). Only one of the batch_percentage or batch_node_count can be specified.
    batch_soak_duration str
    Soak time after each batch gets drained. A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s".`.
    batchNodeCount Number
    Number of blue nodes to drain in a batch. Only one of the batch_percentage or batch_node_count can be specified.
    batchPercentage Number
    Percentage of the bool pool nodes to drain in a batch. The range of this field should be (0.0, 1.0). Only one of the batch_percentage or batch_node_count can be specified.
    batchSoakDuration String
    Soak time after each batch gets drained. A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s".`.

    ClusterNotificationConfig, ClusterNotificationConfigArgs

    Pubsub ClusterNotificationConfigPubsub
    The pubsub config for the cluster's upgrade notifications.
    Pubsub ClusterNotificationConfigPubsub
    The pubsub config for the cluster's upgrade notifications.
    pubsub ClusterNotificationConfigPubsub
    The pubsub config for the cluster's upgrade notifications.
    pubsub ClusterNotificationConfigPubsub
    The pubsub config for the cluster's upgrade notifications.
    pubsub ClusterNotificationConfigPubsub
    The pubsub config for the cluster's upgrade notifications.
    pubsub Property Map
    The pubsub config for the cluster's upgrade notifications.

    ClusterNotificationConfigPubsub, ClusterNotificationConfigPubsubArgs

    Enabled bool
    Whether or not the notification config is enabled
    Filter ClusterNotificationConfigPubsubFilter
    Choose what type of notifications you want to receive. If no filters are applied, you'll receive all notification types. Structure is documented below.
    Topic string
    The pubsub topic to push upgrade notifications to. Must be in the same project as the cluster. Must be in the format: projects/{project}/topics/{topic}.
    Enabled bool
    Whether or not the notification config is enabled
    Filter ClusterNotificationConfigPubsubFilter
    Choose what type of notifications you want to receive. If no filters are applied, you'll receive all notification types. Structure is documented below.
    Topic string
    The pubsub topic to push upgrade notifications to. Must be in the same project as the cluster. Must be in the format: projects/{project}/topics/{topic}.
    enabled Boolean
    Whether or not the notification config is enabled
    filter ClusterNotificationConfigPubsubFilter
    Choose what type of notifications you want to receive. If no filters are applied, you'll receive all notification types. Structure is documented below.
    topic String
    The pubsub topic to push upgrade notifications to. Must be in the same project as the cluster. Must be in the format: projects/{project}/topics/{topic}.
    enabled boolean
    Whether or not the notification config is enabled
    filter ClusterNotificationConfigPubsubFilter
    Choose what type of notifications you want to receive. If no filters are applied, you'll receive all notification types. Structure is documented below.
    topic string
    The pubsub topic to push upgrade notifications to. Must be in the same project as the cluster. Must be in the format: projects/{project}/topics/{topic}.
    enabled bool
    Whether or not the notification config is enabled
    filter ClusterNotificationConfigPubsubFilter
    Choose what type of notifications you want to receive. If no filters are applied, you'll receive all notification types. Structure is documented below.
    topic str
    The pubsub topic to push upgrade notifications to. Must be in the same project as the cluster. Must be in the format: projects/{project}/topics/{topic}.
    enabled Boolean
    Whether or not the notification config is enabled
    filter Property Map
    Choose what type of notifications you want to receive. If no filters are applied, you'll receive all notification types. Structure is documented below.
    topic String
    The pubsub topic to push upgrade notifications to. Must be in the same project as the cluster. Must be in the format: projects/{project}/topics/{topic}.

    ClusterNotificationConfigPubsubFilter, ClusterNotificationConfigPubsubFilterArgs

    EventTypes List<string>
    Can be used to filter what notifications are sent. Accepted values are UPGRADE_AVAILABLE_EVENT, UPGRADE_EVENT and SECURITY_BULLETIN_EVENT. See Filtering notifications for more details.
    EventTypes []string
    Can be used to filter what notifications are sent. Accepted values are UPGRADE_AVAILABLE_EVENT, UPGRADE_EVENT and SECURITY_BULLETIN_EVENT. See Filtering notifications for more details.
    eventTypes List<String>
    Can be used to filter what notifications are sent. Accepted values are UPGRADE_AVAILABLE_EVENT, UPGRADE_EVENT and SECURITY_BULLETIN_EVENT. See Filtering notifications for more details.
    eventTypes string[]
    Can be used to filter what notifications are sent. Accepted values are UPGRADE_AVAILABLE_EVENT, UPGRADE_EVENT and SECURITY_BULLETIN_EVENT. See Filtering notifications for more details.
    event_types Sequence[str]
    Can be used to filter what notifications are sent. Accepted values are UPGRADE_AVAILABLE_EVENT, UPGRADE_EVENT and SECURITY_BULLETIN_EVENT. See Filtering notifications for more details.
    eventTypes List<String>
    Can be used to filter what notifications are sent. Accepted values are UPGRADE_AVAILABLE_EVENT, UPGRADE_EVENT and SECURITY_BULLETIN_EVENT. See Filtering notifications for more details.

    ClusterPodSecurityPolicyConfig, ClusterPodSecurityPolicyConfigArgs

    Enabled bool
    Enable the PodSecurityPolicy controller for this cluster. If enabled, pods must be valid under a PodSecurityPolicy to be created.
    Enabled bool
    Enable the PodSecurityPolicy controller for this cluster. If enabled, pods must be valid under a PodSecurityPolicy to be created.
    enabled Boolean
    Enable the PodSecurityPolicy controller for this cluster. If enabled, pods must be valid under a PodSecurityPolicy to be created.
    enabled boolean
    Enable the PodSecurityPolicy controller for this cluster. If enabled, pods must be valid under a PodSecurityPolicy to be created.
    enabled bool
    Enable the PodSecurityPolicy controller for this cluster. If enabled, pods must be valid under a PodSecurityPolicy to be created.
    enabled Boolean
    Enable the PodSecurityPolicy controller for this cluster. If enabled, pods must be valid under a PodSecurityPolicy to be created.

    ClusterPrivateClusterConfig, ClusterPrivateClusterConfigArgs

    EnablePrivateEndpoint bool
    When true, the cluster's private endpoint is used as the cluster endpoint and access through the public endpoint is disabled. When false, either endpoint can be used. This field only applies to private clusters, when enable_private_nodes is true.
    EnablePrivateNodes bool
    Enables the private cluster feature, creating a private endpoint on the cluster. In a private cluster, nodes only have RFC 1918 private addresses and communicate with the master's private endpoint via private networking.
    MasterGlobalAccessConfig ClusterPrivateClusterConfigMasterGlobalAccessConfig
    Controls cluster master global access settings. If unset, the provider will no longer manage this field and will not modify the previously-set value. Structure is documented below.
    MasterIpv4CidrBlock string
    The IP range in CIDR notation to use for the hosted master network. This range will be used for assigning private IP addresses to the cluster master(s) and the ILB VIP. This range must not overlap with any other ranges in use within the cluster's network, and it must be a /28 subnet. See Private Cluster Limitations for more details. This field only applies to private clusters, when enable_private_nodes is true.
    PeeringName string
    The name of the peering between this cluster and the Google owned VPC.
    PrivateEndpoint string
    The internal IP address of this cluster's master endpoint.
    PrivateEndpointSubnetwork string
    Subnetwork in cluster's network where master's endpoint will be provisioned.
    PublicEndpoint string

    The external IP address of this cluster's master endpoint.

    !> The Google provider is unable to validate certain configurations of private_cluster_config when enable_private_nodes is false. It's recommended that you omit the block entirely if the field is not set to true.

    EnablePrivateEndpoint bool
    When true, the cluster's private endpoint is used as the cluster endpoint and access through the public endpoint is disabled. When false, either endpoint can be used. This field only applies to private clusters, when enable_private_nodes is true.
    EnablePrivateNodes bool
    Enables the private cluster feature, creating a private endpoint on the cluster. In a private cluster, nodes only have RFC 1918 private addresses and communicate with the master's private endpoint via private networking.
    MasterGlobalAccessConfig ClusterPrivateClusterConfigMasterGlobalAccessConfig
    Controls cluster master global access settings. If unset, the provider will no longer manage this field and will not modify the previously-set value. Structure is documented below.
    MasterIpv4CidrBlock string
    The IP range in CIDR notation to use for the hosted master network. This range will be used for assigning private IP addresses to the cluster master(s) and the ILB VIP. This range must not overlap with any other ranges in use within the cluster's network, and it must be a /28 subnet. See Private Cluster Limitations for more details. This field only applies to private clusters, when enable_private_nodes is true.
    PeeringName string
    The name of the peering between this cluster and the Google owned VPC.
    PrivateEndpoint string
    The internal IP address of this cluster's master endpoint.
    PrivateEndpointSubnetwork string
    Subnetwork in cluster's network where master's endpoint will be provisioned.
    PublicEndpoint string

    The external IP address of this cluster's master endpoint.

    !> The Google provider is unable to validate certain configurations of private_cluster_config when enable_private_nodes is false. It's recommended that you omit the block entirely if the field is not set to true.

    enablePrivateEndpoint Boolean
    When true, the cluster's private endpoint is used as the cluster endpoint and access through the public endpoint is disabled. When false, either endpoint can be used. This field only applies to private clusters, when enable_private_nodes is true.
    enablePrivateNodes Boolean
    Enables the private cluster feature, creating a private endpoint on the cluster. In a private cluster, nodes only have RFC 1918 private addresses and communicate with the master's private endpoint via private networking.
    masterGlobalAccessConfig ClusterPrivateClusterConfigMasterGlobalAccessConfig
    Controls cluster master global access settings. If unset, the provider will no longer manage this field and will not modify the previously-set value. Structure is documented below.
    masterIpv4CidrBlock String
    The IP range in CIDR notation to use for the hosted master network. This range will be used for assigning private IP addresses to the cluster master(s) and the ILB VIP. This range must not overlap with any other ranges in use within the cluster's network, and it must be a /28 subnet. See Private Cluster Limitations for more details. This field only applies to private clusters, when enable_private_nodes is true.
    peeringName String
    The name of the peering between this cluster and the Google owned VPC.
    privateEndpoint String
    The internal IP address of this cluster's master endpoint.
    privateEndpointSubnetwork String
    Subnetwork in cluster's network where master's endpoint will be provisioned.
    publicEndpoint String

    The external IP address of this cluster's master endpoint.

