이 페이지는 아직 영어로 제공되지 않습니다. 번역 작업 중입니다.
현재 번역 프로젝트에 대한 질문이나 피드백이 있으신 경우 언제든지 연락주시기 바랍니다.

gcp_gkehub_feature

`ancestors`

Type: UNORDERED_LIST_STRING

`create_time`

Type: TIMESTAMP
Provider name: createTime
Description: Output only. When the Feature resource was created.

`delete_time`

Type: TIMESTAMP
Provider name: deleteTime
Description: Output only. When the Feature resource was deleted.

`fleet_default_member_config`

Type: STRUCT
Provider name: fleetDefaultMemberConfig
Description: Optional. Feature configuration applicable to all memberships of the fleet.

configmanagement
Type: STRUCT
Provider name: configmanagement
Description: Config Management-specific spec.
- cluster
  Type: STRING
  Provider name: cluster
  Description: Optional. The user-specified cluster name used by Config Sync cluster-name-selector annotation or ClusterSelector, for applying configs to only a subset of clusters. Omit this field if the cluster’s fleet membership name is used by Config Sync cluster-name-selector annotation or ClusterSelector. Set this field if a name different from the cluster’s fleet membership name is used by Config Sync cluster-name-selector annotation or ClusterSelector.
- config_sync
  Type: STRUCT
  Provider name: configSync
  Description: Optional. Config Sync configuration for the cluster.
  - deployment_overrides
    Type: UNORDERED_LIST_STRUCT
    Provider name: deploymentOverrides
    Description: Optional. Configuration for deployment overrides.
    - containers
      Type: UNORDERED_LIST_STRUCT
      Provider name: containers
      Description: Optional. The containers of the deployment resource to be overridden.
      - container_name
        Type: STRING
        Provider name: containerName
        Description: Required. The name of the container.
      - cpu_limit
        Type: STRING
        Provider name: cpuLimit
        Description: Optional. The cpu limit of the container.
      - cpu_request
        Type: STRING
        Provider name: cpuRequest
        Description: Optional. The cpu request of the container.
      - memory_limit
        Type: STRING
        Provider name: memoryLimit
        Description: Optional. The memory limit of the container.
      - memory_request
        Type: STRING
        Provider name: memoryRequest
        Description: Optional. The memory request of the container.
    - deployment_name
      Type: STRING
      Provider name: deploymentName
      Description: Required. The name of the deployment resource to be overridden.
    - deployment_namespace
      Type: STRING
      Provider name: deploymentNamespace
      Description: Required. The namespace of the deployment resource to be overridden.
  - enabled
    Type: BOOLEAN
    Provider name: enabled
    Description: Optional. Enables the installation of ConfigSync. If set to true, ConfigSync resources will be created and the other ConfigSync fields will be applied if exist. If set to false, all other ConfigSync fields will be ignored, ConfigSync resources will be deleted. If omitted, ConfigSync resources will be managed depends on the presence of the git or oci field.
  - git
    Type: STRUCT
    Provider name: git
    Description: Optional. Git repo configuration for the cluster.
    - gcp_service_account_email
      Type: STRING
      Provider name: gcpServiceAccountEmail
      Description: Optional. The Google Cloud Service Account Email used for auth when secret_type is gcpServiceAccount.
    - https_proxy
      Type: STRING
      Provider name: httpsProxy
      Description: Optional. URL for the HTTPS proxy to be used when communicating with the Git repo.
    - policy_dir
      Type: STRING
      Provider name: policyDir
      Description: Optional. The path within the Git repository that represents the top level of the repo to sync. Default: the root directory of the repository.
    - secret_type
      Type: STRING
      Provider name: secretType
      Description: Required. Type of secret configured for access to the Git repo. Must be one of ssh, cookiefile, gcenode, token, gcpserviceaccount, githubapp or none. The validation of this is case-sensitive.
    - sync_branch
      Type: STRING
      Provider name: syncBranch
      Description: Optional. The branch of the repository to sync from. Default: master.
    - sync_repo
      Type: STRING
      Provider name: syncRepo
      Description: Required. The URL of the Git repository to use as the source of truth.
    - sync_rev
      Type: STRING
      Provider name: syncRev
      Description: Optional. Git revision (tag or hash) to check out. Default HEAD.
    - sync_wait_secs
      Type: INT64
      Provider name: syncWaitSecs
      Description: Optional. Period in seconds between consecutive syncs. Default: 15.
  - metrics_gcp_service_account_email
    Type: STRING
    Provider name: metricsGcpServiceAccountEmail
    Description: Optional. The Email of the Google Cloud Service Account (GSA) used for exporting Config Sync metrics to Cloud Monitoring and Cloud Monarch when Workload Identity is enabled. The GSA should have the Monitoring Metric Writer (roles/monitoring.metricWriter) IAM role. The Kubernetes ServiceAccount default in the namespace config-management-monitoring should be bound to the GSA. Deprecated: If Workload Identity Federation for GKE is enabled, Google Cloud Service Account is no longer needed for exporting Config Sync metrics: https://cloud.google.com/kubernetes-engine/enterprise/config-sync/docs/how-to/monitor-config-sync-cloud-monitoring#custom-monitoring.
