1// Copyright 2023 Google LLC 2// 3// Licensed under the Apache License, Version 2.0 (the "License"); 4// you may not use this file except in compliance with the License. 5// You may obtain a copy of the License at 6// 7// http://www.apache.org/licenses/LICENSE-2.0 8// 9// Unless required by applicable law or agreed to in writing, software 10// distributed under the License is distributed on an "AS IS" BASIS, 11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12// See the License for the specific language governing permissions and 13// limitations under the License. 14 15syntax = "proto3"; 16 17package google.container.v1beta1; 18 19import "google/api/annotations.proto"; 20import "google/api/client.proto"; 21import "google/api/field_behavior.proto"; 22import "google/api/resource.proto"; 23import "google/protobuf/duration.proto"; 24import "google/protobuf/empty.proto"; 25import "google/protobuf/timestamp.proto"; 26import "google/protobuf/wrappers.proto"; 27import "google/rpc/code.proto"; 28import "google/rpc/status.proto"; 29import "google/type/date.proto"; 30 31option csharp_namespace = "Google.Cloud.Container.V1Beta1"; 32option go_package = "cloud.google.com/go/container/apiv1beta1/containerpb;containerpb"; 33option java_multiple_files = true; 34option java_outer_classname = "ClusterServiceProto"; 35option java_package = "com.google.container.v1beta1"; 36option php_namespace = "Google\\Cloud\\Container\\V1beta1"; 37option ruby_package = "Google::Cloud::Container::V1beta1"; 38option (google.api.resource_definition) = { 39 type: "pubsub.googleapis.com/Topic" 40 pattern: "projects/{project}/topics/{topic}" 41}; 42 43// Google Kubernetes Engine Cluster Manager v1beta1 44service ClusterManager { 45 option (google.api.default_host) = "container.googleapis.com"; 46 option (google.api.oauth_scopes) = 47 "https://www.googleapis.com/auth/cloud-platform"; 48 49 // Lists all clusters owned by a project in either the specified zone or all 50 // zones. 51 rpc ListClusters(ListClustersRequest) returns (ListClustersResponse) { 52 option (google.api.http) = { 53 get: "/v1beta1/{parent=projects/*/locations/*}/clusters" 54 additional_bindings { 55 get: "/v1beta1/projects/{project_id}/zones/{zone}/clusters" 56 } 57 }; 58 option (google.api.method_signature) = "project_id,zone"; 59 } 60 61 // Gets the details for a specific cluster. 62 rpc GetCluster(GetClusterRequest) returns (Cluster) { 63 option (google.api.http) = { 64 get: "/v1beta1/{name=projects/*/locations/*/clusters/*}" 65 additional_bindings { 66 get: "/v1beta1/projects/{project_id}/zones/{zone}/clusters/{cluster_id}" 67 } 68 }; 69 option (google.api.method_signature) = "project_id,zone,cluster_id"; 70 } 71 72 // Creates a cluster, consisting of the specified number and type of Google 73 // Compute Engine instances. 74 // 75 // By default, the cluster is created in the project's 76 // [default 77 // network](https://cloud.google.com/compute/docs/networks-and-firewalls#networks). 78 // 79 // One firewall is added for the cluster. After cluster creation, 80 // the Kubelet creates routes for each node to allow the containers 81 // on that node to communicate with all other instances in the 82 // cluster. 83 // 84 // Finally, an entry is added to the project's global metadata indicating 85 // which CIDR range the cluster is using. 86 rpc CreateCluster(CreateClusterRequest) returns (Operation) { 87 option (google.api.http) = { 88 post: "/v1beta1/{parent=projects/*/locations/*}/clusters" 89 body: "*" 90 additional_bindings { 91 post: "/v1beta1/projects/{project_id}/zones/{zone}/clusters" 92 body: "*" 93 } 94 }; 95 option (google.api.method_signature) = "project_id,zone,cluster"; 96 } 97 98 // Updates the settings for a specific cluster. 99 rpc UpdateCluster(UpdateClusterRequest) returns (Operation) { 100 option (google.api.http) = { 101 put: "/v1beta1/{name=projects/*/locations/*/clusters/*}" 102 body: "*" 103 additional_bindings { 104 put: "/v1beta1/projects/{project_id}/zones/{zone}/clusters/{cluster_id}" 105 body: "*" 106 } 107 }; 108 option (google.api.method_signature) = "project_id,zone,cluster_id,update"; 109 } 110 111 // Updates the version and/or image type of a specific node pool. 112 rpc UpdateNodePool(UpdateNodePoolRequest) returns (Operation) { 113 option (google.api.http) = { 114 put: "/v1beta1/{name=projects/*/locations/*/clusters/*/nodePools/*}" 115 body: "*" 116 additional_bindings { 117 post: "/v1beta1/projects/{project_id}/zones/{zone}/clusters/{cluster_id}/nodePools/{node_pool_id}/update" 118 body: "*" 119 } 120 }; 121 } 122 123 // Sets the autoscaling settings of a specific node pool. 124 rpc SetNodePoolAutoscaling(SetNodePoolAutoscalingRequest) 125 returns (Operation) { 126 option (google.api.http) = { 127 post: "/v1beta1/{name=projects/*/locations/*/clusters/*/nodePools/*}:setAutoscaling" 128 body: "*" 129 additional_bindings { 130 post: "/v1beta1/projects/{project_id}/zones/{zone}/clusters/{cluster_id}/nodePools/{node_pool_id}/autoscaling" 131 body: "*" 132 } 133 }; 134 } 135 136 // Sets the logging service for a specific cluster. 137 rpc SetLoggingService(SetLoggingServiceRequest) returns (Operation) { 138 option (google.api.http) = { 139 post: "/v1beta1/{name=projects/*/locations/*/clusters/*}:setLogging" 140 body: "*" 141 additional_bindings { 142 post: "/v1beta1/projects/{project_id}/zones/{zone}/clusters/{cluster_id}/logging" 143 body: "*" 144 } 145 }; 146 option (google.api.method_signature) = 147 "project_id,zone,cluster_id,logging_service"; 148 } 149 150 // Sets the monitoring service for a specific cluster. 151 rpc SetMonitoringService(SetMonitoringServiceRequest) returns (Operation) { 152 option (google.api.http) = { 153 post: "/v1beta1/{name=projects/*/locations/*/clusters/*}:setMonitoring" 154 body: "*" 155 additional_bindings { 156 post: "/v1beta1/projects/{project_id}/zones/{zone}/clusters/{cluster_id}/monitoring" 157 body: "*" 158 } 159 }; 160 option (google.api.method_signature) = 161 "project_id,zone,cluster_id,monitoring_service"; 162 } 163 164 // Sets the addons for a specific cluster. 165 rpc SetAddonsConfig(SetAddonsConfigRequest) returns (Operation) { 166 option (google.api.http) = { 167 post: "/v1beta1/{name=projects/*/locations/*/clusters/*}:setAddons" 168 body: "*" 169 additional_bindings { 170 post: "/v1beta1/projects/{project_id}/zones/{zone}/clusters/{cluster_id}/addons" 171 body: "*" 172 } 173 }; 174 option (google.api.method_signature) = 175 "project_id,zone,cluster_id,addons_config"; 176 } 177 178 // Sets the locations for a specific cluster. 179 // Deprecated. Use 180 // [projects.locations.clusters.update](https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1beta1/projects.locations.clusters/update) 181 // instead. 182 rpc SetLocations(SetLocationsRequest) returns (Operation) { 183 option deprecated = true; 184 option (google.api.http) = { 185 post: "/v1beta1/{name=projects/*/locations/*/clusters/*}:setLocations" 186 body: "*" 187 additional_bindings { 188 post: "/v1beta1/projects/{project_id}/zones/{zone}/clusters/{cluster_id}/locations" 189 body: "*" 190 } 191 }; 192 option (google.api.method_signature) = 193 "project_id,zone,cluster_id,locations"; 194 } 195 196 // Updates the master for a specific cluster. 197 rpc UpdateMaster(UpdateMasterRequest) returns (Operation) { 198 option (google.api.http) = { 199 post: "/v1beta1/{name=projects/*/locations/*/clusters/*}:updateMaster" 200 body: "*" 201 additional_bindings { 202 post: "/v1beta1/projects/{project_id}/zones/{zone}/clusters/{cluster_id}/master" 203 body: "*" 204 } 205 }; 206 option (google.api.method_signature) = 207 "project_id,zone,cluster_id,master_version"; 208 } 209 210 // Sets master auth materials. Currently supports changing the admin password 211 // or a specific cluster, either via password generation or explicitly setting 212 // the password. 213 rpc SetMasterAuth(SetMasterAuthRequest) returns (Operation) { 214 option (google.api.http) = { 215 post: "/v1beta1/{name=projects/*/locations/*/clusters/*}:setMasterAuth" 216 body: "*" 217 additional_bindings { 218 post: "/v1beta1/projects/{project_id}/zones/{zone}/clusters/{cluster_id}:setMasterAuth" 219 body: "*" 220 } 221 }; 222 } 223 224 // Deletes the cluster, including the Kubernetes endpoint and all worker 225 // nodes. 226 // 227 // Firewalls and routes that were configured during cluster creation 228 // are also deleted. 229 // 230 // Other Google Compute Engine resources that might be in use by the cluster, 231 // such as load balancer resources, are not deleted if they weren't present 232 // when the cluster was initially created. 233 rpc DeleteCluster(DeleteClusterRequest) returns (Operation) { 234 option (google.api.http) = { 235 delete: "/v1beta1/{name=projects/*/locations/*/clusters/*}" 236 additional_bindings { 237 delete: "/v1beta1/projects/{project_id}/zones/{zone}/clusters/{cluster_id}" 238 } 239 }; 240 option (google.api.method_signature) = "project_id,zone,cluster_id"; 241 } 242 243 // Lists all operations in a project in the specified zone or all zones. 244 rpc ListOperations(ListOperationsRequest) returns (ListOperationsResponse) { 245 option (google.api.http) = { 246 get: "/v1beta1/{parent=projects/*/locations/*}/operations" 247 additional_bindings { 248 get: "/v1beta1/projects/{project_id}/zones/{zone}/operations" 249 } 250 }; 251 option (google.api.method_signature) = "project_id,zone"; 252 } 253 254 // Gets the specified operation. 255 rpc GetOperation(GetOperationRequest) returns (Operation) { 256 option (google.api.http) = { 257 get: "/v1beta1/{name=projects/*/locations/*/operations/*}" 258 additional_bindings { 259 get: "/v1beta1/projects/{project_id}/zones/{zone}/operations/{operation_id}" 260 } 261 }; 262 option (google.api.method_signature) = "project_id,zone,operation_id"; 263 } 264 265 // Cancels the specified operation. 266 rpc CancelOperation(CancelOperationRequest) returns (google.protobuf.Empty) { 267 option (google.api.http) = { 268 post: "/v1beta1/{name=projects/*/locations/*/operations/*}:cancel" 269 body: "*" 270 additional_bindings { 271 post: "/v1beta1/projects/{project_id}/zones/{zone}/operations/{operation_id}:cancel" 272 body: "*" 273 } 274 }; 275 option (google.api.method_signature) = "project_id,zone,operation_id"; 276 } 277 278 // Returns configuration info about the Google Kubernetes Engine service. 279 rpc GetServerConfig(GetServerConfigRequest) returns (ServerConfig) { 280 option (google.api.http) = { 281 get: "/v1beta1/{name=projects/*/locations/*}/serverConfig" 282 additional_bindings { 283 get: "/v1beta1/projects/{project_id}/zones/{zone}/serverconfig" 284 } 285 }; 286 option (google.api.method_signature) = "project_id,zone"; 287 } 288 289 // Gets the public component of the cluster signing keys in 290 // JSON Web Key format. 291 rpc GetJSONWebKeys(GetJSONWebKeysRequest) returns (GetJSONWebKeysResponse) { 292 option (google.api.http) = { 293 get: "/v1beta1/{parent=projects/*/locations/*/clusters/*}/jwks" 294 }; 295 } 296 297 // Lists the node pools for a cluster. 298 rpc ListNodePools(ListNodePoolsRequest) returns (ListNodePoolsResponse) { 299 option (google.api.http) = { 300 get: "/v1beta1/{parent=projects/*/locations/*/clusters/*}/nodePools" 301 additional_bindings { 302 get: "/v1beta1/projects/{project_id}/zones/{zone}/clusters/{cluster_id}/nodePools" 303 } 304 }; 305 option (google.api.method_signature) = "project_id,zone,cluster_id"; 306 } 307 308 // Retrieves the requested node pool. 309 rpc GetNodePool(GetNodePoolRequest) returns (NodePool) { 310 option (google.api.http) = { 311 get: "/v1beta1/{name=projects/*/locations/*/clusters/*/nodePools/*}" 312 additional_bindings { 313 get: "/v1beta1/projects/{project_id}/zones/{zone}/clusters/{cluster_id}/nodePools/{node_pool_id}" 314 } 315 }; 316 option (google.api.method_signature) = 317 "project_id,zone,cluster_id,node_pool_id"; 318 } 319 320 // Creates a node pool for a cluster. 321 rpc CreateNodePool(CreateNodePoolRequest) returns (Operation) { 322 option (google.api.http) = { 323 post: "/v1beta1/{parent=projects/*/locations/*/clusters/*}/nodePools" 324 body: "*" 325 additional_bindings { 326 post: "/v1beta1/projects/{project_id}/zones/{zone}/clusters/{cluster_id}/nodePools" 327 body: "*" 328 } 329 }; 330 option (google.api.method_signature) = 331 "project_id,zone,cluster_id,node_pool"; 332 } 333 334 // Deletes a node pool from a cluster. 335 rpc DeleteNodePool(DeleteNodePoolRequest) returns (Operation) { 336 option (google.api.http) = { 337 delete: "/v1beta1/{name=projects/*/locations/*/clusters/*/nodePools/*}" 338 additional_bindings { 339 delete: "/v1beta1/projects/{project_id}/zones/{zone}/clusters/{cluster_id}/nodePools/{node_pool_id}" 340 } 341 }; 342 option (google.api.method_signature) = 343 "project_id,zone,cluster_id,node_pool_id"; 344 } 345 346 // CompleteNodePoolUpgrade will signal an on-going node pool upgrade to 347 // complete. 348 rpc CompleteNodePoolUpgrade(CompleteNodePoolUpgradeRequest) 349 returns (google.protobuf.Empty) { 350 option (google.api.http) = { 351 post: "/v1beta1/{name=projects/*/locations/*/clusters/*/nodePools/*}:completeUpgrade" 352 body: "*" 353 }; 354 } 355 356 // Rolls back a previously Aborted or Failed NodePool upgrade. 357 // This makes no changes if the last upgrade successfully completed. 358 rpc RollbackNodePoolUpgrade(RollbackNodePoolUpgradeRequest) 359 returns (Operation) { 360 option (google.api.http) = { 361 post: "/v1beta1/{name=projects/*/locations/*/clusters/*/nodePools/*}:rollback" 362 body: "*" 363 additional_bindings { 364 post: "/v1beta1/projects/{project_id}/zones/{zone}/clusters/{cluster_id}/nodePools/{node_pool_id}:rollback" 365 body: "*" 366 } 367 }; 368 option (google.api.method_signature) = 369 "project_id,zone,cluster_id,node_pool_id"; 370 } 371 372 // Sets the NodeManagement options for a node pool. 373 rpc SetNodePoolManagement(SetNodePoolManagementRequest) returns (Operation) { 374 option (google.api.http) = { 375 post: "/v1beta1/{name=projects/*/locations/*/clusters/*/nodePools/*}:setManagement" 376 body: "*" 377 additional_bindings { 378 post: "/v1beta1/projects/{project_id}/zones/{zone}/clusters/{cluster_id}/nodePools/{node_pool_id}/setManagement" 379 body: "*" 380 } 381 }; 382 option (google.api.method_signature) = 383 "project_id,zone,cluster_id,node_pool_id,management"; 384 } 385 386 // Sets labels on a cluster. 387 rpc SetLabels(SetLabelsRequest) returns (Operation) { 388 option (google.api.http) = { 389 post: "/v1beta1/{name=projects/*/locations/*/clusters/*}:setResourceLabels" 390 body: "*" 391 additional_bindings { 392 post: "/v1beta1/projects/{project_id}/zones/{zone}/clusters/{cluster_id}/resourceLabels" 393 body: "*" 394 } 395 }; 396 option (google.api.method_signature) = 397 "project_id,zone,cluster_id,resource_labels,label_fingerprint"; 398 } 399 400 // Enables or disables the ABAC authorization mechanism on a cluster. 401 rpc SetLegacyAbac(SetLegacyAbacRequest) returns (Operation) { 402 option (google.api.http) = { 403 post: "/v1beta1/{name=projects/*/locations/*/clusters/*}:setLegacyAbac" 404 body: "*" 405 additional_bindings { 406 post: "/v1beta1/projects/{project_id}/zones/{zone}/clusters/{cluster_id}/legacyAbac" 407 body: "*" 408 } 409 }; 410 option (google.api.method_signature) = "project_id,zone,cluster_id,enabled"; 411 } 412 413 // Starts master IP rotation. 414 rpc StartIPRotation(StartIPRotationRequest) returns (Operation) { 415 option (google.api.http) = { 416 post: "/v1beta1/{name=projects/*/locations/*/clusters/*}:startIpRotation" 417 body: "*" 418 additional_bindings { 419 post: "/v1beta1/projects/{project_id}/zones/{zone}/clusters/{cluster_id}:startIpRotation" 420 body: "*" 421 } 422 }; 423 option (google.api.method_signature) = "project_id,zone,cluster_id"; 424 } 425 426 // Completes master IP rotation. 427 rpc CompleteIPRotation(CompleteIPRotationRequest) returns (Operation) { 428 option (google.api.http) = { 429 post: "/v1beta1/{name=projects/*/locations/*/clusters/*}:completeIpRotation" 430 body: "*" 431 additional_bindings { 432 post: "/v1beta1/projects/{project_id}/zones/{zone}/clusters/{cluster_id}:completeIpRotation" 433 body: "*" 434 } 435 }; 436 option (google.api.method_signature) = "project_id,zone,cluster_id"; 437 } 438 439 // SetNodePoolSizeRequest sets the size of a node pool. The new size will be 440 // used for all replicas, including future replicas created by modifying 441 // [NodePool.locations][google.container.v1beta1.NodePool.locations]. 442 rpc SetNodePoolSize(SetNodePoolSizeRequest) returns (Operation) { 443 option (google.api.http) = { 444 post: "/v1beta1/{name=projects/*/locations/*/clusters/*/nodePools/*}:setSize" 445 body: "*" 446 additional_bindings { 447 post: "/v1beta1/projects/{project_id}/zones/{zone}/clusters/{cluster_id}/nodePools/{node_pool_id}/setSize" 448 body: "*" 449 } 450 }; 451 } 452 453 // Enables or disables Network Policy for a cluster. 454 rpc SetNetworkPolicy(SetNetworkPolicyRequest) returns (Operation) { 455 option (google.api.http) = { 456 post: "/v1beta1/{name=projects/*/locations/*/clusters/*}:setNetworkPolicy" 457 body: "*" 458 additional_bindings { 459 post: "/v1beta1/projects/{project_id}/zones/{zone}/clusters/{cluster_id}:setNetworkPolicy" 460 body: "*" 461 } 462 }; 463 option (google.api.method_signature) = 464 "project_id,zone,cluster_id,network_policy"; 465 } 466 467 // Sets the maintenance policy for a cluster. 468 rpc SetMaintenancePolicy(SetMaintenancePolicyRequest) returns (Operation) { 469 option (google.api.http) = { 470 post: "/v1beta1/{name=projects/*/locations/*/clusters/*}:setMaintenancePolicy" 471 body: "*" 472 additional_bindings { 473 post: "/v1beta1/projects/{project_id}/zones/{zone}/clusters/{cluster_id}:setMaintenancePolicy" 474 body: "*" 475 } 476 }; 477 option (google.api.method_signature) = 478 "project_id,zone,cluster_id,maintenance_policy"; 479 } 480 481 // Lists subnetworks that can be used for creating clusters in a project. 482 rpc ListUsableSubnetworks(ListUsableSubnetworksRequest) 483 returns (ListUsableSubnetworksResponse) { 484 option (google.api.http) = { 485 get: "/v1beta1/{parent=projects/*}/aggregated/usableSubnetworks" 486 }; 487 option (google.api.method_signature) = "parent"; 488 } 489 490 // Checks the cluster compatibility with Autopilot mode, and returns a list of 491 // compatibility issues. 492 rpc CheckAutopilotCompatibility(CheckAutopilotCompatibilityRequest) 493 returns (CheckAutopilotCompatibilityResponse) { 494 option (google.api.http) = { 495 get: "/v1beta1/{name=projects/*/locations/*/clusters/*}:checkAutopilotCompatibility" 496 }; 497 } 498 499 // Fetches locations that offer Google Kubernetes Engine. 500 rpc ListLocations(ListLocationsRequest) returns (ListLocationsResponse) { 501 option (google.api.http) = { 502 get: "/v1beta1/{parent=projects/*}/locations" 503 }; 504 option (google.api.method_signature) = "parent"; 505 } 506} 507 508// Parameters that can be configured on Linux nodes. 509message LinuxNodeConfig { 510 // Possible cgroup modes that can be used. 511 enum CgroupMode { 512 // CGROUP_MODE_UNSPECIFIED is when unspecified cgroup configuration is used. 513 // The default for the GKE node OS image will be used. 514 CGROUP_MODE_UNSPECIFIED = 0; 515 516 // CGROUP_MODE_V1 specifies to use cgroupv1 for the cgroup configuration on 517 // the node image. 518 CGROUP_MODE_V1 = 1; 519 520 // CGROUP_MODE_V2 specifies to use cgroupv2 for the cgroup configuration on 521 // the node image. 522 CGROUP_MODE_V2 = 2; 523 } 524 525 // The Linux kernel parameters to be applied to the nodes and all pods running 526 // on the nodes. 527 // 528 // The following parameters are supported. 529 // 530 // net.core.busy_poll 531 // net.core.busy_read 532 // net.core.netdev_max_backlog 533 // net.core.rmem_max 534 // net.core.wmem_default 535 // net.core.wmem_max 536 // net.core.optmem_max 537 // net.core.somaxconn 538 // net.ipv4.tcp_rmem 539 // net.ipv4.tcp_wmem 540 // net.ipv4.tcp_tw_reuse 541 map<string, string> sysctls = 1; 542 543 // cgroup_mode specifies the cgroup mode to be used on the node. 544 CgroupMode cgroup_mode = 2; 545} 546 547// Parameters that can be configured on Windows nodes. 548// Windows Node Config that define the parameters that will be used to 549// configure the Windows node pool settings 550message WindowsNodeConfig { 551 // Possible OS version that can be used. 552 enum OSVersion { 553 // When OSVersion is not specified 554 OS_VERSION_UNSPECIFIED = 0; 555 556 // LTSC2019 specifies to use LTSC2019 as the Windows Servercore Base Image 557 OS_VERSION_LTSC2019 = 1; 558 559 // LTSC2022 specifies to use LTSC2022 as the Windows Servercore Base Image 560 OS_VERSION_LTSC2022 = 2; 561 } 562 563 // OSVersion specifies the Windows node config to be used on the node 564 OSVersion os_version = 1; 565} 566 567// Node kubelet configs. 568message NodeKubeletConfig { 569 // Control the CPU management policy on the node. 570 // See 571 // https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/ 572 // 573 // The following values are allowed. 574 // * "none": the default, which represents the existing scheduling behavior. 575 // * "static": allows pods with certain resource characteristics to be granted 576 // increased CPU affinity and exclusivity on the node. 577 // The default value is 'none' if unspecified. 578 string cpu_manager_policy = 1; 579 580 // Enable CPU CFS quota enforcement for containers that specify CPU limits. 581 // 582 // This option is enabled by default which makes kubelet use CFS quota 583 // (https://www.kernel.org/doc/Documentation/scheduler/sched-bwc.txt) to 584 // enforce container CPU limits. Otherwise, CPU limits will not be enforced at 585 // all. 586 // 587 // Disable this option to mitigate CPU throttling problems while still having 588 // your pods to be in Guaranteed QoS class by specifying the CPU limits. 589 // 590 // The default value is 'true' if unspecified. 591 google.protobuf.BoolValue cpu_cfs_quota = 2; 592 593 // Set the CPU CFS quota period value 'cpu.cfs_period_us'. 594 // 595 // The string must be a sequence of decimal numbers, each with optional 596 // fraction and a unit suffix, such as "300ms". 597 // Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h". 598 // The value must be a positive duration. 599 string cpu_cfs_quota_period = 3; 600 601 // Set the Pod PID limits. See 602 // https://kubernetes.io/docs/concepts/policy/pid-limiting/#pod-pid-limits 603 // 604 // Controls the maximum number of processes allowed to run in a pod. The value 605 // must be greater than or equal to 1024 and less than 4194304. 606 int64 pod_pids_limit = 4; 607 608 // Enable or disable Kubelet read only port. 609 optional bool insecure_kubelet_readonly_port_enabled = 7; 610} 611 612// Parameters that describe the nodes in a cluster. 613// 614// GKE Autopilot clusters do not 615// recognize parameters in `NodeConfig`. Use 616// [AutoprovisioningNodePoolDefaults][google.container.v1beta1.AutoprovisioningNodePoolDefaults] 617// instead. 618message NodeConfig { 619 // The name of a Google Compute Engine [machine 620 // type](https://cloud.google.com/compute/docs/machine-types). 621 // 622 // If unspecified, the default machine type is 623 // `e2-medium`. 624 string machine_type = 1; 625 626 // Size of the disk attached to each node, specified in GB. 627 // The smallest allowed disk size is 10GB. 628 // 629 // If unspecified, the default disk size is 100GB. 630 int32 disk_size_gb = 2; 631 632 // The set of Google API scopes to be made available on all of the 633 // node VMs under the "default" service account. 634 // 635 // The following scopes are recommended, but not required, and by default are 636 // not included: 637 // 638 // * `https://www.googleapis.com/auth/compute` is required for mounting 639 // persistent storage on your nodes. 640 // * `https://www.googleapis.com/auth/devstorage.read_only` is required for 641 // communicating with **gcr.io** 642 // (the [Google Container 643 // Registry](https://cloud.google.com/container-registry/)). 644 // 645 // If unspecified, no scopes are added, unless Cloud Logging or Cloud 646 // Monitoring are enabled, in which case their required scopes will be added. 647 repeated string oauth_scopes = 3; 648 649 // The Google Cloud Platform Service Account to be used by the node VMs. 650 // Specify the email address of the Service Account; otherwise, if no Service 651 // Account is specified, the "default" service account is used. 652 string service_account = 9; 653 654 // The metadata key/value pairs assigned to instances in the cluster. 655 // 656 // Keys must conform to the regexp `[a-zA-Z0-9-_]+` and be less than 128 bytes 657 // in length. These are reflected as part of a URL in the metadata server. 658 // Additionally, to avoid ambiguity, keys must not conflict with any other 659 // metadata keys for the project or be one of the reserved keys: 660 // 661 // - "cluster-location" 662 // - "cluster-name" 663 // - "cluster-uid" 664 // - "configure-sh" 665 // - "containerd-configure-sh" 666 // - "enable-oslogin" 667 // - "gci-ensure-gke-docker" 668 // - "gci-metrics-enabled" 669 // - "gci-update-strategy" 670 // - "instance-template" 671 // - "kube-env" 672 // - "startup-script" 673 // - "user-data" 674 // - "disable-address-manager" 675 // - "windows-startup-script-ps1" 676 // - "common-psm1" 677 // - "k8s-node-setup-psm1" 678 // - "install-ssh-psm1" 679 // - "user-profile-psm1" 680 // 681 // Values are free-form strings, and only have meaning as interpreted by 682 // the image running in the instance. The only restriction placed on them is 683 // that each value's size must be less than or equal to 32 KB. 684 // 685 // The total size of all keys and values must be less than 512 KB. 686 map<string, string> metadata = 4; 687 688 // The image type to use for this node. Note that for a given image type, 689 // the latest version of it will be used. Please see 690 // https://cloud.google.com/kubernetes-engine/docs/concepts/node-images for 691 // available image types. 692 string image_type = 5; 693 694 // The map of Kubernetes labels (key/value pairs) to be applied to each node. 695 // These will added in addition to any default label(s) that 696 // Kubernetes may apply to the node. 697 // In case of conflict in label keys, the applied set may differ depending on 698 // the Kubernetes version -- it's best to assume the behavior is undefined 699 // and conflicts should be avoided. 700 // For more information, including usage and the valid values, see: 701 // https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ 702 map<string, string> labels = 6; 703 704 // The number of local SSD disks to be attached to the node. 705 // 706 // The limit for this value is dependent upon the maximum number of 707 // disks available on a machine per zone. See: 708 // https://cloud.google.com/compute/docs/disks/local-ssd 709 // for more information. 710 int32 local_ssd_count = 7; 711 712 // The list of instance tags applied to all nodes. Tags are used to identify 713 // valid sources or targets for network firewalls and are specified by 714 // the client during cluster or node pool creation. Each tag within the list 715 // must comply with RFC1035. 716 repeated string tags = 8; 717 718 // Whether the nodes are created as preemptible VM instances. See: 719 // https://cloud.google.com/compute/docs/instances/preemptible for more 720 // information about preemptible VM instances. 721 bool preemptible = 10; 722 723 // A list of hardware accelerators to be attached to each node. 724 // See https://cloud.google.com/compute/docs/gpus for more information about 725 // support for GPUs. 726 repeated AcceleratorConfig accelerators = 11; 727 728 // Sandbox configuration for this node. 729 SandboxConfig sandbox_config = 17; 730 731 // Setting this field will assign instances of this 732 // pool to run on the specified node group. This is useful for running 733 // workloads on [sole tenant 734 // nodes](https://cloud.google.com/compute/docs/nodes/sole-tenant-nodes). 735 string node_group = 18; 736 737 // The optional reservation affinity. Setting this field will apply 738 // the specified [Zonal Compute 739 // Reservation](https://cloud.google.com/compute/docs/instances/reserving-zonal-resources) 740 // to this node pool. 741 ReservationAffinity reservation_affinity = 19; 742 743 // Type of the disk attached to each node (e.g. 'pd-standard', 'pd-ssd' or 744 // 'pd-balanced') 745 // 746 // If unspecified, the default disk type is 'pd-standard' 747 string disk_type = 12; 748 749 // Minimum CPU platform to be used by this instance. The instance may be 750 // scheduled on the specified or newer CPU platform. Applicable values are the 751 // friendly names of CPU platforms, such as 752 // `minCpuPlatform: "Intel Haswell"` or 753 // `minCpuPlatform: "Intel Sandy Bridge"`. For more 754 // information, read [how to specify min CPU 755 // platform](https://cloud.google.com/compute/docs/instances/specify-min-cpu-platform). 756 string min_cpu_platform = 13; 757 758 // The workload metadata configuration for this node. 759 WorkloadMetadataConfig workload_metadata_config = 14; 760 761 // List of kubernetes taints to be applied to each node. 762 // 763 // For more information, including usage and the valid values, see: 764 // https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ 765 repeated NodeTaint taints = 15; 766 767 // 768 // The Customer Managed Encryption Key used to encrypt the boot disk attached 769 // to each node in the node pool. This should be of the form 770 // projects/[KEY_PROJECT_ID]/locations/[LOCATION]/keyRings/[RING_NAME]/cryptoKeys/[KEY_NAME]. 771 // For more information about protecting resources with Cloud KMS Keys please 772 // see: 773 // https://cloud.google.com/compute/docs/disks/customer-managed-encryption 774 string boot_disk_kms_key = 23; 775 776 // Shielded Instance options. 777 ShieldedInstanceConfig shielded_instance_config = 20; 778 779 // Parameters that can be configured on Linux nodes. 780 LinuxNodeConfig linux_node_config = 21; 781 782 // Node kubelet configs. 783 NodeKubeletConfig kubelet_config = 22; 784 785 // Parameters for the ephemeral storage filesystem. 786 // If unspecified, ephemeral storage is backed by the boot disk. 787 EphemeralStorageConfig ephemeral_storage_config = 24; 788 789 // GCFS (Google Container File System) configs. 790 GcfsConfig gcfs_config = 25; 791 792 // Advanced features for the Compute Engine VM. 793 AdvancedMachineFeatures advanced_machine_features = 26; 794 795 // Enable or disable gvnic on the node pool. 796 VirtualNIC gvnic = 29; 797 798 // Spot flag for enabling Spot VM, which is a rebrand of 799 // the existing preemptible flag. 800 bool spot = 32; 801 802 // Confidential nodes config. 803 // All the nodes in the node pool will be Confidential VM once enabled. 