문서 > 인프라스트럭처 > Datadog 리소스 카탈로그 >

이 페이지는 아직 영어로 제공되지 않습니다. 번역 작업 중입니다.
현재 번역 프로젝트에 대한 질문이나 피드백이 있으신 경우 언제든지 연락주시기 바랍니다.

gcp_gkehub_membership_feature

`ancestors`

Type: UNORDERED_LIST_STRING

`configmanagement`

Type: STRUCT
Provider name: configmanagement
Description: Config Management-specific spec.

cluster
Type: STRING
Provider name: cluster
Description: Optional. The user-specified cluster name used by Config Sync cluster-name-selector annotation or ClusterSelector, for applying configs to only a subset of clusters. Omit this field if the cluster’s fleet membership name is used by Config Sync cluster-name-selector annotation or ClusterSelector. Set this field if a name different from the cluster’s fleet membership name is used by Config Sync cluster-name-selector annotation or ClusterSelector.
config_sync
Type: STRUCT
Provider name: configSync
Description: Optional. Config Sync configuration for the cluster.
- deployment_overrides
  Type: UNORDERED_LIST_STRUCT
  Provider name: deploymentOverrides
  Description: Optional. Configuration for deployment overrides.
  - containers
    Type: UNORDERED_LIST_STRUCT
    Provider name: containers
    Description: Optional. The containers of the deployment resource to be overridden.
    - container_name
      Type: STRING
      Provider name: containerName
      Description: Required. The name of the container.
    - cpu_limit
      Type: STRING
      Provider name: cpuLimit
      Description: Optional. The cpu limit of the container.
    - cpu_request
      Type: STRING
      Provider name: cpuRequest
      Description: Optional. The cpu request of the container.
    - memory_limit
      Type: STRING
      Provider name: memoryLimit
      Description: Optional. The memory limit of the container.
    - memory_request
      Type: STRING
      Provider name: memoryRequest
      Description: Optional. The memory request of the container.
  - deployment_name
    Type: STRING
    Provider name: deploymentName
    Description: Required. The name of the deployment resource to be overridden.
  - deployment_namespace
    Type: STRING
    Provider name: deploymentNamespace
    Description: Required. The namespace of the deployment resource to be overridden.
- enabled
  Type: BOOLEAN
  Provider name: enabled
  Description: Optional. Enables the installation of ConfigSync. If set to true, ConfigSync resources will be created and the other ConfigSync fields will be applied if exist. If set to false, all other ConfigSync fields will be ignored, ConfigSync resources will be deleted. If omitted, ConfigSync resources will be managed depends on the presence of the git or oci field.
- git
  Type: STRUCT
  Provider name: git
  Description: Optional. Git repo configuration for the cluster.
  - gcp_service_account_email
    Type: STRING
    Provider name: gcpServiceAccountEmail
    Description: Optional. The Google Cloud Service Account Email used for auth when secret_type is gcpServiceAccount.
  - https_proxy
    Type: STRING
    Provider name: httpsProxy
    Description: Optional. URL for the HTTPS proxy to be used when communicating with the Git repo.
  - policy_dir
    Type: STRING
    Provider name: policyDir
    Description: Optional. The path within the Git repository that represents the top level of the repo to sync. Default: the root directory of the repository.
  - secret_type
    Type: STRING
    Provider name: secretType
    Description: Required. Type of secret configured for access to the Git repo. Must be one of ssh, cookiefile, gcenode, token, gcpserviceaccount, githubapp or none. The validation of this is case-sensitive.
  - sync_branch
    Type: STRING
    Provider name: syncBranch
    Description: Optional. The branch of the repository to sync from. Default: master.
  - sync_repo
    Type: STRING
    Provider name: syncRepo
    Description: Required. The URL of the Git repository to use as the source of truth.
  - sync_rev
    Type: STRING
    Provider name: syncRev
    Description: Optional. Git revision (tag or hash) to check out. Default HEAD.
  - sync_wait_secs
    Type: INT64
    Provider name: syncWaitSecs
    Description: Optional. Period in seconds between consecutive syncs. Default: 15.
- metrics_gcp_service_account_email
  Type: STRING
  Provider name: metricsGcpServiceAccountEmail
  Description: Optional. The Email of the Google Cloud Service Account (GSA) used for exporting Config Sync metrics to Cloud Monitoring and Cloud Monarch when Workload Identity is enabled. The GSA should have the Monitoring Metric Writer (roles/monitoring.metricWriter) IAM role. The Kubernetes ServiceAccount default in the namespace config-management-monitoring should be bound to the GSA. Deprecated: If Workload Identity Federation for GKE is enabled, Google Cloud Service Account is no longer needed for exporting Config Sync metrics: https://cloud.google.com/kubernetes-engine/enterprise/config-sync/docs/how-to/monitor-config-sync-cloud-monitoring#custom-monitoring.
- oci
  Type: STRUCT
