Google GKEHub Membership
This page shows how to write Terraform for GKEHub Membership and write them securely.
google_gke_hub_membership (Terraform)
The Membership in GKEHub can be configured in Terraform with the resource name google_gke_hub_membership
. The following sections describe 1 example of how to use the resource and its parameters.
Example Usage from GitHub
resource "google_gke_hub_membership" "membership" {
provider = google-beta
membership_id = var.membership_id
endpoint {
gke_cluster {
resource_link = var.resource_link
Parameters
The following arguments are supported:
membership_id
- (Required) The client-provided identifier of the membership.
description
- (Optional, Beta) The name of this entity type to be displayed on the console. This field is unavailable in v1 of the API.labels
- (Optional) Labels to apply to this membership.endpoint
- (Optional) If this Membership is a Kubernetes API server hosted on GKE, this is a self link to its GCP resource. Structure is documented below.authority
- (Optional) Authority encodes how Google will recognize identities from this Membership. See the workload identity documentation for more details: https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity Structure is documented below.project
- (Optional) The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
The endpoint
block supports:
gke_cluster
- (Optional) If this Membership is a Kubernetes API server hosted on GKE, this is a self link to its GCP resource. Structure is documented below.
The gke_cluster
block supports:
resource_link
- (Required) Self-link of the GCP resource for the GKE cluster. For example://container.googleapis.com/projects/my-project/zones/us-west1-a/clusters/my-cluster
. It can be at the most 1000 characters in length. If the cluster is provisioned with Terraform, this can be"//container.googleapis.com/$[google_container_cluster.my-cluster.id]"
orgoogle_container_cluster.my-cluster.id
.
The authority
block supports:
issuer
- (Required) A JSON Web Token (JWT) issuer URI.issuer
must start withhttps://
and // be a valid with length <2000 characters. For example:https://container.googleapis.com/v1/projects/my-project/locations/us-west1/clusters/my-cluster
(must belocations
rather thanzones
). If the cluster is provisioned with Terraform, this is"https://container.googleapis.com/v1/$[google_container_cluster.my-cluster.id]"
.
In addition to the arguments listed above, the following computed attributes are exported:
id
- an identifier for the resource with format[[name]]
name
- The unique identifier of the membership.
Explanation in Terraform Registry
Membership contains information about a member cluster. To get more information about Membership, see:
- API documentation
- How-to Guides
Frequently asked questions
What is Google GKEHub Membership?
Google GKEHub Membership is a resource for GKEHub of Google Cloud Platform. Settings can be wrote in Terraform.
Where can I find the example code for the Google GKEHub Membership?
For Terraform, the hyperionian/terraform-cloudbuild-configsync source code example is useful. See the Terraform Example section for further details.