804 ConfidentialNodes confidential_nodes = 35; 805 806 // Enable or disable NCCL fast socket for the node pool. 807 optional FastSocket fast_socket = 36; 808 809 // The resource labels for the node pool to use to annotate any related 810 // Google Compute Engine resources. 811 map<string, string> resource_labels = 37; 812 813 // Logging configuration. 814 NodePoolLoggingConfig logging_config = 38; 815 816 // Parameters that can be configured on Windows nodes. 817 WindowsNodeConfig windows_node_config = 39; 818 819 // Parameters for using raw-block Local NVMe SSDs. 820 LocalNvmeSsdBlockConfig local_nvme_ssd_block_config = 40; 821 822 // Parameters for the node ephemeral storage using Local SSDs. 823 // If unspecified, ephemeral storage is backed by the boot disk. 824 // This field is functionally equivalent to the ephemeral_storage_config 825 EphemeralStorageLocalSsdConfig ephemeral_storage_local_ssd_config = 41; 826 827 // Parameters for node pools to be backed by shared sole tenant node groups. 828 SoleTenantConfig sole_tenant_config = 42; 829 830 // HostMaintenancePolicy contains the desired maintenance policy for the 831 // Google Compute Engine hosts. 832 HostMaintenancePolicy host_maintenance_policy = 44; 833 834 // A map of resource manager tag keys and values to be attached to the nodes. 835 ResourceManagerTags resource_manager_tags = 45; 836 837 // Optional. Reserved for future use. 838 bool enable_confidential_storage = 46 839 [(google.api.field_behavior) = OPTIONAL]; 840 841 // List of secondary boot disks attached to the nodes. 842 repeated SecondaryBootDisk secondary_boot_disks = 48; 843 844 // Secondary boot disk update strategy. 845 optional SecondaryBootDiskUpdateStrategy secondary_boot_disk_update_strategy = 846 50; 847} 848 849// Specifies options for controlling advanced machine features. 850message AdvancedMachineFeatures { 851 // The number of threads per physical core. To disable simultaneous 852 // multithreading (SMT) set this to 1. If unset, the maximum number of threads 853 // supported per core by the underlying processor is assumed. 854 optional int64 threads_per_core = 1; 855} 856 857// Parameters for node pool-level network config. 858message NodeNetworkConfig { 859 // Configuration of all network bandwidth tiers 860 message NetworkPerformanceConfig { 861 // Node network tier 862 enum Tier { 863 // Default value 864 TIER_UNSPECIFIED = 0; 865 866 // Higher bandwidth, actual values based on VM size. 867 TIER_1 = 1; 868 } 869 870 // Specifies the total network bandwidth tier for the NodePool. 871 optional Tier total_egress_bandwidth_tier = 1; 872 873 // Specifies the network bandwidth tier for the NodePool for traffic to 874 // external/public IP addresses. 875 optional Tier external_ip_egress_bandwidth_tier = 2; 876 } 877 878 // Input only. Whether to create a new range for pod IPs in this node pool. 879 // Defaults are provided for `pod_range` and `pod_ipv4_cidr_block` if they 880 // are not specified. 881 // 882 // If neither `create_pod_range` or `pod_range` are specified, the 883 // cluster-level default (`ip_allocation_policy.cluster_ipv4_cidr_block`) is 884 // used. 885 // 886 // Only applicable if `ip_allocation_policy.use_ip_aliases` is true. 887 // 888 // This field cannot be changed after the node pool has been created. 889 bool create_pod_range = 4 [(google.api.field_behavior) = INPUT_ONLY]; 890 891 // The ID of the secondary range for pod IPs. 892 // If `create_pod_range` is true, this ID is used for the new range. 893 // If `create_pod_range` is false, uses an existing secondary range with this 894 // ID. 895 // 896 // Only applicable if `ip_allocation_policy.use_ip_aliases` is true. 897 // 898 // This field cannot be changed after the node pool has been created. 899 string pod_range = 5; 900 901 // The IP address range for pod IPs in this node pool. 902 // 903 // Only applicable if `create_pod_range` is true. 904 // 905 // Set to blank to have a range chosen with the default size. 906 // 907 // Set to /netmask (e.g. `/14`) to have a range chosen with a specific 908 // netmask. 909 // 910 // Set to a 911 // [CIDR](https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing) 912 // notation (e.g. `10.96.0.0/14`) to pick a specific range to use. 913 // 914 // Only applicable if `ip_allocation_policy.use_ip_aliases` is true. 915 // 916 // This field cannot be changed after the node pool has been created. 917 string pod_ipv4_cidr_block = 6; 918 919 // Whether nodes have internal IP addresses only. 920 // If enable_private_nodes is not specified, then the value is derived from 921 // [cluster.privateClusterConfig.enablePrivateNodes][google.container.v1beta1.PrivateClusterConfig.enablePrivateNodes] 922 optional bool enable_private_nodes = 9; 923 924 // Network bandwidth tier configuration. 925 optional NetworkPerformanceConfig network_performance_config = 11; 926 927 // [PRIVATE FIELD] 928 // Pod CIDR size overprovisioning config for the nodepool. 929 // 930 // Pod CIDR size per node depends on max_pods_per_node. By default, the value 931 // of max_pods_per_node is rounded off to next power of 2 and we then double 932 // that to get the size of pod CIDR block per node. 933 // Example: max_pods_per_node of 30 would result in 64 IPs (/26). 934 // 935 // This config can disable the doubling of IPs (we still round off to next 936 // power of 2) 937 // Example: max_pods_per_node of 30 will result in 32 IPs (/27) when 938 // overprovisioning is disabled. 939 PodCIDROverprovisionConfig pod_cidr_overprovision_config = 13; 940 941 // We specify the additional node networks for this node pool using this list. 942 // Each node network corresponds to an additional interface 943 repeated AdditionalNodeNetworkConfig additional_node_network_configs = 14; 944 945 // We specify the additional pod networks for this node pool using this list. 946 // Each pod network corresponds to an additional alias IP range for the node 947 repeated AdditionalPodNetworkConfig additional_pod_network_configs = 15; 948 949 // Output only. [Output only] The utilization of the IPv4 range for the pod. 950 // The ratio is Usage/[Total number of IPs in the secondary range], 951 // Usage=numNodes*numZones*podIPsPerNode. 952 double pod_ipv4_range_utilization = 16 953 [(google.api.field_behavior) = OUTPUT_ONLY]; 954} 955 956// AdditionalNodeNetworkConfig is the configuration for additional node networks 957// within the NodeNetworkConfig message 958message AdditionalNodeNetworkConfig { 959 // Name of the VPC where the additional interface belongs 960 string network = 1; 961 962 // Name of the subnetwork where the additional interface belongs 963 string subnetwork = 2; 964} 965 966// AdditionalPodNetworkConfig is the configuration for additional pod networks 967// within the NodeNetworkConfig message 968message AdditionalPodNetworkConfig { 969 // Name of the subnetwork where the additional pod network belongs 970 string subnetwork = 1; 971 972 // The name of the secondary range on the subnet which provides IP address for 973 // this pod range 974 string secondary_pod_range = 2; 975 976 // The maximum number of pods per node which use this pod network 977 optional MaxPodsConstraint max_pods_per_node = 3; 978} 979 980// A set of Shielded Instance options. 981message ShieldedInstanceConfig { 982 // Defines whether the instance has Secure Boot enabled. 983 // 984 // Secure Boot helps ensure that the system only runs authentic software by 985 // verifying the digital signature of all boot components, and halting the 986 // boot process if signature verification fails. 987 bool enable_secure_boot = 1; 988 989 // Defines whether the instance has integrity monitoring enabled. 990 // 991 // Enables monitoring and attestation of the boot integrity of the instance. 992 // The attestation is performed against the integrity policy baseline. This 993 // baseline is initially derived from the implicitly trusted boot image when 994 // the instance is created. 995 bool enable_integrity_monitoring = 2; 996} 997 998// SandboxConfig contains configurations of the sandbox to use for the node. 999message SandboxConfig { 1000 // Possible types of sandboxes. 1001 enum Type { 1002 // Default value. This should not be used. 1003 UNSPECIFIED = 0; 1004 1005 // Run sandbox using gvisor. 1006 GVISOR = 1; 1007 } 1008 1009 // Type of the sandbox to use for the node (e.g. 'gvisor') 1010 string sandbox_type = 1 [deprecated = true]; 1011 1012 // Type of the sandbox to use for the node. 1013 Type type = 2; 1014} 1015 1016// EphemeralStorageConfig contains configuration for the ephemeral storage 1017// filesystem. 1018message EphemeralStorageConfig { 1019 // Number of local SSDs to use to back ephemeral storage. Uses NVMe 1020 // interfaces. The limit for this value is dependent upon the maximum number 1021 // of disk available on a machine per zone. See: 1022 // https://cloud.google.com/compute/docs/disks/local-ssd 1023 // for more information. 1024 // 1025 // A zero (or unset) value has different meanings depending on machine type 1026 // being used: 1027 // 1. For pre-Gen3 machines, which support flexible numbers of local ssds, 1028 // zero (or unset) means to disable using local SSDs as ephemeral storage. 1029 // 2. For Gen3 machines which dictate a specific number of local ssds, zero 1030 // (or unset) means to use the default number of local ssds that goes with 1031 // that machine type. For example, for a c3-standard-8-lssd machine, 2 local 1032 // ssds would be provisioned. For c3-standard-8 (which doesn't support local 1033 // ssds), 0 will be provisioned. See 1034 // https://cloud.google.com/compute/docs/disks/local-ssd#choose_number_local_ssds 1035 // for more info. 1036 int32 local_ssd_count = 1; 1037} 1038 1039// LocalNvmeSsdBlockConfig contains configuration for using raw-block local 1040// NVMe SSDs 1041message LocalNvmeSsdBlockConfig { 1042 // Number of local NVMe SSDs to use. The limit for this value is dependent 1043 // upon the maximum number of disk available on a machine per zone. See: 1044 // https://cloud.google.com/compute/docs/disks/local-ssd 1045 // for more information. 1046 // 1047 // A zero (or unset) value has different meanings depending on machine type 1048 // being used: 1049 // 1. For pre-Gen3 machines, which support flexible numbers of local ssds, 1050 // zero (or unset) means to disable using local SSDs as ephemeral storage. 1051 // 2. For Gen3 machines which dictate a specific number of local ssds, zero 1052 // (or unset) means to use the default number of local ssds that goes with 1053 // that machine type. For example, for a c3-standard-8-lssd machine, 2 local 1054 // ssds would be provisioned. For c3-standard-8 (which doesn't support local 1055 // ssds), 0 will be provisioned. See 1056 // https://cloud.google.com/compute/docs/disks/local-ssd#choose_number_local_ssds 1057 // for more info. 1058 int32 local_ssd_count = 1; 1059} 1060 1061// EphemeralStorageLocalSsdConfig contains configuration for the node ephemeral 1062// storage using Local SSDs. 1063message EphemeralStorageLocalSsdConfig { 1064 // Number of local SSDs to use to back ephemeral storage. Uses NVMe 1065 // interfaces. 1066 // 1067 // A zero (or unset) value has different meanings depending on machine type 1068 // being used: 1069 // 1. For pre-Gen3 machines, which support flexible numbers of local ssds, 1070 // zero (or unset) means to disable using local SSDs as ephemeral storage. The 1071 // limit for this value is dependent upon the maximum number of disk 1072 // available on a machine per zone. See: 1073 // https://cloud.google.com/compute/docs/disks/local-ssd 1074 // for more information. 1075 // 2. For Gen3 machines which dictate a specific number of local ssds, zero 1076 // (or unset) means to use the default number of local ssds that goes with 1077 // that machine type. For example, for a c3-standard-8-lssd machine, 2 local 1078 // ssds would be provisioned. For c3-standard-8 (which doesn't support local 1079 // ssds), 0 will be provisioned. See 1080 // https://cloud.google.com/compute/docs/disks/local-ssd#choose_number_local_ssds 1081 // for more info. 1082 int32 local_ssd_count = 1; 1083} 1084 1085// GcfsConfig contains configurations of Google Container File System. 1086message GcfsConfig { 1087 // Whether to use GCFS. 1088 bool enabled = 1; 1089} 1090 1091// [ReservationAffinity](https://cloud.google.com/compute/docs/instances/reserving-zonal-resources) 1092// is the configuration of desired reservation which instances could take 1093// capacity from. 1094message ReservationAffinity { 1095 // Indicates whether to consume capacity from a reservation or not. 1096 enum Type { 1097 // Default value. This should not be used. 1098 UNSPECIFIED = 0; 1099 1100 // Do not consume from any reserved capacity. 1101 NO_RESERVATION = 1; 1102 1103 // Consume any reservation available. 1104 ANY_RESERVATION = 2; 1105 1106 // Must consume from a specific reservation. Must specify key value fields 1107 // for specifying the reservations. 1108 SPECIFIC_RESERVATION = 3; 1109 } 1110 1111 // Corresponds to the type of reservation consumption. 1112 Type consume_reservation_type = 1; 1113 1114 // Corresponds to the label key of a reservation resource. To target a 1115 // SPECIFIC_RESERVATION by name, specify 1116 // "compute.googleapis.com/reservation-name" as the key and specify the name 1117 // of your reservation as its value. 1118 string key = 2; 1119 1120 // Corresponds to the label value(s) of reservation resource(s). 1121 repeated string values = 3; 1122} 1123 1124// SoleTenantConfig contains the NodeAffinities to specify what shared sole 1125// tenant node groups should back the node pool. 1126message SoleTenantConfig { 1127 // Specifies the NodeAffinity key, values, and affinity operator according to 1128 // [shared sole tenant node group 1129 // affinities](https://cloud.google.com/compute/docs/nodes/sole-tenant-nodes#node_affinity_and_anti-affinity). 1130 message NodeAffinity { 1131 // Operator allows user to specify affinity or anti-affinity for the 1132 // given key values. 1133 enum Operator { 1134 // Invalid or unspecified affinity operator. 1135 OPERATOR_UNSPECIFIED = 0; 1136 1137 // Affinity operator. 1138 IN = 1; 1139 1140 // Anti-affinity operator. 1141 NOT_IN = 2; 1142 } 1143 1144 // Key for NodeAffinity. 1145 string key = 1; 1146 1147 // Operator for NodeAffinity. 1148 Operator operator = 2; 1149 1150 // Values for NodeAffinity. 1151 repeated string values = 3; 1152 } 1153 1154 // NodeAffinities used to match to a shared sole tenant node group. 1155 repeated NodeAffinity node_affinities = 1; 1156} 1157 1158// HostMaintenancePolicy contains the maintenance policy for the hosts on which 1159// the GKE VMs run on. 1160message HostMaintenancePolicy { 1161 // Allows selecting how infrastructure upgrades should be applied to the 1162 // cluster or node pool. 1163 enum MaintenanceInterval { 1164 // The maintenance interval is not explicitly specified. 1165 MAINTENANCE_INTERVAL_UNSPECIFIED = 0; 1166 1167 // Nodes are eligible to receive infrastructure and hypervisor updates as 1168 // they become available. This may result in more maintenance operations 1169 // (live migrations or terminations) for the node than the PERIODIC option. 1170 AS_NEEDED = 1; 1171 1172 // Nodes receive infrastructure and hypervisor updates on a periodic basis, 1173 // minimizing the number of maintenance operations (live migrations or 1174 // terminations) on an individual VM. This may mean underlying VMs will 1175 // take longer to receive an update than if it was configured for 1176 // AS_NEEDED. Security updates will still be applied as soon 1177 // as they are available. 1178 PERIODIC = 2; 1179 } 1180 1181 // Strategy that will trigger maintenance on behalf of the customer. 1182 message OpportunisticMaintenanceStrategy { 1183 // The amount of time that a node can remain idle (no customer owned 1184 // workloads running), before triggering maintenance. 1185 optional google.protobuf.Duration node_idle_time_window = 1; 1186 1187 // The window of time that opportunistic maintenance can run. Example: A 1188 // setting of 14 days implies that opportunistic maintenance can only be ran 1189 // in the 2 weeks leading up to the scheduled maintenance date. Setting 28 1190 // days allows opportunistic maintenance to run at any time in the scheduled 1191 // maintenance window (all `PERIODIC` maintenance is set 28 days in 1192 // advance). 1193 optional google.protobuf.Duration maintenance_availability_window = 2; 1194 1195 // The minimum nodes required to be available in a pool. Blocks maintenance 1196 // if it would cause the number of running nodes to dip below this value. 1197 optional int64 min_nodes_per_pool = 3; 1198 } 1199 1200 // Specifies the frequency of planned maintenance events. 1201 optional MaintenanceInterval maintenance_interval = 1; 1202 1203 // Set of host maintenance strategies available to the customer, all require 1204 // the maintenance_interval to be PERIODIC. If no strategy is set, and the 1205 // interval is periodic, customer will be expected to trigger maintenance 1206 // manually or let maintenance trigger at its initial scheduled time. 1207 oneof maintenance_strategy { 1208 // Strategy that will trigger maintenance on behalf of the customer. 1209 OpportunisticMaintenanceStrategy opportunistic_maintenance_strategy = 2; 1210 } 1211} 1212 1213// Kubernetes taint is composed of three fields: key, value, and effect. Effect 1214// can only be one of three types: NoSchedule, PreferNoSchedule or NoExecute. 1215// 1216// See 1217// [here](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration) 1218// for more information, including usage and the valid values. 1219message NodeTaint { 1220 // Possible values for Effect in taint. 1221 enum Effect { 1222 // Not set 1223 EFFECT_UNSPECIFIED = 0; 1224 1225 // NoSchedule 1226 NO_SCHEDULE = 1; 1227 1228 // PreferNoSchedule 1229 PREFER_NO_SCHEDULE = 2; 1230 1231 // NoExecute 1232 NO_EXECUTE = 3; 1233 } 1234 1235 // Key for taint. 1236 string key = 1; 1237 1238 // Value for taint. 1239 string value = 2; 1240 1241 // Effect for taint. 1242 Effect effect = 3; 1243} 1244 1245// Collection of Kubernetes [node 1246// taints](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration). 1247message NodeTaints { 1248 // List of node taints. 1249 repeated NodeTaint taints = 1; 1250} 1251 1252// Collection of node-level [Kubernetes 1253// labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels). 1254message NodeLabels { 1255 // Map of node label keys and node label values. 1256 map<string, string> labels = 1; 1257} 1258 1259// Collection of [GCP 1260// labels](https://cloud.google.com/resource-manager/docs/creating-managing-labels). 1261message ResourceLabels { 1262 // Map of node label keys and node label values. 1263 map<string, string> labels = 1; 1264} 1265 1266// Collection of Compute Engine network tags that can be applied to a node's 1267// underlying VM instance. (See `tags` field in 1268// [`NodeConfig`](/kubernetes-engine/docs/reference/rest/v1/NodeConfig)). 1269message NetworkTags { 1270 // List of network tags. 1271 repeated string tags = 1; 1272} 1273 1274// The authentication information for accessing the master endpoint. 1275// Authentication can be done using HTTP basic auth or using client 1276// certificates. 1277message MasterAuth { 1278 // The username to use for HTTP basic authentication to the master endpoint. 1279 // For clusters v1.6.0 and later, basic authentication can be disabled by 1280 // leaving username unspecified (or setting it to the empty string). 1281 // 1282 // Warning: basic authentication is deprecated, and will be removed in GKE 1283 // control plane versions 1.19 and newer. For a list of recommended 1284 // authentication methods, see: 1285 // https://cloud.google.com/kubernetes-engine/docs/how-to/api-server-authentication 1286 string username = 1 [deprecated = true]; 1287 1288 // The password to use for HTTP basic authentication to the master endpoint. 1289 // Because the master endpoint is open to the Internet, you should create a 1290 // strong password. If a password is provided for cluster creation, username 1291 // must be non-empty. 1292 // 1293 // Warning: basic authentication is deprecated, and will be removed in GKE 1294 // control plane versions 1.19 and newer. For a list of recommended 1295 // authentication methods, see: 1296 // https://cloud.google.com/kubernetes-engine/docs/how-to/api-server-authentication 1297 string password = 2 [deprecated = true]; 1298 1299 // Configuration for client certificate authentication on the cluster. For 1300 // clusters before v1.12, if no configuration is specified, a client 1301 // certificate is issued. 1302 ClientCertificateConfig client_certificate_config = 3; 1303 1304 string cluster_ca_certificate = 100; 1305 1306 // [Output only] Base64-encoded public certificate used by clients to 1307 // authenticate to the cluster endpoint. 1308 string client_certificate = 101; 1309 1310 // [Output only] Base64-encoded private key used by clients to authenticate 1311 // to the cluster endpoint. 1312 string client_key = 102; 1313} 1314 1315// Configuration for client certificates on the cluster. 1316message ClientCertificateConfig { 1317 // Issue a client certificate. 1318 bool issue_client_certificate = 1; 1319} 1320 1321// Configuration for the addons that can be automatically spun up in the 1322// cluster, enabling additional functionality. 1323message AddonsConfig { 1324 // Configuration for the HTTP (L7) load balancing controller addon, which 1325 // makes it easy to set up HTTP load balancers for services in a cluster. 1326 HttpLoadBalancing http_load_balancing = 1; 1327 1328 // Configuration for the horizontal pod autoscaling feature, which 1329 // increases or decreases the number of replica pods a replication controller 1330 // has based on the resource usage of the existing pods. 1331 HorizontalPodAutoscaling horizontal_pod_autoscaling = 2; 1332 1333 // Configuration for the Kubernetes Dashboard. 1334 // This addon is deprecated, and will be disabled in 1.15. It is recommended 1335 // to use the Cloud Console to manage and monitor your Kubernetes clusters, 1336 // workloads and applications. For more information, see: 1337 // https://cloud.google.com/kubernetes-engine/docs/concepts/dashboards 1338 KubernetesDashboard kubernetes_dashboard = 3 [deprecated = true]; 1339 1340 // Configuration for NetworkPolicy. This only tracks whether the addon 1341 // is enabled or not on the Master, it does not track whether network policy 1342 // is enabled for the nodes. 1343 NetworkPolicyConfig network_policy_config = 4; 1344 1345 // Configuration for Istio, an open platform to connect, manage, and secure 1346 // microservices. 1347 IstioConfig istio_config = 5 [deprecated = true]; 1348 1349 // Configuration for the Cloud Run addon. The `IstioConfig` addon must be 1350 // enabled in order to enable Cloud Run addon. This option can only be enabled 1351 // at cluster creation time. 1352 CloudRunConfig cloud_run_config = 7; 1353 1354 // Configuration for NodeLocalDNS, a dns cache running on cluster nodes 1355 DnsCacheConfig dns_cache_config = 8; 1356 1357 // Configuration for the ConfigConnector add-on, a Kubernetes 1358 // extension to manage hosted GCP services through the Kubernetes API 1359 ConfigConnectorConfig config_connector_config = 10; 1360 1361 // Configuration for the Compute Engine Persistent Disk CSI driver. 1362 GcePersistentDiskCsiDriverConfig gce_persistent_disk_csi_driver_config = 11; 1363 1364 // Configuration for the KALM addon, which manages the lifecycle of k8s 1365 // applications. 1366 KalmConfig kalm_config = 12 [deprecated = true]; 1367 1368 // Configuration for the GCP Filestore CSI driver. 1369 GcpFilestoreCsiDriverConfig gcp_filestore_csi_driver_config = 14; 1370 1371 // Configuration for the Backup for GKE agent addon. 1372 GkeBackupAgentConfig gke_backup_agent_config = 16; 1373 1374 // Configuration for the Cloud Storage Fuse CSI driver. 1375 GcsFuseCsiDriverConfig gcs_fuse_csi_driver_config = 17; 1376 1377 // Optional. Configuration for the StatefulHA add-on. 1378 StatefulHAConfig stateful_ha_config = 18 1379 [(google.api.field_behavior) = OPTIONAL]; 1380} 1381 1382// Configuration options for the HTTP (L7) load balancing controller addon, 1383// which makes it easy to set up HTTP load balancers for services in a cluster. 1384message HttpLoadBalancing { 1385 // Whether the HTTP Load Balancing controller is enabled in the cluster. 1386 // When enabled, it runs a small pod in the cluster that manages the load 1387 // balancers. 1388 bool disabled = 1; 1389} 1390 1391// Configuration options for the horizontal pod autoscaling feature, which 1392// increases or decreases the number of replica pods a replication controller 1393// has based on the resource usage of the existing pods. 1394message HorizontalPodAutoscaling { 1395 // Whether the Horizontal Pod Autoscaling feature is enabled in the cluster. 1396 // When enabled, it ensures that metrics are collected into Stackdriver 1397 // Monitoring. 1398 bool disabled = 1; 1399} 1400 1401// Configuration for the Kubernetes Dashboard. 1402message KubernetesDashboard { 1403 // Whether the Kubernetes Dashboard is enabled for this cluster. 1404 bool disabled = 1; 1405} 1406 1407// Configuration for NetworkPolicy. This only tracks whether the addon 1408// is enabled or not on the Master, it does not track whether network policy 1409// is enabled for the nodes. 1410message NetworkPolicyConfig { 1411 // Whether NetworkPolicy is enabled for this cluster. 1412 bool disabled = 1; 1413} 1414 1415// Configuration for NodeLocal DNSCache 1416message DnsCacheConfig { 1417 // Whether NodeLocal DNSCache is enabled for this cluster. 1418 bool enabled = 1; 1419} 1420 1421// Configuration options for the KALM addon. 1422message KalmConfig { 1423 // Whether KALM is enabled for this cluster. 1424 bool enabled = 1 [deprecated = true]; 1425} 1426 1427// Configuration for the Backup for GKE Agent. 1428message GkeBackupAgentConfig { 1429 // Whether the Backup for GKE agent is enabled for this cluster. 1430 bool enabled = 1; 1431} 1432 1433// Configuration for the Stateful HA add-on. 1434message StatefulHAConfig { 1435 // Whether the Stateful HA add-on is enabled for this cluster. 1436 bool enabled = 1; 1437} 1438 1439// Configuration options for the Config Connector add-on. 1440message ConfigConnectorConfig { 1441 // Whether Cloud Connector is enabled for this cluster. 1442 bool enabled = 1; 1443} 1444 1445// Configuration for the Compute Engine PD CSI driver. 1446message GcePersistentDiskCsiDriverConfig { 1447 // Whether the Compute Engine PD CSI driver is enabled for this cluster. 1448 bool enabled = 1; 1449} 1450 1451// Configuration for the GCP Filestore CSI driver. 1452message GcpFilestoreCsiDriverConfig { 1453 // Whether the GCP Filestore CSI driver is enabled for this cluster. 1454 bool enabled = 1; 1455} 1456 1457// Configuration for the Cloud Storage Fuse CSI driver. 1458message GcsFuseCsiDriverConfig { 1459 // Whether the Cloud Storage Fuse CSI driver is enabled for this cluster. 1460 bool enabled = 1; 1461} 1462 1463// Configuration for controlling master global access settings. 1464message PrivateClusterMasterGlobalAccessConfig { 1465 // Whenever master is accessible globally or not. 1466 bool enabled = 1; 1467} 1468 1469// Configuration options for private clusters. 1470message PrivateClusterConfig { 1471 // Whether nodes have internal IP addresses only. If enabled, all nodes are 1472 // given only RFC 1918 private addresses and communicate with the master via 1473 // private networking. 1474 bool enable_private_nodes = 1; 1475 1476 // Whether the master's internal IP address is used as the cluster endpoint. 1477 bool enable_private_endpoint = 2; 1478 1479 // The IP range in CIDR notation to use for the hosted master network. This 1480 // range will be used for assigning internal IP addresses to the master or 1481 // set of masters, as well as the ILB VIP. This range must not overlap with 1482 // any other ranges in use within the cluster's network. 1483 string master_ipv4_cidr_block = 3; 1484 1485 // Output only. The internal IP address of this cluster's master endpoint. 1486 string private_endpoint = 4; 1487 1488 // Output only. The external IP address of this cluster's master endpoint. 1489 string public_endpoint = 5; 1490 1491 // Output only. The peering name in the customer VPC used by this cluster. 1492 string peering_name = 7; 1493 1494 // Controls master global access settings. 1495 PrivateClusterMasterGlobalAccessConfig master_global_access_config = 8; 1496 1497 // Subnet to provision the master's private endpoint during cluster creation. 1498 // Specified in projects/*/regions/*/subnetworks/* format. 1499 string private_endpoint_subnetwork = 10; 1500} 1501 1502// Configuration options for Istio addon. 1503message IstioConfig { 1504 // Istio auth mode, https://istio.io/docs/concepts/security/mutual-tls.html 1505 enum IstioAuthMode { 1506 // auth not enabled 1507 AUTH_NONE = 0; 1508 1509 // auth mutual TLS enabled 1510 AUTH_MUTUAL_TLS = 1; 1511 } 1512 1513 // Whether Istio is enabled for this cluster. 1514 bool disabled = 1 [deprecated = true]; 1515 1516 // The specified Istio auth mode, either none, or mutual TLS. 1517 IstioAuthMode auth = 2 [deprecated = true]; 1518} 1519 1520// Configuration options for the Cloud Run feature. 1521message CloudRunConfig { 1522 // Load balancer type of ingress service of Cloud Run. 1523 enum LoadBalancerType { 1524 // Load balancer type for Cloud Run is unspecified. 1525 LOAD_BALANCER_TYPE_UNSPECIFIED = 0; 1526 1527 // Install external load balancer for Cloud Run. 1528 LOAD_BALANCER_TYPE_EXTERNAL = 1; 1529 1530 // Install internal load balancer for Cloud Run. 1531 LOAD_BALANCER_TYPE_INTERNAL = 2; 1532 } 1533 1534 // Whether Cloud Run addon is enabled for this cluster. 1535 bool disabled = 1; 1536 1537 // Which load balancer type is installed for Cloud Run. 1538 LoadBalancerType load_balancer_type = 3; 1539} 1540 1541// Configuration options for the master authorized networks feature. Enabled 1542// master authorized networks will disallow all external traffic to access 1543// Kubernetes master through HTTPS except traffic from the given CIDR blocks, 1544// Google Compute Engine Public IPs and Google Prod IPs. 1545message MasterAuthorizedNetworksConfig { 1546 // CidrBlock contains an optional name and one CIDR block. 1547 message CidrBlock { 1548 // display_name is an optional field for users to identify CIDR blocks. 1549 string display_name = 1; 1550 1551 // cidr_block must be specified in CIDR notation. 1552 string cidr_block = 2; 1553 } 1554 1555 // Whether or not master authorized networks is enabled. 1556 bool enabled = 1; 1557 1558 // cidr_blocks define up to 10 external networks that could access 1559 // Kubernetes master through HTTPS. 1560 repeated CidrBlock cidr_blocks = 2; 1561 1562 // Whether master is accessbile via Google Compute Engine Public IP addresses. 1563 optional bool gcp_public_cidrs_access_enabled = 3; 1564} 1565 1566// Configuration for the legacy Attribute Based Access Control authorization 1567// mode. 1568message LegacyAbac { 1569 // Whether the ABAC authorizer is enabled for this cluster. When enabled, 1570 // identities in the system, including service accounts, nodes, and 1571 // controllers, will have statically granted permissions beyond those 1572 // provided by the RBAC configuration or IAM. 1573 bool enabled = 1; 1574} 1575 1576// Configuration options for the NetworkPolicy feature. 1577// https://kubernetes.io/docs/concepts/services-networking/networkpolicies/ 1578message NetworkPolicy { 1579 // Allowed Network Policy providers. 1580 enum Provider { 1581 // Not set 1582 PROVIDER_UNSPECIFIED = 0; 1583 1584 // Tigera (Calico Felix). 1585 CALICO = 1; 1586 } 1587 1588 // The selected network policy provider. 1589 Provider provider = 1; 1590 1591 // Whether network policy is enabled on the cluster. 1592 bool enabled = 2; 1593} 1594 1595// [PRIVATE FIELD] 1596// Config for pod CIDR size overprovisioning. 1597message PodCIDROverprovisionConfig { 1598 // Whether Pod CIDR overprovisioning is disabled. 1599 // Note: Pod CIDR overprovisioning is enabled by default. 1600 bool disable = 1; 1601} 1602 1603// Configuration for controlling how IPs are allocated in the cluster. 1604message IPAllocationPolicy { 1605 // Possible values for IP stack type 1606 enum StackType { 1607 // By default, the clusters will be IPV4 only 1608 STACK_TYPE_UNSPECIFIED = 0; 1609 1610 // The value used if the cluster is a IPV4 only 1611 IPV4 = 1; 1612 1613 // The value used if the cluster is a dual stack cluster 1614 IPV4_IPV6 = 2; 1615 } 1616 1617 // IPv6 access type 1618 enum IPv6AccessType { 1619 // Default value, will be defaulted as type external. 1620 IPV6_ACCESS_TYPE_UNSPECIFIED = 0; 1621 1622 // Access type internal (all v6 addresses are internal IPs) 1623 INTERNAL = 1; 1624 1625 // Access type external (all v6 addresses are external IPs) 1626 EXTERNAL = 2; 1627 } 1628 1629 // Whether alias IPs will be used for pod IPs in the cluster. 1630 // This is used in conjunction with use_routes. It cannot 1631 // be true if use_routes is true. If both use_ip_aliases and use_routes are 1632 // false, then the server picks the default IP allocation mode 1633 bool use_ip_aliases = 1; 1634 1635 // Whether a new subnetwork will be created automatically for the cluster. 1636 // 1637 // This field is only applicable when `use_ip_aliases` is true. 1638 bool create_subnetwork = 2; 1639 1640 // A custom subnetwork name to be used if `create_subnetwork` is true. If 1641 // this field is empty, then an automatic name will be chosen for the new 1642 // subnetwork. 1643 string subnetwork_name = 3; 1644 1645 // This field is deprecated, use cluster_ipv4_cidr_block. 1646 string cluster_ipv4_cidr = 4 [deprecated = true]; 1647 1648 // This field is deprecated, use node_ipv4_cidr_block. 1649 string node_ipv4_cidr = 5 [deprecated = true]; 1650 1651 // This field is deprecated, use services_ipv4_cidr_block. 1652 string services_ipv4_cidr = 6 [deprecated = true]; 1653 1654 // The name of the secondary range to be used for the cluster CIDR 1655 // block. The secondary range will be used for pod IP 1656 // addresses. This must be an existing secondary range associated 1657 // with the cluster subnetwork. 1658 // 1659 // This field is only applicable with use_ip_aliases and 1660 // create_subnetwork is false. 1661 string cluster_secondary_range_name = 7; 1662 1663 // The name of the secondary range to be used as for the services 1664 // CIDR block. The secondary range will be used for service 1665 // ClusterIPs. This must be an existing secondary range associated 1666 // with the cluster subnetwork. 1667 // 1668 // This field is only applicable with use_ip_aliases and 1669 // create_subnetwork is false. 1670 string services_secondary_range_name = 8; 1671 1672 // The IP address range for the cluster pod IPs. If this field is set, then 1673 // `cluster.cluster_ipv4_cidr` must be left blank. 1674 // 1675 // This field is only applicable when `use_ip_aliases` is true. 1676 // 1677 // Set to blank to have a range chosen with the default size. 1678 // 1679 // Set to /netmask (e.g. `/14`) to have a range chosen with a specific 1680 // netmask. 1681 // 1682 // Set to a 1683 // [CIDR](http://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing) 1684 // notation (e.g. `10.96.0.0/14`) from the RFC-1918 private networks (e.g. 1685 // `10.0.0.0/8`, `172.16.0.0/12`, `192.168.0.0/16`) to pick a specific range 1686 // to use. 1687 string cluster_ipv4_cidr_block = 9; 1688 1689 // The IP address range of the instance IPs in this cluster. 1690 // 1691 // This is applicable only if `create_subnetwork` is true. 1692 // 1693 // Set to blank to have a range chosen with the default size. 1694 // 1695 // Set to /netmask (e.g. `/14`) to have a range chosen with a specific 1696 // netmask. 1697 // 1698 // Set to a 1699 // [CIDR](http://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing) 1700 // notation (e.g. `10.96.0.0/14`) from the RFC-1918 private networks (e.g. 1701 // `10.0.0.0/8`, `172.16.0.0/12`, `192.168.0.0/16`) to pick a specific range 1702 // to use. 1703 string node_ipv4_cidr_block = 10; 1704 1705 // The IP address range of the services IPs in this cluster. If blank, a range 1706 // will be automatically chosen with the default size. 1707 // 1708 // This field is only applicable when `use_ip_aliases` is true. 1709 // 1710 // Set to blank to have a range chosen with the default size. 1711 // 1712 // Set to /netmask (e.g. `/14`) to have a range chosen with a specific 1713 // netmask. 1714 // 1715 // Set to a 1716 // [CIDR](http://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing) 1717 // notation (e.g. `10.96.0.0/14`) from the RFC-1918 private networks (e.g. 1718 // `10.0.0.0/8`, `172.16.0.0/12`, `192.168.0.0/16`) to pick a specific range 1719 // to use. 1720 string services_ipv4_cidr_block = 11; 1721 1722 // If true, allow allocation of cluster CIDR ranges that overlap with certain 1723 // kinds of network routes. By default we do not allow cluster CIDR ranges to 1724 // intersect with any user declared routes. With allow_route_overlap == true, 1725 // we allow overlapping with CIDR ranges that are larger than the cluster CIDR 1726 // range. 1727 // 1728 // If this field is set to true, then cluster and services CIDRs must be 1729 // fully-specified (e.g. `10.96.0.0/14`, but not `/14`), which means: 1730 // 1) When `use_ip_aliases` is true, `cluster_ipv4_cidr_block` and 1731 // `services_ipv4_cidr_block` must be fully-specified. 1732 // 2) When `use_ip_aliases` is false, `cluster.cluster_ipv4_cidr` muse be 1733 // fully-specified. 1734 bool allow_route_overlap = 12; 1735 1736 // The IP address range of the Cloud TPUs in this cluster. If unspecified, a 1737 // range will be automatically chosen with the default size. 1738 // 1739 // This field is only applicable when `use_ip_aliases` is true. 1740 // 1741 // If unspecified, the range will use the default size. 1742 // 1743 // Set to /netmask (e.g. `/14`) to have a range chosen with a specific 1744 // netmask. 1745 // 1746 // Set to a 1747 // [CIDR](http://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing) 1748 // notation (e.g. `10.96.0.0/14`) from the RFC-1918 private networks (e.g. 1749 // `10.0.0.0/8`, `172.16.0.0/12`, `192.168.0.0/16`) to pick a specific range 1750 // to use. 1751 // This field is deprecated, use cluster.tpu_config.ipv4_cidr_block instead. 1752 string tpu_ipv4_cidr_block = 13; 1753 1754 // Whether routes will be used for pod IPs in the cluster. 1755 // This is used in conjunction with use_ip_aliases. It cannot be true if 1756 // use_ip_aliases is true. If both use_ip_aliases and use_routes are false, 1757 // then the server picks the default IP allocation mode 1758 bool use_routes = 15; 1759 1760 // IP stack type 1761 StackType stack_type = 16; 1762 1763 // The ipv6 access type (internal or external) when create_subnetwork is true 1764 IPv6AccessType ipv6_access_type = 17; 1765 1766 // [PRIVATE FIELD] 1767 // Pod CIDR size overprovisioning config for the cluster. 1768 // 1769 // Pod CIDR size per node depends on max_pods_per_node. By default, the value 1770 // of max_pods_per_node is doubled and then rounded off to next power of 2 to 1771 // get the size of pod CIDR block per node. 1772 // Example: max_pods_per_node of 30 would result in 64 IPs (/26). 1773 // 1774 // This config can disable the doubling of IPs (we still round off to next 1775 // power of 2) 1776 // Example: max_pods_per_node of 30 will result in 32 IPs (/27) when 1777 // overprovisioning is disabled. 1778 PodCIDROverprovisionConfig pod_cidr_overprovision_config = 21; 1779 1780 // Output only. [Output only] The subnet's IPv6 CIDR block used by nodes and 1781 // pods. 1782 string subnet_ipv6_cidr_block = 22 1783 [(google.api.field_behavior) = OUTPUT_ONLY]; 1784 1785 // Output only. [Output only] The services IPv6 CIDR block for the cluster. 1786 string services_ipv6_cidr_block = 23 1787 [(google.api.field_behavior) = OUTPUT_ONLY]; 1788 1789 // Output only. [Output only] The additional pod ranges that are added to the 1790 // cluster. These pod ranges can be used by new node pools to allocate pod IPs 1791 // automatically. Once the range is removed it will not show up in 1792 // IPAllocationPolicy. 1793 AdditionalPodRangesConfig additional_pod_ranges_config = 24 1794 [(google.api.field_behavior) = OUTPUT_ONLY]; 1795 1796 // Output only. [Output only] The utilization of the cluster default IPv4 1797 // range for the pod. The ratio is Usage/[Total number of IPs in the secondary 1798 // range], Usage=numNodes*numZones*podIPsPerNode. 1799 double default_pod_ipv4_range_utilization = 25 1800 [(google.api.field_behavior) = OUTPUT_ONLY]; 1801} 1802 1803// Configuration for Binary Authorization. 1804message BinaryAuthorization { 1805 // Binary Authorization mode of operation. 1806 enum EvaluationMode { 1807 // Default value 1808 EVALUATION_MODE_UNSPECIFIED = 0; 1809 1810 // Disable BinaryAuthorization 1811 DISABLED = 1; 1812 1813 // Enforce Kubernetes admission requests with BinaryAuthorization using the 1814 // project's singleton policy. This is equivalent to setting the 1815 // enabled boolean to true. 1816 PROJECT_SINGLETON_POLICY_ENFORCE = 2; 1817 1818 // Use Binary Authorization Continuous Validation with the policies 1819 // specified in policy_bindings. 1820 POLICY_BINDINGS = 5; 1821 1822 // Use Binary Authorization Continuous Validation with the policies 1823 // specified in policy_bindings and enforce Kubernetes admission requests 1824 // with Binary Authorization using the project's singleton policy. 1825 POLICY_BINDINGS_AND_PROJECT_SINGLETON_POLICY_ENFORCE = 6; 1826 } 1827 1828 // Binauthz policy that applies to this cluster. 1829 message PolicyBinding { 1830 // The relative resource name of the binauthz platform policy to audit. GKE 1831 // platform policies have the following format: 1832 // `projects/{project_number}/platforms/gke/policies/{policy_id}`. 1833 optional string name = 1; 1834 } 1835 1836 // This field is deprecated. Leave this unset and instead configure 1837 // BinaryAuthorization using evaluation_mode. If evaluation_mode is set to 1838 // anything other than EVALUATION_MODE_UNSPECIFIED, this field is ignored. 1839 bool enabled = 1 [deprecated = true]; 1840 1841 // Mode of operation for binauthz policy evaluation. If unspecified, defaults 1842 // to DISABLED. 1843 EvaluationMode evaluation_mode = 2; 1844 1845 // Optional. Binauthz policies that apply to this cluster. 1846 repeated PolicyBinding policy_bindings = 5 1847 [(google.api.field_behavior) = OPTIONAL]; 1848} 1849 1850// Configuration for the PodSecurityPolicy feature. 1851message PodSecurityPolicyConfig { 1852 // Enable the PodSecurityPolicy controller for this cluster. If enabled, pods 1853 // must be valid under a PodSecurityPolicy to be created. 1854 bool enabled = 1; 1855} 1856 1857// Configuration for returning group information from authenticators. 1858message AuthenticatorGroupsConfig { 1859 // Whether this cluster should return group membership lookups 1860 // during authentication using a group of security groups. 1861 bool enabled = 1; 1862 1863 // The name of the security group-of-groups to be used. Only relevant 1864 // if enabled = true. 1865 string security_group = 2; 1866} 1867 1868// Telemetry integration for the cluster. 1869message ClusterTelemetry { 1870 // Type of the integration. 1871 enum Type { 1872 // Not set. 1873 UNSPECIFIED = 0; 1874 1875 // Monitoring integration is disabled. 1876 DISABLED = 1; 1877 1878 // Monitoring integration is enabled. 1879 ENABLED = 2; 1880 1881 // Only system components are monitored and logged. 1882 SYSTEM_ONLY = 3; 1883 } 1884 1885 // Type of the integration. 1886 Type type = 1; 1887} 1888 1889// A Google Kubernetes Engine cluster. 1890message Cluster { 1891 // The current status of the cluster. 1892 enum Status { 1893 // Not set. 1894 STATUS_UNSPECIFIED = 0; 1895 1896 // The PROVISIONING state indicates the cluster is being created. 1897 PROVISIONING = 1; 1898 1899 // The RUNNING state indicates the cluster has been created and is fully 1900 // usable. 1901 RUNNING = 2; 1902 1903 // The RECONCILING state indicates that some work is actively being done on 1904 // the cluster, such as upgrading the master or node software. Details can 1905 // be found in the `statusMessage` field. 1906 RECONCILING = 3; 1907 1908 // The STOPPING state indicates the cluster is being deleted. 1909 STOPPING = 4; 1910 1911 // The ERROR state indicates the cluster may be unusable. Details 1912 // can be found in the `statusMessage` field. 1913 ERROR = 5; 1914 1915 // The DEGRADED state indicates the cluster requires user action to restore 1916 // full functionality. Details can be found in the `statusMessage` field. 1917 DEGRADED = 6; 1918 } 1919 1920 // The name of this cluster. The name must be unique within this project 1921 // and location (e.g. zone or region), and can be up to 40 characters with 1922 // the following restrictions: 1923 // 1924 // * Lowercase letters, numbers, and hyphens only. 1925 // * Must start with a letter. 1926 // * Must end with a number or a letter. 1927 string name = 1; 1928 1929 // An optional description of this cluster. 1930 string description = 2; 1931 1932 // The number of nodes to create in this cluster. You must ensure that your 1933 // Compute Engine [resource quota](https://cloud.google.com/compute/quotas) 1934 // is sufficient for this number of instances. You must also have available 1935 // firewall and routes quota. 1936 // For requests, this field should only be used in lieu of a 1937 // "node_pool" object, since this configuration (along with the 1938 // "node_config") will be used to create a "NodePool" object with an 1939 // auto-generated name. Do not use this and a node_pool at the same time. 1940 // 1941 // This field is deprecated, use node_pool.initial_node_count instead. 1942 int32 initial_node_count = 3 [deprecated = true]; 1943 1944 // Parameters used in creating the cluster's nodes. 1945 // For requests, this field should only be used in lieu of a 1946 // "node_pool" object, since this configuration (along with the 1947 // "initial_node_count") will be used to create a "NodePool" object with an 1948 // auto-generated name. Do not use this and a node_pool at the same time. 1949 // For responses, this field will be populated with the node configuration of 1950 // the first node pool. (For configuration of each node pool, see 1951 // `node_pool.config`) 1952 // 1953 // If unspecified, the defaults are used. 1954 // This field is deprecated, use node_pool.config instead. 1955 NodeConfig node_config = 4 [deprecated = true]; 1956 1957 // The authentication information for accessing the master endpoint. 1958 // If unspecified, the defaults are used: 1959 // For clusters before v1.12, if master_auth is unspecified, `username` will 1960 // be set to "admin", a random password will be generated, and a client 1961 // certificate will be issued. 1962 MasterAuth master_auth = 5; 1963 1964 // The logging service the cluster should use to write logs. 1965 // Currently available options: 1966 // 1967 // * `logging.googleapis.com/kubernetes` - The Cloud Logging 1968 // service with a Kubernetes-native resource model 1969 // * `logging.googleapis.com` - The legacy Cloud Logging service (no longer 1970 // available as of GKE 1.15). 1971 // * `none` - no logs will be exported from the cluster. 1972 // 1973 // If left as an empty string,`logging.googleapis.com/kubernetes` will be 1974 // used for GKE 1.14+ or `logging.googleapis.com` for earlier versions. 1975 string logging_service = 6; 1976 1977 // The monitoring service the cluster should use to write metrics. 1978 // Currently available options: 1979 // 1980 // * "monitoring.googleapis.com/kubernetes" - The Cloud Monitoring 1981 // service with a Kubernetes-native resource model 1982 // * `monitoring.googleapis.com` - The legacy Cloud Monitoring service (no 1983 // longer available as of GKE 1.15). 1984 // * `none` - No metrics will be exported from the cluster. 1985 // 1986 // If left as an empty string,`monitoring.googleapis.com/kubernetes` will be 1987 // used for GKE 1.14+ or `monitoring.googleapis.com` for earlier versions. 1988 string monitoring_service = 7; 1989 1990 // The name of the Google Compute Engine 1991 // [network](https://cloud.google.com/compute/docs/networks-and-firewalls#networks) 1992 // to which the cluster is connected. If left unspecified, the `default` 1993 // network will be used. On output this shows the network ID instead of the 1994 // name. 1995 string network = 8; 1996 1997 // The IP address range of the container pods in this cluster, in 1998 // [CIDR](http://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing) 1999 // notation (e.g. `10.96.0.0/14`). Leave blank to have 2000 // one automatically chosen or specify a `/14` block in `10.0.0.0/8`. 2001 string cluster_ipv4_cidr = 9; 2002 2003 // Configurations for the various addons available to run in the cluster. 2004 AddonsConfig addons_config = 10; 2005 2006 // The name of the Google Compute Engine 2007 // [subnetwork](https://cloud.google.com/compute/docs/subnetworks) to which 2008 // the cluster is connected. On output this shows the subnetwork ID instead of 2009 // the name. 2010 string subnetwork = 11; 2011 2012 // The node pools associated with this cluster. 2013 // This field should not be set if "node_config" or "initial_node_count" are 2014 // specified. 2015 repeated NodePool node_pools = 12; 2016 2017 // The list of Google Compute Engine 2018 // [zones](https://cloud.google.com/compute/docs/zones#available) in which the 2019 // cluster's nodes should be located. 2020 // 2021 // This field provides a default value if 2022 // [NodePool.Locations](https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1/projects.locations.clusters.nodePools#NodePool.FIELDS.locations) 2023 // are not specified during node pool creation. 2024 // 2025 // Warning: changing cluster locations will update the 2026 // [NodePool.Locations](https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1/projects.locations.clusters.nodePools#NodePool.FIELDS.locations) 2027 // of all node pools and will result in nodes being added and/or removed. 2028 repeated string locations = 13; 2029 2030 // Kubernetes alpha features are enabled on this cluster. This includes alpha 2031 // API groups (e.g. v1beta1) and features that may not be production ready in 2032 // the kubernetes version of the master and nodes. 2033 // The cluster has no SLA for uptime and master/node upgrades are disabled. 2034 // Alpha enabled clusters are automatically deleted thirty days after 2035 // creation. 2036 bool enable_kubernetes_alpha = 14; 2037 2038 // Kubernetes open source beta apis enabled on the cluster. Only beta apis. 2039 K8sBetaAPIConfig enable_k8s_beta_apis = 143; 2040 2041 // The resource labels for the cluster to use to annotate any related 2042 // Google Compute Engine resources. 2043 map<string, string> resource_labels = 15; 2044 2045 // The fingerprint of the set of labels for this cluster. 2046 string label_fingerprint = 16; 2047 2048 // Configuration for the legacy ABAC authorization mode. 2049 LegacyAbac legacy_abac = 18; 2050 2051 // Configuration options for the NetworkPolicy feature. 2052 NetworkPolicy network_policy = 19; 2053 2054 // Configuration for cluster IP allocation. 2055 IPAllocationPolicy ip_allocation_policy = 20; 2056 2057 // The configuration options for master authorized networks feature. 2058 MasterAuthorizedNetworksConfig master_authorized_networks_config = 22; 2059 2060 // Configure the maintenance policy for this cluster. 2061 MaintenancePolicy maintenance_policy = 23; 2062 2063 // Configuration for Binary Authorization. 2064 BinaryAuthorization binary_authorization = 24; 2065 2066 // Configuration for the PodSecurityPolicy feature. 2067 PodSecurityPolicyConfig pod_security_policy_config = 25; 2068 2069 // Cluster-level autoscaling configuration. 2070 ClusterAutoscaling autoscaling = 26; 2071 2072 // Configuration for cluster networking. 2073 NetworkConfig network_config = 27; 2074 2075 // If this is a private cluster setup. Private clusters are clusters that, by 2076 // default have no external IP addresses on the nodes and where nodes and the 2077 // master communicate over private IP addresses. 2078 // This field is deprecated, use private_cluster_config.enable_private_nodes 2079 // instead. 2080 bool private_cluster = 28 [deprecated = true]; 2081 2082 // The IP prefix in CIDR notation to use for the hosted master network. 2083 // This prefix will be used for assigning private IP addresses to the 2084 // master or set of masters, as well as the ILB VIP. 2085 // This field is deprecated, use 2086 // private_cluster_config.master_ipv4_cidr_block instead. 2087 string master_ipv4_cidr_block = 29 [deprecated = true]; 2088 2089 // The default constraint on the maximum number of pods that can be run 2090 // simultaneously on a node in the node pool of this cluster. Only honored 2091 // if cluster created with IP Alias support. 2092 MaxPodsConstraint default_max_pods_constraint = 30; 2093 2094 // Configuration for exporting resource usages. Resource usage export is 2095 // disabled when this config unspecified. 2096 ResourceUsageExportConfig resource_usage_export_config = 33; 2097 2098 // Configuration controlling RBAC group membership information. 2099 AuthenticatorGroupsConfig authenticator_groups_config = 34; 2100 2101 // Configuration for private cluster. 2102 PrivateClusterConfig private_cluster_config = 37; 2103 2104 // Cluster-level Vertical Pod Autoscaling configuration. 2105 VerticalPodAutoscaling vertical_pod_autoscaling = 39; 2106 2107 // Shielded Nodes configuration. 2108 ShieldedNodes shielded_nodes = 40; 2109 2110 // Release channel configuration. If left unspecified on cluster creation and 2111 // a version is specified, the cluster is enrolled in the most mature release 2112 // channel where the version is available (first checking STABLE, then 2113 // REGULAR, and finally RAPID). Otherwise, if no release channel 2114 // configuration and no version is specified, the cluster is enrolled in the 2115 // REGULAR channel with its default version. 2116 ReleaseChannel release_channel = 41; 2117 2118 // Configuration for the use of Kubernetes Service Accounts in GCP IAM 2119 // policies. 2120 WorkloadIdentityConfig workload_identity_config = 43; 2121 2122 // Configuration for issuance of mTLS keys and certificates to Kubernetes 2123 // pods. 2124 WorkloadCertificates workload_certificates = 52; 2125 2126 // Configuration for issuance of mTLS keys and certificates to Kubernetes 2127 // pods. 2128 MeshCertificates mesh_certificates = 67; 2129 2130 // Configuration for direct-path (via ALTS) with workload identity. 2131 WorkloadALTSConfig workload_alts_config = 53; 2132 2133 // Configuration for the fine-grained cost management feature. 2134 CostManagementConfig cost_management_config = 45; 2135 2136 // Telemetry integration for the cluster. 2137 ClusterTelemetry cluster_telemetry = 46; 2138 2139 // Configuration for Cloud TPU support; 2140 TpuConfig tpu_config = 47; 2141 2142 // Notification configuration of the cluster. 2143 NotificationConfig notification_config = 49; 2144 2145 // Configuration of Confidential Nodes. 2146 // All the nodes in the cluster will be Confidential VM once enabled. 2147 ConfidentialNodes confidential_nodes = 50; 2148 2149 // Configuration for Identity Service component. 2150 IdentityServiceConfig identity_service_config = 54; 2151 2152 // [Output only] Server-defined URL for the resource. 2153 string self_link = 100; 2154 2155 // [Output only] The name of the Google Compute Engine 2156 // [zone](https://cloud.google.com/compute/docs/zones#available) in which the 2157 // cluster resides. This field is deprecated, use location instead. 2158 string zone = 101 [deprecated = true]; 2159 2160 // [Output only] The IP address of this cluster's master endpoint. 2161 // The endpoint can be accessed from the internet at 2162 // `https://username:password@endpoint/`. 2163 // 2164 // See the `masterAuth` property of this resource for username and 2165 // password information. 2166 string endpoint = 102; 2167 2168 // The initial Kubernetes version for this cluster. Valid versions are those 2169 // found in validMasterVersions returned by getServerConfig. The version can 2170 // be upgraded over time; such upgrades are reflected in 2171 // currentMasterVersion and currentNodeVersion. 2172 // 2173 // Users may specify either explicit versions offered by 2174 // Kubernetes Engine or version aliases, which have the following behavior: 2175 // 2176 // - "latest": picks the highest valid Kubernetes version 2177 // - "1.X": picks the highest valid patch+gke.N patch in the 1.X version 2178 // - "1.X.Y": picks the highest valid gke.N patch in the 1.X.Y version 2179 // - "1.X.Y-gke.N": picks an explicit Kubernetes version 2180 // - "","-": picks the default Kubernetes version 2181 string initial_cluster_version = 103; 2182 2183 // [Output only] The current software version of the master endpoint. 2184 string current_master_version = 104; 2185 2186 // [Output only] Deprecated, use 2187 // [NodePool.version](https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1beta1/projects.locations.clusters.nodePools) 2188 // instead. The current version of the node software components. 2189 // If they are currently at multiple versions because they're in the process 2190 // of being upgraded, this reflects the minimum version of all nodes. 2191 string current_node_version = 105 [deprecated = true]; 2192 2193 // [Output only] The time the cluster was created, in 2194 // [RFC3339](https://www.ietf.org/rfc/rfc3339.txt) text format. 2195 string create_time = 106; 2196 2197 // [Output only] The current status of this cluster. 2198 Status status = 107; 2199 2200 // [Output only] Deprecated. Use conditions instead. 2201 // Additional information about the current status of this 2202 // cluster, if available. 2203 string status_message = 108 [deprecated = true]; 2204 2205 // [Output only] The size of the address space on each node for hosting 2206 // containers. This is provisioned from within the `container_ipv4_cidr` 2207 // range. This field will only be set when cluster is in route-based network 2208 // mode. 2209 int32 node_ipv4_cidr_size = 109; 2210 2211 // [Output only] The IP address range of the Kubernetes services in 2212 // this cluster, in 2213 // [CIDR](http://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing) 2214 // notation (e.g. `1.2.3.4/29`). Service addresses are 2215 // typically put in the last `/16` from the container CIDR. 2216 string services_ipv4_cidr = 110; 2217 2218 // Deprecated. Use node_pools.instance_group_urls. 2219 repeated string instance_group_urls = 111 [deprecated = true]; 2220 2221 // [Output only] The number of nodes currently in the cluster. Deprecated. 2222 // Call Kubernetes API directly to retrieve node information. 2223 int32 current_node_count = 112 [deprecated = true]; 2224 2225 // [Output only] The time the cluster will be automatically 2226 // deleted in [RFC3339](https://www.ietf.org/rfc/rfc3339.txt) text format. 2227 string expire_time = 113; 2228 2229 // [Output only] The name of the Google Compute Engine 2230 // [zone](https://cloud.google.com/compute/docs/regions-zones/regions-zones#available) 2231 // or 2232 // [region](https://cloud.google.com/compute/docs/regions-zones/regions-zones#available) 2233 // in which the cluster resides. 2234 string location = 114; 2235 2236 // Enable the ability to use Cloud TPUs in this cluster. 2237 // This field is deprecated, use tpu_config.enabled instead. 2238 bool enable_tpu = 115; 2239 2240 // [Output only] The IP address range of the Cloud TPUs in this cluster, in 2241 // [CIDR](http://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing) 2242 // notation (e.g. `1.2.3.4/29`). 2243 string tpu_ipv4_cidr_block = 116; 2244 2245 // Configuration of etcd encryption. 2246 DatabaseEncryption database_encryption = 38; 2247 2248 // Which conditions caused the current cluster state. 2249 repeated StatusCondition conditions = 118; 2250 2251 // Configuration for master components. 2252 Master master = 124; 2253 2254 // Autopilot configuration for the cluster. 2255 Autopilot autopilot = 128; 2256 2257 // Output only. Unique id for the cluster. 2258 string id = 129 [(google.api.field_behavior) = OUTPUT_ONLY]; 2259 2260 // Default NodePool settings for the entire cluster. These settings are 2261 // overridden if specified on the specific NodePool object. 2262 optional NodePoolDefaults node_pool_defaults = 131; 2263 2264 // Logging configuration for the cluster. 2265 LoggingConfig logging_config = 132; 2266 2267 // Monitoring configuration for the cluster. 2268 MonitoringConfig monitoring_config = 133; 2269 2270 // Node pool configs that apply to all auto-provisioned node pools 2271 // in autopilot clusters and node auto-provisioning enabled clusters. 2272 NodePoolAutoConfig node_pool_auto_config = 136; 2273 2274 // Deprecated: Use SecurityPostureConfig instead. 2275 // Enable/Disable Protect API features for the cluster. 2276 optional ProtectConfig protect_config = 137 [deprecated = true]; 2277 2278 // This checksum is computed by the server based on the value of cluster 2279 // fields, and may be sent on update requests to ensure the client has an 2280 // up-to-date value before proceeding. 2281 string etag = 139; 2282 2283 // Fleet information for the cluster. 2284 Fleet fleet = 140; 2285 2286 // Enable/Disable Security Posture API features for the cluster. 2287 SecurityPostureConfig security_posture_config = 145; 2288 2289 // GKE Enterprise Configuration. 2290 EnterpriseConfig enterprise_config = 149; 2291 2292 // Secret CSI driver configuration. 2293 SecretManagerConfig secret_manager_config = 150; 2294} 2295 2296// Kubernetes open source beta apis enabled on the cluster. 2297message K8sBetaAPIConfig { 2298 // api name, e.g. storage.k8s.io/v1beta1/csistoragecapacities. 2299 repeated string enabled_apis = 1; 2300} 2301 2302// WorkloadConfig defines the flags to enable or disable the 2303// workload configurations for the cluster. 2304message WorkloadConfig { 2305 // Mode defines how to audit the workload configs. 2306 enum Mode { 2307 // Default value meaning that no mode has been specified. 2308 MODE_UNSPECIFIED = 0; 2309 2310 // This disables Workload Configuration auditing on the cluster, 2311 // meaning that nothing is surfaced. 2312 DISABLED = 1; 2313 2314 // Applies the default set of policy auditing to a cluster's workloads. 2315 BASIC = 4; 2316 2317 // Surfaces configurations that are not in line with the 2318 // Pod Security Standard Baseline policy. 2319 BASELINE = 2 [deprecated = true]; 2320 2321 // Surfaces configurations that are not in line with the 2322 // Pod Security Standard Restricted policy. 2323 RESTRICTED = 3 [deprecated = true]; 2324 } 2325 2326 // Sets which mode of auditing should be used for the cluster's workloads. 2327 optional Mode audit_mode = 1; 2328} 2329 2330// ProtectConfig defines the flags needed to enable/disable features for the 2331// Protect API. 2332message ProtectConfig { 2333 // WorkloadVulnerabilityMode defines mode to perform vulnerability scanning. 2334 enum WorkloadVulnerabilityMode { 2335 // Default value not specified. 2336 WORKLOAD_VULNERABILITY_MODE_UNSPECIFIED = 0; 2337 2338 // Disables Workload Vulnerability Scanning feature on the cluster. 2339 DISABLED = 1; 2340 2341 // Applies basic vulnerability scanning settings for cluster workloads. 2342 BASIC = 2; 2343 } 2344 2345 // WorkloadConfig defines which actions are enabled for a cluster's workload 2346 // configurations. 2347 optional WorkloadConfig workload_config = 1; 2348 2349 // Sets which mode to use for Protect workload vulnerability scanning feature. 2350 optional WorkloadVulnerabilityMode workload_vulnerability_mode = 2; 2351} 2352 2353// SecurityPostureConfig defines the flags needed to enable/disable features for 2354// the Security Posture API. 2355message SecurityPostureConfig { 2356 // Mode defines enablement mode for GKE Security posture features. 2357 enum Mode { 2358 // Default value not specified. 2359 MODE_UNSPECIFIED = 0; 2360 2361 // Disables Security Posture features on the cluster. 2362 DISABLED = 1; 2363 2364 // Applies Security Posture features on the cluster. 2365 BASIC = 2; 2366 } 2367 2368 // VulnerabilityMode defines enablement mode for vulnerability scanning. 2369 enum VulnerabilityMode { 2370 // Default value not specified. 2371 VULNERABILITY_MODE_UNSPECIFIED = 0; 2372 2373 // Disables vulnerability scanning on the cluster. 2374 VULNERABILITY_DISABLED = 1; 2375 2376 // Applies basic vulnerability scanning on the cluster. 2377 VULNERABILITY_BASIC = 2; 2378 2379 // Applies the Security Posture's vulnerability on cluster Enterprise level 2380 // features. 2381 VULNERABILITY_ENTERPRISE = 3; 2382 } 2383 2384 // Sets which mode to use for Security Posture features. 2385 optional Mode mode = 1; 2386 2387 // Sets which mode to use for vulnerability scanning. 2388 optional VulnerabilityMode vulnerability_mode = 2; 2389} 2390 2391// Subset of Nodepool message that has defaults. 2392message NodePoolDefaults { 2393 // Subset of NodeConfig message that has defaults. 2394 NodeConfigDefaults node_config_defaults = 1; 2395} 2396 2397// Subset of NodeConfig message that has defaults. 2398message NodeConfigDefaults { 2399 // GCFS (Google Container File System, also known as Riptide) options. 2400 GcfsConfig gcfs_config = 1; 2401 2402 // Logging configuration for node pools. 2403 NodePoolLoggingConfig logging_config = 3; 2404 2405 // HostMaintenancePolicy contains the desired maintenance policy for the 2406 // Google Compute Engine hosts. 2407 HostMaintenancePolicy host_maintenance_policy = 5; 2408} 2409 2410// node pool configs that apply to all auto-provisioned node pools 2411// in autopilot clusters and node auto-provisioning enabled clusters 2412message NodePoolAutoConfig { 2413 // The list of instance tags applied to all nodes. Tags are used to identify 2414 // valid sources or targets for network firewalls and are specified by 2415 // the client during cluster creation. Each tag within the list 2416 // must comply with RFC1035. 2417 NetworkTags network_tags = 1; 2418 2419 // Resource manager tag keys and values to be attached to the nodes 2420 // for managing Compute Engine firewalls using Network Firewall Policies. 2421 ResourceManagerTags resource_manager_tags = 2; 2422} 2423 2424// ClusterUpdate describes an update to the cluster. Exactly one update can 2425// be applied to a cluster with each request, so at most one field can be 2426// provided. 2427message ClusterUpdate { 2428 // The Kubernetes version to change the nodes to (typically an 2429 // upgrade). 2430 // 2431 // Users may specify either explicit versions offered by 2432 // Kubernetes Engine or version aliases, which have the following behavior: 2433 // 2434 // - "latest": picks the highest valid Kubernetes version 2435 // - "1.X": picks the highest valid patch+gke.N patch in the 1.X version 2436 // - "1.X.Y": picks the highest valid gke.N patch in the 1.X.Y version 2437 // - "1.X.Y-gke.N": picks an explicit Kubernetes version 2438 // - "-": picks the Kubernetes master version 2439 string desired_node_version = 4; 2440 2441 // The monitoring service the cluster should use to write metrics. 2442 // Currently available options: 2443 // 2444 // * "monitoring.googleapis.com/kubernetes" - The Cloud Monitoring 2445 // service with a Kubernetes-native resource model 2446 // * `monitoring.googleapis.com` - The legacy Cloud Monitoring service (no 2447 // longer available as of GKE 1.15). 2448 // * `none` - No metrics will be exported from the cluster. 2449 // 2450 // If left as an empty string,`monitoring.googleapis.com/kubernetes` will be 2451 // used for GKE 1.14+ or `monitoring.googleapis.com` for earlier versions. 2452 string desired_monitoring_service = 5; 2453 2454 // Configurations for the various addons available to run in the cluster. 2455 AddonsConfig desired_addons_config = 6; 2456 2457 // The node pool to be upgraded. This field is mandatory if 2458 // "desired_node_version", "desired_image_family", 2459 // "desired_node_pool_autoscaling", or "desired_workload_metadata_config" 2460 // is specified and there is more than one node pool on the cluster. 2461 string desired_node_pool_id = 7; 2462 2463 // The desired image type for the node pool. 2464 // NOTE: Set the "desired_node_pool" field as well. 2465 string desired_image_type = 8; 2466 2467 // Autoscaler configuration for the node pool specified in 2468 // desired_node_pool_id. If there is only one pool in the 2469 // cluster and desired_node_pool_id is not provided then 2470 // the change applies to that single node pool. 2471 NodePoolAutoscaling desired_node_pool_autoscaling = 9; 2472 2473 // The desired list of Google Compute Engine 2474 // [zones](https://cloud.google.com/compute/docs/zones#available) in which the 2475 // cluster's nodes should be located. 2476 // 2477 // This list must always include the cluster's primary zone. 2478 // 2479 // Warning: changing cluster locations will update the locations of all node 2480 // pools and will result in nodes being added and/or removed. 2481 repeated string desired_locations = 10; 2482 2483 // The desired configuration options for master authorized networks feature. 2484 MasterAuthorizedNetworksConfig desired_master_authorized_networks_config = 12; 2485 2486 // The desired configuration options for the PodSecurityPolicy feature. 2487 PodSecurityPolicyConfig desired_pod_security_policy_config = 14; 2488 2489 // Cluster-level autoscaling configuration. 2490 ClusterAutoscaling desired_cluster_autoscaling = 15; 2491 2492 // The desired configuration options for the Binary Authorization feature. 2493 BinaryAuthorization desired_binary_authorization = 16; 2494 2495 // The logging service the cluster should use to write logs. 2496 // Currently available options: 2497 // 2498 // * `logging.googleapis.com/kubernetes` - The Cloud Logging 2499 // service with a Kubernetes-native resource model 2500 // * `logging.googleapis.com` - The legacy Cloud Logging service (no longer 2501 // available as of GKE 1.15). 2502 // * `none` - no logs will be exported from the cluster. 2503 // 2504 // If left as an empty string,`logging.googleapis.com/kubernetes` will be 2505 // used for GKE 1.14+ or `logging.googleapis.com` for earlier versions. 2506 string desired_logging_service = 19; 2507 2508 // The desired configuration for exporting resource usage. 2509 ResourceUsageExportConfig desired_resource_usage_export_config = 21; 2510 2511 // Cluster-level Vertical Pod Autoscaling configuration. 2512 VerticalPodAutoscaling desired_vertical_pod_autoscaling = 22; 2513 2514 // The desired private cluster configuration. 2515 PrivateClusterConfig desired_private_cluster_config = 25; 2516 2517 // The desired config of Intra-node visibility. 2518 IntraNodeVisibilityConfig desired_intra_node_visibility_config = 26; 2519 2520 // The desired status of whether to disable default sNAT for this cluster. 2521 DefaultSnatStatus desired_default_snat_status = 28; 2522 2523 // The desired telemetry integration for the cluster. 2524 ClusterTelemetry desired_cluster_telemetry = 30; 2525 2526 // The desired release channel configuration. 2527 ReleaseChannel desired_release_channel = 31; 2528 2529 // The desired Cloud TPU configuration. 2530 TpuConfig desired_tpu_config = 38; 2531 2532 // The desired L4 Internal Load Balancer Subsetting configuration. 2533 ILBSubsettingConfig desired_l4ilb_subsetting_config = 39; 2534 2535 // The desired datapath provider for the cluster. 2536 DatapathProvider desired_datapath_provider = 50; 2537 2538 // The desired state of IPv6 connectivity to Google Services. 2539 PrivateIPv6GoogleAccess desired_private_ipv6_google_access = 51; 2540 2541 // The desired notification configuration. 2542 NotificationConfig desired_notification_config = 55; 2543 2544 // The Kubernetes version to change the master to. The only valid value is the 2545 // latest supported version. 2546 // 2547 // Users may specify either explicit versions offered by 2548 // Kubernetes Engine or version aliases, which have the following behavior: 2549 // 2550 // - "latest": picks the highest valid Kubernetes version 2551 // - "1.X": picks the highest valid patch+gke.N patch in the 1.X version 2552 // - "1.X.Y": picks the highest valid gke.N patch in the 1.X.Y version 2553 // - "1.X.Y-gke.N": picks an explicit Kubernetes version 2554 // - "-": picks the default Kubernetes version 2555 string desired_master_version = 100; 2556 2557 // The desired GCFS config for the cluster. 2558 GcfsConfig desired_gcfs_config = 109; 2559 2560 // Configuration of etcd encryption. 2561 DatabaseEncryption desired_database_encryption = 46; 2562 2563 // Configuration for Workload Identity. 2564 WorkloadIdentityConfig desired_workload_identity_config = 47; 2565 2566 // Configuration for issuance of mTLS keys and certificates to Kubernetes 2567 // pods. 2568 WorkloadCertificates desired_workload_certificates = 61; 2569 2570 // Configuration for issuance of mTLS keys and certificates to Kubernetes 2571 // pods. 2572 MeshCertificates desired_mesh_certificates = 67; 2573 2574 // Configuration for direct-path (via ALTS) with workload identity. 2575 WorkloadALTSConfig desired_workload_alts_config = 62; 2576 2577 // Configuration for Shielded Nodes. 2578 ShieldedNodes desired_shielded_nodes = 48; 2579 2580 // The desired configuration for the fine-grained cost management feature. 2581 CostManagementConfig desired_cost_management_config = 49; 2582 2583 // Configuration for master components. 2584 Master desired_master = 52; 2585 2586 // DNSConfig contains clusterDNS config for this cluster. 2587 DNSConfig desired_dns_config = 53; 2588 2589 // ServiceExternalIPsConfig specifies the config for the use of Services with 2590 // ExternalIPs field. 2591 ServiceExternalIPsConfig desired_service_external_ips_config = 60; 2592 2593 // AuthenticatorGroupsConfig specifies the config for the cluster security 2594 // groups settings. 2595 AuthenticatorGroupsConfig desired_authenticator_groups_config = 63; 2596 2597 // The desired logging configuration. 2598 LoggingConfig desired_logging_config = 64; 2599 2600 // The desired monitoring configuration. 2601 MonitoringConfig desired_monitoring_config = 65; 2602 2603 // The desired Identity Service component configuration. 2604 IdentityServiceConfig desired_identity_service_config = 66; 2605 2606 // Enable/Disable private endpoint for the cluster's master. 2607 optional bool desired_enable_private_endpoint = 71; 2608 2609 // The desired network tags that apply to all auto-provisioned node pools 2610 // in autopilot clusters and node auto-provisioning enabled clusters. 2611 NetworkTags desired_node_pool_auto_config_network_tags = 110; 2612 2613 // Deprecated: Use DesiredSecurityPostureConfig instead. 2614 // Enable/Disable Protect API features for the cluster. 2615 optional ProtectConfig desired_protect_config = 112 [deprecated = true]; 2616 2617 // The desired config of Gateway API on this cluster. 2618 GatewayAPIConfig desired_gateway_api_config = 114; 2619 2620 // The current etag of the cluster. 2621 // If an etag is provided and does not match the current etag of the cluster, 2622 // update will be blocked and an ABORTED error will be returned. 2623 string etag = 115; 2624 2625 // The desired node pool logging configuration defaults for the cluster. 2626 NodePoolLoggingConfig desired_node_pool_logging_config = 116; 2627 2628 // The desired fleet configuration for the cluster. 2629 Fleet desired_fleet = 117; 2630 2631 // The desired stack type of the cluster. 2632 // If a stack type is provided and does not match the current stack type of 2633 // the cluster, update will attempt to change the stack type to the new type. 2634 StackType desired_stack_type = 119; 2635 2636 // The additional pod ranges to be added to the cluster. These pod ranges 2637 // can be used by node pools to allocate pod IPs. 2638 AdditionalPodRangesConfig additional_pod_ranges_config = 120; 2639 2640 // The additional pod ranges that are to be removed from the cluster. 2641 // The pod ranges specified here must have been specified earlier in the 2642 // 'additional_pod_ranges_config' argument. 2643 AdditionalPodRangesConfig removed_additional_pod_ranges_config = 121; 2644 2645 // Kubernetes open source beta apis enabled on the cluster. Only beta apis 2646 K8sBetaAPIConfig enable_k8s_beta_apis = 122; 2647 2648 // Enable/Disable Security Posture API features for the cluster. 2649 SecurityPostureConfig desired_security_posture_config = 124; 2650 2651 // The desired network performance config. 2652 NetworkConfig.ClusterNetworkPerformanceConfig 2653 desired_network_performance_config = 125; 2654 2655 // Enable/Disable FQDN Network Policy for the cluster. 2656 optional bool desired_enable_fqdn_network_policy = 126; 2657 2658 // The desired workload policy configuration for the autopilot cluster. 2659 WorkloadPolicyConfig desired_autopilot_workload_policy_config = 128; 2660 2661 // Beta APIs enabled for cluster. 2662 K8sBetaAPIConfig desired_k8s_beta_apis = 131; 2663 2664 // HostMaintenancePolicy contains the desired maintenance policy for the 2665 // Google Compute Engine hosts. 2666 HostMaintenancePolicy desired_host_maintenance_policy = 132; 2667 2668 // Enable/Disable Multi-Networking for the cluster 2669 optional bool desired_enable_multi_networking = 135; 2670 2671 // The desired resource manager tags that apply to all auto-provisioned node 2672 // pools in autopilot clusters and node auto-provisioning enabled clusters. 2673 ResourceManagerTags desired_node_pool_auto_config_resource_manager_tags = 136; 2674 2675 // Specify the details of in-transit encryption. 2676 optional InTransitEncryptionConfig desired_in_transit_encryption_config = 137; 2677 2678 // Enable/Disable Cilium Clusterwide Network Policy for the cluster. 2679 optional bool desired_enable_cilium_clusterwide_network_policy = 138; 2680 2681 // Enable/Disable Secret Manager Config. 2682 optional SecretManagerConfig desired_secret_manager_config = 139; 2683} 2684 2685// AdditionalPodRangesConfig is the configuration for additional pod secondary 2686// ranges supporting the ClusterUpdate message. 2687message AdditionalPodRangesConfig { 2688 // Name for pod secondary ipv4 range which has the actual range defined ahead. 2689 repeated string pod_range_names = 1; 2690 2691 // Output only. [Output only] Information for additional pod range. 2692 repeated RangeInfo pod_range_info = 2 2693 [(google.api.field_behavior) = OUTPUT_ONLY]; 2694} 2695 2696// RangeInfo contains the range name and the range utilization by this cluster. 2697message RangeInfo { 2698 // Output only. [Output only] Name of a range. 2699 string range_name = 1 [(google.api.field_behavior) = OUTPUT_ONLY]; 2700 2701 // Output only. [Output only] The utilization of the range. 2702 double utilization = 2 [(google.api.field_behavior) = OUTPUT_ONLY]; 2703} 2704 2705// This operation resource represents operations that may have happened or are 2706// happening on the cluster. All fields are output only. 2707message Operation { 2708 // Current status of the operation. 2709 enum Status { 2710 // Not set. 2711 STATUS_UNSPECIFIED = 0; 2712 2713 // The operation has been created. 2714 PENDING = 1; 2715 2716 // The operation is currently running. 2717 RUNNING = 2; 2718 2719 // The operation is done, either cancelled or completed. 2720 DONE = 3; 2721 2722 // The operation is aborting. 2723 ABORTING = 4; 2724 } 2725 2726 // Operation type categorizes the operation. 2727 enum Type { 2728 // Not set. 2729 TYPE_UNSPECIFIED = 0; 2730 2731 // The cluster is being created. The cluster should be assumed to be 2732 // unusable until the operation finishes. 2733 // 2734 // In the event of the operation failing, the cluster will enter the [ERROR 2735 // state][Cluster.Status.ERROR] and eventually be deleted. 2736 CREATE_CLUSTER = 1; 2737 2738 // The cluster is being deleted. The cluster should be assumed to be 2739 // unusable as soon as this operation starts. 2740 // 2741 // In the event of the operation failing, the cluster will enter the [ERROR 2742 // state][Cluster.Status.ERROR] and the deletion will be automatically 2743 // retried until completed. 2744 DELETE_CLUSTER = 2; 2745 2746 // The [cluster 2747 // version][google.container.v1beta1.ClusterUpdate.desired_master_version] 2748 // is being updated. Note that this includes "upgrades" to the same version, 2749 // which are simply a recreation. This also includes 2750 // [auto-upgrades](https://cloud.google.com/kubernetes-engine/docs/concepts/cluster-upgrades#upgrading_automatically). 2751 // For more details, see [documentation on cluster 2752 // upgrades](https://cloud.google.com/kubernetes-engine/docs/concepts/cluster-upgrades#cluster_upgrades). 2753 UPGRADE_MASTER = 3; 2754 2755 // A node pool is being updated. Despite calling this an "upgrade", this 2756 // includes most forms of updates to node pools. This also includes 2757 // [auto-upgrades](https://cloud.google.com/kubernetes-engine/docs/how-to/node-auto-upgrades). 2758 // 2759 // This operation sets the 2760 // [progress][google.container.v1beta1.Operation.progress] field and may be 2761 // [canceled][google.container.v1beta1.ClusterManager.CancelOperation]. 2762 // 2763 // The upgrade strategy depends on [node pool 2764 // configuration](https://cloud.google.com/kubernetes-engine/docs/concepts/node-pool-upgrade-strategies). 2765 // The nodes are generally still usable during this operation. 2766 UPGRADE_NODES = 4; 2767 2768 // A problem has been detected with the control plane and is being repaired. 2769 // This operation type is initiated by GKE. For more details, see 2770 // [documentation on 2771 // repairs](https://cloud.google.com/kubernetes-engine/docs/concepts/maintenance-windows-and-exclusions#repairs). 2772 REPAIR_CLUSTER = 5; 2773 2774 // The cluster is being updated. This is a broad category of operations and 2775 // includes operations that only change metadata as well as those that must 2776 // recreate the entire cluster. If the control plane must be recreated, this 2777 // will cause temporary downtime for zonal clusters. 2778 // 2779 // Some features require recreating the nodes as well. Those will be 2780 // recreated as separate operations and the update may not be completely 2781 // functional until the node pools recreations finish. Node recreations will 2782 // generally follow [maintenance 2783 // policies](https://cloud.google.com/kubernetes-engine/docs/concepts/maintenance-windows-and-exclusions). 2784 // 2785 // Some GKE-initiated operations use this type. This includes certain types 2786 // of auto-upgrades and incident mitigations. 2787 UPDATE_CLUSTER = 6; 2788 2789 // A node pool is being created. The node pool should be assumed to be 2790 // unusable until this operation finishes. In the event of an error, the 2791 // node pool may be partially created. 2792 // 2793 // If enabled, [node 2794 // autoprovisioning](https://cloud.google.com/kubernetes-engine/docs/how-to/node-auto-provisioning) 2795 // may have automatically initiated such operations. 2796 CREATE_NODE_POOL = 7; 2797 2798 // The node pool is being deleted. The node pool should be assumed to be 2799 // unusable as soon as this operation starts. 2800 DELETE_NODE_POOL = 8; 2801 2802 // The node pool's 2803 // [manamagent][google.container.v1beta1.NodePool.management] field is being 2804 // updated. These operations only update metadata and may be concurrent with 2805 // most other operations. 2806 SET_NODE_POOL_MANAGEMENT = 9; 2807 2808 // A problem has been detected with nodes and [they are being 2809 // repaired](https://cloud.google.com/kubernetes-engine/docs/how-to/node-auto-repair). 2810 // This operation type is initiated by GKE, typically automatically. This 2811 // operation may be concurrent with other operations and there may be 2812 // multiple repairs occurring on the same node pool. 2813 AUTO_REPAIR_NODES = 10; 2814 2815 // Unused. Automatic node upgrade uses 2816 // [UPGRADE_NODES][google.container.v1beta1.Operation.Type.UPGRADE_NODES]. 2817 AUTO_UPGRADE_NODES = 11 [deprecated = true]; 2818 2819 // Unused. Updating labels uses 2820 // [UPDATE_CLUSTER][google.container.v1beta1.Operation.Type.UPDATE_CLUSTER]. 2821 SET_LABELS = 12 [deprecated = true]; 2822 2823 // Unused. Updating master auth uses 2824 // [UPDATE_CLUSTER][google.container.v1beta1.Operation.Type.UPDATE_CLUSTER]. 2825 SET_MASTER_AUTH = 13 [deprecated = true]; 2826 2827 // The node pool is being resized. With the exception of resizing to or from 2828 // size zero, the node pool is generally usable during this operation. 2829 SET_NODE_POOL_SIZE = 14; 2830 2831 // Unused. Updating network policy uses 2832 // [UPDATE_CLUSTER][google.container.v1beta1.Operation.Type.UPDATE_CLUSTER]. 2833 SET_NETWORK_POLICY = 15 [deprecated = true]; 2834 2835 // Unused. Updating maintenance policy uses 2836 // [UPDATE_CLUSTER][google.container.v1beta1.Operation.Type.UPDATE_CLUSTER]. 2837 SET_MAINTENANCE_POLICY = 16 [deprecated = true]; 2838 2839 // The control plane is being resized. This operation type is initiated by 2840 // GKE. These operations are often performed preemptively to ensure that the 2841 // control plane has sufficient resources and is not typically an indication 2842 // of issues. For more details, see 2843 // [documentation on 2844 // resizes](https://cloud.google.com/kubernetes-engine/docs/concepts/maintenance-windows-and-exclusions#repairs). 2845 RESIZE_CLUSTER = 18; 2846 2847 // Fleet features of GKE Enterprise are being upgraded. The cluster should 2848 // be assumed to be blocked for other upgrades until the operation finishes. 2849 FLEET_FEATURE_UPGRADE = 19; 2850 } 2851 2852 // The server-assigned ID for the operation. 2853 string name = 1; 2854 2855 // The name of the Google Compute Engine 2856 // [zone](https://cloud.google.com/compute/docs/zones#available) in which the 2857 // operation is taking place. This field is deprecated, use location instead. 2858 string zone = 2 [deprecated = true]; 2859 2860 // The operation type. 2861 Type operation_type = 3; 2862 2863 // The current status of the operation. 2864 Status status = 4; 2865 2866 // Detailed operation progress, if available. 2867 string detail = 8; 2868 2869 // Output only. If an error has occurred, a textual description of the error. 2870 // Deprecated. Use field error instead. 2871 string status_message = 5 2872 [deprecated = true, (google.api.field_behavior) = OUTPUT_ONLY]; 2873 2874 // Server-defined URI for the operation. Example: 2875 // `https://container.googleapis.com/v1alpha1/projects/123/locations/us-central1/operations/operation-123`. 2876 string self_link = 6; 2877 2878 // Server-defined URI for the target of the operation. The format of this is a 2879 // URI to the resource being modified (such as a cluster, node pool, or node). 2880 // For node pool repairs, there may be multiple nodes being repaired, but only 2881 // one will be the target. 2882 // 2883 // Examples: 2884 // 2885 // - 2886 // ## 2887 // `https://container.googleapis.com/v1/projects/123/locations/us-central1/clusters/my-cluster` 2888 // 2889 // ## 2890 // `https://container.googleapis.com/v1/projects/123/zones/us-central1-c/clusters/my-cluster/nodePools/my-np` 2891 // 2892 // `https://container.googleapis.com/v1/projects/123/zones/us-central1-c/clusters/my-cluster/nodePools/my-np/node/my-node` 2893 string target_link = 7; 2894 2895 // [Output only] The name of the Google Compute Engine 2896 // [zone](https://cloud.google.com/compute/docs/regions-zones/regions-zones#available) 2897 // or 2898 // [region](https://cloud.google.com/compute/docs/regions-zones/regions-zones#available) 2899 // in which the cluster resides. 2900 string location = 9; 2901 2902 // [Output only] The time the operation started, in 2903 // [RFC3339](https://www.ietf.org/rfc/rfc3339.txt) text format. 2904 string start_time = 10; 2905 2906 // [Output only] The time the operation completed, in 2907 // [RFC3339](https://www.ietf.org/rfc/rfc3339.txt) text format. 2908 string end_time = 11; 2909 2910 // Output only. [Output only] Progress information for an operation. 2911 OperationProgress progress = 12 [(google.api.field_behavior) = OUTPUT_ONLY]; 2912 2913 // Which conditions caused the current cluster state. 2914 // Deprecated. Use field error instead. 2915 repeated StatusCondition cluster_conditions = 13 [deprecated = true]; 2916 2917 // Which conditions caused the current node pool state. 2918 // Deprecated. Use field error instead. 2919 repeated StatusCondition nodepool_conditions = 14 [deprecated = true]; 2920 2921 // The error result of the operation in case of failure. 2922 google.rpc.Status error = 15; 2923} 2924 2925// Information about operation (or operation stage) progress. 2926message OperationProgress { 2927 // Progress metric is (string, int|float|string) pair. 2928 message Metric { 2929 // Required. Metric name, e.g., "nodes total", "percent done". 2930 string name = 1 [(google.api.field_behavior) = REQUIRED]; 2931 2932 // Strictly one of the values is required. 2933 oneof value { 2934 // For metrics with integer value. 2935 int64 int_value = 2; 2936 2937 // For metrics with floating point value. 2938 double double_value = 3; 2939 2940 // For metrics with custom values (ratios, visual progress, etc.). 2941 string string_value = 4; 2942 } 2943 } 2944 2945 // A non-parameterized string describing an operation stage. 2946 // Unset for single-stage operations. 2947 string name = 1; 2948 2949 // Status of an operation stage. 2950 // Unset for single-stage operations. 2951 Operation.Status status = 2; 2952 2953 // Progress metric bundle, for example: 2954 // metrics: [{name: "nodes done", int_value: 15}, 2955 // {name: "nodes total", int_value: 32}] 2956 // or 2957 // metrics: [{name: "progress", double_value: 0.56}, 2958 // {name: "progress scale", double_value: 1.0}] 2959 repeated Metric metrics = 3; 2960 2961 // Substages of an operation or a stage. 2962 repeated OperationProgress stages = 4; 2963} 2964 2965// CreateClusterRequest creates a cluster. 2966message CreateClusterRequest { 2967 // Required. Deprecated. The Google Developers Console [project ID or project 2968 // number](https://cloud.google.com/resource-manager/docs/creating-managing-projects). 2969 // This field has been deprecated and replaced by the parent field. 2970 string project_id = 1 2971 [deprecated = true, (google.api.field_behavior) = REQUIRED]; 2972 2973 // Required. Deprecated. The name of the Google Compute Engine 2974 // [zone](https://cloud.google.com/compute/docs/zones#available) in which the 2975 // cluster resides. This field has been deprecated and replaced by the parent 2976 // field. 2977 string zone = 2 [deprecated = true, (google.api.field_behavior) = REQUIRED]; 2978 2979 // Required. A [cluster 2980 // resource](https://cloud.google.com/container-engine/reference/rest/v1beta1/projects.locations.clusters) 2981 Cluster cluster = 3 [(google.api.field_behavior) = REQUIRED]; 2982 2983 // The parent (project and location) where the cluster will be created. 2984 // Specified in the format `projects/*/locations/*`. 2985 string parent = 5; 2986} 2987 2988// GetClusterRequest gets the settings of a cluster. 2989message GetClusterRequest { 2990 // Required. Deprecated. The Google Developers Console [project ID or project 2991 // number](https://cloud.google.com/resource-manager/docs/creating-managing-projects). 2992 // This field has been deprecated and replaced by the name field. 2993 string project_id = 1 2994 [deprecated = true, (google.api.field_behavior) = REQUIRED]; 2995 2996 // Required. Deprecated. The name of the Google Compute Engine 2997 // [zone](https://cloud.google.com/compute/docs/zones#available) in which the 2998 // cluster resides. This field has been deprecated and replaced by the name 2999 // field. 3000 string zone = 2 [deprecated = true, (google.api.field_behavior) = REQUIRED]; 3001 3002 // Required. Deprecated. The name of the cluster to retrieve. 3003 // This field has been deprecated and replaced by the name field. 3004 string cluster_id = 3 3005 [deprecated = true, (google.api.field_behavior) = REQUIRED]; 3006 3007 // The name (project, location, cluster) of the cluster to retrieve. 3008 // Specified in the format `projects/*/locations/*/clusters/*`. 3009 string name = 5; 3010} 3011 3012// UpdateClusterRequest updates the settings of a cluster. 3013message UpdateClusterRequest { 3014 // Required. Deprecated. The Google Developers Console [project ID or project 3015 // number](https://cloud.google.com/resource-manager/docs/creating-managing-projects). 3016 // This field has been deprecated and replaced by the name field. 3017 string project_id = 1 3018 [deprecated = true, (google.api.field_behavior) = REQUIRED]; 3019 3020 // Required. Deprecated. The name of the Google Compute Engine 3021 // [zone](https://cloud.google.com/compute/docs/zones#available) in which the 3022 // cluster resides. This field has been deprecated and replaced by the name 3023 // field. 3024 string zone = 2 [deprecated = true, (google.api.field_behavior) = REQUIRED]; 3025 3026 // Required. Deprecated. The name of the cluster to upgrade. 3027 // This field has been deprecated and replaced by the name field. 3028 string cluster_id = 3 3029 [deprecated = true, (google.api.field_behavior) = REQUIRED]; 3030 3031 // Required. A description of the update. 3032 ClusterUpdate update = 4 [(google.api.field_behavior) = REQUIRED]; 3033 3034 // The name (project, location, cluster) of the cluster to update. 3035 // Specified in the format `projects/*/locations/*/clusters/*`. 3036 string name = 5; 3037} 3038 3039// SetNodePoolVersionRequest updates the version of a node pool. 3040message UpdateNodePoolRequest { 3041 // Required. Deprecated. The Google Developers Console [project ID or project 3042 // number](https://cloud.google.com/resource-manager/docs/creating-managing-projects). 3043 // This field has been deprecated and replaced by the name field. 3044 string project_id = 1 3045 [deprecated = true, (google.api.field_behavior) = REQUIRED]; 3046 3047 // Required. Deprecated. The name of the Google Compute Engine 3048 // [zone](https://cloud.google.com/compute/docs/zones#available) in which the 3049 // cluster resides. This field has been deprecated and replaced by the name 3050 // field. 3051 string zone = 2 [deprecated = true, (google.api.field_behavior) = REQUIRED]; 3052 3053 // Required. Deprecated. The name of the cluster to upgrade. 3054 // This field has been deprecated and replaced by the name field. 3055 string cluster_id = 3 3056 [deprecated = true, (google.api.field_behavior) = REQUIRED]; 3057 3058 // Required. Deprecated. The name of the node pool to upgrade. 3059 // This field has been deprecated and replaced by the name field. 3060 string node_pool_id = 4 3061 [deprecated = true, (google.api.field_behavior) = REQUIRED]; 3062 3063 // Required. The Kubernetes version to change the nodes to (typically an 3064 // upgrade). 3065 // 3066 // Users may specify either explicit versions offered by Kubernetes Engine or 3067 // version aliases, which have the following behavior: 3068 // 3069 // - "latest": picks the highest valid Kubernetes version 3070 // - "1.X": picks the highest valid patch+gke.N patch in the 1.X version 3071 // - "1.X.Y": picks the highest valid gke.N patch in the 1.X.Y version 3072 // - "1.X.Y-gke.N": picks an explicit Kubernetes version 3073 // - "-": picks the Kubernetes master version 3074 string node_version = 5 [(google.api.field_behavior) = REQUIRED]; 3075 3076 // Required. The desired image type for the node pool. Please see 3077 // https://cloud.google.com/kubernetes-engine/docs/concepts/node-images for 3078 // available image types. 3079 string image_type = 6 [(google.api.field_behavior) = REQUIRED]; 3080 3081 // The desired list of Google Compute Engine 3082 // [zones](https://cloud.google.com/compute/docs/zones#available) in which the 3083 // node pool's nodes should be located. Changing the locations for a node pool 3084 // will result in nodes being either created or removed from the node pool, 3085 // depending on whether locations are being added or removed. 3086 repeated string locations = 13; 3087 3088 // The desired workload metadata config for the node pool. 3089 WorkloadMetadataConfig workload_metadata_config = 14; 3090 3091 // The name (project, location, cluster, node pool) of the node pool to 3092 // update. Specified in the format 3093 // `projects/*/locations/*/clusters/*/nodePools/*`. 3094 string name = 8; 3095 3096 // Upgrade settings control disruption and speed of the upgrade. 3097 NodePool.UpgradeSettings upgrade_settings = 15; 3098 3099 // The desired network tags to be applied to all nodes in the node pool. 3100 // If this field is not present, the tags will not be changed. Otherwise, 3101 // the existing network tags will be *replaced* with the provided tags. 3102 NetworkTags tags = 16; 3103 3104 // The desired node taints to be applied to all nodes in the node pool. 3105 // If this field is not present, the taints will not be changed. Otherwise, 3106 // the existing node taints will be *replaced* with the provided taints. 3107 NodeTaints taints = 17; 3108 3109 // The desired node labels to be applied to all nodes in the node pool. 3110 // If this field is not present, the labels will not be changed. Otherwise, 3111 // the existing node labels will be *replaced* with the provided labels. 3112 NodeLabels labels = 18; 3113 3114 // Parameters that can be configured on Linux nodes. 3115 LinuxNodeConfig linux_node_config = 19; 3116 3117 // Node kubelet configs. 3118 NodeKubeletConfig kubelet_config = 20; 3119 3120 // Node network config. 3121 NodeNetworkConfig node_network_config = 21; 3122 3123 // GCFS config. 3124 GcfsConfig gcfs_config = 22; 3125 3126 // Confidential nodes config. 3127 // All the nodes in the node pool will be Confidential VM once enabled. 3128 ConfidentialNodes confidential_nodes = 23; 3129 3130 // Enable or disable gvnic on the node pool. 3131 VirtualNIC gvnic = 29; 3132 3133 // The current etag of the node pool. 3134 // If an etag is provided and does not match the current etag of the node 3135 // pool, update will be blocked and an ABORTED error will be returned. 3136 string etag = 30; 3137 3138 // Enable or disable NCCL fast socket for the node pool. 3139 FastSocket fast_socket = 31; 3140 3141 // Logging configuration. 3142 NodePoolLoggingConfig logging_config = 32; 3143 3144 // The resource labels for the node pool to use to annotate any related 3145 // Google Compute Engine resources. 3146 ResourceLabels resource_labels = 33; 3147 3148 // Parameters that can be configured on Windows nodes. 3149 WindowsNodeConfig windows_node_config = 34; 3150 3151 // Optional. The desired machine type for nodes in the node pool. 3152 // Initiates an upgrade operation that migrates the nodes in the 3153 // node pool to the specified machine type. 3154 string machine_type = 36 [(google.api.field_behavior) = OPTIONAL]; 3155 3156 // Optional. The desired disk type for nodes in the node pool. 3157 // Initiates an upgrade operation that migrates the nodes in the 3158 // node pool to the specified disk type. 3159 string disk_type = 37 [(google.api.field_behavior) = OPTIONAL]; 3160 3161 // Optional. The desired disk size for nodes in the node pool. 3162 // Initiates an upgrade operation that migrates the nodes in the 3163 // node pool to the specified disk size. 3164 int64 disk_size_gb = 38 [(google.api.field_behavior) = OPTIONAL]; 3165 3166 // Desired resource manager tag keys and values to be attached to the nodes 3167 // for managing Compute Engine firewalls using Network Firewall Policies. 3168 // Existing tags will be replaced with new values. 3169 ResourceManagerTags resource_manager_tags = 39; 3170 3171 // Specifies the configuration of queued provisioning. 3172 NodePool.QueuedProvisioning queued_provisioning = 42; 3173} 3174 3175// SetNodePoolAutoscalingRequest sets the autoscaler settings of a node pool. 3176message SetNodePoolAutoscalingRequest { 3177 // Required. Deprecated. The Google Developers Console [project ID or project 3178 // number](https://cloud.google.com/resource-manager/docs/creating-managing-projects). 3179 // This field has been deprecated and replaced by the name field. 3180 string project_id = 1 3181 [deprecated = true, (google.api.field_behavior) = REQUIRED]; 3182 3183 // Required. Deprecated. The name of the Google Compute Engine 3184 // [zone](https://cloud.google.com/compute/docs/zones#available) in which the 3185 // cluster resides. This field has been deprecated and replaced by the name 3186 // field. 3187 string zone = 2 [deprecated = true, (google.api.field_behavior) = REQUIRED]; 3188 3189 // Required. Deprecated. The name of the cluster to upgrade. 3190 // This field has been deprecated and replaced by the name field. 3191 string cluster_id = 3 3192 [deprecated = true, (google.api.field_behavior) = REQUIRED]; 3193 3194 // Required. Deprecated. The name of the node pool to upgrade. 3195 // This field has been deprecated and replaced by the name field. 3196 string node_pool_id = 4 3197 [deprecated = true, (google.api.field_behavior) = REQUIRED]; 3198 3199 // Required. Autoscaling configuration for the node pool. 3200 NodePoolAutoscaling autoscaling = 5 [(google.api.field_behavior) = REQUIRED]; 3201 3202 // The name (project, location, cluster, node pool) of the node pool to set 3203 // autoscaler settings. Specified in the format 3204 // `projects/*/locations/*/clusters/*/nodePools/*`. 3205 string name = 6; 3206} 3207 3208// SetLoggingServiceRequest sets the logging service of a cluster. 3209message SetLoggingServiceRequest { 3210 // Required. Deprecated. The Google Developers Console [project ID or project 3211 // number](https://cloud.google.com/resource-manager/docs/creating-managing-projects). 3212 // This field has been deprecated and replaced by the name field. 3213 string project_id = 1 3214 [deprecated = true, (google.api.field_behavior) = REQUIRED]; 3215 3216 // Required. Deprecated. The name of the Google Compute Engine 3217 // [zone](https://cloud.google.com/compute/docs/zones#available) in which the 3218 // cluster resides. This field has been deprecated and replaced by the name 3219 // field. 3220 string zone = 2 [deprecated = true, (google.api.field_behavior) = REQUIRED]; 3221 3222 // Required. Deprecated. The name of the cluster to upgrade. 3223 // This field has been deprecated and replaced by the name field. 3224 string cluster_id = 3 3225 [deprecated = true, (google.api.field_behavior) = REQUIRED]; 3226 3227 // Required. The logging service the cluster should use to write logs. 3228 // Currently available options: 3229 // 3230 // * `logging.googleapis.com/kubernetes` - The Cloud Logging 3231 // service with a Kubernetes-native resource model 3232 // * `logging.googleapis.com` - The legacy Cloud Logging service (no longer 3233 // available as of GKE 1.15). 3234 // * `none` - no logs will be exported from the cluster. 3235 // 3236 // If left as an empty string,`logging.googleapis.com/kubernetes` will be 3237 // used for GKE 1.14+ or `logging.googleapis.com` for earlier versions. 3238 string logging_service = 4 [(google.api.field_behavior) = REQUIRED]; 3239 3240 // The name (project, location, cluster) of the cluster to set logging. 3241 // Specified in the format `projects/*/locations/*/clusters/*`. 3242 string name = 5; 3243} 3244 3245// SetMonitoringServiceRequest sets the monitoring service of a cluster. 3246message SetMonitoringServiceRequest { 3247 // Required. Deprecated. The Google Developers Console [project ID or project 3248 // number](https://cloud.google.com/resource-manager/docs/creating-managing-projects). 3249 // This field has been deprecated and replaced by the name field. 3250 string project_id = 1 3251 [deprecated = true, (google.api.field_behavior) = REQUIRED]; 3252 3253 // Required. Deprecated. The name of the Google Compute Engine 3254 // [zone](https://cloud.google.com/compute/docs/zones#available) in which the 3255 // cluster resides. This field has been deprecated and replaced by the name 3256 // field. 3257 string zone = 2 [deprecated = true, (google.api.field_behavior) = REQUIRED]; 3258 3259 // Required. Deprecated. The name of the cluster to upgrade. 3260 // This field has been deprecated and replaced by the name field. 3261 string cluster_id = 3 3262 [deprecated = true, (google.api.field_behavior) = REQUIRED]; 3263 3264 // Required. The monitoring service the cluster should use to write metrics. 3265 // Currently available options: 3266 // 3267 // * "monitoring.googleapis.com/kubernetes" - The Cloud Monitoring 3268 // service with a Kubernetes-native resource model 3269 // * `monitoring.googleapis.com` - The legacy Cloud Monitoring service (no 3270 // longer available as of GKE 1.15). 3271 // * `none` - No metrics will be exported from the cluster. 3272 // 3273 // If left as an empty string,`monitoring.googleapis.com/kubernetes` will be 3274 // used for GKE 1.14+ or `monitoring.googleapis.com` for earlier versions. 3275 string monitoring_service = 4 [(google.api.field_behavior) = REQUIRED]; 3276 3277 // The name (project, location, cluster) of the cluster to set monitoring. 3278 // Specified in the format `projects/*/locations/*/clusters/*`. 3279 string name = 6; 3280} 3281 3282// SetAddonsRequest sets the addons associated with the cluster. 3283message SetAddonsConfigRequest { 3284 // Required. Deprecated. The Google Developers Console [project ID or project 3285 // number](https://cloud.google.com/resource-manager/docs/creating-managing-projects). 3286 // This field has been deprecated and replaced by the name field. 3287 string project_id = 1 3288 [deprecated = true, (google.api.field_behavior) = REQUIRED]; 3289 3290 // Required. Deprecated. The name of the Google Compute Engine 3291 // [zone](https://cloud.google.com/compute/docs/zones#available) in which the 3292 // cluster resides. This field has been deprecated and replaced by the name 3293 // field. 3294 string zone = 2 [deprecated = true, (google.api.field_behavior) = REQUIRED]; 3295 3296 // Required. Deprecated. The name of the cluster to upgrade. 3297 // This field has been deprecated and replaced by the name field. 3298 string cluster_id = 3 3299 [deprecated = true, (google.api.field_behavior) = REQUIRED]; 3300 3301 // Required. The desired configurations for the various addons available to 3302 // run in the cluster. 3303 AddonsConfig addons_config = 4 [(google.api.field_behavior) = REQUIRED]; 3304 3305 // The name (project, location, cluster) of the cluster to set addons. 3306 // Specified in the format `projects/*/locations/*/clusters/*`. 3307 string name = 6; 3308} 3309 3310// SetLocationsRequest sets the locations of the cluster. 3311message SetLocationsRequest { 3312 // Required. Deprecated. The Google Developers Console [project ID or project 3313 // number](https://cloud.google.com/resource-manager/docs/creating-managing-projects). 3314 // This field has been deprecated and replaced by the name field. 3315 string project_id = 1 3316 [deprecated = true, (google.api.field_behavior) = REQUIRED]; 3317 3318 // Required. Deprecated. The name of the Google Compute Engine 3319 // [zone](https://cloud.google.com/compute/docs/zones#available) in which the 3320 // cluster resides. This field has been deprecated and replaced by the name 3321 // field. 3322 string zone = 2 [deprecated = true, (google.api.field_behavior) = REQUIRED]; 3323 3324 // Required. Deprecated. The name of the cluster to upgrade. 3325 // This field has been deprecated and replaced by the name field. 3326 string cluster_id = 3 3327 [deprecated = true, (google.api.field_behavior) = REQUIRED]; 3328 3329 // Required. The desired list of Google Compute Engine 3330 // [zones](https://cloud.google.com/compute/docs/zones#available) in which the 3331 // cluster's nodes should be located. Changing the locations a cluster is in 3332 // will result in nodes being either created or removed from the cluster, 3333 // depending on whether locations are being added or removed. 3334 // 3335 // This list must always include the cluster's primary zone. 3336 repeated string locations = 4 [(google.api.field_behavior) = REQUIRED]; 3337 3338 // The name (project, location, cluster) of the cluster to set locations. 3339 // Specified in the format `projects/*/locations/*/clusters/*`. 3340 string name = 6; 3341} 3342 3343// UpdateMasterRequest updates the master of the cluster. 3344message UpdateMasterRequest { 3345 // Required. Deprecated. The Google Developers Console [project ID or project 3346 // number](https://cloud.google.com/resource-manager/docs/creating-managing-projects). 3347 // This field has been deprecated and replaced by the name field. 3348 string project_id = 1 3349 [deprecated = true, (google.api.field_behavior) = REQUIRED]; 3350 3351 // Required. Deprecated. The name of the Google Compute Engine 3352 // [zone](https://cloud.google.com/compute/docs/zones#available) in which the 3353 // cluster resides. This field has been deprecated and replaced by the name 3354 // field. 3355 string zone = 2 [deprecated = true, (google.api.field_behavior) = REQUIRED]; 3356 3357 // Required. Deprecated. The name of the cluster to upgrade. 3358 // This field has been deprecated and replaced by the name field. 3359 string cluster_id = 3 3360 [deprecated = true, (google.api.field_behavior) = REQUIRED]; 3361 3362 // Required. The Kubernetes version to change the master to. 3363 // 3364 // Users may specify either explicit versions offered by 3365 // Kubernetes Engine or version aliases, which have the following behavior: 3366 // 3367 // - "latest": picks the highest valid Kubernetes version 3368 // - "1.X": picks the highest valid patch+gke.N patch in the 1.X version 3369 // - "1.X.Y": picks the highest valid gke.N patch in the 1.X.Y version 3370 // - "1.X.Y-gke.N": picks an explicit Kubernetes version 3371 // - "-": picks the default Kubernetes version 3372 string master_version = 4 [(google.api.field_behavior) = REQUIRED]; 3373 3374 // The name (project, location, cluster) of the cluster to update. 3375 // Specified in the format `projects/*/locations/*/clusters/*`. 3376 string name = 7; 3377} 3378 3379// SetMasterAuthRequest updates the admin password of a cluster. 3380message SetMasterAuthRequest { 3381 // Operation type: what type update to perform. 3382 enum Action { 3383 // Operation is unknown and will error out. 3384 UNKNOWN = 0; 3385 3386 // Set the password to a user generated value. 3387 SET_PASSWORD = 1; 3388 3389 // Generate a new password and set it to that. 3390 GENERATE_PASSWORD = 2; 3391 3392 // Set the username. If an empty username is provided, basic authentication 3393 // is disabled for the cluster. If a non-empty username is provided, basic 3394 // authentication is enabled, with either a provided password or a generated 3395 // one. 3396 SET_USERNAME = 3; 3397 } 3398 3399 // Required. Deprecated. The Google Developers Console [project ID or project 3400 // number](https://cloud.google.com/resource-manager/docs/creating-managing-projects). 3401 // This field has been deprecated and replaced by the name field. 3402 string project_id = 1 3403 [deprecated = true, (google.api.field_behavior) = REQUIRED]; 3404 3405 // Required. Deprecated. The name of the Google Compute Engine 3406 // [zone](https://cloud.google.com/compute/docs/zones#available) in which the 3407 // cluster resides. This field has been deprecated and replaced by the name 3408 // field. 3409 string zone = 2 [deprecated = true, (google.api.field_behavior) = REQUIRED]; 3410 3411 // Required. Deprecated. The name of the cluster to upgrade. 3412 // This field has been deprecated and replaced by the name field. 3413 string cluster_id = 3 3414 [deprecated = true, (google.api.field_behavior) = REQUIRED]; 3415 3416 // Required. The exact form of action to be taken on the master auth. 3417 Action action = 4 [(google.api.field_behavior) = REQUIRED]; 3418 3419 // Required. A description of the update. 3420 MasterAuth update = 5 [(google.api.field_behavior) = REQUIRED]; 3421 3422 // The name (project, location, cluster) of the cluster to set auth. 3423 // Specified in the format `projects/*/locations/*/clusters/*`. 3424 string name = 7; 3425} 3426 3427// DeleteClusterRequest deletes a cluster. 3428message DeleteClusterRequest { 3429 // Required. Deprecated. The Google Developers Console [project ID or project 3430 // number](https://cloud.google.com/resource-manager/docs/creating-managing-projects). 3431 // This field has been deprecated and replaced by the name field. 3432 string project_id = 1 3433 [deprecated = true, (google.api.field_behavior) = REQUIRED]; 3434 3435 // Required. Deprecated. The name of the Google Compute Engine 3436 // [zone](https://cloud.google.com/compute/docs/zones#available) in which the 3437 // cluster resides. This field has been deprecated and replaced by the name 3438 // field. 3439 string zone = 2 [deprecated = true, (google.api.field_behavior) = REQUIRED]; 3440 3441 // Required. Deprecated. The name of the cluster to delete. 3442 // This field has been deprecated and replaced by the name field. 3443 string cluster_id = 3 3444 [deprecated = true, (google.api.field_behavior) = REQUIRED]; 3445 3446 // The name (project, location, cluster) of the cluster to delete. 3447 // Specified in the format `projects/*/locations/*/clusters/*`. 3448 string name = 4; 3449} 3450 3451// ListClustersRequest lists clusters. 3452message ListClustersRequest { 3453 // Required. Deprecated. The Google Developers Console [project ID or project 3454 // number](https://cloud.google.com/resource-manager/docs/creating-managing-projects). 3455 // This field has been deprecated and replaced by the parent field. 3456 string project_id = 1 3457 [deprecated = true, (google.api.field_behavior) = REQUIRED]; 3458 3459 // Required. Deprecated. The name of the Google Compute Engine 3460 // [zone](https://cloud.google.com/compute/docs/zones#available) in which the 3461 // cluster resides, or "-" for all zones. This field has been deprecated and 3462 // replaced by the parent field. 3463 string zone = 2 [deprecated = true, (google.api.field_behavior) = REQUIRED]; 3464 3465 // The parent (project and location) where the clusters will be listed. 3466 // Specified in the format `projects/*/locations/*`. 3467 // Location "-" matches all zones and all regions. 3468 string parent = 4; 3469} 3470 3471// ListClustersResponse is the result of ListClustersRequest. 3472message ListClustersResponse { 3473 // A list of clusters in the project in the specified zone, or 3474 // across all ones. 3475 repeated Cluster clusters = 1; 3476 3477 // If any zones are listed here, the list of clusters returned 3478 // may be missing those zones. 3479 repeated string missing_zones = 2; 3480} 3481 3482// GetOperationRequest gets a single operation. 3483message GetOperationRequest { 3484 // Required. Deprecated. The Google Developers Console [project ID or project 3485 // number](https://cloud.google.com/resource-manager/docs/creating-managing-projects). 3486 // This field has been deprecated and replaced by the name field. 3487 string project_id = 1 3488 [deprecated = true, (google.api.field_behavior) = REQUIRED]; 3489 3490 // Required. Deprecated. The name of the Google Compute Engine 3491 // [zone](https://cloud.google.com/compute/docs/zones#available) in which the 3492 // cluster resides. This field has been deprecated and replaced by the name 3493 // field. 3494 string zone = 2 [deprecated = true, (google.api.field_behavior) = REQUIRED]; 3495 3496 // Required. Deprecated. The server-assigned `name` of the operation. 3497 // This field has been deprecated and replaced by the name field. 3498 string operation_id = 3 3499 [deprecated = true, (google.api.field_behavior) = REQUIRED]; 3500 3501 // The name (project, location, operation id) of the operation to get. 3502 // Specified in the format `projects/*/locations/*/operations/*`. 3503 string name = 5; 3504} 3505 3506// ListOperationsRequest lists operations. 3507message ListOperationsRequest { 3508 // Required. Deprecated. The Google Developers Console [project ID or project 3509 // number](https://cloud.google.com/resource-manager/docs/creating-managing-projects). 3510 // This field has been deprecated and replaced by the parent field. 3511 string project_id = 1 3512 [deprecated = true, (google.api.field_behavior) = REQUIRED]; 3513 3514 // Required. Deprecated. The name of the Google Compute Engine 3515 // [zone](https://cloud.google.com/compute/docs/zones#available) to return 3516 // operations for, or `-` for all zones. This field has been deprecated and 3517 // replaced by the parent field. 3518 string zone = 2 [deprecated = true, (google.api.field_behavior) = REQUIRED]; 3519 3520 // The parent (project and location) where the operations will be listed. 3521 // Specified in the format `projects/*/locations/*`. 3522 // Location "-" matches all zones and all regions. 3523 string parent = 4; 3524} 3525 3526// CancelOperationRequest cancels a single operation. 3527message CancelOperationRequest { 3528 // Required. Deprecated. The Google Developers Console [project ID or project 3529 // number](https://cloud.google.com/resource-manager/docs/creating-managing-projects). 3530 // This field has been deprecated and replaced by the name field. 3531 string project_id = 1 3532 [deprecated = true, (google.api.field_behavior) = REQUIRED]; 3533 3534 // Required. Deprecated. The name of the Google Compute Engine 3535 // [zone](https://cloud.google.com/compute/docs/zones#available) in which the 3536 // operation resides. This field has been deprecated and replaced by the name 3537 // field. 3538 string zone = 2 [deprecated = true, (google.api.field_behavior) = REQUIRED]; 3539 3540 // Required. Deprecated. The server-assigned `name` of the operation. 3541 // This field has been deprecated and replaced by the name field. 3542 string operation_id = 3 3543 [deprecated = true, (google.api.field_behavior) = REQUIRED]; 3544 3545 // The name (project, location, operation id) of the operation to cancel. 3546 // Specified in the format `projects/*/locations/*/operations/*`. 3547 string name = 4; 3548} 3549 3550// ListOperationsResponse is the result of ListOperationsRequest. 3551message ListOperationsResponse { 3552 // A list of operations in the project in the specified zone. 3553 repeated Operation operations = 1; 3554 3555 // If any zones are listed here, the list of operations returned 3556 // may be missing the operations from those zones. 3557 repeated string missing_zones = 2; 3558} 3559 3560// Gets the current Kubernetes Engine service configuration. 3561message GetServerConfigRequest { 3562 // Required. Deprecated. The Google Developers Console [project ID or project 3563 // number](https://cloud.google.com/resource-manager/docs/creating-managing-projects). 3564 // This field has been deprecated and replaced by the name field. 3565 string project_id = 1 3566 [deprecated = true, (google.api.field_behavior) = REQUIRED]; 3567 3568 // Required. Deprecated. The name of the Google Compute Engine 3569 // [zone](https://cloud.google.com/compute/docs/zones#available) to return 3570 // operations for. This field has been deprecated and replaced by the name 3571 // field. 3572 string zone = 2 [deprecated = true, (google.api.field_behavior) = REQUIRED]; 3573 3574 // The name (project and location) of the server config to get, 3575 // specified in the format `projects/*/locations/*`. 3576 string name = 4; 3577} 3578 3579// Kubernetes Engine service configuration. 3580message ServerConfig { 3581 // ReleaseChannelConfig exposes configuration for a release channel. 3582 message ReleaseChannelConfig { 3583 // Deprecated. 3584 message AvailableVersion { 3585 option deprecated = true; 3586 3587 // Kubernetes version. 3588 string version = 1; 3589 3590 // Reason for availability. 3591 string reason = 2; 3592 } 3593 3594 // The release channel this configuration applies to. 3595 ReleaseChannel.Channel channel = 1; 3596 3597 // The default version for newly created clusters on the channel. 3598 string default_version = 2; 3599 3600 // Deprecated. 3601 // This field has been deprecated and replaced with the valid_versions 3602 // field. 3603 repeated AvailableVersion available_versions = 3 [deprecated = true]; 3604 3605 // List of valid versions for the channel. 3606 repeated string valid_versions = 4; 3607 } 3608 3609 // Version of Kubernetes the service deploys by default. 3610 string default_cluster_version = 1; 3611 3612 // List of valid node upgrade target versions, in descending order. 3613 repeated string valid_node_versions = 3; 3614 3615 // Default image type. 3616 string default_image_type = 4; 3617 3618 // List of valid image types. 3619 repeated string valid_image_types = 5; 3620 3621 // List of valid master versions, in descending order. 3622 repeated string valid_master_versions = 6; 3623 3624 // List of release channel configurations. 3625 repeated ReleaseChannelConfig channels = 9; 3626 3627 // Maps of Kubernetes version and supported Windows server versions. 3628 map<string, WindowsVersions> windows_version_maps = 10; 3629} 3630 3631// Best effort provisioning. 3632message BestEffortProvisioning { 3633 // When this is enabled, cluster/node pool creations will ignore non-fatal 3634 // errors like stockout to best provision as many nodes as possible right now 3635 // and eventually bring up all target number of nodes 3636 bool enabled = 1; 3637 3638 // Minimum number of nodes to be provisioned to be considered as succeeded, 3639 // and the rest of nodes will be provisioned gradually and eventually when 3640 // stockout issue has been resolved. 3641 int32 min_provision_nodes = 2; 3642} 3643 3644// Windows server versions. 3645message WindowsVersions { 3646 // Windows server version. 3647 message WindowsVersion { 3648 // Windows server image type 3649 string image_type = 1; 3650 3651 // Windows server build number 3652 string os_version = 2; 3653 3654 // Mainstream support end date 3655 google.type.Date support_end_date = 3; 3656 } 3657 3658 // List of Windows server versions. 3659 repeated WindowsVersion windows_versions = 1; 3660} 3661 3662// CreateNodePoolRequest creates a node pool for a cluster. 3663message CreateNodePoolRequest { 3664 // Required. Deprecated. The Google Developers Console [project ID or project 3665 // number](https://cloud.google.com/resource-manager/docs/creating-managing-projects). 3666 // This field has been deprecated and replaced by the parent field. 3667 string project_id = 1 3668 [deprecated = true, (google.api.field_behavior) = REQUIRED]; 3669 3670 // Required. Deprecated. The name of the Google Compute Engine 3671 // [zone](https://cloud.google.com/compute/docs/zones#available) in which the 3672 // cluster resides. This field has been deprecated and replaced by the parent 3673 // field. 3674 string zone = 2 [deprecated = true, (google.api.field_behavior) = REQUIRED]; 3675 3676 // Required. Deprecated. The name of the cluster. 3677 // This field has been deprecated and replaced by the parent field. 3678 string cluster_id = 3 3679 [deprecated = true, (google.api.field_behavior) = REQUIRED]; 3680 3681 // Required. The node pool to create. 3682 NodePool node_pool = 4 [(google.api.field_behavior) = REQUIRED]; 3683 3684 // The parent (project, location, cluster name) where the node pool will be 3685 // created. Specified in the format 3686 // `projects/*/locations/*/clusters/*`. 3687 string parent = 6; 3688} 3689 3690// DeleteNodePoolRequest deletes a node pool for a cluster. 3691message DeleteNodePoolRequest { 3692 // Required. Deprecated. The Google Developers Console [project ID or project 3693 // number](https://cloud.google.com/resource-manager/docs/creating-managing-projects). 3694 // This field has been deprecated and replaced by the name field. 3695 string project_id = 1 3696 [deprecated = true, (google.api.field_behavior) = REQUIRED]; 3697 3698 // Required. Deprecated. The name of the Google Compute Engine 3699 // [zone](https://cloud.google.com/compute/docs/zones#available) in which the 3700 // cluster resides. This field has been deprecated and replaced by the name 3701 // field. 3702 string zone = 2 [deprecated = true, (google.api.field_behavior) = REQUIRED]; 3703 3704 // Required. Deprecated. The name of the cluster. 3705 // This field has been deprecated and replaced by the name field. 3706 string cluster_id = 3 3707 [deprecated = true, (google.api.field_behavior) = REQUIRED]; 3708 3709 // Required. Deprecated. The name of the node pool to delete. 3710 // This field has been deprecated and replaced by the name field. 3711 string node_pool_id = 4 3712 [deprecated = true, (google.api.field_behavior) = REQUIRED]; 3713 3714 // The name (project, location, cluster, node pool id) of the node pool to 3715 // delete. Specified in the format 3716 // `projects/*/locations/*/clusters/*/nodePools/*`. 3717 string name = 6; 3718} 3719 3720// ListNodePoolsRequest lists the node pool(s) for a cluster. 3721message ListNodePoolsRequest { 3722 // Required. Deprecated. The Google Developers Console [project ID or project 3723 // number](https://cloud.google.com/resource-manager/docs/creating-managing-projects). 3724 // This field has been deprecated and replaced by the parent field. 3725 string project_id = 1 3726 [deprecated = true, (google.api.field_behavior) = REQUIRED]; 3727 3728 // Required. Deprecated. The name of the Google Compute Engine 3729 // [zone](https://cloud.google.com/compute/docs/zones#available) in which the 3730 // cluster resides. This field has been deprecated and replaced by the parent 3731 // field. 3732 string zone = 2 [deprecated = true, (google.api.field_behavior) = REQUIRED]; 3733 3734 // Required. Deprecated. The name of the cluster. 3735 // This field has been deprecated and replaced by the parent field. 3736 string cluster_id = 3 3737 [deprecated = true, (google.api.field_behavior) = REQUIRED]; 3738 3739 // The parent (project, location, cluster name) where the node pools will be 3740 // listed. Specified in the format `projects/*/locations/*/clusters/*`. 3741 string parent = 5; 3742} 3743 3744// GetNodePoolRequest retrieves a node pool for a cluster. 3745message GetNodePoolRequest { 3746 // Required. Deprecated. The Google Developers Console [project ID or project 3747 // number](https://cloud.google.com/resource-manager/docs/creating-managing-projects). 3748 // This field has been deprecated and replaced by the name field. 3749 string project_id = 1 3750 [deprecated = true, (google.api.field_behavior) = REQUIRED]; 3751 3752 // Required. Deprecated. The name of the Google Compute Engine 3753 // [zone](https://cloud.google.com/compute/docs/zones#available) in which the 3754 // cluster resides. This field has been deprecated and replaced by the name 3755 // field. 3756 string zone = 2 [deprecated = true, (google.api.field_behavior) = REQUIRED]; 3757 3758 // Required. Deprecated. The name of the cluster. 3759 // This field has been deprecated and replaced by the name field. 3760 string cluster_id = 3 3761 [deprecated = true, (google.api.field_behavior) = REQUIRED]; 3762 3763 // Required. Deprecated. The name of the node pool. 3764 // This field has been deprecated and replaced by the name field. 3765 string node_pool_id = 4 3766 [deprecated = true, (google.api.field_behavior) = REQUIRED]; 3767 3768 // The name (project, location, cluster, node pool id) of the node pool to 3769 // get. Specified in the format 3770 // `projects/*/locations/*/clusters/*/nodePools/*`. 3771 string name = 6; 3772} 3773 3774// Settings for blue-green upgrade. 3775message BlueGreenSettings { 3776 // Standard rollout policy is the default policy for blue-green. 3777 message StandardRolloutPolicy { 3778 // Blue pool size to drain in a batch. 3779 oneof update_batch_size { 3780 // Percentage of the blue pool nodes to drain in a batch. 3781 // The range of this field should be (0.0, 1.0]. 3782 float batch_percentage = 1; 3783 3784 // Number of blue nodes to drain in a batch. 3785 int32 batch_node_count = 2; 3786 } 3787 3788 // Soak time after each batch gets drained. Default to zero. 3789 optional google.protobuf.Duration batch_soak_duration = 3; 3790 } 3791 3792 // Autoscaled rollout policy uses cluster autoscaler during 3793 // blue-green upgrades to scale both the green and blue pools. 3794 message AutoscaledRolloutPolicy {} 3795 3796 // The rollout policy controls the general rollout progress of blue-green. 3797 oneof rollout_policy { 3798 // Standard policy for the blue-green upgrade. 3799 StandardRolloutPolicy standard_rollout_policy = 1; 3800 3801 // Autoscaled policy for cluster autoscaler enabled blue-green upgrade. 3802 AutoscaledRolloutPolicy autoscaled_rollout_policy = 3; 3803 } 3804 3805 // Time needed after draining entire blue pool. After this period, blue pool 3806 // will be cleaned up. 3807 optional google.protobuf.Duration node_pool_soak_duration = 2; 3808} 3809 3810// NodePool contains the name and configuration for a cluster's node pool. 3811// Node pools are a set of nodes (i.e. VM's), with a common configuration and 3812// specification, under the control of the cluster master. They may have a set 3813// of Kubernetes labels applied to them, which may be used to reference them 3814// during pod scheduling. They may also be resized up or down, to accommodate 3815// the workload. 3816message NodePool { 3817 // These upgrade settings control the level of parallelism and the level of 3818 // disruption caused by an upgrade. 3819 // 3820 // maxUnavailable controls the number of nodes that can be simultaneously 3821 // unavailable. 3822 // 3823 // maxSurge controls the number of additional nodes that can be added to the 3824 // node pool temporarily for the time of the upgrade to increase the number of 3825 // available nodes. 3826 // 3827 // (maxUnavailable + maxSurge) determines the level of parallelism (how many 3828 // nodes are being upgraded at the same time). 3829 // 3830 // Note: upgrades inevitably introduce some disruption since workloads need to 3831 // be moved from old nodes to new, upgraded ones. Even if maxUnavailable=0, 3832 // this holds true. (Disruption stays within the limits of 3833 // PodDisruptionBudget, if it is configured.) 3834 // 3835 // Consider a hypothetical node pool with 5 nodes having maxSurge=2, 3836 // maxUnavailable=1. This means the upgrade process upgrades 3 nodes 3837 // simultaneously. It creates 2 additional (upgraded) nodes, then it brings 3838 // down 3 old (not yet upgraded) nodes at the same time. This ensures that 3839 // there are always at least 4 nodes available. 3840 // 3841 // These upgrade settings configure the upgrade strategy for the node pool. 3842 // Use strategy to switch between the strategies applied to the node pool. 3843 // 3844 // If the strategy is SURGE, use max_surge and max_unavailable to control 3845 // the level of parallelism and the level of disruption caused by upgrade. 3846 // 1. maxSurge controls the number of additional nodes that can be added to 3847 // the node pool temporarily for the time of the upgrade to increase the 3848 // number of available nodes. 3849 // 2. maxUnavailable controls the number of nodes that can be simultaneously 3850 // unavailable. 3851 // 3. (maxUnavailable + maxSurge) determines the level of parallelism (how 3852 // many nodes are being upgraded at the same time). 3853 // 3854 // If the strategy is BLUE_GREEN, use blue_green_settings to configure the 3855 // blue-green upgrade related settings. 3856 // 1. standard_rollout_policy is the default policy. The policy is used to 3857 // control the way blue pool gets drained. The draining is executed in the 3858 // batch mode. The batch size could be specified as either percentage of the 3859 // node pool size or the number of nodes. batch_soak_duration is the soak 3860 // time after each batch gets drained. 3861 // 2. node_pool_soak_duration is the soak time after all blue nodes are 3862 // drained. After this period, the blue pool nodes will be deleted. 3863 message UpgradeSettings { 3864 // The maximum number of nodes that can be created beyond the current size 3865 // of the node pool during the upgrade process. 3866 int32 max_surge = 1; 3867 3868 // The maximum number of nodes that can be simultaneously unavailable during 3869 // the upgrade process. A node is considered available if its status is 3870 // Ready. 3871 int32 max_unavailable = 2; 3872 3873 // Update strategy of the node pool. 3874 optional NodePoolUpdateStrategy strategy = 3; 3875 3876 // Settings for blue-green upgrade strategy. 3877 optional BlueGreenSettings blue_green_settings = 4; 3878 } 3879 3880 // UpdateInfo contains resource (instance groups, etc), status and other 3881 // intermediate information relevant to a node pool upgrade. 3882 message UpdateInfo { 3883 // Information relevant to blue-green upgrade. 3884 message BlueGreenInfo { 3885 // Phase represents the different stages blue-green upgrade is running in. 3886 enum Phase { 3887 // Unspecified phase. 3888 PHASE_UNSPECIFIED = 0; 3889 3890 // blue-green upgrade has been initiated. 3891 UPDATE_STARTED = 1; 3892 3893 // Start creating green pool nodes. 3894 CREATING_GREEN_POOL = 2; 3895 3896 // Start cordoning blue pool nodes. 3897 CORDONING_BLUE_POOL = 3; 3898 3899 // Start waiting after cordoning the blue pool and before draining it. 3900 WAITING_TO_DRAIN_BLUE_POOL = 8; 3901 3902 // Start draining blue pool nodes. 3903 DRAINING_BLUE_POOL = 4; 3904 3905 // Start soaking time after draining entire blue pool. 3906 NODE_POOL_SOAKING = 5; 3907 3908 // Start deleting blue nodes. 3909 DELETING_BLUE_POOL = 6; 3910 3911 // Rollback has been initiated. 3912 ROLLBACK_STARTED = 7; 3913 } 3914 3915 // Current blue-green upgrade phase. 3916 Phase phase = 1; 3917 3918 // The resource URLs of the [managed instance groups] 3919 // (/compute/docs/instance-groups/creating-groups-of-managed-instances) 3920 // associated with blue pool. 3921 repeated string blue_instance_group_urls = 2; 3922 3923 // The resource URLs of the [managed instance groups] 3924 // (/compute/docs/instance-groups/creating-groups-of-managed-instances) 3925 // associated with green pool. 3926 repeated string green_instance_group_urls = 3; 3927 3928 // Time to start deleting blue pool to complete blue-green upgrade, 3929 // in [RFC3339](https://www.ietf.org/rfc/rfc3339.txt) text format. 3930 string blue_pool_deletion_start_time = 4; 3931 3932 // Version of green pool. 3933 string green_pool_version = 5; 3934 } 3935 3936 // Information of a blue-green upgrade. 3937 BlueGreenInfo blue_green_info = 1; 3938 } 3939 3940 // The current status of the node pool instance. 3941 enum Status { 3942 // Not set. 3943 STATUS_UNSPECIFIED = 0; 3944 3945 // The PROVISIONING state indicates the node pool is being created. 3946 PROVISIONING = 1; 3947 3948 // The RUNNING state indicates the node pool has been created 3949 // and is fully usable. 3950 RUNNING = 2; 3951 3952 // The RUNNING_WITH_ERROR state indicates the node pool has been created 3953 // and is partially usable. Some error state has occurred and some 3954 // functionality may be impaired. Customer may need to reissue a request 3955 // or trigger a new update. 3956 RUNNING_WITH_ERROR = 3; 3957 3958 // The RECONCILING state indicates that some work is actively being done on 3959 // the node pool, such as upgrading node software. Details can 3960 // be found in the `statusMessage` field. 3961 RECONCILING = 4; 3962 3963 // The STOPPING state indicates the node pool is being deleted. 3964 STOPPING = 5; 3965 3966 // The ERROR state indicates the node pool may be unusable. Details 3967 // can be found in the `statusMessage` field. 3968 ERROR = 6; 3969 } 3970 3971 // PlacementPolicy defines the placement policy used by the node pool. 3972 message PlacementPolicy { 3973 // Type defines the type of placement policy. 3974 enum Type { 3975 // TYPE_UNSPECIFIED specifies no requirements on nodes 3976 // placement. 3977 TYPE_UNSPECIFIED = 0; 3978 3979 // COMPACT specifies node placement in the same availability domain to 3980 // ensure low communication latency. 3981 COMPACT = 1; 3982 } 3983 3984 // The type of placement. 3985 Type type = 1; 3986 3987 // TPU placement topology for pod slice node pool. 3988 // https://cloud.google.com/tpu/docs/types-topologies#tpu_topologies 3989 string tpu_topology = 2; 3990 3991 // If set, refers to the name of a custom resource policy supplied by the 3992 // user. The resource policy must be in the same project and region as the 3993 // node pool. If not found, InvalidArgument error is returned. 3994 string policy_name = 3; 3995 } 3996 3997 // QueuedProvisioning defines the queued provisioning used by the node pool. 3998 message QueuedProvisioning { 3999 // Denotes that this nodepool is QRM specific, meaning nodes can be only 4000 // obtained through queuing via the Cluster Autoscaler ProvisioningRequest 4001 // API. 4002 bool enabled = 1; 4003 } 4004 4005 // The name of the node pool. 4006 string name = 1; 4007 4008 // The node configuration of the pool. 4009 NodeConfig config = 2; 4010 4011 // The initial node count for the pool. You must ensure that your 4012 // Compute Engine [resource quota](https://cloud.google.com/compute/quotas) 4013 // is sufficient for this number of instances. You must also have available 4014 // firewall and routes quota. 4015 int32 initial_node_count = 3; 4016 4017 // The list of Google Compute Engine 4018 // [zones](https://cloud.google.com/compute/docs/zones#available) in which the 4019 // NodePool's nodes should be located. 4020 // 4021 // If this value is unspecified during node pool creation, the 4022 // [Cluster.Locations](https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1/projects.locations.clusters#Cluster.FIELDS.locations) 4023 // value will be used, instead. 4024 // 4025 // Warning: changing node pool locations will result in nodes being added 4026 // and/or removed. 4027 repeated string locations = 13; 4028 4029 // Networking configuration for this NodePool. If specified, it overrides the 4030 // cluster-level defaults. 4031 NodeNetworkConfig network_config = 14; 4032 4033 // [Output only] Server-defined URL for the resource. 4034 string self_link = 100; 4035 4036 // The version of Kubernetes running on this NodePool's nodes. If unspecified, 4037 // it defaults as described 4038 // [here](https://cloud.google.com/kubernetes-engine/versioning#specifying_node_version). 4039 string version = 101; 4040 4041 // [Output only] The resource URLs of the [managed instance 4042 // groups](https://cloud.google.com/compute/docs/instance-groups/creating-groups-of-managed-instances) 4043 // associated with this node pool. 4044 // During the node pool blue-green upgrade operation, the URLs contain both 4045 // blue and green resources. 4046 repeated string instance_group_urls = 102; 4047 4048 // [Output only] The status of the nodes in this pool instance. 4049 Status status = 103; 4050 4051 // [Output only] Deprecated. Use conditions instead. 4052 // Additional information about the current status of this 4053 // node pool instance, if available. 4054 string status_message = 104 [deprecated = true]; 4055 4056 // Autoscaler configuration for this NodePool. Autoscaler is enabled 4057 // only if a valid configuration is present. 4058 NodePoolAutoscaling autoscaling = 4; 4059 4060 // NodeManagement configuration for this NodePool. 4061 NodeManagement management = 5; 4062 4063 // The constraint on the maximum number of pods that can be run 4064 // simultaneously on a node in the node pool. 4065 MaxPodsConstraint max_pods_constraint = 6; 4066 4067 // Which conditions caused the current node pool state. 4068 repeated StatusCondition conditions = 105; 4069 4070 // [Output only] The pod CIDR block size per node in this node pool. 4071 int32 pod_ipv4_cidr_size = 7; 4072 4073 // Upgrade settings control disruption and speed of the upgrade. 4074 UpgradeSettings upgrade_settings = 107; 4075 4076 // Specifies the node placement policy. 4077 PlacementPolicy placement_policy = 108; 4078 4079 // Output only. [Output only] Update info contains relevant information during 4080 // a node pool update. 4081 UpdateInfo update_info = 109 [(google.api.field_behavior) = OUTPUT_ONLY]; 4082 4083 // This checksum is computed by the server based on the value of node pool 4084 // fields, and may be sent on update requests to ensure the client has an 4085 // up-to-date value before proceeding. 4086 string etag = 110; 4087 4088 // Specifies the configuration of queued provisioning. 4089 QueuedProvisioning queued_provisioning = 112; 4090 4091 // Enable best effort provisioning for nodes 4092 BestEffortProvisioning best_effort_provisioning = 113; 4093} 4094 4095// NodeManagement defines the set of node management services turned on for the 4096// node pool. 4097message NodeManagement { 4098 // Whether the nodes will be automatically upgraded. 4099 bool auto_upgrade = 1; 4100 4101 // Whether the nodes will be automatically repaired. 4102 bool auto_repair = 2; 4103 4104 // Specifies the Auto Upgrade knobs for the node pool. 4105 AutoUpgradeOptions upgrade_options = 10; 4106} 4107 4108// AutoUpgradeOptions defines the set of options for the user to control how 4109// the Auto Upgrades will proceed. 4110message AutoUpgradeOptions { 4111 // [Output only] This field is set when upgrades are about to commence 4112 // with the approximate start time for the upgrades, in 4113 // [RFC3339](https://www.ietf.org/rfc/rfc3339.txt) text format. 4114 string auto_upgrade_start_time = 1; 4115 4116 // [Output only] This field is set when upgrades are about to commence 4117 // with the description of the upgrade. 4118 string description = 2; 4119} 4120 4121// MaintenancePolicy defines the maintenance policy to be used for the cluster. 4122message MaintenancePolicy { 4123 // Specifies the maintenance window in which maintenance may be performed. 4124 MaintenanceWindow window = 1; 4125 4126 // A hash identifying the version of this policy, so that updates to fields of 4127 // the policy won't accidentally undo intermediate changes (and so that users 4128 // of the API unaware of some fields won't accidentally remove other fields). 4129 // Make a `get()` request to the cluster to get the current 4130 // resource version and include it with requests to set the policy. 4131 string resource_version = 3; 4132} 4133 4134// MaintenanceWindow defines the maintenance window to be used for the cluster. 4135message MaintenanceWindow { 4136 // Unimplemented, reserved for future use. 4137 // HourlyMaintenanceWindow hourly_maintenance_window = 1; 4138 oneof policy { 4139 // DailyMaintenanceWindow specifies a daily maintenance operation window. 4140 DailyMaintenanceWindow daily_maintenance_window = 2; 4141 4142 // RecurringWindow specifies some number of recurring time periods for 4143 // maintenance to occur. The time windows may be overlapping. If no 4144 // maintenance windows are set, maintenance can occur at any time. 4145 RecurringTimeWindow recurring_window = 3; 4146 } 4147 4148 // Exceptions to maintenance window. Non-emergency maintenance should not 4149 // occur in these windows. 4150 map<string, TimeWindow> maintenance_exclusions = 4; 4151} 4152 4153// Represents an arbitrary window of time. 4154message TimeWindow { 4155 oneof options { 4156 // MaintenanceExclusionOptions provides maintenance exclusion related 4157 // options. 4158 MaintenanceExclusionOptions maintenance_exclusion_options = 3; 4159 } 4160 4161 // The time that the window first starts. 4162 google.protobuf.Timestamp start_time = 1; 4163 4164 // The time that the window ends. The end time should take place after the 4165 // start time. 4166 google.protobuf.Timestamp end_time = 2; 4167} 4168 4169// Represents the Maintenance exclusion option. 4170message MaintenanceExclusionOptions { 4171 // Scope of exclusion. 4172 enum Scope { 4173 // NO_UPGRADES excludes all upgrades, including patch upgrades and minor 4174 // upgrades across control planes and nodes. This is the default exclusion 4175 // behavior. 4176 NO_UPGRADES = 0; 4177 4178 // NO_MINOR_UPGRADES excludes all minor upgrades for the cluster, only 4179 // patches are allowed. 4180 NO_MINOR_UPGRADES = 1; 4181 4182 // NO_MINOR_OR_NODE_UPGRADES excludes all minor upgrades for the cluster, 4183 // and also exclude all node pool upgrades. Only control 4184 // plane patches are allowed. 4185 NO_MINOR_OR_NODE_UPGRADES = 2; 4186 } 4187 4188 // Scope specifies the upgrade scope which upgrades are blocked by the 4189 // exclusion. 4190 Scope scope = 1; 4191} 4192 4193// Represents an arbitrary window of time that recurs. 4194message RecurringTimeWindow { 4195 // The window of the first recurrence. 4196 TimeWindow window = 1; 4197 4198 // An RRULE (https://tools.ietf.org/html/rfc5545#section-3.8.5.3) for how 4199 // this window reccurs. They go on for the span of time between the start and 4200 // end time. 4201 // 4202 // For example, to have something repeat every weekday, you'd use: 4203 // `FREQ=WEEKLY;BYDAY=MO,TU,WE,TH,FR` 4204 // 4205 // To repeat some window daily (equivalent to the DailyMaintenanceWindow): 4206 // `FREQ=DAILY` 4207 // 4208 // For the first weekend of every month: 4209 // `FREQ=MONTHLY;BYSETPOS=1;BYDAY=SA,SU` 4210 // 4211 // This specifies how frequently the window starts. Eg, if you wanted to have 4212 // a 9-5 UTC-4 window every weekday, you'd use something like: 4213 // ``` 4214 // start time = 2019-01-01T09:00:00-0400 4215 // end time = 2019-01-01T17:00:00-0400 4216 // recurrence = FREQ=WEEKLY;BYDAY=MO,TU,WE,TH,FR 4217 // ``` 4218 // 4219 // Windows can span multiple days. Eg, to make the window encompass every 4220 // weekend from midnight Saturday till the last minute of Sunday UTC: 4221 // ``` 4222 // start time = 2019-01-05T00:00:00Z 4223 // end time = 2019-01-07T23:59:00Z 4224 // recurrence = FREQ=WEEKLY;BYDAY=SA 4225 // ``` 4226 // 4227 // Note the start and end time's specific dates are largely arbitrary except 4228 // to specify duration of the window and when it first starts. 4229 // The FREQ values of HOURLY, MINUTELY, and SECONDLY are not supported. 4230 string recurrence = 2; 4231} 4232 4233// Time window specified for daily maintenance operations. 4234message DailyMaintenanceWindow { 4235 // Time within the maintenance window to start the maintenance operations. 4236 // It must be in format "HH:MM", where HH : [00-23] and MM : [00-59] GMT. 4237 string start_time = 2; 4238 4239 // [Output only] Duration of the time window, automatically chosen to be 4240 // smallest possible in the given scenario. 4241 string duration = 3; 4242} 4243 4244// SetNodePoolManagementRequest sets the node management properties of a node 4245// pool. 4246message SetNodePoolManagementRequest { 4247 // Required. Deprecated. The Google Developers Console [project ID or project 4248 // number](https://cloud.google.com/resource-manager/docs/creating-managing-projects). 4249 // This field has been deprecated and replaced by the name field. 4250 string project_id = 1 4251 [deprecated = true, (google.api.field_behavior) = REQUIRED]; 4252 4253 // Required. Deprecated. The name of the Google Compute Engine 4254 // [zone](https://cloud.google.com/compute/docs/zones#available) in which the 4255 // cluster resides. This field has been deprecated and replaced by the name 4256 // field. 4257 string zone = 2 [deprecated = true, (google.api.field_behavior) = REQUIRED]; 4258 4259 // Required. Deprecated. The name of the cluster to update. 4260 // This field has been deprecated and replaced by the name field. 4261 string cluster_id = 3 4262 [deprecated = true, (google.api.field_behavior) = REQUIRED]; 4263 4264 // Required. Deprecated. The name of the node pool to update. 4265 // This field has been deprecated and replaced by the name field. 4266 string node_pool_id = 4 4267 [deprecated = true, (google.api.field_behavior) = REQUIRED]; 4268 4269 // Required. NodeManagement configuration for the node pool. 4270 NodeManagement management = 5 [(google.api.field_behavior) = REQUIRED]; 4271 4272 // The name (project, location, cluster, node pool id) of the node pool to set 4273 // management properties. Specified in the format 4274 // `projects/*/locations/*/clusters/*/nodePools/*`. 4275 string name = 7; 4276} 4277 4278// SetNodePoolSizeRequest sets the size of a node pool. 4279message SetNodePoolSizeRequest { 4280 // Required. Deprecated. The Google Developers Console [project ID or project 4281 // number](https://cloud.google.com/resource-manager/docs/creating-managing-projects). 4282 // This field has been deprecated and replaced by the name field. 4283 string project_id = 1 4284 [deprecated = true, (google.api.field_behavior) = REQUIRED]; 4285 4286 // Required. Deprecated. The name of the Google Compute Engine 4287 // [zone](https://cloud.google.com/compute/docs/zones#available) in which the 4288 // cluster resides. This field has been deprecated and replaced by the name 4289 // field. 4290 string zone = 2 [deprecated = true, (google.api.field_behavior) = REQUIRED]; 4291 4292 // Required. Deprecated. The name of the cluster to update. 4293 // This field has been deprecated and replaced by the name field. 4294 string cluster_id = 3 4295 [deprecated = true, (google.api.field_behavior) = REQUIRED]; 4296 4297 // Required. Deprecated. The name of the node pool to update. 4298 // This field has been deprecated and replaced by the name field. 4299 string node_pool_id = 4 4300 [deprecated = true, (google.api.field_behavior) = REQUIRED]; 4301 4302 // Required. The desired node count for the pool. 4303 int32 node_count = 5 [(google.api.field_behavior) = REQUIRED]; 4304 4305 // The name (project, location, cluster, node pool id) of the node pool to set 4306 // size. 4307 // Specified in the format `projects/*/locations/*/clusters/*/nodePools/*`. 4308 string name = 7; 4309} 4310 4311// CompleteNodePoolUpgradeRequest sets the name of target node pool to complete 4312// upgrade. 4313message CompleteNodePoolUpgradeRequest { 4314 // The name (project, location, cluster, node pool id) of the node pool to 4315 // complete upgrade. 4316 // Specified in the format `projects/*/locations/*/clusters/*/nodePools/*`. 4317 string name = 1; 4318} 4319 4320// RollbackNodePoolUpgradeRequest rollbacks the previously Aborted or Failed 4321// NodePool upgrade. This will be an no-op if the last upgrade successfully 4322// completed. 4323message RollbackNodePoolUpgradeRequest { 4324 // Required. Deprecated. The Google Developers Console [project ID or project 4325 // number](https://cloud.google.com/resource-manager/docs/creating-managing-projects). 4326 // This field has been deprecated and replaced by the name field. 4327 string project_id = 1 4328 [deprecated = true, (google.api.field_behavior) = REQUIRED]; 4329 4330 // Required. Deprecated. The name of the Google Compute Engine 4331 // [zone](https://cloud.google.com/compute/docs/zones#available) in which the 4332 // cluster resides. This field has been deprecated and replaced by the name 4333 // field. 4334 string zone = 2 [deprecated = true, (google.api.field_behavior) = REQUIRED]; 4335 4336 // Required. Deprecated. The name of the cluster to rollback. 4337 // This field has been deprecated and replaced by the name field. 4338 string cluster_id = 3 4339 [deprecated = true, (google.api.field_behavior) = REQUIRED]; 4340 4341 // Required. Deprecated. The name of the node pool to rollback. 4342 // This field has been deprecated and replaced by the name field. 4343 string node_pool_id = 4 4344 [deprecated = true, (google.api.field_behavior) = REQUIRED]; 4345 4346 // The name (project, location, cluster, node pool id) of the node poll to 4347 // rollback upgrade. 4348 // Specified in the format `projects/*/locations/*/clusters/*/nodePools/*`. 4349 string name = 6; 4350 4351 // Option for rollback to ignore the PodDisruptionBudget. 4352 // Default value is false. 4353 bool respect_pdb = 7; 4354} 4355 4356// ListNodePoolsResponse is the result of ListNodePoolsRequest. 4357message ListNodePoolsResponse { 4358 // A list of node pools for a cluster. 4359 repeated NodePool node_pools = 1; 4360} 4361 4362// ClusterAutoscaling contains global, per-cluster information 4363// required by Cluster Autoscaler to automatically adjust 4364// the size of the cluster and create/delete 4365// node pools based on the current needs. 4366message ClusterAutoscaling { 4367 // Defines possible options for autoscaling_profile field. 4368 enum AutoscalingProfile { 4369 // No change to autoscaling configuration. 4370 PROFILE_UNSPECIFIED = 0; 4371 4372 // Prioritize optimizing utilization of resources. 4373 OPTIMIZE_UTILIZATION = 1; 4374 4375 // Use default (balanced) autoscaling configuration. 4376 BALANCED = 2; 4377 } 4378 4379 // Enables automatic node pool creation and deletion. 4380 bool enable_node_autoprovisioning = 1; 4381 4382 // Contains global constraints regarding minimum and maximum 4383 // amount of resources in the cluster. 4384 repeated ResourceLimit resource_limits = 2; 4385 4386 // Defines autoscaling behaviour. 4387 AutoscalingProfile autoscaling_profile = 3; 4388 4389 // AutoprovisioningNodePoolDefaults contains defaults for a node pool 4390 // created by NAP. 4391 AutoprovisioningNodePoolDefaults autoprovisioning_node_pool_defaults = 4; 4392 4393 // The list of Google Compute Engine 4394 // [zones](https://cloud.google.com/compute/docs/zones#available) in which the 4395 // NodePool's nodes can be created by NAP. 4396 repeated string autoprovisioning_locations = 5; 4397} 4398 4399// AutoprovisioningNodePoolDefaults contains defaults for a node pool created 4400// by NAP. 4401message AutoprovisioningNodePoolDefaults { 4402 // The set of Google API scopes to be made available on all of the 4403 // node VMs under the "default" service account. 4404 // 4405 // The following scopes are recommended, but not required, and by default are 4406 // not included: 4407 // 4408 // * `https://www.googleapis.com/auth/compute` is required for mounting 4409 // persistent storage on your nodes. 4410 // * `https://www.googleapis.com/auth/devstorage.read_only` is required for 4411 // communicating with **gcr.io** 4412 // (the [Google Container 4413 // Registry](https://cloud.google.com/container-registry/)). 4414 // 4415 // If unspecified, no scopes are added, unless Cloud Logging or Cloud 4416 // Monitoring are enabled, in which case their required scopes will be added. 4417 repeated string oauth_scopes = 1; 4418 4419 // The Google Cloud Platform Service Account to be used by the node VMs. 4420 // Specify the email address of the Service Account; otherwise, if no Service 4421 // Account is specified, the "default" service account is used. 4422 string service_account = 2; 4423 4424 // Upgrade settings control disruption and speed of the upgrade. 4425 NodePool.UpgradeSettings upgrade_settings = 3; 4426 4427 // NodeManagement configuration for this NodePool. 4428 NodeManagement management = 4; 4429 4430 // Deprecated. Minimum CPU platform to be used for NAP created node pools. 4431 // The instance may be scheduled on the specified or newer CPU platform. 4432 // Applicable values are the friendly names of CPU platforms, such as 4433 // minCpuPlatform: Intel Haswell or 4434 // minCpuPlatform: Intel Sandy Bridge. For more 4435 // information, read [how to specify min CPU 4436 // platform](https://cloud.google.com/compute/docs/instances/specify-min-cpu-platform). 4437 // This field is deprecated, min_cpu_platform should be specified using 4438 // `cloud.google.com/requested-min-cpu-platform` label selector on the pod. 4439 // To unset the min cpu platform field pass "automatic" 4440 // as field value. 4441 string min_cpu_platform = 5 [deprecated = true]; 4442 4443 // Size of the disk attached to each node, specified in GB. 4444 // The smallest allowed disk size is 10GB. 4445 // 4446 // If unspecified, the default disk size is 100GB. 4447 int32 disk_size_gb = 6; 4448 4449 // Type of the disk attached to each node (e.g. 'pd-standard', 'pd-ssd' or 4450 // 'pd-balanced') 4451 // 4452 // If unspecified, the default disk type is 'pd-standard' 4453 string disk_type = 7; 4454 4455 // Shielded Instance options. 4456 ShieldedInstanceConfig shielded_instance_config = 8; 4457 4458 // 4459 // The Customer Managed Encryption Key used to encrypt the boot disk attached 4460 // to each node in the node pool. This should be of the form 4461 // projects/[KEY_PROJECT_ID]/locations/[LOCATION]/keyRings/[RING_NAME]/cryptoKeys/[KEY_NAME]. 4462 // For more information about protecting resources with Cloud KMS Keys please 4463 // see: 4464 // https://cloud.google.com/compute/docs/disks/customer-managed-encryption 4465 string boot_disk_kms_key = 9; 4466 4467 // The image type to use for NAP created node. Please see 4468 // https://cloud.google.com/kubernetes-engine/docs/concepts/node-images for 4469 // available image types. 4470 string image_type = 10; 4471 4472 // Enable or disable Kubelet read only port. 4473 optional bool insecure_kubelet_readonly_port_enabled = 13; 4474} 4475 4476// Contains information about amount of some resource in the cluster. 4477// For memory, value should be in GB. 4478message ResourceLimit { 4479 // Resource name "cpu", "memory" or gpu-specific string. 4480 string resource_type = 1; 4481 4482 // Minimum amount of the resource in the cluster. 4483 int64 minimum = 2; 4484 4485 // Maximum amount of the resource in the cluster. 4486 int64 maximum = 3; 4487} 4488 4489// NodePoolAutoscaling contains information required by cluster autoscaler to 4490// adjust the size of the node pool to the current cluster usage. 4491message NodePoolAutoscaling { 4492 // Location policy specifies how zones are picked when scaling up the 4493 // nodepool. 4494 enum LocationPolicy { 4495 // Not set. 4496 LOCATION_POLICY_UNSPECIFIED = 0; 4497 4498 // BALANCED is a best effort policy that aims to balance the sizes of 4499 // different zones. 4500 BALANCED = 1; 4501 4502 // ANY policy picks zones that have the highest capacity available. 4503 ANY = 2; 4504 } 4505 4506 // Is autoscaling enabled for this node pool. 4507 bool enabled = 1; 4508 4509 // Minimum number of nodes for one location in the NodePool. Must be >= 1 and 4510 // <= max_node_count. 4511 int32 min_node_count = 2; 4512 4513 // Maximum number of nodes for one location in the NodePool. Must be >= 4514 // min_node_count. There has to be enough quota to scale up the cluster. 4515 int32 max_node_count = 3; 4516 4517 // Can this node pool be deleted automatically. 4518 bool autoprovisioned = 4; 4519 4520 // Location policy used when scaling up a nodepool. 4521 LocationPolicy location_policy = 5; 4522 4523 // Minimum number of nodes in the node pool. Must be greater than 1 less than 4524 // total_max_node_count. 4525 // The total_*_node_count fields are mutually exclusive with the *_node_count 4526 // fields. 4527 int32 total_min_node_count = 6; 4528 4529 // Maximum number of nodes in the node pool. Must be greater than 4530 // total_min_node_count. There has to be enough quota to scale up the cluster. 4531 // The total_*_node_count fields are mutually exclusive with the *_node_count 4532 // fields. 4533 int32 total_max_node_count = 7; 4534} 4535 4536// SetLabelsRequest sets the Google Cloud Platform labels on a Google Container 4537// Engine cluster, which will in turn set them for Google Compute Engine 4538// resources used by that cluster 4539message SetLabelsRequest { 4540 // Required. Deprecated. The Google Developers Console [project ID or project 4541 // number](https://cloud.google.com/resource-manager/docs/creating-managing-projects). 4542 // This field has been deprecated and replaced by the name field. 4543 string project_id = 1 4544 [deprecated = true, (google.api.field_behavior) = REQUIRED]; 4545 4546 // Required. Deprecated. The name of the Google Compute Engine 4547 // [zone](https://cloud.google.com/compute/docs/zones#available) in which the 4548 // cluster resides. This field has been deprecated and replaced by the name 4549 // field. 4550 string zone = 2 [deprecated = true, (google.api.field_behavior) = REQUIRED]; 4551 4552 // Required. Deprecated. The name of the cluster. 4553 // This field has been deprecated and replaced by the name field. 4554 string cluster_id = 3 4555 [deprecated = true, (google.api.field_behavior) = REQUIRED]; 4556 4557 // Required. The labels to set for that cluster. 4558 map<string, string> resource_labels = 4 4559 [(google.api.field_behavior) = REQUIRED]; 4560 4561 // Required. The fingerprint of the previous set of labels for this resource, 4562 // used to detect conflicts. The fingerprint is initially generated by 4563 // Kubernetes Engine and changes after every request to modify or update 4564 // labels. You must always provide an up-to-date fingerprint hash when 4565 // updating or changing labels. Make a `get()` request to the 4566 // resource to get the latest fingerprint. 4567 string label_fingerprint = 5 [(google.api.field_behavior) = REQUIRED]; 4568 4569 // The name (project, location, cluster name) of the cluster to set labels. 4570 // Specified in the format `projects/*/locations/*/clusters/*`. 4571 string name = 7; 4572} 4573 4574// SetLegacyAbacRequest enables or disables the ABAC authorization mechanism for 4575// a cluster. 4576message SetLegacyAbacRequest { 4577 // Required. Deprecated. The Google Developers Console [project ID or project 4578 // number](https://cloud.google.com/resource-manager/docs/creating-managing-projects). 4579 // This field has been deprecated and replaced by the name field. 4580 string project_id = 1 4581 [deprecated = true, (google.api.field_behavior) = REQUIRED]; 4582 4583 // Required. Deprecated. The name of the Google Compute Engine 4584 // [zone](https://cloud.google.com/compute/docs/zones#available) in which the 4585 // cluster resides. This field has been deprecated and replaced by the name 4586 // field. 4587 string zone = 2 [deprecated = true, (google.api.field_behavior) = REQUIRED]; 4588 4589 // Required. Deprecated. The name of the cluster to update. 4590 // This field has been deprecated and replaced by the name field. 4591 string cluster_id = 3 4592 [deprecated = true, (google.api.field_behavior) = REQUIRED]; 4593 4594 // Required. Whether ABAC authorization will be enabled in the cluster. 4595 bool enabled = 4 [(google.api.field_behavior) = REQUIRED]; 4596 4597 // The name (project, location, cluster name) of the cluster to set legacy 4598 // abac. Specified in the format `projects/*/locations/*/clusters/*`. 4599 string name = 6; 4600} 4601 4602// StartIPRotationRequest creates a new IP for the cluster and then performs 4603// a node upgrade on each node pool to point to the new IP. 4604message StartIPRotationRequest { 4605 // Required. Deprecated. The Google Developers Console [project ID or project 4606 // number](https://cloud.google.com/resource-manager/docs/creating-managing-projects). 4607 // This field has been deprecated and replaced by the name field. 4608 string project_id = 1 4609 [deprecated = true, (google.api.field_behavior) = REQUIRED]; 4610 4611 // Required. Deprecated. The name of the Google Compute Engine 4612 // [zone](https://cloud.google.com/compute/docs/zones#available) in which the 4613 // cluster resides. This field has been deprecated and replaced by the name 4614 // field. 4615 string zone = 2 [deprecated = true, (google.api.field_behavior) = REQUIRED]; 4616 4617 // Required. Deprecated. The name of the cluster. 4618 // This field has been deprecated and replaced by the name field. 4619 string cluster_id = 3 4620 [deprecated = true, (google.api.field_behavior) = REQUIRED]; 4621 4622 // The name (project, location, cluster name) of the cluster to start IP 4623 // rotation. Specified in the format `projects/*/locations/*/clusters/*`. 4624 string name = 6; 4625 4626 // Whether to rotate credentials during IP rotation. 4627 bool rotate_credentials = 7; 4628} 4629 4630// CompleteIPRotationRequest moves the cluster master back into single-IP mode. 4631message CompleteIPRotationRequest { 4632 // Required. Deprecated. The Google Developers Console [project ID or project 4633 // number](https://cloud.google.com/resource-manager/docs/creating-managing-projects). 4634 // This field has been deprecated and replaced by the name field. 4635 string project_id = 1 4636 [deprecated = true, (google.api.field_behavior) = REQUIRED]; 4637 4638 // Required. Deprecated. The name of the Google Compute Engine 4639 // [zone](https://cloud.google.com/compute/docs/zones#available) in which the 4640 // cluster resides. This field has been deprecated and replaced by the name 4641 // field. 4642 string zone = 2 [deprecated = true, (google.api.field_behavior) = REQUIRED]; 4643 4644 // Required. Deprecated. The name of the cluster. 4645 // This field has been deprecated and replaced by the name field. 4646 string cluster_id = 3 4647 [deprecated = true, (google.api.field_behavior) = REQUIRED]; 4648 4649 // The name (project, location, cluster name) of the cluster to complete IP 4650 // rotation. Specified in the format `projects/*/locations/*/clusters/*`. 4651 string name = 7; 4652} 4653 4654// AcceleratorConfig represents a Hardware Accelerator request. 4655message AcceleratorConfig { 4656 // The number of the accelerator cards exposed to an instance. 4657 int64 accelerator_count = 1; 4658 4659 // The accelerator type resource name. List of supported accelerators 4660 // [here](https://cloud.google.com/compute/docs/gpus) 4661 string accelerator_type = 2; 4662 4663 // Size of partitions to create on the GPU. Valid values are described in the 4664 // NVIDIA [mig user 4665 // guide](https://docs.nvidia.com/datacenter/tesla/mig-user-guide/#partitioning). 4666 string gpu_partition_size = 3; 4667 4668 // The number of time-shared GPU resources to expose for each physical GPU. 4669 int64 max_time_shared_clients_per_gpu = 4 [deprecated = true]; 4670 4671 // The configuration for GPU sharing options. 4672 optional GPUSharingConfig gpu_sharing_config = 5; 4673 4674 // The configuration for auto installation of GPU driver. 4675 optional GPUDriverInstallationConfig gpu_driver_installation_config = 6; 4676} 4677 4678// GPUSharingConfig represents the GPU sharing configuration for Hardware 4679// Accelerators. 4680message GPUSharingConfig { 4681 // The type of GPU sharing strategy currently provided. 4682 enum GPUSharingStrategy { 4683 // Default value. 4684 GPU_SHARING_STRATEGY_UNSPECIFIED = 0; 4685 4686 // GPUs are time-shared between containers. 4687 TIME_SHARING = 1; 4688 } 4689 4690 // The max number of containers that can share a physical GPU. 4691 int64 max_shared_clients_per_gpu = 1; 4692 4693 // The type of GPU sharing strategy to enable on the GPU node. 4694 optional GPUSharingStrategy gpu_sharing_strategy = 2; 4695} 4696 4697// GPUDriverInstallationConfig specifies the version of GPU driver to be auto 4698// installed. 4699message GPUDriverInstallationConfig { 4700 // The GPU driver version to install. 4701 enum GPUDriverVersion { 4702 // Default value is to not install any GPU driver. 4703 GPU_DRIVER_VERSION_UNSPECIFIED = 0; 4704 4705 // Disable GPU driver auto installation and needs manual installation 4706 INSTALLATION_DISABLED = 1; 4707 4708 // "Default" GPU driver in COS and Ubuntu. 4709 DEFAULT = 2; 4710 4711 // "Latest" GPU driver in COS. 4712 LATEST = 3; 4713 } 4714 4715 // Mode for how the GPU driver is installed. 4716 optional GPUDriverVersion gpu_driver_version = 1; 4717} 4718 4719// ManagedPrometheusConfig defines the configuration for 4720// Google Cloud Managed Service for Prometheus. 4721message ManagedPrometheusConfig { 4722 // Enable Managed Collection. 4723 bool enabled = 1; 4724} 4725 4726// WorkloadMetadataConfig defines the metadata configuration to expose to 4727// workloads on the node pool. 4728message WorkloadMetadataConfig { 4729 // NodeMetadata is the configuration for if and how to expose the node 4730 // metadata to the workload running on the node. 4731 enum NodeMetadata { 4732 // Not set. 4733 UNSPECIFIED = 0; 4734 4735 // Prevent workloads not in hostNetwork from accessing certain VM metadata, 4736 // specifically kube-env, which contains Kubelet credentials, and the 4737 // instance identity token. 4738 // 4739 // Metadata concealment is a temporary security solution available while the 4740 // bootstrapping process for cluster nodes is being redesigned with 4741 // significant security improvements. This feature is scheduled to be 4742 // deprecated in the future and later removed. 4743 SECURE = 1; 4744 4745 // Expose all VM metadata to pods. 4746 EXPOSE = 2; 4747 4748 // Run the GKE Metadata Server on this node. The GKE Metadata Server exposes 4749 // a metadata API to workloads that is compatible with the V1 Compute 4750 // Metadata APIs exposed by the Compute Engine and App Engine Metadata 4751 // Servers. This feature can only be enabled if Workload Identity is enabled 4752 // at the cluster level. 4753 GKE_METADATA_SERVER = 3; 4754 } 4755 4756 // Mode is the configuration for how to expose metadata to workloads running 4757 // on the node. 4758 enum Mode { 4759 // Not set. 4760 MODE_UNSPECIFIED = 0; 4761 4762 // Expose all Compute Engine metadata to pods. 4763 GCE_METADATA = 1; 4764 4765 // Run the GKE Metadata Server on this node. The GKE Metadata Server exposes 4766 // a metadata API to workloads that is compatible with the V1 Compute 4767 // Metadata APIs exposed by the Compute Engine and App Engine Metadata 4768 // Servers. This feature can only be enabled if Workload Identity is enabled 4769 // at the cluster level. 4770 GKE_METADATA = 2; 4771 } 4772 4773 // NodeMetadata is the configuration for how to expose metadata to the 4774 // workloads running on the node. 4775 NodeMetadata node_metadata = 1 [deprecated = true]; 4776 4777 // Mode is the configuration for how to expose metadata to workloads running 4778 // on the node pool. 4779 Mode mode = 2; 4780} 4781 4782// SetNetworkPolicyRequest enables/disables network policy for a cluster. 4783message SetNetworkPolicyRequest { 4784 // Required. Deprecated. The Google Developers Console [project ID or project 4785 // number](https://cloud.google.com/resource-manager/docs/creating-managing-projects). 4786 // This field has been deprecated and replaced by the name field. 4787 string project_id = 1 4788 [deprecated = true, (google.api.field_behavior) = REQUIRED]; 4789 4790 // Required. Deprecated. The name of the Google Compute Engine 4791 // [zone](https://cloud.google.com/compute/docs/zones#available) in which the 4792 // cluster resides. This field has been deprecated and replaced by the name 4793 // field. 4794 string zone = 2 [deprecated = true, (google.api.field_behavior) = REQUIRED]; 4795 4796 // Required. Deprecated. The name of the cluster. 4797 // This field has been deprecated and replaced by the name field. 4798 string cluster_id = 3 4799 [deprecated = true, (google.api.field_behavior) = REQUIRED]; 4800 4801 // Required. Configuration options for the NetworkPolicy feature. 4802 NetworkPolicy network_policy = 4 [(google.api.field_behavior) = REQUIRED]; 4803 4804 // The name (project, location, cluster name) of the cluster to set networking 4805 // policy. Specified in the format `projects/*/locations/*/clusters/*`. 4806 string name = 6; 4807} 4808 4809// SetMaintenancePolicyRequest sets the maintenance policy for a cluster. 4810message SetMaintenancePolicyRequest { 4811 // Required. The Google Developers Console [project ID or project 4812 // number](https://cloud.google.com/resource-manager/docs/creating-managing-projects). 4813 string project_id = 1 [(google.api.field_behavior) = REQUIRED]; 4814 4815 // Required. The name of the Google Compute Engine 4816 // [zone](https://cloud.google.com/compute/docs/zones#available) in which the 4817 // cluster resides. 4818 string zone = 2 [(google.api.field_behavior) = REQUIRED]; 4819 4820 // Required. The name of the cluster to update. 4821 string cluster_id = 3 [(google.api.field_behavior) = REQUIRED]; 4822 4823 // Required. The maintenance policy to be set for the cluster. An empty field 4824 // clears the existing maintenance policy. 4825 MaintenancePolicy maintenance_policy = 4 4826 [(google.api.field_behavior) = REQUIRED]; 4827 4828 // The name (project, location, cluster name) of the cluster to set 4829 // maintenance policy. 4830 // Specified in the format `projects/*/locations/*/clusters/*`. 4831 string name = 5; 4832} 4833 4834// ListLocationsRequest is used to request the locations that offer GKE. 4835message ListLocationsRequest { 4836 // Required. Contains the name of the resource requested. 4837 // Specified in the format `projects/*`. 4838 string parent = 1 [(google.api.field_behavior) = REQUIRED]; 4839} 4840 4841// ListLocationsResponse returns the list of all GKE locations and their 4842// recommendation state. 4843message ListLocationsResponse { 4844 // A full list of GKE locations. 4845 repeated Location locations = 1; 4846 4847 // Only return ListLocationsResponse that occur after the page_token. This 4848 // value should be populated from the ListLocationsResponse.next_page_token if 4849 // that response token was set (which happens when listing more Locations than 4850 // fit in a single ListLocationsResponse). 4851 string next_page_token = 2; 4852} 4853 4854// Location returns the location name, and if the location is recommended 4855// for GKE cluster scheduling. 4856message Location { 4857 // LocationType is the type of GKE location, regional or zonal. 4858 enum LocationType { 4859 // LOCATION_TYPE_UNSPECIFIED means the location type was not determined. 4860 LOCATION_TYPE_UNSPECIFIED = 0; 4861 4862 // A GKE Location where Zonal clusters can be created. 4863 ZONE = 1; 4864 4865 // A GKE Location where Regional clusters can be created. 4866 REGION = 2; 4867 } 4868 4869 // Contains the type of location this Location is for. 4870 // Regional or Zonal. 4871 LocationType type = 1; 4872 4873 // Contains the name of the resource requested. 4874 // Specified in the format `projects/*/locations/*`. 4875 string name = 2; 4876 4877 // Whether the location is recommended for GKE cluster scheduling. 4878 bool recommended = 3; 4879} 4880 4881// StatusCondition describes why a cluster or a node pool has a certain status 4882// (e.g., ERROR or DEGRADED). 4883message StatusCondition { 4884 // Code for each condition 4885 enum Code { 4886 option deprecated = true; 4887 4888 // UNKNOWN indicates a generic condition. 4889 UNKNOWN = 0; 4890 4891 // GCE_STOCKOUT indicates that Google Compute Engine resources are 4892 // temporarily unavailable. 4893 GCE_STOCKOUT = 1; 4894 4895 // GKE_SERVICE_ACCOUNT_DELETED indicates that the user deleted their robot 4896 // service account. 4897 GKE_SERVICE_ACCOUNT_DELETED = 2; 4898 4899 // Google Compute Engine quota was exceeded. 4900 GCE_QUOTA_EXCEEDED = 3; 4901 4902 // Cluster state was manually changed by an SRE due to a system logic error. 4903 SET_BY_OPERATOR = 4; 4904 4905 // Unable to perform an encrypt operation against the CloudKMS key used for 4906 // etcd level encryption. 4907 CLOUD_KMS_KEY_ERROR = 7; 4908 4909 // Cluster CA is expiring soon. 4910 // More codes TBA 4911 CA_EXPIRING = 9; 4912 } 4913 4914 // Machine-friendly representation of the condition 4915 // Deprecated. Use canonical_code instead. 4916 Code code = 1 [deprecated = true]; 4917 4918 // Human-friendly representation of the condition 4919 string message = 2; 4920 4921 // Canonical code of the condition. 4922 google.rpc.Code canonical_code = 3; 4923} 4924 4925// NetworkConfig reports the relative names of network & subnetwork. 4926message NetworkConfig { 4927 // Configuration of all network bandwidth tiers 4928 message ClusterNetworkPerformanceConfig { 4929 // Node network tier 4930 enum Tier { 4931 // Default value 4932 TIER_UNSPECIFIED = 0; 4933 4934 // Higher bandwidth, actual values based on VM size. 4935 TIER_1 = 1; 4936 } 4937 4938 // Specifies the total network bandwidth tier for the NodePool. 4939 optional Tier total_egress_bandwidth_tier = 1; 4940 } 4941 4942 // Output only. The relative name of the Google Compute Engine 4943 // [network][google.container.v1beta1.NetworkConfig.network](https://cloud.google.com/compute/docs/networks-and-firewalls#networks) 4944 // to which the cluster is connected. Example: 4945 // projects/my-project/global/networks/my-network 4946 string network = 1; 4947 4948 // Output only. The relative name of the Google Compute Engine 4949 // [subnetwork](https://cloud.google.com/compute/docs/vpc) to which the 4950 // cluster is connected. Example: 4951 // projects/my-project/regions/us-central1/subnetworks/my-subnet 4952 string subnetwork = 2; 4953 4954 // Whether Intra-node visibility is enabled for this cluster. 4955 // This makes same node pod to pod traffic visible for VPC network. 4956 bool enable_intra_node_visibility = 5; 4957 4958 // Whether the cluster disables default in-node sNAT rules. In-node sNAT rules 4959 // will be disabled when default_snat_status is disabled. When disabled is set 4960 // to false, default IP masquerade rules will be applied to the nodes to 4961 // prevent sNAT on cluster internal traffic. 4962 DefaultSnatStatus default_snat_status = 7; 4963 4964 // Whether L4ILB Subsetting is enabled for this cluster. 4965 bool enable_l4ilb_subsetting = 10; 4966 4967 // The desired datapath provider for this cluster. By default, uses the 4968 // IPTables-based kube-proxy implementation. 4969 DatapathProvider datapath_provider = 11; 4970 4971 // The desired state of IPv6 connectivity to Google Services. 4972 // By default, no private IPv6 access to or from Google Services (all access 4973 // will be via IPv4) 4974 PrivateIPv6GoogleAccess private_ipv6_google_access = 12; 4975 4976 // DNSConfig contains clusterDNS config for this cluster. 4977 DNSConfig dns_config = 13; 4978 4979 // ServiceExternalIPsConfig specifies if services with externalIPs field are 4980 // blocked or not. 4981 ServiceExternalIPsConfig service_external_ips_config = 15; 4982 4983 // GatewayAPIConfig contains the desired config of Gateway API on this 4984 // cluster. 4985 GatewayAPIConfig gateway_api_config = 16; 4986 4987 // Whether multi-networking is enabled for this cluster. 4988 bool enable_multi_networking = 17; 4989 4990 // Network bandwidth tier configuration. 4991 ClusterNetworkPerformanceConfig network_performance_config = 18; 4992 4993 // Whether FQDN Network Policy is enabled on this cluster. 4994 optional bool enable_fqdn_network_policy = 19; 4995 4996 // Specify the details of in-transit encryption. 4997 optional InTransitEncryptionConfig in_transit_encryption_config = 20; 4998 4999 // Whether CiliumClusterWideNetworkPolicy is enabled on this cluster. 5000 optional bool enable_cilium_clusterwide_network_policy = 21; 5001} 5002 5003// GatewayAPIConfig contains the desired config of Gateway API on this cluster. 5004message GatewayAPIConfig { 5005 // Channel describes if/how Gateway API should be installed and implemented in 5006 // a cluster. 5007 enum Channel { 5008 // Default value. 5009 CHANNEL_UNSPECIFIED = 0; 5010 5011 // Gateway API support is disabled 5012 CHANNEL_DISABLED = 1; 5013 5014 // Gateway API support is enabled, experimental CRDs are installed 5015 CHANNEL_EXPERIMENTAL = 3; 5016 5017 // Gateway API support is enabled, standard CRDs are installed 5018 CHANNEL_STANDARD = 4; 5019 } 5020 5021 // The Gateway API release channel to use for Gateway API. 5022 Channel channel = 1; 5023} 5024 5025// Config to block services with externalIPs field. 5026message ServiceExternalIPsConfig { 5027 // Whether Services with ExternalIPs field are allowed or not. 5028 bool enabled = 1; 5029} 5030 5031// ListUsableSubnetworksRequest requests the list of usable subnetworks. 5032// available to a user for creating clusters. 5033message ListUsableSubnetworksRequest { 5034 // Required. The parent project where subnetworks are usable. 5035 // Specified in the format `projects/*`. 5036 string parent = 1 [(google.api.field_behavior) = REQUIRED]; 5037 5038 // Filtering currently only supports equality on the networkProjectId and must 5039 // be in the form: "networkProjectId=[PROJECTID]", where `networkProjectId` 5040 // is the project which owns the listed subnetworks. This defaults to the 5041 // parent project ID. 5042 string filter = 2; 5043 5044 // The max number of results per page that should be returned. If the number 5045 // of available results is larger than `page_size`, a `next_page_token` is 5046 // returned which can be used to get the next page of results in subsequent 5047 // requests. Acceptable values are 0 to 500, inclusive. (Default: 500) 5048 int32 page_size = 3; 5049 5050 // Specifies a page token to use. Set this to the nextPageToken returned by 5051 // previous list requests to get the next page of results. 5052 string page_token = 4; 5053} 5054 5055// ListUsableSubnetworksResponse is the response of 5056// ListUsableSubnetworksRequest. 5057message ListUsableSubnetworksResponse { 5058 // A list of usable subnetworks in the specified network project. 5059 repeated UsableSubnetwork subnetworks = 1; 5060 5061 // This token allows you to get the next page of results for list requests. 5062 // If the number of results is larger than `page_size`, use the 5063 // `next_page_token` as a value for the query parameter `page_token` in the 5064 // next request. The value will become empty when there are no more pages. 5065 string next_page_token = 2; 5066} 5067 5068// Secondary IP range of a usable subnetwork. 5069message UsableSubnetworkSecondaryRange { 5070 // Status shows the current usage of a secondary IP range. 5071 enum Status { 5072 // UNKNOWN is the zero value of the Status enum. It's not a valid status. 5073 UNKNOWN = 0; 5074 5075 // UNUSED denotes that this range is unclaimed by any cluster. 5076 UNUSED = 1; 5077 5078 // IN_USE_SERVICE denotes that this range is claimed by a cluster for 5079 // services. It cannot be used for other clusters. 5080 IN_USE_SERVICE = 2; 5081 5082 // IN_USE_SHAREABLE_POD denotes this range was created by the network admin 5083 // and is currently claimed by a cluster for pods. It can only be used by 5084 // other clusters as a pod range. 5085 IN_USE_SHAREABLE_POD = 3; 5086 5087 // IN_USE_MANAGED_POD denotes this range was created by GKE and is claimed 5088 // for pods. It cannot be used for other clusters. 5089 IN_USE_MANAGED_POD = 4; 5090 } 5091 5092 // The name associated with this subnetwork secondary range, used when adding 5093 // an alias IP range to a VM instance. 5094 string range_name = 1; 5095 5096 // The range of IP addresses belonging to this subnetwork secondary range. 5097 string ip_cidr_range = 2; 5098 5099 // This field is to determine the status of the secondary range programmably. 5100 Status status = 3; 5101} 5102 5103// UsableSubnetwork resource returns the subnetwork name, its associated network 5104// and the primary CIDR range. 5105message UsableSubnetwork { 5106 // Subnetwork Name. 5107 // Example: projects/my-project/regions/us-central1/subnetworks/my-subnet 5108 string subnetwork = 1; 5109 5110 // Network Name. 5111 // Example: projects/my-project/global/networks/my-network 5112 string network = 2; 5113 5114 // The range of internal addresses that are owned by this subnetwork. 5115 string ip_cidr_range = 3; 5116 5117 // Secondary IP ranges. 5118 repeated UsableSubnetworkSecondaryRange secondary_ip_ranges = 4; 5119 5120 // A human readable status message representing the reasons for cases where 5121 // the caller cannot use the secondary ranges under the subnet. For example if 5122 // the secondary_ip_ranges is empty due to a permission issue, an insufficient 5123 // permission message will be given by status_message. 5124 string status_message = 5; 5125} 5126 5127// VerticalPodAutoscaling contains global, per-cluster information 5128// required by Vertical Pod Autoscaler to automatically adjust 5129// the resources of pods controlled by it. 5130message VerticalPodAutoscaling { 5131 // Enables vertical pod autoscaling. 5132 bool enabled = 1; 5133} 5134 5135// DefaultSnatStatus contains the desired state of whether default sNAT should 5136// be disabled on the cluster. 5137message DefaultSnatStatus { 5138 // Disables cluster default sNAT rules. 5139 bool disabled = 1; 5140} 5141 5142// IntraNodeVisibilityConfig contains the desired config of the intra-node 5143// visibility on this cluster. 5144message IntraNodeVisibilityConfig { 5145 // Enables intra node visibility for this cluster. 5146 bool enabled = 1; 5147} 5148 5149// ILBSubsettingConfig contains the desired config of L4 Internal LoadBalancer 5150// subsetting on this cluster. 5151message ILBSubsettingConfig { 5152 // Enables l4 ILB subsetting for this cluster 5153 bool enabled = 1; 5154} 5155 5156// DNSConfig contains the desired set of options for configuring clusterDNS. 5157message DNSConfig { 5158 // Provider lists the various in-cluster DNS providers. 5159 enum Provider { 5160 // Default value 5161 PROVIDER_UNSPECIFIED = 0; 5162 5163 // Use GKE default DNS provider(kube-dns) for DNS resolution. 5164 PLATFORM_DEFAULT = 1; 5165 5166 // Use CloudDNS for DNS resolution. 5167 CLOUD_DNS = 2; 5168 5169 // Use KubeDNS for DNS resolution. 5170 KUBE_DNS = 3; 5171 } 5172 5173 // DNSScope lists the various scopes of access to cluster DNS records. 5174 enum DNSScope { 5175 // Default value, will be inferred as cluster scope. 5176 DNS_SCOPE_UNSPECIFIED = 0; 5177 5178 // DNS records are accessible from within the cluster. 5179 CLUSTER_SCOPE = 1; 5180 5181 // DNS records are accessible from within the VPC. 5182 VPC_SCOPE = 2; 5183 } 5184 5185 // cluster_dns indicates which in-cluster DNS provider should be used. 5186 Provider cluster_dns = 1; 5187 5188 // cluster_dns_scope indicates the scope of access to cluster DNS records. 5189 DNSScope cluster_dns_scope = 2; 5190 5191 // cluster_dns_domain is the suffix used for all cluster service records. 5192 string cluster_dns_domain = 3; 5193} 5194 5195// Constraints applied to pods. 5196message MaxPodsConstraint { 5197 // Constraint enforced on the max num of pods per node. 5198 int64 max_pods_per_node = 1; 5199} 5200 5201// Configuration for the use of Kubernetes Service Accounts in GCP IAM 5202// policies. 5203message WorkloadIdentityConfig { 5204 // IAM Identity Namespace to attach all Kubernetes Service Accounts to. 5205 string identity_namespace = 1 [deprecated = true]; 5206 5207 // The workload pool to attach all Kubernetes service accounts to. 5208 string workload_pool = 2; 5209 5210 // identity provider is the third party identity provider. 5211 string identity_provider = 3; 5212} 5213 5214// Configuration for direct-path (via ALTS) with workload identity. 5215message WorkloadALTSConfig { 5216 // enable_alts controls whether the alts handshaker should be enabled or not 5217 // for direct-path. 5218 // 5219 // Requires Workload Identity 5220 // ([workload_pool][google.container.v1beta1.WorkloadIdentityConfig.workload_pool] 5221 // must be non-empty). 5222 google.protobuf.BoolValue enable_alts = 1; 5223} 5224 5225// Configuration for issuance of mTLS keys and certificates to Kubernetes pods. 5226message WorkloadCertificates { 5227 // enable_certificates controls issuance of workload mTLS certificates. 5228 // 5229 // If set, the GKE Workload Identity Certificates controller and node agent 5230 // will be deployed in the cluster, which can then be configured by creating a 5231 // WorkloadCertificateConfig Custom Resource. 5232 // 5233 // Requires Workload Identity 5234 // ([workload_pool][google.container.v1beta1.WorkloadIdentityConfig.workload_pool] 5235 // must be non-empty). 5236 google.protobuf.BoolValue enable_certificates = 1; 5237} 5238 5239// Configuration for issuance of mTLS keys and certificates to Kubernetes pods. 5240message MeshCertificates { 5241 // enable_certificates controls issuance of workload mTLS certificates. 5242 // 5243 // If set, the GKE Workload Identity Certificates controller and node agent 5244 // will be deployed in the cluster, which can then be configured by creating a 5245 // WorkloadCertificateConfig Custom Resource. 5246 // 5247 // Requires Workload Identity 5248 // ([workload_pool][google.container.v1alpha1.WorkloadIdentityConfig.workload_pool] 5249 // must be non-empty). 5250 google.protobuf.BoolValue enable_certificates = 1; 5251} 5252 5253// Configuration of etcd encryption. 5254message DatabaseEncryption { 5255 // State of etcd encryption. 5256 enum State { 5257 // Should never be set 5258 UNKNOWN = 0; 5259 5260 // Secrets in etcd are encrypted. 5261 ENCRYPTED = 1; 5262 5263 // Secrets in etcd are stored in plain text (at etcd level) - this is 5264 // unrelated to Compute Engine level full disk encryption. 5265 DECRYPTED = 2; 5266 } 5267 5268 // Current State of etcd encryption. 5269 enum CurrentState { 5270 // Should never be set 5271 CURRENT_STATE_UNSPECIFIED = 0; 5272 5273 // Secrets in etcd are encrypted. 5274 CURRENT_STATE_ENCRYPTED = 7; 5275 5276 // Secrets in etcd are stored in plain text (at etcd level) - this is 5277 // unrelated to Compute Engine level full disk encryption. 5278 CURRENT_STATE_DECRYPTED = 2; 5279 5280 // Encryption (or re-encryption with a different CloudKMS key) 5281 // of Secrets is in progress. 5282 CURRENT_STATE_ENCRYPTION_PENDING = 3; 5283 5284 // Encryption (or re-encryption with a different CloudKMS key) of Secrets in 5285 // etcd encountered an error. 5286 CURRENT_STATE_ENCRYPTION_ERROR = 4; 5287 5288 // De-crypting Secrets to plain text in etcd is in progress. 5289 CURRENT_STATE_DECRYPTION_PENDING = 5; 5290 5291 // De-crypting Secrets to plain text in etcd encountered an error. 5292 CURRENT_STATE_DECRYPTION_ERROR = 6; 5293 } 5294 5295 // OperationError records errors seen from CloudKMS keys 5296 // encountered during updates to DatabaseEncryption configuration. 5297 message OperationError { 5298 // CloudKMS key resource that had the error. 5299 string key_name = 1; 5300 5301 // Description of the error seen during the operation. 5302 string error_message = 2; 5303 5304 // Time when the CloudKMS error was seen. 5305 google.protobuf.Timestamp timestamp = 3; 5306 } 5307 5308 // Name of CloudKMS key to use for the encryption of secrets in etcd. 5309 // Ex. projects/my-project/locations/global/keyRings/my-ring/cryptoKeys/my-key 5310 string key_name = 1; 5311 5312 // The desired state of etcd encryption. 5313 State state = 2; 5314 5315 // Output only. The current state of etcd encryption. 5316 optional CurrentState current_state = 3 5317 [(google.api.field_behavior) = OUTPUT_ONLY]; 5318 5319 // Output only. Keys in use by the cluster for decrypting 5320 // existing objects, in addition to the key in `key_name`. 5321 // 5322 // Each item is a CloudKMS key resource. 5323 repeated string decryption_keys = 4 5324 [(google.api.field_behavior) = OUTPUT_ONLY]; 5325 5326 // Output only. Records errors seen during DatabaseEncryption update 5327 // operations. 5328 repeated OperationError last_operation_errors = 5 5329 [(google.api.field_behavior) = OUTPUT_ONLY]; 5330} 5331 5332// Configuration for exporting cluster resource usages. 5333message ResourceUsageExportConfig { 5334 // Parameters for using BigQuery as the destination of resource usage export. 5335 message BigQueryDestination { 5336 // The ID of a BigQuery Dataset. 5337 string dataset_id = 1; 5338 } 5339 5340 // Parameters for controlling consumption metering. 5341 message ConsumptionMeteringConfig { 5342 // Whether to enable consumption metering for this cluster. If enabled, a 5343 // second BigQuery table will be created to hold resource consumption 5344 // records. 5345 bool enabled = 1; 5346 } 5347 5348 // Configuration to use BigQuery as usage export destination. 5349 BigQueryDestination bigquery_destination = 1; 5350 5351 // Whether to enable network egress metering for this cluster. If enabled, a 5352 // daemonset will be created in the cluster to meter network egress traffic. 5353 bool enable_network_egress_metering = 2; 5354 5355 // Configuration to enable resource consumption metering. 5356 ConsumptionMeteringConfig consumption_metering_config = 3; 5357} 5358 5359// Configuration of Shielded Nodes feature. 5360message ShieldedNodes { 5361 // Whether Shielded Nodes features are enabled on all nodes in this cluster. 5362 bool enabled = 1; 5363} 5364 5365// Configuration of gVNIC feature. 5366message VirtualNIC { 5367 // Whether gVNIC features are enabled in the node pool. 5368 bool enabled = 1; 5369} 5370 5371// Configuration of Fast Socket feature. 5372message FastSocket { 5373 // Whether Fast Socket features are enabled in the node pool. 5374 bool enabled = 1; 5375} 5376 5377// GetOpenIDConfigRequest gets the OIDC discovery document for the 5378// cluster. See the OpenID Connect Discovery 1.0 specification for details. 5379message GetOpenIDConfigRequest { 5380 // The cluster (project, location, cluster name) to get the discovery document 5381 // for. Specified in the format `projects/*/locations/*/clusters/*`. 5382 string parent = 1; 5383} 5384 5385// GetOpenIDConfigResponse is an OIDC discovery document for the cluster. 5386// See the OpenID Connect Discovery 1.0 specification for details. 5387message GetOpenIDConfigResponse { 5388 // OIDC Issuer. 5389 string issuer = 1; 5390 5391 // JSON Web Key uri. 5392 string jwks_uri = 2; 5393 5394 // Supported response types. 5395 repeated string response_types_supported = 3; 5396 5397 // Supported subject types. 5398 repeated string subject_types_supported = 4; 5399 5400 // supported ID Token signing Algorithms. 5401 repeated string id_token_signing_alg_values_supported = 5; 5402 5403 // Supported claims. 5404 repeated string claims_supported = 6; 5405 5406 // Supported grant types. 5407 repeated string grant_types = 7; 5408} 5409 5410// GetJSONWebKeysRequest gets the public component of the keys used by the 5411// cluster to sign token requests. This will be the jwks_uri for the discover 5412// document returned by getOpenIDConfig. See the OpenID Connect 5413// Discovery 1.0 specification for details. 5414message GetJSONWebKeysRequest { 5415 // The cluster (project, location, cluster name) to get keys for. Specified in 5416 // the format `projects/*/locations/*/clusters/*`. 5417 string parent = 1; 5418} 5419 5420// Jwk is a JSON Web Key as specified in RFC 7517 5421message Jwk { 5422 // Key Type. 5423 string kty = 1; 5424 5425 // Algorithm. 5426 string alg = 2; 5427 5428 // Permitted uses for the public keys. 5429 string use = 3; 5430 5431 // Key ID. 5432 string kid = 4; 5433 5434 // Used for RSA keys. 5435 string n = 5; 5436 5437 // Used for RSA keys. 5438 string e = 6; 5439 5440 // Used for ECDSA keys. 5441 string x = 7; 5442 5443 // Used for ECDSA keys. 5444 string y = 8; 5445 5446 // Used for ECDSA keys. 5447 string crv = 9; 5448} 5449 5450// GetJSONWebKeysResponse is a valid JSON Web Key Set as specififed in rfc 7517 5451message GetJSONWebKeysResponse { 5452 // The public component of the keys used by the cluster to sign token 5453 // requests. 5454 repeated Jwk keys = 1; 5455} 5456 5457// CheckAutopilotCompatibilityRequest requests getting the blockers for the 5458// given operation in the cluster. 5459message CheckAutopilotCompatibilityRequest { 5460 // The name (project, location, cluster) of the cluster to retrieve. 5461 // Specified in the format `projects/*/locations/*/clusters/*`. 5462 string name = 1; 5463} 5464 5465// AutopilotCompatibilityIssue contains information about a specific 5466// compatibility issue with Autopilot mode. 5467message AutopilotCompatibilityIssue { 5468 // The type of the reported issue. 5469 enum IssueType { 5470 // Default value, should not be used. 5471 UNSPECIFIED = 0; 5472 5473 // Indicates that the issue is a known incompatibility between the 5474 // cluster and Autopilot mode. 5475 INCOMPATIBILITY = 1; 5476 5477 // Indicates the issue is an incompatibility if customers take no further 5478 // action to resolve. 5479 ADDITIONAL_CONFIG_REQUIRED = 2; 5480 5481 // Indicates the issue is not an incompatibility, but depending on the 5482 // workloads business logic, there is a potential that they won't work on 5483 // Autopilot. 5484 PASSED_WITH_OPTIONAL_CONFIG = 3; 5485 } 5486 5487 // The last time when this issue was observed. 5488 google.protobuf.Timestamp last_observation = 1; 5489 5490 // The constraint type of the issue. 5491 string constraint_type = 2; 5492 5493 // The incompatibility type of this issue. 5494 IssueType incompatibility_type = 3; 5495 5496 // The name of the resources which are subject to this issue. 5497 repeated string subjects = 4; 5498 5499 // A URL to a public documnetation, which addresses resolving this issue. 5500 string documentation_url = 5; 5501 5502 // The description of the issue. 5503 string description = 6; 5504} 5505 5506// CheckAutopilotCompatibilityResponse has a list of compatibility issues. 5507message CheckAutopilotCompatibilityResponse { 5508 // The list of issues for the given operation. 5509 repeated AutopilotCompatibilityIssue issues = 1; 5510 5511 // The summary of the autopilot compatibility response. 5512 string summary = 2; 5513} 5514 5515// ReleaseChannel indicates which release channel a cluster is 5516// subscribed to. Release channels are arranged in order of risk. 5517// 5518// When a cluster is subscribed to a release channel, Google maintains 5519// both the master version and the node version. Node auto-upgrade 5520// defaults to true and cannot be disabled. 5521message ReleaseChannel { 5522 // Possible values for 'channel'. 5523 enum Channel { 5524 // No channel specified. 5525 UNSPECIFIED = 0; 5526 5527 // RAPID channel is offered on an early access basis for customers who want 5528 // to test new releases. 5529 // 5530 // WARNING: Versions available in the RAPID Channel may be subject to 5531 // unresolved issues with no known workaround and are not subject to any 5532 // SLAs. 5533 RAPID = 1; 5534 5535 // Clusters subscribed to REGULAR receive versions that are considered GA 5536 // quality. REGULAR is intended for production users who want to take 5537 // advantage of new features. 5538 REGULAR = 2; 5539 5540 // Clusters subscribed to STABLE receive versions that are known to be 5541 // stable and reliable in production. 5542 STABLE = 3; 5543 } 5544 5545 // channel specifies which release channel the cluster is subscribed to. 5546 Channel channel = 1; 5547} 5548 5549// Configuration for fine-grained cost management feature. 5550message CostManagementConfig { 5551 // Whether the feature is enabled or not. 5552 bool enabled = 1; 5553} 5554 5555// Configuration for Cloud TPU. 5556message TpuConfig { 5557 // Whether Cloud TPU integration is enabled or not. 5558 bool enabled = 1; 5559 5560 // Whether to use service networking for Cloud TPU or not. 5561 bool use_service_networking = 2; 5562 5563 // IPv4 CIDR block reserved for Cloud TPU in the VPC. 5564 string ipv4_cidr_block = 3; 5565} 5566 5567// PrivateIPv6GoogleAccess controls whether and how the pods can communicate 5568// with Google Services through gRPC over IPv6. 5569enum PrivateIPv6GoogleAccess { 5570 // Default value. Same as DISABLED 5571 PRIVATE_IPV6_GOOGLE_ACCESS_UNSPECIFIED = 0; 5572 5573 // No private access to or from Google Services 5574 PRIVATE_IPV6_GOOGLE_ACCESS_DISABLED = 1; 5575 5576 // Enables private IPv6 access to Google Services from GKE 5577 PRIVATE_IPV6_GOOGLE_ACCESS_TO_GOOGLE = 2; 5578 5579 // Enables private IPv6 access to and from Google Services 5580 PRIVATE_IPV6_GOOGLE_ACCESS_BIDIRECTIONAL = 3; 5581} 5582 5583// Master is the configuration for components on master. 5584message Master {} 5585 5586// AutopilotConversionStatus represents conversion status. 5587message AutopilotConversionStatus { 5588 // The current state of the conversion. 5589 enum State { 5590 // STATE_UNSPECIFIED indicates the state is unspecified. 5591 STATE_UNSPECIFIED = 0; 5592 5593 // DONE indicates the conversion has been completed. Old node pools will 5594 // continue being deleted in the background. 5595 DONE = 5; 5596 } 5597 5598 // Output only. The current state of the conversion. 5599 State state = 2 [(google.api.field_behavior) = OUTPUT_ONLY]; 5600} 5601 5602// Autopilot is the configuration for Autopilot settings on the cluster. 5603message Autopilot { 5604 // Enable Autopilot 5605 bool enabled = 1; 5606 5607 // Workload policy configuration for Autopilot. 5608 WorkloadPolicyConfig workload_policy_config = 2; 5609 5610 // Output only. ConversionStatus shows conversion status. 5611 AutopilotConversionStatus conversion_status = 3 5612 [(google.api.field_behavior) = OUTPUT_ONLY]; 5613} 5614 5615// WorkloadPolicyConfig is the configuration of workload policy for autopilot 5616// clusters. 5617message WorkloadPolicyConfig { 5618 // If true, workloads can use NET_ADMIN capability. 5619 optional bool allow_net_admin = 1; 5620} 5621 5622// NotificationConfig is the configuration of notifications. 5623message NotificationConfig { 5624 // Types of notifications currently supported. Can be used to filter what 5625 // notifications are sent. 5626 enum EventType { 5627 // Not set, will be ignored. 5628 EVENT_TYPE_UNSPECIFIED = 0; 5629 5630 // Corresponds with UpgradeAvailableEvent. 5631 UPGRADE_AVAILABLE_EVENT = 1; 5632 5633 // Corresponds with UpgradeEvent. 5634 UPGRADE_EVENT = 2; 5635 5636 // Corresponds with SecurityBulletinEvent. 5637 SECURITY_BULLETIN_EVENT = 3; 5638 } 5639 5640 // Pub/Sub specific notification config. 5641 message PubSub { 5642 // Enable notifications for Pub/Sub. 5643 bool enabled = 1; 5644 5645 // The desired Pub/Sub topic to which notifications will be 5646 // sent by GKE. Format is `projects/{project}/topics/{topic}`. 5647 string topic = 2 [ 5648 (google.api.resource_reference) = { type: "pubsub.googleapis.com/Topic" } 5649 ]; 5650 5651 // Allows filtering to one or more specific event types. If no filter is 5652 // specified, or if a filter is specified with no event types, all event 5653 // types will be sent 5654 Filter filter = 3; 5655 } 5656 5657 // Allows filtering to one or more specific event types. If event types are 5658 // present, those and only those event types will be transmitted to the 5659 // cluster. Other types will be skipped. If no filter is specified, or no 5660 // event types are present, all event types will be sent 5661 message Filter { 5662 // Event types to allowlist. 5663 repeated EventType event_type = 1; 5664 } 5665 5666 // Notification config for Pub/Sub. 5667 PubSub pubsub = 1; 5668} 5669 5670// ConfidentialNodes is configuration for the confidential nodes feature, which 5671// makes nodes run on confidential VMs. 5672message ConfidentialNodes { 5673 // Whether Confidential Nodes feature is enabled. 5674 bool enabled = 1; 5675} 5676 5677// UpgradeResourceType is the resource type that is upgrading. It is used 5678// in upgrade notifications. 5679enum UpgradeResourceType { 5680 // Default value. This shouldn't be used. 5681 UPGRADE_RESOURCE_TYPE_UNSPECIFIED = 0; 5682 5683 // Master / control plane 5684 MASTER = 1; 5685 5686 // Node pool 5687 NODE_POOL = 2; 5688} 5689 5690// UpgradeEvent is a notification sent to customers by the cluster server when 5691// a resource is upgrading. 5692message UpgradeEvent { 5693 // The resource type that is upgrading. 5694 UpgradeResourceType resource_type = 1; 5695 5696 // The operation associated with this upgrade. 5697 string operation = 2; 5698 5699 // The time when the operation was started. 5700 google.protobuf.Timestamp operation_start_time = 3; 5701 5702 // The current version before the upgrade. 5703 string current_version = 4; 5704 5705 // The target version for the upgrade. 5706 string target_version = 5; 5707 5708 // Optional relative path to the resource. For example in node pool upgrades, 5709 // the relative path of the node pool. 5710 string resource = 6; 5711} 5712 5713// UpgradeAvailableEvent is a notification sent to customers when a new 5714// available version is released. 5715message UpgradeAvailableEvent { 5716 // The release version available for upgrade. 5717 string version = 1; 5718 5719 // The resource type of the release version. 5720 UpgradeResourceType resource_type = 2; 5721 5722 // The release channel of the version. If empty, it means a non-channel 5723 // release. 5724 ReleaseChannel release_channel = 3; 5725 5726 // Optional relative path to the resource. For example, the relative path of 5727 // the node pool. 5728 string resource = 4; 5729 5730 // Windows node versions info. 5731 WindowsVersions windows_versions = 5; 5732} 5733 5734// SecurityBulletinEvent is a notification sent to customers when a security 5735// bulletin has been posted that they are vulnerable to. 5736message SecurityBulletinEvent { 5737 // The resource type (node/control plane) that has the vulnerability. Multiple 5738 // notifications (1 notification per resource type) will be sent for a 5739 // vulnerability that affects > 1 resource type. 5740 string resource_type_affected = 1; 5741 5742 // The ID of the bulletin corresponding to the vulnerability. 5743 string bulletin_id = 2; 5744 5745 // The CVEs associated with this bulletin. 5746 repeated string cve_ids = 3; 5747 5748 // The severity of this bulletin as it relates to GKE. 5749 string severity = 4; 5750 5751 // The URI link to the bulletin on the website for more information. 5752 string bulletin_uri = 5; 5753 5754 // A brief description of the bulletin. See the bulletin pointed to by the 5755 // bulletin_uri field for an expanded description. 5756 string brief_description = 6; 5757 5758 // The GKE minor versions affected by this vulnerability. 5759 repeated string affected_supported_minors = 7; 5760 5761 // The GKE versions where this vulnerability is patched. 5762 repeated string patched_versions = 8; 5763 5764 // This represents a version selected from the patched_versions field that 5765 // the cluster receiving this notification should most likely want to upgrade 5766 // to based on its current version. Note that if this notification is being 5767 // received by a given cluster, it means that this version is currently 5768 // available as an upgrade target in that cluster's location. 5769 string suggested_upgrade_target = 9; 5770 5771 // If this field is specified, it means there are manual steps that the user 5772 // must take to make their clusters safe. 5773 bool manual_steps_required = 10; 5774} 5775 5776// IdentityServiceConfig is configuration for Identity Service which allows 5777// customers to use external identity providers with the K8S API 5778message IdentityServiceConfig { 5779 // Whether to enable the Identity Service component 5780 bool enabled = 1; 5781} 5782 5783// Strategy used for node pool update. 5784enum NodePoolUpdateStrategy { 5785 // Default value if unset. GKE internally defaults the update strategy to 5786 // SURGE for unspecified strategies. 5787 NODE_POOL_UPDATE_STRATEGY_UNSPECIFIED = 0; 5788 5789 // blue-green upgrade. 5790 BLUE_GREEN = 2; 5791 5792 // SURGE is the traditional way of upgrading a node pool. 5793 // max_surge and max_unavailable determines the level of upgrade parallelism. 5794 SURGE = 3; 5795} 5796 5797// LoggingConfig is cluster logging configuration. 5798message LoggingConfig { 5799 // Logging components configuration 5800 LoggingComponentConfig component_config = 1; 5801} 5802 5803// LoggingComponentConfig is cluster logging component configuration. 5804message LoggingComponentConfig { 5805 // GKE components exposing logs 5806 enum Component { 5807 // Default value. This shouldn't be used. 5808 COMPONENT_UNSPECIFIED = 0; 5809 5810 // system components 5811 SYSTEM_COMPONENTS = 1; 5812 5813 // workloads 5814 WORKLOADS = 2; 5815 5816 // kube-apiserver 5817 APISERVER = 3; 5818 5819 // kube-scheduler 5820 SCHEDULER = 4; 5821 5822 // kube-controller-manager 5823 CONTROLLER_MANAGER = 5; 5824 } 5825 5826 // Select components to collect logs. An empty set would disable all logging. 5827 repeated Component enable_components = 1; 5828} 5829 5830// MonitoringConfig is cluster monitoring configuration. 5831message MonitoringConfig { 5832 // Monitoring components configuration 5833 MonitoringComponentConfig component_config = 1; 5834 5835 // Enable Google Cloud Managed Service for Prometheus 5836 // in the cluster. 5837 ManagedPrometheusConfig managed_prometheus_config = 2; 5838 5839 // Configuration of Advanced Datapath Observability features. 5840 AdvancedDatapathObservabilityConfig advanced_datapath_observability_config = 5841 3; 5842} 5843 5844// AdvancedDatapathObservabilityConfig specifies configuration of observability 5845// features of advanced datapath. 5846message AdvancedDatapathObservabilityConfig { 5847 // Supported Relay modes 5848 enum RelayMode { 5849 // Default value. This shouldn't be used. 5850 RELAY_MODE_UNSPECIFIED = 0; 5851 5852 // disabled 5853 DISABLED = 1; 5854 5855 // exposed via internal load balancer 5856 INTERNAL_VPC_LB = 3; 5857 5858 // exposed via external load balancer 5859 EXTERNAL_LB = 4; 5860 } 5861 5862 // Expose flow metrics on nodes 5863 bool enable_metrics = 1; 5864 5865 // Method used to make Relay available 5866 RelayMode relay_mode = 2; 5867 5868 // Enable Relay component 5869 optional bool enable_relay = 3; 5870} 5871 5872// NodePoolLoggingConfig specifies logging configuration for nodepools. 5873message NodePoolLoggingConfig { 5874 // Logging variant configuration. 5875 LoggingVariantConfig variant_config = 1; 5876} 5877 5878// LoggingVariantConfig specifies the behaviour of the logging component. 5879message LoggingVariantConfig { 5880 // Logging component variants. 5881 enum Variant { 5882 // Default value. This shouldn't be used. 5883 VARIANT_UNSPECIFIED = 0; 5884 5885 // default logging variant. 5886 DEFAULT = 1; 5887 5888 // maximum logging throughput variant. 5889 MAX_THROUGHPUT = 2; 5890 } 5891 5892 // Logging variant deployed on nodes. 5893 Variant variant = 1; 5894} 5895 5896// MonitoringComponentConfig is cluster monitoring component configuration. 5897message MonitoringComponentConfig { 5898 // GKE components exposing metrics 5899 enum Component { 5900 // Default value. This shouldn't be used. 5901 COMPONENT_UNSPECIFIED = 0; 5902 5903 // system components 5904 SYSTEM_COMPONENTS = 1; 5905 5906 // Deprecated: Use Google Cloud Managed Service for Prometheus. 5907 WORKLOADS = 2 [deprecated = true]; 5908 5909 // kube-apiserver 5910 APISERVER = 3; 5911 5912 // kube-scheduler 5913 SCHEDULER = 4; 5914 5915 // kube-controller-manager 5916 CONTROLLER_MANAGER = 5; 5917 5918 // Storage 5919 STORAGE = 7; 5920 5921 // Horizontal Pod Autoscaling 5922 HPA = 8; 5923 5924 // Pod 5925 POD = 9; 5926 5927 // DaemonSet 5928 DAEMONSET = 10; 5929 5930 // Deployment 5931 DEPLOYMENT = 11; 5932 5933 // Statefulset 5934 STATEFULSET = 12; 5935 } 5936 5937 // Select components to collect metrics. An empty set would disable all 5938 // monitoring. 5939 repeated Component enable_components = 1; 5940} 5941 5942// The datapath provider selects the implementation of the Kubernetes networking 5943// model for service resolution and network policy enforcement. 5944enum DatapathProvider { 5945 // Default value. 5946 DATAPATH_PROVIDER_UNSPECIFIED = 0; 5947 5948 // Use the IPTables implementation based on kube-proxy. 5949 LEGACY_DATAPATH = 1; 5950 5951 // Use the eBPF based GKE Dataplane V2 with additional features. See the [GKE 5952 // Dataplane V2 5953 // documentation](https://cloud.google.com/kubernetes-engine/docs/how-to/dataplane-v2) 5954 // for more. 5955 ADVANCED_DATAPATH = 2; 5956} 5957 5958// Fleet is the fleet configuration for the cluster. 5959message Fleet { 5960 // The Fleet host project(project ID or project number) where this cluster 5961 // will be registered to. This field cannot be changed after the cluster has 5962 // been registered. 5963 string project = 1; 5964 5965 // [Output only] The full resource name of the registered fleet membership of 5966 // the cluster, in the format 5967 // `//gkehub.googleapis.com/projects/*/locations/*/memberships/*`. 5968 string membership = 2; 5969 5970 // [Output only] Whether the cluster has been registered through the fleet 5971 // API. 5972 bool pre_registered = 3; 5973} 5974 5975// Possible values for IP stack type 5976enum StackType { 5977 // By default, the clusters will be IPV4 only 5978 STACK_TYPE_UNSPECIFIED = 0; 5979 5980 // The value used if the cluster is a IPV4 only 5981 IPV4 = 1; 5982 5983 // The value used if the cluster is a dual stack cluster 5984 IPV4_IPV6 = 2; 5985} 5986 5987// A map of resource manager tag keys and values to be attached to the nodes 5988// for managing Compute Engine firewalls using Network Firewall Policies. 5989// Tags must be according to specifications in 5990// https://cloud.google.com/vpc/docs/tags-firewalls-overview#specifications. 5991// A maximum of 5 tag key-value pairs can be specified. 5992// Existing tags will be replaced with new values. 5993message ResourceManagerTags { 5994 // Tags must be in one of the following formats ([KEY]=[VALUE]) 5995 // 1. `tagKeys/{tag_key_id}=tagValues/{tag_value_id}` 5996 // 2. `{org_id}/{tag_key_name}={tag_value_name}` 5997 // 3. `{project_id}/{tag_key_name}={tag_value_name}` 5998 map<string, string> tags = 1; 5999} 6000 6001// EnterpriseConfig is the cluster enterprise configuration. 6002message EnterpriseConfig { 6003 // Premium tiers for GKE Cluster. 6004 enum ClusterTier { 6005 // CLUSTER_TIER_UNSPECIFIED is when cluster_tier is not set. 6006 CLUSTER_TIER_UNSPECIFIED = 0; 6007 6008 // STANDARD indicates a standard GKE cluster. 6009 STANDARD = 1; 6010 6011 // ENTERPRISE indicates a GKE Enterprise cluster. 6012 ENTERPRISE = 2; 6013 } 6014 6015 // Output only. [Output only] cluster_tier specifies the premium tier of the 6016 // cluster. 6017 ClusterTier cluster_tier = 1 [(google.api.field_behavior) = OUTPUT_ONLY]; 6018} 6019 6020// SecretManagerConfig is config for secret manager enablement. 6021message SecretManagerConfig { 6022 // Whether the cluster is configured to use secret manager CSI component. 6023 optional bool enabled = 1; 6024} 6025 6026// SecondaryBootDisk represents a persistent disk attached to a node 6027// with special configurations based on its mode. 6028message SecondaryBootDisk { 6029 // Mode specifies how the secondary boot disk will be used. 6030 // This triggers mode-specified logic in the control plane. 6031 enum Mode { 6032 // MODE_UNSPECIFIED is when mode is not set. 6033 MODE_UNSPECIFIED = 0; 6034 6035 // CONTAINER_IMAGE_CACHE is for using the secondary boot disk as 6036 // a container image cache. 6037 CONTAINER_IMAGE_CACHE = 1; 6038 } 6039 6040 // Disk mode (container image cache, etc.) 6041 Mode mode = 1; 6042 6043 // Fully-qualified resource ID for an existing disk image. 6044 string disk_image = 2; 6045} 6046 6047// Options for in-transit encryption. 6048enum InTransitEncryptionConfig { 6049 // Unspecified, will be inferred as default - 6050 // IN_TRANSIT_ENCRYPTION_UNSPECIFIED. 6051 IN_TRANSIT_ENCRYPTION_CONFIG_UNSPECIFIED = 0; 6052 6053 // In-transit encryption is disabled. 6054 IN_TRANSIT_ENCRYPTION_DISABLED = 1; 6055 6056 // Data in-transit is encrypted using inter-node transparent encryption. 6057 IN_TRANSIT_ENCRYPTION_INTER_NODE_TRANSPARENT = 2; 6058} 6059 6060// SecondaryBootDiskUpdateStrategy is a placeholder which will be extended 6061// in the future to define different options for updating secondary boot disks. 6062message SecondaryBootDiskUpdateStrategy {} 6063