  Provider name: oci
  Description: Optional. OCI repo configuration for the cluster
  - gcp_service_account_email
    Type: STRING
    Provider name: gcpServiceAccountEmail
    Description: Optional. The Google Cloud Service Account Email used for auth when secret_type is gcpServiceAccount.
  - policy_dir
    Type: STRING
    Provider name: policyDir
    Description: Optional. The absolute path of the directory that contains the local resources. Default: the root directory of the image.
  - secret_type
    Type: STRING
    Provider name: secretType
    Description: Required. Type of secret configured for access to the OCI repo. Must be one of gcenode, gcpserviceaccount, k8sserviceaccount or none. The validation of this is case-sensitive.
  - sync_repo
    Type: STRING
    Provider name: syncRepo
    Description: Required. The OCI image repository URL for the package to sync from. e.g. LOCATION-docker.pkg.dev/PROJECT_ID/REPOSITORY_NAME/PACKAGE_NAME.
  - sync_wait_secs
    Type: INT64
    Provider name: syncWaitSecs
    Description: Optional. Period in seconds between consecutive syncs. Default: 15.
- prevent_drift
  Type: BOOLEAN
  Provider name: preventDrift
  Description: Optional. Set to true to enable the Config Sync admission webhook to prevent drifts. If set to false, disables the Config Sync admission webhook and does not prevent drifts.
- source_format
  Type: STRING
  Provider name: sourceFormat
  Description: Optional. Specifies whether the Config Sync Repo is in “hierarchical” or “unstructured” mode.
- stop_syncing
  Type: BOOLEAN
  Provider name: stopSyncing
  Description: Optional. Set to true to stop syncing configs for a single cluster. Default to false.
hierarchy_controller
Type: STRUCT
Provider name: hierarchyController
Description: Optional. Hierarchy Controller configuration for the cluster. Deprecated: Configuring Hierarchy Controller through the configmanagement feature is no longer recommended. Use https://github.com/kubernetes-sigs/hierarchical-namespaces instead.
- enable_hierarchical_resource_quota
  Type: BOOLEAN
  Provider name: enableHierarchicalResourceQuota
  Description: Whether hierarchical resource quota is enabled in this cluster.
- enable_pod_tree_labels
  Type: BOOLEAN
  Provider name: enablePodTreeLabels
  Description: Whether pod tree labels are enabled in this cluster.
- enabled
  Type: BOOLEAN
  Provider name: enabled
  Description: Whether Hierarchy Controller is enabled in this cluster.
management
Type: STRING
Provider name: management
Description: Optional. Enables automatic Feature management.
Possible values:
- MANAGEMENT_UNSPECIFIED - Unspecified
- MANAGEMENT_AUTOMATIC - Google will manage the Feature for the cluster.
- MANAGEMENT_MANUAL - User will manually manage the Feature for the cluster.
policy_controller
Type: STRUCT
Provider name: policyController
Description: Optional. Policy Controller configuration for the cluster. Deprecated: Configuring Policy Controller through the configmanagement feature is no longer recommended. Use the policycontroller feature instead.
- audit_interval_seconds
  Type: INT64
  Provider name: auditIntervalSeconds
  Description: Sets the interval for Policy Controller Audit Scans (in seconds). When set to 0, this disables audit functionality altogether.
- enabled
  Type: BOOLEAN
  Provider name: enabled
  Description: Enables the installation of Policy Controller. If false, the rest of PolicyController fields take no effect.
- exemptable_namespaces
  Type: UNORDERED_LIST_STRING
  Provider name: exemptableNamespaces
  Description: The set of namespaces that are excluded from Policy Controller checks. Namespaces do not need to currently exist on the cluster.
- log_denies_enabled
  Type: BOOLEAN
  Provider name: logDeniesEnabled
  Description: Logs all denies and dry run failures.
- monitoring
  Type: STRUCT
  Provider name: monitoring
  Description: Monitoring specifies the configuration of monitoring.
  - backends
    Type: UNORDERED_LIST_STRING
    Provider name: backends
    Description: Specifies the list of backends Policy Controller will export to. An empty list would effectively disable metrics export.
- mutation_enabled
  Type: BOOLEAN
  Provider name: mutationEnabled
  Description: Enable or disable mutation in policy controller. If true, mutation CRDs, webhook and controller deployment will be deployed to the cluster.
- referential_rules_enabled
  Type: BOOLEAN
  Provider name: referentialRulesEnabled
  Description: Enables the ability to use Constraint Templates that reference to objects other than the object currently being evaluated.
- template_library_installed
  Type: BOOLEAN
  Provider name: templateLibraryInstalled
  Description: Installs the default template library along with Policy Controller.
- update_time
  Type: TIMESTAMP
  Provider name: updateTime
  Description: Output only. Last time this membership spec was updated.
version
Type: STRING
Provider name: version
Description: Optional. Version of ACM installed.

`fleetobservability`

Type: STRUCT
Provider name: fleetobservability
Description: Fleet observability membership spec

`identityservice`

Type: STRUCT
Provider name: identityservice
Description: Identity Service-specific spec.

auth_methods
Type: UNORDERED_LIST_STRUCT
Provider name: authMethods
Description: A member may support multiple auth methods.
- azuread_config
  Type: STRUCT
  Provider name: azureadConfig
  Description: AzureAD specific Configuration.
  - client_id
    Type: STRING
    Provider name: clientId
    Description: ID for the registered client application that makes authentication requests to the Azure AD identity provider.
  - client_secret
    Type: STRING
    Provider name: clientSecret
    Description: Input only. Unencrypted AzureAD client secret will be passed to the GKE Hub CLH.
  - group_format
    Type: STRING
    Provider name: groupFormat
    Description: Optional. Format of the AzureAD groups that the client wants for auth.
  - kubectl_redirect_uri
    Type: STRING
    Provider name: kubectlRedirectUri
    Description: The redirect URL that kubectl uses for authorization.
  - tenant
    Type: STRING
    Provider name: tenant
    Description: Kind of Azure AD account to be authenticated. Supported values are or for accounts belonging to a specific tenant.
  - user_claim
    Type: STRING
    Provider name: userClaim
    Description: Optional. Claim in the AzureAD ID Token that holds the user details.
- google_config
  Type: STRUCT
  Provider name: googleConfig
  Description: GoogleConfig specific configuration.
  - disable
    Type: BOOLEAN
    Provider name: disable
    Description: Disable automatic configuration of Google Plugin on supported platforms.
- ldap_config
  Type: STRUCT
  Provider name: ldapConfig
  Description: LDAP specific configuration.
  - group
    Type: STRUCT
    Provider name: group
    Description: Optional. Contains the properties for locating and authenticating groups in the directory.
    - base_dn
      Type: STRING
      Provider name: baseDn
      Description: Required. The location of the subtree in the LDAP directory to search for group entries.
    - filter
      Type: STRING
      Provider name: filter
      Description: Optional. Optional filter to be used when searching for groups a user belongs to. This can be used to explicitly match only certain groups in order to reduce the amount of groups returned for each user. This defaults to “(objectClass=Group)”.
    - id_attribute
      Type: STRING
      Provider name: idAttribute
      Description: Optional. The identifying name of each group a user belongs to. For example, if this is set to “distinguishedName” then RBACs and other group expectations should be written as full DNs. This defaults to “distinguishedName”.
  - server
    Type: STRUCT
    Provider name: server
    Description: Required. Server settings for the external LDAP server.
    - connection_type
      Type: STRING
      Provider name: connectionType
      Description: Optional. Defines the connection type to communicate with the LDAP server. If starttls or ldaps is specified, the certificate_authority_data should not be empty.
    - host
      Type: STRING
      Provider name: host
      Description: Required. Defines the hostname or IP of the LDAP server. Port is optional and will default to 389, if unspecified. For example, “ldap.server.example” or “10.10.10.10:389”.
  - service_account
    Type: STRUCT
    Provider name: serviceAccount
    Description: Required. Contains the credentials of the service account which is authorized to perform the LDAP search in the directory. The credentials can be supplied by the combination of the DN and password or the client certificate.
    - simple_bind_credentials
      Type: STRUCT
      Provider name: simpleBindCredentials
      Description: Credentials for basic auth.
      - dn
        Type: STRING
        Provider name: dn
        Description: Required. The distinguished name(DN) of the service account object/user.
      - password
        Type: STRING
        Provider name: password
        Description: Required. Input only. The password of the service account object/user.
  - user
    Type: STRUCT
    Provider name: user
    Description: Required. Defines where users exist in the LDAP directory.
    - base_dn
      Type: STRING
      Provider name: baseDn
      Description: Required. The location of the subtree in the LDAP directory to search for user entries.
    - filter
      Type: STRING
      Provider name: filter
      Description: Optional. Filter to apply when searching for the user. This can be used to further restrict the user accounts which are allowed to login. This defaults to “(objectClass=User)”.
    - id_attribute
      Type: STRING
      Provider name: idAttribute
      Description: Optional. Determines which attribute to use as the user’s identity after they are authenticated. This is distinct from the loginAttribute field to allow users to login with a username, but then have their actual identifier be an email address or full Distinguished Name (DN). For example, setting loginAttribute to “sAMAccountName” and identifierAttribute to “userPrincipalName” would allow a user to login as “bsmith”, but actual RBAC policies for the user would be written as “bsmith@example.com”. Using “userPrincipalName” is recommended since this will be unique for each user. This defaults to “userPrincipalName”.
    - login_attribute
      Type: STRING
      Provider name: loginAttribute
      Description: Optional. The name of the attribute which matches against the input username. This is used to find the user in the LDAP database e.g. “(=)” and is combined with the optional filter field. This defaults to “userPrincipalName”.
- name
  Type: STRING
  Provider name: name
  Description: Identifier for auth config.
- oidc_config
  Type: STRUCT
  Provider name: oidcConfig
  Description: OIDC specific configuration.
  - certificate_authority_data
    Type: STRING
    Provider name: certificateAuthorityData
    Description: PEM-encoded CA for OIDC provider.
  - client_id
    Type: STRING
    Provider name: clientId
    Description: ID for OIDC client application.
  - client_secret
    Type: STRING
    Provider name: clientSecret
    Description: Input only. Unencrypted OIDC client secret will be passed to the GKE Hub CLH.
  - deploy_cloud_console_proxy
    Type: BOOLEAN
    Provider name: deployCloudConsoleProxy
    Description: Flag to denote if reverse proxy is used to connect to auth provider. This flag should be set to true when provider is not reachable by Google Cloud Console.
  - enable_access_token
    Type: BOOLEAN
    Provider name: enableAccessToken
    Description: Enable access token.
  - extra_params
    Type: STRING
    Provider name: extraParams
    Description: Comma-separated list of key-value pairs.
  - group_prefix
    Type: STRING
    Provider name: groupPrefix
    Description: Prefix to prepend to group name.
  - groups_claim
    Type: STRING
    Provider name: groupsClaim
    Description: Claim in OIDC ID token that holds group information.
  - issuer_uri
    Type: STRING
    Provider name: issuerUri
    Description: URI for the OIDC provider. This should point to the level below .well-known/openid-configuration.
  - kubectl_redirect_uri
    Type: STRING
    Provider name: kubectlRedirectUri
    Description: Registered redirect uri to redirect users going through OAuth flow using kubectl plugin.
  - scopes
    Type: STRING
    Provider name: scopes
    Description: Comma-separated list of identifiers.
  - user_claim
    Type: STRING
    Provider name: userClaim
    Description: Claim in OIDC ID token that holds username.
  - user_prefix
    Type: STRING
    Provider name: userPrefix
    Description: Prefix to prepend to user name.
- proxy
  Type: STRING
  Provider name: proxy
  Description: Proxy server address to use for auth method.
- saml_config
  Type: STRUCT
  Provider name: samlConfig
  Description: SAML specific configuration.
  - group_prefix
    Type: STRING
    Provider name: groupPrefix
    Description: Optional. Prefix to prepend to group name.
  - groups_attribute
    Type: STRING
    Provider name: groupsAttribute
    Description: Optional. The SAML attribute to read groups from. This value is expected to be a string and will be passed along as-is (with the option of being prefixed by the group_prefix).
  - identity_provider_certificates
    Type: UNORDERED_LIST_STRING
    Provider name: identityProviderCertificates
    Description: Required. The list of IdP certificates to validate the SAML response against.
  - identity_provider_id
    Type: STRING
    Provider name: identityProviderId
    Description: Required. The entity ID of the SAML IdP.
  - identity_provider_sso_uri
    Type: STRING
    Provider name: identityProviderSsoUri
    Description: Required. The URI where the SAML IdP exposes the SSO service.
  - user_attribute
    Type: STRING
    Provider name: userAttribute
    Description: Optional. The SAML attribute to read username from. If unspecified, the username will be read from the NameID element of the assertion in SAML response. This value is expected to be a string and will be passed along as-is (with the option of being prefixed by the user_prefix).
  - user_prefix
    Type: STRING
    Provider name: userPrefix
    Description: Optional. Prefix to prepend to user name.
identity_service_options
Type: STRUCT
Provider name: identityServiceOptions
Description: Optional. non-protocol-related configuration options.
- diagnostic_interface
  Type: STRUCT
  Provider name: diagnosticInterface
  Description: Configuration options for the AIS diagnostic interface.
  - enabled
    Type: BOOLEAN
    Provider name: enabled
    Description: Determines whether to enable the diagnostic interface.
  - expiration_time
    Type: TIMESTAMP
    Provider name: expirationTime
    Description: Determines the expiration time of the diagnostic interface enablement. When reached, requests to the interface would be automatically rejected.
- session_duration
  Type: STRING
  Provider name: sessionDuration
  Description: Determines the lifespan of STS tokens issued by Anthos Identity Service.

`labels`

Type: UNORDERED_LIST_STRING

`mesh`

Type: STRUCT
Provider name: mesh
Description: Anthos Service Mesh-specific spec

config_api
Type: STRING
Provider name: configApi
Description: Optional. Specifies the API that will be used for configuring the mesh workloads.
Possible values:
- CONFIG_API_UNSPECIFIED - Unspecified
- CONFIG_API_ISTIO - Use the Istio API for configuration.
- CONFIG_API_GATEWAY - Use the K8s Gateway API for configuration.
control_plane
Type: STRING
Provider name: controlPlane
Description: Deprecated: use management instead Enables automatic control plane management.
Possible values:
- CONTROL_PLANE_MANAGEMENT_UNSPECIFIED - Unspecified
- AUTOMATIC - Google should provision a control plane revision and make it available in the cluster. Google will enroll this revision in a release channel and keep it up to date. The control plane revision may be a managed service, or a managed install.
- MANUAL - User will manually configure the control plane (e.g. via CLI, or via the ControlPlaneRevision KRM API)
management
Type: STRING
Provider name: management
Description: Optional. Enables automatic Service Mesh management.
Possible values:
- MANAGEMENT_UNSPECIFIED - Unspecified
- MANAGEMENT_AUTOMATIC - Google should manage my Service Mesh for the cluster.
- MANAGEMENT_MANUAL - User will manually configure their service mesh components.
- MANAGEMENT_NOT_INSTALLED - Google should remove any managed Service Mesh components from this cluster and deprovision any resources.

`organization_id`

Type: STRING

`origin`

Type: STRUCT
Provider name: origin
Description: Whether this per-Membership spec was inherited from a fleet-level default. This field can be updated by users by either overriding a Membership config (updated to USER implicitly) or setting to FLEET explicitly.

type
Type: STRING
Provider name: type
Description: Type specifies which type of origin is set.
Possible values:
- TYPE_UNSPECIFIED - Type is unknown or not set.
- FLEET - Per-Membership spec was inherited from the fleet-level default.
- FLEET_OUT_OF_SYNC - Per-Membership spec was inherited from the fleet-level default but is now out of sync with the current default.
- USER - Per-Membership spec was inherited from a user specification.

`parent`

Type: STRING

`policycontroller`

Type: STRUCT
Provider name: policycontroller
Description: Policy Controller spec.

policy_controller_hub_config
Type: STRUCT
Provider name: policyControllerHubConfig
Description: Policy Controller configuration for the cluster.
- audit_interval_seconds
  Type: INT64
  Provider name: auditIntervalSeconds
  Description: Sets the interval for Policy Controller Audit Scans (in seconds). When set to 0, this disables audit functionality altogether.
- constraint_violation_limit
  Type: INT64
  Provider name: constraintViolationLimit
  Description: The maximum number of audit violations to be stored in a constraint. If not set, the internal default (currently 20) will be used.
- exemptable_namespaces
  Type: UNORDERED_LIST_STRING
  Provider name: exemptableNamespaces
  Description: The set of namespaces that are excluded from Policy Controller checks. Namespaces do not need to currently exist on the cluster.
- install_spec
  Type: STRING
  Provider name: installSpec
  Description: The install_spec represents the intended state specified by the latest request that mutated install_spec in the feature spec, not the lifecycle state of the feature observed by the Hub feature controller that is reported in the feature state.
  Possible values:
  - INSTALL_SPEC_UNSPECIFIED - Spec is unknown.
  - INSTALL_SPEC_NOT_INSTALLED - Request to uninstall Policy Controller.
  - INSTALL_SPEC_ENABLED - Request to install and enable Policy Controller.
  - INSTALL_SPEC_SUSPENDED - Request to suspend Policy Controller i.e. its webhooks. If Policy Controller is not installed, it will be installed but suspended.
  - INSTALL_SPEC_DETACHED - Request to stop all reconciliation actions by PoCo Hub controller. This is a breakglass mechanism to stop PoCo Hub from affecting cluster resources.
- log_denies_enabled
  Type: BOOLEAN
  Provider name: logDeniesEnabled
  Description: Logs all denies and dry run failures.
- monitoring
  Type: STRUCT
  Provider name: monitoring
  Description: Monitoring specifies the configuration of monitoring.
  - backends
    Type: UNORDERED_LIST_STRING
    Provider name: backends
    Description: Specifies the list of backends Policy Controller will export to. An empty list would effectively disable metrics export.
- mutation_enabled
  Type: BOOLEAN
  Provider name: mutationEnabled
  Description: Enables the ability to mutate resources using Policy Controller.
- policy_content
  Type: STRUCT
  Provider name: policyContent
  Description: Specifies the desired policy content on the cluster
  - template_library
    Type: STRUCT
    Provider name: templateLibrary
    Description: Configures the installation of the Template Library.
    - installation
      Type: STRING
      Provider name: installation
      Description: Configures the manner in which the template library is installed on the cluster.
      Possible values:
      - INSTALLATION_UNSPECIFIED - No installation strategy has been specified.
      - NOT_INSTALLED - Do not install the template library.
      - ALL - Install the entire template library.
- referential_rules_enabled
  Type: BOOLEAN
  Provider name: referentialRulesEnabled
  Description: Enables the ability to use Constraint Templates that reference to objects other than the object currently being evaluated.
version
Type: STRING
Provider name: version
Description: Version of Policy Controller installed.

`project_id`

Type: STRING

`project_number`

Type: STRING

`resource_name`

Type: STRING

`tags`

Type: UNORDERED_LIST_STRING