1apiVersion: apiextensions.k8s.io/v1
2kind: CustomResourceDefinition
3metadata:
4 annotations:
5 cnrm.cloud.google.com/version: 0.0.0-dev
6 creationTimestamp: null
7 labels:
8 cnrm.cloud.google.com/dcl2crd: "true"
9 cnrm.cloud.google.com/managed-by-kcc: "true"
10 cnrm.cloud.google.com/stability-level: stable
11 cnrm.cloud.google.com/system: "true"
12 name: gkehubfeaturememberships.gkehub.cnrm.cloud.google.com
13spec:
14 group: gkehub.cnrm.cloud.google.com
15 names:
16 categories:
17 - gcp
18 kind: GKEHubFeatureMembership
19 plural: gkehubfeaturememberships
20 shortNames:
21 - gcpgkehubfeaturemembership
22 - gcpgkehubfeaturememberships
23 singular: gkehubfeaturemembership
24 preserveUnknownFields: false
25 scope: Namespaced
26 versions:
27 - additionalPrinterColumns:
28 - jsonPath: .metadata.creationTimestamp
29 name: Age
30 type: date
31 - description: When 'True', the most recent reconcile of the resource succeeded
32 jsonPath: .status.conditions[?(@.type=='Ready')].status
33 name: Ready
34 type: string
35 - description: The reason for the value in 'Ready'
36 jsonPath: .status.conditions[?(@.type=='Ready')].reason
37 name: Status
38 type: string
39 - description: The last transition time for the value in 'Status'
40 jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime
41 name: Status Age
42 type: date
43 name: v1beta1
44 schema:
45 openAPIV3Schema:
46 properties:
47 apiVersion:
48 description: 'apiVersion defines the versioned schema of this representation
49 of an object. Servers should convert recognized schemas to the latest
50 internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources'
51 type: string
52 kind:
53 description: 'kind is a string value representing the REST resource this
54 object represents. Servers may infer this from the endpoint the client
55 submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds'
56 type: string
57 metadata:
58 type: object
59 spec:
60 properties:
61 configmanagement:
62 description: Config Management-specific spec.
63 properties:
64 binauthz:
65 description: Binauthz configuration for the cluster.
66 properties:
67 enabled:
68 description: Whether binauthz is enabled in this cluster.
69 type: boolean
70 type: object
71 configSync:
72 description: Config Sync configuration for the cluster.
73 properties:
74 git:
75 properties:
76 gcpServiceAccountRef:
77 oneOf:
78 - not:
79 required:
80 - external
81 required:
82 - name
83 - not:
84 anyOf:
85 - required:
86 - name
87 - required:
88 - namespace
89 required:
90 - external
91 properties:
92 external:
93 description: |-
94 The GCP Service Account Email used for auth when secretType is gcpServiceAccount.
95
96 Allowed value: The `email` field of an `IAMServiceAccount` resource.
97 type: string
98 name:
99 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
100 type: string
101 namespace:
102 description: 'Namespace of the referent. More info:
103 https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
104 type: string
105 type: object
106 httpsProxy:
107 description: URL for the HTTPS proxy to be used when communicating
108 with the Git repo.
109 type: string
110 policyDir:
111 description: 'The path within the Git repository that
112 represents the top level of the repo to sync. Default:
113 the root directory of the repository.'
114 type: string
115 secretType:
116 description: Type of secret configured for access to the
117 Git repo. Must be one of ssh, cookiefile, gcenode, token,
118 gcpserviceaccount or none. The validation of this is
119 case-sensitive.
120 type: string
121 syncBranch:
122 description: 'The branch of the repository to sync from.
123 Default: master.'
124 type: string
125 syncRepo:
126 description: The URL of the Git repository to use as the
127 source of truth.
128 type: string
129 syncRev:
130 description: Git revision (tag or hash) to check out.
131 Default HEAD.
132 type: string
133 syncWaitSecs:
134 description: 'Period in seconds between consecutive syncs.
