Docs Home
Google Cloud v8.25.1 published on Wednesday, Apr 9, 2025 by Pulumi
gcp.container.AttachedCluster
Explore with Pulumi AI
- Example Usage
- Container Attached Cluster Basic
- Container Attached Cluster Full
- Container Attached Cluster Ignore Errors
- Create AttachedCluster Resource
- Constructor syntax
- Constructor example
- AttachedCluster Resource Properties
- Inputs
- Outputs
- Look up Existing AttachedCluster Resource
- Supporting Types
- Import
- Package Details
An Anthos cluster running on customer owned infrastructure.
To get more information about Cluster, see:
- API documentation
- How-to Guides
Example Usage
Container Attached Cluster Basic
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const project = gcp.organizations.getProject({});
const versions = project.then(project => gcp.container.getAttachedVersions({
location: "us-west1",
project: project.projectId,
}));
const primary = new gcp.container.AttachedCluster("primary", {
name: "basic",
location: "us-west1",
project: project.then(project => project.projectId),
description: "Test cluster",
distribution: "aks",
oidcConfig: {
issuerUrl: "https://oidc.issuer.url",
},
platformVersion: versions.then(versions => versions.validVersions?.[0]),
fleet: {
project: project.then(project => `projects/${project.number}`),
},
});
import pulumi
import pulumi_gcp as gcp
project = gcp.organizations.get_project()
versions = gcp.container.get_attached_versions(location="us-west1",
project=project.project_id)
primary = gcp.container.AttachedCluster("primary",
name="basic",
location="us-west1",
project=project.project_id,
description="Test cluster",
distribution="aks",
oidc_config={
"issuer_url": "https://oidc.issuer.url",
},
platform_version=versions.valid_versions[0],
fleet={
"project": f"projects/{project.number}",
})
package main
import (
"fmt"
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/container"
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
project, err := organizations.LookupProject(ctx, &organizations.LookupProjectArgs{}, nil)
if err != nil {
return err
}
versions, err := container.GetAttachedVersions(ctx, &container.GetAttachedVersionsArgs{
Location: "us-west1",
Project: project.ProjectId,
}, nil)
if err != nil {
return err
}
_, err = container.NewAttachedCluster(ctx, "primary", &container.AttachedClusterArgs{
Name: pulumi.String("basic"),
Location: pulumi.String("us-west1"),
Project: pulumi.String(project.ProjectId),
Description: pulumi.String("Test cluster"),
Distribution: pulumi.String("aks"),
OidcConfig: &container.AttachedClusterOidcConfigArgs{
IssuerUrl: pulumi.String("https://oidc.issuer.url"),
},
PlatformVersion: pulumi.String(versions.ValidVersions[0]),
Fleet: &container.AttachedClusterFleetArgs{
Project: pulumi.Sprintf("projects/%v", project.Number),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var project = Gcp.Organizations.GetProject.Invoke();
var versions = Gcp.Container.GetAttachedVersions.Invoke(new()
{
Location = "us-west1",
Project = project.Apply(getProjectResult => getProjectResult.ProjectId),
});
var primary = new Gcp.Container.AttachedCluster("primary", new()
{
Name = "basic",
Location = "us-west1",
Project = project.Apply(getProjectResult => getProjectResult.ProjectId),
Description = "Test cluster",
Distribution = "aks",
OidcConfig = new Gcp.Container.Inputs.AttachedClusterOidcConfigArgs
{
IssuerUrl = "https://oidc.issuer.url",
},
PlatformVersion = versions.Apply(getAttachedVersionsResult => getAttachedVersionsResult.ValidVersions[0]),
Fleet = new Gcp.Container.Inputs.AttachedClusterFleetArgs
{
Project = $"projects/{project.Apply(getProjectResult => getProjectResult.Number)}",
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.organizations.OrganizationsFunctions;
import com.pulumi.gcp.organizations.inputs.GetProjectArgs;
import com.pulumi.gcp.container.ContainerFunctions;
import com.pulumi.gcp.container.inputs.GetAttachedVersionsArgs;
import com.pulumi.gcp.container.AttachedCluster;
import com.pulumi.gcp.container.AttachedClusterArgs;
import com.pulumi.gcp.container.inputs.AttachedClusterOidcConfigArgs;
import com.pulumi.gcp.container.inputs.AttachedClusterFleetArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var project = OrganizationsFunctions.getProject(GetProjectArgs.builder()
.build());
final var versions = ContainerFunctions.getAttachedVersions(GetAttachedVersionsArgs.builder()
.location("us-west1")
.project(project.projectId())
.build());
var primary = new AttachedCluster("primary", AttachedClusterArgs.builder()
.name("basic")
.location("us-west1")
.project(project.projectId())
.description("Test cluster")
.distribution("aks")
.oidcConfig(AttachedClusterOidcConfigArgs.builder()
.issuerUrl("https://oidc.issuer.url")
.build())
.platformVersion(versions.validVersions()[0])
.fleet(AttachedClusterFleetArgs.builder()
.project(String.format("projects/%s", project.number()))
.build())
.build());
}
}
resources:
primary:
type: gcp:container:AttachedCluster
properties:
name: basic
location: us-west1
project: ${project.projectId}
description: Test cluster
distribution: aks
oidcConfig:
issuerUrl: https://oidc.issuer.url
platformVersion: ${versions.validVersions[0]}
fleet:
project: projects/${project.number}
variables:
project:
fn::invoke:
function: gcp:organizations:getProject
arguments: {}
versions:
fn::invoke:
function: gcp:container:getAttachedVersions
arguments:
location: us-west1
project: ${project.projectId}
Container Attached Cluster Full
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
import * as std from "@pulumi/std";
const project = gcp.organizations.getProject({});
const versions = project.then(project => gcp.container.getAttachedVersions({
location: "us-west1",
project: project.projectId,
}));
const primary = new gcp.container.AttachedCluster("primary", {
name: "basic",
project: project.then(project => project.projectId),
location: "us-west1",
description: "Test cluster",
distribution: "aks",
annotations: {
"label-one": "value-one",
},
authorization: {
adminUsers: [
"user1@example.com",
"user2@example.com",
],
adminGroups: [
"group1@example.com",
"group2@example.com",
],
},
oidcConfig: {
issuerUrl: "https://oidc.issuer.url",
jwks: std.base64encode({
input: "{\"keys\":[{\"use\":\"sig\",\"kty\":\"RSA\",\"kid\":\"testid\",\"alg\":\"RS256\",\"n\":\"somedata\",\"e\":\"AQAB\"}]}",
}).then(invoke => invoke.result),
},
platformVersion: versions.then(versions => versions.validVersions?.[0]),
fleet: {
project: project.then(project => `projects/${project.number}`),
},
loggingConfig: {
componentConfig: {
enableComponents: [
"SYSTEM_COMPONENTS",
"WORKLOADS",
],
},
},
monitoringConfig: {
managedPrometheusConfig: {
enabled: true,
},
},
binaryAuthorization: {
evaluationMode: "PROJECT_SINGLETON_POLICY_ENFORCE",
},
proxyConfig: {
kubernetesSecret: {
name: "proxy-config",
namespace: "default",
},
},
});
import pulumi
import pulumi_gcp as gcp
import pulumi_std as std
project = gcp.organizations.get_project()
versions = gcp.container.get_attached_versions(location="us-west1",
project=project.project_id)
primary = gcp.container.AttachedCluster("primary",
name="basic",
project=project.project_id,
location="us-west1",
description="Test cluster",
distribution="aks",
annotations={
"label-one": "value-one",
},
authorization={
"admin_users": [
"user1@example.com",
"user2@example.com",
],
"admin_groups": [
"group1@example.com",
"group2@example.com",
],
},
oidc_config={
"issuer_url": "https://oidc.issuer.url",
"jwks": std.base64encode(input="{\"keys\":[{\"use\":\"sig\",\"kty\":\"RSA\",\"kid\":\"testid\",\"alg\":\"RS256\",\"n\":\"somedata\",\"e\":\"AQAB\"}]}").result,
},
platform_version=versions.valid_versions[0],
fleet={
"project": f"projects/{project.number}",
},
logging_config={
"component_config": {
"enable_components": [
"SYSTEM_COMPONENTS",
"WORKLOADS",
],
},
},
monitoring_config={
"managed_prometheus_config": {
"enabled": True,
},
},
binary_authorization={
"evaluation_mode": "PROJECT_SINGLETON_POLICY_ENFORCE",
},
proxy_config={
"kubernetes_secret": {
"name": "proxy-config",
"namespace": "default",
},
})
package main
import (
"fmt"
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/container"
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations"
"github.com/pulumi/pulumi-std/sdk/go/std"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
project, err := organizations.LookupProject(ctx, &organizations.LookupProjectArgs{}, nil)
if err != nil {
return err
}
versions, err := container.GetAttachedVersions(ctx, &container.GetAttachedVersionsArgs{
Location: "us-west1",
Project: project.ProjectId,
}, nil)
if err != nil {
return err
}
invokeBase64encode, err := std.Base64encode(ctx, &std.Base64encodeArgs{
Input: "{\"keys\":[{\"use\":\"sig\",\"kty\":\"RSA\",\"kid\":\"testid\",\"alg\":\"RS256\",\"n\":\"somedata\",\"e\":\"AQAB\"}]}",
}, nil)
if err != nil {
return err
}
_, err = container.NewAttachedCluster(ctx, "primary", &container.AttachedClusterArgs{
Name: pulumi.String("basic"),
Project: pulumi.String(project.ProjectId),
Location: pulumi.String("us-west1"),
Description: pulumi.String("Test cluster"),
Distribution: pulumi.String("aks"),
Annotations: pulumi.StringMap{
"label-one": pulumi.String("value-one"),
},
Authorization: &container.AttachedClusterAuthorizationArgs{
AdminUsers: pulumi.StringArray{
pulumi.String("user1@example.com"),
pulumi.String("user2@example.com"),
},
AdminGroups: pulumi.StringArray{
pulumi.String("group1@example.com"),
pulumi.String("group2@example.com"),
},
},
OidcConfig: &container.AttachedClusterOidcConfigArgs{
IssuerUrl: pulumi.String("https://oidc.issuer.url"),
Jwks: pulumi.String(invokeBase64encode.Result),
},
PlatformVersion: pulumi.String(versions.ValidVersions[0]),
Fleet: &container.AttachedClusterFleetArgs{
Project: pulumi.Sprintf("projects/%v", project.Number),
},
LoggingConfig: &container.AttachedClusterLoggingConfigArgs{
ComponentConfig: &container.AttachedClusterLoggingConfigComponentConfigArgs{
EnableComponents: pulumi.StringArray{
pulumi.String("SYSTEM_COMPONENTS"),
pulumi.String("WORKLOADS"),
},
},
},
MonitoringConfig: &container.AttachedClusterMonitoringConfigArgs{
ManagedPrometheusConfig: &container.AttachedClusterMonitoringConfigManagedPrometheusConfigArgs{
Enabled: pulumi.Bool(true),
},
},
BinaryAuthorization: &container.AttachedClusterBinaryAuthorizationArgs{
EvaluationMode: pulumi.String("PROJECT_SINGLETON_POLICY_ENFORCE"),
},
ProxyConfig: &container.AttachedClusterProxyConfigArgs{
