Try SpotterCreates a GCP Cluster
Authors: Google Inc. (@googlecloudplatform)
preview | supported by community
Install with ansible-galaxy collection install delowan.googlecloud:==1.0.2
collections:
- name: delowan.googlecloud
version: 1.0.2A Google Container Engine cluster.
- name: create a cluster
google.cloud.gcp_container_cluster:
name: my-cluster
initial_node_count: 2
master_auth:
username: cluster_admin
password: my-secret-password
node_config:
machine_type: n1-standard-4
disk_size_gb: 500
location: us-central1-a
project: test_project
auth_kind: serviceaccount
service_account_file: "/tmp/auth.pem"
state: present
name:
description:
- The name of this cluster. The name must be unique within this project and location,
and can be up to 40 characters. Must be Lowercase letters, numbers, and hyphens
only. Must start with a letter. Must end with a number or a letter.
required: false
type: str
state:
choices:
- present
- absent
default: present
description:
- Whether the given object should exist in GCP
type: str
scopes:
description:
- Array of scopes to be used
elements: str
type: list
network:
description:
- The name of the Google Compute Engine network to which the cluster is connected.
If left unspecified, the default network will be used.
required: false
type: str
project:
description:
- The Google Cloud Platform project to use.
type: str
env_type:
description:
- Specifies which Ansible environment you're running this module within.
- This should not be set unless you know what you're doing.
- This only alters the User Agent string for any API requests.
type: str
location:
aliases:
- zone
description:
- The location where the cluster is deployed.
required: true
type: str
auth_kind:
choices:
- application
- machineaccount
- serviceaccount
description:
- The type of credential used.
required: true
type: str
locations:
aliases:
- nodeLocations
description:
- The list of Google Compute Engine zones in which the cluster's nodes should be located.
elements: str
required: false
type: list
enable_tpu:
description:
- (Optional) Whether to enable Cloud TPU resources in this cluster.
- See the official documentation - U(https://cloud.google.com/tpu/docs/kubernetes-engine-setup)
.
required: false
type: bool
subnetwork:
description:
- The name of the Google Compute Engine subnetwork to which the cluster is connected.
required: false
type: str
description:
description:
- An optional description of this cluster.
required: false
type: str
legacy_abac:
description:
- Configuration for the legacy ABAC authorization mode.
required: false
suboptions:
enabled:
description:
- Whether the ABAC authorizer is enabled for this cluster. When enabled, identities
in the system, including service accounts, nodes, and controllers, will have
statically granted permissions beyond those provided by the RBAC configuration
or IAM.
required: false
type: bool
type: dict
master_auth:
description:
- The authentication information for accessing the master endpoint.
required: false
suboptions:
client_certificate_config:
description:
- Configuration for client certificate authentication on the cluster. For clusters
before v1.12, if no configuration is specified, a client certificate is issued.
required: false
suboptions:
issue_client_certificate:
description:
- Issue a client certificate.
required: false
type: bool
type: dict
password:
description:
- The password to use for HTTP basic authentication to the master endpoint. Because
the master endpoint is open to the Internet, you should create a strong password
with a minimum of 16 characters.
required: false
type: str
username:
description:
- The username to use for HTTP basic authentication to the master endpoint.
required: false
type: str
type: dict
node_config:
description:
- Parameters used in creating the cluster's nodes.
- For requests, this field should only be used in lieu of a "nodePool" object, since
this configuration (along with the "initialNodeCount") will be used to create a
"NodePool" object with an auto-generated name. Do not use this and a nodePool at
the same time. For responses, this field will be populated with the node configuration
of the first node pool. If unspecified, the defaults are used.
required: false
suboptions:
accelerators:
description:
- A list of hardware accelerators to be attached to each node. See U(https://cloud.google.com/compute/docs/gpus)
for more information about support for GPUs.
elements: dict
required: false
suboptions:
accelerator_count:
description:
- The number of accelerator cards exposed to an instance.
required: false
type: str
accelerator_type:
description:
- The accelerator type resource name.
required: false
type: str
type: list
disk_size_gb:
description:
- Size of the disk attached to each node, specified in GB. The smallest allowed
disk size is 10GB. If unspecified, the default disk size is 100GB.
required: false
type: int
disk_type:
description:
- Type of the disk attached to each node (e.g. 'pd-standard' or 'pd-ssd') If unspecified,
the default disk type is 'pd-standard' .
required: false
type: str
image_type:
description:
- The image type to use for this node. Note that for a given image type, the latest
version of it will be used.
required: false
type: str
labels:
description:
- 'The map of Kubernetes labels (key/value pairs) to be applied to each node.
These will added in addition to any default label(s) that Kubernetes may apply
to the node. In case of conflict in label keys, the applied set may differ depending
on the Kubernetes version -- it''s best to assume the behavior is undefined
and conflicts should be avoided. For more information, including usage and the
valid values, see: U(http://kubernetes.io/v1.1/docs/user-guide/labels.html)
An object containing a list of "key": value pairs.'
- 'Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }.'
required: false
type: dict
local_ssd_count:
description:
- The number of local SSD disks to be attached to the node.
- 'The limit for this value is dependant upon the maximum number of disks available
on a machine per zone. See: U(https://cloud.google.com/compute/docs/disks/local-ssd#local_ssd_limits)
for more information.'
required: false
type: int
machine_type:
description:
- The name of a Google Compute Engine machine type (e.g.
- n1-standard-1). If unspecified, the default machine type is n1-standard-1.
required: false
type: str
metadata:
description:
- The metadata key/value pairs assigned to instances in the cluster.
- 'Keys must conform to the regexp [a-zA-Z0-9-_]+ and be less than 128 bytes in
length. These are reflected as part of a URL in the metadata server. Additionally,
to avoid ambiguity, keys must not conflict with any other metadata keys for
the project or be one of the four reserved keys: "instance-template", "kube-env",
"startup-script", and "user-data" Values are free-form strings, and only have
meaning as interpreted by the image running in the instance. The only restriction
placed on them is that each value''s size must be less than or equal to 32 KB.'
- The total size of all keys and values must be less than 512 KB.
- 'An object containing a list of "key": value pairs.'
- 'Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }.'
required: false
type: dict
min_cpu_platform:
description:
- Minimum CPU platform to be used by this instance. The instance may be scheduled
on the specified or newer CPU platform.
required: false
type: str
oauth_scopes:
description:
- The set of Google API scopes to be made available on all of the node VMs under
the "default" service account.
- 'The following scopes are recommended, but not required, and by default are
not included: U(https://www.googleapis.com/auth/compute) is required for mounting
persistent storage on your nodes.'
- U(https://www.googleapis.com/auth/devstorage.read_only) is required for communicating
with gcr.io (the Google Container Registry).
- If unspecified, no scopes are added, unless Cloud Logging or Cloud Monitoring
are enabled, in which case their required scopes will be added.
elements: str
required: false
type: list
preemptible:
description:
- 'Whether the nodes are created as preemptible VM instances. See: U(https://cloud.google.com/compute/docs/instances/preemptible)
for more information about preemptible VM instances.'
required: false
type: bool
service_account:
description:
- The Google Cloud Platform Service Account to be used by the node VMs. If no
Service Account is specified, the "default" service account is used.
required: false
type: str
shielded_instance_config:
description:
- Shielded Instance options.
required: false
suboptions:
enable_integrity_monitoring:
description:
- Defines whether the instance has integrity monitoring enabled.
- Enables monitoring and attestation of the boot integrity of the instance.
- The attestation is performed against the integrity policy baseline. This
baseline is initially derived from the implicitly trusted boot image when
the instance is created.
required: false
type: bool
enable_secure_boot:
description:
- Defines whether the instance has Secure Boot enabled.
- Secure Boot helps ensure that the system only runs authentic software by
verifying the digital signature of all boot components, and halting the
boot process if signature verification fails.
required: false
type: bool
type: dict
tags:
description:
- The list of instance tags applied to all nodes. Tags are used to identify valid
sources or targets for network firewalls and are specified by the client during
cluster or node pool creation. Each tag within the list must comply with RFC1035.
elements: str
required: false
type: list
taints:
description:
- List of kubernetes taints to be applied to each node.
- 'For more information, including usage and the valid values, see: U(https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/)
.'
elements: dict
required: false
suboptions:
effect:
description:
- Effect for taint.
- 'Some valid choices include: "EFFECT_UNSPECIFIED", "NO_SCHEDULE", "PREFER_NO_SCHEDULE",
"NO_EXECUTE"'
required: false
type: str
key:
description:
- Key for taint.
required: false
type: str
value:
description:
- Value for taint.
required: false
type: str
type: list
type: dict
kubectl_path:
description:
- The path that the kubectl config file will be written to.
- The file will not be created if this path is unset.
- Any existing file at this path will be completely overwritten.
- This requires the PyYaml library.
required: false
type: str
addons_config:
description:
- Configurations for the various addons available to run in the cluster.
required: false
suboptions:
horizontal_pod_autoscaling:
description:
- Configuration for the horizontal pod autoscaling feature, which increases or
decreases the number of replica pods a replication controller has based on the
resource usage of the existing pods.
required: false
suboptions:
disabled:
description:
- Whether the Horizontal Pod Autoscaling feature is enabled in the cluster.
When enabled, it ensures that a Heapster pod is running in the cluster,
which is also used by the Cloud Monitoring service.
required: false
type: bool
type: dict
http_load_balancing:
description:
- Configuration for the HTTP (L7) load balancing controller addon, which makes
it easy to set up HTTP load balancers for services in a cluster.
required: false
suboptions:
disabled:
description:
- Whether the HTTP Load Balancing controller is enabled in the cluster. When
enabled, it runs a small pod in the cluster that manages the load balancers.
required: false
type: bool
type: dict
network_policy_config:
description:
- Configuration for NetworkPolicy. This only tracks whether the addon is enabled
or not on the Master, it does not track whether network policy is enabled for
the nodes.
required: false
suboptions:
disabled:
description:
- Whether NetworkPolicy is enabled for this cluster.
required: false
type: bool
type: dict
type: dict
network_config:
description:
- Network configurations .
required: false
suboptions:
default_snat_status:
description:
- Whether the cluster disables default in-node sNAT rules. In-node sNAT rules
will be disabled when defaultSnatStatus is disabled.
required: false
type: bool
enable_intra_node_visibility:
description:
- Whether Intra-node visibility is enabled for this cluster. This makes same node
pod to pod traffic visible for VPC network.
required: false
type: bool
type: dict
network_policy:
description:
- Configuration options for the NetworkPolicy feature.
required: false
suboptions:
enabled:
description:
- Whether network policy is enabled on the cluster.
required: false
type: bool
provider:
description:
- The selected network policy provider.
- 'Some valid choices include: "PROVIDER_UNSPECIFIED", "CALICO"'
required: false
type: str
type: dict
shielded_nodes:
description:
- Shielded Nodes configuration.
required: false
suboptions:
enabled:
description:
- Whether Shielded Nodes features are enabled on all nodes in this cluster.
required: false
type: bool
type: dict
kubectl_context:
description:
- The name of the context for the kubectl config file. Will default to the cluster
name.
required: false
type: str
logging_service:
description:
- 'The logging service the cluster should use to write logs. Currently available options:
logging.googleapis.com - the Google Cloud Logging service.'
- none - no logs will be exported from the cluster.
- if left as an empty string,logging.googleapis.com will be used.
- 'Some valid choices include: "logging.googleapis.com", "none"'
required: false
type: str
release_channel:
description:
- ReleaseChannel indicates which release channel a cluster is subscribed to.
- Release channels are arranged in order of risk and frequency of updates.
required: false
suboptions:
channel:
description:
- Which release channel the cluster is subscribed to.
- 'Some valid choices include: "UNSPECIFIED", "RAPID", "REGULAR", "STABLE"'
required: false
type: str
type: dict
resource_labels:
description:
- The resource labels for the cluster to use to annotate any related Google Compute
Engine resources.
required: false
type: dict
cluster_ipv4_cidr:
description:
- The IP address range of the container pods in this cluster, in CIDR notation (e.g.
10.96.0.0/14). Leave blank to have one automatically chosen or specify a /14 block
in 10.0.0.0/8.
required: false
type: str
initial_node_count:
description:
- The number of nodes to create in this cluster. You must ensure that your Compute
Engine resource quota is sufficient for this number of instances. You must also
have available firewall and routes quota. For requests, this field should only be
used in lieu of a "nodePool" object, since this configuration (along with the "nodeConfig")
will be used to create a "NodePool" object with an auto-generated name. Do not use
this and a nodePool at the same time.
- This field has been deprecated. Please use nodePool.initial_node_count instead.
required: false
type: int
monitoring_service:
description:
- The monitoring service the cluster should use to write metrics.
- 'Currently available options: monitoring.googleapis.com - the Google Cloud Monitoring
service.'
- none - no metrics will be exported from the cluster.
- if left as an empty string, monitoring.googleapis.com will be used.
- 'Some valid choices include: "monitoring.googleapis.com", "none"'
required: false
type: str
database_encryption:
description:
- Configuration of etcd encryption.
required: false
suboptions:
key_name:
description:
- Name of CloudKMS key to use for the encryption of secrets in etcd. Ex.
- '`projects/my-project/locations/global/keyRings/my-ring/cryptoKeys/my-key` .'
required: false
type: str
state:
description:
- Denotes the state of etcd encryption.
- 'Some valid choices include: "ENCRYPTED", "DECRYPTED"'
required: false
type: str
type: dict
binary_authorization:
description:
- Configuration for the BinaryAuthorization feature.
required: false
suboptions:
enabled:
description:
- If enabled, all container images will be validated by Binary Authorization.
required: false
type: bool
type: dict
ip_allocation_policy:
description:
- Configuration for controlling how IPs are allocated in the cluster.
required: false
suboptions:
cluster_ipv4_cidr_block:
description:
- The IP address range for the cluster pod IPs. If this field is set, then cluster.cluster_ipv4_cidr
must be left blank.
- This field is only applicable when useIpAliases is true.
- Set to blank to have a range chosen with the default size.
- Set to /netmask (e.g. /14) to have a range chosen with a specific netmask.
required: false
type: str
cluster_secondary_range_name:
description:
- The name of the secondary range to be used for the cluster CIDR block. The secondary
range will be used for pod IP addresses.
- This must be an existing secondary range associated with the cluster subnetwork
.
required: false
type: str
create_subnetwork:
description:
- Whether a new subnetwork will be created automatically for the cluster.
required: false
type: bool
node_ipv4_cidr_block:
description:
- The IP address range of the instance IPs in this cluster.
- This is applicable only if createSubnetwork is true.
- Set to blank to have a range chosen with the default size.
- Set to /netmask (e.g. /14) to have a range chosen with a specific netmask.
required: false
type: str
services_ipv4_cidr_block:
description:
- The IP address range of the services IPs in this cluster. If blank, a range
will be automatically chosen with the default size.
- This field is only applicable when useIpAliases is true.
- Set to blank to have a range chosen with the default size.
- Set to /netmask (e.g. /14) to have a range chosen with a specific netmask.
required: false
type: str
services_secondary_range_name:
description:
- The name of the secondary range to be used as for the services CIDR block. The
secondary range will be used for service ClusterIPs. This must be an existing
secondary range associated with the cluster subnetwork.
required: false
type: str
subnetwork_name:
description:
- A custom subnetwork name to be used if createSubnetwork is true.
- If this field is empty, then an automatic name will be chosen for the new subnetwork.
required: false
type: str
tpu_ipv4_cidr_block:
description:
- The IP address range of the Cloud TPUs in this cluster. If unspecified, a range
will be automatically chosen with the default size.
- This field is only applicable when useIpAliases is true.
- If unspecified, the range will use the default size.
- Set to /netmask (e.g. /14) to have a range chosen with a specific netmask.
required: false
type: str
use_ip_aliases:
description:
- Whether alias IPs will be used for pod IPs in the cluster.
required: false
type: bool
type: dict
service_account_file:
description:
- The path of a Service Account JSON file if serviceaccount is selected as type.
type: path
service_account_email:
description:
- An optional service account email address if machineaccount is selected and the
user does not wish to use the default email.
type: str
private_cluster_config:
description:
- Configuration for a private cluster.
required: false
suboptions:
enable_private_endpoint:
description:
- Whether the master's internal IP address is used as the cluster endpoint.
required: false
type: bool
enable_private_nodes:
description:
- Whether nodes have internal IP addresses only. If enabled, all nodes are given
only RFC 1918 private addresses and communicate with the master via private
networking.
required: false
type: bool
master_ipv4_cidr_block:
description:
- The IP range in CIDR notation to use for the hosted master network. This range
will be used for assigning internal IP addresses to the master or set of masters,
as well as the ILB VIP. This range must not overlap with any other ranges in
use within the cluster's network.
required: false
type: str
type: dict
enable_kubernetes_alpha:
description:
- Kubernetes alpha features are enabled on this cluster. This includes alpha API groups
(e.g. v1alpha1) and features that may not be production ready in the kubernetes
version of the master and nodes.
required: false
type: bool
initial_cluster_version:
description:
- The software version of the master endpoint and kubelets used in the cluster when
it was first created. The version can be upgraded over time.
required: false
type: str
service_account_contents:
description:
- The contents of a Service Account JSON file, either in a dictionary or as a JSON
string that represents it.
type: jsonarg
default_max_pods_constraint:
description:
- The default constraint on the maximum number of pods that can be run simultaneously
on a node in the node pool of this cluster.
- Only honored if cluster created with IP Alias support.
required: false
suboptions:
max_pods_per_node:
description:
- Constraint enforced on the max num of pods per node.
required: false
type: str
type: dict
master_authorized_networks_config:
description:
- Configuration for controlling how IPs are allocated in the cluster.
required: false
suboptions:
cidr_blocks:
description:
- Define up to 50 external networks that could access Kubernetes master through
HTTPS.
elements: dict
required: false
suboptions:
cidr_block:
description:
- Block specified in CIDR notation.
required: false
type: str
display_name:
description:
- Optional field used to identify cidr blocks.
required: false
type: str
type: list
enabled:
description:
- Whether or not master authorized networks is enabled.
required: false
type: bool
type: dict
addonsConfig:
contains:
horizontalPodAutoscaling:
contains:
disabled:
description:
- Whether the Horizontal Pod Autoscaling feature is enabled in the cluster.
When enabled, it ensures that a Heapster pod is running in the cluster,
which is also used by the Cloud Monitoring service.
returned: success
type: bool
description:
- Configuration for the horizontal pod autoscaling feature, which increases
or decreases the number of replica pods a replication controller has based
on the resource usage of the existing pods.
returned: success
type: complex
httpLoadBalancing:
contains:
disabled:
description:
- Whether the HTTP Load Balancing controller is enabled in the cluster.