    !> The Google provider is unable to validate certain configurations of private_cluster_config when enable_private_nodes is false. It's recommended that you omit the block entirely if the field is not set to true.

    enablePrivateEndpoint boolean
    When true, the cluster's private endpoint is used as the cluster endpoint and access through the public endpoint is disabled. When false, either endpoint can be used. This field only applies to private clusters, when enable_private_nodes is true.
    enablePrivateNodes boolean
    Enables the private cluster feature, creating a private endpoint on the cluster. In a private cluster, nodes only have RFC 1918 private addresses and communicate with the master's private endpoint via private networking.
    masterGlobalAccessConfig ClusterPrivateClusterConfigMasterGlobalAccessConfig
    Controls cluster master global access settings. If unset, the provider will no longer manage this field and will not modify the previously-set value. Structure is documented below.
    masterIpv4CidrBlock string
    The IP range in CIDR notation to use for the hosted master network. This range will be used for assigning private IP addresses to the cluster master(s) and the ILB VIP. This range must not overlap with any other ranges in use within the cluster's network, and it must be a /28 subnet. See Private Cluster Limitations for more details. This field only applies to private clusters, when enable_private_nodes is true.
    peeringName string
    The name of the peering between this cluster and the Google owned VPC.
    privateEndpoint string
    The internal IP address of this cluster's master endpoint.
    privateEndpointSubnetwork string
    Subnetwork in cluster's network where master's endpoint will be provisioned.
    publicEndpoint string

    The external IP address of this cluster's master endpoint.

    !> The Google provider is unable to validate certain configurations of private_cluster_config when enable_private_nodes is false. It's recommended that you omit the block entirely if the field is not set to true.

    enable_private_endpoint bool
    When true, the cluster's private endpoint is used as the cluster endpoint and access through the public endpoint is disabled. When false, either endpoint can be used. This field only applies to private clusters, when enable_private_nodes is true.
    enable_private_nodes bool
    Enables the private cluster feature, creating a private endpoint on the cluster. In a private cluster, nodes only have RFC 1918 private addresses and communicate with the master's private endpoint via private networking.
    master_global_access_config ClusterPrivateClusterConfigMasterGlobalAccessConfig
    Controls cluster master global access settings. If unset, the provider will no longer manage this field and will not modify the previously-set value. Structure is documented below.
    master_ipv4_cidr_block str
    The IP range in CIDR notation to use for the hosted master network. This range will be used for assigning private IP addresses to the cluster master(s) and the ILB VIP. This range must not overlap with any other ranges in use within the cluster's network, and it must be a /28 subnet. See Private Cluster Limitations for more details. This field only applies to private clusters, when enable_private_nodes is true.
    peering_name str
    The name of the peering between this cluster and the Google owned VPC.
    private_endpoint str
    The internal IP address of this cluster's master endpoint.
    private_endpoint_subnetwork str
    Subnetwork in cluster's network where master's endpoint will be provisioned.
    public_endpoint str

    The external IP address of this cluster's master endpoint.

    !> The Google provider is unable to validate certain configurations of private_cluster_config when enable_private_nodes is false. It's recommended that you omit the block entirely if the field is not set to true.

    enablePrivateEndpoint Boolean
    When true, the cluster's private endpoint is used as the cluster endpoint and access through the public endpoint is disabled. When false, either endpoint can be used. This field only applies to private clusters, when enable_private_nodes is true.
    enablePrivateNodes Boolean
    Enables the private cluster feature, creating a private endpoint on the cluster. In a private cluster, nodes only have RFC 1918 private addresses and communicate with the master's private endpoint via private networking.
    masterGlobalAccessConfig Property Map
    Controls cluster master global access settings. If unset, the provider will no longer manage this field and will not modify the previously-set value. Structure is documented below.
    masterIpv4CidrBlock String
    The IP range in CIDR notation to use for the hosted master network. This range will be used for assigning private IP addresses to the cluster master(s) and the ILB VIP. This range must not overlap with any other ranges in use within the cluster's network, and it must be a /28 subnet. See Private Cluster Limitations for more details. This field only applies to private clusters, when enable_private_nodes is true.
    peeringName String
    The name of the peering between this cluster and the Google owned VPC.
    privateEndpoint String
    The internal IP address of this cluster's master endpoint.
    privateEndpointSubnetwork String
    Subnetwork in cluster's network where master's endpoint will be provisioned.
    publicEndpoint String

    The external IP address of this cluster's master endpoint.

    !> The Google provider is unable to validate certain configurations of private_cluster_config when enable_private_nodes is false. It's recommended that you omit the block entirely if the field is not set to true.

