diff --git a/packages/google-cloud-container/google/cloud/container_v1/proto/__init__.py b/packages/google-cloud-container/google/cloud/container_v1/proto/__init__.py deleted file mode 100644 index e69de29bb2d1..000000000000 diff --git a/packages/google-cloud-container/google/cloud/container_v1/proto/cluster_service.proto b/packages/google-cloud-container/google/cloud/container_v1/proto/cluster_service.proto deleted file mode 100644 index 040173ec22ff..000000000000 --- a/packages/google-cloud-container/google/cloud/container_v1/proto/cluster_service.proto +++ /dev/null @@ -1,3352 +0,0 @@ -// Copyright 2020 Google LLC -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -syntax = "proto3"; - -package google.container.v1; - -import "google/api/annotations.proto"; -import "google/api/client.proto"; -import "google/api/field_behavior.proto"; -import "google/protobuf/empty.proto"; -import "google/protobuf/timestamp.proto"; - -option csharp_namespace = "Google.Cloud.Container.V1"; -option go_package = "google.golang.org/genproto/googleapis/container/v1;container"; -option java_multiple_files = true; -option java_outer_classname = "ClusterServiceProto"; -option java_package = "com.google.container.v1"; -option php_namespace = "Google\\Cloud\\Container\\V1"; -option ruby_package = "Google::Cloud::Container::V1"; - -// Google Kubernetes Engine Cluster Manager v1 -service ClusterManager { - option (google.api.default_host) = "container.googleapis.com"; - option (google.api.oauth_scopes) = "https://www.googleapis.com/auth/cloud-platform"; - - // Lists all clusters owned by a project in either the specified zone or all - // zones. - rpc ListClusters(ListClustersRequest) returns (ListClustersResponse) { - option (google.api.http) = { - get: "/v1/{parent=projects/*/locations/*}/clusters" - additional_bindings { - get: "/v1/projects/{project_id}/zones/{zone}/clusters" - } - }; - option (google.api.method_signature) = "project_id,zone"; - option (google.api.method_signature) = "parent"; - } - - // Gets the details of a specific cluster. - rpc GetCluster(GetClusterRequest) returns (Cluster) { - option (google.api.http) = { - get: "/v1/{name=projects/*/locations/*/clusters/*}" - additional_bindings { - get: "/v1/projects/{project_id}/zones/{zone}/clusters/{cluster_id}" - } - }; - option (google.api.method_signature) = "project_id,zone,cluster_id"; - option (google.api.method_signature) = "name"; - } - - // Creates a cluster, consisting of the specified number and type of Google - // Compute Engine instances. - // - // By default, the cluster is created in the project's - // [default - // network](https://cloud.google.com/compute/docs/networks-and-firewalls#networks). - // - // One firewall is added for the cluster. After cluster creation, - // the Kubelet creates routes for each node to allow the containers - // on that node to communicate with all other instances in the - // cluster. - // - // Finally, an entry is added to the project's global metadata indicating - // which CIDR range the cluster is using. - rpc CreateCluster(CreateClusterRequest) returns (Operation) { - option (google.api.http) = { - post: "/v1/{parent=projects/*/locations/*}/clusters" - body: "*" - additional_bindings { - post: "/v1/projects/{project_id}/zones/{zone}/clusters" - body: "*" - } - }; - option (google.api.method_signature) = "project_id,zone,cluster"; - option (google.api.method_signature) = "parent,cluster"; - } - - // Updates the settings of a specific cluster. - rpc UpdateCluster(UpdateClusterRequest) returns (Operation) { - option (google.api.http) = { - put: "/v1/{name=projects/*/locations/*/clusters/*}" - body: "*" - additional_bindings { - put: "/v1/projects/{project_id}/zones/{zone}/clusters/{cluster_id}" - body: "*" - } - }; - option (google.api.method_signature) = "project_id,zone,cluster_id,update"; - option (google.api.method_signature) = "name,update"; - } - - // Updates the version and/or image type for the specified node pool. - rpc UpdateNodePool(UpdateNodePoolRequest) returns (Operation) { - option (google.api.http) = { - put: "/v1/{name=projects/*/locations/*/clusters/*/nodePools/*}" - body: "*" - additional_bindings { - post: "/v1/projects/{project_id}/zones/{zone}/clusters/{cluster_id}/nodePools/{node_pool_id}/update" - body: "*" - } - }; - } - - // Sets the autoscaling settings for the specified node pool. - rpc