Configure a GKE Standard cluster in Application Design Center

A GKE Standard cluster provides a managed environment for deploying, managing, and scaling your containerized applications using Google infrastructure. This document describes the connections and parameters you can configure when using App Design Center to create a GKE Standard cluster. The configuration parameters are based on the GKE Standard Cluster Terraform module .

Component connections

The following table includes the components that you can connect to a GKE Standard cluster, and the resulting updates to your application and its generated Terraform code.

Component	Description	Background information
Google Kubernetes Engine node pool	Adds a node pool to the cluster configuration.	About node pools

Required configuration parameters

If your template includes a GKE Standard cluster, you must configure the following parameters before you deploy.

Feature	Parameter name	Description and constraint information	Background information
	Name	The name of the cluster.	About cluster configuration choices
	Project Id	The project where you want to create the GKE Standard cluster.	Configure components
	Network	network	Explore GKE networking documentation and use cases
	Subnetwork	subnetwork	Explore GKE networking documentation and use cases
Master Authorized Networks Config	CIDR Block Display name	displayName	About network isolation in GKE
Master Authorized Networks Config	CIDR Block	cidrBlock	About network isolation in GKE
Workload Identity Config	Workload Pool	workloadPool	Use Workload Identity
	Regionor Zone	The location (region or zone) in which the cluster is created.	Cluster availability

Optional configuration parameters

The following parameters are optional. To display advanced parameters, in the Configurationarea, select Show advanced fields.

Feature

Parameter name

Description and constraint information

Background information

Description

Node Locations

Location and distribution of the nodes

Deletion Protection

Whether Terraform is prevented from destroying the cluster. Deleting this cluster using terraform destroy or terraform apply will only succeed if this field is false in the Terraform state.

deletion_protection

Master Authorized Networks Config

Gcp Public Cidrs Access Enabled

gcpPublicCidrsAccessEnabled

About network isolation in GKE

Master Authorized Networks Config

Private Endpoint Enforcement Enabled

privateEndpointEnforcementEnabled

About network isolation in GKE

Addons Config

Http Load Balancing

HttpLoadBalancing

GKE Ingress for Application Load Balancers

Horizontal Pod Autoscaling

horizontalPodAutoscaling

Horizontal Pod autoscaling

Network Policy Config

networkPolicyConfig

Control communication between Pods and Services using network policies

Istio Config

Secure Kubernetes Services with Istio

Istio Auth

Secure Kubernetes Services with Istio

DNS Cache Config

Setting up NodeLocal DNSCache

Config Connector Config

configConnectorConfig

Installing with the GKE add-on

GCE Persistent Disk CSI Driver Config

gcePersistentDiskCsiDriverConfig

Using the Compute Engine persistent disk CSI Driver

Kalm Config

GCP Filestore CSI Driver Config

GcpFilestoreCsiDriverConfig

Access Filestore instances with the Filestore CSI driver

GKE Backup Agent Config

GkeBackupAgentConfig

GCS Fuse CSI Driver Config

GcsFuseCsiDriverConfig

About Cloud Storage FUSE CSI driver for GKE

Stateful HA Config

StatefulHaConfig

Increase stateful app availability with Stateful HA Operator

Parallelstore CSI Config

ParallelstoreCsiDriverConfig

About the Google Kubernetes Engine Parallelstore CSI driver

Ray Operator Config

RayOperatorConfig

About Ray on GKE

Ray Cluster Logging Config

RayClusterLoggingConfig

Collect and view logs and metrics for Ray clusters on Google Kubernetes Engine

Ray Cluster Monitoring Config

RayClusterMonitoringConfig

Cluster Ipv4 Cidr

clusterIpv4Cidr

Create a VPC-native cluster

Cluster Autoscaling

Enabled

enableNodeAutoprovisioning

About GKE cluster autoscaling

Resource Limits

About GKE cluster autoscaling

Auto Provisioning Defaults

AutoprovisioningNodePoolDefaults

About node pool auto-creation

Shielded Instance Config

ShieldedInstanceConfig

Using Shielded GKE nodes

Auto Upgrade

Auto-upgrading nodes

Auto Repair

Node auto-repair

Upgrade Settings

UpgradeSettings

Auto-upgrading nodes

Auto Provisioning Locations

autoprovisioningLocations[]

