googleGkehubFeatureMembership

Contains information about a GKEHub Feature Memberships. Feature Memberships configure GKEHub Features that apply to specific memberships rather than the project as a whole. The google_gke_hub is the Fleet API.

\~> Warning: This resource is in beta, and should be used with the terraform-provider-google-beta provider. See Provider Versions for more details on beta resources.

Example Usage - Config Management

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as google from "./.gen/providers/google";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: google.
For a more precise conversion please use the --provider flag in convert.*/
const googleContainerClusterCluster =
  new google.containerCluster.ContainerCluster(this, "cluster", {
    initial_node_count: 1,
    location: "us-central1-a",
    name: "my-cluster",
    provider: "${google-beta}",
  });
const googleGkeHubFeatureFeature = new google.gkeHubFeature.GkeHubFeature(
  this,
  "feature",
  {
    labels: [
      {
        foo: "bar",
      },
    ],
    location: "global",
    name: "configmanagement",
    provider: "${google-beta}",
  }
);
const googleGkeHubMembershipMembership =
  new google.gkeHubMembership.GkeHubMembership(this, "membership", {
    endpoint: [
      {
        gke_cluster: [
          {
            resource_link: `//container.googleapis.com/\${${googleContainerClusterCluster.id}}`,
          },
        ],
      },
    ],
    membership_id: "my-membership",
    provider: "${google-beta}",
  });
new google.gkeHubFeatureMembership.GkeHubFeatureMembership(
  this,
  "feature_member",
  {
    configmanagement: [
      {
        config_sync: [
          {
            git: [
              {
                sync_repo: "https://github.com/hashicorp/terraform",
              },
            ],
          },
        ],
        version: "1.6.2",
      },
    ],
    feature: googleGkeHubFeatureFeature.name,
    location: "global",
    membership: googleGkeHubMembershipMembership.membershipId,
    provider: "${google-beta}",
  }
);

Example Usage - Config Management with OCI

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as google from "./.gen/providers/google";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: google.
For a more precise conversion please use the --provider flag in convert.*/
const googleContainerClusterCluster =
  new google.containerCluster.ContainerCluster(this, "cluster", {
    initial_node_count: 1,
    location: "us-central1-a",
    name: "my-cluster",
    provider: "${google-beta}",
  });
const googleGkeHubFeatureFeature = new google.gkeHubFeature.GkeHubFeature(
  this,
  "feature",
  {
    labels: [
      {
        foo: "bar",
      },
    ],
    location: "global",
    name: "configmanagement",
    provider: "${google-beta}",
  }
);
const googleGkeHubMembershipMembership =
  new google.gkeHubMembership.GkeHubMembership(this, "membership", {
    endpoint: [
      {
        gke_cluster: [
          {
            resource_link: `//container.googleapis.com/\${${googleContainerClusterCluster.id}}`,
          },
        ],
      },
    ],
    membership_id: "my-membership",
    provider: "${google-beta}",
  });
new google.gkeHubFeatureMembership.GkeHubFeatureMembership(
  this,
  "feature_member",
  {
    configmanagement: [
      {
        config_sync: [
          {
            oci: [
              {
                gcp_service_account_email:
                  "sa@project-id.iam.gserviceaccount.com",
                policy_dir: "config-connector",
                secret_type: "gcpserviceaccount",
                sync_repo:
                  "us-central1-docker.pkg.dev/sample-project/config-repo/config-sync-gke:latest",
                sync_wait_secs: "20",
              },
            ],
          },
        ],
        version: "1.12.0",
      },
    ],
    feature: googleGkeHubFeatureFeature.name,
    location: "global",
    membership: googleGkeHubMembershipMembership.membershipId,
    provider: "${google-beta}",
  }
);

Example Usage - Multi Cluster Service Discovery

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as google from "./.gen/providers/google";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: google.
For a more precise conversion please use the --provider flag in convert.*/
new google.gkeHubFeature.GkeHubFeature(this, "feature", {
  labels: [
    {
      foo: "bar",
    },
  ],
  location: "global",
  name: "multiclusterservicediscovery",
  provider: "${google-beta}",
});

Example Usage - Service Mesh

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as google from "./.gen/providers/google";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: google.
For a more precise conversion please use the --provider flag in convert.*/
const googleContainerClusterCluster =
  new google.containerCluster.ContainerCluster(this, "cluster", {
    initial_node_count: 1,
    location: "us-central1-a",
    name: "my-cluster",
    provider: "${google-beta}",
  });
const googleGkeHubFeatureFeature = new google.gkeHubFeature.GkeHubFeature(
  this,
  "feature",
  {
    location: "global",
    name: "servicemesh",
    provider: "${google-beta}",
  }
);
const googleGkeHubMembershipMembership =
  new google.gkeHubMembership.GkeHubMembership(this, "membership", {
    endpoint: [
      {
        gke_cluster: [
          {
            resource_link: `//container.googleapis.com/\${${googleContainerClusterCluster.id}}`,
          },
        ],
      },
    ],
    membership_id: "my-membership",
    provider: "${google-beta}",
  });
new google.gkeHubFeatureMembership.GkeHubFeatureMembership(
  this,
  "feature_member",
  {
    feature: googleGkeHubFeatureFeature.name,
    location: "global",
    membership: googleGkeHubMembershipMembership.membershipId,
    mesh: [
      {
        management: "MANAGEMENT_AUTOMATIC",
      },
    ],
    provider: "${google-beta}",
  }
);

Argument Reference

The following arguments are supported:

configmanagement - (Optional) Config Management-specific spec. Structure is documented below.
mesh - (Optional) Service mesh specific spec. Structure is documented below.
feature - (Optional) The name of the feature
location - (Optional) The location of the feature
membership - (Optional) The name of the membership
project - (Optional) The project of the feature

The configmanagement block supports:

binauthz - (Optional) Binauthz configuration for the cluster. Structure is documented below.
configSync - (Optional) Config Sync configuration for the cluster. Structure is documented below.
hierarchyController - (Optional) Hierarchy Controller configuration for the cluster. Structure is documented below.
policyController - (Optional) Policy Controller configuration for the cluster. Structure is documented below.
version - (Optional) Version of ACM installed.

The binauthz block supports:

enabled - (Optional) Whether binauthz is enabled in this cluster.

The configSync block supports:

git - (Optional) Structure is documented below.
oci - (Optional) Supported from ACM versions 1.12.0 onwards. Structure is documented below.

Use either git or oci config option.
preventDrift - (Optional) Supported from ACM versions 1.10.0 onwards. Set to true to enable the Config Sync admission webhook to prevent drifts. If set to "false", disables the Config Sync admission webhook and does not prevent drifts.
sourceFormat - (Optional) Specifies whether the Config Sync Repo is in "hierarchical" or "unstructured" mode.

The git block supports:

gcpServiceAccountEmail - (Optional) The GCP Service Account Email used for auth when secretType is gcpServiceAccount.
httpsProxy - (Optional) URL for the HTTPS proxy to be used when communicating with the Git repo.
policyDir - (Optional) The path within the Git repository that represents the top level of the repo to sync. Default: the root directory of the repository.
secretType - (Optional) Type of secret configured for access to the Git repo.
syncBranch - (Optional) The branch of the repository to sync from. Default: master.
syncRepo - (Optional) The URL of the Git repository to use as the source of truth.
syncRev - (Optional) Git revision (tag or hash) to check out. Default HEAD.
syncWaitSecs - (Optional) Period in seconds between consecutive syncs. Default: 15.

The oci block supports:

gcpServiceAccountEmail - (Optional) The GCP Service Account Email used for auth when secret_type is gcpserviceaccount.
policyDir - (Optional) The absolute path of the directory that contains the local resources. Default: the root directory of the image.
secretType - (Optional) Type of secret configured for access to the OCI Image. Must be one of gcenode, gcpserviceaccount or none.
syncRepo - (Optional) The OCI image repository URL for the package to sync from. e.g. LOCATION-docker.pkg.dev/PROJECT_ID/REPOSITORY_NAME/PACKAGE_NAME.
syncWaitSecs - (Optional) Period in seconds(int64 format) between consecutive syncs. Default: 15.

The hierarchyController block supports:

enableHierarchicalResourceQuota - (Optional) Whether hierarchical resource quota is enabled in this cluster.
enablePodTreeLabels - (Optional) Whether pod tree labels are enabled in this cluster.
enabled - (Optional) Whether Hierarchy Controller is enabled in this cluster.

The policyController block supports:

auditIntervalSeconds - (Optional) Sets the interval for Policy Controller Audit Scans (in seconds). When set to 0, this disables audit functionality altogether.
enabled - (Optional) Enables the installation of Policy Controller. If false, the rest of PolicyController fields take no effect.
exemptableNamespaces - (Optional) The set of namespaces that are excluded from Policy Controller checks. Namespaces do not need to currently exist on the cluster.
logDeniesEnabled - (Optional) Logs all denies and dry run failures.
referentialRulesEnabled - (Optional) Enables the ability to use Constraint Templates that reference to objects other than the object currently being evaluated.
templateLibraryInstalled - (Optional) Installs the default template library along with Policy Controller.
mutationEnabled - (Optional) Enables mutation in policy controller. If true, mutation CRDs, webhook, and controller deployment will be deployed to the cluster.
monitoring - (Optional) Specifies the backends Policy Controller should export metrics to. For example, to specify metrics should be exported to Cloud Monitoring and Prometheus, specify backends: ["cloudmonitoring", "prometheus"]. Default: ["cloudmonitoring", "prometheus"]

The mesh block supports:

management - (Optional) Whether to automatically manage Service Mesh. Can either be managementAutomatic or managementManual.

Attributes Reference

In addition to the arguments listed above, the following computed attributes are exported:

id - an identifier for the resource with format projects/{{project}}/locations/{{location}}/features/{{feature}}/membershipId/{{membership}}

Timeouts

This resource provides the following Timeouts configuration options: configuration options:

create - Default is 20 minutes.
update - Default is 20 minutes.
delete - Default is 20 minutes.

Import

FeatureMembership can be imported using any of these accepted formats:

$ terraform import google_gke_hub_feature_membership.default projects/{{project}}/locations/{{location}}/features/{{feature}}/membershipId/{{membership}}
$ terraform import google_gke_hub_feature_membership.default {{project}}/{{location}}/{{feature}}/{{membership}}
$ terraform import google_gke_hub_feature_membership.default {{location}}/{{feature}}/{{membership}}