GCP Container Cluster
Google Kubernetes Engine (GKE) Container Clusters provide managed Kubernetes control-planes and node infrastructure on Google Cloud Platform. A cluster groups together one or more node pools running containerised workloads, and exposes both the Kubernetes API server and optional add-ons such as Cloud Monitoring, Cloud Logging, Workload Identity and Binary Authorisation.
For a full description of the service see the official Google documentation: https://cloud.google.com/kubernetes-engine/docs
Terrafrom Mappings:
google_container_cluster.id
Supported Methodsβ
GET: Get a gcp-container-cluster by its "locations|clusters"LISTSEARCH: Search for GKE clusters in a location. Use the format "location" or the full resource name supported for terraform mappings.
Possible Linksβ
gcp-cloud-kms-crypto-keyβ
A cluster can be configured to encrypt Kubernetes secrets and etcd data at rest using a customer-managed Cloud KMS crypto key. When customer-managed encryption is enabled, the cluster stores the resource ID of the key that protects its control-plane data, creating a link between the cluster and the KMS crypto key.
gcp-compute-networkβ
Every GKE cluster is deployed into a VPC network. All control-plane and node traffic flows inside this network, and the cluster stores the name of the network it belongs to, creating a relationship with the corresponding gcp-compute-network resource.
gcp-compute-node-groupβ
If a node pool is configured to run on sole-tenant nodes, GKE provisions or attaches to Compute Engine node groups for placement. The cluster will therefore reference any node groups used by its node pools.
gcp-compute-subnetworkβ
Within the chosen VPC, a cluster is attached to one or more subnetworks to allocate IP ranges for nodes, pods and services. The subnetwork resource(s) appear in the clusterβs configuration and are linked to the cluster.
gcp-container-node-poolβ
A cluster is composed of one or more node pools that provide the actual worker nodes. Each node pool references its parent cluster, and the cluster maintains a list of all associated node pools.
gcp-iam-service-accountβ
GKE uses service accounts for both the control-plane (Google-managed) and the nodes (user-specified or default). Additionally, Workload Identity maps Kubernetes service accounts to IAM service accounts. Any service account configured for node pools, Workload Identity or authorised networks will be linked to the cluster.
gcp-pub-sub-topicβ
Audit logs and event streams originating from a GKE cluster can be exported via Logging sinks to Pub/Sub topics for downstream processing. When such a sink targets a Pub/Sub topic, the cluster indirectly references that topic, creating a link captured by Overmind.