xref: /aosp_15_r20/external/googleapis/google/cloud/gkemulticloud/v1/common_resources.proto (revision d5c09012810ac0c9f33fe448fb6da8260d444cc9) 
1// Copyright 2023 Google LLC
2//
3// Licensed under the Apache License, Version 2.0 (the "License");
4// you may not use this file except in compliance with the License.
5// You may obtain a copy of the License at
6//
7//     http://www.apache.org/licenses/LICENSE-2.0
8//
9// Unless required by applicable law or agreed to in writing, software
10// distributed under the License is distributed on an "AS IS" BASIS,
11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12// See the License for the specific language governing permissions and
13// limitations under the License.
14
15syntax = "proto3";
16
17package google.cloud.gkemulticloud.v1;
18
19import "google/api/field_behavior.proto";
20import "google/protobuf/timestamp.proto";
21
22option csharp_namespace = "Google.Cloud.GkeMultiCloud.V1";
23option go_package = "cloud.google.com/go/gkemulticloud/apiv1/gkemulticloudpb;gkemulticloudpb";
24option java_multiple_files = true;
25option java_outer_classname = "CommonResourcesProto";
26option java_package = "com.google.cloud.gkemulticloud.v1";
27option php_namespace = "Google\\Cloud\\GkeMultiCloud\\V1";
28option ruby_package = "Google::Cloud::GkeMultiCloud::V1";
29
30// Jwk is a JSON Web Key as specified in RFC 7517.
31message Jwk {
32  // Key Type.
33  string kty = 1;
34
35  // Algorithm.
36  string alg = 2;
37
38  // Permitted uses for the public keys.
39  string use = 3;
40
41  // Key ID.
42  string kid = 4;
43
44  // Used for RSA keys.
45  string n = 5;
46
47  // Used for RSA keys.
48  string e = 6;
49
50  // Used for ECDSA keys.
51  string x = 7;
52
53  // Used for ECDSA keys.
54  string y = 8;
55
56  // Used for ECDSA keys.
57  string crv = 9;
58}
59
60// Workload Identity settings.
61message WorkloadIdentityConfig {
62  // The OIDC issuer URL for this cluster.
63  string issuer_uri = 1;
64
65  // The Workload Identity Pool associated to the cluster.
66  string workload_pool = 2;
67
68  // The ID of the OIDC Identity Provider (IdP) associated to the Workload
69  // Identity Pool.
70  string identity_provider = 3;
71}
72
73// Constraints applied to pods.
74message MaxPodsConstraint {
75  // Required. The maximum number of pods to schedule on a single node.
76  int64 max_pods_per_node = 1 [(google.api.field_behavior) = REQUIRED];
77}
78
79// Metadata about a long-running operation.
80message OperationMetadata {
81  // Output only. The time at which this operation was created.
82  google.protobuf.Timestamp create_time = 1
83      [(google.api.field_behavior) = OUTPUT_ONLY];
84
85  // Output only. The time at which this operation was completed.
86  google.protobuf.Timestamp end_time = 2
87      [(google.api.field_behavior) = OUTPUT_ONLY];
88
89  // Output only. The name of the resource associated to this operation.
90  string target = 3 [(google.api.field_behavior) = OUTPUT_ONLY];
91
92  // Output only. Human-readable status of the operation, if any.
93  string status_detail = 4 [(google.api.field_behavior) = OUTPUT_ONLY];
94
95  // Output only. Human-readable status of any error that occurred during the
96  // operation.
97  string error_detail = 5 [(google.api.field_behavior) = OUTPUT_ONLY];
98
99  // Output only. The verb associated with the API method which triggered this
100  // operation. Possible values are "create", "delete", "update" and "import".
101  string verb = 7 [(google.api.field_behavior) = OUTPUT_ONLY];
102
103  // Output only. Identifies whether it has been requested cancellation
104  // for the operation. Operations that have successfully been cancelled
105  // have [Operation.error][] value with a
106  // [google.rpc.Status.code][google.rpc.Status.code] of 1, corresponding to
107  // `Code.CANCELLED`.
108  bool requested_cancellation = 6 [(google.api.field_behavior) = OUTPUT_ONLY];
109}
110
111// The taint content for the node taint.
112message NodeTaint {
113  // The taint effect.
114  enum Effect {
115    // Not set.
116    EFFECT_UNSPECIFIED = 0;
117
118    // Do not allow new pods to schedule onto the node unless they tolerate the
119    // taint, but allow all pods submitted to Kubelet without going through the
120    // scheduler to start, and allow all already-running pods to continue
121    // running. Enforced by the scheduler.
122    NO_SCHEDULE = 1;
123
124    // Like TaintEffectNoSchedule, but the scheduler tries not to schedule
125    // new pods onto the node, rather than prohibiting new pods from scheduling
126    // onto the node entirely. Enforced by the scheduler.
127    PREFER_NO_SCHEDULE = 2;
128
129    // Evict any already-running pods that do not tolerate the taint.
130    // Currently enforced by NodeController.
131    NO_EXECUTE = 3;
132  }
133
134  // Required. Key for the taint.
135  string key = 1 [(google.api.field_behavior) = REQUIRED];
136
137  // Required. Value for the taint.
138  string value = 2 [(google.api.field_behavior) = REQUIRED];
139
140  // Required. The taint effect.
141  Effect effect = 3 [(google.api.field_behavior) = REQUIRED];
142}
143
144// Fleet related configuration.
145//
146// Fleets are a Google Cloud concept for logically organizing clusters,
147// letting you use and manage multi-cluster capabilities and apply
148// consistent policies across your systems.
149//
150// See [Anthos
151// Fleets](https://cloud.google.com/anthos/multicluster-management/fleets) for
152// more details on Anthos multi-cluster capabilities using Fleets.
153message Fleet {
154  // Required. The name of the Fleet host project where this cluster will be
155  // registered.
156  //
157  // Project names are formatted as
158  // `projects/<project-number>`.
159  string project = 1 [(google.api.field_behavior) = REQUIRED];
160
161  // Output only. The name of the managed Hub Membership resource associated to
162  // this cluster.
163  //
164  // Membership names are formatted as
165  // `projects/<project-number>/locations/global/membership/<cluster-id>`.
166  string membership = 2 [(google.api.field_behavior) = OUTPUT_ONLY];
167}
168
169// Parameters that describe the Logging configuration in a cluster.
170message LoggingConfig {
171  // The configuration of the logging components;
172  LoggingComponentConfig component_config = 1;
173}
174
175// Parameters that describe the Logging component configuration in a cluster.
176message LoggingComponentConfig {
177  // The components of the logging configuration;
178  enum Component {
179    // No component is specified
180    COMPONENT_UNSPECIFIED = 0;
181
182    // This indicates that system logging components is enabled.
183    SYSTEM_COMPONENTS = 1;
184
185    // This indicates that user workload logging component is enabled.
186    WORKLOADS = 2;
187  }
188
189  // The components to be enabled.
190  repeated Component enable_components = 1;
191}
192
193// Parameters that describe the Monitoring configuration in a cluster.
194message MonitoringConfig {
195  // Enable Google Cloud Managed Service for Prometheus in the cluster.
196  ManagedPrometheusConfig managed_prometheus_config = 2;
197}
198
199// ManagedPrometheusConfig defines the configuration for
200// Google Cloud Managed Service for Prometheus.
201message ManagedPrometheusConfig {
202  // Enable Managed Collection.
203  bool enabled = 1;
204}
205
206// Configuration for Binary Authorization.
207message BinaryAuthorization {
208  // Binary Authorization mode of operation.
209  enum EvaluationMode {
210    // Default value
211    EVALUATION_MODE_UNSPECIFIED = 0;
212
213    // Disable BinaryAuthorization
214    DISABLED = 1;
215
216    // Enforce Kubernetes admission requests with BinaryAuthorization using the
217    // project's singleton policy.
218    PROJECT_SINGLETON_POLICY_ENFORCE = 2;
219  }
220
221  // Mode of operation for binauthz policy evaluation. If unspecified, defaults
222  // to DISABLED.
223  EvaluationMode evaluation_mode = 1;
224}
225