1apiVersion: apiextensions.k8s.io/v1
2kind: CustomResourceDefinition
3metadata:
4 annotations:
5 cnrm.cloud.google.com/version: 0.0.0-dev
6 creationTimestamp: null
7 labels:
8 cnrm.cloud.google.com/dcl2crd: "true"
9 cnrm.cloud.google.com/managed-by-kcc: "true"
10 cnrm.cloud.google.com/stability-level: stable
11 cnrm.cloud.google.com/system: "true"
12 name: gkehubmemberships.gkehub.cnrm.cloud.google.com
13spec:
14 group: gkehub.cnrm.cloud.google.com
15 names:
16 categories:
17 - gcp
18 kind: GKEHubMembership
19 plural: gkehubmemberships
20 shortNames:
21 - gcpgkehubmembership
22 - gcpgkehubmemberships
23 singular: gkehubmembership
24 preserveUnknownFields: false
25 scope: Namespaced
26 versions:
27 - additionalPrinterColumns:
28 - jsonPath: .metadata.creationTimestamp
29 name: Age
30 type: date
31 - description: When 'True', the most recent reconcile of the resource succeeded
32 jsonPath: .status.conditions[?(@.type=='Ready')].status
33 name: Ready
34 type: string
35 - description: The reason for the value in 'Ready'
36 jsonPath: .status.conditions[?(@.type=='Ready')].reason
37 name: Status
38 type: string
39 - description: The last transition time for the value in 'Status'
40 jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime
41 name: Status Age
42 type: date
43 name: v1beta1
44 schema:
45 openAPIV3Schema:
46 properties:
47 apiVersion:
48 description: 'apiVersion defines the versioned schema of this representation
49 of an object. Servers should convert recognized schemas to the latest
50 internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources'
51 type: string
52 kind:
53 description: 'kind is a string value representing the REST resource this
54 object represents. Servers may infer this from the endpoint the client
55 submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds'
56 type: string
57 metadata:
58 type: object
59 spec:
60 properties:
61 authority:
62 description: 'Optional. How to identify workloads from this Membership.
63 See the documentation on Workload Identity for more details: https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity'
64 properties:
65 issuer:
66 description: Optional. A JSON Web Token (JWT) issuer URI. `issuer`
67 must start with `https://` and be a valid URL with length <2000
68 characters. If set, then Google will allow valid OIDC tokens
69 from this issuer to authenticate within the workload_identity_pool.
70 OIDC discovery will be performed on this URI to validate tokens
71 from the issuer. Clearing `issuer` disables Workload Identity.
72 `issuer` cannot be directly modified; it must be cleared (and
73 Workload Identity disabled) before using a new issuer (and re-enabling
74 Workload Identity).
75 type: string
76 type: object
77 description:
78 description: 'Description of this membership, limited to 63 characters.
79 Must match the regex: `*` This field is present for legacy purposes.'
80 type: string
81 endpoint:
82 description: Optional. Endpoint information to reach this member.
83 properties:
84 gkeCluster:
85 description: Optional. GKE-specific information. Only present
86 if this Membership is a GKE cluster.
87 properties:
88 resourceRef:
89 oneOf:
90 - not:
91 required:
92 - external
93 required:
94 - name
95 - not:
96 anyOf:
97 - required:
98 - name
99 - required:
100 - namespace
101 required:
102 - external
103 properties:
104 external:
105 description: |-
106 Immutable. Self-link of the GCP resource for the GKE cluster. For example: //container.googleapis.com/projects/my-project/locations/us-west1-a/clusters/my-cluster Zonal clusters are also supported.
