apiVersion: kops.k8s.io/v1alpha2
kind: Cluster
metadata:
  creationTimestamp: "2017-01-01T00:00:00Z"
  name: private.example.com
spec:
  api:
    loadBalancer:
      type: Public
  authorization:
    rbac: {}
  channel: stable
  cloudConfig:
    gceServiceAccount: test-account@testproject.iam.gserviceaccount.com
  cloudLabels:
    Owner: John Doe
    dn: 'cn=John Doe: dc=example dc=com'
    foo/bar: fib+baz
  cloudProvider: gce
  configBase: memfs://tests/private.example.com
  containerRuntime: docker
  etcdClusters:
  - cpuRequest: 200m
    etcdMembers:
    - instanceGroup: master-us-test1-a
      name: a
    memoryRequest: 100Mi
    name: main
  - cpuRequest: 100m
    etcdMembers:
    - instanceGroup: master-us-test1-a
      name: a
    memoryRequest: 100Mi
    name: events
  iam:
    allowContainerRegistry: true
    legacy: false
  kubelet:
    anonymousAuth: false
  kubernetesApiAccess:
  - 0.0.0.0/0
  kubernetesVersion: v1.19.6
  masterPublicName: api.private.example.com
  networking:
    cni: {}
  nonMasqueradeCIDR: 100.64.0.0/10
  project: testproject
  sshAccess:
  - 0.0.0.0/0
  subnets:
  - name: us-test1
    region: us-test1
    type: Private
  - name: utility-us-test1
    region: us-test1
    type: Utility
  topology:
    bastion:
      bastionPublicName: bastion.private.example.com
    dns:
      type: Public
    masters: private
    nodes: private

---

apiVersion: kops.k8s.io/v1alpha2
kind: InstanceGroup
metadata:
  creationTimestamp: "2017-01-01T00:00:00Z"
  labels:
    kops.k8s.io/cluster: private.example.com
  name: bastions
spec:
  image: cos-cloud/cos-stable-77-12371-114-0
  machineType: f1-micro
  maxSize: 1
  minSize: 1
  nodeLabels:
    cloud.google.com/metadata-proxy-ready: "true"
    kops.k8s.io/instancegroup: bastions
  role: Bastion
  subnets:
  - us-test1
  zones:
  - us-test1-a

---

apiVersion: kops.k8s.io/v1alpha2
kind: InstanceGroup
metadata:
  creationTimestamp: "2017-01-01T00:00:00Z"
  labels:
    kops.k8s.io/cluster: private.example.com
  name: master-us-test1-a
spec:
  additionalSecurityGroups:
  - sg-exampleid3
  - sg-exampleid4
  image: cos-cloud/cos-stable-77-12371-114-0
  machineType: n1-standard-1
  maxSize: 1
  minSize: 1
  nodeLabels:
    cloud.google.com/metadata-proxy-ready: "true"
    kops.k8s.io/instancegroup: master-us-test1-a
  role: Master
  subnets:
  - us-test1
  zones:
  - us-test1-a

---

apiVersion: kops.k8s.io/v1alpha2
kind: InstanceGroup
metadata:
  creationTimestamp: "2017-01-01T00:00:00Z"
  labels:
    kops.k8s.io/cluster: private.example.com
  name: nodes-us-test1-a
spec:
  additionalSecurityGroups:
  - sg-exampleid
  - sg-exampleid2
  image: cos-cloud/cos-stable-77-12371-114-0
  machineType: n1-standard-2
  maxSize: 1
  minSize: 1
  nodeLabels:
    cloud.google.com/metadata-proxy-ready: "true"
    kops.k8s.io/instancegroup: nodes-us-test1-a
  role: Node
  subnets:
  - us-test1
  zones:
  - us-test1-a