1// Copyright 2023 Google LLC 2// 3// Licensed under the Apache License, Version 2.0 (the "License"); 4// you may not use this file except in compliance with the License. 5// You may obtain a copy of the License at 6// 7// http://www.apache.org/licenses/LICENSE-2.0 8// 9// Unless required by applicable law or agreed to in writing, software 10// distributed under the License is distributed on an "AS IS" BASIS, 11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12// See the License for the specific language governing permissions and 13// limitations under the License. 14 15syntax = "proto3"; 16 17package google.cloud.gkemulticloud.v1; 18 19import "google/api/field_behavior.proto"; 20import "google/api/resource.proto"; 21import "google/cloud/gkemulticloud/v1/common_resources.proto"; 22import "google/protobuf/timestamp.proto"; 23import "google/type/date.proto"; 24 25option csharp_namespace = "Google.Cloud.GkeMultiCloud.V1"; 26option go_package = "cloud.google.com/go/gkemulticloud/apiv1/gkemulticloudpb;gkemulticloudpb"; 27option java_multiple_files = true; 28option java_outer_classname = "AzureResourcesProto"; 29option java_package = "com.google.cloud.gkemulticloud.v1"; 30option php_namespace = "Google\\Cloud\\GkeMultiCloud\\V1"; 31option ruby_package = "Google::Cloud::GkeMultiCloud::V1"; 32 33// An Anthos cluster running on Azure. 34message AzureCluster { 35 option (google.api.resource) = { 36 type: "gkemulticloud.googleapis.com/AzureCluster" 37 pattern: "projects/{project}/locations/{location}/azureClusters/{azure_cluster}" 38 }; 39 40 // The lifecycle state of the cluster. 41 enum State { 42 // Not set. 43 STATE_UNSPECIFIED = 0; 44 45 // The PROVISIONING state indicates the cluster is being created. 46 PROVISIONING = 1; 47 48 // The RUNNING state indicates the cluster has been created and is fully 49 // usable. 50 RUNNING = 2; 51 52 // The RECONCILING state indicates that some work is actively being done on 53 // the cluster, such as upgrading the control plane replicas. 54 RECONCILING = 3; 55 56 // The STOPPING state indicates the cluster is being deleted. 57 STOPPING = 4; 58 59 // The ERROR state indicates the cluster is in a broken unrecoverable 60 // state. 61 ERROR = 5; 62 63 // The DEGRADED state indicates the cluster requires user action to 64 // restore full functionality. 65 DEGRADED = 6; 66 } 67 68 // The name of this resource. 69 // 70 // Cluster names are formatted as 71 // `projects/<project-number>/locations/<region>/azureClusters/<cluster-id>`. 72 // 73 // See [Resource Names](https://cloud.google.com/apis/design/resource_names) 74 // for more details on Google Cloud Platform resource names. 75 string name = 1; 76 77 // Optional. A human readable description of this cluster. 78 // Cannot be longer than 255 UTF-8 encoded bytes. 79 string description = 2 [(google.api.field_behavior) = OPTIONAL]; 80 81 // Required. The Azure region where the cluster runs. 82 // 83 // Each Google Cloud region supports a subset of nearby Azure regions. 84 // You can call 85 // [GetAzureServerConfig][google.cloud.gkemulticloud.v1.AzureClusters.GetAzureServerConfig] 86 // to list all supported Azure regions within a given Google Cloud region. 87 string azure_region = 3 [(google.api.field_behavior) = REQUIRED]; 88 89 // Required. The ARM ID of the resource group where the cluster resources are 90 // deployed. For example: 91 // `/subscriptions/<subscription-id>/resourceGroups/<resource-group-name>` 92 string resource_group_id = 17 [(google.api.field_behavior) = REQUIRED]; 93 94 // Optional. Name of the 95 // [AzureClient][google.cloud.gkemulticloud.v1.AzureClient] that contains 96 // authentication configuration for how the Anthos Multi-Cloud API connects to 97 // Azure APIs. 98 // 99 // Either azure_client or azure_services_authentication should be provided. 100 // 101 // The `AzureClient` resource must reside on the same Google Cloud Platform 102 // project and region as the `AzureCluster`. 103 // 104 // `AzureClient` names are formatted as 105 // `projects/<project-number>/locations/<region>/azureClients/<client-id>`. 106 // 107 // See [Resource Names](https://cloud.google.com/apis/design/resource_names) 108 // for more details on Google Cloud resource names. 