107
108 Allowed value: The `selfLink` field of a `ContainerCluster` resource.
109 type: string
110 name:
111 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
112 type: string
113 namespace:
114 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
115 type: string
116 type: object
117 type: object
118 kubernetesResource:
119 description: 'Optional. The in-cluster Kubernetes Resources that
120 should be applied for a correctly registered cluster, in the
121 steady state. These resources: * Ensure that the cluster is
122 exclusively registered to one and only one Hub Membership. *
123 Propagate Workload Pool Information available in the Membership
124 Authority field. * Ensure proper initial configuration of default
125 Hub Features.'
126 properties:
127 membershipCrManifest:
128 description: Input only. The YAML representation of the Membership
129 CR. This field is ignored for GKE clusters where Hub can
130 read the CR directly. Callers should provide the CR that
131 is currently present in the cluster during CreateMembership
132 or UpdateMembership, or leave this field empty if none exists.
133 The CR manifest is used to validate the cluster has not
134 been registered with another Membership.
135 type: string
136 resourceOptions:
137 description: Optional. Options for Kubernetes resource generation.
138 properties:
139 connectVersion:
140 description: Optional. The Connect agent version to use
141 for connect_resources. Defaults to the latest GKE Connect
142 version. The version must be a currently supported version,
143 obsolete versions will be rejected.
144 type: string
145 v1beta1Crd:
146 description: Optional. Use `apiextensions/v1beta1` instead
147 of `apiextensions/v1` for CustomResourceDefinition resources.
148 This option should be set for clusters with Kubernetes
149 apiserver versions <1.16.
150 type: boolean
151 type: object
152 type: object
153 type: object
154 externalId:
155 description: 'Optional. An externally-generated and managed ID for
156 this Membership. This ID may be modified after creation, but this
157 is not recommended. The ID must match the regex: `*` If this Membership
158 represents a Kubernetes cluster, this value should be set to the
159 UID of the `kube-system` namespace object.'
160 type: string
161 infrastructureType:
162 description: 'Optional. The infrastructure type this Membership is
163 running on. Possible values: INFRASTRUCTURE_TYPE_UNSPECIFIED, ON_PREM,
164 MULTI_CLOUD'
165 type: string
166 location:
167 description: Immutable. The location for the resource
168 type: string
169 resourceID:
170 description: Immutable. Optional. The name of the resource. Used for
171 creation and acquisition. When unset, the value of `metadata.name`
172 is used as the default.
173 type: string
174 required:
175 - location
176 type: object
177 status:
178 properties:
179 authority:
180 properties:
181 identityProvider:
182 description: Output only. An identity provider that reflects the
183 `issuer` in the workload identity pool.
184 type: string
185 workloadIdentityPool:
186 description: 'Output only. The name of the workload identity pool
187 in which `issuer` will be recognized. There is a single Workload
188 Identity Pool per Hub that is shared between all Memberships
189 that belong to that Hub. For a Hub hosted in: {PROJECT_ID},
190 the workload pool format is `{PROJECT_ID}.hub.id.goog`, although
191 this is subject to change in newer versions of this API.'
192 type: string
193 type: object
194 conditions:
195 description: Conditions represent the latest available observation
196 of the resource's current state.
197 items:
198 properties:
199 lastTransitionTime:
200 description: Last time the condition transitioned from one status
201 to another.
202 type: string
203 message:
204 description: Human-readable message indicating details about
205 last transition.
206 type: string
207 reason:
208 description: Unique, one-word, CamelCase reason for the condition's
209 last transition.
210 type: string
211 status:
212 description: Status is the status of the condition. Can be True,
213 False, Unknown.
214 type: string
215 type:
216 description: Type is the type of the condition.
217 type: string
218 type: object
219 type: array
220 createTime:
221 description: Output only. When the Membership was created.
222 format: date-time
223 type: string
224 deleteTime:
225 description: Output only. When the Membership was deleted.
226 format: date-time
227 type: string
228 endpoint:
229 properties:
230 kubernetesMetadata:
231 description: Output only. Useful Kubernetes-specific metadata.
232 properties:
233 kubernetesApiServerVersion:
234 description: Output only. Kubernetes API server version string
235 as reported by `/version`.
236 type: string
237 memoryMb:
238 description: Output only. The total memory capacity as reported
239 by the sum of all Kubernetes nodes resources, defined in
240 MB.
241 format: int64
242 type: integer
243 nodeCount:
244 description: Output only. Node count as reported by Kubernetes
245 nodes resources.