135 Default: 15.'
136 type: string
137 type: object
138 oci:
139 properties:
140 gcpServiceAccountRef:
141 oneOf:
142 - not:
143 required:
144 - external
145 required:
146 - name
147 - not:
148 anyOf:
149 - required:
150 - name
151 - required:
152 - namespace
153 required:
154 - external
155 properties:
156 external:
157 description: "The GCP Service Account Email used for
158 auth when secret_type is gcpserviceaccount. \n\nAllowed
159 value: The `email` field of an `IAMServiceAccount`
160 resource."
161 type: string
162 name:
163 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
164 type: string
165 namespace:
166 description: 'Namespace of the referent. More info:
167 https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
168 type: string
169 type: object
170 policyDir:
171 description: 'The absolute path of the directory that
172 contains the local resources. Default: the root directory
173 of the image.'
174 type: string
175 secretType:
176 description: Type of secret configured for access to the
177 OCI Image. Must be one of gcenode, gcpserviceaccount
178 or none. The validation of this is case-sensitive.
179 type: string
180 syncRepo:
181 description: The OCI image repository URL for the package
182 to sync from. e.g. LOCATION-docker.pkg.dev/PROJECT_ID/REPOSITORY_NAME/PACKAGE_NAME.
183 type: string
184 syncWaitSecs:
185 description: 'Period in seconds(int64 format) between
186 consecutive syncs. Default: 15.'
187 type: string
188 type: object
189 preventDrift:
190 description: Set to true to enable the Config Sync admission
191 webhook to prevent drifts. If set to `false`, disables the
192 Config Sync admission webhook and does not prevent drifts.
193 type: boolean
194 sourceFormat:
195 description: Specifies whether the Config Sync Repo is in
196 "hierarchical" or "unstructured" mode.
197 type: string
198 type: object
199 hierarchyController:
200 description: Hierarchy Controller configuration for the cluster.
201 properties:
202 enableHierarchicalResourceQuota:
203 description: Whether hierarchical resource quota is enabled
204 in this cluster.
205 type: boolean
206 enablePodTreeLabels:
207 description: Whether pod tree labels are enabled in this cluster.
208 type: boolean
209 enabled:
210 description: Whether Hierarchy Controller is enabled in this
211 cluster.
212 type: boolean
213 type: object
214 policyController:
215 description: Policy Controller configuration for the cluster.
216 properties:
217 auditIntervalSeconds:
218 description: Sets the interval for Policy Controller Audit
219 Scans (in seconds). When set to 0, this disables audit functionality
220 altogether.
221 type: string
222 enabled:
223 description: Enables the installation of Policy Controller.
224 If false, the rest of PolicyController fields take no effect.
225 type: boolean
226 exemptableNamespaces:
227 description: The set of namespaces that are excluded from
228 Policy Controller checks. Namespaces do not need to currently
229 exist on the cluster.
230 items:
231 type: string
232 type: array
233 logDeniesEnabled:
234 description: Logs all denies and dry run failures.
235 type: boolean
236 monitoring:
237 description: 'Specifies the backends Policy Controller should
238 export metrics to. For example, to specify metrics should
239 be exported to Cloud Monitoring and Prometheus, specify
240 backends: ["cloudmonitoring", "prometheus"]. Default: ["cloudmonitoring",
241 "prometheus"]'
242 properties:
243 backends:
244 description: ' Specifies the list of backends Policy Controller
245 will export to. Specifying an empty value `[]` disables
246 metrics export.'
247 items:
248 type: string
249 type: array
250 type: object
251 mutationEnabled:
252 description: Enable or disable mutation in policy controller.
253 If true, mutation CRDs, webhook and controller deployment
254 will be deployed to the cluster.
255 type: boolean
256 referentialRulesEnabled:
257 description: Enables the ability to use Constraint Templates
258 that reference to objects other than the object currently
259 being evaluated.
