- Resource: Cluster
- Fleet
- ClusterNetworking
- Authorization
- ClusterUser
- MaintenancePolicy
- MaintenanceWindow
- RecurringTimeWindow
- TimeWindow
- MaintenanceExclusionWindow
- ControlPlane
- Remote
- Local
- SharedDeploymentPolicy
- SystemAddonsConfig
- Ingress
- VMServiceConfig
- ControlPlaneEncryption
- Status
- MaintenanceEvent
- Type
- Schedule
- State
- ReleaseChannel
- SurvivabilityConfig
- ConnectionState
- State
- ExternalLoadBalancerPool
- ZoneStorageEncryption
- ContainerRuntimeConfig
- DefaultContainerRuntime
- Methods
Resource: Cluster
A Google Distributed Cloud Edge Kubernetes cluster.
| JSON representation | 
|---|
| { "name": string, "createTime": string, "updateTime": string, "labels": { string: string, ... }, "fleet": { object ( | 
| Fields | |
|---|---|
| name | 
 Required. The resource name of the cluster. | 
| createTime | 
 Output only. The time when the cluster was created. Uses RFC 3339, where generated output will always be Z-normalized and uses 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples:  | 
| updateTime | 
 Output only. The time when the cluster was last updated. Uses RFC 3339, where generated output will always be Z-normalized and uses 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples:  | 
| labels | 
 Labels associated with this resource. An object containing a list of  | 
| fleet | 
 Required. Fleet configuration. | 
| networking | 
 Required. Cluster-wide networking configuration. | 
| authorization | 
 Required. Immutable. RBAC policy that will be applied and managed by GEC. | 
| defaultMaxPodsPerNode | 
 Optional. The default maximum number of pods per node used if a maximum value is not specified explicitly for a node pool in this cluster. If unspecified, the Kubernetes default value will be used. | 
| endpoint | 
 Output only. The IP address of the Kubernetes API server. | 
| port | 
 Output only. The port number of the Kubernetes API server. | 
| clusterCaCertificate | 
 Output only. The PEM-encoded public certificate of the cluster's CA. | 
| maintenancePolicy | 
 Optional. Cluster-wide maintenance policy configuration. | 
| controlPlaneVersion | 
 Output only. The control plane release version | 
| nodeVersion | 
 Output only. The lowest release version among all worker nodes. This field can be empty if the cluster does not have any worker nodes. | 
| controlPlane | 
 Optional. The configuration of the cluster control plane. | 
| systemAddonsConfig | 
 Optional. The configuration of the system add-ons. | 
| externalLoadBalancerIpv4AddressPools[] | 
 Optional. IPv4 address pools for cluster data plane external load balancing. | 
| controlPlaneEncryption | 
 Optional. Remote control plane disk encryption options. This field is only used when enabling CMEK support. | 
| status | 
 Output only. The current status of the cluster. | 
| maintenanceEvents[] | 
 Output only. All the maintenance events scheduled for the cluster, including the ones ongoing, planned for the future and done in the past (up to 90 days). | 
| targetVersion | 
 Optional. The target cluster version. For example: "1.5.0". | 
| releaseChannel | 
 Optional. The release channel a cluster is subscribed to. | 
| survivabilityConfig | 
 Optional. Configuration of the cluster survivability, e.g., for the case when network connectivity is lost. Note: This only applies to local control plane clusters. | 
| externalLoadBalancerIpv6AddressPools[] | 
 Optional. IPv6 address pools for cluster data plane external load balancing. | 
| connectionState | 
 Output only. The current connection state of the cluster. | 
| externalLoadBalancerAddressPools[] | 
 Optional. External load balancer pools for cluster. | 
| zoneStorageEncryption | 
 Optional. The zone storage encryption configuration | 
| containerRuntimeConfig | 
 Optional. The container runtime config of the cluster. | 
| enableClusterIsolation | 
 Optional. This denotes if the cluster is required to be isolated. go/cluster-isolation-in-gdcc-cluster | 
Fleet
Fleet related configuration.
Fleets are a Google Cloud concept for logically organizing clusters, letting you use and manage multi-cluster capabilities and apply consistent policies across your systems.
| JSON representation | 
|---|
| { "project": string, "membership": string } | 
| Fields | |
|---|---|
| project | 
 Required. The name of the Fleet host project where this cluster will be registered. Project names are formatted as  | 
| membership | 
 Output only. The name of the managed Hub Membership resource associated to this cluster. Membership names are formatted as  | 
ClusterNetworking
Cluster-wide networking configuration.
| JSON representation | 
|---|
| { "clusterIpv4CidrBlocks": [ string ], "servicesIpv4CidrBlocks": [ string ] } | 
| Fields | |
|---|---|
| clusterIpv4CidrBlocks[] | 
 Required. All pods in the cluster are assigned an RFC1918 IPv4 address from these blocks. Only a single block is supported. This field cannot be changed after creation. | 
| servicesIpv4CidrBlocks[] | 
 Required. All services in the cluster are assigned an RFC1918 IPv4 address from these blocks. Only a single block is supported. This field cannot be changed after creation. | 
Authorization
RBAC policy that will be applied and managed by GEC.
| JSON representation | 
|---|
| {
  "adminUsers": {
    object ( | 
| Fields | |
|---|---|
| adminUsers | 
 Required. User that will be granted the cluster-admin role on the cluster, providing full access to the cluster. Currently, this is a singular field, but will be expanded to allow multiple admins in the future. | 
ClusterUser
A user principal for an RBAC policy.
| JSON representation | 
|---|
| { "username": string } | 
| Fields | |
|---|---|
| username | 
 Required. An active Google username. | 
MaintenancePolicy
Maintenance policy configuration.
| JSON representation | 
|---|
| { "window": { object ( | 
| Fields | |
|---|---|
| window | 
 Specifies the maintenance window in which maintenance may be performed. | 
| maintenanceExclusions[] | 
 Optional. Exclusions to automatic maintenance. Non-emergency maintenance should not occur in these windows. Each exclusion has a unique name and may be active or expired. The max number of maintenance exclusions allowed at a given time is 3. | 
MaintenanceWindow
Maintenance window configuration
| JSON representation | 
|---|
| {
  "recurringWindow": {
    object ( | 
| Fields | |
|---|---|
| recurringWindow | 
 Configuration of a recurring maintenance window. | 
RecurringTimeWindow
Represents an arbitrary window of time that recurs.
| JSON representation | 
|---|
| {
  "window": {
    object ( | 
| Fields | |
|---|---|
| window | 
 The window of the first recurrence. | 
| recurrence | 
 An RRULE (https://tools.ietf.org/html/rfc5545#section-3.8.5.3) for how this window recurs. They go on for the span of time between the start and end time. | 
TimeWindow
Represents an arbitrary window of time.
| JSON representation | 
|---|
| { "startTime": string, "endTime": string } | 
| Fields | |
|---|---|
| startTime | 
 The time that the window first starts. Uses RFC 3339, where generated output will always be Z-normalized and uses 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples:  | 
| endTime | 
 The time that the window ends. The end time must take place after the start time. Uses RFC 3339, where generated output will always be Z-normalized and uses 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples:  | 
MaintenanceExclusionWindow
Represents a maintenance exclusion window.
| JSON representation | 
|---|
| {
  "window": {
    object ( | 
| Fields | |
|---|---|
| window | 
 Optional. The time window. | 
| id | 
 Optional. A unique (per cluster) id for the window. | 
ControlPlane
Configuration of the cluster control plane.
| JSON representation | 
|---|
| { // Union field | 
| Fields | |
|---|---|
| Union field  
 | |
| remote | 
 Remote control plane configuration. | 
| local | 
 Local control plane configuration. Warning: Local control plane clusters must be created in their own project. Local control plane clusters cannot coexist in the same project with any other type of clusters, including non-GDCE clusters. Mixing local control plane GDCE clusters with any other type of clusters in the same project can result in data loss. | 
Remote
This type has no fields.
Configuration specific to clusters with a control plane hosted remotely.
Local
Configuration specific to clusters with a control plane hosted locally.
Warning: Local control plane clusters must be created in their own project. Local control plane clusters cannot coexist in the same project with any other type of clusters, including non-GDCE clusters. Mixing local control plane GDCE clusters with any other type of clusters in the same project can result in data loss.
| JSON representation | 
|---|
| {
  "nodeLocation": string,
  "nodeCount": integer,
  "machineFilter": string,
  "sharedDeploymentPolicy": enum ( | 
| Fields | |
|---|---|
| nodeLocation | 
 Name of the Google Distributed Cloud Edge zones where this node pool will be created. For example:  | 
| nodeCount | 
 The number of nodes to serve as replicas of the Control Plane. | 
| machineFilter | 
 Only machines matching this filter will be allowed to host control plane nodes. The filtering language accepts strings like "name= | 
| sharedDeploymentPolicy | 
 Policy configuration about how user applications are deployed. | 
| controlPlaneNodeStorageSchema | 
 Optional. Name for the storage schema of control plane nodes. | 
SystemAddonsConfig
Config that customers are allowed to define for GDCE system add-ons.