109 string azure_client = 16 [(google.api.field_behavior) = OPTIONAL]; 110 111 // Required. Cluster-wide networking configuration. 112 AzureClusterNetworking networking = 4 113 [(google.api.field_behavior) = REQUIRED]; 114 115 // Required. Configuration related to the cluster control plane. 116 AzureControlPlane control_plane = 5 [(google.api.field_behavior) = REQUIRED]; 117 118 // Required. Configuration related to the cluster RBAC settings. 119 AzureAuthorization authorization = 6 [(google.api.field_behavior) = REQUIRED]; 120 121 // Optional. Authentication configuration for management of Azure resources. 122 // 123 // Either azure_client or azure_services_authentication should be provided. 124 AzureServicesAuthentication azure_services_authentication = 22 125 [(google.api.field_behavior) = OPTIONAL]; 126 127 // Output only. The current state of the cluster. 128 State state = 7 [(google.api.field_behavior) = OUTPUT_ONLY]; 129 130 // Output only. The endpoint of the cluster's API server. 131 string endpoint = 8 [(google.api.field_behavior) = OUTPUT_ONLY]; 132 133 // Output only. A globally unique identifier for the cluster. 134 string uid = 9 [(google.api.field_behavior) = OUTPUT_ONLY]; 135 136 // Output only. If set, there are currently changes in flight to the cluster. 137 bool reconciling = 10 [(google.api.field_behavior) = OUTPUT_ONLY]; 138 139 // Output only. The time at which this cluster was created. 140 google.protobuf.Timestamp create_time = 11 141 [(google.api.field_behavior) = OUTPUT_ONLY]; 142 143 // Output only. The time at which this cluster was last updated. 144 google.protobuf.Timestamp update_time = 12 145 [(google.api.field_behavior) = OUTPUT_ONLY]; 146 147 // Allows clients to perform consistent read-modify-writes 148 // through optimistic concurrency control. 149 // 150 // Can be sent on update and delete requests to ensure the 151 // client has an up-to-date value before proceeding. 152 string etag = 13; 153 154 // Optional. Annotations on the cluster. 155 // 156 // This field has the same restrictions as Kubernetes annotations. 157 // The total size of all keys and values combined is limited to 256k. 158 // Keys can have 2 segments: prefix (optional) and name (required), 159 // separated by a slash (/). 160 // Prefix must be a DNS subdomain. 161 // Name must be 63 characters or less, begin and end with alphanumerics, 162 // with dashes (-), underscores (_), dots (.), and alphanumerics between. 163 map<string, string> annotations = 14 [(google.api.field_behavior) = OPTIONAL]; 164 165 // Output only. Workload Identity settings. 166 WorkloadIdentityConfig workload_identity_config = 18 167 [(google.api.field_behavior) = OUTPUT_ONLY]; 168 169 // Output only. PEM encoded x509 certificate of the cluster root of trust. 170 string cluster_ca_certificate = 19 171 [(google.api.field_behavior) = OUTPUT_ONLY]; 172 173 // Required. Fleet configuration. 174 Fleet fleet = 20 [(google.api.field_behavior) = REQUIRED]; 175 176 // Output only. Managed Azure resources for this cluster. 177 AzureClusterResources managed_resources = 21 178 [(google.api.field_behavior) = OUTPUT_ONLY]; 179 180 // Optional. Logging configuration for this cluster. 181 LoggingConfig logging_config = 23 [(google.api.field_behavior) = OPTIONAL]; 182 183 // Output only. A set of errors found in the cluster. 184 repeated AzureClusterError errors = 24 185 [(google.api.field_behavior) = OUTPUT_ONLY]; 186 187 // Optional. Monitoring configuration for this cluster. 188 MonitoringConfig monitoring_config = 25 189 [(google.api.field_behavior) = OPTIONAL]; 190} 191 192// ClusterNetworking contains cluster-wide networking configuration. 193message AzureClusterNetworking { 194 // Required. The Azure Resource Manager (ARM) ID of the VNet associated with 195 // your cluster. 196 // 197 // All components in the cluster (i.e. control plane and node pools) run on a 198 // single VNet. 199 // 200 // Example: 201 // `/subscriptions/<subscription-id>/resourceGroups/<resource-group-id>/providers/Microsoft.Network/virtualNetworks/<vnet-id>` 202 // 203 // This field cannot be changed after creation. 204 string virtual_network_id = 1 [(google.api.field_behavior) = REQUIRED]; 205 206 // Required. The IP address range of the pods in this cluster, in CIDR 207 // notation (e.g. `10.96.0.0/14`). 