apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 0.0.0-dev creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: containerclusters.container.cnrm.cloud.google.com spec: group: container.cnrm.cloud.google.com names: categories: - gcp kind: ContainerCluster plural: containerclusters shortNames: - gcpcontainercluster - gcpcontainerclusters singular: containercluster preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: addonsConfig: description: The configuration for addons supported by GKE. properties: cloudrunConfig: description: The status of the CloudRun addon. It is disabled by default. Set disabled = false to enable. properties: disabled: type: boolean loadBalancerType: type: string required: - disabled type: object configConnectorConfig: description: The of the Config Connector addon. properties: enabled: type: boolean required: - enabled type: object dnsCacheConfig: description: The status of the NodeLocal DNSCache addon. It is disabled by default. Set enabled = true to enable. properties: enabled: type: boolean required: - enabled type: object gcePersistentDiskCsiDriverConfig: description: 'Whether this cluster should enable the Google Compute Engine Persistent Disk Container Storage Interface (CSI) Driver. Set enabled = true to enable. The Compute Engine persistent disk CSI Driver is enabled by default on newly created clusters for the following versions: Linux clusters: GKE version 1.18.10-gke.2100 or later, or 1.19.3-gke.2100 or later.' properties: enabled: type: boolean required: - enabled type: object gcpFilestoreCsiDriverConfig: description: The status of the Filestore CSI driver addon, which allows the usage of filestore instance as volumes. Defaults to disabled; set enabled = true to enable. properties: enabled: type: boolean required: - enabled type: object gcsFuseCsiDriverConfig: description: The status of the GCS Fuse CSI driver addon, which allows the usage of gcs bucket as volumes. Defaults to disabled; set enabled = true to enable. properties: enabled: type: boolean required: - enabled type: object gkeBackupAgentConfig: description: The status of the Backup for GKE Agent addon. It is disabled by default. Set enabled = true to enable. properties: enabled: type: boolean required: - enabled type: object horizontalPodAutoscaling: description: The status of the Horizontal Pod Autoscaling addon, which increases or decreases the number of replica pods a replication controller has based on the resource usage of the existing pods. It ensures that a Heapster pod is running in the cluster, which is also used by the Cloud Monitoring service. It is enabled by default; set disabled = true to disable. properties: disabled: type: boolean required: - disabled type: object httpLoadBalancing: description: The status of the HTTP (L7) load balancing controller addon, which makes it easy to set up HTTP load balancers for services in a cluster. It is enabled by default; set disabled = true to disable. properties: disabled: type: boolean required: - disabled type: object istioConfig: description: The status of the Istio addon. properties: auth: description: The authentication type between services in Istio. Available options include AUTH_MUTUAL_TLS. type: string disabled: description: The status of the Istio addon, which makes it easy to set up Istio for services in a cluster. It is disabled by default. Set disabled = false to enable. type: boolean required: - disabled type: object kalmConfig: description: Configuration for the KALM addon, which manages the lifecycle of k8s. It is disabled by default; Set enabled = true to enable. properties: enabled: type: boolean required: - enabled type: object networkPolicyConfig: description: Whether we should enable the network policy addon for the master. This must be enabled in order to enable network policy for the nodes. To enable this, you must also define a network_policy block, otherwise nothing will happen. It can only be disabled if the nodes already do not have network policies enabled. Defaults to disabled; set disabled = false to enable. properties: disabled: type: boolean required: - disabled type: object type: object allowNetAdmin: description: Enable NET_ADMIN for this cluster. type: boolean authenticatorGroupsConfig: description: Configuration for the Google Groups for GKE feature. properties: securityGroup: description: The name of the RBAC security group for use with Google security groups in Kubernetes RBAC. Group name must be in format gke-security-groups@yourdomain.com. type: string required: - securityGroup type: object binaryAuthorization: description: Configuration options for the Binary Authorization feature. properties: enabled: description: DEPRECATED. Deprecated in favor of evaluation_mode. Enable Binary Authorization for this cluster. type: boolean evaluationMode: description: Mode of operation for Binary Authorization policy evaluation. type: string type: object clusterAutoscaling: description: Per-cluster configuration of Node Auto-Provisioning with Cluster Autoscaler to automatically adjust the size of the cluster and create/delete node pools based on the current needs of the cluster's workload. See the guide to using Node Auto-Provisioning for more details. properties: autoProvisioningDefaults: description: Contains defaults for a node pool created by NAP. properties: bootDiskKMSKeyRef: description: |- Immutable. The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object diskSize: description: Size of the disk attached to each node, specified in GB. The smallest allowed disk size is 10GB. type: integer imageType: description: The default image type used by NAP once a new node pool is being created. type: string management: description: NodeManagement configuration for this NodePool. properties: autoRepair: description: Specifies whether the node