| JSON representation | 
|---|
| { "ingress": { object ( | 
| Fields | |
|---|---|
| ingress | 
 Optional. Config for Ingress. | 
| vmServiceConfig | 
 Optional. Config for VM Service. | 
Ingress
Config for the Ingress add-on which allows customers to create an Ingress object to manage external access to the servers in a cluster. The add-on consists of istiod and istio-ingress.
| JSON representation | 
|---|
| { "disabled": boolean, "ipv4Vip": string } | 
| Fields | |
|---|---|
| disabled | 
 Optional. Whether Ingress is disabled. | 
| ipv4Vip | 
 Optional. Ingress VIP. | 
VMServiceConfig
VMServiceConfig defines the configuration for GDCE VM Service.
| JSON representation | 
|---|
| { "vmmEnabled": boolean } | 
| Fields | |
|---|---|
| vmmEnabled | 
 Optional. Whether VMM is enabled. | 
ControlPlaneEncryption
Configuration for Customer-managed KMS key support for control plane nodes.
| JSON representation | 
|---|
| { "kmsKey": string, "kmsKeyActiveVersion": string, "kmsKeyState": enum ( | 
| Fields | |
|---|---|
| kmsKey | 
 Optional. The Cloud KMS CryptoKey e.g. projects/{project}/locations/{location}/keyRings/{keyRing}/cryptoKeys/{cryptoKey} to use for protecting control plane disks. If not specified, a Google-managed key will be used instead. | 
| kmsKeyActiveVersion | 
 Output only. The Cloud KMS CryptoKeyVersion currently in use for protecting control plane disks. Only applicable if kmsKey is set. | 
| kmsKeyState | 
 Output only. Availability of the Cloud KMS CryptoKey. If not  | 
| kmsStatus | 
 Output only. Error status returned by Cloud KMS when using this key. This field may be populated only if  | 
| resourceState | 
 Output only. The current resource state associated with the cmek. | 
Status
Indicates the status of the cluster.
| Enums | |
|---|---|
| STATUS_UNSPECIFIED | Status unknown. | 
| PROVISIONING | The cluster is being created. | 
| RUNNING | The cluster is created and fully usable. | 
| DELETING | The cluster is being deleted. | 
| ERROR | The status indicates that some errors occurred while reconciling/deleting the cluster. | 
| RECONCILING | The cluster is undergoing some work such as version upgrades, etc. | 
MaintenanceEvent
A Maintenance Event is an operation that could cause temporary disruptions to the cluster workloads, including Google-driven or user-initiated cluster upgrades, user-initiated cluster configuration changes that require restarting nodes, etc.
| JSON representation | 
|---|
| { "uuid": string, "targetVersion": string, "operation": string, "type": enum ( | 
| Fields | |
|---|---|
| uuid | 
 Output only. UUID of the maintenance event. | 
| targetVersion | 
 Output only. The target version of the cluster. | 
| operation | 
 Output only. The operation for running the maintenance event. Specified in the format projects/*/locations/*/operations/*. If the maintenance event is split into multiple operations (e.g. due to maintenance windows), the latest one is recorded. | 
| type | 
 Output only. The type of the maintenance event. | 
| schedule | 
 Output only. The schedule of the maintenance event. | 
| state | 
 Output only. The state of the maintenance event. | 
| createTime | 
 Output only. The time when the maintenance event request was created. Uses RFC 3339, where generated output will always be Z-normalized and uses 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples:  | 
| startTime | 
 Output only. The time when the maintenance event started. Uses RFC 3339, where generated output will always be Z-normalized and uses 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples:  | 
| endTime | 
 Output only. The time when the maintenance event ended, either successfully or not. If the maintenance event is split into multiple maintenance windows, endTime is only updated when the whole flow ends. Uses RFC 3339, where generated output will always be Z-normalized and uses 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples:  | 
| updateTime | 
 Output only. The time when the maintenance event message was updated. Uses RFC 3339, where generated output will always be Z-normalized and uses 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples:  | 
Type
Indicates the maintenance event type.
| Enums | |
|---|---|
| TYPE_UNSPECIFIED | Unspecified. | 
| USER_INITIATED_UPGRADE | Upgrade initiated by users. | 
| GOOGLE_DRIVEN_UPGRADE | Upgrade driven by Google. | 
Schedule
Indicates when the maintenance event should be performed.
