mirror of
https://github.com/imjasonh/gcloud-help
synced 2026-07-08 02:25:19 +00:00
gcloud: Wed Oct 9 09:55:07 UTC 2024
This commit is contained in:
parent
489be55d99
commit
4ffb04ab9e
211 changed files with 7635 additions and 1232 deletions
|
|
@ -12,7 +12,6 @@ SYNOPSIS
|
|||
[--binauthz-evaluation-mode=BINAUTHZ_EVALUATION_MODE]
|
||||
[--description=DESCRIPTION] [--enable-managed-prometheus]
|
||||
[--logging=COMPONENT,[COMPONENT,...]] [--validate-only]
|
||||
[--workload-vulnerability-scanning=WORKLOAD_VULNERABILITY_SCANNING]
|
||||
[--proxy-secret-name=PROXY_SECRET_NAME
|
||||
--proxy-secret-namespace=PROXY_SECRET_NAMESPACE]
|
||||
[GCLOUD_WIDE_FLAG ...]
|
||||
|
|
@ -180,17 +179,6 @@ OPTIONAL FLAGS
|
|||
--validate-only
|
||||
Validate the cluster to create, but don't actually perform it.
|
||||
|
||||
--workload-vulnerability-scanning=WORKLOAD_VULNERABILITY_SCANNING
|
||||
Sets the mode of the Kubernetes security posture API's workload
|
||||
vulnerability scanning. To enable Advanced vulnerability insights mode
|
||||
explicitly set the flag to
|
||||
--workload-vulnerability-scanning=enterprise.
|
||||
|
||||
To disable in an existing cluster, explicitly set the flag to
|
||||
--workload-vulnerability-scanning=disabled.
|
||||
|
||||
WORKLOAD_VULNERABILITY_SCANNING must be one of: disabled, enterprise.
|
||||
|
||||
Proxy config
|
||||
|
||||
--proxy-secret-name=PROXY_SECRET_NAME
|
||||
|
|
|
|||
|
|
@ -8,7 +8,6 @@ SYNOPSIS
|
|||
[--clear-description] [--description=DESCRIPTION]
|
||||
[--logging=COMPONENT,[COMPONENT,...]]
|
||||
[--platform-version=PLATFORM_VERSION] [--validate-only]
|
||||
[--workload-vulnerability-scanning=WORKLOAD_VULNERABILITY_SCANNING]
|
||||
[--admin-groups=[GROUP,...] | --clear-admin-groups]
|
||||
[--admin-users=[USER,...] | --clear-admin-users]
|
||||
[--disable-managed-prometheus | --enable-managed-prometheus]
|
||||
|
|
@ -99,17 +98,6 @@ FLAGS
|
|||
--validate-only
|
||||
Validate the update of the cluster, but don't actually perform it.
|
||||
|
||||
--workload-vulnerability-scanning=WORKLOAD_VULNERABILITY_SCANNING
|
||||
Sets the mode of the Kubernetes security posture API's workload
|
||||
vulnerability scanning. To enable Advanced vulnerability insights mode
|
||||
explicitly set the flag to
|
||||
--workload-vulnerability-scanning=enterprise.
|
||||
|
||||
To disable in an existing cluster, explicitly set the flag to
|
||||
--workload-vulnerability-scanning=disabled.
|
||||
|
||||
WORKLOAD_VULNERABILITY_SCANNING must be one of: disabled, enterprise.
|
||||
|
||||
Admin groups
|
||||
|
||||
At most one of these can be specified:
|
||||
|
|
|
|||
|
|
@ -23,16 +23,19 @@ SYNOPSIS
|
|||
[--database-encryption-key=DATABASE_ENCRYPTION_KEY]
|
||||
[--default-max-pods-per-node=DEFAULT_MAX_PODS_PER_NODE]
|
||||
[--disable-default-snat] [--disk-size=DISK_SIZE]
|
||||
[--disk-type=DISK_TYPE] [--enable-autorepair] [--no-enable-autoupgrade]
|
||||
[--disk-type=DISK_TYPE]
|
||||
[--enable-authorized-networks-on-private-endpoint]
|
||||
[--enable-autorepair] [--no-enable-autoupgrade]
|
||||
[--enable-cilium-clusterwide-network-policy] [--enable-cloud-logging]
|
||||
[--enable-cloud-monitoring] [--enable-cloud-run-alpha]
|
||||
[--enable-confidential-nodes] [--enable-confidential-storage]
|
||||
[--enable-cost-allocation] [--enable-dataplane-v2] [--enable-fleet]
|
||||
[--enable-fqdn-network-policy] [--enable-google-cloud-access]
|
||||
[--enable-gvnic] [--enable-identity-service] [--enable-image-streaming]
|
||||
[--enable-cost-allocation] [--enable-dataplane-v2]
|
||||
[--enable-dns-access] [--enable-fleet] [--enable-fqdn-network-policy]
|
||||
[--enable-google-cloud-access] [--enable-gvnic]
|
||||
[--enable-identity-service] [--enable-image-streaming]
|
||||
[--enable-insecure-kubelet-readonly-port]
|
||||
[--enable-intra-node-visibility] [--enable-ip-alias]
|
||||
[--enable-kubernetes-alpha]
|
||||
[--enable-intra-node-visibility] [--enable-ip-access]
|
||||
[--enable-ip-alias] [--enable-kubernetes-alpha]
|
||||
[--enable-kubernetes-unstable-apis=API,[API,...]]
|
||||
[--enable-l4-ilb-subsetting] [--enable-legacy-authorization]
|
||||
[--enable-managed-prometheus] [--enable-master-global-access]
|
||||
|
|
@ -428,6 +431,10 @@ FLAGS
|
|||
DISK_TYPE must be one of: pd-standard, pd-ssd, pd-balanced,
|
||||
hyperdisk-balanced, hyperdisk-extreme, hyperdisk-throughput.
|
||||
|
||||
--enable-authorized-networks-on-private-endpoint
|
||||
Enable enforcement of --master-authorized-networks CIDR ranges for
|
||||
traffic reaching cluster's control plane via private IP.
|
||||
|
||||
--enable-autorepair
|
||||
Enable node autorepair feature for a cluster's default node pool(s).
|
||||
|
||||
|
|
@ -508,6 +515,11 @@ FLAGS
|
|||
Enables the new eBPF dataplane for GKE clusters that is required for
|
||||
network security, scalability and visibility features.
|
||||
|
||||
--enable-dns-access
|
||||
Enable access to the cluster's control plane over DNS-based endpoint.
|
||||
|
||||
DNS-based control plane access is recommended.
|
||||
|
||||
--enable-fleet
|
||||
Set cluster project as the fleet host project. This will register the
|
||||
cluster to the same project. To register the cluster to a fleet in a
|
||||
|
|
@ -556,6 +568,10 @@ FLAGS
|
|||
Enabling it on an existing cluster causes the cluster master and the
|
||||
cluster nodes to restart, which might cause a disruption.
|
||||
|
||||
--enable-ip-access
|
||||
Enable access to the cluster's control plane over private IP and public
|
||||
IP if --enable-private-endpoint is not enabled.
|
||||
|
||||
--enable-ip-alias
|
||||
Enable use of alias IPs
|
||||
(https://cloud.google.com/compute/docs/alias-ip/) for Pod IPs. This
|
||||
|
|
|
|||
|
|
@ -15,9 +15,10 @@ SYNOPSIS
|
|||
[--containerd-config-from-file=PATH_TO_FILE]
|
||||
[--create-subnetwork=[KEY=VALUE,...]]
|
||||
[--database-encryption-key=DATABASE_ENCRYPTION_KEY]
|
||||
[--enable-authorized-networks-on-private-endpoint]
|
||||
[--enable-backup-restore] [--enable-cilium-clusterwide-network-policy]
|
||||
[--enable-fleet] [--enable-google-cloud-access]
|
||||
[--enable-kubernetes-unstable-apis=API,[API,...]]
|
||||
[--enable-dns-access] [--enable-fleet] [--enable-google-cloud-access]
|
||||
[--enable-ip-access] [--enable-kubernetes-unstable-apis=API,[API,...]]