auto-repair is enabled for the node pool. If enabled, the nodes in this node pool will be monitored and, if they fail health checks too many times, an automatic repair action will be triggered. type: boolean autoUpgrade: description: Specifies whether node auto-upgrade is enabled for the node pool. If enabled, node auto-upgrade helps keep the nodes in your node pool up to date with the latest release version of Kubernetes. type: boolean upgradeOptions: description: Specifies the Auto Upgrade knobs for the node pool. items: properties: autoUpgradeStartTime: description: This field is set when upgrades are about to commence with the approximate start time for the upgrades, in RFC3339 text format. type: string description: description: This field is set when upgrades are about to commence with the description of the upgrade. type: string type: object type: array type: object minCpuPlatform: description: Minimum CPU platform to be used by this instance. The instance may be scheduled on the specified or newer CPU platform. Applicable values are the friendly names of CPU platforms, such as Intel Haswell. type: string oauthScopes: description: Scopes that are used by NAP when creating node pools. items: type: string type: array serviceAccountRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `email` field of an `IAMServiceAccount` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object shieldedInstanceConfig: description: Shielded Instance options. properties: enableIntegrityMonitoring: description: Defines whether the instance has integrity monitoring enabled. type: boolean enableSecureBoot: description: Defines whether the instance has Secure Boot enabled. type: boolean type: object upgradeSettings: description: Specifies the upgrade settings for NAP created node pools. properties: blueGreenSettings: description: Settings for blue-green upgrade strategy. properties: nodePoolSoakDuration: description: "Time needed after draining entire blue pool. After this period, blue pool will be cleaned up.\n\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tA duration in seconds with up to nine fractional digits, ending with 's'. Example: \"3.5s\"." type: string standardRolloutPolicy: description: Standard policy for the blue-green upgrade. properties: batchNodeCount: description: Number of blue nodes to drain in a batch. type: integer batchPercentage: description: Percentage of the bool pool nodes to drain in a batch. The range of this field should be (0.0, 1.0]. type: number batchSoakDuration: description: "Soak time after each batch gets drained.\n\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tA duration in seconds with up to nine fractional digits, ending with 's'. Example: \"3.5s\"." type: string type: object type: object maxSurge: description: The maximum number of nodes that can be created beyond the current size of the node pool during the upgrade process. type: integer maxUnavailable: description: The maximum number of nodes that can be simultaneously unavailable during the upgrade process. type: integer strategy: description: Update strategy of the node pool. type: string type: object type: object autoscalingProfile: description: Configuration options for the Autoscaling profile feature, which lets you choose whether the cluster autoscaler should optimize for resource utilization or resource availability when deciding to remove nodes from a cluster. Can be BALANCED or OPTIMIZE_UTILIZATION. Defaults to BALANCED. type: string enabled: description: Whether node auto-provisioning is enabled. Resource limits for cpu and memory must be defined to enable node auto-provisioning. type: boolean resourceLimits: description: Global constraints for machine resources in the cluster. Configuring the cpu and memory types is required if node auto-provisioning is enabled. These limits will apply to node pool autoscaling in addition to node auto-provisioning. items: properties: maximum: description: Maximum amount of the resource in the cluster. type: integer minimum: description: Minimum amount of the resource in the cluster. type: integer resourceType: description: The type of the resource. For example, cpu and memory. See the guide to using Node Auto-Provisioning for a list of types. type: string required: - resourceType type: object type: array type: object clusterIpv4Cidr: description: Immutable. The IP address range of the Kubernetes pods in this cluster in CIDR notation (e.g. 10.96.0.0/14). Leave blank to have one automatically chosen or specify a /14 block in 10.0.0.0/8. This field will only work for routes-based clusters, where ip_allocation_policy is not defined. type: string clusterTelemetry: description: Telemetry integration for the cluster. properties: type: description: Type of the integration. type: string required: - type type: object confidentialNodes: description: 'Immutable. Configuration for the confidential nodes feature, which makes nodes run on confidential VMs. Warning: This configuration can''t be changed (or added/removed) after cluster creation without deleting and recreating the entire cluster.' properties: enabled: description: Immutable. Whether Confidential Nodes feature is enabled for all nodes in this cluster. type: boolean required: - enabled type: object costManagementConfig: description: Cost management configuration for the cluster. properties: enabled: description: Whether to enable GKE cost allocation. When you enable GKE cost allocation, the cluster name and namespace of your GKE workloads appear in the labels field of the billing export to BigQuery. Defaults to false. type: boolean required: - enabled type: object databaseEncryption: description: 'Application-layer Secrets Encryption settings. The object format is {state = string, key_name = string}. Valid values of state are: "ENCRYPTED"; "DECRYPTED". key_name is the name of a CloudKMS key.' properties: keyName: description: The key to use to encrypt/decrypt secrets. type: string state: description: ENCRYPTED or DECRYPTED. type: string required: - state type: object datapathProvider: description: Immutable. The desired datapath provider for this cluster. By default, uses the IPTables-based kube-proxy implementation. type: string defaultMaxPodsPerNode: description: Immutable. The default maximum number of pods per node in this cluster. This doesn't work on "routes-based" clusters, clusters that don't have IP Aliasing enabled. type: integer defaultSnatStatus: description: Whether the cluster disables default in-node sNAT rules. In-node sNAT rules will be disabled when defaultSnatStatus is disabled. properties: disabled: description: When disabled is set to false, default IP masquerade rules will be applied to the nodes to prevent sNAT on cluster internal traffic. type: boolean required: - disabled type: object description: description: Immutable. Description of the cluster. type: string dnsConfig: description: Immutable. Configuration for Cloud DNS for Kubernetes Engine. properties: clusterDns: description: Which in-cluster DNS provider should be used. type: string clusterDnsDomain: description: The suffix used for all cluster service records. type: string clusterDnsScope: description: The scope of access to cluster DNS records. type: string type: object enableAutopilot: description: Immutable. Enable Autopilot for this cluster. type: boolean enableBinaryAuthorization: description: DEPRECATED. Deprecated in favor of binary_authorization. Enable Binary Authorization for this cluster. If enabled, all container images will be validated by Google Binary Authorization. type: boolean enableFqdnNetworkPolicy: description: Whether FQDN Network Policy is enabled on this cluster. type: boolean enableIntranodeVisibility: description: Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network. type: boolean enableK8sBetaApis: description: Configuration for Kubernetes Beta APIs. properties: enabledApis: description: Enabled Kubernetes Beta APIs. items: type: string type: array required: - enabledApis type: object enableKubernetesAlpha: description: Immutable. Whether to enable Kubernetes Alpha features for this cluster. Note that when this option is enabled, the cluster cannot be upgraded and will be automatically deleted after 30 days. type: boolean enableL4IlbSubsetting: description: Whether L4ILB Subsetting is enabled for this cluster. type: boolean enableLegacyAbac: description: Whether the ABAC authorizer is enabled for this cluster. When enabled, identities in the system, including service accounts, nodes, and controllers, will have statically granted permissions beyond those provided by the RBAC configuration or IAM. Defaults to false. type: boolean enableMultiNetworking: description: Immutable. Whether multi-networking is enabled for this cluster. type: boolean enableShieldedNodes: description: Enable Shielded Nodes features on all nodes in this cluster. Defaults to true. type: boolean enableTpu: description: Immutable. Whether to enable Cloud TPU resources in this cluster. type: boolean gatewayApiConfig: description: Configuration for GKE Gateway API controller. properties: channel: description: The Gateway API release channel to use for Gateway API. type: string required: - channel type: object identityServiceConfig: description: Configuration for Identity Service which allows customers to use external identity providers with the K8S API. properties: enabled: description: Whether to enable the Identity Service component. type: boolean type: object initialNodeCount: description: Immutable. The number of nodes to create in this cluster's default node pool. In regional or multi-zonal clusters, this is the number of nodes per zone. Must be set if node_pool is not set. If you're using google_container_node_pool objects with no default node pool, you'll need to set this to a value of at least 1, alongside setting remove_default_node_pool to true. type: integer ipAllocationPolicy: description: Immutable. Configuration of cluster IP allocation for VPC-native clusters. Adding this block enables IP aliasing, making the cluster VPC-native instead of routes-based. properties: additionalPodRangesConfig: description: AdditionalPodRangesConfig is the configuration for additional pod secondary ranges supporting the ClusterUpdate message. properties: podRangeNames: description: Name for pod secondary ipv4 range which has the actual range defined ahead. items: type: string type: array required: - podRangeNames type: object clusterIpv4CidrBlock: description: Immutable. The IP address range for the cluster pod IPs. Set to blank to have a range chosen with the default size. Set to /netmask (e.g. /14) to have a range chosen with a specific netmask. Set to a CIDR notation (e.g. 10.96.0.0/14) from the RFC-1918 private networks (e.g. 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) to pick a specific range to use. type: string clusterSecondaryRangeName: description: Immutable. The name of the existing secondary range in the cluster's subnetwork to use for pod IP addresses. Alternatively, cluster_ipv4_cidr_block can be used to automatically create a GKE-managed one. type: string podCidrOverprovisionConfig: description: Immutable. Configuration for cluster level pod cidr overprovision. Default is disabled=false. properties: disabled: type: boolean required: - disabled type: object servicesIpv4CidrBlock: description: Immutable. The IP address range of the services IPs in this cluster. Set to blank to have a range chosen with the default size. Set to /netmask (e.g. /14) to have a range chosen with a specific netmask. Set to a CIDR notation (e.g. 10.96.0.0/14) from the RFC-1918 private networks (e.g. 