Skip to content

Latest commit

 

History

History
297 lines (223 loc) · 8.47 KB

gke_hub_feature_membership.html.markdown

File metadata and controls

297 lines (223 loc) · 8.47 KB
Raw
subcategory page_title description
GKEHub
Google: google_gke_hub_feature_membership
Contains information about a GKEHub Feature Memberships.

google_gkehub_feature_membership

Contains information about a GKEHub Feature Memberships. Feature Memberships configure GKEHub Features that apply to specific memberships rather than the project as a whole. This currently only supports the Config Management feature. The google_gke_hub is the Fleet API.

~> Warning: This resource is in beta, and should be used with the terraform-provider-google-beta provider. See Provider Versions for more details on beta resources.

Example Usage - Config Management

resource "google_container_cluster" "cluster" {
  name               = "my-cluster"
  location           = "us-central1-a"
  initial_node_count = 1
  provider = google-beta
}

resource "google_gke_hub_membership" "membership" {
  membership_id = "my-membership"
  endpoint {
    gke_cluster {
      resource_link = "//container.googleapis.com/${google_container_cluster.cluster.id}"
    }
  }
  provider = google-beta
}

resource "google_gke_hub_feature" "feature" {
  name = "configmanagement"
  location = "global"

  labels = {
    foo = "bar"
  }
  provider = google-beta
}

resource "google_gke_hub_feature_membership" "feature_member" {
  location = "global"
  feature = google_gke_hub_feature.feature.name
  membership = google_gke_hub_membership.membership.membership_id
  configmanagement {
    version = "1.6.2"
    config_sync {
      git {
        sync_repo = "https://github.com/hashicorp/terraform"
      }
    }
  }
  provider = google-beta
}

Example Usage - Multi Cluster Service Discovery

resource "google_gke_hub_feature" "feature" {
  name = "multiclusterservicediscovery"
  location = "global"
  labels = {
    foo = "bar"
  }
  provider = google-beta
}

Example Usage - Serivce Mesh

resource "google_container_cluster" "cluster" {
  name               = "my-cluster"
  location           = "us-central1-a"
  initial_node_count = 1
  provider = google-beta
}

resource "google_gke_hub_membership" "membership" {
  membership_id = "my-membership"
  endpoint {
    gke_cluster {
      resource_link = "//container.googleapis.com/${google_container_cluster.cluster.id}"
    }
  }
  provider = google-beta
}

resource "google_gke_hub_feature" "feature" {
  name = "servicemesh"
  location = "global"

  provider = google-beta
}

resource "google_gke_hub_feature_membership" "feature_member" {
  location = "global"
  feature = google_gke_hub_feature.feature.name
  membership = google_gke_hub_membership.membership.membership_id
  mesh {
    management = "MANAGEMENT_AUTOMATIC"
  }
  provider = google-beta
}

Argument Reference

The following arguments are supported:

  • configmanagement - (Optional) Config Management-specific spec. Structure is documented below.

  • mesh - (Optional) Service mesh specific spec. Structure is documented below.

  • feature - (Optional) The name of the feature

  • location - (Optional) The location of the feature

  • membership - (Optional) The name of the membership

  • project - (Optional) The project of the feature

The configmanagement block supports:

  • binauthz - (Optional) Binauthz configuration for the cluster. Structure is documented below.

  • config_sync - (Optional) Config Sync configuration for the cluster. Structure is documented below.

  • hierarchy_controller - (Optional) Hierarchy Controller configuration for the cluster. Structure is documented below.

  • policy_controller - (Optional) Policy Controller configuration for the cluster. Structure is documented below.

  • version - (Optional) Version of ACM installed.

The binauthz block supports:

  • enabled - (Optional) Whether binauthz is enabled in this cluster.

The config_sync block supports:

  • git - (Optional) Structure is documented below.

  • prevent_drift - (Optional) Supported from ACM versions 1.10.0 onwards. Set to true to enable the Config Sync admission webhook to prevent drifts. If set to "false", disables the Config Sync admission webhook and does not prevent drifts.

  • source_format - (Optional) Specifies whether the Config Sync Repo is in "hierarchical" or "unstructured" mode.

The git block supports:

  • gcp_service_account_email - (Optional) The GCP Service Account Email used for auth when secretType is gcpServiceAccount.

  • https_proxy - (Optional) URL for the HTTPS proxy to be used when communicating with the Git repo.

  • policy_dir - (Optional) The path within the Git repository that represents the top level of the repo to sync. Default: the root directory of the repository.

  • secret_type - (Optional) Type of secret configured for access to the Git repo.

  • sync_branch - (Optional) The branch of the repository to sync from. Default: master.

  • sync_repo - (Optional) The URL of the Git repository to use as the source of truth.

  • sync_rev - (Optional) Git revision (tag or hash) to check out. Default HEAD.

  • sync_wait_secs - (Optional) Period in seconds between consecutive syncs. Default: 15.

The hierarchy_controller block supports:

  • enable_hierarchical_resource_quota - (Optional) Whether hierarchical resource quota is enabled in this cluster.

  • enable_pod_tree_labels - (Optional) Whether pod tree labels are enabled in this cluster.

  • enabled - (Optional) Whether Hierarchy Controller is enabled in this cluster.

The policy_controller block supports:

  • audit_interval_seconds - (Optional) Sets the interval for Policy Controller Audit Scans (in seconds). When set to 0, this disables audit functionality altogether.

  • enabled - (Optional) Enables the installation of Policy Controller. If false, the rest of PolicyController fields take no effect.

  • exemptable_namespaces - (Optional) The set of namespaces that are excluded from Policy Controller checks. Namespaces do not need to currently exist on the cluster.

  • log_denies_enabled - (Optional) Logs all denies and dry run failures.

  • referential_rules_enabled - (Optional) Enables the ability to use Constraint Templates that reference to objects other than the object currently being evaluated.

  • template_library_installed - (Optional) Installs the default template library along with Policy Controller.

  • mutation_enabled - (Optional) Enables mutation in policy controller. If true, mutation CRDs, webhook, and controller deployment will be deployed to the cluster.

  • monitoring - (Optional) Specifies the backends Policy Controller should export metrics to. For example, to specify metrics should be exported to Cloud Monitoring and Prometheus, specify backends: ["cloudmonitoring", "prometheus"]. Default: ["cloudmonitoring", "prometheus"]

The mesh block supports:

  • management - (Optional) Whether to automatically manage Service Mesh. Can either be MANAGEMENT_AUTOMATIC or MANAGEMENT_MANUAL.

Attributes Reference

In addition to the arguments listed above, the following computed attributes are exported:

  • id - an identifier for the resource with format projects/{{project}}/locations/{{location}}/features/{{feature}}/membershipId/{{membership}}

Timeouts

This resource provides the following Timeouts configuration options:

  • create - Default is 20 minutes.
  • update - Default is 20 minutes.
  • delete - Default is 20 minutes.

Import

FeatureMembership can be imported using any of these accepted formats:

$ terraform import google_gke_hub_feature_membership.default projects/{{project}}/locations/{{location}}/features/{{feature}}/membershipId/{{membership}}
$ terraform import google_gke_hub_feature_membership.default {{project}}/{{location}}/{{feature}}/{{membership}}
$ terraform import google_gke_hub_feature_membership.default {{location}}/{{feature}}/{{membership}}