Google GKEHub Membership

This page shows how to write Terraform for GKEHub Membership and write them securely.

google_gke_hub_membership (Terraform)

The Membership in GKEHub can be configured in Terraform with the resource name google_gke_hub_membership. The following sections describe 1 example of how to use the resource and its parameters.

Example Usage from GitHub

main.tf#L20
resource "google_gke_hub_membership" "membership" {
  provider      = google-beta
  membership_id = var.membership_id
  endpoint {
    gke_cluster {
      resource_link = var.resource_link

Parameters

The following arguments are supported:

  • membership_id - (Required) The client-provided identifier of the membership.

  • description - (Optional, Beta) The name of this entity type to be displayed on the console. This field is unavailable in v1 of the API.

  • labels - (Optional) Labels to apply to this membership.

  • endpoint - (Optional) If this Membership is a Kubernetes API server hosted on GKE, this is a self link to its GCP resource. Structure is documented below.

  • authority - (Optional) Authority encodes how Google will recognize identities from this Membership. See the workload identity documentation for more details: https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity Structure is documented below.

  • project - (Optional) The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

The endpoint block supports:

  • gke_cluster - (Optional) If this Membership is a Kubernetes API server hosted on GKE, this is a self link to its GCP resource. Structure is documented below.

The gke_cluster block supports:

  • resource_link - (Required) Self-link of the GCP resource for the GKE cluster. For example: //container.googleapis.com/projects/my-project/zones/us-west1-a/clusters/my-cluster. It can be at the most 1000 characters in length. If the cluster is provisioned with Terraform, this can be "//container.googleapis.com/$[google_container_cluster.my-cluster.id]" or google_container_cluster.my-cluster.id.

The authority block supports:

  • issuer - (Required) A JSON Web Token (JWT) issuer URI. issuer must start with https:// and // be a valid with length <2000 characters. For example: https://container.googleapis.com/v1/projects/my-project/locations/us-west1/clusters/my-cluster (must be locations rather than zones). If the cluster is provisioned with Terraform, this is "https://container.googleapis.com/v1/$[google_container_cluster.my-cluster.id]".

In addition to the arguments listed above, the following computed attributes are exported:

  • id - an identifier for the resource with format [[name]]

  • name - The unique identifier of the membership.

Explanation in Terraform Registry

Membership contains information about a member cluster. To get more information about Membership, see:

Frequently asked questions

What is Google GKEHub Membership?

Google GKEHub Membership is a resource for GKEHub of Google Cloud Platform. Settings can be wrote in Terraform.

Where can I find the example code for the Google GKEHub Membership?

For Terraform, the hyperionian/terraform-cloudbuild-configsync source code example is useful. See the Terraform Example section for further details.

security-icon

Scan your IaC problem in 3 minutes for free

You can keep your IaC security for free. No credit card required.