|
Description |
description |
|
|
Node Locations |
locations |
Location and distribution of the nodes |
|
Deletion Protection |
Whether Terraform is prevented from destroying the cluster. Deleting this cluster using terraform destroy or terraform apply will only succeed if this field is false in the Terraform state. |
deletion_protection |
| Master Authorized Networks Config |
Gcp Public Cidrs Access Enabled |
gcpPublicCidrsAccessEnabled |
About network isolation in GKE |
| Master Authorized Networks Config |
Private Endpoint Enforcement Enabled |
privateEndpointEnforcementEnabled |
About network isolation in GKE |
| Addons Config |
Http Load Balancing |
HttpLoadBalancing |
GKE Ingress for Application Load Balancers |
| Horizontal Pod Autoscaling |
horizontalPodAutoscaling |
Horizontal Pod autoscaling |
| Network Policy Config |
networkPolicyConfig |
Control communication between Pods and Services using network policies |
| Istio Config |
disabled |
Secure Kubernetes Services with Istio |
| Istio Auth |
auth |
Authentication overview |
| DNS Cache Config |
DnsCacheConfig |
Setting up NodeLocal DNSCache |
| Config Connector Config |
configConnectorConfig |
Installing with the GKE add-on |
| GCE Persistent Disk CSI Driver Config |
gcePersistentDiskCsiDriverConfig |
Using the Compute Engine persistent disk CSI Driver |
| Kalm Config |
kalmConfig |
What is Kalm |
| GCP Filestore CSI Driver Config |
GcpFilestoreCsiDriverConfig |
Access Filestore instances with the Filestore CSI driver |
| GKE Backup Agent Config |
GkeBackupAgentConfig |
backup for GKE |
| GCS Fuse CSI Driver Config |
GcsFuseCsiDriverConfig |
About Cloud Storage FUSE CSI driver for GKE |
| Stateful HA Config |
StatefulHaConfig |
Increase stateful app availability with Stateful HA Operator |
| Parallelstore CSI Config |
ParallelstoreCsiDriverConfig |
About the Google Kubernetes Engine Parallelstore CSI driver |
| Ray Operator Config |
RayOperatorConfig |
About Ray on GKE |
| Ray Cluster Logging Config |
RayClusterLoggingConfig |
Collect and view logs and metrics for Ray clusters on Google Kubernetes Engine |
| Ray Cluster Monitoring Config |
RayClusterMonitoringConfig |
|
Cluster Ipv4 Cidr |
clusterIpv4Cidr |
Create a VPC-native cluster |
| Cluster Autoscaling |
Enabled |
enableNodeAutoprovisioning |
About GKE cluster autoscaling |
| Resource Limits |
resourceLimits |
About GKE cluster autoscaling |
| Auto Provisioning Defaults |
AutoprovisioningNodePoolDefaults |
About node pool auto-creation |
| Shielded Instance Config |
ShieldedInstanceConfig |
Using Shielded GKE nodes |
| Auto Upgrade |
autoUpgrade |
Auto-upgrading nodes |
| Auto Repair |
autoRepair |
Node auto-repair |
| Upgrade Settings |
UpgradeSettings |
Auto-upgrading nodes |
| Auto Provisioning Locations |
autoprovisioningLocations[] |
About GKE cluster autoscaling |
| Autoscaling Profile |
AutoscalingProfile |
About GKE cluster autoscaling |
| Binary Authorization |
Evaluation mode |
BinaryAuthorization |
Use Binary Authorization |
| Service External IPs Config |
Enabled |
ServiceExternalIpsConfig |
Exposing applications using services |
| Mesh Certificates |
Enable Certificates |
meshCertificates |
|
| Database Encryption |
|
DatabaseEncryption |
Encrypt secrets at the application layer |
|
Default Max Pods Per Node |
defaultMaxPodsConstraint |
Configure maximum pods per node |
|
Enable Kubernetes Alpha |
enableKubernetesAlpha |
Alpha clusters |
| Enable K8s Beta Apis |
Enabled APIs |
K8sBetaApisConfig |
Use Kubernetes beta APIs with GKE clusters |
|
Enable Tpu |
enableTpu |
About Cloud TPU in GKE |
|
Enable Legacy Abac |
LegacyAbac |
Update legacy authentication methods |
|
Enable Shielded Nodes |
ShieldedNodes |
Use Shielded GKE Nodes |
|
Initial Node Count |
initialNodeCount |
Add and manage node pools |
| Ip Allocation Policy |
|
IpAllocationPolicy |
VPC-native clusters |
| Logging Config |
Enable Components |
enableComponents |
About GKE logs |
|
Logging Service |
loggingService |
Troubleshooting logging in GKE |
| Maintenance Policy |
|
MaintenancePolicy |
Maintenance windows and exclusions |
| Master Auth |
|
clientCertificateConfig |
Authenticate to the Kubernetes API server |
|
Min Master Version |
min_master_version |
Versioning and upgrades |
| Monitoring Config |
Enable Components |
enableComponents |
Configure metrics collection |
|
Monitoring Service |
monitoringService |
Configure metrics collection |
| Network Policy |
|
NetworkPolicy |
Control communication between Pods and Services using network policies |
| Node Config |
Confidential nodes |
ConfidentialNodes |
Encrypt workload data in-use with Confidential GKE Nodes |
| Disk Size Gb |
diskSizeGb |
About GKE node sizing |
| Disk Type |
diskType |
Local ephemeral storage reservation |
| Enable Confidential Storage |
enableConfidentialStorage |
Encrypt workload data in-use with Confidential Google Kubernetes Engine Nodes |
| Local SSD Encryption Mode |
LocalSsdEncryptionMode |
About Local SSD for GKE |
| Ephemeral Storage Local Ssd Config |
EphemeralStorageLocalSsdConfig |
About Local SSD for GKE |
| Fast Socket |
FastSocket |
Improve workload efficiency using NCCL Fast Socket |
| Local Nvme Ssd Block Config |
LocalNvmeSsdBlockConfig |
About Local SSD for GKE |
| Secondary Boot Disks |
secondaryBootDisks |
Use secondary boot disks to preload data or container images |
| Gcfs Config |
GcfsConfig |
Use image streaming to pull container images |
| Virtual Nic |
virtualNic |
About multi-networking support for Pods |
| Guest Accelerator |
acceleratorConfig |
Run GPUs in GKE Standard node pools |
| Labels |
labels |
Create and manage cluster and node pool labels |
| Resource Labels |
resourceLabels |
Create and manage cluster and node pool labels |
| Max Run Duration |
maxRunDuration |
Limit the run time of auto-created nodes |
| Flex Start |
flexStart |
Run a large-scale workload with flex-start with queued provisioning |
| Local SSD Count |
localSsdCount |
About Local SSD for GKE |
| Machine Type |
machineType |
Choose a machine type for a node pool |
| Metadata |
metadata |
About VM metadata |
| Min Cpu Platform |
minCpuPlatform |
Choose a minimum CPU platform |
| Oauth Scopes |
oauthScopes |
Access scopes in GKE |
| Preemptible |
preemptible |
Using preemptible VMs to run fault-tolerant workloads |
| Reservation Affinity |
reservationAffinity |
Consuming reserved zonal resources |
| Spot |
spot |
Spot VMs |
| Sandbox Config |
sandboxConfig |
GKE Sandbox |
| Boot Disk Kms Key |
boot_disk_kms_key |
Use customer-managed encryption keys (CMEK) |
| Service Account |
serviceAccount |
About service accounts in GKE |
| Shielded Instance Config |
ShieldedInstanceConfig |
Using Shielded GKE nodes |
| Storage Pools |
storage_pools |
Storage for GKE clusters overview |
| Tags |
tags |
Manage GKE resources using Tags |
| Resource Manager Tags |
resourceManagerTags |
Tags overview |
| Taint |
NodeTaint |
Configure workload separation in GKE |
| Workload Metadata Config |
workloadMetadataConfig |
Authenticate to Google Cloud APIs from GKE workloads |
| Node Kubelet Config |
NodeKubeletConfig |
Customizing nde system configuration |
| Linux Node Config |
LinuxNodeConfig |
LinuxNodeConfig |
| Windows Node Config |
windowsNodeConfig |
Creating a cluster with Windows Server node pools |
| Containerd Config |
ContainerdConfig |
Containerd node images |
| Node Group |
node_group |
Isolate your GKE workloads using sole-tenant nodes |
| Sole Tenant Config |
soleTenantConfig |
Isolate your GKE workloads using sole-tenant nodes |
| Node Pool Auto Config |
Insecure Kubelet Readonly Port Enabled |
insecureKubeletReadonlyPortEnabled |
Disable the kubelet read-only port in GKE clusters |
| Resource Manager Tags |
resourceManagerTags |
Tags overview |
| Network Tags |
tags |
Tags overview |
| Linux Node Config |
LinuxNodeConfig |
Linux cgroup mode configuration options |
| Node Pool |
Cluster |
cluster-1 |
About node pools |
| Project |
project |
| Zones |
location |
| Name |
name |
| Name Prefix |
name_prefix |
| Node Count |
node_count |
| Kubernetes Version |
version |
| Node Locations |
locations[] |
| Initial Node Count |
initialNodeCount |
| Max Pods Per Node |
maxPodsConstraint |
Configure maximum Pods per node |
| Autoscaling |
enabled |
Node pool autoscaling |
| Min Node Count |
minNodeCount |
| Max Node Count |
maxNodeCount |
| Total Min Node Count |
totalMinNodeCount |
| Total Max Node Count |
totalMaxNodeCount |
| Location Policy |
locationPolicy |
| Auto Repair |
autoRepair |
Node auto-repair |
| Auto Upgrade |
autoUpgrade |
Auto-upgrading nodes |
| Disk Size Gb |
diskSizeGb |
About node pools |
| Disk Type |
diskType |
About node pools |
| Enable Confidential Storage |
enableConfidentialStorage |
Encrypt workload data in-use with Confidential Google Kubernetes Engine Nodes |
| Local Ssd Encryption Mode |
localSsdEncryptionMode |
About Local SSD for GKE |
| Image Type |
imageType |
Node images |
| Labels |
labels |
Create and manage cluster and node pool labels |
| Resource Labels |
resourceLabels |
Create and manage cluster and node pool labels |
| Max Run Duration |
maxRunDuration |
Limit run time for auto-provisioned nodes |
| Flex Start |
flexStart |
Run a large-scale workload with flex-start |
| Local Ssd Count |
localSsdCount |
About local SSD for GKE |
| Machine Type |
machineType |
Machine families resource and comparison guide |
| Metadata |
metadata |
About VM metadata |
| Min Cpu Platform |
minCpuPlatform |
Choose a minimum CPU platform |
| Oauth Scopes |
oauthScopes[] |
Access scopes in GKE |
| Preemptible |
preemptible |
Using preemptible VMs to run fault-tolerant workloads |
| Spot |
spot |
Spot VMs |
| Boot Disk Kms Key |
boot_disk_kms_key |
Use customer-managed encryption keys (CMEK) |
| Service Account |
serviceAccount |
About service accounts in GKE |
| Storage Pools |
storage_pools |
Storage for GKE clusters overview |
| Tags |
tags |
Manage GKE resources using Tags |
| Resource Manager Tags |
resourceManagerTags |
Tags overview |
| Node Group |
node_group |
Isolate your GKE workloads using sole-tenant nodes |
| Confidential Nodes |
enabled |
Encrypt workload data in-use with Confidential GKE Nodes |
| Ephemeral Storage Config |
EphemeralStorageLocalSsdConfig |
About Local SSD for GKE |
| Local Ssd Count |
localSsdCount |
About Local SSD for GKE |
| Local Ssd Count |
localSsdCount |
About Local SSD for GKE |
| Data Cache Count |
dataCacheCount |
About Local SSD for GKE |
| Fast Socket |
FastSocket |
Improve workload efficiency using NCCL Fast Socket |
| Local Nvme Ssd Block Config |
LocalNvmeSsdBlockConfig |
About Local SSD for GKE |
| Logging Variant |
variant |
Adjust log throughput |
| Disk Image |
diskImage |
Use secondary boot disks to preload data or container images |
| Mode |
mode |
Use secondary boot disks to preload data or container images |
| Gcfs Config |
GcfsConfig |
Use image streaming to pull container images |
| Gvnic |
virtualNic |
About multi-networking support for Pods |
| Guest Accelerator Type |
acceleratorType |
Run GPUs in GKE Standard node pools |
| Count |
acceleratorCount |
Run GPUs in GKE Standard node pools |
| Gpu Driver Version |
gpuDriverVersion |
Run GPUs in GKE Standard node pools |
| Gpu Partition Size |
gpuPartitionSize |
Run GPUs in GKE Standard node pools |
| Gpu Sharing Strategy |
gpuSharingStrategy |
About GPU sharing strategies in GKE |
| Max Shared Clients Per Gpu |
maxSharedClientsPerGpu |
About GPU sharing strategies in GKE |
| Consume Reservation Type |
consumeReservationType |
Consuming reserved zonal resources |
| Key |
key |
| Values |
values[] |
| Sandbox Type |
sandboxConfig |
GKE Sandbox |
| Enable Secure Boot |
enableSecureBoot |
Using Shielded GKE nodes |
| Enable Integrity Monitoring |
enableIntegrityMonitoring |
Using Shielded GKE nodes |
| Taint |
NodeTaint |
Configure workload separation in GKE |
| Workload Metadata Mode |
mode |
Authenticate to Google Cloud APIs from GKE workloads |
| Kubelet Config |
NodeKubeletConfig |
Customizing nde system configuration |
| Linux Node Config |
LinuxNodeConfig |
LinuxNodeConfig |
| Windows Node Config |
windowsNodeConfig |
Creating a cluster with Windows Server node pools |
| Containerd Config |
ContainerdConfig |
Containerd node images |
| Sole Tenant Config |
soleTenantConfig |
Isolate your GKE workloads using sole-tenant nodes |
| Network Config |
NodenetworkConfig |
VPC-native clusters |
| Upgrade Settings |
upgradeSettings |
Configure node upgrade strategies |
| Placement Policy |
PlacementPolicy |
Define compact placement for GKE nodes |
| Queued Provisioning |
QueuedProvisioning |
Run a large-scale workload with flex-start with queued provisioning |
| Node Pool Defaults |
Node Config Defaults |
NodePoolDefaults |
Configure node pool auto-creation |
| Node Version |
version |
GKE versioning and support |
| Notification Config |
Pubsub enabled |
PubSub |
Cluster notifications |
| Topic |
topic |
| Filter Event Type |
filter |
| Confidential Nodes |
Enabled |
ConfidentialNodes |
Encrypt workload data in-use with Confidential Google Kubernetes Engine Nodes |
| Pod Security Policy Config |
Enabled |
podSecurityPolicyConfig |
PodSecurityPolicy dprecation |
| Pod Autoscaling |
HPA Profile |
PodAutoscaling |
Horizontal Pod autoscaling |
| Vertical Pod Autoscaling |
Enabled |
VerticalPodAutoscaling |
Vertical Pod autoscaling |
| Secret Manager Config |
Enabled |
SecretManagerConfig |
Protect your data with secret management |
| Authenticator Groups Config |
Security Group |
AuthenticatorGroupsConfig |
Configure Google Groups for RBAC |
| Control Plane Endpoints Config |
DNS Endpoint Config |
|
About network isolation in GKE |
| Private Cluster Config |
|
PrivateClusterConfig |
Creating a private cluster |
| Cluster Telemetry |
Type |
clusterTelemetry |
|
| Release Channel |
|
ReleaseChannel |
About release channels |
|
Remove Default Node Pool |
remove_default_node_pool |
|
|
Resource Labels |
resourceLabels |
Create and manage cluster and node pool labels |
| Cost Management Config |
Enabled |
CostManagementConfig |
Get key spending insights for your GKE resource allocation and cluster costs |
| Resource Usage Export COnfig |
Enabled |
ResourceUsageExportConfig |
Understanding cluster resource usage |
| Workload Identity Config |
Workload Pool |
workloadPool |
Use Workload Identity |
| Identity Service Config |
Enabled |
IdentityServiceConfig |
Use external identity providers to authenticate to GKE |
|
Enable Intranode Visibility |
enableIntranodeVisibility |
Setting up intranode visibility |
|
Enable L4 Ilb Subsetting |
enableL4ilbSubsetting |
Create an internal load balancer |
|
Disable L4 Lb Firewall Reconciliation |
disableL4LbFirewallReconciliation |
User-managed firewall rules for GKE LoadBalancer Services |
|
Enable Multi Networking |
enableMultiNetworking |
About multi-network support for Pods |
|
In Transit Encryption Config |
InTransitEncryptionConfig |
About FIPS-validated encryption in GKE |
|
Enable Fqdn Network Policy |
enableFqdnNetworkPolicy |
Control Pod egress traffic using FQDN network policies |
|
Enable Cilium Clusterwide Network Policy |
enableCiliumClusterwideNetworkPolicy |
Control cluster-wide communication using network policies |
|
Private Ipv6 Google Access |
PrivateIpv6GoogleAccess |
VPC-native clusters |
|
Datapath Provider |
DatapathProvider |
Using GKE Dataplane V2 |
| Default Snat Status |
|
defaultSnatStatus |
IP masquerade agent |
| Dns Config |
|
DNSConfig |
Using Cloud DNS for GKE |
| Gateway Api Config |
|
GatewayAPIConfig |
About Gateway API |
| Protect Config |
|
ProtectConfig |
|
| security posture Config |
|
SecurityPostureConfig |
About the security posture dashboard |
| Fleet |
Project |
Fleet |
Fleet management |
| Workload Alts Config |
Enable Alts |
WorkloadALTSConfig |
| Enterprise Config |
Desired Tier |
EnterpriseConfig |
|
|
Timeouts |
Timeouts |