260 type: boolean
261 templateLibraryInstalled:
262 description: Installs the default template library along with
263 Policy Controller.
264 type: boolean
265 type: object
266 version:
267 description: Optional. Version of ACM to install. Defaults to
268 the latest version.
269 type: string
270 type: object
271 featureRef:
272 description: Immutable.
273 oneOf:
274 - not:
275 required:
276 - external
277 required:
278 - name
279 - not:
280 anyOf:
281 - required:
282 - name
283 - required:
284 - namespace
285 required:
286 - external
287 properties:
288 external:
289 description: |-
290 The name of the feature
291
292 Allowed value: The Google Cloud resource name of a `GKEHubFeature` resource (format: `projects/{{project}}/locations/{{location}}/features/{{name}}`).
293 type: string
294 name:
295 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
296 type: string
297 namespace:
298 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
299 type: string
300 type: object
301 location:
302 description: Immutable. The location of the feature
303 type: string
304 membershipRef:
305 description: Immutable.
306 oneOf:
307 - not:
308 required:
309 - external
310 required:
311 - name
312 - not:
313 anyOf:
314 - required:
315 - name
316 - required:
317 - namespace
318 required:
319 - external
320 properties:
321 external:
322 description: |-
323 The name of the membership
324
325 Allowed value: The Google Cloud resource name of a `GKEHubMembership` resource (format: `projects/{{project}}/locations/{{location}}/memberships/{{name}}`).
326 type: string
327 name:
328 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
329 type: string
330 namespace:
331 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
332 type: string
333 type: object
334 mesh:
335 description: Manage Mesh Features
336 properties:
337 controlPlane:
338 description: '**DEPRECATED** Whether to automatically manage Service
339 Mesh control planes. Possible values: CONTROL_PLANE_MANAGEMENT_UNSPECIFIED,
340 AUTOMATIC, MANUAL'
341 type: string
342 management:
343 description: 'Whether to automatically manage Service Mesh. Possible
344 values: MANAGEMENT_UNSPECIFIED, MANAGEMENT_AUTOMATIC, MANAGEMENT_MANUAL'
345 type: string
346 type: object
347 projectRef:
348 description: Immutable. The Project that this resource belongs to.
349 oneOf:
350 - not:
351 required:
352 - external
353 required:
354 - name
355 - not:
356 anyOf:
357 - required:
358 - name
359 - required:
360 - namespace
361 required:
362 - external
363 properties:
364 external:
365 description: |-
366 The project of the feature
367
368 Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`).
369 type: string
370 name:
371 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
372 type: string
373 namespace:
374 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
375 type: string
376 type: object
377 required:
378 - featureRef
379 - location
380 - membershipRef
381 - projectRef
382 type: object
383 status:
384 properties:
385 conditions:
386 description: Conditions represent the latest available observation
387 of the resource's current state.
388 items:
389 properties:
390 lastTransitionTime:
391 description: Last time the condition transitioned from one status
392 to another.
393 type: string
394 message:
395 description: Human-readable message indicating details about
396 last transition.
397 type: string
398 reason:
399 description: Unique, one-word, CamelCase reason for the condition's
400 last transition.
401 type: string
402 status:
403 description: Status is the status of the condition. Can be True,
404 False, Unknown.
405 type: string
406 type:
407 description: Type is the type of the condition.
408 type: string
409 type: object
410 type: array
411 observedGeneration:
412 description: ObservedGeneration is the generation of the resource
413 that was most recently observed by the Config Connector controller.
414 If this is equal to metadata.generation, then that means that the
415 current reported status reflects the most recent desired state of
416 the resource.
417 type: integer
418 type: object
419 required:
420 - spec
421 type: object
422 served: true
423 storage: true
424 subresources:
425 status: {}
426status:
427 acceptedNames:
428 kind: ""
429 plural: ""
430 conditions: []
431 storedVersions: []
View as plain text