gkehub/v1/membership.proto

*d5c09012SAndroid Build Coastguard Worker// Copyright 2023 Google LLC
*d5c09012SAndroid Build Coastguard Worker//
*d5c09012SAndroid Build Coastguard Worker// Licensed under the Apache License, Version 2.0 (the "License");
*d5c09012SAndroid Build Coastguard Worker// you may not use this file except in compliance with the License.
*d5c09012SAndroid Build Coastguard Worker// You may obtain a copy of the License at
*d5c09012SAndroid Build Coastguard Worker//
*d5c09012SAndroid Build Coastguard Worker//     http://www.apache.org/licenses/LICENSE-2.0
*d5c09012SAndroid Build Coastguard Worker//
*d5c09012SAndroid Build Coastguard Worker// Unless required by applicable law or agreed to in writing, software
*d5c09012SAndroid Build Coastguard Worker// distributed under the License is distributed on an "AS IS" BASIS,
*d5c09012SAndroid Build Coastguard Worker// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
*d5c09012SAndroid Build Coastguard Worker// See the License for the specific language governing permissions and
*d5c09012SAndroid Build Coastguard Worker// limitations under the License.
*d5c09012SAndroid Build Coastguard Worker
*d5c09012SAndroid Build Coastguard Workersyntax = "proto3";
*d5c09012SAndroid Build Coastguard Worker
*d5c09012SAndroid Build Coastguard Workerpackage google.cloud.gkehub.v1;
*d5c09012SAndroid Build Coastguard Worker
*d5c09012SAndroid Build Coastguard Workerimport "google/api/field_behavior.proto";
*d5c09012SAndroid Build Coastguard Workerimport "google/api/resource.proto";
*d5c09012SAndroid Build Coastguard Workerimport "google/protobuf/timestamp.proto";
*d5c09012SAndroid Build Coastguard Worker
*d5c09012SAndroid Build Coastguard Workeroption csharp_namespace = "Google.Cloud.GkeHub.V1";
*d5c09012SAndroid Build Coastguard Workeroption go_package = "cloud.google.com/go/gkehub/apiv1/gkehubpb;gkehubpb";
*d5c09012SAndroid Build Coastguard Workeroption java_multiple_files = true;
*d5c09012SAndroid Build Coastguard Workeroption java_outer_classname = "MembershipProto";
*d5c09012SAndroid Build Coastguard Workeroption java_package = "com.google.cloud.gkehub.v1";
*d5c09012SAndroid Build Coastguard Workeroption php_namespace = "Google\\Cloud\\GkeHub\\V1";
*d5c09012SAndroid Build Coastguard Workeroption ruby_package = "Google::Cloud::GkeHub::V1";
*d5c09012SAndroid Build Coastguard Worker
*d5c09012SAndroid Build Coastguard Worker// Membership contains information about a member cluster.
*d5c09012SAndroid Build Coastguard Workermessage Membership {
*d5c09012SAndroid Build Coastguard Worker  option (google.api.resource) = {
*d5c09012SAndroid Build Coastguard Worker    type: "gkehub.googleapis.com/Membership"
*d5c09012SAndroid Build Coastguard Worker    pattern: "projects/{project}/locations/{location}/memberships/{membership}"
*d5c09012SAndroid Build Coastguard Worker  };
*d5c09012SAndroid Build Coastguard Worker
*d5c09012SAndroid Build Coastguard Worker  // Type of resource represented by this Membership
*d5c09012SAndroid Build Coastguard Worker  oneof type {
*d5c09012SAndroid Build Coastguard Worker    // Optional. Endpoint information to reach this member.
*d5c09012SAndroid Build Coastguard Worker    MembershipEndpoint endpoint = 4 [(google.api.field_behavior) = OPTIONAL];
*d5c09012SAndroid Build Coastguard Worker  }
*d5c09012SAndroid Build Coastguard Worker
*d5c09012SAndroid Build Coastguard Worker  // Output only. The full, unique name of this Membership resource in the
*d5c09012SAndroid Build Coastguard Worker  // format `projects/*/locations/*/memberships/{membership_id}`, set during
*d5c09012SAndroid Build Coastguard Worker  // creation.