KubernetesSecret: &container.AttachedClusterProxyConfigKubernetesSecretArgs{
Name: pulumi.String("proxy-config"),
Namespace: pulumi.String("default"),
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
using Std = Pulumi.Std;
return await Deployment.RunAsync(() =>
{
var project = Gcp.Organizations.GetProject.Invoke();
var versions = Gcp.Container.GetAttachedVersions.Invoke(new()
{
Location = "us-west1",
Project = project.Apply(getProjectResult => getProjectResult.ProjectId),
});
var primary = new Gcp.Container.AttachedCluster("primary", new()
{
Name = "basic",
Project = project.Apply(getProjectResult => getProjectResult.ProjectId),
Location = "us-west1",
Description = "Test cluster",
Distribution = "aks",
Annotations =
{
{ "label-one", "value-one" },
},
Authorization = new Gcp.Container.Inputs.AttachedClusterAuthorizationArgs
{
AdminUsers = new[]
{
"user1@example.com",
"user2@example.com",
},
AdminGroups = new[]
{
"group1@example.com",
"group2@example.com",
},
},
OidcConfig = new Gcp.Container.Inputs.AttachedClusterOidcConfigArgs
{
IssuerUrl = "https://oidc.issuer.url",
Jwks = Std.Base64encode.Invoke(new()
{
Input = "{\"keys\":[{\"use\":\"sig\",\"kty\":\"RSA\",\"kid\":\"testid\",\"alg\":\"RS256\",\"n\":\"somedata\",\"e\":\"AQAB\"}]}",
}).Apply(invoke => invoke.Result),
},
PlatformVersion = versions.Apply(getAttachedVersionsResult => getAttachedVersionsResult.ValidVersions[0]),
Fleet = new Gcp.Container.Inputs.AttachedClusterFleetArgs
{
Project = $"projects/{project.Apply(getProjectResult => getProjectResult.Number)}",
},
LoggingConfig = new Gcp.Container.Inputs.AttachedClusterLoggingConfigArgs
{
ComponentConfig = new Gcp.Container.Inputs.AttachedClusterLoggingConfigComponentConfigArgs
{
EnableComponents = new[]
{
"SYSTEM_COMPONENTS",
"WORKLOADS",
},
},
},
MonitoringConfig = new Gcp.Container.Inputs.AttachedClusterMonitoringConfigArgs
{
ManagedPrometheusConfig = new Gcp.Container.Inputs.AttachedClusterMonitoringConfigManagedPrometheusConfigArgs
{
Enabled = true,
},
},
BinaryAuthorization = new Gcp.Container.Inputs.AttachedClusterBinaryAuthorizationArgs
{
EvaluationMode = "PROJECT_SINGLETON_POLICY_ENFORCE",
},
ProxyConfig = new Gcp.Container.Inputs.AttachedClusterProxyConfigArgs
{
KubernetesSecret = new Gcp.Container.Inputs.AttachedClusterProxyConfigKubernetesSecretArgs
{
Name = "proxy-config",
Namespace = "default",
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.organizations.OrganizationsFunctions;
import com.pulumi.gcp.organizations.inputs.GetProjectArgs;
import com.pulumi.gcp.container.ContainerFunctions;
import com.pulumi.gcp.container.inputs.GetAttachedVersionsArgs;
import com.pulumi.gcp.container.AttachedCluster;
import com.pulumi.gcp.container.AttachedClusterArgs;
import com.pulumi.gcp.container.inputs.AttachedClusterAuthorizationArgs;
import com.pulumi.gcp.container.inputs.AttachedClusterOidcConfigArgs;
import com.pulumi.gcp.container.inputs.AttachedClusterFleetArgs;
import com.pulumi.gcp.container.inputs.AttachedClusterLoggingConfigArgs;
import com.pulumi.gcp.container.inputs.AttachedClusterLoggingConfigComponentConfigArgs;
import com.pulumi.gcp.container.inputs.AttachedClusterMonitoringConfigArgs;
import com.pulumi.gcp.container.inputs.AttachedClusterMonitoringConfigManagedPrometheusConfigArgs;
import com.pulumi.gcp.container.inputs.AttachedClusterBinaryAuthorizationArgs;
import com.pulumi.gcp.container.inputs.AttachedClusterProxyConfigArgs;
import com.pulumi.gcp.container.inputs.AttachedClusterProxyConfigKubernetesSecretArgs;
import com.pulumi.std.StdFunctions;
import com.pulumi.std.inputs.Base64encodeArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var project = OrganizationsFunctions.getProject(GetProjectArgs.builder()
.build());
final var versions = ContainerFunctions.getAttachedVersions(GetAttachedVersionsArgs.builder()
.location("us-west1")
.project(project.projectId())
.build());
var primary = new AttachedCluster("primary", AttachedClusterArgs.builder()
.name("basic")
.project(project.projectId())
.location("us-west1")
.description("Test cluster")
.distribution("aks")
.annotations(Map.of("label-one", "value-one"))
.authorization(AttachedClusterAuthorizationArgs.builder()
.adminUsers(
"user1@example.com",
"user2@example.com")
.adminGroups(
"group1@example.com",
"group2@example.com")
.build())
.oidcConfig(AttachedClusterOidcConfigArgs.builder()
.issuerUrl("https://oidc.issuer.url")
.jwks(StdFunctions.base64encode(Base64encodeArgs.builder()
.input("{\"keys\":[{\"use\":\"sig\",\"kty\":\"RSA\",\"kid\":\"testid\",\"alg\":\"RS256\",\"n\":\"somedata\",\"e\":\"AQAB\"}]}")
.build()).result())
.build())
.platformVersion(versions.validVersions()[0])
.fleet(AttachedClusterFleetArgs.builder()
.project(String.format("projects/%s", project.number()))
.build())
.loggingConfig(AttachedClusterLoggingConfigArgs.builder()
.componentConfig(AttachedClusterLoggingConfigComponentConfigArgs.builder()
.enableComponents(
"SYSTEM_COMPONENTS",
"WORKLOADS")
.build())
.build())
.monitoringConfig(AttachedClusterMonitoringConfigArgs.builder()
.managedPrometheusConfig(AttachedClusterMonitoringConfigManagedPrometheusConfigArgs.builder()
.enabled(true)
.build())
.build())
.binaryAuthorization(AttachedClusterBinaryAuthorizationArgs.builder()
.evaluationMode("PROJECT_SINGLETON_POLICY_ENFORCE")
.build())
.proxyConfig(AttachedClusterProxyConfigArgs.builder()
.kubernetesSecret(AttachedClusterProxyConfigKubernetesSecretArgs.builder()
.name("proxy-config")
.namespace("default")
.build())
.build())
.build());
}
}
resources:
primary:
type: gcp:container:AttachedCluster
properties:
name: basic
project: ${project.projectId}
location: us-west1
description: Test cluster
distribution: aks
annotations:
label-one: value-one
authorization:
adminUsers:
- user1@example.com
- user2@example.com
adminGroups:
- group1@example.com
- group2@example.com
oidcConfig:
issuerUrl: https://oidc.issuer.url
jwks:
fn::invoke:
function: std:base64encode
arguments:
input: '{"keys":[{"use":"sig","kty":"RSA","kid":"testid","alg":"RS256","n":"somedata","e":"AQAB"}]}'
return: result
platformVersion: ${versions.validVersions[0]}
fleet:
project: projects/${project.number}
loggingConfig:
componentConfig:
enableComponents:
- SYSTEM_COMPONENTS
- WORKLOADS
monitoringConfig:
managedPrometheusConfig:
enabled: true
binaryAuthorization:
evaluationMode: PROJECT_SINGLETON_POLICY_ENFORCE
proxyConfig:
kubernetesSecret:
name: proxy-config
namespace: default
variables:
project:
fn::invoke:
function: gcp:organizations:getProject
arguments: {}
versions:
fn::invoke:
function: gcp:container:getAttachedVersions
arguments:
location: us-west1
project: ${project.projectId}
Container Attached Cluster Ignore Errors
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const project = gcp.organizations.getProject({});
const versions = project.then(project => gcp.container.getAttachedVersions({
location: "us-west1",
project: project.projectId,
}));
const primary = new gcp.container.AttachedCluster("primary", {
name: "basic",
location: "us-west1",
project: project.then(project => project.projectId),
description: "Test cluster",
distribution: "aks",
oidcConfig: {
issuerUrl: "https://oidc.issuer.url",
},
platformVersion: versions.then(versions => versions.validVersions?.[0]),
fleet: {
project: project.then(project => `projects/${project.number}`),
},
deletionPolicy: "DELETE_IGNORE_ERRORS",
});
import pulumi
import pulumi_gcp as gcp
project = gcp.organizations.get_project()
versions = gcp.container.get_attached_versions(location="us-west1",
project=project.project_id)
primary = gcp.container.AttachedCluster("primary",
name="basic",
location="us-west1",
project=project.project_id,
description="Test cluster",
distribution="aks",
oidc_config={
"issuer_url": "https://oidc.issuer.url",
},
platform_version=versions.valid_versions[0],
fleet={
"project": f"projects/{project.number}",
},
deletion_policy="DELETE_IGNORE_ERRORS")
package main
import (
"fmt"
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/container"
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
project, err := organizations.LookupProject(ctx, &organizations.LookupProjectArgs{}, nil)
if err != nil {
return err
}
versions, err := container.GetAttachedVersions(ctx, &container.GetAttachedVersionsArgs{
Location: "us-west1",
Project: project.ProjectId,
}, nil)
if err != nil {
return err
}
_, err = container.NewAttachedCluster(ctx, "primary", &container.AttachedClusterArgs{
Name: pulumi.String("basic"),
Location: pulumi.String("us-west1"),
Project: pulumi.String(project.ProjectId),
Description: pulumi.String("Test cluster"),
Distribution: pulumi.String("aks"),
OidcConfig: &container.AttachedClusterOidcConfigArgs{
IssuerUrl: pulumi.String("https://oidc.issuer.url"),
},
PlatformVersion: pulumi.String(versions.ValidVersions[0]),
Fleet: &container.AttachedClusterFleetArgs{
Project: pulumi.Sprintf("projects/%v", project.Number),
},
DeletionPolicy: pulumi.String("DELETE_IGNORE_ERRORS"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var project = Gcp.Organizations.GetProject.Invoke();
var versions = Gcp.Container.GetAttachedVersions.Invoke(new()
{
Location = "us-west1",
Project = project.Apply(getProjectResult => getProjectResult.ProjectId),
});
var primary = new Gcp.Container.AttachedCluster("primary", new()
{
Name = "basic",
Location = "us-west1",
Project = project.Apply(getProjectResult => getProjectResult.ProjectId),
Description = "Test cluster",
Distribution = "aks",
OidcConfig = new Gcp.Container.Inputs.AttachedClusterOidcConfigArgs
{
IssuerUrl = "https://oidc.issuer.url",
},
PlatformVersion = versions.Apply(getAttachedVersionsResult => getAttachedVersionsResult.ValidVersions[0]),
Fleet = new Gcp.Container.Inputs.AttachedClusterFleetArgs
{
Project = $"projects/{project.Apply(getProjectResult => getProjectResult.Number)}",
},
DeletionPolicy = "DELETE_IGNORE_ERRORS",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.organizations.OrganizationsFunctions;
import com.pulumi.gcp.organizations.inputs.GetProjectArgs;
import com.pulumi.gcp.container.ContainerFunctions;
import com.pulumi.gcp.container.inputs.GetAttachedVersionsArgs;
import com.pulumi.gcp.container.AttachedCluster;
import com.pulumi.gcp.container.AttachedClusterArgs;
import com.pulumi.gcp.container.inputs.AttachedClusterOidcConfigArgs;
import com.pulumi.gcp.container.inputs.AttachedClusterFleetArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var project = OrganizationsFunctions.getProject(GetProjectArgs.builder()
