Namespace Google.Apis.GKEHub.v1.Data
Classes
AppDevExperienceFeatureSpec
Spec for App Dev Experience Feature.
AppDevExperienceFeatureState
State for App Dev Exp Feature.
ApplianceCluster
ApplianceCluster contains information specific to GDC Edge Appliance Clusters.
AuditConfig
Specifies the audit configuration for a service. The configuration determines which permission types are logged,
and what identities, if any, are exempted from logging. An AuditConfig must have one or more AuditLogConfigs. If
there are AuditConfigs for both allServices
and a specific service, the union of the two AuditConfigs is used
for that service: the log_types specified in each AuditConfig are enabled, and the exempted_members in each
AuditLogConfig are exempted. Example Policy with multiple AuditConfigs: { "audit_configs": [ { "service":
"allServices", "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:jose@example.com" ]
}, { "log_type": "DATA_WRITE" }, { "log_type": "ADMIN_READ" } ] }, { "service": "sampleservice.googleapis.com",
"audit_log_configs": [ { "log_type": "DATA_READ" }, { "log_type": "DATA_WRITE", "exempted_members": [
"user:aliya@example.com" ] } ] } ] } For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ
logging. It also exempts jose@example.com
from DATA_READ logging, and aliya@example.com
from DATA_WRITE
logging.
AuditLogConfig
Provides the configuration for logging a type of permissions. Example: { "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:jose@example.com" ] }, { "log_type": "DATA_WRITE" } ] } This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting jose@example.com from DATA_READ logging.
Authority
Authority encodes how Google will recognize identities from this Membership. See the workload identity documentation for more details: https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity
BinaryAuthorizationConfig
BinaryAuthorizationConfig defines the fleet level configuration of binary authorization feature.
Binding
Associates members
, or principals, with a role
.
CancelOperationRequest
The request message for Operations.CancelOperation.
ClusterUpgradeFleetSpec
ClusterUpgrade: The configuration for the fleet-level ClusterUpgrade feature.
ClusterUpgradeFleetState
ClusterUpgrade: The state for the fleet-level ClusterUpgrade feature.
ClusterUpgradeGKEUpgrade
GKEUpgrade represents a GKE provided upgrade, e.g., control plane upgrade.
ClusterUpgradeGKEUpgradeFeatureCondition
GKEUpgradeFeatureCondition describes the condition of the feature for GKE clusters at a certain point of time.
ClusterUpgradeGKEUpgradeFeatureState
GKEUpgradeFeatureState contains feature states for GKE clusters in the scope.
ClusterUpgradeGKEUpgradeOverride
Properties of a GKE upgrade that can be overridden by the user. For example, a user can skip soaking by overriding the soaking to 0.
ClusterUpgradeGKEUpgradeState
GKEUpgradeState is a GKEUpgrade and its state at the scope and fleet level.
ClusterUpgradeIgnoredMembership
IgnoredMembership represents a membership ignored by the feature. A membership can be ignored because it was manually upgraded to a newer version than RC default.
ClusterUpgradeMembershipGKEUpgradeState
ScopeGKEUpgradeState is a GKEUpgrade and its state per-membership.
ClusterUpgradeMembershipState
Per-membership state for this feature.
ClusterUpgradePostConditions
Post conditional checks after an upgrade has been applied on all eligible clusters.
ClusterUpgradeUpgradeStatus
UpgradeStatus provides status information for each upgrade.
CommonFeatureSpec
CommonFeatureSpec contains Fleet-wide configuration information
CommonFeatureState
CommonFeatureState contains Fleet-wide Feature status information.
CommonFleetDefaultMemberConfigSpec
CommonFleetDefaultMemberConfigSpec contains default configuration information for memberships of a fleet
CompliancePostureConfig
CompliancePostureConfig defines the settings needed to enable/disable features for the Compliance Posture.
ComplianceStandard
ConfigManagementConfigSync
Configuration for Config Sync
ConfigManagementConfigSyncDeploymentState
The state of ConfigSync's deployment on a cluster
ConfigManagementConfigSyncError
Errors pertaining to the installation of Config Sync
ConfigManagementConfigSyncState
State information for ConfigSync
ConfigManagementConfigSyncVersion
Specific versioning information pertaining to ConfigSync's Pods
ConfigManagementErrorResource
Model for a config file in the git repo with an associated Sync error
ConfigManagementGatekeeperDeploymentState
State of Policy Controller installation.
ConfigManagementGitConfig
Git repo configuration for a single cluster.
ConfigManagementGroupVersionKind
A Kubernetes object's GVK
ConfigManagementHierarchyControllerConfig
Configuration for Hierarchy Controller
ConfigManagementHierarchyControllerDeploymentState
Deployment state for Hierarchy Controller
ConfigManagementHierarchyControllerState
State for Hierarchy Controller
ConfigManagementHierarchyControllerVersion
Version for Hierarchy Controller
ConfigManagementInstallError
Errors pertaining to the installation of ACM
ConfigManagementMembershipSpec
Anthos Config Management: Configuration for a single cluster. Intended to parallel the ConfigManagement CR.
ConfigManagementMembershipState
Anthos Config Management: State for a single cluster.
ConfigManagementOciConfig
OCI repo configuration for a single cluster
ConfigManagementOperatorState
State information for an ACM's Operator
ConfigManagementPolicyController
Configuration for Policy Controller
ConfigManagementPolicyControllerMigration
State for the migration of PolicyController from ACM -> PoCo Hub.
ConfigManagementPolicyControllerMonitoring
PolicyControllerMonitoring specifies the backends Policy Controller should export metrics to. For example, to specify metrics should be exported to Cloud Monitoring and Prometheus, specify backends: ["cloudmonitoring", "prometheus"]
ConfigManagementPolicyControllerState
State for PolicyControllerState.
ConfigManagementPolicyControllerVersion
The build version of Gatekeeper Policy Controller is using.
ConfigManagementSyncError
An ACM created error representing a problem syncing configurations
ConfigManagementSyncState
State indicating an ACM's progress syncing configurations to a cluster
ConnectAgentResource
ConnectAgentResource represents a Kubernetes resource manifest for Connect Agent deployment.
DataplaneV2FeatureSpec
Dataplane V2: Spec
DefaultClusterConfig
DefaultClusterConfig describes the default cluster configurations to be applied to all clusters born-in-fleet.
EdgeCluster
EdgeCluster contains information specific to Google Edge Clusters.
Empty
A generic empty message that you can re-use to avoid defining duplicated empty messages in your APIs. A typical example is to use it as the request or the response type of an API method. For instance: service Foo { rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty); }
Expr
Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information.
Feature
Feature represents the settings and status of any Fleet Feature.
FeatureResourceState
FeatureResourceState describes the state of a Feature resource in the GkeHub API. See FeatureState
for the
"running state" of the Feature in the Fleet and across Memberships.
FeatureState
FeatureState describes the high-level state of a Feature. It may be used to describe a Feature's state at the environ-level, or per-membershop, depending on the context.
Fleet
Fleet contains the Fleet-wide metadata and configuration.
FleetLifecycleState
FleetLifecycleState describes the state of a Fleet resource.
FleetObservabilityFeatureError
All error details of the fleet observability feature.
FleetObservabilityFeatureSpec
Fleet Observability: The Hub-wide input for the FleetObservability feature.
FleetObservabilityFeatureState
FleetObservability: Hub-wide Feature for FleetObservability feature. state.
FleetObservabilityFleetObservabilityBaseFeatureState
Base state for fleet observability feature.
FleetObservabilityFleetObservabilityLoggingState
Feature state for logging feature.
FleetObservabilityFleetObservabilityMonitoringState
Feature state for monitoring feature.
FleetObservabilityLoggingConfig
LoggingConfig defines the configuration for different types of logs.
FleetObservabilityMembershipSpec
FleetObservability: The membership-specific input for FleetObservability feature.
FleetObservabilityMembershipState
FleetObservability: Membership-specific Feature state for fleetobservability.
FleetObservabilityRoutingConfig
RoutingConfig configures the behaviour of fleet logging feature.
GenerateConnectManifestResponse
GenerateConnectManifestResponse contains manifest information for installing/upgrading a Connect agent.
GenerateMembershipRBACRoleBindingYAMLResponse
Response for GenerateRBACRoleBindingYAML.
GkeCluster
GkeCluster contains information specific to GKE clusters.
GoogleRpcStatus
The Status
type defines a logical error model that is suitable for different programming environments,
including REST APIs and RPC APIs. It is used by gRPC. Each Status
message contains
three pieces of data: error code, error message, and error details. You can find out more about this error model
and how to work with it in the API Design Guide.
IdentityServiceAuthMethod
Configuration of an auth method for a member/cluster. Only one authentication method (e.g., OIDC and LDAP) can be set per AuthMethod.
IdentityServiceAzureADConfig
Configuration for the AzureAD Auth flow.
IdentityServiceDiagnosticInterface
Configuration options for the AIS diagnostic interface.
IdentityServiceGoogleConfig
Configuration for the Google Plugin Auth flow.
IdentityServiceGroupConfig
Contains the properties for locating and authenticating groups in the directory.
IdentityServiceIdentityServiceOptions
Holds non-protocol-related configuration options.
IdentityServiceLdapConfig
Configuration for the LDAP Auth flow.
IdentityServiceMembershipSpec
Anthos Identity Service: Configuration for a single Membership.
IdentityServiceMembershipState
Anthos Identity Service: State for a single Membership.
IdentityServiceOidcConfig
Configuration for OIDC Auth flow.
IdentityServiceSamlConfig
Configuration for the SAML Auth flow.
IdentityServiceServerConfig
Server settings for the external LDAP server.
IdentityServiceServiceAccountConfig
Contains the credentials of the service account which is authorized to perform the LDAP search in the directory. The credentials can be supplied by the combination of the DN and password or the client certificate.
IdentityServiceSimpleBindCredentials
The structure holds the LDAP simple binding credential.
IdentityServiceUserConfig
Defines where users exist in the LDAP directory.
KubernetesMetadata
KubernetesMetadata provides informational metadata for Memberships representing Kubernetes clusters.
KubernetesResource
KubernetesResource contains the YAML manifests and configuration for Membership Kubernetes resources in the cluster. After CreateMembership or UpdateMembership, these resources should be re-applied in the cluster.
ListBoundMembershipsResponse
List of Memberships bound to a Scope.
ListFeaturesResponse
Response message for the GkeHub.ListFeatures
method.
ListFleetsResponse
Response message for the GkeHub.ListFleetsResponse
method.
ListLocationsResponse
The response message for Locations.ListLocations.
ListMembershipBindingsResponse
List of MembershipBindings.
ListMembershipRBACRoleBindingsResponse
List of Membership RBACRoleBindings.
ListMembershipsResponse
Response message for the GkeHub.ListMemberships
method.
ListOperationsResponse
The response message for Operations.ListOperations.
ListPermittedScopesResponse
List of permitted Scopes.
ListScopeNamespacesResponse
List of fleet namespaces.
ListScopeRBACRoleBindingsResponse
List of Scope RBACRoleBindings.
ListScopesResponse
List of Scopes.
Location
A resource that represents a Google Cloud location.
Membership
Membership contains information about a member cluster.
MembershipBinding
MembershipBinding is a subresource of a Membership, representing what Fleet Scopes (or other, future Fleet resources) a Membership is bound to.
MembershipBindingLifecycleState
MembershipBindingLifecycleState describes the state of a Binding resource.
MembershipEndpoint
MembershipEndpoint contains information needed to contact a Kubernetes API, endpoint and any additional Kubernetes metadata.
MembershipFeatureSpec
MembershipFeatureSpec contains configuration information for a single Membership.
MembershipFeatureState
MembershipFeatureState contains Feature status information for a single Membership.
MembershipState
MembershipState describes the state of a Membership resource.
MonitoringConfig
MonitoringConfig informs Fleet-based applications/services/UIs how the metrics for the underlying cluster is reported to cloud monitoring services. It can be set from empty to non-empty, but can't be mutated directly to prevent accidentally breaking the constinousty of metrics.
MultiCloudCluster
MultiCloudCluster contains information specific to GKE Multi-Cloud clusters.
MultiClusterIngressFeatureSpec
Multi-cluster Ingress: The configuration for the MultiClusterIngress feature.
Namespace
Namespace represents a namespace across the Fleet
NamespaceLifecycleState
NamespaceLifecycleState describes the state of a Namespace resource.
OnPremCluster
OnPremCluster contains information specific to GKE On-Prem clusters.
Operation
This resource represents a long-running operation that is the result of a network API call.
OperationMetadata
Represents the metadata of the long-running operation.
Origin
Origin defines where this MembershipFeatureSpec originated from.
Policy
An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A
Policy
is a collection of bindings
. A binding
binds one or more members
, or principals, to a single
role
. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A
role
is a named list of permissions; each role
can be an IAM predefined role or a user-created custom role.
For some types of Google Cloud resources, a binding
can also specify a condition
, which is a logical
expression that allows access to a resource only if the expression evaluates to true
. A condition can add
constraints based on attributes of the request, the resource, or both. To learn which resources support
conditions in their IAM policies, see the IAM
documentation. JSON example:
{
"bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com",
"group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] },
{ "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": {
"title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time
< timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 }
YAML example:
bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com -
serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin -
members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable
access description: Does not grant access after Sep 2020 expression: request.time <
timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3
For a description of IAM and its features, see the IAM documentation.
PolicyBinding
Binauthz policy that applies to this cluster.
PolicyControllerBundleInstallSpec
BundleInstallSpec is the specification configuration for a single managed bundle.
PolicyControllerHubConfig
Configuration for Policy Controller
PolicyControllerMembershipSpec
Policy Controller: Configuration for a single cluster. Intended to parallel the PolicyController CR.
PolicyControllerMembershipState
Policy Controller: State for a single cluster.
PolicyControllerMonitoringConfig
MonitoringConfig specifies the backends Policy Controller should export metrics to. For example, to specify metrics should be exported to Cloud Monitoring and Prometheus, specify backends: ["cloudmonitoring", "prometheus"]
PolicyControllerOnClusterState
OnClusterState represents the state of a sub-component of Policy Controller.
PolicyControllerPolicyContentSpec
PolicyContentSpec defines the user's desired content configuration on the cluster.
PolicyControllerPolicyContentState
The state of the policy controller policy content
PolicyControllerPolicyControllerDeploymentConfig
Deployment-specific configuration.
PolicyControllerResourceList
ResourceList contains container resource requirements.
PolicyControllerResourceRequirements
ResourceRequirements describes the compute resource requirements.
PolicyControllerTemplateLibraryConfig
The config specifying which default library templates to install.
PolicyControllerToleration
Toleration of a node taint.
RBACRoleBinding
RBACRoleBinding represents a rbacrolebinding across the Fleet
RBACRoleBindingLifecycleState
RBACRoleBindingLifecycleState describes the state of a RbacRoleBinding resource.
ResourceManifest
ResourceManifest represents a single Kubernetes resource to be applied to the cluster.
ResourceOptions
ResourceOptions represent options for Kubernetes resource generation.
Role
Role is the type for Kubernetes roles
Scope
Scope represents a Scope in a Fleet.
ScopeFeatureSpec
ScopeFeatureSpec contains feature specs for a fleet scope.
ScopeFeatureState
ScopeFeatureState contains Scope-wide Feature status information.
ScopeLifecycleState
ScopeLifecycleState describes the state of a Scope resource.
SecurityPostureConfig
SecurityPostureConfig defines the flags needed to enable/disable features for the Security Posture API.
ServiceMeshCondition
Condition being reported.
ServiceMeshControlPlaneManagement
Status of control plane management.
ServiceMeshDataPlaneManagement
Status of data plane management. Only reported per-member.
ServiceMeshMembershipSpec
Service Mesh: Spec for a single Membership for the servicemesh feature
ServiceMeshMembershipState
Service Mesh: State for a single Membership, as analyzed by the Service Mesh Hub Controller.
ServiceMeshStatusDetails
Structured and human-readable details for a status.
SetIamPolicyRequest
Request message for SetIamPolicy
method.
Status
Status specifies state for the subcomponent.
TestIamPermissionsRequest
Request message for TestIamPermissions
method.
TestIamPermissionsResponse
Response message for TestIamPermissions
method.
TypeMeta
TypeMeta is the type information needed for content unmarshalling of Kubernetes resources in the manifest.