1# Copyright 2020 Google LLC
2#
3# Licensed under the Apache License, Version 2.0 (the "License");
4# you may not use this file except in compliance with the License.
5# You may obtain a copy of the License at
6#
7# http://www.apache.org/licenses/LICENSE-2.0
8#
9# Unless required by applicable law or agreed to in writing, software
10# distributed under the License is distributed on an "AS IS" BASIS,
11# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12# See the License for the specific language governing permissions and
13# limitations under the License.
14
15apiVersion: apiextensions.k8s.io/v1
16kind: CustomResourceDefinition
17metadata:
18 annotations:
19 cnrm.cloud.google.com/version: 1.106.0
20 creationTimestamp: null
21 labels:
22 cnrm.cloud.google.com/dcl2crd: "true"
23 cnrm.cloud.google.com/managed-by-kcc: "true"
24 cnrm.cloud.google.com/stability-level: stable
25 cnrm.cloud.google.com/system: "true"
26 name: gkehubfeaturememberships.gkehub.cnrm.cloud.google.com
27spec:
28 group: gkehub.cnrm.cloud.google.com
29 names:
30 categories:
31 - gcp
32 kind: GKEHubFeatureMembership
33 plural: gkehubfeaturememberships
34 shortNames:
35 - gcpgkehubfeaturemembership
36 - gcpgkehubfeaturememberships
37 singular: gkehubfeaturemembership
38 scope: Namespaced
39 versions:
40 - additionalPrinterColumns:
41 - jsonPath: .metadata.creationTimestamp
42 name: Age
43 type: date
44 - description: When 'True', the most recent reconcile of the resource succeeded
45 jsonPath: .status.conditions[?(@.type=='Ready')].status
46 name: Ready
47 type: string
48 - description: The reason for the value in 'Ready'
49 jsonPath: .status.conditions[?(@.type=='Ready')].reason
50 name: Status
51 type: string
52 - description: The last transition time for the value in 'Status'
53 jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime
54 name: Status Age
55 type: date
56 name: v1beta1
57 schema:
58 openAPIV3Schema:
59 properties:
60 apiVersion:
61 description: 'apiVersion defines the versioned schema of this representation
62 of an object. Servers should convert recognized schemas to the latest
63 internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources'
64 type: string
65 kind:
66 description: 'kind is a string value representing the REST resource this
67 object represents. Servers may infer this from the endpoint the client
68 submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds'
69 type: string
70 metadata:
71 type: object
72 spec:
73 properties:
74 configmanagement:
75 description: Config Management-specific spec.
76 properties:
77 binauthz:
78 description: Binauthz configuration for the cluster.
79 properties:
80 enabled:
81 description: Whether binauthz is enabled in this cluster.
82 type: boolean
83 type: object
84 configSync:
85 description: Config Sync configuration for the cluster.
86 properties:
87 git:
88 properties:
89 gcpServiceAccountRef:
90 oneOf:
91 - not:
92 required:
93 - external
94 required:
95 - name
96 - not:
97 anyOf:
98 - required:
99 - name
100 - required:
101 - namespace
102 required:
103 - external
104 properties:
105 external:
106 description: |-
107 The GCP Service Account Email used for auth when secretType is gcpServiceAccount.
108
109 Allowed value: The `email` field of an `IAMServiceAccount` resource.
110 type: string
111 name:
112 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
113 type: string
114 namespace:
115 description: 'Namespace of the referent. More info:
116 https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
117 type: string
118 type: object
119 httpsProxy:
120 description: URL for the HTTPS proxy to be used when communicating
121 with the Git repo.
122 type: string
123 policyDir:
124 description: 'The path within the Git repository that
125 represents the top level of the repo to sync. Default:
126 the root directory of the repository.'
127 type: string
128 secretType:
129 description: Type of secret configured for access to the
130 Git repo. Must be one of ssh, cookiefile, gcenode, token,
131 gcpserviceaccount or none. The validation of this is
132 case-sensitive.
133 type: string
134 syncBranch:
135 description: 'The branch of the repository to sync from.
