Skip to main content

clusters

Creates, updates, deletes, gets or lists a clusters resource.

Overview

Nameclusters
TypeResource
Idgoogle.container.clusters

Fields

The following fields are returned by SELECT queries:

Successful response

NameDatatypeDescription
idstringOutput only. Unique id for the cluster.
namestringThe name of this cluster. The name must be unique within this project and location (e.g. zone or region), and can be up to 40 characters with the following restrictions: * Lowercase letters, numbers, and hyphens only. * Must start with a letter. * Must end with a number or a letter.
addonsConfigobjectConfigurations for the various addons available to run in the cluster. (id: AddonsConfig)
alphaClusterFeatureGatesarrayThe list of user specified Kubernetes feature gates. Each string represents the activation status of a feature gate (e.g. "featureX=true" or "featureX=false")
anonymousAuthenticationConfigobjectConfiguration for limiting anonymous access to all endpoints except the health checks. (id: AnonymousAuthenticationConfig)
authenticatorGroupsConfigobjectConfiguration controlling RBAC group membership information. (id: AuthenticatorGroupsConfig)
autopilotobjectAutopilot configuration for the cluster. (id: Autopilot)
autoscalingobjectCluster-level autoscaling configuration. (id: ClusterAutoscaling)
binaryAuthorizationobjectConfiguration for Binary Authorization. (id: BinaryAuthorization)
clusterIpv4CidrstringThe IP address range of the container pods in this cluster, in CIDR notation (e.g. 10.96.0.0/14). Leave blank to have one automatically chosen or specify a /14 block in 10.0.0.0/8.
compliancePostureConfigobjectEnable/Disable Compliance Posture features for the cluster. (id: CompliancePostureConfig)
conditionsarrayWhich conditions caused the current cluster state.
confidentialNodesobjectConfiguration of Confidential Nodes. All the nodes in the cluster will be Confidential VM once enabled. (id: ConfidentialNodes)
controlPlaneEndpointsConfigobjectConfiguration for all cluster's control plane endpoints. (id: ControlPlaneEndpointsConfig)
costManagementConfigobjectConfiguration for the fine-grained cost management feature. (id: CostManagementConfig)
createTimestringOutput only. The time the cluster was created, in RFC3339 text format.
currentMasterVersionstringOutput only. The current software version of the master endpoint.
currentNodeCountinteger (int32)Output only. The number of nodes currently in the cluster. Deprecated. Call Kubernetes API directly to retrieve node information.
currentNodeVersionstringOutput only. Deprecated, use NodePools.version instead. The current version of the node software components. If they are currently at multiple versions because they're in the process of being upgraded, this reflects the minimum version of all nodes.
databaseEncryptionobjectConfiguration of etcd encryption. (id: DatabaseEncryption)
defaultMaxPodsConstraintobjectThe default constraint on the maximum number of pods that can be run simultaneously on a node in the node pool of this cluster. Only honored if cluster created with IP Alias support. (id: MaxPodsConstraint)
descriptionstringAn optional description of this cluster.
enableK8sBetaApisobjectBeta APIs Config (id: K8sBetaAPIConfig)
enableKubernetesAlphabooleanKubernetes alpha features are enabled on this cluster. This includes alpha API groups (e.g. v1alpha1) and features that may not be production ready in the kubernetes version of the master and nodes. The cluster has no SLA for uptime and master/node upgrades are disabled. Alpha enabled clusters are automatically deleted thirty days after creation.
enableTpubooleanEnable the ability to use Cloud TPUs in this cluster. This field is deprecated due to the deprecation of 2VM TPU. The end of life date for 2VM TPU is 2025-04-25.
endpointstringOutput only. The IP address of this cluster's master endpoint. The endpoint can be accessed from the internet at https://username:password@endpoint/. See the masterAuth property of this resource for username and password information.
enterpriseConfigobjectGKE Enterprise Configuration. (id: EnterpriseConfig)
etagstringThis checksum is computed by the server based on the value of cluster fields, and may be sent on update requests to ensure the client has an up-to-date value before proceeding.
expireTimestringOutput only. The time the cluster will be automatically deleted in RFC3339 text format.
fleetobjectFleet information for the cluster. (id: Fleet)