*d5c09012SAndroid Build Coastguard Worker  //
*d5c09012SAndroid Build Coastguard Worker  // `membership_id` must be a valid RFC 1123 compliant DNS label:
*d5c09012SAndroid Build Coastguard Worker  //
*d5c09012SAndroid Build Coastguard Worker  //   1. At most 63 characters in length
*d5c09012SAndroid Build Coastguard Worker  //   2. It must consist of lower case alphanumeric characters or `-`
*d5c09012SAndroid Build Coastguard Worker  //   3. It must start and end with an alphanumeric character
*d5c09012SAndroid Build Coastguard Worker  //
*d5c09012SAndroid Build Coastguard Worker  // Which can be expressed as the regex: `[a-z0-9]([-a-z0-9]*[a-z0-9])?`,
*d5c09012SAndroid Build Coastguard Worker  // with a maximum length of 63 characters.
*d5c09012SAndroid Build Coastguard Worker  string name = 1 [(google.api.field_behavior) = OUTPUT_ONLY];
*d5c09012SAndroid Build Coastguard Worker
*d5c09012SAndroid Build Coastguard Worker  // Optional. Labels for this membership.
*d5c09012SAndroid Build Coastguard Worker  map<string, string> labels = 2 [(google.api.field_behavior) = OPTIONAL];
*d5c09012SAndroid Build Coastguard Worker
*d5c09012SAndroid Build Coastguard Worker  // Output only. Description of this membership, limited to 63 characters.
*d5c09012SAndroid Build Coastguard Worker  // Must match the regex: `[a-zA-Z0-9][a-zA-Z0-9_\-\.\ ]*`
*d5c09012SAndroid Build Coastguard Worker  //
*d5c09012SAndroid Build Coastguard Worker  // This field is present for legacy purposes.
*d5c09012SAndroid Build Coastguard Worker  string description = 3 [(google.api.field_behavior) = OUTPUT_ONLY];
*d5c09012SAndroid Build Coastguard Worker
*d5c09012SAndroid Build Coastguard Worker  // Output only. State of the Membership resource.
*d5c09012SAndroid Build Coastguard Worker  MembershipState state = 5 [(google.api.field_behavior) = OUTPUT_ONLY];
*d5c09012SAndroid Build Coastguard Worker
*d5c09012SAndroid Build Coastguard Worker  // Output only. When the Membership was created.
*d5c09012SAndroid Build Coastguard Worker  google.protobuf.Timestamp create_time = 6
*d5c09012SAndroid Build Coastguard Worker      [(google.api.field_behavior) = OUTPUT_ONLY];
*d5c09012SAndroid Build Coastguard Worker
*d5c09012SAndroid Build Coastguard Worker  // Output only. When the Membership was last updated.
*d5c09012SAndroid Build Coastguard Worker  google.protobuf.Timestamp update_time = 7
*d5c09012SAndroid Build Coastguard Worker      [(google.api.field_behavior) = OUTPUT_ONLY];
*d5c09012SAndroid Build Coastguard Worker
*d5c09012SAndroid Build Coastguard Worker  // Output only. When the Membership was deleted.
*d5c09012SAndroid Build Coastguard Worker  google.protobuf.Timestamp delete_time = 8
*d5c09012SAndroid Build Coastguard Worker      [(google.api.field_behavior) = OUTPUT_ONLY];
*d5c09012SAndroid Build Coastguard Worker
*d5c09012SAndroid Build Coastguard Worker  // Optional. An externally-generated and managed ID for this Membership. This
*d5c09012SAndroid Build Coastguard Worker  // ID may be modified after creation, but this is not recommended.
*d5c09012SAndroid Build Coastguard Worker  //
*d5c09012SAndroid Build Coastguard Worker  // The ID must match the regex: `[a-zA-Z0-9][a-zA-Z0-9_\-\.]*`
*d5c09012SAndroid Build Coastguard Worker  //
*d5c09012SAndroid Build Coastguard Worker  // If this Membership represents a Kubernetes cluster, this value should be
*d5c09012SAndroid Build Coastguard Worker  // set to the UID of the `kube-system` namespace object.