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) to pick a specific range to use. type: string servicesSecondaryRangeName: description: Immutable. The name of the existing secondary range in the cluster's subnetwork to use for service ClusterIPs. Alternatively, services_ipv4_cidr_block can be used to automatically create a GKE-managed one. type: string stackType: description: Immutable. The IP Stack type of the cluster. Choose between IPV4 and IPV4_IPV6. Default type is IPV4 Only if not set. type: string type: object location: description: Immutable. The location (region or zone) in which the cluster master will be created, as well as the default node location. If you specify a zone (such as us-central1-a), the cluster will be a zonal cluster with a single cluster master. If you specify a region (such as us-west1), the cluster will be a regional cluster with multiple masters spread across zones in the region, and with default node locations in those zones as well. type: string loggingConfig: description: Logging configuration for the cluster. properties: enableComponents: description: GKE components exposing logs. Valid values include SYSTEM_COMPONENTS, APISERVER, CONTROLLER_MANAGER, SCHEDULER, and WORKLOADS. items: type: string type: array required: - enableComponents type: object loggingService: description: The logging service that the cluster should write logs to. Available options include logging.googleapis.com(Legacy Stackdriver), logging.googleapis.com/kubernetes(Stackdriver Kubernetes Engine Logging), and none. Defaults to logging.googleapis.com/kubernetes. type: string maintenancePolicy: description: The maintenance policy to use for the cluster. properties: dailyMaintenanceWindow: description: 'Time window specified for daily maintenance operations. Specify start_time in RFC3339 format "HH:MM”, where HH : [00-23] and MM : [00-59] GMT.' properties: duration: type: string startTime: type: string required: - startTime type: object maintenanceExclusion: description: Exceptions to maintenance window. Non-emergency maintenance should not occur in these windows. items: properties: endTime: type: string exclusionName: type: string exclusionOptions: description: Maintenance exclusion related options. properties: scope: description: The scope of automatic upgrades to restrict in the exclusion window. type: string required: - scope type: object startTime: type: string required: - endTime - exclusionName - startTime type: object type: array recurringWindow: description: Time window for recurring maintenance operations. properties: endTime: type: string recurrence: type: string startTime: type: string required: - endTime - recurrence - startTime type: object type: object masterAuth: description: DEPRECATED. Basic authentication was removed for GKE cluster versions >= 1.19. The authentication information for accessing the Kubernetes master. Some values in this block are only returned by the API if your service account has permission to get credentials for your GKE cluster. If you see an unexpected diff unsetting your client cert, ensure you have the container.clusters.getCredentials permission. properties: clientCertificate: description: Base64 encoded public certificate used by clients to authenticate to the cluster endpoint. type: string clientCertificateConfig: description: Immutable. Whether client certificate authorization is enabled for this cluster. properties: issueClientCertificate: description: Immutable. Whether client certificate authorization is enabled for this cluster. type: boolean required: - issueClientCertificate type: object clientKey: description: Base64 encoded private key used by clients to authenticate to the cluster endpoint. type: string clusterCaCertificate: description: Base64 encoded public certificate that is the root of trust for the cluster. type: string password: description: The password to use for HTTP basic authentication when accessing the Kubernetes master endpoint. oneOf: - not: required: - valueFrom required: - value - not: required: - value required: - valueFrom properties: value: description: Value of the field. Cannot be used if 'valueFrom' is specified. type: string valueFrom: description: Source for the field's value. Cannot be used if 'value' is specified. properties: secretKeyRef: description: Reference to a value with the given key in the given Secret in the resource's namespace. properties: key: description: Key that identifies the value to be extracted. type: string name: description: Name of the Secret to extract a value from. type: string required: - name - key type: object type: object type: object username: description: The username to use for HTTP basic authentication when accessing the Kubernetes master endpoint. If not present basic auth will be disabled. type: string type: object masterAuthorizedNetworksConfig: description: The desired configuration options for master authorized networks. Omit the nested cidr_blocks attribute to disallow external access (except the cluster node IPs, which GKE automatically whitelists). properties: cidrBlocks: description: External networks that can access the Kubernetes cluster master through HTTPS. items: properties: cidrBlock: description: External network that can access Kubernetes master through HTTPS. Must be specified in CIDR notation. type: string displayName: description: Field for users to identify CIDR blocks. type: string required: - cidrBlock type: object type: array gcpPublicCidrsAccessEnabled: description: Whether master is accessbile via Google Compute Engine Public IP addresses. type: boolean type: object meshCertificates: description: If set, and enable_certificates=true, the GKE Workload Identity Certificates controller and node agent will be deployed in the cluster. properties: enableCertificates: description: When enabled