136 Default: master.'
137 type: string
138 syncRepo:
139 description: The URL of the Git repository to use as the
140 source of truth.
141 type: string
142 syncRev:
143 description: Git revision (tag or hash) to check out.
144 Default HEAD.
145 type: string
146 syncWaitSecs:
147 description: 'Period in seconds between consecutive syncs.
148 Default: 15.'
149 type: string
150 type: object
151 oci:
152 properties:
153 gcpServiceAccountRef:
154 oneOf:
155 - not:
156 required:
157 - external
158 required:
159 - name
160 - not:
161 anyOf:
162 - required:
163 - name
164 - required:
165 - namespace
166 required:
167 - external
168 properties:
169 external:
170 description: "The GCP Service Account Email used for
171 auth when secret_type is gcpserviceaccount. \n\nAllowed
172 value: The `email` field of an `IAMServiceAccount`
173 resource."
174 type: string
175 name:
176 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
177 type: string
178 namespace:
179 description: 'Namespace of the referent. More info:
180 https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
181 type: string
182 type: object
183 policyDir:
184 description: 'The absolute path of the directory that
185 contains the local resources. Default: the root directory
186 of the image.'
187 type: string
188 secretType:
189 description: Type of secret configured for access to the
190 OCI Image. Must be one of gcenode, gcpserviceaccount
191 or none. The validation of this is case-sensitive.
192 type: string
193 syncRepo:
194 description: The OCI image repository URL for the package
195 to sync from. e.g. LOCATION-docker.pkg.dev/PROJECT_ID/REPOSITORY_NAME/PACKAGE_NAME.
196 type: string
197 syncWaitSecs:
198 description: 'Period in seconds(int64 format) between
199 consecutive syncs. Default: 15.'
200 type: string
201 type: object
202 preventDrift:
203 description: Set to true to enable the Config Sync admission
204 webhook to prevent drifts. If set to `false`, disables the
205 Config Sync admission webhook and does not prevent drifts.
206 type: boolean
207 sourceFormat:
208 description: Specifies whether the Config Sync Repo is in
209 "hierarchical" or "unstructured" mode.
210 type: string
211 type: object
212 hierarchyController:
213 description: Hierarchy Controller configuration for the cluster.
214 properties:
215 enableHierarchicalResourceQuota:
216 description: Whether hierarchical resource quota is enabled
217 in this cluster.
218 type: boolean
219 enablePodTreeLabels:
220 description: Whether pod tree labels are enabled in this cluster.
221 type: boolean
222 enabled:
223 description: Whether Hierarchy Controller is enabled in this
224 cluster.
225 type: boolean
226 type: object
227 policyController:
228 description: Policy Controller configuration for the cluster.
229 properties:
230 auditIntervalSeconds:
231 description: Sets the interval for Policy Controller Audit
232 Scans (in seconds). When set to 0, this disables audit functionality
233 altogether.
234 type: string
235 enabled:
236 description: Enables the installation of Policy Controller.
237 If false, the rest of PolicyController fields take no effect.
238 type: boolean
239 exemptableNamespaces:
240 description: The set of namespaces that are excluded from
241 Policy Controller checks. Namespaces do not need to currently
242 exist on the cluster.
243 items:
244 type: string
245 type: array
246 logDeniesEnabled:
247 description: Logs all denies and dry run failures.
248 type: boolean
249 monitoring:
250 description: 'Specifies the backends Policy Controller should
251 export metrics to. For example, to specify metrics should
252 be exported to Cloud Monitoring and Prometheus, specify
253 backends: ["cloudmonitoring", "prometheus"]. Default: ["cloudmonitoring",
254 "prometheus"]'
255 properties:
256 backends:
257 description: ' Specifies the list of backends Policy Controller
258 will export to. Specifying an empty value `[]` disables
259 metrics export.'
260 items:
261 type: string
262 type: array
263 type: object
264 mutationEnabled:
265 description: Enable or disable mutation in policy controller.
266 If true, mutation CRDs, webhook and controller deployment
267 will be deployed to the cluster.
