diff --git a/apis/containerattached/v1beta1/containerattachedcluster_types.go b/apis/containerattached/v1beta1/containerattachedcluster_types.go new file mode 100644 index 0000000000..605560afe9 --- /dev/null +++ b/apis/containerattached/v1beta1/containerattachedcluster_types.go @@ -0,0 +1,197 @@ +// Copyright 2024 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package v1beta1 + +import ( + refs "github.com/GoogleCloudPlatform/k8s-config-connector/apis/refs/v1beta1" + "github.com/GoogleCloudPlatform/k8s-config-connector/pkg/apis/k8s/v1alpha1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +var ContainerAttachedClusterGVK = GroupVersion.WithKind("ContainerAttachedCluster") + +// ContainerAttachedClusterSpec defines the desired state of ContainerAttachedCluster +// +kcc:proto=google.cloud.gkemulticloud.v1.AttachedCluster +type ContainerAttachedClusterSpec struct { + /* The ID of the project in which the resource belongs. If it is not provided, the provider project is used. */ + // +optional + ProjectRef *refs.ProjectRef `json:"projectRef,omitempty"` + + // +kubebuilder:validation:XValidation:rule="self == oldSelf",message="ResourceID field is immutable" + // Immutable, Optional. + // The ContainerAttachedCluster name. If not given, the metadata.name will be used. + ResourceID *string `json:"resourceID,omitempty"` + + // +kubebuilder:validation:XValidation:rule="self == oldSelf",message="Location field is immutable" + // Immutable. The location for the resource. + Location string `json:"location"` + + // Optional. A human readable description of this Attached cluster. + // Cannot be longer than 255 UTF-8 encoded bytes. + Description *string `json:"description,omitempty"` + + // +kubebuilder:validation:XValidation:rule="self == oldSelf",message="OidcConfig field is immutable" + /* Required. OpenID Connect (OIDC) discovery information of the target cluster. + + Kubernetes Service Account (KSA) tokens are JWT tokens signed by the cluster + API server. This field indicates how GCP services validate KSA tokens in order + to allow system workloads (such as GKE Connect and telemetry agents) to + authenticate back to GCP. + + Both clusters with public and private issuer URLs are supported. + Clusters with public issuers only need to specify the 'issuerUrl' field + while clusters with private issuers need to provide both 'issuerUrl' and 'jwks'. + */ + OidcConfig AttachedOidcConfig `json:"oidcConfig"` + + // Required. The platform version for the cluster (e.g. `1.30.0-gke.1`). + PlatformVersion string `json:"platformVersion"` + + // +kubebuilder:validation:XValidation:rule="self == oldSelf",message="Distribution field is immutable" + // Immutable. The Kubernetes distribution of the underlying attached cluster. + // + // Supported values: ["eks", "aks", "generic"]. + Distribution string `json:"distribution"` + + // Required. Fleet configuration. + Fleet Fleet `json:"fleet"` + + /*NOTYET + // Allows clients to perform consistent read-modify-writes + // through optimistic concurrency control. + // + // Can be sent on update and delete requests to ensure the + // client has an up-to-date value before proceeding. + Etag *string `json:"etag,omitempty"` + */ + + // Optional. Annotations on the cluster. + // + // This field has the same restrictions as Kubernetes annotations. + // The total size of all keys and values combined is limited to 256k. + // Key can have 2 segments: prefix (optional) and name (required), + // separated by a slash (/). + // Prefix must be a DNS subdomain. + // Name must be 63 characters or less, begin and end with alphanumerics, + // with dashes (-), underscores (_), dots (.), and alphanumerics between. + Annotations map[string]string `json:"annotations,omitempty"` + + // Optional. Logging configuration for this cluster. + LoggingConfig *LoggingConfig `json:"loggingConfig,omitempty"` + + // Optional. Configuration related to the cluster RBAC settings. + Authorization *AttachedClustersAuthorization `json:"authorization,omitempty"` + + // Optional. Monitoring configuration for this cluster. + MonitoringConfig *MonitoringConfig `json:"monitoringConfig,omitempty"` + + /*NOTYET + // Optional. Proxy configuration for outbound HTTP(S) traffic. + ProxyConfig *AttachedProxyConfig `json:"proxyConfig,omitempty"` + */ + + // Optional. Binary Authorization configuration for this cluster. + BinaryAuthorization *BinaryAuthorization `json:"binaryAuthorization,omitempty"` + + // Optional. Policy to determine what flags to send on delete. + DeletionPolicy *string `json:"deletionPolicy,omitempty"` +} + +// ContainerAttachedClusterStatus defines the config connector machine state of ContainerAttachedCluster +type ContainerAttachedClusterStatus struct { + /* Conditions represent the latest available observations of the + object's current state. */ + Conditions []v1alpha1.Condition `json:"conditions,omitempty"` + + // ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. + ObservedGeneration *int64 `json:"observedGeneration,omitempty"` + + // A globally unique identifier for the cluster. + Uid *string `json:"uid,omitempty"` + + // The region where this cluster runs. + // + // For EKS clusters, this is an AWS region. For AKS clusters, + // this is an Azure region. + ClusterRegion *string `json:"clusterRegion,omitempty"` + + // The Kubernetes version of the cluster. + KubernetesVersion *string `json:"kubernetesVersion,omitempty"` + + // Workload Identity settings. + WorkloadIdentityConfig []WorkloadIdentityConfig `json:"workloadIdentityConfig,omitempty"` + + // The time at which this cluster was registered. + CreateTime *string `json:"createTime,omitempty"` + + // The time at which this cluster was last updated. + UpdateTime *string `json:"updateTime,omitempty"` + + // If set, there are currently changes in flight to the cluster. + Reconciling *bool `json:"reconciling,omitempty"` + + /* The current state of the cluster. + Possible values: STATE_UNSPECIFIED, PROVISIONING, RUNNING, RECONCILING, STOPPING, ERROR, DEGRADED. */ + State *string `json:"state,omitempty"` + + // A set of errors found in the cluster. + Errors []AttachedClusterError `json:"errors,omitempty"` + + // ObservedState is the state of the resource as most recently observed in GCP. + ObservedState *ContainerAttachedClusterObservedState `json:"observedState,omitempty"` +} + +// ContainerAttachedClusterObservedState is the state of the ContainerAttachedCluster resource as most recently observed in GCP. +type ContainerAttachedClusterObservedState struct { + // Output only. The name of the managed Hub Membership resource associated to + // this cluster. + // + // Membership names are formatted as + // `projects//locations/global/membership/`. + // This field mirrors the Spec.Fleet.Membership field. + FleetMembership *string `json:"fleetMembership,omitempty"` +} + +// +genclient +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// +kubebuilder:resource:categories=gcp,shortName=gcpcontainerattachedcluster;gcpcontainerattachedclusters +// +kubebuilder:subresource:status +// +kubebuilder:metadata:labels="cnrm.cloud.google.com/tf2crd=true";"cnrm.cloud.google.com/managed-by-kcc=true";"cnrm.cloud.google.com/stability-level=stable";"cnrm.cloud.google.com/system=true" +// +kubebuilder:printcolumn:name="Age",JSONPath=".metadata.creationTimestamp",type="date" +// +kubebuilder:printcolumn:name="Ready",JSONPath=".status.conditions[?(@.type=='Ready')].status",type="string",description="When 'True', the most recent reconcile of the resource succeeded" +// +kubebuilder:printcolumn:name="Status",JSONPath=".status.conditions[?(@.type=='Ready')].reason",type="string",description="The reason for the value in 'Ready'" +// +kubebuilder:printcolumn:name="Status Age",JSONPath=".status.conditions[?