  - oci
    Type: STRUCT
    Provider name: oci
    Description: Optional. OCI repo configuration for the cluster
    - gcp_service_account_email
      Type: STRING
      Provider name: gcpServiceAccountEmail
      Description: Optional. The Google Cloud Service Account Email used for auth when secret_type is gcpServiceAccount.
    - policy_dir
      Type: STRING
      Provider name: policyDir
      Description: Optional. The absolute path of the directory that contains the local resources. Default: the root directory of the image.
    - secret_type
      Type: STRING
      Provider name: secretType
      Description: Required. Type of secret configured for access to the OCI repo. Must be one of gcenode, gcpserviceaccount, k8sserviceaccount or none. The validation of this is case-sensitive.
    - sync_repo
      Type: STRING
      Provider name: syncRepo
      Description: Required. The OCI image repository URL for the package to sync from. e.g. LOCATION-docker.pkg.dev/PROJECT_ID/REPOSITORY_NAME/PACKAGE_NAME.
    - sync_wait_secs
      Type: INT64
      Provider name: syncWaitSecs
      Description: Optional. Period in seconds between consecutive syncs. Default: 15.
  - prevent_drift
    Type: BOOLEAN
    Provider name: preventDrift
    Description: Optional. Set to true to enable the Config Sync admission webhook to prevent drifts. If set to false, disables the Config Sync admission webhook and does not prevent drifts.
  - source_format
    Type: STRING
    Provider name: sourceFormat
    Description: Optional. Specifies whether the Config Sync Repo is in “hierarchical” or “unstructured” mode.
  - stop_syncing
    Type: BOOLEAN
    Provider name: stopSyncing
    Description: Optional. Set to true to stop syncing configs for a single cluster. Default to false.
- hierarchy_controller
  Type: STRUCT
  Provider name: hierarchyController
  Description: Optional. Hierarchy Controller configuration for the cluster. Deprecated: Configuring Hierarchy Controller through the configmanagement feature is no longer recommended. Use https://github.com/kubernetes-sigs/hierarchical-namespaces instead.
  - enable_hierarchical_resource_quota
    Type: BOOLEAN
    Provider name: enableHierarchicalResourceQuota
    Description: Whether hierarchical resource quota is enabled in this cluster.
  - enable_pod_tree_labels
    Type: BOOLEAN
    Provider name: enablePodTreeLabels
    Description: Whether pod tree labels are enabled in this cluster.
  - enabled
    Type: BOOLEAN
    Provider name: enabled
    Description: Whether Hierarchy Controller is enabled in this cluster.
- management
  Type: STRING
  Provider name: management
  Description: Optional. Enables automatic Feature management.
  Possible values:
  - MANAGEMENT_UNSPECIFIED - Unspecified
  - MANAGEMENT_AUTOMATIC - Google will manage the Feature for the cluster.
  - MANAGEMENT_MANUAL - User will manually manage the Feature for the cluster.
- policy_controller
  Type: STRUCT
  Provider name: policyController
  Description: Optional. Policy Controller configuration for the cluster. Deprecated: Configuring Policy Controller through the configmanagement feature is no longer recommended. Use the policycontroller feature instead.
  - audit_interval_seconds
    Type: INT64
    Provider name: auditIntervalSeconds
    Description: Sets the interval for Policy Controller Audit Scans (in seconds). When set to 0, this disables audit functionality altogether.
  - enabled
    Type: BOOLEAN
    Provider name: enabled
    Description: Enables the installation of Policy Controller. If false, the rest of PolicyController fields take no effect.
  - exemptable_namespaces
    Type: UNORDERED_LIST_STRING
    Provider name: exemptableNamespaces
    Description: The set of namespaces that are excluded from Policy Controller checks. Namespaces do not need to currently exist on the cluster.
  - log_denies_enabled
    Type: BOOLEAN
    Provider name: logDeniesEnabled
    Description: Logs all denies and dry run failures.
  - monitoring
    Type: STRUCT
    Provider name: monitoring
    Description: Monitoring specifies the configuration of monitoring.
    - backends
      Type: UNORDERED_LIST_STRING
      Provider name: backends
      Description: Specifies the list of backends Policy Controller will export to. An empty list would effectively disable metrics export.
  - mutation_enabled
    Type: BOOLEAN
    Provider name: mutationEnabled
    Description: Enable or disable mutation in policy controller. If true, mutation CRDs, webhook and controller deployment will be deployed to the cluster.
  - referential_rules_enabled
    Type: BOOLEAN
    Provider name: referentialRulesEnabled
    Description: Enables the ability to use Constraint Templates that reference to objects other than the object currently being evaluated.
  - template_library_installed
    Type: BOOLEAN
    Provider name: templateLibraryInstalled
    Description: Installs the default template library along with Policy Controller.