When enabled, it runs a small pod in the cluster that manages the load
balancers.
returned: success
type: bool
description:
- Configuration for the HTTP (L7) load balancing controller addon, which makes
it easy to set up HTTP load balancers for services in a cluster.
returned: success
type: complex
networkPolicyConfig:
contains:
disabled:
description:
- Whether NetworkPolicy is enabled for this cluster.
returned: success
type: bool
description:
- Configuration for NetworkPolicy. This only tracks whether the addon is enabled
or not on the Master, it does not track whether network policy is enabled
for the nodes.
returned: success
type: complex
description:
- Configurations for the various addons available to run in the cluster.
returned: success
type: complex
binaryAuthorization:
contains:
enabled:
description:
- If enabled, all container images will be validated by Binary Authorization.
returned: success
type: bool
description:
- Configuration for the BinaryAuthorization feature.
returned: success
type: complex
clusterIpv4Cidr:
description:
- The IP address range of the container pods in this cluster, in CIDR notation (e.g.
10.96.0.0/14). Leave blank to have one automatically chosen or specify a /14 block
in 10.0.0.0/8.
returned: success
type: str
conditions:
contains:
code:
description:
- Machine-friendly representation of the condition.
returned: success
type: str
message:
description:
- Human-friendly representation of the condition.
returned: success
type: str
description:
- Which conditions caused the current cluster state.
returned: success
type: complex
createTime:
description:
- The time the cluster was created, in RFC3339 text format.
returned: success
type: str
currentMasterVersion:
description:
- The current software version of the master endpoint.
returned: success
type: str
currentNodeCount:
description:
- The number of nodes currently in the cluster.
returned: success
type: int
currentNodeVersion:
description:
- The current version of the node software components. If they are currently at
multiple versions because they're in the process of being upgraded, this reflects
the minimum version of all nodes.
returned: success
type: str
databaseEncryption:
contains:
keyName:
description:
- Name of CloudKMS key to use for the encryption of secrets in etcd. Ex.
- '`projects/my-project/locations/global/keyRings/my-ring/cryptoKeys/my-key`
.'
returned: success
type: str
state:
description:
- Denotes the state of etcd encryption.
returned: success
type: str
description:
- Configuration of etcd encryption.
returned: success
type: complex
defaultMaxPodsConstraint:
contains:
maxPodsPerNode:
description:
- Constraint enforced on the max num of pods per node.
returned: success
type: str
description:
- The default constraint on the maximum number of pods that can be run simultaneously
on a node in the node pool of this cluster.
- Only honored if cluster created with IP Alias support.
returned: success
type: complex
description:
description:
- An optional description of this cluster.
returned: success
type: str
enableKubernetesAlpha:
description:
- Kubernetes alpha features are enabled on this cluster. This includes alpha API
groups (e.g. v1alpha1) and features that may not be production ready in the kubernetes
version of the master and nodes.
returned: success
type: bool
enableTpu:
description:
- (Optional) Whether to enable Cloud TPU resources in this cluster.
- See the official documentation - U(https://cloud.google.com/tpu/docs/kubernetes-engine-setup)
.
returned: success
type: bool
endpoint:
description:
- The IP address of this cluster's master endpoint.
- The endpoint can be accessed from the internet at https://username:password@endpoint/
See the masterAuth property of this resource for username and password information.
returned: success
type: str
expireTime:
description:
- The time the cluster will be automatically deleted in RFC3339 text format.
returned: success
type: str
initialClusterVersion:
description:
- The software version of the master endpoint and kubelets used in the cluster when
it was first created. The version can be upgraded over time.
returned: success
type: str
initialNodeCount:
description:
- The number of nodes to create in this cluster. You must ensure that your Compute
Engine resource quota is sufficient for this number of instances. You must also
have available firewall and routes quota. For requests, this field should only
be used in lieu of a "nodePool" object, since this configuration (along with the
"nodeConfig") will be used to create a "NodePool" object with an auto-generated
name. Do not use this and a nodePool at the same time.
- This field has been deprecated. Please use nodePool.initial_node_count instead.
returned: success
type: int
ipAllocationPolicy:
contains:
clusterIpv4CidrBlock:
description:
- The IP address range for the cluster pod IPs. If this field is set, then cluster.cluster_ipv4_cidr
must be left blank.
- This field is only applicable when useIpAliases is true.
- Set to blank to have a range chosen with the default size.
- Set to /netmask (e.g. /14) to have a range chosen with a specific netmask.
returned: success
type: str
clusterSecondaryRangeName:
description:
- The name of the secondary range to be used for the cluster CIDR block. The
secondary range will be used for pod IP addresses.
