v5.18.0/website/docs/r/container_attached_cluster.html.markdown - terraform-provider-google-beta - Git at Google

 ---
 # ----------------------------------------------------------------------------
 #
 #     ***     AUTO GENERATED CODE    ***    Type: MMv1     ***
 #
 # ----------------------------------------------------------------------------
 #
 #     This file is automatically generated by Magic Modules and manual
 #     changes will be clobbered when the file is regenerated.
 #
 #     Please read more about how to change this file in
 #     .github/CONTRIBUTING.md.
 #
 # ----------------------------------------------------------------------------
 subcategory: "ContainerAttached"
 description: |-
   An Anthos cluster running on customer owned infrastructure.
 ---

 # google\_container\_attached\_cluster

 An Anthos cluster running on customer owned infrastructure.


 To get more information about Cluster, see:

 * [API documentation](https://cloud.google.com/anthos/clusters/docs/multi-cloud/reference/rest)
 * How-to Guides
     * [API reference](https://cloud.google.com/anthos/clusters/docs/multi-cloud/reference/rest/v1/projects.locations.attachedClusters)
     * [Multicloud overview](https://cloud.google.com/anthos/clusters/docs/multi-cloud)

 <div class = "oics-button" style="float: right; margin: 0 0 -15px">
   <a href="https://console.cloud.google.com/cloudshell/open?cloudshell_git_repo=https%3A%2F%2Fgithub.com%2Fterraform-google-modules%2Fdocs-examples.git&cloudshell_working_dir=container_attached_cluster_basic&cloudshell_image=gcr.io%2Fcloudshell-images%2Fcloudshell%3Alatest&open_in_editor=main.tf&cloudshell_print=.%2Fmotd&cloudshell_tutorial=.%2Ftutorial.md" target="_blank">
     <img alt="Open in Cloud Shell" src="//gstatic.com/cloudssh/images/open-btn.svg" style="max-height: 44px; margin: 32px auto; max-width: 100%;">
   </a>
 </div>
 ## Example Usage - Container Attached Cluster Basic


 ```hcl
 data "google_project" "project" {
 }

 data "google_container_attached_versions" "versions" {
 	location       = "us-west1"
 	project        = data.google_project.project.project_id
 }

 resource "google_container_attached_cluster" "primary" {
   name     = "basic"
   location = "us-west1"
   project = data.google_project.project.project_id
   description = "Test cluster"
   distribution = "aks"
   oidc_config {
       issuer_url = "https://oidc.issuer.url"
   }
   platform_version = data.google_container_attached_versions.versions.valid_versions[0]
   fleet {
     project = "projects/${data.google_project.project.number}"
   }
 }
 ```
 <div class = "oics-button" style="float: right; margin: 0 0 -15px">
   <a href="https://console.cloud.google.com/cloudshell/open?cloudshell_git_repo=https%3A%2F%2Fgithub.com%2Fterraform-google-modules%2Fdocs-examples.git&cloudshell_working_dir=container_attached_cluster_full&cloudshell_image=gcr.io%2Fcloudshell-images%2Fcloudshell%3Alatest&open_in_editor=main.tf&cloudshell_print=.%2Fmotd&cloudshell_tutorial=.%2Ftutorial.md" target="_blank">
     <img alt="Open in Cloud Shell" src="//gstatic.com/cloudssh/images/open-btn.svg" style="max-height: 44px; margin: 32px auto; max-width: 100%;">
   </a>
 </div>
 ## Example Usage - Container Attached Cluster Full


 ```hcl
 data "google_project" "project" {
 }

 data "google_container_attached_versions" "versions" {
 	location       = "us-west1"
 	project        = data.google_project.project.project_id
 }

 resource "google_container_attached_cluster" "primary" {
   name     = "basic"
   project = data.google_project.project.project_id
   location = "us-west1"
   description = "Test cluster"
   distribution = "aks"
   annotations = {
     label-one = "value-one"
   }
   authorization {
     admin_users = [ "user1@example.com", "user2@example.com"]
     admin_groups = [ "group1@example.com", "group2@example.com"]
   }
   oidc_config {
       issuer_url = "https://oidc.issuer.url"
       jwks = base64encode("{\"keys\":[{\"use\":\"sig\",\"kty\":\"RSA\",\"kid\":\"testid\",\"alg\":\"RS256\",\"n\":\"somedata\",\"e\":\"AQAB\"}]}")
   }
   platform_version = data.google_container_attached_versions.versions.valid_versions[0]
   fleet {
     project = "projects/${data.google_project.project.number}"
   }
   logging_config {
     component_config {
       enable_components = ["SYSTEM_COMPONENTS", "WORKLOADS"]
     }
   }
   monitoring_config {
     managed_prometheus_config {
       enabled = true
     }
   }
   binary_authorization {
     evaluation_mode = "PROJECT_SINGLETON_POLICY_ENFORCE"
   }
   proxy_config {
     kubernetes_secret {
       name = "proxy-config"
       namespace = "default"
     }
   }
 }
 ```
 <div class = "oics-button" style="float: right; margin: 0 0 -15px">
   <a href="https://console.cloud.google.com/cloudshell/open?cloudshell_git_repo=https%3A%2F%2Fgithub.com%2Fterraform-google-modules%2Fdocs-examples.git&cloudshell_working_dir=container_attached_cluster_ignore_errors&cloudshell_image=gcr.io%2Fcloudshell-images%2Fcloudshell%3Alatest&open_in_editor=main.tf&cloudshell_print=.%2Fmotd&cloudshell_tutorial=.%2Ftutorial.md" target="_blank">
     <img alt="Open in Cloud Shell" src="//gstatic.com/cloudssh/images/open-btn.svg" style="max-height: 44px; margin: 32px auto; max-width: 100%;">
   </a>
 </div>
 ## Example Usage - Container Attached Cluster Ignore Errors


 ```hcl
 data "google_project" "project" {
 }

 data "google_container_attached_versions" "versions" {
 	location       = "us-west1"
 	project        = data.google_project.project.project_id
 }

 resource "google_container_attached_cluster" "primary" {
   name     = "basic"
   location = "us-west1"
   project = data.google_project.project.project_id
   description = "Test cluster"
   distribution = "aks"
   oidc_config {
       issuer_url = "https://oidc.issuer.url"
   }
   platform_version = data.google_container_attached_versions.versions.valid_versions[0]
   fleet {
     project = "projects/${data.google_project.project.number}"
   }

   deletion_policy = "DELETE_IGNORE_ERRORS"
 }
 ```

 ## Argument Reference

 The following arguments are supported:


 * `location` -
   (Required)
   The location for the resource

 * `name` -
   (Required)
   The name of this resource.

 * `oidc_config` -
   (Required)
   OIDC discovery information of the target cluster.
   Kubernetes Service Account (KSA) tokens are JWT tokens signed by the cluster
   API server. This fields indicates how GCP services
   validate KSA tokens in order to allow system workloads (such as GKE Connect
   and telemetry agents) to authenticate back to GCP.
   Both clusters with public and private issuer URLs are supported.
   Clusters with public issuers only need to specify the `issuer_url` field
   while clusters with private issuers need to provide both
   `issuer_url` and `jwks`.
   Structure is [documented below](#nested_oidc_config).

 * `platform_version` -
   (Required)
   The platform version for the cluster (e.g. `1.23.0-gke.1`).

 * `distribution` -
   (Required)
   The Kubernetes distribution of the underlying attached cluster. Supported values:
   "eks", "aks".

 * `fleet` -
   (Required)
   Fleet configuration.
   Structure is [documented below](#nested_fleet).


 <a name="nested_oidc_config"></a>The `oidc_config` block supports:

 * `issuer_url` -
   (Required)
   A JSON Web Token (JWT) issuer URI. `issuer` must start with `https://`

 * `jwks` -
   (Optional)
   OIDC verification keys in JWKS format (RFC 7517).

 <a name="nested_fleet"></a>The `fleet` block supports:

 * `membership` -
   (Output)
   The name of the managed Hub Membership resource associated to this
   cluster. Membership names are formatted as
   projects/<project-number>/locations/global/membership/<cluster-id>.

 * `project` -
   (Required)
   The number of the Fleet host project where this cluster will be registered.

 - - -


 * `description` -
   (Optional)
   A human readable description of this attached cluster. Cannot be longer
   than 255 UTF-8 encoded bytes.

 * `annotations` -
   (Optional)
   Optional. Annotations on the cluster. This field has the same
   restrictions as Kubernetes annotations. The total size of all keys and
   values combined is limited to 256k. Key can have 2 segments: prefix (optional)
   and name (required), separated by a slash (/). Prefix must be a DNS subdomain.
   Name must be 63 characters or less, begin and end with alphanumerics,
   with dashes (-), underscores (_), dots (.), and alphanumerics between.