  - update_time
    Type: TIMESTAMP
    Provider name: updateTime
    Description: Output only. Last time this membership spec was updated.
- version
  Type: STRING
  Provider name: version
  Description: Optional. Version of ACM installed.
identityservice
Type: STRUCT
Provider name: identityservice
Description: Identity Service-specific spec.
- auth_methods
  Type: UNORDERED_LIST_STRUCT
  Provider name: authMethods
  Description: A member may support multiple auth methods.
  - azuread_config
    Type: STRUCT
    Provider name: azureadConfig
    Description: AzureAD specific Configuration.
    - client_id
      Type: STRING
      Provider name: clientId
      Description: ID for the registered client application that makes authentication requests to the Azure AD identity provider.
    - client_secret
      Type: STRING
      Provider name: clientSecret
      Description: Input only. Unencrypted AzureAD client secret will be passed to the GKE Hub CLH.
    - group_format
      Type: STRING
      Provider name: groupFormat
      Description: Optional. Format of the AzureAD groups that the client wants for auth.
    - kubectl_redirect_uri
      Type: STRING
      Provider name: kubectlRedirectUri
      Description: The redirect URL that kubectl uses for authorization.
    - tenant
      Type: STRING
      Provider name: tenant
      Description: Kind of Azure AD account to be authenticated. Supported values are or for accounts belonging to a specific tenant.
    - user_claim
      Type: STRING
      Provider name: userClaim
      Description: Optional. Claim in the AzureAD ID Token that holds the user details.
  - google_config
    Type: STRUCT
    Provider name: googleConfig
    Description: GoogleConfig specific configuration.
    - disable
      Type: BOOLEAN
      Provider name: disable
      Description: Disable automatic configuration of Google Plugin on supported platforms.
  - ldap_config
    Type: STRUCT
    Provider name: ldapConfig
    Description: LDAP specific configuration.
    - group
      Type: STRUCT
      Provider name: group
      Description: Optional. Contains the properties for locating and authenticating groups in the directory.
      - base_dn
        Type: STRING
        Provider name: baseDn
        Description: Required. The location of the subtree in the LDAP directory to search for group entries.
      - filter
        Type: STRING
        Provider name: filter
        Description: Optional. Optional filter to be used when searching for groups a user belongs to. This can be used to explicitly match only certain groups in order to reduce the amount of groups returned for each user. This defaults to “(objectClass=Group)”.
      - id_attribute
        Type: STRING
        Provider name: idAttribute
        Description: Optional. The identifying name of each group a user belongs to. For example, if this is set to “distinguishedName” then RBACs and other group expectations should be written as full DNs. This defaults to “distinguishedName”.
    - server
      Type: STRUCT
      Provider name: server
      Description: Required. Server settings for the external LDAP server.
      - connection_type
        Type: STRING
        Provider name: connectionType
        Description: Optional. Defines the connection type to communicate with the LDAP server. If starttls or ldaps is specified, the certificate_authority_data should not be empty.
      - host
        Type: STRING
        Provider name: host
        Description: Required. Defines the hostname or IP of the LDAP server. Port is optional and will default to 389, if unspecified. For example, “ldap.server.example” or “10.10.10.10:389”.
    - service_account
      Type: STRUCT
      Provider name: serviceAccount
      Description: Required. Contains the credentials of the service account which is authorized to perform the LDAP search in the directory. The credentials can be supplied by the combination of the DN and password or the client certificate.
      - simple_bind_credentials
        Type: STRUCT
        Provider name: simpleBindCredentials
        Description: Credentials for basic auth.
        dn
        Type: STRING
        Provider name: dn
        Description: Required. The distinguished name(DN) of the service account object/user.
        password
        Type: STRING
        Provider name: password
        Description: Required. Input only. The password of the service account object/user.
    - user
      Type: STRUCT
      Provider name: user
      Description: Required. Defines where users exist in the LDAP directory.
      - base_dn
        Type: STRING
        Provider name: baseDn
        Description: Required. The location of the subtree in the LDAP directory to search for user entries.
      - filter
        Type: STRING
        Provider name: filter
        Description: Optional. Filter to apply when searching for the user. This can be used to further restrict the user accounts which are allowed to login. This defaults to “(objectClass=User)”.
      - id_attribute
        Type: STRING
        Provider name: idAttribute