*d5c09012SAndroid Build Coastguard Worker  string external_id = 9 [(google.api.field_behavior) = OPTIONAL];
*d5c09012SAndroid Build Coastguard Worker
*d5c09012SAndroid Build Coastguard Worker  // Output only. For clusters using Connect, the timestamp of the most recent
*d5c09012SAndroid Build Coastguard Worker  // connection established with Google Cloud. This time is updated every
*d5c09012SAndroid Build Coastguard Worker  // several minutes, not continuously. For clusters that do not use GKE
*d5c09012SAndroid Build Coastguard Worker  // Connect, or that have never connected successfully, this field will be
*d5c09012SAndroid Build Coastguard Worker  // unset.
*d5c09012SAndroid Build Coastguard Worker  google.protobuf.Timestamp last_connection_time = 10
*d5c09012SAndroid Build Coastguard Worker      [(google.api.field_behavior) = OUTPUT_ONLY];
*d5c09012SAndroid Build Coastguard Worker
*d5c09012SAndroid Build Coastguard Worker  // Output only. Google-generated UUID for this resource. This is unique across
*d5c09012SAndroid Build Coastguard Worker  // all Membership resources. If a Membership resource is deleted and another
*d5c09012SAndroid Build Coastguard Worker  // resource with the same name is created, it gets a different unique_id.
*d5c09012SAndroid Build Coastguard Worker  string unique_id = 11 [(google.api.field_behavior) = OUTPUT_ONLY];
*d5c09012SAndroid Build Coastguard Worker
*d5c09012SAndroid Build Coastguard Worker  // Optional. How to identify workloads from this Membership.
*d5c09012SAndroid Build Coastguard Worker  // See the documentation on Workload Identity for more details:
*d5c09012SAndroid Build Coastguard Worker  // https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity
*d5c09012SAndroid Build Coastguard Worker  Authority authority = 12 [(google.api.field_behavior) = OPTIONAL];
*d5c09012SAndroid Build Coastguard Worker
*d5c09012SAndroid Build Coastguard Worker  // Optional. The monitoring config information for this membership.
*d5c09012SAndroid Build Coastguard Worker  MonitoringConfig monitoring_config = 14
*d5c09012SAndroid Build Coastguard Worker      [(google.api.field_behavior) = OPTIONAL];
*d5c09012SAndroid Build Coastguard Worker}
*d5c09012SAndroid Build Coastguard Worker
*d5c09012SAndroid Build Coastguard Worker// MembershipEndpoint contains information needed to contact a Kubernetes API,
*d5c09012SAndroid Build Coastguard Worker// endpoint and any additional Kubernetes metadata.
*d5c09012SAndroid Build Coastguard Workermessage MembershipEndpoint {
*d5c09012SAndroid Build Coastguard Worker  // Optional. GKE-specific information. Only present if this Membership is a GKE cluster.
*d5c09012SAndroid Build Coastguard Worker    GkeCluster gke_cluster = 1 [(google.api.field_behavior) = OPTIONAL];
*d5c09012SAndroid Build Coastguard Worker
*d5c09012SAndroid Build Coastguard Worker  // Output only. Useful Kubernetes-specific metadata.
*d5c09012SAndroid Build Coastguard Worker  KubernetesMetadata kubernetes_metadata = 2
*d5c09012SAndroid Build Coastguard Worker      [(google.api.field_behavior) = OUTPUT_ONLY];
*d5c09012SAndroid Build Coastguard Worker
*d5c09012SAndroid Build Coastguard Worker  // Optional. The in-cluster Kubernetes Resources that should be applied for a
*d5c09012SAndroid Build Coastguard Worker  // correctly registered cluster, in the steady state. These resources:
*d5c09012SAndroid Build Coastguard Worker  //
*d5c09012SAndroid Build Coastguard Worker  //   * Ensure that the cluster is exclusively registered to one and only one
*d5c09012SAndroid Build Coastguard Worker  //     Hub Membership.
*d5c09012SAndroid Build Coastguard Worker  //   * Propagate Workload Pool Information available in the Membership
*d5c09012SAndroid Build Coastguard Worker  //     Authority field.
*d5c09012SAndroid Build Coastguard Worker  //   * Ensure proper initial configuration of default Hub Features.
