Docs Home
Google Cloud v8.27.0 published on Thursday, Apr 17, 2025 by Pulumi
gcp.gkehub.FeatureMembership
Explore with Pulumi AI
Contains information about a GKEHub Feature Memberships. Feature Memberships configure GKEHub Features that apply to specific memberships rather than the project as a whole. The google_gke_hub is the Fleet API.
Example Usage
Config Management With Config Sync Auto-Upgrades And Without Git/OCI
With Config Sync auto-upgrades, Google assumes responsibility for automatically upgrading Config Sync versions and overseeing the lifecycle of its components.
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const cluster = new gcp.container.Cluster("cluster", {
name: "my-cluster",
location: "us-central1-a",
initialNodeCount: 1,
});
const membership = new gcp.gkehub.Membership("membership", {
membershipId: "my-membership",
endpoint: {
gkeCluster: {
resourceLink: pulumi.interpolate`//container.googleapis.com/${cluster.id}`,
},
},
});
const feature = new gcp.gkehub.Feature("feature", {
name: "configmanagement",
location: "global",
labels: {
foo: "bar",
},
});
const featureMember = new gcp.gkehub.FeatureMembership("feature_member", {
location: "global",
feature: feature.name,
membership: membership.membershipId,
configmanagement: {
management: "MANAGEMENT_AUTOMATIC",
configSync: {
enabled: true,
},
},
});
import pulumi
import pulumi_gcp as gcp
cluster = gcp.container.Cluster("cluster",
name="my-cluster",
location="us-central1-a",
initial_node_count=1)
membership = gcp.gkehub.Membership("membership",
membership_id="my-membership",
endpoint={
"gke_cluster": {
"resource_link": cluster.id.apply(lambda id: f"//container.googleapis.com/{id}"),
},
})
feature = gcp.gkehub.Feature("feature",
name="configmanagement",
location="global",
labels={
"foo": "bar",
})
feature_member = gcp.gkehub.FeatureMembership("feature_member",
location="global",
feature=feature.name,
membership=membership.membership_id,
configmanagement={
"management": "MANAGEMENT_AUTOMATIC",
"config_sync": {
"enabled": True,
},
})
package main
import (
"fmt"
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/container"
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkehub"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
cluster, err := container.NewCluster(ctx, "cluster", &container.ClusterArgs{
Name: pulumi.String("my-cluster"),
Location: pulumi.String("us-central1-a"),
InitialNodeCount: pulumi.Int(1),
})
if err != nil {
return err
}
membership, err := gkehub.NewMembership(ctx, "membership", &gkehub.MembershipArgs{
MembershipId: pulumi.String("my-membership"),
Endpoint: &gkehub.MembershipEndpointArgs{
GkeCluster: &gkehub.MembershipEndpointGkeClusterArgs{
ResourceLink: cluster.ID().ApplyT(func(id string) (string, error) {
return fmt.Sprintf("//container.googleapis.com/%v", id), nil
}).(pulumi.StringOutput),
},
},
})
if err != nil {
return err
}
feature, err := gkehub.NewFeature(ctx, "feature", &gkehub.FeatureArgs{
Name: pulumi.String("configmanagement"),
Location: pulumi.String("global"),
Labels: pulumi.StringMap{
"foo": pulumi.String("bar"),
},
})
if err != nil {
return err
}
_, err = gkehub.NewFeatureMembership(ctx, "feature_member", &gkehub.FeatureMembershipArgs{
Location: pulumi.String("global"),
Feature: feature.Name,
Membership: membership.MembershipId,
Configmanagement: &gkehub.FeatureMembershipConfigmanagementArgs{
Management: pulumi.String("MANAGEMENT_AUTOMATIC"),
ConfigSync: &gkehub.FeatureMembershipConfigmanagementConfigSyncArgs{
Enabled: pulumi.Bool(true),
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var cluster = new Gcp.Container.Cluster("cluster", new()
{
Name = "my-cluster",
Location = "us-central1-a",
InitialNodeCount = 1,
});
var membership = new Gcp.GkeHub.Membership("membership", new()
{
MembershipId = "my-membership",
Endpoint = new Gcp.GkeHub.Inputs.MembershipEndpointArgs
{
GkeCluster = new Gcp.GkeHub.Inputs.MembershipEndpointGkeClusterArgs
{
ResourceLink = cluster.Id.Apply(id => $"//container.googleapis.com/{id}"),
},
},
});
var feature = new Gcp.GkeHub.Feature("feature", new()
{
Name = "configmanagement",
Location = "global",
Labels =
{
{ "foo", "bar" },
},
});
var featureMember = new Gcp.GkeHub.FeatureMembership("feature_member", new()
{
Location = "global",
Feature = feature.Name,
Membership = membership.MembershipId,
Configmanagement = new Gcp.GkeHub.Inputs.FeatureMembershipConfigmanagementArgs
{
Management = "MANAGEMENT_AUTOMATIC",
ConfigSync = new Gcp.GkeHub.Inputs.FeatureMembershipConfigmanagementConfigSyncArgs
{
Enabled = true,
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.container.Cluster;
import com.pulumi.gcp.container.ClusterArgs;
import com.pulumi.gcp.gkehub.Membership;
import com.pulumi.gcp.gkehub.MembershipArgs;
import com.pulumi.gcp.gkehub.inputs.MembershipEndpointArgs;
import com.pulumi.gcp.gkehub.inputs.MembershipEndpointGkeClusterArgs;
import com.pulumi.gcp.gkehub.Feature;
import com.pulumi.gcp.gkehub.FeatureArgs;
import com.pulumi.gcp.gkehub.FeatureMembership;
import com.pulumi.gcp.gkehub.FeatureMembershipArgs;
import com.pulumi.gcp.gkehub.inputs.FeatureMembershipConfigmanagementArgs;
import com.pulumi.gcp.gkehub.inputs.FeatureMembershipConfigmanagementConfigSyncArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var cluster = new Cluster("cluster", ClusterArgs.builder()
.name("my-cluster")
.location("us-central1-a")
.initialNodeCount(1)
.build());
var membership = new Membership("membership", MembershipArgs.builder()
.membershipId("my-membership")
.endpoint(MembershipEndpointArgs.builder()
.gkeCluster(MembershipEndpointGkeClusterArgs.builder()
.resourceLink(cluster.id().applyValue(_id -> String.format("//container.googleapis.com/%s", _id)))
.build())
.build())
.build());
var feature = new Feature("feature", FeatureArgs.builder()
.name("configmanagement")
.location("global")
.labels(Map.of("foo", "bar"))
.build());
var featureMember = new FeatureMembership("featureMember", FeatureMembershipArgs.builder()
.location("global")
.feature(feature.name())
.membership(membership.membershipId())
.configmanagement(FeatureMembershipConfigmanagementArgs.builder()
.management("MANAGEMENT_AUTOMATIC")
.configSync(FeatureMembershipConfigmanagementConfigSyncArgs.builder()
.enabled(true)
.build())
.build())
.build());
}
}
resources:
cluster:
type: gcp:container:Cluster
properties:
name: my-cluster
location: us-central1-a
initialNodeCount: 1
membership:
type: gcp:gkehub:Membership
properties:
membershipId: my-membership
endpoint:
gkeCluster:
resourceLink: //container.googleapis.com/${cluster.id}
feature:
type: gcp:gkehub:Feature
properties:
name: configmanagement
location: global
labels:
foo: bar
featureMember:
type: gcp:gkehub:FeatureMembership
name: feature_member
properties:
location: global
feature: ${feature.name}
membership: ${membership.membershipId}
configmanagement:
management: MANAGEMENT_AUTOMATIC
configSync:
enabled: true
Config Management With Git
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const cluster = new gcp.container.Cluster("cluster", {
name: "my-cluster",
location: "us-central1-a",
initialNodeCount: 1,
});
const membership = new gcp.gkehub.Membership("membership", {
membershipId: "my-membership",
endpoint: {
gkeCluster: {
resourceLink: pulumi.interpolate`//container.googleapis.com/${cluster.id}`,
},
},
});
const feature = new gcp.gkehub.Feature("feature", {
name: "configmanagement",
location: "global",
labels: {
foo: "bar",
},
});
const featureMember = new gcp.gkehub.FeatureMembership("feature_member", {
location: "global",
feature: feature.name,
membership: membership.membershipId,
configmanagement: {
version: "1.19.0",
configSync: {
enabled: true,
git: {
syncRepo: "https://github.com/hashicorp/terraform",
},
},
},
});
import pulumi
import pulumi_gcp as gcp
cluster = gcp.container.Cluster("cluster",
name="my-cluster",
location="us-central1-a",
initial_node_count=1)
membership = gcp.gkehub.Membership("membership",
membership_id="my-membership",
endpoint={
"gke_cluster": {
"resource_link": cluster.id.apply(lambda id: f"//container.googleapis.com/{id}"),
},
})
feature = gcp.gkehub.Feature("feature",
name="configmanagement",
location="global",
labels={
"foo": "bar",
})
feature_member = gcp.gkehub.FeatureMembership("feature_member",
location="global",
feature=feature.name,
membership=membership.membership_id,
configmanagement={
"version": "1.19.0",
"config_sync": {
"enabled": True,
"git": {
"sync_repo": "https://github.com/hashicorp/terraform",
},
},
})
package main
import (
"fmt"
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/container"
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkehub"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
cluster, err := container.NewCluster(ctx, "cluster", &container.ClusterArgs{
Name: pulumi.String("my-cluster"),
Location: pulumi.String("us-central1-a"),
InitialNodeCount: pulumi.Int(1),
})
if err != nil {
return err
}
membership, err := gkehub.NewMembership(ctx, "membership", &gkehub.MembershipArgs{
MembershipId: pulumi.String("my-membership"),
Endpoint: &gkehub.MembershipEndpointArgs{
GkeCluster: &gkehub.MembershipEndpointGkeClusterArgs{
ResourceLink: cluster.ID().ApplyT(func(id string) (string, error) {
return fmt.Sprintf("//container.googleapis.com/%v", id), nil
}).(pulumi.StringOutput),
},
},
})
if err != nil {
return err
}
feature, err := gkehub.NewFeature(ctx, "feature", &gkehub.FeatureArgs{
Name: pulumi.String("configmanagement"),
Location: pulumi.String("global"),
Labels: pulumi.StringMap{
"foo": pulumi.String("bar"),
},
})
if err != nil {
return err
}
_, err = gkehub.NewFeatureMembership(ctx, "feature_member", &gkehub.FeatureMembershipArgs{
Location: pulumi.String("global"),
Feature: feature.Name,
Membership: membership.MembershipId,
Configmanagement: &gkehub.FeatureMembershipConfigmanagementArgs{
Version: pulumi.String("1.19.0"),
ConfigSync: &gkehub.FeatureMembershipConfigmanagementConfigSyncArgs{
Enabled: pulumi.Bool(true),
Git: &gkehub.FeatureMembershipConfigmanagementConfigSyncGitArgs{
SyncRepo: pulumi.String("https://github.com/hashicorp/terraform"),
},
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var cluster = new Gcp.Container.Cluster("cluster", new()
{
Name = "my-cluster",
Location = "us-central1-a",
InitialNodeCount = 1,
});
var membership = new Gcp.GkeHub.Membership("membership", new()
{
MembershipId = "my-membership",
Endpoint = new Gcp.GkeHub.Inputs.MembershipEndpointArgs
{
GkeCluster = new Gcp.GkeHub.Inputs.MembershipEndpointGkeClusterArgs
{
ResourceLink = cluster.Id.Apply(id => $"//container.googleapis.com/{id}"),
},
},
});
var feature = new Gcp.GkeHub.Feature("feature", new()
{
Name = "configmanagement",
Location = "global",
Labels =
{
{ "foo", "bar" },
},
});
var featureMember = new Gcp.GkeHub.FeatureMembership("feature_member", new()
{
Location = "global",
Feature = feature.Name,
Membership = membership.MembershipId,
Configmanagement = new Gcp.GkeHub.Inputs.FeatureMembershipConfigmanagementArgs
{
Version = "1.19.0",
ConfigSync = new Gcp.GkeHub.Inputs.FeatureMembershipConfigmanagementConfigSyncArgs
{
Enabled = true,
Git = new Gcp.GkeHub.Inputs.FeatureMembershipConfigmanagementConfigSyncGitArgs
{
SyncRepo = "https://github.com/hashicorp/terraform",
},
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.container.Cluster;
import com.pulumi.gcp.container.ClusterArgs;
import com.pulumi.gcp.gkehub.Membership;
import com.pulumi.gcp.gkehub.MembershipArgs;
import com.pulumi.gcp.gkehub.inputs.MembershipEndpointArgs;
import com.pulumi.gcp.gkehub.inputs.MembershipEndpointGkeClusterArgs;
import com.pulumi.gcp.gkehub.Feature;
import com.pulumi.gcp.gkehub.FeatureArgs;
import com.pulumi.gcp.gkehub.FeatureMembership;
import com.pulumi.gcp.gkehub.FeatureMembershipArgs;
import com.pulumi.gcp.gkehub.inputs.FeatureMembershipConfigmanagementArgs;
import com.pulumi.gcp.gkehub.inputs.FeatureMembershipConfigmanagementConfigSyncArgs;
import com.pulumi.gcp.gkehub.inputs.FeatureMembershipConfigmanagementConfigSyncGitArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var cluster = new Cluster("cluster", ClusterArgs.builder()
.name("my-cluster")
.location("us-central1-a")
.initialNodeCount(1)
.build());
var membership = new Membership("membership", MembershipArgs.builder()
.membershipId("my-membership")
.endpoint(MembershipEndpointArgs.builder()
.gkeCluster(MembershipEndpointGkeClusterArgs.builder()
.resourceLink(cluster.id().applyValue(_id -> String.format("//container.googleapis.com/%s", _id)))
.build())
.build())
.build());
var feature = new Feature("feature", FeatureArgs.builder()
.name("configmanagement")
.location("global")
.labels(Map.of("foo", "bar"))
.build());
var featureMember = new FeatureMembership("featureMember", FeatureMembershipArgs.builder()
.location("global")
.feature(feature.name())
.membership(membership.membershipId())
.configmanagement(FeatureMembershipConfigmanagementArgs.builder()
.version("1.19.0")
.configSync(FeatureMembershipConfigmanagementConfigSyncArgs.builder()
.enabled(true)
.git(FeatureMembershipConfigmanagementConfigSyncGitArgs.builder()
.syncRepo("https://github.com/hashicorp/terraform")
.build())
.build())
.build())
.build());
}
}
resources:
cluster:
type: gcp:container:Cluster
properties:
name: my-cluster
location: us-central1-a
initialNodeCount: 1
membership:
type: gcp:gkehub:Membership
properties:
membershipId: my-membership
endpoint:
gkeCluster:
resourceLink: //container.googleapis.com/${cluster.id}
feature:
type: gcp:gkehub:Feature
properties:
name: configmanagement
location: global
labels:
foo: bar
featureMember:
type: gcp:gkehub:FeatureMembership
name: feature_member
properties:
location: global
feature: ${feature.name}
membership: ${membership.membershipId}
configmanagement:
version: 1.19.0
configSync:
enabled: true
git:
syncRepo: https://github.com/hashicorp/terraform
Config Management With OCI
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const cluster = new gcp.container.Cluster("cluster", {
name: "my-cluster",
location: "us-central1-a",
initialNodeCount: 1,
});
const membership = new gcp.gkehub.Membership("membership", {
membershipId: "my-membership",
endpoint: {
gkeCluster: {
resourceLink: pulumi.interpolate`//container.googleapis.com/${cluster.id}`,
},
},
});
const feature = new gcp.gkehub.Feature("feature", {
name: "configmanagement",
location: "global",
labels: {
foo: "bar",
},
});
const featureMember = new gcp.gkehub.FeatureMembership("feature_member", {
location: "global",
feature: feature.name,
membership: membership.membershipId,
configmanagement: {
version: "1.19.0",
configSync: {
enabled: true,
oci: {
syncRepo: "us-central1-docker.pkg.dev/sample-project/config-repo/config-sync-gke:latest",
policyDir: "config-connector",
syncWaitSecs: "20",
secretType: "gcpserviceaccount",
gcpServiceAccountEmail: "sa@project-id.iam.gserviceaccount.com",
},
},
},
});
import pulumi
import pulumi_gcp as gcp
cluster = gcp.container.Cluster("cluster",
name="my-cluster",
location="us-central1-a",
initial_node_count=1)
membership = gcp.gkehub.Membership("membership",
membership_id="my-membership",
endpoint={
"gke_cluster": {
"resource_link": cluster.id.apply(lambda id: f"//container.googleapis.com/{id}"),
},
})
feature = gcp.gkehub.Feature("feature",
name="configmanagement",
location="global",
labels={
"foo": "bar",
})
feature_member = gcp.gkehub.FeatureMembership("feature_member",
location="global",
feature=feature.name,
membership=membership.membership_id,
configmanagement={
"version": "1.19.0",
"config_sync": {
"enabled": True,
"oci": {
"sync_repo": "us-central1-docker.pkg.dev/sample-project/config-repo/config-sync-gke:latest",
"policy_dir": "config-connector",
"sync_wait_secs": "20",
"secret_type": "gcpserviceaccount",
"gcp_service_account_email": "sa@project-id.iam.gserviceaccount.com",
},
},
})
package main
import (
"fmt"
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/container"
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkehub"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
cluster, err := container.NewCluster(ctx, "cluster", &container.ClusterArgs{
Name: pulumi.String("my-cluster"),
Location: pulumi.String("us-central1-a"),
InitialNodeCount: pulumi.Int(1),
})
if err != nil {
return err
}
membership, err := gkehub.NewMembership(ctx, "membership", &gkehub.MembershipArgs{
MembershipId: pulumi.String("my-membership"),
Endpoint: &gkehub.MembershipEndpointArgs{
GkeCluster: &gkehub.MembershipEndpointGkeClusterArgs{
ResourceLink: cluster.ID().ApplyT(func(id string) (string, error) {
return fmt.Sprintf("//container.googleapis.com/%v", id), nil
}).(pulumi.StringOutput),
},
},
})
if err != nil {
return err
}
feature, err := gkehub.NewFeature(ctx, "feature", &gkehub.FeatureArgs{
Name: pulumi.String("configmanagement"),
Location: pulumi.String("global"),
Labels: pulumi.StringMap{
"foo": pulumi.String("bar"),
},
})
if err != nil {
return err
}
_, err = gkehub.NewFeatureMembership(ctx, "feature_member", &gkehub.FeatureMembershipArgs{
Location: pulumi.String("global"),
Feature: feature.Name,
Membership: membership.MembershipId,
Configmanagement: &gkehub.FeatureMembershipConfigmanagementArgs{
Version: pulumi.String("1.19.0"),
ConfigSync: &gkehub.FeatureMembershipConfigmanagementConfigSyncArgs{
Enabled: pulumi.Bool(true),
Oci: &gkehub.FeatureMembershipConfigmanagementConfigSyncOciArgs{
SyncRepo: pulumi.String("us-central1-docker.pkg.dev/sample-project/config-repo/config-sync-gke:latest"),
PolicyDir: pulumi.String("config-connector"),
SyncWaitSecs: pulumi.String("20"),
SecretType: pulumi.String("gcpserviceaccount"),
GcpServiceAccountEmail: pulumi.String("sa@project-id.iam.gserviceaccount.com"),
},
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var cluster = new Gcp.Container.Cluster("cluster", new()
{
Name = "my-cluster",
Location = "us-central1-a",
InitialNodeCount = 1,
});
var membership = new Gcp.GkeHub.Membership("membership", new()
{
MembershipId = "my-membership",
Endpoint = new Gcp.GkeHub.Inputs.MembershipEndpointArgs
{
GkeCluster = new Gcp.GkeHub.Inputs.MembershipEndpointGkeClusterArgs
{
ResourceLink = cluster.Id.Apply(id => $"//container.googleapis.com/{id}"),
},
},
});
var feature = new Gcp.GkeHub.Feature("feature", new()
{
Name = "configmanagement",
Location = "global",
Labels =
{
{ "foo", "bar" },
},
});
var featureMember = new Gcp.GkeHub.FeatureMembership("feature_member", new()
{
Location = "global",
Feature = feature.Name,
Membership = membership.MembershipId,
Configmanagement = new Gcp.GkeHub.Inputs.FeatureMembershipConfigmanagementArgs
{
Version = "1.19.0",
ConfigSync = new Gcp.GkeHub.Inputs.FeatureMembershipConfigmanagementConfigSyncArgs
{
Enabled = true,
Oci = new Gcp.GkeHub.Inputs.FeatureMembershipConfigmanagementConfigSyncOciArgs
{
SyncRepo = "us-central1-docker.pkg.dev/sample-project/config-repo/config-sync-gke:latest",
PolicyDir = "config-connector",
SyncWaitSecs = "20",
SecretType = "gcpserviceaccount",
GcpServiceAccountEmail = "sa@project-id.iam.gserviceaccount.com",
},
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.container.Cluster;
import com.pulumi.gcp.container.ClusterArgs;
import com.pulumi.gcp.gkehub.Membership;
import com.pulumi.gcp.gkehub.MembershipArgs;
import com.pulumi.gcp.gkehub.inputs.MembershipEndpointArgs;
import com.pulumi.gcp.gkehub.inputs.MembershipEndpointGkeClusterArgs;
import com.pulumi.gcp.gkehub.Feature;
import com.pulumi.gcp.gkehub.FeatureArgs;
import com.pulumi.gcp.gkehub.FeatureMembership;
import com.pulumi.gcp.gkehub.FeatureMembershipArgs;
import com.pulumi.gcp.gkehub.inputs.FeatureMembershipConfigmanagementArgs;
import com.pulumi.gcp.gkehub.inputs.FeatureMembershipConfigmanagementConfigSyncArgs;
import com.pulumi.gcp.gkehub.inputs.FeatureMembershipConfigmanagementConfigSyncOciArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var cluster = new Cluster("cluster", ClusterArgs.builder()
.name("my-cluster")
.location("us-central1-a")
.initialNodeCount(1)
.build());
var membership = new Membership("membership", MembershipArgs.builder()
.membershipId("my-membership")
.endpoint(MembershipEndpointArgs.builder()
.gkeCluster(MembershipEndpointGkeClusterArgs.builder()
.resourceLink(cluster.id().applyValue(_id -> String.format("//container.googleapis.com/%s", _id)))
.build())
.build())
.build());
var feature = new Feature("feature", FeatureArgs.builder()
.name("configmanagement")
.location("global")
.labels(Map.of("foo", "bar"))
.build());
var featureMember = new FeatureMembership("featureMember", FeatureMembershipArgs.builder()
.location("global")
.feature(feature.name())
.membership(membership.membershipId())
.configmanagement(FeatureMembershipConfigmanagementArgs.builder()
.version("1.19.0")
.configSync(FeatureMembershipConfigmanagementConfigSyncArgs.builder()
.enabled(true)
.oci(FeatureMembershipConfigmanagementConfigSyncOciArgs.builder()
.syncRepo("us-central1-docker.pkg.dev/sample-project/config-repo/config-sync-gke:latest")
.policyDir("config-connector")
.syncWaitSecs("20")
.secretType("gcpserviceaccount")
.gcpServiceAccountEmail("sa@project-id.iam.gserviceaccount.com")
.build())
.build())
.build())
.build());
}
}
resources:
cluster:
type: gcp:container:Cluster
properties:
name: my-cluster
location: us-central1-a
initialNodeCount: 1
membership:
type: gcp:gkehub:Membership
properties:
membershipId: my-membership
endpoint:
gkeCluster:
resourceLink: //container.googleapis.com/${cluster.id}
feature:
type: gcp:gkehub:Feature
properties:
name: configmanagement
location: global
labels:
foo: bar
featureMember:
type: gcp:gkehub:FeatureMembership
name: feature_member
properties:
location: global
feature: ${feature.name}
membership: ${membership.membershipId}
configmanagement:
version: 1.19.0
configSync:
enabled: true
oci:
syncRepo: us-central1-docker.pkg.dev/sample-project/config-repo/config-sync-gke:latest
policyDir: config-connector
syncWaitSecs: '20'
secretType: gcpserviceaccount
gcpServiceAccountEmail: sa@project-id.iam.gserviceaccount.com
Config Management With Regional Membership
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const cluster = new gcp.container.Cluster("cluster", {
name: "my-cluster",
location: "us-central1-a",
initialNodeCount: 1,
});
const membership = new gcp.gkehub.Membership("membership", {
membershipId: "my-membership",
location: "us-central1",
endpoint: {
gkeCluster: {
resourceLink: pulumi.interpolate`//container.googleapis.com/${cluster.id}`,
},
},
});
const feature = new gcp.gkehub.Feature("feature", {
name: "configmanagement",
location: "global",
labels: {
foo: "bar",
},
});
const featureMember = new gcp.gkehub.FeatureMembership("feature_member", {
location: "global",
feature: feature.name,
membership: membership.membershipId,
membershipLocation: membership.location,
configmanagement: {
version: "1.19.0",
configSync: {
enabled: true,
git: {
syncRepo: "https://github.com/hashicorp/terraform",
},
},
},
});
import pulumi
import pulumi_gcp as gcp
cluster = gcp.container.Cluster("cluster",
name="my-cluster",
location="us-central1-a",
initial_node_count=1)
membership = gcp.gkehub.Membership("membership",
membership_id="my-membership",
location="us-central1",
endpoint={
"gke_cluster": {
"resource_link": cluster.id.apply(lambda id: f"//container.googleapis.com/{id}"),
},
})
feature = gcp.gkehub.Feature("feature",
name="configmanagement",
location="global",
labels={
"foo": "bar",
})
feature_member = gcp.gkehub.FeatureMembership("feature_member",
location="global",
feature=feature.name,
membership=membership.membership_id,
membership_location=membership.location,
configmanagement={
"version": "1.19.0",
"config_sync": {
"enabled": True,
"git": {
"sync_repo": "https://github.com/hashicorp/terraform",
},
},
})
package main
import (
"fmt"
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/container"
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkehub"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
cluster, err := container.NewCluster(ctx, "cluster", &container.ClusterArgs{
Name: pulumi.String("my-cluster"),
Location: pulumi.String("us-central1-a"),
InitialNodeCount: pulumi.Int(1),
})
if err != nil {
return err
}
membership, err := gkehub.NewMembership(ctx, "membership", &gkehub.MembershipArgs{
MembershipId: pulumi.String("my-membership"),
Location: pulumi.String("us-central1"),
Endpoint: &gkehub.MembershipEndpointArgs{
GkeCluster: &gkehub.MembershipEndpointGkeClusterArgs{
ResourceLink: cluster.ID().ApplyT(func(id string) (string, error) {
return fmt.Sprintf("//container.googleapis.com/%v", id), nil
}).(pulumi.StringOutput),
},
},
})
if err != nil {
return err
}
feature, err := gkehub.NewFeature(ctx, "feature", &gkehub.FeatureArgs{
Name: pulumi.String("configmanagement"),
Location: pulumi.String("global"),
Labels: pulumi.StringMap{
"foo": pulumi.String("bar"),
},
})
if err != nil {
return err
}
_, err = gkehub.NewFeatureMembership(ctx, "feature_member", &gkehub.FeatureMembershipArgs{
Location: pulumi.String("global"),
Feature: feature.Name,
Membership: membership.MembershipId,
MembershipLocation: membership.Location,
Configmanagement: &gkehub.FeatureMembershipConfigmanagementArgs{
Version: pulumi.String("1.19.0"),
ConfigSync: &gkehub.FeatureMembershipConfigmanagementConfigSyncArgs{
Enabled: pulumi.Bool(true),
Git: &gkehub.FeatureMembershipConfigmanagementConfigSyncGitArgs{
SyncRepo: pulumi.String("https://github.com/hashicorp/terraform"),
},
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var cluster = new Gcp.Container.Cluster("cluster", new()
{
Name = "my-cluster",
Location = "us-central1-a",
InitialNodeCount = 1,
});
var membership = new Gcp.GkeHub.Membership("membership", new()
{
MembershipId = "my-membership",
Location = "us-central1",
Endpoint = new Gcp.GkeHub.Inputs.MembershipEndpointArgs
{
GkeCluster = new Gcp.GkeHub.Inputs.MembershipEndpointGkeClusterArgs
{
ResourceLink = cluster.Id.Apply(id => $"//container.googleapis.com/{id}"),
},
},
});
var feature = new Gcp.GkeHub.Feature("feature", new()
{
Name = "configmanagement",
Location = "global",
Labels =
{
{ "foo", "bar" },
},
});
var featureMember = new Gcp.GkeHub.FeatureMembership("feature_member", new()
{
Location = "global",
Feature = feature.Name,
Membership = membership.MembershipId,
MembershipLocation = membership.Location,
Configmanagement = new Gcp.GkeHub.Inputs.FeatureMembershipConfigmanagementArgs
{
Version = "1.19.0",
ConfigSync = new Gcp.GkeHub.Inputs.FeatureMembershipConfigmanagementConfigSyncArgs
{
Enabled = true,
Git = new Gcp.GkeHub.Inputs.FeatureMembershipConfigmanagementConfigSyncGitArgs
{
SyncRepo = "https://github.com/hashicorp/terraform",
},
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.container.Cluster;
import com.pulumi.gcp.container.ClusterArgs;
import com.pulumi.gcp.gkehub.Membership;
import com.pulumi.gcp.gkehub.MembershipArgs;
import com.pulumi.gcp.gkehub.inputs.MembershipEndpointArgs;
import com.pulumi.gcp.gkehub.inputs.MembershipEndpointGkeClusterArgs;
import com.pulumi.gcp.gkehub.Feature;
import com.pulumi.gcp.gkehub.FeatureArgs;
import com.pulumi.gcp.gkehub.FeatureMembership;
import com.pulumi.gcp.gkehub.FeatureMembershipArgs;
import com.pulumi.gcp.gkehub.inputs.FeatureMembershipConfigmanagementArgs;
import com.pulumi.gcp.gkehub.inputs.FeatureMembershipConfigmanagementConfigSyncArgs;
import com.pulumi.gcp.gkehub.inputs.FeatureMembershipConfigmanagementConfigSyncGitArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var cluster = new Cluster("cluster", ClusterArgs.builder()
.name("my-cluster")
.location("us-central1-a")
.initialNodeCount(1)
.build());
var membership = new Membership("membership", MembershipArgs.builder()
.membershipId("my-membership")
.location("us-central1")
.endpoint(MembershipEndpointArgs.builder()
.gkeCluster(MembershipEndpointGkeClusterArgs.builder()
.resourceLink(cluster.id().applyValue(_id -> String.format("//container.googleapis.com/%s", _id)))
.build())
.build())
.build());
var feature = new Feature("feature", FeatureArgs.builder()
.name("configmanagement")
.location("global")
.labels(Map.of("foo", "bar"))
.build());
var featureMember = new FeatureMembership("featureMember", FeatureMembershipArgs.builder()
.location("global")
.feature(feature.name())
.membership(membership.membershipId())
.membershipLocation(membership.location())
.configmanagement(FeatureMembershipConfigmanagementArgs.builder()
.version("1.19.0")
.configSync(FeatureMembershipConfigmanagementConfigSyncArgs.builder()
.enabled(true)
.git(FeatureMembershipConfigmanagementConfigSyncGitArgs.builder()
.syncRepo("https://github.com/hashicorp/terraform")
.build())
.build())
.build())
.build());
}
}
resources:
cluster:
type: gcp:container:Cluster
properties:
name: my-cluster
location: us-central1-a
initialNodeCount: 1
membership:
type: gcp:gkehub:Membership
properties:
membershipId: my-membership
location: us-central1
endpoint:
gkeCluster:
resourceLink: //container.googleapis.com/${cluster.id}
feature:
type: gcp:gkehub:Feature
properties:
name: configmanagement
location: global
labels:
foo: bar
featureMember:
type: gcp:gkehub:FeatureMembership
name: feature_member
properties:
location: global
feature: ${feature.name}
membership: ${membership.membershipId}
membershipLocation: ${membership.location}
configmanagement:
version: 1.19.0
configSync:
enabled: true
git:
syncRepo: https://github.com/hashicorp/terraform
Multi Cluster Service Discovery
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const feature = new gcp.gkehub.Feature("feature", {
name: "multiclusterservicediscovery",
location: "global",
labels: {
foo: "bar",
},
});
import pulumi
import pulumi_gcp as gcp
feature = gcp.gkehub.Feature("feature",
name="multiclusterservicediscovery",
location="global",
labels={
"foo": "bar",
})
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkehub"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := gkehub.NewFeature(ctx, "feature", &gkehub.FeatureArgs{
Name: pulumi.String("multiclusterservicediscovery"),
Location: pulumi.String("global"),
Labels: pulumi.StringMap{
"foo": pulumi.String("bar"),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var feature = new Gcp.GkeHub.Feature("feature", new()
{
Name = "multiclusterservicediscovery",
Location = "global",
Labels =
{
{ "foo", "bar" },
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.gkehub.Feature;
import com.pulumi.gcp.gkehub.FeatureArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var feature = new Feature("feature", FeatureArgs.builder()
.name("multiclusterservicediscovery")
.location("global")
.labels(Map.of("foo", "bar"))
.build());
}
}
resources:
feature:
type: gcp:gkehub:Feature
properties:
name: multiclusterservicediscovery
location: global
labels:
foo: bar
Service Mesh
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const cluster = new gcp.container.Cluster("cluster", {
name: "my-cluster",
location: "us-central1-a",
initialNodeCount: 1,
});
const membership = new gcp.gkehub.Membership("membership", {
membershipId: "my-membership",
endpoint: {
gkeCluster: {
resourceLink: pulumi.interpolate`//container.googleapis.com/${cluster.id}`,
},
},
});
const feature = new gcp.gkehub.Feature("feature", {
name: "servicemesh",
location: "global",
});
const featureMember = new gcp.gkehub.FeatureMembership("feature_member", {
location: "global",
feature: feature.name,
membership: membership.membershipId,
mesh: {
management: "MANAGEMENT_AUTOMATIC",
},
});
import pulumi
import pulumi_gcp as gcp
cluster = gcp.container.Cluster("cluster",
name="my-cluster",
location="us-central1-a",
initial_node_count=1)
membership = gcp.gkehub.Membership("membership",
membership_id="my-membership",
endpoint={
"gke_cluster": {
"resource_link": cluster.id.apply(lambda id: f"//container.googleapis.com/{id}"),
},
})
feature = gcp.gkehub.Feature("feature",
name="servicemesh",
location="global")
feature_member = gcp.gkehub.FeatureMembership("feature_member",
location="global",
feature=feature.name,
membership=membership.membership_id,
mesh={
"management": "MANAGEMENT_AUTOMATIC",
})
package main
import (
"fmt"
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/container"
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkehub"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
cluster, err := container.NewCluster(ctx, "cluster", &container.ClusterArgs{
Name: pulumi.String("my-cluster"),
Location: pulumi.String("us-central1-a"),
InitialNodeCount: pulumi.Int(1),
})
if err != nil {
return err
}
membership, err := gkehub.NewMembership(ctx, "membership", &gkehub.MembershipArgs{
MembershipId: pulumi.String("my-membership"),
Endpoint: &gkehub.MembershipEndpointArgs{
GkeCluster: &gkehub.MembershipEndpointGkeClusterArgs{
ResourceLink: cluster.ID().ApplyT(func(id string) (string, error) {
return fmt.Sprintf("//container.googleapis.com/%v", id), nil
}).(pulumi.StringOutput),
},
},
})
if err != nil {
return err
}
feature, err := gkehub.NewFeature(ctx, "feature", &gkehub.FeatureArgs{
Name: pulumi.String("servicemesh"),
Location: pulumi.String("global"),
})
if err != nil {
return err
}
_, err = gkehub.NewFeatureMembership(ctx, "feature_member", &gkehub.FeatureMembershipArgs{
Location: pulumi.String("global"),
Feature: feature.Name,
Membership: membership.MembershipId,
Mesh: &gkehub.FeatureMembershipMeshArgs{
Management: pulumi.String("MANAGEMENT_AUTOMATIC"),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var cluster = new Gcp.Container.Cluster("cluster", new()
{
Name = "my-cluster",
Location = "us-central1-a",
InitialNodeCount = 1,
});
var membership = new Gcp.GkeHub.Membership("membership", new()
{
MembershipId = "my-membership",
Endpoint = new Gcp.GkeHub.Inputs.MembershipEndpointArgs
{
GkeCluster = new Gcp.GkeHub.Inputs.MembershipEndpointGkeClusterArgs
{
ResourceLink = cluster.Id.Apply(id => $"//container.googleapis.com/{id}"),
},
},
});
var feature = new Gcp.GkeHub.Feature("feature", new()
{
Name = "servicemesh",
Location = "global",
});
var featureMember = new Gcp.GkeHub.FeatureMembership("feature_member", new()
{
Location = "global",
Feature = feature.Name,
Membership = membership.MembershipId,
Mesh = new Gcp.GkeHub.Inputs.FeatureMembershipMeshArgs
{
Management = "MANAGEMENT_AUTOMATIC",
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.container.Cluster;
import com.pulumi.gcp.container.ClusterArgs;
import com.pulumi.gcp.gkehub.Membership;
import com.pulumi.gcp.gkehub.MembershipArgs;
import com.pulumi.gcp.gkehub.inputs.MembershipEndpointArgs;
import com.pulumi.gcp.gkehub.inputs.MembershipEndpointGkeClusterArgs;
import com.pulumi.gcp.gkehub.Feature;
import com.pulumi.gcp.gkehub.FeatureArgs;
import com.pulumi.gcp.gkehub.FeatureMembership;
import com.pulumi.gcp.gkehub.FeatureMembershipArgs;
import com.pulumi.gcp.gkehub.inputs.FeatureMembershipMeshArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var cluster = new Cluster("cluster", ClusterArgs.builder()
.name("my-cluster")
.location("us-central1-a")
.initialNodeCount(1)
.build());
var membership = new Membership("membership", MembershipArgs.builder()
.membershipId("my-membership")
.endpoint(MembershipEndpointArgs.builder()
.gkeCluster(MembershipEndpointGkeClusterArgs.builder()
.resourceLink(cluster.id().applyValue(_id -> String.format("//container.googleapis.com/%s", _id)))
.build())
.build())
.build());
var feature = new Feature("feature", FeatureArgs.builder()
.name("servicemesh")
.location("global")
.build());
var featureMember = new FeatureMembership("featureMember", FeatureMembershipArgs.builder()
.location("global")
.feature(feature.name())
.membership(membership.membershipId())
.mesh(FeatureMembershipMeshArgs.builder()
.management("MANAGEMENT_AUTOMATIC")
.build())
.build());
}
}
resources:
cluster:
type: gcp:container:Cluster
properties:
name: my-cluster
location: us-central1-a
initialNodeCount: 1
membership:
type: gcp:gkehub:Membership
properties:
membershipId: my-membership
endpoint:
gkeCluster:
resourceLink: //container.googleapis.com/${cluster.id}
feature:
type: gcp:gkehub:Feature
properties:
name: servicemesh
location: global
featureMember:
type: gcp:gkehub:FeatureMembership
name: feature_member
properties:
location: global
feature: ${feature.name}
membership: ${membership.membershipId}
mesh:
management: MANAGEMENT_AUTOMATIC
Policy Controller With Minimal Configuration
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const cluster = new gcp.container.Cluster("cluster", {
name: "my-cluster",
location: "us-central1-a",
initialNodeCount: 1,
});
const membership = new gcp.gkehub.Membership("membership", {
membershipId: "my-membership",
endpoint: {
gkeCluster: {
resourceLink: pulumi.interpolate`//container.googleapis.com/${cluster.id}`,
},
},
});
const feature = new gcp.gkehub.Feature("feature", {
name: "policycontroller",
location: "global",
});
const featureMember = new gcp.gkehub.FeatureMembership("feature_member", {
location: "global",
feature: feature.name,
membership: membership.membershipId,
policycontroller: {
policyControllerHubConfig: {
installSpec: "INSTALL_SPEC_ENABLED",
},
},
});
import pulumi
import pulumi_gcp as gcp
cluster = gcp.container.Cluster("cluster",
name="my-cluster",
location="us-central1-a",
initial_node_count=1)
membership = gcp.gkehub.Membership("membership",
membership_id="my-membership",
endpoint={
"gke_cluster": {
"resource_link": cluster.id.apply(lambda id: f"//container.googleapis.com/{id}"),
},
})
feature = gcp.gkehub.Feature("feature",
name="policycontroller",
location="global")
feature_member = gcp.gkehub.FeatureMembership("feature_member",
location="global",
feature=feature.name,
membership=membership.membership_id,
policycontroller={
"policy_controller_hub_config": {
"install_spec": "INSTALL_SPEC_ENABLED",
},
})
package main
import (
"fmt"
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/container"
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkehub"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
cluster, err := container.NewCluster(ctx, "cluster", &container.ClusterArgs{
Name: pulumi.String("my-cluster"),
Location: pulumi.String("us-central1-a"),
InitialNodeCount: pulumi.Int(1),
})
if err != nil {
return err
}
membership, err := gkehub.NewMembership(ctx, "membership", &gkehub.MembershipArgs{
MembershipId: pulumi.String("my-membership"),
Endpoint: &gkehub.MembershipEndpointArgs{
GkeCluster: &gkehub.MembershipEndpointGkeClusterArgs{
ResourceLink: cluster.ID().ApplyT(func(id string) (string, error) {
return fmt.Sprintf("//container.googleapis.com/%v", id), nil
}).(pulumi.StringOutput),
},
},
})
if err != nil {
return err
}
feature, err := gkehub.NewFeature(ctx, "feature", &gkehub.FeatureArgs{
Name: pulumi.String("policycontroller"),
Location: pulumi.String("global"),
})
if err != nil {
return err
}
_, err = gkehub.NewFeatureMembership(ctx, "feature_member", &gkehub.FeatureMembershipArgs{
Location: pulumi.String("global"),
Feature: feature.Name,
Membership: membership.MembershipId,
Policycontroller: &gkehub.FeatureMembershipPolicycontrollerArgs{
PolicyControllerHubConfig: &gkehub.FeatureMembershipPolicycontrollerPolicyControllerHubConfigArgs{
InstallSpec: pulumi.String("INSTALL_SPEC_ENABLED"),
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var cluster = new Gcp.Container.Cluster("cluster", new()
{
Name = "my-cluster",
Location = "us-central1-a",
InitialNodeCount = 1,
});
var membership = new Gcp.GkeHub.Membership("membership", new()
{
MembershipId = "my-membership",
Endpoint = new Gcp.GkeHub.Inputs.MembershipEndpointArgs
{
GkeCluster = new Gcp.GkeHub.Inputs.MembershipEndpointGkeClusterArgs
{
ResourceLink = cluster.Id.Apply(id => $"//container.googleapis.com/{id}"),
},
},
});
var feature = new Gcp.GkeHub.Feature("feature", new()
{
Name = "policycontroller",
Location = "global",
});
var featureMember = new Gcp.GkeHub.FeatureMembership("feature_member", new()
{
Location = "global",
Feature = feature.Name,
Membership = membership.MembershipId,
Policycontroller = new Gcp.GkeHub.Inputs.FeatureMembershipPolicycontrollerArgs
{
PolicyControllerHubConfig = new Gcp.GkeHub.Inputs.FeatureMembershipPolicycontrollerPolicyControllerHubConfigArgs
{
InstallSpec = "INSTALL_SPEC_ENABLED",
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.container.Cluster;
import com.pulumi.gcp.container.ClusterArgs;
import com.pulumi.gcp.gkehub.Membership;
import com.pulumi.gcp.gkehub.MembershipArgs;
import com.pulumi.gcp.gkehub.inputs.MembershipEndpointArgs;
import com.pulumi.gcp.gkehub.inputs.MembershipEndpointGkeClusterArgs;
import com.pulumi.gcp.gkehub.Feature;
import com.pulumi.gcp.gkehub.FeatureArgs;
import com.pulumi.gcp.gkehub.FeatureMembership;
import com.pulumi.gcp.gkehub.FeatureMembershipArgs;
import com.pulumi.gcp.gkehub.inputs.FeatureMembershipPolicycontrollerArgs;
import com.pulumi.gcp.gkehub.inputs.FeatureMembershipPolicycontrollerPolicyControllerHubConfigArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var cluster = new Cluster("cluster", ClusterArgs.builder()
.name("my-cluster")
.location("us-central1-a")
.initialNodeCount(1)
.build());
var membership = new Membership("membership", MembershipArgs.builder()
.membershipId("my-membership")
.endpoint(MembershipEndpointArgs.builder()
.gkeCluster(MembershipEndpointGkeClusterArgs.builder()
.resourceLink(cluster.id().applyValue(_id -> String.format("//container.googleapis.com/%s", _id)))
.build())
.build())
.build());
var feature = new Feature("feature", FeatureArgs.builder()
.name("policycontroller")
.location("global")
.build());
var featureMember = new FeatureMembership("featureMember", FeatureMembershipArgs.builder()
.location("global")
.feature(feature.name())
.membership(membership.membershipId())
.policycontroller(FeatureMembershipPolicycontrollerArgs.builder()
.policyControllerHubConfig(FeatureMembershipPolicycontrollerPolicyControllerHubConfigArgs.builder()
.installSpec("INSTALL_SPEC_ENABLED")
.build())
.build())
.build());
}
}
resources:
cluster:
type: gcp:container:Cluster
properties:
name: my-cluster
location: us-central1-a
initialNodeCount: 1
membership:
type: gcp:gkehub:Membership
properties:
membershipId: my-membership
endpoint:
gkeCluster:
resourceLink: //container.googleapis.com/${cluster.id}
feature:
type: gcp:gkehub:Feature
properties:
name: policycontroller
location: global
featureMember:
type: gcp:gkehub:FeatureMembership
name: feature_member
properties:
location: global
feature: ${feature.name}
membership: ${membership.membershipId}
policycontroller:
policyControllerHubConfig:
installSpec: INSTALL_SPEC_ENABLED
Policy Controller With Custom Configurations
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const cluster = new gcp.container.Cluster("cluster", {
name: "my-cluster",
location: "us-central1-a",
initialNodeCount: 1,
});
const membership = new gcp.gkehub.Membership("membership", {
membershipId: "my-membership",
endpoint: {
gkeCluster: {
resourceLink: pulumi.interpolate`//container.googleapis.com/${cluster.id}`,
},
},
});
const feature = new gcp.gkehub.Feature("feature", {
name: "policycontroller",
location: "global",
});
const featureMember = new gcp.gkehub.FeatureMembership("feature_member", {
location: "global",
feature: feature.name,
membership: membership.membershipId,
policycontroller: {
policyControllerHubConfig: {
installSpec: "INSTALL_SPEC_SUSPENDED",
policyContent: {
templateLibrary: {
installation: "NOT_INSTALLED",
},
},
constraintViolationLimit: 50,
auditIntervalSeconds: 120,
referentialRulesEnabled: true,
logDeniesEnabled: true,
mutationEnabled: true,
},
version: "1.17.0",
},
});
import pulumi
import pulumi_gcp as gcp
cluster = gcp.container.Cluster("cluster",
name="my-cluster",
location="us-central1-a",
initial_node_count=1)
membership = gcp.gkehub.Membership("membership",
membership_id="my-membership",
endpoint={
"gke_cluster": {
"resource_link": cluster.id.apply(lambda id: f"//container.googleapis.com/{id}"),
},
})
feature = gcp.gkehub.Feature("feature",
name="policycontroller",
location="global")
feature_member = gcp.gkehub.FeatureMembership("feature_member",
location="global",
feature=feature.name,
membership=membership.membership_id,
policycontroller={
"policy_controller_hub_config": {
"install_spec": "INSTALL_SPEC_SUSPENDED",
"policy_content": {
"template_library": {
"installation": "NOT_INSTALLED",
},
},
"constraint_violation_limit": 50,
"audit_interval_seconds": 120,
"referential_rules_enabled": True,
"log_denies_enabled": True,
"mutation_enabled": True,
},
"version": "1.17.0",
})
package main
import (
"fmt"
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/container"
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkehub"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
cluster, err := container.NewCluster(ctx, "cluster", &container.ClusterArgs{
Name: pulumi.String("my-cluster"),
Location: pulumi.String("us-central1-a"),
InitialNodeCount: pulumi.Int(1),
})
if err != nil {
return err
}
membership, err := gkehub.NewMembership(ctx, "membership", &gkehub.MembershipArgs{
MembershipId: pulumi.String("my-membership"),
Endpoint: &gkehub.MembershipEndpointArgs{
GkeCluster: &gkehub.MembershipEndpointGkeClusterArgs{
ResourceLink: cluster.ID().ApplyT(func(id string) (string, error) {
return fmt.Sprintf("//container.googleapis.com/%v", id), nil
}).(pulumi.StringOutput),
},
},
})
if err != nil {
return err
}
feature, err := gkehub.NewFeature(ctx, "feature", &gkehub.FeatureArgs{
Name: pulumi.String("policycontroller"),
Location: pulumi.String("global"),
})
if err != nil {
return err
}
_, err = gkehub.NewFeatureMembership(ctx, "feature_member", &gkehub.FeatureMembershipArgs{
Location: pulumi.String("global"),
Feature: feature.Name,
Membership: membership.MembershipId,
Policycontroller: &gkehub.FeatureMembershipPolicycontrollerArgs{
PolicyControllerHubConfig: &gkehub.FeatureMembershipPolicycontrollerPolicyControllerHubConfigArgs{
InstallSpec: pulumi.String("INSTALL_SPEC_SUSPENDED"),
PolicyContent: &gkehub.FeatureMembershipPolicycontrollerPolicyControllerHubConfigPolicyContentArgs{
TemplateLibrary: &gkehub.FeatureMembershipPolicycontrollerPolicyControllerHubConfigPolicyContentTemplateLibraryArgs{
Installation: pulumi.String("NOT_INSTALLED"),
},
},
ConstraintViolationLimit: pulumi.Int(50),
AuditIntervalSeconds: pulumi.Int(120),
ReferentialRulesEnabled: pulumi.Bool(true),
LogDeniesEnabled: pulumi.Bool(true),
MutationEnabled: pulumi.Bool(true),
},
Version: pulumi.String("1.17.0"),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var cluster = new Gcp.Container.Cluster("cluster", new()
{
Name = "my-cluster",
Location = "us-central1-a",
InitialNodeCount = 1,
});
var membership = new Gcp.GkeHub.Membership("membership", new()
{
MembershipId = "my-membership",
Endpoint = new Gcp.GkeHub.Inputs.MembershipEndpointArgs
{
GkeCluster = new Gcp.GkeHub.Inputs.MembershipEndpointGkeClusterArgs
{
ResourceLink = cluster.Id.Apply(id => $"//container.googleapis.com/{id}"),
},
},
});
var feature = new Gcp.GkeHub.Feature("feature", new()
{
Name = "policycontroller",
Location = "global",
});
var featureMember = new Gcp.GkeHub.FeatureMembership("feature_member", new()
{
Location = "global",
Feature = feature.Name,
Membership = membership.MembershipId,
Policycontroller = new Gcp.GkeHub.Inputs.FeatureMembershipPolicycontrollerArgs
{
PolicyControllerHubConfig = new Gcp.GkeHub.Inputs.FeatureMembershipPolicycontrollerPolicyControllerHubConfigArgs
{
InstallSpec = "INSTALL_SPEC_SUSPENDED",
PolicyContent = new Gcp.GkeHub.Inputs.FeatureMembershipPolicycontrollerPolicyControllerHubConfigPolicyContentArgs
{
TemplateLibrary = new Gcp.GkeHub.Inputs.FeatureMembershipPolicycontrollerPolicyControllerHubConfigPolicyContentTemplateLibraryArgs
{
Installation = "NOT_INSTALLED",
},
},
ConstraintViolationLimit = 50,
AuditIntervalSeconds = 120,
ReferentialRulesEnabled = true,
LogDeniesEnabled = true,
MutationEnabled = true,
},
Version = "1.17.0",
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.container.Cluster;
import com.pulumi.gcp.container.ClusterArgs;
import com.pulumi.gcp.gkehub.Membership;
import com.pulumi.gcp.gkehub.MembershipArgs;
import com.pulumi.gcp.gkehub.inputs.MembershipEndpointArgs;
import com.pulumi.gcp.gkehub.inputs.MembershipEndpointGkeClusterArgs;
import com.pulumi.gcp.gkehub.Feature;
import com.pulumi.gcp.gkehub.FeatureArgs;
import com.pulumi.gcp.gkehub.FeatureMembership;
import com.pulumi.gcp.gkehub.FeatureMembershipArgs;
import com.pulumi.gcp.gkehub.inputs.FeatureMembershipPolicycontrollerArgs;
import com.pulumi.gcp.gkehub.inputs.FeatureMembershipPolicycontrollerPolicyControllerHubConfigArgs;
import com.pulumi.gcp.gkehub.inputs.FeatureMembershipPolicycontrollerPolicyControllerHubConfigPolicyContentArgs;
import com.pulumi.gcp.gkehub.inputs.FeatureMembershipPolicycontrollerPolicyControllerHubConfigPolicyContentTemplateLibraryArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var cluster = new Cluster("cluster", ClusterArgs.builder()
.name("my-cluster")
.location("us-central1-a")
.initialNodeCount(1)
.build());
var membership = new Membership("membership", MembershipArgs.builder()
.membershipId("my-membership")
.endpoint(MembershipEndpointArgs.builder()
.gkeCluster(MembershipEndpointGkeClusterArgs.builder()
.resourceLink(cluster.id().applyValue(_id -> String.format("//container.googleapis.com/%s", _id)))
.build())
.build())
.build());
var feature = new Feature("feature", FeatureArgs.builder()
.name("policycontroller")
.location("global")
.build());
var featureMember = new FeatureMembership("featureMember", FeatureMembershipArgs.builder()
.location("global")
.feature(feature.name())
.membership(membership.membershipId())
.policycontroller(FeatureMembershipPolicycontrollerArgs.builder()
.policyControllerHubConfig(FeatureMembershipPolicycontrollerPolicyControllerHubConfigArgs.builder()
.installSpec("INSTALL_SPEC_SUSPENDED")
.policyContent(FeatureMembershipPolicycontrollerPolicyControllerHubConfigPolicyContentArgs.builder()
.templateLibrary(FeatureMembershipPolicycontrollerPolicyControllerHubConfigPolicyContentTemplateLibraryArgs.builder()
.installation("NOT_INSTALLED")
.build())
.build())
.constraintViolationLimit(50)
.auditIntervalSeconds(120)
.referentialRulesEnabled(true)
.logDeniesEnabled(true)
.mutationEnabled(true)
.build())
.version("1.17.0")
.build())
.build());
}
}
resources:
cluster:
type: gcp:container:Cluster
properties:
name: my-cluster
location: us-central1-a
initialNodeCount: 1
membership:
type: gcp:gkehub:Membership
properties:
membershipId: my-membership
endpoint:
gkeCluster:
resourceLink: //container.googleapis.com/${cluster.id}
feature:
type: gcp:gkehub:Feature
properties:
name: policycontroller
location: global
featureMember:
type: gcp:gkehub:FeatureMembership
name: feature_member
properties:
location: global
feature: ${feature.name}
membership: ${membership.membershipId}
policycontroller:
policyControllerHubConfig:
installSpec: INSTALL_SPEC_SUSPENDED
policyContent:
templateLibrary:
installation: NOT_INSTALLED
constraintViolationLimit: 50
auditIntervalSeconds: 120
referentialRulesEnabled: true
logDeniesEnabled: true
mutationEnabled: true
version: 1.17.0
Create FeatureMembership Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new FeatureMembership(name: string, args: FeatureMembershipArgs, opts?: CustomResourceOptions);@overload
def FeatureMembership(resource_name: str,
args: FeatureMembershipArgs,
opts: Optional[ResourceOptions] = None)
@overload
def FeatureMembership(resource_name: str,
opts: Optional[ResourceOptions] = None,
feature: Optional[str] = None,
location: Optional[str] = None,
membership: Optional[str] = None,
configmanagement: Optional[FeatureMembershipConfigmanagementArgs] = None,
membership_location: Optional[str] = None,
mesh: Optional[FeatureMembershipMeshArgs] = None,
policycontroller: Optional[FeatureMembershipPolicycontrollerArgs] = None,
project: Optional[str] = None)func NewFeatureMembership(ctx *Context, name string, args FeatureMembershipArgs, opts ...ResourceOption) (*FeatureMembership, error)public FeatureMembership(string name, FeatureMembershipArgs args, CustomResourceOptions? opts = null)
public FeatureMembership(String name, FeatureMembershipArgs args)
public FeatureMembership(String name, FeatureMembershipArgs args, CustomResourceOptions options)
type: gcp:gkehub:FeatureMembership
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args FeatureMembershipArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args FeatureMembershipArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args FeatureMembershipArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args FeatureMembershipArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args FeatureMembershipArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var featureMembershipResource = new Gcp.GkeHub.FeatureMembership("featureMembershipResource", new()
{
Feature = "string",
Location = "string",
Membership = "string",
Configmanagement = new Gcp.GkeHub.Inputs.FeatureMembershipConfigmanagementArgs
{
Binauthz = new Gcp.GkeHub.Inputs.FeatureMembershipConfigmanagementBinauthzArgs
{
Enabled = false,
},
ConfigSync = new Gcp.GkeHub.Inputs.FeatureMembershipConfigmanagementConfigSyncArgs
{
Enabled = false,
Git = new Gcp.GkeHub.Inputs.FeatureMembershipConfigmanagementConfigSyncGitArgs
{
GcpServiceAccountEmail = "string",
HttpsProxy = "string",
PolicyDir = "string",
SecretType = "string",
SyncBranch = "string",
SyncRepo = "string",
SyncRev = "string",
SyncWaitSecs = "string",
},
MetricsGcpServiceAccountEmail = "string",
Oci = new Gcp.GkeHub.Inputs.FeatureMembershipConfigmanagementConfigSyncOciArgs
{
GcpServiceAccountEmail = "string",
PolicyDir = "string",
SecretType = "string",
SyncRepo = "string",
SyncWaitSecs = "string",
},
PreventDrift = false,
SourceFormat = "string",
StopSyncing = false,
},
HierarchyController = new Gcp.GkeHub.Inputs.FeatureMembershipConfigmanagementHierarchyControllerArgs
{
EnableHierarchicalResourceQuota = false,
EnablePodTreeLabels = false,
Enabled = false,
},
Management = "string",
PolicyController = new Gcp.GkeHub.Inputs.FeatureMembershipConfigmanagementPolicyControllerArgs
{
AuditIntervalSeconds = "string",
Enabled = false,
ExemptableNamespaces = new[]
{
"string",
},
LogDeniesEnabled = false,
Monitoring = new Gcp.GkeHub.Inputs.FeatureMembershipConfigmanagementPolicyControllerMonitoringArgs
{
Backends = new[]
{
"string",
},
},
MutationEnabled = false,
ReferentialRulesEnabled = false,
TemplateLibraryInstalled = false,
},
Version = "string",
},
MembershipLocation = "string",
Mesh = new Gcp.GkeHub.Inputs.FeatureMembershipMeshArgs
{
Management = "string",
},
Policycontroller = new Gcp.GkeHub.Inputs.FeatureMembershipPolicycontrollerArgs
{
PolicyControllerHubConfig = new Gcp.GkeHub.Inputs.FeatureMembershipPolicycontrollerPolicyControllerHubConfigArgs
{
AuditIntervalSeconds = 0,
ConstraintViolationLimit = 0,
DeploymentConfigs = new[]
{
new Gcp.GkeHub.Inputs.FeatureMembershipPolicycontrollerPolicyControllerHubConfigDeploymentConfigArgs
{
ComponentName = "string",
ContainerResources = new Gcp.GkeHub.Inputs.FeatureMembershipPolicycontrollerPolicyControllerHubConfigDeploymentConfigContainerResourcesArgs
{
Limits = new Gcp.GkeHub.Inputs.FeatureMembershipPolicycontrollerPolicyControllerHubConfigDeploymentConfigContainerResourcesLimitsArgs
{
Cpu = "string",
Memory = "string",
},
Requests = new Gcp.GkeHub.Inputs.FeatureMembershipPolicycontrollerPolicyControllerHubConfigDeploymentConfigContainerResourcesRequestsArgs
{
Cpu = "string",
Memory = "string",
},
},
PodAffinity = "string",
PodTolerations = new[]
{
new Gcp.GkeHub.Inputs.FeatureMembershipPolicycontrollerPolicyControllerHubConfigDeploymentConfigPodTolerationArgs
{
Effect = "string",
Key = "string",
Operator = "string",
Value = "string",
},
},
ReplicaCount = 0,
},
},
ExemptableNamespaces = new[]
{
"string",
},
InstallSpec = "string",
LogDeniesEnabled = false,
Monitoring = new Gcp.GkeHub.Inputs.FeatureMembershipPolicycontrollerPolicyControllerHubConfigMonitoringArgs
{
Backends = new[]
{
"string",
},
},
MutationEnabled = false,
PolicyContent = new Gcp.GkeHub.Inputs.FeatureMembershipPolicycontrollerPolicyControllerHubConfigPolicyContentArgs
{
Bundles = new[]
{
new Gcp.GkeHub.Inputs.FeatureMembershipPolicycontrollerPolicyControllerHubConfigPolicyContentBundleArgs
{
BundleName = "string",
ExemptedNamespaces = new[]
{
"string",
},
},
},
TemplateLibrary = new Gcp.GkeHub.Inputs.FeatureMembershipPolicycontrollerPolicyControllerHubConfigPolicyContentTemplateLibraryArgs
{
Installation = "string",
},
},
ReferentialRulesEnabled = false,
},
Version = "string",
},
Project = "string",
});
example, err := gkehub.NewFeatureMembership(ctx, "featureMembershipResource", &gkehub.FeatureMembershipArgs{
Feature: pulumi.String("string"),
Location: pulumi.String("string"),
Membership: pulumi.String("string"),
Configmanagement: &gkehub.FeatureMembershipConfigmanagementArgs{
Binauthz: &gkehub.FeatureMembershipConfigmanagementBinauthzArgs{
Enabled: pulumi.Bool(false),
},
ConfigSync: &gkehub.FeatureMembershipConfigmanagementConfigSyncArgs{
Enabled: pulumi.Bool(false),
Git: &gkehub.FeatureMembershipConfigmanagementConfigSyncGitArgs{
GcpServiceAccountEmail: pulumi.String("string"),
HttpsProxy: pulumi.String("string"),
PolicyDir: pulumi.String("string"),
SecretType: pulumi.String("string"),
SyncBranch: pulumi.String("string"),
SyncRepo: pulumi.String("string"),
SyncRev: pulumi.String("string"),
SyncWaitSecs: pulumi.String("string"),
},
MetricsGcpServiceAccountEmail: pulumi.String("string"),
Oci: &gkehub.FeatureMembershipConfigmanagementConfigSyncOciArgs{
GcpServiceAccountEmail: pulumi.String("string"),
PolicyDir: pulumi.String("string"),
SecretType: pulumi.String("string"),
SyncRepo: pulumi.String("string"),
SyncWaitSecs: pulumi.String("string"),
},
PreventDrift: pulumi.Bool(false),
SourceFormat: pulumi.String("string"),
StopSyncing: pulumi.Bool(false),
},
HierarchyController: &gkehub.FeatureMembershipConfigmanagementHierarchyControllerArgs{
EnableHierarchicalResourceQuota: pulumi.Bool(false),
EnablePodTreeLabels: pulumi.Bool(false),
Enabled: pulumi.Bool(false),
},
Management: pulumi.String("string"),
PolicyController: &gkehub.FeatureMembershipConfigmanagementPolicyControllerArgs{
AuditIntervalSeconds: pulumi.String("string"),
Enabled: pulumi.Bool(false),
ExemptableNamespaces: pulumi.StringArray{
pulumi.String("string"),
},
LogDeniesEnabled: pulumi.Bool(false),
Monitoring: &gkehub.FeatureMembershipConfigmanagementPolicyControllerMonitoringArgs{
Backends: pulumi.StringArray{
pulumi.String("string"),
},
},
MutationEnabled: pulumi.Bool(false),
ReferentialRulesEnabled: pulumi.Bool(false),
TemplateLibraryInstalled: pulumi.Bool(false),
},
Version: pulumi.String("string"),
},
MembershipLocation: pulumi.String("string"),
Mesh: &gkehub.FeatureMembershipMeshArgs{
Management: pulumi.String("string"),
},
Policycontroller: &gkehub.FeatureMembershipPolicycontrollerArgs{
PolicyControllerHubConfig: &gkehub.FeatureMembershipPolicycontrollerPolicyControllerHubConfigArgs{
AuditIntervalSeconds: pulumi.Int(0),
ConstraintViolationLimit: pulumi.Int(0),
DeploymentConfigs: gkehub.FeatureMembershipPolicycontrollerPolicyControllerHubConfigDeploymentConfigArray{
&gkehub.FeatureMembershipPolicycontrollerPolicyControllerHubConfigDeploymentConfigArgs{
ComponentName: pulumi.String("string"),
ContainerResources: &gkehub.FeatureMembershipPolicycontrollerPolicyControllerHubConfigDeploymentConfigContainerResourcesArgs{
Limits: &gkehub.FeatureMembershipPolicycontrollerPolicyControllerHubConfigDeploymentConfigContainerResourcesLimitsArgs{
Cpu: pulumi.String("string"),
Memory: pulumi.String("string"),
},
Requests: &gkehub.FeatureMembershipPolicycontrollerPolicyControllerHubConfigDeploymentConfigContainerResourcesRequestsArgs{
Cpu: pulumi.String("string"),
Memory: pulumi.String("string"),
},
},
PodAffinity: pulumi.String("string"),
PodTolerations: gkehub.FeatureMembershipPolicycontrollerPolicyControllerHubConfigDeploymentConfigPodTolerationArray{
&gkehub.FeatureMembershipPolicycontrollerPolicyControllerHubConfigDeploymentConfigPodTolerationArgs{
Effect: pulumi.String("string"),
Key: pulumi.String("string"),
Operator: pulumi.String("string"),
Value: pulumi.String("string"),
},
},
ReplicaCount: pulumi.Int(0),
},
},
ExemptableNamespaces: pulumi.StringArray{
pulumi.String("string"),
},
InstallSpec: pulumi.String("string"),
LogDeniesEnabled: pulumi.Bool(false),
Monitoring: &gkehub.FeatureMembershipPolicycontrollerPolicyControllerHubConfigMonitoringArgs{
Backends: pulumi.StringArray{
pulumi.String("string"),
},
},
MutationEnabled: pulumi.Bool(false),
PolicyContent: &gkehub.FeatureMembershipPolicycontrollerPolicyControllerHubConfigPolicyContentArgs{
Bundles: gkehub.FeatureMembershipPolicycontrollerPolicyControllerHubConfigPolicyContentBundleArray{
&gkehub.FeatureMembershipPolicycontrollerPolicyControllerHubConfigPolicyContentBundleArgs{
BundleName: pulumi.String("string"),
ExemptedNamespaces: pulumi.StringArray{
pulumi.String("string"),
},
},
},
TemplateLibrary: &gkehub.FeatureMembershipPolicycontrollerPolicyControllerHubConfigPolicyContentTemplateLibraryArgs{
Installation: pulumi.String("string"),
},
},
ReferentialRulesEnabled: pulumi.Bool(false),
},
Version: pulumi.String("string"),
},
Project: pulumi.String("string"),
})
var featureMembershipResource = new FeatureMembership("featureMembershipResource", FeatureMembershipArgs.builder()
.feature("string")
.location("string")
.membership("string")
.configmanagement(FeatureMembershipConfigmanagementArgs.builder()
.binauthz(FeatureMembershipConfigmanagementBinauthzArgs.builder()
.enabled(false)
.build())
.configSync(FeatureMembershipConfigmanagementConfigSyncArgs.builder()
.enabled(false)
.git(FeatureMembershipConfigmanagementConfigSyncGitArgs.builder()
.gcpServiceAccountEmail("string")
.httpsProxy("string")
.policyDir("string")
.secretType("string")
.syncBranch("string")
.syncRepo("string")
.syncRev("string")
.syncWaitSecs("string")
.build())
.metricsGcpServiceAccountEmail("string")
.oci(FeatureMembershipConfigmanagementConfigSyncOciArgs.builder()
.gcpServiceAccountEmail("string")
.policyDir("string")
.secretType("string")
.syncRepo("string")
.syncWaitSecs("string")
.build())
.preventDrift(false)
.sourceFormat("string")
.stopSyncing(false)
.build())
.hierarchyController(FeatureMembershipConfigmanagementHierarchyControllerArgs.builder()
.enableHierarchicalResourceQuota(false)
.enablePodTreeLabels(false)
.enabled(false)
.build())
.management("string")
.policyController(FeatureMembershipConfigmanagementPolicyControllerArgs.builder()
.auditIntervalSeconds("string")
.enabled(false)
.exemptableNamespaces("string")
.logDeniesEnabled(false)
.monitoring(FeatureMembershipConfigmanagementPolicyControllerMonitoringArgs.builder()
.backends("string")
.build())
.mutationEnabled(false)
.referentialRulesEnabled(false)
.templateLibraryInstalled(false)
.build())
.version("string")
.build())
.membershipLocation("string")
.mesh(FeatureMembershipMeshArgs.builder()
.management("string")
.build())
.policycontroller(FeatureMembershipPolicycontrollerArgs.builder()
.policyControllerHubConfig(FeatureMembershipPolicycontrollerPolicyControllerHubConfigArgs.builder()
.auditIntervalSeconds(0)
.constraintViolationLimit(0)
.deploymentConfigs(FeatureMembershipPolicycontrollerPolicyControllerHubConfigDeploymentConfigArgs.builder()
.componentName("string")
.containerResources(FeatureMembershipPolicycontrollerPolicyControllerHubConfigDeploymentConfigContainerResourcesArgs.builder()
.limits(FeatureMembershipPolicycontrollerPolicyControllerHubConfigDeploymentConfigContainerResourcesLimitsArgs.builder()
.cpu("string")
.memory("string")
.build())
.requests(FeatureMembershipPolicycontrollerPolicyControllerHubConfigDeploymentConfigContainerResourcesRequestsArgs.builder()
.cpu("string")
.memory("string")
.build())
.build())
.podAffinity("string")
.podTolerations(FeatureMembershipPolicycontrollerPolicyControllerHubConfigDeploymentConfigPodTolerationArgs.builder()
.effect("string")
.key("string")
.operator("string")
.value("string")
.build())
.replicaCount(0)
.build())
.exemptableNamespaces("string")
.installSpec("string")
.logDeniesEnabled(false)
.monitoring(FeatureMembershipPolicycontrollerPolicyControllerHubConfigMonitoringArgs.builder()
.backends("string")
.build())
.mutationEnabled(false)
.policyContent(FeatureMembershipPolicycontrollerPolicyControllerHubConfigPolicyContentArgs.builder()
.bundles(FeatureMembershipPolicycontrollerPolicyControllerHubConfigPolicyContentBundleArgs.builder()
.bundleName("string")
.exemptedNamespaces("string")
.build())
.templateLibrary(FeatureMembershipPolicycontrollerPolicyControllerHubConfigPolicyContentTemplateLibraryArgs.builder()
.installation("string")
.build())
.build())
.referentialRulesEnabled(false)
.build())
.version("string")
.build())
.project("string")
.build());
feature_membership_resource = gcp.gkehub.FeatureMembership("featureMembershipResource",
feature="string",
location="string",
membership="string",
configmanagement={
"binauthz": {
"enabled": False,
},
"config_sync": {
"enabled": False,
"git": {
"gcp_service_account_email": "string",
"https_proxy": "string",
"policy_dir": "string",
"secret_type": "string",
"sync_branch": "string",
"sync_repo": "string",
"sync_rev": "string",
"sync_wait_secs": "string",
},
"metrics_gcp_service_account_email": "string",
"oci": {
"gcp_service_account_email": "string",
"policy_dir": "string",
"secret_type": "string",
"sync_repo": "string",
"sync_wait_secs": "string",
},
"prevent_drift": False,
"source_format": "string",
"stop_syncing": False,
},
"hierarchy_controller": {
"enable_hierarchical_resource_quota": False,
"enable_pod_tree_labels": False,
"enabled": False,
},
"management": "string",
"policy_controller": {
"audit_interval_seconds": "string",
"enabled": False,
"exemptable_namespaces": ["string"],
"log_denies_enabled": False,
"monitoring": {
"backends": ["string"],
},
"mutation_enabled": False,
"referential_rules_enabled": False,
"template_library_installed": False,
},
"version": "string",
},
membership_location="string",
mesh={
"management": "string",
},
policycontroller={
"policy_controller_hub_config": {
"audit_interval_seconds": 0,
"constraint_violation_limit": 0,
"deployment_configs": [{
"component_name": "string",
"container_resources": {
"limits": {
"cpu": "string",
"memory": "string",
},
"requests": {
"cpu": "string",
"memory": "string",
},
},
"pod_affinity": "string",
"pod_tolerations": [{
"effect": "string",
"key": "string",
"operator": "string",
"value": "string",
}],
"replica_count": 0,
}],
"exemptable_namespaces": ["string"],
"install_spec": "string",
"log_denies_enabled": False,
"monitoring": {
"backends": ["string"],
},
"mutation_enabled": False,
"policy_content": {
"bundles": [{
"bundle_name": "string",
"exempted_namespaces": ["string"],
}],
"template_library": {
"installation": "string",
},
},
"referential_rules_enabled": False,
},
"version": "string",
},
project="string")
const featureMembershipResource = new gcp.gkehub.FeatureMembership("featureMembershipResource", {
feature: "string",
location: "string",
membership: "string",
configmanagement: {
binauthz: {
enabled: false,
},
configSync: {
enabled: false,
git: {
gcpServiceAccountEmail: "string",
httpsProxy: "string",
policyDir: "string",
secretType: "string",
syncBranch: "string",
syncRepo: "string",
syncRev: "string",
syncWaitSecs: "string",
},
metricsGcpServiceAccountEmail: "string",
oci: {
gcpServiceAccountEmail: "string",
policyDir: "string",
secretType: "string",
syncRepo: "string",
syncWaitSecs: "string",
},
preventDrift: false,
sourceFormat: "string",
stopSyncing: false,
},
hierarchyController: {
enableHierarchicalResourceQuota: false,
enablePodTreeLabels: false,
enabled: false,
},
management: "string",
policyController: {
auditIntervalSeconds: "string",
enabled: false,
exemptableNamespaces: ["string"],
logDeniesEnabled: false,
monitoring: {
backends: ["string"],
},
mutationEnabled: false,
referentialRulesEnabled: false,
templateLibraryInstalled: false,
},
version: "string",
},
membershipLocation: "string",
mesh: {
management: "string",
},
policycontroller: {
policyControllerHubConfig: {
auditIntervalSeconds: 0,
constraintViolationLimit: 0,
deploymentConfigs: [{
componentName: "string",
containerResources: {
limits: {
cpu: "string",
memory: "string",
},
requests: {
cpu: "string",
memory: "string",
},
},
podAffinity: "string",
podTolerations: [{
effect: "string",
key: "string",
operator: "string",
value: "string",
}],
replicaCount: 0,
}],
exemptableNamespaces: ["string"],
installSpec: "string",
logDeniesEnabled: false,
monitoring: {
backends: ["string"],
},
mutationEnabled: false,
policyContent: {
bundles: [{
bundleName: "string",
exemptedNamespaces: ["string"],
}],
templateLibrary: {
installation: "string",
},
},
referentialRulesEnabled: false,
},
version: "string",
},
project: "string",
});
type: gcp:gkehub:FeatureMembership
properties:
configmanagement:
binauthz:
enabled: false
configSync:
enabled: false
git:
gcpServiceAccountEmail: string
httpsProxy: string
policyDir: string
secretType: string
syncBranch: string
syncRepo: string
syncRev: string
syncWaitSecs: string
metricsGcpServiceAccountEmail: string
oci:
gcpServiceAccountEmail: string
policyDir: string
secretType: string
syncRepo: string
syncWaitSecs: string
preventDrift: false
sourceFormat: string
stopSyncing: false
hierarchyController:
enableHierarchicalResourceQuota: false
enablePodTreeLabels: false
enabled: false
management: string
policyController:
auditIntervalSeconds: string
enabled: false
exemptableNamespaces:
- string
logDeniesEnabled: false
monitoring:
backends:
- string
mutationEnabled: false
referentialRulesEnabled: false
templateLibraryInstalled: false
version: string
feature: string
location: string
membership: string
membershipLocation: string
mesh:
management: string
policycontroller:
policyControllerHubConfig:
auditIntervalSeconds: 0
constraintViolationLimit: 0
deploymentConfigs:
- componentName: string
containerResources:
limits:
cpu: string
memory: string
requests:
cpu: string
memory: string
podAffinity: string
podTolerations:
- effect: string
key: string
operator: string
value: string
replicaCount: 0
exemptableNamespaces:
- string
installSpec: string
logDeniesEnabled: false
monitoring:
backends:
- string
mutationEnabled: false
policyContent:
bundles:
- bundleName: string
exemptedNamespaces:
- string
templateLibrary:
installation: string
referentialRulesEnabled: false
version: string
project: string
FeatureMembership Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The FeatureMembership resource accepts the following input properties:
- Feature string
- The name of the feature
- Location string
- The location of the feature
- Membership string
- The name of the membership
- Configmanagement
Feature
Membership Configmanagement - Config Management-specific spec. Structure is documented below.
- Membership
Location string - The location of the membership, for example, "us-central1". Default is "global".
- Mesh
Feature
Membership Mesh - Service mesh specific spec. Structure is documented below.
- Policycontroller
Feature
Membership Policycontroller - Policy Controller-specific spec. Structure is documented below.
- Project string
- The project of the feature
- Feature string
- The name of the feature
- Location string
- The location of the feature
- Membership string
- The name of the membership
- Configmanagement
Feature
Membership Configmanagement Args - Config Management-specific spec. Structure is documented below.
- Membership
Location string - The location of the membership, for example, "us-central1". Default is "global".
- Mesh
Feature
Membership Mesh Args - Service mesh specific spec. Structure is documented below.
- Policycontroller
Feature
Membership Policycontroller Args - Policy Controller-specific spec. Structure is documented below.
- Project string
- The project of the feature
- feature String
- The name of the feature
- location String
- The location of the feature
- membership String
- The name of the membership
- configmanagement
Feature
Membership Configmanagement - Config Management-specific spec. Structure is documented below.
- membership
Location String - The location of the membership, for example, "us-central1". Default is "global".
- mesh
Feature
Membership Mesh - Service mesh specific spec. Structure is documented below.
- policycontroller
Feature
Membership Policycontroller - Policy Controller-specific spec. Structure is documented below.
- project String
- The project of the feature
- feature string
- The name of the feature
- location string
- The location of the feature
- membership string
- The name of the membership
- configmanagement
Feature
Membership Configmanagement - Config Management-specific spec. Structure is documented below.
- membership
Location string - The location of the membership, for example, "us-central1". Default is "global".
- mesh
Feature
Membership Mesh - Service mesh specific spec. Structure is documented below.
- policycontroller
Feature
Membership Policycontroller - Policy Controller-specific spec. Structure is documented below.
- project string
- The project of the feature
- feature str
- The name of the feature
- location str
- The location of the feature
- membership str
- The name of the membership
- configmanagement
Feature
Membership Configmanagement Args - Config Management-specific spec. Structure is documented below.
- membership_
location str - The location of the membership, for example, "us-central1". Default is "global".
- mesh
Feature
Membership Mesh Args - Service mesh specific spec. Structure is documented below.
- policycontroller
Feature
Membership Policycontroller Args - Policy Controller-specific spec. Structure is documented below.
- project str
- The project of the feature
- feature String
- The name of the feature
- location String
- The location of the feature
- membership String
- The name of the membership
- configmanagement Property Map
- Config Management-specific spec. Structure is documented below.
- membership
Location String - The location of the membership, for example, "us-central1". Default is "global".
- mesh Property Map
- Service mesh specific spec. Structure is documented below.
- policycontroller Property Map
- Policy Controller-specific spec. Structure is documented below.
- project String
- The project of the feature
Outputs
All input properties are implicitly available as output properties. Additionally, the FeatureMembership resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing FeatureMembership Resource
Get an existing FeatureMembership resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: FeatureMembershipState, opts?: CustomResourceOptions): FeatureMembership@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
configmanagement: Optional[FeatureMembershipConfigmanagementArgs] = None,
feature: Optional[str] = None,
location: Optional[str] = None,
membership: Optional[str] = None,
membership_location: Optional[str] = None,
mesh: Optional[FeatureMembershipMeshArgs] = None,
policycontroller: Optional[FeatureMembershipPolicycontrollerArgs] = None,
project: Optional[str] = None) -> FeatureMembershipfunc GetFeatureMembership(ctx *Context, name string, id IDInput, state *FeatureMembershipState, opts ...ResourceOption) (*FeatureMembership, error)public static FeatureMembership Get(string name, Input<string> id, FeatureMembershipState? state, CustomResourceOptions? opts = null)public static FeatureMembership get(String name, Output<String> id, FeatureMembershipState state, CustomResourceOptions options)resources: _: type: gcp:gkehub:FeatureMembership get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Configmanagement
Feature
Membership Configmanagement - Config Management-specific spec. Structure is documented below.
- Feature string
- The name of the feature
- Location string
- The location of the feature
- Membership string
- The name of the membership
- Membership
Location string - The location of the membership, for example, "us-central1". Default is "global".
- Mesh
Feature
Membership Mesh - Service mesh specific spec. Structure is documented below.
- Policycontroller
Feature
Membership Policycontroller - Policy Controller-specific spec. Structure is documented below.
- Project string
- The project of the feature
- Configmanagement
Feature
Membership Configmanagement Args - Config Management-specific spec. Structure is documented below.
- Feature string
- The name of the feature
- Location string
- The location of the feature
- Membership string
- The name of the membership
- Membership
Location string - The location of the membership, for example, "us-central1". Default is "global".
- Mesh
Feature
Membership Mesh Args - Service mesh specific spec. Structure is documented below.
- Policycontroller
Feature
Membership Policycontroller Args - Policy Controller-specific spec. Structure is documented below.
- Project string
- The project of the feature
- configmanagement
Feature
Membership Configmanagement - Config Management-specific spec. Structure is documented below.
- feature String
- The name of the feature
- location String
- The location of the feature
- membership String
- The name of the membership
- membership
Location String - The location of the membership, for example, "us-central1". Default is "global".
- mesh
Feature
Membership Mesh - Service mesh specific spec. Structure is documented below.
- policycontroller
Feature
Membership Policycontroller - Policy Controller-specific spec. Structure is documented below.
- project String
- The project of the feature
- configmanagement
Feature
Membership Configmanagement - Config Management-specific spec. Structure is documented below.
- feature string
- The name of the feature
- location string
- The location of the feature
- membership string
- The name of the membership
- membership
Location string - The location of the membership, for example, "us-central1". Default is "global".
- mesh
Feature
Membership Mesh - Service mesh specific spec. Structure is documented below.
- policycontroller
Feature
Membership Policycontroller - Policy Controller-specific spec. Structure is documented below.
- project string
- The project of the feature
- configmanagement
Feature
Membership Configmanagement Args - Config Management-specific spec. Structure is documented below.
- feature str
- The name of the feature
- location str
- The location of the feature
- membership str
- The name of the membership
- membership_
location str - The location of the membership, for example, "us-central1". Default is "global".
- mesh
Feature
Membership Mesh Args - Service mesh specific spec. Structure is documented below.
- policycontroller
Feature
Membership Policycontroller Args - Policy Controller-specific spec. Structure is documented below.
- project str
- The project of the feature
- configmanagement Property Map
- Config Management-specific spec. Structure is documented below.
- feature String
- The name of the feature
- location String
- The location of the feature
- membership String
- The name of the membership
- membership
Location String - The location of the membership, for example, "us-central1". Default is "global".
- mesh Property Map
- Service mesh specific spec. Structure is documented below.
- policycontroller Property Map
- Policy Controller-specific spec. Structure is documented below.
- project String
- The project of the feature
Supporting Types
FeatureMembershipConfigmanagement, FeatureMembershipConfigmanagementArgs
- Binauthz
Feature
Membership Configmanagement Binauthz - (Optional, Deprecated) Binauthz configuration for the cluster. Structure is documented below. This field will be ignored and should not be set.
- Config
Sync FeatureMembership Configmanagement Config Sync - Config Sync configuration for the cluster. Structure is documented below.
- Hierarchy
Controller FeatureMembership Configmanagement Hierarchy Controller - Hierarchy Controller configuration for the cluster. Structure is documented below. Configuring Hierarchy Controller through the configmanagement feature is no longer recommended. Use open source Kubernetes Hierarchical Namespace Controller (HNC) instead. Follow the instructions to migrate from Hierarchy Controller to HNC.
- Management string
- Set this field to MANAGEMENT_AUTOMATIC to enable Config Sync auto-upgrades, and set this field to MANAGEMENT_MANUAL or MANAGEMENT_UNSPECIFIED to disable Config Sync auto-upgrades.
- Policy
Controller FeatureMembership Configmanagement Policy Controller - Policy Controller configuration for the cluster. Structure is documented below. Configuring Policy Controller through the configmanagement feature is no longer recommended. Use the policycontroller feature instead.
- Version string
- Version of Config Sync installed.
- Binauthz
Feature
Membership Configmanagement Binauthz - (Optional, Deprecated) Binauthz configuration for the cluster. Structure is documented below. This field will be ignored and should not be set.
- Config
Sync FeatureMembership Configmanagement Config Sync - Config Sync configuration for the cluster. Structure is documented below.
- Hierarchy
Controller FeatureMembership Configmanagement Hierarchy Controller - Hierarchy Controller configuration for the cluster. Structure is documented below. Configuring Hierarchy Controller through the configmanagement feature is no longer recommended. Use open source Kubernetes Hierarchical Namespace Controller (HNC) instead. Follow the instructions to migrate from Hierarchy Controller to HNC.
- Management string
- Set this field to MANAGEMENT_AUTOMATIC to enable Config Sync auto-upgrades, and set this field to MANAGEMENT_MANUAL or MANAGEMENT_UNSPECIFIED to disable Config Sync auto-upgrades.
- Policy
Controller FeatureMembership Configmanagement Policy Controller - Policy Controller configuration for the cluster. Structure is documented below. Configuring Policy Controller through the configmanagement feature is no longer recommended. Use the policycontroller feature instead.
- Version string
- Version of Config Sync installed.
- binauthz
Feature
Membership Configmanagement Binauthz - (Optional, Deprecated) Binauthz configuration for the cluster. Structure is documented below. This field will be ignored and should not be set.
- config
Sync FeatureMembership Configmanagement Config Sync - Config Sync configuration for the cluster. Structure is documented below.
- hierarchy
Controller FeatureMembership Configmanagement Hierarchy Controller - Hierarchy Controller configuration for the cluster. Structure is documented below. Configuring Hierarchy Controller through the configmanagement feature is no longer recommended. Use open source Kubernetes Hierarchical Namespace Controller (HNC) instead. Follow the instructions to migrate from Hierarchy Controller to HNC.
- management String
- Set this field to MANAGEMENT_AUTOMATIC to enable Config Sync auto-upgrades, and set this field to MANAGEMENT_MANUAL or MANAGEMENT_UNSPECIFIED to disable Config Sync auto-upgrades.
- policy
Controller FeatureMembership Configmanagement Policy Controller - Policy Controller configuration for the cluster. Structure is documented below. Configuring Policy Controller through the configmanagement feature is no longer recommended. Use the policycontroller feature instead.
- version String
- Version of Config Sync installed.
- binauthz
Feature
Membership Configmanagement Binauthz - (Optional, Deprecated) Binauthz configuration for the cluster. Structure is documented below. This field will be ignored and should not be set.
- config
Sync FeatureMembership Configmanagement Config Sync - Config Sync configuration for the cluster. Structure is documented below.
- hierarchy
Controller FeatureMembership Configmanagement Hierarchy Controller - Hierarchy Controller configuration for the cluster. Structure is documented below. Configuring Hierarchy Controller through the configmanagement feature is no longer recommended. Use open source Kubernetes Hierarchical Namespace Controller (HNC) instead. Follow the instructions to migrate from Hierarchy Controller to HNC.
- management string
- Set this field to MANAGEMENT_AUTOMATIC to enable Config Sync auto-upgrades, and set this field to MANAGEMENT_MANUAL or MANAGEMENT_UNSPECIFIED to disable Config Sync auto-upgrades.
- policy
Controller FeatureMembership Configmanagement Policy Controller - Policy Controller configuration for the cluster. Structure is documented below. Configuring Policy Controller through the configmanagement feature is no longer recommended. Use the policycontroller feature instead.
- version string
- Version of Config Sync installed.
- binauthz
Feature
Membership Configmanagement Binauthz - (Optional, Deprecated) Binauthz configuration for the cluster. Structure is documented below. This field will be ignored and should not be set.
- config_
sync FeatureMembership Configmanagement Config Sync - Config Sync configuration for the cluster. Structure is documented below.
- hierarchy_
controller FeatureMembership Configmanagement Hierarchy Controller - Hierarchy Controller configuration for the cluster. Structure is documented below. Configuring Hierarchy Controller through the configmanagement feature is no longer recommended. Use open source Kubernetes Hierarchical Namespace Controller (HNC) instead. Follow the instructions to migrate from Hierarchy Controller to HNC.
- management str
- Set this field to MANAGEMENT_AUTOMATIC to enable Config Sync auto-upgrades, and set this field to MANAGEMENT_MANUAL or MANAGEMENT_UNSPECIFIED to disable Config Sync auto-upgrades.
- policy_
controller FeatureMembership Configmanagement Policy Controller - Policy Controller configuration for the cluster. Structure is documented below. Configuring Policy Controller through the configmanagement feature is no longer recommended. Use the policycontroller feature instead.
- version str
- Version of Config Sync installed.
- binauthz Property Map
- (Optional, Deprecated) Binauthz configuration for the cluster. Structure is documented below. This field will be ignored and should not be set.
- config
Sync Property Map - Config Sync configuration for the cluster. Structure is documented below.
- hierarchy
Controller Property Map - Hierarchy Controller configuration for the cluster. Structure is documented below. Configuring Hierarchy Controller through the configmanagement feature is no longer recommended. Use open source Kubernetes Hierarchical Namespace Controller (HNC) instead. Follow the instructions to migrate from Hierarchy Controller to HNC.
- management String
- Set this field to MANAGEMENT_AUTOMATIC to enable Config Sync auto-upgrades, and set this field to MANAGEMENT_MANUAL or MANAGEMENT_UNSPECIFIED to disable Config Sync auto-upgrades.
- policy
Controller Property Map - Policy Controller configuration for the cluster. Structure is documented below. Configuring Policy Controller through the configmanagement feature is no longer recommended. Use the policycontroller feature instead.
- version String
- Version of Config Sync installed.
FeatureMembershipConfigmanagementBinauthz, FeatureMembershipConfigmanagementBinauthzArgs
- Enabled bool
- Whether binauthz is enabled in this cluster.
- Enabled bool
- Whether binauthz is enabled in this cluster.
- enabled Boolean
- Whether binauthz is enabled in this cluster.
- enabled boolean
- Whether binauthz is enabled in this cluster.
- enabled bool
- Whether binauthz is enabled in this cluster.
- enabled Boolean
- Whether binauthz is enabled in this cluster.
FeatureMembershipConfigmanagementConfigSync, FeatureMembershipConfigmanagementConfigSyncArgs
- Enabled bool
- Enables the installation of ConfigSync. If set to true, ConfigSync resources will be created and the other ConfigSync fields will be applied if exist. If set to false, all other ConfigSync fields will be ignored, ConfigSync resources will be deleted. If omitted, ConfigSync resources will be managed depends on the presence of the git or oci field.
- Git
Feature
Membership Configmanagement Config Sync Git - (Optional) Structure is documented below.
- Metrics
Gcp stringService Account Email - Deprecated: If Workload Identity Federation for GKE is enabled, Google Cloud Service Account is no longer needed for exporting Config Sync metrics: https://cloud.google.com/kubernetes-engine/enterprise/config-sync/docs/how-to/monitor-config-sync-cloud-monitoring#custom-monitoring.
- Oci
Feature
Membership Configmanagement Config Sync Oci (Optional) Supported from Config Sync versions 1.12.0 onwards. Structure is documented below.
Use either
gitorociconfig option.- Prevent
Drift bool - Supported from Config Sync versions 1.10.0 onwards. Set to
trueto enable the Config Sync admission webhook to prevent drifts. If set tofalse, disables the Config Sync admission webhook and does not prevent drifts. - Source
Format string - Specifies whether the Config Sync Repo is in "hierarchical" or "unstructured" mode.
- Stop
Syncing bool - Set to
trueto stop syncing configurations for a single cluster. This field is only available on clusters using Config Sync auto-upgrades or on Config Sync version 1.20.0 or later. Defaults:false.
- Enabled bool
- Enables the installation of ConfigSync. If set to true, ConfigSync resources will be created and the other ConfigSync fields will be applied if exist. If set to false, all other ConfigSync fields will be ignored, ConfigSync resources will be deleted. If omitted, ConfigSync resources will be managed depends on the presence of the git or oci field.
- Git
Feature
Membership Configmanagement Config Sync Git - (Optional) Structure is documented below.
- Metrics
Gcp stringService Account Email - Deprecated: If Workload Identity Federation for GKE is enabled, Google Cloud Service Account is no longer needed for exporting Config Sync metrics: https://cloud.google.com/kubernetes-engine/enterprise/config-sync/docs/how-to/monitor-config-sync-cloud-monitoring#custom-monitoring.
- Oci
Feature
Membership Configmanagement Config Sync Oci (Optional) Supported from Config Sync versions 1.12.0 onwards. Structure is documented below.
Use either
gitorociconfig option.- Prevent
Drift bool - Supported from Config Sync versions 1.10.0 onwards. Set to
trueto enable the Config Sync admission webhook to prevent drifts. If set tofalse, disables the Config Sync admission webhook and does not prevent drifts. - Source
Format string - Specifies whether the Config Sync Repo is in "hierarchical" or "unstructured" mode.
- Stop
Syncing bool - Set to
trueto stop syncing configurations for a single cluster. This field is only available on clusters using Config Sync auto-upgrades or on Config Sync version 1.20.0 or later. Defaults:false.
- enabled Boolean
- Enables the installation of ConfigSync. If set to true, ConfigSync resources will be created and the other ConfigSync fields will be applied if exist. If set to false, all other ConfigSync fields will be ignored, ConfigSync resources will be deleted. If omitted, ConfigSync resources will be managed depends on the presence of the git or oci field.
- git
Feature
Membership Configmanagement Config Sync Git - (Optional) Structure is documented below.
- metrics
Gcp StringService Account Email - Deprecated: If Workload Identity Federation for GKE is enabled, Google Cloud Service Account is no longer needed for exporting Config Sync metrics: https://cloud.google.com/kubernetes-engine/enterprise/config-sync/docs/how-to/monitor-config-sync-cloud-monitoring#custom-monitoring.
- oci
Feature
Membership Configmanagement Config Sync Oci (Optional) Supported from Config Sync versions 1.12.0 onwards. Structure is documented below.
Use either
gitorociconfig option.- prevent
Drift Boolean - Supported from Config Sync versions 1.10.0 onwards. Set to
trueto enable the Config Sync admission webhook to prevent drifts. If set tofalse, disables the Config Sync admission webhook and does not prevent drifts. - source
Format String - Specifies whether the Config Sync Repo is in "hierarchical" or "unstructured" mode.
- stop
Syncing Boolean - Set to
trueto stop syncing configurations for a single cluster. This field is only available on clusters using Config Sync auto-upgrades or on Config Sync version 1.20.0 or later. Defaults:false.
- enabled boolean
- Enables the installation of ConfigSync. If set to true, ConfigSync resources will be created and the other ConfigSync fields will be applied if exist. If set to false, all other ConfigSync fields will be ignored, ConfigSync resources will be deleted. If omitted, ConfigSync resources will be managed depends on the presence of the git or oci field.
- git
Feature
Membership Configmanagement Config Sync Git - (Optional) Structure is documented below.
- metrics
Gcp stringService Account Email - Deprecated: If Workload Identity Federation for GKE is enabled, Google Cloud Service Account is no longer needed for exporting Config Sync metrics: https://cloud.google.com/kubernetes-engine/enterprise/config-sync/docs/how-to/monitor-config-sync-cloud-monitoring#custom-monitoring.
- oci
Feature
Membership Configmanagement Config Sync Oci (Optional) Supported from Config Sync versions 1.12.0 onwards. Structure is documented below.
Use either
gitorociconfig option.- prevent
Drift boolean - Supported from Config Sync versions 1.10.0 onwards. Set to
trueto enable the Config Sync admission webhook to prevent drifts. If set tofalse, disables the Config Sync admission webhook and does not prevent drifts. - source
Format string - Specifies whether the Config Sync Repo is in "hierarchical" or "unstructured" mode.
- stop
Syncing boolean - Set to
trueto stop syncing configurations for a single cluster. This field is only available on clusters using Config Sync auto-upgrades or on Config Sync version 1.20.0 or later. Defaults:false.
- enabled bool
- Enables the installation of ConfigSync. If set to true, ConfigSync resources will be created and the other ConfigSync fields will be applied if exist. If set to false, all other ConfigSync fields will be ignored, ConfigSync resources will be deleted. If omitted, ConfigSync resources will be managed depends on the presence of the git or oci field.
- git
Feature
Membership Configmanagement Config Sync Git - (Optional) Structure is documented below.
- metrics_
gcp_ strservice_ account_ email - Deprecated: If Workload Identity Federation for GKE is enabled, Google Cloud Service Account is no longer needed for exporting Config Sync metrics: https://cloud.google.com/kubernetes-engine/enterprise/config-sync/docs/how-to/monitor-config-sync-cloud-monitoring#custom-monitoring.
- oci
Feature
Membership Configmanagement Config Sync Oci (Optional) Supported from Config Sync versions 1.12.0 onwards. Structure is documented below.
Use either
gitorociconfig option.- prevent_
drift bool - Supported from Config Sync versions 1.10.0 onwards. Set to
trueto enable the Config Sync admission webhook to prevent drifts. If set tofalse, disables the Config Sync admission webhook and does not prevent drifts. - source_
format str - Specifies whether the Config Sync Repo is in "hierarchical" or "unstructured" mode.
- stop_
syncing bool - Set to
trueto stop syncing configurations for a single cluster. This field is only available on clusters using Config Sync auto-upgrades or on Config Sync version 1.20.0 or later. Defaults:false.
- enabled Boolean
- Enables the installation of ConfigSync. If set to true, ConfigSync resources will be created and the other ConfigSync fields will be applied if exist. If set to false, all other ConfigSync fields will be ignored, ConfigSync resources will be deleted. If omitted, ConfigSync resources will be managed depends on the presence of the git or oci field.
- git Property Map
- (Optional) Structure is documented below.
- metrics
Gcp StringService Account Email - Deprecated: If Workload Identity Federation for GKE is enabled, Google Cloud Service Account is no longer needed for exporting Config Sync metrics: https://cloud.google.com/kubernetes-engine/enterprise/config-sync/docs/how-to/monitor-config-sync-cloud-monitoring#custom-monitoring.
- oci Property Map
(Optional) Supported from Config Sync versions 1.12.0 onwards. Structure is documented below.
Use either
gitorociconfig option.- prevent
Drift Boolean - Supported from Config Sync versions 1.10.0 onwards. Set to
trueto enable the Config Sync admission webhook to prevent drifts. If set tofalse, disables the Config Sync admission webhook and does not prevent drifts. - source
Format String - Specifies whether the Config Sync Repo is in "hierarchical" or "unstructured" mode.
- stop
Syncing Boolean - Set to
trueto stop syncing configurations for a single cluster. This field is only available on clusters using Config Sync auto-upgrades or on Config Sync version 1.20.0 or later. Defaults:false.
FeatureMembershipConfigmanagementConfigSyncGit, FeatureMembershipConfigmanagementConfigSyncGitArgs
- Gcp
Service stringAccount Email - The GCP Service Account Email used for auth when secretType is gcpServiceAccount.
- Https
Proxy string - URL for the HTTPS proxy to be used when communicating with the Git repo.
- Policy
Dir string - The path within the Git repository that represents the top level of the repo to sync. Default: the root directory of the repository.
- Secret
Type string - Type of secret configured for access to the Git repo.
- Sync
Branch string - The branch of the repository to sync from. Default: master.
- Sync
Repo string - The URL of the Git repository to use as the source of truth.
- Sync
Rev string - Git revision (tag or hash) to check out. Default HEAD.
- Sync
Wait stringSecs - Period in seconds between consecutive syncs. Default: 15.
- Gcp
Service stringAccount Email - The GCP Service Account Email used for auth when secretType is gcpServiceAccount.
- Https
Proxy string - URL for the HTTPS proxy to be used when communicating with the Git repo.
- Policy
Dir string - The path within the Git repository that represents the top level of the repo to sync. Default: the root directory of the repository.
- Secret
Type string - Type of secret configured for access to the Git repo.
- Sync
Branch string - The branch of the repository to sync from. Default: master.
- Sync
Repo string - The URL of the Git repository to use as the source of truth.
- Sync
Rev string - Git revision (tag or hash) to check out. Default HEAD.
- Sync
Wait stringSecs - Period in seconds between consecutive syncs. Default: 15.
- gcp
Service StringAccount Email - The GCP Service Account Email used for auth when secretType is gcpServiceAccount.
- https
Proxy String - URL for the HTTPS proxy to be used when communicating with the Git repo.
- policy
Dir String - The path within the Git repository that represents the top level of the repo to sync. Default: the root directory of the repository.
- secret
Type String - Type of secret configured for access to the Git repo.
- sync
Branch String - The branch of the repository to sync from. Default: master.
- sync
Repo String - The URL of the Git repository to use as the source of truth.
- sync
Rev String - Git revision (tag or hash) to check out. Default HEAD.
- sync
Wait StringSecs - Period in seconds between consecutive syncs. Default: 15.
- gcp
Service stringAccount Email - The GCP Service Account Email used for auth when secretType is gcpServiceAccount.
- https
Proxy string - URL for the HTTPS proxy to be used when communicating with the Git repo.
- policy
Dir string - The path within the Git repository that represents the top level of the repo to sync. Default: the root directory of the repository.
- secret
Type string - Type of secret configured for access to the Git repo.
- sync
Branch string - The branch of the repository to sync from. Default: master.
- sync
Repo string - The URL of the Git repository to use as the source of truth.
- sync
Rev string - Git revision (tag or hash) to check out. Default HEAD.
- sync
Wait stringSecs - Period in seconds between consecutive syncs. Default: 15.
- gcp_
service_ straccount_ email - The GCP Service Account Email used for auth when secretType is gcpServiceAccount.
- https_
proxy str - URL for the HTTPS proxy to be used when communicating with the Git repo.
- policy_
dir str - The path within the Git repository that represents the top level of the repo to sync. Default: the root directory of the repository.
- secret_
type str - Type of secret configured for access to the Git repo.
- sync_
branch str - The branch of the repository to sync from. Default: master.
- sync_
repo str - The URL of the Git repository to use as the source of truth.
- sync_
rev str - Git revision (tag or hash) to check out. Default HEAD.
- sync_
wait_ strsecs - Period in seconds between consecutive syncs. Default: 15.
- gcp
Service StringAccount Email - The GCP Service Account Email used for auth when secretType is gcpServiceAccount.
- https
Proxy String - URL for the HTTPS proxy to be used when communicating with the Git repo.
- policy
Dir String - The path within the Git repository that represents the top level of the repo to sync. Default: the root directory of the repository.
- secret
Type String - Type of secret configured for access to the Git repo.
- sync
Branch String - The branch of the repository to sync from. Default: master.
- sync
Repo String - The URL of the Git repository to use as the source of truth.
- sync
Rev String - Git revision (tag or hash) to check out. Default HEAD.
- sync
Wait StringSecs - Period in seconds between consecutive syncs. Default: 15.
FeatureMembershipConfigmanagementConfigSyncOci, FeatureMembershipConfigmanagementConfigSyncOciArgs
- Gcp
Service stringAccount Email - The GCP Service Account Email used for auth when secret_type is gcpserviceaccount.
- Policy
Dir string - The absolute path of the directory that contains the local resources. Default: the root directory of the image.
- Secret
Type string - Type of secret configured for access to the OCI Image. Must be one of gcenode, gcpserviceaccount or none.
- Sync
Repo string - The OCI image repository URL for the package to sync from. e.g. LOCATION-docker.pkg.dev/PROJECT_ID/REPOSITORY_NAME/PACKAGE_NAME.
- Sync
Wait stringSecs - Period in seconds(int64 format) between consecutive syncs. Default: 15.
- Gcp
Service stringAccount Email - The GCP Service Account Email used for auth when secret_type is gcpserviceaccount.
- Policy
Dir string - The absolute path of the directory that contains the local resources. Default: the root directory of the image.
- Secret
Type string - Type of secret configured for access to the OCI Image. Must be one of gcenode, gcpserviceaccount or none.
- Sync
Repo string - The OCI image repository URL for the package to sync from. e.g. LOCATION-docker.pkg.dev/PROJECT_ID/REPOSITORY_NAME/PACKAGE_NAME.
- Sync
Wait stringSecs - Period in seconds(int64 format) between consecutive syncs. Default: 15.
- gcp
Service StringAccount Email - The GCP Service Account Email used for auth when secret_type is gcpserviceaccount.
- policy
Dir String - The absolute path of the directory that contains the local resources. Default: the root directory of the image.
- secret
Type String - Type of secret configured for access to the OCI Image. Must be one of gcenode, gcpserviceaccount or none.
- sync
Repo String - The OCI image repository URL for the package to sync from. e.g. LOCATION-docker.pkg.dev/PROJECT_ID/REPOSITORY_NAME/PACKAGE_NAME.
- sync
Wait StringSecs - Period in seconds(int64 format) between consecutive syncs. Default: 15.
- gcp
Service stringAccount Email - The GCP Service Account Email used for auth when secret_type is gcpserviceaccount.
- policy
Dir string - The absolute path of the directory that contains the local resources. Default: the root directory of the image.
- secret
Type string - Type of secret configured for access to the OCI Image. Must be one of gcenode, gcpserviceaccount or none.
- sync
Repo string - The OCI image repository URL for the package to sync from. e.g. LOCATION-docker.pkg.dev/PROJECT_ID/REPOSITORY_NAME/PACKAGE_NAME.
- sync
Wait stringSecs - Period in seconds(int64 format) between consecutive syncs. Default: 15.
- gcp_
service_ straccount_ email - The GCP Service Account Email used for auth when secret_type is gcpserviceaccount.
- policy_
dir str - The absolute path of the directory that contains the local resources. Default: the root directory of the image.
- secret_
type str - Type of secret configured for access to the OCI Image. Must be one of gcenode, gcpserviceaccount or none.
- sync_
repo str - The OCI image repository URL for the package to sync from. e.g. LOCATION-docker.pkg.dev/PROJECT_ID/REPOSITORY_NAME/PACKAGE_NAME.
- sync_
wait_ strsecs - Period in seconds(int64 format) between consecutive syncs. Default: 15.
- gcp
Service StringAccount Email - The GCP Service Account Email used for auth when secret_type is gcpserviceaccount.
- policy
Dir String - The absolute path of the directory that contains the local resources. Default: the root directory of the image.
- secret
Type String - Type of secret configured for access to the OCI Image. Must be one of gcenode, gcpserviceaccount or none.
- sync
Repo String - The OCI image repository URL for the package to sync from. e.g. LOCATION-docker.pkg.dev/PROJECT_ID/REPOSITORY_NAME/PACKAGE_NAME.
- sync
Wait StringSecs - Period in seconds(int64 format) between consecutive syncs. Default: 15.
FeatureMembershipConfigmanagementHierarchyController, FeatureMembershipConfigmanagementHierarchyControllerArgs
- Enable
Hierarchical boolResource Quota - Whether hierarchical resource quota is enabled in this cluster.
- Enable
Pod boolTree Labels - Whether pod tree labels are enabled in this cluster.
- Enabled bool
- Whether Hierarchy Controller is enabled in this cluster.
- Enable
Hierarchical boolResource Quota - Whether hierarchical resource quota is enabled in this cluster.
- Enable
Pod boolTree Labels - Whether pod tree labels are enabled in this cluster.
- Enabled bool
- Whether Hierarchy Controller is enabled in this cluster.
- enable
Hierarchical BooleanResource Quota - Whether hierarchical resource quota is enabled in this cluster.
- enable
Pod BooleanTree Labels - Whether pod tree labels are enabled in this cluster.
- enabled Boolean
- Whether Hierarchy Controller is enabled in this cluster.
- enable
Hierarchical booleanResource Quota - Whether hierarchical resource quota is enabled in this cluster.
- enable
Pod booleanTree Labels - Whether pod tree labels are enabled in this cluster.
- enabled boolean
- Whether Hierarchy Controller is enabled in this cluster.
- enable_
hierarchical_ boolresource_ quota - Whether hierarchical resource quota is enabled in this cluster.
- enable_
pod_ booltree_ labels - Whether pod tree labels are enabled in this cluster.
- enabled bool
- Whether Hierarchy Controller is enabled in this cluster.
- enable
Hierarchical BooleanResource Quota - Whether hierarchical resource quota is enabled in this cluster.
- enable
Pod BooleanTree Labels - Whether pod tree labels are enabled in this cluster.
- enabled Boolean
- Whether Hierarchy Controller is enabled in this cluster.
FeatureMembershipConfigmanagementPolicyController, FeatureMembershipConfigmanagementPolicyControllerArgs
- Audit
Interval stringSeconds - Sets the interval for Policy Controller Audit Scans (in seconds). When set to 0, this disables audit functionality altogether.
- Enabled bool
- Enables the installation of Policy Controller. If false, the rest of PolicyController fields take no effect.
- Exemptable
Namespaces List<string> - The set of namespaces that are excluded from Policy Controller checks. Namespaces do not need to currently exist on the cluster.
- Log
Denies boolEnabled - Logs all denies and dry run failures.
- Monitoring
Feature
Membership Configmanagement Policy Controller Monitoring - Specifies the backends Policy Controller should export metrics to. For example, to specify metrics should be exported to Cloud Monitoring and Prometheus, specify backends: ["cloudmonitoring", "prometheus"]. Default: ["cloudmonitoring", "prometheus"]
- Mutation
Enabled bool - Enables mutation in policy controller. If true, mutation CRDs, webhook, and controller deployment will be deployed to the cluster.
- Referential
Rules boolEnabled - Enables the ability to use Constraint Templates that reference to objects other than the object currently being evaluated.
- Template
Library boolInstalled - Installs the default template library along with Policy Controller.
- Audit
Interval stringSeconds - Sets the interval for Policy Controller Audit Scans (in seconds). When set to 0, this disables audit functionality altogether.
- Enabled bool
- Enables the installation of Policy Controller. If false, the rest of PolicyController fields take no effect.
- Exemptable
Namespaces []string - The set of namespaces that are excluded from Policy Controller checks. Namespaces do not need to currently exist on the cluster.
- Log
Denies boolEnabled - Logs all denies and dry run failures.
- Monitoring
Feature
Membership Configmanagement Policy Controller Monitoring - Specifies the backends Policy Controller should export metrics to. For example, to specify metrics should be exported to Cloud Monitoring and Prometheus, specify backends: ["cloudmonitoring", "prometheus"]. Default: ["cloudmonitoring", "prometheus"]
- Mutation
Enabled bool - Enables mutation in policy controller. If true, mutation CRDs, webhook, and controller deployment will be deployed to the cluster.
- Referential
Rules boolEnabled - Enables the ability to use Constraint Templates that reference to objects other than the object currently being evaluated.
- Template
Library boolInstalled - Installs the default template library along with Policy Controller.
- audit
Interval StringSeconds - Sets the interval for Policy Controller Audit Scans (in seconds). When set to 0, this disables audit functionality altogether.
- enabled Boolean
- Enables the installation of Policy Controller. If false, the rest of PolicyController fields take no effect.
- exemptable
Namespaces List<String> - The set of namespaces that are excluded from Policy Controller checks. Namespaces do not need to currently exist on the cluster.
- log
Denies BooleanEnabled - Logs all denies and dry run failures.
- monitoring
Feature
Membership Configmanagement Policy Controller Monitoring - Specifies the backends Policy Controller should export metrics to. For example, to specify metrics should be exported to Cloud Monitoring and Prometheus, specify backends: ["cloudmonitoring", "prometheus"]. Default: ["cloudmonitoring", "prometheus"]
- mutation
Enabled Boolean - Enables mutation in policy controller. If true, mutation CRDs, webhook, and controller deployment will be deployed to the cluster.
- referential
Rules BooleanEnabled - Enables the ability to use Constraint Templates that reference to objects other than the object currently being evaluated.
- template
Library BooleanInstalled - Installs the default template library along with Policy Controller.
- audit
Interval stringSeconds - Sets the interval for Policy Controller Audit Scans (in seconds). When set to 0, this disables audit functionality altogether.
- enabled boolean
- Enables the installation of Policy Controller. If false, the rest of PolicyController fields take no effect.
- exemptable
Namespaces string[] - The set of namespaces that are excluded from Policy Controller checks. Namespaces do not need to currently exist on the cluster.
- log
Denies booleanEnabled - Logs all denies and dry run failures.
- monitoring
Feature
Membership Configmanagement Policy Controller Monitoring - Specifies the backends Policy Controller should export metrics to. For example, to specify metrics should be exported to Cloud Monitoring and Prometheus, specify backends: ["cloudmonitoring", "prometheus"]. Default: ["cloudmonitoring", "prometheus"]
- mutation
Enabled boolean - Enables mutation in policy controller. If true, mutation CRDs, webhook, and controller deployment will be deployed to the cluster.
- referential
Rules booleanEnabled - Enables the ability to use Constraint Templates that reference to objects other than the object currently being evaluated.
- template
Library booleanInstalled - Installs the default template library along with Policy Controller.
- audit_
interval_ strseconds - Sets the interval for Policy Controller Audit Scans (in seconds). When set to 0, this disables audit functionality altogether.
- enabled bool
- Enables the installation of Policy Controller. If false, the rest of PolicyController fields take no effect.
- exemptable_
namespaces Sequence[str] - The set of namespaces that are excluded from Policy Controller checks. Namespaces do not need to currently exist on the cluster.
- log_
denies_ boolenabled - Logs all denies and dry run failures.
- monitoring
Feature
Membership Configmanagement Policy Controller Monitoring - Specifies the backends Policy Controller should export metrics to. For example, to specify metrics should be exported to Cloud Monitoring and Prometheus, specify backends: ["cloudmonitoring", "prometheus"]. Default: ["cloudmonitoring", "prometheus"]
- mutation_
enabled bool - Enables mutation in policy controller. If true, mutation CRDs, webhook, and controller deployment will be deployed to the cluster.
- referential_
rules_ boolenabled - Enables the ability to use Constraint Templates that reference to objects other than the object currently being evaluated.
- template_
library_ boolinstalled - Installs the default template library along with Policy Controller.
- audit
Interval StringSeconds - Sets the interval for Policy Controller Audit Scans (in seconds). When set to 0, this disables audit functionality altogether.
- enabled Boolean
- Enables the installation of Policy Controller. If false, the rest of PolicyController fields take no effect.
- exemptable
Namespaces List<String> - The set of namespaces that are excluded from Policy Controller checks. Namespaces do not need to currently exist on the cluster.
- log
Denies BooleanEnabled - Logs all denies and dry run failures.
- monitoring Property Map
- Specifies the backends Policy Controller should export metrics to. For example, to specify metrics should be exported to Cloud Monitoring and Prometheus, specify backends: ["cloudmonitoring", "prometheus"]. Default: ["cloudmonitoring", "prometheus"]
- mutation
Enabled Boolean - Enables mutation in policy controller. If true, mutation CRDs, webhook, and controller deployment will be deployed to the cluster.
- referential
Rules BooleanEnabled - Enables the ability to use Constraint Templates that reference to objects other than the object currently being evaluated.
- template
Library BooleanInstalled - Installs the default template library along with Policy Controller.
FeatureMembershipConfigmanagementPolicyControllerMonitoring, FeatureMembershipConfigmanagementPolicyControllerMonitoringArgs
- Backends List<string>
- Specifies the list of backends Policy Controller will export to. Must be one of
CLOUD_MONITORINGorPROMETHEUS. Defaults to [CLOUD_MONITORING,PROMETHEUS]. Specifying an empty value[]disables metrics export.
- Backends []string
- Specifies the list of backends Policy Controller will export to. Must be one of
CLOUD_MONITORINGorPROMETHEUS. Defaults to [CLOUD_MONITORING,PROMETHEUS]. Specifying an empty value[]disables metrics export.
- backends List<String>
- Specifies the list of backends Policy Controller will export to. Must be one of
CLOUD_MONITORINGorPROMETHEUS. Defaults to [CLOUD_MONITORING,PROMETHEUS]. Specifying an empty value[]disables metrics export.
- backends string[]
- Specifies the list of backends Policy Controller will export to. Must be one of
CLOUD_MONITORINGorPROMETHEUS. Defaults to [CLOUD_MONITORING,PROMETHEUS]. Specifying an empty value[]disables metrics export.
- backends Sequence[str]
- Specifies the list of backends Policy Controller will export to. Must be one of
CLOUD_MONITORINGorPROMETHEUS. Defaults to [CLOUD_MONITORING,PROMETHEUS]. Specifying an empty value[]disables metrics export.
- backends List<String>
- Specifies the list of backends Policy Controller will export to. Must be one of
CLOUD_MONITORINGorPROMETHEUS. Defaults to [CLOUD_MONITORING,PROMETHEUS]. Specifying an empty value[]disables metrics export.
FeatureMembershipMesh, FeatureMembershipMeshArgs
- Control
Plane string - DEPRECATED Whether to automatically manage Service Mesh control planes. Possible values: CONTROL_PLANE_MANAGEMENT_UNSPECIFIED, AUTOMATIC, MANUAL
- Management string
- Whether to automatically manage Service Mesh. Can either be
MANAGEMENT_AUTOMATICorMANAGEMENT_MANUAL.
- Control
Plane string - DEPRECATED Whether to automatically manage Service Mesh control planes. Possible values: CONTROL_PLANE_MANAGEMENT_UNSPECIFIED, AUTOMATIC, MANUAL
- Management string
- Whether to automatically manage Service Mesh. Can either be
MANAGEMENT_AUTOMATICorMANAGEMENT_MANUAL.
- control
Plane String - DEPRECATED Whether to automatically manage Service Mesh control planes. Possible values: CONTROL_PLANE_MANAGEMENT_UNSPECIFIED, AUTOMATIC, MANUAL
- management String
- Whether to automatically manage Service Mesh. Can either be
MANAGEMENT_AUTOMATICorMANAGEMENT_MANUAL.
- control
Plane string - DEPRECATED Whether to automatically manage Service Mesh control planes. Possible values: CONTROL_PLANE_MANAGEMENT_UNSPECIFIED, AUTOMATIC, MANUAL
- management string
- Whether to automatically manage Service Mesh. Can either be
MANAGEMENT_AUTOMATICorMANAGEMENT_MANUAL.
- control_
plane str - DEPRECATED Whether to automatically manage Service Mesh control planes. Possible values: CONTROL_PLANE_MANAGEMENT_UNSPECIFIED, AUTOMATIC, MANUAL
- management str
- Whether to automatically manage Service Mesh. Can either be
MANAGEMENT_AUTOMATICorMANAGEMENT_MANUAL.
- control
Plane String - DEPRECATED Whether to automatically manage Service Mesh control planes. Possible values: CONTROL_PLANE_MANAGEMENT_UNSPECIFIED, AUTOMATIC, MANUAL
- management String
- Whether to automatically manage Service Mesh. Can either be
MANAGEMENT_AUTOMATICorMANAGEMENT_MANUAL.
FeatureMembershipPolicycontroller, FeatureMembershipPolicycontrollerArgs
- Policy
Controller FeatureHub Config Membership Policycontroller Policy Controller Hub Config - Policy Controller configuration for the cluster. Structure is documented below.
- Version string
- Version of Policy Controller to install. Defaults to the latest version.
- Policy
Controller FeatureHub Config Membership Policycontroller Policy Controller Hub Config - Policy Controller configuration for the cluster. Structure is documented below.
- Version string
- Version of Policy Controller to install. Defaults to the latest version.
- policy
Controller FeatureHub Config Membership Policycontroller Policy Controller Hub Config - Policy Controller configuration for the cluster. Structure is documented below.
- version String
- Version of Policy Controller to install. Defaults to the latest version.
- policy
Controller FeatureHub Config Membership Policycontroller Policy Controller Hub Config - Policy Controller configuration for the cluster. Structure is documented below.
- version string
- Version of Policy Controller to install. Defaults to the latest version.
- policy_
controller_ Featurehub_ config Membership Policycontroller Policy Controller Hub Config - Policy Controller configuration for the cluster. Structure is documented below.
- version str
- Version of Policy Controller to install. Defaults to the latest version.
- policy
Controller Property MapHub Config - Policy Controller configuration for the cluster. Structure is documented below.
- version String
- Version of Policy Controller to install. Defaults to the latest version.
FeatureMembershipPolicycontrollerPolicyControllerHubConfig, FeatureMembershipPolicycontrollerPolicyControllerHubConfigArgs
- Audit
Interval intSeconds - Sets the interval for Policy Controller Audit Scans (in seconds). When set to 0, this disables audit functionality altogether.
- Constraint
Violation intLimit - The maximum number of audit violations to be stored in a constraint. If not set, the default of 20 will be used.
- Deployment
Configs List<FeatureMembership Policycontroller Policy Controller Hub Config Deployment Config> - Map of deployment configs to deployments ("admission", "audit", "mutation").
- Exemptable
Namespaces List<string> - The set of namespaces that are excluded from Policy Controller checks. Namespaces do not need to currently exist on the cluster.
- Install
Spec string - Configures the mode of the Policy Controller installation. Must be one of
INSTALL_SPEC_NOT_INSTALLED,INSTALL_SPEC_ENABLED,INSTALL_SPEC_SUSPENDEDorINSTALL_SPEC_DETACHED. - Log
Denies boolEnabled - Logs all denies and dry run failures.
- Monitoring
Feature
Membership Policycontroller Policy Controller Hub Config Monitoring - Specifies the backends Policy Controller should export metrics to. Structure is documented below.
- Mutation
Enabled bool - Enables mutation in policy controller. If true, mutation CRDs, webhook, and controller deployment will be deployed to the cluster.
- Policy
Content FeatureMembership Policycontroller Policy Controller Hub Config Policy Content - Specifies the desired policy content on the cluster. Structure is documented below.
- Referential
Rules boolEnabled - Enables the ability to use Constraint Templates that reference to objects other than the object currently being evaluated.
- Audit
Interval intSeconds - Sets the interval for Policy Controller Audit Scans (in seconds). When set to 0, this disables audit functionality altogether.
- Constraint
Violation intLimit - The maximum number of audit violations to be stored in a constraint. If not set, the default of 20 will be used.
- Deployment
Configs []FeatureMembership Policycontroller Policy Controller Hub Config Deployment Config - Map of deployment configs to deployments ("admission", "audit", "mutation").
- Exemptable
Namespaces []string - The set of namespaces that are excluded from Policy Controller checks. Namespaces do not need to currently exist on the cluster.
- Install
Spec string - Configures the mode of the Policy Controller installation. Must be one of
INSTALL_SPEC_NOT_INSTALLED,INSTALL_SPEC_ENABLED,INSTALL_SPEC_SUSPENDEDorINSTALL_SPEC_DETACHED. - Log
Denies boolEnabled - Logs all denies and dry run failures.
- Monitoring
Feature
Membership Policycontroller Policy Controller Hub Config Monitoring - Specifies the backends Policy Controller should export metrics to. Structure is documented below.
- Mutation
Enabled bool - Enables mutation in policy controller. If true, mutation CRDs, webhook, and controller deployment will be deployed to the cluster.
- Policy
Content FeatureMembership Policycontroller Policy Controller Hub Config Policy Content - Specifies the desired policy content on the cluster. Structure is documented below.
- Referential
Rules boolEnabled - Enables the ability to use Constraint Templates that reference to objects other than the object currently being evaluated.
- audit
Interval IntegerSeconds - Sets the interval for Policy Controller Audit Scans (in seconds). When set to 0, this disables audit functionality altogether.
- constraint
Violation IntegerLimit - The maximum number of audit violations to be stored in a constraint. If not set, the default of 20 will be used.
- deployment
Configs List<FeatureMembership Policycontroller Policy Controller Hub Config Deployment Config> - Map of deployment configs to deployments ("admission", "audit", "mutation").
- exemptable
Namespaces List<String> - The set of namespaces that are excluded from Policy Controller checks. Namespaces do not need to currently exist on the cluster.
- install
Spec String - Configures the mode of the Policy Controller installation. Must be one of
INSTALL_SPEC_NOT_INSTALLED,INSTALL_SPEC_ENABLED,INSTALL_SPEC_SUSPENDEDorINSTALL_SPEC_DETACHED. - log
Denies BooleanEnabled - Logs all denies and dry run failures.
- monitoring
Feature
Membership Policycontroller Policy Controller Hub Config Monitoring - Specifies the backends Policy Controller should export metrics to. Structure is documented below.
- mutation
Enabled Boolean - Enables mutation in policy controller. If true, mutation CRDs, webhook, and controller deployment will be deployed to the cluster.
- policy
Content FeatureMembership Policycontroller Policy Controller Hub Config Policy Content - Specifies the desired policy content on the cluster. Structure is documented below.
- referential
Rules BooleanEnabled - Enables the ability to use Constraint Templates that reference to objects other than the object currently being evaluated.
- audit
Interval numberSeconds - Sets the interval for Policy Controller Audit Scans (in seconds). When set to 0, this disables audit functionality altogether.
- constraint
Violation numberLimit - The maximum number of audit violations to be stored in a constraint. If not set, the default of 20 will be used.
- deployment
Configs FeatureMembership Policycontroller Policy Controller Hub Config Deployment Config[] - Map of deployment configs to deployments ("admission", "audit", "mutation").
- exemptable
Namespaces string[] - The set of namespaces that are excluded from Policy Controller checks. Namespaces do not need to currently exist on the cluster.
- install
Spec string - Configures the mode of the Policy Controller installation. Must be one of
INSTALL_SPEC_NOT_INSTALLED,INSTALL_SPEC_ENABLED,INSTALL_SPEC_SUSPENDEDorINSTALL_SPEC_DETACHED. - log
Denies booleanEnabled - Logs all denies and dry run failures.
- monitoring
Feature
Membership Policycontroller Policy Controller Hub Config Monitoring - Specifies the backends Policy Controller should export metrics to. Structure is documented below.
- mutation
Enabled boolean - Enables mutation in policy controller. If true, mutation CRDs, webhook, and controller deployment will be deployed to the cluster.
- policy
Content FeatureMembership Policycontroller Policy Controller Hub Config Policy Content - Specifies the desired policy content on the cluster. Structure is documented below.
- referential
Rules booleanEnabled - Enables the ability to use Constraint Templates that reference to objects other than the object currently being evaluated.
- audit_
interval_ intseconds - Sets the interval for Policy Controller Audit Scans (in seconds). When set to 0, this disables audit functionality altogether.
- constraint_
violation_ intlimit - The maximum number of audit violations to be stored in a constraint. If not set, the default of 20 will be used.
- deployment_
configs Sequence[FeatureMembership Policycontroller Policy Controller Hub Config Deployment Config] - Map of deployment configs to deployments ("admission", "audit", "mutation").
- exemptable_
namespaces Sequence[str] - The set of namespaces that are excluded from Policy Controller checks. Namespaces do not need to currently exist on the cluster.
- install_
spec str - Configures the mode of the Policy Controller installation. Must be one of
INSTALL_SPEC_NOT_INSTALLED,INSTALL_SPEC_ENABLED,INSTALL_SPEC_SUSPENDEDorINSTALL_SPEC_DETACHED. - log_
denies_ boolenabled - Logs all denies and dry run failures.
- monitoring
Feature
Membership Policycontroller Policy Controller Hub Config Monitoring - Specifies the backends Policy Controller should export metrics to. Structure is documented below.
- mutation_
enabled bool - Enables mutation in policy controller. If true, mutation CRDs, webhook, and controller deployment will be deployed to the cluster.
- policy_
content FeatureMembership Policycontroller Policy Controller Hub Config Policy Content - Specifies the desired policy content on the cluster. Structure is documented below.
- referential_
rules_ boolenabled - Enables the ability to use Constraint Templates that reference to objects other than the object currently being evaluated.
- audit
Interval NumberSeconds - Sets the interval for Policy Controller Audit Scans (in seconds). When set to 0, this disables audit functionality altogether.
- constraint
Violation NumberLimit - The maximum number of audit violations to be stored in a constraint. If not set, the default of 20 will be used.
- deployment
Configs List<Property Map> - Map of deployment configs to deployments ("admission", "audit", "mutation").
- exemptable
Namespaces List<String> - The set of namespaces that are excluded from Policy Controller checks. Namespaces do not need to currently exist on the cluster.
- install
Spec String - Configures the mode of the Policy Controller installation. Must be one of
INSTALL_SPEC_NOT_INSTALLED,INSTALL_SPEC_ENABLED,INSTALL_SPEC_SUSPENDEDorINSTALL_SPEC_DETACHED. - log
Denies BooleanEnabled - Logs all denies and dry run failures.
- monitoring Property Map
- Specifies the backends Policy Controller should export metrics to. Structure is documented below.
- mutation
Enabled Boolean - Enables mutation in policy controller. If true, mutation CRDs, webhook, and controller deployment will be deployed to the cluster.
- policy
Content Property Map - Specifies the desired policy content on the cluster. Structure is documented below.
- referential
Rules BooleanEnabled - Enables the ability to use Constraint Templates that reference to objects other than the object currently being evaluated.
FeatureMembershipPolicycontrollerPolicyControllerHubConfigDeploymentConfig, FeatureMembershipPolicycontrollerPolicyControllerHubConfigDeploymentConfigArgs
- Component
Name string - The name of the component. One of
admissionauditormutation - Container
Resources FeatureMembership Policycontroller Policy Controller Hub Config Deployment Config Container Resources - Container resource requirements.
- Pod
Affinity string - Pod affinity configuration. Possible values: AFFINITY_UNSPECIFIED, NO_AFFINITY, ANTI_AFFINITY
- Pod
Tolerations List<FeatureMembership Policycontroller Policy Controller Hub Config Deployment Config Pod Toleration> - Pod tolerations of node taints.
- Replica
Count int - Pod replica count.
- Component
Name string - The name of the component. One of
admissionauditormutation - Container
Resources FeatureMembership Policycontroller Policy Controller Hub Config Deployment Config Container Resources - Container resource requirements.
- Pod
Affinity string - Pod affinity configuration. Possible values: AFFINITY_UNSPECIFIED, NO_AFFINITY, ANTI_AFFINITY
- Pod
Tolerations []FeatureMembership Policycontroller Policy Controller Hub Config Deployment Config Pod Toleration - Pod tolerations of node taints.
- Replica
Count int - Pod replica count.
- component
Name String - The name of the component. One of
admissionauditormutation - container
Resources FeatureMembership Policycontroller Policy Controller Hub Config Deployment Config Container Resources - Container resource requirements.
- pod
Affinity String - Pod affinity configuration. Possible values: AFFINITY_UNSPECIFIED, NO_AFFINITY, ANTI_AFFINITY
- pod
Tolerations List<FeatureMembership Policycontroller Policy Controller Hub Config Deployment Config Pod Toleration> - Pod tolerations of node taints.
- replica
Count Integer - Pod replica count.
- component
Name string - The name of the component. One of
admissionauditormutation - container
Resources FeatureMembership Policycontroller Policy Controller Hub Config Deployment Config Container Resources - Container resource requirements.
- pod
Affinity string - Pod affinity configuration. Possible values: AFFINITY_UNSPECIFIED, NO_AFFINITY, ANTI_AFFINITY
- pod
Tolerations FeatureMembership Policycontroller Policy Controller Hub Config Deployment Config Pod Toleration[] - Pod tolerations of node taints.
- replica
Count number - Pod replica count.
- component_
name str - The name of the component. One of
admissionauditormutation - container_
resources FeatureMembership Policycontroller Policy Controller Hub Config Deployment Config Container Resources - Container resource requirements.
- pod_
affinity str - Pod affinity configuration. Possible values: AFFINITY_UNSPECIFIED, NO_AFFINITY, ANTI_AFFINITY
- pod_
tolerations Sequence[FeatureMembership Policycontroller Policy Controller Hub Config Deployment Config Pod Toleration] - Pod tolerations of node taints.
- replica_
count int - Pod replica count.
- component
Name String - The name of the component. One of
admissionauditormutation - container
Resources Property Map - Container resource requirements.
- pod
Affinity String - Pod affinity configuration. Possible values: AFFINITY_UNSPECIFIED, NO_AFFINITY, ANTI_AFFINITY
- pod
Tolerations List<Property Map> - Pod tolerations of node taints.
- replica
Count Number - Pod replica count.
FeatureMembershipPolicycontrollerPolicyControllerHubConfigDeploymentConfigContainerResources, FeatureMembershipPolicycontrollerPolicyControllerHubConfigDeploymentConfigContainerResourcesArgs
- Limits
Feature
Membership Policycontroller Policy Controller Hub Config Deployment Config Container Resources Limits - Limits describes the maximum amount of compute resources allowed for use by the running container.
- Requests
Feature
Membership Policycontroller Policy Controller Hub Config Deployment Config Container Resources Requests - Requests describes the amount of compute resources reserved for the container by the kube-scheduler.
- Limits
Feature
Membership Policycontroller Policy Controller Hub Config Deployment Config Container Resources Limits - Limits describes the maximum amount of compute resources allowed for use by the running container.
- Requests
Feature
Membership Policycontroller Policy Controller Hub Config Deployment Config Container Resources Requests - Requests describes the amount of compute resources reserved for the container by the kube-scheduler.
- limits
Feature
Membership Policycontroller Policy Controller Hub Config Deployment Config Container Resources Limits - Limits describes the maximum amount of compute resources allowed for use by the running container.
- requests
Feature
Membership Policycontroller Policy Controller Hub Config Deployment Config Container Resources Requests - Requests describes the amount of compute resources reserved for the container by the kube-scheduler.
- limits
Feature
Membership Policycontroller Policy Controller Hub Config Deployment Config Container Resources Limits - Limits describes the maximum amount of compute resources allowed for use by the running container.
- requests
Feature
Membership Policycontroller Policy Controller Hub Config Deployment Config Container Resources Requests - Requests describes the amount of compute resources reserved for the container by the kube-scheduler.
- limits
Feature
Membership Policycontroller Policy Controller Hub Config Deployment Config Container Resources Limits - Limits describes the maximum amount of compute resources allowed for use by the running container.
- requests
Feature
Membership Policycontroller Policy Controller Hub Config Deployment Config Container Resources Requests - Requests describes the amount of compute resources reserved for the container by the kube-scheduler.
- limits Property Map
- Limits describes the maximum amount of compute resources allowed for use by the running container.
- requests Property Map
- Requests describes the amount of compute resources reserved for the container by the kube-scheduler.
FeatureMembershipPolicycontrollerPolicyControllerHubConfigDeploymentConfigContainerResourcesLimits, FeatureMembershipPolicycontrollerPolicyControllerHubConfigDeploymentConfigContainerResourcesLimitsArgs
FeatureMembershipPolicycontrollerPolicyControllerHubConfigDeploymentConfigContainerResourcesRequests, FeatureMembershipPolicycontrollerPolicyControllerHubConfigDeploymentConfigContainerResourcesRequestsArgs
FeatureMembershipPolicycontrollerPolicyControllerHubConfigDeploymentConfigPodToleration, FeatureMembershipPolicycontrollerPolicyControllerHubConfigDeploymentConfigPodTolerationArgs
FeatureMembershipPolicycontrollerPolicyControllerHubConfigMonitoring, FeatureMembershipPolicycontrollerPolicyControllerHubConfigMonitoringArgs
- Backends List<string>
- Specifies the list of backends Policy Controller will export to. Must be one of
CLOUD_MONITORINGorPROMETHEUS. Defaults to [CLOUD_MONITORING,PROMETHEUS]. Specifying an empty value[]disables metrics export.
- Backends []string
- Specifies the list of backends Policy Controller will export to. Must be one of
CLOUD_MONITORINGorPROMETHEUS. Defaults to [CLOUD_MONITORING,PROMETHEUS]. Specifying an empty value[]disables metrics export.
- backends List<String>
- Specifies the list of backends Policy Controller will export to. Must be one of
CLOUD_MONITORINGorPROMETHEUS. Defaults to [CLOUD_MONITORING,PROMETHEUS]. Specifying an empty value[]disables metrics export.
- backends string[]
- Specifies the list of backends Policy Controller will export to. Must be one of
CLOUD_MONITORINGorPROMETHEUS. Defaults to [CLOUD_MONITORING,PROMETHEUS]. Specifying an empty value[]disables metrics export.
- backends Sequence[str]
- Specifies the list of backends Policy Controller will export to. Must be one of
CLOUD_MONITORINGorPROMETHEUS. Defaults to [CLOUD_MONITORING,PROMETHEUS]. Specifying an empty value[]disables metrics export.
- backends List<String>
- Specifies the list of backends Policy Controller will export to. Must be one of
CLOUD_MONITORINGorPROMETHEUS. Defaults to [CLOUD_MONITORING,PROMETHEUS]. Specifying an empty value[]disables metrics export.
FeatureMembershipPolicycontrollerPolicyControllerHubConfigPolicyContent, FeatureMembershipPolicycontrollerPolicyControllerHubConfigPolicyContentArgs
- Bundles
List<Feature
Membership Policycontroller Policy Controller Hub Config Policy Content Bundle> - map of bundle name to BundleInstallSpec. The bundle name maps to the
bundleNamekey in thepolicycontroller.gke.io/constraintDataannotation on a constraint. - Template
Library FeatureMembership Policycontroller Policy Controller Hub Config Policy Content Template Library - Configures the installation of the Template Library. Structure is documented below.
- Bundles
[]Feature
Membership Policycontroller Policy Controller Hub Config Policy Content Bundle - map of bundle name to BundleInstallSpec. The bundle name maps to the
bundleNamekey in thepolicycontroller.gke.io/constraintDataannotation on a constraint. - Template
Library FeatureMembership Policycontroller Policy Controller Hub Config Policy Content Template Library - Configures the installation of the Template Library. Structure is documented below.
- bundles
List<Feature
Membership Policycontroller Policy Controller Hub Config Policy Content Bundle> - map of bundle name to BundleInstallSpec. The bundle name maps to the
bundleNamekey in thepolicycontroller.gke.io/constraintDataannotation on a constraint. - template
Library FeatureMembership Policycontroller Policy Controller Hub Config Policy Content Template Library - Configures the installation of the Template Library. Structure is documented below.
- bundles
Feature
Membership Policycontroller Policy Controller Hub Config Policy Content Bundle[] - map of bundle name to BundleInstallSpec. The bundle name maps to the
bundleNamekey in thepolicycontroller.gke.io/constraintDataannotation on a constraint. - template
Library FeatureMembership Policycontroller Policy Controller Hub Config Policy Content Template Library - Configures the installation of the Template Library. Structure is documented below.
- bundles
Sequence[Feature
Membership Policycontroller Policy Controller Hub Config Policy Content Bundle] - map of bundle name to BundleInstallSpec. The bundle name maps to the
bundleNamekey in thepolicycontroller.gke.io/constraintDataannotation on a constraint. - template_
library FeatureMembership Policycontroller Policy Controller Hub Config Policy Content Template Library - Configures the installation of the Template Library. Structure is documented below.
- bundles List<Property Map>
- map of bundle name to BundleInstallSpec. The bundle name maps to the
bundleNamekey in thepolicycontroller.gke.io/constraintDataannotation on a constraint. - template
Library Property Map - Configures the installation of the Template Library. Structure is documented below.
FeatureMembershipPolicycontrollerPolicyControllerHubConfigPolicyContentBundle, FeatureMembershipPolicycontrollerPolicyControllerHubConfigPolicyContentBundleArgs
- Bundle
Name string - The name of the bundle.
- Exempted
Namespaces List<string> - The set of namespaces to be exempted from the bundle.
- Bundle
Name string - The name of the bundle.
- Exempted
Namespaces []string - The set of namespaces to be exempted from the bundle.
- bundle
Name String - The name of the bundle.
- exempted
Namespaces List<String> - The set of namespaces to be exempted from the bundle.
- bundle
Name string - The name of the bundle.
- exempted
Namespaces string[] - The set of namespaces to be exempted from the bundle.
- bundle_
name str - The name of the bundle.
- exempted_
namespaces Sequence[str] - The set of namespaces to be exempted from the bundle.
- bundle
Name String - The name of the bundle.
- exempted
Namespaces List<String> - The set of namespaces to be exempted from the bundle.
FeatureMembershipPolicycontrollerPolicyControllerHubConfigPolicyContentTemplateLibrary, FeatureMembershipPolicycontrollerPolicyControllerHubConfigPolicyContentTemplateLibraryArgs
- Installation string
- Configures the manner in which the template library is installed on the cluster. Must be one of
ALL,NOT_INSTALLEDorINSTALLATION_UNSPECIFIED. Defaults toALL.
- Installation string
- Configures the manner in which the template library is installed on the cluster. Must be one of
ALL,NOT_INSTALLEDorINSTALLATION_UNSPECIFIED. Defaults toALL.
- installation String
- Configures the manner in which the template library is installed on the cluster. Must be one of
ALL,NOT_INSTALLEDorINSTALLATION_UNSPECIFIED. Defaults toALL.
- installation string
- Configures the manner in which the template library is installed on the cluster. Must be one of
ALL,NOT_INSTALLEDorINSTALLATION_UNSPECIFIED. Defaults toALL.
- installation str
- Configures the manner in which the template library is installed on the cluster. Must be one of
ALL,NOT_INSTALLEDorINSTALLATION_UNSPECIFIED. Defaults toALL.
- installation String
- Configures the manner in which the template library is installed on the cluster. Must be one of
ALL,NOT_INSTALLEDorINSTALLATION_UNSPECIFIED. Defaults toALL.
Import
FeatureMembership can be imported using any of these accepted formats:
projects/{{project}}/locations/{{location}}/features/{{feature}}/membershipId/{{membership}}{{project}}/{{location}}/{{feature}}/{{membership}}{{location}}/{{feature}}/{{membership}}
When using the pulumi import command, FeatureMembership can be imported using one of the formats above. For example:
$ pulumi import gcp:gkehub/featureMembership:FeatureMembership default projects/{{project}}/locations/{{location}}/features/{{feature}}/membershipId/{{membership}}
$ pulumi import gcp:gkehub/featureMembership:FeatureMembership default {{project}}/{{location}}/{{feature}}/{{membership}}
$ pulumi import gcp:gkehub/featureMembership:FeatureMembership default {{location}}/{{feature}}/{{membership}}
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Google Cloud (GCP) Classic pulumi/pulumi-gcp
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
google-betaTerraform Provider.