        Description: Optional. Determines which attribute to use as the user’s identity after they are authenticated. This is distinct from the loginAttribute field to allow users to login with a username, but then have their actual identifier be an email address or full Distinguished Name (DN). For example, setting loginAttribute to “sAMAccountName” and identifierAttribute to “userPrincipalName” would allow a user to login as “bsmith”, but actual RBAC policies for the user would be written as “bsmith@example.com”. Using “userPrincipalName” is recommended since this will be unique for each user. This defaults to “userPrincipalName”.
      - login_attribute
        Type: STRING
        Provider name: loginAttribute
        Description: Optional. The name of the attribute which matches against the input username. This is used to find the user in the LDAP database e.g. “(=)” and is combined with the optional filter field. This defaults to “userPrincipalName”.
  - name
    Type: STRING
    Provider name: name
    Description: Identifier for auth config.
  - oidc_config
    Type: STRUCT
    Provider name: oidcConfig
    Description: OIDC specific configuration.
    - certificate_authority_data
      Type: STRING
      Provider name: certificateAuthorityData
      Description: PEM-encoded CA for OIDC provider.
    - client_id
      Type: STRING
      Provider name: clientId
      Description: ID for OIDC client application.
    - client_secret
      Type: STRING
      Provider name: clientSecret
      Description: Input only. Unencrypted OIDC client secret will be passed to the GKE Hub CLH.
    - deploy_cloud_console_proxy
      Type: BOOLEAN
      Provider name: deployCloudConsoleProxy
      Description: Flag to denote if reverse proxy is used to connect to auth provider. This flag should be set to true when provider is not reachable by Google Cloud Console.
    - enable_access_token
      Type: BOOLEAN
      Provider name: enableAccessToken
      Description: Enable access token.
    - extra_params
      Type: STRING
      Provider name: extraParams
      Description: Comma-separated list of key-value pairs.
    - group_prefix
      Type: STRING
      Provider name: groupPrefix
      Description: Prefix to prepend to group name.
    - groups_claim
      Type: STRING
      Provider name: groupsClaim
      Description: Claim in OIDC ID token that holds group information.
    - issuer_uri
      Type: STRING
      Provider name: issuerUri
      Description: URI for the OIDC provider. This should point to the level below .well-known/openid-configuration.
    - kubectl_redirect_uri
      Type: STRING
      Provider name: kubectlRedirectUri
      Description: Registered redirect uri to redirect users going through OAuth flow using kubectl plugin.
    - scopes
      Type: STRING
      Provider name: scopes
      Description: Comma-separated list of identifiers.
    - user_claim
      Type: STRING
      Provider name: userClaim
      Description: Claim in OIDC ID token that holds username.
    - user_prefix
      Type: STRING
      Provider name: userPrefix
      Description: Prefix to prepend to user name.
  - proxy
    Type: STRING
    Provider name: proxy
    Description: Proxy server address to use for auth method.
  - saml_config
    Type: STRUCT
    Provider name: samlConfig
    Description: SAML specific configuration.
    - group_prefix
      Type: STRING
      Provider name: groupPrefix
      Description: Optional. Prefix to prepend to group name.
    - groups_attribute
      Type: STRING
      Provider name: groupsAttribute
      Description: Optional. The SAML attribute to read groups from. This value is expected to be a string and will be passed along as-is (with the option of being prefixed by the group_prefix).
    - identity_provider_certificates
      Type: UNORDERED_LIST_STRING
      Provider name: identityProviderCertificates
      Description: Required. The list of IdP certificates to validate the SAML response against.
    - identity_provider_id
      Type: STRING
      Provider name: identityProviderId
      Description: Required. The entity ID of the SAML IdP.
    - identity_provider_sso_uri
      Type: STRING
      Provider name: identityProviderSsoUri
      Description: Required. The URI where the SAML IdP exposes the SSO service.
    - user_attribute
      Type: STRING
      Provider name: userAttribute
      Description: Optional. The SAML attribute to read username from. If unspecified, the username will be read from the NameID element of the assertion in SAML response. This value is expected to be a string and will be passed along as-is (with the option of being prefixed by the user_prefix).
    - user_prefix
      Type: STRING
      Provider name: userPrefix
      Description: Optional. Prefix to prepend to user name.
- identity_service_options
  Type: STRUCT
  Provider name: identityServiceOptions
  Description: Optional. non-protocol-related configuration options.
  - diagnostic_interface
    Type: STRUCT
    Provider name: diagnosticInterface
    Description: Configuration options for the AIS diagnostic interface.
    - enabled
      Type: BOOLEAN
      Provider name: enabled
      Description: Determines whether to enable the diagnostic interface.
    - expiration_time
      Type: TIMESTAMP
      Provider name: expirationTime
      Description: Determines the expiration time of the diagnostic interface enablement. When reached, requests to the interface would be automatically rejected.