.build());
final var versions = ContainerFunctions.getAttachedVersions(GetAttachedVersionsArgs.builder()
.location("us-west1")
.project(project.projectId())
.build());
var primary = new AttachedCluster("primary", AttachedClusterArgs.builder()
.name("basic")
.location("us-west1")
.project(project.projectId())
.description("Test cluster")
.distribution("aks")
.oidcConfig(AttachedClusterOidcConfigArgs.builder()
.issuerUrl("https://oidc.issuer.url")
.build())
.platformVersion(versions.validVersions()[0])
.fleet(AttachedClusterFleetArgs.builder()
.project(String.format("projects/%s", project.number()))
.build())
.deletionPolicy("DELETE_IGNORE_ERRORS")
.build());
}
}
resources:
primary:
type: gcp:container:AttachedCluster
properties:
name: basic
location: us-west1
project: ${project.projectId}
description: Test cluster
distribution: aks
oidcConfig:
issuerUrl: https://oidc.issuer.url
platformVersion: ${versions.validVersions[0]}
fleet:
project: projects/${project.number}
deletionPolicy: DELETE_IGNORE_ERRORS
variables:
project:
fn::invoke:
function: gcp:organizations:getProject
arguments: {}
versions:
fn::invoke:
function: gcp:container:getAttachedVersions
arguments:
location: us-west1
project: ${project.projectId}
Create AttachedCluster Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new AttachedCluster(name: string, args: AttachedClusterArgs, opts?: CustomResourceOptions);@overload
def AttachedCluster(resource_name: str,
args: AttachedClusterArgs,
opts: Optional[ResourceOptions] = None)
@overload
def AttachedCluster(resource_name: str,
opts: Optional[ResourceOptions] = None,
distribution: Optional[str] = None,
platform_version: Optional[str] = None,
oidc_config: Optional[AttachedClusterOidcConfigArgs] = None,
location: Optional[str] = None,
fleet: Optional[AttachedClusterFleetArgs] = None,
description: Optional[str] = None,
annotations: Optional[Mapping[str, str]] = None,
deletion_policy: Optional[str] = None,
logging_config: Optional[AttachedClusterLoggingConfigArgs] = None,
monitoring_config: Optional[AttachedClusterMonitoringConfigArgs] = None,
name: Optional[str] = None,
binary_authorization: Optional[AttachedClusterBinaryAuthorizationArgs] = None,
authorization: Optional[AttachedClusterAuthorizationArgs] = None,
project: Optional[str] = None,
proxy_config: Optional[AttachedClusterProxyConfigArgs] = None,
security_posture_config: Optional[AttachedClusterSecurityPostureConfigArgs] = None)func NewAttachedCluster(ctx *Context, name string, args AttachedClusterArgs, opts ...ResourceOption) (*AttachedCluster, error)public AttachedCluster(string name, AttachedClusterArgs args, CustomResourceOptions? opts = null)public AttachedCluster(String name, AttachedClusterArgs args)
public AttachedCluster(String name, AttachedClusterArgs args, CustomResourceOptions options)
type: gcp:container:AttachedCluster
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name
This property is required. string - The unique name of the resource.
- args
This property is required. AttachedClusterArgs - The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name
This property is required. str - The unique name of the resource.
- args
This property is required. AttachedClusterArgs - The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name
This property is required. string - The unique name of the resource.
- args
This property is required. AttachedClusterArgs - The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name
This property is required. string - The unique name of the resource.
- args
This property is required. AttachedClusterArgs - The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name
This property is required. String - The unique name of the resource.
- args
This property is required. AttachedClusterArgs - The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var attachedClusterResource = new Gcp.Container.AttachedCluster("attachedClusterResource", new()
{
Distribution = "string",
PlatformVersion = "string",
OidcConfig = new Gcp.Container.Inputs.AttachedClusterOidcConfigArgs
{
IssuerUrl = "string",
Jwks = "string",
},
Location = "string",
Fleet = new Gcp.Container.Inputs.AttachedClusterFleetArgs
{
Project = "string",
Membership = "string",
},
Description = "string",
Annotations =
{
{ "string", "string" },
},
DeletionPolicy = "string",
LoggingConfig = new Gcp.Container.Inputs.AttachedClusterLoggingConfigArgs
{
ComponentConfig = new Gcp.Container.Inputs.AttachedClusterLoggingConfigComponentConfigArgs
{
EnableComponents = new[]
{
"string",
},
},
},
MonitoringConfig = new Gcp.Container.Inputs.AttachedClusterMonitoringConfigArgs
{
ManagedPrometheusConfig = new Gcp.Container.Inputs.AttachedClusterMonitoringConfigManagedPrometheusConfigArgs
{
Enabled = false,
},
},
Name = "string",
BinaryAuthorization = new Gcp.Container.Inputs.AttachedClusterBinaryAuthorizationArgs
{
EvaluationMode = "string",
},
Authorization = new Gcp.Container.Inputs.AttachedClusterAuthorizationArgs
{
AdminGroups = new[]
{
"string",
},
AdminUsers = new[]
{
"string",
},
},
Project = "string",
ProxyConfig = new Gcp.Container.Inputs.AttachedClusterProxyConfigArgs
{
KubernetesSecret = new Gcp.Container.Inputs.AttachedClusterProxyConfigKubernetesSecretArgs
{
Name = "string",
Namespace = "string",
},
},
});
example, err := container.NewAttachedCluster(ctx, "attachedClusterResource", &container.AttachedClusterArgs{
Distribution: pulumi.String("string"),
PlatformVersion: pulumi.String("string"),
OidcConfig: &container.AttachedClusterOidcConfigArgs{
IssuerUrl: pulumi.String("string"),
Jwks: pulumi.String("string"),
},
Location: pulumi.String("string"),
Fleet: &container.AttachedClusterFleetArgs{
Project: pulumi.String("string"),
Membership: pulumi.String("string"),
},
Description: pulumi.String("string"),
Annotations: pulumi.StringMap{
"string": pulumi.String("string"),
},
DeletionPolicy: pulumi.String("string"),
LoggingConfig: &container.AttachedClusterLoggingConfigArgs{
ComponentConfig: &container.AttachedClusterLoggingConfigComponentConfigArgs{
EnableComponents: pulumi.StringArray{
pulumi.String("string"),
},
},
},
MonitoringConfig: &container.AttachedClusterMonitoringConfigArgs{
ManagedPrometheusConfig: &container.AttachedClusterMonitoringConfigManagedPrometheusConfigArgs{
Enabled: pulumi.Bool(false),
},
},
Name: pulumi.String("string"),
BinaryAuthorization: &container.AttachedClusterBinaryAuthorizationArgs{
EvaluationMode: pulumi.String("string"),
},
Authorization: &container.AttachedClusterAuthorizationArgs{
AdminGroups: pulumi.StringArray{
pulumi.String("string"),
},
AdminUsers: pulumi.StringArray{
pulumi.String("string"),
},
},
Project: pulumi.String("string"),
ProxyConfig: &container.AttachedClusterProxyConfigArgs{
KubernetesSecret: &container.AttachedClusterProxyConfigKubernetesSecretArgs{
Name: pulumi.String("string"),
Namespace: pulumi.String("string"),
},
},
})
var attachedClusterResource = new AttachedCluster("attachedClusterResource", AttachedClusterArgs.builder()
.distribution("string")
.platformVersion("string")
.oidcConfig(AttachedClusterOidcConfigArgs.builder()
.issuerUrl("string")
.jwks("string")
.build())
.location("string")
.fleet(AttachedClusterFleetArgs.builder()
.project("string")
.membership("string")
.build())
.description("string")
.annotations(Map.of("string", "string"))
.deletionPolicy("string")
.loggingConfig(AttachedClusterLoggingConfigArgs.builder()
.componentConfig(AttachedClusterLoggingConfigComponentConfigArgs.builder()
.enableComponents("string")
.build())
.build())
.monitoringConfig(AttachedClusterMonitoringConfigArgs.builder()
.managedPrometheusConfig(AttachedClusterMonitoringConfigManagedPrometheusConfigArgs.builder()
.enabled(false)
.build())
.build())
.name("string")
.binaryAuthorization(AttachedClusterBinaryAuthorizationArgs.builder()
.evaluationMode("string")
.build())
.authorization(AttachedClusterAuthorizationArgs.builder()
.adminGroups("string")
.adminUsers("string")
.build())
.project("string")
.proxyConfig(AttachedClusterProxyConfigArgs.builder()
.kubernetesSecret(AttachedClusterProxyConfigKubernetesSecretArgs.builder()
.name("string")
.namespace("string")
.build())
.build())
.build());
attached_cluster_resource = gcp.container.AttachedCluster("attachedClusterResource",
distribution="string",
platform_version="string",
oidc_config={
"issuer_url": "string",
"jwks": "string",
},
location="string",
fleet={
"project": "string",
"membership": "string",
},
description="string",
annotations={
"string": "string",
},
deletion_policy="string",
logging_config={
"component_config": {
"enable_components": ["string"],
},
},
monitoring_config={
"managed_prometheus_config": {
"enabled": False,
},
},
name="string",
binary_authorization={
"evaluation_mode": "string",
},
authorization={
"admin_groups": ["string"],
"admin_users": ["string"],
},
project="string",
proxy_config={
"kubernetes_secret": {
"name": "string",
"namespace": "string",
},
})
const attachedClusterResource = new gcp.container.AttachedCluster("attachedClusterResource", {
distribution: "string",
platformVersion: "string",
oidcConfig: {
issuerUrl: "string",
jwks: "string",
},
location: "string",
fleet: {
project: "string",
membership: "string",
},
description: "string",
annotations: {
string: "string",
},
deletionPolicy: "string",
loggingConfig: {
componentConfig: {
enableComponents: ["string"],
},
},
monitoringConfig: {
managedPrometheusConfig: {
enabled: false,
},
},
name: "string",
binaryAuthorization: {
evaluationMode: "string",
},
authorization: {
adminGroups: ["string"],
adminUsers: ["string"],
},
project: "string",
proxyConfig: {
kubernetesSecret: {
name: "string",
namespace: "string",
},
},
});
type: gcp:container:AttachedCluster
properties:
annotations:
string: string
authorization:
adminGroups:
- string
adminUsers:
- string
binaryAuthorization:
evaluationMode: string
deletionPolicy: string
description: string
distribution: string
fleet:
membership: string
project: string
location: string
loggingConfig:
componentConfig:
enableComponents:
- string
monitoringConfig:
managedPrometheusConfig:
enabled: false
name: string
oidcConfig:
issuerUrl: string
jwks: string
platformVersion: string
project: string
proxyConfig:
kubernetesSecret:
name: string
namespace: string
AttachedCluster Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The AttachedCluster resource accepts the following input properties:
- Distribution
string
This property is required. 
