# Copyright 2020 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" name: gkehubfeaturememberships.gkehub.cnrm.cloud.google.com spec: group: gkehub.cnrm.cloud.google.com names: categories: - gcp kind: GKEHubFeatureMembership plural: gkehubfeaturememberships shortNames: - gcpgkehubfeaturemembership - gcpgkehubfeaturememberships singular: gkehubfeaturemembership scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: configmanagement: description: Config Management-specific spec. properties: binauthz: description: Binauthz configuration for the cluster. properties: enabled: description: Whether binauthz is enabled in this cluster. type: boolean type: object configSync: description: Config Sync configuration for the cluster. properties: git: properties: gcpServiceAccountRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- The GCP Service Account Email used for auth when secretType is gcpServiceAccount. Allowed value: The `email` field of an `IAMServiceAccount` resource. type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object httpsProxy: description: URL for the HTTPS proxy to be used when communicating with the Git repo. type: string policyDir: description: 'The path within the Git repository that represents the top level of the repo to sync. Default: the root directory of the repository.' type: string secretType: description: Type of secret configured for access to the Git repo. Must be one of ssh, cookiefile, gcenode, token, gcpserviceaccount or none. The validation of this is case-sensitive. type: string syncBranch: description: 'The branch of the repository to sync from. Default: master.' type: string syncRepo: description: The URL of the Git repository to use as the source of truth. type: string syncRev: description: Git revision (tag or hash) to check out. Default HEAD. type: string syncWaitSecs: description: 'Period in seconds between consecutive syncs. Default: 15.' type: string type: object oci: properties: gcpServiceAccountRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: "The GCP Service Account Email used for auth when secret_type is gcpserviceaccount. \n\nAllowed value: The `email` field of an `IAMServiceAccount` resource." type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object policyDir: description: 'The absolute path of the directory that contains the local resources. Default: the root directory of the image.' type: string secretType: description: Type of secret configured for access to the OCI Image. Must be one of gcenode, gcpserviceaccount or none. The validation of this is case-sensitive. type: string syncRepo: description: The OCI image repository URL for the package to sync from. e.g. LOCATION-docker.pkg.dev/PROJECT_ID/REPOSITORY_NAME/PACKAGE_NAME. type: string syncWaitSecs: description: 'Period in seconds(int64 format) between consecutive syncs. Default: 15.' type: string type: object preventDrift: description: Set to true to enable the Config Sync admission webhook to prevent drifts. If set to `false`, disables the Config Sync admission webhook and does not prevent drifts. type: boolean sourceFormat: description: Specifies whether the Config Sync Repo is in "hierarchical" or "unstructured" mode. type: string type: object hierarchyController: description: Hierarchy Controller configuration for the cluster. properties: enableHierarchicalResourceQuota: description: Whether hierarchical resource quota is enabled in this cluster. type: boolean enablePodTreeLabels: description: Whether pod tree labels are enabled in this cluster. type: boolean enabled: description: Whether Hierarchy Controller is enabled in this cluster. type: boolean type: object policyController: description: Policy Controller configuration for the cluster. properties: auditIntervalSeconds: description: Sets the interval for Policy Controller Audit Scans (in seconds). When set to 0, this disables audit functionality altogether. type: string enabled: description: Enables the installation of Policy Controller. If false, the rest of PolicyController fields take no effect. type: boolean exemptableNamespaces: description: The set of namespaces that are excluded from Policy Controller checks. Namespaces do not need to currently exist on the cluster. items: type: string type: array logDeniesEnabled: description: Logs all denies and dry run failures. type: boolean monitoring: description: 'Specifies the backends Policy Controller should export metrics to. For example, to specify metrics should be exported to Cloud Monitoring and Prometheus, specify backends: ["cloudmonitoring", "prometheus"]. Default: ["cloudmonitoring", "prometheus"]' properties: backends: description: ' Specifies the list of backends Policy Controller will export to. Specifying an empty value `[]` disables metrics export.' items: type: string type: array type: object mutationEnabled: description: Enable or disable mutation in policy controller. If true, mutation CRDs, webhook and controller deployment will be deployed to the cluster. type: boolean referentialRulesEnabled: description: Enables the ability to use Constraint Templates that reference to objects other than the object currently being evaluated. type: boolean templateLibraryInstalled: description: Installs the default template library along with Policy Controller. type: boolean type: object version: description: Optional. Version of ACM to install. Defaults to the latest version. type: string type: object featureRef: description: Immutable. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- The name of the feature Allowed value: The Google Cloud resource name of a `GKEHubFeature` resource (format: `projects/{{project}}/locations/{{location}}/features/{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object location: description: Immutable. The location of the feature type: string membershipRef: description: Immutable. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- The name of the membership Allowed value: The Google Cloud resource name of a `GKEHubMembership` resource (format: `projects/{{project}}/locations/{{location}}/memberships/{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object mesh: description: Manage Mesh Features properties: controlPlane: description: '**DEPRECATED** Whether to automatically manage Service Mesh control planes. Possible values: CONTROL_PLANE_MANAGEMENT_UNSPECIFIED, AUTOMATIC, MANUAL' type: string management: description: 'Whether to automatically manage Service Mesh. Possible values: MANAGEMENT_UNSPECIFIED, MANAGEMENT_AUTOMATIC, MANAGEMENT_MANUAL' type: string type: object projectRef: description: Immutable. The Project that this resource belongs to. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- The project of the feature Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object required: - featureRef - location - membershipRef - projectRef type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: []