the GKE Workload Identity Certificates controller and node agent will be deployed in the cluster. type: boolean required: - enableCertificates type: object minMasterVersion: description: The minimum version of the master. GKE will auto-update the master to new versions, so this does not guarantee the current master version--use the read-only master_version field to obtain that. If unset, the cluster's version will be set by GKE to the version of the most recent official release (which is not necessarily the latest version). type: string monitoringConfig: description: Monitoring configuration for the cluster. properties: advancedDatapathObservabilityConfig: description: Configuration of Advanced Datapath Observability features. items: properties: enableMetrics: description: Whether or not the advanced datapath metrics are enabled. type: boolean relayMode: description: Mode used to make Relay available. type: string required: - enableMetrics type: object type: array enableComponents: description: GKE components exposing metrics. Valid values include SYSTEM_COMPONENTS, APISERVER, SCHEDULER, CONTROLLER_MANAGER, STORAGE, HPA, POD, DAEMONSET, DEPLOYMENT, STATEFULSET and WORKLOADS. items: type: string type: array managedPrometheus: description: Configuration for Google Cloud Managed Services for Prometheus. properties: enabled: description: Whether or not the managed collection is enabled. type: boolean required: - enabled type: object type: object monitoringService: description: The monitoring service that the cluster should write metrics to. Automatically send metrics from pods in the cluster to the Google Cloud Monitoring API. VM metrics will be collected by Google Compute Engine regardless of this setting Available options include monitoring.googleapis.com(Legacy Stackdriver), monitoring.googleapis.com/kubernetes(Stackdriver Kubernetes Engine Monitoring), and none. Defaults to monitoring.googleapis.com/kubernetes. type: string networkPolicy: description: Configuration options for the NetworkPolicy feature. properties: enabled: description: Whether network policy is enabled on the cluster. type: boolean provider: description: The selected network policy provider. Defaults to PROVIDER_UNSPECIFIED. type: string required: - enabled type: object networkRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object networkingMode: description: Immutable. Determines whether alias IPs or routes will be used for pod IPs in the cluster. type: string nodeConfig: description: Immutable. The configuration of the nodepool. properties: advancedMachineFeatures: description: Immutable. Specifies options for controlling advanced machine features. properties: threadsPerCore: description: Immutable. The number of threads per physical core. To disable simultaneous multithreading (SMT) set this to 1. If unset, the maximum number of threads supported per core by the underlying processor is assumed. type: integer required: - threadsPerCore type: object bootDiskKMSCryptoKeyRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object confidentialNodes: description: 'Immutable. Configuration for the confidential nodes feature, which makes nodes run on confidential VMs. Warning: This configuration can''t be changed (or added/removed) after pool creation without deleting and recreating the entire pool.' properties: enabled: description: Immutable. Whether Confidential Nodes feature is enabled for all nodes in this pool. type: boolean required: - enabled type: object diskSizeGb: description: Immutable. Size of the disk attached to each node, specified in GB. The smallest allowed disk size is 10GB. type: integer diskType: description: Immutable. Type of the disk attached to each node. Such as pd-standard, pd-balanced or pd-ssd. type: string ephemeralStorageConfig: description: Immutable. Parameters for the ephemeral storage filesystem. If unspecified, ephemeral storage is backed by the boot disk. properties: localSsdCount: description: Immutable. Number of local SSDs to use to back ephemeral storage. Uses NVMe interfaces. Each local SSD must be 375 or 3000 GB in size, and all local SSDs must share the same size. type: integer required: - localSsdCount type: object ephemeralStorageLocalSsdConfig: description: Immutable. Parameters for the ephemeral storage filesystem. If unspecified, ephemeral storage is backed by the boot disk. properties: localSsdCount: description: Immutable. Number of local SSDs to use to back ephemeral storage. Uses NVMe interfaces. Each local SSD must be 375 or 3000 GB in size, and all local SSDs must share the same size. type: integer required: - localSsdCount type: object fastSocket: description: Enable or disable NCCL Fast Socket in the node pool. properties: enabled: description: Whether or not NCCL Fast Socket is enabled. type: boolean required: - enabled type: object gcfsConfig: description: Immutable. GCFS configuration for this node. properties: enabled: description: Immutable. Whether or not GCFS is enabled. type: boolean required: - enabled type: object guestAccelerator: description: Immutable. List of the type and count of accelerator cards attached to the instance. items: properties: count: description: Immutable. The number of the accelerator cards exposed to an instance. type: integer gpuDriverInstallationConfig: description: Immutable. Configuration for auto installation of GPU driver. properties: gpuDriverVersion: description: Immutable. Mode for how the GPU driver is installed. type: string required: - gpuDriverVersion type: object gpuPartitionSize: description: Immutable. Size of partitions to create on the GPU. Valid values are described in the NVIDIA mig user guide (https://docs.nvidia.com/datacenter/tesla/mig-user-guide/#partitioning). type: string gpuSharingConfig: description: Immutable. Configuration for GPU sharing. properties: gpuSharingStrategy: description: Immutable. The type of GPU sharing strategy to enable on the GPU node. Possible values are described in the API package (https://pkg.go.dev/google.golang.org/api/container/v1#GPUSharingConfig). type: string maxSharedClientsPerGpu: description: Immutable. The maximum number of containers that can share a GPU. type: integer required: - gpuSharingStrategy - maxSharedClientsPerGpu type: object type: description: Immutable. The accelerator type resource name. type: string required: - count - type type: object type: array gvnic: description: Immutable. Enable or disable gvnic in the node pool. properties: enabled: description: Immutable. Whether or not gvnic is enabled. type: boolean required: - enabled type: object hostMaintenancePolicy: description: Immutable. The maintenance policy for the hosts on which the GKE VMs run on. properties: maintenanceInterval: description: Immutable. . type: string required: - maintenanceInterval type: object imageType: description: The image type to use for this node. Note that for a given image type, the latest version of it will be used. type: string kubeletConfig: description: Node kubelet configs. properties: cpuCfsQuota: description: Enable CPU CFS quota enforcement for containers that specify CPU limits. type: boolean cpuCfsQuotaPeriod: description: Set the CPU CFS quota period value 'cpu.cfs_period_us'. type: string cpuManagerPolicy: description: Control the CPU management policy on the node. type: string podPidsLimit: description: Controls the maximum number of processes allowed to run in a pod. type: integer required: - cpuManagerPolicy type: object labels: additionalProperties: type: string description: Immutable. The map of Kubernetes labels (key/value pairs) to be applied to each node. These will added in addition to any default label(s) that Kubernetes may apply to the node. type: object linuxNodeConfig: description: Parameters that can be configured on Linux nodes. properties: cgroupMode: description: cgroupMode specifies the cgroup mode to be used on the node. type: string sysctls: additionalProperties: type: string description: The Linux kernel parameters to be applied to the nodes and all pods running on the nodes. type: object type: object localNvmeSsdBlockConfig: description: Immutable. Parameters for raw-block local NVMe SSDs. properties: localSsdCount: description: Immutable. Number of raw-block local NVMe SSD disks to be attached to the node. Each local SSD is 375 GB in size. type: integer required: - localSsdCount type: object localSsdCount: description: Immutable. The number of local SSD disks to be attached to the node. type: integer loggingVariant: description: Type of logging agent that is used as the default value for node pools in the cluster. Valid values include DEFAULT and MAX_THROUGHPUT. type: string machineType: description: Immutable. The name of a Google Compute Engine machine type. type: string metadata: additionalProperties: type: string description: Immutable. The metadata key/value pairs assigned to instances in the cluster. type: object minCpuPlatform: description: Immutable. Minimum CPU platform to be used by this instance. The instance may be scheduled on the specified or newer CPU platform. type: string nodeGroupRef: description: |- Immutable. Setting this field will assign instances of this pool to run on the specified node group. This is useful for running workloads on sole tenant nodes. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `ComputeNodeGroup` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object oauthScopes: description: Immutable. The set of Google API scopes to be made available on all of the node VMs. items: type: string type: array preemptible: description: Immutable. Whether the nodes are created as preemptible VM instances. type: boolean reservationAffinity: description: Immutable. The reservation affinity configuration for the node pool. properties: consumeReservationType: description: Immutable. Corresponds to the type of reservation consumption. type: string key: description: Immutable. The label key of a reservation resource. type: string values: description: Immutable. The label values of the reservation resource. items: type: string type: array required: - consumeReservationType type: object resourceLabels: additionalProperties: type: string description: The GCE resource labels (a map of key/value pairs) to be applied to the node pool. type: object sandboxConfig: description: Immutable. Sandbox configuration for this node. properties: sandboxType: description: Type of the sandbox to use for the node (e.g. 'gvisor'). type: string required: - sandboxType type: object serviceAccountRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `email` field of an `IAMServiceAccount` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object shieldedInstanceConfig: description: Immutable. Shielded Instance options. properties: enableIntegrityMonitoring: description: Immutable. Defines whether the instance has integrity monitoring enabled. type: boolean enableSecureBoot: description: Immutable. Defines whether the instance has Secure Boot enabled. type: boolean type: object soleTenantConfig: description: Immutable. Node affinity options for sole tenant node pools. properties: nodeAffinity: description: Immutable. . items: properties: key: description: Immutable. . type: string operator: description: Immutable. . type: string values: description: Immutable. . items: type: string type: array required: - key - operator - values type: object type: array required: - nodeAffinity type: object spot: description: Immutable. Whether the nodes are created as spot VM instances. type: boolean tags: description: The list of instance tags applied to all nodes. items: type: string type: array taint: description: List of