1# Copyright 2020 Google LLC
2#
3# Licensed under the Apache License, Version 2.0 (the "License");
4# you may not use this file except in compliance with the License.
5# You may obtain a copy of the License at
6#
7# http://www.apache.org/licenses/LICENSE-2.0
8#
9# Unless required by applicable law or agreed to in writing, software
10# distributed under the License is distributed on an "AS IS" BASIS,
11# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12# See the License for the specific language governing permissions and
13# limitations under the License.
14
15apiVersion: apiextensions.k8s.io/v1
16kind: CustomResourceDefinition
17metadata:
18 annotations:
19 cnrm.cloud.google.com/version: 1.106.0
20 creationTimestamp: null
21 labels:
22 cnrm.cloud.google.com/dcl2crd: "true"
23 cnrm.cloud.google.com/managed-by-kcc: "true"
24 cnrm.cloud.google.com/stability-level: stable
25 cnrm.cloud.google.com/system: "true"
26 name: gkehubmemberships.gkehub.cnrm.cloud.google.com
27spec:
28 group: gkehub.cnrm.cloud.google.com
29 names:
30 categories:
31 - gcp
32 kind: GKEHubMembership
33 plural: gkehubmemberships
34 shortNames:
35 - gcpgkehubmembership
36 - gcpgkehubmemberships
37 singular: gkehubmembership
38 scope: Namespaced
39 versions:
40 - additionalPrinterColumns:
41 - jsonPath: .metadata.creationTimestamp
42 name: Age
43 type: date
44 - description: When 'True', the most recent reconcile of the resource succeeded
45 jsonPath: .status.conditions[?(@.type=='Ready')].status
46 name: Ready
47 type: string
48 - description: The reason for the value in 'Ready'
49 jsonPath: .status.conditions[?(@.type=='Ready')].reason
50 name: Status
51 type: string
52 - description: The last transition time for the value in 'Status'
53 jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime
54 name: Status Age
55 type: date
56 name: v1beta1
57 schema:
58 openAPIV3Schema:
59 properties:
60 apiVersion:
61 description: 'apiVersion defines the versioned schema of this representation
62 of an object. Servers should convert recognized schemas to the latest
63 internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources'
64 type: string
65 kind:
66 description: 'kind is a string value representing the REST resource this
67 object represents. Servers may infer this from the endpoint the client
68 submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds'
69 type: string
70 metadata:
71 type: object
72 spec:
73 properties:
74 authority:
75 description: 'Optional. How to identify workloads from this Membership.
76 See the documentation on Workload Identity for more details: https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity'
77 properties:
78 issuer:
79 description: Optional. A JSON Web Token (JWT) issuer URI. `issuer`
80 must start with `https://` and be a valid URL with length <2000
81 characters. If set, then Google will allow valid OIDC tokens
82 from this issuer to authenticate within the workload_identity_pool.
83 OIDC discovery will be performed on this URI to validate tokens
84 from the issuer. Clearing `issuer` disables Workload Identity.
85 `issuer` cannot be directly modified; it must be cleared (and
86 Workload Identity disabled) before using a new issuer (and re-enabling
87 Workload Identity).
88 type: string
89 type: object
90 description:
91 description: 'Description of this membership, limited to 63 characters.
92 Must match the regex: `*` This field is present for legacy purposes.'
93 type: string
94 endpoint:
95 description: Optional. Endpoint information to reach this member.
96 properties:
97 gkeCluster:
98 description: Optional. GKE-specific information. Only present
99 if this Membership is a GKE cluster.
100 properties:
101 resourceRef:
102 oneOf:
103 - not:
104 required:
105 - external
106 required:
107 - name
108 - not:
109 anyOf:
110 - required:
111 - name
112 - required:
113 - namespace
114 required:
115 - external
116 properties:
117 external:
118 description: |-
119 Immutable. Self-link of the GCP resource for the GKE cluster. For example: //container.googleapis.com/projects/my-project/locations/us-west1-a/clusters/my-cluster Zonal clusters are also supported.