   **Note**: This field is non-authoritative, and will only manage the annotations present in your configuration.
   Please refer to the field `effective_annotations` for all of the annotations present on the resource.

 * `logging_config` -
   (Optional)
   Logging configuration.
   Structure is [documented below](#nested_logging_config).

 * `authorization` -
   (Optional)
   Configuration related to the cluster RBAC settings.
   Structure is [documented below](#nested_authorization).

 * `monitoring_config` -
   (Optional)
   Monitoring configuration.
   Structure is [documented below](#nested_monitoring_config).

 * `binary_authorization` -
   (Optional)
   Binary Authorization configuration.
   Structure is [documented below](#nested_binary_authorization).

 * `proxy_config` -
   (Optional)
   Support for proxy configuration.
   Structure is [documented below](#nested_proxy_config).

 * `project` - (Optional) The ID of the project in which the resource belongs.
     If it is not provided, the provider project is used.

 * `deletion_policy` - (Optional) Policy to determine what flags to send on delete.

 <a name="nested_logging_config"></a>The `logging_config` block supports:

 * `component_config` -
   (Optional)
   The configuration of the logging components
   Structure is [documented below](#nested_component_config).


 <a name="nested_component_config"></a>The `component_config` block supports:

 * `enable_components` -
   (Optional)
   The components to be enabled.
   Each value may be one of: `SYSTEM_COMPONENTS`, `WORKLOADS`.

 <a name="nested_authorization"></a>The `authorization` block supports:

 * `admin_users` -
   (Optional)
   Users that can perform operations as a cluster admin. A managed
   ClusterRoleBinding will be created to grant the `cluster-admin` ClusterRole
   to the users. Up to ten admin users can be provided.
   For more info on RBAC, see
   https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles

 * `admin_groups` -
   (Optional)
   Groups that can perform operations as a cluster admin. A managed
   ClusterRoleBinding will be created to grant the `cluster-admin` ClusterRole
   to the groups. Up to ten admin groups can be provided.
   For more info on RBAC, see
   https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles

 <a name="nested_monitoring_config"></a>The `monitoring_config` block supports:

 * `managed_prometheus_config` -
   (Optional)
   Enable Google Cloud Managed Service for Prometheus in the cluster.
   Structure is [documented below](#nested_managed_prometheus_config).


 <a name="nested_managed_prometheus_config"></a>The `managed_prometheus_config` block supports:

 * `enabled` -
   (Optional)
   Enable Managed Collection.

 <a name="nested_binary_authorization"></a>The `binary_authorization` block supports:

 * `evaluation_mode` -
   (Optional)
   Configure Binary Authorization evaluation mode.
   Possible values are: `DISABLED`, `PROJECT_SINGLETON_POLICY_ENFORCE`.

 <a name="nested_proxy_config"></a>The `proxy_config` block supports:

 * `kubernetes_secret` -
   (Optional)
   The Kubernetes Secret resource that contains the HTTP(S) proxy configuration.
   Structure is [documented below](#nested_kubernetes_secret).


 <a name="nested_kubernetes_secret"></a>The `kubernetes_secret` block supports:

 * `name` -
   (Required)
   Name of the kubernetes secret containing the proxy config.

 * `namespace` -
   (Required)
   Namespace of the kubernetes secret containing the proxy config.

 ## Attributes Reference

 In addition to the arguments listed above, the following computed attributes are exported:

 * `id` - an identifier for the resource with format `projects/{{project}}/locations/{{location}}/attachedClusters/{{name}}`

 * `cluster_region` -
   Output only. The region where this cluster runs.
   For EKS clusters, this is an AWS region. For AKS clusters,
   this is an Azure region.

 * `state` -
   The current state of the cluster. Possible values:
   STATE_UNSPECIFIED, PROVISIONING, RUNNING, RECONCILING, STOPPING, ERROR,
   DEGRADED

 * `uid` -
   A globally unique identifier for the cluster.

 * `reconciling` -
   If set, there are currently changes in flight to the cluster.

 * `create_time` -
   Output only. The time at which this cluster was created.

 * `update_time` -
   The time at which this cluster was last updated.

 * `kubernetes_version` -
   The Kubernetes version of the cluster.