gkeAutoUpgradeConfigobjectConfiguration for GKE auto upgrades. (id: GkeAutoUpgradeConfig)
identityServiceConfigobjectConfiguration for Identity Service component. (id: IdentityServiceConfig)
initialClusterVersionstringThe initial Kubernetes version for this cluster. Valid versions are those found in validMasterVersions returned by getServerConfig. The version can be upgraded over time; such upgrades are reflected in currentMasterVersion and currentNodeVersion. Users may specify either explicit versions offered by Kubernetes Engine or version aliases, which have the following behavior: - "latest": picks the highest valid Kubernetes version - "1.X": picks the highest valid patch+gke.N patch in the 1.X version - "1.X.Y": picks the highest valid gke.N patch in the 1.X.Y version - "1.X.Y-gke.N": picks an explicit Kubernetes version - "","-": picks the default Kubernetes version
initialNodeCountinteger (int32)The number of nodes to create in this cluster. You must ensure that your Compute Engine resource quota is sufficient for this number of instances. You must also have available firewall and routes quota. For requests, this field should only be used in lieu of a "node_pool" object, since this configuration (along with the "node_config") will be used to create a "NodePool" object with an auto-generated name. Do not use this and a node_pool at the same time. This field is deprecated, use node_pool.initial_node_count instead.
instanceGroupUrlsarrayOutput only. Deprecated. Use node_pools.instance_group_urls.
ipAllocationPolicyobjectConfiguration for cluster IP allocation. (id: IPAllocationPolicy)
labelFingerprintstringThe fingerprint of the set of labels for this cluster.
legacyAbacobjectConfiguration for the legacy ABAC authorization mode. (id: LegacyAbac)
locationstringOutput only. The name of the Google Compute Engine zone or region in which the cluster resides.
locationsarrayThe list of Google Compute Engine zones in which the cluster's nodes should be located. This field provides a default value if NodePool.Locations are not specified during node pool creation. Warning: changing cluster locations will update the NodePool.Locations of all node pools and will result in nodes being added and/or removed.
loggingConfigobjectLogging configuration for the cluster. (id: LoggingConfig)
loggingServicestringThe logging service the cluster should use to write logs. Currently available options: * logging.googleapis.com/kubernetes - The Cloud Logging service with a Kubernetes-native resource model * logging.googleapis.com - The legacy Cloud Logging service (no longer available as of GKE 1.15). * none - no logs will be exported from the cluster. If left as an empty string,logging.googleapis.com/kubernetes will be used for GKE 1.14+ or logging.googleapis.com for earlier versions.
maintenancePolicyobjectConfigure the maintenance policy for this cluster. (id: MaintenancePolicy)
masterAuthobjectThe authentication information for accessing the master endpoint. If unspecified, the defaults are used: For clusters before v1.12, if master_auth is unspecified, username will be set to "admin", a random password will be generated, and a client certificate will be issued. (id: MasterAuth)
masterAuthorizedNetworksConfigobjectThe configuration options for master authorized networks feature. Deprecated: Use ControlPlaneEndpointsConfig.IPEndpointsConfig.authorized_networks_config instead. (id: MasterAuthorizedNetworksConfig)
meshCertificatesobjectConfiguration for issuance of mTLS keys and certificates to Kubernetes pods. (id: MeshCertificates)
monitoringConfigobjectMonitoring configuration for the cluster. (id: MonitoringConfig)
monitoringServicestringThe monitoring service the cluster should use to write metrics. Currently available options: * monitoring.googleapis.com/kubernetes - The Cloud Monitoring service with a Kubernetes-native resource model * monitoring.googleapis.com - The legacy Cloud Monitoring service (no longer available as of GKE 1.15). * none - No metrics will be exported from the cluster. If left as an empty string,monitoring.googleapis.com/kubernetes will be used for GKE 1.14+ or monitoring.googleapis.com for earlier versions.
networkstringThe name of the Google Compute Engine network to which the cluster is connected. If left unspecified, the default network will be used.
networkConfigobjectConfiguration for cluster networking. (id: NetworkConfig)
