1
0
Fork 0
mirror of https://github.com/imjasonh/gcloud-help synced 2026-07-08 02:25:19 +00:00

gcloud: Wed Oct 9 09:55:07 UTC 2024

This commit is contained in:
Automated 2024-10-09 09:55:07 +00:00
parent 489be55d99
commit 4ffb04ab9e
211 changed files with 7635 additions and 1232 deletions

View file

@ -12,7 +12,6 @@ SYNOPSIS
[--binauthz-evaluation-mode=BINAUTHZ_EVALUATION_MODE]
[--description=DESCRIPTION] [--enable-managed-prometheus]
[--logging=COMPONENT,[COMPONENT,...]] [--validate-only]
[--workload-vulnerability-scanning=WORKLOAD_VULNERABILITY_SCANNING]
[--proxy-secret-name=PROXY_SECRET_NAME
--proxy-secret-namespace=PROXY_SECRET_NAMESPACE]
[GCLOUD_WIDE_FLAG ...]
@ -180,17 +179,6 @@ OPTIONAL FLAGS
--validate-only
Validate the cluster to create, but don't actually perform it.
--workload-vulnerability-scanning=WORKLOAD_VULNERABILITY_SCANNING
Sets the mode of the Kubernetes security posture API's workload
vulnerability scanning. To enable Advanced vulnerability insights mode
explicitly set the flag to
--workload-vulnerability-scanning=enterprise.
To disable in an existing cluster, explicitly set the flag to
--workload-vulnerability-scanning=disabled.
WORKLOAD_VULNERABILITY_SCANNING must be one of: disabled, enterprise.
Proxy config
--proxy-secret-name=PROXY_SECRET_NAME

View file

@ -8,7 +8,6 @@ SYNOPSIS
[--clear-description] [--description=DESCRIPTION]
[--logging=COMPONENT,[COMPONENT,...]]
[--platform-version=PLATFORM_VERSION] [--validate-only]
[--workload-vulnerability-scanning=WORKLOAD_VULNERABILITY_SCANNING]
[--admin-groups=[GROUP,...] | --clear-admin-groups]
[--admin-users=[USER,...] | --clear-admin-users]
[--disable-managed-prometheus | --enable-managed-prometheus]
@ -99,17 +98,6 @@ FLAGS
--validate-only
Validate the update of the cluster, but don't actually perform it.
--workload-vulnerability-scanning=WORKLOAD_VULNERABILITY_SCANNING
Sets the mode of the Kubernetes security posture API's workload
vulnerability scanning. To enable Advanced vulnerability insights mode
explicitly set the flag to
--workload-vulnerability-scanning=enterprise.
To disable in an existing cluster, explicitly set the flag to
--workload-vulnerability-scanning=disabled.
WORKLOAD_VULNERABILITY_SCANNING must be one of: disabled, enterprise.
Admin groups
At most one of these can be specified:

View file

@ -23,16 +23,19 @@ SYNOPSIS
[--database-encryption-key=DATABASE_ENCRYPTION_KEY]
[--default-max-pods-per-node=DEFAULT_MAX_PODS_PER_NODE]
[--disable-default-snat] [--disk-size=DISK_SIZE]
[--disk-type=DISK_TYPE] [--enable-autorepair] [--no-enable-autoupgrade]
[--disk-type=DISK_TYPE]
[--enable-authorized-networks-on-private-endpoint]
[--enable-autorepair] [--no-enable-autoupgrade]
[--enable-cilium-clusterwide-network-policy] [--enable-cloud-logging]
[--enable-cloud-monitoring] [--enable-cloud-run-alpha]
[--enable-confidential-nodes] [--enable-confidential-storage]
[--enable-cost-allocation] [--enable-dataplane-v2] [--enable-fleet]
[--enable-fqdn-network-policy] [--enable-google-cloud-access]
[--enable-gvnic] [--enable-identity-service] [--enable-image-streaming]
[--enable-cost-allocation] [--enable-dataplane-v2]
[--enable-dns-access] [--enable-fleet] [--enable-fqdn-network-policy]
[--enable-google-cloud-access] [--enable-gvnic]
[--enable-identity-service] [--enable-image-streaming]
[--enable-insecure-kubelet-readonly-port]
[--enable-intra-node-visibility] [--enable-ip-alias]
[--enable-kubernetes-alpha]
[--enable-intra-node-visibility] [--enable-ip-access]
[--enable-ip-alias] [--enable-kubernetes-alpha]
[--enable-kubernetes-unstable-apis=API,[API,...]]
[--enable-l4-ilb-subsetting] [--enable-legacy-authorization]
[--enable-managed-prometheus] [--enable-master-global-access]
@ -428,6 +431,10 @@ FLAGS
DISK_TYPE must be one of: pd-standard, pd-ssd, pd-balanced,
hyperdisk-balanced, hyperdisk-extreme, hyperdisk-throughput.
--enable-authorized-networks-on-private-endpoint
Enable enforcement of --master-authorized-networks CIDR ranges for
traffic reaching cluster's control plane via private IP.
--enable-autorepair
Enable node autorepair feature for a cluster's default node pool(s).
@ -508,6 +515,11 @@ FLAGS
Enables the new eBPF dataplane for GKE clusters that is required for
network security, scalability and visibility features.
--enable-dns-access
Enable access to the cluster's control plane over DNS-based endpoint.
DNS-based control plane access is recommended.
--enable-fleet
Set cluster project as the fleet host project. This will register the
cluster to the same project. To register the cluster to a fleet in a
@ -556,6 +568,10 @@ FLAGS
Enabling it on an existing cluster causes the cluster master and the
cluster nodes to restart, which might cause a disruption.
--enable-ip-access
Enable access to the cluster's control plane over private IP and public
IP if --enable-private-endpoint is not enabled.
--enable-ip-alias
Enable use of alias IPs
(https://cloud.google.com/compute/docs/alias-ip/) for Pod IPs. This

View file

@ -15,9 +15,10 @@ SYNOPSIS
[--containerd-config-from-file=PATH_TO_FILE]
[--create-subnetwork=[KEY=VALUE,...]]
[--database-encryption-key=DATABASE_ENCRYPTION_KEY]
[--enable-authorized-networks-on-private-endpoint]
[--enable-backup-restore] [--enable-cilium-clusterwide-network-policy]
[--enable-fleet] [--enable-google-cloud-access]
[--enable-kubernetes-unstable-apis=API,[API,...]]
[--enable-dns-access] [--enable-fleet] [--enable-google-cloud-access]
[--enable-ip-access] [--enable-kubernetes-unstable-apis=API,[API,...]]
[--enable-master-global-access] [--enable-ray-cluster-logging]
[--enable-ray-cluster-monitoring] [--enable-ray-operator]
[--enable-secret-manager] [--fleet-project=PROJECT_ID_OR_NUMBER]
@ -223,6 +224,10 @@ FLAGS
For more information, see
https://cloud.google.com/kubernetes-engine/docs/how-to/encrypting-secrets.
--enable-authorized-networks-on-private-endpoint
Enable enforcement of --master-authorized-networks CIDR ranges for
traffic reaching cluster's control plane via private IP.
--enable-backup-restore
Enable the Backup for GKE add-on. This add-on is disabled by default.
To learn more, see the Backup for GKE overview:
@ -232,6 +237,11 @@ FLAGS
Enable Cilium Clusterwide Network Policies on the cluster. Disabled by
default.
--enable-dns-access
Enable access to the cluster's control plane over DNS-based endpoint.
DNS-based control plane access is recommended.
--enable-fleet
Set cluster project as the fleet host project. This will register the
cluster to the same project. To register the cluster to a fleet in a
@ -243,6 +253,10 @@ FLAGS
Google Cloud can reach the public control plane endpoint of your
cluster.
--enable-ip-access
Enable access to the cluster's control plane over private IP and public
IP if --enable-private-endpoint is not enabled.
--enable-kubernetes-unstable-apis=API,[API,...]
Enable Kubernetes beta API features on this cluster. Beta APIs are not
expected to be production ready and should be avoided in

