gcloud_alpha_container_clusters

gcloud_alpha_container_clusters_create (1)

NAME

: gcloud alpha container clusters create - create a cluster for running containers

SYNOPSIS

gcloud alpha container clusters create NAME [--accelerator=[type=TYPE,[count=COUNT],...]] [--addons=[ADDON,...]] [--allow-route-overlap] [--async] [--cluster-ipv4-cidr=CLUSTER_IPV4_CIDR] [--cluster-secondary-range-name=NAME] [--cluster-version=CLUSTER_VERSION] [--create-subnetwork=[KEY=VALUE,...]] [--default-max-pods-per-node=DEFAULT_MAX_PODS_PER_NODE] [--disk-size=DISK_SIZE] [--disk-type=DISK_TYPE] [--enable-autorepair] [--enable-autoupgrade] [--enable-binauthz] [--no-enable-cloud-logging] [--no-enable-cloud-monitoring] [--enable-ip-alias] [--enable-kubernetes-alpha] [--enable-legacy-authorization] [--enable-network-policy] [--enable-pod-security-policy] [--enable-stackdriver-kubernetes] [--enable-vertical-pod-autoscaling] [--image-type=IMAGE_TYPE] [--issue-client-certificate] [--istio-config=[auth=MTLS_PERMISSIVE,...]] [--labels=[KEY=VALUE,...]] [--machine-type=MACHINE_TYPE, -m MACHINE_TYPE] [--maintenance-window=MAINTENANCE_WINDOW] [--max-nodes-per-pool=MAX_NODES_PER_POOL] [--metadata=KEY=VALUE,[KEY=VALUE,...]] [--metadata-from-file=KEY=LOCAL_FILE_PATH,[...]] [--min-cpu-platform=PLATFORM] [--network=NETWORK] [--node-labels=[NODE_LABEL,...]] [--node-pool-name=NODE_POOL_NAME] [--node-taints=[NODE_TAINT,...]] [--node-version=NODE_VERSION] [--num-nodes=NUM_NODES; default=3] [--preemptible] [--services-ipv4-cidr=CIDR] [--services-secondary-range-name=NAME] [--subnetwork=SUBNETWORK] [--tags=TAG,[TAG,...]] [--workload-metadata-from-node=WORKLOAD_METADATA_FROM_NODE] [--additional-zones=ZONE,[ZONE,...] | --node-locations=ZONE,[ZONE,...]] [--database-encryption-key=DATABASE_ENCRYPTION_KEY : --database-encryption-key-keyring=DATABASE_ENCRYPTION_KEY_KEYRING --database-encryption-key-location=DATABASE_ENCRYPTION_KEY_LOCATION --database-encryption-key-project=DATABASE_ENCRYPTION_KEY_PROJECT] [[--enable-autoprovisioning : --autoprovisioning-config-file=AUTOPROVISIONING_CONFIG_FILE | [--max-cpu=MAX_CPU --max-memory=MAX_MEMORY : --min-cpu=MIN_CPU --min-memory=MIN_MEMORY [--max-accelerator=[type=TYPE,count=COUNT,...] : --min-accelerator=[type=TYPE,count=COUNT,...]]]]] [--enable-autoscaling --max-nodes=MAX_NODES --min-nodes=MIN_NODES] [--enable-master-authorized-networks --master-authorized-networks=NETWORK,[NETWORK,...]] [--enable-network-egress-metering --resource-usage-bigquery-dataset=RESOURCE_USAGE_BIGQUERY_DATASET] [--enable-private-endpoint --enable-private-nodes --master-ipv4-cidr=MASTER_IPV4_CIDR --private-cluster] [--enable-tpu --enable-tpu-service-networking | --tpu-ipv4-cidr=CIDR] [--local-ssd-count=LOCAL_SSD_COUNT | --local-ssd-volumes=[[count=COUNT],[type=TYPE],[format=FORMAT],...]] [--password=PASSWORD --enable-basic-auth | --username=USERNAME, -u USERNAME] [--region=REGION | --zone=ZONE, -z ZONE] [--security-profile=SECURITY_PROFILE --no-security-profile-runtime-rules] [--service-account=SERVICE_ACCOUNT | --no-enable-cloud-endpoints --scopes=[SCOPE,...]; default="gke-default"] [GCLOUD_WIDE_FLAG ...]

DESCRIPTION

(ALPHA) Create a cluster for running containers.

