Skip to content

googleGkeHubMembership

Membership contains information about a member cluster.

To get more information about Membership, see:

Open in Cloud Shell

Example Usage - Gkehub Membership Basic

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as google from "./.gen/providers/google";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: google.
For a more precise conversion please use the --provider flag in convert.*/
const googleContainerClusterPrimary =
  new google.containerCluster.ContainerCluster(this, "primary", {
    initial_node_count: 1,
    location: "us-central1-a",
    name: "basiccluster",
  });
new google.gkeHubMembership.GkeHubMembership(this, "membership", {
  endpoint: [
    {
      gke_cluster: [
        {
          resource_link: `//container.googleapis.com/\${${googleContainerClusterPrimary.id}}`,
        },
      ],
    },
  ],
  membership_id: "basic",
});

Example Usage - Gkehub Membership Issuer

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as google from "./.gen/providers/google";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: google.
For a more precise conversion please use the --provider flag in convert.*/
const googleContainerClusterPrimary =
  new google.containerCluster.ContainerCluster(this, "primary", {
    initial_node_count: 1,
    location: "us-central1-a",
    name: "basiccluster",
    workload_identity_config: [
      {
        workload_pool: "my-project-name.svc.id.goog",
      },
    ],
  });
new google.gkeHubMembership.GkeHubMembership(this, "membership", {
  authority: [
    {
      issuer: `https://container.googleapis.com/v1/\${${googleContainerClusterPrimary.id}}`,
    },
  ],
  endpoint: [
    {
      gke_cluster: [
        {
          resource_link: googleContainerClusterPrimary.id,
        },
      ],
    },
  ],
  membership_id: "basic",
});

Argument Reference

The following arguments are supported:

  • membershipId - (Required) The client-provided identifier of the membership.

  • description - (Optional, Beta) The name of this entity type to be displayed on the console. This field is unavailable in v1 of the API.

  • labels - (Optional) Labels to apply to this membership.

  • endpoint - (Optional) If this Membership is a Kubernetes API server hosted on GKE, this is a self link to its GCP resource. Structure is documented below.

  • authority - (Optional) Authority encodes how Google will recognize identities from this Membership. See the workload identity documentation for more details: https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity Structure is documented below.

  • project - (Optional) The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

The endpoint block supports:

  • gkeCluster - (Optional) If this Membership is a Kubernetes API server hosted on GKE, this is a self link to its GCP resource. Structure is documented below.

The gkeCluster block supports:

  • resourceLink - (Required) Self-link of the GCP resource for the GKE cluster. For example: //containerGoogleapisCom/projects/myProject/zones/usWest1A/clusters/myCluster. It can be at the most 1000 characters in length. If the cluster is provisioned with Terraform, this can be "//containerGoogleapisCom/${googleContainerClusterMyClusterId}" or googleContainerClusterMyClusterId.

The authority block supports:

  • issuer - (Required) A JSON Web Token (JWT) issuer URI. issuer must start with https:// and // be a valid with length <2000 characters. For example: https://containerGoogleapisCom/v1/projects/myProject/locations/usWest1/clusters/myCluster (must be locations rather than zones). If the cluster is provisioned with Terraform, this is "https://containerGoogleapisCom/v1/${googleContainerClusterMyClusterId}".

Attributes Reference

In addition to the arguments listed above, the following computed attributes are exported:

  • id - an identifier for the resource with format projects/{{project}}/locations/global/memberships/{{membershipId}}

  • name - The unique identifier of the membership.

Timeouts

This resource provides the following Timeouts configuration options:

  • create - Default is 20 minutes.
  • update - Default is 20 minutes.
  • delete - Default is 20 minutes.

Import

Membership can be imported using any of these accepted formats:

$ terraform import google_gke_hub_membership.default projects/{{project}}/locations/global/memberships/{{membership_id}}
$ terraform import google_gke_hub_membership.default {{project}}/{{membership_id}}
$ terraform import google_gke_hub_membership.default {{membership_id}}

User Project Overrides

This resource supports User Project Overrides.