networkPolicyobjectConfiguration options for the NetworkPolicy feature. (id: NetworkPolicy)
nodeConfigobjectParameters used in creating the cluster's nodes. For requests, this field should only be used in lieu of a "node_pool" object, since this configuration (along with the "initial_node_count") will be used to create a "NodePool" object with an auto-generated name. Do not use this and a node_pool at the same time. For responses, this field will be populated with the node configuration of the first node pool. (For configuration of each node pool, see node_pool.config) If unspecified, the defaults are used. This field is deprecated, use node_pool.config instead. (id: NodeConfig)
nodeIpv4CidrSizeinteger (int32)Output only. The size of the address space on each node for hosting containers. This is provisioned from within the container_ipv4_cidr range. This field will only be set when cluster is in route-based network mode.
nodePoolAutoConfigobjectNode pool configs that apply to all auto-provisioned node pools in autopilot clusters and node auto-provisioning enabled clusters. (id: NodePoolAutoConfig)
nodePoolDefaultsobjectDefault NodePool settings for the entire cluster. These settings are overridden if specified on the specific NodePool object. (id: NodePoolDefaults)
nodePoolsarrayThe node pools associated with this cluster. This field should not be set if "node_config" or "initial_node_count" are specified.
notificationConfigobjectNotification configuration of the cluster. (id: NotificationConfig)
parentProductConfigobjectThe configuration of the parent product of the cluster. This field is used by Google internal products that are built on top of the GKE cluster and take the ownership of the cluster. (id: ParentProductConfig)
podAutoscalingobjectThe config for pod autoscaling. (id: PodAutoscaling)
privateClusterConfigobjectConfiguration for private cluster. (id: PrivateClusterConfig)
rbacBindingConfigobjectRBACBindingConfig allows user to restrict ClusterRoleBindings an RoleBindings that can be created. (id: RBACBindingConfig)
releaseChannelobjectRelease channel configuration. If left unspecified on cluster creation and a version is specified, the cluster is enrolled in the most mature release channel where the version is available (first checking STABLE, then REGULAR, and finally RAPID). Otherwise, if no release channel configuration and no version is specified, the cluster is enrolled in the REGULAR channel with its default version. (id: ReleaseChannel)
resourceLabelsobjectThe resource labels for the cluster to use to annotate any related Google Compute Engine resources.
resourceUsageExportConfigobjectConfiguration for exporting resource usages. Resource usage export is disabled when this config is unspecified. (id: ResourceUsageExportConfig)
satisfiesPzibooleanOutput only. Reserved for future use.
satisfiesPzsbooleanOutput only. Reserved for future use.
secretManagerConfigobjectSecret CSI driver configuration. (id: SecretManagerConfig)
securityPostureConfigobjectEnable/Disable Security Posture API features for the cluster. (id: SecurityPostureConfig)
selfLinkstringOutput only. Server-defined URL for the resource.
servicesIpv4CidrstringOutput only. The IP address range of the Kubernetes services in this cluster, in CIDR notation (e.g. 1.2.3.4/29). Service addresses are typically put in the last /16 from the container CIDR.
shieldedNodesobjectShielded Nodes configuration. (id: ShieldedNodes)
statusstringOutput only. The current status of this cluster.
statusMessagestringOutput only. Deprecated. Use conditions instead. Additional information about the current status of this cluster, if available.
subnetworkstringThe name of the Google Compute Engine subnetwork to which the cluster is connected.
tpuIpv4CidrBlockstringOutput only. The IP address range of the Cloud TPUs in this cluster, in CIDR notation (e.g. 1.2.3.4/29). This field is deprecated due to the deprecation of 2VM TPU. The end of life date for 2VM TPU is 2025-04-25.
userManagedKeysConfigobjectThe Custom keys configuration for the cluster. (id: UserManagedKeysConfig)
verticalPodAutoscalingobjectCluster-level Vertical Pod Autoscaling configuration. (id: VerticalPodAutoscaling)
workloadIdentityConfigobjectConfiguration for the use of Kubernetes Service Accounts in GCP IAM policies. (id: WorkloadIdentityConfig)
zonestringOutput only. The name of the Google Compute Engine zone in which the cluster resides. This field is deprecated, use location instead.

Methods

The following methods are available for this resource:

NameAccessible byRequired ParamsOptional ParamsDescription
projects_locations_clusters_getselectprojectsId, locationsId, clustersIdprojectId, zone, clusterIdGets the details of a specific cluster.
projects_zones_clusters_getselectprojectId, zone, clusterIdnameGets the details of a specific cluster.
projects_locations_clusters_listselectprojectsId, locationsIdprojectId, zoneLists all clusters owned by a project in either the specified zone or all zones.
projects_zones_clusters_listselectprojectId, zoneparentLists all clusters owned by a project in either the specified zone or all zones.
projects_locations_clusters_createinsertprojectsId, locationsIdCreates a cluster, consisting of the specified number and type of Google Compute Engine instances. By default, the cluster is created in the project's default network. One firewall is added for the cluster. After cluster creation, the Kubelet creates routes for each node to allow the containers on that node to communicate with all other instances in the cluster. Finally, an entry is added to the project's global metadata indicating which CIDR range the cluster is using.
projects_zones_clusters_createinsertprojectId, zoneCreates a cluster, consisting of the specified number and type of Google Compute Engine instances. By default, the cluster is created in the project's default network. One firewall is added for the cluster. After cluster creation, the Kubelet creates routes for each node to allow the containers on that node to communicate with all other instances in the cluster. Finally, an entry is added to the project's global metadata indicating which CIDR range the cluster is using.
projects_locations_clusters_updatereplaceprojectsId, locationsId, clustersIdUpdates the settings of a specific cluster.
projects_zones_clusters_updatereplaceprojectId, zone, clusterIdUpdates the settings of a specific cluster.
projects_locations_clusters_deletedeleteprojectsId, locationsId, clustersIdprojectId, zone, clusterIdDeletes the cluster, including the Kubernetes endpoint and all worker nodes. Firewalls and routes that were configured during cluster creation are also deleted. Other Google Compute Engine resources that might be in use by the cluster, such as load balancer resources, are not deleted if they weren't present when the cluster was initially created.
projects_zones_clusters_deletedeleteprojectId, zone, clusterIdnameDeletes the cluster, including the Kubernetes endpoint and all worker nodes. Firewalls and routes that were configured during cluster creation are also deleted. Other Google Compute Engine resources that might be in use by the cluster, such as load balancer resources, are not deleted if they weren't present when the cluster was initially created.
projects_locations_clusters_set_loggingexecprojectsId, locationsId, clustersIdSets the logging service for a specific cluster.
projects_locations_clusters_set_monitoringexecprojectsId, locationsId, clustersIdSets the monitoring service for a specific cluster.
projects_locations_clusters_set_addonsexecprojectsId, locationsId, clustersIdSets the addons for a specific cluster.
projects_locations_clusters_set_locationsexecprojectsId, locationsId, clustersIdSets the locations for a specific cluster. Deprecated. Use projects.locations.clusters.update instead.
projects_locations_clusters_update_masterexecprojectsId, locationsId, clustersIdUpdates the master for a specific cluster.
projects_locations_clusters_set_master_authexecprojectsId, locationsId, clustersIdSets master auth materials. Currently supports changing the admin password or a specific cluster, either via password generation or explicitly setting the password.
projects_locations_clusters_set_resource_labelsexecprojectsId, locationsId, clustersIdSets labels on a cluster.
projects_locations_clusters_set_legacy_abacexecprojectsId, locationsId, clustersIdEnables or disables the ABAC authorization mechanism on a cluster.
projects_locations_clusters_start_ip_rotationexecprojectsId, locationsId, clustersIdStarts master IP rotation.
projects_locations_clusters_complete_ip_rotationexecprojectsId, locationsId, clustersIdCompletes master IP rotation.
projects_locations_clusters_set_network_policyexecprojectsId, locationsId, clustersIdEnables or disables Network Policy for a cluster.
projects_locations_clusters_set_maintenance_policyexecprojectsId, locationsId, clustersIdSets the maintenance policy for a cluster.
projects_locations_clusters_check_autopilot_compatibilityexecprojectsId, locationsId, clustersIdChecks the cluster compatibility with Autopilot mode, and returns a list of compatibility issues.
projects_zones_clusters_loggingexecprojectId, zone, clusterIdSets the logging service for a specific cluster.
projects_zones_clusters_monitoringexecprojectId, zone, clusterIdSets the monitoring service for a specific cluster.
projects_zones_clusters_addonsexecprojectId, zone, clusterIdSets the addons for a specific cluster.
projects_zones_clusters_locationsexecprojectId, zone, clusterIdSets the locations for a specific cluster. Deprecated. Use projects.locations.clusters.update instead.
projects_zones_clusters_masterexecprojectId, zone, clusterIdUpdates the master for a specific cluster.
projects_zones_clusters_set_master_authexecprojectId, zone, clusterIdSets master auth materials. Currently supports changing the admin password or a specific cluster, either via password generation or explicitly setting the password.
projects_zones_clusters_resource_labelsexecprojectId, zone, clusterIdSets labels on a cluster.
projects_zones_clusters_legacy_abacexecprojectId, zone, clusterIdEnables or disables the ABAC authorization mechanism on a cluster.
projects_zones_clusters_start_ip_rotationexecprojectId, zone, clusterIdStarts master IP rotation.
projects_zones_clusters_complete_ip_rotationexecprojectId, zone, clusterIdCompletes master IP rotation.
projects_zones_clusters_set_network_policyexecprojectId, zone, clusterIdEnables or disables Network Policy for a cluster.
projects_zones_clusters_set_maintenance_policyexecprojectId, zone, clusterIdSets the maintenance policy for a cluster.

Parameters

Parameters can be passed in the WHERE clause of a query. Check the Methods section to see which parameters are required or optional for each operation.

NameDatatypeDescription
clusterIdstring
clustersIdstring
locationsIdstring
projectIdstring
projectsIdstring
zonestring
clusterIdstring
namestring
parentstring
projectIdstring
zonestring

SELECT examples

Gets the details of a specific cluster.

SELECT
id,
name,
addonsConfig,
alphaClusterFeatureGates,
anonymousAuthenticationConfig,
authenticatorGroupsConfig,
autopilot,
autoscaling,
binaryAuthorization,
clusterIpv4Cidr,
compliancePostureConfig,
conditions,
confidentialNodes,
controlPlaneEndpointsConfig,
costManagementConfig,
createTime,
currentMasterVersion,
currentNodeCount,
currentNodeVersion,
databaseEncryption,
defaultMaxPodsConstraint,
description,
enableK8sBetaApis,
enableKubernetesAlpha,
enableTpu,
endpoint,
enterpriseConfig,
etag,
expireTime,
fleet,
gkeAutoUpgradeConfig,
identityServiceConfig,
initialClusterVersion,
initialNodeCount,
instanceGroupUrls,
ipAllocationPolicy,
labelFingerprint,
legacyAbac,
location,
locations,
loggingConfig,
loggingService,
maintenancePolicy,
masterAuth,
masterAuthorizedNetworksConfig,
meshCertificates,
monitoringConfig,
monitoringService,
network,
networkConfig,
networkPolicy,
nodeConfig,
nodeIpv4CidrSize,
nodePoolAutoConfig,
nodePoolDefaults,
nodePools,
notificationConfig,
parentProductConfig,
podAutoscaling,
privateClusterConfig,
rbacBindingConfig,
releaseChannel,
resourceLabels,
resourceUsageExportConfig,
satisfiesPzi,
satisfiesPzs,
secretManagerConfig,
securityPostureConfig,
selfLink,
servicesIpv4Cidr,
shieldedNodes,
status,
statusMessage,
subnetwork,
tpuIpv4CidrBlock,
userManagedKeysConfig,
verticalPodAutoscaling,
workloadIdentityConfig,
zone
FROM google.container.clusters
WHERE projectsId = '{{ projectsId }}' -- required
AND locationsId = '{{ locationsId }}' -- required
AND clustersId = '{{ clustersId }}' -- required
AND projectId = '{{ projectId }}'
AND zone = '{{ zone }}'
AND clusterId = '{{ clusterId }}';

INSERT examples

Creates a cluster, consisting of the specified number and type of Google Compute Engine instances. By default, the cluster is created in the project's default network. One firewall is added for the cluster. After cluster creation, the Kubelet creates routes for each node to allow the containers on that node to communicate with all other instances in the cluster. Finally, an entry is added to the project's global metadata indicating which CIDR range the cluster is using.

INSERT INTO google.container.clusters (
data__projectId,
data__zone,
data__cluster,
data__parent,
projectsId,
locationsId
)
SELECT 
'{{ projectId }}',
'{{ zone }}',
'{{ cluster }}',
'{{ parent }}',
'{{ projectsId }}',
'{{ locationsId }}'
RETURNING
name,
clusterConditions,
detail,
endTime,
error,
location,
nodepoolConditions,
operationType,
progress,
selfLink,
startTime,
status,
statusMessage,
targetLink,
zone
;

REPLACE examples

Updates the settings of a specific cluster.

REPLACE google.container.clusters
SET 
data__projectId = '{{ projectId }}',
data__zone = '{{ zone }}',
data__clusterId = '{{ clusterId }}',
data__update = '{{ update }}',
data__name = '{{ name }}'
WHERE 
projectsId = '{{ projectsId }}' --required
AND locationsId = '{{ locationsId }}' --required
AND clustersId = '{{ clustersId }}' --required
RETURNING
name,
clusterConditions,
detail,
endTime,
error,
location,
nodepoolConditions,
operationType,
progress,
selfLink,
startTime,
status,
statusMessage,
targetLink,
zone;

DELETE examples

Deletes the cluster, including the Kubernetes endpoint and all worker nodes. Firewalls and routes that were configured during cluster creation are also deleted. Other Google Compute Engine resources that might be in use by the cluster, such as load balancer resources, are not deleted if they weren't present when the cluster was initially created.

DELETE FROM google.container.clusters
WHERE projectsId = '{{ projectsId }}' --required
AND locationsId = '{{ locationsId }}' --required
AND clustersId = '{{ clustersId }}' --required
AND projectId = '{{ projectId }}'
AND zone = '{{ zone }}'
AND clusterId = '{{ clusterId }}';

Lifecycle Methods

Sets the logging service for a specific cluster.

EXEC google.container.clusters.projects_locations_clusters_set_logging 
@projectsId='{{ projectsId }}' --required, 
@locationsId='{{ locationsId }}' --required, 
@clustersId='{{ clustersId }}' --required 
@@json=
'{
"projectId": "{{ projectId }}", 
"zone": "{{ zone }}", 
"clusterId": "{{ clusterId }}", 
"loggingService": "{{ loggingService }}", 
"name": "{{ name }}"
}';