Google Git
Sign in
third-party-mirror / terraform-provider-google-beta / b9c4dd45f637f009e6ebbee053c562b25e63e4f7 / . / v6.2.0 / website / docs / r / gkeonprem_bare_metal_cluster.html.markdown
blob: 27d9b70e172e3d320f9205908b02c7e58081398c [file] [log] [blame]
---
# ----------------------------------------------------------------------------
#
# *** AUTO GENERATED CODE *** Type: MMv1 ***
#
# ----------------------------------------------------------------------------
#
# This file is automatically generated by Magic Modules and manual
# changes will be clobbered when the file is regenerated.
#
# Please read more about how to change this file in
# .github/CONTRIBUTING.md.
#
# ----------------------------------------------------------------------------
subcategory: "Anthos On-Prem"
description: |-
A Google Bare Metal User Cluster.
---
# google_gkeonprem_bare_metal_cluster
A Google Bare Metal User Cluster.
## Example Usage - Gkeonprem Bare Metal Cluster Basic
```hcl
resource "google_gkeonprem_bare_metal_cluster" "cluster-basic" {
name = "my-cluster"
location = "us-west1"
admin_cluster_membership = "projects/870316890899/locations/global/memberships/gkeonprem-terraform-test"
bare_metal_version = "1.12.3"
network_config {
island_mode_cidr {
service_address_cidr_blocks = ["172.26.0.0/16"]
pod_address_cidr_blocks = ["10.240.0.0/13"]
}
}
control_plane {
control_plane_node_pool_config {
node_pool_config {
labels = {}
operating_system = "LINUX"
node_configs {
labels = {}
node_ip = "10.200.0.9"
}
}
}
}
load_balancer {
port_config {
control_plane_load_balancer_port = 443
}
vip_config {
control_plane_vip = "10.200.0.13"
ingress_vip = "10.200.0.14"
}
metal_lb_config {
address_pools {
pool = "pool1"
addresses = [
"10.200.0.14/32",
"10.200.0.15/32",
"10.200.0.16/32",
"10.200.0.17/32",
"10.200.0.18/32",
"fd00:1::f/128",
"fd00:1::10/128",
"fd00:1::11/128",
"fd00:1::12/128"
]
avoid_buggy_ips = true
manual_assign = true
}
}
}
storage {
lvp_share_config {
lvp_config {
path = "/mnt/localpv-share"
storage_class = "local-shared"
}
shared_path_pv_count = 5
}
lvp_node_mounts_config {
path = "/mnt/localpv-disk"
storage_class = "local-disks"
}
}
security_config {
authorization {
admin_users {
username = "admin@hashicorptest.com"
}
}
}
}
```
## Example Usage - Gkeonprem Bare Metal Cluster Manuallb
```hcl
resource "google_gkeonprem_bare_metal_cluster" "cluster-manuallb" {
name = "cluster-manuallb"
location = "us-west1"
admin_cluster_membership = "projects/870316890899/locations/global/memberships/gkeonprem-terraform-test"
bare_metal_version = "1.12.3"
network_config {
island_mode_cidr {
service_address_cidr_blocks = ["172.26.0.0/16"]
pod_address_cidr_blocks = ["10.240.0.0/13"]
}
}
control_plane {
control_plane_node_pool_config {
node_pool_config {
labels = {}
operating_system = "LINUX"
node_configs {
labels = {}
node_ip = "10.200.0.9"
}
}
}
}
load_balancer {
port_config {
control_plane_load_balancer_port = 443
}
vip_config {
control_plane_vip = "10.200.0.13"
ingress_vip = "10.200.0.14"
}
manual_lb_config {
enabled = true
}
}
storage {
lvp_share_config {
lvp_config {
path = "/mnt/localpv-share"
storage_class = "local-shared"
}
shared_path_pv_count = 5
}
lvp_node_mounts_config {
path = "/mnt/localpv-disk"
storage_class = "local-disks"
}
}
security_config {
authorization {
admin_users {
username = "admin@hashicorptest.com"
}
}
}
binary_authorization {
evaluation_mode = "DISABLED"
}
upgrade_policy {
policy = "SERIAL"
}
}
```
## Example Usage - Gkeonprem Bare Metal Cluster Bgplb
```hcl
resource "google_gkeonprem_bare_metal_cluster" "cluster-bgplb" {
name = "cluster-bgplb"
location = "us-west1"
admin_cluster_membership = "projects/870316890899/locations/global/memberships/gkeonprem-terraform-test"
