1// Copyright 2023 Google LLC 2// 3// Licensed under the Apache License, Version 2.0 (the "License"); 4// you may not use this file except in compliance with the License. 5// You may obtain a copy of the License at 6// 7// http://www.apache.org/licenses/LICENSE-2.0 8// 9// Unless required by applicable law or agreed to in writing, software 10// distributed under the License is distributed on an "AS IS" BASIS, 11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12// See the License for the specific language governing permissions and 13// limitations under the License. 14 15syntax = "proto3"; 16 17package google.container.v1; 18 19import "google/api/annotations.proto"; 20import "google/api/client.proto"; 21import "google/api/field_behavior.proto"; 22import "google/api/resource.proto"; 23import "google/protobuf/duration.proto"; 24import "google/protobuf/empty.proto"; 25import "google/protobuf/timestamp.proto"; 26import "google/protobuf/wrappers.proto"; 27import "google/rpc/code.proto"; 28import "google/rpc/status.proto"; 29 30option csharp_namespace = "Google.Cloud.Container.V1"; 31option go_package = "cloud.google.com/go/container/apiv1/containerpb;containerpb"; 32option java_multiple_files = true; 33option java_outer_classname = "ClusterServiceProto"; 34option java_package = "com.google.container.v1"; 35option php_namespace = "Google\\Cloud\\Container\\V1"; 36option ruby_package = "Google::Cloud::Container::V1"; 37option (google.api.resource_definition) = { 38 type: "pubsub.googleapis.com/Topic" 39 pattern: "projects/{project}/topics/{topic}" 40}; 41 42// Google Kubernetes Engine Cluster Manager v1 43service ClusterManager { 44 option (google.api.default_host) = "container.googleapis.com"; 45 option (google.api.oauth_scopes) = 46 "https://www.googleapis.com/auth/cloud-platform"; 47 48 // Lists all clusters owned by a project in either the specified zone or all 49 // zones. 50 rpc ListClusters(ListClustersRequest) returns (ListClustersResponse) { 51 option (google.api.http) = { 52 get: "/v1/{parent=projects/*/locations/*}/clusters" 53 additional_bindings { 54 get: "/v1/projects/{project_id}/zones/{zone}/clusters" 55 } 56 }; 57 option (google.api.method_signature) = "project_id,zone"; 58 option (google.api.method_signature) = "parent"; 59 } 60 61 // Gets the details of a specific cluster. 62 rpc GetCluster(GetClusterRequest) returns (Cluster) { 63 option (google.api.http) = { 64 get: "/v1/{name=projects/*/locations/*/clusters/*}" 65 additional_bindings { 66 get: "/v1/projects/{project_id}/zones/{zone}/clusters/{cluster_id}" 67 } 68 }; 69 option (google.api.method_signature) = "project_id,zone,cluster_id"; 70 option (google.api.method_signature) = "name"; 71 } 72 73 // Creates a cluster, consisting of the specified number and type of Google 74 // Compute Engine instances. 75 // 76 // By default, the cluster is created in the project's 77 // [default 78 // network](https://cloud.google.com/compute/docs/networks-and-firewalls#networks). 79 // 80 // One firewall is added for the cluster. After cluster creation, 81 // the Kubelet creates routes for each node to allow the containers 82 // on that node to communicate with all other instances in the 83 // cluster. 84 // 85 // Finally, an entry is added to the project's global metadata indicating 86 // which CIDR range the cluster is using. 87 rpc CreateCluster(CreateClusterRequest) returns (Operation) { 88 option (google.api.http) = { 89 post: "/v1/{parent=projects/*/locations/*}/clusters" 90 body: "*" 91 additional_bindings { 92 post: "/v1/projects/{project_id}/zones/{zone}/clusters" 93 body: "*" 94 } 95 }; 96 option (google.api.method_signature) = "project_id,zone,cluster"; 97 option (google.api.method_signature) = "parent,cluster"; 98 } 99 100 // Updates the settings of a specific cluster. 101 rpc UpdateCluster(UpdateClusterRequest) returns (Operation) { 102 option (google.api.http) = { 103 put: "/v1/{name=projects/*/locations/*/clusters/*}" 104 body: "*" 105 additional_bindings { 106 put: "/v1/projects/{project_id}/zones/{zone}/clusters/{cluster_id}" 107 body: "*" 108 } 109 }; 110 option (google.api.method_signature) = "project_id,zone,cluster_id,update"; 111 option (google.api.method_signature) = "name,update"; 112 } 113 114 // Updates the version and/or image type for the specified node pool. 115 rpc UpdateNodePool(UpdateNodePoolRequest) returns (Operation) { 116 option (google.api.http) = { 117 put: "/v1/{name=projects/*/locations/*/clusters/*/nodePools/*}" 118 body: "*" 119 additional_bindings { 120 post: "/v1/projects/{project_id}/zones/{zone}/clusters/{cluster_id}/nodePools/{node_pool_id}/update" 121 body: "*" 122 } 123 }; 124 } 125 126 // Sets the autoscaling settings for the specified node pool. 127 rpc SetNodePoolAutoscaling(SetNodePoolAutoscalingRequest) 128 returns (Operation) { 129 option (google.api.http) = { 130 post: "/v1/{name=projects/*/locations/*/clusters/*/nodePools/*}:setAutoscaling" 131 body: "*" 132 additional_bindings { 133 post: "/v1/projects/{project_id}/zones/{zone}/clusters/{cluster_id}/nodePools/{node_pool_id}/autoscaling" 134 body: "*" 135 } 136 }; 137 } 138 139 // Sets the logging service for a specific cluster. 140 rpc SetLoggingService(SetLoggingServiceRequest) returns (Operation) { 141 option (google.api.http) = { 142 post: "/v1/{name=projects/*/locations/*/clusters/*}:setLogging" 143 body: "*" 144 additional_bindings { 145 post: "/v1/projects/{project_id}/zones/{zone}/clusters/{cluster_id}/logging" 146 body: "*" 147 } 148 }; 149 option (google.api.method_signature) = 150 "project_id,zone,cluster_id,logging_service"; 151 option (google.api.method_signature) = "name,logging_service"; 152 } 153 154 // Sets the monitoring service for a specific cluster. 155 rpc SetMonitoringService(SetMonitoringServiceRequest) returns (Operation) { 156 option (google.api.http) = { 157 post: "/v1/{name=projects/*/locations/*/clusters/*}:setMonitoring" 158 body: "*" 159 additional_bindings { 160 post: "/v1/projects/{project_id}/zones/{zone}/clusters/{cluster_id}/monitoring" 161 body: "*" 162 } 163 }; 164 option (google.api.method_signature) = 165 "project_id,zone,cluster_id,monitoring_service"; 166 option (google.api.method_signature) = "name,monitoring_service"; 167 } 168 169 // Sets the addons for a specific cluster. 170 rpc SetAddonsConfig(SetAddonsConfigRequest) returns (Operation) { 171 option (google.api.http) = { 172 post: "/v1/{name=projects/*/locations/*/clusters/*}:setAddons" 173 body: "*" 174 additional_bindings { 175 post: "/v1/projects/{project_id}/zones/{zone}/clusters/{cluster_id}/addons" 176 body: "*" 177 } 178 }; 179 option (google.api.method_signature) = 180 "project_id,zone,cluster_id,addons_config"; 181 option (google.api.method_signature) = "name,addons_config"; 182 } 183 184 // Sets the locations for a specific cluster. 185 // Deprecated. Use 186 // [projects.locations.clusters.update](https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1/projects.locations.clusters/update) 187 // instead. 188 rpc SetLocations(SetLocationsRequest) returns (Operation) { 189 option deprecated = true; 190 option (google.api.http) = { 191 post: "/v1/{name=projects/*/locations/*/clusters/*}:setLocations" 192 body: "*" 193 additional_bindings { 194 post: "/v1/projects/{project_id}/zones/{zone}/clusters/{cluster_id}/locations" 195 body: "*" 196 } 197 }; 198 option (google.api.method_signature) = 199 "project_id,zone,cluster_id,locations"; 200 option (google.api.method_signature) = "name,locations"; 201 } 202 203 // Updates the master for a specific cluster. 204 rpc UpdateMaster(UpdateMasterRequest) returns (Operation) { 205 option (google.api.http) = { 206 post: "/v1/{name=projects/*/locations/*/clusters/*}:updateMaster" 207 body: "*" 208 additional_bindings { 209 post: "/v1/projects/{project_id}/zones/{zone}/clusters/{cluster_id}/master" 210 body: "*" 211 } 212 }; 213 option (google.api.method_signature) = 214 "project_id,zone,cluster_id,master_version"; 215 option (google.api.method_signature) = "name,master_version"; 216 } 217 218 // Sets master auth materials. Currently supports changing the admin password 219 // or a specific cluster, either via password generation or explicitly setting 220 // the password. 221 rpc SetMasterAuth(SetMasterAuthRequest) returns (Operation) { 222 option (google.api.http) = { 223 post: "/v1/{name=projects/*/locations/*/clusters/*}:setMasterAuth" 224 body: "*" 225 additional_bindings { 226 post: "/v1/projects/{project_id}/zones/{zone}/clusters/{cluster_id}:setMasterAuth" 227 body: "*" 228 } 229 }; 230 } 231 232 // Deletes the cluster, including the Kubernetes endpoint and all worker 233 // nodes. 234 // 235 // Firewalls and routes that were configured during cluster creation 236 // are also deleted. 237 // 238 // Other Google Compute Engine resources that might be in use by the cluster, 239 // such as load balancer resources, are not deleted if they weren't present 240 // when the cluster was initially created. 241 rpc DeleteCluster(DeleteClusterRequest) returns (Operation) { 242 option (google.api.http) = { 243 delete: "/v1/{name=projects/*/locations/*/clusters/*}" 244 additional_bindings { 245 delete: "/v1/projects/{project_id}/zones/{zone}/clusters/{cluster_id}" 246 } 247 }; 248 option (google.api.method_signature) = "project_id,zone,cluster_id"; 249 option (google.api.method_signature) = "name"; 250 } 251 252 // Lists all operations in a project in a specific zone or all zones. 253 rpc ListOperations(ListOperationsRequest) returns (ListOperationsResponse) { 254 option (google.api.http) = { 255 get: "/v1/{parent=projects/*/locations/*}/operations" 256 additional_bindings { 257 get: "/v1/projects/{project_id}/zones/{zone}/operations" 258 } 259 }; 260 option (google.api.method_signature) = "project_id,zone"; 261 } 262 263 // Gets the specified operation. 264 rpc GetOperation(GetOperationRequest) returns (Operation) { 265 option (google.api.http) = { 266 get: "/v1/{name=projects/*/locations/*/operations/*}" 267 additional_bindings { 268 get: "/v1/projects/{project_id}/zones/{zone}/operations/{operation_id}" 269 } 270 }; 271 option (google.api.method_signature) = "project_id,zone,operation_id"; 272 option (google.api.method_signature) = "name"; 273 } 274 275 // Cancels the specified operation. 276 rpc CancelOperation(CancelOperationRequest) returns (google.protobuf.Empty) { 277 option (google.api.http) = { 278 post: "/v1/{name=projects/*/locations/*/operations/*}:cancel" 279 body: "*" 280 additional_bindings { 281 post: "/v1/projects/{project_id}/zones/{zone}/operations/{operation_id}:cancel" 282 body: "*" 283 } 284 }; 285 option (google.api.method_signature) = "project_id,zone,operation_id"; 286 option (google.api.method_signature) = "name"; 287 } 288 289 // Returns configuration info about the Google Kubernetes Engine service. 290 rpc GetServerConfig(GetServerConfigRequest) returns (ServerConfig) { 291 option (google.api.http) = { 292 get: "/v1/{name=projects/*/locations/*}/serverConfig" 293 additional_bindings { 294 get: "/v1/projects/{project_id}/zones/{zone}/serverconfig" 295 } 296 }; 297 option (google.api.method_signature) = "project_id,zone"; 298 option (google.api.method_signature) = "name"; 299 } 300 301 // Gets the public component of the cluster signing keys in 302 // JSON Web Key format. 303 rpc GetJSONWebKeys(GetJSONWebKeysRequest) returns (GetJSONWebKeysResponse) { 304 option (google.api.http) = { 305 get: "/v1/{parent=projects/*/locations/*/clusters/*}/jwks" 306 }; 307 } 308 309 // Lists the node pools for a cluster. 310 rpc ListNodePools(ListNodePoolsRequest) returns (ListNodePoolsResponse) { 311 option (google.api.http) = { 312 get: "/v1/{parent=projects/*/locations/*/clusters/*}/nodePools" 313 additional_bindings { 314 get: "/v1/projects/{project_id}/zones/{zone}/clusters/{cluster_id}/nodePools" 315 } 316 }; 317 option (google.api.method_signature) = "project_id,zone,cluster_id"; 318 option (google.api.method_signature) = "parent"; 319 } 320 321 // Retrieves the requested node pool. 322 rpc GetNodePool(GetNodePoolRequest) returns (NodePool) { 323 option (google.api.http) = { 324 get: "/v1/{name=projects/*/locations/*/clusters/*/nodePools/*}" 325 additional_bindings { 326 get: "/v1/projects/{project_id}/zones/{zone}/clusters/{cluster_id}/nodePools/{node_pool_id}" 327 } 328 }; 329 option (google.api.method_signature) = 330 "project_id,zone,cluster_id,node_pool_id"; 331 option (google.api.method_signature) = "name"; 332 } 333 334 // Creates a node pool for a cluster. 335 rpc CreateNodePool(CreateNodePoolRequest) returns (Operation) { 336 option (google.api.http) = { 337 post: "/v1/{parent=projects/*/locations/*/clusters/*}/nodePools" 338 body: "*" 339 additional_bindings { 340 post: "/v1/projects/{project_id}/zones/{zone}/clusters/{cluster_id}/nodePools" 341 body: "*" 342 } 343 }; 344 option (google.api.method_signature) = 345 "project_id,zone,cluster_id,node_pool"; 346 option (google.api.method_signature) = "parent,node_pool"; 347 } 348 349 // Deletes a node pool from a cluster. 350 rpc DeleteNodePool(DeleteNodePoolRequest) returns (Operation) { 351 option (google.api.http) = { 352 delete: "/v1/{name=projects/*/locations/*/clusters/*/nodePools/*}" 353 additional_bindings { 354 delete: "/v1/projects/{project_id}/zones/{zone}/clusters/{cluster_id}/nodePools/{node_pool_id}" 355 } 356 }; 357 option (google.api.method_signature) = 358 "project_id,zone,cluster_id,node_pool_id"; 359 option (google.api.method_signature) = "name"; 360 } 361 362 // CompleteNodePoolUpgrade will signal an on-going node pool upgrade to 363 // complete. 364 rpc CompleteNodePoolUpgrade(CompleteNodePoolUpgradeRequest) 365 returns (google.protobuf.Empty) { 366 option (google.api.http) = { 367 post: "/v1/{name=projects/*/locations/*/clusters/*/nodePools/*}:completeUpgrade" 368 body: "*" 369 }; 370 } 371 372 // Rolls back a previously Aborted or Failed NodePool upgrade. 373 // This makes no changes if the last upgrade successfully completed. 374 rpc RollbackNodePoolUpgrade(RollbackNodePoolUpgradeRequest) 375 returns (Operation) { 376 option (google.api.http) = { 377 post: "/v1/{name=projects/*/locations/*/clusters/*/nodePools/*}:rollback" 378 body: "*" 379 additional_bindings { 380 post: "/v1/projects/{project_id}/zones/{zone}/clusters/{cluster_id}/nodePools/{node_pool_id}:rollback" 381 body: "*" 382 } 383 }; 384 option (google.api.method_signature) = 385 "project_id,zone,cluster_id,node_pool_id"; 386 option (google.api.method_signature) = "name"; 387 } 388 389 // Sets the NodeManagement options for a node pool. 390 rpc SetNodePoolManagement(SetNodePoolManagementRequest) returns (Operation) { 391 option (google.api.http) = { 392 post: "/v1/{name=projects/*/locations/*/clusters/*/nodePools/*}:setManagement" 393 body: "*" 394 additional_bindings { 395 post: "/v1/projects/{project_id}/zones/{zone}/clusters/{cluster_id}/nodePools/{node_pool_id}/setManagement" 396 body: "*" 397 } 398 }; 399 } 400 401 // Sets labels on a cluster. 402 rpc SetLabels(SetLabelsRequest) returns (Operation) { 403 option (google.api.http) = { 404 post: "/v1/{name=projects/*/locations/*/clusters/*}:setResourceLabels" 405 body: "*" 406 additional_bindings { 407 post: "/v1/projects/{project_id}/zones/{zone}/clusters/{cluster_id}/resourceLabels" 408 body: "*" 409 } 410 }; 411 } 412 413 // Enables or disables the ABAC authorization mechanism on a cluster. 414 rpc SetLegacyAbac(SetLegacyAbacRequest) returns (Operation) { 415 option (google.api.http) = { 416 post: "/v1/{name=projects/*/locations/*/clusters/*}:setLegacyAbac" 417 body: "*" 418 additional_bindings { 419 post: "/v1/projects/{project_id}/zones/{zone}/clusters/{cluster_id}/legacyAbac" 420 body: "*" 421 } 422 }; 423 option (google.api.method_signature) = "project_id,zone,cluster_id,enabled"; 424 option (google.api.method_signature) = "name,enabled"; 425 } 426 427 // Starts master IP rotation. 428 rpc StartIPRotation(StartIPRotationRequest) returns (Operation) { 429 option (google.api.http) = { 430 post: "/v1/{name=projects/*/locations/*/clusters/*}:startIpRotation" 431 body: "*" 432 additional_bindings { 433 post: "/v1/projects/{project_id}/zones/{zone}/clusters/{cluster_id}:startIpRotation" 434 body: "*" 435 } 436 }; 437 option (google.api.method_signature) = "project_id,zone,cluster_id"; 438 option (google.api.method_signature) = "name"; 439 } 440 441 // Completes master IP rotation. 442 rpc CompleteIPRotation(CompleteIPRotationRequest) returns (Operation) { 443 option (google.api.http) = { 444 post: "/v1/{name=projects/*/locations/*/clusters/*}:completeIpRotation" 445 body: "*" 446 additional_bindings { 447 post: "/v1/projects/{project_id}/zones/{zone}/clusters/{cluster_id}:completeIpRotation" 448 body: "*" 449 } 450 }; 451 option (google.api.method_signature) = "project_id,zone,cluster_id"; 452 option (google.api.method_signature) = "name"; 453 } 454 455 // Sets the size for a specific node pool. The new size will be used for all 456 // replicas, including future replicas created by modifying 457 // [NodePool.locations][google.container.v1.NodePool.locations]. 458 rpc SetNodePoolSize(SetNodePoolSizeRequest) returns (Operation) { 459 option (google.api.http) = { 460 post: "/v1/{name=projects/*/locations/*/clusters/*/nodePools/*}:setSize" 461 body: "*" 462 additional_bindings { 463 post: "/v1/projects/{project_id}/zones/{zone}/clusters/{cluster_id}/nodePools/{node_pool_id}/setSize" 464 body: "*" 465 } 466 }; 467 } 468 469 // Enables or disables Network Policy for a cluster. 470 rpc SetNetworkPolicy(SetNetworkPolicyRequest) returns (Operation) { 471 option (google.api.http) = { 472 post: "/v1/{name=projects/*/locations/*/clusters/*}:setNetworkPolicy" 473 body: "*" 474 additional_bindings { 475 post: "/v1/projects/{project_id}/zones/{zone}/clusters/{cluster_id}:setNetworkPolicy" 476 body: "*" 477 } 478 }; 479 option (google.api.method_signature) = 480 "project_id,zone,cluster_id,network_policy"; 481 option (google.api.method_signature) = "name,network_policy"; 482 } 483 484 // Sets the maintenance policy for a cluster. 485 rpc SetMaintenancePolicy(SetMaintenancePolicyRequest) returns (Operation) { 486 option (google.api.http) = { 487 post: "/v1/{name=projects/*/locations/*/clusters/*}:setMaintenancePolicy" 488 body: "*" 489 additional_bindings { 490 post: "/v1/projects/{project_id}/zones/{zone}/clusters/{cluster_id}:setMaintenancePolicy" 491 body: "*" 492 } 493 }; 494 option (google.api.method_signature) = 495 "project_id,zone,cluster_id,maintenance_policy"; 496 option (google.api.method_signature) = "name,maintenance_policy"; 497 } 498 499 // Lists subnetworks that are usable for creating clusters in a project. 500 rpc ListUsableSubnetworks(ListUsableSubnetworksRequest) 501 returns (ListUsableSubnetworksResponse) { 502 option (google.api.http) = { 503 get: "/v1/{parent=projects/*}/aggregated/usableSubnetworks" 504 }; 505 } 506 507 // Checks the cluster compatibility with Autopilot mode, and returns a list of 508 // compatibility issues. 509 rpc CheckAutopilotCompatibility(CheckAutopilotCompatibilityRequest) 510 returns (CheckAutopilotCompatibilityResponse) { 511 option (google.api.http) = { 512 get: "/v1/{name=projects/*/locations/*/clusters/*}:checkAutopilotCompatibility" 513 }; 514 } 515} 516 517// Parameters that can be configured on Linux nodes. 518message LinuxNodeConfig { 519 // Possible cgroup modes that can be used. 520 enum CgroupMode { 521 // CGROUP_MODE_UNSPECIFIED is when unspecified cgroup configuration is used. 522 // The default for the GKE node OS image will be used. 523 CGROUP_MODE_UNSPECIFIED = 0; 524 525 // CGROUP_MODE_V1 specifies to use cgroupv1 for the cgroup configuration on 526 // the node image. 527 CGROUP_MODE_V1 = 1; 528 529 // CGROUP_MODE_V2 specifies to use cgroupv2 for the cgroup configuration on 530 // the node image. 531 CGROUP_MODE_V2 = 2; 532 } 533 534 // The Linux kernel parameters to be applied to the nodes and all pods running 535 // on the nodes. 536 // 537 // The following parameters are supported. 538 // 539 // net.core.busy_poll 540 // net.core.busy_read 541 // net.core.netdev_max_backlog 542 // net.core.rmem_max 543 // net.core.wmem_default 544 // net.core.wmem_max 545 // net.core.optmem_max 546 // net.core.somaxconn 547 // net.ipv4.tcp_rmem 548 // net.ipv4.tcp_wmem 549 // net.ipv4.tcp_tw_reuse 550 map<string, string> sysctls = 1; 551 552 // cgroup_mode specifies the cgroup mode to be used on the node. 553 CgroupMode cgroup_mode = 2; 554} 555 556// Parameters that can be configured on Windows nodes. 557// Windows Node Config that define the parameters that will be used to 558// configure the Windows node pool settings 559message WindowsNodeConfig { 560 // Possible OS version that can be used. 561 enum OSVersion { 562 // When OSVersion is not specified 563 OS_VERSION_UNSPECIFIED = 0; 564 565 // LTSC2019 specifies to use LTSC2019 as the Windows Servercore Base Image 566 OS_VERSION_LTSC2019 = 1; 567 568 // LTSC2022 specifies to use LTSC2022 as the Windows Servercore Base Image 569 OS_VERSION_LTSC2022 = 2; 570 } 571 572 // OSVersion specifies the Windows node config to be used on the node 573 OSVersion os_version = 1; 574} 575 576// Node kubelet configs. 577message NodeKubeletConfig { 578 // Control the CPU management policy on the node. 579 // See 580 // https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/ 581 // 582 // The following values are allowed. 583 // * "none": the default, which represents the existing scheduling behavior. 584 // * "static": allows pods with certain resource characteristics to be granted 585 // increased CPU affinity and exclusivity on the node. 586 // The default value is 'none' if unspecified. 587 string cpu_manager_policy = 1; 588 589 // Enable CPU CFS quota enforcement for containers that specify CPU limits. 590 // 591 // This option is enabled by default which makes kubelet use CFS quota 592 // (https://www.kernel.org/doc/Documentation/scheduler/sched-bwc.txt) to 593 // enforce container CPU limits. Otherwise, CPU limits will not be enforced at 594 // all. 595 // 596 // Disable this option to mitigate CPU throttling problems while still having 597 // your pods to be in Guaranteed QoS class by specifying the CPU limits. 598 // 599 // The default value is 'true' if unspecified. 600 google.protobuf.BoolValue cpu_cfs_quota = 2; 601 602 // Set the CPU CFS quota period value 'cpu.cfs_period_us'. 603 // 604 // The string must be a sequence of decimal numbers, each with optional 605 // fraction and a unit suffix, such as "300ms". 606 // Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h". 607 // The value must be a positive duration. 608 string cpu_cfs_quota_period = 3; 609 610 // Set the Pod PID limits. See 611 // https://kubernetes.io/docs/concepts/policy/pid-limiting/#pod-pid-limits 612 // 613 // Controls the maximum number of processes allowed to run in a pod. The value 614 // must be greater than or equal to 1024 and less than 4194304. 615 int64 pod_pids_limit = 4; 616 617 // Enable or disable Kubelet read only port. 618 optional bool insecure_kubelet_readonly_port_enabled = 7; 619} 620 621// Parameters that describe the nodes in a cluster. 622// 623// GKE Autopilot clusters do not 624// recognize parameters in `NodeConfig`. Use 625// [AutoprovisioningNodePoolDefaults][google.container.v1.AutoprovisioningNodePoolDefaults] 626// instead. 627message NodeConfig { 628 // The name of a Google Compute Engine [machine 629 // type](https://cloud.google.com/compute/docs/machine-types) 630 // 631 // If unspecified, the default machine type is `e2-medium`. 632 string machine_type = 1; 633 634 // Size of the disk attached to each node, specified in GB. 635 // The smallest allowed disk size is 10GB. 636 // 637 // If unspecified, the default disk size is 100GB. 638 int32 disk_size_gb = 2; 639 640 // The set of Google API scopes to be made available on all of the 641 // node VMs under the "default" service account. 642 // 643 // The following scopes are recommended, but not required, and by default are 644 // not included: 645 // 646 // * `https://www.googleapis.com/auth/compute` is required for mounting 647 // persistent storage on your nodes. 648 // * `https://www.googleapis.com/auth/devstorage.read_only` is required for 649 // communicating with **gcr.io** 650 // (the [Google Container 651 // Registry](https://cloud.google.com/container-registry/)). 652 // 653 // If unspecified, no scopes are added, unless Cloud Logging or Cloud 654 // Monitoring are enabled, in which case their required scopes will be added. 655 repeated string oauth_scopes = 3; 656 657 // The Google Cloud Platform Service Account to be used by the node VMs. 658 // Specify the email address of the Service Account; otherwise, if no Service 659 // Account is specified, the "default" service account is used. 660 string service_account = 9; 661 662 // The metadata key/value pairs assigned to instances in the cluster. 663 // 664 // Keys must conform to the regexp `[a-zA-Z0-9-_]+` and be less than 128 bytes 665 // in length. These are reflected as part of a URL in the metadata server. 666 // Additionally, to avoid ambiguity, keys must not conflict with any other 667 // metadata keys for the project or be one of the reserved keys: 668 // 669 // - "cluster-location" 670 // - "cluster-name" 671 // - "cluster-uid" 672 // - "configure-sh" 673 // - "containerd-configure-sh" 674 // - "enable-os-login" 675 // - "gci-ensure-gke-docker" 676 // - "gci-metrics-enabled" 677 // - "gci-update-strategy" 678 // - "instance-template" 679 // - "kube-env" 680 // - "startup-script" 681 // - "user-data" 682 // - "disable-address-manager" 683 // - "windows-startup-script-ps1" 684 // - "common-psm1" 685 // - "k8s-node-setup-psm1" 686 // - "install-ssh-psm1" 687 // - "user-profile-psm1" 688 // 689 // Values are free-form strings, and only have meaning as interpreted by 690 // the image running in the instance. The only restriction placed on them is 691 // that each value's size must be less than or equal to 32 KB. 692 // 693 // The total size of all keys and values must be less than 512 KB. 694 map<string, string> metadata = 4; 695 696 // The image type to use for this node. Note that for a given image type, 697 // the latest version of it will be used. Please see 698 // https://cloud.google.com/kubernetes-engine/docs/concepts/node-images for 699 // available image types. 700 string image_type = 5; 701 702 // The map of Kubernetes labels (key/value pairs) to be applied to each node. 703 // These will added in addition to any default label(s) that 704 // Kubernetes may apply to the node. 705 // In case of conflict in label keys, the applied set may differ depending on 706 // the Kubernetes version -- it's best to assume the behavior is undefined 707 // and conflicts should be avoided. 708 // For more information, including usage and the valid values, see: 709 // https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ 710 map<string, string> labels = 6; 711 712 // The number of local SSD disks to be attached to the node. 713 // 714 // The limit for this value is dependent upon the maximum number of 715 // disks available on a machine per zone. See: 716 // https://cloud.google.com/compute/docs/disks/local-ssd 717 // for more information. 718 int32 local_ssd_count = 7; 719 720 // The list of instance tags applied to all nodes. Tags are used to identify 721 // valid sources or targets for network firewalls and are specified by 722 // the client during cluster or node pool creation. Each tag within the list 723 // must comply with RFC1035. 724 repeated string tags = 8; 725 726 // Whether the nodes are created as preemptible VM instances. See: 727 // https://cloud.google.com/compute/docs/instances/preemptible for more 728 // information about preemptible VM instances. 729 bool preemptible = 10; 730 731 // A list of hardware accelerators to be attached to each node. 732 // See https://cloud.google.com/compute/docs/gpus for more information about 733 // support for GPUs. 734 repeated AcceleratorConfig accelerators = 11; 735 736 // Type of the disk attached to each node (e.g. 'pd-standard', 'pd-ssd' or 737 // 'pd-balanced') 738 // 739 // If unspecified, the default disk type is 'pd-standard' 740 string disk_type = 12; 741 742 // Minimum CPU platform to be used by this instance. The instance may be 743 // scheduled on the specified or newer CPU platform. Applicable values are the 744 // friendly names of CPU platforms, such as 745 // `minCpuPlatform: "Intel Haswell"` or 746 // `minCpuPlatform: "Intel Sandy Bridge"`. For more 747 // information, read [how to specify min CPU 748 // platform](https://cloud.google.com/compute/docs/instances/specify-min-cpu-platform) 749 string min_cpu_platform = 13; 750 751 // The workload metadata configuration for this node. 752 WorkloadMetadataConfig workload_metadata_config = 14; 753 754 // List of kubernetes taints to be applied to each node. 755 // 756 // For more information, including usage and the valid values, see: 757 // https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ 758 repeated NodeTaint taints = 15; 759 760 // Sandbox configuration for this node. 761 SandboxConfig sandbox_config = 17; 762 763 // Setting this field will assign instances of this 764 // pool to run on the specified node group. This is useful for running 765 // workloads on [sole tenant 766 // nodes](https://cloud.google.com/compute/docs/nodes/sole-tenant-nodes). 767 string node_group = 18; 768 769 // The optional reservation affinity. Setting this field will apply 770 // the specified [Zonal Compute 771 // Reservation](https://cloud.google.com/compute/docs/instances/reserving-zonal-resources) 772 // to this node pool. 773 ReservationAffinity reservation_affinity = 19; 774 775 // Shielded Instance options. 776 ShieldedInstanceConfig shielded_instance_config = 20; 777 778 // Parameters that can be configured on Linux nodes. 779 LinuxNodeConfig linux_node_config = 21; 780 781 // Node kubelet configs. 782 NodeKubeletConfig kubelet_config = 22; 783 784 // 785 // The Customer Managed Encryption Key used to encrypt the boot disk attached 786 // to each node in the node pool. This should be of the form 787 // projects/[KEY_PROJECT_ID]/locations/[LOCATION]/keyRings/[RING_NAME]/cryptoKeys/[KEY_NAME]. 788 // For more information about protecting resources with Cloud KMS Keys please 789 // see: 790 // https://cloud.google.com/compute/docs/disks/customer-managed-encryption 791 string boot_disk_kms_key = 23; 792 793 // Google Container File System (image streaming) configs. 794 GcfsConfig gcfs_config = 25; 795 796 // Advanced features for the Compute Engine VM. 797 AdvancedMachineFeatures advanced_machine_features = 26; 798 799 // Enable or disable gvnic in the node pool. 800 VirtualNIC gvnic = 29; 801 802 // Spot flag for enabling Spot VM, which is a rebrand of 803 // the existing preemptible flag. 804 bool spot = 32; 805 806 // Confidential nodes config. 807 // All the nodes in the node pool will be Confidential VM once enabled. 808 ConfidentialNodes confidential_nodes = 35; 809 810 // Enable or disable NCCL fast socket for the node pool. 811 optional FastSocket fast_socket = 36; 812 813 // The resource labels for the node pool to use to annotate any related 814 // Google Compute Engine resources. 815 map<string, string> resource_labels = 37; 816 817 // Logging configuration. 818 NodePoolLoggingConfig logging_config = 38; 819 820 // Parameters that can be configured on Windows nodes. 821 WindowsNodeConfig windows_node_config = 39; 822 823 // Parameters for using raw-block Local NVMe SSDs. 824 LocalNvmeSsdBlockConfig local_nvme_ssd_block_config = 40; 825 826 // Parameters for the node ephemeral storage using Local SSDs. 827 // If unspecified, ephemeral storage is backed by the boot disk. 828 EphemeralStorageLocalSsdConfig ephemeral_storage_local_ssd_config = 41; 829 830 // Parameters for node pools to be backed by shared sole tenant node groups. 831 SoleTenantConfig sole_tenant_config = 42; 832 833 // A map of resource manager tag keys and values to be attached to the nodes. 834 ResourceManagerTags resource_manager_tags = 45; 835 836 // Optional. Reserved for future use. 837 bool enable_confidential_storage = 46 838 [(google.api.field_behavior) = OPTIONAL]; 839 840 // List of secondary boot disks attached to the nodes. 841 repeated SecondaryBootDisk secondary_boot_disks = 48; 842 843 // Secondary boot disk update strategy. 844 optional SecondaryBootDiskUpdateStrategy secondary_boot_disk_update_strategy = 845 50; 846} 847 848// Specifies options for controlling advanced machine features. 849message AdvancedMachineFeatures { 850 // The number of threads per physical core. To disable simultaneous 851 // multithreading (SMT) set this to 1. If unset, the maximum number of threads 852 // supported per core by the underlying processor is assumed. 853 optional int64 threads_per_core = 1; 854} 855 856// Parameters for node pool-level network config. 857message NodeNetworkConfig { 858 // Configuration of all network bandwidth tiers 859 message NetworkPerformanceConfig { 860 // Node network tier 861 enum Tier { 862 // Default value 863 TIER_UNSPECIFIED = 0; 864 865 // Higher bandwidth, actual values based on VM size. 866 TIER_1 = 1; 867 } 868 869 // Specifies the total network bandwidth tier for the NodePool. 870 optional Tier total_egress_bandwidth_tier = 1; 871 } 872 873 // Input only. Whether to create a new range for pod IPs in this node pool. 874 // Defaults are provided for `pod_range` and `pod_ipv4_cidr_block` if they 875 // are not specified. 876 // 877 // If neither `create_pod_range` or `pod_range` are specified, the 878 // cluster-level default (`ip_allocation_policy.cluster_ipv4_cidr_block`) is 879 // used. 880 // 881 // Only applicable if `ip_allocation_policy.use_ip_aliases` is true. 882 // 883 // This field cannot be changed after the node pool has been created. 884 bool create_pod_range = 4 [(google.api.field_behavior) = INPUT_ONLY]; 885 886 // The ID of the secondary range for pod IPs. 887 // If `create_pod_range` is true, this ID is used for the new range. 888 // If `create_pod_range` is false, uses an existing secondary range with this 889 // ID. 890 // 891 // Only applicable if `ip_allocation_policy.use_ip_aliases` is true. 892 // 893 // This field cannot be changed after the node pool has been created. 894 string pod_range = 5; 895 896 // The IP address range for pod IPs in this node pool. 897 // 898 // Only applicable if `create_pod_range` is true. 899 // 900 // Set to blank to have a range chosen with the default size. 901 // 902 // Set to /netmask (e.g. `/14`) to have a range chosen with a specific 903 // netmask. 904 // 905 // Set to a 906 // [CIDR](https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing) 907 // notation (e.g. `10.96.0.0/14`) to pick a specific range to use. 908 // 909 // Only applicable if `ip_allocation_policy.use_ip_aliases` is true. 910 // 911 // This field cannot be changed after the node pool has been created. 912 string pod_ipv4_cidr_block = 6; 913 914 // Whether nodes have internal IP addresses only. 915 // If enable_private_nodes is not specified, then the value is derived from 916 // [cluster.privateClusterConfig.enablePrivateNodes][google.container.v1beta1.PrivateClusterConfig.enablePrivateNodes] 917 optional bool enable_private_nodes = 9; 918 919 // Network bandwidth tier configuration. 920 optional NetworkPerformanceConfig network_performance_config = 11; 921 922 // [PRIVATE FIELD] 923 // Pod CIDR size overprovisioning config for the nodepool. 924 // 925 // Pod CIDR size per node depends on max_pods_per_node. By default, the value 926 // of max_pods_per_node is rounded off to next power of 2 and we then double 927 // that to get the size of pod CIDR block per node. 928 // Example: max_pods_per_node of 30 would result in 64 IPs (/26). 929 // 930 // This config can disable the doubling of IPs (we still round off to next 931 // power of 2) 932 // Example: max_pods_per_node of 30 will result in 32 IPs (/27) when 933 // overprovisioning is disabled. 934 PodCIDROverprovisionConfig pod_cidr_overprovision_config = 13; 935 936 // We specify the additional node networks for this node pool using this list. 937 // Each node network corresponds to an additional interface 938 repeated AdditionalNodeNetworkConfig additional_node_network_configs = 14; 939 940 // We specify the additional pod networks for this node pool using this list. 941 // Each pod network corresponds to an additional alias IP range for the node 942 repeated AdditionalPodNetworkConfig additional_pod_network_configs = 15; 943 944 // Output only. [Output only] The utilization of the IPv4 range for the pod. 945 // The ratio is Usage/[Total number of IPs in the secondary range], 946 // Usage=numNodes*numZones*podIPsPerNode. 947 double pod_ipv4_range_utilization = 16 948 [(google.api.field_behavior) = OUTPUT_ONLY]; 949} 950 951// AdditionalNodeNetworkConfig is the configuration for additional node networks 952// within the NodeNetworkConfig message 953message AdditionalNodeNetworkConfig { 954 // Name of the VPC where the additional interface belongs 955 string network = 1; 956 957 // Name of the subnetwork where the additional interface belongs 958 string subnetwork = 2; 959} 960 961// AdditionalPodNetworkConfig is the configuration for additional pod networks 962// within the NodeNetworkConfig message 963message AdditionalPodNetworkConfig { 964 // Name of the subnetwork where the additional pod network belongs 965 string subnetwork = 1; 966 967 // The name of the secondary range on the subnet which provides IP address for 968 // this pod range 969 string secondary_pod_range = 2; 970 971 // The maximum number of pods per node which use this pod network 972 optional MaxPodsConstraint max_pods_per_node = 3; 973} 974 975// A set of Shielded Instance options. 976message ShieldedInstanceConfig { 977 // Defines whether the instance has Secure Boot enabled. 978 // 979 // Secure Boot helps ensure that the system only runs authentic software by 980 // verifying the digital signature of all boot components, and halting the 981 // boot process if signature verification fails. 982 bool enable_secure_boot = 1; 983 984 // Defines whether the instance has integrity monitoring enabled. 985 // 986 // Enables monitoring and attestation of the boot integrity of the instance. 987 // The attestation is performed against the integrity policy baseline. This 988 // baseline is initially derived from the implicitly trusted boot image when 989 // the instance is created. 990 bool enable_integrity_monitoring = 2; 991} 992 993// SandboxConfig contains configurations of the sandbox to use for the node. 994message SandboxConfig { 995 // Possible types of sandboxes. 996 enum Type { 997 // Default value. This should not be used. 998 UNSPECIFIED = 0; 999 1000 // Run sandbox using gvisor. 1001 GVISOR = 1; 1002 } 1003 1004 // Type of the sandbox to use for the node. 1005 Type type = 2; 1006} 1007 1008// GcfsConfig contains configurations of Google Container File System 1009// (image streaming). 1010message GcfsConfig { 1011 // Whether to use GCFS. 1012 bool enabled = 1; 1013} 1014 1015// [ReservationAffinity](https://cloud.google.com/compute/docs/instances/reserving-zonal-resources) 1016// is the configuration of desired reservation which instances could take 1017// capacity from. 1018message ReservationAffinity { 1019 // Indicates whether to consume capacity from a reservation or not. 1020 enum Type { 1021 // Default value. This should not be used. 1022 UNSPECIFIED = 0; 1023 1024 // Do not consume from any reserved capacity. 1025 NO_RESERVATION = 1; 1026 1027 // Consume any reservation available. 1028 ANY_RESERVATION = 2; 1029 1030 // Must consume from a specific reservation. Must specify key value fields 1031 // for specifying the reservations. 1032 SPECIFIC_RESERVATION = 3; 1033 } 1034 1035 // Corresponds to the type of reservation consumption. 1036 Type consume_reservation_type = 1; 1037 1038 // Corresponds to the label key of a reservation resource. To target a 1039 // SPECIFIC_RESERVATION by name, specify 1040 // "compute.googleapis.com/reservation-name" as the key and specify the name 1041 // of your reservation as its value. 1042 string key = 2; 1043 1044 // Corresponds to the label value(s) of reservation resource(s). 1045 repeated string values = 3; 1046} 1047 1048// SoleTenantConfig contains the NodeAffinities to specify what shared sole 1049// tenant node groups should back the node pool. 1050message SoleTenantConfig { 1051 // Specifies the NodeAffinity key, values, and affinity operator according to 1052 // [shared sole tenant node group 1053 // affinities](https://cloud.google.com/compute/docs/nodes/sole-tenant-nodes#node_affinity_and_anti-affinity). 1054 message NodeAffinity { 1055 // Operator allows user to specify affinity or anti-affinity for the 1056 // given key values. 1057 enum Operator { 1058 // Invalid or unspecified affinity operator. 1059 OPERATOR_UNSPECIFIED = 0; 1060 1061 // Affinity operator. 1062 IN = 1; 1063 1064 // Anti-affinity operator. 1065 NOT_IN = 2; 1066 } 1067 1068 // Key for NodeAffinity. 1069 string key = 1; 1070 1071 // Operator for NodeAffinity. 1072 Operator operator = 2; 1073 1074 // Values for NodeAffinity. 1075 repeated string values = 3; 1076 } 1077 1078 // NodeAffinities used to match to a shared sole tenant node group. 1079 repeated NodeAffinity node_affinities = 1; 1080} 1081 1082// Kubernetes taint is composed of three fields: key, value, and effect. Effect 1083// can only be one of three types: NoSchedule, PreferNoSchedule or NoExecute. 1084// 1085// See 1086// [here](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration) 1087// for more information, including usage and the valid values. 1088message NodeTaint { 1089 // Possible values for Effect in taint. 1090 enum Effect { 1091 // Not set 1092 EFFECT_UNSPECIFIED = 0; 1093 1094 // NoSchedule 1095 NO_SCHEDULE = 1; 1096 1097 // PreferNoSchedule 1098 PREFER_NO_SCHEDULE = 2; 1099 1100 // NoExecute 1101 NO_EXECUTE = 3; 1102 } 1103 1104 // Key for taint. 1105 string key = 1; 1106 1107 // Value for taint. 1108 string value = 2; 1109 1110 // Effect for taint. 1111 Effect effect = 3; 1112} 1113 1114// Collection of Kubernetes [node 1115// taints](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration). 1116message NodeTaints { 1117 // List of node taints. 1118 repeated NodeTaint taints = 1; 1119} 1120 1121// Collection of node-level [Kubernetes 1122// labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels). 1123message NodeLabels { 1124 // Map of node label keys and node label values. 1125 map<string, string> labels = 1; 1126} 1127 1128// Collection of [GCP 1129// labels](https://cloud.google.com/resource-manager/docs/creating-managing-labels). 1130message ResourceLabels { 1131 // Map of node label keys and node label values. 1132 map<string, string> labels = 1; 1133} 1134 1135// Collection of Compute Engine network tags that can be applied to a node's 1136// underlying VM instance. 1137message NetworkTags { 1138 // List of network tags. 1139 repeated string tags = 1; 1140} 1141 1142// The authentication information for accessing the master endpoint. 1143// Authentication can be done using HTTP basic auth or using client 1144// certificates. 1145message MasterAuth { 1146 // The username to use for HTTP basic authentication to the master endpoint. 1147 // For clusters v1.6.0 and later, basic authentication can be disabled by 1148 // leaving username unspecified (or setting it to the empty string). 1149 // 1150 // Warning: basic authentication is deprecated, and will be removed in GKE 1151 // control plane versions 1.19 and newer. For a list of recommended 1152 // authentication methods, see: 1153 // https://cloud.google.com/kubernetes-engine/docs/how-to/api-server-authentication 1154 string username = 1 [deprecated = true]; 1155 1156 // The password to use for HTTP basic authentication to the master endpoint. 1157 // Because the master endpoint is open to the Internet, you should create a 1158 // strong password. If a password is provided for cluster creation, username 1159 // must be non-empty. 1160 // 1161 // Warning: basic authentication is deprecated, and will be removed in GKE 1162 // control plane versions 1.19 and newer. For a list of recommended 1163 // authentication methods, see: 1164 // https://cloud.google.com/kubernetes-engine/docs/how-to/api-server-authentication 1165 string password = 2 [deprecated = true]; 1166 1167 // Configuration for client certificate authentication on the cluster. For 1168 // clusters before v1.12, if no configuration is specified, a client 1169 // certificate is issued. 1170 ClientCertificateConfig client_certificate_config = 3; 1171 1172 // [Output only] Base64-encoded public certificate that is the root of 1173 // trust for the cluster. 1174 string cluster_ca_certificate = 100; 1175 1176 // [Output only] Base64-encoded public certificate used by clients to 1177 // authenticate to the cluster endpoint. 1178 string client_certificate = 101; 1179 1180 // [Output only] Base64-encoded private key used by clients to authenticate 1181 // to the cluster endpoint. 1182 string client_key = 102; 1183} 1184 1185// Configuration for client certificates on the cluster. 1186message ClientCertificateConfig { 1187 // Issue a client certificate. 1188 bool issue_client_certificate = 1; 1189} 1190 1191// Configuration for the addons that can be automatically spun up in the 1192// cluster, enabling additional functionality. 1193message AddonsConfig { 1194 // Configuration for the HTTP (L7) load balancing controller addon, which 1195 // makes it easy to set up HTTP load balancers for services in a cluster. 1196 HttpLoadBalancing http_load_balancing = 1; 1197 1198 // Configuration for the horizontal pod autoscaling feature, which 1199 // increases or decreases the number of replica pods a replication controller 1200 // has based on the resource usage of the existing pods. 1201 HorizontalPodAutoscaling horizontal_pod_autoscaling = 2; 1202 1203 // Configuration for the Kubernetes Dashboard. 1204 // This addon is deprecated, and will be disabled in 1.15. It is recommended 1205 // to use the Cloud Console to manage and monitor your Kubernetes clusters, 1206 // workloads and applications. For more information, see: 1207 // https://cloud.google.com/kubernetes-engine/docs/concepts/dashboards 1208 KubernetesDashboard kubernetes_dashboard = 3 [deprecated = true]; 1209 1210 // Configuration for NetworkPolicy. This only tracks whether the addon 1211 // is enabled or not on the Master, it does not track whether network policy 1212 // is enabled for the nodes. 1213 NetworkPolicyConfig network_policy_config = 4; 1214 1215 // Configuration for the Cloud Run addon, which allows the user to use a 1216 // managed Knative service. 1217 CloudRunConfig cloud_run_config = 7; 1218 1219 // Configuration for NodeLocalDNS, a dns cache running on cluster nodes 1220 DnsCacheConfig dns_cache_config = 8; 1221 1222 // Configuration for the ConfigConnector add-on, a Kubernetes 1223 // extension to manage hosted GCP services through the Kubernetes API 1224 ConfigConnectorConfig config_connector_config = 10; 1225 1226 // Configuration for the Compute Engine Persistent Disk CSI driver. 1227 GcePersistentDiskCsiDriverConfig gce_persistent_disk_csi_driver_config = 11; 1228 1229 // Configuration for the GCP Filestore CSI driver. 1230 GcpFilestoreCsiDriverConfig gcp_filestore_csi_driver_config = 14; 1231 1232 // Configuration for the Backup for GKE agent addon. 1233 GkeBackupAgentConfig gke_backup_agent_config = 16; 1234 1235 // Configuration for the Cloud Storage Fuse CSI driver. 1236 GcsFuseCsiDriverConfig gcs_fuse_csi_driver_config = 17; 1237 1238 // Optional. Configuration for the StatefulHA add-on. 1239 StatefulHAConfig stateful_ha_config = 18 1240 [(google.api.field_behavior) = OPTIONAL]; 1241} 1242 1243// Configuration options for the HTTP (L7) load balancing controller addon, 1244// which makes it easy to set up HTTP load balancers for services in a cluster. 1245message HttpLoadBalancing { 1246 // Whether the HTTP Load Balancing controller is enabled in the cluster. 1247 // When enabled, it runs a small pod in the cluster that manages the load 1248 // balancers. 1249 bool disabled = 1; 1250} 1251 1252// Configuration options for the horizontal pod autoscaling feature, which 1253// increases or decreases the number of replica pods a replication controller 1254// has based on the resource usage of the existing pods. 1255message HorizontalPodAutoscaling { 1256 // Whether the Horizontal Pod Autoscaling feature is enabled in the cluster. 1257 // When enabled, it ensures that metrics are collected into Stackdriver 1258 // Monitoring. 1259 bool disabled = 1; 1260} 1261 1262// Configuration for the Kubernetes Dashboard. 1263message KubernetesDashboard { 1264 // Whether the Kubernetes Dashboard is enabled for this cluster. 1265 bool disabled = 1; 1266} 1267 1268// Configuration for NetworkPolicy. This only tracks whether the addon 1269// is enabled or not on the Master, it does not track whether network policy 1270// is enabled for the nodes. 1271message NetworkPolicyConfig { 1272 // Whether NetworkPolicy is enabled for this cluster. 1273 bool disabled = 1; 1274} 1275 1276// Configuration for NodeLocal DNSCache 1277message DnsCacheConfig { 1278 // Whether NodeLocal DNSCache is enabled for this cluster. 1279 bool enabled = 1; 1280} 1281 1282// Configuration for controlling master global access settings. 1283message PrivateClusterMasterGlobalAccessConfig { 1284 // Whenever master is accessible globally or not. 1285 bool enabled = 1; 1286} 1287 1288// Configuration options for private clusters. 1289message PrivateClusterConfig { 1290 // Whether nodes have internal IP addresses only. If enabled, all nodes are 1291 // given only RFC 1918 private addresses and communicate with the master via 1292 // private networking. 1293 bool enable_private_nodes = 1; 1294 1295 // Whether the master's internal IP address is used as the cluster endpoint. 1296 bool enable_private_endpoint = 2; 1297 1298 // The IP range in CIDR notation to use for the hosted master network. This 1299 // range will be used for assigning internal IP addresses to the master or 1300 // set of masters, as well as the ILB VIP. This range must not overlap with 1301 // any other ranges in use within the cluster's network. 1302 string master_ipv4_cidr_block = 3; 1303 1304 // Output only. The internal IP address of this cluster's master endpoint. 1305 string private_endpoint = 4; 1306 1307 // Output only. The external IP address of this cluster's master endpoint. 1308 string public_endpoint = 5; 1309 1310 // Output only. The peering name in the customer VPC used by this cluster. 1311 string peering_name = 7; 1312 1313 // Controls master global access settings. 1314 PrivateClusterMasterGlobalAccessConfig master_global_access_config = 8; 1315 1316 // Subnet to provision the master's private endpoint during cluster creation. 1317 // Specified in projects/*/regions/*/subnetworks/* format. 1318 string private_endpoint_subnetwork = 10; 1319} 1320 1321// Configuration for returning group information from authenticators. 1322message AuthenticatorGroupsConfig { 1323 // Whether this cluster should return group membership lookups 1324 // during authentication using a group of security groups. 1325 bool enabled = 1; 1326 1327 // The name of the security group-of-groups to be used. Only relevant 1328 // if enabled = true. 1329 string security_group = 2; 1330} 1331 1332// Configuration options for the Cloud Run feature. 1333message CloudRunConfig { 1334 // Load balancer type of ingress service of Cloud Run. 1335 enum LoadBalancerType { 1336 // Load balancer type for Cloud Run is unspecified. 1337 LOAD_BALANCER_TYPE_UNSPECIFIED = 0; 1338 1339 // Install external load balancer for Cloud Run. 1340 LOAD_BALANCER_TYPE_EXTERNAL = 1; 1341 1342 // Install internal load balancer for Cloud Run. 1343 LOAD_BALANCER_TYPE_INTERNAL = 2; 1344 } 1345 1346 // Whether Cloud Run addon is enabled for this cluster. 1347 bool disabled = 1; 1348 1349 // Which load balancer type is installed for Cloud Run. 1350 LoadBalancerType load_balancer_type = 3; 1351} 1352 1353// Configuration options for the Config Connector add-on. 1354message ConfigConnectorConfig { 1355 // Whether Cloud Connector is enabled for this cluster. 1356 bool enabled = 1; 1357} 1358 1359// Configuration for the Compute Engine PD CSI driver. 1360message GcePersistentDiskCsiDriverConfig { 1361 // Whether the Compute Engine PD CSI driver is enabled for this cluster. 1362 bool enabled = 1; 1363} 1364 1365// Configuration for the GCP Filestore CSI driver. 1366message GcpFilestoreCsiDriverConfig { 1367 // Whether the GCP Filestore CSI driver is enabled for this cluster. 1368 bool enabled = 1; 1369} 1370 1371// Configuration for the Cloud Storage Fuse CSI driver. 1372message GcsFuseCsiDriverConfig { 1373 // Whether the Cloud Storage Fuse CSI driver is enabled for this cluster. 1374 bool enabled = 1; 1375} 1376 1377// Configuration for the Backup for GKE Agent. 1378message GkeBackupAgentConfig { 1379 // Whether the Backup for GKE agent is enabled for this cluster. 1380 bool enabled = 1; 1381} 1382 1383// Configuration for the Stateful HA add-on. 1384message StatefulHAConfig { 1385 // Whether the Stateful HA add-on is enabled for this cluster. 1386 bool enabled = 1; 1387} 1388 1389// Configuration options for the master authorized networks feature. Enabled 1390// master authorized networks will disallow all external traffic to access 1391// Kubernetes master through HTTPS except traffic from the given CIDR blocks, 1392// Google Compute Engine Public IPs and Google Prod IPs. 1393message MasterAuthorizedNetworksConfig { 1394 // CidrBlock contains an optional name and one CIDR block. 1395 message CidrBlock { 1396 // display_name is an optional field for users to identify CIDR blocks. 1397 string display_name = 1; 1398 1399 // cidr_block must be specified in CIDR notation. 1400 string cidr_block = 2; 1401 } 1402 1403 // Whether or not master authorized networks is enabled. 1404 bool enabled = 1; 1405 1406 // cidr_blocks define up to 50 external networks that could access 1407 // Kubernetes master through HTTPS. 1408 repeated CidrBlock cidr_blocks = 2; 1409 1410 // Whether master is accessbile via Google Compute Engine Public IP addresses. 1411 optional bool gcp_public_cidrs_access_enabled = 3; 1412} 1413 1414// Configuration for the legacy Attribute Based Access Control authorization 1415// mode. 1416message LegacyAbac { 1417 // Whether the ABAC authorizer is enabled for this cluster. When enabled, 1418 // identities in the system, including service accounts, nodes, and 1419 // controllers, will have statically granted permissions beyond those 1420 // provided by the RBAC configuration or IAM. 1421 bool enabled = 1; 1422} 1423 1424// Configuration options for the NetworkPolicy feature. 1425// https://kubernetes.io/docs/concepts/services-networking/networkpolicies/ 1426message NetworkPolicy { 1427 // Allowed Network Policy providers. 1428 enum Provider { 1429 // Not set 1430 PROVIDER_UNSPECIFIED = 0; 1431 1432 // Tigera (Calico Felix). 1433 CALICO = 1; 1434 } 1435 1436 // The selected network policy provider. 1437 Provider provider = 1; 1438 1439 // Whether network policy is enabled on the cluster. 1440 bool enabled = 2; 1441} 1442 1443// Configuration for Binary Authorization. 1444message BinaryAuthorization { 1445 // Binary Authorization mode of operation. 1446 enum EvaluationMode { 1447 // Default value 1448 EVALUATION_MODE_UNSPECIFIED = 0; 1449 1450 // Disable BinaryAuthorization 1451 DISABLED = 1; 1452 1453 // Enforce Kubernetes admission requests with BinaryAuthorization using the 1454 // project's singleton policy. This is equivalent to setting the 1455 // enabled boolean to true. 1456 PROJECT_SINGLETON_POLICY_ENFORCE = 2; 1457 } 1458 1459 // This field is deprecated. Leave this unset and instead configure 1460 // BinaryAuthorization using evaluation_mode. If evaluation_mode is set to 1461 // anything other than EVALUATION_MODE_UNSPECIFIED, this field is ignored. 1462 bool enabled = 1 [deprecated = true]; 1463 1464 // Mode of operation for binauthz policy evaluation. If unspecified, defaults 1465 // to DISABLED. 1466 EvaluationMode evaluation_mode = 2; 1467} 1468 1469// [PRIVATE FIELD] 1470// Config for pod CIDR size overprovisioning. 1471message PodCIDROverprovisionConfig { 1472 // Whether Pod CIDR overprovisioning is disabled. 1473 // Note: Pod CIDR overprovisioning is enabled by default. 1474 bool disable = 1; 1475} 1476 1477// Configuration for controlling how IPs are allocated in the cluster. 1478message IPAllocationPolicy { 1479 // Whether alias IPs will be used for pod IPs in the cluster. 1480 // This is used in conjunction with use_routes. It cannot 1481 // be true if use_routes is true. If both use_ip_aliases and use_routes are 1482 // false, then the server picks the default IP allocation mode 1483 bool use_ip_aliases = 1; 1484 1485 // Whether a new subnetwork will be created automatically for the cluster. 1486 // 1487 // This field is only applicable when `use_ip_aliases` is true. 1488 bool create_subnetwork = 2; 1489 1490 // A custom subnetwork name to be used if `create_subnetwork` is true. If 1491 // this field is empty, then an automatic name will be chosen for the new 1492 // subnetwork. 1493 string subnetwork_name = 3; 1494 1495 // This field is deprecated, use cluster_ipv4_cidr_block. 1496 string cluster_ipv4_cidr = 4 [deprecated = true]; 1497 1498 // This field is deprecated, use node_ipv4_cidr_block. 1499 string node_ipv4_cidr = 5 [deprecated = true]; 1500 1501 // This field is deprecated, use services_ipv4_cidr_block. 1502 string services_ipv4_cidr = 6 [deprecated = true]; 1503 1504 // The name of the secondary range to be used for the cluster CIDR 1505 // block. The secondary range will be used for pod IP 1506 // addresses. This must be an existing secondary range associated 1507 // with the cluster subnetwork. 1508 // 1509 // This field is only applicable with use_ip_aliases is true and 1510 // create_subnetwork is false. 1511 string cluster_secondary_range_name = 7; 1512 1513 // The name of the secondary range to be used as for the services 1514 // CIDR block. The secondary range will be used for service 1515 // ClusterIPs. This must be an existing secondary range associated 1516 // with the cluster subnetwork. 1517 // 1518 // This field is only applicable with use_ip_aliases is true and 1519 // create_subnetwork is false. 1520 string services_secondary_range_name = 8; 1521 1522 // The IP address range for the cluster pod IPs. If this field is set, then 1523 // `cluster.cluster_ipv4_cidr` must be left blank. 1524 // 1525 // This field is only applicable when `use_ip_aliases` is true. 1526 // 1527 // Set to blank to have a range chosen with the default size. 1528 // 1529 // Set to /netmask (e.g. `/14`) to have a range chosen with a specific 1530 // netmask. 1531 // 1532 // Set to a 1533 // [CIDR](http://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing) 1534 // notation (e.g. `10.96.0.0/14`) from the RFC-1918 private networks (e.g. 1535 // `10.0.0.0/8`, `172.16.0.0/12`, `192.168.0.0/16`) to pick a specific range 1536 // to use. 1537 string cluster_ipv4_cidr_block = 9; 1538 1539 // The IP address range of the instance IPs in this cluster. 1540 // 1541 // This is applicable only if `create_subnetwork` is true. 1542 // 1543 // Set to blank to have a range chosen with the default size. 1544 // 1545 // Set to /netmask (e.g. `/14`) to have a range chosen with a specific 1546 // netmask. 1547 // 1548 // Set to a 1549 // [CIDR](http://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing) 1550 // notation (e.g. `10.96.0.0/14`) from the RFC-1918 private networks (e.g. 1551 // `10.0.0.0/8`, `172.16.0.0/12`, `192.168.0.0/16`) to pick a specific range 1552 // to use. 1553 string node_ipv4_cidr_block = 10; 1554 1555 // The IP address range of the services IPs in this cluster. If blank, a range 1556 // will be automatically chosen with the default size. 1557 // 1558 // This field is only applicable when `use_ip_aliases` is true. 1559 // 1560 // Set to blank to have a range chosen with the default size. 1561 // 1562 // Set to /netmask (e.g. `/14`) to have a range chosen with a specific 1563 // netmask. 1564 // 1565 // Set to a 1566 // [CIDR](http://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing) 1567 // notation (e.g. `10.96.0.0/14`) from the RFC-1918 private networks (e.g. 1568 // `10.0.0.0/8`, `172.16.0.0/12`, `192.168.0.0/16`) to pick a specific range 1569 // to use. 1570 string services_ipv4_cidr_block = 11; 1571 1572 // The IP address range of the Cloud TPUs in this cluster. If unspecified, a 1573 // range will be automatically chosen with the default size. 1574 // 1575 // This field is only applicable when `use_ip_aliases` is true. 1576 // 1577 // If unspecified, the range will use the default size. 1578 // 1579 // Set to /netmask (e.g. `/14`) to have a range chosen with a specific 1580 // netmask. 1581 // 1582 // Set to a 1583 // [CIDR](http://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing) 1584 // notation (e.g. `10.96.0.0/14`) from the RFC-1918 private networks (e.g. 1585 // `10.0.0.0/8`, `172.16.0.0/12`, `192.168.0.0/16`) to pick a specific range 1586 // to use. 1587 string tpu_ipv4_cidr_block = 13; 1588 1589 // Whether routes will be used for pod IPs in the cluster. 1590 // This is used in conjunction with use_ip_aliases. It cannot be true if 1591 // use_ip_aliases is true. If both use_ip_aliases and use_routes are false, 1592 // then the server picks the default IP allocation mode 1593 bool use_routes = 15; 1594 1595 // The IP stack type of the cluster 1596 StackType stack_type = 16; 1597 1598 // The ipv6 access type (internal or external) when create_subnetwork is true 1599 IPv6AccessType ipv6_access_type = 17; 1600 1601 // [PRIVATE FIELD] 1602 // Pod CIDR size overprovisioning config for the cluster. 1603 // 1604 // Pod CIDR size per node depends on max_pods_per_node. By default, the value 1605 // of max_pods_per_node is doubled and then rounded off to next power of 2 to 1606 // get the size of pod CIDR block per node. 1607 // Example: max_pods_per_node of 30 would result in 64 IPs (/26). 1608 // 1609 // This config can disable the doubling of IPs (we still round off to next 1610 // power of 2) 1611 // Example: max_pods_per_node of 30 will result in 32 IPs (/27) when 1612 // overprovisioning is disabled. 1613 PodCIDROverprovisionConfig pod_cidr_overprovision_config = 21; 1614 1615 // Output only. [Output only] The subnet's IPv6 CIDR block used by nodes and 1616 // pods. 1617 string subnet_ipv6_cidr_block = 22 1618 [(google.api.field_behavior) = OUTPUT_ONLY]; 1619 1620 // Output only. [Output only] The services IPv6 CIDR block for the cluster. 1621 string services_ipv6_cidr_block = 23 1622 [(google.api.field_behavior) = OUTPUT_ONLY]; 1623 1624 // Output only. [Output only] The additional pod ranges that are added to the 1625 // cluster. These pod ranges can be used by new node pools to allocate pod IPs 1626 // automatically. Once the range is removed it will not show up in 1627 // IPAllocationPolicy. 1628 AdditionalPodRangesConfig additional_pod_ranges_config = 24 1629 [(google.api.field_behavior) = OUTPUT_ONLY]; 1630 1631 // Output only. [Output only] The utilization of the cluster default IPv4 1632 // range for the pod. The ratio is Usage/[Total number of IPs in the secondary 1633 // range], Usage=numNodes*numZones*podIPsPerNode. 1634 double default_pod_ipv4_range_utilization = 25 1635 [(google.api.field_behavior) = OUTPUT_ONLY]; 1636} 1637 1638// A Google Kubernetes Engine cluster. 1639message Cluster { 1640 // The current status of the cluster. 1641 enum Status { 1642 // Not set. 1643 STATUS_UNSPECIFIED = 0; 1644 1645 // The PROVISIONING state indicates the cluster is being created. 1646 PROVISIONING = 1; 1647 1648 // The RUNNING state indicates the cluster has been created and is fully 1649 // usable. 1650 RUNNING = 2; 1651 1652 // The RECONCILING state indicates that some work is actively being done on 1653 // the cluster, such as upgrading the master or node software. Details can 1654 // be found in the `statusMessage` field. 1655 RECONCILING = 3; 1656 1657 // The STOPPING state indicates the cluster is being deleted. 1658 STOPPING = 4; 1659 1660 // The ERROR state indicates the cluster is unusable. It will be 1661 // automatically deleted. Details can be found in the `statusMessage` field. 1662 ERROR = 5; 1663 1664 // The DEGRADED state indicates the cluster requires user action to restore 1665 // full functionality. Details can be found in the `statusMessage` field. 1666 DEGRADED = 6; 1667 } 1668 1669 // The name of this cluster. The name must be unique within this project 1670 // and location (e.g. zone or region), and can be up to 40 characters with 1671 // the following restrictions: 1672 // 1673 // * Lowercase letters, numbers, and hyphens only. 1674 // * Must start with a letter. 1675 // * Must end with a number or a letter. 1676 string name = 1; 1677 1678 // An optional description of this cluster. 1679 string description = 2; 1680 1681 // The number of nodes to create in this cluster. You must ensure that your 1682 // Compute Engine [resource quota](https://cloud.google.com/compute/quotas) 1683 // is sufficient for this number of instances. You must also have available 1684 // firewall and routes quota. 1685 // For requests, this field should only be used in lieu of a 1686 // "node_pool" object, since this configuration (along with the 1687 // "node_config") will be used to create a "NodePool" object with an 1688 // auto-generated name. Do not use this and a node_pool at the same time. 1689 // 1690 // This field is deprecated, use node_pool.initial_node_count instead. 1691 int32 initial_node_count = 3 [deprecated = true]; 1692 1693 // Parameters used in creating the cluster's nodes. 1694 // For requests, this field should only be used in lieu of a 1695 // "node_pool" object, since this configuration (along with the 1696 // "initial_node_count") will be used to create a "NodePool" object with an 1697 // auto-generated name. Do not use this and a node_pool at the same time. 1698 // For responses, this field will be populated with the node configuration of 1699 // the first node pool. (For configuration of each node pool, see 1700 // `node_pool.config`) 1701 // 1702 // If unspecified, the defaults are used. 1703 // This field is deprecated, use node_pool.config instead. 1704 NodeConfig node_config = 4 [deprecated = true]; 1705 1706 // The authentication information for accessing the master endpoint. 1707 // If unspecified, the defaults are used: 1708 // For clusters before v1.12, if master_auth is unspecified, `username` will 1709 // be set to "admin", a random password will be generated, and a client 1710 // certificate will be issued. 1711 MasterAuth master_auth = 5; 1712 1713 // The logging service the cluster should use to write logs. 1714 // Currently available options: 1715 // 1716 // * `logging.googleapis.com/kubernetes` - The Cloud Logging 1717 // service with a Kubernetes-native resource model 1718 // * `logging.googleapis.com` - The legacy Cloud Logging service (no longer 1719 // available as of GKE 1.15). 1720 // * `none` - no logs will be exported from the cluster. 1721 // 1722 // If left as an empty string,`logging.googleapis.com/kubernetes` will be 1723 // used for GKE 1.14+ or `logging.googleapis.com` for earlier versions. 1724 string logging_service = 6; 1725 1726 // The monitoring service the cluster should use to write metrics. 1727 // Currently available options: 1728 // 1729 // * "monitoring.googleapis.com/kubernetes" - The Cloud Monitoring 1730 // service with a Kubernetes-native resource model 1731 // * `monitoring.googleapis.com` - The legacy Cloud Monitoring service (no 1732 // longer available as of GKE 1.15). 1733 // * `none` - No metrics will be exported from the cluster. 1734 // 1735 // If left as an empty string,`monitoring.googleapis.com/kubernetes` will be 1736 // used for GKE 1.14+ or `monitoring.googleapis.com` for earlier versions. 1737 string monitoring_service = 7; 1738 1739 // The name of the Google Compute Engine 1740 // [network](https://cloud.google.com/compute/docs/networks-and-firewalls#networks) 1741 // to which the cluster is connected. If left unspecified, the `default` 1742 // network will be used. 1743 string network = 8; 1744 1745 // The IP address range of the container pods in this cluster, in 1746 // [CIDR](http://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing) 1747 // notation (e.g. `10.96.0.0/14`). Leave blank to have 1748 // one automatically chosen or specify a `/14` block in `10.0.0.0/8`. 1749 string cluster_ipv4_cidr = 9; 1750 1751 // Configurations for the various addons available to run in the cluster. 1752 AddonsConfig addons_config = 10; 1753 1754 // The name of the Google Compute Engine 1755 // [subnetwork](https://cloud.google.com/compute/docs/subnetworks) to which 1756 // the cluster is connected. 1757 string subnetwork = 11; 1758 1759 // The node pools associated with this cluster. 1760 // This field should not be set if "node_config" or "initial_node_count" are 1761 // specified. 1762 repeated NodePool node_pools = 12; 1763 1764 // The list of Google Compute Engine 1765 // [zones](https://cloud.google.com/compute/docs/zones#available) in which the 1766 // cluster's nodes should be located. 1767 // 1768 // This field provides a default value if 1769 // [NodePool.Locations](https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1/projects.locations.clusters.nodePools#NodePool.FIELDS.locations) 1770 // are not specified during node pool creation. 1771 // 1772 // Warning: changing cluster locations will update the 1773 // [NodePool.Locations](https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1/projects.locations.clusters.nodePools#NodePool.FIELDS.locations) 1774 // of all node pools and will result in nodes being added and/or removed. 1775 repeated string locations = 13; 1776 1777 // Kubernetes alpha features are enabled on this cluster. This includes alpha 1778 // API groups (e.g. v1alpha1) and features that may not be production ready in 1779 // the kubernetes version of the master and nodes. 1780 // The cluster has no SLA for uptime and master/node upgrades are disabled. 1781 // Alpha enabled clusters are automatically deleted thirty days after 1782 // creation. 1783 bool enable_kubernetes_alpha = 14; 1784 1785 // The resource labels for the cluster to use to annotate any related 1786 // Google Compute Engine resources. 1787 map<string, string> resource_labels = 15; 1788 1789 // The fingerprint of the set of labels for this cluster. 1790 string label_fingerprint = 16; 1791 1792 // Configuration for the legacy ABAC authorization mode. 1793 LegacyAbac legacy_abac = 18; 1794 1795 // Configuration options for the NetworkPolicy feature. 1796 NetworkPolicy network_policy = 19; 1797 1798 // Configuration for cluster IP allocation. 1799 IPAllocationPolicy ip_allocation_policy = 20; 1800 1801 // The configuration options for master authorized networks feature. 1802 MasterAuthorizedNetworksConfig master_authorized_networks_config = 22; 1803 1804 // Configure the maintenance policy for this cluster. 1805 MaintenancePolicy maintenance_policy = 23; 1806 1807 // Configuration for Binary Authorization. 1808 BinaryAuthorization binary_authorization = 24; 1809 1810 // Cluster-level autoscaling configuration. 1811 ClusterAutoscaling autoscaling = 26; 1812 1813 // Configuration for cluster networking. 1814 NetworkConfig network_config = 27; 1815 1816 // The default constraint on the maximum number of pods that can be run 1817 // simultaneously on a node in the node pool of this cluster. Only honored 1818 // if cluster created with IP Alias support. 1819 MaxPodsConstraint default_max_pods_constraint = 30; 1820 1821 // Configuration for exporting resource usages. Resource usage export is 1822 // disabled when this config is unspecified. 1823 ResourceUsageExportConfig resource_usage_export_config = 33; 1824 1825 // Configuration controlling RBAC group membership information. 1826 AuthenticatorGroupsConfig authenticator_groups_config = 34; 1827 1828 // Configuration for private cluster. 1829 PrivateClusterConfig private_cluster_config = 37; 1830 1831 // Configuration of etcd encryption. 1832 DatabaseEncryption database_encryption = 38; 1833 1834 // Cluster-level Vertical Pod Autoscaling configuration. 1835 VerticalPodAutoscaling vertical_pod_autoscaling = 39; 1836 1837 // Shielded Nodes configuration. 1838 ShieldedNodes shielded_nodes = 40; 1839 1840 // Release channel configuration. If left unspecified on cluster creation and 1841 // a version is specified, the cluster is enrolled in the most mature release 1842 // channel where the version is available (first checking STABLE, then 1843 // REGULAR, and finally RAPID). Otherwise, if no release channel 1844 // configuration and no version is specified, the cluster is enrolled in the 1845 // REGULAR channel with its default version. 1846 ReleaseChannel release_channel = 41; 1847 1848 // Configuration for the use of Kubernetes Service Accounts in GCP IAM 1849 // policies. 1850 WorkloadIdentityConfig workload_identity_config = 43; 1851 1852 // Configuration for issuance of mTLS keys and certificates to Kubernetes 1853 // pods. 1854 MeshCertificates mesh_certificates = 67; 1855 1856 // Configuration for the fine-grained cost management feature. 1857 CostManagementConfig cost_management_config = 45; 1858 1859 // Notification configuration of the cluster. 1860 NotificationConfig notification_config = 49; 1861 1862 // Configuration of Confidential Nodes. 1863 // All the nodes in the cluster will be Confidential VM once enabled. 1864 ConfidentialNodes confidential_nodes = 50; 1865 1866 // Configuration for Identity Service component. 1867 IdentityServiceConfig identity_service_config = 54; 1868 1869 // [Output only] Server-defined URL for the resource. 1870 string self_link = 100; 1871 1872 // [Output only] The name of the Google Compute Engine 1873 // [zone](https://cloud.google.com/compute/docs/zones#available) in which the 1874 // cluster resides. This field is deprecated, use location instead. 1875 string zone = 101 [deprecated = true]; 1876 1877 // [Output only] The IP address of this cluster's master endpoint. 1878 // The endpoint can be accessed from the internet at 1879 // `https://username:password@endpoint/`. 1880 // 1881 // See the `masterAuth` property of this resource for username and 1882 // password information. 1883 string endpoint = 102; 1884 1885 // The initial Kubernetes version for this cluster. Valid versions are those 1886 // found in validMasterVersions returned by getServerConfig. The version can 1887 // be upgraded over time; such upgrades are reflected in 1888 // currentMasterVersion and currentNodeVersion. 1889 // 1890 // Users may specify either explicit versions offered by 1891 // Kubernetes Engine or version aliases, which have the following behavior: 1892 // 1893 // - "latest": picks the highest valid Kubernetes version 1894 // - "1.X": picks the highest valid patch+gke.N patch in the 1.X version 1895 // - "1.X.Y": picks the highest valid gke.N patch in the 1.X.Y version 1896 // - "1.X.Y-gke.N": picks an explicit Kubernetes version 1897 // - "","-": picks the default Kubernetes version 1898 string initial_cluster_version = 103; 1899 1900 // [Output only] The current software version of the master endpoint. 1901 string current_master_version = 104; 1902 1903 // [Output only] Deprecated, use 1904 // [NodePools.version](https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1/projects.locations.clusters.nodePools) 1905 // instead. The current version of the node software components. If they are 1906 // currently at multiple versions because they're in the process of being 1907 // upgraded, this reflects the minimum version of all nodes. 1908 string current_node_version = 105 [deprecated = true]; 1909 1910 // [Output only] The time the cluster was created, in 1911 // [RFC3339](https://www.ietf.org/rfc/rfc3339.txt) text format. 1912 string create_time = 106; 1913 1914 // [Output only] The current status of this cluster. 1915 Status status = 107; 1916 1917 // [Output only] Deprecated. Use conditions instead. 1918 // Additional information about the current status of this 1919 // cluster, if available. 1920 string status_message = 108 [deprecated = true]; 1921 1922 // [Output only] The size of the address space on each node for hosting 1923 // containers. This is provisioned from within the `container_ipv4_cidr` 1924 // range. This field will only be set when cluster is in route-based network 1925 // mode. 1926 int32 node_ipv4_cidr_size = 109; 1927 1928 // [Output only] The IP address range of the Kubernetes services in 1929 // this cluster, in 1930 // [CIDR](http://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing) 1931 // notation (e.g. `1.2.3.4/29`). Service addresses are 1932 // typically put in the last `/16` from the container CIDR. 1933 string services_ipv4_cidr = 110; 1934 1935 // Deprecated. Use node_pools.instance_group_urls. 1936 repeated string instance_group_urls = 111 [deprecated = true]; 1937 1938 // [Output only] The number of nodes currently in the cluster. Deprecated. 1939 // Call Kubernetes API directly to retrieve node information. 1940 int32 current_node_count = 112 [deprecated = true]; 1941 1942 // [Output only] The time the cluster will be automatically 1943 // deleted in [RFC3339](https://www.ietf.org/rfc/rfc3339.txt) text format. 1944 string expire_time = 113; 1945 1946 // [Output only] The name of the Google Compute Engine 1947 // [zone](https://cloud.google.com/compute/docs/regions-zones/regions-zones#available) 1948 // or 1949 // [region](https://cloud.google.com/compute/docs/regions-zones/regions-zones#available) 1950 // in which the cluster resides. 1951 string location = 114; 1952 1953 // Enable the ability to use Cloud TPUs in this cluster. 1954 bool enable_tpu = 115; 1955 1956 // [Output only] The IP address range of the Cloud TPUs in this cluster, in 1957 // [CIDR](http://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing) 1958 // notation (e.g. `1.2.3.4/29`). 1959 string tpu_ipv4_cidr_block = 116; 1960 1961 // Which conditions caused the current cluster state. 1962 repeated StatusCondition conditions = 118; 1963 1964 // Autopilot configuration for the cluster. 1965 Autopilot autopilot = 128; 1966 1967 // Output only. Unique id for the cluster. 1968 string id = 129 [(google.api.field_behavior) = OUTPUT_ONLY]; 1969 1970 // Default NodePool settings for the entire cluster. These settings are 1971 // overridden if specified on the specific NodePool object. 1972 optional NodePoolDefaults node_pool_defaults = 131; 1973 1974 // Logging configuration for the cluster. 1975 LoggingConfig logging_config = 132; 1976 1977 // Monitoring configuration for the cluster. 1978 MonitoringConfig monitoring_config = 133; 1979 1980 // Node pool configs that apply to all auto-provisioned node pools 1981 // in autopilot clusters and node auto-provisioning enabled clusters. 1982 NodePoolAutoConfig node_pool_auto_config = 136; 1983 1984 // This checksum is computed by the server based on the value of cluster 1985 // fields, and may be sent on update requests to ensure the client has an 1986 // up-to-date value before proceeding. 1987 string etag = 139; 1988 1989 // Fleet information for the cluster. 1990 Fleet fleet = 140; 1991 1992 // Enable/Disable Security Posture API features for the cluster. 1993 SecurityPostureConfig security_posture_config = 145; 1994 1995 // Beta APIs Config 1996 K8sBetaAPIConfig enable_k8s_beta_apis = 143; 1997 1998 // GKE Enterprise Configuration. 1999 EnterpriseConfig enterprise_config = 149; 2000} 2001 2002// K8sBetaAPIConfig , configuration for beta APIs 2003message K8sBetaAPIConfig { 2004 // Enabled k8s beta APIs. 2005 repeated string enabled_apis = 1; 2006} 2007 2008// SecurityPostureConfig defines the flags needed to enable/disable features for 2009// the Security Posture API. 2010message SecurityPostureConfig { 2011 // Mode defines enablement mode for GKE Security posture features. 2012 enum Mode { 2013 // Default value not specified. 2014 MODE_UNSPECIFIED = 0; 2015 2016 // Disables Security Posture features on the cluster. 2017 DISABLED = 1; 2018 2019 // Applies Security Posture features on the cluster. 2020 BASIC = 2; 2021 } 2022 2023 // VulnerabilityMode defines enablement mode for vulnerability scanning. 2024 enum VulnerabilityMode { 2025 // Default value not specified. 2026 VULNERABILITY_MODE_UNSPECIFIED = 0; 2027 2028 // Disables vulnerability scanning on the cluster. 2029 VULNERABILITY_DISABLED = 1; 2030 2031 // Applies basic vulnerability scanning on the cluster. 2032 VULNERABILITY_BASIC = 2; 2033 2034 // Applies the Security Posture's vulnerability on cluster Enterprise level 2035 // features. 2036 VULNERABILITY_ENTERPRISE = 3; 2037 } 2038 2039 // Sets which mode to use for Security Posture features. 2040 optional Mode mode = 1; 2041 2042 // Sets which mode to use for vulnerability scanning. 2043 optional VulnerabilityMode vulnerability_mode = 2; 2044} 2045 2046// Node pool configs that apply to all auto-provisioned node pools 2047// in autopilot clusters and node auto-provisioning enabled clusters. 2048message NodePoolAutoConfig { 2049 // The list of instance tags applied to all nodes. Tags are used to identify 2050 // valid sources or targets for network firewalls and are specified by 2051 // the client during cluster creation. Each tag within the list 2052 // must comply with RFC1035. 2053 NetworkTags network_tags = 1; 2054 2055 // Resource manager tag keys and values to be attached to the nodes 2056 // for managing Compute Engine firewalls using Network Firewall Policies. 2057 ResourceManagerTags resource_manager_tags = 2; 2058} 2059 2060// Subset of Nodepool message that has defaults. 2061message NodePoolDefaults { 2062 // Subset of NodeConfig message that has defaults. 2063 NodeConfigDefaults node_config_defaults = 1; 2064} 2065 2066// Subset of NodeConfig message that has defaults. 2067message NodeConfigDefaults { 2068 // GCFS (Google Container File System, also known as Riptide) options. 2069 GcfsConfig gcfs_config = 1; 2070 2071 // Logging configuration for node pools. 2072 NodePoolLoggingConfig logging_config = 3; 2073} 2074 2075// ClusterUpdate describes an update to the cluster. Exactly one update can 2076// be applied to a cluster with each request, so at most one field can be 2077// provided. 2078message ClusterUpdate { 2079 // The Kubernetes version to change the nodes to (typically an 2080 // upgrade). 2081 // 2082 // Users may specify either explicit versions offered by 2083 // Kubernetes Engine or version aliases, which have the following behavior: 2084 // 2085 // - "latest": picks the highest valid Kubernetes version 2086 // - "1.X": picks the highest valid patch+gke.N patch in the 1.X version 2087 // - "1.X.Y": picks the highest valid gke.N patch in the 1.X.Y version 2088 // - "1.X.Y-gke.N": picks an explicit Kubernetes version 2089 // - "-": picks the Kubernetes master version 2090 string desired_node_version = 4; 2091 2092 // The monitoring service the cluster should use to write metrics. 2093 // Currently available options: 2094 // 2095 // * "monitoring.googleapis.com/kubernetes" - The Cloud Monitoring 2096 // service with a Kubernetes-native resource model 2097 // * `monitoring.googleapis.com` - The legacy Cloud Monitoring service (no 2098 // longer available as of GKE 1.15). 2099 // * `none` - No metrics will be exported from the cluster. 2100 // 2101 // If left as an empty string,`monitoring.googleapis.com/kubernetes` will be 2102 // used for GKE 1.14+ or `monitoring.googleapis.com` for earlier versions. 2103 string desired_monitoring_service = 5; 2104 2105 // Configurations for the various addons available to run in the cluster. 2106 AddonsConfig desired_addons_config = 6; 2107 2108 // The node pool to be upgraded. This field is mandatory if 2109 // "desired_node_version", "desired_image_family" or 2110 // "desired_node_pool_autoscaling" is specified and there is more than one 2111 // node pool on the cluster. 2112 string desired_node_pool_id = 7; 2113 2114 // The desired image type for the node pool. 2115 // NOTE: Set the "desired_node_pool" field as well. 2116 string desired_image_type = 8; 2117 2118 // Configuration of etcd encryption. 2119 DatabaseEncryption desired_database_encryption = 46; 2120 2121 // Configuration for Workload Identity. 2122 WorkloadIdentityConfig desired_workload_identity_config = 47; 2123 2124 // Configuration for issuance of mTLS keys and certificates to Kubernetes 2125 // pods. 2126 MeshCertificates desired_mesh_certificates = 67; 2127 2128 // Configuration for Shielded Nodes. 2129 ShieldedNodes desired_shielded_nodes = 48; 2130 2131 // The desired configuration for the fine-grained cost management feature. 2132 CostManagementConfig desired_cost_management_config = 49; 2133 2134 // DNSConfig contains clusterDNS config for this cluster. 2135 DNSConfig desired_dns_config = 53; 2136 2137 // Autoscaler configuration for the node pool specified in 2138 // desired_node_pool_id. If there is only one pool in the 2139 // cluster and desired_node_pool_id is not provided then 2140 // the change applies to that single node pool. 2141 NodePoolAutoscaling desired_node_pool_autoscaling = 9; 2142 2143 // The desired list of Google Compute Engine 2144 // [zones](https://cloud.google.com/compute/docs/zones#available) in which the 2145 // cluster's nodes should be located. 2146 // 2147 // This list must always include the cluster's primary zone. 2148 // 2149 // Warning: changing cluster locations will update the locations of all node 2150 // pools and will result in nodes being added and/or removed. 2151 repeated string desired_locations = 10; 2152 2153 // The desired configuration options for master authorized networks feature. 2154 MasterAuthorizedNetworksConfig desired_master_authorized_networks_config = 12; 2155 2156 // Cluster-level autoscaling configuration. 2157 ClusterAutoscaling desired_cluster_autoscaling = 15; 2158 2159 // The desired configuration options for the Binary Authorization feature. 2160 BinaryAuthorization desired_binary_authorization = 16; 2161 2162 // The logging service the cluster should use to write logs. 2163 // Currently available options: 2164 // 2165 // * `logging.googleapis.com/kubernetes` - The Cloud Logging 2166 // service with a Kubernetes-native resource model 2167 // * `logging.googleapis.com` - The legacy Cloud Logging service (no longer 2168 // available as of GKE 1.15). 2169 // * `none` - no logs will be exported from the cluster. 2170 // 2171 // If left as an empty string,`logging.googleapis.com/kubernetes` will be 2172 // used for GKE 1.14+ or `logging.googleapis.com` for earlier versions. 2173 string desired_logging_service = 19; 2174 2175 // The desired configuration for exporting resource usage. 2176 ResourceUsageExportConfig desired_resource_usage_export_config = 21; 2177 2178 // Cluster-level Vertical Pod Autoscaling configuration. 2179 VerticalPodAutoscaling desired_vertical_pod_autoscaling = 22; 2180 2181 // The desired private cluster configuration. 2182 PrivateClusterConfig desired_private_cluster_config = 25; 2183 2184 // The desired config of Intra-node visibility. 2185 IntraNodeVisibilityConfig desired_intra_node_visibility_config = 26; 2186 2187 // The desired status of whether to disable default sNAT for this cluster. 2188 DefaultSnatStatus desired_default_snat_status = 28; 2189 2190 // The desired release channel configuration. 2191 ReleaseChannel desired_release_channel = 31; 2192 2193 // The desired L4 Internal Load Balancer Subsetting configuration. 2194 ILBSubsettingConfig desired_l4ilb_subsetting_config = 39; 2195 2196 // The desired datapath provider for the cluster. 2197 DatapathProvider desired_datapath_provider = 50; 2198 2199 // The desired state of IPv6 connectivity to Google Services. 2200 PrivateIPv6GoogleAccess desired_private_ipv6_google_access = 51; 2201 2202 // The desired notification configuration. 2203 NotificationConfig desired_notification_config = 55; 2204 2205 // The desired authenticator groups config for the cluster. 2206 AuthenticatorGroupsConfig desired_authenticator_groups_config = 63; 2207 2208 // The desired logging configuration. 2209 LoggingConfig desired_logging_config = 64; 2210 2211 // The desired monitoring configuration. 2212 MonitoringConfig desired_monitoring_config = 65; 2213 2214 // The desired Identity Service component configuration. 2215 IdentityServiceConfig desired_identity_service_config = 66; 2216 2217 // ServiceExternalIPsConfig specifies the config for the use of Services with 2218 // ExternalIPs field. 2219 ServiceExternalIPsConfig desired_service_external_ips_config = 60; 2220 2221 // Enable/Disable private endpoint for the cluster's master. 2222 optional bool desired_enable_private_endpoint = 71; 2223 2224 // The Kubernetes version to change the master to. 2225 // 2226 // Users may specify either explicit versions offered by 2227 // Kubernetes Engine or version aliases, which have the following behavior: 2228 // 2229 // - "latest": picks the highest valid Kubernetes version 2230 // - "1.X": picks the highest valid patch+gke.N patch in the 1.X version 2231 // - "1.X.Y": picks the highest valid gke.N patch in the 1.X.Y version 2232 // - "1.X.Y-gke.N": picks an explicit Kubernetes version 2233 // - "-": picks the default Kubernetes version 2234 string desired_master_version = 100; 2235 2236 // The desired GCFS config for the cluster 2237 GcfsConfig desired_gcfs_config = 109; 2238 2239 // The desired network tags that apply to all auto-provisioned node pools 2240 // in autopilot clusters and node auto-provisioning enabled clusters. 2241 NetworkTags desired_node_pool_auto_config_network_tags = 110; 2242 2243 // The desired config of Gateway API on this cluster. 2244 GatewayAPIConfig desired_gateway_api_config = 114; 2245 2246 // The current etag of the cluster. 2247 // If an etag is provided and does not match the current etag of the cluster, 2248 // update will be blocked and an ABORTED error will be returned. 2249 string etag = 115; 2250 2251 // The desired node pool logging configuration defaults for the cluster. 2252 NodePoolLoggingConfig desired_node_pool_logging_config = 116; 2253 2254 // The desired fleet configuration for the cluster. 2255 Fleet desired_fleet = 117; 2256 2257 // The desired stack type of the cluster. 2258 // If a stack type is provided and does not match the current stack type of 2259 // the cluster, update will attempt to change the stack type to the new type. 2260 StackType desired_stack_type = 119; 2261 2262 // The additional pod ranges to be added to the cluster. These pod ranges 2263 // can be used by node pools to allocate pod IPs. 2264 AdditionalPodRangesConfig additional_pod_ranges_config = 120; 2265 2266 // The additional pod ranges that are to be removed from the cluster. 2267 // The pod ranges specified here must have been specified earlier in the 2268 // 'additional_pod_ranges_config' argument. 2269 AdditionalPodRangesConfig removed_additional_pod_ranges_config = 121; 2270 2271 // Kubernetes open source beta apis enabled on the cluster. Only beta apis 2272 K8sBetaAPIConfig enable_k8s_beta_apis = 122; 2273 2274 // Enable/Disable Security Posture API features for the cluster. 2275 SecurityPostureConfig desired_security_posture_config = 124; 2276 2277 // The desired network performance config. 2278 NetworkConfig.ClusterNetworkPerformanceConfig 2279 desired_network_performance_config = 125; 2280 2281 // Enable/Disable FQDN Network Policy for the cluster. 2282 optional bool desired_enable_fqdn_network_policy = 126; 2283 2284 // The desired workload policy configuration for the autopilot cluster. 2285 WorkloadPolicyConfig desired_autopilot_workload_policy_config = 128; 2286 2287 // Desired Beta APIs to be enabled for cluster. 2288 K8sBetaAPIConfig desired_k8s_beta_apis = 131; 2289 2290 // Enable/Disable Multi-Networking for the cluster 2291 optional bool desired_enable_multi_networking = 135; 2292 2293 // The desired resource manager tags that apply to all auto-provisioned node 2294 // pools in autopilot clusters and node auto-provisioning enabled clusters. 2295 ResourceManagerTags desired_node_pool_auto_config_resource_manager_tags = 136; 2296 2297 // Specify the details of in-transit encryption. 2298 optional InTransitEncryptionConfig desired_in_transit_encryption_config = 137; 2299 2300 // Enable/Disable Cilium Clusterwide Network Policy for the cluster. 2301 optional bool desired_enable_cilium_clusterwide_network_policy = 138; 2302} 2303 2304// AdditionalPodRangesConfig is the configuration for additional pod secondary 2305// ranges supporting the ClusterUpdate message. 2306message AdditionalPodRangesConfig { 2307 // Name for pod secondary ipv4 range which has the actual range defined ahead. 2308 repeated string pod_range_names = 1; 2309 2310 // Output only. [Output only] Information for additional pod range. 2311 repeated RangeInfo pod_range_info = 2 2312 [(google.api.field_behavior) = OUTPUT_ONLY]; 2313} 2314 2315// RangeInfo contains the range name and the range utilization by this cluster. 2316message RangeInfo { 2317 // Output only. [Output only] Name of a range. 2318 string range_name = 1 [(google.api.field_behavior) = OUTPUT_ONLY]; 2319 2320 // Output only. [Output only] The utilization of the range. 2321 double utilization = 2 [(google.api.field_behavior) = OUTPUT_ONLY]; 2322} 2323 2324// This operation resource represents operations that may have happened or are 2325// happening on the cluster. All fields are output only. 2326message Operation { 2327 // Current status of the operation. 2328 enum Status { 2329 // Not set. 2330 STATUS_UNSPECIFIED = 0; 2331 2332 // The operation has been created. 2333 PENDING = 1; 2334 2335 // The operation is currently running. 2336 RUNNING = 2; 2337 2338 // The operation is done, either cancelled or completed. 2339 DONE = 3; 2340 2341 // The operation is aborting. 2342 ABORTING = 4; 2343 } 2344 2345 // Operation type categorizes the operation. 2346 enum Type { 2347 // Not set. 2348 TYPE_UNSPECIFIED = 0; 2349 2350 // The cluster is being created. The cluster should be assumed to be 2351 // unusable until the operation finishes. 2352 // 2353 // In the event of the operation failing, the cluster will enter the [ERROR 2354 // state][Cluster.Status.ERROR] and eventually be deleted. 2355 CREATE_CLUSTER = 1; 2356 2357 // The cluster is being deleted. The cluster should be assumed to be 2358 // unusable as soon as this operation starts. 2359 // 2360 // In the event of the operation failing, the cluster will enter the [ERROR 2361 // state][Cluster.Status.ERROR] and the deletion will be automatically 2362 // retried until completed. 2363 DELETE_CLUSTER = 2; 2364 2365 // The [cluster 2366 // version][google.container.v1.ClusterUpdate.desired_master_version] is 2367 // being updated. Note that this includes "upgrades" to the same version, 2368 // which are simply a recreation. This also includes 2369 // [auto-upgrades](https://cloud.google.com/kubernetes-engine/docs/concepts/cluster-upgrades#upgrading_automatically). 2370 // For more details, see [documentation on cluster 2371 // upgrades](https://cloud.google.com/kubernetes-engine/docs/concepts/cluster-upgrades#cluster_upgrades). 2372 UPGRADE_MASTER = 3; 2373 2374 // A node pool is being updated. Despite calling this an "upgrade", this 2375 // includes most forms of updates to node pools. This also includes 2376 // [auto-upgrades](https://cloud.google.com/kubernetes-engine/docs/how-to/node-auto-upgrades). 2377 // 2378 // This operation sets the 2379 // [progress][google.container.v1.Operation.progress] field and may be 2380 // [canceled][google.container.v1.ClusterManager.CancelOperation]. 2381 // 2382 // The upgrade strategy depends on [node pool 2383 // configuration](https://cloud.google.com/kubernetes-engine/docs/concepts/node-pool-upgrade-strategies). 2384 // The nodes are generally still usable during this operation. 2385 UPGRADE_NODES = 4; 2386 2387 // A problem has been detected with the control plane and is being repaired. 2388 // This operation type is initiated by GKE. For more details, see 2389 // [documentation on 2390 // repairs](https://cloud.google.com/kubernetes-engine/docs/concepts/maintenance-windows-and-exclusions#repairs). 2391 REPAIR_CLUSTER = 5; 2392 2393 // The cluster is being updated. This is a broad category of operations and 2394 // includes operations that only change metadata as well as those that must 2395 // recreate the entire cluster. If the control plane must be recreated, this 2396 // will cause temporary downtime for zonal clusters. 2397 // 2398 // Some features require recreating the nodes as well. Those will be 2399 // recreated as separate operations and the update may not be completely 2400 // functional until the node pools recreations finish. Node recreations will 2401 // generally follow [maintenance 2402 // policies](https://cloud.google.com/kubernetes-engine/docs/concepts/maintenance-windows-and-exclusions). 2403 // 2404 // Some GKE-initiated operations use this type. This includes certain types 2405 // of auto-upgrades and incident mitigations. 2406 UPDATE_CLUSTER = 6; 2407 2408 // A node pool is being created. The node pool should be assumed to be 2409 // unusable until this operation finishes. In the event of an error, the 2410 // node pool may be partially created. 2411 // 2412 // If enabled, [node 2413 // autoprovisioning](https://cloud.google.com/kubernetes-engine/docs/how-to/node-auto-provisioning) 2414 // may have automatically initiated such operations. 2415 CREATE_NODE_POOL = 7; 2416 2417 // The node pool is being deleted. The node pool should be assumed to be 2418 // unusable as soon as this operation starts. 2419 DELETE_NODE_POOL = 8; 2420 2421 // The node pool's [manamagent][google.container.v1.NodePool.management] 2422 // field is being updated. These operations only update metadata and may be 2423 // concurrent with most other operations. 2424 SET_NODE_POOL_MANAGEMENT = 9; 2425 2426 // A problem has been detected with nodes and [they are being 2427 // repaired](https://cloud.google.com/kubernetes-engine/docs/how-to/node-auto-repair). 2428 // This operation type is initiated by GKE, typically automatically. This 2429 // operation may be concurrent with other operations and there may be 2430 // multiple repairs occurring on the same node pool. 2431 AUTO_REPAIR_NODES = 10; 2432 2433 // Unused. Automatic node upgrade uses 2434 // [UPGRADE_NODES][google.container.v1.Operation.Type.UPGRADE_NODES]. 2435 AUTO_UPGRADE_NODES = 11 [deprecated = true]; 2436 2437 // Unused. Updating labels uses 2438 // [UPDATE_CLUSTER][google.container.v1.Operation.Type.UPDATE_CLUSTER]. 2439 SET_LABELS = 12 [deprecated = true]; 2440 2441 // Unused. Updating master auth uses 2442 // [UPDATE_CLUSTER][google.container.v1.Operation.Type.UPDATE_CLUSTER]. 2443 SET_MASTER_AUTH = 13 [deprecated = true]; 2444 2445 // The node pool is being resized. With the exception of resizing to or from 2446 // size zero, the node pool is generally usable during this operation. 2447 SET_NODE_POOL_SIZE = 14; 2448 2449 // Unused. Updating network policy uses 2450 // [UPDATE_CLUSTER][google.container.v1.Operation.Type.UPDATE_CLUSTER]. 2451 SET_NETWORK_POLICY = 15 [deprecated = true]; 2452 2453 // Unused. Updating maintenance policy uses 2454 // [UPDATE_CLUSTER][google.container.v1.Operation.Type.UPDATE_CLUSTER]. 2455 SET_MAINTENANCE_POLICY = 16 [deprecated = true]; 2456 2457 // The control plane is being resized. This operation type is initiated by 2458 // GKE. These operations are often performed preemptively to ensure that the 2459 // control plane has sufficient resources and is not typically an indication 2460 // of issues. For more details, see 2461 // [documentation on 2462 // resizes](https://cloud.google.com/kubernetes-engine/docs/concepts/maintenance-windows-and-exclusions#repairs). 2463 RESIZE_CLUSTER = 18; 2464 2465 // Fleet features of GKE Enterprise are being upgraded. The cluster should 2466 // be assumed to be blocked for other upgrades until the operation finishes. 2467 FLEET_FEATURE_UPGRADE = 19; 2468 } 2469 2470 // The server-assigned ID for the operation. 2471 string name = 1; 2472 2473 // The name of the Google Compute Engine 2474 // [zone](https://cloud.google.com/compute/docs/zones#available) in which the 2475 // operation is taking place. This field is deprecated, use location instead. 2476 string zone = 2 [deprecated = true]; 2477 2478 // The operation type. 2479 Type operation_type = 3; 2480 2481 // The current status of the operation. 2482 Status status = 4; 2483 2484 // Detailed operation progress, if available. 2485 string detail = 8; 2486 2487 // Output only. If an error has occurred, a textual description of the error. 2488 // Deprecated. Use the field error instead. 2489 string status_message = 5 2490 [deprecated = true, (google.api.field_behavior) = OUTPUT_ONLY]; 2491 2492 // Server-defined URI for the operation. Example: 2493 // `https://container.googleapis.com/v1alpha1/projects/123/locations/us-central1/operations/operation-123`. 2494 string self_link = 6; 2495 2496 // Server-defined URI for the target of the operation. The format of this is a 2497 // URI to the resource being modified (such as a cluster, node pool, or node). 2498 // For node pool repairs, there may be multiple nodes being repaired, but only 2499 // one will be the target. 2500 // 2501 // Examples: 2502 // 2503 // - 2504 // ## 2505 // `https://container.googleapis.com/v1/projects/123/locations/us-central1/clusters/my-cluster` 2506 // 2507 // ## 2508 // `https://container.googleapis.com/v1/projects/123/zones/us-central1-c/clusters/my-cluster/nodePools/my-np` 2509 // 2510 // `https://container.googleapis.com/v1/projects/123/zones/us-central1-c/clusters/my-cluster/nodePools/my-np/node/my-node` 2511 string target_link = 7; 2512 2513 // [Output only] The name of the Google Compute Engine 2514 // [zone](https://cloud.google.com/compute/docs/regions-zones/regions-zones#available) 2515 // or 2516 // [region](https://cloud.google.com/compute/docs/regions-zones/regions-zones#available) 2517 // in which the cluster resides. 2518 string location = 9; 2519 2520 // [Output only] The time the operation started, in 2521 // [RFC3339](https://www.ietf.org/rfc/rfc3339.txt) text format. 2522 string start_time = 10; 2523 2524 // [Output only] The time the operation completed, in 2525 // [RFC3339](https://www.ietf.org/rfc/rfc3339.txt) text format. 2526 string end_time = 11; 2527 2528 // Output only. [Output only] Progress information for an operation. 2529 OperationProgress progress = 12 [(google.api.field_behavior) = OUTPUT_ONLY]; 2530 2531 // Which conditions caused the current cluster state. 2532 // Deprecated. Use field error instead. 2533 repeated StatusCondition cluster_conditions = 13 [deprecated = true]; 2534 2535 // Which conditions caused the current node pool state. 2536 // Deprecated. Use field error instead. 2537 repeated StatusCondition nodepool_conditions = 14 [deprecated = true]; 2538 2539 // The error result of the operation in case of failure. 2540 google.rpc.Status error = 15; 2541} 2542 2543// Information about operation (or operation stage) progress. 2544message OperationProgress { 2545 // Progress metric is (string, int|float|string) pair. 2546 message Metric { 2547 // Required. Metric name, e.g., "nodes total", "percent done". 2548 string name = 1 [(google.api.field_behavior) = REQUIRED]; 2549 2550 // Strictly one of the values is required. 2551 oneof value { 2552 // For metrics with integer value. 2553 int64 int_value = 2; 2554 2555 // For metrics with floating point value. 2556 double double_value = 3; 2557 2558 // For metrics with custom values (ratios, visual progress, etc.). 2559 string string_value = 4; 2560 } 2561 } 2562 2563 // A non-parameterized string describing an operation stage. 2564 // Unset for single-stage operations. 2565 string name = 1; 2566 2567 // Status of an operation stage. 2568 // Unset for single-stage operations. 2569 Operation.Status status = 2; 2570 2571 // Progress metric bundle, for example: 2572 // metrics: [{name: "nodes done", int_value: 15}, 2573 // {name: "nodes total", int_value: 32}] 2574 // or 2575 // metrics: [{name: "progress", double_value: 0.56}, 2576 // {name: "progress scale", double_value: 1.0}] 2577 repeated Metric metrics = 3; 2578 2579 // Substages of an operation or a stage. 2580 repeated OperationProgress stages = 4; 2581} 2582 2583// CreateClusterRequest creates a cluster. 2584message CreateClusterRequest { 2585 // Deprecated. The Google Developers Console [project ID or project 2586 // number](https://cloud.google.com/resource-manager/docs/creating-managing-projects). 2587 // This field has been deprecated and replaced by the parent field. 2588 string project_id = 1 [deprecated = true]; 2589 2590 // Deprecated. The name of the Google Compute Engine 2591 // [zone](https://cloud.google.com/compute/docs/zones#available) in which the 2592 // cluster resides. This field has been deprecated and replaced by the parent 2593 // field. 2594 string zone = 2 [deprecated = true]; 2595 2596 // Required. A [cluster 2597 // resource](https://cloud.google.com/container-engine/reference/rest/v1/projects.locations.clusters) 2598 Cluster cluster = 3 [(google.api.field_behavior) = REQUIRED]; 2599 2600 // The parent (project and location) where the cluster will be created. 2601 // Specified in the format `projects/*/locations/*`. 2602 string parent = 5; 2603} 2604 2605// GetClusterRequest gets the settings of a cluster. 2606message GetClusterRequest { 2607 // Deprecated. The Google Developers Console [project ID or project 2608 // number](https://cloud.google.com/resource-manager/docs/creating-managing-projects). 2609 // This field has been deprecated and replaced by the name field. 2610 string project_id = 1 [deprecated = true]; 2611 2612 // Deprecated. The name of the Google Compute Engine 2613 // [zone](https://cloud.google.com/compute/docs/zones#available) in which the 2614 // cluster resides. This field has been deprecated and replaced by the name 2615 // field. 2616 string zone = 2 [deprecated = true]; 2617 2618 // Deprecated. The name of the cluster to retrieve. 2619 // This field has been deprecated and replaced by the name field. 2620 string cluster_id = 3 [deprecated = true]; 2621 2622 // The name (project, location, cluster) of the cluster to retrieve. 2623 // Specified in the format `projects/*/locations/*/clusters/*`. 2624 string name = 5; 2625} 2626 2627// UpdateClusterRequest updates the settings of a cluster. 2628message UpdateClusterRequest { 2629 // Deprecated. The Google Developers Console [project ID or project 2630 // number](https://cloud.google.com/resource-manager/docs/creating-managing-projects). 2631 // This field has been deprecated and replaced by the name field. 2632 string project_id = 1 [deprecated = true]; 2633 2634 // Deprecated. The name of the Google Compute Engine 2635 // [zone](https://cloud.google.com/compute/docs/zones#available) in which the 2636 // cluster resides. This field has been deprecated and replaced by the name 2637 // field. 2638 string zone = 2 [deprecated = true]; 2639 2640 // Deprecated. The name of the cluster to upgrade. 2641 // This field has been deprecated and replaced by the name field. 2642 string cluster_id = 3 [deprecated = true]; 2643 2644 // Required. A description of the update. 2645 ClusterUpdate update = 4 [(google.api.field_behavior) = REQUIRED]; 2646 2647 // The name (project, location, cluster) of the cluster to update. 2648 // Specified in the format `projects/*/locations/*/clusters/*`. 2649 string name = 5; 2650} 2651 2652// UpdateNodePoolRequests update a node pool's image and/or version. 2653message UpdateNodePoolRequest { 2654 // Deprecated. The Google Developers Console [project ID or project 2655 // number](https://cloud.google.com/resource-manager/docs/creating-managing-projects). 2656 // This field has been deprecated and replaced by the name field. 2657 string project_id = 1 [deprecated = true]; 2658 2659 // Deprecated. The name of the Google Compute Engine 2660 // [zone](https://cloud.google.com/compute/docs/zones#available) in which the 2661 // cluster resides. This field has been deprecated and replaced by the name 2662 // field. 2663 string zone = 2 [deprecated = true]; 2664 2665 // Deprecated. The name of the cluster to upgrade. 2666 // This field has been deprecated and replaced by the name field. 2667 string cluster_id = 3 [deprecated = true]; 2668 2669 // Deprecated. The name of the node pool to upgrade. 2670 // This field has been deprecated and replaced by the name field. 2671 string node_pool_id = 4 [deprecated = true]; 2672 2673 // Required. The Kubernetes version to change the nodes to (typically an 2674 // upgrade). 2675 // 2676 // Users may specify either explicit versions offered by Kubernetes Engine or 2677 // version aliases, which have the following behavior: 2678 // 2679 // - "latest": picks the highest valid Kubernetes version 2680 // - "1.X": picks the highest valid patch+gke.N patch in the 1.X version 2681 // - "1.X.Y": picks the highest valid gke.N patch in the 1.X.Y version 2682 // - "1.X.Y-gke.N": picks an explicit Kubernetes version 2683 // - "-": picks the Kubernetes master version 2684 string node_version = 5 [(google.api.field_behavior) = REQUIRED]; 2685 2686 // Required. The desired image type for the node pool. Please see 2687 // https://cloud.google.com/kubernetes-engine/docs/concepts/node-images for 2688 // available image types. 2689 string image_type = 6 [(google.api.field_behavior) = REQUIRED]; 2690 2691 // The name (project, location, cluster, node pool) of the node pool to 2692 // update. Specified in the format 2693 // `projects/*/locations/*/clusters/*/nodePools/*`. 2694 string name = 8; 2695 2696 // The desired list of Google Compute Engine 2697 // [zones](https://cloud.google.com/compute/docs/zones#available) in which the 2698 // node pool's nodes should be located. Changing the locations for a node pool 2699 // will result in nodes being either created or removed from the node pool, 2700 // depending on whether locations are being added or removed. 2701 repeated string locations = 13; 2702 2703 // The desired workload metadata config for the node pool. 2704 WorkloadMetadataConfig workload_metadata_config = 14; 2705 2706 // Upgrade settings control disruption and speed of the upgrade. 2707 NodePool.UpgradeSettings upgrade_settings = 15; 2708 2709 // The desired network tags to be applied to all nodes in the node pool. 2710 // If this field is not present, the tags will not be changed. Otherwise, 2711 // the existing network tags will be *replaced* with the provided tags. 2712 NetworkTags tags = 16; 2713 2714 // The desired node taints to be applied to all nodes in the node pool. 2715 // If this field is not present, the taints will not be changed. Otherwise, 2716 // the existing node taints will be *replaced* with the provided taints. 2717 NodeTaints taints = 17; 2718 2719 // The desired node labels to be applied to all nodes in the node pool. 2720 // If this field is not present, the labels will not be changed. Otherwise, 2721 // the existing node labels will be *replaced* with the provided labels. 2722 NodeLabels labels = 18; 2723 2724 // Parameters that can be configured on Linux nodes. 2725 LinuxNodeConfig linux_node_config = 19; 2726 2727 // Node kubelet configs. 2728 NodeKubeletConfig kubelet_config = 20; 2729 2730 // Node network config. 2731 NodeNetworkConfig node_network_config = 21; 2732 2733 // GCFS config. 2734 GcfsConfig gcfs_config = 22; 2735 2736 // Confidential nodes config. 2737 // All the nodes in the node pool will be Confidential VM once enabled. 2738 ConfidentialNodes confidential_nodes = 23; 2739 2740 // Enable or disable gvnic on the node pool. 2741 VirtualNIC gvnic = 29; 2742 2743 // The current etag of the node pool. 2744 // If an etag is provided and does not match the current etag of the node 2745 // pool, update will be blocked and an ABORTED error will be returned. 2746 string etag = 30; 2747 2748 // Enable or disable NCCL fast socket for the node pool. 2749 FastSocket fast_socket = 31; 2750 2751 // Logging configuration. 2752 NodePoolLoggingConfig logging_config = 32; 2753 2754 // The resource labels for the node pool to use to annotate any related 2755 // Google Compute Engine resources. 2756 ResourceLabels resource_labels = 33; 2757 2758 // Parameters that can be configured on Windows nodes. 2759 WindowsNodeConfig windows_node_config = 34; 2760 2761 // Optional. The desired [Google Compute Engine machine 2762 // type](https://cloud.google.com/compute/docs/machine-types) for nodes in the 2763 // node pool. Initiates an upgrade operation that migrates the nodes in the 2764 // node pool to the specified machine type. 2765 string machine_type = 36 [(google.api.field_behavior) = OPTIONAL]; 2766 2767 // Optional. The desired disk type (e.g. 'pd-standard', 'pd-ssd' or 2768 // 'pd-balanced') for nodes in the node pool. 2769 // Initiates an upgrade operation that migrates the nodes in the 2770 // node pool to the specified disk type. 2771 string disk_type = 37 [(google.api.field_behavior) = OPTIONAL]; 2772 2773 // Optional. The desired disk size for nodes in the node pool specified in GB. 2774 // The smallest allowed disk size is 10GB. 2775 // Initiates an upgrade operation that migrates the nodes in the 2776 // node pool to the specified disk size. 2777 int64 disk_size_gb = 38 [(google.api.field_behavior) = OPTIONAL]; 2778 2779 // Desired resource manager tag keys and values to be attached to the nodes 2780 // for managing Compute Engine firewalls using Network Firewall Policies. 2781 // Existing tags will be replaced with new values. 2782 ResourceManagerTags resource_manager_tags = 39; 2783 2784 // Specifies the configuration of queued provisioning. 2785 NodePool.QueuedProvisioning queued_provisioning = 42; 2786} 2787 2788// SetNodePoolAutoscalingRequest sets the autoscaler settings of a node pool. 2789message SetNodePoolAutoscalingRequest { 2790 // Deprecated. The Google Developers Console [project ID or project 2791 // number](https://cloud.google.com/resource-manager/docs/creating-managing-projects). 2792 // This field has been deprecated and replaced by the name field. 2793 string project_id = 1 [deprecated = true]; 2794 2795 // Deprecated. The name of the Google Compute Engine 2796 // [zone](https://cloud.google.com/compute/docs/zones#available) in which the 2797 // cluster resides. This field has been deprecated and replaced by the name 2798 // field. 2799 string zone = 2 [deprecated = true]; 2800 2801 // Deprecated. The name of the cluster to upgrade. 2802 // This field has been deprecated and replaced by the name field. 2803 string cluster_id = 3 [deprecated = true]; 2804 2805 // Deprecated. The name of the node pool to upgrade. 2806 // This field has been deprecated and replaced by the name field. 2807 string node_pool_id = 4 [deprecated = true]; 2808 2809 // Required. Autoscaling configuration for the node pool. 2810 NodePoolAutoscaling autoscaling = 5 [(google.api.field_behavior) = REQUIRED]; 2811 2812 // The name (project, location, cluster, node pool) of the node pool to set 2813 // autoscaler settings. Specified in the format 2814 // `projects/*/locations/*/clusters/*/nodePools/*`. 2815 string name = 6; 2816} 2817 2818// SetLoggingServiceRequest sets the logging service of a cluster. 2819message SetLoggingServiceRequest { 2820 // Deprecated. The Google Developers Console [project ID or project 2821 // number](https://cloud.google.com/resource-manager/docs/creating-managing-projects). 2822 // This field has been deprecated and replaced by the name field. 2823 string project_id = 1 [deprecated = true]; 2824 2825 // Deprecated. The name of the Google Compute Engine 2826 // [zone](https://cloud.google.com/compute/docs/zones#available) in which the 2827 // cluster resides. This field has been deprecated and replaced by the name 2828 // field. 2829 string zone = 2 [deprecated = true]; 2830 2831 // Deprecated. The name of the cluster to upgrade. 2832 // This field has been deprecated and replaced by the name field. 2833 string cluster_id = 3 [deprecated = true]; 2834 2835 // Required. The logging service the cluster should use to write logs. 2836 // Currently available options: 2837 // 2838 // * `logging.googleapis.com/kubernetes` - The Cloud Logging 2839 // service with a Kubernetes-native resource model 2840 // * `logging.googleapis.com` - The legacy Cloud Logging service (no longer 2841 // available as of GKE 1.15). 2842 // * `none` - no logs will be exported from the cluster. 2843 // 2844 // If left as an empty string,`logging.googleapis.com/kubernetes` will be 2845 // used for GKE 1.14+ or `logging.googleapis.com` for earlier versions. 2846 string logging_service = 4 [(google.api.field_behavior) = REQUIRED]; 2847 2848 // The name (project, location, cluster) of the cluster to set logging. 2849 // Specified in the format `projects/*/locations/*/clusters/*`. 2850 string name = 5; 2851} 2852 2853// SetMonitoringServiceRequest sets the monitoring service of a cluster. 2854message SetMonitoringServiceRequest { 2855 // Deprecated. The Google Developers Console [project ID or project 2856 // number](https://cloud.google.com/resource-manager/docs/creating-managing-projects). 2857 // This field has been deprecated and replaced by the name field. 2858 string project_id = 1 [deprecated = true]; 2859 2860 // Deprecated. The name of the Google Compute Engine 2861 // [zone](https://cloud.google.com/compute/docs/zones#available) in which the 2862 // cluster resides. This field has been deprecated and replaced by the name 2863 // field. 2864 string zone = 2 [deprecated = true]; 2865 2866 // Deprecated. The name of the cluster to upgrade. 2867 // This field has been deprecated and replaced by the name field. 2868 string cluster_id = 3 [deprecated = true]; 2869 2870 // Required. The monitoring service the cluster should use to write metrics. 2871 // Currently available options: 2872 // 2873 // * "monitoring.googleapis.com/kubernetes" - The Cloud Monitoring 2874 // service with a Kubernetes-native resource model 2875 // * `monitoring.googleapis.com` - The legacy Cloud Monitoring service (no 2876 // longer available as of GKE 1.15). 2877 // * `none` - No metrics will be exported from the cluster. 2878 // 2879 // If left as an empty string,`monitoring.googleapis.com/kubernetes` will be 2880 // used for GKE 1.14+ or `monitoring.googleapis.com` for earlier versions. 2881 string monitoring_service = 4 [(google.api.field_behavior) = REQUIRED]; 2882 2883 // The name (project, location, cluster) of the cluster to set monitoring. 2884 // Specified in the format `projects/*/locations/*/clusters/*`. 2885 string name = 6; 2886} 2887 2888// SetAddonsConfigRequest sets the addons associated with the cluster. 2889message SetAddonsConfigRequest { 2890 // Deprecated. The Google Developers Console [project ID or project 2891 // number](https://cloud.google.com/resource-manager/docs/creating-managing-projects). 2892 // This field has been deprecated and replaced by the name field. 2893 string project_id = 1 [deprecated = true]; 2894 2895 // Deprecated. The name of the Google Compute Engine 2896 // [zone](https://cloud.google.com/compute/docs/zones#available) in which the 2897 // cluster resides. This field has been deprecated and replaced by the name 2898 // field. 2899 string zone = 2 [deprecated = true]; 2900 2901 // Deprecated. The name of the cluster to upgrade. 2902 // This field has been deprecated and replaced by the name field. 2903 string cluster_id = 3 [deprecated = true]; 2904 2905 // Required. The desired configurations for the various addons available to 2906 // run in the cluster. 2907 AddonsConfig addons_config = 4 [(google.api.field_behavior) = REQUIRED]; 2908 2909 // The name (project, location, cluster) of the cluster to set addons. 2910 // Specified in the format `projects/*/locations/*/clusters/*`. 2911 string name = 6; 2912} 2913 2914// SetLocationsRequest sets the locations of the cluster. 2915message SetLocationsRequest { 2916 // Deprecated. The Google Developers Console [project ID or project 2917 // number](https://cloud.google.com/resource-manager/docs/creating-managing-projects). 2918 // This field has been deprecated and replaced by the name field. 2919 string project_id = 1 [deprecated = true]; 2920 2921 // Deprecated. The name of the Google Compute Engine 2922 // [zone](https://cloud.google.com/compute/docs/zones#available) in which the 2923 // cluster resides. This field has been deprecated and replaced by the name 2924 // field. 2925 string zone = 2 [deprecated = true]; 2926 2927 // Deprecated. The name of the cluster to upgrade. 2928 // This field has been deprecated and replaced by the name field. 2929 string cluster_id = 3 [deprecated = true]; 2930 2931 // Required. The desired list of Google Compute Engine 2932 // [zones](https://cloud.google.com/compute/docs/zones#available) in which the 2933 // cluster's nodes should be located. Changing the locations a cluster is in 2934 // will result in nodes being either created or removed from the cluster, 2935 // depending on whether locations are being added or removed. 2936 // 2937 // This list must always include the cluster's primary zone. 2938 repeated string locations = 4 [(google.api.field_behavior) = REQUIRED]; 2939 2940 // The name (project, location, cluster) of the cluster to set locations. 2941 // Specified in the format `projects/*/locations/*/clusters/*`. 2942 string name = 6; 2943} 2944 2945// UpdateMasterRequest updates the master of the cluster. 2946message UpdateMasterRequest { 2947 // Deprecated. The Google Developers Console [project ID or project 2948 // number](https://cloud.google.com/resource-manager/docs/creating-managing-projects). 2949 // This field has been deprecated and replaced by the name field. 2950 string project_id = 1 [deprecated = true]; 2951 2952 // Deprecated. The name of the Google Compute Engine 2953 // [zone](https://cloud.google.com/compute/docs/zones#available) in which the 2954 // cluster resides. This field has been deprecated and replaced by the name 2955 // field. 2956 string zone = 2 [deprecated = true]; 2957 2958 // Deprecated. The name of the cluster to upgrade. 2959 // This field has been deprecated and replaced by the name field. 2960 string cluster_id = 3 [deprecated = true]; 2961 2962 // Required. The Kubernetes version to change the master to. 2963 // 2964 // Users may specify either explicit versions offered by Kubernetes Engine or 2965 // version aliases, which have the following behavior: 2966 // 2967 // - "latest": picks the highest valid Kubernetes version 2968 // - "1.X": picks the highest valid patch+gke.N patch in the 1.X version 2969 // - "1.X.Y": picks the highest valid gke.N patch in the 1.X.Y version 2970 // - "1.X.Y-gke.N": picks an explicit Kubernetes version 2971 // - "-": picks the default Kubernetes version 2972 string master_version = 4 [(google.api.field_behavior) = REQUIRED]; 2973 2974 // The name (project, location, cluster) of the cluster to update. 2975 // Specified in the format `projects/*/locations/*/clusters/*`. 2976 string name = 7; 2977} 2978 2979// SetMasterAuthRequest updates the admin password of a cluster. 2980message SetMasterAuthRequest { 2981 // Operation type: what type update to perform. 2982 enum Action { 2983 // Operation is unknown and will error out. 2984 UNKNOWN = 0; 2985 2986 // Set the password to a user generated value. 2987 SET_PASSWORD = 1; 2988 2989 // Generate a new password and set it to that. 2990 GENERATE_PASSWORD = 2; 2991 2992 // Set the username. If an empty username is provided, basic authentication 2993 // is disabled for the cluster. If a non-empty username is provided, basic 2994 // authentication is enabled, with either a provided password or a generated 2995 // one. 2996 SET_USERNAME = 3; 2997 } 2998 2999 // Deprecated. The Google Developers Console [project ID or project 3000 // number](https://cloud.google.com/resource-manager/docs/creating-managing-projects). 3001 // This field has been deprecated and replaced by the name field. 3002 string project_id = 1 [deprecated = true]; 3003 3004 // Deprecated. The name of the Google Compute Engine 3005 // [zone](https://cloud.google.com/compute/docs/zones#available) in which the 3006 // cluster resides. This field has been deprecated and replaced by the name 3007 // field. 3008 string zone = 2 [deprecated = true]; 3009 3010 // Deprecated. The name of the cluster to upgrade. 3011 // This field has been deprecated and replaced by the name field. 3012 string cluster_id = 3 [deprecated = true]; 3013 3014 // Required. The exact form of action to be taken on the master auth. 3015 Action action = 4 [(google.api.field_behavior) = REQUIRED]; 3016 3017 // Required. A description of the update. 3018 MasterAuth update = 5 [(google.api.field_behavior) = REQUIRED]; 3019 3020 // The name (project, location, cluster) of the cluster to set auth. 3021 // Specified in the format `projects/*/locations/*/clusters/*`. 3022 string name = 7; 3023} 3024 3025// DeleteClusterRequest deletes a cluster. 3026message DeleteClusterRequest { 3027 // Deprecated. The Google Developers Console [project ID or project 3028 // number](https://cloud.google.com/resource-manager/docs/creating-managing-projects). 3029 // This field has been deprecated and replaced by the name field. 3030 string project_id = 1 [deprecated = true]; 3031 3032 // Deprecated. The name of the Google Compute Engine 3033 // [zone](https://cloud.google.com/compute/docs/zones#available) in which the 3034 // cluster resides. This field has been deprecated and replaced by the name 3035 // field. 3036 string zone = 2 [deprecated = true]; 3037 3038 // Deprecated. The name of the cluster to delete. 3039 // This field has been deprecated and replaced by the name field. 3040 string cluster_id = 3 [deprecated = true]; 3041 3042 // The name (project, location, cluster) of the cluster to delete. 3043 // Specified in the format `projects/*/locations/*/clusters/*`. 3044 string name = 4; 3045} 3046 3047// ListClustersRequest lists clusters. 3048message ListClustersRequest { 3049 // Deprecated. The Google Developers Console [project ID or project 3050 // number](https://cloud.google.com/resource-manager/docs/creating-managing-projects). 3051 // This field has been deprecated and replaced by the parent field. 3052 string project_id = 1 [deprecated = true]; 3053 3054 // Deprecated. The name of the Google Compute Engine 3055 // [zone](https://cloud.google.com/compute/docs/zones#available) in which the 3056 // cluster resides, or "-" for all zones. This field has been deprecated and 3057 // replaced by the parent field. 3058 string zone = 2 [deprecated = true]; 3059 3060 // The parent (project and location) where the clusters will be listed. 3061 // Specified in the format `projects/*/locations/*`. 3062 // Location "-" matches all zones and all regions. 3063 string parent = 4; 3064} 3065 3066// ListClustersResponse is the result of ListClustersRequest. 3067message ListClustersResponse { 3068 // A list of clusters in the project in the specified zone, or 3069 // across all ones. 3070 repeated Cluster clusters = 1; 3071 3072 // If any zones are listed here, the list of clusters returned 3073 // may be missing those zones. 3074 repeated string missing_zones = 2; 3075} 3076 3077// GetOperationRequest gets a single operation. 3078message GetOperationRequest { 3079 // Deprecated. The Google Developers Console [project ID or project 3080 // number](https://cloud.google.com/resource-manager/docs/creating-managing-projects). 3081 // This field has been deprecated and replaced by the name field. 3082 string project_id = 1 [deprecated = true]; 3083 3084 // Deprecated. The name of the Google Compute Engine 3085 // [zone](https://cloud.google.com/compute/docs/zones#available) in which the 3086 // cluster resides. This field has been deprecated and replaced by the name 3087 // field. 3088 string zone = 2 [deprecated = true]; 3089 3090 // Deprecated. The server-assigned `name` of the operation. 3091 // This field has been deprecated and replaced by the name field. 3092 string operation_id = 3 [deprecated = true]; 3093 3094 // The name (project, location, operation id) of the operation to get. 3095 // Specified in the format `projects/*/locations/*/operations/*`. 3096 string name = 5; 3097} 3098 3099// ListOperationsRequest lists operations. 3100message ListOperationsRequest { 3101 // Deprecated. The Google Developers Console [project ID or project 3102 // number](https://cloud.google.com/resource-manager/docs/creating-managing-projects). 3103 // This field has been deprecated and replaced by the parent field. 3104 string project_id = 1 [deprecated = true]; 3105 3106 // Deprecated. The name of the Google Compute Engine 3107 // [zone](https://cloud.google.com/compute/docs/zones#available) to return 3108 // operations for, or `-` for all zones. This field has been deprecated and 3109 // replaced by the parent field. 3110 string zone = 2 [deprecated = true]; 3111 3112 // The parent (project and location) where the operations will be listed. 3113 // Specified in the format `projects/*/locations/*`. 3114 // Location "-" matches all zones and all regions. 3115 string parent = 4; 3116} 3117 3118// CancelOperationRequest cancels a single operation. 3119message CancelOperationRequest { 3120 // Deprecated. The Google Developers Console [project ID or project 3121 // number](https://cloud.google.com/resource-manager/docs/creating-managing-projects). 3122 // This field has been deprecated and replaced by the name field. 3123 string project_id = 1 [deprecated = true]; 3124 3125 // Deprecated. The name of the Google Compute Engine 3126 // [zone](https://cloud.google.com/compute/docs/zones#available) in which the 3127 // operation resides. This field has been deprecated and replaced by the name 3128 // field. 3129 string zone = 2 [deprecated = true]; 3130 3131 // Deprecated. The server-assigned `name` of the operation. 3132 // This field has been deprecated and replaced by the name field. 3133 string operation_id = 3 [deprecated = true]; 3134 3135 // The name (project, location, operation id) of the operation to cancel. 3136 // Specified in the format `projects/*/locations/*/operations/*`. 3137 string name = 4; 3138} 3139 3140// ListOperationsResponse is the result of ListOperationsRequest. 3141message ListOperationsResponse { 3142 // A list of operations in the project in the specified zone. 3143 repeated Operation operations = 1; 3144 3145 // If any zones are listed here, the list of operations returned 3146 // may be missing the operations from those zones. 3147 repeated string missing_zones = 2; 3148} 3149 3150// Gets the current Kubernetes Engine service configuration. 3151message GetServerConfigRequest { 3152 // Deprecated. The Google Developers Console [project ID or project 3153 // number](https://cloud.google.com/resource-manager/docs/creating-managing-projects). 3154 // This field has been deprecated and replaced by the name field. 3155 string project_id = 1 [deprecated = true]; 3156 3157 // Deprecated. The name of the Google Compute Engine 3158 // [zone](https://cloud.google.com/compute/docs/zones#available) to return 3159 // operations for. This field has been deprecated and replaced by the name 3160 // field. 3161 string zone = 2 [deprecated = true]; 3162 3163 // The name (project and location) of the server config to get, 3164 // specified in the format `projects/*/locations/*`. 3165 string name = 4; 3166} 3167 3168// Kubernetes Engine service configuration. 3169message ServerConfig { 3170 // ReleaseChannelConfig exposes configuration for a release channel. 3171 message ReleaseChannelConfig { 3172 // The release channel this configuration applies to. 3173 ReleaseChannel.Channel channel = 1; 3174 3175 // The default version for newly created clusters on the channel. 3176 string default_version = 2; 3177 3178 // List of valid versions for the channel. 3179 repeated string valid_versions = 4; 3180 } 3181 3182 // Version of Kubernetes the service deploys by default. 3183 string default_cluster_version = 1; 3184 3185 // List of valid node upgrade target versions, in descending order. 3186 repeated string valid_node_versions = 3; 3187 3188 // Default image type. 3189 string default_image_type = 4; 3190 3191 // List of valid image types. 3192 repeated string valid_image_types = 5; 3193 3194 // List of valid master versions, in descending order. 3195 repeated string valid_master_versions = 6; 3196 3197 // List of release channel configurations. 3198 repeated ReleaseChannelConfig channels = 9; 3199} 3200 3201// CreateNodePoolRequest creates a node pool for a cluster. 3202message CreateNodePoolRequest { 3203 // Deprecated. The Google Developers Console [project ID or project 3204 // number](https://cloud.google.com/resource-manager/docs/creating-managing-projects). 3205 // This field has been deprecated and replaced by the parent field. 3206 string project_id = 1 [deprecated = true]; 3207 3208 // Deprecated. The name of the Google Compute Engine 3209 // [zone](https://cloud.google.com/compute/docs/zones#available) in which the 3210 // cluster resides. This field has been deprecated and replaced by the parent 3211 // field. 3212 string zone = 2 [deprecated = true]; 3213 3214 // Deprecated. The name of the cluster. 3215 // This field has been deprecated and replaced by the parent field. 3216 string cluster_id = 3 [deprecated = true]; 3217 3218 // Required. The node pool to create. 3219 NodePool node_pool = 4 [(google.api.field_behavior) = REQUIRED]; 3220 3221 // The parent (project, location, cluster name) where the node pool will be 3222 // created. Specified in the format 3223 // `projects/*/locations/*/clusters/*`. 3224 string parent = 6; 3225} 3226 3227// DeleteNodePoolRequest deletes a node pool for a cluster. 3228message DeleteNodePoolRequest { 3229 // Deprecated. The Google Developers Console [project ID or project 3230 // number](https://cloud.google.com/resource-manager/docs/creating-managing-projects). 3231 // This field has been deprecated and replaced by the name field. 3232 string project_id = 1 [deprecated = true]; 3233 3234 // Deprecated. The name of the Google Compute Engine 3235 // [zone](https://cloud.google.com/compute/docs/zones#available) in which the 3236 // cluster resides. This field has been deprecated and replaced by the name 3237 // field. 3238 string zone = 2 [deprecated = true]; 3239 3240 // Deprecated. The name of the cluster. 3241 // This field has been deprecated and replaced by the name field. 3242 string cluster_id = 3 [deprecated = true]; 3243 3244 // Deprecated. The name of the node pool to delete. 3245 // This field has been deprecated and replaced by the name field. 3246 string node_pool_id = 4 [deprecated = true]; 3247 3248 // The name (project, location, cluster, node pool id) of the node pool to 3249 // delete. Specified in the format 3250 // `projects/*/locations/*/clusters/*/nodePools/*`. 3251 string name = 6; 3252} 3253 3254// ListNodePoolsRequest lists the node pool(s) for a cluster. 3255message ListNodePoolsRequest { 3256 // Deprecated. The Google Developers Console [project ID or project 3257 // number](https://cloud.google.com/resource-manager/docs/creating-managing-projects). 3258 // This field has been deprecated and replaced by the parent field. 3259 string project_id = 1 [deprecated = true]; 3260 3261 // Deprecated. The name of the Google Compute Engine 3262 // [zone](https://cloud.google.com/compute/docs/zones#available) in which the 3263 // cluster resides. This field has been deprecated and replaced by the parent 3264 // field. 3265 string zone = 2 [deprecated = true]; 3266 3267 // Deprecated. The name of the cluster. 3268 // This field has been deprecated and replaced by the parent field. 3269 string cluster_id = 3 [deprecated = true]; 3270 3271 // The parent (project, location, cluster name) where the node pools will be 3272 // listed. Specified in the format `projects/*/locations/*/clusters/*`. 3273 string parent = 5; 3274} 3275 3276// GetNodePoolRequest retrieves a node pool for a cluster. 3277message GetNodePoolRequest { 3278 // Deprecated. The Google Developers Console [project ID or project 3279 // number](https://cloud.google.com/resource-manager/docs/creating-managing-projects). 3280 // This field has been deprecated and replaced by the name field. 3281 string project_id = 1 [deprecated = true]; 3282 3283 // Deprecated. The name of the Google Compute Engine 3284 // [zone](https://cloud.google.com/compute/docs/zones#available) in which the 3285 // cluster resides. This field has been deprecated and replaced by the name 3286 // field. 3287 string zone = 2 [deprecated = true]; 3288 3289 // Deprecated. The name of the cluster. 3290 // This field has been deprecated and replaced by the name field. 3291 string cluster_id = 3 [deprecated = true]; 3292 3293 // Deprecated. The name of the node pool. 3294 // This field has been deprecated and replaced by the name field. 3295 string node_pool_id = 4 [deprecated = true]; 3296 3297 // The name (project, location, cluster, node pool id) of the node pool to 3298 // get. Specified in the format 3299 // `projects/*/locations/*/clusters/*/nodePools/*`. 3300 string name = 6; 3301} 3302 3303// Settings for blue-green upgrade. 3304message BlueGreenSettings { 3305 // Standard rollout policy is the default policy for blue-green. 3306 message StandardRolloutPolicy { 3307 // Blue pool size to drain in a batch. 3308 oneof update_batch_size { 3309 // Percentage of the blue pool nodes to drain in a batch. 3310 // The range of this field should be (0.0, 1.0]. 3311 float batch_percentage = 1; 3312 3313 // Number of blue nodes to drain in a batch. 3314 int32 batch_node_count = 2; 3315 } 3316 3317 // Soak time after each batch gets drained. Default to zero. 3318 optional google.protobuf.Duration batch_soak_duration = 3; 3319 } 3320 3321 // The rollout policy controls the general rollout progress of blue-green. 3322 oneof rollout_policy { 3323 // Standard policy for the blue-green upgrade. 3324 StandardRolloutPolicy standard_rollout_policy = 1; 3325 } 3326 3327 // Time needed after draining entire blue pool. After this period, blue pool 3328 // will be cleaned up. 3329 optional google.protobuf.Duration node_pool_soak_duration = 2; 3330} 3331 3332// NodePool contains the name and configuration for a cluster's node pool. 3333// Node pools are a set of nodes (i.e. VM's), with a common configuration and 3334// specification, under the control of the cluster master. They may have a set 3335// of Kubernetes labels applied to them, which may be used to reference them 3336// during pod scheduling. They may also be resized up or down, to accommodate 3337// the workload. 3338message NodePool { 3339 // These upgrade settings control the level of parallelism and the level of 3340 // disruption caused by an upgrade. 3341 // 3342 // maxUnavailable controls the number of nodes that can be simultaneously 3343 // unavailable. 3344 // 3345 // maxSurge controls the number of additional nodes that can be added to the 3346 // node pool temporarily for the time of the upgrade to increase the number of 3347 // available nodes. 3348 // 3349 // (maxUnavailable + maxSurge) determines the level of parallelism (how many 3350 // nodes are being upgraded at the same time). 3351 // 3352 // Note: upgrades inevitably introduce some disruption since workloads need to 3353 // be moved from old nodes to new, upgraded ones. Even if maxUnavailable=0, 3354 // this holds true. (Disruption stays within the limits of 3355 // PodDisruptionBudget, if it is configured.) 3356 // 3357 // Consider a hypothetical node pool with 5 nodes having maxSurge=2, 3358 // maxUnavailable=1. This means the upgrade process upgrades 3 nodes 3359 // simultaneously. It creates 2 additional (upgraded) nodes, then it brings 3360 // down 3 old (not yet upgraded) nodes at the same time. This ensures that 3361 // there are always at least 4 nodes available. 3362 // 3363 // These upgrade settings configure the upgrade strategy for the node pool. 3364 // Use strategy to switch between the strategies applied to the node pool. 3365 // 3366 // If the strategy is ROLLING, use max_surge and max_unavailable to control 3367 // the level of parallelism and the level of disruption caused by upgrade. 3368 // 1. maxSurge controls the number of additional nodes that can be added to 3369 // the node pool temporarily for the time of the upgrade to increase the 3370 // number of available nodes. 3371 // 2. maxUnavailable controls the number of nodes that can be simultaneously 3372 // unavailable. 3373 // 3. (maxUnavailable + maxSurge) determines the level of parallelism (how 3374 // many nodes are being upgraded at the same time). 3375 // 3376 // If the strategy is BLUE_GREEN, use blue_green_settings to configure the 3377 // blue-green upgrade related settings. 3378 // 1. standard_rollout_policy is the default policy. The policy is used to 3379 // control the way blue pool gets drained. The draining is executed in the 3380 // batch mode. The batch size could be specified as either percentage of the 3381 // node pool size or the number of nodes. batch_soak_duration is the soak 3382 // time after each batch gets drained. 3383 // 2. node_pool_soak_duration is the soak time after all blue nodes are 3384 // drained. After this period, the blue pool nodes will be deleted. 3385 message UpgradeSettings { 3386 // The maximum number of nodes that can be created beyond the current size 3387 // of the node pool during the upgrade process. 3388 int32 max_surge = 1; 3389 3390 // The maximum number of nodes that can be simultaneously unavailable during 3391 // the upgrade process. A node is considered available if its status is 3392 // Ready. 3393 int32 max_unavailable = 2; 3394 3395 // Update strategy of the node pool. 3396 optional NodePoolUpdateStrategy strategy = 3; 3397 3398 // Settings for blue-green upgrade strategy. 3399 optional BlueGreenSettings blue_green_settings = 4; 3400 } 3401 3402 // UpdateInfo contains resource (instance groups, etc), status and other 3403 // intermediate information relevant to a node pool upgrade. 3404 message UpdateInfo { 3405 // Information relevant to blue-green upgrade. 3406 message BlueGreenInfo { 3407 // Phase represents the different stages blue-green upgrade is running in. 3408 enum Phase { 3409 // Unspecified phase. 3410 PHASE_UNSPECIFIED = 0; 3411 3412 // blue-green upgrade has been initiated. 3413 UPDATE_STARTED = 1; 3414 3415 // Start creating green pool nodes. 3416 CREATING_GREEN_POOL = 2; 3417 3418 // Start cordoning blue pool nodes. 3419 CORDONING_BLUE_POOL = 3; 3420 3421 // Start draining blue pool nodes. 3422 DRAINING_BLUE_POOL = 4; 3423 3424 // Start soaking time after draining entire blue pool. 3425 NODE_POOL_SOAKING = 5; 3426 3427 // Start deleting blue nodes. 3428 DELETING_BLUE_POOL = 6; 3429 3430 // Rollback has been initiated. 3431 ROLLBACK_STARTED = 7; 3432 } 3433 3434 // Current blue-green upgrade phase. 3435 Phase phase = 1; 3436 3437 // The resource URLs of the [managed instance groups] 3438 // (/compute/docs/instance-groups/creating-groups-of-managed-instances) 3439 // associated with blue pool. 3440 repeated string blue_instance_group_urls = 2; 3441 3442 // The resource URLs of the [managed instance groups] 3443 // (/compute/docs/instance-groups/creating-groups-of-managed-instances) 3444 // associated with green pool. 3445 repeated string green_instance_group_urls = 3; 3446 3447 // Time to start deleting blue pool to complete blue-green upgrade, 3448 // in [RFC3339](https://www.ietf.org/rfc/rfc3339.txt) text format. 3449 string blue_pool_deletion_start_time = 4; 3450 3451 // Version of green pool. 3452 string green_pool_version = 5; 3453 } 3454 3455 // Information of a blue-green upgrade. 3456 BlueGreenInfo blue_green_info = 1; 3457 } 3458 3459 // The current status of the node pool instance. 3460 enum Status { 3461 // Not set. 3462 STATUS_UNSPECIFIED = 0; 3463 3464 // The PROVISIONING state indicates the node pool is being created. 3465 PROVISIONING = 1; 3466 3467 // The RUNNING state indicates the node pool has been created 3468 // and is fully usable. 3469 RUNNING = 2; 3470 3471 // The RUNNING_WITH_ERROR state indicates the node pool has been created 3472 // and is partially usable. Some error state has occurred and some 3473 // functionality may be impaired. Customer may need to reissue a request 3474 // or trigger a new update. 3475 RUNNING_WITH_ERROR = 3; 3476 3477 // The RECONCILING state indicates that some work is actively being done on 3478 // the node pool, such as upgrading node software. Details can 3479 // be found in the `statusMessage` field. 3480 RECONCILING = 4; 3481 3482 // The STOPPING state indicates the node pool is being deleted. 3483 STOPPING = 5; 3484 3485 // The ERROR state indicates the node pool may be unusable. Details 3486 // can be found in the `statusMessage` field. 3487 ERROR = 6; 3488 } 3489 3490 // PlacementPolicy defines the placement policy used by the node pool. 3491 message PlacementPolicy { 3492 // Type defines the type of placement policy. 3493 enum Type { 3494 // TYPE_UNSPECIFIED specifies no requirements on nodes 3495 // placement. 3496 TYPE_UNSPECIFIED = 0; 3497 3498 // COMPACT specifies node placement in the same availability domain to 3499 // ensure low communication latency. 3500 COMPACT = 1; 3501 } 3502 3503 // The type of placement. 3504 Type type = 1; 3505 3506 // Optional. TPU placement topology for pod slice node pool. 3507 // https://cloud.google.com/tpu/docs/types-topologies#tpu_topologies 3508 string tpu_topology = 2 [(google.api.field_behavior) = OPTIONAL]; 3509 3510 // If set, refers to the name of a custom resource policy supplied by the 3511 // user. The resource policy must be in the same project and region as the 3512 // node pool. If not found, InvalidArgument error is returned. 3513 string policy_name = 3; 3514 } 3515 3516 // QueuedProvisioning defines the queued provisioning used by the node pool. 3517 message QueuedProvisioning { 3518 // Denotes that this nodepool is QRM specific, meaning nodes can be only 3519 // obtained through queuing via the Cluster Autoscaler ProvisioningRequest 3520 // API. 3521 bool enabled = 1; 3522 } 3523 3524 // The name of the node pool. 3525 string name = 1; 3526 3527 // The node configuration of the pool. 3528 NodeConfig config = 2; 3529 3530 // The initial node count for the pool. You must ensure that your 3531 // Compute Engine [resource quota](https://cloud.google.com/compute/quotas) 3532 // is sufficient for this number of instances. You must also have available 3533 // firewall and routes quota. 3534 int32 initial_node_count = 3; 3535 3536 // The list of Google Compute Engine 3537 // [zones](https://cloud.google.com/compute/docs/zones#available) in which the 3538 // NodePool's nodes should be located. 3539 // 3540 // If this value is unspecified during node pool creation, the 3541 // [Cluster.Locations](https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1/projects.locations.clusters#Cluster.FIELDS.locations) 3542 // value will be used, instead. 3543 // 3544 // Warning: changing node pool locations will result in nodes being added 3545 // and/or removed. 3546 repeated string locations = 13; 3547 3548 // Networking configuration for this NodePool. If specified, it overrides the 3549 // cluster-level defaults. 3550 NodeNetworkConfig network_config = 14; 3551 3552 // [Output only] Server-defined URL for the resource. 3553 string self_link = 100; 3554 3555 // The version of Kubernetes running on this NodePool's nodes. If unspecified, 3556 // it defaults as described 3557 // [here](https://cloud.google.com/kubernetes-engine/versioning#specifying_node_version). 3558 string version = 101; 3559 3560 // [Output only] The resource URLs of the [managed instance 3561 // groups](https://cloud.google.com/compute/docs/instance-groups/creating-groups-of-managed-instances) 3562 // associated with this node pool. 3563 // During the node pool blue-green upgrade operation, the URLs contain both 3564 // blue and green resources. 3565 repeated string instance_group_urls = 102; 3566 3567 // [Output only] The status of the nodes in this pool instance. 3568 Status status = 103; 3569 3570 // [Output only] Deprecated. Use conditions instead. 3571 // Additional information about the current status of this 3572 // node pool instance, if available. 3573 string status_message = 104 [deprecated = true]; 3574 3575 // Autoscaler configuration for this NodePool. Autoscaler is enabled 3576 // only if a valid configuration is present. 3577 NodePoolAutoscaling autoscaling = 4; 3578 3579 // NodeManagement configuration for this NodePool. 3580 NodeManagement management = 5; 3581 3582 // The constraint on the maximum number of pods that can be run 3583 // simultaneously on a node in the node pool. 3584 MaxPodsConstraint max_pods_constraint = 6; 3585 3586 // Which conditions caused the current node pool state. 3587 repeated StatusCondition conditions = 105; 3588 3589 // [Output only] The pod CIDR block size per node in this node pool. 3590 int32 pod_ipv4_cidr_size = 7; 3591 3592 // Upgrade settings control disruption and speed of the upgrade. 3593 UpgradeSettings upgrade_settings = 107; 3594 3595 // Specifies the node placement policy. 3596 PlacementPolicy placement_policy = 108; 3597 3598 // Output only. [Output only] Update info contains relevant information during 3599 // a node pool update. 3600 UpdateInfo update_info = 109 [(google.api.field_behavior) = OUTPUT_ONLY]; 3601 3602 // This checksum is computed by the server based on the value of node pool 3603 // fields, and may be sent on update requests to ensure the client has an 3604 // up-to-date value before proceeding. 3605 string etag = 110; 3606 3607 // Specifies the configuration of queued provisioning. 3608 QueuedProvisioning queued_provisioning = 112; 3609 3610 // Enable best effort provisioning for nodes 3611 BestEffortProvisioning best_effort_provisioning = 113; 3612} 3613 3614// NodeManagement defines the set of node management services turned on for the 3615// node pool. 3616message NodeManagement { 3617 // A flag that specifies whether node auto-upgrade is enabled for the node 3618 // pool. If enabled, node auto-upgrade helps keep the nodes in your node pool 3619 // up to date with the latest release version of Kubernetes. 3620 bool auto_upgrade = 1; 3621 3622 // A flag that specifies whether the node auto-repair is enabled for the node 3623 // pool. If enabled, the nodes in this node pool will be monitored and, if 3624 // they fail health checks too many times, an automatic repair action will be 3625 // triggered. 3626 bool auto_repair = 2; 3627 3628 // Specifies the Auto Upgrade knobs for the node pool. 3629 AutoUpgradeOptions upgrade_options = 10; 3630} 3631 3632// Best effort provisioning. 3633message BestEffortProvisioning { 3634 // When this is enabled, cluster/node pool creations will ignore non-fatal 3635 // errors like stockout to best provision as many nodes as possible right now 3636 // and eventually bring up all target number of nodes 3637 bool enabled = 1; 3638 3639 // Minimum number of nodes to be provisioned to be considered as succeeded, 3640 // and the rest of nodes will be provisioned gradually and eventually when 3641 // stockout issue has been resolved. 3642 int32 min_provision_nodes = 2; 3643} 3644 3645// AutoUpgradeOptions defines the set of options for the user to control how 3646// the Auto Upgrades will proceed. 3647message AutoUpgradeOptions { 3648 // [Output only] This field is set when upgrades are about to commence 3649 // with the approximate start time for the upgrades, in 3650 // [RFC3339](https://www.ietf.org/rfc/rfc3339.txt) text format. 3651 string auto_upgrade_start_time = 1; 3652 3653 // [Output only] This field is set when upgrades are about to commence 3654 // with the description of the upgrade. 3655 string description = 2; 3656} 3657 3658// MaintenancePolicy defines the maintenance policy to be used for the cluster. 3659message MaintenancePolicy { 3660 // Specifies the maintenance window in which maintenance may be performed. 3661 MaintenanceWindow window = 1; 3662 3663 // A hash identifying the version of this policy, so that updates to fields of 3664 // the policy won't accidentally undo intermediate changes (and so that users 3665 // of the API unaware of some fields won't accidentally remove other fields). 3666 // Make a `get()` request to the cluster to get the current 3667 // resource version and include it with requests to set the policy. 3668 string resource_version = 3; 3669} 3670 3671// MaintenanceWindow defines the maintenance window to be used for the cluster. 3672message MaintenanceWindow { 3673 oneof policy { 3674 // DailyMaintenanceWindow specifies a daily maintenance operation window. 3675 DailyMaintenanceWindow daily_maintenance_window = 2; 3676 3677 // RecurringWindow specifies some number of recurring time periods for 3678 // maintenance to occur. The time windows may be overlapping. If no 3679 // maintenance windows are set, maintenance can occur at any time. 3680 RecurringTimeWindow recurring_window = 3; 3681 } 3682 3683 // Exceptions to maintenance window. Non-emergency maintenance should not 3684 // occur in these windows. 3685 map<string, TimeWindow> maintenance_exclusions = 4; 3686} 3687 3688// Represents an arbitrary window of time. 3689message TimeWindow { 3690 oneof options { 3691 // MaintenanceExclusionOptions provides maintenance exclusion related 3692 // options. 3693 MaintenanceExclusionOptions maintenance_exclusion_options = 3; 3694 } 3695 3696 // The time that the window first starts. 3697 google.protobuf.Timestamp start_time = 1; 3698 3699 // The time that the window ends. The end time should take place after the 3700 // start time. 3701 google.protobuf.Timestamp end_time = 2; 3702} 3703 3704// Represents the Maintenance exclusion option. 3705message MaintenanceExclusionOptions { 3706 // Scope of exclusion. 3707 enum Scope { 3708 // NO_UPGRADES excludes all upgrades, including patch upgrades and minor 3709 // upgrades across control planes and nodes. This is the default exclusion 3710 // behavior. 3711 NO_UPGRADES = 0; 3712 3713 // NO_MINOR_UPGRADES excludes all minor upgrades for the cluster, only 3714 // patches are allowed. 3715 NO_MINOR_UPGRADES = 1; 3716 3717 // NO_MINOR_OR_NODE_UPGRADES excludes all minor upgrades for the cluster, 3718 // and also exclude all node pool upgrades. Only control 3719 // plane patches are allowed. 3720 NO_MINOR_OR_NODE_UPGRADES = 2; 3721 } 3722 3723 // Scope specifies the upgrade scope which upgrades are blocked by the 3724 // exclusion. 3725 Scope scope = 1; 3726} 3727 3728// Represents an arbitrary window of time that recurs. 3729message RecurringTimeWindow { 3730 // The window of the first recurrence. 3731 TimeWindow window = 1; 3732 3733 // An RRULE (https://tools.ietf.org/html/rfc5545#section-3.8.5.3) for how 3734 // this window reccurs. They go on for the span of time between the start and 3735 // end time. 3736 // 3737 // For example, to have something repeat every weekday, you'd use: 3738 // `FREQ=WEEKLY;BYDAY=MO,TU,WE,TH,FR` 3739 // 3740 // To repeat some window daily (equivalent to the DailyMaintenanceWindow): 3741 // `FREQ=DAILY` 3742 // 3743 // For the first weekend of every month: 3744 // `FREQ=MONTHLY;BYSETPOS=1;BYDAY=SA,SU` 3745 // 3746 // This specifies how frequently the window starts. Eg, if you wanted to have 3747 // a 9-5 UTC-4 window every weekday, you'd use something like: 3748 // ``` 3749 // start time = 2019-01-01T09:00:00-0400 3750 // end time = 2019-01-01T17:00:00-0400 3751 // recurrence = FREQ=WEEKLY;BYDAY=MO,TU,WE,TH,FR 3752 // ``` 3753 // 3754 // Windows can span multiple days. Eg, to make the window encompass every 3755 // weekend from midnight Saturday till the last minute of Sunday UTC: 3756 // ``` 3757 // start time = 2019-01-05T00:00:00Z 3758 // end time = 2019-01-07T23:59:00Z 3759 // recurrence = FREQ=WEEKLY;BYDAY=SA 3760 // ``` 3761 // 3762 // Note the start and end time's specific dates are largely arbitrary except 3763 // to specify duration of the window and when it first starts. 3764 // The FREQ values of HOURLY, MINUTELY, and SECONDLY are not supported. 3765 string recurrence = 2; 3766} 3767 3768// Time window specified for daily maintenance operations. 3769message DailyMaintenanceWindow { 3770 // Time within the maintenance window to start the maintenance operations. 3771 // Time format should be in [RFC3339](https://www.ietf.org/rfc/rfc3339.txt) 3772 // format "HH:MM", where HH : [00-23] and MM : [00-59] GMT. 3773 string start_time = 2; 3774 3775 // [Output only] Duration of the time window, automatically chosen to be 3776 // smallest possible in the given scenario. 3777 // Duration will be in [RFC3339](https://www.ietf.org/rfc/rfc3339.txt) 3778 // format "PTnHnMnS". 3779 string duration = 3; 3780} 3781 3782// SetNodePoolManagementRequest sets the node management properties of a node 3783// pool. 3784message SetNodePoolManagementRequest { 3785 // Deprecated. The Google Developers Console [project ID or project 3786 // number](https://cloud.google.com/resource-manager/docs/creating-managing-projects). 3787 // This field has been deprecated and replaced by the name field. 3788 string project_id = 1 [deprecated = true]; 3789 3790 // Deprecated. The name of the Google Compute Engine 3791 // [zone](https://cloud.google.com/compute/docs/zones#available) in which the 3792 // cluster resides. This field has been deprecated and replaced by the name 3793 // field. 3794 string zone = 2 [deprecated = true]; 3795 3796 // Deprecated. The name of the cluster to update. 3797 // This field has been deprecated and replaced by the name field. 3798 string cluster_id = 3 [deprecated = true]; 3799 3800 // Deprecated. The name of the node pool to update. 3801 // This field has been deprecated and replaced by the name field. 3802 string node_pool_id = 4 [deprecated = true]; 3803 3804 // Required. NodeManagement configuration for the node pool. 3805 NodeManagement management = 5 [(google.api.field_behavior) = REQUIRED]; 3806 3807 // The name (project, location, cluster, node pool id) of the node pool to set 3808 // management properties. Specified in the format 3809 // `projects/*/locations/*/clusters/*/nodePools/*`. 3810 string name = 7; 3811} 3812 3813// SetNodePoolSizeRequest sets the size of a node pool. 3814message SetNodePoolSizeRequest { 3815 // Deprecated. The Google Developers Console [project ID or project 3816 // number](https://cloud.google.com/resource-manager/docs/creating-managing-projects). 3817 // This field has been deprecated and replaced by the name field. 3818 string project_id = 1 [deprecated = true]; 3819 3820 // Deprecated. The name of the Google Compute Engine 3821 // [zone](https://cloud.google.com/compute/docs/zones#available) in which the 3822 // cluster resides. This field has been deprecated and replaced by the name 3823 // field. 3824 string zone = 2 [deprecated = true]; 3825 3826 // Deprecated. The name of the cluster to update. 3827 // This field has been deprecated and replaced by the name field. 3828 string cluster_id = 3 [deprecated = true]; 3829 3830 // Deprecated. The name of the node pool to update. 3831 // This field has been deprecated and replaced by the name field. 3832 string node_pool_id = 4 [deprecated = true]; 3833 3834 // Required. The desired node count for the pool. 3835 int32 node_count = 5 [(google.api.field_behavior) = REQUIRED]; 3836 3837 // The name (project, location, cluster, node pool id) of the node pool to set 3838 // size. 3839 // Specified in the format `projects/*/locations/*/clusters/*/nodePools/*`. 3840 string name = 7; 3841} 3842 3843// CompleteNodePoolUpgradeRequest sets the name of target node pool to complete 3844// upgrade. 3845message CompleteNodePoolUpgradeRequest { 3846 // The name (project, location, cluster, node pool id) of the node pool to 3847 // complete upgrade. 3848 // Specified in the format `projects/*/locations/*/clusters/*/nodePools/*`. 3849 string name = 1; 3850} 3851 3852// RollbackNodePoolUpgradeRequest rollbacks the previously Aborted or Failed 3853// NodePool upgrade. This will be an no-op if the last upgrade successfully 3854// completed. 3855message RollbackNodePoolUpgradeRequest { 3856 // Deprecated. The Google Developers Console [project ID or project 3857 // number](https://cloud.google.com/resource-manager/docs/creating-managing-projects). 3858 // This field has been deprecated and replaced by the name field. 3859 string project_id = 1 [deprecated = true]; 3860 3861 // Deprecated. The name of the Google Compute Engine 3862 // [zone](https://cloud.google.com/compute/docs/zones#available) in which the 3863 // cluster resides. This field has been deprecated and replaced by the name 3864 // field. 3865 string zone = 2 [deprecated = true]; 3866 3867 // Deprecated. The name of the cluster to rollback. 3868 // This field has been deprecated and replaced by the name field. 3869 string cluster_id = 3 [deprecated = true]; 3870 3871 // Deprecated. The name of the node pool to rollback. 3872 // This field has been deprecated and replaced by the name field. 3873 string node_pool_id = 4 [deprecated = true]; 3874 3875 // The name (project, location, cluster, node pool id) of the node poll to 3876 // rollback upgrade. 3877 // Specified in the format `projects/*/locations/*/clusters/*/nodePools/*`. 3878 string name = 6; 3879 3880 // Option for rollback to ignore the PodDisruptionBudget. 3881 // Default value is false. 3882 bool respect_pdb = 7; 3883} 3884 3885// ListNodePoolsResponse is the result of ListNodePoolsRequest. 3886message ListNodePoolsResponse { 3887 // A list of node pools for a cluster. 3888 repeated NodePool node_pools = 1; 3889} 3890 3891// ClusterAutoscaling contains global, per-cluster information 3892// required by Cluster Autoscaler to automatically adjust 3893// the size of the cluster and create/delete 3894// node pools based on the current needs. 3895message ClusterAutoscaling { 3896 // Defines possible options for autoscaling_profile field. 3897 enum AutoscalingProfile { 3898 // No change to autoscaling configuration. 3899 PROFILE_UNSPECIFIED = 0; 3900 3901 // Prioritize optimizing utilization of resources. 3902 OPTIMIZE_UTILIZATION = 1; 3903 3904 // Use default (balanced) autoscaling configuration. 3905 BALANCED = 2; 3906 } 3907 3908 // Enables automatic node pool creation and deletion. 3909 bool enable_node_autoprovisioning = 1; 3910 3911 // Contains global constraints regarding minimum and maximum 3912 // amount of resources in the cluster. 3913 repeated ResourceLimit resource_limits = 2; 3914 3915 // Defines autoscaling behaviour. 3916 AutoscalingProfile autoscaling_profile = 3; 3917 3918 // AutoprovisioningNodePoolDefaults contains defaults for a node pool 3919 // created by NAP. 3920 AutoprovisioningNodePoolDefaults autoprovisioning_node_pool_defaults = 4; 3921 3922 // The list of Google Compute Engine 3923 // [zones](https://cloud.google.com/compute/docs/zones#available) in which the 3924 // NodePool's nodes can be created by NAP. 3925 repeated string autoprovisioning_locations = 5; 3926} 3927 3928// AutoprovisioningNodePoolDefaults contains defaults for a node pool created 3929// by NAP. 3930message AutoprovisioningNodePoolDefaults { 3931 // Scopes that are used by NAP when creating node pools. 3932 repeated string oauth_scopes = 1; 3933 3934 // The Google Cloud Platform Service Account to be used by the node VMs. 3935 string service_account = 2; 3936 3937 // Specifies the upgrade settings for NAP created node pools 3938 NodePool.UpgradeSettings upgrade_settings = 3; 3939 3940 // Specifies the node management options for NAP created node-pools. 3941 NodeManagement management = 4; 3942 3943 // Deprecated. Minimum CPU platform to be used for NAP created node pools. 3944 // The instance may be scheduled on the specified or newer CPU platform. 3945 // Applicable values are the friendly names of CPU platforms, such as 3946 // minCpuPlatform: Intel Haswell or 3947 // minCpuPlatform: Intel Sandy Bridge. For more 3948 // information, read [how to specify min CPU 3949 // platform](https://cloud.google.com/compute/docs/instances/specify-min-cpu-platform). 3950 // This field is deprecated, min_cpu_platform should be specified using 3951 // `cloud.google.com/requested-min-cpu-platform` label selector on the pod. 3952 // To unset the min cpu platform field pass "automatic" 3953 // as field value. 3954 string min_cpu_platform = 5 [deprecated = true]; 3955 3956 // Size of the disk attached to each node, specified in GB. 3957 // The smallest allowed disk size is 10GB. 3958 // 3959 // If unspecified, the default disk size is 100GB. 3960 int32 disk_size_gb = 6; 3961 3962 // Type of the disk attached to each node (e.g. 'pd-standard', 'pd-ssd' or 3963 // 'pd-balanced') 3964 // 3965 // If unspecified, the default disk type is 'pd-standard' 3966 string disk_type = 7; 3967 3968 // Shielded Instance options. 3969 ShieldedInstanceConfig shielded_instance_config = 8; 3970 3971 // The Customer Managed Encryption Key used to encrypt the boot disk attached 3972 // to each node in the node pool. This should be of the form 3973 // projects/[KEY_PROJECT_ID]/locations/[LOCATION]/keyRings/[RING_NAME]/cryptoKeys/[KEY_NAME]. 3974 // For more information about protecting resources with Cloud KMS Keys please 3975 // see: 3976 // https://cloud.google.com/compute/docs/disks/customer-managed-encryption 3977 string boot_disk_kms_key = 9; 3978 3979 // The image type to use for NAP created node. Please see 3980 // https://cloud.google.com/kubernetes-engine/docs/concepts/node-images for 3981 // available image types. 3982 string image_type = 10; 3983 3984 // Enable or disable Kubelet read only port. 3985 optional bool insecure_kubelet_readonly_port_enabled = 13; 3986} 3987 3988// Contains information about amount of some resource in the cluster. 3989// For memory, value should be in GB. 3990message ResourceLimit { 3991 // Resource name "cpu", "memory" or gpu-specific string. 3992 string resource_type = 1; 3993 3994 // Minimum amount of the resource in the cluster. 3995 int64 minimum = 2; 3996 3997 // Maximum amount of the resource in the cluster. 3998 int64 maximum = 3; 3999} 4000 4001// NodePoolAutoscaling contains information required by cluster autoscaler to 4002// adjust the size of the node pool to the current cluster usage. 4003message NodePoolAutoscaling { 4004 // Location policy specifies how zones are picked when scaling up the 4005 // nodepool. 4006 enum LocationPolicy { 4007 // Not set. 4008 LOCATION_POLICY_UNSPECIFIED = 0; 4009 4010 // BALANCED is a best effort policy that aims to balance the sizes of 4011 // different zones. 4012 BALANCED = 1; 4013 4014 // ANY policy picks zones that have the highest capacity available. 4015 ANY = 2; 4016 } 4017 4018 // Is autoscaling enabled for this node pool. 4019 bool enabled = 1; 4020 4021 // Minimum number of nodes for one location in the NodePool. Must be >= 1 and 4022 // <= max_node_count. 4023 int32 min_node_count = 2; 4024 4025 // Maximum number of nodes for one location in the NodePool. Must be >= 4026 // min_node_count. There has to be enough quota to scale up the cluster. 4027 int32 max_node_count = 3; 4028 4029 // Can this node pool be deleted automatically. 4030 bool autoprovisioned = 4; 4031 4032 // Location policy used when scaling up a nodepool. 4033 LocationPolicy location_policy = 5; 4034 4035 // Minimum number of nodes in the node pool. Must be greater than 1 less than 4036 // total_max_node_count. 4037 // The total_*_node_count fields are mutually exclusive with the *_node_count 4038 // fields. 4039 int32 total_min_node_count = 6; 4040 4041 // Maximum number of nodes in the node pool. Must be greater than 4042 // total_min_node_count. There has to be enough quota to scale up the cluster. 4043 // The total_*_node_count fields are mutually exclusive with the *_node_count 4044 // fields. 4045 int32 total_max_node_count = 7; 4046} 4047 4048// SetLabelsRequest sets the Google Cloud Platform labels on a Google Container 4049// Engine cluster, which will in turn set them for Google Compute Engine 4050// resources used by that cluster 4051message SetLabelsRequest { 4052 // Deprecated. The Google Developers Console [project ID or project 4053 // number](https://cloud.google.com/resource-manager/docs/creating-managing-projects). 4054 // This field has been deprecated and replaced by the name field. 4055 string project_id = 1 [deprecated = true]; 4056 4057 // Deprecated. The name of the Google Compute Engine 4058 // [zone](https://cloud.google.com/compute/docs/zones#available) in which the 4059 // cluster resides. This field has been deprecated and replaced by the name 4060 // field. 4061 string zone = 2 [deprecated = true]; 4062 4063 // Deprecated. The name of the cluster. 4064 // This field has been deprecated and replaced by the name field. 4065 string cluster_id = 3 [deprecated = true]; 4066 4067 // Required. The labels to set for that cluster. 4068 map<string, string> resource_labels = 4 4069 [(google.api.field_behavior) = REQUIRED]; 4070 4071 // Required. The fingerprint of the previous set of labels for this resource, 4072 // used to detect conflicts. The fingerprint is initially generated by 4073 // Kubernetes Engine and changes after every request to modify or update 4074 // labels. You must always provide an up-to-date fingerprint hash when 4075 // updating or changing labels. Make a `get()` request to the 4076 // resource to get the latest fingerprint. 4077 string label_fingerprint = 5 [(google.api.field_behavior) = REQUIRED]; 4078 4079 // The name (project, location, cluster name) of the cluster to set labels. 4080 // Specified in the format `projects/*/locations/*/clusters/*`. 4081 string name = 7; 4082} 4083 4084// SetLegacyAbacRequest enables or disables the ABAC authorization mechanism for 4085// a cluster. 4086message SetLegacyAbacRequest { 4087 // Deprecated. The Google Developers Console [project ID or project 4088 // number](https://cloud.google.com/resource-manager/docs/creating-managing-projects). 4089 // This field has been deprecated and replaced by the name field. 4090 string project_id = 1 [deprecated = true]; 4091 4092 // Deprecated. The name of the Google Compute Engine 4093 // [zone](https://cloud.google.com/compute/docs/zones#available) in which the 4094 // cluster resides. This field has been deprecated and replaced by the name 4095 // field. 4096 string zone = 2 [deprecated = true]; 4097 4098 // Deprecated. The name of the cluster to update. 4099 // This field has been deprecated and replaced by the name field. 4100 string cluster_id = 3 [deprecated = true]; 4101 4102 // Required. Whether ABAC authorization will be enabled in the cluster. 4103 bool enabled = 4 [(google.api.field_behavior) = REQUIRED]; 4104 4105 // The name (project, location, cluster name) of the cluster to set legacy 4106 // abac. Specified in the format `projects/*/locations/*/clusters/*`. 4107 string name = 6; 4108} 4109 4110// StartIPRotationRequest creates a new IP for the cluster and then performs 4111// a node upgrade on each node pool to point to the new IP. 4112message StartIPRotationRequest { 4113 // Deprecated. The Google Developers Console [project ID or project 4114 // number](https://cloud.google.com/resource-manager/docs/creating-managing-projects). 4115 // This field has been deprecated and replaced by the name field. 4116 string project_id = 1 [deprecated = true]; 4117 4118 // Deprecated. The name of the Google Compute Engine 4119 // [zone](https://cloud.google.com/compute/docs/zones#available) in which the 4120 // cluster resides. This field has been deprecated and replaced by the name 4121 // field. 4122 string zone = 2 [deprecated = true]; 4123 4124 // Deprecated. The name of the cluster. 4125 // This field has been deprecated and replaced by the name field. 4126 string cluster_id = 3 [deprecated = true]; 4127 4128 // The name (project, location, cluster name) of the cluster to start IP 4129 // rotation. Specified in the format `projects/*/locations/*/clusters/*`. 4130 string name = 6; 4131 4132 // Whether to rotate credentials during IP rotation. 4133 bool rotate_credentials = 7; 4134} 4135 4136// CompleteIPRotationRequest moves the cluster master back into single-IP mode. 4137message CompleteIPRotationRequest { 4138 // Deprecated. The Google Developers Console [project ID or project 4139 // number](https://cloud.google.com/resource-manager/docs/creating-managing-projects). 4140 // This field has been deprecated and replaced by the name field. 4141 string project_id = 1 [deprecated = true]; 4142 4143 // Deprecated. The name of the Google Compute Engine 4144 // [zone](https://cloud.google.com/compute/docs/zones#available) in which the 4145 // cluster resides. This field has been deprecated and replaced by the name 4146 // field. 4147 string zone = 2 [deprecated = true]; 4148 4149 // Deprecated. The name of the cluster. 4150 // This field has been deprecated and replaced by the name field. 4151 string cluster_id = 3 [deprecated = true]; 4152 4153 // The name (project, location, cluster name) of the cluster to complete IP 4154 // rotation. Specified in the format `projects/*/locations/*/clusters/*`. 4155 string name = 7; 4156} 4157 4158// AcceleratorConfig represents a Hardware Accelerator request. 4159message AcceleratorConfig { 4160 // The number of the accelerator cards exposed to an instance. 4161 int64 accelerator_count = 1; 4162 4163 // The accelerator type resource name. List of supported accelerators 4164 // [here](https://cloud.google.com/compute/docs/gpus) 4165 string accelerator_type = 2; 4166 4167 // Size of partitions to create on the GPU. Valid values are described in the 4168 // NVIDIA [mig user 4169 // guide](https://docs.nvidia.com/datacenter/tesla/mig-user-guide/#partitioning). 4170 string gpu_partition_size = 3; 4171 4172 // The configuration for GPU sharing options. 4173 optional GPUSharingConfig gpu_sharing_config = 5; 4174 4175 // The configuration for auto installation of GPU driver. 4176 optional GPUDriverInstallationConfig gpu_driver_installation_config = 6; 4177} 4178 4179// GPUSharingConfig represents the GPU sharing configuration for Hardware 4180// Accelerators. 4181message GPUSharingConfig { 4182 // The type of GPU sharing strategy currently provided. 4183 enum GPUSharingStrategy { 4184 // Default value. 4185 GPU_SHARING_STRATEGY_UNSPECIFIED = 0; 4186 4187 // GPUs are time-shared between containers. 4188 TIME_SHARING = 1; 4189 } 4190 4191 // The max number of containers that can share a physical GPU. 4192 int64 max_shared_clients_per_gpu = 1; 4193 4194 // The type of GPU sharing strategy to enable on the GPU node. 4195 optional GPUSharingStrategy gpu_sharing_strategy = 2; 4196} 4197 4198// GPUDriverInstallationConfig specifies the version of GPU driver to be auto 4199// installed. 4200message GPUDriverInstallationConfig { 4201 // The GPU driver version to install. 4202 enum GPUDriverVersion { 4203 // Default value is to not install any GPU driver. 4204 GPU_DRIVER_VERSION_UNSPECIFIED = 0; 4205 4206 // Disable GPU driver auto installation and needs manual installation 4207 INSTALLATION_DISABLED = 1; 4208 4209 // "Default" GPU driver in COS and Ubuntu. 4210 DEFAULT = 2; 4211 4212 // "Latest" GPU driver in COS. 4213 LATEST = 3; 4214 } 4215 4216 // Mode for how the GPU driver is installed. 4217 optional GPUDriverVersion gpu_driver_version = 1; 4218} 4219 4220// WorkloadMetadataConfig defines the metadata configuration to expose to 4221// workloads on the node pool. 4222message WorkloadMetadataConfig { 4223 // Mode is the configuration for how to expose metadata to workloads running 4224 // on the node. 4225 enum Mode { 4226 // Not set. 4227 MODE_UNSPECIFIED = 0; 4228 4229 // Expose all Compute Engine metadata to pods. 4230 GCE_METADATA = 1; 4231 4232 // Run the GKE Metadata Server on this node. The GKE Metadata Server exposes 4233 // a metadata API to workloads that is compatible with the V1 Compute 4234 // Metadata APIs exposed by the Compute Engine and App Engine Metadata 4235 // Servers. This feature can only be enabled if Workload Identity is enabled 4236 // at the cluster level. 4237 GKE_METADATA = 2; 4238 } 4239 4240 // Mode is the configuration for how to expose metadata to workloads running 4241 // on the node pool. 4242 Mode mode = 2; 4243} 4244 4245// SetNetworkPolicyRequest enables/disables network policy for a cluster. 4246message SetNetworkPolicyRequest { 4247 // Deprecated. The Google Developers Console [project ID or project 4248 // number](https://cloud.google.com/resource-manager/docs/creating-managing-projects). 4249 // This field has been deprecated and replaced by the name field. 4250 string project_id = 1 [deprecated = true]; 4251 4252 // Deprecated. The name of the Google Compute Engine 4253 // [zone](https://cloud.google.com/compute/docs/zones#available) in which the 4254 // cluster resides. This field has been deprecated and replaced by the name 4255 // field. 4256 string zone = 2 [deprecated = true]; 4257 4258 // Deprecated. The name of the cluster. 4259 // This field has been deprecated and replaced by the name field. 4260 string cluster_id = 3 [deprecated = true]; 4261 4262 // Required. Configuration options for the NetworkPolicy feature. 4263 NetworkPolicy network_policy = 4 [(google.api.field_behavior) = REQUIRED]; 4264 4265 // The name (project, location, cluster name) of the cluster to set networking 4266 // policy. Specified in the format `projects/*/locations/*/clusters/*`. 4267 string name = 6; 4268} 4269 4270// SetMaintenancePolicyRequest sets the maintenance policy for a cluster. 4271message SetMaintenancePolicyRequest { 4272 // Required. The Google Developers Console [project ID or project 4273 // number](https://cloud.google.com/resource-manager/docs/creating-managing-projects). 4274 string project_id = 1 [(google.api.field_behavior) = REQUIRED]; 4275 4276 // Required. The name of the Google Compute Engine 4277 // [zone](https://cloud.google.com/compute/docs/zones#available) in which the 4278 // cluster resides. 4279 string zone = 2 [(google.api.field_behavior) = REQUIRED]; 4280 4281 // Required. The name of the cluster to update. 4282 string cluster_id = 3 [(google.api.field_behavior) = REQUIRED]; 4283 4284 // Required. The maintenance policy to be set for the cluster. An empty field 4285 // clears the existing maintenance policy. 4286 MaintenancePolicy maintenance_policy = 4 4287 [(google.api.field_behavior) = REQUIRED]; 4288 4289 // The name (project, location, cluster name) of the cluster to set 4290 // maintenance policy. 4291 // Specified in the format `projects/*/locations/*/clusters/*`. 4292 string name = 5; 4293} 4294 4295// StatusCondition describes why a cluster or a node pool has a certain status 4296// (e.g., ERROR or DEGRADED). 4297message StatusCondition { 4298 // Code for each condition 4299 enum Code { 4300 // UNKNOWN indicates a generic condition. 4301 UNKNOWN = 0; 4302 4303 // GCE_STOCKOUT indicates that Google Compute Engine resources are 4304 // temporarily unavailable. 4305 GCE_STOCKOUT = 1; 4306 4307 // GKE_SERVICE_ACCOUNT_DELETED indicates that the user deleted their robot 4308 // service account. 4309 GKE_SERVICE_ACCOUNT_DELETED = 2; 4310 4311 // Google Compute Engine quota was exceeded. 4312 GCE_QUOTA_EXCEEDED = 3; 4313 4314 // Cluster state was manually changed by an SRE due to a system logic error. 4315 SET_BY_OPERATOR = 4; 4316 4317 // Unable to perform an encrypt operation against the CloudKMS key used for 4318 // etcd level encryption. 4319 CLOUD_KMS_KEY_ERROR = 7; 4320 4321 // Cluster CA is expiring soon. 4322 CA_EXPIRING = 9; 4323 } 4324 4325 // Machine-friendly representation of the condition 4326 // Deprecated. Use canonical_code instead. 4327 Code code = 1 [deprecated = true]; 4328 4329 // Human-friendly representation of the condition 4330 string message = 2; 4331 4332 // Canonical code of the condition. 4333 google.rpc.Code canonical_code = 3; 4334} 4335 4336// NetworkConfig reports the relative names of network & subnetwork. 4337message NetworkConfig { 4338 // Configuration of network bandwidth tiers 4339 message ClusterNetworkPerformanceConfig { 4340 // Node network tier 4341 enum Tier { 4342 // Default value 4343 TIER_UNSPECIFIED = 0; 4344 4345 // Higher bandwidth, actual values based on VM size. 4346 TIER_1 = 1; 4347 } 4348 4349 // Specifies the total network bandwidth tier for NodePools in the cluster. 4350 optional Tier total_egress_bandwidth_tier = 1; 4351 } 4352 4353 // Output only. The relative name of the Google Compute Engine 4354 // [network][google.container.v1.NetworkConfig.network](https://cloud.google.com/compute/docs/networks-and-firewalls#networks) 4355 // to which the cluster is connected. Example: 4356 // projects/my-project/global/networks/my-network 4357 string network = 1; 4358 4359 // Output only. The relative name of the Google Compute Engine 4360 // [subnetwork](https://cloud.google.com/compute/docs/vpc) to which the 4361 // cluster is connected. Example: 4362 // projects/my-project/regions/us-central1/subnetworks/my-subnet 4363 string subnetwork = 2; 4364 4365 // Whether Intra-node visibility is enabled for this cluster. 4366 // This makes same node pod to pod traffic visible for VPC network. 4367 bool enable_intra_node_visibility = 5; 4368 4369 // Whether the cluster disables default in-node sNAT rules. In-node sNAT rules 4370 // will be disabled when default_snat_status is disabled. When disabled is set 4371 // to false, default IP masquerade rules will be applied to the nodes to 4372 // prevent sNAT on cluster internal traffic. 4373 DefaultSnatStatus default_snat_status = 7; 4374 4375 // Whether L4ILB Subsetting is enabled for this cluster. 4376 bool enable_l4ilb_subsetting = 10; 4377 4378 // The desired datapath provider for this cluster. By default, uses the 4379 // IPTables-based kube-proxy implementation. 4380 DatapathProvider datapath_provider = 11; 4381 4382 // The desired state of IPv6 connectivity to Google Services. 4383 // By default, no private IPv6 access to or from Google Services (all access 4384 // will be via IPv4) 4385 PrivateIPv6GoogleAccess private_ipv6_google_access = 12; 4386 4387 // DNSConfig contains clusterDNS config for this cluster. 4388 DNSConfig dns_config = 13; 4389 4390 // ServiceExternalIPsConfig specifies if services with externalIPs field are 4391 // blocked or not. 4392 ServiceExternalIPsConfig service_external_ips_config = 15; 4393 4394 // GatewayAPIConfig contains the desired config of Gateway API on this 4395 // cluster. 4396 GatewayAPIConfig gateway_api_config = 16; 4397 4398 // Whether multi-networking is enabled for this cluster. 4399 bool enable_multi_networking = 17; 4400 4401 // Network bandwidth tier configuration. 4402 ClusterNetworkPerformanceConfig network_performance_config = 18; 4403 4404 // Whether FQDN Network Policy is enabled on this cluster. 4405 optional bool enable_fqdn_network_policy = 19; 4406 4407 // Specify the details of in-transit encryption. 4408 optional InTransitEncryptionConfig in_transit_encryption_config = 20; 4409 4410 // Whether CiliumClusterwideNetworkPolicy is enabled on this cluster. 4411 optional bool enable_cilium_clusterwide_network_policy = 21; 4412} 4413 4414// GatewayAPIConfig contains the desired config of Gateway API on this cluster. 4415message GatewayAPIConfig { 4416 // Channel describes if/how Gateway API should be installed and implemented in 4417 // a cluster. 4418 enum Channel { 4419 // Default value. 4420 CHANNEL_UNSPECIFIED = 0; 4421 4422 // Gateway API support is disabled 4423 CHANNEL_DISABLED = 1; 4424 4425 // Gateway API support is enabled, experimental CRDs are installed 4426 CHANNEL_EXPERIMENTAL = 3; 4427 4428 // Gateway API support is enabled, standard CRDs are installed 4429 CHANNEL_STANDARD = 4; 4430 } 4431 4432 // The Gateway API release channel to use for Gateway API. 4433 Channel channel = 1; 4434} 4435 4436// Config to block services with externalIPs field. 4437message ServiceExternalIPsConfig { 4438 // Whether Services with ExternalIPs field are allowed or not. 4439 bool enabled = 1; 4440} 4441 4442// GetOpenIDConfigRequest gets the OIDC discovery document for the 4443// cluster. See the OpenID Connect Discovery 1.0 specification for details. 4444message GetOpenIDConfigRequest { 4445 // The cluster (project, location, cluster name) to get the discovery document 4446 // for. Specified in the format `projects/*/locations/*/clusters/*`. 4447 string parent = 1; 4448} 4449 4450// GetOpenIDConfigResponse is an OIDC discovery document for the cluster. 4451// See the OpenID Connect Discovery 1.0 specification for details. 4452message GetOpenIDConfigResponse { 4453 // OIDC Issuer. 4454 string issuer = 1; 4455 4456 // JSON Web Key uri. 4457 string jwks_uri = 2; 4458 4459 // Supported response types. 4460 repeated string response_types_supported = 3; 4461 4462 // Supported subject types. 4463 repeated string subject_types_supported = 4; 4464 4465 // supported ID Token signing Algorithms. 4466 repeated string id_token_signing_alg_values_supported = 5; 4467 4468 // Supported claims. 4469 repeated string claims_supported = 6; 4470 4471 // Supported grant types. 4472 repeated string grant_types = 7; 4473} 4474 4475// GetJSONWebKeysRequest gets the public component of the keys used by the 4476// cluster to sign token requests. This will be the jwks_uri for the discover 4477// document returned by getOpenIDConfig. See the OpenID Connect 4478// Discovery 1.0 specification for details. 4479message GetJSONWebKeysRequest { 4480 // The cluster (project, location, cluster name) to get keys for. Specified in 4481 // the format `projects/*/locations/*/clusters/*`. 4482 string parent = 1; 4483} 4484 4485// Jwk is a JSON Web Key as specified in RFC 7517 4486message Jwk { 4487 // Key Type. 4488 string kty = 1; 4489 4490 // Algorithm. 4491 string alg = 2; 4492 4493 // Permitted uses for the public keys. 4494 string use = 3; 4495 4496 // Key ID. 4497 string kid = 4; 4498 4499 // Used for RSA keys. 4500 string n = 5; 4501 4502 // Used for RSA keys. 4503 string e = 6; 4504 4505 // Used for ECDSA keys. 4506 string x = 7; 4507 4508 // Used for ECDSA keys. 4509 string y = 8; 4510 4511 // Used for ECDSA keys. 4512 string crv = 9; 4513} 4514 4515// GetJSONWebKeysResponse is a valid JSON Web Key Set as specififed in rfc 7517 4516message GetJSONWebKeysResponse { 4517 // The public component of the keys used by the cluster to sign token 4518 // requests. 4519 repeated Jwk keys = 1; 4520} 4521 4522// CheckAutopilotCompatibilityRequest requests getting the blockers for the 4523// given operation in the cluster. 4524message CheckAutopilotCompatibilityRequest { 4525 // The name (project, location, cluster) of the cluster to retrieve. 4526 // Specified in the format `projects/*/locations/*/clusters/*`. 4527 string name = 1; 4528} 4529 4530// AutopilotCompatibilityIssue contains information about a specific 4531// compatibility issue with Autopilot mode. 4532message AutopilotCompatibilityIssue { 4533 // The type of the reported issue. 4534 enum IssueType { 4535 // Default value, should not be used. 4536 UNSPECIFIED = 0; 4537 4538 // Indicates that the issue is a known incompatibility between the 4539 // cluster and Autopilot mode. 4540 INCOMPATIBILITY = 1; 4541 4542 // Indicates the issue is an incompatibility if customers take no further 4543 // action to resolve. 4544 ADDITIONAL_CONFIG_REQUIRED = 2; 4545 4546 // Indicates the issue is not an incompatibility, but depending on the 4547 // workloads business logic, there is a potential that they won't work on 4548 // Autopilot. 4549 PASSED_WITH_OPTIONAL_CONFIG = 3; 4550 } 4551 4552 // The last time when this issue was observed. 4553 google.protobuf.Timestamp last_observation = 1; 4554 4555 // The constraint type of the issue. 4556 string constraint_type = 2; 4557 4558 // The incompatibility type of this issue. 4559 IssueType incompatibility_type = 3; 4560 4561 // The name of the resources which are subject to this issue. 4562 repeated string subjects = 4; 4563 4564 // A URL to a public documnetation, which addresses resolving this issue. 4565 string documentation_url = 5; 4566 4567 // The description of the issue. 4568 string description = 6; 4569} 4570 4571// CheckAutopilotCompatibilityResponse has a list of compatibility issues. 4572message CheckAutopilotCompatibilityResponse { 4573 // The list of issues for the given operation. 4574 repeated AutopilotCompatibilityIssue issues = 1; 4575 4576 // The summary of the autopilot compatibility response. 4577 string summary = 2; 4578} 4579 4580// ReleaseChannel indicates which release channel a cluster is 4581// subscribed to. Release channels are arranged in order of risk. 4582// 4583// When a cluster is subscribed to a release channel, Google maintains 4584// both the master version and the node version. Node auto-upgrade 4585// defaults to true and cannot be disabled. 4586message ReleaseChannel { 4587 // Possible values for 'channel'. 4588 enum Channel { 4589 // No channel specified. 4590 UNSPECIFIED = 0; 4591 4592 // RAPID channel is offered on an early access basis for customers who want 4593 // to test new releases. 4594 // 4595 // WARNING: Versions available in the RAPID Channel may be subject to 4596 // unresolved issues with no known workaround and are not subject to any 4597 // SLAs. 4598 RAPID = 1; 4599 4600 // Clusters subscribed to REGULAR receive versions that are considered GA 4601 // quality. REGULAR is intended for production users who want to take 4602 // advantage of new features. 4603 REGULAR = 2; 4604 4605 // Clusters subscribed to STABLE receive versions that are known to be 4606 // stable and reliable in production. 4607 STABLE = 3; 4608 } 4609 4610 // channel specifies which release channel the cluster is subscribed to. 4611 Channel channel = 1; 4612} 4613 4614// Configuration for fine-grained cost management feature. 4615message CostManagementConfig { 4616 // Whether the feature is enabled or not. 4617 bool enabled = 1; 4618} 4619 4620// IntraNodeVisibilityConfig contains the desired config of the intra-node 4621// visibility on this cluster. 4622message IntraNodeVisibilityConfig { 4623 // Enables intra node visibility for this cluster. 4624 bool enabled = 1; 4625} 4626 4627// ILBSubsettingConfig contains the desired config of L4 Internal LoadBalancer 4628// subsetting on this cluster. 4629message ILBSubsettingConfig { 4630 // Enables l4 ILB subsetting for this cluster. 4631 bool enabled = 1; 4632} 4633 4634// DNSConfig contains the desired set of options for configuring clusterDNS. 4635message DNSConfig { 4636 // Provider lists the various in-cluster DNS providers. 4637 enum Provider { 4638 // Default value 4639 PROVIDER_UNSPECIFIED = 0; 4640 4641 // Use GKE default DNS provider(kube-dns) for DNS resolution. 4642 PLATFORM_DEFAULT = 1; 4643 4644 // Use CloudDNS for DNS resolution. 4645 CLOUD_DNS = 2; 4646 4647 // Use KubeDNS for DNS resolution. 4648 KUBE_DNS = 3; 4649 } 4650 4651 // DNSScope lists the various scopes of access to cluster DNS records. 4652 enum DNSScope { 4653 // Default value, will be inferred as cluster scope. 4654 DNS_SCOPE_UNSPECIFIED = 0; 4655 4656 // DNS records are accessible from within the cluster. 4657 CLUSTER_SCOPE = 1; 4658 4659 // DNS records are accessible from within the VPC. 4660 VPC_SCOPE = 2; 4661 } 4662 4663 // cluster_dns indicates which in-cluster DNS provider should be used. 4664 Provider cluster_dns = 1; 4665 4666 // cluster_dns_scope indicates the scope of access to cluster DNS records. 4667 DNSScope cluster_dns_scope = 2; 4668 4669 // cluster_dns_domain is the suffix used for all cluster service records. 4670 string cluster_dns_domain = 3; 4671} 4672 4673// Constraints applied to pods. 4674message MaxPodsConstraint { 4675 // Constraint enforced on the max num of pods per node. 4676 int64 max_pods_per_node = 1; 4677} 4678 4679// Configuration for the use of Kubernetes Service Accounts in GCP IAM 4680// policies. 4681message WorkloadIdentityConfig { 4682 // The workload pool to attach all Kubernetes service accounts to. 4683 string workload_pool = 2; 4684} 4685 4686// IdentityServiceConfig is configuration for Identity Service which allows 4687// customers to use external identity providers with the K8S API 4688message IdentityServiceConfig { 4689 // Whether to enable the Identity Service component 4690 bool enabled = 1; 4691} 4692 4693// Configuration for issuance of mTLS keys and certificates to Kubernetes pods. 4694message MeshCertificates { 4695 // enable_certificates controls issuance of workload mTLS certificates. 4696 // 4697 // If set, the GKE Workload Identity Certificates controller and node agent 4698 // will be deployed in the cluster, which can then be configured by creating a 4699 // WorkloadCertificateConfig Custom Resource. 4700 // 4701 // Requires Workload Identity 4702 // ([workload_pool][google.container.v1.WorkloadIdentityConfig.workload_pool] 4703 // must be non-empty). 4704 google.protobuf.BoolValue enable_certificates = 1; 4705} 4706 4707// Configuration of etcd encryption. 4708message DatabaseEncryption { 4709 // State of etcd encryption. 4710 enum State { 4711 // Should never be set 4712 UNKNOWN = 0; 4713 4714 // Secrets in etcd are encrypted. 4715 ENCRYPTED = 1; 4716 4717 // Secrets in etcd are stored in plain text (at etcd level) - this is 4718 // unrelated to Compute Engine level full disk encryption. 4719 DECRYPTED = 2; 4720 } 4721 4722 // Current State of etcd encryption. 4723 enum CurrentState { 4724 // Should never be set 4725 CURRENT_STATE_UNSPECIFIED = 0; 4726 4727 // Secrets in etcd are encrypted. 4728 CURRENT_STATE_ENCRYPTED = 7; 4729 4730 // Secrets in etcd are stored in plain text (at etcd level) - this is 4731 // unrelated to Compute Engine level full disk encryption. 4732 CURRENT_STATE_DECRYPTED = 2; 4733 4734 // Encryption (or re-encryption with a different CloudKMS key) 4735 // of Secrets is in progress. 4736 CURRENT_STATE_ENCRYPTION_PENDING = 3; 4737 4738 // Encryption (or re-encryption with a different CloudKMS key) of Secrets in 4739 // etcd encountered an error. 4740 CURRENT_STATE_ENCRYPTION_ERROR = 4; 4741 4742 // De-crypting Secrets to plain text in etcd is in progress. 4743 CURRENT_STATE_DECRYPTION_PENDING = 5; 4744 4745 // De-crypting Secrets to plain text in etcd encountered an error. 4746 CURRENT_STATE_DECRYPTION_ERROR = 6; 4747 } 4748 4749 // OperationError records errors seen from CloudKMS keys 4750 // encountered during updates to DatabaseEncryption configuration. 4751 message OperationError { 4752 // CloudKMS key resource that had the error. 4753 string key_name = 1; 4754 4755 // Description of the error seen during the operation. 4756 string error_message = 2; 4757 4758 // Time when the CloudKMS error was seen. 4759 google.protobuf.Timestamp timestamp = 3; 4760 } 4761 4762 // Name of CloudKMS key to use for the encryption of secrets in etcd. 4763 // Ex. projects/my-project/locations/global/keyRings/my-ring/cryptoKeys/my-key 4764 string key_name = 1; 4765 4766 // The desired state of etcd encryption. 4767 State state = 2; 4768 4769 // Output only. The current state of etcd encryption. 4770 optional CurrentState current_state = 3 4771 [(google.api.field_behavior) = OUTPUT_ONLY]; 4772 4773 // Output only. Keys in use by the cluster for decrypting 4774 // existing objects, in addition to the key in `key_name`. 4775 // 4776 // Each item is a CloudKMS key resource. 4777 repeated string decryption_keys = 4 4778 [(google.api.field_behavior) = OUTPUT_ONLY]; 4779 4780 // Output only. Records errors seen during DatabaseEncryption update 4781 // operations. 4782 repeated OperationError last_operation_errors = 5 4783 [(google.api.field_behavior) = OUTPUT_ONLY]; 4784} 4785 4786// ListUsableSubnetworksRequest requests the list of usable subnetworks 4787// available to a user for creating clusters. 4788message ListUsableSubnetworksRequest { 4789 // The parent project where subnetworks are usable. 4790 // Specified in the format `projects/*`. 4791 string parent = 1; 4792 4793 // Filtering currently only supports equality on the networkProjectId and must 4794 // be in the form: "networkProjectId=[PROJECTID]", where `networkProjectId` 4795 // is the project which owns the listed subnetworks. This defaults to the 4796 // parent project ID. 4797 string filter = 2; 4798 4799 // The max number of results per page that should be returned. If the number 4800 // of available results is larger than `page_size`, a `next_page_token` is 4801 // returned which can be used to get the next page of results in subsequent 4802 // requests. Acceptable values are 0 to 500, inclusive. (Default: 500) 4803 int32 page_size = 3; 4804 4805 // Specifies a page token to use. Set this to the nextPageToken returned by 4806 // previous list requests to get the next page of results. 4807 string page_token = 4; 4808} 4809 4810// ListUsableSubnetworksResponse is the response of 4811// ListUsableSubnetworksRequest. 4812message ListUsableSubnetworksResponse { 4813 // A list of usable subnetworks in the specified network project. 4814 repeated UsableSubnetwork subnetworks = 1; 4815 4816 // This token allows you to get the next page of results for list requests. 4817 // If the number of results is larger than `page_size`, use the 4818 // `next_page_token` as a value for the query parameter `page_token` in the 4819 // next request. The value will become empty when there are no more pages. 4820 string next_page_token = 2; 4821} 4822 4823// Secondary IP range of a usable subnetwork. 4824message UsableSubnetworkSecondaryRange { 4825 // Status shows the current usage of a secondary IP range. 4826 enum Status { 4827 // UNKNOWN is the zero value of the Status enum. It's not a valid status. 4828 UNKNOWN = 0; 4829 4830 // UNUSED denotes that this range is unclaimed by any cluster. 4831 UNUSED = 1; 4832 4833 // IN_USE_SERVICE denotes that this range is claimed by cluster(s) for 4834 // services. User-managed services range can be shared between clusters 4835 // within the same subnetwork. 4836 IN_USE_SERVICE = 2; 4837 4838 // IN_USE_SHAREABLE_POD denotes this range was created by the network admin 4839 // and is currently claimed by a cluster for pods. It can only be used by 4840 // other clusters as a pod range. 4841 IN_USE_SHAREABLE_POD = 3; 4842 4843 // IN_USE_MANAGED_POD denotes this range was created by GKE and is claimed 4844 // for pods. It cannot be used for other clusters. 4845 IN_USE_MANAGED_POD = 4; 4846 } 4847 4848 // The name associated with this subnetwork secondary range, used when adding 4849 // an alias IP range to a VM instance. 4850 string range_name = 1; 4851 4852 // The range of IP addresses belonging to this subnetwork secondary range. 4853 string ip_cidr_range = 2; 4854 4855 // This field is to determine the status of the secondary range programmably. 4856 Status status = 3; 4857} 4858 4859// UsableSubnetwork resource returns the subnetwork name, its associated network 4860// and the primary CIDR range. 4861message UsableSubnetwork { 4862 // Subnetwork Name. 4863 // Example: projects/my-project/regions/us-central1/subnetworks/my-subnet 4864 string subnetwork = 1; 4865 4866 // Network Name. 4867 // Example: projects/my-project/global/networks/my-network 4868 string network = 2; 4869 4870 // The range of internal addresses that are owned by this subnetwork. 4871 string ip_cidr_range = 3; 4872 4873 // Secondary IP ranges. 4874 repeated UsableSubnetworkSecondaryRange secondary_ip_ranges = 4; 4875 4876 // A human readable status message representing the reasons for cases where 4877 // the caller cannot use the secondary ranges under the subnet. For example if 4878 // the secondary_ip_ranges is empty due to a permission issue, an insufficient 4879 // permission message will be given by status_message. 4880 string status_message = 5; 4881} 4882 4883// Configuration for exporting cluster resource usages. 4884message ResourceUsageExportConfig { 4885 // Parameters for using BigQuery as the destination of resource usage export. 4886 message BigQueryDestination { 4887 // The ID of a BigQuery Dataset. 4888 string dataset_id = 1; 4889 } 4890 4891 // Parameters for controlling consumption metering. 4892 message ConsumptionMeteringConfig { 4893 // Whether to enable consumption metering for this cluster. If enabled, a 4894 // second BigQuery table will be created to hold resource consumption 4895 // records. 4896 bool enabled = 1; 4897 } 4898 4899 // Configuration to use BigQuery as usage export destination. 4900 BigQueryDestination bigquery_destination = 1; 4901 4902 // Whether to enable network egress metering for this cluster. If enabled, a 4903 // daemonset will be created in the cluster to meter network egress traffic. 4904 bool enable_network_egress_metering = 2; 4905 4906 // Configuration to enable resource consumption metering. 4907 ConsumptionMeteringConfig consumption_metering_config = 3; 4908} 4909 4910// VerticalPodAutoscaling contains global, per-cluster information 4911// required by Vertical Pod Autoscaler to automatically adjust 4912// the resources of pods controlled by it. 4913message VerticalPodAutoscaling { 4914 // Enables vertical pod autoscaling. 4915 bool enabled = 1; 4916} 4917 4918// DefaultSnatStatus contains the desired state of whether default sNAT should 4919// be disabled on the cluster. 4920message DefaultSnatStatus { 4921 // Disables cluster default sNAT rules. 4922 bool disabled = 1; 4923} 4924 4925// Configuration of Shielded Nodes feature. 4926message ShieldedNodes { 4927 // Whether Shielded Nodes features are enabled on all nodes in this cluster. 4928 bool enabled = 1; 4929} 4930 4931// Configuration of gVNIC feature. 4932message VirtualNIC { 4933 // Whether gVNIC features are enabled in the node pool. 4934 bool enabled = 1; 4935} 4936 4937// Configuration of Fast Socket feature. 4938message FastSocket { 4939 // Whether Fast Socket features are enabled in the node pool. 4940 bool enabled = 1; 4941} 4942 4943// PrivateIPv6GoogleAccess controls whether and how the pods can communicate 4944// with Google Services through gRPC over IPv6. 4945enum PrivateIPv6GoogleAccess { 4946 // Default value. Same as DISABLED 4947 PRIVATE_IPV6_GOOGLE_ACCESS_UNSPECIFIED = 0; 4948 4949 // No private access to or from Google Services 4950 PRIVATE_IPV6_GOOGLE_ACCESS_DISABLED = 1; 4951 4952 // Enables private IPv6 access to Google Services from GKE 4953 PRIVATE_IPV6_GOOGLE_ACCESS_TO_GOOGLE = 2; 4954 4955 // Enables private IPv6 access to and from Google Services 4956 PRIVATE_IPV6_GOOGLE_ACCESS_BIDIRECTIONAL = 3; 4957} 4958 4959// NotificationConfig is the configuration of notifications. 4960message NotificationConfig { 4961 // Types of notifications currently supported. Can be used to filter what 4962 // notifications are sent. 4963 enum EventType { 4964 // Not set, will be ignored. 4965 EVENT_TYPE_UNSPECIFIED = 0; 4966 4967 // Corresponds with UpgradeAvailableEvent. 4968 UPGRADE_AVAILABLE_EVENT = 1; 4969 4970 // Corresponds with UpgradeEvent. 4971 UPGRADE_EVENT = 2; 4972 4973 // Corresponds with SecurityBulletinEvent. 4974 SECURITY_BULLETIN_EVENT = 3; 4975 } 4976 4977 // Pub/Sub specific notification config. 4978 message PubSub { 4979 // Enable notifications for Pub/Sub. 4980 bool enabled = 1; 4981 4982 // The desired Pub/Sub topic to which notifications will be 4983 // sent by GKE. Format is `projects/{project}/topics/{topic}`. 4984 string topic = 2 [ 4985 (google.api.resource_reference) = { type: "pubsub.googleapis.com/Topic" } 4986 ]; 4987 4988 // Allows filtering to one or more specific event types. If no filter is 4989 // specified, or if a filter is specified with no event types, all event 4990 // types will be sent 4991 Filter filter = 3; 4992 } 4993 4994 // Allows filtering to one or more specific event types. If event types are 4995 // present, those and only those event types will be transmitted to the 4996 // cluster. Other types will be skipped. If no filter is specified, or no 4997 // event types are present, all event types will be sent 4998 message Filter { 4999 // Event types to allowlist. 5000 repeated EventType event_type = 1; 5001 } 5002 5003 // Notification config for Pub/Sub. 5004 PubSub pubsub = 1; 5005} 5006 5007// ConfidentialNodes is configuration for the confidential nodes feature, which 5008// makes nodes run on confidential VMs. 5009message ConfidentialNodes { 5010 // Whether Confidential Nodes feature is enabled. 5011 bool enabled = 1; 5012} 5013 5014// UpgradeResourceType is the resource type that is upgrading. It is used 5015// in upgrade notifications. 5016enum UpgradeResourceType { 5017 // Default value. This shouldn't be used. 5018 UPGRADE_RESOURCE_TYPE_UNSPECIFIED = 0; 5019 5020 // Master / control plane 5021 MASTER = 1; 5022 5023 // Node pool 5024 NODE_POOL = 2; 5025} 5026 5027// UpgradeEvent is a notification sent to customers by the cluster server when 5028// a resource is upgrading. 5029message UpgradeEvent { 5030 // The resource type that is upgrading. 5031 UpgradeResourceType resource_type = 1; 5032 5033 // The operation associated with this upgrade. 5034 string operation = 2; 5035 5036 // The time when the operation was started. 5037 google.protobuf.Timestamp operation_start_time = 3; 5038 5039 // The current version before the upgrade. 5040 string current_version = 4; 5041 5042 // The target version for the upgrade. 5043 string target_version = 5; 5044 5045 // Optional relative path to the resource. For example in node pool upgrades, 5046 // the relative path of the node pool. 5047 string resource = 6; 5048} 5049 5050// UpgradeAvailableEvent is a notification sent to customers when a new 5051// available version is released. 5052message UpgradeAvailableEvent { 5053 // The release version available for upgrade. 5054 string version = 1; 5055 5056 // The resource type of the release version. 5057 UpgradeResourceType resource_type = 2; 5058 5059 // The release channel of the version. If empty, it means a non-channel 5060 // release. 5061 ReleaseChannel release_channel = 3; 5062 5063 // Optional relative path to the resource. For example, the relative path of 5064 // the node pool. 5065 string resource = 4; 5066} 5067 5068// SecurityBulletinEvent is a notification sent to customers when a security 5069// bulletin has been posted that they are vulnerable to. 5070message SecurityBulletinEvent { 5071 // The resource type (node/control plane) that has the vulnerability. Multiple 5072 // notifications (1 notification per resource type) will be sent for a 5073 // vulnerability that affects > 1 resource type. 5074 string resource_type_affected = 1; 5075 5076 // The ID of the bulletin corresponding to the vulnerability. 5077 string bulletin_id = 2; 5078 5079 // The CVEs associated with this bulletin. 5080 repeated string cve_ids = 3; 5081 5082 // The severity of this bulletin as it relates to GKE. 5083 string severity = 4; 5084 5085 // The URI link to the bulletin on the website for more information. 5086 string bulletin_uri = 5; 5087 5088 // A brief description of the bulletin. See the bulletin pointed to by the 5089 // bulletin_uri field for an expanded description. 5090 string brief_description = 6; 5091 5092 // The GKE minor versions affected by this vulnerability. 5093 repeated string affected_supported_minors = 7; 5094 5095 // The GKE versions where this vulnerability is patched. 5096 repeated string patched_versions = 8; 5097 5098 // This represents a version selected from the patched_versions field that 5099 // the cluster receiving this notification should most likely want to upgrade 5100 // to based on its current version. Note that if this notification is being 5101 // received by a given cluster, it means that this version is currently 5102 // available as an upgrade target in that cluster's location. 5103 string suggested_upgrade_target = 9; 5104 5105 // If this field is specified, it means there are manual steps that the user 5106 // must take to make their clusters safe. 5107 bool manual_steps_required = 10; 5108} 5109 5110// Autopilot is the configuration for Autopilot settings on the cluster. 5111message Autopilot { 5112 // Enable Autopilot 5113 bool enabled = 1; 5114 5115 // Workload policy configuration for Autopilot. 5116 WorkloadPolicyConfig workload_policy_config = 2; 5117} 5118 5119// WorkloadPolicyConfig is the configuration of workload policy for autopilot 5120// clusters. 5121message WorkloadPolicyConfig { 5122 // If true, workloads can use NET_ADMIN capability. 5123 optional bool allow_net_admin = 1; 5124} 5125 5126// LoggingConfig is cluster logging configuration. 5127message LoggingConfig { 5128 // Logging components configuration 5129 LoggingComponentConfig component_config = 1; 5130} 5131 5132// LoggingComponentConfig is cluster logging component configuration. 5133message LoggingComponentConfig { 5134 // GKE components exposing logs 5135 enum Component { 5136 // Default value. This shouldn't be used. 5137 COMPONENT_UNSPECIFIED = 0; 5138 5139 // system components 5140 SYSTEM_COMPONENTS = 1; 5141 5142 // workloads 5143 WORKLOADS = 2; 5144 5145 // kube-apiserver 5146 APISERVER = 3; 5147 5148 // kube-scheduler 5149 SCHEDULER = 4; 5150 5151 // kube-controller-manager 5152 CONTROLLER_MANAGER = 5; 5153 } 5154 5155 // Select components to collect logs. An empty set would disable all logging. 5156 repeated Component enable_components = 1; 5157} 5158 5159// MonitoringConfig is cluster monitoring configuration. 5160message MonitoringConfig { 5161 // Monitoring components configuration 5162 MonitoringComponentConfig component_config = 1; 5163 5164 // Enable Google Cloud Managed Service for Prometheus 5165 // in the cluster. 5166 ManagedPrometheusConfig managed_prometheus_config = 2; 5167 5168 // Configuration of Advanced Datapath Observability features. 5169 AdvancedDatapathObservabilityConfig advanced_datapath_observability_config = 5170 3; 5171} 5172 5173// AdvancedDatapathObservabilityConfig specifies configuration of observability 5174// features of advanced datapath. 5175message AdvancedDatapathObservabilityConfig { 5176 // Supported Relay modes 5177 enum RelayMode { 5178 // Default value. This shouldn't be used. 5179 RELAY_MODE_UNSPECIFIED = 0; 5180 5181 // disabled 5182 DISABLED = 1; 5183 5184 // exposed via internal load balancer 5185 INTERNAL_VPC_LB = 3; 5186 5187 // exposed via external load balancer 5188 EXTERNAL_LB = 4; 5189 } 5190 5191 // Expose flow metrics on nodes 5192 bool enable_metrics = 1; 5193 5194 // Method used to make Relay available 5195 RelayMode relay_mode = 2; 5196 5197 // Enable Relay component 5198 optional bool enable_relay = 3; 5199} 5200 5201// NodePoolLoggingConfig specifies logging configuration for nodepools. 5202message NodePoolLoggingConfig { 5203 // Logging variant configuration. 5204 LoggingVariantConfig variant_config = 1; 5205} 5206 5207// LoggingVariantConfig specifies the behaviour of the logging component. 5208message LoggingVariantConfig { 5209 // Logging component variants. 5210 enum Variant { 5211 // Default value. This shouldn't be used. 5212 VARIANT_UNSPECIFIED = 0; 5213 5214 // default logging variant. 5215 DEFAULT = 1; 5216 5217 // maximum logging throughput variant. 5218 MAX_THROUGHPUT = 2; 5219 } 5220 5221 // Logging variant deployed on nodes. 5222 Variant variant = 1; 5223} 5224 5225// MonitoringComponentConfig is cluster monitoring component configuration. 5226message MonitoringComponentConfig { 5227 // GKE components exposing metrics 5228 enum Component { 5229 // Default value. This shouldn't be used. 5230 COMPONENT_UNSPECIFIED = 0; 5231 5232 // system components 5233 SYSTEM_COMPONENTS = 1; 5234 5235 // kube-apiserver 5236 APISERVER = 3; 5237 5238 // kube-scheduler 5239 SCHEDULER = 4; 5240 5241 // kube-controller-manager 5242 CONTROLLER_MANAGER = 5; 5243 5244 // Storage 5245 STORAGE = 7; 5246 5247 // Horizontal Pod Autoscaling 5248 HPA = 8; 5249 5250 // Pod 5251 POD = 9; 5252 5253 // DaemonSet 5254 DAEMONSET = 10; 5255 5256 // Deployment 5257 DEPLOYMENT = 11; 5258 5259 // Statefulset 5260 STATEFULSET = 12; 5261 } 5262 5263 // Select components to collect metrics. An empty set would disable all 5264 // monitoring. 5265 repeated Component enable_components = 1; 5266} 5267 5268// The datapath provider selects the implementation of the Kubernetes networking 5269// model for service resolution and network policy enforcement. 5270enum DatapathProvider { 5271 // Default value. 5272 DATAPATH_PROVIDER_UNSPECIFIED = 0; 5273 5274 // Use the IPTables implementation based on kube-proxy. 5275 LEGACY_DATAPATH = 1; 5276 5277 // Use the eBPF based GKE Dataplane V2 with additional features. See the [GKE 5278 // Dataplane V2 5279 // documentation](https://cloud.google.com/kubernetes-engine/docs/how-to/dataplane-v2) 5280 // for more. 5281 ADVANCED_DATAPATH = 2; 5282} 5283 5284// Strategy used for node pool update. 5285enum NodePoolUpdateStrategy { 5286 // Default value if unset. GKE internally defaults the update strategy to 5287 // SURGE for unspecified strategies. 5288 NODE_POOL_UPDATE_STRATEGY_UNSPECIFIED = 0; 5289 5290 // blue-green upgrade. 5291 BLUE_GREEN = 2; 5292 5293 // SURGE is the traditional way of upgrade a node pool. 5294 // max_surge and max_unavailable determines the level of upgrade parallelism. 5295 SURGE = 3; 5296} 5297 5298// ManagedPrometheusConfig defines the configuration for 5299// Google Cloud Managed Service for Prometheus. 5300message ManagedPrometheusConfig { 5301 // Enable Managed Collection. 5302 bool enabled = 1; 5303} 5304 5305// Fleet is the fleet configuration for the cluster. 5306message Fleet { 5307 // The Fleet host project(project ID or project number) where this cluster 5308 // will be registered to. This field cannot be changed after the cluster has 5309 // been registered. 5310 string project = 1; 5311 5312 // [Output only] The full resource name of the registered fleet membership of 5313 // the cluster, in the format 5314 // `//gkehub.googleapis.com/projects/*/locations/*/memberships/*`. 5315 string membership = 2; 5316 5317 // [Output only] Whether the cluster has been registered through the fleet 5318 // API. 5319 bool pre_registered = 3; 5320} 5321 5322// Possible values for IP stack type 5323enum StackType { 5324 // Default value, will be defaulted as IPV4 only 5325 STACK_TYPE_UNSPECIFIED = 0; 5326 5327 // Cluster is IPV4 only 5328 IPV4 = 1; 5329 5330 // Cluster can use both IPv4 and IPv6 5331 IPV4_IPV6 = 2; 5332} 5333 5334// Possible values for IPv6 access type 5335enum IPv6AccessType { 5336 // Default value, will be defaulted as type external. 5337 IPV6_ACCESS_TYPE_UNSPECIFIED = 0; 5338 5339 // Access type internal (all v6 addresses are internal IPs) 5340 INTERNAL = 1; 5341 5342 // Access type external (all v6 addresses are external IPs) 5343 EXTERNAL = 2; 5344} 5345 5346// LocalNvmeSsdBlockConfig contains configuration for using raw-block local 5347// NVMe SSDs 5348message LocalNvmeSsdBlockConfig { 5349 // Number of local NVMe SSDs to use. The limit for this value is dependent 5350 // upon the maximum number of disk available on a machine per zone. See: 5351 // https://cloud.google.com/compute/docs/disks/local-ssd 5352 // for more information. 5353 // 5354 // A zero (or unset) value has different meanings depending on machine type 5355 // being used: 5356 // 1. For pre-Gen3 machines, which support flexible numbers of local ssds, 5357 // zero (or unset) means to disable using local SSDs as ephemeral storage. 5358 // 2. For Gen3 machines which dictate a specific number of local ssds, zero 5359 // (or unset) means to use the default number of local ssds that goes with 5360 // that machine type. For example, for a c3-standard-8-lssd machine, 2 local 5361 // ssds would be provisioned. For c3-standard-8 (which doesn't support local 5362 // ssds), 0 will be provisioned. See 5363 // https://cloud.google.com/compute/docs/disks/local-ssd#choose_number_local_ssds 5364 // for more info. 5365 int32 local_ssd_count = 1; 5366} 5367 5368// EphemeralStorageLocalSsdConfig contains configuration for the node ephemeral 5369// storage using Local SSDs. 5370message EphemeralStorageLocalSsdConfig { 5371 // Number of local SSDs to use to back ephemeral storage. Uses NVMe 5372 // interfaces. 5373 // 5374 // A zero (or unset) value has different meanings depending on machine type 5375 // being used: 5376 // 1. For pre-Gen3 machines, which support flexible numbers of local ssds, 5377 // zero (or unset) means to disable using local SSDs as ephemeral storage. The 5378 // limit for this value is dependent upon the maximum number of disk 5379 // available on a machine per zone. See: 5380 // https://cloud.google.com/compute/docs/disks/local-ssd 5381 // for more information. 5382 // 2. For Gen3 machines which dictate a specific number of local ssds, zero 5383 // (or unset) means to use the default number of local ssds that goes with 5384 // that machine type. For example, for a c3-standard-8-lssd machine, 2 local 5385 // ssds would be provisioned. For c3-standard-8 (which doesn't support local 5386 // ssds), 0 will be provisioned. See 5387 // https://cloud.google.com/compute/docs/disks/local-ssd#choose_number_local_ssds 5388 // for more info. 5389 int32 local_ssd_count = 1; 5390} 5391 5392// A map of resource manager tag keys and values to be attached to the nodes 5393// for managing Compute Engine firewalls using Network Firewall Policies. 5394// Tags must be according to specifications in 5395// https://cloud.google.com/vpc/docs/tags-firewalls-overview#specifications. 5396// A maximum of 5 tag key-value pairs can be specified. 5397// Existing tags will be replaced with new values. 5398message ResourceManagerTags { 5399 // TagKeyValue must be in one of the following formats ([KEY]=[VALUE]) 5400 // 1. `tagKeys/{tag_key_id}=tagValues/{tag_value_id}` 5401 // 2. `{org_id}/{tag_key_name}={tag_value_name}` 5402 // 3. `{project_id}/{tag_key_name}={tag_value_name}` 5403 map<string, string> tags = 1; 5404} 5405 5406// EnterpriseConfig is the cluster enterprise configuration. 5407message EnterpriseConfig { 5408 // Premium tiers for GKE Cluster. 5409 enum ClusterTier { 5410 // CLUSTER_TIER_UNSPECIFIED is when cluster_tier is not set. 5411 CLUSTER_TIER_UNSPECIFIED = 0; 5412 5413 // STANDARD indicates a standard GKE cluster. 5414 STANDARD = 1; 5415 5416 // ENTERPRISE indicates a GKE Enterprise cluster. 5417 ENTERPRISE = 2; 5418 } 5419 5420 // Output only. [Output only] cluster_tier specifies the premium tier of the 5421 // cluster. 5422 ClusterTier cluster_tier = 1 [(google.api.field_behavior) = OUTPUT_ONLY]; 5423} 5424 5425// SecondaryBootDisk represents a persistent disk attached to a node 5426// with special configurations based on its mode. 5427message SecondaryBootDisk { 5428 // Mode specifies how the secondary boot disk will be used. 5429 // This triggers mode-specified logic in the control plane. 5430 enum Mode { 5431 // MODE_UNSPECIFIED is when mode is not set. 5432 MODE_UNSPECIFIED = 0; 5433 5434 // CONTAINER_IMAGE_CACHE is for using the secondary boot disk as 5435 // a container image cache. 5436 CONTAINER_IMAGE_CACHE = 1; 5437 } 5438 5439 // Disk mode (container image cache, etc.) 5440 Mode mode = 1; 5441 5442 // Fully-qualified resource ID for an existing disk image. 5443 string disk_image = 2; 5444} 5445 5446// Options for in-transit encryption. 5447enum InTransitEncryptionConfig { 5448 // Unspecified, will be inferred as default - 5449 // IN_TRANSIT_ENCRYPTION_UNSPECIFIED. 5450 IN_TRANSIT_ENCRYPTION_CONFIG_UNSPECIFIED = 0; 5451 5452 // In-transit encryption is disabled. 5453 IN_TRANSIT_ENCRYPTION_DISABLED = 1; 5454 5455 // Data in-transit is encrypted using inter-node transparent encryption. 5456 IN_TRANSIT_ENCRYPTION_INTER_NODE_TRANSPARENT = 2; 5457} 5458 5459// SecondaryBootDiskUpdateStrategy is a placeholder which will be extended 5460// in the future to define different options for updating secondary boot disks. 5461message SecondaryBootDiskUpdateStrategy {} 5462