1// Copyright 2023 Google LLC 2// 3// Licensed under the Apache License, Version 2.0 (the "License"); 4// you may not use this file except in compliance with the License. 5// You may obtain a copy of the License at 6// 7// http://www.apache.org/licenses/LICENSE-2.0 8// 9// Unless required by applicable law or agreed to in writing, software 10// distributed under the License is distributed on an "AS IS" BASIS, 11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12// See the License for the specific language governing permissions and 13// limitations under the License. 14 15syntax = "proto3"; 16 17package google.cloud.edgecontainer.v1; 18 19import "google/api/field_behavior.proto"; 20import "google/api/resource.proto"; 21import "google/protobuf/duration.proto"; 22import "google/protobuf/timestamp.proto"; 23import "google/rpc/status.proto"; 24 25option go_package = "cloud.google.com/go/edgecontainer/apiv1/edgecontainerpb;edgecontainerpb"; 26option java_multiple_files = true; 27option java_outer_classname = "ResourcesProto"; 28option java_package = "com.google.cloud.edgecontainer.v1"; 29option (google.api.resource_definition) = { 30 type: "cloudkms.googleapis.com/CryptoKey" 31 pattern: "projects/{project}/locations/{location}/keyRings/{key_ring}/cryptoKeys/{crypto_key}" 32}; 33option (google.api.resource_definition) = { 34 type: "cloudkms.googleapis.com/CryptoKeyVersion" 35 pattern: "projects/{project}/locations/{location}/keyRings/{key_ring}/cryptoKeys/{crypto_key}/cryptoKeyVersions/{crypto_key_version}" 36}; 37 38// Represents the accessibility state of a customer-managed KMS key used for 39// CMEK integration. 40enum KmsKeyState { 41 // Unspecified. 42 KMS_KEY_STATE_UNSPECIFIED = 0; 43 44 // The key is available for use, and dependent resources should be accessible. 45 KMS_KEY_STATE_KEY_AVAILABLE = 1; 46 47 // The key is unavailable for an unspecified reason. Dependent resources may 48 // be inaccessible. 49 KMS_KEY_STATE_KEY_UNAVAILABLE = 2; 50} 51 52// A Google Distributed Cloud Edge Kubernetes cluster. 53message Cluster { 54 option (google.api.resource) = { 55 type: "edgecontainer.googleapis.com/Cluster" 56 pattern: "projects/{project}/locations/{location}/clusters/{cluster}" 57 }; 58 59 // Configuration of the cluster control plane. 60 message ControlPlane { 61 // Configuration specific to clusters with a control plane hosted remotely. 62 message Remote {} 63 64 // Configuration specific to clusters with a control plane hosted locally. 65 // 66 // Warning: Local control plane clusters must be created in their own 67 // project. Local control plane clusters cannot coexist in the same 68 // project with any other type of clusters, including non-GDCE clusters. 69 // Mixing local control plane GDCE clusters with any other type of 70 // clusters in the same project can result in data loss. 71 message Local { 72 // Name of the Google Distributed Cloud Edge zones where this node pool 73 // will be created. For example: `us-central1-edge-customer-a`. 74 string node_location = 1; 75 76 // The number of nodes to serve as replicas of the Control Plane. 77 int32 node_count = 2; 78 79 // Only machines matching this filter will be allowed to host control 80 // plane nodes. The filtering language accepts strings like "name=<name>", 81 // and is documented here: [AIP-160](https://google.aip.dev/160). 82 string machine_filter = 3; 83 84 // Policy configuration about how user applications are deployed. 85 SharedDeploymentPolicy shared_deployment_policy = 4; 86 } 87 88 // Represents the policy configuration about how user applications are 89 // deployed. 90 enum SharedDeploymentPolicy { 91 // Unspecified. 92 SHARED_DEPLOYMENT_POLICY_UNSPECIFIED = 0; 93 94 // User applications can be deployed both on control plane and worker 95 // nodes. 