- This must be an existing secondary range associated with the cluster subnetwork
.
returned: success
type: str
createSubnetwork:
description:
- Whether a new subnetwork will be created automatically for the cluster.
returned: success
type: bool
nodeIpv4CidrBlock:
description:
- The IP address range of the instance IPs in this cluster.
- This is applicable only if createSubnetwork is true.
- Set to blank to have a range chosen with the default size.
- Set to /netmask (e.g. /14) to have a range chosen with a specific netmask.
returned: success
type: str
servicesIpv4CidrBlock:
description:
- The IP address range of the services IPs in this cluster. If blank, a range
will be automatically chosen with the default size.
- This field is only applicable when useIpAliases is true.
- Set to blank to have a range chosen with the default size.
- Set to /netmask (e.g. /14) to have a range chosen with a specific netmask.
returned: success
type: str
servicesSecondaryRangeName:
description:
- The name of the secondary range to be used as for the services CIDR block.
The secondary range will be used for service ClusterIPs. This must be an existing
secondary range associated with the cluster subnetwork.
returned: success
type: str
subnetworkName:
description:
- A custom subnetwork name to be used if createSubnetwork is true.
- If this field is empty, then an automatic name will be chosen for the new
subnetwork.
returned: success
type: str
tpuIpv4CidrBlock:
description:
- The IP address range of the Cloud TPUs in this cluster. If unspecified, a
range will be automatically chosen with the default size.
- This field is only applicable when useIpAliases is true.
- If unspecified, the range will use the default size.
- Set to /netmask (e.g. /14) to have a range chosen with a specific netmask.
returned: success
type: str
useIpAliases:
description:
- Whether alias IPs will be used for pod IPs in the cluster.
returned: success
type: bool
description:
- Configuration for controlling how IPs are allocated in the cluster.
returned: success
type: complex
kubectlContext:
description:
- The name of the context for the kubectl config file. Will default to the cluster
name.
returned: success
type: str
kubectlPath:
description:
- The path that the kubectl config file will be written to.
- The file will not be created if this path is unset.
- Any existing file at this path will be completely overwritten.
- This requires the PyYaml library.
returned: success
type: str
labelFingerprint:
description:
- The fingerprint of the set of labels for this cluster.
returned: success
type: str
legacyAbac:
contains:
enabled:
description:
- Whether the ABAC authorizer is enabled for this cluster. When enabled, identities
in the system, including service accounts, nodes, and controllers, will have
statically granted permissions beyond those provided by the RBAC configuration
or IAM.
returned: success
type: bool
description:
- Configuration for the legacy ABAC authorization mode.
returned: success
type: complex
location:
description:
- The location where the cluster is deployed.
returned: success
type: str
locations:
description:
- The list of Google Compute Engine zones in which the cluster's nodes should be
located.
returned: success
type: list
loggingService:
description:
- 'The logging service the cluster should use to write logs. Currently available
options: logging.googleapis.com - the Google Cloud Logging service.'
- none - no logs will be exported from the cluster.
- if left as an empty string,logging.googleapis.com will be used.
returned: success
type: str
masterAuth:
contains:
clientCertificate:
description:
- Base64-encoded public certificate used by clients to authenticate to the cluster
endpoint.
returned: success
type: str
clientCertificateConfig:
contains:
issueClientCertificate:
description:
- Issue a client certificate.
returned: success
type: bool
description:
- Configuration for client certificate authentication on the cluster. For clusters
before v1.12, if no configuration is specified, a client certificate is issued.
returned: success
type: complex
clientKey:
description:
- Base64-encoded private key used by clients to authenticate to the cluster
endpoint.
returned: success
type: str
clusterCaCertificate:
description:
- Base64-encoded public certificate that is the root of trust for the cluster.
returned: success
type: str
password:
description:
- The password to use for HTTP basic authentication to the master endpoint.
Because the master endpoint is open to the Internet, you should create a strong
password with a minimum of 16 characters.
returned: success
type: str
username:
description:
- The username to use for HTTP basic authentication to the master endpoint.
returned: success
type: str
description:
- The authentication information for accessing the master endpoint.
returned: success
type: complex
masterAuthorizedNetworksConfig:
contains:
cidrBlocks:
contains:
cidrBlock:
description:
- Block specified in CIDR notation.
returned: success
type: str
displayName:
description:
- Optional field used to identify cidr blocks.
returned: success
type: str
description:
- Define up to 50 external networks that could access Kubernetes master through
HTTPS.
returned: success
type: complex
enabled:
description:
- Whether or not master authorized networks is enabled.
returned: success
type: bool
description:
- Configuration for controlling how IPs are allocated in the cluster.
returned: success
type: complex
monitoringService:
description:
- The monitoring service the cluster should use to write metrics.
- 'Currently available options: monitoring.googleapis.com - the Google Cloud Monitoring
service.'