    ClusterPrivateClusterConfigMasterGlobalAccessConfig, ClusterPrivateClusterConfigMasterGlobalAccessConfigArgs

    Enabled bool
    Whether the cluster master is accessible globally or not.
    Enabled bool
    Whether the cluster master is accessible globally or not.
    enabled Boolean
    Whether the cluster master is accessible globally or not.
    enabled boolean
    Whether the cluster master is accessible globally or not.
    enabled bool
    Whether the cluster master is accessible globally or not.
    enabled Boolean
    Whether the cluster master is accessible globally or not.

    ClusterProtectConfig, ClusterProtectConfigArgs

    WorkloadConfig ClusterProtectConfigWorkloadConfig
    WorkloadConfig defines which actions are enabled for a cluster's workload configurations. Structure is documented below
    WorkloadVulnerabilityMode string
    Sets which mode to use for Protect workload vulnerability scanning feature. Accepted values are DISABLED, BASIC.
    WorkloadConfig ClusterProtectConfigWorkloadConfig
    WorkloadConfig defines which actions are enabled for a cluster's workload configurations. Structure is documented below
    WorkloadVulnerabilityMode string
    Sets which mode to use for Protect workload vulnerability scanning feature. Accepted values are DISABLED, BASIC.
    workloadConfig ClusterProtectConfigWorkloadConfig
    WorkloadConfig defines which actions are enabled for a cluster's workload configurations. Structure is documented below
    workloadVulnerabilityMode String
    Sets which mode to use for Protect workload vulnerability scanning feature. Accepted values are DISABLED, BASIC.
    workloadConfig ClusterProtectConfigWorkloadConfig
    WorkloadConfig defines which actions are enabled for a cluster's workload configurations. Structure is documented below
    workloadVulnerabilityMode string
    Sets which mode to use for Protect workload vulnerability scanning feature. Accepted values are DISABLED, BASIC.
    workload_config ClusterProtectConfigWorkloadConfig
    WorkloadConfig defines which actions are enabled for a cluster's workload configurations. Structure is documented below
    workload_vulnerability_mode str
    Sets which mode to use for Protect workload vulnerability scanning feature. Accepted values are DISABLED, BASIC.
    workloadConfig Property Map
    WorkloadConfig defines which actions are enabled for a cluster's workload configurations. Structure is documented below
    workloadVulnerabilityMode String
    Sets which mode to use for Protect workload vulnerability scanning feature. Accepted values are DISABLED, BASIC.

    ClusterProtectConfigWorkloadConfig, ClusterProtectConfigWorkloadConfigArgs

    AuditMode string
    Sets which mode of auditing should be used for the cluster's workloads. Accepted values are DISABLED, BASIC.
    AuditMode string
    Sets which mode of auditing should be used for the cluster's workloads. Accepted values are DISABLED, BASIC.
    auditMode String
    Sets which mode of auditing should be used for the cluster's workloads. Accepted values are DISABLED, BASIC.
    auditMode string
    Sets which mode of auditing should be used for the cluster's workloads. Accepted values are DISABLED, BASIC.
    audit_mode str
    Sets which mode of auditing should be used for the cluster's workloads. Accepted values are DISABLED, BASIC.
    auditMode String
    Sets which mode of auditing should be used for the cluster's workloads. Accepted values are DISABLED, BASIC.

    ClusterReleaseChannel, ClusterReleaseChannelArgs

    Channel string
    The selected release channel. Accepted values are:

    • UNSPECIFIED: Not set.
    • RAPID: Weekly upgrade cadence; Early testers and developers who requires new features.
    • REGULAR: Multiple per month upgrade cadence; Production users who need features not yet offered in the Stable channel.
    • STABLE: Every few months upgrade cadence; Production users who need stability above all else, and for whom frequent upgrades are too risky.
    • EXTENDED: GKE provides extended support for Kubernetes minor versions through the Extended channel. With this channel, you can stay on a minor version for up to 24 months.
    Channel string
    The selected release channel. Accepted values are:

    • UNSPECIFIED: Not set.
    • RAPID: Weekly upgrade cadence; Early testers and developers who requires new features.
    • REGULAR: Multiple per month upgrade cadence; Production users who need features not yet offered in the Stable channel.
    • STABLE: Every few months upgrade cadence; Production users who need stability above all else, and for whom frequent upgrades are too risky.
    • EXTENDED: GKE provides extended support for Kubernetes minor versions through the Extended channel. With this channel, you can stay on a minor version for up to 24 months.
    channel String
    The selected release channel. Accepted values are:

    • UNSPECIFIED: Not set.
    • RAPID: Weekly upgrade cadence; Early testers and developers who requires new features.
    • REGULAR: Multiple per month upgrade cadence; Production users who need features not yet offered in the Stable channel.
    • STABLE: Every few months upgrade cadence; Production users who need stability above all else, and for whom frequent upgrades are too risky.
    • EXTENDED: GKE provides extended support for Kubernetes minor versions through the Extended channel. With this channel, you can stay on a minor version for up to 24 months.
    channel string
    The selected release channel. Accepted values are:

