Package-level declarations
Types
Anthos Observability: Spec
Anthosobservability: Per-Membership Feature spec.
Spec for App Dev Experience Feature.
State for App Dev Exp Feature.
ApplianceCluster contains information specific to GDC Edge Appliance Clusters.
Specifies the audit configuration for a service. The configuration determines which permission types are logged, and what identities, if any, are exempted from logging. An AuditConfig must have one or more AuditLogConfigs. If there are AuditConfigs for both allServices
and a specific service, the union of the two AuditConfigs is used for that service: the log_types specified in each AuditConfig are enabled, and the exempted_members in each AuditLogConfig are exempted. Example Policy with multiple AuditConfigs: { "audit_configs": [ { "service": "allServices", "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": "user:jose@example.com" }, { "log_type": "DATA_WRITE" }, { "log_type": "ADMIN_READ" } ] }, { "service": "sampleservice.googleapis.com", "audit_log_configs": [ { "log_type": "DATA_READ" }, { "log_type": "DATA_WRITE", "exempted_members": "user:aliya@example.com" } ] } ] } For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ logging. It also exempts jose@example.com
from DATA_READ logging, and aliya@example.com
from DATA_WRITE logging.
Provides the configuration for logging a type of permissions. Example: { "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": "user:jose@example.com" }, { "log_type": "DATA_WRITE" } ] } This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting jose@example.com from DATA_READ logging.
Authority encodes how Google will recognize identities from this Membership. See the workload identity documentation for more details: https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity
Associates members
, or principals, with a role
.
Cloud Audit Logging: Spec for Audit Logging Allowlisting.
CommonFeatureSpec contains Hub-wide configuration information
CommonFeatureState contains Hub-wide Feature status information.
CommonFleetDefaultMemberConfigSpec contains default configuration information for memberships of a fleet
EdgeCluster contains information specific to Google Edge Clusters.
Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information.
FeatureResourceState describes the state of a Feature resource in the GkeHub API. See FeatureState
for the "running state" of the Feature in the Hub and across Memberships.
Workload Certificate: The Hub-wide input for the WorkloadCertificate feature.
FeatureState describes the high-level state of a Feature. It may be used to describe a Feature's state at the environ-level, or per-membershop, depending on the context.
FleetLifecycleState describes the state of a Fleet resource.
Fleet Observability: The Hub-wide input for the FleetObservability feature.
FleetObservability: An empty state left as an example Hub-wide Feature state.
LoggingConfig defines the configuration for different types of logs.
RoutingConfig configures the behaviour of fleet logging feature.
GkeCluster contains information specific to GKE clusters.
Configuration of an auth method for a member/cluster. Only one authentication method (e.g., OIDC and LDAP) can be set per AuthMethod.
Configuration for the Google Plugin Auth flow.
Anthos Identity Service: Configuration for a single Membership.
Configuration for OIDC Auth flow.
KubernetesResource contains the YAML manifests and configuration for Membership Kubernetes resources in the cluster. After CreateMembership or UpdateMembership, these resources should be re-applied in the cluster.
MembershipBindingLifecycleState describes the state of a Binding resource.
MembershipEndpoint contains information needed to contact a Kubernetes API, endpoint and any additional Kubernetes metadata.
Workload Certificate: The membership-specific input for WorkloadCertificate feature.
MembershipState describes the state of a Membership resource.
This field informs Fleet-based applications/services/UIs with the necessary information for where each underlying Cluster reports its metrics.
MultiCloudCluster contains information specific to GKE Multi-Cloud clusters.
Multi-cluster Ingress: The configuration for the MultiClusterIngress feature.
NamespaceLifecycleState describes the state of a Namespace resource.
OnPremCluster contains information specific to GKE On-Prem clusters.
RBACRoleBindingLifecycleState describes the state of a RbacRoleBinding resource.
ResourceManifest represents a single Kubernetes resource to be applied to the cluster.
ResourceOptions represent options for Kubernetes resource generation.
Role is the type for Kubernetes roles
ScopeLifecycleState describes the state of a Scope resource.
AnalysisMessageBase describes some common information that is needed for all messages.
AnalysisMessage is a single message produced by an analyzer, and it used to communicate to the end user about the state of their Service Mesh configuration.
Service Mesh: State for the whole Hub, as analyzed by the Service Mesh Hub Controller.
A unique identifier for the type of message. Display_name is intended to be human-readable, code is intended to be machine readable. There should be a one-to-one mapping between display_name and code. (i.e. do not re-use display_names or codes between message types.) See istio.analysis.v1alpha1.AnalysisMessageBase.Type
Status specifies state for the subcomponent.