bare_metal_version = "1.12.3"
network_config {
island_mode_cidr {
service_address_cidr_blocks = ["172.26.0.0/16"]
pod_address_cidr_blocks = ["10.240.0.0/13"]
}
advanced_networking = true
multiple_network_interfaces_config {
enabled = true
}
sr_iov_config {
enabled = true
}
}
control_plane {
control_plane_node_pool_config {
node_pool_config {
labels = {}
operating_system = "LINUX"
node_configs {
labels = {}
node_ip = "10.200.0.9"
}
taints {
key = "test-key"
value = "test-value"
effect = "NO_EXECUTE"
}
}
}
api_server_args {
argument = "test-argument"
value = "test-value"
}
}
load_balancer {
port_config {
control_plane_load_balancer_port = 443
}
vip_config {
control_plane_vip = "10.200.0.13"
ingress_vip = "10.200.0.14"
}
bgp_lb_config {
asn = 123456
bgp_peer_configs {
asn = 123457
ip_address = "10.0.0.1"
control_plane_nodes = ["test-node"]
}
address_pools {
pool = "pool1"
addresses = [
"10.200.0.14/32",
"10.200.0.15/32",
"10.200.0.16/32",
"10.200.0.17/32",
"10.200.0.18/32",
"fd00:1::f/128",
"fd00:1::10/128",
"fd00:1::11/128",
"fd00:1::12/128"
]
}
load_balancer_node_pool_config {
node_pool_config {
labels = {}
operating_system = "LINUX"
node_configs {
labels = {}
node_ip = "10.200.0.9"
}
taints {
key = "test-key"
value = "test-value"
effect = "NO_EXECUTE"
}
kubelet_config {
registry_pull_qps = 10
registry_burst = 12
serialize_image_pulls_disabled = true
}
}
}
}
}
storage {
lvp_share_config {
lvp_config {
path = "/mnt/localpv-share"
storage_class = "local-shared"
}
shared_path_pv_count = 5
}
lvp_node_mounts_config {
path = "/mnt/localpv-disk"
storage_class = "local-disks"
}
}
security_config {
authorization {
admin_users {
username = "admin@hashicorptest.com"
}
}
}
proxy {
uri = "http://test-domain/test"
no_proxy = ["127.0.0.1"]
}
cluster_operations {
enable_application_logs = true
}
maintenance_config {
maintenance_address_cidr_blocks = ["192.168.0.1/20"]
}
node_config {
max_pods_per_node = 10
container_runtime = "CONTAINERD"
}
node_access_config {
login_user = "test@example.com"
}
os_environment_config {
package_repo_excluded = true
}
}
```
## Argument Reference
The following arguments are supported:
* `admin_cluster_membership` -
(Required)
The Admin Cluster this Bare Metal User Cluster belongs to.
This is the full resource name of the Admin Cluster's hub membership.
* `bare_metal_version` -
(Required)
A human readable description of this Bare Metal User Cluster.
* `network_config` -
(Required)
Network configuration.
Structure is [documented below](#nested_network_config).
* `control_plane` -
(Required)
Specifies the control plane configuration.
Structure is [documented below](#nested_control_plane).
* `load_balancer` -
(Required)
Specifies the load balancer configuration.
Structure is [documented below](#nested_load_balancer).
* `storage` -
(Required)
Specifies the cluster storage configuration.
Structure is [documented below](#nested_storage).
* `name` -
(Required)
The bare metal cluster name.
* `location` -
(Required)
The location of the resource.
<a name="nested_network_config"></a>The `network_config` block supports:
* `island_mode_cidr` -
(Optional)
A nested object resource
Structure is [documented below](#nested_island_mode_cidr).
* `advanced_networking` -
(Optional)
Enables the use of advanced Anthos networking features, such as Bundled
Load Balancing with BGP or the egress NAT gateway.
Setting configuration for advanced networking features will automatically
set this flag.
* `multiple_network_interfaces_config` -
(Optional)
Configuration for multiple network interfaces.
Structure is [documented below](#nested_multiple_network_interfaces_config).
* `sr_iov_config` -
(Optional)
Configuration for SR-IOV.
Structure is [documented below](#nested_sr_iov_config).
