PyPI - pulumi-gcp - Versions diffs - 7.24.0a1716588893__py3-none-any.whl → 7.25.0__py3-none-any.whl - Mend

pulumi-gcp 7.24.0a1716588893py3-none-any.whl → 7.25.0py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (179) hide show

pulumi_gcp/__init__.py +88 -0
pulumi_gcp/accesscontextmanager/service_perimeter_egress_policy.py +0 -64
pulumi_gcp/accesscontextmanager/service_perimeter_ingress_policy.py +0 -70
pulumi_gcp/alloydb/backup.py +50 -42
pulumi_gcp/alloydb/cluster.py +56 -48
pulumi_gcp/alloydb/instance.py +50 -42
pulumi_gcp/alloydb/user.py +32 -24
pulumi_gcp/apigateway/api_config.py +0 -114
pulumi_gcp/apigateway/gateway.py +0 -44
pulumi_gcp/apigee/addons_config.py +14 -4
pulumi_gcp/apigee/endpoint_attachment.py +4 -2
pulumi_gcp/apigee/env_group.py +4 -2
pulumi_gcp/apigee/environment.py +4 -2
pulumi_gcp/apigee/instance.py +22 -8
pulumi_gcp/apigee/keystores_aliases_self_signed_cert.py +26 -10
pulumi_gcp/apigee/nat_address.py +10 -2
pulumi_gcp/apigee/organization.py +18 -6
pulumi_gcp/apigee/sync_authorization.py +8 -4
pulumi_gcp/apigee/target_server.py +26 -10
pulumi_gcp/appengine/_inputs.py +18 -0
pulumi_gcp/appengine/domain_mapping.py +1 -1
pulumi_gcp/appengine/outputs.py +16 -0
pulumi_gcp/apphub/service.py +40 -20
pulumi_gcp/apphub/service_project_attachment.py +16 -8
pulumi_gcp/apphub/workload.py +0 -418
pulumi_gcp/applicationintegration/auth_config.py +4 -2
pulumi_gcp/artifactregistry/repository.py +14 -12
pulumi_gcp/backupdisasterrecovery/management_server.py +4 -2
pulumi_gcp/bigquery/_inputs.py +286 -2
pulumi_gcp/bigquery/data_transfer_config.py +8 -4
pulumi_gcp/bigquery/job.py +22 -16
pulumi_gcp/bigquery/outputs.py +289 -2
pulumi_gcp/bigquery/table.py +77 -35
pulumi_gcp/certificateauthority/authority.py +10 -2
pulumi_gcp/certificateauthority/certificate.py +8 -4
pulumi_gcp/certificatemanager/certificate.py +84 -80
pulumi_gcp/certificatemanager/certificate_issuance_config.py +32 -30
pulumi_gcp/cloudbuild/bitbucket_server_config.py +12 -6
pulumi_gcp/cloudbuild/trigger.py +22 -14
pulumi_gcp/cloudbuild/worker_pool.py +12 -6
pulumi_gcp/cloudbuildv2/connection.py +10 -2
pulumi_gcp/cloudbuildv2/repository.py +10 -2
pulumi_gcp/cloudfunctionsv2/function.py +110 -66
pulumi_gcp/cloudids/endpoint.py +4 -2
pulumi_gcp/cloudrun/_inputs.py +80 -4
pulumi_gcp/cloudrun/outputs.py +137 -4
pulumi_gcp/cloudrunv2/job.py +32 -20
pulumi_gcp/cloudrunv2/service.py +28 -20
pulumi_gcp/composer/user_workloads_secret.py +4 -4
pulumi_gcp/compute/__init__.py +1 -0
pulumi_gcp/compute/_inputs.py +398 -176
pulumi_gcp/compute/forwarding_rule.py +225 -817
pulumi_gcp/compute/get_subnetworks.py +157 -0
pulumi_gcp/compute/global_forwarding_rule.py +0 -766
pulumi_gcp/compute/instance_group.py +0 -100
pulumi_gcp/compute/instance_group_membership.py +2 -2
pulumi_gcp/compute/interconnect_attachment.py +82 -0
pulumi_gcp/compute/network_endpoint.py +2 -2
pulumi_gcp/compute/network_endpoint_list.py +2 -2
pulumi_gcp/compute/outputs.py +609 -161
pulumi_gcp/compute/packet_mirroring.py +4 -2
pulumi_gcp/compute/region_security_policy_rule.py +4 -2
pulumi_gcp/compute/region_ssl_certificate.py +0 -188
pulumi_gcp/compute/region_ssl_policy.py +39 -40
pulumi_gcp/compute/route.py +10 -2
pulumi_gcp/compute/security_policy_rule.py +55 -1
pulumi_gcp/compute/ssl_certificate.py +0 -166
pulumi_gcp/compute/target_instance.py +4 -2
pulumi_gcp/compute/vpn_gateway.py +12 -2
pulumi_gcp/compute/vpn_tunnel.py +26 -16
pulumi_gcp/container/_inputs.py +560 -0
pulumi_gcp/container/outputs.py +1106 -51
pulumi_gcp/databasemigrationservice/connection_profile.py +32 -16
pulumi_gcp/datacatalog/policy_tag.py +4 -2
pulumi_gcp/datafusion/instance.py +14 -12
pulumi_gcp/dataplex/__init__.py +10 -0
pulumi_gcp/dataplex/_inputs.py +160 -0
pulumi_gcp/dataplex/aspect_type.py +1077 -0
pulumi_gcp/dataplex/aspect_type_iam_binding.py +765 -0
pulumi_gcp/dataplex/aspect_type_iam_member.py +765 -0
pulumi_gcp/dataplex/aspect_type_iam_policy.py +604 -0
pulumi_gcp/dataplex/asset.py +4 -2
pulumi_gcp/dataplex/datascan.py +16 -14
pulumi_gcp/dataplex/entry_group.py +722 -0
pulumi_gcp/dataplex/entry_group_iam_binding.py +765 -0
pulumi_gcp/dataplex/entry_group_iam_member.py +765 -0
pulumi_gcp/dataplex/entry_group_iam_policy.py +604 -0
pulumi_gcp/dataplex/get_aspect_type_iam_policy.py +164 -0
pulumi_gcp/dataplex/get_entry_group_iam_policy.py +164 -0
pulumi_gcp/dataplex/outputs.py +112 -0
pulumi_gcp/datastore/data_store_index.py +4 -2
pulumi_gcp/datastream/connection_profile.py +47 -0
pulumi_gcp/datastream/private_connection.py +47 -0
pulumi_gcp/datastream/stream.py +63 -10
pulumi_gcp/diagflow/cx_test_case.py +4 -4
pulumi_gcp/diagflow/entity_type.py +4 -2
pulumi_gcp/diagflow/fulfillment.py +4 -2
pulumi_gcp/diagflow/intent.py +8 -4
pulumi_gcp/dns/get_managed_zone.py +3 -3
pulumi_gcp/dns/managed_zone.py +7 -7
pulumi_gcp/dns/outputs.py +2 -2
pulumi_gcp/edgecontainer/node_pool.py +4 -2
pulumi_gcp/edgecontainer/vpn_connection.py +4 -2
pulumi_gcp/eventarc/channel.py +4 -2
pulumi_gcp/eventarc/google_channel_config.py +4 -2
pulumi_gcp/firebase/app_check_app_attest_config.py +16 -8
pulumi_gcp/firebase/app_check_debug_token.py +8 -4
pulumi_gcp/firebase/app_check_device_check_config.py +8 -4
pulumi_gcp/firebase/app_check_play_integrity_config.py +16 -8
pulumi_gcp/firebase/app_check_recaptcha_enterprise_config.py +8 -4
pulumi_gcp/firebase/app_check_recaptcha_v3_config.py +8 -4
pulumi_gcp/firebase/app_check_service_config.py +12 -6
pulumi_gcp/firebase/database_instance.py +4 -2
pulumi_gcp/firebaserules/release.py +0 -98
pulumi_gcp/firestore/database.py +24 -20
pulumi_gcp/firestore/document.py +24 -12
pulumi_gcp/folder/access_approval_settings.py +4 -2
pulumi_gcp/gkehub/membership_binding.py +14 -4
pulumi_gcp/gkehub/membership_rbac_role_binding.py +8 -4
pulumi_gcp/gkehub/namespace.py +4 -2
pulumi_gcp/gkehub/scope_rbac_role_binding.py +4 -2
pulumi_gcp/integrationconnectors/connection.py +4 -2
pulumi_gcp/integrationconnectors/managed_zone.py +18 -6
pulumi_gcp/kms/__init__.py +2 -0
pulumi_gcp/kms/autokey_config.py +366 -0
pulumi_gcp/kms/key_handle.py +548 -0
pulumi_gcp/logging/folder_settings.py +12 -10
pulumi_gcp/logging/linked_dataset.py +4 -2
pulumi_gcp/logging/organization_settings.py +12 -10
pulumi_gcp/logging/project_bucket_config.py +4 -2
pulumi_gcp/looker/instance.py +12 -10
pulumi_gcp/netapp/volume_replication.py +4 -2
pulumi_gcp/netapp/volume_snapshot.py +4 -2
pulumi_gcp/networkconnectivity/internal_range.py +14 -12
pulumi_gcp/networksecurity/gateway_security_policy.py +16 -4
pulumi_gcp/networksecurity/tls_inspection_policy.py +22 -4
pulumi_gcp/networkservices/__init__.py +1 -0
pulumi_gcp/networkservices/_inputs.py +245 -27
pulumi_gcp/networkservices/gateway.py +12 -6
pulumi_gcp/networkservices/lb_route_extension.py +663 -0
pulumi_gcp/networkservices/lb_traffic_extension.py +28 -540
pulumi_gcp/networkservices/outputs.py +251 -20
pulumi_gcp/organizations/access_approval_settings.py +4 -2
pulumi_gcp/orgpolicy/policy.py +2 -2
pulumi_gcp/parallelstore/instance.py +20 -18
pulumi_gcp/projects/access_approval_settings.py +4 -2
pulumi_gcp/pubsub/_inputs.py +16 -0
pulumi_gcp/pubsub/outputs.py +25 -0
pulumi_gcp/pubsub/schema.py +4 -2
pulumi_gcp/pubsub/subscription.py +102 -66
pulumi_gcp/pubsub/topic.py +4 -2
pulumi_gcp/pulumi-plugin.json +1 -1
pulumi_gcp/redis/cluster.py +30 -28
pulumi_gcp/redis/instance.py +4 -2
pulumi_gcp/secretmanager/secret.py +4 -2
pulumi_gcp/securesourcemanager/instance.py +20 -8
pulumi_gcp/securitycenter/instance_iam_binding.py +14 -12
pulumi_gcp/securitycenter/instance_iam_member.py +14 -12
pulumi_gcp/securitycenter/instance_iam_policy.py +14 -12
pulumi_gcp/serviceaccount/key.py +2 -2
pulumi_gcp/sql/database_instance.py +4 -2
pulumi_gcp/sql/user.py +4 -4
pulumi_gcp/storage/get_project_service_account.py +4 -2
pulumi_gcp/storage/insights_report_config.py +12 -10
pulumi_gcp/storage/notification.py +18 -16
pulumi_gcp/storage/transfer_agent_pool.py +4 -2
pulumi_gcp/storage/transfer_job.py +14 -4
pulumi_gcp/tpu/_inputs.py +2 -2
pulumi_gcp/tpu/outputs.py +2 -2
pulumi_gcp/tpu/v2_vm.py +10 -6
pulumi_gcp/vertex/ai_endpoint.py +24 -22
pulumi_gcp/vertex/ai_index_endpoint.py +20 -18
pulumi_gcp/vertex/ai_tensorboard.py +14 -12
pulumi_gcp/vmwareengine/external_address.py +4 -2
pulumi_gcp/vmwareengine/network.py +8 -4
{pulumi_gcp-7.24.0a1716588893.dist-info → pulumi_gcp-7.25.0.dist-info}/METADATA +1 -1
{pulumi_gcp-7.24.0a1716588893.dist-info → pulumi_gcp-7.25.0.dist-info}/RECORD +179 -165
{pulumi_gcp-7.24.0a1716588893.dist-info → pulumi_gcp-7.25.0.dist-info}/WHEEL +0 -0
{pulumi_gcp-7.24.0a1716588893.dist-info → pulumi_gcp-7.25.0.dist-info}/top_level.txt +0 -0

pulumi_gcp/container/_inputs.py CHANGED Viewed

@@ -133,6 +133,10 @@ __all__ = [
     'ClusterNodeConfigArgs',
     'ClusterNodeConfigAdvancedMachineFeaturesArgs',
     'ClusterNodeConfigConfidentialNodesArgs',
+    'ClusterNodeConfigContainerdConfigArgs',
+    'ClusterNodeConfigContainerdConfigPrivateRegistryAccessConfigArgs',
+    'ClusterNodeConfigContainerdConfigPrivateRegistryAccessConfigCertificateAuthorityDomainConfigArgs',
+    'ClusterNodeConfigContainerdConfigPrivateRegistryAccessConfigCertificateAuthorityDomainConfigGcpSecretManagerCertificateConfigArgs',
     'ClusterNodeConfigEffectiveTaintArgs',
     'ClusterNodeConfigEphemeralStorageConfigArgs',
     'ClusterNodeConfigEphemeralStorageLocalSsdConfigArgs',
@@ -160,6 +164,10 @@ __all__ = [
     'ClusterNodePoolAutoscalingArgs',
     'ClusterNodePoolDefaultsArgs',
     'ClusterNodePoolDefaultsNodeConfigDefaultsArgs',
+    'ClusterNodePoolDefaultsNodeConfigDefaultsContainerdConfigArgs',
+    'ClusterNodePoolDefaultsNodeConfigDefaultsContainerdConfigPrivateRegistryAccessConfigArgs',
+    'ClusterNodePoolDefaultsNodeConfigDefaultsContainerdConfigPrivateRegistryAccessConfigCertificateAuthorityDomainConfigArgs',
+    'ClusterNodePoolDefaultsNodeConfigDefaultsContainerdConfigPrivateRegistryAccessConfigCertificateAuthorityDomainConfigGcpSecretManagerCertificateConfigArgs',
     'ClusterNodePoolDefaultsNodeConfigDefaultsGcfsConfigArgs',
     'ClusterNodePoolManagementArgs',
     'ClusterNodePoolNetworkConfigArgs',
@@ -170,6 +178,10 @@ __all__ = [
     'ClusterNodePoolNodeConfigArgs',
     'ClusterNodePoolNodeConfigAdvancedMachineFeaturesArgs',
     'ClusterNodePoolNodeConfigConfidentialNodesArgs',
+    'ClusterNodePoolNodeConfigContainerdConfigArgs',
+    'ClusterNodePoolNodeConfigContainerdConfigPrivateRegistryAccessConfigArgs',
+    'ClusterNodePoolNodeConfigContainerdConfigPrivateRegistryAccessConfigCertificateAuthorityDomainConfigArgs',
+    'ClusterNodePoolNodeConfigContainerdConfigPrivateRegistryAccessConfigCertificateAuthorityDomainConfigGcpSecretManagerCertificateConfigArgs',
     'ClusterNodePoolNodeConfigEffectiveTaintArgs',
     'ClusterNodePoolNodeConfigEphemeralStorageConfigArgs',
     'ClusterNodePoolNodeConfigEphemeralStorageLocalSsdConfigArgs',
@@ -223,6 +235,10 @@ __all__ = [
     'NodePoolNodeConfigArgs',
     'NodePoolNodeConfigAdvancedMachineFeaturesArgs',
     'NodePoolNodeConfigConfidentialNodesArgs',
+    'NodePoolNodeConfigContainerdConfigArgs',
+    'NodePoolNodeConfigContainerdConfigPrivateRegistryAccessConfigArgs',
+    'NodePoolNodeConfigContainerdConfigPrivateRegistryAccessConfigCertificateAuthorityDomainConfigArgs',
+    'NodePoolNodeConfigContainerdConfigPrivateRegistryAccessConfigCertificateAuthorityDomainConfigGcpSecretManagerCertificateConfigArgs',
     'NodePoolNodeConfigEffectiveTaintArgs',
     'NodePoolNodeConfigEphemeralStorageConfigArgs',
     'NodePoolNodeConfigEphemeralStorageLocalSsdConfigArgs',
@@ -5717,6 +5733,7 @@ class ClusterNodeConfigArgs:
                  advanced_machine_features: Optional[pulumi.Input['ClusterNodeConfigAdvancedMachineFeaturesArgs']] = None,
                  boot_disk_kms_key: Optional[pulumi.Input[str]] = None,
                  confidential_nodes: Optional[pulumi.Input['ClusterNodeConfigConfidentialNodesArgs']] = None,
+                 containerd_config: Optional[pulumi.Input['ClusterNodeConfigContainerdConfigArgs']] = None,
                  disk_size_gb: Optional[pulumi.Input[int]] = None,
                  disk_type: Optional[pulumi.Input[str]] = None,
                  effective_taints: Optional[pulumi.Input[Sequence[pulumi.Input['ClusterNodeConfigEffectiveTaintArgs']]]] = None,
@@ -5758,6 +5775,7 @@ class ClusterNodeConfigArgs:
                advanced machine features. Structure is documented below.
         :param pulumi.Input[str] boot_disk_kms_key: The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool. This should be of the form projects/[KEY_PROJECT_ID]/locations/[LOCATION]/keyRings/[RING_NAME]/cryptoKeys/[KEY_NAME]. For more information about protecting resources with Cloud KMS Keys please see: <https://cloud.google.com/compute/docs/disks/customer-managed-encryption>
         :param pulumi.Input['ClusterNodeConfigConfidentialNodesArgs'] confidential_nodes: Configuration for [Confidential Nodes](https://cloud.google.com/kubernetes-engine/docs/how-to/confidential-gke-nodes) feature. Structure is documented below documented below.
+        :param pulumi.Input['ClusterNodeConfigContainerdConfigArgs'] containerd_config: Parameters to customize containerd runtime. Structure is documented below.
         :param pulumi.Input[int] disk_size_gb: Size of the disk attached to each node, specified
                in GB. The smallest allowed disk size is 10GB. Defaults to 100GB.
         :param pulumi.Input[str] disk_type: Type of the disk attached to each node
@@ -5858,6 +5876,8 @@ class ClusterNodeConfigArgs:
             pulumi.set(__self__, "boot_disk_kms_key", boot_disk_kms_key)
         if confidential_nodes is not None:
             pulumi.set(__self__, "confidential_nodes", confidential_nodes)
+        if containerd_config is not None:
+            pulumi.set(__self__, "containerd_config", containerd_config)
         if disk_size_gb is not None:
             pulumi.set(__self__, "disk_size_gb", disk_size_gb)
         if disk_type is not None:
@@ -5968,6 +5988,18 @@ class ClusterNodeConfigArgs:
     def confidential_nodes(self, value: Optional[pulumi.Input['ClusterNodeConfigConfidentialNodesArgs']]):
         pulumi.set(self, "confidential_nodes", value)
+    @property
+    @pulumi.getter(name="containerdConfig")
+    def containerd_config(self) -> Optional[pulumi.Input['ClusterNodeConfigContainerdConfigArgs']]:
+        """
+        Parameters to customize containerd runtime. Structure is documented below.
+        """
+        return pulumi.get(self, "containerd_config")
+    @containerd_config.setter
+    def containerd_config(self, value: Optional[pulumi.Input['ClusterNodeConfigContainerdConfigArgs']]):
+        pulumi.set(self, "containerd_config", value)
     @property
     @pulumi.getter(name="diskSizeGb")
     def disk_size_gb(self) -> Optional[pulumi.Input[int]]:
@@ -6520,6 +6552,126 @@ class ClusterNodeConfigConfidentialNodesArgs:
         pulumi.set(self, "enabled", value)
+@pulumi.input_type
+class ClusterNodeConfigContainerdConfigArgs:
+    def __init__(__self__, *,
+                 private_registry_access_config: Optional[pulumi.Input['ClusterNodeConfigContainerdConfigPrivateRegistryAccessConfigArgs']] = None):
+        """
+        :param pulumi.Input['ClusterNodeConfigContainerdConfigPrivateRegistryAccessConfigArgs'] private_registry_access_config: Configuration for private container registries. There are two fields in this config:
+        """
+        if private_registry_access_config is not None:
+            pulumi.set(__self__, "private_registry_access_config", private_registry_access_config)
+    @property
+    @pulumi.getter(name="privateRegistryAccessConfig")
+    def private_registry_access_config(self) -> Optional[pulumi.Input['ClusterNodeConfigContainerdConfigPrivateRegistryAccessConfigArgs']]:
+        """
+        Configuration for private container registries. There are two fields in this config:
+        """
+        return pulumi.get(self, "private_registry_access_config")
+    @private_registry_access_config.setter
+    def private_registry_access_config(self, value: Optional[pulumi.Input['ClusterNodeConfigContainerdConfigPrivateRegistryAccessConfigArgs']]):
+        pulumi.set(self, "private_registry_access_config", value)
+@pulumi.input_type
+class ClusterNodeConfigContainerdConfigPrivateRegistryAccessConfigArgs:
+    def __init__(__self__, *,
+                 enabled: pulumi.Input[bool],
+                 certificate_authority_domain_configs: Optional[pulumi.Input[Sequence[pulumi.Input['ClusterNodeConfigContainerdConfigPrivateRegistryAccessConfigCertificateAuthorityDomainConfigArgs']]]] = None):
+        """
+        :param pulumi.Input[bool] enabled: Enables private registry config. If set to false, all other fields in this object must not be set.
+        :param pulumi.Input[Sequence[pulumi.Input['ClusterNodeConfigContainerdConfigPrivateRegistryAccessConfigCertificateAuthorityDomainConfigArgs']]] certificate_authority_domain_configs: List of configuration objects for CA and domains. Each object identifies a certificate and its assigned domains. See [how to configure for private container registries](https://cloud.google.com/kubernetes-engine/docs/how-to/access-private-registries-private-certificates) for more detail. Example:
+        """
+        pulumi.set(__self__, "enabled", enabled)
+        if certificate_authority_domain_configs is not None:
+            pulumi.set(__self__, "certificate_authority_domain_configs", certificate_authority_domain_configs)
+    @property
+    @pulumi.getter
+    def enabled(self) -> pulumi.Input[bool]:
+        """
+        Enables private registry config. If set to false, all other fields in this object must not be set.
+        """
+        return pulumi.get(self, "enabled")
+    @enabled.setter
+    def enabled(self, value: pulumi.Input[bool]):
+        pulumi.set(self, "enabled", value)
+    @property
+    @pulumi.getter(name="certificateAuthorityDomainConfigs")
+    def certificate_authority_domain_configs(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['ClusterNodeConfigContainerdConfigPrivateRegistryAccessConfigCertificateAuthorityDomainConfigArgs']]]]:
+        """
+        List of configuration objects for CA and domains. Each object identifies a certificate and its assigned domains. See [how to configure for private container registries](https://cloud.google.com/kubernetes-engine/docs/how-to/access-private-registries-private-certificates) for more detail. Example:
+        """
+        return pulumi.get(self, "certificate_authority_domain_configs")
+    @certificate_authority_domain_configs.setter
+    def certificate_authority_domain_configs(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['ClusterNodeConfigContainerdConfigPrivateRegistryAccessConfigCertificateAuthorityDomainConfigArgs']]]]):
+        pulumi.set(self, "certificate_authority_domain_configs", value)
+@pulumi.input_type
+class ClusterNodeConfigContainerdConfigPrivateRegistryAccessConfigCertificateAuthorityDomainConfigArgs:
+    def __init__(__self__, *,
+                 fqdns: pulumi.Input[Sequence[pulumi.Input[str]]],
+                 gcp_secret_manager_certificate_config: pulumi.Input['ClusterNodeConfigContainerdConfigPrivateRegistryAccessConfigCertificateAuthorityDomainConfigGcpSecretManagerCertificateConfigArgs']):
+        """
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] fqdns: List of fully-qualified-domain-names. IPv4s and port specification are supported.
+        :param pulumi.Input['ClusterNodeConfigContainerdConfigPrivateRegistryAccessConfigCertificateAuthorityDomainConfigGcpSecretManagerCertificateConfigArgs'] gcp_secret_manager_certificate_config: Parameters for configuring a certificate hosted in GCP SecretManager.
+        """
+        pulumi.set(__self__, "fqdns", fqdns)
+        pulumi.set(__self__, "gcp_secret_manager_certificate_config", gcp_secret_manager_certificate_config)
+    @property
+    @pulumi.getter
+    def fqdns(self) -> pulumi.Input[Sequence[pulumi.Input[str]]]:
+        """
+        List of fully-qualified-domain-names. IPv4s and port specification are supported.
+        """
+        return pulumi.get(self, "fqdns")
+    @fqdns.setter
+    def fqdns(self, value: pulumi.Input[Sequence[pulumi.Input[str]]]):
+        pulumi.set(self, "fqdns", value)
+    @property
+    @pulumi.getter(name="gcpSecretManagerCertificateConfig")
+    def gcp_secret_manager_certificate_config(self) -> pulumi.Input['ClusterNodeConfigContainerdConfigPrivateRegistryAccessConfigCertificateAuthorityDomainConfigGcpSecretManagerCertificateConfigArgs']:
+        """
+        Parameters for configuring a certificate hosted in GCP SecretManager.
+        """
+        return pulumi.get(self, "gcp_secret_manager_certificate_config")
+    @gcp_secret_manager_certificate_config.setter
+    def gcp_secret_manager_certificate_config(self, value: pulumi.Input['ClusterNodeConfigContainerdConfigPrivateRegistryAccessConfigCertificateAuthorityDomainConfigGcpSecretManagerCertificateConfigArgs']):
+        pulumi.set(self, "gcp_secret_manager_certificate_config", value)
+@pulumi.input_type
+class ClusterNodeConfigContainerdConfigPrivateRegistryAccessConfigCertificateAuthorityDomainConfigGcpSecretManagerCertificateConfigArgs:
+    def __init__(__self__, *,
+                 secret_uri: pulumi.Input[str]):
+        """
+        :param pulumi.Input[str] secret_uri: URI for the secret that hosts a certificate. Must be in the format 'projects/PROJECT_NUM/secrets/SECRET_NAME/versions/VERSION_OR_LATEST'.
+        """
+        pulumi.set(__self__, "secret_uri", secret_uri)
+    @property
+    @pulumi.getter(name="secretUri")
+    def secret_uri(self) -> pulumi.Input[str]:
+        """
+        URI for the secret that hosts a certificate. Must be in the format 'projects/PROJECT_NUM/secrets/SECRET_NAME/versions/VERSION_OR_LATEST'.
+        """
+        return pulumi.get(self, "secret_uri")
+    @secret_uri.setter
+    def secret_uri(self, value: pulumi.Input[str]):
+        pulumi.set(self, "secret_uri", value)
 @pulumi.input_type
 class ClusterNodeConfigEffectiveTaintArgs:
     def __init__(__self__, *,
@@ -7851,17 +8003,33 @@ class ClusterNodePoolDefaultsArgs:
 @pulumi.input_type
 class ClusterNodePoolDefaultsNodeConfigDefaultsArgs:
     def __init__(__self__, *,
+                 containerd_config: Optional[pulumi.Input['ClusterNodePoolDefaultsNodeConfigDefaultsContainerdConfigArgs']] = None,
                  gcfs_config: Optional[pulumi.Input['ClusterNodePoolDefaultsNodeConfigDefaultsGcfsConfigArgs']] = None,
                  logging_variant: Optional[pulumi.Input[str]] = None):
         """
+        :param pulumi.Input['ClusterNodePoolDefaultsNodeConfigDefaultsContainerdConfigArgs'] containerd_config: Parameters for containerd configuration.
         :param pulumi.Input['ClusterNodePoolDefaultsNodeConfigDefaultsGcfsConfigArgs'] gcfs_config: The default Google Container Filesystem (GCFS) configuration at the cluster level. e.g. enable [image streaming](https://cloud.google.com/kubernetes-engine/docs/how-to/image-streaming) across all the node pools within the cluster. Structure is documented below.
         :param pulumi.Input[str] logging_variant: The type of logging agent that is deployed by default for newly created node pools in the cluster. Valid values include DEFAULT and MAX_THROUGHPUT. See [Increasing logging agent throughput](https://cloud.google.com/stackdriver/docs/solutions/gke/managing-logs#throughput) for more information.
         """
+        if containerd_config is not None:
+            pulumi.set(__self__, "containerd_config", containerd_config)
         if gcfs_config is not None:
             pulumi.set(__self__, "gcfs_config", gcfs_config)
         if logging_variant is not None:
             pulumi.set(__self__, "logging_variant", logging_variant)
+    @property
+    @pulumi.getter(name="containerdConfig")
+    def containerd_config(self) -> Optional[pulumi.Input['ClusterNodePoolDefaultsNodeConfigDefaultsContainerdConfigArgs']]:
+        """
+        Parameters for containerd configuration.
+        """
+        return pulumi.get(self, "containerd_config")
+    @containerd_config.setter
+    def containerd_config(self, value: Optional[pulumi.Input['ClusterNodePoolDefaultsNodeConfigDefaultsContainerdConfigArgs']]):
+        pulumi.set(self, "containerd_config", value)
     @property
     @pulumi.getter(name="gcfsConfig")
     def gcfs_config(self) -> Optional[pulumi.Input['ClusterNodePoolDefaultsNodeConfigDefaultsGcfsConfigArgs']]:
@@ -7887,6 +8055,126 @@ class ClusterNodePoolDefaultsNodeConfigDefaultsArgs:
         pulumi.set(self, "logging_variant", value)
+@pulumi.input_type
+class ClusterNodePoolDefaultsNodeConfigDefaultsContainerdConfigArgs:
+    def __init__(__self__, *,
+                 private_registry_access_config: Optional[pulumi.Input['ClusterNodePoolDefaultsNodeConfigDefaultsContainerdConfigPrivateRegistryAccessConfigArgs']] = None):
+        """
+        :param pulumi.Input['ClusterNodePoolDefaultsNodeConfigDefaultsContainerdConfigPrivateRegistryAccessConfigArgs'] private_registry_access_config: Configuration for private container registries. There are two fields in this config:
+        """
+        if private_registry_access_config is not None:
+            pulumi.set(__self__, "private_registry_access_config", private_registry_access_config)
+    @property
+    @pulumi.getter(name="privateRegistryAccessConfig")
+    def private_registry_access_config(self) -> Optional[pulumi.Input['ClusterNodePoolDefaultsNodeConfigDefaultsContainerdConfigPrivateRegistryAccessConfigArgs']]:
+        """
+        Configuration for private container registries. There are two fields in this config:
+        """
+        return pulumi.get(self, "private_registry_access_config")
+    @private_registry_access_config.setter
+    def private_registry_access_config(self, value: Optional[pulumi.Input['ClusterNodePoolDefaultsNodeConfigDefaultsContainerdConfigPrivateRegistryAccessConfigArgs']]):
+        pulumi.set(self, "private_registry_access_config", value)
+@pulumi.input_type
+class ClusterNodePoolDefaultsNodeConfigDefaultsContainerdConfigPrivateRegistryAccessConfigArgs:
+    def __init__(__self__, *,
+                 enabled: pulumi.Input[bool],
+                 certificate_authority_domain_configs: Optional[pulumi.Input[Sequence[pulumi.Input['ClusterNodePoolDefaultsNodeConfigDefaultsContainerdConfigPrivateRegistryAccessConfigCertificateAuthorityDomainConfigArgs']]]] = None):
+        """
+        :param pulumi.Input[bool] enabled: Enables private registry config. If set to false, all other fields in this object must not be set.
+        :param pulumi.Input[Sequence[pulumi.Input['ClusterNodePoolDefaultsNodeConfigDefaultsContainerdConfigPrivateRegistryAccessConfigCertificateAuthorityDomainConfigArgs']]] certificate_authority_domain_configs: List of configuration objects for CA and domains. Each object identifies a certificate and its assigned domains. See [how to configure for private container registries](https://cloud.google.com/kubernetes-engine/docs/how-to/access-private-registries-private-certificates) for more detail. Example:
+        """
+        pulumi.set(__self__, "enabled", enabled)
+        if certificate_authority_domain_configs is not None:
+            pulumi.set(__self__, "certificate_authority_domain_configs", certificate_authority_domain_configs)
+    @property
+    @pulumi.getter
+    def enabled(self) -> pulumi.Input[bool]:
+        """
+        Enables private registry config. If set to false, all other fields in this object must not be set.
+        """
+        return pulumi.get(self, "enabled")
+    @enabled.setter
+    def enabled(self, value: pulumi.Input[bool]):
+        pulumi.set(self, "enabled", value)
+    @property
+    @pulumi.getter(name="certificateAuthorityDomainConfigs")
+    def certificate_authority_domain_configs(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['ClusterNodePoolDefaultsNodeConfigDefaultsContainerdConfigPrivateRegistryAccessConfigCertificateAuthorityDomainConfigArgs']]]]:
+        """
+        List of configuration objects for CA and domains. Each object identifies a certificate and its assigned domains. See [how to configure for private container registries](https://cloud.google.com/kubernetes-engine/docs/how-to/access-private-registries-private-certificates) for more detail. Example:
+        """
+        return pulumi.get(self, "certificate_authority_domain_configs")
+    @certificate_authority_domain_configs.setter
+    def certificate_authority_domain_configs(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['ClusterNodePoolDefaultsNodeConfigDefaultsContainerdConfigPrivateRegistryAccessConfigCertificateAuthorityDomainConfigArgs']]]]):
+        pulumi.set(self, "certificate_authority_domain_configs", value)
+@pulumi.input_type
+class ClusterNodePoolDefaultsNodeConfigDefaultsContainerdConfigPrivateRegistryAccessConfigCertificateAuthorityDomainConfigArgs:
+    def __init__(__self__, *,
+                 fqdns: pulumi.Input[Sequence[pulumi.Input[str]]],
+                 gcp_secret_manager_certificate_config: pulumi.Input['ClusterNodePoolDefaultsNodeConfigDefaultsContainerdConfigPrivateRegistryAccessConfigCertificateAuthorityDomainConfigGcpSecretManagerCertificateConfigArgs']):
+        """
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] fqdns: List of fully-qualified-domain-names. IPv4s and port specification are supported.
+        :param pulumi.Input['ClusterNodePoolDefaultsNodeConfigDefaultsContainerdConfigPrivateRegistryAccessConfigCertificateAuthorityDomainConfigGcpSecretManagerCertificateConfigArgs'] gcp_secret_manager_certificate_config: Parameters for configuring a certificate hosted in GCP SecretManager.
+        """
+        pulumi.set(__self__, "fqdns", fqdns)
+        pulumi.set(__self__, "gcp_secret_manager_certificate_config", gcp_secret_manager_certificate_config)
+    @property
+    @pulumi.getter
+    def fqdns(self) -> pulumi.Input[Sequence[pulumi.Input[str]]]:
+        """
+        List of fully-qualified-domain-names. IPv4s and port specification are supported.
+        """
+        return pulumi.get(self, "fqdns")
+    @fqdns.setter
+    def fqdns(self, value: pulumi.Input[Sequence[pulumi.Input[str]]]):
+        pulumi.set(self, "fqdns", value)
+    @property
+    @pulumi.getter(name="gcpSecretManagerCertificateConfig")
+    def gcp_secret_manager_certificate_config(self) -> pulumi.Input['ClusterNodePoolDefaultsNodeConfigDefaultsContainerdConfigPrivateRegistryAccessConfigCertificateAuthorityDomainConfigGcpSecretManagerCertificateConfigArgs']:
+        """
+        Parameters for configuring a certificate hosted in GCP SecretManager.
+        """
+        return pulumi.get(self, "gcp_secret_manager_certificate_config")
+    @gcp_secret_manager_certificate_config.setter
+    def gcp_secret_manager_certificate_config(self, value: pulumi.Input['ClusterNodePoolDefaultsNodeConfigDefaultsContainerdConfigPrivateRegistryAccessConfigCertificateAuthorityDomainConfigGcpSecretManagerCertificateConfigArgs']):
+        pulumi.set(self, "gcp_secret_manager_certificate_config", value)
+@pulumi.input_type
+class ClusterNodePoolDefaultsNodeConfigDefaultsContainerdConfigPrivateRegistryAccessConfigCertificateAuthorityDomainConfigGcpSecretManagerCertificateConfigArgs:
+    def __init__(__self__, *,
+                 secret_uri: pulumi.Input[str]):
+        """
+        :param pulumi.Input[str] secret_uri: URI for the secret that hosts a certificate. Must be in the format 'projects/PROJECT_NUM/secrets/SECRET_NAME/versions/VERSION_OR_LATEST'.
+        """
+        pulumi.set(__self__, "secret_uri", secret_uri)
+    @property
+    @pulumi.getter(name="secretUri")
+    def secret_uri(self) -> pulumi.Input[str]:
+        """
+        URI for the secret that hosts a certificate. Must be in the format 'projects/PROJECT_NUM/secrets/SECRET_NAME/versions/VERSION_OR_LATEST'.
+        """
+        return pulumi.get(self, "secret_uri")
+    @secret_uri.setter
+    def secret_uri(self, value: pulumi.Input[str]):
+        pulumi.set(self, "secret_uri", value)
 @pulumi.input_type
 class ClusterNodePoolDefaultsNodeConfigDefaultsGcfsConfigArgs:
     def __init__(__self__, *,
@@ -8243,6 +8531,7 @@ class ClusterNodePoolNodeConfigArgs:
                  advanced_machine_features: Optional[pulumi.Input['ClusterNodePoolNodeConfigAdvancedMachineFeaturesArgs']] = None,
                  boot_disk_kms_key: Optional[pulumi.Input[str]] = None,
                  confidential_nodes: Optional[pulumi.Input['ClusterNodePoolNodeConfigConfidentialNodesArgs']] = None,
+                 containerd_config: Optional[pulumi.Input['ClusterNodePoolNodeConfigContainerdConfigArgs']] = None,
                  disk_size_gb: Optional[pulumi.Input[int]] = None,
                  disk_type: Optional[pulumi.Input[str]] = None,
                  effective_taints: Optional[pulumi.Input[Sequence[pulumi.Input['ClusterNodePoolNodeConfigEffectiveTaintArgs']]]] = None,
@@ -8284,6 +8573,7 @@ class ClusterNodePoolNodeConfigArgs:
                advanced machine features. Structure is documented below.
         :param pulumi.Input[str] boot_disk_kms_key: The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool. This should be of the form projects/[KEY_PROJECT_ID]/locations/[LOCATION]/keyRings/[RING_NAME]/cryptoKeys/[KEY_NAME]. For more information about protecting resources with Cloud KMS Keys please see: <https://cloud.google.com/compute/docs/disks/customer-managed-encryption>
         :param pulumi.Input['ClusterNodePoolNodeConfigConfidentialNodesArgs'] confidential_nodes: Configuration for [Confidential Nodes](https://cloud.google.com/kubernetes-engine/docs/how-to/confidential-gke-nodes) feature. Structure is documented below documented below.
+        :param pulumi.Input['ClusterNodePoolNodeConfigContainerdConfigArgs'] containerd_config: Parameters to customize containerd runtime. Structure is documented below.
         :param pulumi.Input[int] disk_size_gb: Size of the disk attached to each node, specified
                in GB. The smallest allowed disk size is 10GB. Defaults to 100GB.
         :param pulumi.Input[str] disk_type: Type of the disk attached to each node
@@ -8384,6 +8674,8 @@ class ClusterNodePoolNodeConfigArgs:
             pulumi.set(__self__, "boot_disk_kms_key", boot_disk_kms_key)
         if confidential_nodes is not None:
             pulumi.set(__self__, "confidential_nodes", confidential_nodes)
+        if containerd_config is not None:
+            pulumi.set(__self__, "containerd_config", containerd_config)
         if disk_size_gb is not None:
             pulumi.set(__self__, "disk_size_gb", disk_size_gb)
         if disk_type is not None:
@@ -8494,6 +8786,18 @@ class ClusterNodePoolNodeConfigArgs:
     def confidential_nodes(self, value: Optional[pulumi.Input['ClusterNodePoolNodeConfigConfidentialNodesArgs']]):
         pulumi.set(self, "confidential_nodes", value)
+    @property
+    @pulumi.getter(name="containerdConfig")
+    def containerd_config(self) -> Optional[pulumi.Input['ClusterNodePoolNodeConfigContainerdConfigArgs']]:
+        """
+        Parameters to customize containerd runtime. Structure is documented below.
+        """
+        return pulumi.get(self, "containerd_config")
+    @containerd_config.setter
+    def containerd_config(self, value: Optional[pulumi.Input['ClusterNodePoolNodeConfigContainerdConfigArgs']]):
+        pulumi.set(self, "containerd_config", value)
     @property
     @pulumi.getter(name="diskSizeGb")
     def disk_size_gb(self) -> Optional[pulumi.Input[int]]:
@@ -9046,6 +9350,126 @@ class ClusterNodePoolNodeConfigConfidentialNodesArgs:
         pulumi.set(self, "enabled", value)
+@pulumi.input_type
+class ClusterNodePoolNodeConfigContainerdConfigArgs:
+    def __init__(__self__, *,
+                 private_registry_access_config: Optional[pulumi.Input['ClusterNodePoolNodeConfigContainerdConfigPrivateRegistryAccessConfigArgs']] = None):
+        """
+        :param pulumi.Input['ClusterNodePoolNodeConfigContainerdConfigPrivateRegistryAccessConfigArgs'] private_registry_access_config: Configuration for private container registries. There are two fields in this config:
+        """
+        if private_registry_access_config is not None:
+            pulumi.set(__self__, "private_registry_access_config", private_registry_access_config)
+    @property
+    @pulumi.getter(name="privateRegistryAccessConfig")
+    def private_registry_access_config(self) -> Optional[pulumi.Input['ClusterNodePoolNodeConfigContainerdConfigPrivateRegistryAccessConfigArgs']]:
+        """
+        Configuration for private container registries. There are two fields in this config:
+        """
+        return pulumi.get(self, "private_registry_access_config")
+    @private_registry_access_config.setter
+    def private_registry_access_config(self, value: Optional[pulumi.Input['ClusterNodePoolNodeConfigContainerdConfigPrivateRegistryAccessConfigArgs']]):
+        pulumi.set(self, "private_registry_access_config", value)
+@pulumi.input_type
+class ClusterNodePoolNodeConfigContainerdConfigPrivateRegistryAccessConfigArgs:
+    def __init__(__self__, *,
+                 enabled: pulumi.Input[bool],
+                 certificate_authority_domain_configs: Optional[pulumi.Input[Sequence[pulumi.Input['ClusterNodePoolNodeConfigContainerdConfigPrivateRegistryAccessConfigCertificateAuthorityDomainConfigArgs']]]] = None):
+        """
+        :param pulumi.Input[bool] enabled: Enables private registry config. If set to false, all other fields in this object must not be set.
+        :param pulumi.Input[Sequence[pulumi.Input['ClusterNodePoolNodeConfigContainerdConfigPrivateRegistryAccessConfigCertificateAuthorityDomainConfigArgs']]] certificate_authority_domain_configs: List of configuration objects for CA and domains. Each object identifies a certificate and its assigned domains. See [how to configure for private container registries](https://cloud.google.com/kubernetes-engine/docs/how-to/access-private-registries-private-certificates) for more detail. Example:
+        """
+        pulumi.set(__self__, "enabled", enabled)
+        if certificate_authority_domain_configs is not None:
+            pulumi.set(__self__, "certificate_authority_domain_configs", certificate_authority_domain_configs)
+    @property
+    @pulumi.getter
+    def enabled(self) -> pulumi.Input[bool]:
+        """
+        Enables private registry config. If set to false, all other fields in this object must not be set.
+        """
+        return pulumi.get(self, "enabled")
+    @enabled.setter
+    def enabled(self, value: pulumi.Input[bool]):
+        pulumi.set(self, "enabled", value)
+    @property
+    @pulumi.getter(name="certificateAuthorityDomainConfigs")
+    def certificate_authority_domain_configs(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['ClusterNodePoolNodeConfigContainerdConfigPrivateRegistryAccessConfigCertificateAuthorityDomainConfigArgs']]]]:
+        """
+        List of configuration objects for CA and domains. Each object identifies a certificate and its assigned domains. See [how to configure for private container registries](https://cloud.google.com/kubernetes-engine/docs/how-to/access-private-registries-private-certificates) for more detail. Example:
+        """
+        return pulumi.get(self, "certificate_authority_domain_configs")
+    @certificate_authority_domain_configs.setter
+    def certificate_authority_domain_configs(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['ClusterNodePoolNodeConfigContainerdConfigPrivateRegistryAccessConfigCertificateAuthorityDomainConfigArgs']]]]):
+        pulumi.set(self, "certificate_authority_domain_configs", value)
+@pulumi.input_type
+class ClusterNodePoolNodeConfigContainerdConfigPrivateRegistryAccessConfigCertificateAuthorityDomainConfigArgs:
+    def __init__(__self__, *,
+                 fqdns: pulumi.Input[Sequence[pulumi.Input[str]]],
+                 gcp_secret_manager_certificate_config: pulumi.Input['ClusterNodePoolNodeConfigContainerdConfigPrivateRegistryAccessConfigCertificateAuthorityDomainConfigGcpSecretManagerCertificateConfigArgs']):
+        """
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] fqdns: List of fully-qualified-domain-names. IPv4s and port specification are supported.
+        :param pulumi.Input['ClusterNodePoolNodeConfigContainerdConfigPrivateRegistryAccessConfigCertificateAuthorityDomainConfigGcpSecretManagerCertificateConfigArgs'] gcp_secret_manager_certificate_config: Parameters for configuring a certificate hosted in GCP SecretManager.
+        """
+        pulumi.set(__self__, "fqdns", fqdns)
+        pulumi.set(__self__, "gcp_secret_manager_certificate_config", gcp_secret_manager_certificate_config)
+    @property
+    @pulumi.getter
+    def fqdns(self) -> pulumi.Input[Sequence[pulumi.Input[str]]]:
+        """
+        List of fully-qualified-domain-names. IPv4s and port specification are supported.
+        """
+        return pulumi.get(self, "fqdns")
+    @fqdns.setter
+    def fqdns(self, value: pulumi.Input[Sequence[pulumi.Input[str]]]):
+        pulumi.set(self, "fqdns", value)
+    @property
+    @pulumi.getter(name="gcpSecretManagerCertificateConfig")
+    def gcp_secret_manager_certificate_config(self) -> pulumi.Input['ClusterNodePoolNodeConfigContainerdConfigPrivateRegistryAccessConfigCertificateAuthorityDomainConfigGcpSecretManagerCertificateConfigArgs']:
+        """
+        Parameters for configuring a certificate hosted in GCP SecretManager.
+        """
+        return pulumi.get(self, "gcp_secret_manager_certificate_config")
+    @gcp_secret_manager_certificate_config.setter
+    def gcp_secret_manager_certificate_config(self, value: pulumi.Input['ClusterNodePoolNodeConfigContainerdConfigPrivateRegistryAccessConfigCertificateAuthorityDomainConfigGcpSecretManagerCertificateConfigArgs']):
+        pulumi.set(self, "gcp_secret_manager_certificate_config", value)
+@pulumi.input_type
+class ClusterNodePoolNodeConfigContainerdConfigPrivateRegistryAccessConfigCertificateAuthorityDomainConfigGcpSecretManagerCertificateConfigArgs:
+    def __init__(__self__, *,
+                 secret_uri: pulumi.Input[str]):
+        """
+        :param pulumi.Input[str] secret_uri: URI for the secret that hosts a certificate. Must be in the format 'projects/PROJECT_NUM/secrets/SECRET_NAME/versions/VERSION_OR_LATEST'.
+        """
+        pulumi.set(__self__, "secret_uri", secret_uri)
+    @property
+    @pulumi.getter(name="secretUri")
+    def secret_uri(self) -> pulumi.Input[str]:
+        """
+        URI for the secret that hosts a certificate. Must be in the format 'projects/PROJECT_NUM/secrets/SECRET_NAME/versions/VERSION_OR_LATEST'.
+        """
+        return pulumi.get(self, "secret_uri")
+    @secret_uri.setter
+    def secret_uri(self, value: pulumi.Input[str]):
+        pulumi.set(self, "secret_uri", value)
 @pulumi.input_type
 class ClusterNodePoolNodeConfigEffectiveTaintArgs:
     def __init__(__self__, *,
@@ -11244,6 +11668,7 @@ class NodePoolNodeConfigArgs:
                  advanced_machine_features: Optional[pulumi.Input['NodePoolNodeConfigAdvancedMachineFeaturesArgs']] = None,
                  boot_disk_kms_key: Optional[pulumi.Input[str]] = None,
                  confidential_nodes: Optional[pulumi.Input['NodePoolNodeConfigConfidentialNodesArgs']] = None,
+                 containerd_config: Optional[pulumi.Input['NodePoolNodeConfigContainerdConfigArgs']] = None,
                  disk_size_gb: Optional[pulumi.Input[int]] = None,
                  disk_type: Optional[pulumi.Input[str]] = None,
                  effective_taints: Optional[pulumi.Input[Sequence[pulumi.Input['NodePoolNodeConfigEffectiveTaintArgs']]]] = None,
@@ -11284,6 +11709,7 @@ class NodePoolNodeConfigArgs:
         :param pulumi.Input['NodePoolNodeConfigAdvancedMachineFeaturesArgs'] advanced_machine_features: Specifies options for controlling advanced machine features.
         :param pulumi.Input[str] boot_disk_kms_key: The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool.
         :param pulumi.Input['NodePoolNodeConfigConfidentialNodesArgs'] confidential_nodes: Configuration for Confidential Nodes feature. Structure is documented below.
+        :param pulumi.Input['NodePoolNodeConfigContainerdConfigArgs'] containerd_config: Parameters for containerd configuration.
         :param pulumi.Input[int] disk_size_gb: Size of the disk attached to each node, specified in GB. The smallest allowed disk size is 10GB.
         :param pulumi.Input[str] disk_type: Type of the disk attached to each node. Such as pd-standard, pd-balanced or pd-ssd
         :param pulumi.Input[Sequence[pulumi.Input['NodePoolNodeConfigEffectiveTaintArgs']]] effective_taints: List of kubernetes taints applied to each node.
@@ -11327,6 +11753,8 @@ class NodePoolNodeConfigArgs:
             pulumi.set(__self__, "boot_disk_kms_key", boot_disk_kms_key)
         if confidential_nodes is not None:
             pulumi.set(__self__, "confidential_nodes", confidential_nodes)
+        if containerd_config is not None:
+            pulumi.set(__self__, "containerd_config", containerd_config)
         if disk_size_gb is not None:
             pulumi.set(__self__, "disk_size_gb", disk_size_gb)
         if disk_type is not None:
@@ -11436,6 +11864,18 @@ class NodePoolNodeConfigArgs:
     def confidential_nodes(self, value: Optional[pulumi.Input['NodePoolNodeConfigConfidentialNodesArgs']]):
         pulumi.set(self, "confidential_nodes", value)
+    @property
+    @pulumi.getter(name="containerdConfig")
+    def containerd_config(self) -> Optional[pulumi.Input['NodePoolNodeConfigContainerdConfigArgs']]:
+        """
+        Parameters for containerd configuration.
+        """
+        return pulumi.get(self, "containerd_config")
+    @containerd_config.setter
+    def containerd_config(self, value: Optional[pulumi.Input['NodePoolNodeConfigContainerdConfigArgs']]):
+        pulumi.set(self, "containerd_config", value)
     @property
     @pulumi.getter(name="diskSizeGb")
     def disk_size_gb(self) -> Optional[pulumi.Input[int]]:
@@ -11931,6 +12371,126 @@ class NodePoolNodeConfigConfidentialNodesArgs:
         pulumi.set(self, "enabled", value)
+@pulumi.input_type
+class NodePoolNodeConfigContainerdConfigArgs:
+    def __init__(__self__, *,
+                 private_registry_access_config: Optional[pulumi.Input['NodePoolNodeConfigContainerdConfigPrivateRegistryAccessConfigArgs']] = None):
+        """
+        :param pulumi.Input['NodePoolNodeConfigContainerdConfigPrivateRegistryAccessConfigArgs'] private_registry_access_config: Parameters for private container registries configuration.
+        """
+        if private_registry_access_config is not None:
+            pulumi.set(__self__, "private_registry_access_config", private_registry_access_config)
+    @property
+    @pulumi.getter(name="privateRegistryAccessConfig")
+    def private_registry_access_config(self) -> Optional[pulumi.Input['NodePoolNodeConfigContainerdConfigPrivateRegistryAccessConfigArgs']]:
+        """
+        Parameters for private container registries configuration.
+        """
+        return pulumi.get(self, "private_registry_access_config")
+    @private_registry_access_config.setter
+    def private_registry_access_config(self, value: Optional[pulumi.Input['NodePoolNodeConfigContainerdConfigPrivateRegistryAccessConfigArgs']]):
+        pulumi.set(self, "private_registry_access_config", value)
+@pulumi.input_type
+class NodePoolNodeConfigContainerdConfigPrivateRegistryAccessConfigArgs:
+    def __init__(__self__, *,
+                 enabled: pulumi.Input[bool],
+                 certificate_authority_domain_configs: Optional[pulumi.Input[Sequence[pulumi.Input['NodePoolNodeConfigContainerdConfigPrivateRegistryAccessConfigCertificateAuthorityDomainConfigArgs']]]] = None):
+        """
+        :param pulumi.Input[bool] enabled: Whether or not private registries are configured.
+        :param pulumi.Input[Sequence[pulumi.Input['NodePoolNodeConfigContainerdConfigPrivateRegistryAccessConfigCertificateAuthorityDomainConfigArgs']]] certificate_authority_domain_configs: Parameters for configuring CA certificate and domains.
+        """
+        pulumi.set(__self__, "enabled", enabled)
+        if certificate_authority_domain_configs is not None:
+            pulumi.set(__self__, "certificate_authority_domain_configs", certificate_authority_domain_configs)
+    @property
+    @pulumi.getter
+    def enabled(self) -> pulumi.Input[bool]:
+        """
+        Whether or not private registries are configured.
+        """
+        return pulumi.get(self, "enabled")
+    @enabled.setter
+    def enabled(self, value: pulumi.Input[bool]):
+        pulumi.set(self, "enabled", value)
+    @property
+    @pulumi.getter(name="certificateAuthorityDomainConfigs")
+    def certificate_authority_domain_configs(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['NodePoolNodeConfigContainerdConfigPrivateRegistryAccessConfigCertificateAuthorityDomainConfigArgs']]]]:
+        """
+        Parameters for configuring CA certificate and domains.
+        """
+        return pulumi.get(self, "certificate_authority_domain_configs")
+    @certificate_authority_domain_configs.setter
+    def certificate_authority_domain_configs(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['NodePoolNodeConfigContainerdConfigPrivateRegistryAccessConfigCertificateAuthorityDomainConfigArgs']]]]):
+        pulumi.set(self, "certificate_authority_domain_configs", value)
+@pulumi.input_type
+class NodePoolNodeConfigContainerdConfigPrivateRegistryAccessConfigCertificateAuthorityDomainConfigArgs:
+    def __init__(__self__, *,
+                 fqdns: pulumi.Input[Sequence[pulumi.Input[str]]],
+                 gcp_secret_manager_certificate_config: pulumi.Input['NodePoolNodeConfigContainerdConfigPrivateRegistryAccessConfigCertificateAuthorityDomainConfigGcpSecretManagerCertificateConfigArgs']):
+        """
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] fqdns: List of fully-qualified-domain-names. IPv4s and port specification are supported.
+        :param pulumi.Input['NodePoolNodeConfigContainerdConfigPrivateRegistryAccessConfigCertificateAuthorityDomainConfigGcpSecretManagerCertificateConfigArgs'] gcp_secret_manager_certificate_config: Parameters for configuring a certificate hosted in GCP SecretManager.
+        """
+        pulumi.set(__self__, "fqdns", fqdns)
+        pulumi.set(__self__, "gcp_secret_manager_certificate_config", gcp_secret_manager_certificate_config)
+    @property
+    @pulumi.getter
+    def fqdns(self) -> pulumi.Input[Sequence[pulumi.Input[str]]]:
+        """
+        List of fully-qualified-domain-names. IPv4s and port specification are supported.
+        """
+        return pulumi.get(self, "fqdns")
+    @fqdns.setter
+    def fqdns(self, value: pulumi.Input[Sequence[pulumi.Input[str]]]):
+        pulumi.set(self, "fqdns", value)
+    @property
+    @pulumi.getter(name="gcpSecretManagerCertificateConfig")
+    def gcp_secret_manager_certificate_config(self) -> pulumi.Input['NodePoolNodeConfigContainerdConfigPrivateRegistryAccessConfigCertificateAuthorityDomainConfigGcpSecretManagerCertificateConfigArgs']:
+        """
+        Parameters for configuring a certificate hosted in GCP SecretManager.
+        """
+        return pulumi.get(self, "gcp_secret_manager_certificate_config")
+    @gcp_secret_manager_certificate_config.setter
+    def gcp_secret_manager_certificate_config(self, value: pulumi.Input['NodePoolNodeConfigContainerdConfigPrivateRegistryAccessConfigCertificateAuthorityDomainConfigGcpSecretManagerCertificateConfigArgs']):
+        pulumi.set(self, "gcp_secret_manager_certificate_config", value)
+@pulumi.input_type
+class NodePoolNodeConfigContainerdConfigPrivateRegistryAccessConfigCertificateAuthorityDomainConfigGcpSecretManagerCertificateConfigArgs:
+    def __init__(__self__, *,
+                 secret_uri: pulumi.Input[str]):
+        """
+        :param pulumi.Input[str] secret_uri: URI for the secret that hosts a certificate. Must be in the format 'projects/PROJECT_NUM/secrets/SECRET_NAME/versions/VERSION_OR_LATEST'.
+        """
+        pulumi.set(__self__, "secret_uri", secret_uri)
+    @property
+    @pulumi.getter(name="secretUri")
+    def secret_uri(self) -> pulumi.Input[str]:
+        """
+        URI for the secret that hosts a certificate. Must be in the format 'projects/PROJECT_NUM/secrets/SECRET_NAME/versions/VERSION_OR_LATEST'.
+        """
+        return pulumi.get(self, "secret_uri")
+    @secret_uri.setter
+    def secret_uri(self, value: pulumi.Input[str]):
+        pulumi.set(self, "secret_uri", value)
 @pulumi.input_type
 class NodePoolNodeConfigEffectiveTaintArgs:
     def __init__(__self__, *,

pulumi-gcp 7.24.0a1716588893__py3-none-any.whl → 7.25.0__py3-none-any.whl

pulumi-gcp 7.24.0a1716588893py3-none-any.whl → 7.25.0py3-none-any.whl