120
121 Allowed value: The `selfLink` field of a `ContainerCluster` resource.
122 type: string
123 name:
124 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
125 type: string
126 namespace:
127 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
128 type: string
129 type: object
130 type: object
131 kubernetesResource:
132 description: 'Optional. The in-cluster Kubernetes Resources that
133 should be applied for a correctly registered cluster, in the
134 steady state. These resources: * Ensure that the cluster is
135 exclusively registered to one and only one Hub Membership. *
136 Propagate Workload Pool Information available in the Membership
137 Authority field. * Ensure proper initial configuration of default
138 Hub Features.'
139 properties:
140 membershipCrManifest:
141 description: Input only. The YAML representation of the Membership
142 CR. This field is ignored for GKE clusters where Hub can
143 read the CR directly. Callers should provide the CR that
144 is currently present in the cluster during CreateMembership
145 or UpdateMembership, or leave this field empty if none exists.
146 The CR manifest is used to validate the cluster has not
147 been registered with another Membership.
148 type: string
149 resourceOptions:
150 description: Optional. Options for Kubernetes resource generation.
151 properties:
152 connectVersion:
153 description: Optional. The Connect agent version to use
154 for connect_resources. Defaults to the latest GKE Connect
155 version. The version must be a currently supported version,
156 obsolete versions will be rejected.
157 type: string
158 v1beta1Crd:
159 description: Optional. Use `apiextensions/v1beta1` instead
160 of `apiextensions/v1` for CustomResourceDefinition resources.
161 This option should be set for clusters with Kubernetes
162 apiserver versions <1.16.
163 type: boolean
164 type: object
165 type: object
166 type: object
167 externalId:
168 description: 'Optional. An externally-generated and managed ID for
169 this Membership. This ID may be modified after creation, but this
170 is not recommended. The ID must match the regex: `*` If this Membership
171 represents a Kubernetes cluster, this value should be set to the
172 UID of the `kube-system` namespace object.'
173 type: string
174 infrastructureType:
175 description: 'Optional. The infrastructure type this Membership is
176 running on. Possible values: INFRASTRUCTURE_TYPE_UNSPECIFIED, ON_PREM,
177 MULTI_CLOUD'
178 type: string
179 location:
180 description: Immutable. The location for the resource
181 type: string
182 resourceID:
183 description: Immutable. Optional. The name of the resource. Used for
184 creation and acquisition. When unset, the value of `metadata.name`
185 is used as the default.
186 type: string
187 required:
188 - location
189 type: object
190 status:
191 properties:
192 authority:
193 properties:
194 identityProvider:
195 description: Output only. An identity provider that reflects the
196 `issuer` in the workload identity pool.
197 type: string
198 workloadIdentityPool:
199 description: 'Output only. The name of the workload identity pool
200 in which `issuer` will be recognized. There is a single Workload
201 Identity Pool per Hub that is shared between all Memberships
202 that belong to that Hub. For a Hub hosted in: {PROJECT_ID},
203 the workload pool format is `{PROJECT_ID}.hub.id.goog`, although
204 this is subject to change in newer versions of this API.'
205 type: string
206 type: object
207 conditions:
208 description: Conditions represent the latest available observation
209 of the resource's current state.
210 items:
211 properties:
212 lastTransitionTime:
213 description: Last time the condition transitioned from one status
214 to another.
215 type: string
216 message:
217 description: Human-readable message indicating details about
218 last transition.
219 type: string
220 reason:
221 description: Unique, one-word, CamelCase reason for the condition's
222 last transition.
223 type: string
224 status:
225 description: Status is the status of the condition. Can be True,
226 False, Unknown.
227 type: string
228 type:
229 description: Type is the type of the condition.
230 type: string
231 type: object
232 type: array
233 createTime:
234 description: Output only. When the Membership was created.
235 format: date-time
236 type: string
237 deleteTime:
238 description: Output only. When the Membership was deleted.
239 format: date-time
240 type: string
241 endpoint:
242 properties:
243 kubernetesMetadata:
244 description: Output only. Useful Kubernetes-specific metadata.
245 properties:
246 kubernetesApiServerVersion:
247 description: Output only. Kubernetes API server version string
248 as reported by `/version`.