SetNodePoolAutoscaling(SetNodePoolAutoscalingRequest) returns (Operation) { - option (google.api.http) = { - post: "/v1/{name=projects/*/locations/*/clusters/*/nodePools/*}:setAutoscaling" - body: "*" - additional_bindings { - post: "/v1/projects/{project_id}/zones/{zone}/clusters/{cluster_id}/nodePools/{node_pool_id}/autoscaling" - body: "*" - } - }; - } - - // Sets the logging service for a specific cluster. - rpc SetLoggingService(SetLoggingServiceRequest) returns (Operation) { - option (google.api.http) = { - post: "/v1/{name=projects/*/locations/*/clusters/*}:setLogging" - body: "*" - additional_bindings { - post: "/v1/projects/{project_id}/zones/{zone}/clusters/{cluster_id}/logging" - body: "*" - } - }; - option (google.api.method_signature) = "project_id,zone,cluster_id,logging_service"; - option (google.api.method_signature) = "name,logging_service"; - } - - // Sets the monitoring service for a specific cluster. - rpc SetMonitoringService(SetMonitoringServiceRequest) returns (Operation) { - option (google.api.http) = { - post: "/v1/{name=projects/*/locations/*/clusters/*}:setMonitoring" - body: "*" - additional_bindings { - post: "/v1/projects/{project_id}/zones/{zone}/clusters/{cluster_id}/monitoring" - body: "*" - } - }; - option (google.api.method_signature) = "project_id,zone,cluster_id,monitoring_service"; - option (google.api.method_signature) = "name,monitoring_service"; - } - - // Sets the addons for a specific cluster. - rpc SetAddonsConfig(SetAddonsConfigRequest) returns (Operation) { - option (google.api.http) = { - post: "/v1/{name=projects/*/locations/*/clusters/*}:setAddons" - body: "*" - additional_bindings { - post: "/v1/projects/{project_id}/zones/{zone}/clusters/{cluster_id}/addons" - body: "*" - } - }; - option (google.api.method_signature) = "project_id,zone,cluster_id,addons_config"; - option (google.api.method_signature) = "name,addons_config"; - } - - // Sets the locations for a specific cluster. - // Deprecated. Use - // [projects.locations.clusters.update](https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1/projects.locations.clusters/update) - // instead. - rpc SetLocations(SetLocationsRequest) returns (Operation) { - option deprecated = true; - option (google.api.http) = { - post: "/v1/{name=projects/*/locations/*/clusters/*}:setLocations" - body: "*" - additional_bindings { - post: "/v1/projects/{project_id}/zones/{zone}/clusters/{cluster_id}/locations" - body: "*" - } - }; - option (google.api.method_signature) = "project_id,zone,cluster_id,locations"; - option (google.api.method_signature) = "name,locations"; - } - - // Updates the master for a specific cluster. - rpc UpdateMaster(UpdateMasterRequest) returns (Operation) { - option (google.api.http) = { - post: "/v1/{name=projects/*/locations/*/clusters/*}:updateMaster" - body: "*" - additional_bindings { - post: "/v1/projects/{project_id}/zones/{zone}/clusters/{cluster_id}/master" - body: "*" - } - }; - option (google.api.method_signature) = "project_id,zone,cluster_id,master_version"; - option (google.api.method_signature) = "name,master_version"; - } - - // Sets master auth materials. Currently supports changing the admin password - // or a specific cluster, either via password generation or explicitly setting - // the password. - rpc SetMasterAuth(SetMasterAuthRequest) returns (Operation) { - option (google.api.http) = { - post: "/v1/{name=projects/*/locations/*/clusters/*}:setMasterAuth" - body: "*" - additional_bindings { - post: "/v1/projects/{project_id}/zones/{zone}/clusters/{cluster_id}:setMasterAuth" - body: "*" - } - }; - } - - // Deletes the cluster, including the Kubernetes endpoint and all worker - // nodes. - // - // Firewalls and routes that were configured during cluster creation - // are also deleted. - // - // Other Google Compute Engine resources that might be in use by the cluster, - // such as load balancer resources, are not deleted if they weren't present - // when the cluster was initially created. - rpc DeleteCluster(DeleteClusterRequest) returns (Operation) { - option (google.api.http) = { - delete: "/v1/{name=projects/*/locations/*/clusters/*}" - additional_bindings { - delete: "/v1/projects/{project_id}/zones/{zone}/clusters/{cluster_id}" - } - }; - option (google.api.method_signature) = "project_id,zone,cluster_id"; - option (google.api.method_signature) = "name"; - } - - // Lists