<a name="nested_island_mode_cidr"></a>The `island_mode_cidr` block supports:
* `service_address_cidr_blocks` -
(Required)
All services in the cluster are assigned an RFC1918 IPv4 address from these ranges. This field cannot be changed after creation.
* `pod_address_cidr_blocks` -
(Required)
All pods in the cluster are assigned an RFC1918 IPv4 address from these ranges. This field cannot be changed after creation.
<a name="nested_multiple_network_interfaces_config"></a>The `multiple_network_interfaces_config` block supports:
* `enabled` -
(Optional)
Whether to enable multiple network interfaces for your pods.
When set network_config.advanced_networking is automatically
set to true.
<a name="nested_sr_iov_config"></a>The `sr_iov_config` block supports:
* `enabled` -
(Optional)
Whether to install the SR-IOV operator.
<a name="nested_control_plane"></a>The `control_plane` block supports:
* `control_plane_node_pool_config` -
(Required)
Configures the node pool running the control plane. If specified the corresponding NodePool will be created for the cluster's control plane. The NodePool will have the same name and namespace as the cluster.
Structure is [documented below](#nested_control_plane_node_pool_config).
* `api_server_args` -
(Optional)
Customizes the default API server args. Only a subset of
customized flags are supported. Please refer to the API server
documentation below to know the exact format:
https://kubernetes.io/docs/reference/command-line-tools-reference/kube-apiserver/
Structure is [documented below](#nested_api_server_args).
<a name="nested_control_plane_node_pool_config"></a>The `control_plane_node_pool_config` block supports:
* `node_pool_config` -
(Required)
The generic configuration for a node pool running the control plane.
Structure is [documented below](#nested_node_pool_config).
<a name="nested_node_pool_config"></a>The `node_pool_config` block supports:
* `node_configs` -
(Optional)
The list of machine addresses in the Bare Metal Node Pool.
Structure is [documented below](#nested_node_configs).
* `operating_system` -
(Optional)
Specifies the nodes operating system (default: LINUX).
* `taints` -
(Optional)
The initial taints assigned to nodes of this node pool.
Structure is [documented below](#nested_taints).
* `labels` -
(Optional)
The map of Kubernetes labels (key/value pairs) to be applied to
each node. These will added in addition to any default label(s)
that Kubernetes may apply to the node. In case of conflict in
label keys, the applied set may differ depending on the Kubernetes
version -- it's best to assume the behavior is undefined and
conflicts should be avoided. For more information, including usage
and the valid values, see:
- http://kubernetes.io/v1.1/docs/user-guide/labels.html
An object containing a list of "key": value pairs.
For example: { "name": "wrench", "mass": "1.3kg", "count": "3" }.
<a name="nested_node_configs"></a>The `node_configs` block supports:
* `node_ip` -
(Optional)
The default IPv4 address for SSH access and Kubernetes node.
Example: 192.168.0.1
* `labels` -
(Optional)
The map of Kubernetes labels (key/value pairs) to be applied to
each node. These will added in addition to any default label(s)
that Kubernetes may apply to the node. In case of conflict in
label keys, the applied set may differ depending on the Kubernetes
version -- it's best to assume the behavior is undefined and
conflicts should be avoided. For more information, including usage
and the valid values, see:
- http://kubernetes.io/v1.1/docs/user-guide/labels.html
An object containing a list of "key": value pairs.
Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }.
<a name="nested_taints"></a>The `taints` block supports:
* `key` -
(Optional)
Key associated with the effect.
* `value` -
(Optional)
Value associated with the effect.
* `effect` -
(Optional)
Specifies the nodes operating system (default: LINUX).
Possible values are: `EFFECT_UNSPECIFIED`, `PREFER_NO_SCHEDULE`, `NO_EXECUTE`.
<a name="nested_api_server_args"></a>The `api_server_args` block supports:
* `argument` -
(Required)
The argument name as it appears on the API Server command line please make sure to remove the leading dashes.
* `value` -
(Required)
The value of the arg as it will be passed to the API Server command line.
<a name="nested_load_balancer"></a>The `load_balancer` block supports:
* `vip_config` -
(Required)
Specified the Bare Metal Load Balancer Config
Structure is [documented below](#nested_vip_config).
* `port_config` -
(Required)
Specifies the load balancer ports.
Structure is [documented below](#nested_port_config).
* `metal_lb_config` -
(Optional)
A nested object resource
Structure is [documented below](#nested_metal_lb_config).