Kubernetes taints to be applied to each node. items: properties: effect: description: Effect for taint. type: string key: description: Key for taint. type: string value: description: Value for taint. type: string required: - effect - key - value type: object type: array workloadMetadataConfig: description: Immutable. The workload metadata configuration for this node. properties: mode: description: Mode is the configuration for how to expose metadata to workloads running on the node. type: string nodeMetadata: description: DEPRECATED. Deprecated in favor of mode. NodeMetadata is the configuration for how to expose metadata to the workloads running on the node. type: string type: object type: object nodeLocations: description: The list of zones in which the cluster's nodes are located. Nodes must be in the region of their regional cluster or in the same region as their cluster's zone for zonal clusters. If this is specified for a zonal cluster, omit the cluster's zone. items: type: string type: array nodePoolAutoConfig: description: Node pool configs that apply to all auto-provisioned node pools in autopilot clusters and node auto-provisioning enabled clusters. properties: networkTags: description: Collection of Compute Engine network tags that can be applied to a node's underlying VM instance. properties: tags: description: List of network tags applied to auto-provisioned node pools. items: type: string type: array type: object type: object nodePoolDefaults: description: The default nodel pool settings for the entire cluster. properties: nodeConfigDefaults: description: Subset of NodeConfig message that has defaults. properties: gcfsConfig: description: GCFS configuration for this node. properties: enabled: description: Whether or not GCFS is enabled. type: boolean required: - enabled type: object loggingVariant: description: Type of logging agent that is used as the default value for node pools in the cluster. Valid values include DEFAULT and MAX_THROUGHPUT. type: string type: object type: object nodeVersion: type: string notificationConfig: description: The notification config for sending cluster upgrade notifications. properties: pubsub: description: Notification config for Cloud Pub/Sub. properties: enabled: description: Whether or not the notification config is enabled. type: boolean filter: description: Allows filtering to one or more specific event types. If event types are present, those and only those event types will be transmitted to the cluster. Other types will be skipped. If no filter is specified, or no event types are present, all event types will be sent. properties: eventType: description: Can be used to filter what notifications are sent. Valid values include include UPGRADE_AVAILABLE_EVENT, UPGRADE_EVENT and SECURITY_BULLETIN_EVENT. items: type: string type: array required: - eventType type: object topicRef: description: The PubSubTopic to send the notification to. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: string of the format `projects/{{project}}/topics/{{value}}`, where {{value}} is the `name` field of a `PubSubTopic` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object required: - enabled type: object required: - pubsub type: object podSecurityPolicyConfig: description: Configuration for the PodSecurityPolicy feature. properties: enabled: description: Enable the PodSecurityPolicy controller for this cluster. If enabled, pods must be valid under a PodSecurityPolicy to be created. type: boolean required: - enabled type: object privateClusterConfig: description: Configuration for private clusters, clusters with private nodes. properties: enablePrivateEndpoint: description: When true, the cluster's private endpoint is used as the cluster endpoint and access through the public endpoint is disabled. When false, either endpoint can be used. type: boolean enablePrivateNodes: description: Immutable. Enables the private cluster feature, creating a private endpoint on the cluster. In a private cluster, nodes only have RFC 1918 private addresses and communicate with the master's private endpoint via private networking. type: boolean masterGlobalAccessConfig: description: Controls cluster master global access settings. properties: enabled: description: Whether the cluster master is accessible globally or not. type: boolean required: - enabled type: object masterIpv4CidrBlock: description: Immutable. The IP range in CIDR notation to use for the hosted master network. This range will be used for assigning private IP addresses to the cluster master(s) and the ILB VIP. This range must not overlap with any other ranges in use within the cluster's network, and it must be a /28 subnet. See Private Cluster Limitations for more details. This field only applies to private clusters, when enable_private_nodes is true. type: string peeringName: description: The name of the peering between this cluster and the Google owned VPC. type: string privateEndpoint: description: The internal IP address of this cluster's master endpoint. type: string privateEndpointSubnetworkRef: description: |- Immutable. Subnetwork in cluster's network where master's endpoint will be provisioned. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object publicEndpoint: description: The external IP address of this cluster's master endpoint. type: string type: object privateIpv6GoogleAccess: description: The desired state of IPv6 connectivity to Google Services. By default, no private IPv6 access to or from Google Services (all access will be via IPv4). type: string protectConfig: description: Enable/Disable Protect API features for the cluster. properties: workloadConfig: description: WorkloadConfig defines which actions are enabled for a cluster's workload configurations. properties: auditMode: description: Sets which mode of auditing should be used for the cluster's workloads. Accepted values are DISABLED, BASIC. type: string required: - auditMode type: object workloadVulnerabilityMode: description: Sets which mode to use for Protect workload vulnerability scanning feature. Accepted values are DISABLED, BASIC. type: string type: object releaseChannel: description: Configuration options for the Release channel feature, which provide more control over automatic upgrades of your GKE clusters. Note that removing this field from your config will not unenroll it. Instead, use the "UNSPECIFIED" channel. properties: channel: description: |- The selected release channel. Accepted values are: * UNSPECIFIED: Not set. * RAPID: Weekly upgrade cadence; Early testers and developers who requires new features. * REGULAR: Multiple per month upgrade cadence; Production users who need features not yet offered in the Stable channel. * STABLE: Every few months upgrade cadence; Production users who need stability above all else, and for whom frequent upgrades are too risky. type: string required: - channel type: object resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string resourceUsageExportConfig: description: Configuration for the ResourceUsageExportConfig feature. properties: bigqueryDestination: description: Parameters for using BigQuery as the destination of resource usage export. properties: datasetId: description: The ID of a BigQuery Dataset. type: string required: - datasetId type: object enableNetworkEgressMetering: description: Whether to enable network egress metering for this cluster. If enabled, a daemonset will be created in the cluster to meter network egress traffic. type: boolean enableResourceConsumptionMetering: description: Whether to enable resource consumption metering on this cluster. When enabled, a table will be created in the resource export BigQuery dataset to store resource consumption data. The resulting table can be joined with the resource usage table or with BigQuery billing export. Defaults to true. type: boolean required: - bigqueryDestination type: object securityPostureConfig: description: Defines the config needed to enable/disable features for the Security Posture API. properties: mode: description: Sets the mode of the Kubernetes security posture API's off-cluster features. Available options include DISABLED and BASIC. type: string vulnerabilityMode: description: Sets the mode of the Kubernetes security posture API's workload vulnerability scanning. Available options include VULNERABILITY_DISABLED and VULNERABILITY_BASIC. type: string type: object serviceExternalIpsConfig: description: If set, and enabled=true, services with external ips field will not be blocked. properties: enabled: description: When enabled, services with exterenal ips specified will be allowed. type: boolean required: - enabled type: object subnetworkRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object verticalPodAutoscaling: description: Vertical Pod Autoscaling automatically adjusts the resources of pods controlled by it. properties: enabled: description: Enables vertical pod autoscaling. type: boolean required: - enabled type: object workloadIdentityConfig: description: Configuration for the use of Kubernetes Service Accounts in GCP IAM policies. properties: identityNamespace: description: |- DEPRECATED. This field will be removed in a future major release as it has been deprecated in the API. Use `workloadPool` instead; `workloadPool` field will supersede this field. Enables workload identity. type: string workloadPool: description: The workload pool to attach all Kubernetes service accounts to. type: string type: object required: - location type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array endpoint: description: The IP address of this cluster's Kubernetes master. type: string labelFingerprint: description: The fingerprint of the set of labels for this cluster. type: string masterVersion: description: The current version of the master in the cluster. This may be different than the min_master_version set in the config if the master has been updated by GKE. type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer observedState: description: The observed state of the underlying GCP resource. properties: masterAuth: description: DEPRECATED. Basic authentication was removed for GKE cluster versions >= 1.19. The authentication information for accessing the Kubernetes master. Some values in this block are only returned by the API if your service account has permission to get credentials for your GKE cluster. If you see an unexpected diff unsetting your client cert, ensure you have the container.clusters.getCredentials permission. properties: clientCertificate: description: Base64 encoded public certificate used by clients to authenticate to the cluster endpoint. type: string clusterCaCertificate: description: Base64 encoded public certificate that is the root of trust for the cluster. type: string type: object privateClusterConfig: description: Configuration for private clusters, clusters with private nodes. properties: privateEndpoint: description: The internal IP address of this cluster's master endpoint. type: string publicEndpoint: description: The external IP address of this cluster's master endpoint. type: string type: object type: object operation: type: string selfLink: description: Server-defined URL for the resource. type: string servicesIpv4Cidr: description: The IP address range of the Kubernetes services in this cluster, in CIDR notation (e.g. 1.2.3.4/29). Service addresses are typically put in the last /16 from the container CIDR. type: string tpuIpv4CidrBlock: description: The IP address range of the Cloud TPUs in this cluster, in CIDR notation (e.g. 1.2.3.4/29). type: string type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: []