Index
GkeHub
(interface)ApplianceCluster
(message)Authority
(message)BinaryAuthorizationConfig
(message)BinaryAuthorizationConfig.EvaluationMode
(enum)BinaryAuthorizationConfig.PolicyBinding
(message)CommonFeatureSpec
(message)CommonFeatureState
(message)CommonFleetDefaultMemberConfigSpec
(message)CompliancePostureConfig
(message)CompliancePostureConfig.ComplianceStandard
(message)CompliancePostureConfig.Mode
(enum)ConnectAgentResource
(message)CreateFeatureRequest
(message)CreateFleetRequest
(message)CreateMembershipBindingRequest
(message)CreateMembershipRBACRoleBindingRequest
(message)CreateMembershipRequest
(message)CreateScopeNamespaceRequest
(message)CreateScopeRBACRoleBindingRequest
(message)CreateScopeRequest
(message)DefaultClusterConfig
(message)DeleteFeatureRequest
(message)DeleteFleetRequest
(message)DeleteMembershipBindingRequest
(message)DeleteMembershipRBACRoleBindingRequest
(message)DeleteMembershipRequest
(message)DeleteScopeNamespaceRequest
(message)DeleteScopeRBACRoleBindingRequest
(message)DeleteScopeRequest
(message)EdgeCluster
(message)Feature
(message)FeatureResourceState
(message)FeatureResourceState.State
(enum)FeatureState
(message)FeatureState.Code
(enum)Fleet
(message)FleetLifecycleState
(message)FleetLifecycleState.Code
(enum)GenerateConnectManifestRequest
(message)GenerateConnectManifestResponse
(message)GenerateExclusivityManifestRequest
(message)GenerateExclusivityManifestResponse
(message)GenerateMembershipRBACRoleBindingYAMLRequest
(message)GenerateMembershipRBACRoleBindingYAMLResponse
(message)GetFeatureRequest
(message)GetFleetRequest
(message)GetMembershipBindingRequest
(message)GetMembershipRBACRoleBindingRequest
(message)GetMembershipRequest
(message)GetScopeNamespaceRequest
(message)GetScopeRBACRoleBindingRequest
(message)GetScopeRequest
(message)GkeCluster
(message)KubernetesMetadata
(message)KubernetesResource
(message)ListAdminClusterMembershipsRequest
(message)ListAdminClusterMembershipsResponse
(message)ListBoundMembershipsRequest
(message)ListBoundMembershipsResponse
(message)ListFeaturesRequest
(message)ListFeaturesResponse
(message)ListFleetsRequest
(message)ListFleetsResponse
(message)ListMembershipBindingsRequest
(message)ListMembershipBindingsResponse
(message)ListMembershipRBACRoleBindingsRequest
(message)ListMembershipRBACRoleBindingsResponse
(message)ListMembershipsRequest
(message)ListMembershipsResponse
(message)ListPermittedScopesRequest
(message)ListPermittedScopesResponse
(message)ListScopeNamespacesRequest
(message)ListScopeNamespacesResponse
(message)ListScopeRBACRoleBindingsRequest
(message)ListScopeRBACRoleBindingsResponse
(message)ListScopesRequest
(message)ListScopesResponse
(message)Membership
(message)Membership.ClusterTier
(enum)MembershipBinding
(message)MembershipBindingLifecycleState
(message)MembershipBindingLifecycleState.Code
(enum)MembershipEndpoint
(message)MembershipFeatureSpec
(message)MembershipFeatureSpec.Origin
(message)MembershipFeatureSpec.Origin.Type
(enum)MembershipFeatureState
(message)MembershipState
(message)MembershipState.Code
(enum)MonitoringConfig
(message)MultiCloudCluster
(message)Namespace
(message)NamespaceLifecycleState
(message)NamespaceLifecycleState.Code
(enum)OnPremCluster
(message)OnPremCluster.ClusterType
(enum)OperationMetadata
(message)RBACRoleBinding
(message)RBACRoleBinding.Role
(message)RBACRoleBinding.Role.PredefinedRoles
(enum)RBACRoleBindingLifecycleState
(message)RBACRoleBindingLifecycleState.Code
(enum)ResourceManifest
(message)ResourceOptions
(message)Scope
(message)ScopeFeatureSpec
(message)ScopeFeatureState
(message)ScopeLifecycleState
(message)ScopeLifecycleState.Code
(enum)SecurityPostureConfig
(message)SecurityPostureConfig.Mode
(enum)SecurityPostureConfig.VulnerabilityMode
(enum)TypeMeta
(message)UpdateFeatureRequest
(message)UpdateFleetRequest
(message)UpdateMembershipBindingRequest
(message)UpdateMembershipRBACRoleBindingRequest
(message)UpdateMembershipRequest
(message)UpdateScopeNamespaceRequest
(message)UpdateScopeRBACRoleBindingRequest
(message)UpdateScopeRequest
(message)ValidateCreateMembershipRequest
(message)ValidateCreateMembershipResponse
(message)ValidateExclusivityRequest
(message)ValidateExclusivityResponse
(message)ValidationResult
(message)ValidationResult.ValidatorType
(enum)
GkeHub
The GKE Hub service handles the registration of many Kubernetes clusters to Google Cloud, and the management of multi-cluster features over those clusters.
The GKE Hub service operates on the following resources:
GKE Hub is currently available in the global region and all regions in https://cloud.google.com/compute/docs/regions-zones. Feature is only available in global region while membership is global region and all the regions.
Membership management may be non-trivial: it is recommended to use one of the Google-provided client libraries or tools where possible when working with Membership resources.
CreateFeature |
---|
Adds a new Feature.
|
CreateFleet |
---|
Creates a fleet.
|
CreateMembership |
---|
Creates a new Membership. This is currently only supported for GKE clusters on Google Cloud. To register other clusters, follow the instructions at https://cloud.google.com/anthos/multicluster-management/connect/registering-a-cluster.
|
CreateMembershipBinding |
---|
Creates a MembershipBinding.
|
CreateMembershipRBACRoleBinding |
---|
Creates a Membership RBACRoleBinding.
|
CreateScope |
---|
Creates a Scope.
|
CreateScopeNamespace |
---|
Creates a fleet namespace.
|
CreateScopeRBACRoleBinding |
---|
Creates a Scope RBACRoleBinding.
|
DeleteFeature |
---|
Removes a Feature.
|
DeleteFleet |
---|
Removes a Fleet. There must be no memberships remaining in the Fleet.
|
DeleteMembership |
---|
Removes a Membership. This is currently only supported for GKE clusters on Google Cloud. To unregister other clusters, follow the instructions at https://cloud.google.com/anthos/multicluster-management/connect/unregistering-a-cluster.
|
DeleteMembershipBinding |
---|
Deletes a MembershipBinding.
|
DeleteMembershipRBACRoleBinding |
---|
Deletes a Membership RBACRoleBinding.
|
DeleteScope |
---|
Deletes a Scope.
|
DeleteScopeNamespace |
---|
Deletes a fleet namespace.
|
DeleteScopeRBACRoleBinding |
---|
Deletes a Scope RBACRoleBinding.
|
GenerateConnectManifest |
---|
Generates the manifest for deployment of the GKE connect agent. This method is used internally by Google-provided libraries. Most clients should not need to call this method directly.
|
GenerateExclusivityManifest |
---|
GenerateExclusivityManifest generates the manifests to update the exclusivity artifacts in the cluster if needed. Exclusivity artifacts include the Membership custom resource definition (CRD) and the singleton Membership custom resource (CR). Combined with ValidateExclusivity, exclusivity artifacts guarantee that a Kubernetes cluster is only registered to a single GKE Hub. The Membership CRD is versioned, and may require conversion when the GKE Hub API server begins serving a newer version of the CRD and corresponding CR. The response will be the converted CRD and CR if there are any differences between the versions.
|
GenerateMembershipRBACRoleBindingYAML |
---|
Generates a YAML of the RBAC policies for the specified RoleBinding and its associated impersonation resources.
|
GetFeature |
---|
Gets details of a single Feature.
|
GetFleet |
---|
Returns the details of a fleet.
|
GetMembership |
---|
Gets the details of a Membership.
|
GetMembershipBinding |
---|
Returns the details of a MembershipBinding.
|
GetMembershipRBACRoleBinding |
---|
Returns the details of a Membership RBACRoleBinding.
|
GetScope |
---|
Returns the details of a Scope.
|
GetScopeNamespace |
---|
Returns the details of a fleet namespace.
|
GetScopeRBACRoleBinding |
---|
Returns the details of a Scope RBACRoleBinding.
|
ListAdminClusterMemberships |
---|
Lists Memberships of admin clusters in a given project and location. This method is only used internally.
|
ListBoundMemberships |
---|
Lists Memberships bound to a Scope. The response includes relevant Memberships from all regions.
|
ListFeatures |
---|
Lists Features in a given project and location.
|
ListFleets |
---|
Returns all fleets within an organization or a project that the caller has access to.
|
ListMembershipBindings |
---|
Lists MembershipBindings.
|
ListMembershipRBACRoleBindings |
---|
Lists all Membership RBACRoleBindings.
|
ListMemberships |
---|
Lists Memberships in a given project and location.
|
ListPermittedScopes |
---|
Lists permitted Scopes.
|
ListScopeNamespaces |
---|
Lists fleet namespaces.
|
ListScopeRBACRoleBindings |
---|
Lists all Scope RBACRoleBindings.
|
ListScopes |
---|
Lists Scopes.
|
UpdateFeature |
---|
Updates an existing Feature.
|
UpdateFleet |
---|
Updates a fleet.
|
UpdateMembership |
---|
Updates an existing Membership.
|
UpdateMembershipBinding |
---|
Updates a MembershipBinding.
|
UpdateMembershipRBACRoleBinding |
---|
Updates a Membership RBACRoleBinding.
|
UpdateScope |
---|
Updates a scopes.
|
UpdateScopeNamespace |
---|
Updates a fleet namespace.
|
UpdateScopeRBACRoleBinding |
---|
Updates a Scope RBACRoleBinding.
|
ValidateCreateMembership |
---|
ValidateCreateMembership is a preflight check for CreateMembership. It checks the following: 1. Caller has the required
|
ValidateExclusivity |
---|
ValidateExclusivity validates the state of exclusivity in the cluster. The validation does not depend on an existing Hub membership resource.
|
ApplianceCluster
ApplianceCluster contains information specific to GDC Edge Appliance Clusters.
Fields | |
---|---|
resource_ |
Immutable. Self-link of the Google Cloud resource for the Appliance Cluster. For example: //transferappliance.googleapis.com/projects/my-project/locations/us-west1-a/appliances/my-appliance |
Authority
Authority encodes how Google will recognize identities from this Membership. See the workload identity documentation for more details: https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity
Fields | |
---|---|
issuer |
Optional. A JSON Web Token (JWT) issuer URI. If set, then Google will allow valid OIDC tokens from this issuer to authenticate within the workload_identity_pool. OIDC discovery will be performed on this URI to validate tokens from the issuer. Clearing |
workload_ |
Output only. The name of the workload identity pool in which There is a single Workload Identity Pool per Hub that is shared between all Memberships that belong to that Hub. For a Hub hosted in {PROJECT_ID}, the workload pool format is |
identity_ |
Output only. An identity provider that reflects the |
oidc_ |
Optional. OIDC verification keys for this Membership in JWKS format (RFC 7517). When this field is set, OIDC discovery will NOT be performed on |
scope_ |
Optional. Output only. The name of the scope-tenancy workload identity pool. This pool is set in the fleet-level feature. |
scope_ |
Optional. Output only. The identity provider for the scope-tenancy workload identity pool. |
BinaryAuthorizationConfig
BinaryAuthorizationConfig defines the fleet level configuration of binary authorization feature.
Fields | |
---|---|
evaluation_ |
Optional. Mode of operation for binauthz policy evaluation. |
policy_ |
Optional. Binauthz policies that apply to this cluster. |
EvaluationMode
Binary Authorization mode of operation.
Enums | |
---|---|
EVALUATION_MODE_UNSPECIFIED |
Default value |
DISABLED |
Disable BinaryAuthorization |
POLICY_BINDINGS |
Use Binary Authorization with the policies specified in policy_bindings. |
PolicyBinding
Binauthz policy that applies to this cluster.
Fields | |
---|---|
name |
The relative resource name of the binauthz platform policy to audit. GKE platform policies have the following format: |
CommonFeatureSpec
CommonFeatureSpec contains Fleet-wide configuration information
Fields | |
---|---|
Union field
|
|
multiclusteringress |
Multicluster Ingress-specific spec. |
cloudauditlogging |
Cloud Audit Logging-specific spec. |
workloadcertificate |
Workload Certificate spec. |
appdevexperience |
Appdevexperience specific spec. |
anthosobservability |
Anthos Observability spec |
fleetobservability |
FleetObservability feature spec. |
namespaceactuation |
Namespace Actuation feature spec |
clusterupgrade |
ClusterUpgrade (fleet-based) feature spec. |
dataplanev2 |
DataplaneV2 feature spec. |
CommonFeatureState
CommonFeatureState contains Fleet-wide Feature status information.
Fields | |
---|---|
state |
Output only. The "running state" of the Feature in this Fleet. |
Union field
|
|
servicemesh |
Service Mesh-specific state. |
appdevexperience |
Appdevexperience specific state. |
fleetobservability |
FleetObservability feature state. |
namespaceactuation |
Namespace Actuation feature state. |
clusterupgrade |
ClusterUpgrade fleet-level state. |
CommonFleetDefaultMemberConfigSpec
CommonFleetDefaultMemberConfigSpec contains default configuration information for memberships of a fleet
Fields | |
---|---|
Union field
|
|
mesh |
Anthos Service Mesh-specific spec |
configmanagement |
Config Management-specific spec. |
identityservice |
Identity Service-specific spec. |
policycontroller |
Policy Controller spec. |
CompliancePostureConfig
CompliancePostureConfig defines the settings needed to enable/disable features for the Compliance Posture.
Fields | |
---|---|
mode |
Defines the enablement mode for Compliance Posture. |
compliance_ |
List of enabled compliance standards. |
ComplianceStandard
Fields | |
---|---|
standard |
Name of the compliance standard. |
Mode
Enums | |
---|---|
MODE_UNSPECIFIED |
Default value not specified. |
DISABLED |
Disables Compliance Posture features on the cluster. |
ENABLED |
Enables Compliance Posture features on the cluster. |
ConnectAgentResource
ConnectAgentResource represents a Kubernetes resource manifest for Connect Agent deployment.
Fields | |
---|---|
type |
Kubernetes type of the resource. |
manifest |
YAML manifest of the resource. |
CreateFeatureRequest
Request message for the GkeHub.CreateFeature
method.
Fields | |
---|---|
parent |
Required. The parent (project and location) where the Feature will be created. Specified in the format Authorization requires the following IAM permission on the specified resource
|
feature_ |
The ID of the feature to create. |
resource |
The Feature resource to create. |
request_ |
A request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes after the first request. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000). |
CreateFleetRequest
Request message for the GkeHub.CreateFleet
method.
Fields | |
---|---|
parent |
Required. The parent (project and location) where the Fleet will be created. Specified in the format Authorization requires the following IAM permission on the specified resource
|
fleet |
Required. The fleet to create. |
CreateMembershipBindingRequest
Request to create a MembershipBinding.
Fields | |
---|---|
parent |
Required. The parent (project and location) where the MembershipBinding will be created. Specified in the format Authorization requires the following IAM permission on the specified resource
|
membership_ |
Required. The MembershipBinding to create. |
membership_ |
Required. The ID to use for the MembershipBinding. |
CreateMembershipRBACRoleBindingRequest
Request to create a rbacrolebindings.