|
||||
[--enable-master-global-access] [--enable-ray-cluster-logging]
|
||||
[--enable-ray-cluster-monitoring] [--enable-ray-operator]
|
||||
[--enable-secret-manager] [--fleet-project=PROJECT_ID_OR_NUMBER]
|
||||
|
|
@ -223,6 +224,10 @@ FLAGS
|
|||
For more information, see
|
||||
https://cloud.google.com/kubernetes-engine/docs/how-to/encrypting-secrets.
|
||||
|
||||
--enable-authorized-networks-on-private-endpoint
|
||||
Enable enforcement of --master-authorized-networks CIDR ranges for
|
||||
traffic reaching cluster's control plane via private IP.
|
||||
|
||||
--enable-backup-restore
|
||||
Enable the Backup for GKE add-on. This add-on is disabled by default.
|
||||
To learn more, see the Backup for GKE overview:
|
||||
|
|
@ -232,6 +237,11 @@ FLAGS
|
|||
Enable Cilium Clusterwide Network Policies on the cluster. Disabled by
|
||||
default.
|
||||
|
||||
--enable-dns-access
|
||||
Enable access to the cluster's control plane over DNS-based endpoint.
|
||||
|
||||
DNS-based control plane access is recommended.
|
||||
|
||||
--enable-fleet
|
||||
Set cluster project as the fleet host project. This will register the
|
||||
cluster to the same project. To register the cluster to a fleet in a
|
||||
|
|
@ -243,6 +253,10 @@ FLAGS
|
|||
Google Cloud can reach the public control plane endpoint of your
|
||||
cluster.
|
||||
|
||||
--enable-ip-access
|
||||
Enable access to the cluster's control plane over private IP and public
|
||||
IP if --enable-private-endpoint is not enabled.
|
||||
|
||||
--enable-kubernetes-unstable-apis=API,[API,...]
|
||||
Enable Kubernetes beta API features on this cluster. Beta APIs are not
|
||||
expected to be production ready and should be avoided in
|
||||
|
|
|
|||
|
|
@ -3,7 +3,8 @@ NAME
|
|||
cluster
|
||||
|
||||
SYNOPSIS
|
||||
gcloud container clusters get-credentials NAME [--internal-ip]
|
||||
gcloud container clusters get-credentials NAME [--dns-endpoint]
|
||||
[--internal-ip]
|
||||
[--location=LOCATION | --region=REGION | --zone=ZONE, -z ZONE]
|
||||
[GCLOUD_WIDE_FLAG ...]
|
||||
|
||||
|
|
@ -49,6 +50,9 @@ POSITIONAL ARGUMENTS
|
|||
container/cluster property value for this command invocation.
|
||||
|
||||
FLAGS
|
||||
--dns-endpoint
|
||||
Whether to use the DNS-based endpoint for the cluster address.
|
||||
|
||||
--internal-ip
|
||||
Whether to use the internal IP address of the cluster endpoint.
|
||||
|
||||
|
|
|
|||
|
|
@ -15,15 +15,13 @@ SYNOPSIS
|
|||
| --disable-workload-identity | --enable-autoscaling
|
||||
| --[no-]enable-cilium-clusterwide-network-policy
|
||||
| --enable-cost-allocation | --enable-fleet
|
||||
| --enable-fqdn-network-policy | --enable-google-cloud-access
|
||||
| --enable-identity-service | --enable-image-streaming
|
||||
| --enable-insecure-kubelet-readonly-port
|
||||
| --enable-fqdn-network-policy | --enable-identity-service
|
||||
| --enable-image-streaming | --enable-insecure-kubelet-readonly-port
|
||||
| --enable-intra-node-visibility
|
||||
| --enable-kubernetes-unstable-apis=API,[API,...]