* `manual_lb_config` -
(Optional)
A nested object resource
Structure is [documented below](#nested_manual_lb_config).
* `bgp_lb_config` -
(Optional)
Configuration for BGP typed load balancers.
Structure is [documented below](#nested_bgp_lb_config).
<a name="nested_vip_config"></a>The `vip_config` block supports:
* `control_plane_vip` -
(Required)
The VIP which you previously set aside for the Kubernetes API of this Bare Metal User Cluster.
* `ingress_vip` -
(Required)
The VIP which you previously set aside for ingress traffic into this Bare Metal User Cluster.
<a name="nested_port_config"></a>The `port_config` block supports:
* `control_plane_load_balancer_port` -
(Required)
The port that control plane hosted load balancers will listen on.
<a name="nested_metal_lb_config"></a>The `metal_lb_config` block supports:
* `address_pools` -
(Required)
AddressPools is a list of non-overlapping IP pools used by load balancer
typed services. All addresses must be routable to load balancer nodes.
IngressVIP must be included in the pools.
Structure is [documented below](#nested_address_pools).
* `load_balancer_node_pool_config` -
(Optional)
Specifies the load balancer's node pool configuration.
Structure is [documented below](#nested_load_balancer_node_pool_config).
<a name="nested_address_pools"></a>The `address_pools` block supports:
* `pool` -
(Required)
The name of the address pool.
* `addresses` -
(Required)
The addresses that are part of this pool. Each address must be either in the CIDR form (1.2.3.0/24) or range form (1.2.3.1-1.2.3.5).
* `avoid_buggy_ips` -
(Optional)
If true, avoid using IPs ending in .0 or .255.
This avoids buggy consumer devices mistakenly dropping IPv4 traffic for those special IP addresses.
* `manual_assign` -
(Optional)
If true, prevent IP addresses from being automatically assigned.
<a name="nested_load_balancer_node_pool_config"></a>The `load_balancer_node_pool_config` block supports:
* `node_pool_config` -
(Optional)
The generic configuration for a node pool running a load balancer.
Structure is [documented below](#nested_node_pool_config).
<a name="nested_node_pool_config"></a>The `node_pool_config` block supports:
* `node_configs` -
(Optional)
The list of machine addresses in the Bare Metal Node Pool.
Structure is [documented below](#nested_node_configs).
* `operating_system` -
(Optional)
Specifies the nodes operating system (default: LINUX).
* `taints` -
(Optional)
The initial taints assigned to nodes of this node pool.
Structure is [documented below](#nested_taints).
* `labels` -
(Optional)
The map of Kubernetes labels (key/value pairs) to be applied to
each node. These will added in addition to any default label(s)
that Kubernetes may apply to the node. In case of conflict in
label keys, the applied set may differ depending on the Kubernetes
version -- it's best to assume the behavior is undefined and
conflicts should be avoided. For more information, including usage
and the valid values, see:
- http://kubernetes.io/v1.1/docs/user-guide/labels.html
An object containing a list of "key": value pairs.
For example: { "name": "wrench", "mass": "1.3kg", "count": "3" }.
<a name="nested_node_configs"></a>The `node_configs` block supports:
* `node_ip` -
(Optional)
The default IPv4 address for SSH access and Kubernetes node.
Example: 192.168.0.1
* `labels` -
(Optional)
The map of Kubernetes labels (key/value pairs) to be applied to
each node. These will added in addition to any default label(s)
that Kubernetes may apply to the node. In case of conflict in
label keys, the applied set may differ depending on the Kubernetes
version -- it's best to assume the behavior is undefined and
conflicts should be avoided. For more information, including usage
and the valid values, see:
- http://kubernetes.io/v1.1/docs/user-guide/labels.html
An object containing a list of "key": value pairs.
For example: { "name": "wrench", "mass": "1.3kg", "count": "3" }.
<a name="nested_taints"></a>The `taints` block supports:
* `key` -
(Optional)
Key associated with the effect.
* `value` -
(Optional)
Value associated with the effect.
* `effect` -
(Optional)
Specifies the nodes operating system (default: LINUX).
Possible values are: `EFFECT_UNSPECIFIED`, `PREFER_NO_SCHEDULE`, `NO_EXECUTE`.
<a name="nested_manual_lb_config"></a>The `manual_lb_config` block supports:
* `enabled` -
(Required)
Whether manual load balancing is enabled.