208 // 209 // All pods in the cluster get assigned a unique IPv4 address from these 210 // ranges. Only a single range is supported. 211 // 212 // This field cannot be changed after creation. 213 repeated string pod_address_cidr_blocks = 2 214 [(google.api.field_behavior) = REQUIRED]; 215 216 // Required. The IP address range for services in this cluster, in CIDR 217 // notation (e.g. `10.96.0.0/14`). 218 // 219 // All services in the cluster get assigned a unique IPv4 address from these 220 // ranges. Only a single range is supported. 221 // 222 // This field cannot be changed after creating a cluster. 223 repeated string service_address_cidr_blocks = 3 224 [(google.api.field_behavior) = REQUIRED]; 225 226 // Optional. The ARM ID of the subnet where Kubernetes private service type 227 // load balancers are deployed. When unspecified, it defaults to 228 // AzureControlPlane.subnet_id. 229 // 230 // Example: 231 // "/subscriptions/d00494d6-6f3c-4280-bbb2-899e163d1d30/resourceGroups/anthos_cluster_gkeust4/providers/Microsoft.Network/virtualNetworks/gke-vnet-gkeust4/subnets/subnetid456" 232 string service_load_balancer_subnet_id = 5 233 [(google.api.field_behavior) = OPTIONAL]; 234} 235 236// AzureControlPlane represents the control plane configurations. 237message AzureControlPlane { 238 // Required. The Kubernetes version to run on control plane replicas 239 // (e.g. `1.19.10-gke.1000`). 240 // 241 // You can list all supported versions on a given Google Cloud region by 242 // calling 243 // [GetAzureServerConfig][google.cloud.gkemulticloud.v1.AzureClusters.GetAzureServerConfig]. 244 string version = 1 [(google.api.field_behavior) = REQUIRED]; 245 246 // Optional. The ARM ID of the default subnet for the control plane. The 247 // control plane VMs are deployed in this subnet, unless 248 // `AzureControlPlane.replica_placements` is specified. This subnet will also 249 // be used as default for `AzureControlPlane.endpoint_subnet_id` if 250 // `AzureControlPlane.endpoint_subnet_id` is not specified. Similarly it will 251 // be used as default for 252 // `AzureClusterNetworking.service_load_balancer_subnet_id`. 253 // 254 // Example: 255 // `/subscriptions/<subscription-id>/resourceGroups/<resource-group-id>/providers/Microsoft.Network/virtualNetworks/<vnet-id>/subnets/default`. 256 string subnet_id = 2 [(google.api.field_behavior) = OPTIONAL]; 257 258 // Optional. The Azure VM size name. Example: `Standard_DS2_v2`. 259 // 260 // For available VM sizes, see 261 // https://docs.microsoft.com/en-us/azure/virtual-machines/vm-naming-conventions. 262 // 263 // When unspecified, it defaults to `Standard_DS2_v2`. 264 string vm_size = 3 [(google.api.field_behavior) = OPTIONAL]; 265 266 // Required. SSH configuration for how to access the underlying control plane 267 // machines. 268 AzureSshConfig ssh_config = 11 [(google.api.field_behavior) = REQUIRED]; 269 270 // Optional. Configuration related to the root volume provisioned for each 271 // control plane replica. 272 // 273 // When unspecified, it defaults to 32-GiB Azure Disk. 274 AzureDiskTemplate root_volume = 4 [(google.api.field_behavior) = OPTIONAL]; 275 276 // Optional. Configuration related to the main volume provisioned for each 277 // control plane replica. 278 // The main volume is in charge of storing all of the cluster's etcd state. 279 // 280 // When unspecified, it defaults to a 8-GiB Azure Disk. 281 AzureDiskTemplate main_volume = 5 [(google.api.field_behavior) = OPTIONAL]; 282 283 // Optional. Configuration related to application-layer secrets encryption. 284 AzureDatabaseEncryption database_encryption = 10 285 [(google.api.field_behavior) = OPTIONAL]; 286 287 // Optional. Proxy configuration for outbound HTTP(S) traffic. 288 AzureProxyConfig proxy_config = 12 [(google.api.field_behavior) = OPTIONAL]; 289 290 // Optional. Configuration related to vm config encryption. 291 AzureConfigEncryption config_encryption = 14 292 [(google.api.field_behavior) = OPTIONAL]; 293 294 // Optional. A set of tags to apply to all underlying control plane Azure 295 // resources. 296 map<string, string> tags = 7 [(google.api.field_behavior) = OPTIONAL]; 297 298 // Optional. Configuration for where to place the control plane replicas. 299 // 300 // Up to three replica placement instances can be specified. If 301 // replica_placements is set, the replica placement instances will be applied 302 // to the three control plane replicas as evenly as possible. 303 repeated ReplicaPlacement replica_placements = 13 304 [(google.api.field_behavior) = OPTIONAL]; 305 306 // Optional. The ARM ID of the subnet where the control plane load balancer is 307 // deployed. When unspecified, it defaults to AzureControlPlane.subnet_id. 308 // 309 // Example: 310 // "/subscriptions/d00494d6-6f3c-4280-bbb2-899e163d1d30/resourceGroups/anthos_cluster_gkeust4/providers/Microsoft.Network/virtualNetworks/gke-vnet-gkeust4/subnets/subnetid123" 311 string endpoint_subnet_id = 15 [(google.api.field_behavior) = OPTIONAL]; 312} 313 314// Configuration for the placement of a control plane replica. 315message ReplicaPlacement { 316 // Required. For a given replica, the ARM ID of the subnet where the control 317 // plane VM is deployed. Make sure it's a subnet under the virtual network in 318 // the cluster configuration. 319 string subnet_id = 1 [(google.api.field_behavior) = REQUIRED]; 320 321 // Required. For a given replica, the Azure availability zone where to 322 // provision the control plane VM and the ETCD disk. 323 string azure_availability_zone = 2 [(google.api.field_behavior) = REQUIRED]; 324} 325 326// Details of a proxy config stored in Azure Key Vault. 327message AzureProxyConfig { 328 // The ARM ID the of the resource group containing proxy keyvault. 329 // 330 // Resource group ids are formatted as 331 // `/subscriptions/<subscription-id>/resourceGroups/<resource-group-name>`. 332 string resource_group_id = 1; 333 334 // The URL the of the proxy setting secret with its version. 335 // 336 // The secret must be a JSON encoded proxy configuration 337 // as described in 338 // https://cloud.google.com/anthos/clusters/docs/multi-cloud/azure/how-to/use-a-proxy#create_a_proxy_configuration_file 339 // 340 // Secret ids are formatted as 341 // `https://<key-vault-name>.vault.azure.net/secrets/<secret-name>/<secret-version>`. 342 string secret_id = 2; 343} 344 345// Configuration related to application-layer secrets encryption. 346// 347// Anthos clusters on Azure encrypts your Kubernetes data at rest 348// in etcd using Azure Key Vault. 349message AzureDatabaseEncryption { 350 // Required. The ARM ID of the Azure Key Vault key to encrypt / decrypt data. 351 // 352 // For example: 353 // `/subscriptions/<subscription-id>/resourceGroups/<resource-group-id>/providers/Microsoft.KeyVault/vaults/<key-vault-id>/keys/<key-name>` 354 // Encryption will always take the latest version of the key and hence 355 // specific version is not supported. 356 string key_id = 3 [(google.api.field_behavior) = REQUIRED]; 357} 358 359// Configuration related to config data encryption. 360// 361// Azure VM bootstrap secret is envelope encrypted with the provided key vault 362// key. 363message AzureConfigEncryption { 364 // Required. The ARM ID of the Azure Key Vault key to encrypt / decrypt config 365 // data. 366 // 367 // For example: 368 // `/subscriptions/<subscription-id>/resourceGroups/<resource-group-id>/providers/Microsoft.KeyVault/vaults/<key-vault-id>/keys/<key-name>` 369 string key_id = 2 [(google.api.field_behavior) = REQUIRED]; 370 371 // Optional. RSA key of the Azure Key Vault public key to use for encrypting 372 // the data. 373 // 374 // This key must be formatted as a PEM-encoded SubjectPublicKeyInfo (RFC 5280) 375 // in ASN.1 DER form. The string must be comprised of a single PEM block of 376 // type "PUBLIC KEY". 377 string public_key = 3 [(google.api.field_behavior) = OPTIONAL]; 378} 379 380// Configuration for Azure Disks. 381message AzureDiskTemplate { 382 // Optional. The size of the disk, in GiBs. 383 // 384 // When unspecified, a default value is provided. See the specific reference 385 // in the parent resource. 386 int32 size_gib = 1 [(google.api.field_behavior) = OPTIONAL]; 387} 388 389// `AzureClient` resources hold client authentication information needed by the 390// Anthos Multi-Cloud API to manage Azure resources on your Azure subscription. 391// 392// When an [AzureCluster][google.cloud.gkemulticloud.v1.AzureCluster] is 393// created, an `AzureClient` resource needs to be provided and all operations on 394// Azure resources associated to that cluster will authenticate to Azure 395// services using the given client. 396// 397// `AzureClient` resources are immutable and cannot be modified upon creation. 398// 399// Each `AzureClient` resource is bound to a single Azure Active Directory 400// Application and tenant. 401message AzureClient { 402 option (google.api.resource) = { 403 type: "gkemulticloud.googleapis.com/AzureClient" 404 pattern: "projects/{project}/locations/{location}/azureClients/{azure_client}" 405 }; 406 407 // The name of this resource. 408 // 409 // `AzureClient` resource names are formatted as 410 // `projects/<project-number>/locations/<region>/azureClients/<client-id>`. 411 // 412 // See [Resource Names](https://cloud.google.com/apis/design/resource_names) 413 // for more details on Google Cloud resource names. 414 string name = 1; 415 416 // Required. The Azure Active Directory Tenant ID. 417 string tenant_id = 2 [(google.api.field_behavior) = REQUIRED]; 418 419 // Required. The Azure Active Directory Application ID. 420 string application_id = 3 [(google.api.field_behavior) = REQUIRED]; 421 422 // Output only. If set, there are currently pending changes to the client. 423 bool reconciling = 9 [(google.api.field_behavior) = OUTPUT_ONLY]; 424 425 // Optional. Annotations on the resource. 426 // 427 // This field has the same restrictions as Kubernetes annotations. 428 // The total size of all keys and values combined is limited to 256k. 429 // Keys can have 2 segments: prefix (optional) and name (required), 430 // separated by a slash (/). 431 // Prefix must be a DNS subdomain. 432 // Name must be 63 characters or less, begin and end with alphanumerics, 433 // with dashes (-), underscores (_), dots (.), and alphanumerics between. 434 map<string, string> annotations = 8 [(google.api.field_behavior) = OPTIONAL]; 435 436 // Output only. The PEM encoded x509 certificate. 437 string pem_certificate = 7 [(google.api.field_behavior) = OUTPUT_ONLY]; 438 439 // Output only. A globally unique identifier for the client. 440 string uid = 5 [(google.api.field_behavior) = OUTPUT_ONLY]; 441 442 // Output only. The time at which this resource was created. 443 google.protobuf.Timestamp create_time = 6 444 [(google.api.field_behavior) = OUTPUT_ONLY]; 445 446 // Output only. The time at which this client was last updated. 447 google.protobuf.Timestamp update_time = 10 448 [(google.api.field_behavior) = OUTPUT_ONLY]; 449} 450 451// Configuration related to the cluster RBAC settings. 452message AzureAuthorization { 453 // Optional. Users that can perform operations as a cluster admin. A managed 454 // ClusterRoleBinding will be created to grant the `cluster-admin` ClusterRole 455 // to the users. Up to ten admin users can be provided. 456 // 457 // For more info on RBAC, see 458 // https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles 459 repeated AzureClusterUser admin_users = 1 460 [(google.api.field_behavior) = OPTIONAL]; 461 462 // Optional. Groups of users that can perform operations as a cluster admin. A 463 // managed ClusterRoleBinding will be created to grant the `cluster-admin` 464 // ClusterRole to the groups. Up to ten admin groups can be provided. 465 // 466 // For more info on RBAC, see 467 // https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles 468 repeated AzureClusterGroup admin_groups = 2 469 [(google.api.field_behavior) = OPTIONAL]; 470} 471 472// Authentication configuration for the management of Azure resources. 473message AzureServicesAuthentication { 474 // Required. The Azure Active Directory Tenant ID. 475 string tenant_id = 1 [(google.api.field_behavior) = REQUIRED]; 476 477 // Required. The Azure Active Directory Application ID. 478 string application_id = 2 [(google.api.field_behavior) = REQUIRED]; 479} 480 481// Identities of a user-type subject for Azure clusters. 482message AzureClusterUser { 483 // Required. The name of the user, e.g. `[email protected]`. 484 string username = 1 [(google.api.field_behavior) = REQUIRED]; 485} 486 487// Identities of a group-type subject for Azure clusters. 488message AzureClusterGroup { 489 // Required. The name of the group, e.g. `[email protected]`. 490 string group = 1 [(google.api.field_behavior) = REQUIRED]; 491} 492 493// An Anthos node pool running on Azure. 494message AzureNodePool { 495 option (google.api.resource) = { 496 type: "gkemulticloud.googleapis.com/AzureNodePool" 497 pattern: "projects/{project}/locations/{location}/azureClusters/{azure_cluster}/azureNodePools/{azure_node_pool}" 498 }; 499 500 // The lifecycle state of the node pool. 501 enum State { 502 // Not set. 503 STATE_UNSPECIFIED = 0; 504 505 // The PROVISIONING state indicates the node pool is being created. 506 PROVISIONING = 1; 507 508 // The RUNNING state indicates the node pool has been created and is fully 509 // usable. 510 RUNNING = 2; 511 512 // The RECONCILING state indicates that the node pool is being reconciled. 513 RECONCILING = 3; 514 515 // The STOPPING state indicates the node pool is being deleted. 516 STOPPING = 4; 517 518 // The ERROR state indicates the node pool is in a broken unrecoverable 519 // state. 520 ERROR = 5; 521 522 // The DEGRADED state indicates the node pool requires user action to 523 // restore full functionality. 524 DEGRADED = 6; 525 } 526 527 // The name of this resource. 528 // 529 // Node pool names are formatted as 530 // `projects/<project-number>/locations/<region>/azureClusters/<cluster-id>/azureNodePools/<node-pool-id>`. 531 // 532 // For more details on Google Cloud resource names, 533 // see [Resource Names](https://cloud.google.com/apis/design/resource_names) 534 string name = 1; 535 536 // Required. The Kubernetes version (e.g. `1.19.10-gke.1000`) running on this 537 // node pool. 538 string version = 2 [(google.api.field_behavior) = REQUIRED]; 539 540 // Required. The node configuration of the node pool. 541 AzureNodeConfig config = 22 [(google.api.field_behavior) = REQUIRED]; 542 543 // Required. The ARM ID of the subnet where the node pool VMs run. Make sure 544 // it's a subnet under the virtual network in the cluster configuration. 545 string subnet_id = 3 [(google.api.field_behavior) = REQUIRED]; 546 547 // Required. Autoscaler configuration for this node pool. 548 AzureNodePoolAutoscaling autoscaling = 4 549 [(google.api.field_behavior) = REQUIRED]; 550 551 // Output only. The current state of the node pool. 552 State state = 6 [(google.api.field_behavior) = OUTPUT_ONLY]; 553 554 // Output only. A globally unique identifier for the node pool. 555 string uid = 8 [(google.api.field_behavior) = OUTPUT_ONLY]; 556 557 // Output only. If set, there are currently pending changes to the node 558 // pool. 559 bool reconciling = 9 [(google.api.field_behavior) = OUTPUT_ONLY]; 560 561 // Output only. The time at which this node pool was created. 562 google.protobuf.Timestamp create_time = 10 563 [(google.api.field_behavior) = OUTPUT_ONLY]; 564 565 // Output only. The time at which this node pool was last updated. 566 google.protobuf.Timestamp update_time = 11 567 [(google.api.field_behavior) = OUTPUT_ONLY]; 568 569 // Allows clients to perform consistent read-modify-writes 570 // through optimistic concurrency control. 571 // 572 // Can be sent on update and delete requests to ensure the 573 // client has an up-to-date value before proceeding. 574 string etag = 12; 575 576 // Optional. Annotations on the node pool. 577 // 578 // This field has the same restrictions as Kubernetes annotations. 579 // The total size of all keys and values combined is limited to 256k. 580 // Keys can have 2 segments: prefix (optional) and name (required), 581 // separated by a slash (/). 582 // Prefix must be a DNS subdomain. 583 // Name must be 63 characters or less, begin and end with alphanumerics, 584 // with dashes (-), underscores (_), dots (.), and alphanumerics between. 585 map<string, string> annotations = 13 [(google.api.field_behavior) = OPTIONAL]; 586 587 // Required. The constraint on the maximum number of pods that can be run 588 // simultaneously on a node in the node pool. 589 MaxPodsConstraint max_pods_constraint = 21 590 [(google.api.field_behavior) = REQUIRED]; 591 592 // Optional. The Azure availability zone of the nodes in this nodepool. 593 // 594 // When unspecified, it defaults to `1`. 595 string azure_availability_zone = 23 [(google.api.field_behavior) = OPTIONAL]; 596 597 // Output only. A set of errors found in the node pool. 598 repeated AzureNodePoolError errors = 29 599 [(google.api.field_behavior) = OUTPUT_ONLY]; 600 601 // Optional. The Management configuration for this node pool. 602 AzureNodeManagement management = 30 [(google.api.field_behavior) = OPTIONAL]; 603} 604 605// AzureNodeManagement defines the set of node management features turned on for 606// an Azure node pool. 607message AzureNodeManagement { 608 // Optional. Whether or not the nodes will be automatically repaired. When set 609 // to true, the nodes in this node pool will be monitored and if they fail 610 // health checks consistently over a period of time, an automatic repair 611 // action will be triggered to replace them with new nodes. 612 bool auto_repair = 1 [(google.api.field_behavior) = OPTIONAL]; 613} 614 615// Parameters that describe the configuration of all node machines 616// on a given node pool. 617message AzureNodeConfig { 618 // Optional. The Azure VM size name. Example: `Standard_DS2_v2`. 619 // 620 // See [Supported VM 621 // sizes](/anthos/clusters/docs/azure/reference/supported-vms) for options. 622 // 623 // When unspecified, it defaults to `Standard_DS2_v2`. 624 string vm_size = 1 [(google.api.field_behavior) = OPTIONAL]; 625 626 // Optional. Configuration related to the root volume provisioned for each 627 // node pool machine. 628 // 629 // When unspecified, it defaults to a 32-GiB Azure Disk. 630 AzureDiskTemplate root_volume = 2 [(google.api.field_behavior) = OPTIONAL]; 631 632 // Optional. A set of tags to apply to all underlying Azure resources for this 633 // node pool. This currently only includes Virtual Machine Scale Sets. 634 // 635 // Specify at most 50 pairs containing alphanumerics, spaces, and symbols 636 // (.+-=_:@/). Keys can be up to 127 Unicode characters. Values can be up to 637 // 255 Unicode characters. 638 map<string, string> tags = 3 [(google.api.field_behavior) = OPTIONAL]; 639 640 // Optional. The OS image type to use on node pool instances. 641 // Can be unspecified, or have a value of `ubuntu`. 642 // 643 // When unspecified, it defaults to `ubuntu`. 644 string image_type = 8 [(google.api.field_behavior) = OPTIONAL]; 645 646 // Required. SSH configuration for how to access the node pool machines. 647 AzureSshConfig ssh_config = 7 [(google.api.field_behavior) = REQUIRED]; 648 649 // Optional. Proxy configuration for outbound HTTP(S) traffic. 650 AzureProxyConfig proxy_config = 9 [(google.api.field_behavior) = OPTIONAL]; 651 652 // Optional. Configuration related to vm config encryption. 653 AzureConfigEncryption config_encryption = 12 654 [(google.api.field_behavior) = OPTIONAL]; 655 656 // Optional. The initial taints assigned to nodes of this node pool. 657 repeated NodeTaint taints = 10 [(google.api.field_behavior) = OPTIONAL]; 658 659 // Optional. The initial labels assigned to nodes of this node pool. An object 660 // containing a list of "key": value pairs. Example: { "name": "wrench", 661 // "mass": "1.3kg", "count": "3" }. 662 map<string, string> labels = 11 [(google.api.field_behavior) = OPTIONAL]; 663} 664 665// Configuration related to Kubernetes cluster autoscaler. 666// 667// The Kubernetes cluster autoscaler will automatically adjust the 668// size of the node pool based on the cluster load. 669message AzureNodePoolAutoscaling { 670 // Required. Minimum number of nodes in the node pool. Must be greater than or 671 // equal to 1 and less than or equal to max_node_count. 672 int32 min_node_count = 1 [(google.api.field_behavior) = REQUIRED]; 673 674 // Required. Maximum number of nodes in the node pool. Must be greater than or 675 // equal to min_node_count and less than or equal to 50. 676 int32 max_node_count = 2 [(google.api.field_behavior) = REQUIRED]; 677} 678 679// AzureOpenIdConfig is an OIDC discovery document for the cluster. 680// See the OpenID Connect Discovery 1.0 specification for details. 681message AzureOpenIdConfig { 682 // OIDC Issuer. 683 string issuer = 1; 684 685 // JSON Web Key uri. 686 string jwks_uri = 2; 687 688 // Supported response types. 689 repeated string response_types_supported = 3; 690 691 // Supported subject types. 692 repeated string subject_types_supported = 4; 693 694 // supported ID Token signing Algorithms. 695 repeated string id_token_signing_alg_values_supported = 5; 696 697 // Supported claims. 698 repeated string claims_supported = 6; 699 700 // Supported grant types. 701 repeated string grant_types = 7; 702} 703 704// AzureJsonWebKeys is a valid JSON Web Key Set as specififed in RFC 7517. 705message AzureJsonWebKeys { 706 // The public component of the keys used by the cluster to sign token 707 // requests. 708 repeated Jwk keys = 1; 709} 710 711// AzureServerConfig contains information about a Google Cloud location, such as 712// supported Azure regions and Kubernetes versions. 713message AzureServerConfig { 714 option (google.api.resource) = { 715 type: "gkemulticloud.googleapis.com/AzureServerConfig" 716 pattern: "projects/{project}/locations/{location}/azureServerConfig" 717 }; 718 719 // The `AzureServerConfig` resource name. 720 // 721 // `AzureServerConfig` names are formatted as 722 // `projects/<project-number>/locations/<region>/azureServerConfig`. 723 // 724 // See [Resource Names](https://cloud.google.com/apis/design/resource_names) 725 // for more details on Google Cloud Platform resource names. 726 string name = 1; 727 728 // List of all released Kubernetes versions, including ones which are end of 729 // life and can no longer be used. Filter by the `enabled` 730 // property to limit to currently available versions. 731 // Valid versions supported for both create and update operations 732 repeated AzureK8sVersionInfo valid_versions = 2; 733 734 // The list of supported Azure regions. 735 repeated string supported_azure_regions = 3; 736} 737 738// Kubernetes version information of GKE cluster on Azure. 739message AzureK8sVersionInfo { 740 // Kubernetes version name (for example, `1.19.10-gke.1000`) 741 string version = 1; 742 743 // Optional. True if the version is available for cluster creation. If a 744 // version is enabled for creation, it can be used to create new clusters. 745 // Otherwise, cluster creation will fail. However, cluster upgrade operations 746 // may succeed, even if the version is not enabled. 747 bool enabled = 3 [(google.api.field_behavior) = OPTIONAL]; 748 749 // Optional. True if this cluster version belongs to a minor version that has 750 // reached its end of life and is no longer in scope to receive security and 751 // bug fixes. 752 bool end_of_life = 4 [(google.api.field_behavior) = OPTIONAL]; 753 754 // Optional. The estimated date (in Pacific Time) when this cluster version 755 // will reach its end of life. Or if this version is no longer supported (the 756 // `end_of_life` field is true), this is the actual date (in Pacific time) 757 // when the version reached its end of life. 758 google.type.Date end_of_life_date = 5 759 [(google.api.field_behavior) = OPTIONAL]; 760 761 // Optional. The date (in Pacific Time) when the cluster version was released. 762 google.type.Date release_date = 6 [(google.api.field_behavior) = OPTIONAL]; 763} 764 765// SSH configuration for Azure resources. 766message AzureSshConfig { 767 // Required. The SSH public key data for VMs managed by Anthos. This accepts 768 // the authorized_keys file format used in OpenSSH according to the sshd(8) 769 // manual page. 770 string authorized_key = 1 [(google.api.field_behavior) = REQUIRED]; 771} 772 773// Managed Azure resources for the cluster. 774// 775// The values could change and be empty, depending on the state of the cluster. 776message AzureClusterResources { 777 // Output only. The ARM ID of the cluster network security group. 778 string network_security_group_id = 1 779 [(google.api.field_behavior) = OUTPUT_ONLY]; 780 781 // Output only. The ARM ID of the control plane application security group. 782 string control_plane_application_security_group_id = 2 783 [(google.api.field_behavior) = OUTPUT_ONLY]; 784} 785 786// AzureClusterError describes errors found on Azure clusters. 787message AzureClusterError { 788 // Human-friendly description of the error. 789 string message = 1; 790} 791 792// AzureNodePoolError describes errors found on Azure node pools. 793message AzureNodePoolError { 794 // Human-friendly description of the error. 795 string message = 1; 796} 797