*d5c09012SAndroid Build Coastguard Worker  KubernetesResource kubernetes_resource = 3
*d5c09012SAndroid Build Coastguard Worker      [(google.api.field_behavior) = OPTIONAL];
*d5c09012SAndroid Build Coastguard Worker
*d5c09012SAndroid Build Coastguard Worker  // Output only. Whether the lifecycle of this membership is managed by a
*d5c09012SAndroid Build Coastguard Worker  // google cluster platform service.
*d5c09012SAndroid Build Coastguard Worker  bool google_managed = 8 [(google.api.field_behavior) = OUTPUT_ONLY];
*d5c09012SAndroid Build Coastguard Worker}
*d5c09012SAndroid Build Coastguard Worker
*d5c09012SAndroid Build Coastguard Worker// KubernetesResource contains the YAML manifests and configuration for
*d5c09012SAndroid Build Coastguard Worker// Membership Kubernetes resources in the cluster. After CreateMembership or
*d5c09012SAndroid Build Coastguard Worker// UpdateMembership, these resources should be re-applied in the cluster.
*d5c09012SAndroid Build Coastguard Workermessage KubernetesResource {
*d5c09012SAndroid Build Coastguard Worker  // Input only. The YAML representation of the Membership CR. This field is
*d5c09012SAndroid Build Coastguard Worker  // ignored for GKE clusters where Hub can read the CR directly.
*d5c09012SAndroid Build Coastguard Worker  //
*d5c09012SAndroid Build Coastguard Worker  // Callers should provide the CR that is currently present in the cluster
*d5c09012SAndroid Build Coastguard Worker  // during CreateMembership or UpdateMembership, or leave this field empty if
*d5c09012SAndroid Build Coastguard Worker  // none exists. The CR manifest is used to validate the cluster has not been
*d5c09012SAndroid Build Coastguard Worker  // registered with another Membership.
*d5c09012SAndroid Build Coastguard Worker  string membership_cr_manifest = 1 [(google.api.field_behavior) = INPUT_ONLY];
*d5c09012SAndroid Build Coastguard Worker
*d5c09012SAndroid Build Coastguard Worker  // Output only. Additional Kubernetes resources that need to be applied to the
*d5c09012SAndroid Build Coastguard Worker  // cluster after Membership creation, and after every update.
*d5c09012SAndroid Build Coastguard Worker  //
*d5c09012SAndroid Build Coastguard Worker  // This field is only populated in the Membership returned from a successful
*d5c09012SAndroid Build Coastguard Worker  // long-running operation from CreateMembership or UpdateMembership. It is not
*d5c09012SAndroid Build Coastguard Worker  // populated during normal GetMembership or ListMemberships requests. To get
*d5c09012SAndroid Build Coastguard Worker  // the resource manifest after the initial registration, the caller should
*d5c09012SAndroid Build Coastguard Worker  // make a UpdateMembership call with an empty field mask.
*d5c09012SAndroid Build Coastguard Worker  repeated ResourceManifest membership_resources = 2
*d5c09012SAndroid Build Coastguard Worker      [(google.api.field_behavior) = OUTPUT_ONLY];
*d5c09012SAndroid Build Coastguard Worker
*d5c09012SAndroid Build Coastguard Worker  // Output only. The Kubernetes resources for installing the GKE Connect agent
*d5c09012SAndroid Build Coastguard Worker  //
*d5c09012SAndroid Build Coastguard Worker  // This field is only populated in the Membership returned from a successful
*d5c09012SAndroid Build Coastguard Worker  // long-running operation from CreateMembership or UpdateMembership. It is not
*d5c09012SAndroid Build Coastguard Worker  // populated during normal GetMembership or ListMemberships requests. To get
*d5c09012SAndroid Build Coastguard Worker  // the resource manifest after the initial registration, the caller should
*d5c09012SAndroid Build Coastguard Worker  // make a UpdateMembership call with an empty field mask.
*d5c09012SAndroid Build Coastguard Worker  repeated ResourceManifest connect_resources = 3
*d5c09012SAndroid Build Coastguard Worker      [(google.api.field_behavior) = OUTPUT_ONLY];
*d5c09012SAndroid Build Coastguard Worker
*d5c09012SAndroid Build Coastguard Worker  // Optional. Options for Kubernetes resource generation.
