subcategory | page_title | description |
---|---|---|
GKEHub |
Google: google_gke_hub_feature_membership |
Contains information about a GKEHub Feature Memberships. |
Contains information about a GKEHub Feature Memberships. Feature Memberships configure GKEHub Features that apply to specific memberships rather than the project as a whole. This currently only supports the Config Management feature. The google_gke_hub is the Fleet API.
~> Warning: This resource is in beta, and should be used with the terraform-provider-google-beta provider. See Provider Versions for more details on beta resources.
resource "google_container_cluster" "cluster" {
name = "my-cluster"
location = "us-central1-a"
initial_node_count = 1
provider = google-beta
}
resource "google_gke_hub_membership" "membership" {
membership_id = "my-membership"
endpoint {
gke_cluster {
resource_link = "//container.googleapis.com/${google_container_cluster.cluster.id}"
}
}
provider = google-beta
}
resource "google_gke_hub_feature" "feature" {
name = "configmanagement"
location = "global"
labels = {
foo = "bar"
}
provider = google-beta
}
resource "google_gke_hub_feature_membership" "feature_member" {
location = "global"
feature = google_gke_hub_feature.feature.name
membership = google_gke_hub_membership.membership.membership_id
configmanagement {
version = "1.6.2"
config_sync {
git {
sync_repo = "https://github.com/hashicorp/terraform"
}
}
}
provider = google-beta
}
resource "google_gke_hub_feature" "feature" {
name = "multiclusterservicediscovery"
location = "global"
labels = {
foo = "bar"
}
provider = google-beta
}
resource "google_container_cluster" "cluster" {
name = "my-cluster"
location = "us-central1-a"
initial_node_count = 1
provider = google-beta
}
resource "google_gke_hub_membership" "membership" {
membership_id = "my-membership"
endpoint {
gke_cluster {
resource_link = "//container.googleapis.com/${google_container_cluster.cluster.id}"
}
}
provider = google-beta
}
resource "google_gke_hub_feature" "feature" {
name = "servicemesh"
location = "global"
provider = google-beta
}
resource "google_gke_hub_feature_membership" "feature_member" {
location = "global"
feature = google_gke_hub_feature.feature.name
membership = google_gke_hub_membership.membership.membership_id
mesh {
management = "MANAGEMENT_AUTOMATIC"
}
provider = google-beta
}
The following arguments are supported:
-
configmanagement
- (Optional) Config Management-specific spec. Structure is documented below. -
mesh
- (Optional) Service mesh specific spec. Structure is documented below. -
feature
- (Optional) The name of the feature -
location
- (Optional) The location of the feature -
membership
- (Optional) The name of the membership -
project
- (Optional) The project of the feature
The configmanagement
block supports:
-
binauthz
- (Optional) Binauthz configuration for the cluster. Structure is documented below. -
config_sync
- (Optional) Config Sync configuration for the cluster. Structure is documented below. -
hierarchy_controller
- (Optional) Hierarchy Controller configuration for the cluster. Structure is documented below. -
policy_controller
- (Optional) Policy Controller configuration for the cluster. Structure is documented below. -
version
- (Optional) Version of ACM installed.
enabled
- (Optional) Whether binauthz is enabled in this cluster.
The config_sync
block supports:
-
git
- (Optional) Structure is documented below. -
prevent_drift
- (Optional) Supported from ACM versions 1.10.0 onwards. Set to true to enable the Config Sync admission webhook to prevent drifts. If set to "false", disables the Config Sync admission webhook and does not prevent drifts. -
source_format
- (Optional) Specifies whether the Config Sync Repo is in "hierarchical" or "unstructured" mode.
-
gcp_service_account_email
- (Optional) The GCP Service Account Email used for auth when secretType is gcpServiceAccount. -
https_proxy
- (Optional) URL for the HTTPS proxy to be used when communicating with the Git repo. -
policy_dir
- (Optional) The path within the Git repository that represents the top level of the repo to sync. Default: the root directory of the repository. -
secret_type
- (Optional) Type of secret configured for access to the Git repo. -
sync_branch
- (Optional) The branch of the repository to sync from. Default: master. -
sync_repo
- (Optional) The URL of the Git repository to use as the source of truth. -
sync_rev
- (Optional) Git revision (tag or hash) to check out. Default HEAD. -
sync_wait_secs
- (Optional) Period in seconds between consecutive syncs. Default: 15.
The hierarchy_controller
block supports:
-
enable_hierarchical_resource_quota
- (Optional) Whether hierarchical resource quota is enabled in this cluster. -
enable_pod_tree_labels
- (Optional) Whether pod tree labels are enabled in this cluster. -
enabled
- (Optional) Whether Hierarchy Controller is enabled in this cluster.
The policy_controller
block supports:
-
audit_interval_seconds
- (Optional) Sets the interval for Policy Controller Audit Scans (in seconds). When set to 0, this disables audit functionality altogether. -
enabled
- (Optional) Enables the installation of Policy Controller. If false, the rest of PolicyController fields take no effect. -
exemptable_namespaces
- (Optional) The set of namespaces that are excluded from Policy Controller checks. Namespaces do not need to currently exist on the cluster. -
log_denies_enabled
- (Optional) Logs all denies and dry run failures. -
referential_rules_enabled
- (Optional) Enables the ability to use Constraint Templates that reference to objects other than the object currently being evaluated. -
template_library_installed
- (Optional) Installs the default template library along with Policy Controller. -
mutation_enabled
- (Optional) Enables mutation in policy controller. If true, mutation CRDs, webhook, and controller deployment will be deployed to the cluster. -
monitoring
- (Optional) Specifies the backends Policy Controller should export metrics to. For example, to specify metrics should be exported to Cloud Monitoring and Prometheus, specify backends: ["cloudmonitoring", "prometheus"]. Default: ["cloudmonitoring", "prometheus"]
management
- (Optional) Whether to automatically manage Service Mesh. Can either beMANAGEMENT_AUTOMATIC
orMANAGEMENT_MANUAL
.
In addition to the arguments listed above, the following computed attributes are exported:
id
- an identifier for the resource with formatprojects/{{project}}/locations/{{location}}/features/{{feature}}/membershipId/{{membership}}
This resource provides the following Timeouts configuration options:
create
- Default is 20 minutes.update
- Default is 20 minutes.delete
- Default is 20 minutes.
FeatureMembership can be imported using any of these accepted formats:
$ terraform import google_gke_hub_feature_membership.default projects/{{project}}/locations/{{location}}/features/{{feature}}/membershipId/{{membership}}
$ terraform import google_gke_hub_feature_membership.default {{project}}/{{location}}/{{feature}}/{{membership}}
$ terraform import google_gke_hub_feature_membership.default {{location}}/{{feature}}/{{membership}}