POSITIONAL ARGUMENTS

NAME: The name of the cluster to create.
The name may contain only lowercase alphanumerics and '-', must start with a letter and end with an alphanumeric, and must be no longer than 40 characters.

FLAGS

--accelerator=[type=TYPE,[count=COUNT],...]

Attaches accelerators (e.g. GPUs) to all nodes.

type: (Required) The specific type (e.g. nvidia-tesla-k80 for nVidia Tesla K80) of accelerator to attach to the instances. Use gcloud compute accelerator-types list to learn about all available accelerator types.
count: (Optional) The number of accelerators to attach to the instances. The default value is 1.

--addons=[ADDON,...]

Default set of addons includes HttpLoadBalancing, HorizontalPodAutoscaling. Addons (cloud.google.com/kubernetes-engine/reference/rest/v1/projects.zones.clusters#AddonsConfig are additional Kubernetes cluster components. Addons specified by this flag will be enabled. The others will be disabled. ADDON must be one of: HttpLoadBalancing, HorizontalPodAutoscaling, KubernetesDashboard, Istio, NetworkPolicy, CloudRun.

--allow-route-overlap

Allows the provided cluster CIDRs to overlap with existing routes that are less specific and do not terminate at a VM.
When enabled, --cluster-ipv4-cidr must be fully specified (e.g. 10.96.0.0/14 , but not /14). If --enable-ip-alias is also specified, both --cluster-ipv4-cidr and --services-ipv4-cidr must be fully specified.

--async

Don't wait for the operation to complete.

--cluster-ipv4-cidr=CLUSTER_IPV4_CIDR

The IP address range for the pods in this cluster in CIDR notation (e.g. 10.0.0.0/14). Prior to Kubernetes version 1.7.0 this must be a subset of 10.0.0.0/8; however, starting with version 1.7.0 can be any RFC 1918 IP range.

--cluster-secondary-range-name=NAME

Set the secondary range to be used as the source for pod IPs. Alias ranges will be allocated from this secondary range. NAME must be the name of an existing secondary range in the cluster subnetwork.
Must be used in conjunction with '--enable-ip-alias'. Cannot be used with --create-subnetwork.

--cluster-version=CLUSTER_VERSION

The Kubernetes version to use for the master and nodes. Defaults to server-specified.
The default Kubernetes version is available using the following command.

: $ gcloud container get-server-config

--create-subnetwork=[KEY=VALUE,...]

Create a new subnetwork for the cluster. The name and range of the subnetwork can be customized via optional 'name' and 'range' key-value pairs.
'name' specifies the name of the subnetwork to be created.
'range' specifies the IP range for the new subnetwork. This can either be a netmask size (e.g. '/20') or a CIDR range (e.g. '10.0.0.0/20'). If a netmask size is specified, the IP is automatically taken from the free space in the cluster's network.
Examples:
Create a new subnetwork with a default name and size.

: $ gcloud alpha container clusters create --create-subnetwork ""

Create a new subnetwork named "my-subnet" with netmask of size 21.

: $ gcloud alpha container clusters create \ --create-subnetwork name=my-subnet,range=/21

Create a new subnetwork with a default name with the primary range of 10.100.0.0/16.

: $ gcloud alpha container clusters create \ --create-subnetwork range=10.100.0.0/16

Create a new subnetwork with the name "my-subnet" with a default range.

: $ gcloud alpha container clusters create \ --create-subnetwork name=my-subnet

Can not be specified unless '--enable-ip-alias' is also specified. Can not be used in conjunction with the '--subnetwork' option.

--default-max-pods-per-node=DEFAULT_MAX_PODS_PER_NODE

The default max number of pods per node for node pools in the cluster.
This flag sets the default max-pods-per-node for node pools in the cluster. If --max-pods-per-node is not specified explicitly for a node pool, this flag value will be used.
Must be used in conjunction with '--enable-ip-alias'.

--disk-size=DISK_SIZE

Size for node VM boot disks. Defaults to 100GB.

--disk-type=DISK_TYPE

Type of the node VM boot disk. Defaults to pd-standard. DISK_TYPE must be one of: pd-standard, pd-ssd.

--enable-autorepair

Enable node autorepair feature for a cluster's default node-pool(s).

: $ gcloud alpha container clusters create example-cluster \
--enable-autorepair

Node autorepair is enabled by default for clusters using COS as a base image, use --no-enable-autorepair to disable.
See cloud.google.com/kubernetes-engine/docs/how-to/node-auto-repair for more info.

--enable-autoupgrade

Sets autoupgrade feature for a cluster's default node-pool(s).

: $ gcloud alpha container clusters create example-cluster \
--enable-autoupgrade

See cloud.google.com/kubernetes-engine/docs/node-management for more info.

--enable-binauthz

Enable Binary Authorization for this cluster.

--enable-cloud-logging

Automatically send logs from the cluster to the Google Cloud Logging API. Enabled by default, use --no-enable-cloud-logging to disable.

--enable-cloud-monitoring

Automatically send metrics from pods in the cluster to the Google Cloud Monitoring API. VM metrics will be collected by Google Compute Engine regardless of this setting. Enabled by default, use --no-enable-cloud-monitoring to disable.

--enable-ip-alias

Enable use of alias IPs (cloud.google.com/compute/docs/alias-ip for pod IPs. This will create two secondary ranges, one for the pod IPs and another to reserve space for the services range.

--enable-kubernetes-alpha

Enable Kubernetes alpha features on this cluster. Selecting this option will result in the cluster having all Kubernetes alpha API groups and features turned on. Cluster upgrades (both manual and automatic) will be disabled and the cluster will be automatically deleted after 30 days.
Alpha clusters are not covered by the Kubernetes Engine SLA and should not be used for production workloads.

--enable-legacy-authorization

Enables the legacy ABAC authentication for the cluster. User rights are granted through the use of policies which combine attributes together. For a detailed look at these properties and related formats, see kubernetes.io/docs/admin/authorization/abac To use RBAC permissions instead, create or update your cluster with the option --no-enable-legacy-authorization.

--enable-network-policy

Enable network policy enforcement for this cluster. If you are enabling network policy on an existing cluster the network policy addon must first be enabled on the master by using --update-addons=NetworkPolicy=ENABLED flag.

--enable-pod-security-policy

Enables the pod security policy admission controller for the cluster. The pod security policy admission controller adds fine-grained pod create and update authorization controls through the PodSecurityPolicy API objects. For more information, see cloud.google.com/kubernetes-engine/docs/how-to/pod-security-policies

--enable-stackdriver-kubernetes

Enable Stackdriver Kubernetes monitoring and logging.

--enable-vertical-pod-autoscaling

Enables vertical pod autoscaling for a cluster.

--image-type=IMAGE_TYPE

The image type to use for the cluster. Defaults to server-specified.
Image Type specifies the base OS that the nodes in the cluster will run on. If an image type is specified, that will be assigned to the cluster and all future upgrades will use the specified image type. If it is not specified the server will pick the default image type.
The default image type and the list of valid image types are available using the following command.

: $ gcloud container get-server-config

--issue-client-certificate

Issue a TLS client certificate with admin permissions.
When enabled, the certificate and private key pair will be present in MasterAuth field of the Cluster object. For cluster versions before 1.12, a client certificate will be issued by default. As of 1.12, client certificates are disabled by default.

--istio-config=[auth=MTLS_PERMISSIVE,...]

Configurations for Istio addon, requires --addons contains Istio for create, or --update-addons Istio=ENABLED for update.

auth

Optional Type of auth MTLS_PERMISSIVE or MTLS_STRICT Example:

: $ gcloud alpha container clusters create example-cluster \
--istio-config=auth=MTLS_PERMISSIVE

--labels=[KEY=VALUE,...]

Labels to apply to the Google Cloud resources in use by the Kubernetes Engine cluster. These are unrelated to Kubernetes labels. Example:

: $ gcloud alpha container clusters create example-cluster \
--labels=label_a=value1,label_b=,label_c=value3

--machine-type=MACHINE_TYPE, -m MACHINE_TYPE

The type of machine to use for nodes. Defaults to n1-standard-1. The list of predefined machine types is available using the following command:

: $ gcloud compute machine-types list

You can also specify custom machine types with the string "custom-CPUS-RAM" where CPUS is the number of virtual CPUs and RAM is the amount of RAM in MiB.
For example, to create a node pool using custom machines with 2 vCPUs and 12 GB of RAM:

: $ gcloud alpha container clusters create high-mem-pool \
--machine-type=custom-2-12288

--maintenance-window=MAINTENANCE_WINDOW

Set a time of day when you prefer maintenance to start on this cluster. For example:

: $ gcloud alpha container clusters create example-cluster \
--maintenance-window=12:43

The time corresponds to the UTC time zone, and must be in HH:MM format.