    • UNSPECIFIED: Not set.
    • RAPID: Weekly upgrade cadence; Early testers and developers who requires new features.
    • REGULAR: Multiple per month upgrade cadence; Production users who need features not yet offered in the Stable channel.
    • STABLE: Every few months upgrade cadence; Production users who need stability above all else, and for whom frequent upgrades are too risky.
    • EXTENDED: GKE provides extended support for Kubernetes minor versions through the Extended channel. With this channel, you can stay on a minor version for up to 24 months.
    channel str
    The selected release channel. Accepted values are:

    • UNSPECIFIED: Not set.
    • RAPID: Weekly upgrade cadence; Early testers and developers who requires new features.
    • REGULAR: Multiple per month upgrade cadence; Production users who need features not yet offered in the Stable channel.
    • STABLE: Every few months upgrade cadence; Production users who need stability above all else, and for whom frequent upgrades are too risky.
    • EXTENDED: GKE provides extended support for Kubernetes minor versions through the Extended channel. With this channel, you can stay on a minor version for up to 24 months.
    channel String
    The selected release channel. Accepted values are:

    • UNSPECIFIED: Not set.
    • RAPID: Weekly upgrade cadence; Early testers and developers who requires new features.
    • REGULAR: Multiple per month upgrade cadence; Production users who need features not yet offered in the Stable channel.
    • STABLE: Every few months upgrade cadence; Production users who need stability above all else, and for whom frequent upgrades are too risky.
    • EXTENDED: GKE provides extended support for Kubernetes minor versions through the Extended channel. With this channel, you can stay on a minor version for up to 24 months.

    ClusterResourceUsageExportConfig, ClusterResourceUsageExportConfigArgs

    BigqueryDestination ClusterResourceUsageExportConfigBigqueryDestination
    Parameters for using BigQuery as the destination of resource usage export.

    • bigquery_destination.dataset_id (Required) - The ID of a BigQuery Dataset. For Example:
    EnableNetworkEgressMetering bool
    Whether to enable network egress metering for this cluster. If enabled, a daemonset will be created in the cluster to meter network egress traffic.
    EnableResourceConsumptionMetering bool
    Whether to enable resource consumption metering on this cluster. When enabled, a table will be created in the resource export BigQuery dataset to store resource consumption data. The resulting table can be joined with the resource usage table or with BigQuery billing export. Defaults to true.
    BigqueryDestination ClusterResourceUsageExportConfigBigqueryDestination
    Parameters for using BigQuery as the destination of resource usage export.

    • bigquery_destination.dataset_id (Required) - The ID of a BigQuery Dataset. For Example:
    EnableNetworkEgressMetering bool
    Whether to enable network egress metering for this cluster. If enabled, a daemonset will be created in the cluster to meter network egress traffic.
    EnableResourceConsumptionMetering bool
    Whether to enable resource consumption metering on this cluster. When enabled, a table will be created in the resource export BigQuery dataset to store resource consumption data. The resulting table can be joined with the resource usage table or with BigQuery billing export. Defaults to true.
    bigqueryDestination ClusterResourceUsageExportConfigBigqueryDestination
    Parameters for using BigQuery as the destination of resource usage export.

    • bigquery_destination.dataset_id (Required) - The ID of a BigQuery Dataset. For Example:
    enableNetworkEgressMetering Boolean
    Whether to enable network egress metering for this cluster. If enabled, a daemonset will be created in the cluster to meter network egress traffic.
    enableResourceConsumptionMetering Boolean
    Whether to enable resource consumption metering on this cluster. When enabled, a table will be created in the resource export BigQuery dataset to store resource consumption data. The resulting table can be joined with the resource usage table or with BigQuery billing export. Defaults to true.
    bigqueryDestination ClusterResourceUsageExportConfigBigqueryDestination
    Parameters for using BigQuery as the destination of resource usage export.

    • bigquery_destination.dataset_id (Required) - The ID of a BigQuery Dataset. For Example:
    enableNetworkEgressMetering boolean
    Whether to enable network egress metering for this cluster. If enabled, a daemonset will be created in the cluster to meter network egress traffic.
    enableResourceConsumptionMetering boolean
    Whether to enable resource consumption metering on this cluster. When enabled, a table will be created in the resource export BigQuery dataset to store resource consumption data. The resulting table can be joined with the resource usage table or with BigQuery billing export. Defaults to true.
    bigquery_destination ClusterResourceUsageExportConfigBigqueryDestination
    Parameters for using BigQuery as the destination of resource usage export.

    • bigquery_destination.dataset_id (Required) - The ID of a BigQuery Dataset. For Example:
    enable_network_egress_metering bool
    Whether to enable network egress metering for this cluster. If enabled, a daemonset will be created in the cluster to meter network egress traffic.
    enable_resource_consumption_metering bool
    Whether to enable resource consumption metering on this cluster. When enabled, a table will be created in the resource export BigQuery dataset to store resource consumption data. The resulting table can be joined with the resource usage table or with BigQuery billing export. Defaults to true.
    bigqueryDestination Property Map
    Parameters for using BigQuery as the destination of resource usage export.

    • bigquery_destination.dataset_id (Required) - The ID of a BigQuery Dataset. For Example:
    enableNetworkEgressMetering Boolean
    Whether to enable network egress metering for this cluster. If enabled, a daemonset will be created in the cluster to meter network egress traffic.
    enableResourceConsumptionMetering Boolean
    Whether to enable resource consumption metering on this cluster. When enabled, a table will be created in the resource export BigQuery dataset to store resource consumption data. The resulting table can be joined with the resource usage table or with BigQuery billing export. Defaults to true.

    ClusterResourceUsageExportConfigBigqueryDestination, ClusterResourceUsageExportConfigBigqueryDestinationArgs

    DatasetId string
    The ID of a BigQuery Dataset.
    DatasetId string
    The ID of a BigQuery Dataset.
    datasetId String
    The ID of a BigQuery Dataset.
    datasetId string
    The ID of a BigQuery Dataset.
    dataset_id str
    The ID of a BigQuery Dataset.
    datasetId String
    The ID of a BigQuery Dataset.

    ClusterSecretManagerConfig, ClusterSecretManagerConfigArgs

    Enabled bool
    Enable the Secret Manager add-on for this cluster.
    Enabled bool
    Enable the Secret Manager add-on for this cluster.
    enabled Boolean
    Enable the Secret Manager add-on for this cluster.
    enabled boolean
    Enable the Secret Manager add-on for this cluster.
    enabled bool
    Enable the Secret Manager add-on for this cluster.
    enabled Boolean
    Enable the Secret Manager add-on for this cluster.

    ClusterSecurityPostureConfig, ClusterSecurityPostureConfigArgs

    Mode string
    Sets the mode of the Kubernetes security posture API's off-cluster features. Available options include DISABLED, BASIC, and ENTERPRISE.
    VulnerabilityMode string
    Sets the mode of the Kubernetes security posture API's workload vulnerability scanning. Available options include VULNERABILITY_DISABLED, VULNERABILITY_BASIC and VULNERABILITY_ENTERPRISE.
    Mode string
    Sets the mode of the Kubernetes security posture API's off-cluster features. Available options include DISABLED, BASIC, and ENTERPRISE.
    VulnerabilityMode string
    Sets the mode of the Kubernetes security posture API's workload vulnerability scanning. Available options include VULNERABILITY_DISABLED, VULNERABILITY_BASIC and VULNERABILITY_ENTERPRISE.
    mode String
    Sets the mode of the Kubernetes security posture API's off-cluster features. Available options include DISABLED, BASIC, and ENTERPRISE.
    vulnerabilityMode String
    Sets the mode of the Kubernetes security posture API's workload vulnerability scanning. Available options include VULNERABILITY_DISABLED, VULNERABILITY_BASIC and VULNERABILITY_ENTERPRISE.
    mode string
    Sets the mode of the Kubernetes security posture API's off-cluster features. Available options include DISABLED, BASIC, and ENTERPRISE.
    vulnerabilityMode string
    Sets the mode of the Kubernetes security posture API's workload vulnerability scanning. Available options include VULNERABILITY_DISABLED, VULNERABILITY_BASIC and VULNERABILITY_ENTERPRISE.
    mode str
    Sets the mode of the Kubernetes security posture API's off-cluster features. Available options include DISABLED, BASIC, and ENTERPRISE.
    vulnerability_mode str
    Sets the mode of the Kubernetes security posture API's workload vulnerability scanning. Available options include VULNERABILITY_DISABLED, VULNERABILITY_BASIC and VULNERABILITY_ENTERPRISE.
    mode String
    Sets the mode of the Kubernetes security posture API's off-cluster features. Available options include DISABLED, BASIC, and ENTERPRISE.
    vulnerabilityMode String
    Sets the mode of the Kubernetes security posture API's workload vulnerability scanning. Available options include VULNERABILITY_DISABLED, VULNERABILITY_BASIC and VULNERABILITY_ENTERPRISE.

    ClusterServiceExternalIpsConfig, ClusterServiceExternalIpsConfigArgs

    Enabled bool
    Controls whether external ips specified by a service will be allowed. It is enabled by default.
    Enabled bool
    Controls whether external ips specified by a service will be allowed. It is enabled by default.
    enabled Boolean
    Controls whether external ips specified by a service will be allowed. It is enabled by default.
    enabled boolean
    Controls whether external ips specified by a service will be allowed. It is enabled by default.
    enabled bool
    Controls whether external ips specified by a service will be allowed. It is enabled by default.
    enabled Boolean
    Controls whether external ips specified by a service will be allowed. It is enabled by default.