all operations in a project in a specific zone or all zones. - rpc ListOperations(ListOperationsRequest) returns (ListOperationsResponse) { - option (google.api.http) = { - get: "/v1/{parent=projects/*/locations/*}/operations" - additional_bindings { - get: "/v1/projects/{project_id}/zones/{zone}/operations" - } - }; - option (google.api.method_signature) = "project_id,zone"; - } - - // Gets the specified operation. - rpc GetOperation(GetOperationRequest) returns (Operation) { - option (google.api.http) = { - get: "/v1/{name=projects/*/locations/*/operations/*}" - additional_bindings { - get: "/v1/projects/{project_id}/zones/{zone}/operations/{operation_id}" - } - }; - option (google.api.method_signature) = "project_id,zone,operation_id"; - option (google.api.method_signature) = "name"; - } - - // Cancels the specified operation. - rpc CancelOperation(CancelOperationRequest) returns (google.protobuf.Empty) { - option (google.api.http) = { - post: "/v1/{name=projects/*/locations/*/operations/*}:cancel" - body: "*" - additional_bindings { - post: "/v1/projects/{project_id}/zones/{zone}/operations/{operation_id}:cancel" - body: "*" - } - }; - option (google.api.method_signature) = "project_id,zone,operation_id"; - option (google.api.method_signature) = "name"; - } - - // Returns configuration info about the Google Kubernetes Engine service. - rpc GetServerConfig(GetServerConfigRequest) returns (ServerConfig) { - option (google.api.http) = { - get: "/v1/{name=projects/*/locations/*}/serverConfig" - additional_bindings { - get: "/v1/projects/{project_id}/zones/{zone}/serverconfig" - } - }; - option (google.api.method_signature) = "project_id,zone"; - option (google.api.method_signature) = "name"; - } - - // Gets the public component of the cluster signing keys in - // JSON Web Key format. - // This API is not yet intended for general use, and is not available for all - // clusters. - rpc GetJSONWebKeys(GetJSONWebKeysRequest) returns (GetJSONWebKeysResponse) { - option (google.api.http) = { - get: "/v1/{parent=projects/*/locations/*/clusters/*}/jwks" - }; - } - - // Lists the node pools for a cluster. - rpc ListNodePools(ListNodePoolsRequest) returns (ListNodePoolsResponse) { - option (google.api.http) = { - get: "/v1/{parent=projects/*/locations/*/clusters/*}/nodePools" - additional_bindings { - get: "/v1/projects/{project_id}/zones/{zone}/clusters/{cluster_id}/nodePools" - } - }; - option (google.api.method_signature) = "project_id,zone,cluster_id"; - option (google.api.method_signature) = "parent"; - } - - // Retrieves the requested node pool. - rpc GetNodePool(GetNodePoolRequest) returns (NodePool) { - option (google.api.http) = { - get: "/v1/{name=projects/*/locations/*/clusters/*/nodePools/*}" - additional_bindings { - get: "/v1/projects/{project_id}/zones/{zone}/clusters/{cluster_id}/nodePools/{node_pool_id}" - } - }; - option (google.api.method_signature) = "project_id,zone,cluster_id,node_pool_id"; - option (google.api.method_signature) = "name"; - } - - // Creates a node pool for a cluster. - rpc CreateNodePool(CreateNodePoolRequest) returns (Operation) { - option (google.api.http) = { - post: "/v1/{parent=projects/*/locations/*/clusters/*}/nodePools" - body: "*" - additional_bindings { - post: "/v1/projects/{project_id}/zones/{zone}/clusters/{cluster_id}/nodePools" - body: "*" - } - }; - option (google.api.method_signature) = "project_id,zone,cluster_id,node_pool"; - option (google.api.method_signature) = "parent,node_pool"; - } - - // Deletes a node pool from a cluster. - rpc DeleteNodePool(DeleteNodePoolRequest) returns (Operation) { - option (google.api.http) = { - delete: "/v1/{name=projects/*/locations/*/clusters/*/nodePools/*}" - additional_bindings { - delete: "/v1/projects/{project_id}/zones/{zone}/clusters/{cluster_id}/nodePools/{node_pool_id}" - } - }; - option (google.api.method_signature) = "project_id,zone,cluster_id,node_pool_id"; - option (google.api.method_signature) = "name"; - } - - // Rolls back a previously Aborted or Failed NodePool upgrade. - // This makes no changes if the last upgrade successfully completed. - rpc RollbackNodePoolUpgrade(RollbackNodePoolUpgradeRequest) returns (Operation) { - option (google.api.http) = { - post: "/v1/{name=projects/*/locations/*/clusters/*/nodePools/*}:rollback" - body: "*" - additional_bindings { - post: "/v1/projects/{project_id}/zones/{zone}/clusters/{cluster_id}/nodePools/{node_pool_id}:rollback" - body: "*" - } - }; - option (google.api.method_signature) = "project_id,zone,cluster_id,node_pool_id"; - option (google.api.method_signature) = "name"; - } - - // Sets the NodeManagement options for a node pool. - rpc SetNodePoolManagement(SetNodePoolManagementRequest) returns (Operation) { - option (google.api.http) = { - post: "/v1/{name=projects/*/locations/*/clusters/*/nodePools/*}:setManagement" - body: "*" - additional_bindings { - post: "/v1/projects/{project_id}/zones/{zone}/clusters/{cluster_id}/nodePools/{node_pool_id}/setManagement" - body: "*" - } - }; - } - - // Sets labels on a cluster. - rpc SetLabels(SetLabelsRequest) returns (Operation) { - option (google.api.http) = { - post: "/v1/{name=projects/*/locations/*/clusters/*}:setResourceLabels" - body: "*" - additional_bindings { - post: "/v1/projects/{project_id}/zones/{zone}/clusters/{cluster_id}/resourceLabels" - body: "*" - } - }; - } - - // Enables or disables the ABAC authorization mechanism on a cluster. - rpc SetLegacyAbac(SetLegacyAbacRequest) returns (Operation) { - option (google.api.http) = { - post: "/v1/{name=projects/*/locations/*/clusters/*}:setLegacyAbac" - body: "*" - additional_bindings { - post: "/v1/projects/{project_id}/zones/{zone}/clusters/{cluster_id}/legacyAbac" - body: "*" - } - }; - option (google.api.method_signature) = "project_id,zone,cluster_id,enabled"; - option (google.api.method_signature) = "name,enabled"; - } - - // Starts master IP rotation. - rpc StartIPRotation(StartIPRotationRequest) returns (Operation) { - option (google.api.http) = { - post: "/v1/{name=projects/*/locations/*/clusters/*}:startIpRotation" - body: "*" - additional_bindings { - post: "/v1/projects/{project_id}/zones/{zone}/clusters/{cluster_id}:startIpRotation" - body: "*" - } - }; - option (google.api.method_signature) = "project_id,zone,cluster_id"; - option (google.api.method_signature) = "name"; - } - - // Completes master IP rotation. - rpc CompleteIPRotation(CompleteIPRotationRequest) returns (Operation) { - option (google.api.http) = { - post: "/v1/{name=projects/*/locations/*/clusters/*}:completeIpRotation" - body: "*" - additional_bindings { - post: "/v1/projects/{project_id}/zones/{zone}/clusters/{cluster_id}:completeIpRotation" - body: "*" - } - }; - option (google.api.method_signature) = "project_id,zone,cluster_id"; - option (google.api.method_signature) = "name"; - } - - // Sets the size for a specific node pool. - rpc SetNodePoolSize(SetNodePoolSizeRequest) returns (Operation) { - option (google.api.http) = { - post: "/v1/{name=projects/*/locations/*/clusters/*/nodePools/*}:setSize" - body: "*" - additional_bindings { - post: "/v1/projects/{project_id}/zones/{zone}/clusters/{cluster_id}/nodePools/{node_pool_id}/setSize" - body: "*" - } - }; - } - - // Enables or disables Network Policy for a cluster. - rpc SetNetworkPolicy(SetNetworkPolicyRequest) returns (Operation) { - option (google.api.http) = { - post: "/v1/{name=projects/*/locations/*/clusters/*}:setNetworkPolicy" - body: "*" - additional_bindings { - post: "/v1/projects/{project_id}/zones/{zone}/clusters/{cluster_id}:setNetworkPolicy" - body: "*" - } - }; - option (google.api.method_signature) = "project_id,zone,cluster_id,network_policy"; - option (google.api.method_signature) = "name,network_policy"; - } - - // Sets the maintenance policy for a cluster. - rpc SetMaintenancePolicy(SetMaintenancePolicyRequest) returns (Operation) { - option (google.api.http) = { - post: "/v1/{name=projects/*/locations/*/clusters/*}:setMaintenancePolicy" - body: "*" - additional_bindings { - post: "/v1/projects/{project_id}/zones/{zone}/clusters/{cluster_id}:setMaintenancePolicy" - body: "*" - } - }; - option (google.api.method_signature) = "project_id,zone,cluster_id,maintenance_policy"; - option (google.api.method_signature) = "name,maintenance_policy"; - } - - // Lists subnetworks that are usable for creating clusters in a project. - rpc ListUsableSubnetworks(ListUsableSubnetworksRequest) returns (ListUsableSubnetworksResponse) { - option (google.api.http) = { - get: "/v1/{parent=projects/*}/aggregated/usableSubnetworks" - }; - } -} - -// Parameters that describe the nodes in a cluster. -message NodeConfig { - // The name of a Google Compute Engine [machine - // type](https://cloud.google.com/compute/docs/machine-types) - // - // If unspecified, the default machine type is `e2-medium`. - string machine_type = 1; - - // Size of the disk attached to each node, specified in GB. - // The smallest allowed disk size is 10GB. - // - // If unspecified, the default disk size is 100GB. - int32 disk_size_gb = 2; - - // The set of Google API scopes to be made available on all of the - // node VMs under the "default" service account. - // - // The following scopes are recommended, but not required, and by default are - // not included: - // - // * `https://www.googleapis.com/auth/compute` is required for mounting - // persistent storage on your nodes. - // * `https://www.googleapis.com/auth/devstorage.read_only` is required for - // communicating with **gcr.io** - // (the [Google Container - // Registry](https://cloud.google.com/container-registry/)). - // - // If unspecified, no scopes are added, unless Cloud Logging or Cloud - // Monitoring are enabled, in which case their required scopes will be added. - repeated string oauth_scopes = 3; - - // The Google Cloud Platform Service Account to be used by the node VMs. - // Specify the email address of the Service Account; otherwise, if no Service - // Account is specified, the "default" service account is used. - string service_account = 9; - - // The metadata key/value pairs assigned to instances in the cluster. - // - // Keys must conform to the regexp `[a-zA-Z0-9-_]+` and be less than 128 bytes - // in length. These are reflected as part of a URL in the metadata server. - // Additionally, to avoid ambiguity, keys must not conflict with any other - // metadata keys for the project or be one of the reserved keys: - // - "cluster-location" - // - "cluster-name" - // - "cluster-uid" - // - "configure-sh" - // - "containerd-configure-sh" - // - "enable-os-login" - // - "gci-ensure-gke-docker" - // - "gci-metrics-enabled" - // - "gci-update-strategy" - // - "instance-template" - // - "kube-env" - // - "startup-script" - // - "user-data" - // - "disable-address-manager" - // - "windows-startup-script-ps1" - // - "common-psm1" - // - "k8s-node-setup-psm1" - // - "install-ssh-psm1" - // - "user-profile-psm1" - // - // The following keys are reserved for Windows nodes: - // - "serial-port-logging-enable" - // - // Values are free-form strings, and only have meaning as interpreted by - // the image running in the instance. The only restriction placed on them is - // that each value's size must be less than or equal to 32 KB. - // - // The total size of all keys and values must be less than 512 KB. - map metadata = 4; - - // The image type to use for this node. Note that for a given image type, - // the latest version of it will be used. - string image_type = 5; - - // The map of Kubernetes labels (key/value pairs) to be applied to each node. - // These will added in addition to any default label(s) that - // Kubernetes may apply to the node. - // In case of conflict in label keys, the applied set may differ depending on - // the Kubernetes version -- it's best to assume the behavior is undefined - // and conflicts should be avoided. - // For more information, including usage and the valid values, see: - // https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ - map labels = 6; - - // The number of local SSD disks to be attached to the node. - // - // The limit for this value is dependent upon the maximum number of - // disks available on a machine per zone. See: - // https://cloud.google.com/compute/docs/disks/local-ssd - // for more information. - int32 local_ssd_count = 7; - - // The list of instance tags applied to all nodes. Tags are used to identify - // valid sources or targets for network firewalls and are specified by - // the client during cluster or node pool creation. Each tag within the list - // must comply with RFC1035. - repeated string tags = 8; - - // Whether the nodes are created as preemptible VM instances. See: - // https://cloud.google.com/compute/docs/instances/preemptible for more - // information about preemptible VM instances. - bool preemptible = 10; - - // A list of hardware accelerators to be attached to each node. - // See https://cloud.google.com/compute/docs/gpus for more information about - // support for GPUs. - repeated AcceleratorConfig accelerators = 11; - - // Type of the disk attached to each node (e.g. 