View file

@ -3,7 +3,8 @@ NAME
cluster
SYNOPSIS
gcloud container clusters get-credentials NAME [--internal-ip]
gcloud container clusters get-credentials NAME [--dns-endpoint]
[--internal-ip]
[--location=LOCATION | --region=REGION | --zone=ZONE, -z ZONE]
[GCLOUD_WIDE_FLAG ...]
@ -49,6 +50,9 @@ POSITIONAL ARGUMENTS
container/cluster property value for this command invocation.
FLAGS
--dns-endpoint
Whether to use the DNS-based endpoint for the cluster address.
--internal-ip
Whether to use the internal IP address of the cluster endpoint.

View file

@ -15,15 +15,13 @@ SYNOPSIS
| --disable-workload-identity | --enable-autoscaling
| --[no-]enable-cilium-clusterwide-network-policy
| --enable-cost-allocation | --enable-fleet
| --enable-fqdn-network-policy | --enable-google-cloud-access
| --enable-identity-service | --enable-image-streaming
| --enable-insecure-kubelet-readonly-port
| --enable-fqdn-network-policy | --enable-identity-service
| --enable-image-streaming | --enable-insecure-kubelet-readonly-port
| --enable-intra-node-visibility
| --enable-kubernetes-unstable-apis=API,[API,...]
| --enable-l4-ilb-subsetting | --enable-legacy-authorization
| --enable-master-authorized-networks | --enable-master-global-access
| --enable-multi-networking | --enable-network-policy
| --enable-private-endpoint | --[no-]enable-ray-cluster-logging
| --enable-private-nodes | --[no-]enable-ray-cluster-logging
| --[no-]enable-ray-cluster-monitoring | --enable-secret-manager
| --enable-service-externalips | --enable-shielded-nodes
| --enable-stackdriver-kubernetes | --enable-vertical-pod-autoscaling
@ -70,6 +68,11 @@ SYNOPSIS
| --disable-dataplane-v2-flow-observability
| --enable-dataplane-v2-flow-observability
--disable-dataplane-v2-metrics | --enable-dataplane-v2-metrics
| --enable-authorized-networks-on-private-endpoint
--enable-dns-access --enable-google-cloud-access --enable-ip-access
--enable-master-global-access --enable-private-endpoint
--enable-master-authorized-networks
--master-authorized-networks=NETWORK,[NETWORK,...]
| [--enable-autoprovisioning
: --autoprovisioning-config-file=PATH_TO_FILE
| --autoprovisioning-image-type=AUTOPROVISIONING_IMAGE_TYPE
@ -94,7 +97,6 @@ SYNOPSIS
| --password=PASSWORD --enable-basic-auth
| --username=USERNAME, -u USERNAME) [--async]
[--cloud-run-config=[load-balancer-type=EXTERNAL,...]]
[--master-authorized-networks=NETWORK,[NETWORK,...]]
[--node-pool=NODE_POOL]
[--location=LOCATION | --region=REGION | --zone=ZONE, -z ZONE]
[--location-policy=LOCATION_POLICY --max-nodes=MAX_NODES
@ -297,11 +299,6 @@ REQUIRED FLAGS
Enable FQDN Network Policies on the cluster. FQDN Network Policies
are disabled by default.
--enable-google-cloud-access
When you enable Google Cloud Access, any public IP addresses owned by
Google Cloud can reach the public control plane endpoint of your
cluster.
--enable-identity-service
Enable Identity Service component on the cluster.
@ -347,26 +344,6 @@ REQUIRED FLAGS
use RBAC permissions instead, create or update your cluster with the
option --no-enable-legacy-authorization.
--enable-master-authorized-networks
Allow only specified set of CIDR blocks (specified by the
--master-authorized-networks flag) to connect to Kubernetes master
through HTTPS. Besides these blocks, the following have access as
well:
1) The private network the cluster connects to if
`--enable-private-nodes` is specified.
2) Google Compute Engine Public IPs if `--enable-private-nodes` is not
specified.
Use --no-enable-master-authorized-networks to disable. When disabled,
public internet (0.0.0.0/0) is allowed to connect to Kubernetes
master through HTTPS.
--enable-master-global-access