246 format: int64
247 type: integer
248 nodeProviderId:
249 description: Output only. Node providerID as reported by the
250 first node in the list of nodes on the Kubernetes endpoint.
251 On Kubernetes platforms that support zero-node clusters
252 (like GKE-on-GCP), the node_count will be zero and the node_provider_id
253 will be empty.
254 type: string
255 updateTime:
256 description: Output only. The time at which these details
257 were last updated. This update_time is different from the
258 Membership-level update_time since EndpointDetails are updated
259 internally for API consumers.
260 format: date-time
261 type: string
262 vcpuCount:
263 description: Output only. vCPU count as reported by Kubernetes
264 nodes resources.
265 format: int64
266 type: integer
267 type: object
268 kubernetesResource:
269 properties:
270 connectResources:
271 description: Output only. The Kubernetes resources for installing
272 the GKE Connect agent This field is only populated in the
273 Membership returned from a successful long-running operation
274 from CreateMembership or UpdateMembership. It is not populated
275 during normal GetMembership or ListMemberships requests.
276 To get the resource manifest after the initial registration,
277 the caller should make a UpdateMembership call with an empty
278 field mask.
279 items:
280 properties:
281 clusterScoped:
282 description: Whether the resource provided in the manifest
283 is `cluster_scoped`. If unset, the manifest is assumed
284 to be namespace scoped. This field is used for REST
285 mapping when applying the resource in a cluster.
286 type: boolean
287 manifest:
288 description: YAML manifest of the resource.
289 type: string
290 type: object
291 type: array
292 membershipResources:
293 description: Output only. Additional Kubernetes resources
294 that need to be applied to the cluster after Membership
295 creation, and after every update. This field is only populated
296 in the Membership returned from a successful long-running
297 operation from CreateMembership or UpdateMembership. It
298 is not populated during normal GetMembership or ListMemberships
299 requests. To get the resource manifest after the initial
300 registration, the caller should make a UpdateMembership
301 call with an empty field mask.
302 items:
303 properties:
304 clusterScoped:
305 description: Whether the resource provided in the manifest
306 is `cluster_scoped`. If unset, the manifest is assumed
307 to be namespace scoped. This field is used for REST
308 mapping when applying the resource in a cluster.
309 type: boolean
310 manifest:
311 description: YAML manifest of the resource.
312 type: string
313 type: object
314 type: array
315 type: object
316 type: object
317 lastConnectionTime:
318 description: Output only. For clusters using Connect, the timestamp
319 of the most recent connection established with Google Cloud. This
320 time is updated every several minutes, not continuously. For clusters
321 that do not use GKE Connect, or that have never connected successfully,
322 this field will be unset.
323 format: date-time
324 type: string
325 observedGeneration:
326 description: ObservedGeneration is the generation of the resource
327 that was most recently observed by the Config Connector controller.
328 If this is equal to metadata.generation, then that means that the
329 current reported status reflects the most recent desired state of
330 the resource.
331 type: integer
332 state:
333 description: Output only. State of the Membership resource.
334 properties:
335 code:
336 description: 'Output only. The current state of the Membership
337 resource. Possible values: CODE_UNSPECIFIED, CREATING, READY,
338 DELETING, UPDATING, SERVICE_UPDATING'
339 type: string
340 type: object
341 uniqueId:
342 description: Output only. Google-generated UUID for this resource.
343 This is unique across all Membership resources. If a Membership
344 resource is deleted and another resource with the same name is created,
345 it gets a different unique_id.
346 type: string
347 updateTime:
348 description: Output only. When the Membership was last updated.
349 format: date-time
350 type: string
351 type: object
352 required:
353 - spec
354 type: object
355 served: true
356 storage: true
357 subresources:
358 status: {}
359status:
360 acceptedNames:
361 kind: ""
362 plural: ""
363 conditions: []
364 storedVersions: []
View as plain text