Changes to this property will trigger replacement. - The Kubernetes distribution of the underlying attached cluster. Supported values: "eks", "aks", "generic". The generic distribution provides the ability to register or migrate any CNCF conformant cluster.
- Fleet
This property is required. AttachedCluster Fleet - Fleet configuration. Structure is documented below.
- Location
string
This property is required. Changes to this property will trigger replacement. - The location for the resource
- Oidc
Config This property is required. AttachedCluster Oidc Config - OIDC discovery information of the target cluster.
Kubernetes Service Account (KSA) tokens are JWT tokens signed by the cluster
API server. This fields indicates how GCP services
validate KSA tokens in order to allow system workloads (such as GKE Connect
and telemetry agents) to authenticate back to GCP.
Both clusters with public and private issuer URLs are supported.
Clusters with public issuers only need to specify the
issuer_urlfield while clusters with private issuers need to provide bothissuer_urlandjwks. Structure is documented below. - Platform
Version This property is required. string - The platform version for the cluster (e.g.
1.23.0-gke.1). - Annotations Dictionary<string, string>
- Optional. Annotations on the cluster. This field has the same restrictions as Kubernetes annotations. The total size of all keys and values combined is limited to 256k. Key can have 2 segments: prefix (optional) and name (required), separated by a slash (/). Prefix must be a DNS subdomain. Name must be 63 characters or less, begin and end with alphanumerics, with dashes (-), underscores (_), dots (.), and alphanumerics between. Note: This field is non-authoritative, and will only manage the annotations present in your configuration. Please refer to the field 'effective_annotations' for all of the annotations present on the resource.
-
Attached
Cluster Authorization - Configuration related to the cluster RBAC settings.
-
Attached
Cluster Binary Authorization - Binary Authorization configuration.
- Deletion
Policy string - Policy to determine what flags to send on delete. Possible values: DELETE, DELETE_IGNORE_ERRORS
- Description string
- A human readable description of this attached cluster. Cannot be longer than 255 UTF-8 encoded bytes.
- Logging
Config AttachedCluster Logging Config - Logging configuration.
- Monitoring
Config AttachedCluster Monitoring Config - Monitoring configuration.
- Name
- The name of this resource.
- Project
- Proxy
Config AttachedCluster Proxy Config - Support for proxy configuration.
- Security
Posture AttachedConfig Cluster Security Posture Config - Enable/Disable Security Posture API features for the cluster.
- Distribution
string
This property is required. Changes to this property will trigger replacement. - The Kubernetes distribution of the underlying attached cluster. Supported values: "eks", "aks", "generic". The generic distribution provides the ability to register or migrate any CNCF conformant cluster.
- Fleet
This property is required. AttachedCluster Fleet Args - Fleet configuration. Structure is documented below.
- Location
string
This property is required. Changes to this property will trigger replacement. - The location for the resource
- Oidc
Config This property is required. AttachedCluster Oidc Config Args - OIDC discovery information of the target cluster.
Kubernetes Service Account (KSA) tokens are JWT tokens signed by the cluster
API server. This fields indicates how GCP services
validate KSA tokens in order to allow system workloads (such as GKE Connect
and telemetry agents) to authenticate back to GCP.
Both clusters with public and private issuer URLs are supported.
Clusters with public issuers only need to specify the
issuer_urlfield while clusters with private issuers need to provide bothissuer_urlandjwks. Structure is documented below. - Platform
Version This property is required. string - The platform version for the cluster (e.g.
1.23.0-gke.1). - Annotations map[string]string
- Optional. Annotations on the cluster. This field has the same restrictions as Kubernetes annotations. The total size of all keys and values combined is limited to 256k. Key can have 2 segments: prefix (optional) and name (required), separated by a slash (/). Prefix must be a DNS subdomain. Name must be 63 characters or less, begin and end with alphanumerics, with dashes (-), underscores (_), dots (.), and alphanumerics between. Note: This field is non-authoritative, and will only manage the annotations present in your configuration. Please refer to the field 'effective_annotations' for all of the annotations present on the resource.
-
Attached
Cluster Authorization Args - Configuration related to the cluster RBAC settings.
-
Attached
Cluster Binary Authorization Args - Binary Authorization configuration.
- Deletion
Policy string - Policy to determine what flags to send on delete. Possible values: DELETE, DELETE_IGNORE_ERRORS
- Description string
- A human readable description of this attached cluster. Cannot be longer than 255 UTF-8 encoded bytes.
- Logging
Config AttachedCluster Logging Config Args - Logging configuration.
- Monitoring
Config AttachedCluster Monitoring Config Args - Monitoring configuration.
- Name
- The name of this resource.
- Project
- Proxy
Config AttachedCluster Proxy Config Args - Support for proxy configuration.
- Security
Posture AttachedConfig Cluster Security Posture Config Args - Enable/Disable Security Posture API features for the cluster.
- distribution
String
This property is required. Changes to this property will trigger replacement. - The Kubernetes distribution of the underlying attached cluster. Supported values: "eks", "aks", "generic". The generic distribution provides the ability to register or migrate any CNCF conformant cluster.
- fleet
This property is required. AttachedCluster Fleet - Fleet configuration. Structure is documented below.
- location
String
This property is required. Changes to this property will trigger replacement. - The location for the resource
- oidc
Config This property is required. AttachedCluster Oidc Config - OIDC discovery information of the target cluster.
Kubernetes Service Account (KSA) tokens are JWT tokens signed by the cluster
API server. This fields indicates how GCP services
validate KSA tokens in order to allow system workloads (such as GKE Connect
and telemetry agents) to authenticate back to GCP.
Both clusters with public and private issuer URLs are supported.
Clusters with public issuers only need to specify the
issuer_urlfield while clusters with private issuers need to provide bothissuer_urlandjwks. Structure is documented below. - platform
Version This property is required. String - The platform version for the cluster (e.g.
1.23.0-gke.1). - annotations Map<String,String>
- Optional. Annotations on the cluster. This field has the same restrictions as Kubernetes annotations. The total size of all keys and values combined is limited to 256k. Key can have 2 segments: prefix (optional) and name (required), separated by a slash (/). Prefix must be a DNS subdomain. Name must be 63 characters or less, begin and end with alphanumerics, with dashes (-), underscores (_), dots (.), and alphanumerics between. Note: This field is non-authoritative, and will only manage the annotations present in your configuration. Please refer to the field 'effective_annotations' for all of the annotations present on the resource.
-
Attached
Cluster Authorization - Configuration related to the cluster RBAC settings.
-
Attached
Cluster Binary Authorization - Binary Authorization configuration.
- deletion
Policy String - Policy to determine what flags to send on delete. Possible values: DELETE, DELETE_IGNORE_ERRORS
- description String
- A human readable description of this attached cluster. Cannot be longer than 255 UTF-8 encoded bytes.
- logging
Config AttachedCluster Logging Config - Logging configuration.
- monitoring
Config AttachedCluster Monitoring Config - Monitoring configuration.
- name
- The name of this resource.
- project
- proxy
Config AttachedCluster Proxy Config - Support for proxy configuration.
- security
Posture AttachedConfig Cluster Security Posture Config - Enable/Disable Security Posture API features for the cluster.
- distribution
string
This property is required. Changes to this property will trigger replacement. - The Kubernetes distribution of the underlying attached cluster. Supported values: "eks", "aks", "generic". The generic distribution provides the ability to register or migrate any CNCF conformant cluster.
- fleet
This property is required. AttachedCluster Fleet - Fleet configuration. Structure is documented below.
- location
string
This property is required. Changes to this property will trigger replacement. - The location for the resource
- oidc
Config This property is required. AttachedCluster Oidc Config - OIDC discovery information of the target cluster.
Kubernetes Service Account (KSA) tokens are JWT tokens signed by the cluster
API server. This fields indicates how GCP services
validate KSA tokens in order to allow system workloads (such as GKE Connect
and telemetry agents) to authenticate back to GCP.
Both clusters with public and private issuer URLs are supported.
Clusters with public issuers only need to specify the
issuer_urlfield while clusters with private issuers need to provide bothissuer_urlandjwks. Structure is documented below. - platform
Version This property is required. string - The platform version for the cluster (e.g.
1.23.0-gke.1). - annotations {[key: string]: string}
- Optional. Annotations on the cluster. This field has the same restrictions as Kubernetes annotations. The total size of all keys and values combined is limited to 256k. Key can have 2 segments: prefix (optional) and name (required), separated by a slash (/). Prefix must be a DNS subdomain. Name must be 63 characters or less, begin and end with alphanumerics, with dashes (-), underscores (_), dots (.), and alphanumerics between. Note: This field is non-authoritative, and will only manage the annotations present in your configuration. Please refer to the field 'effective_annotations' for all of the annotations present on the resource.
-
Attached
Cluster Authorization - Configuration related to the cluster RBAC settings.
-
Attached
Cluster Binary Authorization - Binary Authorization configuration.
- deletion
Policy string - Policy to determine what flags to send on delete. Possible values: DELETE, DELETE_IGNORE_ERRORS
- description string
- A human readable description of this attached cluster. Cannot be longer than 255 UTF-8 encoded bytes.
- logging
Config AttachedCluster Logging Config - Logging configuration.
- monitoring
Config AttachedCluster Monitoring Config - Monitoring configuration.
- name
- The name of this resource.
- project
- proxy
Config AttachedCluster Proxy Config - Support for proxy configuration.
- security
Posture AttachedConfig Cluster Security Posture Config - Enable/Disable Security Posture API features for the cluster.
- distribution
str
This property is required. Changes to this property will trigger replacement. - The Kubernetes distribution of the underlying attached cluster. Supported values: "eks", "aks", "generic". The generic distribution provides the ability to register or migrate any CNCF conformant cluster.
- fleet
This property is required. AttachedCluster Fleet Args - Fleet configuration. Structure is documented below.
- location
str
This property is required. Changes to this property will trigger replacement. - The location for the resource
- oidc_
config This property is required. AttachedCluster Oidc Config Args - OIDC discovery information of the target cluster.
Kubernetes Service Account (KSA) tokens are JWT tokens signed by the cluster
API server. This fields indicates how GCP services
validate KSA tokens in order to allow system workloads (such as GKE Connect
and telemetry agents) to authenticate back to GCP.
Both clusters with public and private issuer URLs are supported.
Clusters with public issuers only need to specify the
issuer_urlfield while clusters with private issuers need to provide bothissuer_urlandjwks. Structure is documented below. - platform_
version This property is required. str - The platform version for the cluster (e.g.
