File: //snap/google-cloud-cli/394/help/man/man1/gcloud_alpha_container_aws_clusters_create.1
.TH "GCLOUD_ALPHA_CONTAINER_AWS_CLUSTERS_CREATE" 1
.SH "NAME"
.HP
gcloud alpha container aws clusters create \- create an Anthos cluster on AWS
.SH "SYNOPSIS"
.HP
\f5gcloud alpha container aws clusters create\fR (\fICLUSTER\fR\ :\ \fB\-\-location\fR=\fILOCATION\fR) \fB\-\-aws\-region\fR=\fIAWS_REGION\fR \fB\-\-cluster\-version\fR=\fICLUSTER_VERSION\fR \fB\-\-config\-encryption\-kms\-key\-arn\fR=\fICONFIG_ENCRYPTION_KMS_KEY_ARN\fR \fB\-\-database\-encryption\-kms\-key\-arn\fR=\fIDATABASE_ENCRYPTION_KMS_KEY_ARN\fR \fB\-\-fleet\-project\fR=\fIFLEET_PROJECT\fR \fB\-\-iam\-instance\-profile\fR=\fIIAM_INSTANCE_PROFILE\fR \fB\-\-pod\-address\-cidr\-blocks\fR=\fIPOD_ADDRESS_CIDR_BLOCKS\fR \fB\-\-role\-arn\fR=\fIROLE_ARN\fR \fB\-\-service\-address\-cidr\-blocks\fR=\fISERVICE_ADDRESS_CIDR_BLOCKS\fR \fB\-\-subnet\-ids\fR=[\fISUBNET_ID\fR,...] \fB\-\-vpc\-id\fR=\fIVPC_ID\fR [\fB\-\-admin\-groups\fR=[\fIGROUP\fR,...]] [\fB\-\-admin\-users\fR=\fIUSER\fR,[\fIUSER\fR,...]] [\fB\-\-annotations\fR=\fIANNOTATION\fR,[\fIANNOTATION\fR,...]] [\fB\-\-async\fR] [\fB\-\-binauthz\-evaluation\-mode\fR=\fIBINAUTHZ_EVALUATION_MODE\fR] [\fB\-\-description\fR=\fIDESCRIPTION\fR] [\fB\-\-disable\-per\-node\-pool\-sg\-rules\fR] [\fB\-\-enable\-managed\-prometheus\fR] [\fB\-\-instance\-placement\fR=\fIINSTANCE_PLACEMENT\fR] [\fB\-\-instance\-type\fR=\fIINSTANCE_TYPE\fR] [\fB\-\-logging\fR=\fICOMPONENT\fR,[\fICOMPONENT\fR,...]] [\fB\-\-main\-volume\-iops\fR=\fIMAIN_VOLUME_IOPS\fR] [\fB\-\-main\-volume\-kms\-key\-arn\fR=\fIMAIN_VOLUME_KMS_KEY_ARN\fR] [\fB\-\-main\-volume\-size\fR=\fIMAIN_VOLUME_SIZE\fR] [\fB\-\-main\-volume\-throughput\fR=\fIMAIN_VOLUME_THROUGHPUT\fR] [\fB\-\-main\-volume\-type\fR=\fIMAIN_VOLUME_TYPE\fR] [\fB\-\-role\-session\-name\fR=\fIROLE_SESSION_NAME\fR] [\fB\-\-root\-volume\-iops\fR=\fIROOT_VOLUME_IOPS\fR] [\fB\-\-root\-volume\-kms\-key\-arn\fR=\fIROOT_VOLUME_KMS_KEY_ARN\fR] [\fB\-\-root\-volume\-size\fR=\fIROOT_VOLUME_SIZE\fR] [\fB\-\-root\-volume\-throughput\fR=\fIROOT_VOLUME_THROUGHPUT\fR] [\fB\-\-root\-volume\-type\fR=\fIROOT_VOLUME_TYPE\fR] [\fB\-\-security\-group\-ids\fR=[\fISECURITY_GROUP_ID\fR,...]] [\fB\-\-ssh\-ec2\-key\-pair\fR=\fISSH_EC2_KEY_PAIR\fR] [\fB\-\-tags\fR=\fITAG\fR,[\fITAG\fR,...]] [\fB\-\-validate\-only\fR] [\fB\-\-proxy\-secret\-arn\fR=\fIPROXY_SECRET_ARN\fR\ \fB\-\-proxy\-secret\-version\-id\fR=\fIPROXY_SECRET_VERSION_ID\fR] [\fIGCLOUD_WIDE_FLAG\ ...\fR]
.SH "DESCRIPTION"
\fB(ALPHA)\fR \fB(DEPRECATED)\fR Create an Anthos cluster on AWS.
This command is deprecated. See
https://cloud.google.com/kubernetes\-engine/multi\-cloud/docs/aws/deprecations/deprecation\-announcement
for more details.
.SH "EXAMPLES"
To create a cluster named \f5\fImy\-cluster\fR\fR managed in location
\f5\fIus\-west1\fR\fR, run:
.RS 2m
$ gcloud alpha container aws clusters create my\-cluster \e
\-\-location=us\-west1 \-\-aws\-region=AWS_REGION \e
\-\-cluster\-version=CLUSTER_VERSION \e
\-\-database\-encryption\-kms\-key\-arn=KMS_KEY_ARN \e
\-\-iam\-instance\-profile=IAM_INSTANCE_PROFILE \e
\-\-pod\-address\-cidr\-blocks=POD_ADDRESS_CIDR_BLOCKS \e
\-\-role\-arn=ROLE_ARN \e
\-\-service\-address\-cidr\-blocks=SERVICE_ADDRESS_CIDR_BLOCKS \e
\-\-subnet\-ids=SUBNET_ID \-\-vpc\-id=VPC_ID
.RE
.SH "POSITIONAL ARGUMENTS"
.RS 2m
.TP 2m
Cluster resource \- cluster to create. The arguments in this group can be used
to specify the attributes of this resource. (NOTE) Some attributes are not given
arguments in this group but can be set in other ways.
To set the \f5project\fR attribute:
.RS 2m
.IP "\(em" 2m
provide the argument \f5cluster\fR on the command line with a fully specified
name;
.IP "\(em" 2m
provide the argument \f5\-\-project\fR on the command line;
.IP "\(em" 2m
set the property \f5core/project\fR.
.RE
.sp
This must be specified.
.RS 2m
.TP 2m
\fICLUSTER\fR
ID of the cluster or fully qualified identifier for the cluster.
To set the \f5cluster\fR attribute:
.RS 2m
.IP "\(bu" 2m
provide the argument \f5cluster\fR on the command line.
.RE
.sp
This positional argument must be specified if any of the other arguments in this
group are specified.
.TP 2m
\fB\-\-location\fR=\fILOCATION\fR
Google Cloud location for the cluster.
To set the \f5location\fR attribute:
.RS 2m
.IP "\(bu" 2m
provide the argument \f5cluster\fR on the command line with a fully specified
name;
.IP "\(bu" 2m
provide the argument \f5\-\-location\fR on the command line;
.IP "\(bu" 2m
set the property \f5container_aws/location\fR.
.RE
.sp
.RE
.RE
.sp
.SH "REQUIRED FLAGS"
.RS 2m
.TP 2m
\fB\-\-aws\-region\fR=\fIAWS_REGION\fR
AWS region to deploy the cluster.
.TP 2m
\fB\-\-cluster\-version\fR=\fICLUSTER_VERSION\fR
Kubernetes version to use for the cluster.
.TP 2m
\fB\-\-config\-encryption\-kms\-key\-arn\fR=\fICONFIG_ENCRYPTION_KMS_KEY_ARN\fR
Amazon Resource Name (ARN) of the AWS KMS key to encrypt the user data.
.TP 2m
\fB\-\-database\-encryption\-kms\-key\-arn\fR=\fIDATABASE_ENCRYPTION_KMS_KEY_ARN\fR
Amazon Resource Name (ARN) of the AWS KMS key to encrypt the cluster secrets.
.TP 2m
\fB\-\-fleet\-project\fR=\fIFLEET_PROJECT\fR
ID or number of the Fleet host project where the cluster is registered.
.TP 2m
\fB\-\-iam\-instance\-profile\fR=\fIIAM_INSTANCE_PROFILE\fR
Name or ARN of the IAM instance profile associated with the cluster.
.TP 2m
\fB\-\-pod\-address\-cidr\-blocks\fR=\fIPOD_ADDRESS_CIDR_BLOCKS\fR
IP address range for the pods in this cluster in CIDR notation (e.g.
10.0.0.0/8).
.TP 2m
\fB\-\-role\-arn\fR=\fIROLE_ARN\fR
Amazon Resource Name (ARN) of the IAM role to assume when managing AWS
resources.
.TP 2m
\fB\-\-service\-address\-cidr\-blocks\fR=\fISERVICE_ADDRESS_CIDR_BLOCKS\fR
IP address range for the services IPs in CIDR notation (e.g. 10.0.0.0/8).
.TP 2m
\fB\-\-subnet\-ids\fR=[\fISUBNET_ID\fR,...]
Subnet ID of an existing VNET to use for the cluster control plane.
.TP 2m
\fB\-\-vpc\-id\fR=\fIVPC_ID\fR
VPC associated with the cluster.
.RE
.sp
.SH "OPTIONAL FLAGS"
.RS 2m
.TP 2m
\fB\-\-admin\-groups\fR=[\fIGROUP\fR,...]
Groups of users that can perform operations as a cluster administrator.
.TP 2m
\fB\-\-admin\-users\fR=\fIUSER\fR,[\fIUSER\fR,...]
Users that can perform operations as a cluster administrator. If not specified,
the value of property core/account is used.
.TP 2m
\fB\-\-annotations\fR=\fIANNOTATION\fR,[\fIANNOTATION\fR,...]
Annotations for the cluster.
.TP 2m
\fB\-\-async\fR
Return immediately, without waiting for the operation in progress to complete.
.TP 2m
\fB\-\-binauthz\-evaluation\-mode\fR=\fIBINAUTHZ_EVALUATION_MODE\fR
Set Binary Authorization evaluation mode for this cluster.
\fIBINAUTHZ_EVALUATION_MODE\fR must be one of: \fBDISABLED\fR,
\fBPROJECT_SINGLETON_POLICY_ENFORCE\fR.
.TP 2m
\fB\-\-description\fR=\fIDESCRIPTION\fR
Description for the cluster.
.TP 2m
\fB\-\-disable\-per\-node\-pool\-sg\-rules\fR
Disable the default per node pool subnet security group rules on the control
plane security group. When disabled, at least one security group that allows
node pools to send traffic to the control plane on ports TCP/443 and TCP/8132
must be provided.
.TP 2m
\fB\-\-enable\-managed\-prometheus\fR
Enables managed collection for Managed Service for Prometheus in the cluster.
See
https://cloud.google.com/stackdriver/docs/managed\-prometheus/setup\-managed#enable\-mgdcoll\-gke
for more info.
Managed Prometheus is enabled by default for cluster versions 1.27 or greater,
use \-\-no\-enable\-managed\-prometheus to disable.
.TP 2m
\fB\-\-instance\-placement\fR=\fIINSTANCE_PLACEMENT\fR
Type of the tenancy. \fIINSTANCE_PLACEMENT\fR must be one of: \fBdedicated\fR,
\fBdefault\fR, \fBhost\fR.
.TP 2m
\fB\-\-instance\-type\fR=\fIINSTANCE_TYPE\fR
AWS EC2 instance type for the control plane's nodes.
.TP 2m
\fB\-\-logging\fR=\fICOMPONENT\fR,[\fICOMPONENT\fR,...]
Set the components that have logging enabled.
Examples:
.RS 2m
$ gcloud alpha container aws clusters create \-\-logging=SYSTEM
$ gcloud alpha container aws clusters create \e
\-\-logging=SYSTEM,WORKLOAD
.RE
\fICOMPONENT\fR must be one of: \fBSYSTEM\fR, \fBWORKLOAD\fR.
.TP 2m
\fB\-\-main\-volume\-iops\fR=\fIMAIN_VOLUME_IOPS\fR
Number of I/O operations per second (IOPS) to provision for the main volume.
.TP 2m
\fB\-\-main\-volume\-kms\-key\-arn\fR=\fIMAIN_VOLUME_KMS_KEY_ARN\fR
Amazon Resource Name (ARN) of the AWS KMS key to encrypt the main volume.
.TP 2m
\fB\-\-main\-volume\-size\fR=\fIMAIN_VOLUME_SIZE\fR
Size of the main volume. The value must be a whole number followed by a size
unit of \f5GB\fR for gigabyte, or \f5TB\fR for terabyte. If no size unit is
specified, GB is assumed.
.TP 2m
\fB\-\-main\-volume\-throughput\fR=\fIMAIN_VOLUME_THROUGHPUT\fR
Throughput to provision for the main volume, in MiB/s. Only valid if the volume
type is GP3. If volume type is GP3 and throughput is not provided, it defaults
to 125.
.TP 2m
\fB\-\-main\-volume\-type\fR=\fIMAIN_VOLUME_TYPE\fR
Type of the main volume. \fIMAIN_VOLUME_TYPE\fR must be one of: \fBgp2\fR,
\fBgp3\fR.
.TP 2m
\fB\-\-role\-session\-name\fR=\fIROLE_SESSION_NAME\fR
Identifier for the assumed role session.
.TP 2m
\fB\-\-root\-volume\-iops\fR=\fIROOT_VOLUME_IOPS\fR
Number of I/O operations per second (IOPS) to provision for the root volume.
.TP 2m
\fB\-\-root\-volume\-kms\-key\-arn\fR=\fIROOT_VOLUME_KMS_KEY_ARN\fR
Amazon Resource Name (ARN) of the AWS KMS key to encrypt the root volume.
.TP 2m
\fB\-\-root\-volume\-size\fR=\fIROOT_VOLUME_SIZE\fR
Size of the root volume. The value must be a whole number followed by a size
unit of \f5GB\fR for gigabyte, or \f5TB\fR for terabyte. If no size unit is
specified, GB is assumed.
.TP 2m
\fB\-\-root\-volume\-throughput\fR=\fIROOT_VOLUME_THROUGHPUT\fR
Throughput to provision for the root volume, in MiB/s. Only valid if the volume
type is GP3. If volume type is GP3 and throughput is not provided, it defaults
to 125.
.TP 2m
\fB\-\-root\-volume\-type\fR=\fIROOT_VOLUME_TYPE\fR
Type of the root volume. \fIROOT_VOLUME_TYPE\fR must be one of: \fBgp2\fR,
\fBgp3\fR.
.TP 2m
\fB\-\-security\-group\-ids\fR=[\fISECURITY_GROUP_ID\fR,...]
IDs of additional security groups to add to the control plane's nodes.
.TP 2m
\fB\-\-ssh\-ec2\-key\-pair\fR=\fISSH_EC2_KEY_PAIR\fR
Name of the EC2 key pair authorized to login to the control plane's nodes.
.TP 2m
\fB\-\-tags\fR=\fITAG\fR,[\fITAG\fR,...]
Applies the given tags (comma separated) on the cluster. Example:
.RS 2m
$ gcloud alpha container aws clusters create EXAMPLE_CLUSTER \e
\-\-tags=tag1=one,tag2=two
.RE
.TP 2m
\fB\-\-validate\-only\fR
Validate the cluster to create, but don't actually perform it.
.TP 2m
Proxy config
.RS 2m
.TP 2m
\fB\-\-proxy\-secret\-arn\fR=\fIPROXY_SECRET_ARN\fR
ARN of the AWS Secrets Manager secret that contains a proxy configuration.
This flag argument must be specified if any of the other arguments in this group
are specified.
.TP 2m
\fB\-\-proxy\-secret\-version\-id\fR=\fIPROXY_SECRET_VERSION_ID\fR
Version ID string of the AWS Secrets Manager secret that contains a proxy
configuration.
This flag argument must be specified if any of the other arguments in this group
are specified.
.RE
.RE
.sp
.SH "GCLOUD WIDE FLAGS"
These flags are available to all commands: \-\-access\-token\-file, \-\-account,
\-\-billing\-project, \-\-configuration, \-\-flags\-file, \-\-flatten,
\-\-format, \-\-help, \-\-impersonate\-service\-account, \-\-log\-http,
\-\-project, \-\-quiet, \-\-trace\-token, \-\-user\-output\-enabled,
\-\-verbosity.
Run \fB$ gcloud help\fR for details.
.SH "NOTES"
This command is currently in alpha and might change without notice. If this
command fails with API permission errors despite specifying the correct project,
you might be trying to access an API with an invitation\-only early access
allowlist. This variant is also available:
.RS 2m
$ gcloud container aws clusters create
.RE