Skip to content

Commit

Permalink
feat: [gkehub] add a new field PENDING under DeploymentState enum (
Browse files Browse the repository at this point in the history 
…#5472)

* feat: add a new field `PENDING` under `DeploymentState` enum
feat: add a new field `cluster` under `MembershipSpec` to support Config Sync cluster name selector
feat: add a new field `management` under `MembershipSpec` to support auto upgrade
feat: add a new field `enabled` under `ConfigSync` to support Config Sync installation
feat: add a new field `gcp_service_account_email` under `ConfigSync` to exporting metrics
feat: add a new field `prevent_drift` under `ConfigSync` to support Config Sync admission webhook drift prevention
feat: add a new field `oci` to support OCI repo configuration
docs: update comment for field `secret_type`
docs: update comment for field `gcp_service_account_email`
docs: update comment for field `cluster_name`
docs: update comment for field `sync_state`
docs: update comment for field `secret_type`

PiperOrigin-RevId: 642785216

Source-Link: googleapis/googleapis@2eb3b6a

Source-Link: googleapis/googleapis-gen@05e7bc8
Copy-Tag: eyJwIjoicGFja2FnZXMvZ29vZ2xlLWNsb3VkLWdrZWh1Yi8uT3dsQm90LnlhbWwiLCJoIjoiMDVlN2JjODdjMTdiZGU1MThhOGUyOTRlODRiNjg4ZDI0N2I2M2U5YSJ9

* 🦉 Updates from OwlBot post-processor

See https://github.com/googleapis/repo-automation-bots/blob/main/packages/owl-bot/README.md

* 🦉 Updates from OwlBot post-processor

See https://github.com/googleapis/repo-automation-bots/blob/main/packages/owl-bot/README.md

---------

Co-authored-by: Owl Bot <gcf-owl-bot[bot]@users.noreply.github.com>
Co-authored-by: sofisl <[email protected]>
  • Loading branch information
@gcf-owl-bot @sofisl
3 people authored Jun 26, 2024
1 parent 75c026f commit dc87003
Show file tree
Hide file tree
Showing 4 changed files with 2,019 additions and 334 deletions.
163 changes: 147 additions & 16 deletions ...google-cloud-gkehub/protos/google/cloud/gkehub/v1/configmanagement/configmanagement.proto
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,15 +39,15 @@ enum DeploymentState {

// Deployment was attempted to be installed, but has errors
ERROR = 3;

// Deployment is installing or terminating
PENDING = 4;
}

// **Anthos Config Management**: State for a single cluster.
message MembershipState {
// The user-defined name for the cluster used by ClusterSelectors to group
// clusters together. This should match Membership's membership_name,
// unless the user installed ACM on the cluster manually prior to enabling
// the ACM hub feature.
// Unique within a Anthos Config Management installation.
// This field is set to the `cluster_name` field of the Membership Spec if it
// is not empty. Otherwise, it is set to the cluster's fleet membership name.
string cluster_name = 1;

// Membership configuration in the cluster. This represents the actual state
Expand All @@ -71,6 +71,18 @@ message MembershipState {
// **Anthos Config Management**: Configuration for a single cluster.
// Intended to parallel the ConfigManagement CR.
message MembershipSpec {
// Whether to automatically manage the Feature.
enum Management {
// Unspecified
MANAGEMENT_UNSPECIFIED = 0;

// Google will manage the Feature for the cluster.
MANAGEMENT_AUTOMATIC = 1;

// User will manually manage the Feature for the cluster.
MANAGEMENT_MANUAL = 2;
}

// Config Sync configuration for the cluster.
ConfigSync config_sync = 1;

Expand All @@ -82,6 +94,18 @@ message MembershipSpec {

// Version of ACM installed.
string version = 10;

// The user-specified cluster name used by Config Sync cluster-name-selector
// annotation or ClusterSelector, for applying configs to only a subset
// of clusters.
// Omit this field if the cluster's fleet membership name is used by Config
// Sync cluster-name-selector annotation or ClusterSelector.
// Set this field if a name different from the cluster's fleet membership name
// is used by Config Sync cluster-name-selector annotation or ClusterSelector.
string cluster = 11;

// Enables automatic Feature management.
Management management = 12;
}

// Configuration for Config Sync
Expand All @@ -90,8 +114,33 @@ message ConfigSync {
GitConfig git = 7;

// Specifies whether the Config Sync Repo is
// in hierarchical or unstructured mode.
// in "hierarchical" or "unstructured" mode.
string source_format = 8;

// Enables the installation of ConfigSync.
// If set to true, ConfigSync resources will be created and the other
// ConfigSync fields will be applied if exist.
// If set to false, all other ConfigSync fields will be ignored, ConfigSync
// resources will be deleted.
// If omitted, ConfigSync resources will be managed depends on the presence
// of the git or oci field.
optional bool enabled = 10;

// Set to true to enable the Config Sync admission webhook to prevent drifts.
// If set to `false`, disables the Config Sync admission webhook and does not
// prevent drifts.
bool prevent_drift = 11;

// OCI repo configuration for the cluster
OciConfig oci = 12;

// The Email of the Google Cloud Service Account (GSA) used for exporting
// Config Sync metrics to Cloud Monitoring when Workload Identity is enabled.
// The GSA should have the Monitoring Metric Writer
// (roles/monitoring.metricWriter) IAM role.
// The Kubernetes ServiceAccount `default` in the namespace
// `config-management-monitoring` should be bound to the GSA.
string metrics_gcp_service_account_email = 15;
}

// Git repo configuration for a single cluster.
Expand All @@ -112,17 +161,40 @@ message GitConfig {
// Git revision (tag or hash) to check out. Default HEAD.
string sync_rev = 5;

// Type of secret configured for access to the Git repo.
// Type of secret configured for access to the Git repo. Must be one of ssh,
// cookiefile, gcenode, token, gcpserviceaccount or none. The
// validation of this is case-sensitive. Required.
string secret_type = 6;

// URL for the HTTPS proxy to be used when communicating with the Git repo.
string https_proxy = 7;

// The GCP Service Account Email used for auth when secret_type is
// The Google Cloud Service Account Email used for auth when secret_type is
// gcpServiceAccount.
string gcp_service_account_email = 8;
}

// OCI repo configuration for a single cluster
message OciConfig {
// The OCI image repository URL for the package to sync from.
// e.g. `LOCATION-docker.pkg.dev/PROJECT_ID/REPOSITORY_NAME/PACKAGE_NAME`.
string sync_repo = 1;

// The absolute path of the directory that contains
// the local resources. Default: the root directory of the image.
string policy_dir = 2;

// Period in seconds between consecutive syncs. Default: 15.
int64 sync_wait_secs = 3;

// Type of secret configured for access to the Git repo.
string secret_type = 4;

// The Google Cloud Service Account Email used for auth when secret_type is
// gcpServiceAccount.
string gcp_service_account_email = 5;
}

// Configuration for Policy Controller
message PolicyController {
// Enables the installation of Policy Controller.
Expand Down Expand Up @@ -208,6 +280,41 @@ message InstallError {

// State information for ConfigSync
message ConfigSyncState {
// CRDState representing the state of a CRD
enum CRDState {
// CRD's state cannot be determined
CRD_STATE_UNSPECIFIED = 0;

// CRD is not installed
NOT_INSTALLED = 1;

// CRD is installed
INSTALLED = 2;

// CRD is terminating (i.e., it has been deleted and is cleaning up)
TERMINATING = 3;

// CRD is installing
INSTALLING = 4;
}

enum State {
// CS's state cannot be determined.
STATE_UNSPECIFIED = 0;

// CS is not installed.
CONFIG_SYNC_NOT_INSTALLED = 1;

// The expected CS version is installed successfully.
CONFIG_SYNC_INSTALLED = 2;

// CS encounters errors.
CONFIG_SYNC_ERROR = 3;

// CS is installing or terminating.
CONFIG_SYNC_PENDING = 4;
}

// The version of ConfigSync deployed
ConfigSyncVersion version = 1;

Expand All @@ -217,6 +324,25 @@ message ConfigSyncState {

// The state of ConfigSync's process to sync configs to a cluster
SyncState sync_state = 3;

// Errors pertaining to the installation of Config Sync.
repeated ConfigSyncError errors = 4;

// The state of the RootSync CRD
CRDState rootsync_crd = 5;

// The state of the Reposync CRD
CRDState reposync_crd = 6;

// The state of CS
// This field summarizes the other fields in this message.
State state = 7;
}

// Errors pertaining to the installation of Config Sync
message ConfigSyncError {
// A string representing the user facing error message
string error_message = 1;
}

// Specific versioning information pertaining to ConfigSync's Pods
Expand All @@ -238,6 +364,9 @@ message ConfigSyncVersion {

// Version of the deployed reconciler container in root-reconciler pod
string root_reconciler = 6;

// Version of the deployed admission_webhook pod
string admission_webhook = 7;
}

// The state of ConfigSync's deployment on a cluster
Expand All @@ -259,29 +388,31 @@ message ConfigSyncDeploymentState {

// Deployment state of root-reconciler
DeploymentState root_reconciler = 6;

// Deployment state of admission-webhook
DeploymentState admission_webhook = 7;
}

// State indicating an ACM's progress syncing configurations to a cluster
message SyncState {
// An enum representing an ACM's status syncing configs to a cluster
// An enum representing Config Sync's status of syncing configs to a cluster.
enum SyncCode {
// ACM cannot determine a sync code
// Config Sync cannot determine a sync code
SYNC_CODE_UNSPECIFIED = 0;

// ACM successfully synced the git Repo with the cluster
// Config Sync successfully synced the git Repo with the cluster
SYNCED = 1;

// ACM is in the progress of syncing a new change
// Config Sync is in the progress of syncing a new change
PENDING = 2;

// Indicates an error configuring ACM, and user action is required
// Indicates an error configuring Config Sync, and user action is required
ERROR = 3;

// ACM has been installed (operator manifest deployed),
// but not configured.
// Config Sync has been installed but not configured
NOT_CONFIGURED = 4;

// ACM has not been installed (no operator pod found)
// Config Sync has not been installed
NOT_INSTALLED = 5;

// Error authorizing with the cluster
Expand Down
Loading

0 comments on commit dc87003

Please sign in to comment.