1.23.0-gke.1). - annotations Mapping[str, str]
- Optional. Annotations on the cluster. This field has the same restrictions as Kubernetes annotations. The total size of all keys and values combined is limited to 256k. Key can have 2 segments: prefix (optional) and name (required), separated by a slash (/). Prefix must be a DNS subdomain. Name must be 63 characters or less, begin and end with alphanumerics, with dashes (-), underscores (_), dots (.), and alphanumerics between. Note: This field is non-authoritative, and will only manage the annotations present in your configuration. Please refer to the field 'effective_annotations' for all of the annotations present on the resource.
-
Attached
Cluster Authorization Args - Configuration related to the cluster RBAC settings.
-
Attached
Cluster Binary Authorization Args - Binary Authorization configuration.
- deletion_
policy str - Policy to determine what flags to send on delete. Possible values: DELETE, DELETE_IGNORE_ERRORS
- description str
- A human readable description of this attached cluster. Cannot be longer than 255 UTF-8 encoded bytes.
- logging_
config AttachedCluster Logging Config Args - Logging configuration.
- monitoring_
config AttachedCluster Monitoring Config Args - Monitoring configuration.
- name
- The name of this resource.
- project
- proxy_
config AttachedCluster Proxy Config Args - Support for proxy configuration.
- security_
posture_ Attachedconfig Cluster Security Posture Config Args - Enable/Disable Security Posture API features for the cluster.
- distribution
String
This property is required. Changes to this property will trigger replacement. - The Kubernetes distribution of the underlying attached cluster. Supported values: "eks", "aks", "generic". The generic distribution provides the ability to register or migrate any CNCF conformant cluster.
- fleet
This property is required. Property Map - Fleet configuration. Structure is documented below.
- location
String
This property is required. Changes to this property will trigger replacement. - The location for the resource
- oidc
Config This property is required. Property Map - OIDC discovery information of the target cluster.
Kubernetes Service Account (KSA) tokens are JWT tokens signed by the cluster
API server. This fields indicates how GCP services
validate KSA tokens in order to allow system workloads (such as GKE Connect
and telemetry agents) to authenticate back to GCP.
Both clusters with public and private issuer URLs are supported.
Clusters with public issuers only need to specify the
issuer_urlfield while clusters with private issuers need to provide bothissuer_urlandjwks. Structure is documented below. - platform
Version This property is required. String - The platform version for the cluster (e.g.
1.23.0-gke.1). - annotations Map<String>
- Optional. Annotations on the cluster. This field has the same restrictions as Kubernetes annotations. The total size of all keys and values combined is limited to 256k. Key can have 2 segments: prefix (optional) and name (required), separated by a slash (/). Prefix must be a DNS subdomain. Name must be 63 characters or less, begin and end with alphanumerics, with dashes (-), underscores (_), dots (.), and alphanumerics between. Note: This field is non-authoritative, and will only manage the annotations present in your configuration. Please refer to the field 'effective_annotations' for all of the annotations present on the resource.
- Property Map
- Configuration related to the cluster RBAC settings.
- Property Map
- Binary Authorization configuration.
- deletion
Policy String - Policy to determine what flags to send on delete. Possible values: DELETE, DELETE_IGNORE_ERRORS
- description String
- A human readable description of this attached cluster. Cannot be longer than 255 UTF-8 encoded bytes.
- logging
Config Property Map - Logging configuration.
- monitoring
Config Property Map - Monitoring configuration.
- name
- The name of this resource.
- project
- proxy
Config Property Map - Support for proxy configuration.
- security
Posture Property MapConfig - Enable/Disable Security Posture API features for the cluster.
Outputs
All input properties are implicitly available as output properties. Additionally, the AttachedCluster resource produces the following output properties:
- Cluster
Region string - Output only. The region where this cluster runs. For EKS clusters, this is an AWS region. For AKS clusters, this is an Azure region.
- Create
Time string - Output only. The time at which this cluster was created.
- Effective
Annotations Dictionary<string, string> - Errors
List<Attached
Cluster Error> - A set of errors found in the cluster. Structure is documented below.
- Id string
- The provider-assigned unique ID for this managed resource.
- Kubernetes
Version string - The Kubernetes version of the cluster.
- Reconciling bool
- If set, there are currently changes in flight to the cluster.
- State string
- The current state of the cluster. Possible values: STATE_UNSPECIFIED, PROVISIONING, RUNNING, RECONCILING, STOPPING, ERROR, DEGRADED
- Uid string
- A globally unique identifier for the cluster.
- Update
Time string - The time at which this cluster was last updated.
- Workload
Identity List<AttachedConfigs Cluster Workload Identity Config> - Workload Identity settings. Structure is documented below.
- Cluster
Region string - Output only. The region where this cluster runs. For EKS clusters, this is an AWS region. For AKS clusters, this is an Azure region.
- Create
Time string - Output only. The time at which this cluster was created.
- Effective
Annotations map[string]string - Errors
[]Attached
Cluster Error - A set of errors found in the cluster. Structure is documented below.
- Id string
- The provider-assigned unique ID for this managed resource.
- Kubernetes
Version string - The Kubernetes version of the cluster.
- Reconciling bool
- If set, there are currently changes in flight to the cluster.
- State string
- The current state of the cluster. Possible values: STATE_UNSPECIFIED, PROVISIONING, RUNNING, RECONCILING, STOPPING, ERROR, DEGRADED
- Uid string
- A globally unique identifier for the cluster.
- Update
Time string - The time at which this cluster was last updated.
- Workload
Identity []AttachedConfigs Cluster Workload Identity Config - Workload Identity settings. Structure is documented below.
- cluster
Region String - Output only. The region where this cluster runs. For EKS clusters, this is an AWS region. For AKS clusters, this is an Azure region.
- create
Time String - Output only. The time at which this cluster was created.
- effective
Annotations Map<String,String> - errors
List<Attached
Cluster Error> - A set of errors found in the cluster. Structure is documented below.
- id String
- The provider-assigned unique ID for this managed resource.
- kubernetes
Version String - The Kubernetes version of the cluster.
- reconciling Boolean
- If set, there are currently changes in flight to the cluster.
- state String
- The current state of the cluster. Possible values: STATE_UNSPECIFIED, PROVISIONING, RUNNING, RECONCILING, STOPPING, ERROR, DEGRADED
- uid String
- A globally unique identifier for the cluster.
- update
Time String - The time at which this cluster was last updated.
- workload
Identity List<AttachedConfigs Cluster Workload Identity Config> - Workload Identity settings. Structure is documented below.
- cluster
Region string - Output only. The region where this cluster runs. For EKS clusters, this is an AWS region. For AKS clusters, this is an Azure region.
- create
Time string - Output only. The time at which this cluster was created.
- effective
Annotations {[key: string]: string} - errors
Attached
Cluster Error[] - A set of errors found in the cluster. Structure is documented below.
- id string
- The provider-assigned unique ID for this managed resource.
- kubernetes
Version string - The Kubernetes version of the cluster.
- reconciling boolean
- If set, there are currently changes in flight to the cluster.
- state string
- The current state of the cluster. Possible values: STATE_UNSPECIFIED, PROVISIONING, RUNNING, RECONCILING, STOPPING, ERROR, DEGRADED
- uid string
- A globally unique identifier for the cluster.
- update
Time string - The time at which this cluster was last updated.
- workload
Identity AttachedConfigs Cluster Workload Identity Config[] - Workload Identity settings. Structure is documented below.
- cluster_
region str - Output only. The region where this cluster runs. For EKS clusters, this is an AWS region. For AKS clusters, this is an Azure region.
- create_
time str - Output only. The time at which this cluster was created.
- effective_
annotations Mapping[str, str] - errors
Sequence[Attached
Cluster Error] - A set of errors found in the cluster. Structure is documented below.
- id str
- The provider-assigned unique ID for this managed resource.
- kubernetes_
version str - The Kubernetes version of the cluster.
- reconciling bool
- If set, there are currently changes in flight to the cluster.
- state str
- The current state of the cluster. Possible values: STATE_UNSPECIFIED, PROVISIONING, RUNNING, RECONCILING, STOPPING, ERROR, DEGRADED
- uid str
- A globally unique identifier for the cluster.
- update_
time str - The time at which this cluster was last updated.
- workload_
identity_ Sequence[Attachedconfigs Cluster Workload Identity Config] - Workload Identity settings. Structure is documented below.
- cluster
Region String - Output only. The region where this cluster runs. For EKS clusters, this is an AWS region. For AKS clusters, this is an Azure region.
- create
Time String - Output only. The time at which this cluster was created.
- effective
Annotations Map<String> - errors List<Property Map>
- A set of errors found in the cluster. Structure is documented below.
- id String
- The provider-assigned unique ID for this managed resource.
- kubernetes
Version String - The Kubernetes version of the cluster.
- reconciling Boolean
- If set, there are currently changes in flight to the cluster.
- state String
- The current state of the cluster. Possible values: STATE_UNSPECIFIED, PROVISIONING, RUNNING, RECONCILING, STOPPING, ERROR, DEGRADED
- uid String
- A globally unique identifier for the cluster.
- update
Time String - The time at which this cluster was last updated.
- workload
Identity List<Property Map>Configs - Workload Identity settings. Structure is documented below.
Look up Existing AttachedCluster Resource
Get an existing AttachedCluster resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: AttachedClusterState, opts?: CustomResourceOptions): AttachedCluster@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
annotations: Optional[Mapping[str, str]] = None,
authorization: Optional[AttachedClusterAuthorizationArgs] = None,
binary_authorization: Optional[AttachedClusterBinaryAuthorizationArgs] = None,
cluster_region: Optional[str] = None,
create_time: Optional[str] = None,
deletion_policy: Optional[str] = None,
description: Optional[str] = None,
distribution: Optional[str] = None,
effective_annotations: Optional[Mapping[str, str]] = None,
errors: Optional[Sequence[AttachedClusterErrorArgs]] = None,
fleet: Optional[AttachedClusterFleetArgs] = None,
kubernetes_version: Optional[str] = None,
location: Optional[str] = None,
logging_config: Optional[AttachedClusterLoggingConfigArgs] = None,
monitoring_config: Optional[AttachedClusterMonitoringConfigArgs] = None,
name: Optional[str] = None,
oidc_config: Optional[AttachedClusterOidcConfigArgs] = None,
platform_version: Optional[str] = None,
project: Optional[str] = None,
proxy_config: Optional[AttachedClusterProxyConfigArgs] = None,
reconciling: Optional[bool] = None,
security_posture_config: Optional[AttachedClusterSecurityPostureConfigArgs] = None,
state: Optional[str] = None,
uid: Optional[str] = None,
update_time: Optional[str] = None,
workload_identity_configs: Optional[Sequence[AttachedClusterWorkloadIdentityConfigArgs]] = None) -> AttachedClusterfunc GetAttachedCluster(ctx *Context, name string, id IDInput, state *AttachedClusterState, opts ...ResourceOption) (*AttachedCluster, error)public static AttachedCluster Get(string name, Input<string> id, AttachedClusterState? state, CustomResourceOptions? opts = null)public static AttachedCluster get(String name, Output<String> id, AttachedClusterState state, CustomResourceOptions options)resources: _: type: gcp:container:AttachedCluster get: id: ${id}- name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
The following state arguments are supported:
- Annotations Dictionary<string, string>
- Optional. Annotations on the cluster. This field has the same restrictions as Kubernetes annotations. The total size of all keys and values combined is limited to 256k. Key can have 2 segments: prefix (optional) and name (required), separated by a slash (/). Prefix must be a DNS subdomain. Name must be 63 characters or less, begin and end with alphanumerics, with dashes (-), underscores (_), dots (.), and alphanumerics between. Note: This field is non-authoritative, and will only manage the annotations present in your configuration. Please refer to the field 'effective_annotations' for all of the annotations present on the resource.