Fields | |
---|---|
parent |
Required. The parent (project and location) where the RBACRoleBinding will be created. Specified in the format Authorization requires the following IAM permission on the specified resource
|
rbacrolebinding_ |
Required. Client chosen ID for the RBACRoleBinding.
Which can be expressed as the regex: |
rbacrolebinding |
Required. The rbacrolebindings to create. |
CreateMembershipRequest
Request message for the GkeHub.CreateMembership
method.
Fields | |
---|---|
parent |
Required. The parent (project and location) where the Memberships will be created. Specified in the format Authorization requires the following IAM permission on the specified resource
|
membership_ |
Required. Client chosen ID for the membership.
Which can be expressed as the regex: |
resource |
Required. The membership to create. |
request_ |
Optional. A request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes after the first request. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000). |
CreateScopeNamespaceRequest
Request to create a fleet namespace.
Fields | |
---|---|
parent |
Required. The parent (project and location) where the Namespace will be created. Specified in the format Authorization requires the following IAM permission on the specified resource
|
scope_ |
Required. Client chosen ID for the Namespace.
Which can be expressed as the regex: |
scope_ |
Required. The fleet namespace to create. |
CreateScopeRBACRoleBindingRequest
Request to create a rbacrolebindings.
Fields | |
---|---|
parent |
Required. The parent (project and location) where the RBACRoleBinding will be created. Specified in the format Authorization requires the following IAM permission on the specified resource
|
rbacrolebinding_ |
Required. Client chosen ID for the RBACRoleBinding.
Which can be expressed as the regex: |
rbacrolebinding |
Required. The rbacrolebindings to create. |
CreateScopeRequest
Request to create a Scope.
Fields | |
---|---|
parent |
Required. The parent (project and location) where the Scope will be created. Specified in the format Authorization requires the following IAM permission on the specified resource
|
scope_ |
Required. Client chosen ID for the Scope. |
scope |
Required. The Scope to create. |
DefaultClusterConfig
DefaultClusterConfig describes the default cluster configurations to be applied to all clusters born-in-fleet.
Fields | |
---|---|
security_ |
Enable/Disable Security Posture features for the cluster. |
binary_ |
Optional. Enable/Disable binary authorization features for the cluster. |
compliance_ |
Optional. Enable/Disable Compliance Posture features for the cluster. Note that on UpdateFleet, only full replacement of this field is allowed. Users are not allowed for partial updates through field mask. |
DeleteFeatureRequest
Request message for GkeHub.DeleteFeature
method.
Fields | |
---|---|
name |
Required. The Feature resource name in the format Authorization requires the following IAM permission on the specified resource
|
force |
If set to true, the delete will ignore any outstanding resources for this Feature (that is, |
request_ |
Optional. A request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes after the first request. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000). |
DeleteFleetRequest
Request message for GkeHub.DeleteFleet
method.
Fields | |
---|---|
name |
Required. The Fleet resource name in the format Authorization requires the following IAM permission on the specified resource
|
DeleteMembershipBindingRequest
Request to delete a Binding.
Fields | |
---|---|
name |
Required. The MembershipBinding resource name in the format Authorization requires the following IAM permission on the specified resource
|
DeleteMembershipRBACRoleBindingRequest
Request to delete a Membership RBACRoleBinding.
Fields | |
---|---|
name |
Required. The RBACRoleBinding resource name in the format Authorization requires the following IAM permission on the specified resource
|
DeleteMembershipRequest
Request message for GkeHub.DeleteMembership
method.
Fields | |
---|---|
name |
Required. The Membership resource name in the format Authorization requires the following IAM permission on the specified resource
|
request_ |
Optional. A request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes after the first request. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000). |
force |
Optional. If set to true, any subresource from this Membership will also be deleted. Otherwise, the request will only work if the Membership has no subresource. |
DeleteScopeNamespaceRequest
Request to delete a fleet namespace.
Fields | |
---|---|
name |
Required. The Namespace resource name in the format Authorization requires the following IAM permission on the specified resource
|
DeleteScopeRBACRoleBindingRequest
Request to delete a Scope RBACRoleBinding.
Fields | |
---|---|
name |
Required. The RBACRoleBinding resource name in the format Authorization requires the following IAM permission on the specified resource
|
DeleteScopeRequest
Request to delete a Scope.
Fields | |
---|---|
name |
Required. The Scope resource name in the format Authorization requires the following IAM permission on the specified resource
|
EdgeCluster
EdgeCluster contains information specific to Google Edge Clusters.
Fields | |
---|---|
resource_ |
Immutable. Self-link of the Google Cloud resource for the Edge Cluster. For example: //edgecontainer.googleapis.com/projects/my-project/locations/us-west1-a/clusters/my-cluster |
Feature
Feature represents the settings and status of any Fleet Feature.
Fields | |
---|---|
name |
Output only. The full, unique name of this Feature resource in the format |
labels |
Labels for this Feature. |
resource_ |
Output only. State of the Feature resource itself. |
spec |
Optional. Fleet-wide Feature configuration. If this Feature does not support any Fleet-wide configuration, this field may be unused. |
membership_ |
Optional. Membership-specific configuration for this Feature. If this Feature does not support any per-Membership configuration, this field may be unused. The keys indicate which Membership the configuration is for, in the form:
Where {p} is the project, {l} is a valid location and {m} is a valid Membership in this project at that location. {p} WILL match the Feature's project. {p} will always be returned as the project number, but the project ID is also accepted during input. If the same Membership is specified in the map twice (using the project ID form, and the project number form), exactly ONE of the entries will be saved, with no guarantees as to which. For this reason, it is recommended the same format be used for all entries when mutating a Feature. |
state |
Output only. The Fleet-wide Feature state. |
membership_ |
Output only. Membership-specific Feature status. If this Feature does report any per-Membership status, this field may be unused. The keys indicate which Membership the state is for, in the form:
Where {p} is the project number, {l} is a valid location and {m} is a valid Membership in this project at that location. {p} MUST match the Feature's project number. |
create_ |
Output only. When the Feature resource was created. |
update_ |
Output only. When the Feature resource was last updated. |
delete_ |
Output only. When the Feature resource was deleted. |
fleet_ |
Optional. Feature configuration applicable to all memberships of the fleet. |
scope_ |
Optional. Scope-specific configuration for this Feature. If this Feature does not support any per-Scope configuration, this field may be unused. The keys indicate which Scope the configuration is for, in the form:
Where {p} is the project, {s} is a valid Scope in this project. {p} WILL match the Feature's project. {p} will always be returned as the project number, but the project ID is also accepted during input. If the same Scope is specified in the map twice (using the project ID form, and the project number form), exactly ONE of the entries will be saved, with no guarantees as to which. For this reason, it is recommended the same format be used for all entries when mutating a Feature. |
scope_ |
Output only. Scope-specific Feature status. If this Feature does report any per-Scope status, this field may be unused. The keys indicate which Scope the state is for, in the form:
Where {p} is the project, {s} is a valid Scope in this project. {p} WILL match the Feature's project. |
unreachable[] |
Output only. List of locations that could not be reached while fetching this feature. |
FeatureResourceState
FeatureResourceState describes the state of a Feature resource in the GkeHub API. See FeatureState
for the "running state" of the Feature in the Fleet and across Memberships.
Fields | |
---|---|
state |
The current state of the Feature resource in the Hub API. |
State
State describes the lifecycle status of a Feature.