249 type: string
250 memoryMb:
251 description: Output only. The total memory capacity as reported
252 by the sum of all Kubernetes nodes resources, defined in
253 MB.
254 format: int64
255 type: integer
256 nodeCount:
257 description: Output only. Node count as reported by Kubernetes
258 nodes resources.
259 format: int64
260 type: integer
261 nodeProviderId:
262 description: Output only. Node providerID as reported by the
263 first node in the list of nodes on the Kubernetes endpoint.
264 On Kubernetes platforms that support zero-node clusters
265 (like GKE-on-GCP), the node_count will be zero and the node_provider_id
266 will be empty.
267 type: string
268 updateTime:
269 description: Output only. The time at which these details
270 were last updated. This update_time is different from the
271 Membership-level update_time since EndpointDetails are updated
272 internally for API consumers.
273 format: date-time
274 type: string
275 vcpuCount:
276 description: Output only. vCPU count as reported by Kubernetes
277 nodes resources.
278 format: int64
279 type: integer
280 type: object
281 kubernetesResource:
282 properties:
283 connectResources:
284 description: Output only. The Kubernetes resources for installing
285 the GKE Connect agent This field is only populated in the
286 Membership returned from a successful long-running operation
287 from CreateMembership or UpdateMembership. It is not populated
288 during normal GetMembership or ListMemberships requests.
289 To get the resource manifest after the initial registration,
290 the caller should make a UpdateMembership call with an empty
291 field mask.
292 items:
293 properties:
294 clusterScoped:
295 description: Whether the resource provided in the manifest
296 is `cluster_scoped`. If unset, the manifest is assumed
297 to be namespace scoped. This field is used for REST
298 mapping when applying the resource in a cluster.
299 type: boolean
300 manifest:
301 description: YAML manifest of the resource.
302 type: string
303 type: object
304 type: array
305 membershipResources:
306 description: Output only. Additional Kubernetes resources
307 that need to be applied to the cluster after Membership
308 creation, and after every update. This field is only populated
309 in the Membership returned from a successful long-running
310 operation from CreateMembership or UpdateMembership. It
311 is not populated during normal GetMembership or ListMemberships
312 requests. To get the resource manifest after the initial
313 registration, the caller should make a UpdateMembership
314 call with an empty field mask.
315 items:
316 properties:
317 clusterScoped:
318 description: Whether the resource provided in the manifest
319 is `cluster_scoped`. If unset, the manifest is assumed
320 to be namespace scoped. This field is used for REST
321 mapping when applying the resource in a cluster.
322 type: boolean
323 manifest:
324 description: YAML manifest of the resource.
325 type: string
326 type: object
327 type: array
328 type: object
329 type: object
330 lastConnectionTime:
331 description: Output only. For clusters using Connect, the timestamp
332 of the most recent connection established with Google Cloud. This
333 time is updated every several minutes, not continuously. For clusters
334 that do not use GKE Connect, or that have never connected successfully,
335 this field will be unset.
336 format: date-time
337 type: string
338 observedGeneration:
339 description: ObservedGeneration is the generation of the resource
340 that was most recently observed by the Config Connector controller.
341 If this is equal to metadata.generation, then that means that the
342 current reported status reflects the most recent desired state of
343 the resource.
344 type: integer
345 state:
346 description: Output only. State of the Membership resource.
347 properties:
348 code:
349 description: 'Output only. The current state of the Membership
350 resource. Possible values: CODE_UNSPECIFIED, CREATING, READY,
351 DELETING, UPDATING, SERVICE_UPDATING'
352 type: string
353 type: object
354 uniqueId:
355 description: Output only. Google-generated UUID for this resource.
356 This is unique across all Membership resources. If a Membership
357 resource is deleted and another resource with the same name is created,
358 it gets a different unique_id.
359 type: string
360 updateTime:
361 description: Output only. When the Membership was last updated.
362 format: date-time
363 type: string
364 type: object
365 required:
366 - spec
367 type: object
368 served: true
369 storage: true
370 subresources:
371 status: {}
372status:
373 acceptedNames:
374 kind: ""
375 plural: ""
376 conditions: []
377 storedVersions: []
View as plain text