<a name="nested_bgp_lb_config"></a>The `bgp_lb_config` block supports:
* `asn` -
(Required)
BGP autonomous system number (ASN) of the cluster.
This field can be updated after cluster creation.
* `bgp_peer_configs` -
(Required)
The list of BGP peers that the cluster will connect to.
At least one peer must be configured for each control plane node.
Control plane nodes will connect to these peers to advertise the control
plane VIP. The Services load balancer also uses these peers by default.
This field can be updated after cluster creation.
Structure is [documented below](#nested_bgp_peer_configs).
* `address_pools` -
(Required)
AddressPools is a list of non-overlapping IP pools used by load balancer
typed services. All addresses must be routable to load balancer nodes.
IngressVIP must be included in the pools.
Structure is [documented below](#nested_address_pools).
* `load_balancer_node_pool_config` -
(Optional)
Specifies the node pool running data plane load balancing. L2 connectivity
is required among nodes in this pool. If missing, the control plane node
pool is used for data plane load balancing.
Structure is [documented below](#nested_load_balancer_node_pool_config).
<a name="nested_bgp_peer_configs"></a>The `bgp_peer_configs` block supports:
* `asn` -
(Required)
BGP autonomous system number (ASN) for the network that contains the
external peer device.
* `ip_address` -
(Required)
The IP address of the external peer device.
* `control_plane_nodes` -
(Optional)
The IP address of the control plane node that connects to the external
peer.
If you don't specify any control plane nodes, all control plane nodes
can connect to the external peer. If you specify one or more IP addresses,
only the nodes specified participate in peering sessions.
<a name="nested_address_pools"></a>The `address_pools` block supports:
* `pool` -
(Required)
The name of the address pool.
* `addresses` -
(Required)
The addresses that are part of this pool. Each address must be either in the CIDR form (1.2.3.0/24) or range form (1.2.3.1-1.2.3.5).
* `avoid_buggy_ips` -
(Optional)
If true, avoid using IPs ending in .0 or .255.
This avoids buggy consumer devices mistakenly dropping IPv4 traffic for those special IP addresses.
* `manual_assign` -
(Optional)
If true, prevent IP addresses from being automatically assigned.
<a name="nested_load_balancer_node_pool_config"></a>The `load_balancer_node_pool_config` block supports:
* `node_pool_config` -
(Optional)
The generic configuration for a node pool running a load balancer.
Structure is [documented below](#nested_node_pool_config).
<a name="nested_node_pool_config"></a>The `node_pool_config` block supports:
* `node_configs` -
(Optional)
The list of machine addresses in the Bare Metal Node Pool.
Structure is [documented below](#nested_node_configs).
* `operating_system` -
(Optional)
Specifies the nodes operating system (default: LINUX).
* `taints` -
(Optional)
The initial taints assigned to nodes of this node pool.
Structure is [documented below](#nested_taints).
* `labels` -
(Optional)
The map of Kubernetes labels (key/value pairs) to be applied to
each node. These will added in addition to any default label(s)
that Kubernetes may apply to the node. In case of conflict in
label keys, the applied set may differ depending on the Kubernetes
version -- it's best to assume the behavior is undefined and
conflicts should be avoided. For more information, including usage
and the valid values, see:
- http://kubernetes.io/v1.1/docs/user-guide/labels.html
An object containing a list of "key": value pairs.
For example: { "name": "wrench", "mass": "1.3kg", "count": "3" }.
* `kubelet_config` -
(Optional)
The modifiable kubelet configurations for the baremetal machines.
Structure is [documented below](#nested_kubelet_config).
<a name="nested_node_configs"></a>The `node_configs` block supports:
* `node_ip` -
(Optional)
The default IPv4 address for SSH access and Kubernetes node.
Example: 192.168.0.1
* `labels` -
(Optional)
The map of Kubernetes labels (key/value pairs) to be applied to
each node. These will added in addition to any default label(s)
that Kubernetes may apply to the node. In case of conflict in
label keys, the applied set may differ depending on the Kubernetes
version -- it's best to assume the behavior is undefined and
conflicts should be avoided. For more information, including usage
and the valid values, see:
- http://kubernetes.io/v1.1/docs/user-guide/labels.html
An object containing a list of "key": value pairs.
For example: { "name": "wrench", "mass": "1.3kg", "count": "3" }.
<a name="nested_taints"></a>The `taints` block supports:
* `key` -
(Optional)
Key associated with the effect.
* `value` -
(Optional)
Value associated with the effect.
* `effect` -
(Optional)
Specifies the nodes operating system (default: LINUX).
Possible values are: `EFFECT_UNSPECIFIED`, `PREFER_NO_SCHEDULE`, `NO_EXECUTE`.
<a name="nested_kubelet_config"></a>The `kubelet_config` block supports:
* `registry_pull_qps` -
(Optional)
The limit of registry pulls per second.
Setting this value to 0 means no limit.
Updating this field may impact scalability by changing the amount of
traffic produced by image pulls.
Defaults to 5.
* `registry_burst` -
(Optional)
The maximum size of bursty pulls, temporarily allows pulls to burst to this
number, while still not exceeding registry_pull_qps.
The value must not be a negative number.
Updating this field may impact scalability by changing the amount of
traffic produced by image pulls.
Defaults to 10.
* `serialize_image_pulls_disabled` -
(Optional)
Prevents the Kubelet from pulling multiple images at a time.
We recommend *not* changing the default value on nodes that run docker
daemon with version < 1.9 or an Another Union File System (Aufs) storage
backend. Issue https://github.com/kubernetes/kubernetes/issues/10959 has
more details.
<a name="nested_storage"></a>The `storage` block supports:
* `lvp_share_config` -
(Required)
Specifies the config for local PersistentVolumes backed by
subdirectories in a shared filesystem. These subdirectores are
automatically created during cluster creation.
Structure is [documented below](#nested_lvp_share_config).
* `lvp_node_mounts_config` -
(Required)
Specifies the config for local PersistentVolumes backed
by mounted node disks. These disks need to be formatted and mounted by the
user, which can be done before or after cluster creation.
Structure is [documented below](#nested_lvp_node_mounts_config).
<a name="nested_lvp_share_config"></a>The `lvp_share_config` block supports:
* `lvp_config` -
(Required)
Defines the machine path and storage class for the LVP Share.
Structure is [documented below](#nested_lvp_config).
* `shared_path_pv_count` -
(Optional)
The number of subdirectories to create under path.
<a name="nested_lvp_config"></a>The `lvp_config` block supports:
* `path` -
(Required)
The host machine path.
* `storage_class` -
(Required)
The StorageClass name that PVs will be created with.
<a name="nested_lvp_node_mounts_config"></a>The `lvp_node_mounts_config` block supports:
* `path` -
(Required)
The host machine path.
* `storage_class` -
(Required)
The StorageClass name that PVs will be created with.
- - -
* `description` -
(Optional)
A human readable description of this Bare Metal User Cluster.
* `annotations` -
(Optional)
Annotations on the Bare Metal User Cluster.
This field has the same restrictions as Kubernetes annotations.
The total size of all keys and values combined is limited to 256k.
Key can have 2 segments: prefix (optional) and name (required),
separated by a slash (/).
Prefix must be a DNS subdomain.
Name must be 63 characters or less, begin and end with alphanumerics,
with dashes (-), underscores (_), dots (.), and alphanumerics between.
**Note**: This field is non-authoritative, and will only manage the annotations present in your configuration.
Please refer to the field `effective_annotations` for all of the annotations present on the resource.
* `proxy` -
(Optional)
Specifies the cluster proxy configuration.
Structure is [documented below](#nested_proxy).
* `cluster_operations` -
(Optional)
Specifies the User Cluster's observability infrastructure.
Structure is [documented below](#nested_cluster_operations).
* `maintenance_config` -
(Optional)
Specifies the workload node configurations.
Structure is [documented below](#nested_maintenance_config).
* `node_config` -
(Optional)
Specifies the workload node configurations.
Structure is [documented below](#nested_node_config).
* `node_access_config` -
(Optional)
Specifies the node access related settings for the bare metal user cluster.
Structure is [documented below](#nested_node_access_config).
* `os_environment_config` -
(Optional)
OS environment related configurations.
Structure is [documented below](#nested_os_environment_config).
* `security_config` -
(Optional)
Specifies the security related settings for the Bare Metal User Cluster.
Structure is [documented below](#nested_security_config).
* `binary_authorization` -
(Optional)
Binary Authorization related configurations.
Structure is [documented below](#nested_binary_authorization).
* `upgrade_policy` -
(Optional)
The cluster upgrade policy.
Structure is [documented below](#nested_upgrade_policy).
* `project` - (Optional) The ID of the project in which the resource belongs.
If it is not provided, the provider project is used.
<a name="nested_proxy"></a>The `proxy` block supports:
* `uri` -
(Required)
Specifies the address of your proxy server.
For example: http://domain
WARNING: Do not provide credentials in the format
of http://(username:password@)domain these will be rejected by the server.
* `no_proxy` -
(Optional)
A list of IPs, hostnames, and domains that should skip the proxy.
For example ["127.0.0.1", "example.com", ".corp", "localhost"].
<a name="nested_cluster_operations"></a>The `cluster_operations` block supports:
* `enable_application_logs` -
(Optional)
Whether collection of application logs/metrics should be enabled (in addition to system logs/metrics).
<a name="nested_maintenance_config"></a>The `maintenance_config` block supports:
* `maintenance_address_cidr_blocks` -
(Required)
All IPv4 address from these ranges will be placed into maintenance mode.
Nodes in maintenance mode will be cordoned and drained. When both of these
are true, the "baremetal.cluster.gke.io/maintenance" annotation will be set
on the node resource.
<a name="nested_node_config"></a>The `node_config` block supports:
* `max_pods_per_node` -
(Optional)
The maximum number of pods a node can run. The size of the CIDR range
assigned to the node will be derived from this parameter.
* `container_runtime` -
(Optional)
The available runtimes that can be used to run containers in a Bare Metal User Cluster.
Possible values are: `CONTAINER_RUNTIME_UNSPECIFIED`, `DOCKER`, `CONTAINERD`.
<a name="nested_node_access_config"></a>The `node_access_config` block supports:
* `login_user` -
(Optional)
LoginUser is the user name used to access node machines.
It defaults to "root" if not set.
<a name="nested_os_environment_config"></a>The `os_environment_config` block supports:
* `package_repo_excluded` -
(Required)
Whether the package repo should not be included when initializing
bare metal machines.
<a name="nested_security_config"></a>The `security_config` block supports:
* `authorization` -
(Optional)
Configures user access to the Bare Metal User cluster.
Structure is [documented below](#nested_authorization).
<a name="nested_authorization"></a>The `authorization` block supports:
* `admin_users` -
(Required)
Users that will be granted the cluster-admin role on the cluster, providing full access to the cluster.
Structure is [documented below](#nested_admin_users).
<a name="nested_admin_users"></a>The `admin_users` block supports:
* `username` -
(Required)
The name of the user, e.g. `my-gcp-id@gmail.com`.
<a name="nested_binary_authorization"></a>The `binary_authorization` block supports:
* `evaluation_mode` -
(Optional)
Mode of operation for binauthz policy evaluation. If unspecified,
defaults to DISABLED.
Possible values are: `DISABLED`, `PROJECT_SINGLETON_POLICY_ENFORCE`.
<a name="nested_upgrade_policy"></a>The `upgrade_policy` block supports:
* `policy` -
(Optional)
Specifies which upgrade policy to use.
Possible values are: `SERIAL`, `CONCURRENT`.
## Attributes Reference
In addition to the arguments listed above, the following computed attributes are exported:
* `id` - an identifier for the resource with format `projects/{{project}}/locations/{{location}}/bareMetalClusters/{{name}}`
* `uid` -
The unique identifier of the Bare Metal User Cluster.
* `state` -
The current state of this cluster.
* `endpoint` -
The IP address name of Bare Metal User Cluster's API server.
* `reconciling` -
If set, there are currently changes in flight to the Bare Metal User Cluster.
* `create_time` -
The time the cluster was created, in RFC3339 text format.
* `update_time` -
The time the cluster was last updated, in RFC3339 text format.
* `delete_time` -
The time the cluster was deleted, in RFC3339 text format.
* `local_name` -
The object name of the Bare Metal Cluster custom resource on the
associated admin cluster. This field is used to support conflicting
names when enrolling existing clusters to the API. When used as a part of
cluster enrollment, this field will differ from the ID in the resource
name. For new clusters, this field will match the user provided cluster ID
and be visible in the last component of the resource name. It is not
modifiable.
All users should use this name to access their cluster using gkectl or
kubectl and should expect to see the local name when viewing admin
cluster controller logs.
* `etag` -
This checksum is computed by the server based on the value of other
fields, and may be sent on update and delete requests to ensure the
client has an up-to-date value before proceeding.