| Enums | |
|---|---|
| SCHEDULE_UNSPECIFIED | Unspecified. | 
| IMMEDIATELY | Immediately after receiving the request. | 
State
Indicates the maintenance event state.
| Enums | |
|---|---|
| STATE_UNSPECIFIED | Unspecified. | 
| RECONCILING | The maintenance event is ongoing. The cluster might be unusable. | 
| SUCCEEDED | The maintenance event succeeded. | 
| FAILED | The maintenance event failed. | 
ReleaseChannel
The release channel a cluster is subscribed to.
| Enums | |
|---|---|
| RELEASE_CHANNEL_UNSPECIFIED | Unspecified release channel. This will default to the REGULAR channel. | 
| NONE | No release channel. | 
| REGULAR | Regular release channel. | 
SurvivabilityConfig
Configuration of the cluster survivability, e.g., for the case when network connectivity is lost.
| JSON representation | 
|---|
| { "offlineRebootTtl": string } | 
| Fields | |
|---|---|
| offlineRebootTtl | 
 Optional. Time period that allows the cluster nodes to be rebooted and become functional without network connectivity to Google. The default 0 means not allowed. The maximum is 7 days. A duration in seconds with up to nine fractional digits, ending with ' | 
ConnectionState
ConnectionState holds the current connection state from the cluster to Google.
| JSON representation | 
|---|
| {
  "state": enum ( | 
| Fields | |
|---|---|
| state | 
 Output only. The current connection state. | 
| updateTime | 
 Output only. The time when the connection state was last changed. Uses RFC 3339, where generated output will always be Z-normalized and uses 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples:  | 
State
The connection state.
| Enums | |
|---|---|
| STATE_UNSPECIFIED | Unknown connection state. | 
| DISCONNECTED | This cluster is currently disconnected from Google. | 
| CONNECTED | This cluster is currently connected to Google. | 
| CONNECTED_AND_SYNCING | This cluster is currently connected to Google, but may have recently reconnected after a disconnection. It is still syncing back. | 
ExternalLoadBalancerPool
External load balancer pool with custom config such as name, manual/auto assign, non-overlapping ipv4 and optional ipv6 address range.
| JSON representation | 
|---|
| { "addressPool": string, "ipv4Range": [ string ], "ipv6Range": [ string ], "avoidBuggyIps": boolean, "manualAssign": boolean } | 
| Fields | |
|---|---|
| addressPool | 
 Optional. Name of the external load balancer pool. | 
| ipv4Range[] | 
 Required. Non-overlapping IPv4 address range of the external load balancer pool. | 
| ipv6Range[] | 
 Optional. Non-overlapping IPv6 address range of the external load balancer pool. | 
| avoidBuggyIps | 
 Optional. If true, the pool omits IP addresses ending in .0 and .255. Some network hardware drops traffic to these special addresses. Its default value is false. | 
| manualAssign | 
 Optional. If true, addresses in this pool are not automatically assigned to Kubernetes Services. If true, an IP address in this pool is used only when it is specified explicitly by a service. Its default value is false. | 
ZoneStorageEncryption
Configuration for Zone Storage CMEK Support
| JSON representation | 
|---|
| {
  "kmsKey": string,
  "kmsKeyActiveVersion": string,
  "resourceState": enum ( | 
| Fields | |
|---|---|
| kmsKey | 
 Optional. The Cloud KMS Key | 
| kmsKeyActiveVersion | 
 Output only. The Cloud KMS CryptoKeyVersion currently used for encryption/decryption | 
| resourceState | 
 Output only. The current resource state of the CMEK | 
ContainerRuntimeConfig
Container runtime config of the cluster.
| JSON representation | 
|---|
| {
  "defaultContainerRuntime": enum ( | 
| Fields | |
|---|---|
| defaultContainerRuntime | 
 Optional. The default container runtime to be configured in the cluster. | 
DefaultContainerRuntime
List of supported container runtimes.
| Enums | |
|---|---|
| DEFAULT_CONTAINER_RUNTIME_UNSPECIFIED | Container runtime not specified. | 
| RUNC | Use runc as the default container runtime in the cluster. | 
| GVISOR | Use gVisor as the default container runtime in the cluster. | 
| Methods | |
|---|---|
| 
 | Creates a new Cluster in a given project and location. | 
| 
 | Deletes a single Cluster. | 
| 
 | Generates an access token for a Cluster. | 
| 
 | Generates an offline credential for a Cluster. | 
| 
 | Gets details of a single Cluster. | 
| 
 | Lists Clusters in a given project and location. | 
| 
 | Updates the parameters of a single Cluster. | 
| 
 | Upgrades a single cluster. |