Use with private clusters to allow access to the master's private
endpoint from any Google Cloud region or on-premises environment
regardless of the private cluster's region.
--enable-multi-networking
Enables multi-networking on the cluster. Multi-networking is disabled
by default.
@ -377,9 +354,20 @@ REQUIRED FLAGS
addon must first be enabled on the master by using
--update-addons=NetworkPolicy=ENABLED flag.
--enable-private-endpoint
Enables cluster's control plane to be accessible using private IP
address only.
--enable-private-nodes
Standard cluster: Enable private nodes as a default behavior for all
newly created node pools, if --enable-private-nodes is not provided
at node pool creation time.
Modifications to this flag do not affect `--enable-private-nodes` state of the
existing node pools.
Autopilot cluster: Force new and existing workloads, without explicit
cloud.google.com/private-node=true node selector, to run on nodes
with no public IP address.
Modifications to this flag trigger a re-schedule operation on all existng
workloads to run on different node VMs.
--[no-]enable-ray-cluster-logging
Enable automatic log processing sidecar for Ray clusters. Use
@ -1043,6 +1031,57 @@ REQUIRED FLAGS
--enable-dataplane-v2-metrics
Exposes advanced datapath flow metrics on node port.
--enable-authorized-networks-on-private-endpoint
Enable enforcement of --master-authorized-networks CIDR ranges for
traffic reaching cluster's control plane via private IP.
--enable-dns-access
Enable access to the cluster's control plane over DNS-based endpoint.
DNS-based control plane access is recommended.
--enable-google-cloud-access
When you enable Google Cloud Access, any public IP addresses owned by
Google Cloud can reach the public control plane endpoint of your
cluster.
--enable-ip-access
Enable access to the cluster's control plane over private IP and
public IP if --enable-private-endpoint is not enabled.
--enable-master-global-access
Use with private clusters to allow access to the master's private
endpoint from any Google Cloud region or on-premises environment
regardless of the private cluster's region.
--enable-private-endpoint
Enables cluster's control plane to be accessible using private IP
address only.
Master Authorized Networks
--enable-master-authorized-networks
Allow only specified set of CIDR blocks (specified by the
--master-authorized-networks flag) to connect to Kubernetes master
through HTTPS. Besides these blocks, the following have access as
well:
1) The private network the cluster connects to if
`--enable-private-nodes` is specified.
2) Google Compute Engine Public IPs if `--enable-private-nodes` is not
specified.
Use --no-enable-master-authorized-networks to disable. When
disabled, public internet (0.0.0.0/0) is allowed to connect to
Kubernetes master through HTTPS.
--master-authorized-networks=NETWORK,[NETWORK,...]
The list of CIDR blocks (up to 100 for private cluster, 50 for
public cluster) that are allowed to connect to Kubernetes master
through HTTPS. Specified in CIDR notation (e.g. 1.2.3.4/30). Cannot
be specified unless --enable-master-authorized-networks is also
specified.
Node autoprovisioning
--enable-autoprovisioning
@ -1360,12 +1399,6 @@ OPTIONAL FLAGS
$ gcloud container clusters update example-cluster \
--cloud-run-config=load-balancer-type=INTERNAL
--master-authorized-networks=NETWORK,[NETWORK,...]
The list of CIDR blocks (up to 100 for private cluster, 50 for public
cluster) that are allowed to connect to Kubernetes master through
HTTPS. Specified in CIDR notation (e.g. 1.2.3.4/30). Cannot be
specified unless --enable-master-authorized-networks is also specified.
--node-pool=NODE_POOL
Node pool to be updated.