*d5c09012SAndroid Build Coastguard Worker  ResourceOptions resource_options = 4 [(google.api.field_behavior) = OPTIONAL];
*d5c09012SAndroid Build Coastguard Worker}
*d5c09012SAndroid Build Coastguard Worker
*d5c09012SAndroid Build Coastguard Worker// ResourceOptions represent options for Kubernetes resource generation.
*d5c09012SAndroid Build Coastguard Workermessage ResourceOptions {
*d5c09012SAndroid Build Coastguard Worker  // Optional. The Connect agent version to use for connect_resources. Defaults
*d5c09012SAndroid Build Coastguard Worker  // to the latest GKE Connect version. The version must be a currently
*d5c09012SAndroid Build Coastguard Worker  // supported version, obsolete versions will be rejected.
*d5c09012SAndroid Build Coastguard Worker  string connect_version = 1 [(google.api.field_behavior) = OPTIONAL];
*d5c09012SAndroid Build Coastguard Worker
*d5c09012SAndroid Build Coastguard Worker  // Optional. Use `apiextensions/v1beta1` instead of `apiextensions/v1` for
*d5c09012SAndroid Build Coastguard Worker  // CustomResourceDefinition resources.
*d5c09012SAndroid Build Coastguard Worker  // This option should be set for clusters with Kubernetes apiserver versions
*d5c09012SAndroid Build Coastguard Worker  // <1.16.
*d5c09012SAndroid Build Coastguard Worker  bool v1beta1_crd = 2 [(google.api.field_behavior) = OPTIONAL];
*d5c09012SAndroid Build Coastguard Worker
*d5c09012SAndroid Build Coastguard Worker  // Optional. Major version of the Kubernetes cluster. This is only used to
*d5c09012SAndroid Build Coastguard Worker  // determine which version to use for the CustomResourceDefinition resources,
*d5c09012SAndroid Build Coastguard Worker  // `apiextensions/v1beta1` or`apiextensions/v1`.
*d5c09012SAndroid Build Coastguard Worker  string k8s_version = 3 [(google.api.field_behavior) = OPTIONAL];
*d5c09012SAndroid Build Coastguard Worker}
*d5c09012SAndroid Build Coastguard Worker
*d5c09012SAndroid Build Coastguard Worker// ResourceManifest represents a single Kubernetes resource to be applied to
*d5c09012SAndroid Build Coastguard Worker// the cluster.
*d5c09012SAndroid Build Coastguard Workermessage ResourceManifest {
*d5c09012SAndroid Build Coastguard Worker  // YAML manifest of the resource.
*d5c09012SAndroid Build Coastguard Worker  string manifest = 1;
*d5c09012SAndroid Build Coastguard Worker
*d5c09012SAndroid Build Coastguard Worker  // Whether the resource provided in the manifest is `cluster_scoped`.
*d5c09012SAndroid Build Coastguard Worker  // If unset, the manifest is assumed to be namespace scoped.
*d5c09012SAndroid Build Coastguard Worker  //
*d5c09012SAndroid Build Coastguard Worker  // This field is used for REST mapping when applying the resource in a
*d5c09012SAndroid Build Coastguard Worker  // cluster.
*d5c09012SAndroid Build Coastguard Worker  bool cluster_scoped = 2;
*d5c09012SAndroid Build Coastguard Worker}
*d5c09012SAndroid Build Coastguard Worker
*d5c09012SAndroid Build Coastguard Worker// GkeCluster contains information specific to GKE clusters.
*d5c09012SAndroid Build Coastguard Workermessage GkeCluster {
*d5c09012SAndroid Build Coastguard Worker  // Immutable. Self-link of the Google Cloud resource for the GKE cluster. For
*d5c09012SAndroid Build Coastguard Worker  // example:
*d5c09012SAndroid Build Coastguard Worker  //
*d5c09012SAndroid Build Coastguard Worker  // //container.googleapis.com/projects/my-project/locations/us-west1-a/clusters/my-cluster
*d5c09012SAndroid Build Coastguard Worker  //
*d5c09012SAndroid Build Coastguard Worker  // Zonal clusters are also supported.
*d5c09012SAndroid Build Coastguard Worker  string resource_link = 1 [(google.api.field_behavior) = IMMUTABLE];
*d5c09012SAndroid Build Coastguard Worker
*d5c09012SAndroid Build Coastguard Worker  // Output only. If cluster_missing is set then it denotes that the GKE cluster
*d5c09012SAndroid Build Coastguard Worker  // no longer exists in the GKE Control Plane.
*d5c09012SAndroid Build Coastguard Worker  bool cluster_missing = 2 [(google.api.field_behavior) = OUTPUT_ONLY];
*d5c09012SAndroid Build Coastguard Worker}
*d5c09012SAndroid Build Coastguard Worker
*d5c09012SAndroid Build Coastguard Worker// KubernetesMetadata provides informational metadata for Memberships
*d5c09012SAndroid Build Coastguard Worker// representing Kubernetes clusters.
*d5c09012SAndroid Build Coastguard Workermessage KubernetesMetadata {
*d5c09012SAndroid Build Coastguard Worker  // Output only. Kubernetes API server version string as reported by
*d5c09012SAndroid Build Coastguard Worker  // `/version`.
*d5c09012SAndroid Build Coastguard Worker  string kubernetes_api_server_version = 1
*d5c09012SAndroid Build Coastguard Worker      [(google.api.field_behavior) = OUTPUT_ONLY];
*d5c09012SAndroid Build Coastguard Worker
*d5c09012SAndroid Build Coastguard Worker  // Output only. Node providerID as reported by the first node in the list of
*d5c09012SAndroid Build Coastguard Worker  // nodes on the Kubernetes endpoint. On Kubernetes platforms that support
*d5c09012SAndroid Build Coastguard Worker  // zero-node clusters (like GKE-on-GCP), the node_count will be zero and the
*d5c09012SAndroid Build Coastguard Worker  // node_provider_id will be empty.
*d5c09012SAndroid Build Coastguard Worker  string node_provider_id = 2 [(google.api.field_behavior) = OUTPUT_ONLY];
*d5c09012SAndroid Build Coastguard Worker
*d5c09012SAndroid Build Coastguard Worker  // Output only. Node count as reported by Kubernetes nodes resources.
*d5c09012SAndroid Build Coastguard Worker  int32 node_count = 3 [(google.api.field_behavior) = OUTPUT_ONLY];
*d5c09012SAndroid Build Coastguard Worker
*d5c09012SAndroid Build Coastguard Worker  // Output only. vCPU count as reported by Kubernetes nodes resources.
*d5c09012SAndroid Build Coastguard Worker  int32 vcpu_count = 4 [(google.api.field_behavior) = OUTPUT_ONLY];
*d5c09012SAndroid Build Coastguard Worker
*d5c09012SAndroid Build Coastguard Worker  // Output only. The total memory capacity as reported by the sum of all
*d5c09012SAndroid Build Coastguard Worker  // Kubernetes nodes resources, defined in MB.
*d5c09012SAndroid Build Coastguard Worker  int32 memory_mb = 5 [(google.api.field_behavior) = OUTPUT_ONLY];
*d5c09012SAndroid Build Coastguard Worker
*d5c09012SAndroid Build Coastguard Worker  // Output only. The time at which these details were last updated. This
*d5c09012SAndroid Build Coastguard Worker  // update_time is different from the Membership-level update_time since
*d5c09012SAndroid Build Coastguard Worker  // EndpointDetails are updated internally for API consumers.
*d5c09012SAndroid Build Coastguard Worker  google.protobuf.Timestamp update_time = 100
*d5c09012SAndroid Build Coastguard Worker      [(google.api.field_behavior) = OUTPUT_ONLY];
*d5c09012SAndroid Build Coastguard Worker}
*d5c09012SAndroid Build Coastguard Worker
*d5c09012SAndroid Build Coastguard Worker// This field informs Fleet-based applications/services/UIs with the necessary
*d5c09012SAndroid Build Coastguard Worker// information for where each underlying Cluster reports its metrics.
*d5c09012SAndroid Build Coastguard Workermessage MonitoringConfig {
*d5c09012SAndroid Build Coastguard Worker  // Immutable. Project used to report Metrics
*d5c09012SAndroid Build Coastguard Worker  string project_id = 1 [(google.api.field_behavior) = IMMUTABLE];
*d5c09012SAndroid Build Coastguard Worker
*d5c09012SAndroid Build Coastguard Worker  // Immutable. Location used to report Metrics
*d5c09012SAndroid Build Coastguard Worker  string location = 2 [(google.api.field_behavior) = IMMUTABLE];
*d5c09012SAndroid Build Coastguard Worker
*d5c09012SAndroid Build Coastguard Worker  // Immutable. Cluster name used to report metrics.
*d5c09012SAndroid Build Coastguard Worker  // For Anthos on VMWare/Baremetal, it would be in format
*d5c09012SAndroid Build Coastguard Worker  // `memberClusters/cluster_name`; And for Anthos on MultiCloud, it would be in
*d5c09012SAndroid Build Coastguard Worker  // format
*d5c09012SAndroid Build Coastguard Worker  // `{azureClusters, awsClusters}/cluster_name`.
*d5c09012SAndroid Build Coastguard Worker  string cluster = 3 [(google.api.field_behavior) = IMMUTABLE];
*d5c09012SAndroid Build Coastguard Worker
*d5c09012SAndroid Build Coastguard Worker  // Kubernetes system metrics, if available, are written to this prefix.
*d5c09012SAndroid Build Coastguard Worker  // This defaults to kubernetes.io for GKE, and kubernetes.io/anthos for Anthos
*d5c09012SAndroid Build Coastguard Worker  // eventually. Noted: Anthos MultiCloud will have kubernetes.io prefix today
*d5c09012SAndroid Build Coastguard Worker  // but will migration to be under kubernetes.io/anthos
*d5c09012SAndroid Build Coastguard Worker  string kubernetes_metrics_prefix = 4;
*d5c09012SAndroid Build Coastguard Worker
*d5c09012SAndroid Build Coastguard Worker  // Immutable. Cluster hash, this is a unique string generated by google code,
*d5c09012SAndroid Build Coastguard Worker  // which does not contain any PII, which we can use to reference the cluster.
*d5c09012SAndroid Build Coastguard Worker  // This is expected to be created by the monitoring stack and persisted into
*d5c09012SAndroid Build Coastguard Worker  // the Cluster object as well as to GKE-Hub.
*d5c09012SAndroid Build Coastguard Worker  string cluster_hash = 5 [(google.api.field_behavior) = IMMUTABLE];
*d5c09012SAndroid Build Coastguard Worker}
*d5c09012SAndroid Build Coastguard Worker
*d5c09012SAndroid Build Coastguard Worker// MembershipState describes the state of a Membership resource.
*d5c09012SAndroid Build Coastguard Workermessage MembershipState {
*d5c09012SAndroid Build Coastguard Worker  // Code describes the state of a Membership resource.
*d5c09012SAndroid Build Coastguard Worker  enum Code {
*d5c09012SAndroid Build Coastguard Worker    // The code is not set.
*d5c09012SAndroid Build Coastguard Worker    CODE_UNSPECIFIED = 0;
*d5c09012SAndroid Build Coastguard Worker
*d5c09012SAndroid Build Coastguard Worker    // The cluster is being registered.
*d5c09012SAndroid Build Coastguard Worker    CREATING = 1;
*d5c09012SAndroid Build Coastguard Worker
*d5c09012SAndroid Build Coastguard Worker    // The cluster is registered.
*d5c09012SAndroid Build Coastguard Worker    READY = 2;
*d5c09012SAndroid Build Coastguard Worker
*d5c09012SAndroid Build Coastguard Worker    // The cluster is being unregistered.
*d5c09012SAndroid Build Coastguard Worker    DELETING = 3;
*d5c09012SAndroid Build Coastguard Worker
*d5c09012SAndroid Build Coastguard Worker    // The Membership is being updated.
*d5c09012SAndroid Build Coastguard Worker    UPDATING = 4;
*d5c09012SAndroid Build Coastguard Worker
*d5c09012SAndroid Build Coastguard Worker    // The Membership is being updated by the Hub Service.
*d5c09012SAndroid Build Coastguard Worker    SERVICE_UPDATING = 5;
*d5c09012SAndroid Build Coastguard Worker  }
*d5c09012SAndroid Build Coastguard Worker
*d5c09012SAndroid Build Coastguard Worker  // Output only. The current state of the Membership resource.
*d5c09012SAndroid Build Coastguard Worker  Code code = 1 [(google.api.field_behavior) = OUTPUT_ONLY];
*d5c09012SAndroid Build Coastguard Worker}
*d5c09012SAndroid Build Coastguard Worker
*d5c09012SAndroid Build Coastguard Worker// Authority encodes how Google will recognize identities from this Membership.
*d5c09012SAndroid Build Coastguard Worker// See the workload identity documentation for more details:
*d5c09012SAndroid Build Coastguard Worker// https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity
*d5c09012SAndroid Build Coastguard Workermessage Authority {
*d5c09012SAndroid Build Coastguard Worker  // Optional. A JSON Web Token (JWT) issuer URI. `issuer` must start with
*d5c09012SAndroid Build Coastguard Worker  // `https://` and be a valid URL with length <2000 characters.
*d5c09012SAndroid Build Coastguard Worker  //
*d5c09012SAndroid Build Coastguard Worker  // If set, then Google will allow valid OIDC tokens from this issuer to
*d5c09012SAndroid Build Coastguard Worker  // authenticate within the workload_identity_pool. OIDC discovery will be
*d5c09012SAndroid Build Coastguard Worker  // performed on this URI to validate tokens from the issuer.
*d5c09012SAndroid Build Coastguard Worker  //
*d5c09012SAndroid Build Coastguard Worker  // Clearing `issuer` disables Workload Identity. `issuer` cannot be directly
*d5c09012SAndroid Build Coastguard Worker  // modified; it must be cleared (and Workload Identity disabled) before using
*d5c09012SAndroid Build Coastguard Worker  // a new issuer (and re-enabling Workload Identity).
*d5c09012SAndroid Build Coastguard Worker  string issuer = 1 [(google.api.field_behavior) = OPTIONAL];
*d5c09012SAndroid Build Coastguard Worker
*d5c09012SAndroid Build Coastguard Worker  // Output only. The name of the workload identity pool in which `issuer` will
*d5c09012SAndroid Build Coastguard Worker  // be recognized.
*d5c09012SAndroid Build Coastguard Worker  //
*d5c09012SAndroid Build Coastguard Worker  // There is a single Workload Identity Pool per Hub that is shared
*d5c09012SAndroid Build Coastguard Worker  // between all Memberships that belong to that Hub. For a Hub hosted in
*d5c09012SAndroid Build Coastguard Worker  // {PROJECT_ID}, the workload pool format is `{PROJECT_ID}.hub.id.goog`,
*d5c09012SAndroid Build Coastguard Worker  // although this is subject to change in newer versions of this API.
*d5c09012SAndroid Build Coastguard Worker  string workload_identity_pool = 2 [(google.api.field_behavior) = OUTPUT_ONLY];
*d5c09012SAndroid Build Coastguard Worker
*d5c09012SAndroid Build Coastguard Worker  // Output only. An identity provider that reflects the `issuer` in the
*d5c09012SAndroid Build Coastguard Worker  // workload identity pool.
*d5c09012SAndroid Build Coastguard Worker  string identity_provider = 3 [(google.api.field_behavior) = OUTPUT_ONLY];
*d5c09012SAndroid Build Coastguard Worker
*d5c09012SAndroid Build Coastguard Worker  // Optional. OIDC verification keys for this Membership in JWKS format (RFC
*d5c09012SAndroid Build Coastguard Worker  // 7517).
*d5c09012SAndroid Build Coastguard Worker  //
*d5c09012SAndroid Build Coastguard Worker  // When this field is set, OIDC discovery will NOT be performed on `issuer`,
*d5c09012SAndroid Build Coastguard Worker  // and instead OIDC tokens will be validated using this field.
*d5c09012SAndroid Build Coastguard Worker  bytes oidc_jwks = 4 [(google.api.field_behavior) = OPTIONAL];
*d5c09012SAndroid Build Coastguard Worker}