# Copyright 2021 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. ######### # KCC container cluster apiVersion: container.cnrm.cloud.google.com/v1beta1 kind: ContainerCluster metadata: name: cluster-name # kpt-set: ${cluster-name} namespace: config-control # kpt-set: ${project-namespace} labels: env: experimentation cluster: cluster-name # kpt-set: ${cluster-name} annotations: cnrm.cloud.google.com/remove-default-node-pool: "true" cnrm.cloud.google.com/project-id: project-id # kpt-set: ${project-id} spec: addonsConfig: configConnectorConfig: enabled: false dnsCacheConfig: enabled: true networkPolicyConfig: disabled: false description: cluster-description # kpt-set: ${cluster-description} enableBinaryAuthorization: true enableIntranodeVisibility: true enableShieldedNodes: true initialNodeCount: 1 ipAllocationPolicy: clusterSecondaryRangeName: podrange servicesSecondaryRangeName: servicesrange location: northamerica-northeast1 # kpt-set: ${region} maintenancePolicy: dailyMaintenanceWindow: startTime: 01:00 masterAuthorizedNetworksConfig: cidrBlocks: # kpt-set: ${auth-network} - cidrBlock: 0.0.0.0/0 displayName: private-net networkPolicy: enabled: true networkRef: external: compute.cnrm.cloud.google.com/projects/scemu-sp-kcc-exp/global/networks/global-vpc1-vpc # kpt-set: compute.cnrm.cloud.google.com/projects/${project-id}/global/networks/global-vpc1-vpc networkingMode: VPC_NATIVE podSecurityPolicyConfig: enabled: false privateClusterConfig: enablePrivateEndpoint: false enablePrivateNodes: true masterGlobalAccessConfig: enabled: false # External IP addess will be auto-created and assigned as the public endpoint publicEndpoint: "" masterIpv4CidrBlock: 172.16.0.32/28 subnetworkRef: external: subnetwork-name # kpt-set: compute.cnrm.cloud.google.com/projects/${project-id}/regions/${region}/subnetworks/${subnetwork-name} verticalPodAutoscaling: enabled: true workloadIdentityConfig: # Workload Identity supports only a single namespace based on your project name. # Replace ${PROJECT_ID?} below with your project ID. identityNamespace: ${project-id}.svc.id.goog # kpt-set: ${project-id}.svc.id.goog nodeConfig: shieldedInstanceConfig: enableIntegrityMonitoring: true enableSecureBoot: true labels: env: experimentation cluster: cluster-name # kpt-set: ${cluster-name} tags: - internet-egress-route