 * `workload_identity_config` -
   Workload Identity settings.
   Structure is [documented below](#nested_workload_identity_config).

 * `errors` -
   A set of errors found in the cluster.
   Structure is [documented below](#nested_errors).

 * `effective_annotations` -
   All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.


 <a name="nested_workload_identity_config"></a>The `workload_identity_config` block contains:

 * `identity_provider` -
   (Optional)
   The ID of the OIDC Identity Provider (IdP) associated to
   the Workload Identity Pool.

 * `issuer_uri` -
   (Optional)
   The OIDC issuer URL for this cluster.

 * `workload_pool` -
   (Optional)
   The Workload Identity Pool associated to the cluster.

 <a name="nested_errors"></a>The `errors` block contains:

 * `message` -
   (Optional)
   Human-friendly description of the error.

 ## Timeouts

 This resource provides the following
 [Timeouts](https://developer.hashicorp.com/terraform/plugin/sdkv2/resources/retries-and-customizable-timeouts) configuration options:

 - `create` - Default is 20 minutes.
 - `update` - Default is 20 minutes.
 - `delete` - Default is 20 minutes.

 ## Import


 Cluster can be imported using any of these accepted formats:

 * `projects/{{project}}/locations/{{location}}/attachedClusters/{{name}}`
 * `{{project}}/{{location}}/{{name}}`
 * `{{location}}/{{name}}`


 In Terraform v1.5.0 and later, use an [`import` block](https://developer.hashicorp.com/terraform/language/import) to import Cluster using one of the formats above. For example:

 ```tf
 import {
   id = "projects/{{project}}/locations/{{location}}/attachedClusters/{{name}}"
   to = google_container_attached_cluster.default
 }
 ```

 When using the [`terraform import` command](https://developer.hashicorp.com/terraform/cli/commands/import), Cluster can be imported using one of the formats above. For example:

 ```
 $ terraform import google_container_attached_cluster.default projects/{{project}}/locations/{{location}}/attachedClusters/{{name}}
 $ terraform import google_container_attached_cluster.default {{project}}/{{location}}/{{name}}
 $ terraform import google_container_attached_cluster.default {{location}}/{{name}}
 ```

 ## User Project Overrides

 This resource supports [User Project Overrides](https://registry.terraform.io/providers/hashicorp/google/latest/docs/guides/provider_reference#user_project_override).
	---
	# ----------------------------------------------------------------------------
	#
	# * AUTO GENERATED CODE * Type: MMv1 ***
	#
	# ----------------------------------------------------------------------------
	#
	# This file is automatically generated by Magic Modules and manual
	# changes will be clobbered when the file is regenerated.
	#
	# Please read more about how to change this file in
	# .github/CONTRIBUTING.md.
	#
	# ----------------------------------------------------------------------------
	subcategory: "ContainerAttached"
	description: \|-
	An Anthos cluster running on customer owned infrastructure.
	---

	# google\_container\_attached\_cluster

	An Anthos cluster running on customer owned infrastructure.


	To get more information about Cluster, see:

	* [API documentation](https://cloud.google.com/anthos/clusters/docs/multi-cloud/reference/rest)
	* How-to Guides
	* [API reference](https://cloud.google.com/anthos/clusters/docs/multi-cloud/reference/rest/v1/projects.locations.attachedClusters)
	* [Multicloud overview](https://cloud.google.com/anthos/clusters/docs/multi-cloud)