Enums | |
---|---|
STATE_UNSPECIFIED |
State is unknown or not set. |
ENABLING |
The Feature is being enabled, and the Feature resource is being created. Once complete, the corresponding Feature will be enabled in this Fleet. |
ACTIVE |
The Feature is enabled in this Fleet, and the Feature resource is fully available. |
DISABLING |
The Feature is being disabled in this Fleet, and the Feature resource is being deleted. |
UPDATING |
The Feature resource is being updated. |
SERVICE_UPDATING |
The Feature resource is being updated by the Hub Service. |
FeatureState
FeatureState describes the high-level state of a Feature. It may be used to describe a Feature's state at the environ-level, or per-membershop, depending on the context.
Fields | |
---|---|
code |
The high-level, machine-readable status of this Feature. |
description |
A human-readable description of the current status. |
update_ |
The time this status and any related Feature-specific details were updated. |
Code
Code represents a machine-readable, high-level status of the Feature.
Enums | |
---|---|
CODE_UNSPECIFIED |
Unknown or not set. |
OK |
The Feature is operating normally. |
WARNING |
The Feature has encountered an issue, and is operating in a degraded state. The Feature may need intervention to return to normal operation. See the description and any associated Feature-specific details for more information. |
ERROR |
The Feature is not operating or is in a severely degraded state. The Feature may need intervention to return to normal operation. See the description and any associated Feature-specific details for more information. |
Fleet
Fleet contains the Fleet-wide metadata and configuration.
Fields | |
---|---|
name |
Output only. The full, unique resource name of this fleet in the format of Each Google Cloud project can have at most one fleet resource, named "default". |
display_ |
Optional. A user-assigned display name of the Fleet. When present, it must be between 4 to 30 characters. Allowed characters are: lowercase and uppercase letters, numbers, hyphen, single-quote, double-quote, space, and exclamation point. Example: |
create_ |
Output only. When the Fleet was created. |
update_ |
Output only. When the Fleet was last updated. |
delete_ |
Output only. When the Fleet was deleted. |
uid |
Output only. Google-generated UUID for this resource. This is unique across all Fleet resources. If a Fleet resource is deleted and another resource with the same name is created, it gets a different uid. |
state |
Output only. State of the namespace resource. |
default_ |
Optional. The default cluster configurations to apply across the fleet. |
labels |
Optional. Labels for this Fleet. |
FleetLifecycleState
FleetLifecycleState describes the state of a Fleet resource.
Fields | |
---|---|
code |
Output only. The current state of the Fleet resource. |
Code
Code describes the state of a Fleet resource.
Enums | |
---|---|
CODE_UNSPECIFIED |
The code is not set. |
CREATING |
The fleet is being created. |
READY |
The fleet active. |
DELETING |
The fleet is being deleted. |
UPDATING |
The fleet is being updated. |
GenerateConnectManifestRequest
Request message for GkeHub.GenerateConnectManifest
method. .
Fields | |
---|---|
name |
Required. The Membership resource name the Agent will associate with, in the format Authorization requires the following IAM permission on the specified resource
|
namespace |
Optional. Namespace for GKE Connect agent resources. Defaults to The Connect Agent is authorized automatically when run in the default namespace. Otherwise, explicit authorization must be granted with an additional IAM binding. |
proxy |
Optional. URI of a proxy if connectivity from the agent to gkeconnect.googleapis.com requires the use of a proxy. Format must be in the form |
version |
Optional. The Connect agent version to use. Defaults to the most current version. |
is_ |
Optional. If true, generate the resources for upgrade only. Some resources generated only for installation (e.g. secrets) will be excluded. |
registry |
Optional. The registry to fetch the connect agent image from. Defaults to gcr.io/gkeconnect. |
image_ |
Optional. The image pull secret content for the registry, if not public. |
GenerateConnectManifestResponse
GenerateConnectManifestResponse contains manifest information for installing/upgrading a Connect agent.
Fields | |
---|---|
manifest[] |
The ordered list of Kubernetes resources that need to be applied to the cluster for GKE Connect agent installation/upgrade. |
GenerateExclusivityManifestRequest
The request to generate the manifests for exclusivity artifacts.
Fields | |
---|---|
name |
Required. The Membership resource name in the format Authorization requires the following IAM permission on the specified resource
|
crd_ |
Optional. The YAML manifest of the membership CRD retrieved by |
cr_ |
Optional. The YAML manifest of the membership CR retrieved by |
GenerateExclusivityManifestResponse
The response of the exclusivity artifacts manifests for the client to apply.
Fields | |
---|---|
crd_ |
The YAML manifest of the membership CRD to apply if a newer version of the CRD is available. Empty if no update needs to be applied. |
cr_ |
The YAML manifest of the membership CR to apply if a new version of the CR is available. Empty if no update needs to be applied. |
GenerateMembershipRBACRoleBindingYAMLRequest
Request to generate a YAML of the RBAC policies for the specified RoleBinding and its associated impersonation resources.
Fields | |
---|---|
parent |
Required. The parent (project and location) where the RBACRoleBinding will be created. Specified in the format Authorization requires the following IAM permission on the specified resource
|
rbacrolebinding_ |
Required. Client chosen ID for the RBACRoleBinding.
Which can be expressed as the regex: |
rbacrolebinding |
Required. The rbacrolebindings to generate the YAML for. |
GenerateMembershipRBACRoleBindingYAMLResponse
Response for GenerateRBACRoleBindingYAML.
Fields | |
---|---|
role_ |
a yaml text blob including the RBAC policies. |
GetFeatureRequest
Request message for GkeHub.GetFeature
method.
Fields | |
---|---|
name |
Required. The Feature resource name in the format Authorization requires the following IAM permission on the specified resource
|
return_ |
Optional. If set to true, the response will return partial results when some regions are unreachable and the unreachable field in Feature proto will be populated. If set to false, the request will fail when some regions are unreachable. |
GetFleetRequest
Request message for the GkeHub.GetFleet
method.
Fields | |
---|---|
name |
Required. The Fleet resource name in the format Authorization requires the following IAM permission on the specified resource
|
GetMembershipBindingRequest
Request message for the GkeHub.GetMembershipBinding
method.
Fields | |
---|---|
name |
Required. The MembershipBinding resource name in the format Authorization requires the following IAM permission on the specified resource
|
GetMembershipRBACRoleBindingRequest
Request message for the GkeHub.GetMembershipRBACRoleBinding
method.
Fields | |
---|---|
name |
Required. The RBACRoleBinding resource name in the format Authorization requires the following IAM permission on the specified resource
|
GetMembershipRequest
Request message for GkeHub.GetMembership
method.
Fields | |
---|---|
name |
Required. The Membership resource name in the format Authorization requires the following IAM permission on the specified resource
|
GetScopeNamespaceRequest
Request message for the GkeHub.GetNamespace
method.
Fields | |
---|---|
name |
Required. The Namespace resource name in the format Authorization requires the following IAM permission on the specified resource
|
GetScopeRBACRoleBindingRequest
Request message for the GkeHub.GetScopeRBACRoleBinding
method.
Fields | |
---|---|
name |
Required. The RBACRoleBinding resource name in the format Authorization requires the following IAM permission on the specified resource
|
GetScopeRequest
Request message for the GkeHub.GetScope
method.
Fields | |
---|---|
name |
Required. The Scope resource name in the format Authorization requires the following IAM permission on the specified resource
|
GkeCluster
GkeCluster contains information specific to GKE clusters.
Fields | |
---|---|
resource_ |
Immutable. Self-link of the Google Cloud resource for the GKE cluster. For example: //container.googleapis.com/projects/my-project/locations/us-west1-a/clusters/my-cluster Zonal clusters are also supported. |
cluster_ |
Output only. If cluster_missing is set then it denotes that the GKE cluster no longer exists in the GKE Control Plane. |
KubernetesMetadata
KubernetesMetadata provides informational metadata for Memberships representing Kubernetes clusters.
Fields | |
---|---|
kubernetes_ |
Output only. Kubernetes API server version string as reported by |
node_ |
Output only. Node providerID as reported by the first node in the list of nodes on the Kubernetes endpoint. On Kubernetes platforms that support zero-node clusters (like GKE-on-GCP), the node_count will be zero and the node_provider_id will be empty. |
node_ |
Output only. Node count as reported by Kubernetes nodes resources. |
vcpu_ |
Output only. vCPU count as reported by Kubernetes nodes resources. |
memory_ |
Output only. The total memory capacity as reported by the sum of all Kubernetes nodes resources, defined in MB. |
update_ |
Output only. The time at which these details were last updated. This update_time is different from the Membership-level update_time since EndpointDetails are updated internally for API consumers. |
KubernetesResource
KubernetesResource contains the YAML manifests and configuration for Membership Kubernetes resources in the cluster. After CreateMembership or UpdateMembership, these resources should be re-applied in the cluster.
Fields | |
---|---|
membership_ |
Input only. The YAML representation of the Membership CR. This field is ignored for GKE clusters where Hub can read the CR directly. Callers should provide the CR that is currently present in the cluster during CreateMembership or UpdateMembership, or leave this field empty if none exists. The CR manifest is used to validate the cluster has not been registered with another Membership. |
membership_ |
Output only. Additional Kubernetes resources that need to be applied to the cluster after Membership creation, and after every update. This field is only populated in the Membership returned from a successful long-running operation from CreateMembership or UpdateMembership. It is not populated during normal GetMembership or ListMemberships requests. To get the resource manifest after the initial registration, the caller should make a UpdateMembership call with an empty field mask. |
connect_ |
Output only. The Kubernetes resources for installing the GKE Connect agent This field is only populated in the Membership returned from a successful long-running operation from CreateMembership or UpdateMembership. It is not populated during normal GetMembership or ListMemberships requests. To get the resource manifest after the initial registration, the caller should make a UpdateMembership call with an empty field mask. |
resource_ |
Optional. Options for Kubernetes resource generation. |
ListAdminClusterMembershipsRequest
Request message for GkeHub.ListAdminClusterMemberships
method.
Fields | |
---|---|
parent |
Required. The parent (project and location) where the Memberships of admin cluster will be listed. Specified in the format Authorization requires the following IAM permission on the specified resource
|
page_ |
Optional. When requesting a 'page' of resources, |
page_ |
Optional. Token returned by previous call to |
filter |
Optional. Lists Memberships of admin clusters that match the filter expression. |
order_ |
Optional. One or more fields to compare and use to sort the output. See https://google.aip.dev/132#ordering. |
ListAdminClusterMembershipsResponse
Response message for the GkeHub.ListAdminClusterMemberships
method.
Fields | |
---|---|
admin_ |
The list of matching Memberships of admin clusters. |
next_ |
A token to request the next page of resources from the |
unreachable[] |
List of locations that could not be reached while fetching this list. |
ListBoundMembershipsRequest
Request to list Memberships bound to a Scope.
Fields | |
---|---|
scope_ |
Required. Name of the Scope, in the format Authorization requires the following IAM permission on the specified resource
|
filter |
Optional. Lists Memberships that match the filter expression, following the syntax outlined in https://google.aip.dev/160. Currently, filtering can be done only based on Memberships's |
page_ |
Optional. When requesting a 'page' of resources, |
page_ |
Optional. Token returned by previous call to |
ListBoundMembershipsResponse
List of Memberships bound to a Scope.
Fields | |
---|---|
memberships[] |
The list of Memberships bound to the given Scope. |
unreachable[] |
List of locations that could not be reached while fetching this list. |
next_ |
A token to request the next page of resources from the |
ListFeaturesRequest
Request message for GkeHub.ListFeatures
method.
Fields | |
---|---|
parent |
Required. The parent (project and location) where the Features will be listed. Specified in the format Authorization requires the following IAM permission on the specified resource
|
page_ |
When requesting a 'page' of resources, |
page_ |
Token returned by previous call to |
filter |
Lists Features that match the filter expression, following the syntax outlined in https://google.aip.dev/160. Examples:
|
order_ |
One or more fields to compare and use to sort the output. See https://google.aip.dev/132#ordering. |
return_ |
Optional. If set to true, the response will return partial results when some regions are unreachable and the unreachable field in Feature proto will be populated. If set to false, the request will fail when some regions are unreachable. |
ListFeaturesResponse
Response message for the GkeHub.ListFeatures
method.
Fields | |
---|---|
resources[] |
The list of matching Features |
next_ |
A token to request the next page of resources from the |
ListFleetsRequest
Request message for the GkeHub.ListFleets
method.
Fields | |
---|---|
parent |
Required. The organization or project to list for Fleets under, in the format |
page_ |
Optional. A page token, received from a previous When paginating, all other parameters provided to |
page_ |
Optional. The maximum number of fleets to return. The service may return fewer than this value. If unspecified, at most 200 fleets will be returned. The maximum value is 1000; values above 1000 will be coerced to 1000. |
ListFleetsResponse
Response message for the GkeHub.ListFleetsResponse
method.
Fields | |
---|---|
fleets[] |
The list of matching fleets. |
next_ |
A token, which can be sent as |
ListMembershipBindingsRequest
Request to list MembershipBinding.
Fields | |
---|---|
parent |
Required. The parent Membership for which the MembershipBindings will be listed. Specified in the format Authorization requires the following IAM permission on the specified resource
|
page_ |
Optional. When requesting a 'page' of resources, |
page_ |
Optional. Token returned by previous call to |
filter |
Optional. Lists MembershipBindings that match the filter expression, following the syntax outlined in https://google.aip.dev/160. |
ListMembershipBindingsResponse
List of MembershipBindings.
Fields | |
---|---|
membership_ |
The list of membership_bindings |
next_ |
A token to request the next page of resources from the |
unreachable[] |
List of locations that could not be reached while fetching this list. |
ListMembershipRBACRoleBindingsRequest
Request to list Membership RBACRoleBindings.
Fields | |
---|---|
parent |
Required. The parent (project and location) where the Features will be listed. Specified in the format Authorization requires the following IAM permission on the specified resource
|
page_ |
Optional. When requesting a 'page' of resources, |
page_ |
Optional. Token returned by previous call to |
ListMembershipRBACRoleBindingsResponse
List of Membership RBACRoleBindings.
Fields | |
---|---|
rbacrolebindings[] |
The list of Membership RBACRoleBindings. |
next_ |
A token to request the next page of resources from the |
unreachable[] |
List of locations that could not be reached while fetching this list. |
ListMembershipsRequest
Request message for GkeHub.ListMemberships
method.
Fields | |
---|---|
parent |
Required. The parent (project and location) where the Memberships will be listed. Specified in the format Authorization requires the following IAM permission on the specified resource
|
page_ |
Optional. When requesting a 'page' of resources, |
page_ |
Optional. Token returned by previous call to |
filter |
Optional. Lists Memberships that match the filter expression, following the syntax outlined in https://google.aip.dev/160. Examples:
|
order_ |
Optional. One or more fields to compare and use to sort the output. See https://google.aip.dev/132#ordering. |
ListMembershipsResponse
Response message for the GkeHub.ListMemberships
method.
Fields | |
---|---|
resources[] |
The list of matching Memberships. |
next_ |
A token to request the next page of resources from the |
unreachable[] |
List of locations that could not be reached while fetching this list. |
ListPermittedScopesRequest
Request to list permitted Scopes.
Fields | |
---|---|
parent |
Required. The parent (project and location) where the Scope will be listed. Specified in the format Authorization requires the following IAM permission on the specified resource
|
page_ |
Optional. When requesting a 'page' of resources, |
page_ |
Optional. Token returned by previous call to |
ListPermittedScopesResponse
List of permitted Scopes.
Fields | |
---|---|
scopes[] |
The list of permitted Scopes |
next_ |
A token to request the next page of resources from the |
ListScopeNamespacesRequest
Request to list fleet namespaces.
Fields | |
---|---|
parent |
Required. The parent (project and location) where the Features will be listed. Specified in the format Authorization requires the following IAM permission on the specified resource
|
page_ |
Optional. When requesting a 'page' of resources, |
page_ |
Optional. Token returned by previous call to |
ListScopeNamespacesResponse
List of fleet namespaces.
Fields | |
---|---|
scope_ |
The list of fleet namespaces |
next_ |
A token to request the next page of resources from the |
ListScopeRBACRoleBindingsRequest
Request to list Scope RBACRoleBindings.
Fields | |
---|---|
parent |
Required. The parent (project and location) where the Features will be listed. Specified in the format Authorization requires the following IAM permission on the specified resource
|
page_ |
Optional. When requesting a 'page' of resources, |
page_ |
Optional. Token returned by previous call to |
ListScopeRBACRoleBindingsResponse
List of Scope RBACRoleBindings.
Fields | |
---|---|
rbacrolebindings[] |
The list of Scope RBACRoleBindings. |
next_ |
A token to request the next page of resources from the |
ListScopesRequest
Request to list Scopes.
Fields | |
---|---|
parent |
Required. The parent (project and location) where the Scope will be listed. Specified in the format Authorization requires the following IAM permission on the specified resource
|
page_ |
Optional. When requesting a 'page' of resources, |
page_ |
Optional. Token returned by previous call to |
ListScopesResponse
List of Scopes.
Fields | |
---|---|
scopes[] |
The list of Scopes |
next_ |
A token to request the next page of resources from the |
Membership
Membership contains information about a member cluster.
Fields | |
---|---|
name |
Output only. The full, unique name of this Membership resource in the format
Which can be expressed as the regex: |
labels |
Optional. Labels for this membership. |
description |
Output only. Description of this membership, limited to 63 characters. Must match the regex: This field is present for legacy purposes. |
state |
Output only. State of the Membership resource. |
create_ |
Output only. When the Membership was created. |
update_ |
Output only. When the Membership was last updated. |
delete_ |
Output only. When the Membership was deleted. |
external_ |
Optional. An externally-generated and managed ID for this Membership. This ID may be modified after creation, but this is not recommended. The ID must match the regex: If this Membership represents a Kubernetes cluster, this value should be set to the UID of the |
last_ |
Output only. For clusters using Connect, the timestamp of the most recent connection established with Google Cloud. This time is updated every several minutes, not continuously. For clusters that do not use GKE Connect, or that have never connected successfully, this field will be unset. |
unique_ |
Output only. Google-generated UUID for this resource. This is unique across all Membership resources. If a Membership resource is deleted and another resource with the same name is created, it gets a different unique_id. |
authority |
Optional. How to identify workloads from this Membership. See the documentation on Workload Identity for more details: https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity |
monitoring_ |
Optional. The monitoring config information for this membership. |
cluster_ |
Output only. The tier of the cluster. |
Union field type . Type of resource represented by this Membership type can be only one of the following: |
|
endpoint |
Optional. Endpoint information to reach this member. |
ClusterTier
ClusterTier describes the tier of the GKE cluster as it relates to enterprise functionality. A cluster in the ENTERPRISE tier will have access to all enterprise features. A cluster in the STANDARD tier will not have access to enterprise features.
Enums | |
---|---|
CLUSTER_TIER_UNSPECIFIED |
The ClusterTier is not set. |
STANDARD |
The ClusterTier is standard. |
ENTERPRISE |
The ClusterTier is enterprise. |
MembershipBinding
MembershipBinding is a subresource of a Membership, representing what Fleet Scopes (or other, future Fleet resources) a Membership is bound to.
Fields | |
---|---|
name |
The resource name for the membershipbinding itself |
uid |
Output only. Google-generated UUID for this resource. This is unique across all membershipbinding resources. If a membershipbinding resource is deleted and another resource with the same name is created, it gets a different uid. |
create_ |
Output only. When the membership binding was created. |
update_ |
Output only. When the membership binding was last updated. |
delete_ |
Output only. When the membership binding was deleted. |
state |
Output only. State of the membership binding resource. |
labels |
Optional. Labels for this MembershipBinding. |
Union field target . What type of membershipbinding this is. target can be only one of the following: |
|
scope |
A Scope resource name in the format |
MembershipBindingLifecycleState
MembershipBindingLifecycleState describes the state of a Binding resource.
Fields | |
---|---|
code |
Output only. The current state of the MembershipBinding resource. |
Code
Code describes the state of a MembershipBinding resource.
Enums | |
---|---|
CODE_UNSPECIFIED |
The code is not set. |
CREATING |
The membershipbinding is being created. |
READY |
The membershipbinding active. |
DELETING |
The membershipbinding is being deleted. |
UPDATING |
The membershipbinding is being updated. |
MembershipEndpoint
MembershipEndpoint contains information needed to contact a Kubernetes API, endpoint and any additional Kubernetes metadata.
Fields | |
---|---|
kubernetes_ |
Output only. Useful Kubernetes-specific metadata. |
kubernetes_ |
Optional. The in-cluster Kubernetes Resources that should be applied for a correctly registered cluster, in the steady state. These resources:
|
google_ |
Output only. Whether the lifecycle of this membership is managed by a google cluster platform service. |
Union field type . Cluster information of the registered cluster. type can be only one of the following: |
|
gke_ |
Optional. Specific information for a GKE-on-GCP cluster. |
on_ |
Optional. Specific information for a GKE On-Prem cluster. An onprem user-cluster who has no resourceLink is not allowed to use this field, it should have a nil "type" instead. |
multi_ |
Optional. Specific information for a GKE Multi-Cloud cluster. |
edge_ |
Optional. Specific information for a Google Edge cluster. |
appliance_ |
Optional. Specific information for a GDC Edge Appliance cluster. |
MembershipFeatureSpec
MembershipFeatureSpec contains configuration information for a single Membership.
Fields | |
---|---|
origin |
Whether this per-Membership spec was inherited from a fleet-level default. This field can be updated by users by either overriding a Membership config (updated to USER implicitly) or setting to FLEET explicitly. |
Union field
|
|
configmanagement |
Config Management-specific spec. |
cloudbuild |
Cloud Build-specific spec |
identityservice |
Identity Service-specific spec. |
workloadcertificate |
Workload Certificate spec. |
mesh |
Anthos Service Mesh-specific spec |
anthosobservability |
Anthos Observability-specific spec |
policycontroller |
Policy Controller spec. |
fleetobservability |
Fleet observability membership spec |
namespaceactuation |
FNS Actuation membership spec |
Origin
Origin defines where this MembershipFeatureSpec originated from.
Fields | |
---|---|
type |
Type specifies which type of origin is set. |
Type
Type specifies the persona that persisted the config.
Enums | |
---|---|
TYPE_UNSPECIFIED |
Type is unknown or not set. |
FLEET |
Per-Membership spec was inherited from the fleet-level default. |
FLEET_OUT_OF_SYNC |
Per-Membership spec was inherited from the fleet-level default but is now out of sync with the current default. |
USER |
Per-Membership spec was inherited from a user specification. |
MembershipFeatureState
MembershipFeatureState contains Feature status information for a single Membership.
Fields | |
---|---|
state |
The high-level state of this Feature for a single membership. |
Union field
|
|
servicemesh |
Service Mesh-specific state. |
metering |
Metering-specific state. |
configmanagement |
Config Management-specific state. |
identityservice |
Identity Service-specific state. |
appdevexperience |
Appdevexperience specific state. |
policycontroller |
Policycontroller-specific state. |
clusterupgrade |
ClusterUpgrade state. |
fleetobservability |
Fleet observability membership state. |
namespaceactuation |
FNS Actuation membership state |
MembershipState
MembershipState describes the state of a Membership resource.
Fields | |
---|---|
code |
Output only. The current state of the Membership resource. |
Code
Code describes the state of a Membership resource.