Allows clients to perform consistent read-modify-writes
through optimistic concurrency control.
* `fleet` -
Fleet related configuration.
Fleets are a Google Cloud concept for logically organizing clusters,
letting you use and manage multi-cluster capabilities and apply
consistent policies across your systems.
See [Anthos Fleets](https://cloud.google.com/anthos/multicluster-management/fleets) for
more details on Anthos multi-cluster capabilities using Fleets.
Structure is [documented below](#nested_fleet).
* `status` -
Specifies detailed cluster status.
Structure is [documented below](#nested_status).
* `validation_check` -
Specifies the security related settings for the Bare Metal User Cluster.
Structure is [documented below](#nested_validation_check).
* `effective_annotations` -
All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.
<a name="nested_fleet"></a>The `fleet` block contains:
* `membership` -
(Output)
The name of the managed Hub Membership resource associated to this cluster.
Membership names are formatted as
`projects/<project-number>/locations/<location>/memberships/<cluster-id>`.
<a name="nested_status"></a>The `status` block contains:
* `error_message` -
(Output)
Human-friendly representation of the error message from the user cluster
controller. The error message can be temporary as the user cluster
controller creates a cluster or node pool. If the error message persists
for a longer period of time, it can be used to surface error message to
indicate real problems requiring user intervention.
* `conditions` -
(Output)
ResourceConditions provide a standard mechanism for higher-level status reporting from user cluster controller.
Structure is [documented below](#nested_conditions).
<a name="nested_conditions"></a>The `conditions` block contains:
* `type` -
(Optional)
Type of the condition.
(e.g., ClusterRunning, NodePoolRunning or ServerSidePreflightReady)
* `reason` -
(Optional)
Machine-readable message indicating details about last transition.
* `message` -
(Optional)
Human-readable message indicating details about last transition.
* `last_transition_time` -
(Output)
Last time the condition transit from one status to another.
* `state` -
(Output)
The lifecycle state of the condition.
<a name="nested_validation_check"></a>The `validation_check` block contains:
* `options` -
(Output)
Options used for the validation check.
* `status` -
(Output)
Specifies the detailed validation check status
Structure is [documented below](#nested_status).
* `scenario` -
(Output)
The scenario when the preflight checks were run..
<a name="nested_status"></a>The `status` block contains:
* `result` -
(Output)
Individual checks which failed as part of the Preflight check execution.
Structure is [documented below](#nested_result).
<a name="nested_result"></a>The `result` block contains:
* `options` -
(Output)
Options used for the validation check.
* `description` -
(Output)
The description of the validation check.
* `category` -
(Output)
The category of the validation.
* `reason` -
(Output)
A human-readable message of the check failure.
* `details` -
(Output)
Detailed failure information, which might be unformatted.
## Timeouts
This resource provides the following
[Timeouts](https://developer.hashicorp.com/terraform/plugin/sdkv2/resources/retries-and-customizable-timeouts) configuration options:
- `create` - Default is 60 minutes.
- `update` - Default is 60 minutes.
- `delete` - Default is 60 minutes.
## Import
BareMetalCluster can be imported using any of these accepted formats:
* `projects/{{project}}/locations/{{location}}/bareMetalClusters/{{name}}`
* `{{project}}/{{location}}/{{name}}`
* `{{location}}/{{name}}`
In Terraform v1.5.0 and later, use an [`import` block](https://developer.hashicorp.com/terraform/language/import) to import BareMetalCluster using one of the formats above. For example:
```tf
import {
id = "projects/{{project}}/locations/{{location}}/bareMetalClusters/{{name}}"
to = google_gkeonprem_bare_metal_cluster.default
}
```
When using the [`terraform import` command](https://developer.hashicorp.com/terraform/cli/commands/import), BareMetalCluster can be imported using one of the formats above. For example:
```
$ terraform import google_gkeonprem_bare_metal_cluster.default projects/{{project}}/locations/{{location}}/bareMetalClusters/{{name}}
$ terraform import google_gkeonprem_bare_metal_cluster.default {{project}}/{{location}}/{{name}}
$ terraform import google_gkeonprem_bare_metal_cluster.default {{location}}/{{name}}
```
## User Project Overrides
This resource supports [User Project Overrides](https://registry.terraform.io/providers/hashicorp/google/latest/docs/guides/provider_reference#user_project_override).