	<div class = "oics-button" style="float: right; margin: 0 0 -15px">
	<a href="https://console.cloud.google.com/cloudshell/open?cloudshell_git_repo=https%3A%2F%2Fgithub.com%2Fterraform-google-modules%2Fdocs-examples.git&cloudshell_working_dir=container_attached_cluster_basic&cloudshell_image=gcr.io%2Fcloudshell-images%2Fcloudshell%3Alatest&open_in_editor=main.tf&cloudshell_print=.%2Fmotd&cloudshell_tutorial=.%2Ftutorial.md" target="_blank">
	<img alt="Open in Cloud Shell" src="//gstatic.com/cloudssh/images/open-btn.svg" style="max-height: 44px; margin: 32px auto; max-width: 100%;">
	</a>
	</div>
	## Example Usage - Container Attached Cluster Basic


	```hcl
	data "google_project" "project" {
	}

	data "google_container_attached_versions" "versions" {
	location = "us-west1"
	project = data.google_project.project.project_id
	}

	resource "google_container_attached_cluster" "primary" {
	name = "basic"
	location = "us-west1"
	project = data.google_project.project.project_id
	description = "Test cluster"
	distribution = "aks"
	oidc_config {
	issuer_url = "https://oidc.issuer.url"
	}
	platform_version = data.google_container_attached_versions.versions.valid_versions[0]
	fleet {
	project = "projects/${data.google_project.project.number}"
	}
	}
	```
	<div class = "oics-button" style="float: right; margin: 0 0 -15px">
	<a href="https://console.cloud.google.com/cloudshell/open?cloudshell_git_repo=https%3A%2F%2Fgithub.com%2Fterraform-google-modules%2Fdocs-examples.git&cloudshell_working_dir=container_attached_cluster_full&cloudshell_image=gcr.io%2Fcloudshell-images%2Fcloudshell%3Alatest&open_in_editor=main.tf&cloudshell_print=.%2Fmotd&cloudshell_tutorial=.%2Ftutorial.md" target="_blank">
	<img alt="Open in Cloud Shell" src="//gstatic.com/cloudssh/images/open-btn.svg" style="max-height: 44px; margin: 32px auto; max-width: 100%;">
	</a>
	</div>
	## Example Usage - Container Attached Cluster Full


	```hcl
	data "google_project" "project" {
	}

	data "google_container_attached_versions" "versions" {
	location = "us-west1"
	project = data.google_project.project.project_id
	}

	resource "google_container_attached_cluster" "primary" {
	name = "basic"
	project = data.google_project.project.project_id
	location = "us-west1"
	description = "Test cluster"
	distribution = "aks"
	annotations = {
	label-one = "value-one"
	}
	authorization {
	admin_users = [ "user1@example.com", "user2@example.com"]
	admin_groups = [ "group1@example.com", "group2@example.com"]
	}
	oidc_config {
	issuer_url = "https://oidc.issuer.url"
	jwks = base64encode("{\"keys\":[{\"use\":\"sig\",\"kty\":\"RSA\",\"kid\":\"testid\",\"alg\":\"RS256\",\"n\":\"somedata\",\"e\":\"AQAB\"}]}")
	}
	platform_version = data.google_container_attached_versions.versions.valid_versions[0]
	fleet {
	project = "projects/${data.google_project.project.number}"
	}
	logging_config {
	component_config {
	enable_components = ["SYSTEM_COMPONENTS", "WORKLOADS"]
	}
	}
	monitoring_config {
	managed_prometheus_config {
	enabled = true
	}
	}
	binary_authorization {
	evaluation_mode = "PROJECT_SINGLETON_POLICY_ENFORCE"
	}
	proxy_config {
	kubernetes_secret {
	name = "proxy-config"
	namespace = "default"
	}
	}
	}
	```
	<div class = "oics-button" style="float: right; margin: 0 0 -15px">
	<a href="https://console.cloud.google.com/cloudshell/open?cloudshell_git_repo=https%3A%2F%2Fgithub.com%2Fterraform-google-modules%2Fdocs-examples.git&cloudshell_working_dir=container_attached_cluster_ignore_errors&cloudshell_image=gcr.io%2Fcloudshell-images%2Fcloudshell%3Alatest&open_in_editor=main.tf&cloudshell_print=.%2Fmotd&cloudshell_tutorial=.%2Ftutorial.md" target="_blank">
	<img alt="Open in Cloud Shell" src="//gstatic.com/cloudssh/images/open-btn.svg" style="max-height: 44px; margin: 32px auto; max-width: 100%;">
	</a>
	</div>
	## Example Usage - Container Attached Cluster Ignore Errors


	```hcl
	data "google_project" "project" {
	}

	data "google_container_attached_versions" "versions" {
	location = "us-west1"
	project = data.google_project.project.project_id
	}

	resource "google_container_attached_cluster" "primary" {
	name = "basic"
	location = "us-west1"
	project = data.google_project.project.project_id
	description = "Test cluster"
	distribution = "aks"
	oidc_config {
	issuer_url = "https://oidc.issuer.url"
	}
	platform_version = data.google_container_attached_versions.versions.valid_versions[0]
	fleet {
	project = "projects/${data.google_project.project.number}"
	}

	deletion_policy = "DELETE_IGNORE_ERRORS"
	}
	```

	## Argument Reference

	The following arguments are supported:


	* `location` -
	(Required)
	The location for the resource

	* `name` -
	(Required)
	The name of this resource.

