resourcemanager.gdc.goog/v1
Contains API Schema definitions for the Resource Manager group.
ClusterPropagationStatus
Provides the propagation status of a cluster.
Appears in: - PropagationStatus
| Field | Description |
|---|---|
namespace string |
|
name string |
|
conditions Condition array |
|
propagatedNamespace string |
The namespace of the propagated resource. |
ClusterStatus
Contains the propagation status for a specific cluster.
Appears in: - ClusterPropagationStatus - OrganizationRoleBindingStatus - OrganizationRoleStatus - ProjectClusterStatus - ProjectRoleBindingStatus - ProjectRoleStatus - ProjectServiceAccountStatus
| Field | Description |
|---|---|
namespace string |
|
name string |
|
conditions Condition array |
NameSelector
Provides a list of Project Name For ProjectBinding to match with.
Appears in: - ProjectBindingSelector
| Field | Description |
|---|---|
matchNames string array |
OrganizationRole
Provides a system namespace resource that propagates the ClusterRole configuration to all user clusters within the organization.
Appears in: - OrganizationRoleList
| Field | Description |
|---|---|
apiVersion string |
resourcemanager.gdc.goog/v1 |
kind string |
OrganizationRole |
metadata ObjectMeta |
Refer to Kubernetes API documentation for fields of metadata. |
spec OrganizationRoleSpec |
|
status OrganizationRoleStatus |
OrganizationRoleBinding
Provides a system namespace resource that propagates the ClusterRoleBinding configuration to all user clusters within the organization.
Appears in: - OrganizationRoleBindingList
| Field | Description |
|---|---|
apiVersion string |
resourcemanager.gdc.goog/v1 |
kind string |
OrganizationRoleBinding |
metadata ObjectMeta |
Refer to Kubernetes API documentation for fields of metadata. |
spec OrganizationRoleBindingSpec |
|
status OrganizationRoleBindingStatus |
OrganizationRoleBindingList
Contains a list of OrganizationRoleBinding resources.
| Field | Description |
|---|---|
apiVersion string |
resourcemanager.gdc.goog/v1 |
kind string |
OrganizationRoleBindingList |
metadata ListMeta |
Refer to Kubernetes API documentation for fields of metadata. |
items OrganizationRoleBinding array |
OrganizationRoleBindingSpec
Defines the specification of the OrganizationRoleBinding object.
Appears in: - OrganizationRoleBinding
| Field | Description |
|---|---|
subjects Subject array |
The subjects of the ClusterRoleBinding resource to create in the cluster. |
roleRef RoleRef |
The RoleRef resource of the ClusterRoleBinding object to create in the cluster. |
OrganizationRoleBindingStatus
Defines the observed state of the OrganizationRoleBinding object.
Appears in: - OrganizationRoleBinding
| Field | Description |
|---|---|
conditions Condition array |
|
propagatedName string |
The name of the propagated ClusterRoleBinding resource in all user clusters within the organization. |
clusters ClusterStatus array |
The list of propagation statuses for the clusters. When properly propagated, the list includes all clusters within the organization. |
errorStatus ErrorStatus |
The most recent errors with the observed times included. |
OrganizationRoleList
Contains a list of OrganizationRole resources.
| Field | Description |
|---|---|
apiVersion string |
resourcemanager.gdc.goog/v1 |
kind string |
OrganizationRoleList |
metadata ListMeta |
Refer to Kubernetes API documentation for fields of metadata. |
items OrganizationRole array |
OrganizationRoleSpec
Defines the desired state of the OrganizationRole resource.
Appears in: - OrganizationRole
| Field | Description |
|---|---|
rules PolicyRule array |
The rules of the ClusterRole resource to create in all clusters. |
aggregationRule AggregationRule |
An optional field that describes the same aggregation logic as in the Kubernetes ClusterRole object. |
OrganizationRoleStatus
Defines the observed state of the OrganizationRole object.
Appears in: - OrganizationRole
| Field | Description |
|---|---|
conditions Condition array |
If the Ready condition is True, then all ClusterRole resources are successfully propagated to all user clusters. If the Ready condition is False, then some or all ClusterRole resources have failed to propagate. |
propagatedName string |
The name of the propagated ClusterRole resource in all user clusters within the organization. |
clusters ClusterStatus array |
The list of propagation statuses on the clusters. |
errorStatus ErrorStatus |
The most recent errors with the observed times included. |
Project
Represents a namespace that spans across multiple user clusters in an organization. It is a namespaced resource, and the controller is expected to watch reconcile Project objects in a preconfigured namespace.
Appears in: - ProjectList
| Field | Description |
|---|---|
apiVersion string |
resourcemanager.gdc.goog/v1 |
kind string |
Project |
metadata ObjectMeta |
Refer to Kubernetes API documentation for fields of metadata. |
status ProjectStatus |
ProjectBinding
Represents a cluster resource that maintains the mapping relations between clusters and projects. The namespace of the ProjectBinding object corresponds to the cluster.
Appears in: - ProjectBindingList
| Field | Description |
|---|---|
apiVersion string |
resourcemanager.gdc.goog/v1 |
kind string |
ProjectBinding |
metadata ObjectMeta |
Refer to Kubernetes API documentation for fields of metadata. |
spec ProjectBindingSpec |
ProjectBindingClusterRef
Represents the cluster that projects propagate to.
Appears in: - ProjectBindingSpec
| Field | Description |
|---|---|
name string |
The cluster name. |
ProjectBindingList
Contains a list of ProjectBinding resources.
| Field | Description |
|---|---|
apiVersion string |
resourcemanager.gdc.goog/v1 |
kind string |
ProjectBindingList |
metadata ListMeta |
Refer to Kubernetes API documentation for fields of metadata. |
items ProjectBinding array |
ProjectBindingSelector
Provides a set of rules to match Projects. Must choose exactly 0 or 1 of the selectors. 0 selector matches all Projects.
Appears in: - ProjectBindingSpec
| Field | Description |
|---|---|
nameSelector NameSelector |
|
labelSelector LabelSelector |
ProjectBindingSpec
Provides the specification, or desired state, of a ProjectBinding resource.
Appears in: - ProjectBinding
| Field | Description |
|---|---|
clusterRef ProjectBindingClusterRef |
|
selector ProjectBindingSelector |
The Selector is used to specify a set of rules to match Projects. |
ProjectClusterStatus
Contains the propagation status and egress NAT IP address used for a specific cluster.
Appears in: - ProjectStatus
| Field | Description |
|---|---|
namespace string |
|
name string |
|
conditions Condition array |
|
egressNATIPAddress string |
ProjectList
Represents a collection of projects.
| Field | Description |
|---|---|
apiVersion string |
resourcemanager.gdc.goog/v1 |
kind string |
ProjectList |
metadata ListMeta |
Refer to Kubernetes API documentation for fields of metadata. |
items Project array |
ProjectRole
Represents a project resource that propagates the Role configuration to all user clusters the project spans across. The namespace of the ProjectRole resource corresponds to the project.
Appears in: - ProjectRoleList
| Field | Description |
|---|---|
apiVersion string |
resourcemanager.gdc.goog/v1 |
kind string |
ProjectRole |
metadata ObjectMeta |
Refer to Kubernetes API documentation for fields of metadata. |
spec ProjectRoleSpec |
|
status ProjectRoleStatus |
ProjectRoleBinding
Represents a project resource that propagates the RoleBinding resource configuration to all user clusters the project spans across. The namespace for the ProjectRoleBinding resource corresponds to the project.
Appears in: - ProjectRoleBindingList
| Field | Description |
|---|---|
apiVersion string |
resourcemanager.gdc.goog/v1 |
kind string |
ProjectRoleBinding |
metadata ObjectMeta |
Refer to Kubernetes API documentation for fields of metadata. |
spec ProjectRoleBindingSpec |
|
status ProjectRoleBindingStatus |
ProjectRoleBindingList
Contains a list of ProjectRoleBinding resources.
| Field | Description |
|---|---|
apiVersion string |
resourcemanager.gdc.goog/v1 |
kind string |
ProjectRoleBindingList |
metadata ListMeta |
Refer to Kubernetes API documentation for fields of metadata. |
items ProjectRoleBinding array |
ProjectRoleBindingSpec
Defines the specification of the ProjectRoleBinding resource. It is the same definition as a native RoleBinding definition.
Appears in: - ProjectRoleBinding
| Field | Description |
|---|---|
subjects Subject array |
The subjects of the RoleBinding resource created in the cluster. |
roleRef RoleRef |
The RoleRef resource of the RoleBinding object to create in the cluster. |
ProjectRoleBindingStatus
Defines the observed state of the ProjectRoleBinding resource.