    ClusterTpuConfig, ClusterTpuConfigArgs

    Enabled bool
    Whether Cloud TPU integration is enabled or not
    Ipv4CidrBlock string
    IPv4 CIDR block reserved for Cloud TPU in the VPC.
    UseServiceNetworking bool
    Whether to use service networking for Cloud TPU or not
    Enabled bool
    Whether Cloud TPU integration is enabled or not
    Ipv4CidrBlock string
    IPv4 CIDR block reserved for Cloud TPU in the VPC.
    UseServiceNetworking bool
    Whether to use service networking for Cloud TPU or not
    enabled Boolean
    Whether Cloud TPU integration is enabled or not
    ipv4CidrBlock String
    IPv4 CIDR block reserved for Cloud TPU in the VPC.
    useServiceNetworking Boolean
    Whether to use service networking for Cloud TPU or not
    enabled boolean
    Whether Cloud TPU integration is enabled or not
    ipv4CidrBlock string
    IPv4 CIDR block reserved for Cloud TPU in the VPC.
    useServiceNetworking boolean
    Whether to use service networking for Cloud TPU or not
    enabled bool
    Whether Cloud TPU integration is enabled or not
    ipv4_cidr_block str
    IPv4 CIDR block reserved for Cloud TPU in the VPC.
    use_service_networking bool
    Whether to use service networking for Cloud TPU or not
    enabled Boolean
    Whether Cloud TPU integration is enabled or not
    ipv4CidrBlock String
    IPv4 CIDR block reserved for Cloud TPU in the VPC.
    useServiceNetworking Boolean
    Whether to use service networking for Cloud TPU or not

    ClusterUserManagedKeysConfig, ClusterUserManagedKeysConfigArgs

    AggregationCa string
    The Certificate Authority Service caPool to use for the aggreation CA in this cluster.
    ClusterCa string
    The Certificate Authority Service caPool to use for the cluster CA in this cluster.
    ControlPlaneDiskEncryptionKey string
    The Cloud KMS cryptoKey to use for Confidential Hyperdisk on the control plane nodes.
    EtcdApiCa string
    The Certificate Authority Service caPool to use for the etcd API CA in this cluster.
    EtcdPeerCa string
    The Certificate Authority Service caPool to use for the etcd peer CA in this cluster.
    GkeopsEtcdBackupEncryptionKey string
    Resource path of the Cloud KMS cryptoKey to use for encryption of internal etcd backups.
    ServiceAccountSigningKeys List<string>
    The Cloud KMS cryptoKeyVersions to use for signing service account JWTs issued by this cluster.
    ServiceAccountVerificationKeys List<string>
    The Cloud KMS cryptoKeyVersions to use for verifying service account JWTs issued by this cluster.
    AggregationCa string
    The Certificate Authority Service caPool to use for the aggreation CA in this cluster.
    ClusterCa string
    The Certificate Authority Service caPool to use for the cluster CA in this cluster.
    ControlPlaneDiskEncryptionKey string
    The Cloud KMS cryptoKey to use for Confidential Hyperdisk on the control plane nodes.
    EtcdApiCa string
    The Certificate Authority Service caPool to use for the etcd API CA in this cluster.
    EtcdPeerCa string
    The Certificate Authority Service caPool to use for the etcd peer CA in this cluster.
    GkeopsEtcdBackupEncryptionKey string
    Resource path of the Cloud KMS cryptoKey to use for encryption of internal etcd backups.
    ServiceAccountSigningKeys []string
    The Cloud KMS cryptoKeyVersions to use for signing service account JWTs issued by this cluster.
    ServiceAccountVerificationKeys []string
    The Cloud KMS cryptoKeyVersions to use for verifying service account JWTs issued by this cluster.
    aggregationCa String
    The Certificate Authority Service caPool to use for the aggreation CA in this cluster.
    clusterCa String
    The Certificate Authority Service caPool to use for the cluster CA in this cluster.
    controlPlaneDiskEncryptionKey String
    The Cloud KMS cryptoKey to use for Confidential Hyperdisk on the control plane nodes.
    etcdApiCa String
    The Certificate Authority Service caPool to use for the etcd API CA in this cluster.
    etcdPeerCa String
    The Certificate Authority Service caPool to use for the etcd peer CA in this cluster.
    gkeopsEtcdBackupEncryptionKey String
    Resource path of the Cloud KMS cryptoKey to use for encryption of internal etcd backups.
    serviceAccountSigningKeys List<String>
    The Cloud KMS cryptoKeyVersions to use for signing service account JWTs issued by this cluster.
    serviceAccountVerificationKeys List<String>
    The Cloud KMS cryptoKeyVersions to use for verifying service account JWTs issued by this cluster.
    aggregationCa string
    The Certificate Authority Service caPool to use for the aggreation CA in this cluster.
    clusterCa string
    The Certificate Authority Service caPool to use for the cluster CA in this cluster.
    controlPlaneDiskEncryptionKey string
    The Cloud KMS cryptoKey to use for Confidential Hyperdisk on the control plane nodes.
    etcdApiCa string
    The Certificate Authority Service caPool to use for the etcd API CA in this cluster.
    etcdPeerCa string
    The Certificate Authority Service caPool to use for the etcd peer CA in this cluster.
    gkeopsEtcdBackupEncryptionKey string
    Resource path of the Cloud KMS cryptoKey to use for encryption of internal etcd backups.
    serviceAccountSigningKeys string[]
    The Cloud KMS cryptoKeyVersions to use for signing service account JWTs issued by this cluster.
    serviceAccountVerificationKeys string[]
    The Cloud KMS cryptoKeyVersions to use for verifying service account JWTs issued by this cluster.
    aggregation_ca str
    The Certificate Authority Service caPool to use for the aggreation CA in this cluster.
    cluster_ca str
    The Certificate Authority Service caPool to use for the cluster CA in this cluster.
    control_plane_disk_encryption_key str
    The Cloud KMS cryptoKey to use for Confidential Hyperdisk on the control plane nodes.
    etcd_api_ca str
    The Certificate Authority Service caPool to use for the etcd API CA in this cluster.
    etcd_peer_ca str
    The Certificate Authority Service caPool to use for the etcd peer CA in this cluster.
    gkeops_etcd_backup_encryption_key str
    Resource path of the Cloud KMS cryptoKey to use for encryption of internal etcd backups.
    service_account_signing_keys Sequence[str]
    The Cloud KMS cryptoKeyVersions to use for signing service account JWTs issued by this cluster.
    service_account_verification_keys Sequence[str]
    The Cloud KMS cryptoKeyVersions to use for verifying service account JWTs issued by this cluster.
    aggregationCa String
    The Certificate Authority Service caPool to use for the aggreation CA in this cluster.
    clusterCa String
    The Certificate Authority Service caPool to use for the cluster CA in this cluster.
    controlPlaneDiskEncryptionKey String
    The Cloud KMS cryptoKey to use for Confidential Hyperdisk on the control plane nodes.
    etcdApiCa String
    The Certificate Authority Service caPool to use for the etcd API CA in this cluster.
    etcdPeerCa String
    The Certificate Authority Service caPool to use for the etcd peer CA in this cluster.
    gkeopsEtcdBackupEncryptionKey String
    Resource path of the Cloud KMS cryptoKey to use for encryption of internal etcd backups.
    serviceAccountSigningKeys List<String>
    The Cloud KMS cryptoKeyVersions to use for signing service account JWTs issued by this cluster.
    serviceAccountVerificationKeys List<String>
    The Cloud KMS cryptoKeyVersions to use for verifying service account JWTs issued by this cluster.