96 ALLOWED = 1; 97 98 // User applications can not be deployed on control plane nodes and can 99 // only be deployed on worker nodes. 100 DISALLOWED = 2; 101 } 102 103 oneof config { 104 // Remote control plane configuration. 105 Remote remote = 1; 106 107 // Local control plane configuration. 108 // 109 // Warning: Local control plane clusters must be created in their own 110 // project. Local control plane clusters cannot coexist in the same 111 // project with any other type of clusters, including non-GDCE clusters. 112 // Mixing local control plane GDCE clusters with any other type of 113 // clusters in the same project can result in data loss. 114 Local local = 2; 115 } 116 } 117 118 // Config that customers are allowed to define for GDCE system add-ons. 119 message SystemAddonsConfig { 120 // Config for the Ingress add-on which allows customers to create an Ingress 121 // object to manage external access to the servers in a cluster. The add-on 122 // consists of istiod and istio-ingress. 123 message Ingress { 124 // Optional. Whether Ingress is disabled. 125 bool disabled = 1 [(google.api.field_behavior) = OPTIONAL]; 126 127 // Optional. Ingress VIP. 128 string ipv4_vip = 2 [(google.api.field_behavior) = OPTIONAL]; 129 } 130 131 // Optional. Config for Ingress. 132 Ingress ingress = 1 [(google.api.field_behavior) = OPTIONAL]; 133 } 134 135 // Configuration for Customer-managed KMS key support for remote control plane 136 // cluster disk encryption. 137 message ControlPlaneEncryption { 138 // Immutable. The Cloud KMS CryptoKey e.g. 139 // projects/{project}/locations/{location}/keyRings/{keyRing}/cryptoKeys/{cryptoKey} 140 // to use for protecting control plane disks. If not specified, a 141 // Google-managed key will be used instead. 142 string kms_key = 1 [ 143 (google.api.field_behavior) = IMMUTABLE, 144 (google.api.resource_reference) = { 145 type: "cloudkms.googleapis.com/CryptoKey" 146 } 147 ]; 148 149 // Output only. The Cloud KMS CryptoKeyVersion currently in use for 150 // protecting control plane disks. Only applicable if kms_key is set. 151 string kms_key_active_version = 2 [ 152 (google.api.field_behavior) = OUTPUT_ONLY, 153 (google.api.resource_reference) = { 154 type: "cloudkms.googleapis.com/CryptoKeyVersion" 155 } 156 ]; 157 158 // Output only. Availability of the Cloud KMS CryptoKey. If not 159 // `KEY_AVAILABLE`, then nodes may go offline as they cannot access their 160 // local data. This can be caused by a lack of permissions to use the key, 161 // or if the key is disabled or deleted. 162 KmsKeyState kms_key_state = 3 [(google.api.field_behavior) = OUTPUT_ONLY]; 163 164 // Output only. Error status returned by Cloud KMS when using this key. This 165 // field may be populated only if `kms_key_state` is not 166 // `KMS_KEY_STATE_KEY_AVAILABLE`. If populated, this field contains the 167 // error status reported by Cloud KMS. 168 google.rpc.Status kms_status = 4 169 [(google.api.field_behavior) = OUTPUT_ONLY]; 170 } 171 172 // A Maintenance Event is an operation that could cause temporary disruptions 173 // to the cluster workloads, including Google-driven or user-initiated cluster 174 // upgrades, user-initiated cluster configuration changes that require 175 // restarting nodes, etc. 176 message MaintenanceEvent { 177 // Indicates the maintenance event type. 178 enum Type { 179 // Unspecified. 180 TYPE_UNSPECIFIED = 0; 181 182 // Upgrade initiated by users. 183 USER_INITIATED_UPGRADE = 1; 184 185 // Upgrade driven by Google. 186 GOOGLE_DRIVEN_UPGRADE = 2; 187 } 188 189 // Indicates when the maintenance event should be performed. 190 enum Schedule { 191 // Unspecified. 192 SCHEDULE_UNSPECIFIED = 0; 193 194 // Immediately after receiving the request. 195 IMMEDIATELY = 1; 196 } 197 198 // Indicates the maintenance event state. 