	* `oidc_config` -
	(Required)
	OIDC discovery information of the target cluster.
	Kubernetes Service Account (KSA) tokens are JWT tokens signed by the cluster
	API server. This fields indicates how GCP services
	validate KSA tokens in order to allow system workloads (such as GKE Connect
	and telemetry agents) to authenticate back to GCP.
	Both clusters with public and private issuer URLs are supported.
	Clusters with public issuers only need to specify the `issuer_url` field
	while clusters with private issuers need to provide both
	`issuer_url` and `jwks`.
	Structure is [documented below](#nested_oidc_config).

	* `platform_version` -
	(Required)
	The platform version for the cluster (e.g. `1.23.0-gke.1`).

	* `distribution` -
	(Required)
	The Kubernetes distribution of the underlying attached cluster. Supported values:
	"eks", "aks".

	* `fleet` -
	(Required)
	Fleet configuration.
	Structure is [documented below](#nested_fleet).


	<a name="nested_oidc_config"></a>The `oidc_config` block supports:

	* `issuer_url` -
	(Required)
	A JSON Web Token (JWT) issuer URI. `issuer` must start with `https://`

	* `jwks` -
	(Optional)
	OIDC verification keys in JWKS format (RFC 7517).

	<a name="nested_fleet"></a>The `fleet` block supports:

	* `membership` -
	(Output)
	The name of the managed Hub Membership resource associated to this
	cluster. Membership names are formatted as
	projects/<project-number>/locations/global/membership/<cluster-id>.

	* `project` -
	(Required)
	The number of the Fleet host project where this cluster will be registered.

	- - -


	* `description` -
	(Optional)
	A human readable description of this attached cluster. Cannot be longer
	than 255 UTF-8 encoded bytes.

	* `annotations` -
	(Optional)
	Optional. Annotations on the cluster. This field has the same
	restrictions as Kubernetes annotations. The total size of all keys and
	values combined is limited to 256k. Key can have 2 segments: prefix (optional)
	and name (required), separated by a slash (/). Prefix must be a DNS subdomain.
	Name must be 63 characters or less, begin and end with alphanumerics,
	with dashes (-), underscores (_), dots (.), and alphanumerics between.

	Note: This field is non-authoritative, and will only manage the annotations present in your configuration.
	Please refer to the field `effective_annotations` for all of the annotations present on the resource.

	* `logging_config` -
	(Optional)
	Logging configuration.
	Structure is [documented below](#nested_logging_config).

	* `authorization` -
	(Optional)
	Configuration related to the cluster RBAC settings.
	Structure is [documented below](#nested_authorization).

	* `monitoring_config` -
	(Optional)
	Monitoring configuration.
	Structure is [documented below](#nested_monitoring_config).

	* `binary_authorization` -
	(Optional)
	Binary Authorization configuration.
	Structure is [documented below](#nested_binary_authorization).

	* `proxy_config` -
	(Optional)
	Support for proxy configuration.
	Structure is [documented below](#nested_proxy_config).

	* `project` - (Optional) The ID of the project in which the resource belongs.
	If it is not provided, the provider project is used.

	* `deletion_policy` - (Optional) Policy to determine what flags to send on delete.

	<a name="nested_logging_config"></a>The `logging_config` block supports:

	* `component_config` -
	(Optional)
	The configuration of the logging components
	Structure is [documented below](#nested_component_config).


	<a name="nested_component_config"></a>The `component_config` block supports:

	* `enable_components` -
	(Optional)
	The components to be enabled.
	Each value may be one of: `SYSTEM_COMPONENTS`, `WORKLOADS`.

	<a name="nested_authorization"></a>The `authorization` block supports:

	* `admin_users` -
	(Optional)
	Users that can perform operations as a cluster admin. A managed
	ClusterRoleBinding will be created to grant the `cluster-admin` ClusterRole
	to the users. Up to ten admin users can be provided.
	For more info on RBAC, see
	https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles

	* `admin_groups` -
	(Optional)
	Groups that can perform operations as a cluster admin. A managed
	ClusterRoleBinding will be created to grant the `cluster-admin` ClusterRole
	to the groups. Up to ten admin groups can be provided.
	For more info on RBAC, see
	https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles

	<a name="nested_monitoring_config"></a>The `monitoring_config` block supports:

	* `managed_prometheus_config` -
	(Optional)
	Enable Google Cloud Managed Service for Prometheus in the cluster.
	Structure is [documented below](#nested_managed_prometheus_config).