Enums | |
---|---|
CODE_UNSPECIFIED |
The code is not set. |
CREATING |
The cluster is being registered. |
READY |
The cluster is registered. |
DELETING |
The cluster is being unregistered. |
UPDATING |
The Membership is being updated. |
SERVICE_UPDATING |
The Membership is being updated by the Hub Service. |
MonitoringConfig
MonitoringConfig informs Fleet-based applications/services/UIs how the metrics for the underlying cluster is reported to cloud monitoring services. It can be set from empty to non-empty, but can't be mutated directly to prevent accidentally breaking the constinousty of metrics.
Fields | |
---|---|
project_ |
Optional. Project used to report Metrics |
location |
Optional. Location used to report Metrics |
cluster |
Optional. Cluster name used to report metrics. For Anthos on VMWare/Baremetal/MultiCloud clusters, it would be in format {cluster_type}/{cluster_name}, e.g., "awsClusters/cluster_1". |
kubernetes_ |
Optional. Kubernetes system metrics, if available, are written to this prefix. This defaults to kubernetes.io for GKE, and kubernetes.io/anthos for Anthos eventually. Noted: Anthos MultiCloud will have kubernetes.io prefix today but will migration to be under kubernetes.io/anthos. |
cluster_ |
Optional. For GKE and Multicloud clusters, this is the UUID of the cluster resource. For VMWare and Baremetal clusters, this is the kube-system UID. |
MultiCloudCluster
MultiCloudCluster contains information specific to GKE Multi-Cloud clusters.
Fields | |
---|---|
resource_ |
Immutable. Self-link of the Google Cloud resource for the GKE Multi-Cloud cluster. For example: //gkemulticloud.googleapis.com/projects/my-project/locations/us-west1-a/awsClusters/my-cluster //gkemulticloud.googleapis.com/projects/my-project/locations/us-west1-a/azureClusters/my-cluster //gkemulticloud.googleapis.com/projects/my-project/locations/us-west1-a/attachedClusters/my-cluster |
cluster_ |
Output only. If cluster_missing is set then it denotes that API(gkemulticloud.googleapis.com) resource for this GKE Multi-Cloud cluster no longer exists. |
Namespace
Namespace represents a namespace across the Fleet
Fields | |
---|---|
name |
The resource name for the namespace |
uid |
Output only. Google-generated UUID for this resource. This is unique across all namespace resources. If a namespace resource is deleted and another resource with the same name is created, it gets a different uid. |
create_ |
Output only. When the namespace was created. |
update_ |
Output only. When the namespace was last updated. |
delete_ |
Output only. When the namespace was deleted. |
state |
Output only. State of the namespace resource. |
scope |
Required. Scope associated with the namespace |
namespace_ |
Optional. Namespace-level cluster namespace labels. These labels are applied to the related namespace of the member clusters bound to the parent Scope. Scope-level labels ( |
labels |
Optional. Labels for this Namespace. |
NamespaceLifecycleState
NamespaceLifecycleState describes the state of a Namespace resource.
Fields | |
---|---|
code |
Output only. The current state of the Namespace resource. |
Code
Code describes the state of a Namespace resource.
Enums | |
---|---|
CODE_UNSPECIFIED |
The code is not set. |
CREATING |
The namespace is being created. |
READY |
The namespace active. |
DELETING |
The namespace is being deleted. |
UPDATING |
The namespace is being updated. |
OnPremCluster
OnPremCluster contains information specific to GKE On-Prem clusters.
Fields | |
---|---|
resource_ |
Immutable. Self-link of the Google Cloud resource for the GKE On-Prem cluster. For example: //gkeonprem.googleapis.com/projects/my-project/locations/us-west1-a/vmwareClusters/my-cluster //gkeonprem.googleapis.com/projects/my-project/locations/us-west1-a/bareMetalClusters/my-cluster |
cluster_ |
Output only. If cluster_missing is set then it denotes that API(gkeonprem.googleapis.com) resource for this GKE On-Prem cluster no longer exists. |
admin_ |
Immutable. Whether the cluster is an admin cluster. |
cluster_ |
Immutable. The on prem cluster's type. |
ClusterType
ClusterType describes on prem cluster's type.
Enums | |
---|---|
CLUSTERTYPE_UNSPECIFIED |
The ClusterType is not set. |
BOOTSTRAP |
The ClusterType is bootstrap cluster. |
HYBRID |
The ClusterType is baremetal hybrid cluster. |
STANDALONE |
The ClusterType is baremetal standalone cluster. |
USER |
The ClusterType is user cluster. |
OperationMetadata
Represents the metadata of the long-running operation.
Fields | |
---|---|
create_ |
Output only. The time the operation was created. |
end_ |
Output only. The time the operation finished running. |
target |
Output only. Server-defined resource path for the target of the operation. |
verb |
Output only. Name of the verb executed by the operation. |
status_ |
Output only. Human-readable status of the operation, if any. |
cancel_ |
Output only. Identifies whether the user has requested cancellation of the operation. Operations that have successfully been cancelled have [Operation.error][] value with a |
api_ |
Output only. API version used to start the operation. |
RBACRoleBinding
RBACRoleBinding represents a rbacrolebinding across the Fleet
Fields | |
---|---|
name |
The resource name for the rbacrolebinding |
uid |
Output only. Google-generated UUID for this resource. This is unique across all rbacrolebinding resources. If a rbacrolebinding resource is deleted and another resource with the same name is created, it gets a different uid. |
create_ |
Output only. When the rbacrolebinding was created. |
update_ |
Output only. When the rbacrolebinding was last updated. |
delete_ |
Output only. When the rbacrolebinding was deleted. |
state |
Output only. State of the rbacrolebinding resource. |
role |
Required. Role to bind to the principal |
labels |
Optional. Labels for this RBACRolebinding. |
Union field principal . Principal that is be authorized in the cluster (at least of one the oneof is required). Updating one will unset the other automatically. principal can be only one of the following: |
|
user |
user is the name of the user as seen by the kubernetes cluster, example "alice" or "alice@domain.tld" |
group |
group is the group, as seen by the kubernetes cluster. |
Role
Role is the type for Kubernetes roles
Fields | |
---|---|
predefined_ |
predefined_role is the Kubernetes default role to use |
PredefinedRoles
PredefinedRoles is an ENUM representation of the default Kubernetes Roles
Enums | |
---|---|
UNKNOWN |
UNKNOWN |
ADMIN |
ADMIN has EDIT and RBAC permissions |
EDIT |
EDIT can edit all resources except RBAC |
VIEW |
VIEW can only read resources |
ANTHOS_SUPPORT |
ANTHOS_SUPPORT gives Google Support read-only access to a number of cluster resources. |
RBACRoleBindingLifecycleState
RBACRoleBindingLifecycleState describes the state of a RbacRoleBinding resource.
Fields | |
---|---|
code |
Output only. The current state of the rbacrolebinding resource. |
Code
Code describes the state of a rbacrolebinding resource.
Enums | |
---|---|
CODE_UNSPECIFIED |
The code is not set. |
CREATING |
The rbacrolebinding is being created. |
READY |
The rbacrolebinding active. |
DELETING |
The rbacrolebinding is being deleted. |
UPDATING |
The rbacrolebinding is being updated. |
ResourceManifest
ResourceManifest represents a single Kubernetes resource to be applied to the cluster.
Fields | |
---|---|
manifest |
Output only. YAML manifest of the resource. |
cluster_ |
Output only. Whether the resource provided in the manifest is This field is used for REST mapping when applying the resource in a cluster. |
ResourceOptions
ResourceOptions represent options for Kubernetes resource generation.
Fields | |
---|---|
connect_ |
Optional. The Connect agent version to use for connect_resources. Defaults to the latest GKE Connect version. The version must be a currently supported version, obsolete versions will be rejected. |
v1beta1_ |
Optional. Use |
k8s_ |
Optional. Major version of the Kubernetes cluster. This is only used to determine which version to use for the CustomResourceDefinition resources, |
Scope
Scope represents a Scope in a Fleet.