199 enum State { 200 // Unspecified. 201 STATE_UNSPECIFIED = 0; 202 203 // The maintenance event is ongoing. The cluster might be unusable. 204 RECONCILING = 1; 205 206 // The maintenance event succeeded. 207 SUCCEEDED = 2; 208 209 // The maintenance event failed. 210 FAILED = 3; 211 } 212 213 // Output only. UUID of the maintenance event. 214 string uuid = 1 [(google.api.field_behavior) = OUTPUT_ONLY]; 215 216 // Output only. The target version of the cluster. 217 string target_version = 2 [(google.api.field_behavior) = OUTPUT_ONLY]; 218 219 // Output only. The operation for running the maintenance event. Specified 220 // in the format projects/*/locations/*/operations/*. If the maintenance 221 // event is split into multiple operations (e.g. due to maintenance 222 // windows), the latest one is recorded. 223 string operation = 3 [(google.api.field_behavior) = OUTPUT_ONLY]; 224 225 // Output only. The type of the maintenance event. 226 Type type = 4 [(google.api.field_behavior) = OUTPUT_ONLY]; 227 228 // Output only. The schedule of the maintenance event. 229 Schedule schedule = 5 [(google.api.field_behavior) = OUTPUT_ONLY]; 230 231 // Output only. The state of the maintenance event. 232 State state = 6 [(google.api.field_behavior) = OUTPUT_ONLY]; 233 234 // Output only. The time when the maintenance event request was created. 235 google.protobuf.Timestamp create_time = 7 236 [(google.api.field_behavior) = OUTPUT_ONLY]; 237 238 // Output only. The time when the maintenance event started. 239 google.protobuf.Timestamp start_time = 8 240 [(google.api.field_behavior) = OUTPUT_ONLY]; 241 242 // Output only. The time when the maintenance event ended, either 243 // successfully or not. If the maintenance event is split into multiple 244 // maintenance windows, end_time is only updated when the whole flow ends. 245 google.protobuf.Timestamp end_time = 9 246 [(google.api.field_behavior) = OUTPUT_ONLY]; 247 248 // Output only. The time when the maintenance event message was updated. 249 google.protobuf.Timestamp update_time = 10 250 [(google.api.field_behavior) = OUTPUT_ONLY]; 251 } 252 253 // Configuration of the cluster survivability, e.g., for the case when network 254 // connectivity is lost. 255 message SurvivabilityConfig { 256 // Optional. Time period that allows the cluster nodes to be rebooted and 257 // become functional without network connectivity to Google. The default 0 258 // means not allowed. The maximum is 7 days. 259 google.protobuf.Duration offline_reboot_ttl = 1 260 [(google.api.field_behavior) = OPTIONAL]; 261 } 262 263 // Indicates the status of the cluster. 264 enum Status { 265 // Status unknown. 266 STATUS_UNSPECIFIED = 0; 267 268 // The cluster is being created. 269 PROVISIONING = 1; 270 271 // The cluster is created and fully usable. 272 RUNNING = 2; 273 274 // The cluster is being deleted. 275 DELETING = 3; 276 277 // The status indicates that some errors occurred while reconciling/deleting 278 // the cluster. 279 ERROR = 4; 280 281 // The cluster is undergoing some work such as version upgrades, etc. 282 RECONCILING = 5; 283 } 284 285 // The release channel a cluster is subscribed to. 286 enum ReleaseChannel { 287 // Unspecified release channel. This will default to the REGULAR channel. 288 RELEASE_CHANNEL_UNSPECIFIED = 0; 289 290 // No release channel. 291 NONE = 1; 292 293 // Regular release channel. 294 REGULAR = 2; 295 } 296 297 // Required. The resource name of the cluster. 298 string name = 1 [ 299 (google.api.field_behavior) = REQUIRED, 300 (google.api.resource_reference) = { 301 type: "edgecontainer.googleapis.com/Cluster" 302 } 303 ]; 304 305 // Output only. The time when the cluster was created. 306 google.protobuf.Timestamp create_time = 2 307 [(google.api.field_behavior) = OUTPUT_ONLY]; 308 309 // Output only. The time when the cluster was last updated. 