|
||||
| --enable-l4-ilb-subsetting | --enable-legacy-authorization
|
||||
| --enable-master-authorized-networks | --enable-master-global-access
|
||||
| --enable-multi-networking | --enable-network-policy
|
||||
| --enable-private-endpoint | --[no-]enable-ray-cluster-logging
|
||||
| --enable-private-nodes | --[no-]enable-ray-cluster-logging
|
||||
| --[no-]enable-ray-cluster-monitoring | --enable-secret-manager
|
||||
| --enable-service-externalips | --enable-shielded-nodes
|
||||
| --enable-stackdriver-kubernetes | --enable-vertical-pod-autoscaling
|
||||
|
|
@ -70,6 +68,11 @@ SYNOPSIS
|
|||
| --disable-dataplane-v2-flow-observability
|
||||
| --enable-dataplane-v2-flow-observability
|
||||
--disable-dataplane-v2-metrics | --enable-dataplane-v2-metrics
|
||||
| --enable-authorized-networks-on-private-endpoint
|
||||
--enable-dns-access --enable-google-cloud-access --enable-ip-access
|
||||
--enable-master-global-access --enable-private-endpoint
|
||||
--enable-master-authorized-networks
|
||||
--master-authorized-networks=NETWORK,[NETWORK,...]
|
||||
| [--enable-autoprovisioning
|
||||
: --autoprovisioning-config-file=PATH_TO_FILE
|
||||
| --autoprovisioning-image-type=AUTOPROVISIONING_IMAGE_TYPE
|
||||
|
|
@ -94,7 +97,6 @@ SYNOPSIS
|
|||
| --password=PASSWORD --enable-basic-auth
|
||||
| --username=USERNAME, -u USERNAME) [--async]
|
||||
[--cloud-run-config=[load-balancer-type=EXTERNAL,...]]
|
||||
[--master-authorized-networks=NETWORK,[NETWORK,...]]
|
||||
[--node-pool=NODE_POOL]
|
||||
[--location=LOCATION | --region=REGION | --zone=ZONE, -z ZONE]
|
||||
[--location-policy=LOCATION_POLICY --max-nodes=MAX_NODES
|
||||
|
|
@ -297,11 +299,6 @@ REQUIRED FLAGS
|
|||
Enable FQDN Network Policies on the cluster. FQDN Network Policies
|
||||
are disabled by default.
|
||||
|
||||
--enable-google-cloud-access
|
||||
When you enable Google Cloud Access, any public IP addresses owned by
|
||||
Google Cloud can reach the public control plane endpoint of your
|
||||
cluster.
|
||||
|
||||
--enable-identity-service
|
||||
Enable Identity Service component on the cluster.
|
||||
|
||||
|
|
@ -347,26 +344,6 @@ REQUIRED FLAGS
|
|||
use RBAC permissions instead, create or update your cluster with the
|
||||
option --no-enable-legacy-authorization.
|
||||
|
||||
--enable-master-authorized-networks
|
||||
Allow only specified set of CIDR blocks (specified by the
|
||||
--master-authorized-networks flag) to connect to Kubernetes master
|
||||
through HTTPS. Besides these blocks, the following have access as
|
||||
well:
|
||||
|
||||
1) The private network the cluster connects to if
|
||||
`--enable-private-nodes` is specified.
|
||||
2) Google Compute Engine Public IPs if `--enable-private-nodes` is not
|
||||
specified.
|
||||
|
||||
Use --no-enable-master-authorized-networks to disable. When disabled,
|
||||
public internet (0.0.0.0/0) is allowed to connect to Kubernetes
|
||||
master through HTTPS.
|
||||
|
||||
--enable-master-global-access
|
||||
Use with private clusters to allow access to the master's private
|
||||
endpoint from any Google Cloud region or on-premises environment
|
||||
regardless of the private cluster's region.
|
||||
|
||||
--enable-multi-networking
|
||||
Enables multi-networking on the cluster. Multi-networking is disabled
|
||||
by default.
|
||||
|
|
@ -377,9 +354,20 @@ REQUIRED FLAGS
|
|||
addon must first be enabled on the master by using
|
||||
--update-addons=NetworkPolicy=ENABLED flag.
|
||||
|
||||
--enable-private-endpoint
|
||||
Enables cluster's control plane to be accessible using private IP
|
||||
address only.
|
||||
--enable-private-nodes
|
||||
Standard cluster: Enable private nodes as a default behavior for all
|
||||
newly created node pools, if --enable-private-nodes is not provided
|
||||
at node pool creation time.