Fields | |
---|---|
name |
The resource name for the scope |
uid |
Output only. Google-generated UUID for this resource. This is unique across all scope resources. If a scope resource is deleted and another resource with the same name is created, it gets a different uid. |
create_ |
Output only. When the scope was created. |
update_ |
Output only. When the scope was last updated. |
delete_ |
Output only. When the scope was deleted. |
state |
Output only. State of the scope resource. |
namespace_ |
Optional. Scope-level cluster namespace labels. For the member clusters bound to the Scope, these labels are applied to each namespace under the Scope. Scope-level labels take precedence over Namespace-level labels ( |
labels |
Optional. Labels for this Scope. |
ScopeFeatureSpec
ScopeFeatureSpec contains feature specs for a fleet scope.
Fields | |
---|---|
Union field
|
|
clusterupgrade |
Spec for the ClusterUpgrade feature at the scope level |
ScopeFeatureState
ScopeFeatureState contains Scope-wide Feature status information.
Fields | |
---|---|
state |
Output only. The "running state" of the Feature in this Scope. |
Union field
|
|
clusterupgrade |
State for the ClusterUpgrade feature at the scope level |
ScopeLifecycleState
ScopeLifecycleState describes the state of a Scope resource.
Fields | |
---|---|
code |
Output only. The current state of the scope resource. |
Code
Code describes the state of a Scope resource.
Enums | |
---|---|
CODE_UNSPECIFIED |
The code is not set. |
CREATING |
The scope is being created. |
READY |
The scope active. |
DELETING |
The scope is being deleted. |
UPDATING |
The scope is being updated. |
SecurityPostureConfig
SecurityPostureConfig defines the flags needed to enable/disable features for the Security Posture API.
Fields | |
---|---|
mode |
Sets which mode to use for Security Posture features. |
vulnerability_ |
Sets which mode to use for vulnerability scanning. |
Mode
Mode defines enablement mode for GKE Security posture features.
Enums | |
---|---|
MODE_UNSPECIFIED |
Default value not specified. |
DISABLED |
Disables Security Posture features on the cluster. |
BASIC |
Applies Security Posture features on the cluster. |
ENTERPRISE |
Applies the Security Posture off cluster Enterprise level features. |
VulnerabilityMode
VulnerabilityMode defines enablement mode for vulnerability scanning.
Enums | |
---|---|
VULNERABILITY_MODE_UNSPECIFIED |
Default value not specified. |
VULNERABILITY_DISABLED |
Disables vulnerability scanning on the cluster. |
VULNERABILITY_BASIC |
Applies basic vulnerability scanning on the cluster. |
VULNERABILITY_ENTERPRISE |
Applies the Security Posture's vulnerability on cluster Enterprise level features. |
TypeMeta
TypeMeta is the type information needed for content unmarshalling of Kubernetes resources in the manifest.
Fields | |
---|---|
kind |
Kind of the resource (e.g. Deployment). |
api_ |
APIVersion of the resource (e.g. v1). |
UpdateFeatureRequest
Request message for GkeHub.UpdateFeature
method.
Fields | |
---|---|
name |
Required. The Feature resource name in the format Authorization requires the following IAM permission on the specified resource
|
update_ |
Mask of fields to update. |
resource |
Only fields specified in update_mask are updated. If you specify a field in the update_mask but don't specify its value here that field will be deleted. If you are updating a map field, set the value of a key to null or empty string to delete the key from the map. It's not possible to update a key's value to the empty string. If you specify the update_mask to be a special path "*", fully replaces all user-modifiable fields to match |
request_ |
A request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes after the first request. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000). |
UpdateFleetRequest
Request message for the GkeHub.UpdateFleet
method.
Fields | |
---|---|
fleet |
Required. The Fleet to update. The Authorization requires the following IAM permission on the specified resource
|
update_ |
Required. The fields to be updated; |
UpdateMembershipBindingRequest
Request to update a MembershipBinding.
Fields | |
---|---|
membership_ |
Required. The MembershipBinding object with fields updated. Authorization requires the following IAM permission on the specified resource
|
update_ |
Required. The fields to be updated. |
UpdateMembershipRBACRoleBindingRequest
Request to update a membership rbacrolebinding.
Fields | |
---|---|
rbacrolebinding |
Required. A rbacrolebinding with fields updated. The 'name' field in this rbacrolebinding is used to identify the resource to update. Authorization requires the following IAM permission on the specified resource
|
update_ |
Required. The fields to be updated. |
UpdateMembershipRequest
Request message for GkeHub.UpdateMembership
method.
Fields | |
---|---|
name |
Required. The Membership resource name in the format Authorization requires the following IAM permission on the specified resource
|
update_ |
Required. Mask of fields to update. |
resource |
Required. Only fields specified in update_mask are updated. If you specify a field in the update_mask but don't specify its value here that field will be deleted. If you are updating a map field, set the value of a key to null or empty string to delete the key from the map. It's not possible to update a key's value to the empty string. If you specify the update_mask to be a special path "*", fully replaces all user-modifiable fields to match |
request_ |
Optional. A request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes after the first request. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000). |
UpdateScopeNamespaceRequest
Request to update a fleet namespace.
Fields | |
---|---|
scope_ |
Required. A namespace with fields updated. The 'name' field in this namespace is used to identify the resource to update. Given 'updated' prefix to follow go/proto-best-practices-checkers#keyword_conflict Authorization requires the following IAM permission on the specified resource
|
update_ |
Required. The fields to be updated. |
UpdateScopeRBACRoleBindingRequest
Request to update a scope rbacrolebinding.
Fields | |
---|---|
rbacrolebinding |
Required. A rbacrolebinding with fields updated. The 'name' field in this rbacrolebinding is used to identify the resource to update. Authorization requires the following IAM permission on the specified resource
|
update_ |
Required. The fields to be updated. |
UpdateScopeRequest
Request to update a Scope.
Fields | |
---|---|
scope |
Required. A Scope with fields updated. The 'name' field in this namespace is used to identify the resource to update. Authorization requires the following IAM permission on the specified resource
|
update_ |
Required. The fields to be updated. |
ValidateCreateMembershipRequest
Request message for the GkeHub.ValidateCreateMembership
method.
Fields | |
---|---|
parent |
Required. The parent (project and location) where the Memberships will be created. Specified in the format Authorization requires the following IAM permission on the specified resource
|
membership_ |
Required. Client chosen membership id. |
membership |
Required. Membership resource to be created. |
ValidateCreateMembershipResponse
Response message for the GkeHub.ValidateCreateMembership
method.
Fields | |
---|---|
validation_ |
Wraps all the validator results. |
ValidateExclusivityRequest
The request to validate the existing state of the membership CR in the cluster.
Fields | |
---|---|
parent |
Required. The parent (project and location) where the Memberships will be created. Specified in the format Authorization requires the following IAM permission on the specified resource
|
cr_ |
Optional. The YAML of the membership CR in the cluster. Empty if the membership CR does not exist. |
intended_ |
Required. The intended membership name under the |
ValidateExclusivityResponse
The response of exclusivity artifacts validation result status.
Fields | |
---|---|
status |
The validation result.
|
ValidationResult
ValidationResults are results set by each validator running during ValidateCreateMembership.
Fields | |
---|---|
validator |
Validator type to validate membership with. |
success |
Whether the validation is passed or not. |
result |
Additional information for the validation. |
ValidatorType
Specifies different types of validation.
Enums | |
---|---|
VALIDATOR_TYPE_UNSPECIFIED |
UNSPECIFIED validator. |
MEMBERSHIP_ID |
MEMBERSHIP_ID validator validates that the membership_id is still available. |
CROSS_PROJECT_PERMISSION |
CROSS_PROJECT_PERMISSION validator validates that the cross-project role binding for the service agent is in place. |