Appears in: - ProjectRoleBinding
| Field | Description |
|---|---|
conditions Condition array |
|
clusters ClusterStatus array |
The list of propagation statuses for the clusters. |
propagatedName string |
The name of the propagated ProjectRole resource realized in the user clusters. |
errorStatus ErrorStatus |
The most recent errors with the observed times included. |
ProjectRoleList
Contains a list of ProjectRole resources.
| Field | Description |
|---|---|
apiVersion string |
resourcemanager.gdc.goog/v1 |
kind string |
ProjectRoleList |
metadata ListMeta |
Refer to Kubernetes API documentation for fields of metadata. |
items ProjectRole array |
ProjectRoleSpec
Defines the desired state of a ProjectRole resource. It is the same definition as a native Kubernetes Role.
Appears in: - ProjectRole
| Field | Description |
|---|---|
rules PolicyRule array |
ProjectRoleStatus
Defines the observed state of a ProjectRole resource.
Appears in: - ProjectRole
| Field | Description |
|---|---|
conditions Condition array |
|
clusters ClusterStatus array |
The list of propagation statuses on the clusters. |
propagatedName string |
The name of the propagated ProjectRole resource realized in the user clusters. |
errorStatus ErrorStatus |
The most recent errors with the observed times included. |
ProjectServiceAccount
Defines a project resource that propagates the service account to all user clusters the project spans across. The namespace of the ProjectServiceAccount resource corresponds to the project.
Appears in: - ProjectServiceAccountList
| Field | Description |
|---|---|
apiVersion string |
resourcemanager.gdc.goog/v1 |
kind string |
ProjectServiceAccount |
metadata ObjectMeta |
Refer to Kubernetes API documentation for fields of metadata. |
spec ProjectServiceAccountSpec |
|
status ProjectServiceAccountStatus |
ProjectServiceAccountKey
Contains the key component used to verify the JWT signed by the private key for the ProjectServiceAccount resource. The JWT is used as part of the authentication flow. Currently, the ProjectServiceAccountKey resource only supports user-managed keys. Users can create and delete user-managed key pairs. Users are responsible for rotating these keys periodically to ensure the security of their service accounts. Users retain the private key of these key pairs, and the ProjectServiceAccountKey resource retains only the public key.
Appears in: - ProjectServiceAccountSpec
| Field | Description |
|---|---|
algorithm ProjectServiceAccountKeyAlgorithm |
The algorithm of the key. Currently only ES256 keys are supported. |
id string |
The ID of the key. This is used to determine which key to verify against. |
key string |
The base64 encoded public key to verify against. |
validBefore Time |
The expiration date for the key. |
validAfter Time |
The start date when the key becomes valid. |
ProjectServiceAccountList
Contains a list of ProjectServiceAccount resources.
| Field | Description |
|---|---|
apiVersion string |
resourcemanager.gdc.goog/v1 |
kind string |
ProjectServiceAccountList |
metadata ListMeta |
Refer to Kubernetes API documentation for fields of metadata. |
items ProjectServiceAccount array |
ProjectServiceAccountSpec
Defines the desired state of the ProjectServiceAccount resource.
Appears in: - ProjectServiceAccount
| Field | Description |
|---|---|
keys ProjectServiceAccountKey array |
The public keys used to verify the signature of the JWTs for the ProjectServiceAccount resource. |
ProjectServiceAccountStatus
Defines the observed state of the ProjectServiceAccount resource.
Appears in: - ProjectServiceAccount
| Field | Description |
|---|---|
conditions Condition array |
If the Ready condition is True, all ServiceAccount resources are successfully propagated to all clusters of its project. If the Ready condition is False, some ServiceAccount resources have failed to propagate. The Ready condition can transition from True to Unknown if the corresponding ServiceAccount resource in a user cluster is modified, which triggers another propagation. |
propagatedName string |
The name of the propagated ServiceAccount resource. |
clusters ClusterStatus array |
The list of all selected cluster names and the conditions of the propagated resources in the clusters. |
ProjectStatus
Provides the status of a project.
Appears in: - Project
| Field | Description |
|---|---|
conditions Condition array |
|
propagatedName string |
The name of the propagated namespace. |
clusters ProjectClusterStatus array |
The propagation statuses and egress NAT IP addresses of all user clusters this project spans across. |
errorStatus ErrorStatus |
The most recent errors with the observed times included. |