|
||||
|
||||
Modifications to this flag do not affect `--enable-private-nodes` state of the
|
||||
existing node pools.
|
||||
|
||||
Autopilot cluster: Force new and existing workloads, without explicit
|
||||
cloud.google.com/private-node=true node selector, to run on nodes
|
||||
with no public IP address.
|
||||
|
||||
Modifications to this flag trigger a re-schedule operation on all existng
|
||||
workloads to run on different node VMs.
|
||||
|
||||
--[no-]enable-ray-cluster-logging
|
||||
Enable automatic log processing sidecar for Ray clusters. Use
|
||||
|
|
@ -1043,6 +1031,57 @@ REQUIRED FLAGS
|
|||
--enable-dataplane-v2-metrics
|
||||
Exposes advanced datapath flow metrics on node port.
|
||||
|
||||
--enable-authorized-networks-on-private-endpoint
|
||||
Enable enforcement of --master-authorized-networks CIDR ranges for
|
||||
traffic reaching cluster's control plane via private IP.
|
||||
|
||||
--enable-dns-access
|
||||
Enable access to the cluster's control plane over DNS-based endpoint.
|
||||
|
||||
DNS-based control plane access is recommended.
|
||||
|
||||
--enable-google-cloud-access
|
||||
When you enable Google Cloud Access, any public IP addresses owned by
|
||||
Google Cloud can reach the public control plane endpoint of your
|
||||
cluster.
|
||||
|
||||
--enable-ip-access
|
||||
Enable access to the cluster's control plane over private IP and
|
||||
public IP if --enable-private-endpoint is not enabled.
|
||||
|
||||
--enable-master-global-access
|
||||
Use with private clusters to allow access to the master's private
|
||||
endpoint from any Google Cloud region or on-premises environment
|
||||
regardless of the private cluster's region.
|
||||
|
||||
--enable-private-endpoint
|
||||
Enables cluster's control plane to be accessible using private IP
|
||||
address only.
|
||||
|
||||
Master Authorized Networks
|
||||
|
||||
--enable-master-authorized-networks
|
||||
Allow only specified set of CIDR blocks (specified by the
|
||||
--master-authorized-networks flag) to connect to Kubernetes master
|
||||
through HTTPS. Besides these blocks, the following have access as
|
||||
well:
|
||||
|
||||
1) The private network the cluster connects to if
|
||||
`--enable-private-nodes` is specified.
|
||||
2) Google Compute Engine Public IPs if `--enable-private-nodes` is not
|
||||
specified.
|
||||
|
||||
Use --no-enable-master-authorized-networks to disable. When
|
||||
disabled, public internet (0.0.0.0/0) is allowed to connect to
|
||||
Kubernetes master through HTTPS.
|
||||
|
||||
--master-authorized-networks=NETWORK,[NETWORK,...]
|
||||
The list of CIDR blocks (up to 100 for private cluster, 50 for
|
||||
public cluster) that are allowed to connect to Kubernetes master
|
||||
through HTTPS. Specified in CIDR notation (e.g. 1.2.3.4/30). Cannot
|
||||
be specified unless --enable-master-authorized-networks is also
|
||||
specified.
|
||||
|
||||
Node autoprovisioning
|
||||
|
||||
--enable-autoprovisioning
|
||||
|
|
@ -1360,12 +1399,6 @@ OPTIONAL FLAGS
|
|||
$ gcloud container clusters update example-cluster \
|
||||
--cloud-run-config=load-balancer-type=INTERNAL
|
||||
|
||||
--master-authorized-networks=NETWORK,[NETWORK,...]
|
||||
The list of CIDR blocks (up to 100 for private cluster, 50 for public
|
||||
cluster) that are allowed to connect to Kubernetes master through
|
||||
HTTPS. Specified in CIDR notation (e.g. 1.2.3.4/30). Cannot be
|
||||
specified unless --enable-master-authorized-networks is also specified.
|
||||
|
||||
--node-pool=NODE_POOL
|
||||
Node pool to be updated.
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue