Namespace Google.Apis.GKEHub.v1.Data

Classes

ApplianceCluster

ApplianceCluster contains information specific to GDC Edge Appliance Clusters.

Specifies the audit configuration for a service. The configuration determines which permission types are logged, and what identities, if any, are exempted from logging. An AuditConfig must have one or more AuditLogConfigs. If there are AuditConfigs for both allServices and a specific service, the union of the two AuditConfigs is used for that service: the log_types specified in each AuditConfig are enabled, and the exempted_members in each AuditLogConfig are exempted. Example Policy with multiple AuditConfigs: { "audit_configs": [ { "service": "allServices", "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:jose@example.com" ] }, { "log_type": "DATA_WRITE" }, { "log_type": "ADMIN_READ" } ] }, { "service": "sampleservice.googleapis.com", "audit_log_configs": [ { "log_type": "DATA_READ" }, { "log_type": "DATA_WRITE", "exempted_members": [ "user:aliya@example.com" ] } ] } ] } For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ logging. It also exempts jose@example.com from DATA_READ logging, and aliya@example.com from DATA_WRITE logging.

AuditLogConfig

Provides the configuration for logging a type of permissions. Example: { "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:jose@example.com" ] }, { "log_type": "DATA_WRITE" } ] } This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting jose@example.com from DATA_READ logging.

Authority

Authority encodes how Google will recognize identities from this Membership. See the workload identity documentation for more details: https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity

BinaryAuthorizationConfig

BinaryAuthorizationConfig defines the fleet level configuration of binary authorization feature.

Binding

Associates members, or principals, with a role.

CancelOperationRequest

The request message for Operations.CancelOperation.

ClusterUpgradeFleetSpec

ClusterUpgrade: The configuration for the fleet-level ClusterUpgrade feature.

ClusterUpgradeFleetState

ClusterUpgrade: The state for the fleet-level ClusterUpgrade feature.

ClusterUpgradeGKEUpgrade

GKEUpgrade represents a GKE provided upgrade, e.g., control plane upgrade.

ClusterUpgradeGKEUpgradeFeatureCondition

GKEUpgradeFeatureCondition describes the condition of the feature for GKE clusters at a certain point of time.

ClusterUpgradeGKEUpgradeFeatureState

GKEUpgradeFeatureState contains feature states for GKE clusters in the scope.

ClusterUpgradeGKEUpgradeOverride

Properties of a GKE upgrade that can be overridden by the user. For example, a user can skip soaking by overriding the soaking to 0.

ClusterUpgradeGKEUpgradeState

GKEUpgradeState is a GKEUpgrade and its state at the scope and fleet level.

ClusterUpgradeIgnoredMembership

IgnoredMembership represents a membership ignored by the feature. A membership can be ignored because it was manually upgraded to a newer version than RC default.

ClusterUpgradeMembershipGKEUpgradeState

ScopeGKEUpgradeState is a GKEUpgrade and its state per-membership.

ClusterUpgradeMembershipState

Per-membership state for this feature.

ClusterUpgradePostConditions

Post conditional checks after an upgrade has been applied on all eligible clusters.

ClusterUpgradeUpgradeStatus

UpgradeStatus provides status information for each upgrade.

CommonFeatureSpec

CommonFeatureSpec contains Fleet-wide configuration information

CommonFeatureState

CommonFeatureState contains Fleet-wide Feature status information.

CommonFleetDefaultMemberConfigSpec

CommonFleetDefaultMemberConfigSpec contains default configuration information for memberships of a fleet

CompliancePostureConfig

CompliancePostureConfig defines the settings needed to enable/disable features for the Compliance Posture.

ComplianceStandard

ConfigManagementConfigSync

Configuration for Config Sync

ConfigManagementConfigSyncDeploymentState

The state of ConfigSync's deployment on a cluster

ConfigManagementConfigSyncError

Errors pertaining to the installation of Config Sync

ConfigManagementConfigSyncState

State information for ConfigSync

ConfigManagementConfigSyncVersion

Specific versioning information pertaining to ConfigSync's Pods

ConfigManagementContainerOverride

Configuration for a container override.

ConfigManagementDeploymentOverride

Configuration for a deployment override.

ConfigManagementErrorResource

Model for a config file in the git repo with an associated Sync error

ConfigManagementGatekeeperDeploymentState

State of Policy Controller installation.

ConfigManagementGitConfig

Git repo configuration for a single cluster.

ConfigManagementGroupVersionKind

A Kubernetes object's GVK

ConfigManagementHierarchyControllerConfig

Configuration for Hierarchy Controller

ConfigManagementHierarchyControllerDeploymentState

Deployment state for Hierarchy Controller

ConfigManagementHierarchyControllerState

State for Hierarchy Controller

ConfigManagementHierarchyControllerVersion

Version for Hierarchy Controller

ConfigManagementInstallError

Errors pertaining to the installation of ACM

ConfigManagementMembershipSpec

Anthos Config Management: Configuration for a single cluster. Intended to parallel the ConfigManagement CR.

ConfigManagementMembershipState

Anthos Config Management: State for a single cluster.

ConfigManagementOciConfig

OCI repo configuration for a single cluster

ConfigManagementOperatorState

State information for an ACM's Operator

ConfigManagementPolicyController

Configuration for Policy Controller

ConfigManagementPolicyControllerMigration

State for the migration of PolicyController from ACM -> PoCo Hub.

ConfigManagementPolicyControllerMonitoring

PolicyControllerMonitoring specifies the backends Policy Controller should export metrics to. For example, to specify metrics should be exported to Cloud Monitoring and Prometheus, specify backends: ["cloudmonitoring", "prometheus"]

ConfigManagementPolicyControllerState

State for PolicyControllerState.

ConfigManagementPolicyControllerVersion

The build version of Gatekeeper Policy Controller is using.

ConfigManagementSyncError

An ACM created error representing a problem syncing configurations

ConfigManagementSyncState

State indicating an ACM's progress syncing configurations to a cluster

ConnectAgentResource

ConnectAgentResource represents a Kubernetes resource manifest for Connect Agent deployment.

DataplaneV2FeatureSpec

Dataplane V2: Spec

DefaultClusterConfig

DefaultClusterConfig describes the default cluster configurations to be applied to all clusters born-in-fleet.

EdgeCluster

EdgeCluster contains information specific to Google Edge Clusters.

Empty

A generic empty message that you can re-use to avoid defining duplicated empty messages in your APIs. A typical example is to use it as the request or the response type of an API method. For instance: service Foo { rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty); }

Expr

Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information.

Feature

Feature represents the settings and status of any Fleet Feature.

FeatureResourceState

FeatureResourceState describes the state of a Feature resource in the GkeHub API. See FeatureState for the "running state" of the Feature in the Fleet and across Memberships.

FeatureState

FeatureState describes the high-level state of a Feature. It may be used to describe a Feature's state at the environ-level, or per-membershop, depending on the context.

Fleet

Fleet contains the Fleet-wide metadata and configuration.

FleetLifecycleState

FleetLifecycleState describes the state of a Fleet resource.

FleetObservabilityFeatureError

All error details of the fleet observability feature.

FleetObservabilityFeatureSpec

Fleet Observability: The Hub-wide input for the FleetObservability feature.

FleetObservabilityFeatureState

FleetObservability: Hub-wide Feature for FleetObservability feature. state.

FleetObservabilityFleetObservabilityBaseFeatureState

Base state for fleet observability feature.

FleetObservabilityFleetObservabilityLoggingState

Feature state for logging feature.

FleetObservabilityFleetObservabilityMonitoringState

Feature state for monitoring feature.

FleetObservabilityLoggingConfig

LoggingConfig defines the configuration for different types of logs.

FleetObservabilityMembershipSpec

FleetObservability: The membership-specific input for FleetObservability feature.

FleetObservabilityMembershipState

FleetObservability: Membership-specific Feature state for fleetobservability.

FleetObservabilityRoutingConfig

RoutingConfig configures the behaviour of fleet logging feature.

GenerateConnectManifestResponse

GenerateConnectManifestResponse contains manifest information for installing/upgrading a Connect agent.

GenerateMembershipRBACRoleBindingYAMLResponse

Response for GenerateRBACRoleBindingYAML.

GkeCluster

GkeCluster contains information specific to GKE clusters.

GoogleRpcStatus

The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.

IdentityServiceAuthMethod

Configuration of an auth method for a member/cluster. Only one authentication method (e.g., OIDC and LDAP) can be set per AuthMethod.

IdentityServiceAzureADConfig

Configuration for the AzureAD Auth flow.

IdentityServiceDiagnosticInterface

Configuration options for the AIS diagnostic interface.

IdentityServiceGoogleConfig

Configuration for the Google Plugin Auth flow.

IdentityServiceGroupConfig

Contains the properties for locating and authenticating groups in the directory.

IdentityServiceIdentityServiceOptions

Holds non-protocol-related configuration options.

IdentityServiceLdapConfig

Configuration for the LDAP Auth flow.

IdentityServiceMembershipSpec

Anthos Identity Service: Configuration for a single Membership.

IdentityServiceMembershipState

Anthos Identity Service: State for a single Membership.

IdentityServiceOidcConfig

Configuration for OIDC Auth flow.

IdentityServiceSamlConfig

Configuration for the SAML Auth flow.

IdentityServiceServerConfig

Server settings for the external LDAP server.

IdentityServiceServiceAccountConfig

Contains the credentials of the service account which is authorized to perform the LDAP search in the directory. The credentials can be supplied by the combination of the DN and password or the client certificate.

IdentityServiceSimpleBindCredentials

The structure holds the LDAP simple binding credential.

IdentityServiceUserConfig

Defines where users exist in the LDAP directory.

KubernetesMetadata

KubernetesMetadata provides informational metadata for Memberships representing Kubernetes clusters.

KubernetesResource

KubernetesResource contains the YAML manifests and configuration for Membership Kubernetes resources in the cluster. After CreateMembership or UpdateMembership, these resources should be re-applied in the cluster.

ListBoundMembershipsResponse

List of Memberships bound to a Scope.

ListFeaturesResponse

Response message for the GkeHub.ListFeatures method.

ListFleetsResponse

Response message for the GkeHub.ListFleetsResponse method.

ListLocationsResponse

The response message for Locations.ListLocations.

ListMembershipBindingsResponse

List of MembershipBindings.

ListMembershipRBACRoleBindingsResponse

List of Membership RBACRoleBindings.

ListMembershipsResponse

Response message for the GkeHub.ListMemberships method.

ListOperationsResponse

The response message for Operations.ListOperations.

ListPermittedScopesResponse

List of permitted Scopes.

ListScopeNamespacesResponse

List of fleet namespaces.

ListScopeRBACRoleBindingsResponse

List of Scope RBACRoleBindings.

ListScopesResponse

List of Scopes.

Location

A resource that represents a Google Cloud location.

Membership

Membership contains information about a member cluster.

MembershipBinding

MembershipBinding is a subresource of a Membership, representing what Fleet Scopes (or other, future Fleet resources) a Membership is bound to.

MembershipBindingLifecycleState

MembershipBindingLifecycleState describes the state of a Binding resource.

MembershipEndpoint

MembershipEndpoint contains information needed to contact a Kubernetes API, endpoint and any additional Kubernetes metadata.

MembershipFeatureSpec

MembershipFeatureSpec contains configuration information for a single Membership.

MembershipFeatureState

MembershipFeatureState contains Feature status information for a single Membership.

MembershipState

MembershipState describes the state of a Membership resource.

MonitoringConfig

MonitoringConfig informs Fleet-based applications/services/UIs how the metrics for the underlying cluster is reported to cloud monitoring services. It can be set from empty to non-empty, but can't be mutated directly to prevent accidentally breaking the constinousty of metrics.

MultiCloudCluster

MultiCloudCluster contains information specific to GKE Multi-Cloud clusters.

MultiClusterIngressFeatureSpec

Multi-cluster Ingress: The configuration for the MultiClusterIngress feature.

Namespace

Namespace represents a namespace across the Fleet

NamespaceLifecycleState

NamespaceLifecycleState describes the state of a Namespace resource.

OnPremCluster

OnPremCluster contains information specific to GKE On-Prem clusters.

Operation

This resource represents a long-running operation that is the result of a network API call.

OperationMetadata

Represents the metadata of the long-running operation.

Origin

Origin defines where this MembershipFeatureSpec originated from.

Policy

An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A Policy is a collection of bindings. A binding binds one or more members, or principals, to a single role. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A role is a named list of permissions; each role can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a binding can also specify a condition, which is a logical expression that allows access to a resource only if the expression evaluates to true. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the IAM documentation. JSON example:

{
"bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com",
"group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] },
{ "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": {
"title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time
&lt; timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 }

YAML example:

bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com -
serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin -
members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable
access description: Does not grant access after Sep 2020 expression: request.time &lt;
timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3

For a description of IAM and its features, see the IAM documentation.