(@.type=='Ready')].lastTransitionTime",type="date",description="The last transition time for the value in 'Status'" + +// ContainerAttachedCluster is the Schema for the ContainerAttachedCluster API +// +k8s:openapi-gen=true +type ContainerAttachedCluster struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + + Spec ContainerAttachedClusterSpec `json:"spec"` + Status ContainerAttachedClusterStatus `json:"status,omitempty"` +} + +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// ContainerAttachedClusterList contains a list of ContainerAttachedCluster +type ContainerAttachedClusterList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + Items []ContainerAttachedCluster `json:"items"` +} + +func init() { + SchemeBuilder.Register(&ContainerAttachedCluster{}, &ContainerAttachedClusterList{}) +} diff --git a/apis/containerattached/v1beta1/doc.go b/apis/containerattached/v1beta1/doc.go new file mode 100644 index 0000000000..be5c1e8652 --- /dev/null +++ b/apis/containerattached/v1beta1/doc.go @@ -0,0 +1,16 @@ +// Copyright 2024 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// +kcc:proto=google.cloud.gkemulticloud.v1 +package v1beta1 diff --git a/apis/containerattached/v1beta1/groupversion_info.go b/apis/containerattached/v1beta1/groupversion_info.go new file mode 100644 index 0000000000..2be69d2eb2 --- /dev/null +++ b/apis/containerattached/v1beta1/groupversion_info.go @@ -0,0 +1,33 @@ +// Copyright 2024 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// +kubebuilder:object:generate=true +// +groupName=containerattached.cnrm.cloud.google.com +package v1beta1 + +import ( + "k8s.io/apimachinery/pkg/runtime/schema" + "sigs.k8s.io/controller-runtime/pkg/scheme" +) + +var ( + // GroupVersion is group version used to register these objects + GroupVersion = schema.GroupVersion{Group: "containerattached.cnrm.cloud.google.com", Version: "v1beta1"} + + // SchemeBuilder is used to add go types to the GroupVersionKind scheme + SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion} + + // AddToScheme adds the types in this group-version to the given scheme. + AddToScheme = SchemeBuilder.AddToScheme +) diff --git a/apis/containerattached/v1beta1/refs.go b/apis/containerattached/v1beta1/refs.go new file mode 100644 index 0000000000..14d84ba824 --- /dev/null +++ b/apis/containerattached/v1beta1/refs.go @@ -0,0 +1,24 @@ +// Copyright 2024 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package v1beta1 + +type FleetProjectRef struct { + /* The project of the fleet. Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`).*/ + External string `json:"external,omitempty"` + /* Name of the project resource. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names */ + Name string `json:"name,omitempty"` + /* Namespace of the project resource. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ */ + Namespace string `json:"namespace,omitempty"` +} diff --git a/apis/containerattached/v1beta1/types.generated.go b/apis/containerattached/v1beta1/types.generated.go new file mode 100644 index 0000000000..9ec51b756d --- /dev/null +++ b/apis/containerattached/v1beta1/types.generated.go @@ -0,0 +1,134 @@ +// Copyright 2024 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package v1beta1 + +// +kcc:proto=google.cloud.gkemulticloud.v1.AttachedClusterError +type AttachedClusterError struct { + // Human-friendly description of the error. + Message *string `json:"message,omitempty"` +} + +// +kcc:proto=google.cloud.gkemulticloud.v1.AttachedClustersAuthorization +type AttachedClustersAuthorization struct { + // Optional. Users that can perform operations as a cluster admin. A managed + // ClusterRoleBinding will be created to grant the `cluster-admin` ClusterRole + // to the users. Up to ten admin users can be provided. + // + // For more info on RBAC, see + // https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles + AdminUsers []string `json:"adminUsers,omitempty"` + + /*NOTYET + // Optional. Groups of users that can perform operations as a cluster admin. A + // managed ClusterRoleBinding will be created to grant the `cluster-admin` + // ClusterRole to the groups. Up to ten admin groups can be provided. + // + // For more info on RBAC, see + // https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles + AdminGroups []string `json:"adminGroups,omitempty"` + */ +} + +// +kcc:proto=google.cloud.gkemulticloud.v1.AttachedOidcConfig +type AttachedOidcConfig struct { + // +kubebuilder:validation:XValidation:rule="self == oldSelf",message="IssuerURL field is immutable" + // Immutable. A JSON Web Token (JWT) issuer URI. `issuer` must start with `https://`. + IssuerURL string `json:"issuerUrl"` + + // +kubebuilder:validation:XValidation:rule="self == oldSelf",message="Jwks field is immutable" + // Immutable, Optional. OIDC verification keys in JWKS format (RFC 7517). + // It contains a list of OIDC verification keys that can be used to verify + // OIDC JWTs. + // + // This field is required for cluster that doesn't have a publicly available + // discovery endpoint. When provided, it will be directly used + // to verify the OIDC JWT asserted by the IDP. + Jwks []byte `json:"jwks,omitempty"` +} + +// +kcc:proto=google.cloud.gkemulticloud.v1.AttachedProxyConfig +type AttachedProxyConfig struct { + // The Kubernetes Secret resource that contains the HTTP(S) proxy + // configuration. The secret must be a JSON encoded proxy configuration + // as described in + KubernetesSecret KubernetesSecret `json:"kubernetesSecret"` +} + +// +kcc:proto=google.cloud.gkemulticloud.v1.BinaryAuthorization +type BinaryAuthorization struct { + // Mode of operation for binauthz policy evaluation. If unspecified, defaults + // to DISABLED. + // Possible values: ["DISABLED", "PROJECT_SINGLETON_POLICY_ENFORCE"]. + EvaluationMode *string `json:"evaluationMode,omitempty"` +} + +// +kcc:proto=google.cloud.gkemulticloud.v1.Fleet +type Fleet struct { + // The id of the Fleet host project where this cluster will be registered. + ProjectRef FleetProjectRef `json:"projectRef"` + + // Output only. The name of the managed Hub Membership resource associated to + // this cluster. + // + // Membership names are formatted as + // `projects//locations/global/membership/`. + Membership *string `json:"membership,omitempty"` +} + +// +kcc:proto=google.cloud.gkemulticloud.v1.KubernetesSecret +type KubernetesSecret struct { + // Name of the kubernetes secret. + Name string `json:"name"` + + // Namespace in which the kubernetes secret is stored. + Namespace string `json:"namespace"` +} + +// +kcc:proto=google.cloud.gkemulticloud.v1.LoggingComponentConfig +type LoggingComponentConfig struct { + // The components to be enabled. Possible values: ["SYSTEM_COMPONENTS", "WORKLOADS"]. + EnableComponents []string `json:"enableComponents,omitempty"` +} + +// +kcc:proto=google.cloud.gkemulticloud.v1.LoggingConfig +type LoggingConfig struct { + // The configuration of the logging components; + ComponentConfig *LoggingComponentConfig `json:"componentConfig,omitempty"` +} + +// +kcc:proto=google.cloud.gkemulticloud.v1.ManagedPrometheusConfig +type ManagedPrometheusConfig struct { + // Enable Managed Collection. + Enabled *bool `json:"enabled,omitempty"` +} + +// +kcc:proto=google.cloud.gkemulticloud.v1.MonitoringConfig +type MonitoringConfig struct { + // Enable Google Cloud Managed Service for Prometheus in the cluster. + ManagedPrometheusConfig *ManagedPrometheusConfig `json:"managedPrometheusConfig,omitempty"` +} + +// +kcc:proto=google.cloud.gkemulticloud.v1.WorkloadIdentityConfig +type WorkloadIdentityConfig struct { + // The OIDC issuer URL for this cluster. + IssuerUri *string `json:"issuerUri,omitempty"` + + // The Workload Identity Pool associated to the cluster. + WorkloadPool *string `json:"workloadPool,omitempty"` + + // The ID of the OIDC Identity Provider (IdP) associated to the Workload + // Identity Pool. + IdentityProvider *string `json:"identityProvider,omitempty"` +} diff --git a/apis/containerattached/v1beta1/zz_generated.deepcopy.go b/apis/containerattached/v1beta1/zz_generated.deepcopy.go new file mode 100644 index 0000000000..1ea9cabc90 --- /dev/null +++ b/apis/containerattached/v1beta1/zz_generated.deepcopy.go @@ -0,0 +1,504 @@ +//go:build !ignore_autogenerated + +// Copyright 2020 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// Code generated by controller-gen. DO NOT EDIT. + +package v1beta1 + +import ( + refsv1beta1 "github.com/GoogleCloudPlatform/k8s-config-connector/apis/refs/v1beta1" + "github.com/GoogleCloudPlatform/k8s-config-connector/pkg/apis/k8s/v1alpha1" + runtime "k8s.io/apimachinery/pkg/runtime" +) + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AttachedClusterError) DeepCopyInto(out *AttachedClusterError) { + *out = *in + if in.Message != nil { + in, out := &in.Message, &out.Message + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AttachedClusterError. +func (in *AttachedClusterError) DeepCopy() *AttachedClusterError { + if in == nil { + return nil + } + out := new(AttachedClusterError) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AttachedClustersAuthorization) DeepCopyInto(out *AttachedClustersAuthorization) { + *out = *in + if in.AdminUsers != nil { + in, out := &in.AdminUsers, &out.AdminUsers + *out = make([]string, len(*in)) + copy(*out, *in) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AttachedClustersAuthorization. +func (in *AttachedClustersAuthorization) DeepCopy() *AttachedClustersAuthorization { + if in == nil { + return nil + } + out := new(AttachedClustersAuthorization) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AttachedOidcConfig) DeepCopyInto(out *AttachedOidcConfig) { + *out = *in + if in.Jwks != nil { + in, out := &in.Jwks, &out.Jwks + *out = make([]byte, len(*in)) + copy(*out, *in) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AttachedOidcConfig. +func (in *AttachedOidcConfig) DeepCopy() *AttachedOidcConfig { + if in == nil { + return nil + } + out := new(AttachedOidcConfig) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AttachedProxyConfig) DeepCopyInto(out *AttachedProxyConfig) { + *out = *in + out.KubernetesSecret = in.KubernetesSecret +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AttachedProxyConfig. +func (in *AttachedProxyConfig) DeepCopy() *AttachedProxyConfig { + if in == nil { + return nil + } + out := new(AttachedProxyConfig) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *BinaryAuthorization) DeepCopyInto(out *BinaryAuthorization) { + *out = *in + if in.EvaluationMode != nil { + in, out := &in.EvaluationMode, &out.EvaluationMode + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BinaryAuthorization. +func (in *BinaryAuthorization) DeepCopy() *BinaryAuthorization { + if in == nil { + return nil + } + out := new(BinaryAuthorization) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ContainerAttachedCluster) DeepCopyInto(out *ContainerAttachedCluster) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ContainerAttachedCluster. +func (in *ContainerAttachedCluster) DeepCopy() *ContainerAttachedCluster { + if in == nil { + return nil + } + out := new(ContainerAttachedCluster) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *ContainerAttachedCluster) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ContainerAttachedClusterList) DeepCopyInto(out *ContainerAttachedClusterList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]ContainerAttachedCluster, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ContainerAttachedClusterList. +func (in *ContainerAttachedClusterList) DeepCopy() *ContainerAttachedClusterList { + if in == nil { + return nil + } + out := new(ContainerAttachedClusterList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *ContainerAttachedClusterList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ContainerAttachedClusterObservedState) DeepCopyInto(out *ContainerAttachedClusterObservedState) { + *out = *in + if in.FleetMembership != nil { + in, out := &in.FleetMembership, &out.FleetMembership + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ContainerAttachedClusterObservedState. +func (in *ContainerAttachedClusterObservedState) DeepCopy() *ContainerAttachedClusterObservedState { + if in == nil { + return nil + } + out := new(ContainerAttachedClusterObservedState) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ContainerAttachedClusterSpec) DeepCopyInto(out *ContainerAttachedClusterSpec) { + *out = *in + if in.ProjectRef != nil { + in, out := &in.ProjectRef, &out.ProjectRef + *out = new(refsv1beta1.ProjectRef) + **out = **in + } + if in.ResourceID != nil { + in, out := &in.ResourceID, &out.ResourceID + *out = new(string) + **out = **in + } + if in.Description != nil { + in, out := &in.Description, &out.Description + *out = new(string) + **out = **in + } + in.OidcConfig.DeepCopyInto(&out.OidcConfig) + in.Fleet.DeepCopyInto(&out.Fleet) + if in.Annotations != nil { + in, out := &in.Annotations, &out.Annotations + *out = make(map[string]string, len(*in)) + for key, val := range *in { + (*out)[key] = val + } + } + if in.LoggingConfig != nil { + in, out := &in.LoggingConfig, &out.LoggingConfig + *out = new(LoggingConfig) + (*in).DeepCopyInto(*out) + } + if in.Authorization != nil { + in, out := &in.Authorization, &out.Authorization + *out = new(AttachedClustersAuthorization) + (*in).DeepCopyInto(*out) + } + if in.MonitoringConfig != nil { + in, out := &in.MonitoringConfig, &out.MonitoringConfig + *out = new(MonitoringConfig) + (*in).DeepCopyInto(*out) + } + if in.BinaryAuthorization != nil { + in, out := &in.BinaryAuthorization, &out.BinaryAuthorization + *out = new(BinaryAuthorization) + (*in).DeepCopyInto(*out) + } + if in.DeletionPolicy != nil { + in, out := &in.DeletionPolicy, &out.DeletionPolicy + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ContainerAttachedClusterSpec. +func (in *ContainerAttachedClusterSpec) DeepCopy() *ContainerAttachedClusterSpec { + if in == nil { + return nil + } + out := new(ContainerAttachedClusterSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ContainerAttachedClusterStatus) DeepCopyInto(out *ContainerAttachedClusterStatus) { + *out = *in + if in.Conditions != nil { + in, out := &in.Conditions, &out.Conditions + *out = make([]v1alpha1.Condition, len(*in)) + copy(*out, *in) + } + if in.ObservedGeneration != nil { + in, out := &in.ObservedGeneration, &out.ObservedGeneration + *out = new(int64) + **out = **in + } + if in.Uid != nil { + in, out := &in.Uid, &out.Uid + *out = new(string) + **out = **in + } + if in.ClusterRegion != nil { + in, out := &in.ClusterRegion, &out.ClusterRegion + *out = new(string) + **out = **in + } + if in.KubernetesVersion != nil { + in, out := &in.KubernetesVersion, &out.KubernetesVersion + *out = new(string) + **out = **in + } + if in.WorkloadIdentityConfig != nil { + in, out := &in.WorkloadIdentityConfig, &out.WorkloadIdentityConfig + *out = make([]WorkloadIdentityConfig, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.CreateTime != nil { + in, out := &in.CreateTime, &out.CreateTime + *out = new(string) + **out = **in + } + if in.UpdateTime != nil { + in, out := &in.UpdateTime, &out.UpdateTime + *out = new(string) + **out = **in + } + if in.Reconciling != nil { + in, out := &in.Reconciling, &out.Reconciling + *out = new(bool) + **out = **in + } + if in.State != nil { + in, out := &in.State, &out.State + *out = new(string) + **out = **in + } + if in.Errors != nil { + in, out := &in.Errors, &out.Errors + *out = make([]AttachedClusterError, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.ObservedState != nil { + in, out := &in.ObservedState, &out.ObservedState + *out = new(ContainerAttachedClusterObservedState) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ContainerAttachedClusterStatus. +func (in *ContainerAttachedClusterStatus) DeepCopy() *ContainerAttachedClusterStatus { + if in == nil { + return nil + } + out := new(ContainerAttachedClusterStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Fleet) DeepCopyInto(out *Fleet) { + *out = *in + out.ProjectRef = in.ProjectRef + if in.Membership != nil { + in, out := &in.Membership, &out.Membership + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Fleet. +func (in *Fleet) DeepCopy() *Fleet { + if in == nil { + return nil + } + out := new(Fleet) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *FleetProjectRef) DeepCopyInto(out *FleetProjectRef) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FleetProjectRef. +func (in *FleetProjectRef) DeepCopy() *FleetProjectRef { + if in == nil { + return nil + } + out := new(FleetProjectRef) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *KubernetesSecret) DeepCopyInto(out *KubernetesSecret) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubernetesSecret. +func (in *KubernetesSecret) DeepCopy() *KubernetesSecret { + if in == nil { + return nil + } + out := new(KubernetesSecret) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *LoggingComponentConfig) DeepCopyInto(out *LoggingComponentConfig) { + *out = *in + if in.EnableComponents != nil { + in, out := &in.EnableComponents, &out.EnableComponents + *out = make([]string, len(*in)) + copy(*out, *in) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LoggingComponentConfig. +func (in *LoggingComponentConfig) DeepCopy() *LoggingComponentConfig { + if in == nil { + return nil + } + out := new(LoggingComponentConfig) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *LoggingConfig) DeepCopyInto(out *LoggingConfig) { + *out = *in + if in.ComponentConfig != nil { + in, out := &in.ComponentConfig, &out.ComponentConfig + *out = new(LoggingComponentConfig) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LoggingConfig. +func (in *LoggingConfig) DeepCopy() *LoggingConfig { + if in == nil { + return nil + } + out := new(LoggingConfig) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ManagedPrometheusConfig) DeepCopyInto(out *ManagedPrometheusConfig) { + *out = *in + if in.Enabled != nil { + in, out := &in.Enabled, &out.Enabled + *out = new(bool) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagedPrometheusConfig. +func (in *ManagedPrometheusConfig) DeepCopy() *ManagedPrometheusConfig { + if in == nil { + return nil + } + out := new(ManagedPrometheusConfig) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *MonitoringConfig) DeepCopyInto(out *MonitoringConfig) { + *out = *in + if in.ManagedPrometheusConfig != nil { + in, out := &in.ManagedPrometheusConfig, &out.ManagedPrometheusConfig + *out = new(ManagedPrometheusConfig) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MonitoringConfig. +func (in *MonitoringConfig) DeepCopy() *MonitoringConfig { + if in == nil { + return nil + } + out := new(MonitoringConfig) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *WorkloadIdentityConfig) DeepCopyInto(out *WorkloadIdentityConfig) { + *out = *in + if in.IssuerUri != nil { + in, out := &in.IssuerUri, &out.IssuerUri + *out = new(string) + **out = **in + } + if in.WorkloadPool != nil { + in, out := &in.WorkloadPool, &out.WorkloadPool + *out = new(string) + **out = **in + } + if in.IdentityProvider != nil { + in, out := &in.IdentityProvider, &out.IdentityProvider + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WorkloadIdentityConfig. +func (in *WorkloadIdentityConfig) DeepCopy() *WorkloadIdentityConfig { + if in == nil { + return nil + } + out := new(WorkloadIdentityConfig) + in.DeepCopyInto(out) + return out +} diff --git a/config/crds/resources/apiextensions.k8s.io_v1_customresourcedefinition_containerattachedclusters.containerattached.cnrm.cloud.google.com.yaml b/config/crds/resources/apiextensions.k8s.io_v1_customresourcedefinition_containerattachedclusters.containerattached.cnrm.cloud.google.com.yaml index c801e34209..5130451a03 100644 --- a/config/crds/resources/apiextensions.k8s.io_v1_customresourcedefinition_containerattachedclusters.containerattached.cnrm.cloud.google.com.yaml +++ b/config/crds/resources/apiextensions.k8s.io_v1_customresourcedefinition_containerattachedclusters.containerattached.cnrm.cloud.google.com.yaml @@ -16,6 +16,7 @@ spec: categories: - gcp kind: ContainerAttachedCluster + listKind: ContainerAttachedClusterList plural: containerattachedclusters shortNames: - gcpcontainerattachedcluster @@ -43,79 +44,93 @@ spec: name: v1beta1 schema: openAPIV3Schema: + description: ContainerAttachedCluster is the Schema for the ContainerAttachedCluster + API properties: apiVersion: - description: 'apiVersion defines the versioned schema of this representation + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'kind is a string value representing the REST resource this + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: + description: ContainerAttachedClusterSpec defines the desired state of + ContainerAttachedCluster properties: annotations: additionalProperties: type: string description: |- - Optional. Annotations on the cluster. This field has the same - restrictions as Kubernetes annotations. The total size of all keys and - values combined is limited to 256k. Key can have 2 segments: prefix (optional) - and name (required), separated by a slash (/). Prefix must be a DNS subdomain. - Name must be 63 characters or less, begin and end with alphanumerics, - with dashes (-), underscores (_), dots (.), and alphanumerics between. + Optional. Annotations on the cluster. + + This field has the same restrictions as Kubernetes annotations. + The total size of all keys and values combined is limited to 256k. + Key can have 2 segments: prefix (optional) and name (required), + separated by a slash (/). + Prefix must be a DNS subdomain. + Name must be 63 characters or less, begin and end with alphanumerics, + with dashes (-), underscores (_), dots (.), and alphanumerics between. type: object authorization: - description: Configuration related to the cluster RBAC settings. + description: Optional. Configuration related to the cluster RBAC settings. properties: adminUsers: description: |- - Users that can perform operations as a cluster admin. A managed - ClusterRoleBinding will be created to grant the 'cluster-admin' ClusterRole - to the users. Up to ten admin users can be provided. + Optional. Users that can perform operations as a cluster admin. A managed + ClusterRoleBinding will be created to grant the `cluster-admin` ClusterRole + to the users. Up to ten admin users can be provided. - For more info on RBAC, see - https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles. + For more info on RBAC, see + https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles items: type: string type: array type: object binaryAuthorization: - description: Binary Authorization configuration. + description: Optional. Binary Authorization configuration for this + cluster. properties: evaluationMode: - description: 'Configure Binary Authorization evaluation mode. - Possible values: ["DISABLED", "PROJECT_SINGLETON_POLICY_ENFORCE"].' + description: 'Mode of operation for binauthz policy evaluation. + If unspecified, defaults to DISABLED. Possible values: ["DISABLED", + "PROJECT_SINGLETON_POLICY_ENFORCE"].' type: string type: object deletionPolicy: - description: Policy to determine what flags to send on delete. + description: Optional. Policy to determine what flags to send on delete. type: string description: - description: |- - A human readable description of this attached cluster. Cannot be longer - than 255 UTF-8 encoded bytes. + description: Optional. A human readable description of this Attached + cluster. Cannot be longer than 255 UTF-8 encoded bytes. type: string distribution: description: |- - Immutable. The Kubernetes distribution of the underlying attached cluster. Supported values: - "eks", "aks". + Immutable. The Kubernetes distribution of the underlying attached cluster. + + Supported values: ["eks", "aks", "generic"]. type: string + x-kubernetes-validations: + - message: Distribution field is immutable + rule: self == oldSelf fleet: - description: Fleet configuration. + description: Required. Fleet configuration. properties: membership: description: |- - The name of the managed Hub Membership resource associated to this - cluster. Membership names are formatted as - projects//locations/global/membership/. + Output only. The name of the managed Hub Membership resource associated to + this cluster. + + Membership names are formatted as + `projects//locations/global/membership/`. type: string projectRef: - description: The number of the Fleet host project where this cluster + description: The id of the Fleet host project where this cluster will be registered. oneOf: - not: @@ -133,14 +148,16 @@ spec: - external properties: external: - description: 'Allowed value: string of the format `projects/{{value}}`, - where {{value}} is the `number` field of a `Project` resource.' + description: 'The project of the fleet. Allowed value: The + Google Cloud resource name of a `Project` resource (format: + `projects/{{name}}`).' type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: 'Name of the project resource. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + description: 'Namespace of the project resource. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object required: @@ -149,11 +166,14 @@ spec: location: description: Immutable. The location for the resource. type: string + x-kubernetes-validations: + - message: Location field is immutable + rule: self == oldSelf loggingConfig: - description: Logging configuration. + description: Optional. Logging configuration for this cluster. properties: componentConfig: - description: The configuration of the logging components. + description: The configuration of the logging components; properties: enableComponents: description: 'The components to be enabled. Possible values: @@ -164,7 +184,7 @@ spec: type: object type: object monitoringConfig: - description: Monitoring configuration. + description: Optional. Monitoring configuration for this cluster. properties: managedPrometheusConfig: description: Enable Google Cloud Managed Service for Prometheus @@ -176,32 +196,46 @@ spec: type: object type: object oidcConfig: - description: |- - OIDC discovery information of the target cluster. - - Kubernetes Service Account (KSA) tokens are JWT tokens signed by the cluster - API server. This fields indicates how GCP services - validate KSA tokens in order to allow system workloads (such as GKE Connect - and telemetry agents) to authenticate back to GCP. - - Both clusters with public and private issuer URLs are supported. - Clusters with public issuers only need to specify the 'issuer_url' field - while clusters with private issuers need to provide both - 'issuer_url' and 'jwks'. + description: "Required. OpenID Connect (OIDC) discovery information + of the target cluster.\n\nKubernetes Service Account (KSA) tokens + are JWT tokens signed by the cluster\nAPI server. This field indicates + how GCP services\tvalidate KSA tokens in order\nto allow system + workloads (such as GKE Connect and telemetry agents) to\nauthenticate + back to GCP.\n\nBoth clusters with public and private issuer URLs + are supported.\nClusters with public issuers only need to specify + the 'issuerUrl' field\nwhile clusters with private issuers need + to provide both 'issuerUrl' and 'jwks'." properties: issuerUrl: - description: Immutable. A JSON Web Token (JWT) issuer URI. 'issuer' - must start with 'https://'. + description: Immutable. A JSON Web Token (JWT) issuer URI. `issuer` + must start with `https://`. type: string + x-kubernetes-validations: + - message: IssuerURL field is immutable + rule: self == oldSelf jwks: - description: Immutable. OIDC verification keys in JWKS format - (RFC 7517). + description: |- + Immutable, Optional. OIDC verification keys in JWKS format (RFC 7517). + It contains a list of OIDC verification keys that can be used to verify + OIDC JWTs. + + This field is required for cluster that doesn't have a publicly available + discovery endpoint. When provided, it will be directly used + to verify the OIDC JWT asserted by the IDP. + format: byte type: string + x-kubernetes-validations: + - message: Jwks field is immutable + rule: self == oldSelf required: - issuerUrl type: object + x-kubernetes-validations: + - message: OidcConfig field is immutable + rule: self == oldSelf platformVersion: - description: The platform version for the cluster (e.g. '1.23.0-gke.1'). + description: Required. The platform version for the cluster (e.g. + `1.30.0-gke.1`). type: string projectRef: description: The ID of the project in which the resource belongs. @@ -222,40 +256,48 @@ spec: - external properties: external: - description: 'Allowed value: The `name` field of a `Project` resource.' + description: The `projectID` field of a project, when not managed + by Config Connector. + type: string + kind: + description: The kind of the Project resource; optional but must + be `Project` if provided. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: The `name` field of a `Project` resource. type: string namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + description: The `namespace` field of a `Project` resource. type: string type: object resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. + description: Immutable, Optional. The ContainerAttachedCluster name. + If not given, the metadata.name will be used. type: string + x-kubernetes-validations: + - message: ResourceID field is immutable + rule: self == oldSelf required: - distribution - fleet - location - oidcConfig - platformVersion - - projectRef type: object status: + description: ContainerAttachedClusterStatus defines the config connector + machine state of ContainerAttachedCluster properties: clusterRegion: description: |- - Output only. The region where this cluster runs. + The region where this cluster runs. - For EKS clusters, this is an AWS region. For AKS clusters, - this is an Azure region. + For EKS clusters, this is an AWS region. For AKS clusters, + this is an Azure region. type: string conditions: - description: Conditions represent the latest available observation - of the resource's current state. + description: Conditions represent the latest available observations + of the object's current state. items: properties: lastTransitionTime: @@ -280,7 +322,7 @@ spec: type: object type: array createTime: - description: Output only. The time at which this cluster was created. + description: The time at which this cluster was registered. type: string errors: description: A set of errors found in the cluster. @@ -300,16 +342,29 @@ spec: If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. + format: int64 type: integer + observedState: + description: ObservedState is the state of the resource as most recently + observed in GCP. + properties: + fleetMembership: + description: |- + Output only. The name of the managed Hub Membership resource associated to + this cluster. + + Membership names are formatted as + `projects//locations/global/membership/`. + This field mirrors the Spec.Fleet.Membership field. + type: string + type: object reconciling: description: If set, there are currently changes in flight to the cluster. type: boolean state: - description: |- - The current state of the cluster. Possible values: - STATE_UNSPECIFIED, PROVISIONING, RUNNING, RECONCILING, STOPPING, ERROR, - DEGRADED. + description: "The current state of the cluster. Possible values:\tSTATE_UNSPECIFIED, + PROVISIONING, RUNNING, RECONCILING, STOPPING, ERROR,\tDEGRADED." type: string uid: description: A globally unique identifier for the cluster. @@ -322,9 +377,8 @@ spec: items: properties: identityProvider: - description: |- - The ID of the OIDC Identity Provider (IdP) associated to - the Workload Identity Pool. + description: The ID of the OIDC Identity Provider (IdP) associated + to the Workload Identity Pool. type: string issuerUri: description: The OIDC issuer URL for this cluster. @@ -342,9 +396,3 @@ spec: storage: true subresources: status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/dev/tools/controllerbuilder/template/apis/types.go b/dev/tools/controllerbuilder/template/apis/types.go index 441ebd347a..5c1f906cd8 100644 --- a/dev/tools/controllerbuilder/template/apis/types.go +++ b/dev/tools/controllerbuilder/template/apis/types.go @@ -62,10 +62,7 @@ type {{ .Kind }}Status struct { ObservedState *{{ .Kind }}ObservedState ` + "`" + `json:"observedState,omitempty"` + "`" + ` } -// {{ .Kind }}Spec defines the desired state of {{ .Kind }} -{{- if .KindProtoTag }} -// +kcc:proto={{ .KindProtoTag }} -{{- end }} +// {{ .Kind }}ObservedState is the state of the {{ .Kind }} resource as most recently observed in GCP. type {{ .Kind }}ObservedState struct { } diff --git a/pkg/clients/generated/apis/containerattached/v1beta1/containerattachedcluster_types.go b/pkg/clients/generated/apis/containerattached/v1beta1/containerattachedcluster_types.go index 76b02f3735..b8e6c29886 100644 --- a/pkg/clients/generated/apis/containerattached/v1beta1/containerattachedcluster_types.go +++ b/pkg/clients/generated/apis/containerattached/v1beta1/containerattachedcluster_types.go @@ -36,18 +36,18 @@ import ( ) type ClusterAuthorization struct { - /* Users that can perform operations as a cluster admin. A managed - ClusterRoleBinding will be created to grant the 'cluster-admin' ClusterRole + /* Optional. Users that can perform operations as a cluster admin. A managed + ClusterRoleBinding will be created to grant the `cluster-admin` ClusterRole to the users. Up to ten admin users can be provided. For more info on RBAC, see - https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles. */ + https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles */ // +optional AdminUsers []string `json:"adminUsers,omitempty"` } type ClusterBinaryAuthorization struct { - /* Configure Binary Authorization evaluation mode. Possible values: ["DISABLED", "PROJECT_SINGLETON_POLICY_ENFORCE"]. */ + /* Mode of operation for binauthz policy evaluation. If unspecified, defaults to DISABLED. Possible values: ["DISABLED", "PROJECT_SINGLETON_POLICY_ENFORCE"]. */ // +optional EvaluationMode *string `json:"evaluationMode,omitempty"` } @@ -59,18 +59,20 @@ type ClusterComponentConfig struct { } type ClusterFleet struct { - /* The name of the managed Hub Membership resource associated to this - cluster. Membership names are formatted as - projects//locations/global/membership/. */ + /* Output only. The name of the managed Hub Membership resource associated to + this cluster. + + Membership names are formatted as + `projects//locations/global/membership/`. */ // +optional Membership *string `json:"membership,omitempty"` - /* The number of the Fleet host project where this cluster will be registered. */ + /* The id of the Fleet host project where this cluster will be registered. */ ProjectRef v1alpha1.ResourceRef `json:"projectRef"` } type ClusterLoggingConfig struct { - /* The configuration of the logging components. */ + /* The configuration of the logging components; */ // +optional ComponentConfig *ClusterComponentConfig `json:"componentConfig,omitempty"` } @@ -88,79 +90,88 @@ type ClusterMonitoringConfig struct { } type ClusterOidcConfig struct { - /* Immutable. A JSON Web Token (JWT) issuer URI. 'issuer' must start with 'https://'. */ + /* Immutable. A JSON Web Token (JWT) issuer URI. `issuer` must start with `https://`. */ IssuerUrl string `json:"issuerUrl"` - /* Immutable. OIDC verification keys in JWKS format (RFC 7517). */ + /* Immutable, Optional. OIDC verification keys in JWKS format (RFC 7517). + It contains a list of OIDC verification keys that can be used to verify + OIDC JWTs. + + This field is required for cluster that doesn't have a publicly available + discovery endpoint. When provided, it will be directly used + to verify the OIDC JWT asserted by the IDP. */ // +optional Jwks *string `json:"jwks,omitempty"` } type ContainerAttachedClusterSpec struct { - /* Optional. Annotations on the cluster. This field has the same - restrictions as Kubernetes annotations. The total size of all keys and - values combined is limited to 256k. Key can have 2 segments: prefix (optional) - and name (required), separated by a slash (/). Prefix must be a DNS subdomain. + /* Optional. Annotations on the cluster. + + This field has the same restrictions as Kubernetes annotations. + The total size of all keys and values combined is limited to 256k. + Key can have 2 segments: prefix (optional) and name (required), + separated by a slash (/). + Prefix must be a DNS subdomain. Name must be 63 characters or less, begin and end with alphanumerics, with dashes (-), underscores (_), dots (.), and alphanumerics between. */ // +optional Annotations map[string]string `json:"annotations,omitempty"` - /* Configuration related to the cluster RBAC settings. */ + /* Optional. Configuration related to the cluster RBAC settings. */ // +optional Authorization *ClusterAuthorization `json:"authorization,omitempty"` - /* Binary Authorization configuration. */ + /* Optional. Binary Authorization configuration for this cluster. */ // +optional BinaryAuthorization *ClusterBinaryAuthorization `json:"binaryAuthorization,omitempty"` - /* Policy to determine what flags to send on delete. */ + /* Optional. Policy to determine what flags to send on delete. */ // +optional DeletionPolicy *string `json:"deletionPolicy,omitempty"` - /* A human readable description of this attached cluster. Cannot be longer - than 255 UTF-8 encoded bytes. */ + /* Optional. A human readable description of this Attached cluster. Cannot be longer than 255 UTF-8 encoded bytes. */ // +optional Description *string `json:"description,omitempty"` - /* Immutable. The Kubernetes distribution of the underlying attached cluster. Supported values: - "eks", "aks". */ + /* Immutable. The Kubernetes distribution of the underlying attached cluster. + + Supported values: ["eks", "aks", "generic"]. */ Distribution string `json:"distribution"` - /* Fleet configuration. */ + /* Required. Fleet configuration. */ Fleet ClusterFleet `json:"fleet"` /* Immutable. The location for the resource. */ Location string `json:"location"` - /* Logging configuration. */ + /* Optional. Logging configuration for this cluster. */ // +optional LoggingConfig *ClusterLoggingConfig `json:"loggingConfig,omitempty"` - /* Monitoring configuration. */ + /* Optional. Monitoring configuration for this cluster. */ // +optional MonitoringConfig *ClusterMonitoringConfig `json:"monitoringConfig,omitempty"` - /* OIDC discovery information of the target cluster. + /* Required. OpenID Connect (OIDC) discovery information of the target cluster. Kubernetes Service Account (KSA) tokens are JWT tokens signed by the cluster - API server. This fields indicates how GCP services - validate KSA tokens in order to allow system workloads (such as GKE Connect - and telemetry agents) to authenticate back to GCP. + API server. This field indicates how GCP services validate KSA tokens in order + to allow system workloads (such as GKE Connect and telemetry agents) to + authenticate back to GCP. Both clusters with public and private issuer URLs are supported. - Clusters with public issuers only need to specify the 'issuer_url' field - while clusters with private issuers need to provide both - 'issuer_url' and 'jwks'. */ + Clusters with public issuers only need to specify the 'issuerUrl' field + while clusters with private issuers need to provide both 'issuerUrl' and 'jwks'. */ OidcConfig ClusterOidcConfig `json:"oidcConfig"` - /* The platform version for the cluster (e.g. '1.23.0-gke.1'). */ + /* Required. The platform version for the cluster (e.g. `1.30.0-gke.1`). */ PlatformVersion string `json:"platformVersion"` /* The ID of the project in which the resource belongs. If it is not provided, the provider project is used. */ - ProjectRef v1alpha1.ResourceRef `json:"projectRef"` + // +optional + ProjectRef *v1alpha1.ResourceRef `json:"projectRef,omitempty"` - /* Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. */ + /* Immutable, Optional. The ContainerAttachedCluster name. If not given, the metadata.name will be used. */ // +optional ResourceID *string `json:"resourceID,omitempty"` } @@ -171,9 +182,19 @@ type ClusterErrorsStatus struct { Message *string `json:"message,omitempty"` } +type ClusterObservedStateStatus struct { + /* Output only. The name of the managed Hub Membership resource associated to + this cluster. + + Membership names are formatted as + `projects//locations/global/membership/`. + This field mirrors the Spec.Fleet.Membership field. */ + // +optional + FleetMembership *string `json:"fleetMembership,omitempty"` +} + type ClusterWorkloadIdentityConfigStatus struct { - /* The ID of the OIDC Identity Provider (IdP) associated to - the Workload Identity Pool. */ + /* The ID of the OIDC Identity Provider (IdP) associated to the Workload Identity Pool. */ // +optional IdentityProvider *string `json:"identityProvider,omitempty"` @@ -190,14 +211,14 @@ type ContainerAttachedClusterStatus struct { /* Conditions represent the latest available observations of the ContainerAttachedCluster's current state. */ Conditions []v1alpha1.Condition `json:"conditions,omitempty"` - /* Output only. The region where this cluster runs. + /* The region where this cluster runs. For EKS clusters, this is an AWS region. For AKS clusters, this is an Azure region. */ // +optional ClusterRegion *string `json:"clusterRegion,omitempty"` - /* Output only. The time at which this cluster was created. */ + /* The time at which this cluster was registered. */ // +optional CreateTime *string `json:"createTime,omitempty"` @@ -213,13 +234,15 @@ type ContainerAttachedClusterStatus struct { // +optional ObservedGeneration *int64 `json:"observedGeneration,omitempty"` + /* ObservedState is the state of the resource as most recently observed in GCP. */ + // +optional + ObservedState *ClusterObservedStateStatus `json:"observedState,omitempty"` + /* If set, there are currently changes in flight to the cluster. */ // +optional Reconciling *bool `json:"reconciling,omitempty"` - /* The current state of the cluster. Possible values: - STATE_UNSPECIFIED, PROVISIONING, RUNNING, RECONCILING, STOPPING, ERROR, - DEGRADED. */ + /* The current state of the cluster. Possible values: STATE_UNSPECIFIED, PROVISIONING, RUNNING, RECONCILING, STOPPING, ERROR, DEGRADED. */ // +optional State *string `json:"state,omitempty"` diff --git a/pkg/clients/generated/apis/containerattached/v1beta1/zz_generated.deepcopy.go b/pkg/clients/generated/apis/containerattached/v1beta1/zz_generated.deepcopy.go index 7aa409bf13..f4e9a2c7c1 100644 --- a/pkg/clients/generated/apis/containerattached/v1beta1/zz_generated.deepcopy.go +++ b/pkg/clients/generated/apis/containerattached/v1beta1/zz_generated.deepcopy.go @@ -198,6 +198,27 @@ func (in *ClusterMonitoringConfig) DeepCopy() *ClusterMonitoringConfig { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClusterObservedStateStatus) DeepCopyInto(out *ClusterObservedStateStatus) { + *out = *in + if in.FleetMembership != nil { + in, out := &in.FleetMembership, &out.FleetMembership + *out = new(string) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterObservedStateStatus. +func (in *ClusterObservedStateStatus) DeepCopy() *ClusterObservedStateStatus { + if in == nil { + return nil + } + out := new(ClusterObservedStateStatus) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ClusterOidcConfig) DeepCopyInto(out *ClusterOidcConfig) { *out = *in @@ -353,7 +374,11 @@ func (in *ContainerAttachedClusterSpec) DeepCopyInto(out *ContainerAttachedClust (*in).DeepCopyInto(*out) } in.OidcConfig.DeepCopyInto(&out.OidcConfig) - out.ProjectRef = in.ProjectRef + if in.ProjectRef != nil { + in, out := &in.ProjectRef, &out.ProjectRef + *out = new(v1alpha1.ResourceRef) + **out = **in + } if in.ResourceID != nil { in, out := &in.ResourceID, &out.ResourceID *out = new(string) @@ -407,6 +432,11 @@ func (in *ContainerAttachedClusterStatus) DeepCopyInto(out *ContainerAttachedClu *out = new(int64) **out = **in } + if in.ObservedState != nil { + in, out := &in.ObservedState, &out.ObservedState + *out = new(ClusterObservedStateStatus) + (*in).DeepCopyInto(*out) + } if in.Reconciling != nil { in, out := &in.Reconciling, &out.Reconciling *out = new(bool) diff --git a/scripts/generate-google3-docs/resource-reference/generated/resource-docs/containerattached/containerattachedcluster.md b/scripts/generate-google3-docs/resource-reference/generated/resource-docs/containerattached/containerattachedcluster.md index 31fe996c76..c6d49e1161 100644 --- a/scripts/generate-google3-docs/resource-reference/generated/resource-docs/containerattached/containerattachedcluster.md +++ b/scripts/generate-google3-docs/resource-reference/generated/resource-docs/containerattached/containerattachedcluster.md @@ -138,6 +138,7 @@ oidcConfig: platformVersion: string projectRef: external: string + kind: string name: string namespace: string resourceID: string @@ -157,12 +158,15 @@ resourceID: string

map (key: string, value: string)

-

{% verbatim %}Optional. Annotations on the cluster. This field has the same -restrictions as Kubernetes annotations. The total size of all keys and -values combined is limited to 256k. Key can have 2 segments: prefix (optional) -and name (required), separated by a slash (/). Prefix must be a DNS subdomain. -Name must be 63 characters or less, begin and end with alphanumerics, -with dashes (-), underscores (_), dots (.), and alphanumerics between.{% endverbatim %}

+

{% verbatim %}Optional. Annotations on the cluster. + + This field has the same restrictions as Kubernetes annotations. + The total size of all keys and values combined is limited to 256k. + Key can have 2 segments: prefix (optional) and name (required), + separated by a slash (/). + Prefix must be a DNS subdomain. + Name must be 63 characters or less, begin and end with alphanumerics, + with dashes (-), underscores (_), dots (.), and alphanumerics between.{% endverbatim %}

@@ -172,7 +176,7 @@ with dashes (-), underscores (_), dots (.), and alphanumerics between.{% endverb

object

-

{% verbatim %}Configuration related to the cluster RBAC settings.{% endverbatim %}

+

{% verbatim %}Optional. Configuration related to the cluster RBAC settings.{% endverbatim %}

@@ -182,12 +186,12 @@ with dashes (-), underscores (_), dots (.), and alphanumerics between.{% endverb

list (string)

-

{% verbatim %}Users that can perform operations as a cluster admin. A managed -ClusterRoleBinding will be created to grant the 'cluster-admin' ClusterRole -to the users. Up to ten admin users can be provided. +

{% verbatim %}Optional. Users that can perform operations as a cluster admin. A managed + ClusterRoleBinding will be created to grant the `cluster-admin` ClusterRole + to the users. Up to ten admin users can be provided. -For more info on RBAC, see -https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles.{% endverbatim %}

+ For more info on RBAC, see + https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles{% endverbatim %}

@@ -207,7 +211,7 @@ https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles.

object

-

{% verbatim %}Binary Authorization configuration.{% endverbatim %}

+

{% verbatim %}Optional. Binary Authorization configuration for this cluster.{% endverbatim %}

@@ -217,7 +221,7 @@ https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles.

string

-

{% verbatim %}Configure Binary Authorization evaluation mode. Possible values: ["DISABLED", "PROJECT_SINGLETON_POLICY_ENFORCE"].{% endverbatim %}

+

{% verbatim %}Mode of operation for binauthz policy evaluation. If unspecified, defaults to DISABLED. Possible values: ["DISABLED", "PROJECT_SINGLETON_POLICY_ENFORCE"].{% endverbatim %}

@@ -227,7 +231,7 @@ https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles.

string

-

{% verbatim %}Policy to determine what flags to send on delete.{% endverbatim %}

+

{% verbatim %}Optional. Policy to determine what flags to send on delete.{% endverbatim %}

@@ -237,8 +241,7 @@ https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles.

string

-

{% verbatim %}A human readable description of this attached cluster. Cannot be longer -than 255 UTF-8 encoded bytes.{% endverbatim %}

+

{% verbatim %}Optional. A human readable description of this Attached cluster. Cannot be longer than 255 UTF-8 encoded bytes.{% endverbatim %}

@@ -248,8 +251,9 @@ than 255 UTF-8 encoded bytes.{% endverbatim %}

string

-

{% verbatim %}Immutable. The Kubernetes distribution of the underlying attached cluster. Supported values: -"eks", "aks".{% endverbatim %}

+

{% verbatim %}Immutable. The Kubernetes distribution of the underlying attached cluster. + + Supported values: ["eks", "aks", "generic"].{% endverbatim %}

@@ -259,7 +263,7 @@ than 255 UTF-8 encoded bytes.{% endverbatim %}

object

-

{% verbatim %}Fleet configuration.{% endverbatim %}

+

{% verbatim %}Required. Fleet configuration.{% endverbatim %}

@@ -269,9 +273,11 @@ than 255 UTF-8 encoded bytes.{% endverbatim %}

string

-

{% verbatim %}The name of the managed Hub Membership resource associated to this -cluster. Membership names are formatted as -projects//locations/global/membership/.{% endverbatim %}

+

{% verbatim %}Output only. The name of the managed Hub Membership resource associated to + this cluster. + + Membership names are formatted as + `projects//locations/global/membership/`.{% endverbatim %}

@@ -281,7 +287,7 @@ projects//locations/global/membership/.{% endverbati

object

-

{% verbatim %}The number of the Fleet host project where this cluster will be registered.{% endverbatim %}

+

{% verbatim %}The id of the Fleet host project where this cluster will be registered.{% endverbatim %}

@@ -291,7 +297,7 @@ projects//locations/global/membership/.{% endverbati

string

-

{% verbatim %}Allowed value: string of the format `projects/{{value}}`, where {{value}} is the `number` field of a `Project` resource.{% endverbatim %}

+

{% verbatim %}The project of the fleet. Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`).{% endverbatim %}

@@ -301,7 +307,7 @@ projects//locations/global/membership/.{% endverbati

string

-

{% verbatim %}Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names{% endverbatim %}

+

{% verbatim %}Name of the project resource. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names{% endverbatim %}

@@ -311,7 +317,7 @@ projects//locations/global/membership/.{% endverbati

string

-

{% verbatim %}Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/{% endverbatim %}

+

{% verbatim %}Namespace of the project resource. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/{% endverbatim %}

@@ -331,7 +337,7 @@ projects//locations/global/membership/.{% endverbati

object

-

{% verbatim %}Logging configuration.{% endverbatim %}

+

{% verbatim %}Optional. Logging configuration for this cluster.{% endverbatim %}

@@ -341,7 +347,7 @@ projects//locations/global/membership/.{% endverbati

object

-

{% verbatim %}The configuration of the logging components.{% endverbatim %}

+

{% verbatim %}The configuration of the logging components;{% endverbatim %}

@@ -371,7 +377,7 @@ projects//locations/global/membership/.{% endverbati

object

-

{% verbatim %}Monitoring configuration.{% endverbatim %}

+

{% verbatim %}Optional. Monitoring configuration for this cluster.{% endverbatim %}

@@ -401,17 +407,16 @@ projects//locations/global/membership/.{% endverbati

object

-

{% verbatim %}OIDC discovery information of the target cluster. +

{% verbatim %}Required. OpenID Connect (OIDC) discovery information of the target cluster. Kubernetes Service Account (KSA) tokens are JWT tokens signed by the cluster -API server. This fields indicates how GCP services -validate KSA tokens in order to allow system workloads (such as GKE Connect -and telemetry agents) to authenticate back to GCP. +API server. This field indicates how GCP services validate KSA tokens in order +to allow system workloads (such as GKE Connect and telemetry agents) to +authenticate back to GCP. Both clusters with public and private issuer URLs are supported. -Clusters with public issuers only need to specify the 'issuer_url' field -while clusters with private issuers need to provide both -'issuer_url' and 'jwks'.{% endverbatim %}

+Clusters with public issuers only need to specify the 'issuerUrl' field +while clusters with private issuers need to provide both 'issuerUrl' and 'jwks'.{% endverbatim %}

@@ -421,7 +426,7 @@ while clusters with private issuers need to provide both

string

-

{% verbatim %}Immutable. A JSON Web Token (JWT) issuer URI. 'issuer' must start with 'https://'.{% endverbatim %}

+

{% verbatim %}Immutable. A JSON Web Token (JWT) issuer URI. `issuer` must start with `https://`.{% endverbatim %}

@@ -431,7 +436,13 @@ while clusters with private issuers need to provide both

string

-

{% verbatim %}Immutable. OIDC verification keys in JWKS format (RFC 7517).{% endverbatim %}

+

{% verbatim %}Immutable, Optional. OIDC verification keys in JWKS format (RFC 7517). + It contains a list of OIDC verification keys that can be used to verify + OIDC JWTs. + + This field is required for cluster that doesn't have a publicly available + discovery endpoint. When provided, it will be directly used + to verify the OIDC JWT asserted by the IDP.{% endverbatim %}

@@ -441,13 +452,13 @@ while clusters with private issuers need to provide both

string

-

{% verbatim %}The platform version for the cluster (e.g. '1.23.0-gke.1').{% endverbatim %}

+

{% verbatim %}Required. The platform version for the cluster (e.g. `1.30.0-gke.1`).{% endverbatim %}

projectRef

-

Required

+

Optional

object

@@ -461,7 +472,17 @@ while clusters with private issuers need to provide both

string

-

{% verbatim %}Allowed value: The `name` field of a `Project` resource.{% endverbatim %}

+

{% verbatim %}The `projectID` field of a project, when not managed by Config Connector.{% endverbatim %}

+ + + + +

projectRef.kind

+

Optional

+ + +

string

+

{% verbatim %}The kind of the Project resource; optional but must be `Project` if provided.{% endverbatim %}

@@ -471,7 +492,7 @@ while clusters with private issuers need to provide both

string

-

{% verbatim %}Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names{% endverbatim %}

+

{% verbatim %}The `name` field of a `Project` resource.{% endverbatim %}

@@ -481,7 +502,7 @@ while clusters with private issuers need to provide both

string

-

{% verbatim %}Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/{% endverbatim %}

+

{% verbatim %}The `namespace` field of a `Project` resource.{% endverbatim %}

@@ -491,7 +512,7 @@ while clusters with private issuers need to provide both

string

-

{% verbatim %}Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.{% endverbatim %}

+

{% verbatim %}Immutable, Optional. The ContainerAttachedCluster name. If not given, the metadata.name will be used.{% endverbatim %}

@@ -514,6 +535,8 @@ errors: - message: string kubernetesVersion: string observedGeneration: integer +observedState: + fleetMembership: string reconciling: boolean state: string uid: string @@ -535,17 +558,17 @@ workloadIdentityConfig: clusterRegion

string

-

{% verbatim %}Output only. The region where this cluster runs. +

{% verbatim %}The region where this cluster runs. -For EKS clusters, this is an AWS region. For AKS clusters, -this is an Azure region.{% endverbatim %}

+ For EKS clusters, this is an AWS region. For AKS clusters, + this is an Azure region.{% endverbatim %}

conditions

list (object)

-

{% verbatim %}Conditions represent the latest available observation of the resource's current state.{% endverbatim %}

+

{% verbatim %}Conditions represent the latest available observations of the object's current state.{% endverbatim %}

@@ -594,7 +617,7 @@ this is an Azure region.{% endverbatim %}

createTime

string

-

{% verbatim %}Output only. The time at which this cluster was created.{% endverbatim %}

+

{% verbatim %}The time at which this cluster was registered.{% endverbatim %}

@@ -632,6 +655,25 @@ this is an Azure region.{% endverbatim %}

{% verbatim %}ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.{% endverbatim %}

+ + observedState + +

object

+

{% verbatim %}ObservedState is the state of the resource as most recently observed in GCP.{% endverbatim %}

+ + + + observedState.fleetMembership + +

string

+

{% verbatim %}Output only. The name of the managed Hub Membership resource associated to + this cluster. + + Membership names are formatted as + `projects//locations/global/membership/`. + This field mirrors the Spec.Fleet.Membership field.{% endverbatim %}

+ + reconciling @@ -643,9 +685,7 @@ this is an Azure region.{% endverbatim %}

state

string

-

{% verbatim %}The current state of the cluster. Possible values: -STATE_UNSPECIFIED, PROVISIONING, RUNNING, RECONCILING, STOPPING, ERROR, -DEGRADED.{% endverbatim %}

+

{% verbatim %}The current state of the cluster. Possible values: STATE_UNSPECIFIED, PROVISIONING, RUNNING, RECONCILING, STOPPING, ERROR, DEGRADED.{% endverbatim %}

@@ -680,8 +720,7 @@ DEGRADED.{% endverbatim %}

workloadIdentityConfig[].identityProvider

string

-

{% verbatim %}The ID of the OIDC Identity Provider (IdP) associated to -the Workload Identity Pool.{% endverbatim %}

+

{% verbatim %}The ID of the OIDC Identity Provider (IdP) associated to the Workload Identity Pool.{% endverbatim %}