{ "description": "ContainerAttachedCluster is the Schema for the ContainerAttachedCluster API", "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { "description": "ContainerAttachedClusterSpec defines the desired state of ContainerAttachedCluster", "properties": { "annotations": { "additionalProperties": { "type": "string" }, "description": "Optional. Annotations on the cluster.\n\n This field has the same restrictions as Kubernetes annotations.\n The total size of all keys and values combined is limited to 256k.\n Key can have 2 segments: prefix (optional) and name (required),\n separated by a slash (/).\n Prefix must be a DNS subdomain.\n Name must be 63 characters or less, begin and end with alphanumerics,\n with dashes (-), underscores (_), dots (.), and alphanumerics between.", "type": "object" }, "authorization": { "description": "Optional. Configuration related to the cluster RBAC settings.", "properties": { "adminUsers": { "description": "Optional. Users that can perform operations as a cluster admin. A managed\n ClusterRoleBinding will be created to grant the `cluster-admin` ClusterRole\n to the users. Up to ten admin users can be provided.\n\n For more info on RBAC, see\n https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles", "items": { "type": "string" }, "type": "array" } }, "type": "object", "additionalProperties": false }, "binaryAuthorization": { "description": "Optional. Binary Authorization configuration for this cluster.", "properties": { "evaluationMode": { "description": "Mode of operation for binauthz policy evaluation. If unspecified, defaults to DISABLED. Possible values: [\"DISABLED\", \"PROJECT_SINGLETON_POLICY_ENFORCE\"].", "type": "string" } }, "type": "object", "additionalProperties": false }, "deletionPolicy": { "description": "Optional. Policy to determine what flags to send on delete.", "type": "string" }, "description": { "description": "Optional. A human readable description of this Attached cluster. Cannot be longer than 255 UTF-8 encoded bytes.", "type": "string" }, "distribution": { "description": "Immutable. The Kubernetes distribution of the underlying attached cluster.\n\n Supported values: [\"eks\", \"aks\", \"generic\"].", "type": "string", "x-kubernetes-validations": [ { "message": "Distribution field is immutable", "rule": "self == oldSelf" } ] }, "fleet": { "description": "Required. Fleet configuration.", "properties": { "membership": { "description": "Output only. The name of the managed Hub Membership resource associated to\n this cluster.\n\n Membership names are formatted as\n `projects//locations/global/membership/`.", "type": "string" }, "projectRef": { "description": "The id of the Fleet host project where this cluster will be registered.", "oneOf": [ { "not": { "required": [ "external" ] }, "required": [ "name" ] }, { "not": { "anyOf": [ { "required": [ "name" ] }, { "required": [ "namespace" ] } ] }, "required": [ "external" ] } ], "properties": { "external": { "description": "The project of the fleet. Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`).", "type": "string" }, "name": { "description": "Name of the project resource. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "namespace": { "description": "Namespace of the project resource. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", "type": "string" } }, "type": "object", "additionalProperties": false } }, "required": [ "projectRef" ], "type": "object", "additionalProperties": false }, "location": { "description": "Immutable. The location for the resource.", "type": "string", "x-kubernetes-validations": [ { "message": "Location field is immutable", "rule": "self == oldSelf" } ] }, "loggingConfig": { "description": "Optional. Logging configuration for this cluster.", "properties": { "componentConfig": { "description": "The configuration of the logging components;", "properties": { "enableComponents": { "description": "The components to be enabled. Possible values: [\"SYSTEM_COMPONENTS\", \"WORKLOADS\"].", "items": { "type": "string" }, "type": "array" } }, "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false }, "monitoringConfig": { "description": "Optional. Monitoring configuration for this cluster.", "properties": { "managedPrometheusConfig": { "description": "Enable Google Cloud Managed Service for Prometheus in the cluster.", "properties": { "enabled": { "description": "Enable Managed Collection.", "type": "boolean" } }, "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false }, "oidcConfig": { "description": "Required. OpenID Connect (OIDC) discovery information of the target cluster.\n\nKubernetes Service Account (KSA) tokens are JWT tokens signed by the cluster\nAPI server. This field indicates how GCP services\tvalidate KSA tokens in order\nto allow system workloads (such as GKE Connect and telemetry agents) to\nauthenticate back to GCP.\n\nBoth clusters with public and private issuer URLs are supported.\nClusters with public issuers only need to specify the 'issuerUrl' field\nwhile clusters with private issuers need to provide both 'issuerUrl' and 'jwks'.", "properties": { "issuerUrl": { "description": "Immutable. A JSON Web Token (JWT) issuer URI. `issuer` must start with `https://`.", "type": "string", "x-kubernetes-validations": [ { "message": "IssuerURL field is immutable", "rule": "self == oldSelf" } ] }, "jwks": { "description": "Immutable, Optional. OIDC verification keys in JWKS format (RFC 7517).\n It contains a list of OIDC verification keys that can be used to verify\n OIDC JWTs.\n\n This field is required for cluster that doesn't have a publicly available\n discovery endpoint. When provided, it will be directly used\n to verify the OIDC JWT asserted by the IDP.", "format": "byte", "type": "string", "x-kubernetes-validations": [ { "message": "Jwks field is immutable", "rule": "self == oldSelf" } ] } }, "required": [ "issuerUrl" ], "type": "object", "x-kubernetes-validations": [ { "message": "OidcConfig field is immutable", "rule": "self == oldSelf" } ], "additionalProperties": false }, "platformVersion": { "description": "Required. The platform version for the cluster (e.g. `1.30.0-gke.1`).", "type": "string" }, "projectRef": { "description": "The ID of the project in which the resource belongs.", "oneOf": [ { "not": { "required": [ "external" ] }, "required": [ "name" ] }, { "not": { "anyOf": [ { "required": [ "name" ] }, { "required": [ "namespace" ] } ] }, "required": [ "external" ] } ], "properties": { "external": { "description": "The `projectID` field of a project, when not managed by Config Connector.", "type": "string" }, "kind": { "description": "The kind of the Project resource; optional but must be `Project` if provided.", "type": "string" }, "name": { "description": "The `name` field of a `Project` resource.", "type": "string" }, "namespace": { "description": "The `namespace` field of a `Project` resource.", "type": "string" } }, "type": "object", "additionalProperties": false }, "resourceID": { "description": "Optional. The ContainerAttachedCluster name. If not given, the metadata.name will be used.", "type": "string" } }, "required": [ "distribution", "fleet", "location", "oidcConfig", "platformVersion", "projectRef" ], "type": "object", "additionalProperties": false }, "status": { "description": "ContainerAttachedClusterStatus defines the config connector machine state of ContainerAttachedCluster", "properties": { "clusterRegion": { "description": "The region where this cluster runs.\n\n For EKS clusters, this is an AWS region. For AKS clusters,\n this is an Azure region.", "type": "string" }, "conditions": { "description": "Conditions represent the latest available observations of the object's current state.", "items": { "properties": { "lastTransitionTime": { "description": "Last time the condition transitioned from one status to another.", "type": "string" }, "message": { "description": "Human-readable message indicating details about last transition.", "type": "string" }, "reason": { "description": "Unique, one-word, CamelCase reason for the condition's last transition.", "type": "string" }, "status": { "description": "Status is the status of the condition. Can be True, False, Unknown.", "type": "string" }, "type": { "description": "Type is the type of the condition.", "type": "string" } }, "type": "object", "additionalProperties": false }, "type": "array" }, "createTime": { "description": "The time at which this cluster was registered.", "type": "string" }, "errors": { "description": "A set of errors found in the cluster.", "items": { "properties": { "message": { "description": "Human-friendly description of the error.", "type": "string" } }, "type": "object", "additionalProperties": false }, "type": "array" }, "kubernetesVersion": { "description": "The Kubernetes version of the cluster.", "type": "string" }, "observedGeneration": { "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", "format": "int64", "type": "integer" }, "observedState": { "description": "ObservedState is the state of the resource as most recently observed in GCP.", "properties": { "fleetMembership": { "description": "Output only. The name of the managed Hub Membership resource associated to\n this cluster.\n\n Membership names are formatted as\n `projects//locations/global/membership/`.\n This field mirrors the Spec.Fleet.Membership field.", "type": "string" } }, "type": "object", "additionalProperties": false }, "reconciling": { "description": "If set, there are currently changes in flight to the cluster.", "type": "boolean" }, "state": { "description": "The current state of the cluster. Possible values:\tSTATE_UNSPECIFIED, PROVISIONING, RUNNING, RECONCILING, STOPPING, ERROR,\tDEGRADED.", "type": "string" }, "uid": { "description": "A globally unique identifier for the cluster.", "type": "string" }, "updateTime": { "description": "The time at which this cluster was last updated.", "type": "string" }, "workloadIdentityConfig": { "description": "Workload Identity settings.", "items": { "properties": { "identityProvider": { "description": "The ID of the OIDC Identity Provider (IdP) associated to the Workload Identity Pool.", "type": "string" }, "issuerUri": { "description": "The OIDC issuer URL for this cluster.", "type": "string" }, "workloadPool": { "description": "The Workload Identity Pool associated to the cluster.", "type": "string" } }, "type": "object", "additionalProperties": false }, "type": "array" } }, "type": "object", "additionalProperties": false } }, "required": [ "spec" ], "type": "object" }