- none - no metrics will be exported from the cluster.
- if left as an empty string, monitoring.googleapis.com will be used.
returned: success
type: str
name:
description:
- The name of this cluster. The name must be unique within this project and location,
and can be up to 40 characters. Must be Lowercase letters, numbers, and hyphens
only. Must start with a letter. Must end with a number or a letter.
returned: success
type: str
network:
description:
- The name of the Google Compute Engine network to which the cluster is connected.
If left unspecified, the default network will be used.
returned: success
type: str
networkConfig:
contains:
defaultSnatStatus:
description:
- Whether the cluster disables default in-node sNAT rules. In-node sNAT rules
will be disabled when defaultSnatStatus is disabled.
returned: success
type: bool
enableIntraNodeVisibility:
description:
- Whether Intra-node visibility is enabled for this cluster. This makes same
node pod to pod traffic visible for VPC network.
returned: success
type: bool
network:
description:
- The relative name of the Google Compute Engine network to which the cluster
is connected.
- 'Example: projects/my-project/global/networks/my-network .'
returned: success
type: str
subnetwork:
description:
- The relative name of the Google Compute Engine subnetwork to which the cluster
is connected.
- 'Example: projects/my-project/regions/us-central1/subnetworks/my-subnet .'
returned: success
type: str
description:
- Network configurations .
returned: success
type: complex
networkPolicy:
contains:
enabled:
description:
- Whether network policy is enabled on the cluster.
returned: success
type: bool
provider:
description:
- The selected network policy provider.
returned: success
type: str
description:
- Configuration options for the NetworkPolicy feature.
returned: success
type: complex
nodeConfig:
contains:
accelerators:
contains:
acceleratorCount:
description:
- The number of accelerator cards exposed to an instance.
returned: success
type: str
acceleratorType:
description:
- The accelerator type resource name.
returned: success
type: str
description:
- A list of hardware accelerators to be attached to each node. See U(https://cloud.google.com/compute/docs/gpus)
for more information about support for GPUs.
returned: success
type: complex
diskSizeGb:
description:
- Size of the disk attached to each node, specified in GB. The smallest allowed
disk size is 10GB. If unspecified, the default disk size is 100GB.
returned: success
type: int
diskType:
description:
- Type of the disk attached to each node (e.g. 'pd-standard' or 'pd-ssd') If
unspecified, the default disk type is 'pd-standard' .
returned: success
type: str
imageType:
description:
- The image type to use for this node. Note that for a given image type, the
latest version of it will be used.
returned: success
type: str
labels:
description:
- 'The map of Kubernetes labels (key/value pairs) to be applied to each node.
These will added in addition to any default label(s) that Kubernetes may apply
to the node. In case of conflict in label keys, the applied set may differ
depending on the Kubernetes version -- it''s best to assume the behavior is
undefined and conflicts should be avoided. For more information, including
usage and the valid values, see: U(http://kubernetes.io/v1.1/docs/user-guide/labels.html)
An object containing a list of "key": value pairs.'
- 'Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }.'
returned: success
type: dict
localSsdCount:
description:
- The number of local SSD disks to be attached to the node.
- 'The limit for this value is dependant upon the maximum number of disks available
on a machine per zone. See: U(https://cloud.google.com/compute/docs/disks/local-ssd#local_ssd_limits)
for more information.'
returned: success
type: int
machineType:
description:
- The name of a Google Compute Engine machine type (e.g.
- n1-standard-1). If unspecified, the default machine type is n1-standard-1.
returned: success
type: str
metadata:
description:
- The metadata key/value pairs assigned to instances in the cluster.
- 'Keys must conform to the regexp [a-zA-Z0-9-_]+ and be less than 128 bytes
in length. These are reflected as part of a URL in the metadata server. Additionally,
to avoid ambiguity, keys must not conflict with any other metadata keys for
the project or be one of the four reserved keys: "instance-template", "kube-env",
"startup-script", and "user-data" Values are free-form strings, and only have
meaning as interpreted by the image running in the instance. The only restriction
placed on them is that each value''s size must be less than or equal to 32
KB.'
- The total size of all keys and values must be less than 512 KB.
- 'An object containing a list of "key": value pairs.'
- 'Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }.'
returned: success
type: dict
minCpuPlatform:
description:
- Minimum CPU platform to be used by this instance. The instance may be scheduled
on the specified or newer CPU platform.
returned: success
type: str
oauthScopes:
description:
- The set of Google API scopes to be made available on all of the node VMs under
the "default" service account.
- 'The following scopes are recommended, but not required, and by default are
not included: U(https://www.googleapis.com/auth/compute) is required for mounting
persistent storage on your nodes.'
- U(https://www.googleapis.com/auth/devstorage.read_only) is required for communicating
with gcr.io (the Google Container Registry).