	<a name="nested_managed_prometheus_config"></a>The `managed_prometheus_config` block supports:

	* `enabled` -
	(Optional)
	Enable Managed Collection.

	<a name="nested_binary_authorization"></a>The `binary_authorization` block supports:

	* `evaluation_mode` -
	(Optional)
	Configure Binary Authorization evaluation mode.
	Possible values are: `DISABLED`, `PROJECT_SINGLETON_POLICY_ENFORCE`.

	<a name="nested_proxy_config"></a>The `proxy_config` block supports:

	* `kubernetes_secret` -
	(Optional)
	The Kubernetes Secret resource that contains the HTTP(S) proxy configuration.
	Structure is [documented below](#nested_kubernetes_secret).


	<a name="nested_kubernetes_secret"></a>The `kubernetes_secret` block supports:

	* `name` -
	(Required)
	Name of the kubernetes secret containing the proxy config.

	* `namespace` -
	(Required)
	Namespace of the kubernetes secret containing the proxy config.

	## Attributes Reference

	In addition to the arguments listed above, the following computed attributes are exported:

	* `id` - an identifier for the resource with format `projects/{{project}}/locations/{{location}}/attachedClusters/{{name}}`

	* `cluster_region` -
	Output only. The region where this cluster runs.
	For EKS clusters, this is an AWS region. For AKS clusters,
	this is an Azure region.

	* `state` -
	The current state of the cluster. Possible values:
	STATE_UNSPECIFIED, PROVISIONING, RUNNING, RECONCILING, STOPPING, ERROR,
	DEGRADED

	* `uid` -
	A globally unique identifier for the cluster.

	* `reconciling` -
	If set, there are currently changes in flight to the cluster.

	* `create_time` -
	Output only. The time at which this cluster was created.

	* `update_time` -
	The time at which this cluster was last updated.

	* `kubernetes_version` -
	The Kubernetes version of the cluster.

	* `workload_identity_config` -
	Workload Identity settings.
	Structure is [documented below](#nested_workload_identity_config).

	* `errors` -
	A set of errors found in the cluster.
	Structure is [documented below](#nested_errors).

	* `effective_annotations` -
	All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.


	<a name="nested_workload_identity_config"></a>The `workload_identity_config` block contains:

	* `identity_provider` -
	(Optional)
	The ID of the OIDC Identity Provider (IdP) associated to
	the Workload Identity Pool.

	* `issuer_uri` -
	(Optional)
	The OIDC issuer URL for this cluster.

	* `workload_pool` -
	(Optional)
	The Workload Identity Pool associated to the cluster.

	<a name="nested_errors"></a>The `errors` block contains:

	* `message` -
	(Optional)
	Human-friendly description of the error.

	## Timeouts

	This resource provides the following
	[Timeouts](https://developer.hashicorp.com/terraform/plugin/sdkv2/resources/retries-and-customizable-timeouts) configuration options:

	- `create` - Default is 20 minutes.
	- `update` - Default is 20 minutes.
	- `delete` - Default is 20 minutes.

	## Import


	Cluster can be imported using any of these accepted formats:

	* `projects/{{project}}/locations/{{location}}/attachedClusters/{{name}}`
	* `{{project}}/{{location}}/{{name}}`
	* `{{location}}/{{name}}`


	In Terraform v1.5.0 and later, use an [`import` block](https://developer.hashicorp.com/terraform/language/import) to import Cluster using one of the formats above. For example:

	```tf
	import {
	id = "projects/{{project}}/locations/{{location}}/attachedClusters/{{name}}"
	to = google_container_attached_cluster.default
	}
	```

	When using the [`terraform import` command](https://developer.hashicorp.com/terraform/cli/commands/import), Cluster can be imported using one of the formats above. For example:

	```
	$ terraform import google_container_attached_cluster.default projects/{{project}}/locations/{{location}}/attachedClusters/{{name}}
	$ terraform import google_container_attached_cluster.default {{project}}/{{location}}/{{name}}
	$ terraform import google_container_attached_cluster.default {{location}}/{{name}}
	```

	## User Project Overrides

	This resource supports [User Project Overrides](https://registry.terraform.io/providers/hashicorp/google/latest/docs/guides/provider_reference#user_project_override).