  - session_duration
    Type: STRING
    Provider name: sessionDuration
    Description: Determines the lifespan of STS tokens issued by Anthos Identity Service.
mesh
Type: STRUCT
Provider name: mesh
Description: Anthos Service Mesh-specific spec
- config_api
  Type: STRING
  Provider name: configApi
  Description: Optional. Specifies the API that will be used for configuring the mesh workloads.
  Possible values:
  - CONFIG_API_UNSPECIFIED - Unspecified
  - CONFIG_API_ISTIO - Use the Istio API for configuration.
  - CONFIG_API_GATEWAY - Use the K8s Gateway API for configuration.
- control_plane
  Type: STRING
  Provider name: controlPlane
  Description: Deprecated: use management instead Enables automatic control plane management.
  Possible values:
  - CONTROL_PLANE_MANAGEMENT_UNSPECIFIED - Unspecified
  - AUTOMATIC - Google should provision a control plane revision and make it available in the cluster. Google will enroll this revision in a release channel and keep it up to date. The control plane revision may be a managed service, or a managed install.
  - MANUAL - User will manually configure the control plane (e.g. via CLI, or via the ControlPlaneRevision KRM API)
- management
  Type: STRING
  Provider name: management
  Description: Optional. Enables automatic Service Mesh management.
  Possible values:
  - MANAGEMENT_UNSPECIFIED - Unspecified
  - MANAGEMENT_AUTOMATIC - Google should manage my Service Mesh for the cluster.
  - MANAGEMENT_MANUAL - User will manually configure their service mesh components.
  - MANAGEMENT_NOT_INSTALLED - Google should remove any managed Service Mesh components from this cluster and deprovision any resources.
policycontroller
Type: STRUCT
Provider name: policycontroller
Description: Policy Controller spec.
- policy_controller_hub_config
  Type: STRUCT
  Provider name: policyControllerHubConfig
  Description: Policy Controller configuration for the cluster.
  - audit_interval_seconds
    Type: INT64
    Provider name: auditIntervalSeconds
    Description: Sets the interval for Policy Controller Audit Scans (in seconds). When set to 0, this disables audit functionality altogether.
  - constraint_violation_limit
    Type: INT64
    Provider name: constraintViolationLimit
    Description: The maximum number of audit violations to be stored in a constraint. If not set, the internal default (currently 20) will be used.
  - exemptable_namespaces
    Type: UNORDERED_LIST_STRING
    Provider name: exemptableNamespaces
    Description: The set of namespaces that are excluded from Policy Controller checks. Namespaces do not need to currently exist on the cluster.
  - install_spec
    Type: STRING
    Provider name: installSpec
    Description: The install_spec represents the intended state specified by the latest request that mutated install_spec in the feature spec, not the lifecycle state of the feature observed by the Hub feature controller that is reported in the feature state.
    Possible values:
    - INSTALL_SPEC_UNSPECIFIED - Spec is unknown.
    - INSTALL_SPEC_NOT_INSTALLED - Request to uninstall Policy Controller.
    - INSTALL_SPEC_ENABLED - Request to install and enable Policy Controller.
    - INSTALL_SPEC_SUSPENDED - Request to suspend Policy Controller i.e. its webhooks. If Policy Controller is not installed, it will be installed but suspended.
    - INSTALL_SPEC_DETACHED - Request to stop all reconciliation actions by PoCo Hub controller. This is a breakglass mechanism to stop PoCo Hub from affecting cluster resources.
  - log_denies_enabled
    Type: BOOLEAN
    Provider name: logDeniesEnabled
    Description: Logs all denies and dry run failures.
  - monitoring
    Type: STRUCT
    Provider name: monitoring
    Description: Monitoring specifies the configuration of monitoring.
    - backends
      Type: UNORDERED_LIST_STRING
      Provider name: backends
      Description: Specifies the list of backends Policy Controller will export to. An empty list would effectively disable metrics export.
  - mutation_enabled
    Type: BOOLEAN
    Provider name: mutationEnabled
    Description: Enables the ability to mutate resources using Policy Controller.
  - policy_content
    Type: STRUCT
    Provider name: policyContent
    Description: Specifies the desired policy content on the cluster
    - template_library
      Type: STRUCT
      Provider name: templateLibrary
      Description: Configures the installation of the Template Library.
      - installation
        Type: STRING
        Provider name: installation
        Description: Configures the manner in which the template library is installed on the cluster.
        Possible values:
        INSTALLATION_UNSPECIFIED - No installation strategy has been specified.
        NOT_INSTALLED - Do not install the template library.
        ALL - Install the entire template library.
  - referential_rules_enabled
    Type: BOOLEAN
    Provider name: referentialRulesEnabled
    Description: Enables the ability to use Constraint Templates that reference to objects other than the object currently being evaluated.
- version
  Type: STRING
  Provider name: version
  Description: Version of Policy Controller installed.

`labels`

Type: UNORDERED_LIST_STRING

`name`

Type: STRING
Provider name: name
Description: Output only. The full, unique name of this Feature resource in the format projects/*/locations/*/features/*.

`organization_id`

Type: STRING

`parent`

Type: STRING

`project_id`

Type: STRING

`project_number`

Type: STRING

`resource_name`

Type: STRING

`resource_state`

Type: STRUCT
Provider name: resourceState
Description: Output only. State of the Feature resource itself.

state
Type: STRING
Provider name: state
Description: The current state of the Feature resource in the Hub API.
Possible values:
- STATE_UNSPECIFIED - State is unknown or not set.
- ENABLING - The Feature is being enabled, and the Feature resource is being created. Once complete, the corresponding Feature will be enabled in this Fleet.
- ACTIVE - The Feature is enabled in this Fleet, and the Feature resource is fully available.
- DISABLING - The Feature is being disabled in this Fleet, and the Feature resource is being deleted.
- UPDATING - The Feature resource is being updated.
- SERVICE_UPDATING - The Feature resource is being updated by the Hub Service.

`spec`

Type: STRUCT
Provider name: spec
Description: Optional. Fleet-wide Feature configuration. If this Feature does not support any Fleet-wide configuration, this field may be unused.

appdevexperience
Type: STRUCT
Provider name: appdevexperience
Description: Appdevexperience specific spec.
clusterupgrade
Type: STRUCT
Provider name: clusterupgrade
Description: ClusterUpgrade (fleet-based) feature spec.
- gke_upgrade_overrides
  Type: UNORDERED_LIST_STRUCT
  Provider name: gkeUpgradeOverrides
  Description: Allow users to override some properties of each GKE upgrade.
  - post_conditions
    Type: STRUCT
    Provider name: postConditions
    Description: Required. Post conditions to override for the specified upgrade (name + version). Required.
    - soaking
      Type: STRING
      Provider name: soaking
      Description: Required. Amount of time to “soak” after a rollout has been finished before marking it COMPLETE. Cannot exceed 30 days. Required.
  - upgrade
    Type: STRUCT
    Provider name: upgrade
    Description: Required. Which upgrade to override. Required.
    - name
      Type: STRING
      Provider name: name
      Description: Name of the upgrade, e.g., “k8s_control_plane”. It should be a valid upgrade name. It must not exceet 99 characters.
    - version
      Type: STRING
      Provider name: version
      Description: Version of the upgrade, e.g., “1.22.1-gke.100”. It should be a valid version. It must not exceet 99 characters.
- post_conditions
  Type: STRUCT
  Provider name: postConditions
  Description: Required. Post conditions to evaluate to mark an upgrade COMPLETE. Required.
  - soaking
    Type: STRING
    Provider name: soaking
    Description: Required. Amount of time to “soak” after a rollout has been finished before marking it COMPLETE. Cannot exceed 30 days. Required.
- upstream_fleets
  Type: UNORDERED_LIST_STRING
  Provider name: upstreamFleets
  Description: This fleet consumes upgrades that have COMPLETE status code in the upstream fleets. See UpgradeStatus.Code for code definitions. The fleet name should be either fleet project number or id. This is defined as repeated for future proof reasons. Initial implementation will enforce at most one upstream fleet.
dataplanev2
Type: STRUCT
Provider name: dataplanev2
Description: DataplaneV2 feature spec.
- enable_encryption
  Type: BOOLEAN
  Provider name: enableEncryption
  Description: Enable dataplane-v2 based encryption for multiple clusters.
fleetobservability
Type: STRUCT
Provider name: fleetobservability
Description: FleetObservability feature spec.
- logging_config
  Type: STRUCT
  Provider name: loggingConfig
  Description: Specified if fleet logging feature is enabled for the entire fleet. If UNSPECIFIED, fleet logging feature is disabled for the entire fleet.
  - default_config
    Type: STRUCT
    Provider name: defaultConfig
    Description: Specified if applying the default routing config to logs not specified in other configs.
    - mode
      Type: STRING
      Provider name: mode
      Description: mode configures the logs routing mode.
      Possible values:
      - MODE_UNSPECIFIED - If UNSPECIFIED, fleet logging feature is disabled.
      - COPY - logs will be copied to the destination project.
      - MOVE - logs will be moved to the destination project.
  - fleet_scope_logs_config
    Type: STRUCT
    Provider name: fleetScopeLogsConfig
    Description: Specified if applying the routing config to all logs for all fleet scopes.
    - mode
      Type: STRING
      Provider name: mode
      Description: mode configures the logs routing mode.
      Possible values:
      - MODE_UNSPECIFIED - If UNSPECIFIED, fleet logging feature is disabled.
      - COPY - logs will be copied to the destination project.
      - MOVE - logs will be moved to the destination project.
multiclusteringress
Type: STRUCT
Provider name: multiclusteringress
Description: Multicluster Ingress-specific spec.
- config_membership
  Type: STRING
  Provider name: configMembership
  Description: Fully-qualified Membership name which hosts the MultiClusterIngress CRD. Example: projects/foo-proj/locations/global/memberships/bar
rbacrolebindingactuation
Type: STRUCT
Provider name: rbacrolebindingactuation
Description: RBAC Role Binding Actuation feature spec
- allowed_custom_roles
  Type: UNORDERED_LIST_STRING
  Provider name: allowedCustomRoles
  Description: The list of allowed custom roles (ClusterRoles). If a ClusterRole is not part of this list, it cannot be used in a Scope RBACRoleBinding. If a ClusterRole in this list is in use, it cannot be removed from the list.

`state`

Type: STRUCT
Provider name: state
Description: Output only. The Fleet-wide Feature state.

appdevexperience
Type: STRUCT
Provider name: appdevexperience
Description: Appdevexperience specific state.
- networking_install_succeeded
  Type: STRUCT
  Provider name: networkingInstallSucceeded
  Description: Status of subcomponent that detects configured Service Mesh resources.
  - code
    Type: STRING
    Provider name: code
    Description: Code specifies AppDevExperienceFeature’s subcomponent ready state.
    Possible values:
    - CODE_UNSPECIFIED - Not set.
    - OK - AppDevExperienceFeature’s specified subcomponent is ready.
    - FAILED - AppDevExperienceFeature’s specified subcomponent ready state is false. This means AppDevExperienceFeature has encountered an issue that blocks all, or a portion, of its normal operation. See the description for more details.
    - UNKNOWN - AppDevExperienceFeature’s specified subcomponent has a pending or unknown state.
  - description
    Type: STRING
    Provider name: description
    Description: Description is populated if Code is Failed, explaining why it has failed.
clusterupgrade
Type: STRUCT
Provider name: clusterupgrade
Description: ClusterUpgrade fleet-level state.
- downstream_fleets
  Type: UNORDERED_LIST_STRING
  Provider name: downstreamFleets
  Description: This fleets whose upstream_fleets contain the current fleet. The fleet name should be either fleet project number or id.
- gke_state
  Type: STRUCT
  Provider name: gkeState
  Description: Feature state for GKE clusters.
  - conditions
    Type: UNORDERED_LIST_STRUCT
    Provider name: conditions
    Description: Current conditions of the feature.
    - gcp_status
      Type: STRING
      Provider name: status
      Description: Status of the condition, one of True, False, Unknown.
    - reason
      Type: STRING
      Provider name: reason
      Description: Reason why the feature is in this status.
    - type
      Type: STRING
      Provider name: type
      Description: Type of the condition, for example, “ready”.
    - update_time
      Type: TIMESTAMP
      Provider name: updateTime
      Description: Last timestamp the condition was updated.
  - upgrade_state
    Type: UNORDERED_LIST_STRUCT
    Provider name: upgradeState
    Description: Upgrade state. It will eventually replace state.
    - gcp_status
      Type: STRUCT
      Provider name: status
      Description: Status of the upgrade.
      - code
        Type: STRING
        Provider name: code
        Description: Status code of the upgrade.
        Possible values:
        CODE_UNSPECIFIED - Required by https://linter.aip.dev/126/unspecified.
        INELIGIBLE - The upgrade is ineligible. At the scope level, this means the upgrade is ineligible for all the clusters in the scope.
        PENDING - The upgrade is pending. At the scope level, this means the upgrade is pending for all the clusters in the scope.
        IN_PROGRESS - The upgrade is in progress. At the scope level, this means the upgrade is in progress for at least one cluster in the scope.
        SOAKING - The upgrade has finished and is soaking until the soaking time is up. At the scope level, this means at least one cluster is in soaking while the rest are either soaking or complete.
        FORCED_SOAKING - A cluster will be forced to enter soaking if an upgrade doesn’t finish within a certain limit, despite it’s actual status.
        COMPLETE - The upgrade has passed all post conditions (soaking). At the scope level, this means all eligible clusters are in COMPLETE status.
        FORCED_COMPLETE - The upgrade was forced into soaking and the soaking time has passed. This is the equivalent of COMPLETE status for upgrades that were forced into soaking.
      - reason
        Type: STRING
        Provider name: reason
        Description: Reason for this status.
      - update_time
        Type: TIMESTAMP
        Provider name: updateTime
        Description: Last timestamp the status was updated.
    - upgrade
      Type: STRUCT
      Provider name: upgrade
      Description: Which upgrade to track the state.
      - name
        Type: STRING
        Provider name: name
        Description: Name of the upgrade, e.g., “k8s_control_plane”. It should be a valid upgrade name. It must not exceet 99 characters.
      - version
        Type: STRING
        Provider name: version
        Description: Version of the upgrade, e.g., “1.22.1-gke.100”. It should be a valid version. It must not exceet 99 characters.
fleetobservability
Type: STRUCT
Provider name: fleetobservability
Description: FleetObservability feature state.
- logging
  Type: STRUCT
  Provider name: logging
  Description: The feature state of default logging.
  - default_log
    Type: STRUCT
    Provider name: defaultLog
    Description: The base feature state of fleet default log.
    - code
      Type: STRING
      Provider name: code
      Description: The high-level, machine-readable status of this Feature.
      Possible values:
      - CODE_UNSPECIFIED - Unknown or not set.
      - OK - The Feature is operating normally.
      - ERROR - The Feature is encountering errors in the reconciliation. The Feature may need intervention to return to normal operation. See the description and any associated Feature-specific details for more information.
    - errors
      Type: UNORDERED_LIST_STRUCT
      Provider name: errors
      Description: Errors after reconciling the monitoring and logging feature if the code is not OK.
      - code
        Type: STRING
        Provider name: code
        Description: The code of the error.
      - description
        Type: STRING
        Provider name: description
        Description: A human-readable description of the current status.
  - scope_log
    Type: STRUCT
    Provider name: scopeLog
    Description: The base feature state of fleet scope log.
    - code
      Type: STRING
      Provider name: code
      Description: The high-level, machine-readable status of this Feature.
      Possible values:
      - CODE_UNSPECIFIED - Unknown or not set.
      - OK - The Feature is operating normally.
      - ERROR - The Feature is encountering errors in the reconciliation. The Feature may need intervention to return to normal operation. See the description and any associated Feature-specific details for more information.
    - errors
      Type: UNORDERED_LIST_STRUCT
      Provider name: errors
      Description: Errors after reconciling the monitoring and logging feature if the code is not OK.
      - code
        Type: STRING
        Provider name: code
        Description: The code of the error.
      - description
        Type: STRING
        Provider name: description
        Description: A human-readable description of the current status.
- monitoring
  Type: STRUCT
  Provider name: monitoring
  Description: The feature state of fleet monitoring.
  - state
    Type: STRUCT
    Provider name: state
    Description: The base feature state of fleet monitoring feature.
    - code
      Type: STRING
      Provider name: code
      Description: The high-level, machine-readable status of this Feature.
      Possible values:
      - CODE_UNSPECIFIED - Unknown or not set.
      - OK - The Feature is operating normally.
      - ERROR - The Feature is encountering errors in the reconciliation. The Feature may need intervention to return to normal operation. See the description and any associated Feature-specific details for more information.
    - errors
      Type: UNORDERED_LIST_STRUCT
      Provider name: errors
      Description: Errors after reconciling the monitoring and logging feature if the code is not OK.
      - code
        Type: STRING
        Provider name: code
        Description: The code of the error.
      - description
        Type: STRING
        Provider name: description
        Description: A human-readable description of the current status.
rbacrolebindingactuation
Type: STRUCT
Provider name: rbacrolebindingactuation
Description: RBAC Role Binding Actuation feature state
state
Type: STRUCT
Provider name: state
Description: Output only. The “running state” of the Feature in this Fleet.
- code
  Type: STRING
  Provider name: code
  Description: The high-level, machine-readable status of this Feature.
  Possible values:
  - CODE_UNSPECIFIED - Unknown or not set.
  - OK - The Feature is operating normally.
  - WARNING - The Feature has encountered an issue, and is operating in a degraded state. The Feature may need intervention to return to normal operation. See the description and any associated Feature-specific details for more information.
  - ERROR - The Feature is not operating or is in a severely degraded state. The Feature may need intervention to return to normal operation. See the description and any associated Feature-specific details for more information.
- description
  Type: STRING
  Provider name: description
  Description: A human-readable description of the current status.
- update_time
  Type: TIMESTAMP
  Provider name: updateTime
  Description: The time this status and any related Feature-specific details were updated.

`tags`

Type: UNORDERED_LIST_STRING

`unreachable`

Type: UNORDERED_LIST_STRING
Provider name: unreachable
Description: Output only. List of locations that could not be reached while fetching this feature.

`update_time`

Type: TIMESTAMP
Provider name: updateTime
Description: Output only. When the Feature resource was last updated.