-
Attached
Cluster Authorization - Configuration related to the cluster RBAC settings.
-
Attached
Cluster Binary Authorization - Binary Authorization configuration.
- Cluster
Region string - Output only. The region where this cluster runs. For EKS clusters, this is an AWS region. For AKS clusters, this is an Azure region.
- Create
Time string - Output only. The time at which this cluster was created.
- Deletion
Policy string - Policy to determine what flags to send on delete. Possible values: DELETE, DELETE_IGNORE_ERRORS
- Description string
- A human readable description of this attached cluster. Cannot be longer than 255 UTF-8 encoded bytes.
- Distribution
- The Kubernetes distribution of the underlying attached cluster. Supported values: "eks", "aks", "generic". The generic distribution provides the ability to register or migrate any CNCF conformant cluster.
- Effective
Annotations Dictionary<string, string> - Errors
List<Attached
Cluster Error> - A set of errors found in the cluster. Structure is documented below.
- Fleet
Attached
Cluster Fleet - Fleet configuration. Structure is documented below.
- Kubernetes
Version string - The Kubernetes version of the cluster.
- Location
- The location for the resource
- Logging
Config AttachedCluster Logging Config - Logging configuration.
- Monitoring
Config AttachedCluster Monitoring Config - Monitoring configuration.
- Name
- The name of this resource.
- Oidc
Config AttachedCluster Oidc Config - OIDC discovery information of the target cluster.
Kubernetes Service Account (KSA) tokens are JWT tokens signed by the cluster
API server. This fields indicates how GCP services
validate KSA tokens in order to allow system workloads (such as GKE Connect
and telemetry agents) to authenticate back to GCP.
Both clusters with public and private issuer URLs are supported.
Clusters with public issuers only need to specify the
issuer_urlfield while clusters with private issuers need to provide bothissuer_urlandjwks. Structure is documented below. - Platform
Version string - The platform version for the cluster (e.g.
1.23.0-gke.1). - Project
- Proxy
Config AttachedCluster Proxy Config - Support for proxy configuration.
- Reconciling bool
- If set, there are currently changes in flight to the cluster.
- Security
Posture AttachedConfig Cluster Security Posture Config - Enable/Disable Security Posture API features for the cluster.
- State string
- The current state of the cluster. Possible values: STATE_UNSPECIFIED, PROVISIONING, RUNNING, RECONCILING, STOPPING, ERROR, DEGRADED
- Uid string
- A globally unique identifier for the cluster.
- Update
Time string - The time at which this cluster was last updated.
- Workload
Identity List<AttachedConfigs Cluster Workload Identity Config> - Workload Identity settings. Structure is documented below.
- Annotations map[string]string
- Optional. Annotations on the cluster. This field has the same restrictions as Kubernetes annotations. The total size of all keys and values combined is limited to 256k. Key can have 2 segments: prefix (optional) and name (required), separated by a slash (/). Prefix must be a DNS subdomain. Name must be 63 characters or less, begin and end with alphanumerics, with dashes (-), underscores (_), dots (.), and alphanumerics between. Note: This field is non-authoritative, and will only manage the annotations present in your configuration. Please refer to the field 'effective_annotations' for all of the annotations present on the resource.
-
Attached
Cluster Authorization Args - Configuration related to the cluster RBAC settings.
-
Attached
Cluster Binary Authorization Args - Binary Authorization configuration.
- Cluster
Region string - Output only. The region where this cluster runs. For EKS clusters, this is an AWS region. For AKS clusters, this is an Azure region.
- Create
Time string - Output only. The time at which this cluster was created.
- Deletion
Policy string - Policy to determine what flags to send on delete. Possible values: DELETE, DELETE_IGNORE_ERRORS
- Description string
- A human readable description of this attached cluster. Cannot be longer than 255 UTF-8 encoded bytes.
- Distribution
- The Kubernetes distribution of the underlying attached cluster. Supported values: "eks", "aks", "generic". The generic distribution provides the ability to register or migrate any CNCF conformant cluster.
- Effective
Annotations map[string]string - Errors
[]Attached
Cluster Error Args - A set of errors found in the cluster. Structure is documented below.
- Fleet
Attached
Cluster Fleet Args - Fleet configuration. Structure is documented below.
- Kubernetes
Version string - The Kubernetes version of the cluster.
- Location
- The location for the resource
- Logging
Config AttachedCluster Logging Config Args - Logging configuration.
- Monitoring
Config AttachedCluster Monitoring Config Args - Monitoring configuration.
- Name
- The name of this resource.
- Oidc
Config AttachedCluster Oidc Config Args - OIDC discovery information of the target cluster.
Kubernetes Service Account (KSA) tokens are JWT tokens signed by the cluster
API server. This fields indicates how GCP services
validate KSA tokens in order to allow system workloads (such as GKE Connect
and telemetry agents) to authenticate back to GCP.
Both clusters with public and private issuer URLs are supported.
Clusters with public issuers only need to specify the
issuer_urlfield while clusters with private issuers need to provide bothissuer_urlandjwks. Structure is documented below. - Platform
Version string - The platform version for the cluster (e.g.
1.23.0-gke.1). - Project
- Proxy
Config AttachedCluster Proxy Config Args - Support for proxy configuration.
- Reconciling bool
- If set, there are currently changes in flight to the cluster.
- Security
Posture AttachedConfig Cluster Security Posture Config Args - Enable/Disable Security Posture API features for the cluster.
- State string
- The current state of the cluster. Possible values: STATE_UNSPECIFIED, PROVISIONING, RUNNING, RECONCILING, STOPPING, ERROR, DEGRADED
- Uid string
- A globally unique identifier for the cluster.
- Update
Time string - The time at which this cluster was last updated.
- Workload
Identity []AttachedConfigs Cluster Workload Identity Config Args - Workload Identity settings. Structure is documented below.
- annotations Map<String,String>
- Optional. Annotations on the cluster. This field has the same restrictions as Kubernetes annotations. The total size of all keys and values combined is limited to 256k. Key can have 2 segments: prefix (optional) and name (required), separated by a slash (/). Prefix must be a DNS subdomain. Name must be 63 characters or less, begin and end with alphanumerics, with dashes (-), underscores (_), dots (.), and alphanumerics between. Note: This field is non-authoritative, and will only manage the annotations present in your configuration. Please refer to the field 'effective_annotations' for all of the annotations present on the resource.
-
Attached
Cluster Authorization - Configuration related to the cluster RBAC settings.
-
Attached
Cluster Binary Authorization - Binary Authorization configuration.
- cluster
Region String - Output only. The region where this cluster runs. For EKS clusters, this is an AWS region. For AKS clusters, this is an Azure region.
- create
Time String - Output only. The time at which this cluster was created.
- deletion
Policy String - Policy to determine what flags to send on delete. Possible values: DELETE, DELETE_IGNORE_ERRORS
- description String
- A human readable description of this attached cluster. Cannot be longer than 255 UTF-8 encoded bytes.
- distribution
- The Kubernetes distribution of the underlying attached cluster. Supported values: "eks", "aks", "generic". The generic distribution provides the ability to register or migrate any CNCF conformant cluster.
- effective
Annotations Map<String,String> - errors
List<Attached
Cluster Error> - A set of errors found in the cluster. Structure is documented below.
- fleet
Attached
Cluster Fleet - Fleet configuration. Structure is documented below.
- kubernetes
Version String - The Kubernetes version of the cluster.
- location
- The location for the resource
- logging
Config AttachedCluster Logging Config - Logging configuration.
- monitoring
Config AttachedCluster Monitoring Config - Monitoring configuration.
- name
- The name of this resource.
- oidc
Config AttachedCluster Oidc Config - OIDC discovery information of the target cluster.
Kubernetes Service Account (KSA) tokens are JWT tokens signed by the cluster
API server. This fields indicates how GCP services
validate KSA tokens in order to allow system workloads (such as GKE Connect
and telemetry agents) to authenticate back to GCP.
Both clusters with public and private issuer URLs are supported.
Clusters with public issuers only need to specify the
issuer_urlfield while clusters with private issuers need to provide bothissuer_urlandjwks. Structure is documented below. - platform
Version String - The platform version for the cluster (e.g.
1.23.0-gke.1). - project
- proxy
Config AttachedCluster Proxy Config - Support for proxy configuration.
- reconciling Boolean
- If set, there are currently changes in flight to the cluster.
- security
Posture AttachedConfig Cluster Security Posture Config - Enable/Disable Security Posture API features for the cluster.
- state String
- The current state of the cluster. Possible values: STATE_UNSPECIFIED, PROVISIONING, RUNNING, RECONCILING, STOPPING, ERROR, DEGRADED
- uid String
- A globally unique identifier for the cluster.
- update
Time String - The time at which this cluster was last updated.
- workload
Identity List<AttachedConfigs Cluster Workload Identity Config> - Workload Identity settings. Structure is documented below.
- annotations {[key: string]: string}
- Optional. Annotations on the cluster. This field has the same restrictions as Kubernetes annotations. The total size of all keys and values combined is limited to 256k. Key can have 2 segments: prefix (optional) and name (required), separated by a slash (/). Prefix must be a DNS subdomain. Name must be 63 characters or less, begin and end with alphanumerics, with dashes (-), underscores (_), dots (.), and alphanumerics between. Note: This field is non-authoritative, and will only manage the annotations present in your configuration. Please refer to the field 'effective_annotations' for all of the annotations present on the resource.
-
Attached
Cluster Authorization - Configuration related to the cluster RBAC settings.
-
Attached
Cluster Binary Authorization - Binary Authorization configuration.
- cluster
Region string - Output only. The region where this cluster runs. For EKS clusters, this is an AWS region. For AKS clusters, this is an Azure region.
- create
Time string - Output only. The time at which this cluster was created.
- deletion
Policy string - Policy to determine what flags to send on delete. Possible values: DELETE, DELETE_IGNORE_ERRORS
- description string
- A human readable description of this attached cluster. Cannot be longer than 255 UTF-8 encoded bytes.
- distribution
- The Kubernetes distribution of the underlying attached cluster. Supported values: "eks", "aks", "generic". The generic distribution provides the ability to register or migrate any CNCF conformant cluster.
- effective
Annotations {[key: string]: string} - errors
Attached
Cluster Error[] - A set of errors found in the cluster. Structure is documented below.
- fleet
Attached
Cluster Fleet - Fleet configuration. Structure is documented below.
- kubernetes
Version string - The Kubernetes version of the cluster.
- location
- The location for the resource
- logging
Config AttachedCluster Logging Config - Logging configuration.
- monitoring
Config AttachedCluster Monitoring Config - Monitoring configuration.
- name
- The name of this resource.
- oidc
Config AttachedCluster Oidc Config - OIDC discovery information of the target cluster.
Kubernetes Service Account (KSA) tokens are JWT tokens signed by the cluster
API server. This fields indicates how GCP services
validate KSA tokens in order to allow system workloads (such as GKE Connect
and telemetry agents) to authenticate back to GCP.
Both clusters with public and private issuer URLs are supported.
Clusters with public issuers only need to specify the
issuer_urlfield while clusters with private issuers need to provide bothissuer_urlandjwks. Structure is documented below. - platform
Version string - The platform version for the cluster (e.g.
1.23.0-gke.1). - project
- proxy
Config AttachedCluster Proxy Config - Support for proxy configuration.
- reconciling boolean
- If set, there are currently changes in flight to the cluster.
- security
Posture AttachedConfig Cluster Security Posture Config - Enable/Disable Security Posture API features for the cluster.
- state string
- The current state of the cluster. Possible values: STATE_UNSPECIFIED, PROVISIONING, RUNNING, RECONCILING, STOPPING, ERROR, DEGRADED
- uid string
- A globally unique identifier for the cluster.
- update
Time string - The time at which this cluster was last updated.
- workload
Identity AttachedConfigs Cluster Workload Identity Config[] - Workload Identity settings. Structure is documented below.
- annotations Mapping[str, str]
- Optional. Annotations on the cluster. This field has the same restrictions as Kubernetes annotations. The total size of all keys and values combined is limited to 256k. Key can have 2 segments: prefix (optional) and name (required), separated by a slash (/). Prefix must be a DNS subdomain. Name must be 63 characters or less, begin and end with alphanumerics, with dashes (-), underscores (_), dots (.), and alphanumerics between. Note: This field is non-authoritative, and will only manage the annotations present in your configuration. Please refer to the field 'effective_annotations' for all of the annotations present on the resource.
-
Attached
Cluster Authorization Args - Configuration related to the cluster RBAC settings.
-
Attached
Cluster Binary Authorization Args - Binary Authorization configuration.
- cluster_
region str - Output only. The region where this cluster runs. For EKS clusters, this is an AWS region. For AKS clusters, this is an Azure region.
- create_
time str - Output only. The time at which this cluster was created.
- deletion_
policy str - Policy to determine what flags to send on delete. Possible values: DELETE, DELETE_IGNORE_ERRORS
- description str
- A human readable description of this attached cluster. Cannot be longer than 255 UTF-8 encoded bytes.
- distribution
- The Kubernetes distribution of the underlying attached cluster. Supported values: "eks", "aks", "generic". The generic distribution provides the ability to register or migrate any CNCF conformant cluster.
- effective_
annotations Mapping[str, str] - errors
Sequence[Attached
Cluster Error Args] - A set of errors found in the cluster. Structure is documented below.
- fleet
Attached
Cluster Fleet Args - Fleet configuration. Structure is documented below.
- kubernetes_
version str - The Kubernetes version of the cluster.
- location
- The location for the resource
- logging_
config AttachedCluster Logging Config Args - Logging configuration.
- monitoring_
config AttachedCluster Monitoring Config Args - Monitoring configuration.
- name
- The name of this resource.
- oidc_
config AttachedCluster Oidc Config Args - OIDC discovery information of the target cluster.
Kubernetes Service Account (KSA) tokens are JWT tokens signed by the cluster
API server. This fields indicates how GCP services
validate KSA tokens in order to allow system workloads (such as GKE Connect
and telemetry agents) to authenticate back to GCP.
Both clusters with public and private issuer URLs are supported.
Clusters with public issuers only need to specify the
issuer_urlfield while clusters with private issuers need to provide bothissuer_urlandjwks. Structure is documented below. - platform_
version str - The platform version for the cluster (e.g.
1.23.0-gke.1). - project
- proxy_
config AttachedCluster Proxy Config Args - Support for proxy configuration.
- reconciling bool
- If set, there are currently changes in flight to the cluster.
- security_
posture_ Attachedconfig Cluster Security Posture Config Args - Enable/Disable Security Posture API features for the cluster.
- state str
- The current state of the cluster. Possible values: STATE_UNSPECIFIED, PROVISIONING, RUNNING, RECONCILING, STOPPING, ERROR, DEGRADED
- uid str
- A globally unique identifier for the cluster.
- update_
time str - The time at which this cluster was last updated.
- workload_
identity_ Sequence[Attachedconfigs Cluster Workload Identity Config Args] - Workload Identity settings. Structure is documented below.
- annotations Map<String>
- Optional. Annotations on the cluster. This field has the same restrictions as Kubernetes annotations. The total size of all keys and values combined is limited to 256k. Key can have 2 segments: prefix (optional) and name (required), separated by a slash (/). Prefix must be a DNS subdomain. Name must be 63 characters or less, begin and end with alphanumerics, with dashes (-), underscores (_), dots (.), and alphanumerics between. Note: This field is non-authoritative, and will only manage the annotations present in your configuration. Please refer to the field 'effective_annotations' for all of the annotations present on the resource.
- Property Map
- Configuration related to the cluster RBAC settings.
- Property Map
- Binary Authorization configuration.
- cluster
Region String - Output only. The region where this cluster runs. For EKS clusters, this is an AWS region. For AKS clusters, this is an Azure region.
- create
Time String - Output only. The time at which this cluster was created.
- deletion
Policy String - Policy to determine what flags to send on delete. Possible values: DELETE, DELETE_IGNORE_ERRORS
- description String
- A human readable description of this attached cluster. Cannot be longer than 255 UTF-8 encoded bytes.
- distribution
- The Kubernetes distribution of the underlying attached cluster. Supported values: "eks", "aks", "generic". The generic distribution provides the ability to register or migrate any CNCF conformant cluster.
- effective
Annotations Map<String> - errors List<Property Map>
- A set of errors found in the cluster. Structure is documented below.
- fleet Property Map
- Fleet configuration. Structure is documented below.
- kubernetes
Version String - The Kubernetes version of the cluster.
- location
- The location for the resource
- logging
Config Property Map - Logging configuration.
- monitoring
Config Property Map - Monitoring configuration.
- name
- The name of this resource.
- oidc
Config Property Map - OIDC discovery information of the target cluster.
Kubernetes Service Account (KSA) tokens are JWT tokens signed by the cluster
API server. This fields indicates how GCP services
validate KSA tokens in order to allow system workloads (such as GKE Connect
and telemetry agents) to authenticate back to GCP.
Both clusters with public and private issuer URLs are supported.
Clusters with public issuers only need to specify the
issuer_urlfield while clusters with private issuers need to provide bothissuer_urlandjwks. Structure is documented below. - platform
Version String - The platform version for the cluster (e.g.
1.23.0-gke.1). - project
- proxy
Config Property Map - Support for proxy configuration.
- reconciling Boolean
- If set, there are currently changes in flight to the cluster.
- security
Posture Property MapConfig - Enable/Disable Security Posture API features for the cluster.
- state String
- The current state of the cluster. Possible values: STATE_UNSPECIFIED, PROVISIONING, RUNNING, RECONCILING, STOPPING, ERROR, DEGRADED
- uid String
- A globally unique identifier for the cluster.
- update
Time String - The time at which this cluster was last updated.
- workload
Identity List<Property Map>Configs - Workload Identity settings. Structure is documented below.
Supporting Types
AttachedClusterAuthorization, AttachedClusterAuthorizationArgs
, AttachedClusterAuthorizationArgs
- Admin
Groups List<string> - Groups that can perform operations as a cluster admin. A managed
ClusterRoleBinding will be created to grant the
cluster-adminClusterRole to the groups. Up to ten admin groups can be provided. For more info on RBAC, see https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles - Admin
Users List<string> - Users that can perform operations as a cluster admin. A managed
ClusterRoleBinding will be created to grant the
cluster-adminClusterRole to the users. Up to ten admin users can be provided. For more info on RBAC, see https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles
- Admin
Groups []string - Groups that can perform operations as a cluster admin. A managed
ClusterRoleBinding will be created to grant the
cluster-adminClusterRole to the groups. Up to ten admin groups can be provided. For more info on RBAC, see https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles - Admin
Users []string - Users that can perform operations as a cluster admin. A managed
ClusterRoleBinding will be created to grant the
cluster-adminClusterRole to the users. Up to ten admin users can be provided. For more info on RBAC, see https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles
- admin
Groups List<String> - Groups that can perform operations as a cluster admin. A managed
ClusterRoleBinding will be created to grant the
cluster-adminClusterRole to the groups. Up to ten admin groups can be provided. For more info on RBAC, see https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles - admin
Users List<String> - Users that can perform operations as a cluster admin. A managed
ClusterRoleBinding will be created to grant the
cluster-adminClusterRole to the users. Up to ten admin users can be provided. For more info on RBAC, see https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles
- admin
Groups string[] - Groups that can perform operations as a cluster admin. A managed
ClusterRoleBinding will be created to grant the
cluster-adminClusterRole to the groups. Up to ten admin groups can be provided. For more info on RBAC, see https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles - admin
Users string[] - Users that can perform operations as a cluster admin. A managed
ClusterRoleBinding will be created to grant the
cluster-adminClusterRole to the users. Up to ten admin users can be provided. For more info on RBAC, see https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles
- admin_
groups Sequence[str] - Groups that can perform operations as a cluster admin. A managed
ClusterRoleBinding will be created to grant the
cluster-adminClusterRole to the groups. Up to ten admin groups can be provided. For more info on RBAC, see https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles - admin_
users Sequence[str] - Users that can perform operations as a cluster admin. A managed
ClusterRoleBinding will be created to grant the
cluster-adminClusterRole to the users. Up to ten admin users can be provided. For more info on RBAC, see https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles
- admin
Groups List<String> - Groups that can perform operations as a cluster admin. A managed
ClusterRoleBinding will be created to grant the
cluster-adminClusterRole to the groups. Up to ten admin groups can be provided. For more info on RBAC, see https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles - admin
Users List<String> - Users that can perform operations as a cluster admin. A managed
ClusterRoleBinding will be created to grant the
cluster-adminClusterRole to the users. Up to ten admin users can be provided. For more info on RBAC, see https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles
AttachedClusterBinaryAuthorization, AttachedClusterBinaryAuthorizationArgs
, AttachedClusterBinaryAuthorizationArgs
- Evaluation
Mode string - Configure Binary Authorization evaluation mode.
Possible values are:
DISABLED,PROJECT_SINGLETON_POLICY_ENFORCE.
- Evaluation
Mode string - Configure Binary Authorization evaluation mode.
Possible values are:
DISABLED,PROJECT_SINGLETON_POLICY_ENFORCE.
- evaluation
Mode String - Configure Binary Authorization evaluation mode.
Possible values are:
DISABLED,PROJECT_SINGLETON_POLICY_ENFORCE.
- evaluation
Mode string - Configure Binary Authorization evaluation mode.
Possible values are:
DISABLED,PROJECT_SINGLETON_POLICY_ENFORCE.
- evaluation_
mode str - Configure Binary Authorization evaluation mode.
Possible values are:
DISABLED,PROJECT_SINGLETON_POLICY_ENFORCE.
- evaluation
Mode String - Configure Binary Authorization evaluation mode.
Possible values are:
DISABLED,PROJECT_SINGLETON_POLICY_ENFORCE.
AttachedClusterError, AttachedClusterErrorArgs
, AttachedClusterErrorArgs
- Message string
- Human-friendly description of the error.
- Message string
- Human-friendly description of the error.
- message String
- Human-friendly description of the error.
- message string
- Human-friendly description of the error.
- message str
- Human-friendly description of the error.
- message String
- Human-friendly description of the error.
AttachedClusterFleet, AttachedClusterFleetArgs
, AttachedClusterFleetArgs
- Project
string
This property is required. Changes to this property will trigger replacement. - The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- Membership string
- (Output) The name of the managed Hub Membership resource associated to this cluster. Membership names are formatted as projects//locations/global/membership/.
- Project
string
This property is required. Changes to this property will trigger replacement. - The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- Membership string
- (Output) The name of the managed Hub Membership resource associated to this cluster. Membership names are formatted as projects//locations/global/membership/.
- project
String
This property is required. Changes to this property will trigger replacement. - The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- membership String
- (Output) The name of the managed Hub Membership resource associated to this cluster. Membership names are formatted as projects//locations/global/membership/.
- project
string
This property is required. Changes to this property will trigger replacement. - The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- membership string
- (Output) The name of the managed Hub Membership resource associated to this cluster. Membership names are formatted as projects//locations/global/membership/.
- project
str
This property is required. Changes to this property will trigger replacement. - The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- membership str
- (Output) The name of the managed Hub Membership resource associated to this cluster. Membership names are formatted as projects//locations/global/membership/.
- project
String
This property is required. Changes to this property will trigger replacement. - The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- membership String
- (Output) The name of the managed Hub Membership resource associated to this cluster. Membership names are formatted as projects//locations/global/membership/.
AttachedClusterLoggingConfig, AttachedClusterLoggingConfigArgs
, AttachedClusterLoggingConfigArgs
- Component
Config AttachedCluster Logging Config Component Config - The configuration of the logging components Structure is documented below.
- Component
Config AttachedCluster Logging Config Component Config - The configuration of the logging components Structure is documented below.
- component
Config AttachedCluster Logging Config Component Config - The configuration of the logging components Structure is documented below.
- component
Config AttachedCluster Logging Config Component Config - The configuration of the logging components Structure is documented below.
- component_
config AttachedCluster Logging Config Component Config - The configuration of the logging components Structure is documented below.
- component
Config Property Map - The configuration of the logging components Structure is documented below.
AttachedClusterLoggingConfigComponentConfig, AttachedClusterLoggingConfigComponentConfigArgs
, AttachedClusterLoggingConfigComponentConfigArgs
- Enable
Components List<string> - The components to be enabled.
Each value may be one of:
SYSTEM_COMPONENTS,WORKLOADS.
- Enable
Components []string - The components to be enabled.
Each value may be one of:
SYSTEM_COMPONENTS,WORKLOADS.
- enable
Components List<String> - The components to be enabled.
Each value may be one of:
SYSTEM_COMPONENTS,WORKLOADS.
- enable
Components string[] - The components to be enabled.
Each value may be one of:
SYSTEM_COMPONENTS,WORKLOADS.
- enable_
components Sequence[str] - The components to be enabled.
Each value may be one of:
SYSTEM_COMPONENTS,WORKLOADS.
- enable
Components List<String> - The components to be enabled.
Each value may be one of:
SYSTEM_COMPONENTS,WORKLOADS.
AttachedClusterMonitoringConfig, AttachedClusterMonitoringConfigArgs
, AttachedClusterMonitoringConfigArgs
- Managed
Prometheus AttachedConfig Cluster Monitoring Config Managed Prometheus Config - Enable Google Cloud Managed Service for Prometheus in the cluster. Structure is documented below.
- Managed
Prometheus AttachedConfig Cluster Monitoring Config Managed Prometheus Config - Enable Google Cloud Managed Service for Prometheus in the cluster. Structure is documented below.
- managed
Prometheus AttachedConfig Cluster Monitoring Config Managed Prometheus Config - Enable Google Cloud Managed Service for Prometheus in the cluster. Structure is documented below.
- managed
Prometheus AttachedConfig Cluster Monitoring Config Managed Prometheus Config - Enable Google Cloud Managed Service for Prometheus in the cluster. Structure is documented below.
- managed_
prometheus_ Attachedconfig Cluster Monitoring Config Managed Prometheus Config - Enable Google Cloud Managed Service for Prometheus in the cluster. Structure is documented below.
- managed
Prometheus Property MapConfig - Enable Google Cloud Managed Service for Prometheus in the cluster. Structure is documented below.
AttachedClusterMonitoringConfigManagedPrometheusConfig, AttachedClusterMonitoringConfigManagedPrometheusConfigArgs
, AttachedClusterMonitoringConfigManagedPrometheusConfigArgs
- Enabled bool
- Enable Managed Collection.
- Enabled bool
- Enable Managed Collection.
- enabled Boolean
- Enable Managed Collection.
- enabled boolean
- Enable Managed Collection.
- enabled bool
- Enable Managed Collection.
- enabled Boolean
- Enable Managed Collection.
AttachedClusterOidcConfig, AttachedClusterOidcConfigArgs
, AttachedClusterOidcConfigArgs
- issuer_
url strThis property is required. Changes to this property will trigger replacement. - A JSON Web Token (JWT) issuer URI.
issuermust start withhttps:// - jwks
- OIDC verification keys in JWKS format (RFC 7517).
AttachedClusterProxyConfig, AttachedClusterProxyConfigArgs
, AttachedClusterProxyConfigArgs
- Kubernetes
Secret AttachedCluster Proxy Config Kubernetes Secret - The Kubernetes Secret resource that contains the HTTP(S) proxy configuration. Structure is documented below.
- Kubernetes
Secret AttachedCluster Proxy Config Kubernetes Secret - The Kubernetes Secret resource that contains the HTTP(S) proxy configuration. Structure is documented below.
- kubernetes
Secret AttachedCluster Proxy Config Kubernetes Secret - The Kubernetes Secret resource that contains the HTTP(S) proxy configuration. Structure is documented below.
- kubernetes
Secret AttachedCluster Proxy Config Kubernetes Secret - The Kubernetes Secret resource that contains the HTTP(S) proxy configuration. Structure is documented below.
- kubernetes_
secret AttachedCluster Proxy Config Kubernetes Secret - The Kubernetes Secret resource that contains the HTTP(S) proxy configuration. Structure is documented below.
- kubernetes
Secret Property Map - The Kubernetes Secret resource that contains the HTTP(S) proxy configuration. Structure is documented below.
AttachedClusterProxyConfigKubernetesSecret, AttachedClusterProxyConfigKubernetesSecretArgs
, AttachedClusterProxyConfigKubernetesSecretArgs
AttachedClusterSecurityPostureConfig, AttachedClusterSecurityPostureConfigArgs
, AttachedClusterSecurityPostureConfigArgs
- Vulnerability
Mode This property is required. string - Sets the mode of the Kubernetes security posture API's workload vulnerability scanning.
Possible values are:
VULNERABILITY_DISABLED,VULNERABILITY_ENTERPRISE.
- Vulnerability
Mode This property is required. string - Sets the mode of the Kubernetes security posture API's workload vulnerability scanning.
Possible values are:
VULNERABILITY_DISABLED,VULNERABILITY_ENTERPRISE.
- vulnerability
Mode This property is required. String - Sets the mode of the Kubernetes security posture API's workload vulnerability scanning.
Possible values are:
VULNERABILITY_DISABLED,VULNERABILITY_ENTERPRISE.
- vulnerability
Mode This property is required. string - Sets the mode of the Kubernetes security posture API's workload vulnerability scanning.
Possible values are:
VULNERABILITY_DISABLED,VULNERABILITY_ENTERPRISE.
- vulnerability_
mode This property is required. str - Sets the mode of the Kubernetes security posture API's workload vulnerability scanning.
Possible values are:
VULNERABILITY_DISABLED,VULNERABILITY_ENTERPRISE.
- vulnerability
Mode This property is required. String - Sets the mode of the Kubernetes security posture API's workload vulnerability scanning.
Possible values are:
VULNERABILITY_DISABLED,VULNERABILITY_ENTERPRISE.
AttachedClusterWorkloadIdentityConfig, AttachedClusterWorkloadIdentityConfigArgs
, AttachedClusterWorkloadIdentityConfigArgs
- Identity
Provider string - The ID of the OIDC Identity Provider (IdP) associated to the Workload Identity Pool.
- Issuer
Uri string - The OIDC issuer URL for this cluster.
- Workload
Pool string - The Workload Identity Pool associated to the cluster.
- Identity
Provider string - The ID of the OIDC Identity Provider (IdP) associated to the Workload Identity Pool.
- Issuer
Uri string - The OIDC issuer URL for this cluster.
- Workload
Pool string - The Workload Identity Pool associated to the cluster.
- identity
Provider String - The ID of the OIDC Identity Provider (IdP) associated to the Workload Identity Pool.
- issuer
Uri String - The OIDC issuer URL for this cluster.
- workload
Pool String - The Workload Identity Pool associated to the cluster.
- identity
Provider string - The ID of the OIDC Identity Provider (IdP) associated to the Workload Identity Pool.
- issuer
Uri string - The OIDC issuer URL for this cluster.
- workload
Pool string - The Workload Identity Pool associated to the cluster.
- identity_
provider str - The ID of the OIDC Identity Provider (IdP) associated to the Workload Identity Pool.
- issuer_
uri str - The OIDC issuer URL for this cluster.
- workload_
pool str - The Workload Identity Pool associated to the cluster.
- identity
Provider String - The ID of the OIDC Identity Provider (IdP) associated to the Workload Identity Pool.
- issuer
Uri String - The OIDC issuer URL for this cluster.
- workload
Pool String - The Workload Identity Pool associated to the cluster.
Import
Cluster can be imported using any of these accepted formats:
projects/{{project}}/locations/{{location}}/attachedClusters/{{name}}{{project}}/{{location}}/{{name}}{{location}}/{{name}}
When using the pulumi import command, Cluster can be imported using one of the formats above. For example:
$ pulumi import gcp:container/attachedCluster:AttachedCluster default projects/{{project}}/locations/{{location}}/attachedClusters/{{name}}
$ pulumi import gcp:container/attachedCluster:AttachedCluster default {{project}}/{{location}}/{{name}}
$ pulumi import gcp:container/attachedCluster:AttachedCluster default {{location}}/{{name}}
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Google Cloud (GCP) Classic pulumi/pulumi-gcp
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
google-betaTerraform Provider.
- Example Usage
- Container Attached Cluster Basic
- Container Attached Cluster Full
- Container Attached Cluster Ignore Errors
- Create AttachedCluster Resource
- Constructor syntax
- Constructor example
- AttachedCluster Resource Properties
- Inputs
- Outputs
- Look up Existing AttachedCluster Resource
- Supporting Types
- Import
- Package Details