310 google.protobuf.Timestamp update_time = 3 311 [(google.api.field_behavior) = OUTPUT_ONLY]; 312 313 // Labels associated with this resource. 314 map<string, string> labels = 4; 315 316 // Required. Fleet configuration. 317 Fleet fleet = 11 [(google.api.field_behavior) = REQUIRED]; 318 319 // Required. Cluster-wide networking configuration. 320 ClusterNetworking networking = 7 [(google.api.field_behavior) = REQUIRED]; 321 322 // Required. Immutable. RBAC policy that will be applied and managed by GEC. 323 Authorization authorization = 9 [ 324 (google.api.field_behavior) = REQUIRED, 325 (google.api.field_behavior) = IMMUTABLE 326 ]; 327 328 // Optional. The default maximum number of pods per node used if a maximum 329 // value is not specified explicitly for a node pool in this cluster. If 330 // unspecified, the Kubernetes default value will be used. 331 int32 default_max_pods_per_node = 8 [(google.api.field_behavior) = OPTIONAL]; 332 333 // Output only. The IP address of the Kubernetes API server. 334 string endpoint = 6 [(google.api.field_behavior) = OUTPUT_ONLY]; 335 336 // Output only. The port number of the Kubernetes API server. 337 int32 port = 19 [(google.api.field_behavior) = OUTPUT_ONLY]; 338 339 // Output only. The PEM-encoded public certificate of the cluster's CA. 340 string cluster_ca_certificate = 10 341 [(google.api.field_behavior) = OUTPUT_ONLY]; 342 343 // Optional. Cluster-wide maintenance policy configuration. 344 MaintenancePolicy maintenance_policy = 12 345 [(google.api.field_behavior) = OPTIONAL]; 346 347 // Output only. The control plane release version 348 string control_plane_version = 13 [(google.api.field_behavior) = OUTPUT_ONLY]; 349 350 // Output only. The lowest release version among all worker nodes. This field 351 // can be empty if the cluster does not have any worker nodes. 352 string node_version = 14 [(google.api.field_behavior) = OUTPUT_ONLY]; 353 354 // Optional. The configuration of the cluster control plane. 355 ControlPlane control_plane = 15 [(google.api.field_behavior) = OPTIONAL]; 356 357 // Optional. The configuration of the system add-ons. 358 SystemAddonsConfig system_addons_config = 16 359 [(google.api.field_behavior) = OPTIONAL]; 360 361 // Optional. IPv4 address pools for cluster data plane external load 362 // balancing. 363 repeated string external_load_balancer_ipv4_address_pools = 17 364 [(google.api.field_behavior) = OPTIONAL]; 365 366 // Optional. Remote control plane disk encryption options. This field is only 367 // used when enabling CMEK support. 368 ControlPlaneEncryption control_plane_encryption = 18 369 [(google.api.field_behavior) = OPTIONAL]; 370 371 // Output only. The current status of the cluster. 372 Status status = 20 [(google.api.field_behavior) = OUTPUT_ONLY]; 373 374 // Output only. All the maintenance events scheduled for the cluster, 375 // including the ones ongoing, planned for the future and done in the past (up 376 // to 90 days). 377 repeated MaintenanceEvent maintenance_events = 21 378 [(google.api.field_behavior) = OUTPUT_ONLY]; 379 380 // Optional. The target cluster version. For example: "1.5.0". 381 string target_version = 22 [(google.api.field_behavior) = OPTIONAL]; 382 383 // Optional. The release channel a cluster is subscribed to. 384 ReleaseChannel release_channel = 23 [(google.api.field_behavior) = OPTIONAL]; 385 386 // Optional. Configuration of the cluster survivability, e.g., for the case 387 // when network connectivity is lost. Note: This only applies to local control 388 // plane clusters. 389 SurvivabilityConfig survivability_config = 24 390 [(google.api.field_behavior) = OPTIONAL]; 391 392 // Optional. IPv6 address pools for cluster data plane external load 393 // balancing. 394 repeated string external_load_balancer_ipv6_address_pools = 25 395 [(google.api.field_behavior) = OPTIONAL]; 396} 397 398// Cluster-wide networking configuration. 399message ClusterNetworking { 400 // Required. All pods in the cluster are assigned an RFC1918 IPv4 address from 401 // these blocks. Only a single block is supported. This field cannot be 402 // changed after creation. 403 repeated string cluster_ipv4_cidr_blocks = 1 404 [(google.api.field_behavior) = REQUIRED]; 405 406 // Required. All services in the cluster are assigned an RFC1918 IPv4 address 407 // from these blocks. Only a single block is supported. This field cannot be 408 // changed after creation. 409 repeated string services_ipv4_cidr_blocks = 2 410 [(google.api.field_behavior) = REQUIRED]; 411} 412 413// Fleet related configuration. 414// 415// Fleets are a Google Cloud concept for logically organizing clusters, 416// letting you use and manage multi-cluster capabilities and apply 417// consistent policies across your systems. 418message Fleet { 419 // Required. The name of the Fleet host project where this cluster will be 420 // registered. 421 // 422 // Project names are formatted as 423 // `projects/<project-number>`. 424 string project = 1 [(google.api.field_behavior) = REQUIRED]; 425 426 // Output only. The name of the managed Hub Membership resource associated to 427 // this cluster. 428 // 429 // Membership names are formatted as 430 // `projects/<project-number>/locations/global/membership/<cluster-id>`. 431 string membership = 2 [(google.api.field_behavior) = OUTPUT_ONLY]; 432} 433 434// A user principal for an RBAC policy. 435message ClusterUser { 436 // Required. An active Google username. 437 string username = 1 [(google.api.field_behavior) = REQUIRED]; 438} 439 440// RBAC policy that will be applied and managed by GEC. 441message Authorization { 442 // Required. User that will be granted the cluster-admin role on the cluster, 443 // providing full access to the cluster. Currently, this is a singular field, 444 // but will be expanded to allow multiple admins in the future. 445 ClusterUser admin_users = 1 [(google.api.field_behavior) = REQUIRED]; 446} 447 448// A set of Kubernetes nodes in a cluster with common configuration and 449// specification. 450message NodePool { 451 option (google.api.resource) = { 452 type: "edgecontainer.googleapis.com/NodePool" 453 pattern: "projects/{project}/locations/{location}/clusters/{cluster}/nodePools/{node_pool}" 454 }; 455 456 // Configuration for CMEK support for edge machine local disk encryption. 457 message LocalDiskEncryption { 458 // Immutable. The Cloud KMS CryptoKey e.g. 459 // projects/{project}/locations/{location}/keyRings/{keyRing}/cryptoKeys/{cryptoKey} 460 // to use for protecting node local disks. If not specified, a 461 // Google-managed key will be used instead. 462 string kms_key = 1 [ 463 (google.api.field_behavior) = IMMUTABLE, 464 (google.api.resource_reference) = { 465 type: "cloudkms.googleapis.com/CryptoKey" 466 } 467 ]; 468 469 // Output only. The Cloud KMS CryptoKeyVersion currently in use for 470 // protecting node local disks. Only applicable if kms_key is set. 471 string kms_key_active_version = 2 [ 472 (google.api.field_behavior) = OUTPUT_ONLY, 473 (google.api.resource_reference) = { 474 type: "cloudkms.googleapis.com/CryptoKeyVersion" 475 } 476 ]; 477 478 // Output only. Availability of the Cloud KMS CryptoKey. If not 479 // `KEY_AVAILABLE`, then nodes may go offline as they cannot access their 480 // local data. This can be caused by a lack of permissions to use the key, 481 // or if the key is disabled or deleted. 482 KmsKeyState kms_key_state = 3 [(google.api.field_behavior) = OUTPUT_ONLY]; 483 484 // Output only. Error status returned by Cloud KMS when using this key. This 485 // field may be populated only if `kms_key_state` is not 486 // `KMS_KEY_STATE_KEY_AVAILABLE`. If populated, this field contains the 487 // error status reported by Cloud KMS. 488 google.rpc.Status kms_status = 4 489 [(google.api.field_behavior) = OUTPUT_ONLY]; 490 } 491 492 // Configuration for each node in the NodePool 493 message NodeConfig { 494 // Optional. The Kubernetes node labels 495 map<string, string> labels = 1 [(google.api.field_behavior) = OPTIONAL]; 496 } 497 498 // Required. The resource name of the node pool. 499 string name = 1 [ 500 (google.api.field_behavior) = REQUIRED, 501 (google.api.resource_reference) = { 502 type: "edgecontainer.googleapis.com/NodePool" 503 } 504 ]; 505 506 // Output only. The time when the node pool was created. 507 google.protobuf.Timestamp create_time = 2 508 [(google.api.field_behavior) = OUTPUT_ONLY]; 509 510 // Output only. The time when the node pool was last updated. 511 google.protobuf.Timestamp update_time = 3 512 [(google.api.field_behavior) = OUTPUT_ONLY]; 513 514 // Labels associated with this resource. 515 map<string, string> labels = 4; 516 517 // Name of the Google Distributed Cloud Edge zone where this node pool will be 518 // created. For example: `us-central1-edge-customer-a`. 519 string node_location = 8; 520 521 // Required. The number of nodes in the pool. 522 int32 node_count = 6 [(google.api.field_behavior) = REQUIRED]; 523 524 // Only machines matching this filter will be allowed to join the node pool. 525 // The filtering language accepts strings like "name=<name>", and is 526 // documented in more detail in [AIP-160](https://google.aip.dev/160). 527 string machine_filter = 7; 528 529 // Optional. Local disk encryption options. This field is only used when 530 // enabling CMEK support. 531 LocalDiskEncryption local_disk_encryption = 9 532 [(google.api.field_behavior) = OPTIONAL]; 533 534 // Output only. The lowest release version among all worker nodes. 535 string node_version = 10 [(google.api.field_behavior) = OUTPUT_ONLY]; 536 537 // Optional. Configuration for each node in the NodePool 538 NodeConfig node_config = 11 [(google.api.field_behavior) = OPTIONAL]; 539} 540 541// A Google Distributed Cloud Edge machine capable of acting as a Kubernetes 542// node. 543message Machine { 544 option (google.api.resource) = { 545 type: "edgecontainer.googleapis.com/Machine" 546 pattern: "projects/{project}/locations/{location}/machines/{machine}" 547 }; 548 549 // Required. The resource name of the machine. 550 string name = 1 [ 551 (google.api.field_behavior) = REQUIRED, 552 (google.api.resource_reference) = { 553 type: "edgecontainer.googleapis.com/Machine" 554 } 555 ]; 556 557 // Output only. The time when the node pool was created. 558 google.protobuf.Timestamp create_time = 2 559 [(google.api.field_behavior) = OUTPUT_ONLY]; 560 561 // Output only. The time when the node pool was last updated. 562 google.protobuf.Timestamp update_time = 3 563 [(google.api.field_behavior) = OUTPUT_ONLY]; 564 565 // Labels associated with this resource. 566 map<string, string> labels = 4; 567 568 // Canonical resource name of the node that this machine is responsible for 569 // hosting e.g. 570 // projects/{project}/locations/{location}/clusters/{cluster_id}/nodePools/{pool_id}/{node}, 571 // Or empty if the machine is not assigned to assume the role of a node. 572 // 573 // For control plane nodes hosted on edge machines, this will return 574 // the following format: 575 // "projects/{project}/locations/{location}/clusters/{cluster_id}/controlPlaneNodes/{node}". 576 string hosted_node = 5; 577 578 // The Google Distributed Cloud Edge zone of this machine. 579 string zone = 6; 580 581 // Output only. The software version of the machine. 582 string version = 7 [(google.api.field_behavior) = OUTPUT_ONLY]; 583 584 // Output only. Whether the machine is disabled. If disabled, the machine is 585 // unable to enter service. 586 bool disabled = 8 [(google.api.field_behavior) = OUTPUT_ONLY]; 587} 588 589// A VPN connection . 590message VpnConnection { 591 option (google.api.resource) = { 592 type: "edgecontainer.googleapis.com/VpnConnection" 593 pattern: "projects/{project}/locations/{location}/vpnConnections/{vpn_connection}" 594 }; 595 596 // Project detail of the VPC network. 597 message VpcProject { 598 // The project of the VPC to connect to. If not specified, it is the same as 599 // the cluster project. 600 string project_id = 1; 601 602 // Optional. The service account in the VPC project configured by user. It 603 // is used to create/delete Cloud Router and Cloud HA VPNs for VPN 604 // connection. If this SA is changed during/after a VPN connection is 605 // created, you need to remove the Cloud Router and Cloud VPN resources in 606 // |project_id|. It is in the form of 607 // service-{project_number}@gcp-sa-edgecontainer.iam.gserviceaccount.com. 608 string service_account = 2 609 [deprecated = true, (google.api.field_behavior) = OPTIONAL]; 610 } 611 612 // The created connection details. 613 message Details { 614 // The Cloud Router info. 615 message CloudRouter { 616 // The associated Cloud Router name. 617 string name = 1; 618 } 619 620 // The Cloud VPN info. 621 message CloudVpn { 622 // The created Cloud VPN gateway name. 623 string gateway = 1; 624 } 625 626 // The current connection state. 627 enum State { 628 // Unknown. 629 STATE_UNSPECIFIED = 0; 630 631 // Connected. 632 STATE_CONNECTED = 1; 633 634 // Still connecting. 635 STATE_CONNECTING = 2; 636 637 // Error occurred. 638 STATE_ERROR = 3; 639 } 640 641 // The state of this connection. 642 State state = 1; 643 644 // The error message. This is only populated when state=ERROR. 645 string error = 2; 646 647 // The Cloud Router info. 648 CloudRouter cloud_router = 3; 649 650 // Each connection has multiple Cloud VPN gateways. 651 repeated CloudVpn cloud_vpns = 4; 652 } 653 654 // Routing mode. 655 enum BgpRoutingMode { 656 // Unknown. 657 BGP_ROUTING_MODE_UNSPECIFIED = 0; 658 659 // Regional mode. 660 REGIONAL = 1; 661 662 // Global mode. 663 GLOBAL = 2; 664 } 665 666 // Required. The resource name of VPN connection 667 string name = 1 [ 668 (google.api.field_behavior) = REQUIRED, 669 (google.api.resource_reference) = { 670 type: "edgecontainer.googleapis.com/VpnConnection" 671 } 672 ]; 673 674 // Output only. The time when the VPN connection was created. 675 google.protobuf.Timestamp create_time = 2 676 [(google.api.field_behavior) = OUTPUT_ONLY]; 677 678 // Output only. The time when the VPN connection was last updated. 679 google.protobuf.Timestamp update_time = 3 680 [(google.api.field_behavior) = OUTPUT_ONLY]; 681 682 // Labels associated with this resource. 683 map<string, string> labels = 4; 684 685 // NAT gateway IP, or WAN IP address. If a customer has multiple NAT IPs, the 686 // customer needs to configure NAT such that only one external IP maps to the 687 // GMEC Anthos cluster. This is empty if NAT is not used. 688 string nat_gateway_ip = 5; 689 690 // Dynamic routing mode of the VPC network, `regional` or `global`. 691 BgpRoutingMode bgp_routing_mode = 6 [deprecated = true]; 692 693 // The canonical Cluster name to connect to. It is in the form of 694 // projects/{project}/locations/{location}/clusters/{cluster}. 695 string cluster = 7 [(google.api.resource_reference) = { 696 type: "edgecontainer.googleapis.com/Cluster" 697 }]; 698 699 // The network ID of VPC to connect to. 700 string vpc = 8; 701 702 // Optional. Project detail of the VPC network. Required if VPC is in a 703 // different project than the cluster project. 704 VpcProject vpc_project = 11 [(google.api.field_behavior) = OPTIONAL]; 705 706 // Whether this VPN connection has HA enabled on cluster side. If enabled, 707 // when creating VPN connection we will attempt to use 2 ANG floating IPs. 708 bool enable_high_availability = 9; 709 710 // Optional. The VPN connection Cloud Router name. 711 string router = 12 [(google.api.field_behavior) = OPTIONAL]; 712 713 // Output only. The created connection details. 714 Details details = 10 [(google.api.field_behavior) = OUTPUT_ONLY]; 715} 716 717// Metadata for a given 718// [google.cloud.location.Location][google.cloud.location.Location]. 719message LocationMetadata { 720 // The set of available Google Distributed Cloud Edge zones in the location. 721 // The map is keyed by the lowercase ID of each zone. 722 map<string, ZoneMetadata> available_zones = 1; 723} 724 725// A Google Distributed Cloud Edge zone where edge machines are located. 726message ZoneMetadata { 727 // Type of the rack. 728 enum RackType { 729 // Unspecified rack type, single rack also belongs to this type. 730 RACK_TYPE_UNSPECIFIED = 0; 731 732 // Base rack type, a pair of two modified Config-1 racks containing 733 // Aggregation switches. 734 BASE = 1; 735 736 // Expansion rack type, also known as standalone racks, 737 // added by customers on demand. 738 EXPANSION = 2; 739 } 740 741 // Quota for resources in this zone. 742 repeated Quota quota = 1; 743 744 // The map keyed by rack name and has value of RackType. 745 map<string, RackType> rack_types = 2; 746} 747 748// Represents quota for Edge Container resources. 749message Quota { 750 // Name of the quota metric. 751 string metric = 1; 752 753 // Quota limit for this metric. 754 double limit = 2; 755 756 // Current usage of this metric. 757 double usage = 3; 758} 759 760// Maintenance policy configuration. 761message MaintenancePolicy { 762 // Specifies the maintenance window in which maintenance may be performed. 763 MaintenanceWindow window = 1; 764} 765 766// Maintenance window configuration 767message MaintenanceWindow { 768 // Configuration of a recurring maintenance window. 769 RecurringTimeWindow recurring_window = 1; 770} 771 772// Represents an arbitrary window of time that recurs. 773message RecurringTimeWindow { 774 // The window of the first recurrence. 775 TimeWindow window = 1; 776 777 // An RRULE (https://tools.ietf.org/html/rfc5545#section-3.8.5.3) for how 778 // this window recurs. They go on for the span of time between the start and 779 // end time. 780 string recurrence = 2; 781} 782 783// Represents an arbitrary window of time. 784message TimeWindow { 785 // The time that the window first starts. 786 google.protobuf.Timestamp start_time = 1; 787 788 // The time that the window ends. The end time must take place after the 789 // start time. 790 google.protobuf.Timestamp end_time = 2; 791} 792 793// Server configuration for supported versions and release channels. 794message ServerConfig { 795 // Output only. Mapping from release channel to channel config. 796 map<string, ChannelConfig> channels = 1 797 [(google.api.field_behavior) = OUTPUT_ONLY]; 798 799 // Output only. Supported versions, e.g.: ["1.4.0", "1.5.0"]. 800 repeated Version versions = 2 [(google.api.field_behavior) = OUTPUT_ONLY]; 801 802 // Output only. Default version, e.g.: "1.4.0". 803 string default_version = 3 [(google.api.field_behavior) = OUTPUT_ONLY]; 804} 805 806// Configuration for a release channel. 807message ChannelConfig { 808 // Output only. Default version for this release channel, e.g.: "1.4.0". 809 string default_version = 1 [(google.api.field_behavior) = OUTPUT_ONLY]; 810} 811 812// Version of a cluster. 813message Version { 814 // Output only. Name of the version, e.g.: "1.4.0". 815 string name = 1 [(google.api.field_behavior) = OUTPUT_ONLY]; 816} 817