268 type: boolean
269 referentialRulesEnabled:
270 description: Enables the ability to use Constraint Templates
271 that reference to objects other than the object currently
272 being evaluated.
273 type: boolean
274 templateLibraryInstalled:
275 description: Installs the default template library along with
276 Policy Controller.
277 type: boolean
278 type: object
279 version:
280 description: Optional. Version of ACM to install. Defaults to
281 the latest version.
282 type: string
283 type: object
284 featureRef:
285 description: Immutable.
286 oneOf:
287 - not:
288 required:
289 - external
290 required:
291 - name
292 - not:
293 anyOf:
294 - required:
295 - name
296 - required:
297 - namespace
298 required:
299 - external
300 properties:
301 external:
302 description: |-
303 The name of the feature
304
305 Allowed value: The Google Cloud resource name of a `GKEHubFeature` resource (format: `projects/{{project}}/locations/{{location}}/features/{{name}}`).
306 type: string
307 name:
308 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
309 type: string
310 namespace:
311 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
312 type: string
313 type: object
314 location:
315 description: Immutable. The location of the feature
316 type: string
317 membershipRef:
318 description: Immutable.
319 oneOf:
320 - not:
321 required:
322 - external
323 required:
324 - name
325 - not:
326 anyOf:
327 - required:
328 - name
329 - required:
330 - namespace
331 required:
332 - external
333 properties:
334 external:
335 description: |-
336 The name of the membership
337
338 Allowed value: The Google Cloud resource name of a `GKEHubMembership` resource (format: `projects/{{project}}/locations/{{location}}/memberships/{{name}}`).
339 type: string
340 name:
341 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
342 type: string
343 namespace:
344 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
345 type: string
346 type: object
347 mesh:
348 description: Manage Mesh Features
349 properties:
350 controlPlane:
351 description: '**DEPRECATED** Whether to automatically manage Service
352 Mesh control planes. Possible values: CONTROL_PLANE_MANAGEMENT_UNSPECIFIED,
353 AUTOMATIC, MANUAL'
354 type: string
355 management:
356 description: 'Whether to automatically manage Service Mesh. Possible
357 values: MANAGEMENT_UNSPECIFIED, MANAGEMENT_AUTOMATIC, MANAGEMENT_MANUAL'
358 type: string
359 type: object
360 projectRef:
361 description: Immutable. The Project that this resource belongs to.
362 oneOf:
363 - not:
364 required:
365 - external
366 required:
367 - name
368 - not:
369 anyOf:
370 - required:
371 - name
372 - required:
373 - namespace
374 required:
375 - external
376 properties:
377 external:
378 description: |-
379 The project of the feature
380
381 Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`).
382 type: string
383 name:
384 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
385 type: string
386 namespace:
387 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
388 type: string
389 type: object
390 required:
391 - featureRef
392 - location
393 - membershipRef
394 - projectRef
395 type: object
396 status:
397 properties:
398 conditions:
399 description: Conditions represent the latest available observation
400 of the resource's current state.
401 items:
402 properties:
403 lastTransitionTime:
404 description: Last time the condition transitioned from one status
405 to another.
406 type: string
407 message:
408 description: Human-readable message indicating details about
409 last transition.
410 type: string
411 reason:
412 description: Unique, one-word, CamelCase reason for the condition's
413 last transition.
414 type: string
415 status:
416 description: Status is the status of the condition. Can be True,
417 False, Unknown.
418 type: string
419 type:
420 description: Type is the type of the condition.
421 type: string
422 type: object
423 type: array
424 observedGeneration:
425 description: ObservedGeneration is the generation of the resource
426 that was most recently observed by the Config Connector controller.
427 If this is equal to metadata.generation, then that means that the
428 current reported status reflects the most recent desired state of
429 the resource.
430 type: integer
431 type: object
432 required:
433 - spec
434 type: object
435 served: true
436 storage: true
437 subresources:
438 status: {}
439status:
440 acceptedNames:
441 kind: ""
442 plural: ""
443 conditions: []
444 storedVersions: []
View as plain text