Google GKEHub Feature Membership
This page shows how to write Terraform for GKEHub Feature Membership and write them securely.
google_gke_hub_feature_membership (Terraform)
The Feature Membership in GKEHub can be configured in Terraform with the resource name google_gke_hub_feature_membership
. The following sections describe 3 examples of how to use the resource and its parameters.
Example Usage from GitHub
resource "google_gke_hub_feature_membership" "feature_member" {
provider = google-beta
location = "global"
feature = "configmanagement"
project = var.project
membership = var.gke_name
resource "google_gke_hub_feature_membership" "feature_member" {
provider = google-beta
location = "global"
feature = "configmanagement"
membership = google_gke_hub_membership.membership.membership_id
configmanagement {
resource "google_gke_hub_feature_membership" "feature_member" {
provider = google-beta
location = "global"
feature = "configmanagement"
membership = google_gke_hub_membership.membership.membership_id
configmanagement {
Parameters
The following arguments are supported:
configmanagement
- (Optional) Config Management-specific spec. Structure is documented below.feature
- (Optional) The name of the featurelocation
- (Optional) The location of the featuremembership
- (Optional) The name of the membershipproject
- (Optional) The project of the feature
The configmanagement
block supports:
binauthz
- (Optional) Binauthz configuration for the cluster. Structure is documented below.config_sync
- (Optional) Config Sync configuration for the cluster. Structure is documented below.hierarchy_controller
- (Optional) Hierarchy Controller configuration for the cluster. Structure is documented below.policy_controller
- (Optional) Policy Controller configuration for the cluster. Structure is documented below.version
- (Optional) Version of ACM installed.
The binauthz
block supports:
enabled
- (Optional) Whether binauthz is enabled in this cluster.
The config_sync
block supports:
git
- (Optional) Structure is documented below.source_format
- (Optional) Specifies whether the Config Sync Repo is in "hierarchical" or "unstructured" mode.
The git
block supports:
https_proxy
- (Optional) URL for the HTTPS proxy to be used when communicating with the Git repo.policy_dir
- (Optional) The path within the Git repository that represents the top level of the repo to sync. Default: the root directory of the repository.secret_type
- (Optional) Type of secret configured for access to the Git repo.sync_branch
- (Optional) The branch of the repository to sync from. Default: master.sync_repo
- (Optional) The URL of the Git repository to use as the source of truth.sync_rev
- (Optional) Git revision (tag or hash) to check out. Default HEAD.sync_wait_secs
- (Optional) Period in seconds between consecutive syncs. Default: 15.
The hierarchy_controller
block supports:
enable_hierarchical_resource_quota
- (Optional) Whether hierarchical resource quota is enabled in this cluster.enable_pod_tree_labels
- (Optional) Whether pod tree labels are enabled in this cluster.enabled
- (Optional) Whether Hierarchy Controller is enabled in this cluster.
The policy_controller
block supports:
audit_interval_seconds
- (Optional) Sets the interval for Policy Controller Audit Scans (in seconds). When set to 0, this disables audit functionality altogether.enabled
- (Optional) Enables the installation of Policy Controller. If false, the rest of PolicyController fields take no effect.exemptable_namespaces
- (Optional) The set of namespaces that are excluded from Policy Controller checks. Namespaces do not need to currently exist on the cluster.log_denies_enabled
- (Optional) Logs all denies and dry run failures.referential_rules_enabled
- (Optional) Enables the ability to use Constraint Templates that reference to objects other than the object currently being evaluated.template_library_installed
- (Optional) Installs the default template library along with Policy Controller.
In addition to the arguments listed above, the following computed attributes are exported:
id
- an identifier for the resource with formatprojects/[[project]]/locations/[[location]]/features/[[feature]]/membershipId/[[membership]]
Explanation in Terraform Registry
Contains information about a GKEHub Feature Memberships. Feature Memberships configure GKEHub Features that apply to specific memberships rather than the project as a whole. This currently only supports the Config Management feature. The google_gke_hub is the Fleet API.
Warning: This resource is in beta, and should be used with the terraform-provider-google-beta provider. See Provider Versions for more details on beta resources.
Frequently asked questions
What is Google GKEHub Feature Membership?
Google GKEHub Feature Membership is a resource for GKEHub of Google Cloud Platform. Settings can be wrote in Terraform.
Where can I find the example code for the Google GKEHub Feature Membership?
For Terraform, the ejmadkins/config-sync-kcc-policy-demo, hyperionian/terraform-cloudbuild-configsync and hyperionian/config-sync-gke source code examples are useful. See the Terraform Example section for further details.