- If unspecified, no scopes are added, unless Cloud Logging or Cloud Monitoring
are enabled, in which case their required scopes will be added.
returned: success
type: list
preemptible:
description:
- 'Whether the nodes are created as preemptible VM instances. See: U(https://cloud.google.com/compute/docs/instances/preemptible)
for more information about preemptible VM instances.'
returned: success
type: bool
serviceAccount:
description:
- The Google Cloud Platform Service Account to be used by the node VMs. If no
Service Account is specified, the "default" service account is used.
returned: success
type: str
shieldedInstanceConfig:
contains:
enableIntegrityMonitoring:
description:
- Defines whether the instance has integrity monitoring enabled.
- Enables monitoring and attestation of the boot integrity of the instance.
- The attestation is performed against the integrity policy baseline. This
baseline is initially derived from the implicitly trusted boot image when
the instance is created.
returned: success
type: bool
enableSecureBoot:
description:
- Defines whether the instance has Secure Boot enabled.
- Secure Boot helps ensure that the system only runs authentic software
by verifying the digital signature of all boot components, and halting
the boot process if signature verification fails.
returned: success
type: bool
description:
- Shielded Instance options.
returned: success
type: complex
tags:
description:
- The list of instance tags applied to all nodes. Tags are used to identify
valid sources or targets for network firewalls and are specified by the client
during cluster or node pool creation. Each tag within the list must comply
with RFC1035.
returned: success
type: list
taints:
contains:
effect:
description:
- Effect for taint.
returned: success
type: str
key:
description:
- Key for taint.
returned: success
type: str
value:
description:
- Value for taint.
returned: success
type: str
description:
- List of kubernetes taints to be applied to each node.
- 'For more information, including usage and the valid values, see: U(https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/)
.'
returned: success
type: complex
description:
- Parameters used in creating the cluster's nodes.
- For requests, this field should only be used in lieu of a "nodePool" object, since
this configuration (along with the "initialNodeCount") will be used to create
a "NodePool" object with an auto-generated name. Do not use this and a nodePool
at the same time. For responses, this field will be populated with the node configuration
of the first node pool. If unspecified, the defaults are used.
returned: success
type: complex
nodeIpv4CidrSize:
description:
- The size of the address space on each node for hosting containers.
- This is provisioned from within the container_ipv4_cidr range.
returned: success
type: int
nodePools:
contains:
name:
description:
- Name of the node pool.
returned: success
type: str
description:
- Node pools belonging to this cluster.
returned: success
type: complex
privateClusterConfig:
contains:
enablePrivateEndpoint:
description:
- Whether the master's internal IP address is used as the cluster endpoint.
returned: success
type: bool
enablePrivateNodes:
description:
- Whether nodes have internal IP addresses only. If enabled, all nodes are given
only RFC 1918 private addresses and communicate with the master via private
networking.
returned: success
type: bool
masterIpv4CidrBlock:
description:
- The IP range in CIDR notation to use for the hosted master network. This range
will be used for assigning internal IP addresses to the master or set of masters,
as well as the ILB VIP. This range must not overlap with any other ranges
in use within the cluster's network.
returned: success
type: str
privateEndpoint:
description:
- The internal IP address of this cluster's master endpoint.
returned: success
type: str
publicEndpoint:
description:
- The external IP address of this cluster's master endpoint.
returned: success
type: str
description:
- Configuration for a private cluster.
returned: success
type: complex
releaseChannel:
contains:
channel:
description:
- Which release channel the cluster is subscribed to.
returned: success
type: str
description:
- ReleaseChannel indicates which release channel a cluster is subscribed to.
- Release channels are arranged in order of risk and frequency of updates.
returned: success
type: complex
resourceLabels:
description:
- The resource labels for the cluster to use to annotate any related Google Compute
Engine resources.
returned: success
type: dict
servicesIpv4Cidr:
description:
- The IP address range of the Kubernetes services in this cluster, in CIDR notation
(e.g. 1.2.3.4/29). Service addresses are typically put in the last /16 from the
container CIDR.
returned: success
type: str
shieldedNodes:
contains:
enabled:
description:
- Whether Shielded Nodes features are enabled on all nodes in this cluster.
returned: success
type: bool
description:
- Shielded Nodes configuration.
returned: success
type: complex
status:
description:
- The current status of this cluster.
returned: success
type: str
statusMessage:
description:
- Additional information about the current status of this cluster, if available.
returned: success
type: str
subnetwork:
description:
- The name of the Google Compute Engine subnetwork to which the cluster is connected.
returned: success
type: str
tpuIpv4CidrBlock:
description:
- The IP address range of the Cloud TPUs in this cluster, in [CIDR](http://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing)
notation (e.g. `1.2.3.4/29`).
returned: success
type: str