1// Copyright 2021 Google LLC 2// 3// Licensed under the Apache License, Version 2.0 (the "License"); 4// you may not use this file except in compliance with the License. 5// You may obtain a copy of the License at 6// 7// http://www.apache.org/licenses/LICENSE-2.0 8// 9// Unless required by applicable law or agreed to in writing, software 10// distributed under the License is distributed on an "AS IS" BASIS, 11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12// See the License for the specific language governing permissions and 13// limitations under the License. 14 15syntax = "proto3"; 16 17package google.cloud.gkehub.configmanagement.v1; 18 19import "google/protobuf/timestamp.proto"; 20 21option csharp_namespace = "Google.Cloud.GkeHub.ConfigManagement.V1"; 22option go_package = "cloud.google.com/go/gkehub/configmanagement/apiv1/configmanagementpb;configmanagementpb"; 23option java_multiple_files = true; 24option java_outer_classname = "ConfigManagementProto"; 25option java_package = "com.google.cloud.gkehub.configmanagement.v1"; 26option php_namespace = "Google\\Cloud\\GkeHub\\ConfigManagement\\V1"; 27option ruby_package = "Google::Cloud::GkeHub::ConfigManagement::V1"; 28 29// Enum representing the state of an ACM's deployment on a cluster 30enum DeploymentState { 31 // Deployment's state cannot be determined 32 DEPLOYMENT_STATE_UNSPECIFIED = 0; 33 34 // Deployment is not installed 35 NOT_INSTALLED = 1; 36 37 // Deployment is installed 38 INSTALLED = 2; 39 40 // Deployment was attempted to be installed, but has errors 41 ERROR = 3; 42} 43 44// **Anthos Config Management**: State for a single cluster. 45message MembershipState { 46 // The user-defined name for the cluster used by ClusterSelectors to group 47 // clusters together. This should match Membership's membership_name, 48 // unless the user installed ACM on the cluster manually prior to enabling 49 // the ACM hub feature. 50 // Unique within a Anthos Config Management installation. 51 string cluster_name = 1; 52 53 // Membership configuration in the cluster. This represents the actual state 54 // in the cluster, while the MembershipSpec in the FeatureSpec represents 55 // the intended state 56 MembershipSpec membership_spec = 2; 57 58 // Current install status of ACM's Operator 59 OperatorState operator_state = 3; 60 61 // Current sync status 62 ConfigSyncState config_sync_state = 4; 63 64 // PolicyController status 65 PolicyControllerState policy_controller_state = 5; 66 67 // Hierarchy Controller status 68 HierarchyControllerState hierarchy_controller_state = 7; 69} 70 71// **Anthos Config Management**: Configuration for a single cluster. 72// Intended to parallel the ConfigManagement CR. 73message MembershipSpec { 74 // Config Sync configuration for the cluster. 75 ConfigSync config_sync = 1; 76 77 // Policy Controller configuration for the cluster. 78 PolicyController policy_controller = 2; 79 80 // Hierarchy Controller configuration for the cluster. 81 HierarchyControllerConfig hierarchy_controller = 4; 82 83 // Version of ACM installed. 84 string version = 10; 85} 86 87// Configuration for Config Sync 88message ConfigSync { 89 // Git repo configuration for the cluster. 90 GitConfig git = 7; 91 92 // Specifies whether the Config Sync Repo is 93 // in “hierarchical” or “unstructured” mode. 94 string source_format = 8; 95} 96 97// Git repo configuration for a single cluster. 98message GitConfig { 99 // The URL of the Git repository to use as the source of truth. 100 string sync_repo = 1; 101 102 // The branch of the repository to sync from. Default: master. 103 string sync_branch = 2; 104 105 // The path within the Git repository that represents the top level of the 106 // repo to sync. Default: the root directory of the repository. 107 string policy_dir = 3; 108 109 // Period in seconds between consecutive syncs. Default: 15. 110 int64 sync_wait_secs = 4; 111 112 // Git revision (tag or hash) to check out. Default HEAD. 113 string sync_rev = 5; 114 115 // Type of secret configured for access to the Git repo. 116 string secret_type = 6; 117 118 // URL for the HTTPS proxy to be used when communicating with the Git repo. 119 string https_proxy = 7; 120 121 // The GCP Service Account Email used for auth when secret_type is 122 // gcpServiceAccount. 123 string gcp_service_account_email = 8; 124} 125 126// Configuration for Policy Controller 127message PolicyController { 128 // Enables the installation of Policy Controller. 129 // If false, the rest of PolicyController fields take no 130 // effect. 131 bool enabled = 1; 132 133 // Installs the default template library along with Policy Controller. 134 optional bool template_library_installed = 2; 135 136 // Sets the interval for Policy Controller Audit Scans (in seconds). 137 // When set to 0, this disables audit functionality altogether. 138 optional int64 audit_interval_seconds = 3; 139 140 // The set of namespaces that are excluded from Policy Controller checks. 141 // Namespaces do not need to currently exist on the cluster. 142 repeated string exemptable_namespaces = 4; 143 144 // Enables the ability to use Constraint Templates that reference to objects 145 // other than the object currently being evaluated. 146 bool referential_rules_enabled = 5; 147 148 // Logs all denies and dry run failures. 149 bool log_denies_enabled = 6; 150} 151 152// Configuration for Hierarchy Controller 153message HierarchyControllerConfig { 154 // Whether Hierarchy Controller is enabled in this cluster. 155 bool enabled = 1; 156 157 // Whether pod tree labels are enabled in this cluster. 158 bool enable_pod_tree_labels = 2; 159 160 // Whether hierarchical resource quota is enabled in this cluster. 161 bool enable_hierarchical_resource_quota = 3; 162} 163 164// Deployment state for Hierarchy Controller 165message HierarchyControllerDeploymentState { 166 // The deployment state for open source HNC (e.g. v0.7.0-hc.0) 167 DeploymentState hnc = 1; 168 169 // The deployment state for Hierarchy Controller extension (e.g. v0.7.0-hc.1) 170 DeploymentState extension = 2; 171} 172 173// Version for Hierarchy Controller 174message HierarchyControllerVersion { 175 // Version for open source HNC 176 string hnc = 1; 177 178 // Version for Hierarchy Controller extension 179 string extension = 2; 180} 181 182// State for Hierarchy Controller 183message HierarchyControllerState { 184 // The version for Hierarchy Controller 185 HierarchyControllerVersion version = 1; 186 187 // The deployment state for Hierarchy Controller 188 HierarchyControllerDeploymentState state = 2; 189} 190 191// State information for an ACM's Operator 192message OperatorState { 193 // The semenatic version number of the operator 194 string version = 1; 195 196 // The state of the Operator's deployment 197 DeploymentState deployment_state = 2; 198 199 // Install errors. 200 repeated InstallError errors = 3; 201} 202 203// Errors pertaining to the installation of ACM 204message InstallError { 205 // A string representing the user facing error message 206 string error_message = 1; 207} 208 209// State information for ConfigSync 210message ConfigSyncState { 211 // The version of ConfigSync deployed 212 ConfigSyncVersion version = 1; 213 214 // Information about the deployment of ConfigSync, including the version 215 // of the various Pods deployed 216 ConfigSyncDeploymentState deployment_state = 2; 217 218 // The state of ConfigSync's process to sync configs to a cluster 219 SyncState sync_state = 3; 220} 221 222// Specific versioning information pertaining to ConfigSync's Pods 223message ConfigSyncVersion { 224 // Version of the deployed importer pod 225 string importer = 1; 226 227 // Version of the deployed syncer pod 228 string syncer = 2; 229 230 // Version of the deployed git-sync pod 231 string git_sync = 3; 232 233 // Version of the deployed monitor pod 234 string monitor = 4; 235 236 // Version of the deployed reconciler-manager pod 237 string reconciler_manager = 5; 238 239 // Version of the deployed reconciler container in root-reconciler pod 240 string root_reconciler = 6; 241} 242 243// The state of ConfigSync's deployment on a cluster 244message ConfigSyncDeploymentState { 245 // Deployment state of the importer pod 246 DeploymentState importer = 1; 247 248 // Deployment state of the syncer pod 249 DeploymentState syncer = 2; 250 251 // Deployment state of the git-sync pod 252 DeploymentState git_sync = 3; 253 254 // Deployment state of the monitor pod 255 DeploymentState monitor = 4; 256 257 // Deployment state of reconciler-manager pod 258 DeploymentState reconciler_manager = 5; 259 260 // Deployment state of root-reconciler 261 DeploymentState root_reconciler = 6; 262} 263 264// State indicating an ACM's progress syncing configurations to a cluster 265message SyncState { 266 // An enum representing an ACM's status syncing configs to a cluster 267 enum SyncCode { 268 // ACM cannot determine a sync code 269 SYNC_CODE_UNSPECIFIED = 0; 270 271 // ACM successfully synced the git Repo with the cluster 272 SYNCED = 1; 273 274 // ACM is in the progress of syncing a new change 275 PENDING = 2; 276 277 // Indicates an error configuring ACM, and user action is required 278 ERROR = 3; 279 280 // ACM has been installed (operator manifest deployed), 281 // but not configured. 282 NOT_CONFIGURED = 4; 283 284 // ACM has not been installed (no operator pod found) 285 NOT_INSTALLED = 5; 286 287 // Error authorizing with the cluster 288 UNAUTHORIZED = 6; 289 290 // Cluster could not be reached 291 UNREACHABLE = 7; 292 } 293 294 // Token indicating the state of the repo. 295 string source_token = 1; 296 297 // Token indicating the state of the importer. 298 string import_token = 2; 299 300 // Token indicating the state of the syncer. 301 string sync_token = 3; 302 303 // Deprecated: use last_sync_time instead. 304 // Timestamp of when ACM last successfully synced the repo 305 // The time format is specified in https://golang.org/pkg/time/#Time.String 306 string last_sync = 4 [deprecated = true]; 307 308 // Timestamp type of when ACM last successfully synced the repo 309 google.protobuf.Timestamp last_sync_time = 7; 310 311 // Sync status code 312 SyncCode code = 5; 313 314 // A list of errors resulting from problematic configs. 315 // This list will be truncated after 100 errors, although it is 316 // unlikely for that many errors to simultaneously exist. 317 repeated SyncError errors = 6; 318} 319 320// An ACM created error representing a problem syncing configurations 321message SyncError { 322 // An ACM defined error code 323 string code = 1; 324 325 // A description of the error 326 string error_message = 2; 327 328 // A list of config(s) associated with the error, if any 329 repeated ErrorResource error_resources = 3; 330} 331 332// Model for a config file in the git repo with an associated Sync error 333message ErrorResource { 334 // Path in the git repo of the erroneous config 335 string source_path = 1; 336 337 // Metadata name of the resource that is causing an error 338 string resource_name = 2; 339 340 // Namespace of the resource that is causing an error 341 string resource_namespace = 3; 342 343 // Group/version/kind of the resource that is causing an error 344 GroupVersionKind resource_gvk = 4; 345} 346 347// A Kubernetes object's GVK 348message GroupVersionKind { 349 // Kubernetes Group 350 string group = 1; 351 352 // Kubernetes Version 353 string version = 2; 354 355 // Kubernetes Kind 356 string kind = 3; 357} 358 359// State for PolicyControllerState. 360message PolicyControllerState { 361 // The version of Gatekeeper Policy Controller deployed. 362 PolicyControllerVersion version = 1; 363 364 // The state about the policy controller installation. 365 GatekeeperDeploymentState deployment_state = 2; 366} 367 368// The build version of Gatekeeper Policy Controller is using. 369message PolicyControllerVersion { 370 // The gatekeeper image tag that is composed of ACM version, git tag, build 371 // number. 372 string version = 1; 373} 374 375// State of Policy Controller installation. 376message GatekeeperDeploymentState { 377 // Status of gatekeeper-controller-manager pod. 378 DeploymentState gatekeeper_controller_manager_state = 1; 379 380 // Status of gatekeeper-audit deployment. 381 DeploymentState gatekeeper_audit = 2; 382} 383