About GKE cluster autoscaling

Autoscaling Profile

AutoscalingProfile

About GKE cluster autoscaling

Binary Authorization

Evaluation mode

BinaryAuthorization

Use Binary Authorization

Service External IPs Config

Enabled

ServiceExternalIpsConfig

Exposing applications using services

Mesh Certificates

Enable Certificates

meshCertificates

Database Encryption

DatabaseEncryption

Encrypt secrets at the application layer

Default Max Pods Per Node

defaultMaxPodsConstraint

Configure maximum pods per node

Enable Kubernetes Alpha

enableKubernetesAlpha

Enable K8s Beta Apis

Enabled APIs

K8sBetaApisConfig

Use Kubernetes beta APIs with GKE clusters

Enable Tpu

About Cloud TPU in GKE

Enable Legacy Abac

Update legacy authentication methods

Enable Shielded Nodes

Use Shielded GKE Nodes

Initial Node Count

initialNodeCount

Add and manage node pools

Ip Allocation Policy

IpAllocationPolicy

VPC-native clusters

Logging Config

Enable Components

enableComponents

Logging Service

Troubleshooting logging in GKE

Maintenance Policy

MaintenancePolicy

Maintenance windows and exclusions

Master Auth

clientCertificateConfig

Authenticate to the Kubernetes API server

Min Master Version

min_master_version

Versioning and upgrades

Monitoring Config

Enable Components

enableComponents

Configure metrics collection

Monitoring Service

monitoringService

Configure metrics collection

Network Policy

Control communication between Pods and Services using network policies

Node Config

Confidential nodes

ConfidentialNodes

Encrypt workload data in-use with Confidential GKE Nodes

Disk Size Gb

About GKE node sizing

Disk Type

Local ephemeral storage reservation

Enable Confidential Storage

enableConfidentialStorage

Encrypt workload data in-use with Confidential Google Kubernetes Engine Nodes

Local SSD Encryption Mode

LocalSsdEncryptionMode

About Local SSD for GKE

Ephemeral Storage Local Ssd Config

EphemeralStorageLocalSsdConfig

About Local SSD for GKE

Fast Socket

Improve workload efficiency using NCCL Fast Socket

Local Nvme Ssd Block Config

LocalNvmeSsdBlockConfig

About Local SSD for GKE

Secondary Boot Disks

secondaryBootDisks

Use secondary boot disks to preload data or container images

Gcfs Config

Use image streaming to pull container images

Virtual Nic

About multi-networking support for Pods

Guest Accelerator

acceleratorConfig

Run GPUs in GKE Standard node pools

Labels

Create and manage cluster and node pool labels

Resource Labels

Create and manage cluster and node pool labels

Max Run Duration

Limit the run time of auto-created nodes

Flex Start

Run a large-scale workload with flex-start with queued provisioning

Local SSD Count

About Local SSD for GKE

Machine Type

Choose a machine type for a node pool

Metadata

About VM metadata

Min Cpu Platform

Choose a minimum CPU platform

Oauth Scopes

Access scopes in GKE

Preemptible

Using preemptible VMs to run fault-tolerant workloads

Reservation Affinity

reservationAffinity

Consuming reserved zonal resources

Spot

Sandbox Config

Boot Disk Kms Key

boot_disk_kms_key

Use customer-managed encryption keys (CMEK)

Service Account

About service accounts in GKE

Shielded Instance Config

ShieldedInstanceConfig

Using Shielded GKE nodes

Storage Pools

Storage for GKE clusters overview

Tags

Manage GKE resources using Tags

Resource Manager Tags

resourceManagerTags

Taint

Configure workload separation in GKE

Workload Metadata Config

workloadMetadataConfig

Authenticate to Google Cloud APIs from GKE workloads

Node Kubelet Config

NodeKubeletConfig

Customizing nde system configuration

Linux Node Config

LinuxNodeConfig

LinuxNodeConfig

Windows Node Config

windowsNodeConfig

Creating a cluster with Windows Server node pools

Containerd Config

ContainerdConfig

Containerd node images

Node Group

Isolate your GKE workloads using sole-tenant nodes

Sole Tenant Config

soleTenantConfig

Isolate your GKE workloads using sole-tenant nodes

Node Pool Auto Config

Insecure Kubelet Readonly Port Enabled

insecureKubeletReadonlyPortEnabled

Disable the kubelet read-only port in GKE clusters

Resource Manager Tags

resourceManagerTags

Network Tags

Linux Node Config

LinuxNodeConfig

Linux cgroup mode configuration options

Node Pool

Cluster

About node pools

Project

Zones

Name

Name Prefix

Node Count

Kubernetes Version

Node Locations

Initial Node Count

initialNodeCount

Max Pods Per Node

maxPodsConstraint

Configure maximum Pods per node

Autoscaling

About GKE autoscaling

Min Node Count

Max Node Count

Total Min Node Count

totalMinNodeCount

Total Max Node Count

totalMaxNodeCount

Location Policy

Auto Repair

Node auto-repair

Auto Upgrade

Auto-upgrading nodes

Disk Size Gb

About node pools

Disk Type

About node pools

Enable Confidential Storage

enableConfidentialStorage

Encrypt workload data in-use with Confidential Google Kubernetes Engine Nodes

Local Ssd Encryption Mode

localSsdEncryptionMode

About Local SSD for GKE

Image Type

Labels

Create and manage cluster and node pool labels

Resource Labels

Create and manage cluster and node pool labels

Max Run Duration

Limit run time for auto-provisioned nodes

Flex Start

Run a large-scale workload with flex-start

Local Ssd Count

About local SSD for GKE

Machine Type

Machine families resource and comparison guide

Metadata

About VM metadata

Min Cpu Platform

Choose a minimum CPU platform

Oauth Scopes

Access scopes in GKE

Preemptible

Using preemptible VMs to run fault-tolerant workloads

Spot

Boot Disk Kms Key

boot_disk_kms_key

Use customer-managed encryption keys (CMEK)

Service Account

About service accounts in GKE

Storage Pools

Storage for GKE clusters overview

Tags

Manage GKE resources using Tags

Resource Manager Tags

resourceManagerTags

Node Group

Isolate your GKE workloads using sole-tenant nodes

Confidential Nodes

Encrypt workload data in-use with Confidential GKE Nodes

Ephemeral Storage Config

EphemeralStorageLocalSsdConfig

About Local SSD for GKE

Local Ssd Count

About Local SSD for GKE

Local Ssd Count

About Local SSD for GKE

Data Cache Count

About Local SSD for GKE

Fast Socket

Improve workload efficiency using NCCL Fast Socket

Local Nvme Ssd Block Config

LocalNvmeSsdBlockConfig

About Local SSD for GKE

Logging Variant

Adjust log throughput

Disk Image

Use secondary boot disks to preload data or container images

Mode

Use secondary boot disks to preload data or container images

Gcfs Config

Use image streaming to pull container images

Gvnic

About multi-networking support for Pods

Guest Accelerator Type

acceleratorType

Run GPUs in GKE Standard node pools

Count

acceleratorCount

Run GPUs in GKE Standard node pools

Gpu Driver Version

gpuDriverVersion

Run GPUs in GKE Standard node pools

Gpu Partition Size

gpuPartitionSize

Run GPUs in GKE Standard node pools

Gpu Sharing Strategy

gpuSharingStrategy

About GPU sharing strategies in GKE

Max Shared Clients Per Gpu

maxSharedClientsPerGpu

About GPU sharing strategies in GKE

Consume Reservation Type

consumeReservationType

Consuming reserved zonal resources

Key

key

Values

Sandbox Type

Enable Secure Boot

enableSecureBoot

Using Shielded GKE nodes

Enable Integrity Monitoring

enableIntegrityMonitoring

Using Shielded GKE nodes

Taint

Configure workload separation in GKE

Workload Metadata Mode

Authenticate to Google Cloud APIs from GKE workloads

Kubelet Config

NodeKubeletConfig

Customizing nde system configuration

Linux Node Config

LinuxNodeConfig

LinuxNodeConfig

Windows Node Config

windowsNodeConfig

Creating a cluster with Windows Server node pools

Containerd Config

ContainerdConfig

Containerd node images

Sole Tenant Config

soleTenantConfig

Isolate your GKE workloads using sole-tenant nodes

Network Config

NodenetworkConfig

VPC-native clusters

Upgrade Settings

upgradeSettings

Configure node upgrade strategies

Placement Policy

PlacementPolicy

Define compact placement for GKE nodes

Queued Provisioning

QueuedProvisioning

Run a large-scale workload with flex-start with queued provisioning

Node Pool Defaults

Node Config Defaults

NodePoolDefaults

Configure node pool auto-creation

Node Version

GKE versioning and support

Notification Config

Pubsub enabled

Cluster notifications

Topic

Filter Event Type

Confidential Nodes

Enabled

ConfidentialNodes

Encrypt workload data in-use with Confidential Google Kubernetes Engine Nodes

Pod Security Policy Config

Enabled

podSecurityPolicyConfig

PodSecurityPolicy dprecation

Pod Autoscaling

HPA Profile

Horizontal Pod autoscaling

Vertical Pod Autoscaling

Enabled

VerticalPodAutoscaling

Vertical Pod autoscaling

Secret Manager Config

Enabled

SecretManagerConfig

Protect your data with secret management

Authenticator Groups Config

Security Group

AuthenticatorGroupsConfig

Configure Google Groups for RBAC

Control Plane Endpoints Config

DNS Endpoint Config

About network isolation in GKE

Private Cluster Config

PrivateClusterConfig

Creating a private cluster

Cluster Telemetry

Type

clusterTelemetry

Release Channel

About release channels

Remove Default Node Pool

remove_default_node_pool

Resource Labels

Create and manage cluster and node pool labels

Cost Management Config

Enabled

CostManagementConfig

Get key spending insights for your GKE resource allocation and cluster costs

Resource Usage Export COnfig

Enabled

ResourceUsageExportConfig

Understanding cluster resource usage

Workload Identity Config

Workload Pool

Use Workload Identity

Identity Service Config

Enabled

IdentityServiceConfig

Use external identity providers to authenticate to GKE

Enable Intranode Visibility

enableIntranodeVisibility

Setting up intranode visibility

Enable L4 Ilb Subsetting

enableL4ilbSubsetting

Create an internal load balancer

Disable L4 Lb Firewall Reconciliation

disableL4LbFirewallReconciliation

User-managed firewall rules for GKE LoadBalancer Services

Enable Multi Networking

enableMultiNetworking

About multi-network support for Pods

In Transit Encryption Config

InTransitEncryptionConfig

About FIPS-validated encryption in GKE

Enable Fqdn Network Policy

enableFqdnNetworkPolicy

Control Pod egress traffic using FQDN network policies

Enable Cilium Clusterwide Network Policy

enableCiliumClusterwideNetworkPolicy

Control cluster-wide communication using network policies

Private Ipv6 Google Access

PrivateIpv6GoogleAccess

VPC-native clusters

Datapath Provider

DatapathProvider

Using GKE Dataplane V2

Default Snat Status

defaultSnatStatus

IP masquerade agent

Dns Config

Using Cloud DNS for GKE

Gateway Api Config

GatewayAPIConfig

About Gateway API

Protect Config

security posture Config

SecurityPostureConfig

About the security posture dashboard

Fleet

Project

Fleet management

Workload Alts Config

Enable Alts

WorkloadALTSConfig

Enterprise Config

Desired Tier

EnterpriseConfig

Timeouts

Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License , and code samples are licensed under the Apache 2.0 License . For details, see the Google Developers Site Policies . Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2025-12-18 UTC.

Design a Mobile Site

View Site in Mobile | Classic

Share by: