Console
    Contact Us Start free

    Configure a GKE Autopilot cluster in Application Design Center

    A GKE Autopilot cluster lets Google manage your infrastructure configuration, including your nodes, scaling, security, and other preconfigured settings. Autopilot is optimized to run most production workloads, and provisions compute resources based on your Kubernetes manifests.

    This document describes the connections and parameters you can configure when using App Design Center to create a GKE Autopilot cluster. The configuration parameters are based on the GKE Autopilot cluster Terraform module .

    Required configuration parameters

    If your template includes a GKE Autopilot cluster, you must configure the following parameters before you deploy.

    Feature Parameter name Description and constraint information Background information
    		Name The name of the cluster. About cluster configuration choices
    		Project Id The project where you want to create the GKE Autopilot cluster. Configure components
    		Regionor Zone The location (region or zone) in which the cluster is created. Cluster availability
    		Network network Explore GKE networking documentation and use cases
    		Subnetwork subnetwork Explore GKE networking documentation and use cases
    Master Authorized Networks Config
    		 CIDR Block Display name displayName About network isolation in GKE
    Master Authorized Networks Config
    		 CIDR Block cidrBlock About network isolation in GKE
    Workload Identity Config
    		 Workload Pool workloadPool Use Workload Identity

    Optional configuration parameters

    The following parameters are optional. To display advanced parameters, in the Configurationarea, select Show advanced fields.

    Feature
    Parameter name
    Description and constraint information
    Background information
    Description
    description
    Node Locations
    locations
    Location and distribution of the nodes
    Deletion Protection
    Whether Terraform is prevented from destroying the cluster. Deleting this cluster using terraform destroy or terraform apply will only succeed if this field is false in the Terraform state.
    deletion_protection
    Master Authorized Networks Config
    Gcp Public Cidrs Access Enabled
    gcpPublicCidrsAccessEnabled
    About network isolation in GKE
    Master Authorized Networks Config
    Private Endpoint Enforcement Enabled
    privateEndpointEnforcementEnabled
    About network isolation in GKE
    Addons Config
    GCP Filestore CSI Driver Config
    GcpFilestoreCsiDriverConfig
    Access Filestore instances with the Filestore CSI driver
    GKE Backup Agent Config
    GkeBackupAgentConfig
    backup for GKE
    Ray Operator Config
    RayOperatorConfig
    About Ray on GKE
    Ray Cluster Logging Config
    RayClusterLoggingConfig
    Collect and view logs and metrics for Ray clusters on Google Kubernetes Engine
    Ray Cluster Monitoring Config
    RayClusterMonitoringConfig
    Cluster Ipv4 Cidr
    clusterIpv4Cidr
    Create a VPC-native cluster
    Cluster Autoscaling
    Auto Provisioning Defaults
    AutoprovisioningNodePoolDefaults
    About node pool auto-creation
    Binary Authorization
    Evaluation mode
    BinaryAuthorization
    Use Binary Authorization
    Service External IPs Config
    Enabled
    ServiceExternalIpsConfig
    Exposing applications using services
    Mesh Certificates
    Enable Certificates
    meshCertificates
    Database Encryption
    DatabaseEncryption
    Encrypt secrets at the application layer
    Enable K8s Beta Apis
    Enabled APIs
    K8sBetaApisConfig
    Use Kubernetes beta APIs with GKE clusters
    Ip Allocation Policy
    IpAllocationPolicy
    VPC-native clusters
    Logging Config
    Enable Components
    enableComponents
    About GKE logs
    Maintenance Policy
    MaintenancePolicy
    Maintenance windows and exclusions
    Master Auth
    clientCertificateConfig
    Authenticate to the Kubernetes API server
    Min Master Version
    min_master_version
    Versioning and upgrades
    Monitoring Config
    Enable Components
    enableComponents
    Configure metrics collection
    Node Pool Auto Config
    Insecure Kubelet Readonly Port Enabled
    insecureKubeletReadonlyPortEnabled
    Disable the kubelet read-only port in GKE clusters
    Resource Manager Tags
    resourceManagerTags
    Tags overview
    Network Tags
    tags
    Tags overview
    Linux Node Config
    LinuxNodeConfig
    Linux cgroup mode configuration options
    Notification Config
    Pubsub enabled
    PubSub
    Cluster notifications
    Topic
    topic
    Filter Event Type
    filter
    Confidential Nodes
    Enabled
    ConfidentialNodes
    Encrypt workload data in-use with Confidential Google Kubernetes Engine Nodes
    Pod Security Policy Config
    Enabled
    podSecurityPolicyConfig
    PodSecurityPolicy dprecation
    Pod Autoscaling
    HPA Profile
    PodAutoscaling
    Horizontal Pod autoscaling
    Vertical Pod Autoscaling
    Enabled
    VerticalPodAutoscaling
    Vertical Pod autoscaling
    Secret Manager Config
    Enabled
    SecretManagerConfig
    Protect your data with secret management
    Authenticator Groups Config
    Security Group
    AuthenticatorGroupsConfig
    Configure Google Groups for RBAC
    Control Plane Endpoints Config
    DNS Endpoint Config
    About network isolation in GKE
    Private Cluster Config
    PrivateClusterConfig
    Creating a private cluster
    Cluster Telemetry
    Type
    clusterTelemetry
    Release Channel
    ReleaseChannel
    About release channels
    Resource Labels
    resourceLabels
    Create and manage cluster and node pool labels
    Cost Management Config
    Enabled
    CostManagementConfig
    Get key spending insights for your GKE resource allocation and cluster costs
    Resource Usage Export COnfig
    Enabled
    ResourceUsageExportConfig
    Understanding cluster resource usage
    Identity Service Config
    Enabled
    IdentityServiceConfig
    Use external identity providers to authenticate to GKE
    Enable L4 Ilb Subsetting
    enableL4ilbSubsetting
    Create an internal load balancer
    Disable L4 Lb Firewall Reconciliation
    disableL4LbFirewallReconciliation
    User-managed firewall rules for GKE LoadBalancer Services
    Enable Multi Networking
    enableMultiNetworking
    About multi-network support for Pods
    In Transit Encryption Config
    InTransitEncryptionConfig
    About FIPS-validated encryption in GKE
    Enable Fqdn Network Policy
    enableFqdnNetworkPolicy
    Control Pod egress traffic using FQDN network policies
    Enable Cilium Clusterwide Network Policy
    enableCiliumClusterwideNetworkPolicy
    Control cluster-wide communication using network policies
    Private Ipv6 Google Access
    PrivateIpv6GoogleAccess
    VPC-native clusters
    Datapath Provider
    DatapathProvider
    Using GKE Dataplane V2
    Default Snat Status
    defaultSnatStatus
    IP masquerade agent
    Dns Config
    DNSConfig
    Using Cloud DNS for GKE
    Gateway Api Config
    GatewayAPIConfig
    About Gateway API
    Protect Config
    ProtectConfig
    security posture Config
    SecurityPostureConfig
    About the security posture dashboard
    Fleet
    Project
    Fleet
    Fleet management
    Workload Alts Config
    Enable Alts
    WorkloadALTSConfig
    Enterprise Config
    Desired Tier
    EnterpriseConfig
    Allow Net Admin
    allowNetAdmin
    GKE Autopilot security measures
    Timeouts
    Timeouts
    Create a Mobile Website
    View Site in Mobile | Classic
    Share by: