Package google.cloud.gkehub.v1beta

Index

GkeHub

The GKE Hub service handles the registration of many Kubernetes clusters to Google Cloud, and the management of multi-cluster features over those clusters.

The GKE Hub service operates on the following resources:

GKE Hub is currently available in the global region and all regions in https://cloud.google.com/compute/docs/regions-zones. Feature is only available in global region while membership is global region and all the regions.

Membership management may be non-trivial: it is recommended to use one of the Google-provided client libraries or tools where possible when working with Membership resources.

CreateFeature

rpc CreateFeature(CreateFeatureRequest) returns (Operation)

Adds a new Feature.

Authorization scopes

Requires the following OAuth scope:

  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

CreateFleet

rpc CreateFleet(CreateFleetRequest) returns (Operation)

Creates a fleet.

Authorization scopes

Requires the following OAuth scope:

  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

CreateMembership

rpc CreateMembership(CreateMembershipRequest) returns (Operation)

Creates a new Membership.

This is currently only supported for GKE clusters on Google Cloud. To register other clusters, follow the instructions at https://cloud.google.com/anthos/multicluster-management/connect/registering-a-cluster.

Authorization scopes

Requires the following OAuth scope:

  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

CreateMembershipBinding

rpc CreateMembershipBinding(CreateMembershipBindingRequest) returns (Operation)

Creates a MembershipBinding.

Authorization scopes

Requires the following OAuth scope:

  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

CreateMembershipRBACRoleBinding

rpc CreateMembershipRBACRoleBinding(CreateMembershipRBACRoleBindingRequest) returns (Operation)

Creates a Membership RBACRoleBinding.

Authorization scopes

Requires the following OAuth scope:

  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

CreateScope

rpc CreateScope(CreateScopeRequest) returns (Operation)

Creates a Scope.

Authorization scopes

Requires the following OAuth scope:

  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

CreateScopeNamespace

rpc CreateScopeNamespace(CreateScopeNamespaceRequest) returns (Operation)

Creates a fleet namespace.

Authorization scopes

Requires the following OAuth scope:

  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

CreateScopeRBACRoleBinding

rpc CreateScopeRBACRoleBinding(CreateScopeRBACRoleBindingRequest) returns (Operation)

Creates a Scope RBACRoleBinding.

Authorization scopes

Requires the following OAuth scope:

  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

DeleteFeature

rpc DeleteFeature(DeleteFeatureRequest) returns (Operation)

Removes a Feature.

Authorization scopes

Requires the following OAuth scope:

  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

DeleteFleet

rpc DeleteFleet(DeleteFleetRequest) returns (Operation)

Removes a Fleet. There must be no memberships remaining in the Fleet.

Authorization scopes

Requires the following OAuth scope:

  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

DeleteMembership

rpc DeleteMembership(DeleteMembershipRequest) returns (Operation)

Removes a Membership.

This is currently only supported for GKE clusters on Google Cloud. To unregister other clusters, follow the instructions at https://cloud.google.com/anthos/multicluster-management/connect/unregistering-a-cluster.

Authorization scopes

Requires the following OAuth scope:

  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

DeleteMembershipBinding

rpc DeleteMembershipBinding(DeleteMembershipBindingRequest) returns (Operation)

Deletes a MembershipBinding.

Authorization scopes

Requires the following OAuth scope:

  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

DeleteMembershipRBACRoleBinding

rpc DeleteMembershipRBACRoleBinding(DeleteMembershipRBACRoleBindingRequest) returns (Operation)

Deletes a Membership RBACRoleBinding.

Authorization scopes

Requires the following OAuth scope:

  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

DeleteScope

rpc DeleteScope(DeleteScopeRequest) returns (Operation)

Deletes a Scope.

Authorization scopes

Requires the following OAuth scope:

  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

DeleteScopeNamespace

rpc DeleteScopeNamespace(DeleteScopeNamespaceRequest) returns (Operation)

Deletes a fleet namespace.

Authorization scopes

Requires the following OAuth scope:

  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

DeleteScopeRBACRoleBinding

rpc DeleteScopeRBACRoleBinding(DeleteScopeRBACRoleBindingRequest) returns (Operation)

Deletes a Scope RBACRoleBinding.

Authorization scopes

Requires the following OAuth scope:

  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

GenerateConnectManifest

rpc GenerateConnectManifest(GenerateConnectManifestRequest) returns (GenerateConnectManifestResponse)

Generates the manifest for deployment of the GKE connect agent.

This method is used internally by Google-provided libraries. Most clients should not need to call this method directly.

Authorization scopes

Requires the following OAuth scope:

  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

GenerateMembershipRBACRoleBindingYAML

rpc GenerateMembershipRBACRoleBindingYAML(GenerateMembershipRBACRoleBindingYAMLRequest) returns (GenerateMembershipRBACRoleBindingYAMLResponse)

Generates a YAML of the RBAC policies for the specified RoleBinding and its associated impersonation resources.

Authorization scopes

Requires the following OAuth scope:

  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

GetFeature

rpc GetFeature(GetFeatureRequest) returns (Feature)

Gets details of a single Feature.

Authorization scopes

Requires the following OAuth scope:

  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

GetFleet

rpc GetFleet(GetFleetRequest) returns (Fleet)

Returns the details of a fleet.

Authorization scopes

Requires the following OAuth scope:

  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

GetMembership

rpc GetMembership(GetMembershipRequest) returns (Membership)

Gets the details of a Membership.

Authorization scopes

Requires the following OAuth scope:

  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

GetMembershipBinding

rpc GetMembershipBinding(GetMembershipBindingRequest) returns (MembershipBinding)

Returns the details of a MembershipBinding.

Authorization scopes

Requires the following OAuth scope:

  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

GetMembershipRBACRoleBinding

rpc GetMembershipRBACRoleBinding(GetMembershipRBACRoleBindingRequest) returns (RBACRoleBinding)

Returns the details of a Membership RBACRoleBinding.

Authorization scopes

Requires the following OAuth scope:

  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

GetScope

rpc GetScope(GetScopeRequest) returns (Scope)

Returns the details of a Scope.

Authorization scopes

Requires the following OAuth scope:

  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

GetScopeNamespace

rpc GetScopeNamespace(GetScopeNamespaceRequest) returns (Namespace)

Returns the details of a fleet namespace.

Authorization scopes

Requires the following OAuth scope:

  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

GetScopeRBACRoleBinding

rpc GetScopeRBACRoleBinding(GetScopeRBACRoleBindingRequest) returns (RBACRoleBinding)

Returns the details of a Scope RBACRoleBinding.

Authorization scopes

Requires the following OAuth scope:

  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

ListFeatures

rpc ListFeatures(ListFeaturesRequest) returns (ListFeaturesResponse)

Lists Features in a given project and location.

Authorization scopes

Requires the following OAuth scope:

  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

ListFleets

rpc ListFleets(ListFleetsRequest) returns (ListFleetsResponse)

Returns all fleets within an organization or a project that the caller has access to.

Authorization scopes

Requires the following OAuth scope:

  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

ListMembershipBindings

rpc ListMembershipBindings(ListMembershipBindingsRequest) returns (ListMembershipBindingsResponse)

Lists MembershipBindings.

Authorization scopes

Requires the following OAuth scope:

  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

ListMembershipRBACRoleBindings

rpc ListMembershipRBACRoleBindings(ListMembershipRBACRoleBindingsRequest) returns (ListMembershipRBACRoleBindingsResponse)

Lists all Membership RBACRoleBindings.

Authorization scopes

Requires the following OAuth scope:

  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

ListMemberships

rpc ListMemberships(ListMembershipsRequest) returns (ListMembershipsResponse)

Lists Memberships in a given project and location.

Authorization scopes

Requires the following OAuth scope:

  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

ListScopeNamespaces

rpc ListScopeNamespaces(ListScopeNamespacesRequest) returns (ListScopeNamespacesResponse)

Lists fleet namespaces.

Authorization scopes

Requires the following OAuth scope:

  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

ListScopeRBACRoleBindings

rpc ListScopeRBACRoleBindings(ListScopeRBACRoleBindingsRequest) returns (ListScopeRBACRoleBindingsResponse)

Lists all Scope RBACRoleBindings.

Authorization scopes

Requires the following OAuth scope:

  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

ListScopes

rpc ListScopes(ListScopesRequest) returns (ListScopesResponse)

Lists Scopes.

Authorization scopes

Requires the following OAuth scope:

  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

UpdateFeature

rpc UpdateFeature(UpdateFeatureRequest) returns (Operation)

Updates an existing Feature.

Authorization scopes

Requires the following OAuth scope:

  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

UpdateFleet

rpc UpdateFleet(UpdateFleetRequest) returns (Operation)

Updates a fleet.

Authorization scopes

Requires the following OAuth scope:

  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

UpdateMembership

rpc UpdateMembership(UpdateMembershipRequest) returns (Operation)

Updates an existing Membership.

Authorization scopes

Requires the following OAuth scope:

  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

UpdateMembershipBinding

rpc UpdateMembershipBinding(UpdateMembershipBindingRequest) returns (Operation)

Updates a MembershipBinding.

Authorization scopes

Requires the following OAuth scope:

  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

UpdateMembershipRBACRoleBinding

rpc UpdateMembershipRBACRoleBinding(UpdateMembershipRBACRoleBindingRequest) returns (Operation)

Updates a Membership RBACRoleBinding.

Authorization scopes

Requires the following OAuth scope:

  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

UpdateScope

rpc UpdateScope(UpdateScopeRequest) returns (Operation)

Updates a scopes.

Authorization scopes

Requires the following OAuth scope:

  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

UpdateScopeNamespace

rpc UpdateScopeNamespace(UpdateScopeNamespaceRequest) returns (Operation)

Updates a fleet namespace.

Authorization scopes

Requires the following OAuth scope:

  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

UpdateScopeRBACRoleBinding

rpc UpdateScopeRBACRoleBinding(UpdateScopeRBACRoleBindingRequest) returns (Operation)

Updates a Scope RBACRoleBinding.

Authorization scopes

Requires the following OAuth scope:

  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

ApplianceCluster

ApplianceCluster contains information specific to GDC Edge Appliance Clusters.

Fields

Authority

Authority encodes how Google will recognize identities from this Membership. See the workload identity documentation for more details: https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity

Fields
issuer

string

Optional. A JSON Web Token (JWT) issuer URI. issuer must start with https:// and be a valid URL with length <2000 characters, it must use location rather than zone for GKE clusters.

If set, then Google will allow valid OIDC tokens from this issuer to authenticate within the workload_identity_pool. OIDC discovery will be performed on this URI to validate tokens from the issuer.

Clearing issuer disables Workload Identity. issuer cannot be directly modified; it must be cleared (and Workload Identity disabled) before using a new issuer (and re-enabling Workload Identity).

workload_identity_pool

string

Output only. The name of the workload identity pool in which issuer will be recognized.

There is a single Workload Identity Pool per Hub that is shared between all Memberships that belong to that Hub. For a Hub hosted in {PROJECT_ID}, the workload pool format is {PROJECT_ID}.hub.id.goog, although this is subject to change in newer versions of this API.

identity_provider

string

Output only. An identity provider that reflects the issuer in the workload identity pool.

oidc_jwks

bytes

Optional. OIDC verification keys for this Membership in JWKS format (RFC 7517).

When this field is set, OIDC discovery will NOT be performed on issuer, and instead OIDC tokens will be validated using this field.

BinaryAuthorizationConfig

BinaryAuthorizationConfig defines the fleet level configuration of binary authorization feature.

Fields
evaluation_mode

BinaryAuthorizationConfig.EvaluationMode

Optional. Mode of operation for binauthz policy evaluation.

policy_bindings[]

BinaryAuthorizationConfig.PolicyBinding

Optional. Binauthz policies that apply to this cluster.

EvaluationMode

Binary Authorization mode of operation.

Enums
EVALUATION_MODE_UNSPECIFIED Default value
DISABLED Disable BinaryAuthorization
POLICY_BINDINGS Use Binary Authorization with the policies specified in policy_bindings.

PolicyBinding

Binauthz policy that applies to this cluster.

Fields
name

string

The relative resource name of the binauthz platform policy to audit. GKE platform policies have the following format: projects/{project_number}/platforms/gke/policies/{policy_id}.

CommonFeatureSpec

CommonFeatureSpec contains Hub-wide configuration information

Fields

Union field feature_spec.

feature_spec can be only one of the following:

multiclusteringress

FeatureSpec

Multicluster Ingress-specific spec.

appdevexperience

AppDevExperienceFeatureSpec

Appdevexperience specific spec.

anthosobservability

AnthosObservabilityFeatureSpec

Anthos Observability spec

fleetobservability

FeatureSpec

FleetObservability feature spec.

clusterupgrade

FleetSpec

ClusterUpgrade (fleet-based) feature spec.

dataplanev2

FeatureSpec

DataplaneV2 feature spec.

CommonFeatureState

CommonFeatureState contains Hub-wide Feature status information.

Fields
state

FeatureState

Output only. The "running state" of the Feature in this Hub.

Union field feature_state.

feature_state can be only one of the following:

appdevexperience

AppDevExperienceFeatureState

Appdevexperience specific state.

fleetobservability

FeatureState

FleetObservability feature state.

clusterupgrade

FleetState

ClusterUpgrade fleet-level state.

CommonFleetDefaultMemberConfigSpec

CommonFleetDefaultMemberConfigSpec contains default configuration information for memberships of a fleet

Fields

Union field feature_spec.

feature_spec can be only one of the following:

mesh

MembershipSpec

Anthos Service Mesh-specific spec

configmanagement

MembershipSpec

Config Management-specific spec.

identityservice

MembershipSpec

Identity Service-specific spec.

policycontroller

MembershipSpec

Policy Controller spec.

ConnectAgentResource

ConnectAgentResource represents a Kubernetes resource manifest for Connect Agent deployment.

Fields
type

TypeMeta

Kubernetes type of the resource.

manifest

string

YAML manifest of the resource.

CreateFeatureRequest

Request message for the GkeHub.CreateFeature method.

Fields
parent

string

Required. The parent (project and location) where the Feature will be created. Specified in the format projects/*/locations/*.

Authorization requires the following IAM permission on the specified resource parent:

  • gkehub.features.create
feature_id

string

The ID of the feature to create.

resource

Feature

The Feature resource to create.

request_id

string

A request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes after the first request.

For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.

The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).

CreateFleetRequest

Request message for the GkeHub.CreateFleet method.

Fields
parent

string

Required. The parent (project and location) where the Fleet will be created. Specified in the format projects/*/locations/*.

Authorization requires the following IAM permission on the specified resource parent:

  • gkehub.fleet.create
fleet

Fleet

Required. The fleet to create.

CreateMembershipBindingRequest

Request to create a MembershipBinding.

Fields
parent

string

Required. The parent (project and location) where the MembershipBinding will be created. Specified in the format projects/*/locations/*/memberships/*.

Authorization requires the following IAM permission on the specified resource parent:

  • gkehub.membershipbindings.create
membership_binding

MembershipBinding

Required. The MembershipBinding to create.

membership_binding_id

string

Required. The ID to use for the MembershipBinding.

CreateMembershipRBACRoleBindingRequest

Request to create a rbacrolebindings.

Fields
parent

string

Required. The parent (project and location) where the RBACRoleBinding will be created. Specified in the format projects/*/locations/*/memberships/*.

Authorization requires the following IAM permission on the specified resource parent:

  • gkehub.rbacrolebindings.create
rbacrolebinding_id

string

Required. Client chosen ID for the RBACRoleBinding. rbacrolebinding_id must be a valid RFC 1123 compliant DNS label:

  1. At most 63 characters in length
  2. It must consist of lower case alphanumeric characters or -
  3. It must start and end with an alphanumeric character

Which can be expressed as the regex: [a-z0-9]([-a-z0-9]*[a-z0-9])?, with a maximum length of 63 characters.

rbacrolebinding

RBACRoleBinding

Required. The rbacrolebindings to create.

CreateMembershipRequest

Request message for the GkeHub.CreateMembership method.

Fields
parent

string

Required. The parent (project and location) where the Memberships will be created. Specified in the format projects/*/locations/*.

Authorization requires the following IAM permission on the specified resource parent:

  • gkehub.memberships.create
membership_id

string

Required. Client chosen ID for the membership. membership_id must be a valid RFC 1123 compliant DNS label:

  1. At most 63 characters in length
  2. It must consist of lower case alphanumeric characters or -
  3. It must start and end with an alphanumeric character

Which can be expressed as the regex: [a-z0-9]([-a-z0-9]*[a-z0-9])?, with a maximum length of 63 characters.

resource

Membership

Required. The membership to create.

request_id

string

Optional. A request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes after the first request.

For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.

The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).

CreateScopeNamespaceRequest

Request to create a fleet namespace.

Fields
parent

string

Required. The parent (project and location) where the Namespace will be created. Specified in the format projects/*/locations/*/scopes/*.

Authorization requires the following IAM permission on the specified resource parent:

  • gkehub.namespaces.create
scope_namespace_id

string

Required. Client chosen ID for the Namespace. namespace_id must be a valid RFC 1123 compliant DNS label:

  1. At most 63 characters in length
  2. It must consist of lower case alphanumeric characters or -
  3. It must start and end with an alphanumeric character

Which can be expressed as the regex: [a-z0-9]([-a-z0-9]*[a-z0-9])?, with a maximum length of 63 characters.

scope_namespace

Namespace

Required. The fleet namespace to create.

CreateScopeRBACRoleBindingRequest

Request to create a rbacrolebindings.

Fields
parent

string

Required. The parent (project and location) where the RBACRoleBinding will be created. Specified in the format projects/*/locations/*/scopes/*.

Authorization requires the following IAM permission on the specified resource parent:

  • gkehub.rbacrolebindings.create
rbacrolebinding_id

string

Required. Client chosen ID for the RBACRoleBinding. rbacrolebinding_id must be a valid RFC 1123 compliant DNS label:

  1. At most 63 characters in length
  2. It must consist of lower case alphanumeric characters or -
  3. It must start and end with an alphanumeric character

Which can be expressed as the regex: [a-z0-9]([-a-z0-9]*[a-z0-9])?, with a maximum length of 63 characters.

rbacrolebinding

RBACRoleBinding

Required. The rbacrolebindings to create.

CreateScopeRequest

Request to create a Scope.

Fields
parent

string

Required. The parent (project and location) where the Scope will be created. Specified in the format projects/*/locations/*.

Authorization requires the following IAM permission on the specified resource parent:

  • gkehub.scopes.create
scope_id

string

Required. Client chosen ID for the Scope. scope_id must be a ????

scope

Scope

Required. The Scope to create.

DefaultClusterConfig

DefaultClusterConfig describes the default cluster configurations to be applied to all clusters born-in-fleet.

Fields
security_posture_config

SecurityPostureConfig

Enable/Disable Security Posture features for the cluster.

binary_authorization_config

BinaryAuthorizationConfig

Optional. Enable/Disable binary authorization features for the cluster.

DeleteFeatureRequest

Request message for GkeHub.DeleteFeature method.

Fields
name

string

Required. The Feature resource name in the format projects/*/locations/*/features/*.

Authorization requires the following IAM permission on the specified resource name:

  • gkehub.features.delete
force

bool

If set to true, the delete will ignore any outstanding resources for this Feature (that is, FeatureState.has_resources is set to true). These resources will NOT be cleaned up or modified in any way.

request_id

string

Optional. A request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes after the first request.

For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.

The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).

DeleteFleetRequest

Request message for GkeHub.DeleteFleet method.

Fields
name

string

Required. The Fleet resource name in the format projects/*/locations/*/fleets/*.

Authorization requires the following IAM permission on the specified resource name:

  • gkehub.fleet.delete

DeleteMembershipBindingRequest

Request to delete a Binding.

Fields
name

string

Required. The MembershipBinding resource name in the format projects/*/locations/*/memberships/*/bindings/*.

Authorization requires the following IAM permission on the specified resource name:

  • gkehub.membershipbindings.get

DeleteMembershipRBACRoleBindingRequest

Request to delete a Membership RBACRoleBinding.

Fields
name

string

Required. The RBACRoleBinding resource name in the format projects/*/locations/*/memberships/*/rbacrolebindings/*.

Authorization requires the following IAM permission on the specified resource name:

  • gkehub.rbacrolebindings.delete

DeleteMembershipRequest

Request message for GkeHub.DeleteMembership method.

Fields
name

string

Required. The Membership resource name in the format projects/*/locations/*/memberships/*.

Authorization requires the following IAM permission on the specified resource name:

  • gkehub.memberships.delete
request_id

string

Optional. A request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes after the first request.

For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.

The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).

force

bool

Optional. If set to true, any subresource from this Membership will also be deleted. Otherwise, the request will only work if the Membership has no subresource.

DeleteScopeNamespaceRequest

Request to delete a fleet namespace.

Fields
name

string

Required. The Namespace resource name in the format projects/*/locations/*/scopes/*/namespaces/*.

Authorization requires the following IAM permission on the specified resource name:

  • gkehub.namespaces.delete

DeleteScopeRBACRoleBindingRequest

Request to delete a Scope RBACRoleBinding.

Fields
name

string

Required. The RBACRoleBinding resource name in the format projects/*/locations/*/scopes/*/rbacrolebindings/*.

Authorization requires the following IAM permission on the specified resource name:

  • gkehub.rbacrolebindings.delete

DeleteScopeRequest

Request to delete a Scope.

Fields
name

string

Required. The Scope resource name in the format projects/*/locations/*/scopes/*.

Authorization requires the following IAM permission on the specified resource name:

  • gkehub.scopes.delete

EdgeCluster

EdgeCluster contains information specific to Google Edge Clusters.

Fields

Feature

Feature represents the settings and status of any Hub Feature.

Fields
name

string

Output only. The full, unique name of this Feature resource in the format projects/*/locations/*/features/*.

labels

map<string, string>

Labels for this Feature.

resource_state

FeatureResourceState

Output only. State of the Feature resource itself.

spec

CommonFeatureSpec

Optional. Hub-wide Feature configuration. If this Feature does not support any Hub-wide configuration, this field may be unused.

membership_specs

map<string, MembershipFeatureSpec>

Optional. Membership-specific configuration for this Feature. If this Feature does not support any per-Membership configuration, this field may be unused.

The keys indicate which Membership the configuration is for, in the form:

projects/{p}/locations/{l}/memberships/{m}

Where {p} is the project, {l} is a valid location and {m} is a valid Membership in this project at that location. {p} WILL match the Feature's project.

{p} will always be returned as the project number, but the project ID is also accepted during input. If the same Membership is specified in the map twice (using the project ID form, and the project number form), exactly ONE of the entries will be saved, with no guarantees as to which. For this reason, it is recommended the same format be used for all entries when mutating a Feature.

state

CommonFeatureState

Output only. The Hub-wide Feature state.

membership_states

map<string, MembershipFeatureState>

Output only. Membership-specific Feature status. If this Feature does report any per-Membership status, this field may be unused.

The keys indicate which Membership the state is for, in the form:

projects/{p}/locations/{l}/memberships/{m}

Where {p} is the project number, {l} is a valid location and {m} is a valid Membership in this project at that location. {p} MUST match the Feature's project number.

create_time

Timestamp

Output only. When the Feature resource was created.

update_time

Timestamp

Output only. When the Feature resource was last updated.

delete_time

Timestamp

Output only. When the Feature resource was deleted.

fleet_default_member_config

CommonFleetDefaultMemberConfigSpec

Optional. Feature configuration applicable to all memberships of the fleet.

scope_specs

map<string, ScopeFeatureSpec>

Optional. Scope-specific configuration for this Feature. If this Feature does not support any per-Scope configuration, this field may be unused.

The keys indicate which Scope the configuration is for, in the form:

projects/{p}/locations/global/scopes/{s}

Where {p} is the project, {s} is a valid Scope in this project. {p} WILL match the Feature's project.

{p} will always be returned as the project number, but the project ID is also accepted during input. If the same Scope is specified in the map twice (using the project ID form, and the project number form), exactly ONE of the entries will be saved, with no guarantees as to which. For this reason, it is recommended the same format be used for all entries when mutating a Feature.

scope_states

map<string, ScopeFeatureState>

Output only. Scope-specific Feature status. If this Feature does report any per-Scope status, this field may be unused.

The keys indicate which Scope the state is for, in the form:

projects/{p}/locations/global/scopes/{s}

Where {p} is the project, {s} is a valid Scope in this project. {p} WILL match the Feature's project.

FeatureResourceState

FeatureResourceState describes the state of a Feature resource in the GkeHub API. See FeatureState for the "running state" of the Feature in the Hub and across Memberships.

Fields
state

FeatureResourceState.State

The current state of the Feature resource in the Hub API.

State

State describes the lifecycle status of a Feature.

Enums
STATE_UNSPECIFIED State is unknown or not set.
ENABLING The Feature is being enabled, and the Feature resource is being created. Once complete, the corresponding Feature will be enabled in this Hub.
ACTIVE The Feature is enabled in this Hub, and the Feature resource is fully available.
DISABLING The Feature is being disabled in this Hub, and the Feature resource is being deleted.
UPDATING The Feature resource is being updated.
SERVICE_UPDATING The Feature resource is being updated by the Hub Service.

FeatureState

FeatureState describes the high-level state of a Feature. It may be used to describe a Feature's state at the environ-level, or per-membershop, depending on the context.

Fields
code

FeatureState.Code

The high-level, machine-readable status of this Feature.

description

string

A human-readable description of the current status.

update_time

Timestamp

The time this status and any related Feature-specific details were updated.

Code

Code represents a machine-readable, high-level status of the Feature.

Enums
CODE_UNSPECIFIED Unknown or not set.
OK The Feature is operating normally.
WARNING The Feature has encountered an issue, and is operating in a degraded state. The Feature may need intervention to return to normal operation. See the description and any associated Feature-specific details for more information.
ERROR The Feature is not operating or is in a severely degraded state. The Feature may need intervention to return to normal operation. See the description and any associated Feature-specific details for more information.

Fleet

Fleet contains the Fleet-wide metadata and configuration.

Fields
name

string

Output only. The full, unique resource name of this fleet in the format of projects/{project}/locations/{location}/fleets/{fleet}.

Each Google Cloud project can have at most one fleet resource, named "default".

display_name

string

Optional. A user-assigned display name of the Fleet. When present, it must be between 4 to 30 characters. Allowed characters are: lowercase and uppercase letters, numbers, hyphen, single-quote, double-quote, space, and exclamation point.

Example: Production Fleet

create_time

Timestamp

Output only. When the Fleet was created.

update_time

Timestamp

Output only. When the Fleet was last updated.

delete_time

Timestamp

Output only. When the Fleet was deleted.

uid

string

Output only. Google-generated UUID for this resource. This is unique across all Fleet resources. If a Fleet resource is deleted and another resource with the same name is created, it gets a different uid.

state

FleetLifecycleState

Output only. State of the namespace resource.

default_cluster_config

DefaultClusterConfig

Optional. The default cluster configurations to apply across the fleet.

labels

map<string, string>

Optional. Labels for this Fleet.

FleetLifecycleState

FleetLifecycleState describes the state of a Fleet resource.

Fields
code

FleetLifecycleState.Code

Output only. The current state of the Fleet resource.

Code

Code describes the state of a Fleet resource.

Enums
CODE_UNSPECIFIED The code is not set.
CREATING The fleet is being created.
READY The fleet active.
DELETING The fleet is being deleted.
UPDATING The fleet is being updated.

GenerateConnectManifestRequest

Request message for GkeHub.GenerateConnectManifest method. .

Fields
name

string

Required. The Membership resource name the Agent will associate with, in the format projects/*/locations/*/memberships/*.

Authorization requires the following IAM permission on the specified resource name:

  • gkehub.memberships.generateConnectManifest
namespace

string

Optional. Namespace for GKE Connect agent resources. Defaults to gke-connect.

The Connect Agent is authorized automatically when run in the default namespace. Otherwise, explicit authorization must be granted with an additional IAM binding.

proxy

bytes

Optional. URI of a proxy if connectivity from the agent to gkeconnect.googleapis.com requires the use of a proxy. Format must be in the form http(s)://{proxy_address}, depending on the HTTP/HTTPS protocol supported by the proxy. This will direct the connect agent's outbound traffic through a HTTP(S) proxy.

version

string

Optional. The Connect agent version to use. Defaults to the most current version.

is_upgrade

bool

Optional. If true, generate the resources for upgrade only. Some resources generated only for installation (e.g. secrets) will be excluded.

registry

string

Optional. The registry to fetch the connect agent image from. Defaults to gcr.io/gkeconnect.

image_pull_secret_content

bytes

Optional. The image pull secret content for the registry, if not public.

GenerateConnectManifestResponse

GenerateConnectManifestResponse contains manifest information for installing/upgrading a Connect agent.

Fields
manifest[]

ConnectAgentResource

The ordered list of Kubernetes resources that need to be applied to the cluster for GKE Connect agent installation/upgrade.

GenerateMembershipRBACRoleBindingYAMLRequest

Request to generate a YAML of the RBAC policies for the specified RoleBinding and its associated impersonation resources.

Fields
parent

string

Required. The parent (project and location) where the RBACRoleBinding will be created. Specified in the format projects/*/locations/*/memberships/*.

Authorization requires the following IAM permission on the specified resource parent:

  • gkehub.rbacrolebindings.get
rbacrolebinding_id

string

Required. Client chosen ID for the RBACRoleBinding. rbacrolebinding_id must be a valid RFC 1123 compliant DNS label:

  1. At most 63 characters in length
  2. It must consist of lower case alphanumeric characters or -
  3. It must start and end with an alphanumeric character

Which can be expressed as the regex: [a-z0-9]([-a-z0-9]*[a-z0-9])?, with a maximum length of 63 characters.

rbacrolebinding

RBACRoleBinding

Required. The rbacrolebindings to generate the YAML for.

GenerateMembershipRBACRoleBindingYAMLResponse

Response for GenerateRBACRoleBindingYAML.

Fields
role_bindings_yaml

string

a yaml text blob including the RBAC policies.

GetFeatureRequest

Request message for GkeHub.GetFeature method.

Fields
name

string

Required. The Feature resource name in the format projects/*/locations/*/features/*

Authorization requires the following IAM permission on the specified resource name:

  • gkehub.features.get

GetFleetRequest

Request message for the GkeHub.GetFleet method.

Fields
name

string

Required. The Fleet resource name in the format projects/*/locations/*/fleets/*.

Authorization requires the following IAM permission on the specified resource name:

  • gkehub.fleet.get

GetMembershipBindingRequest

Request message for the GkeHub.GetMembershipBinding method.

Fields
name

string

Required. The MembershipBinding resource name in the format projects/*/locations/*/memberships/*/bindings/*.

Authorization requires the following IAM permission on the specified resource name:

  • gkehub.membershipbindings.get

GetMembershipRBACRoleBindingRequest

Request message for the GkeHub.GetMembershipRBACRoleBinding method.

Fields
name

string

Required. The RBACRoleBinding resource name in the format projects/*/locations/*/memberships/*/rbacrolebindings/*.

Authorization requires the following IAM permission on the specified resource name:

  • gkehub.rbacrolebindings.get

GetMembershipRequest

Request message for GkeHub.GetMembership method.

Fields
name

string

Required. The Membership resource name in the format projects/*/locations/*/memberships/*.

Authorization requires the following IAM permission on the specified resource name:

  • gkehub.memberships.get

GetScopeNamespaceRequest

Request message for the GkeHub.GetNamespace method.

Fields
name

string

Required. The Namespace resource name in the format projects/*/locations/*/scopes/*/namespaces/*.

Authorization requires the following IAM permission on the specified resource name:

  • gkehub.namespaces.get

GetScopeRBACRoleBindingRequest

Request message for the GkeHub.GetScopeRBACRoleBinding method.

Fields
name

string

Required. The RBACRoleBinding resource name in the format projects/*/locations/*/scopes/*/rbacrolebindings/*.

Authorization requires the following IAM permission on the specified resource name:

  • gkehub.rbacrolebindings.get

GetScopeRequest

Request message for the GkeHub.GetScope method.

Fields
name

string

Required. The Scope resource name in the format projects/*/locations/*/scopes/*.

Authorization requires the following IAM permission on the specified resource name:

  • gkehub.scopes.get

GkeCluster

GkeCluster contains information specific to GKE clusters.

Fields
cluster_missing

bool

Output only. If cluster_missing is set then it denotes that the GKE cluster no longer exists in the GKE Control Plane.

KubernetesMetadata

KubernetesMetadata provides informational metadata for Memberships representing Kubernetes clusters.

Fields
kubernetes_api_server_version

string

Output only. Kubernetes API server version string as reported by /version.

node_provider_id

string

Output only. Node providerID as reported by the first node in the list of nodes on the Kubernetes endpoint. On Kubernetes platforms that support zero-node clusters (like GKE-on-GCP), the node_count will be zero and the node_provider_id will be empty.

node_count

int32

Output only. Node count as reported by Kubernetes nodes resources.

vcpu_count

int32

Output only. vCPU count as reported by Kubernetes nodes resources.

memory_mb

int32

Output only. The total memory capacity as reported by the sum of all Kubernetes nodes resources, defined in MB.

update_time

Timestamp

Output only. The time at which these details were last updated. This update_time is different from the Membership-level update_time since EndpointDetails are updated internally for API consumers.

KubernetesResource

KubernetesResource contains the YAML manifests and configuration for Membership Kubernetes resources in the cluster. After CreateMembership or UpdateMembership, these resources should be re-applied in the cluster.

Fields
membership_cr_manifest

string

Input only. The YAML representation of the Membership CR. This field is ignored for GKE clusters where Hub can read the CR directly.

Callers should provide the CR that is currently present in the cluster during CreateMembership or UpdateMembership, or leave this field empty if none exists. The CR manifest is used to validate the cluster has not been registered with another Membership.

membership_resources[]

ResourceManifest

Output only. Additional Kubernetes resources that need to be applied to the cluster after Membership creation, and after every update.

This field is only populated in the Membership returned from a successful long-running operation from CreateMembership or UpdateMembership. It is not populated during normal GetMembership or ListMemberships requests. To get the resource manifest after the initial registration, the caller should make a UpdateMembership call with an empty field mask.

connect_resources[]

ResourceManifest

Output only. The Kubernetes resources for installing the GKE Connect agent

This field is only populated in the Membership returned from a successful long-running operation from CreateMembership or UpdateMembership. It is not populated during normal GetMembership or ListMemberships requests. To get the resource manifest after the initial registration, the caller should make a UpdateMembership call with an empty field mask.

resource_options

ResourceOptions

Optional. Options for Kubernetes resource generation.

ListFeaturesRequest

Request message for GkeHub.ListFeatures method.

Fields
parent

string

Required. The parent (project and location) where the Features will be listed. Specified in the format projects/*/locations/*.

Authorization requires the following IAM permission on the specified resource parent:

  • gkehub.features.list
page_size

int32

When requesting a 'page' of resources, page_size specifies number of resources to return. If unspecified or set to 0, all resources will be returned.

page_token

string

Token returned by previous call to ListFeatures which specifies the position in the list from where to continue listing the resources.

filter

string

Lists Features that match the filter expression, following the syntax outlined in https://google.aip.dev/160.

Examples:

  • Feature with the name "servicemesh" in project "foo-proj":
  name = "projects/foo-proj/locations/global/features/servicemesh"
  • Features that have a label called foo:
  labels.foo:*
  • Features that have a label called foo whose value is bar:
  labels.foo = bar
order_by

string

One or more fields to compare and use to sort the output. See https://google.aip.dev/132#ordering.

ListFeaturesResponse

Response message for the GkeHub.ListFeatures method.

Fields
resources[]

Feature

The list of matching Features

next_page_token

string

A token to request the next page of resources from the ListFeatures method. The value of an empty string means that there are no more resources to return.

ListFleetsRequest

Request message for the GkeHub.ListFleets method.

Fields
parent

string

Required. The organization or project to list for Fleets under, in the format organizations/*/locations/* or projects/*/locations/*.

page_token

string

Optional. A page token, received from a previous ListFleets call. Provide this to retrieve the subsequent page.

When paginating, all other parameters provided to ListFleets must match the call that provided the page token.

page_size

int32

Optional. The maximum number of fleets to return. The service may return fewer than this value. If unspecified, at most 200 fleets will be returned. The maximum value is 1000; values above 1000 will be coerced to 1000.

ListFleetsResponse

Response message for the GkeHub.ListFleetsResponse method.

Fields
fleets[]

Fleet

The list of matching fleets.

next_page_token

string

A token, which can be sent as page_token to retrieve the next page. If this field is omitted, there are no subsequent pages. The token is only valid for 1h.

ListMembershipBindingsRequest

Request to list MembershipBinding.

Fields
parent

string

Required. The parent Membership for which the MembershipBindings will be listed. Specified in the format projects/*/locations/*/memberships/*.

Authorization requires the following IAM permission on the specified resource parent:

  • gkehub.membershipbindings.list
page_size

int32

Optional. When requesting a 'page' of resources, page_size specifies number of resources to return. If unspecified or set to 0, all resources will be returned.

page_token

string

Optional. Token returned by previous call to ListMembershipBindings which specifies the position in the list from where to continue listing the resources.

filter

string

Optional. Lists MembershipBindings that match the filter expression, following the syntax outlined in https://google.aip.dev/160.

ListMembershipBindingsResponse

List of MembershipBindings.

Fields
membership_bindings[]

MembershipBinding

The list of membership_bindings

next_page_token

string

A token to request the next page of resources from the ListMembershipBindings method. The value of an empty string means that there are no more resources to return.

ListMembershipRBACRoleBindingsRequest

Request to list Membership RBACRoleBindings.

Fields
parent

string

Required. The parent (project and location) where the Features will be listed. Specified in the format projects/*/locations/*/memberships/*.

Authorization requires the following IAM permission on the specified resource parent:

  • gkehub.rbacrolebindings.list
page_size

int32

Optional. When requesting a 'page' of resources, page_size specifies number of resources to return. If unspecified or set to 0, all resources will be returned.

page_token

string

Optional. Token returned by previous call to ListMembershipRBACRoleBindings which specifies the position in the list from where to continue listing the resources.

ListMembershipRBACRoleBindingsResponse

List of Membership RBACRoleBindings.

Fields
rbacrolebindings[]

RBACRoleBinding

The list of Membership RBACRoleBindings.

next_page_token

string

A token to request the next page of resources from the ListMembershipRBACRoleBindings method. The value of an empty string means that there are no more resources to return.

ListMembershipsRequest

Request message for GkeHub.ListMemberships method.

Fields
parent

string

Required. The parent (project and location) where the Memberships will be listed. Specified in the format projects/*/locations/*. projects/*/locations/- list memberships in all the regions.

Authorization requires the following IAM permission on the specified resource parent:

  • gkehub.memberships.list
page_size

int32

Optional. When requesting a 'page' of resources, page_size specifies number of resources to return. If unspecified or set to 0, all resources will be returned.

page_token

string

Optional. Token returned by previous call to ListMemberships which specifies the position in the list from where to continue listing the resources.

filter

string

Optional. Lists Memberships that match the filter expression, following the syntax outlined in https://google.aip.dev/160.

Examples:

  • Name is bar in project foo-proj and location global:
  name = "projects/foo-proj/locations/global/membership/bar"
  • Memberships that have a label called foo:
  labels.foo:*
  • Memberships that have a label called foo whose value is bar:
  labels.foo = bar
  • Memberships in the CREATING state:
  state = CREATING
order_by

string

Optional. One or more fields to compare and use to sort the output. See https://google.aip.dev/132#ordering.

ListMembershipsResponse

Response message for the GkeHub.ListMemberships method.

Fields
resources[]

Membership

The list of matching Memberships.

next_page_token

string

A token to request the next page of resources from the ListMemberships method. The value of an empty string means that there are no more resources to return.

unreachable[]

string

List of locations that could not be reached while fetching this list.

ListScopeNamespacesRequest

Request to list fleet namespaces.

Fields
parent

string

Required. The parent (project and location) where the Features will be listed. Specified in the format projects/*/locations/*/scopes/*.

Authorization requires the following IAM permission on the specified resource parent:

  • gkehub.namespaces.list
page_size

int32

Optional. When requesting a 'page' of resources, page_size specifies number of resources to return. If unspecified or set to 0, all resources will be returned.

page_token

string

Optional. Token returned by previous call to ListFeatures which specifies the position in the list from where to continue listing the resources.

ListScopeNamespacesResponse

List of fleet namespaces.

Fields
scope_namespaces[]

Namespace

The list of fleet namespaces

next_page_token

string

A token to request the next page of resources from the ListNamespaces method. The value of an empty string means that there are no more resources to return.

ListScopeRBACRoleBindingsRequest

Request to list Scope RBACRoleBindings.

Fields
parent

string

Required. The parent (project and location) where the Features will be listed. Specified in the format projects/*/locations/*/scopes/*.

Authorization requires the following IAM permission on the specified resource parent:

  • gkehub.rbacrolebindings.list
page_size

int32

Optional. When requesting a 'page' of resources, page_size specifies number of resources to return. If unspecified or set to 0, all resources will be returned.

page_token

string

Optional. Token returned by previous call to ListScopeRBACRoleBindings which specifies the position in the list from where to continue listing the resources.

ListScopeRBACRoleBindingsResponse

List of Scope RBACRoleBindings.

Fields
rbacrolebindings[]

RBACRoleBinding

The list of Scope RBACRoleBindings.

next_page_token

string

A token to request the next page of resources from the ListScopeRBACRoleBindings method. The value of an empty string means that there are no more resources to return.

ListScopesRequest

Request to list Scopes.

Fields
parent

string

Required. The parent (project and location) where the Scope will be listed. Specified in the format projects/*/locations/*.

Authorization requires the following IAM permission on the specified resource parent:

  • gkehub.scopes.list
page_size

int32

Optional. When requesting a 'page' of resources, page_size specifies number of resources to return. If unspecified or set to 0, all resources will be returned.

page_token

string

Optional. Token returned by previous call to ListScopes which specifies the position in the list from where to continue listing the resources.

ListScopesResponse

List of Scopes.

Fields
scopes[]

Scope

The list of Scopes

next_page_token

string

A token to request the next page of resources from the ListScopes method. The value of an empty string means that there are no more resources to return.

Membership

Membership contains information about a member cluster.

Fields
name

string

Output only. The full, unique name of this Membership resource in the format projects/*/locations/*/memberships/{membership_id}, set during creation.

membership_id must be a valid RFC 1123 compliant DNS label:

  1. At most 63 characters in length
  2. It must consist of lower case alphanumeric characters or -
  3. It must start and end with an alphanumeric character

Which can be expressed as the regex: [a-z0-9]([-a-z0-9]*[a-z0-9])?, with a maximum length of 63 characters.

labels

map<string, string>

Optional. Labels for this membership.

description

string

Output only. Description of this membership, limited to 63 characters. Must match the regex: [a-zA-Z0-9][a-zA-Z0-9_\-\.\ ]*

This field is present for legacy purposes.

state

MembershipState

Output only. State of the Membership resource.

create_time

Timestamp

Output only. When the Membership was created.

update_time

Timestamp

Output only. When the Membership was last updated.

delete_time

Timestamp

Output only. When the Membership was deleted.

external_id

string

Optional. An externally-generated and managed ID for this Membership. This ID may be modified after creation, but this is not recommended.

The ID must match the regex: [a-zA-Z0-9][a-zA-Z0-9_\-\.]*

If this Membership represents a Kubernetes cluster, this value should be set to the UID of the kube-system namespace object.

last_connection_time

Timestamp

Output only. For clusters using Connect, the timestamp of the most recent connection established with Google Cloud. This time is updated every several minutes, not continuously. For clusters that do not use GKE Connect, or that have never connected successfully, this field will be unset.

unique_id

string

Output only. Google-generated UUID for this resource. This is unique across all Membership resources. If a Membership resource is deleted and another resource with the same name is created, it gets a different unique_id.

authority

Authority

Optional. How to identify workloads from this Membership. See the documentation on Workload Identity for more details: https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity

monitoring_config

MonitoringConfig

Optional. The monitoring config information for this membership.

Union field type. Type of resource represented by this Membership type can be only one of the following:
endpoint

MembershipEndpoint

Optional. Endpoint information to reach this member.

MembershipBinding

MembershipBinding is a subresource of a Membership, representing what Fleet Scopes (or other, future Fleet resources) a Membership is bound to.

Fields
name

string

The resource name for the membershipbinding itself projects/{project}/locations/{location}/memberships/{membership}/bindings/{membershipbinding}

uid

string

Output only. Google-generated UUID for this resource. This is unique across all membershipbinding resources. If a membershipbinding resource is deleted and another resource with the same name is created, it gets a different uid.

create_time

Timestamp

Output only. When the membership binding was created.

update_time

Timestamp

Output only. When the membership binding was last updated.

delete_time

Timestamp

Output only. When the membership binding was deleted.

state

MembershipBindingLifecycleState

Output only. State of the membership binding resource.

labels

map<string, string>

Optional. Labels for this MembershipBinding.

Union field target. What type of membershipbinding this is. target can be only one of the following:
scope

string

A Scope resource name in the format projects/*/locations/*/scopes/*.

MembershipBindingLifecycleState

MembershipBindingLifecycleState describes the state of a Binding resource.

Fields
code

MembershipBindingLifecycleState.Code

Output only. The current state of the MembershipBinding resource.

Code

Code describes the state of a MembershipBinding resource.

Enums
CODE_UNSPECIFIED The code is not set.
CREATING The membershipbinding is being created.
READY The membershipbinding active.
DELETING The membershipbinding is being deleted.
UPDATING The membershipbinding is being updated.

MembershipEndpoint

MembershipEndpoint contains information needed to contact a Kubernetes API, endpoint and any additional Kubernetes metadata.

Fields
kubernetes_metadata

KubernetesMetadata

Output only. Useful Kubernetes-specific metadata.

kubernetes_resource

KubernetesResource

Optional. The in-cluster Kubernetes Resources that should be applied for a correctly registered cluster, in the steady state. These resources:

  • Ensure that the cluster is exclusively registered to one and only one Hub Membership.
  • Propagate Workload Pool Information available in the Membership Authority field.
  • Ensure proper initial configuration of default Hub Features.
google_managed

bool

Output only. Whether the lifecycle of this membership is managed by a google cluster platform service.

Union field type. Cluster information of the registered cluster. type can be only one of the following:
gke_cluster

GkeCluster

Optional. Specific information for a GKE-on-GCP cluster.

on_prem_cluster

OnPremCluster

Optional. Specific information for a GKE On-Prem cluster. An onprem user-cluster who has no resourceLink is not allowed to use this field, it should have a nil "type" instead.

multi_cloud_cluster

MultiCloudCluster

Optional. Specific information for a GKE Multi-Cloud cluster.

edge_cluster

EdgeCluster

Optional. Specific information for a Google Edge cluster.

appliance_cluster

ApplianceCluster

Optional. Specific information for a GDC Edge Appliance cluster.

MembershipFeatureSpec

MembershipFeatureSpec contains configuration information for a single Membership. NOTE: Please use snake case in your feature name.

Fields
origin

MembershipFeatureSpec.Origin

Whether this per-Membership spec was inherited from a fleet-level default. This field can be updated by users by either overriding a Membership config (updated to USER implicitly) or setting to FLEET explicitly.

Union field feature_spec.

feature_spec can be only one of the following:

configmanagement

MembershipSpec

Config Management-specific spec.

cloudbuild

MembershipSpec

Cloud Build-specific spec

identityservice

MembershipSpec

Identity Service-specific spec.

mesh

MembershipSpec

Anthos Service Mesh-specific spec

anthosobservability

AnthosObservabilityMembershipSpec

Anthos Observability-specific spec

policycontroller

MembershipSpec

Policy Controller spec.

fleetobservability

MembershipSpec

Fleet observability membership spec

Origin

Origin defines where this MembershipFeatureSpec originated from.

Fields
type

MembershipFeatureSpec.Origin.Type

Type specifies which type of origin is set.

Type

Type specifies the persona that persisted the config.

Enums
TYPE_UNSPECIFIED Type is unknown or not set.
FLEET Per-Membership spec was inherited from the fleet-level default.
FLEET_OUT_OF_SYNC Per-Membership spec was inherited from the fleet-level default but is now out of sync with the current default.
USER Per-Membership spec was inherited from a user specification.

MembershipFeatureState

MembershipFeatureState contains Feature status information for a single Membership.

Fields
state

FeatureState

The high-level state of this Feature for a single membership.

Union field feature_state.

feature_state can be only one of the following:

servicemesh

MembershipState

Service Mesh-specific state.

metering

MembershipState

Metering-specific state.

configmanagement

MembershipState

Config Management-specific state.

identityservice

MembershipState

Identity Service-specific state.

appdevexperience

AppDevExperienceFeatureState

Appdevexperience specific state.

policycontroller

MembershipState

Policycontroller-specific state.

clusterupgrade

MembershipState

ClusterUpgrade state.

fleetobservability

MembershipState

Fleet observability membership state.

MembershipState

MembershipState describes the state of a Membership resource.

Fields