--max-nodes-per-pool=MAX_NODES_PER_POOL

The maximum number of nodes to allocate per default initial node pool. Kubernetes Engine will automatically create enough nodes pools such that each node pool contains less than --max-nodes-per-pool nodes. Defaults to 1000 nodes, but can be set as low as 100 nodes per pool on initial create.

--metadata=KEY=VALUE,[KEY=VALUE,...]

Compute Engine metadata to be made available to the guest operating system running on nodes within the node pool.
Each metadata entry is a key/value pair separated by an equals sign. Metadata keys must be unique and less than 128 bytes in length. Values must be less than or equal to 32,768 bytes in length. The total size of all keys and values must be less than 512 KB. Multiple arguments can be passed to this flag. For example:
--metadata key-1=value-1,key-2=value-2,key-3=value-3
Additionally, the following keys are reserved for use by Kubernetes Engine:

---: cluster-location
---: cluster-name
---: cluster-uid
---: configure-sh
---: enable-os-login
---: gci-update-strategy
---: gci-ensure-gke-docker
---: instance-template
---: kube-env
---: startup-script
---: user-data

See also Compute Engine's documentation (cloud.google.com/compute/docs/storing-retrieving-metadata on storing and retrieving instance metadata.

--metadata-from-file=KEY=LOCAL_FILE_PATH,[...]

Same as --metadata except that the value for the entry will be read from a local file.

--min-cpu-platform=PLATFORM

When specified, the nodes for the new cluster's default node pool will be scheduled on host with specified CPU architecture or a newer one.
Examples:

: $ gcloud alpha container clusters create example-cluster \
--min-cpu-platform=PLATFORM

To list available CPU platforms in given zone, run:

: $ gcloud beta compute zones describe ZONE \
--format="value(availableCpuPlatforms)"

CPU platform selection is available only in selected zones.

--network=NETWORK

The Compute Engine Network that the cluster will connect to. Google Kubernetes Engine will use this network when creating routes and firewalls for the clusters. Defaults to the 'default' network.

--node-labels=[NODE_LABEL,...]

Applies the given kubernetes labels on all nodes in the new node-pool. Example:

: $ gcloud alpha container clusters create example-cluster \
--node-labels=label-a=value1,label-2=value2

New nodes, including ones created by resize or recreate, will have these labels on the kubernetes API node object and can be used in nodeSelectors. See kubernetes.io/docs/user-guide/node-selection for examples.
Note that kubernetes labels, intended to associate cluster components and resources with one another and manage resource lifecycles, are different from Kubernetes Engine labels that are used for the purpose of tracking billing and usage information.

--node-pool-name=NODE_POOL_NAME

Name of the initial node pool that will be created for the cluster.
Specifies the name to use for the initial node pool that will be created with the cluster. If the settings specified require multiple node pools to be created, the name for each pool will be prefixed by this name. For example running the following will result in three node pools being created, example-node-pool-0, example-node-pool-1 and example-node-pool-2:

: $ gcloud alpha container clusters create example-cluster \
--num-nodes 9 --max-nodes-per-pool 3 \
--node-pool-name example-node-pool

--node-taints=[NODE_TAINT,...]

Applies the given kubernetes taints on all nodes in default node-pool(s) in new cluster, which can be used with tolerations for pod scheduling. Example:

: $ gcloud alpha container clusters create example-cluster \
--node-taints=key1=val1:NoSchedule,key2=val2:PreferNoSchedule

Note, this feature uses gcloud beta commands. To use gcloud beta commands, you must configure gcloud to use the v1beta1 API as described here: cloud.google.com/kubernetes-engine/docs/reference/api-organization#beta To read more about node-taints, see cloud.google.com/kubernetes-engine/docs/node-taints

--node-version=NODE_VERSION

The Kubernetes version to use for nodes. Defaults to server-specified.
The default Kubernetes version is available using the following command.

: $ gcloud container get-server-config

--num-nodes=NUM_NODES; default=3

The number of nodes to be created in each of the cluster's zones.

--preemptible

Create nodes using preemptible VM instances in the new cluster.

: $ gcloud alpha container clusters create example-cluster \
--preemptible

New nodes, including ones created by resize or recreate, will use preemptible VM instances. See cloud.google.com/kubernetes-engine/docs/preemptible-vm for more information on how to use Preemptible VMs with Kubernetes Engine.

--services-ipv4-cidr=CIDR

Set the IP range for the services IPs.
Can be specified as a netmask size (e.g. '/20') or as in CIDR notion (e.g. '10.100.0.0/20'). If given as a netmask size, the IP range will be chosen automatically from the available space in the network.
If unspecified, the services CIDR range will be chosen with a default mask size.
Can not be specified unless '--enable-ip-alias' is also specified.

--services-secondary-range-name=NAME

Set the secondary range to be used for services (e.g. ClusterIPs). NAME must be the name of an existing secondary range in the cluster subnetwork.
Must be used in conjunction with '--enable-ip-alias'. Cannot be used with --create-subnetwork.

--subnetwork=SUBNETWORK

The Google Compute Engine subnetwork (cloud.google.com/compute/docs/subnetworks to which the cluster is connected. The subnetwork must belong to the network specified by --network.
Cannot be used with the "--create-subnetwork" option.

--tags=TAG,[TAG,...]

Applies the given Compute Engine tags (comma separated) on all nodes in the new node-pool. Example:

: $ gcloud alpha container clusters create example-cluster \
--tags=tag1,tag2

New nodes, including ones created by resize or recreate, will have these tags on the Compute Engine API instance object and can be used in firewall rules. See cloud.google.com/sdk/gcloud/reference/compute/firewall-rules/create for examples.

--workload-metadata-from-node=WORKLOAD_METADATA_FROM_NODE

Sets the node metadata option for workload metadata configuration. This feature is scheduled to be deprecated in the future and later removed. WORKLOAD_METADATA_FROM_NODE must be one of:

EXPOSED: Exposes all VM metadata to workloads.
SECURE: Prevents workloads not in hostNetwork from accessing certain VM metadata, specifically kube-env, which contains Kubelet credentials, and the instance identity token. This is a temporary security solution available while the bootstrapping process for cluster nodes is being redesigned with significant security improvements.
UNSPECIFIED: Chooses the default.

At most one of these may be specified:

--additional-zones=ZONE,[ZONE,...]

(DEPRECATED) The set of additional zones in which the specified node footprint should be replicated. All zones must be in the same region as the cluster's primary zone. If additional-zones is not specified, all nodes will be in the cluster's primary zone.
Note that NUM_NODES nodes will be created in each zone, such that if you specify --num-nodes=4 and choose one additional zone, 8 nodes will be created.
Multiple locations can be specified, separated by commas. For example:

: $ gcloud alpha container clusters create example-cluster \
--zone us-central1-a \
--additional-zones us-central1-b,us-central1-c

This flag is deprecated. Use --node-locations=PRIMARY_ZONE,[ZONE,...] instead.

--node-locations=ZONE,[ZONE,...]

The set of zones in which the specified node footprint should be replicated. All zones must be in the same region as the cluster's master(s), specified by the --zone or --region flag. Additionally, for zonal clusters, --node-locations must contain the cluster's primary zone. If not specified, all nodes will be in the cluster's primary zone (for zonal clusters) or spread across three randomly chosen zones within the cluster's region (for regional clusters).
Note that NUM_NODES nodes will be created in each zone, such that if you specify --num-nodes=4 and choose two locations, 8 nodes will be created.
Multiple locations can be specified, separated by commas. For example:

: $ gcloud alpha container clusters create example-cluster \
--zone us-central1-a \
--node-locations us-central1-a,us-central1-b

Key resource - The Cloud KMS (Key Management Service) cryptokey that will be used to protect the cluster. The 'Compute Engine Service Agent' service account must hold permission 'Cloud KMS CryptoKey Encrypter/Decrypter'. The arguments in this group can be used to specify the attributes of this resource.

--database-encryption-key=DATABASE_ENCRYPTION_KEY: ID of the key or fully qualified identifier for the key. This flag must be specified if any of the other arguments in this group are specified.
--database-encryption-key-keyring=DATABASE_ENCRYPTION_KEY_KEYRING: The KMS keyring of the key.
--database-encryption-key-location=DATABASE_ENCRYPTION_KEY_LOCATION: The Cloud location for the key.
--database-encryption-key-project=DATABASE_ENCRYPTION_KEY_PROJECT: The Cloud project for the key.

Node autoprovisioning

--enable-autoprovisioning

Enables node autoprovisioning for a cluster.
Cluster Autoscaler will be able to create new node pools. Requires maximum CPU and memory limits to be specified. This flag must be specified if any of the other arguments in this group are specified.

At most one of these may be specified:

--autoprovisioning-config-file=AUTOPROVISIONING_CONFIG_FILE

Path of the JSON/YAML file which contains information about the cluster's autoscaling configuration. Currently it only contains a list of resource limits of the cluster.
Each resource limits definition contains three fields: resourceType, maximum and minimum. Resource type can be "cpu", "memory" or an accelerator (e.g. "nvidia-tesla-k80" for nVidia Tesla K80). Use gcloud compute accelerator-types list to learn about available accelerator types. Maximum is the maximum allowed amount with the unit of the resource. Minimum is the minimum allowed amount with the unit of the resource.

Flags to configure resource limits:

--max-cpu=MAX_CPU

Maximum number of cores in the cluster.
Maximum number of cores to which the cluster can scale. This flag must be specified if any of the other arguments in this group are specified.

--max-memory=MAX_MEMORY

Maximum memory in the cluster.
Maximum number of gigabytes of memory to which the cluster can scale. This flag must be specified if any of the other arguments in this group are specified.

--min-cpu=MIN_CPU

Minimum number of cores in the cluster.
Minimum number of cores to which the cluster can scale.

--min-memory=MIN_MEMORY

Minimum memory in the cluster.
Minimum number of gigabytes of memory to which the cluster can scale.

Arguments to set limits on accelerators:

--max-accelerator=[type=TYPE,count=COUNT,...]: Sets maximum limit for a single type of accelerators (e.g. GPUs) in cluster.

type

(Required) The specific type (e.g. nvidia-tesla-k80 for nVidia Tesla K80) of accelerator for which the limit is set. Use gcloud compute accelerator-types list to learn about all available accelerator types.

count

(Required) The maximum number of accelerators to which the cluster can be scaled. This flag must be specified if any of the other arguments in this group are specified.

--min-accelerator=[type=TYPE,count=COUNT,...]: Sets minimum limit for a single type of accelerators (e.g. GPUs) in cluster. Defaults to 0 for all accelerator types if it isn't set.

type

count

(Required) The minimum number of accelerators to which the cluster can be scaled.

Cluster autoscaling

--enable-autoscaling: Enables autoscaling for a node pool.
Enables autoscaling in the node pool specified by --node-pool or the default node pool if --node-pool is not provided.
--max-nodes=MAX_NODES: Maximum number of nodes in the node pool.
Maximum number of nodes to which the node pool specified by --node-pool (or default node pool if unspecified) can scale. Ignored unless --enable-autoscaling is also specified.
--min-nodes=MIN_NODES: Minimum number of nodes in the node pool.
Minimum number of nodes to which the node pool specified by --node-pool (or default node pool if unspecified) can scale. Ignored unless --enable-autoscaling is also specified.

Master Authorized Networks

--enable-master-authorized-networks

Allow only specified set of CIDR blocks (specified by the --master-authorized-networks flag) to connect to Kubernetes master through HTTPS. Besides these blocks, the following have access as well:

: 1) The private network the cluster connects to if `--enable-private-nodes` is specified. 2) Google Compute Engine Public IPs if `--enable-private-nodes` is not specified.

Use --no-enable-master-authorized-networks to disable. When disabled, public internet (0.0.0.0/0) is allowed to connect to Kubernetes master through HTTPS.

--master-authorized-networks=NETWORK,[NETWORK,...]

The list of CIDR blocks (up to 20) that are allowed to connect to Kubernetes master through HTTPS. Specified in CIDR notation (e.g. 1.2.3.4/30). Can not be specified unless --enable-master-authorized-networks is also specified.

Exports cluster's usage of cloud resources

--enable-network-egress-metering

Enable network egress metering on this cluster.
When enabled, a DaemonSet is deployed into the cluster. Each DaemonSet pod meters network egress traffic by collecting data from the conntrack table, and exports the metered metrics to the specified destination.
Network egress metering is disabled if this flag is omitted, or when --no-enable-network-egress-metering is set.

--resource-usage-bigquery-dataset=RESOURCE_USAGE_BIGQUERY_DATASET

The name of the BigQuery dataset to which the cluster's usage of cloud resources is exported. A table will be created in the specified dataset to store cluster resource usage. The resulting table can be joined with BigQuery Billing Export to produce a fine-grained cost breakdown.
Example:

: $ gcloud alpha container clusters create example-cluster \
--resource-usage-bigquery-dataset=example_bigquery_dataset_name

Private Clusters

--enable-private-endpoint: Cluster is managed using the private IP address of the master API endpoint.
--enable-private-nodes: Cluster is created with no public IP addresses on the cluster nodes.
--master-ipv4-cidr=MASTER_IPV4_CIDR: IPv4 CIDR range to use for the master network. This should have a netmask of size /28 and should be used in conjunction with the --enable-private-nodes flag.
--private-cluster: (DEPRECATED) Cluster is created with no public IP addresses on the cluster nodes.
The --private-cluster flag is deprecated and will be removed in a future release. Use --enable-private-nodes instead.

Flags relating to Cloud TPUs:

--enable-tpu

Enable Cloud TPUs for this cluster.
Can not be specified unless --enable-kubernetes-alpha and --enable-ip-alias are also specified.

At most one of these may be specified:

--enable-tpu-service-networking: Enable Cloud TPU's Service Networking mode. In this mode, the CIDR blocks used by the Cloud TPUs will be allocated and managed by Service Networking, instead of Kubernetes Engine.
This cannot be specified if tpu-ipv4-cidr is specified.
--tpu-ipv4-cidr=CIDR: Set the IP range for the Cloud TPUs.
Can be specified as a netmask size (e.g. '/20') or as in CIDR notion (e.g. '10.100.0.0/20'). If given as a netmask size, the IP range will be chosen automatically from the available space in the network.
If unspecified, the TPU CIDR range will use automatic default '/20'.
Can not be specified unless '--enable-tpu' and '--enable-ip-alias' are also specified.

At most one of these may be specified:

--local-ssd-count=LOCAL_SSD_COUNT

--local-ssd-volumes enables the ability to request local SSD with variable count, interfaces, and format
--local-ssd-count is the equivalent of using --local-ssd-volumes with type=scsi,format=fs
The number of local SSD disks to provision on each node.
Local SSDs have a fixed 375 GB capacity per device. The number of disks that can be attached to an instance is limited by the maximum number of disks available on a machine, which differs by compute zone. See cloud.google.com/compute/docs/disks/local-ssd for more information.

--local-ssd-volumes=[[count=COUNT],[type=TYPE],[format=FORMAT],...]

: $ gcloud alpha container clusters create example_cluster \
--local-ssd-volumes count=2,type=nvme,format=fs

'count' must be between 1-8
'type' must be either scsi or nvme
'format' must be either fs or block
New nodes, including ones created by resize or recreate, will have these local SSDs.
Local SSDs have a fixed 375 GB capacity per device. The number of disks that can be attached to an instance is limited by the maximum number of disks available on a machine, which differs by compute zone. See cloud.google.com/compute/docs/disks/local-ssd for more information.

Basic auth

--password=PASSWORD

The password to use for cluster auth. Defaults to a server-specified randomly-generated string.

Options to specify the username. At most one of these may be specified:

--enable-basic-auth: Enable basic (username/password) auth for the cluster. --enable-basic-auth is an alias for --username=admin; --no-enable-basic-auth is an alias for --username="". Use --password to specify a password; if not, the server will randomly generate one. For cluster versions before 1.12, if neither --enable-basic-auth nor --username is specified, --enable-basic-auth will default to true. After 1.12, --enable-basic-auth will default to false.
--username=USERNAME, -u USERNAME: The user name to use for basic auth for the cluster. Use --password to specify a password; if not, the server will randomly generate one.

At most one of these may be specified:

--region=REGION: Compute region (e.g. us-central1) for the cluster.
--zone=ZONE, -z ZONE: Compute zone (e.g. us-central1-a) for the cluster. Overrides the default compute/zone property value for this command invocation.

Flags for Security Profile:

--security-profile=SECURITY_PROFILE

Name and version of the security profile to be applied to the cluster.
Example:

: $ gcloud alpha container clusters create example-cluster \
--security-profile=default-1.0-gke.0

--security-profile-runtime-rules

Apply runtime rules in the specified security profile to the cluster. When enabled (by default), a security profile controller and webhook are deployed on the cluster to enforce the runtime rules. If --no-security-profile-runtime-rules is specified to disable this feature, only bootstrapping rules are applied, and no security profile controller or webhook are installed. Enabled by default, use --no-security-profile-runtime-rules to disable.

Options to specify the node identity. At most one of these may be specified:

--service-account=SERVICE_ACCOUNT

The Google Cloud Platform Service Account to be used by the node VMs. If a service account is specified, the cloud-platform and userinfo.email scopes are used. If no Service Account is specified, the project default service account is used.

Scopes options.

--enable-cloud-endpoints

(REMOVED) Automatically enable Google Cloud Endpoints to take advantage of API management features by adding service-control and service-management scopes.
If --no-enable-cloud-endpoints is set, remove service-control and service-management scopes, even if they are implicitly (via default) or explicitly set via --scopes.
--[no-]enable-cloud-endpoints is not allowed if container/new_scopes_behavior property is set to true.
Flag --[no-]enable-cloud-endpoints has been removed.
Enabled by default, use --no-enable-cloud-endpoints to disable.

--scopes=[SCOPE,...]; default="gke-default"

Specifies scopes for the node instances. Examples:

: $ gcloud alpha container clusters create example-cluster \
--scopes=www.googleapis.com/auth/devstorage.read_only

: $ gcloud alpha container clusters create example-cluster \
--scopes=bigquery,storage-rw,compute-ro

Multiple SCOPEs can be specified, separated by commas. logging-write and/or monitoring are added unless Cloud Logging and/or Cloud Monitoring are disabled (see --enable-cloud-logging and --enable-cloud-monitoring for more information).
Unless container/new_scopes_behavior property is true, compute-rw and storage-ro are always added, even if not explicitly specified, and --enable-cloud-endpoints (by default) adds service-control and service-management scopes.
If container/new_scopes_behavior property is true, none of the above scopes are added (though storage-ro, service-control, and service-management are all included in the default scopes. In a future release, this will be the default behavior.
SCOPE can be either the full URI of the scope or an alias. default scopes are assigned to all instances. Available aliases are:

Alias	URI
bigquery	www.googleapis.com/auth/bigquery
cloud-platform	www.googleapis.com/auth/cloud-platform
cloud-source-repos	www.googleapis.com/auth/source.full_control
cloud-source-repos-ro	www.googleapis.com/auth/source.read_only
compute-ro	www.googleapis.com/auth/compute.readonly
compute-rw	www.googleapis.com/auth/compute
datastore	www.googleapis.com/auth/datastore
default	www.googleapis.com/auth/devstorage.read_only
	www.googleapis.com/auth/logging.write
	www.googleapis.com/auth/monitoring.write
	www.googleapis.com/auth/pubsub
	www.googleapis.com/auth/service.management.readonly
	www.googleapis.com/auth/servicecontrol
	www.googleapis.com/auth/trace.append
gke-default	www.googleapis.com/auth/devstorage.read_only
	www.googleapis.com/auth/logging.write
	www.googleapis.com/auth/monitoring
	www.googleapis.com/auth/service.management.readonly
	www.googleapis.com/auth/servicecontrol
	www.googleapis.com/auth/trace.append
logging-write	www.googleapis.com/auth/logging.write
monitoring	www.googleapis.com/auth/monitoring
monitoring-write	www.googleapis.com/auth/monitoring.write
pubsub	www.googleapis.com/auth/pubsub
service-control	www.googleapis.com/auth/servicecontrol
service-management	www.googleapis.com/auth/service.management.readonly
sql (deprecated)	www.googleapis.com/auth/sqlservice
sql-admin	www.googleapis.com/auth/sqlservice.admin
storage-full	www.googleapis.com/auth/devstorage.full_control
storage-ro	www.googleapis.com/auth/devstorage.read_only
storage-rw	www.googleapis.com/auth/devstorage.read_write
taskqueue	www.googleapis.com/auth/taskqueue
trace	www.googleapis.com/auth/trace.append
userinfo-email	www.googleapis.com/auth/userinfo.email

DEPRECATION WARNING: www.googleapis.com/auth/sqlservice account scope and sql alias do not provide SQL instance management capabilities and have been deprecated. Please, use www.googleapis.com/auth/sqlservice.admin or sql-admin to manage your Google SQL Service instances.

GCLOUD WIDE FLAGS

These flags are available to all commands: --account, --configuration, --flags-file, --flatten, --format, --help, --log-http, --project, --quiet, --trace-token, --user-output-enabled, --verbosity. Run $ gcloud help for details.

NOTES

This command is currently in ALPHA and may change without notice. If this command fails with API permission errors despite specifying the right project, you will have to apply for early access and have your projects registered on the API whitelist to use it. To do so, contact Support at cloud.google.com/support These variants are also available:

: $ gcloud container clusters create $ gcloud beta container clusters create

gcloud_alpha_container_clusters_create • man page

gcloud_alpha_container_clusters_create • man page