    ClusterVerticalPodAutoscaling, ClusterVerticalPodAutoscalingArgs

    Enabled bool
    Enables vertical pod autoscaling
    Enabled bool
    Enables vertical pod autoscaling
    enabled Boolean
    Enables vertical pod autoscaling
    enabled boolean
    Enables vertical pod autoscaling
    enabled bool
    Enables vertical pod autoscaling
    enabled Boolean
    Enables vertical pod autoscaling

    ClusterWorkloadAltsConfig, ClusterWorkloadAltsConfigArgs

    EnableAlts bool
    Whether the alts handshaker should be enabled or not for direct-path. Requires Workload Identity (workloadPool) must be non-empty).
    EnableAlts bool
    Whether the alts handshaker should be enabled or not for direct-path. Requires Workload Identity (workloadPool) must be non-empty).
    enableAlts Boolean
    Whether the alts handshaker should be enabled or not for direct-path. Requires Workload Identity (workloadPool) must be non-empty).
    enableAlts boolean
    Whether the alts handshaker should be enabled or not for direct-path. Requires Workload Identity (workloadPool) must be non-empty).
    enable_alts bool
    Whether the alts handshaker should be enabled or not for direct-path. Requires Workload Identity (workloadPool) must be non-empty).
    enableAlts Boolean
    Whether the alts handshaker should be enabled or not for direct-path. Requires Workload Identity (workloadPool) must be non-empty).

    ClusterWorkloadIdentityConfig, ClusterWorkloadIdentityConfigArgs

    WorkloadPool string
    The workload pool to attach all Kubernetes service accounts to.
    WorkloadPool string
    The workload pool to attach all Kubernetes service accounts to.
    workloadPool String
    The workload pool to attach all Kubernetes service accounts to.
    workloadPool string
    The workload pool to attach all Kubernetes service accounts to.
    workload_pool str
    The workload pool to attach all Kubernetes service accounts to.
    workloadPool String
    The workload pool to attach all Kubernetes service accounts to.

    Import

    GKE clusters can be imported using the project , location, and name. If the project is omitted, the default

    provider value will be used. Examples:

    • projects/{{project_id}}/locations/{{location}}/clusters/{{cluster_id}}

    • {{project_id}}/{{location}}/{{cluster_id}}

    • {{location}}/{{cluster_id}}

    When using the pulumi import command, GKE clusters can be imported using one of the formats above. For example:

    $ pulumi import gcp:container/cluster:Cluster default projects/{{project_id}}/locations/{{location}}/clusters/{{cluster_id}}
    
    $ pulumi import gcp:container/cluster:Cluster default {{project_id}}/{{location}}/{{cluster_id}}
    
    $ pulumi import gcp:container/cluster:Cluster default {{location}}/{{cluster_id}}
    

    For example, the following fields will show diffs if set in config:

    • min_master_version

    • remove_default_node_pool

    To learn more about importing existing cloud resources, see Importing resources.

    Package Details

    Repository
    Google Cloud (GCP) Classic pulumi/pulumi-gcp
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the google-beta Terraform Provider.
    gcp logo
    Google Cloud Classic v8.9.3 published on Monday, Nov 18, 2024 by Pulumi