'pd-standard', 'pd-ssd' or - // 'pd-balanced') - // - // If unspecified, the default disk type is 'pd-standard' - string disk_type = 12; - - // Minimum CPU platform to be used by this instance. The instance may be - // scheduled on the specified or newer CPU platform. Applicable values are the - // friendly names of CPU platforms, such as - // `minCpuPlatform: "Intel Haswell"` or - // `minCpuPlatform: "Intel Sandy Bridge"`. For more - // information, read [how to specify min CPU - // platform](https://cloud.google.com/compute/docs/instances/specify-min-cpu-platform) - string min_cpu_platform = 13; - - // The workload metadata configuration for this node. - WorkloadMetadataConfig workload_metadata_config = 14; - - // List of kubernetes taints to be applied to each node. - // - // For more information, including usage and the valid values, see: - // https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ - repeated NodeTaint taints = 15; - - // Sandbox configuration for this node. - SandboxConfig sandbox_config = 17; - - // Setting this field will assign instances of this - // pool to run on the specified node group. This is useful for running - // workloads on [sole tenant - // nodes](https://cloud.google.com/compute/docs/nodes/sole-tenant-nodes). - string node_group = 18; - - // The optional reservation affinity. Setting this field will apply - // the specified [Zonal Compute - // Reservation](https://cloud.google.com/compute/docs/instances/reserving-zonal-resources) - // to this node pool. - ReservationAffinity reservation_affinity = 19; - - // Shielded Instance options. - ShieldedInstanceConfig shielded_instance_config = 20; - - // - // The Customer Managed Encryption Key used to encrypt the boot disk attached - // to each node in the node pool. This should be of the form - // projects/[KEY_PROJECT_ID]/locations/[LOCATION]/keyRings/[RING_NAME]/cryptoKeys/[KEY_NAME]. - // For more information about protecting resources with Cloud KMS Keys please - // see: - // https://cloud.google.com/compute/docs/disks/customer-managed-encryption - string boot_disk_kms_key = 23; -} - -// A set of Shielded Instance options. -message ShieldedInstanceConfig { - // Defines whether the instance has Secure Boot enabled. - // - // Secure Boot helps ensure that the system only runs authentic software by - // verifying the digital signature of all boot components, and halting the - // boot process if signature verification fails. - bool enable_secure_boot = 1; - - // Defines whether the instance has integrity monitoring enabled. - // - // Enables monitoring and attestation of the boot integrity of the instance. - // The attestation is performed against the integrity policy baseline. This - // baseline is initially derived from the implicitly trusted boot image when - // the instance is created. - bool enable_integrity_monitoring = 2; -} - -// SandboxConfig contains configurations of the sandbox to use for the node. -message SandboxConfig { - // Possible types of sandboxes. - enum Type { - // Default value. This should not be used. - UNSPECIFIED = 0; - - // Run sandbox using gvisor. - GVISOR = 1; - } - - // Type of the sandbox to use for the node. - Type type = 2; -} - -// [ReservationAffinity](https://cloud.google.com/compute/docs/instances/reserving-zonal-resources) -// is the configuration of desired reservation which instances could take -// capacity from. -message ReservationAffinity { - // Indicates whether to consume capacity from a reservation or not. - enum Type { - // Default value. This should not be used. - UNSPECIFIED = 0; - - // Do not consume from any reserved capacity. - NO_RESERVATION = 1; - - // Consume any reservation available. - ANY_RESERVATION = 2; - - // Must consume from a specific reservation. Must specify key value fields - // for specifying the reservations. - SPECIFIC_RESERVATION = 3; - } - - // Corresponds to the type of reservation consumption. - Type consume_reservation_type = 1; - - // Corresponds to the label key of a reservation resource. To target a - // SPECIFIC_RESERVATION by name, specify "googleapis.com/reservation-name" as - // the key and specify the name of your reservation as its value. - string key = 2; - - // Corresponds to the label value(s) of reservation resource(s). - repeated string values = 3; -} - -// Kubernetes taint is comprised of three fields: key, value, and effect. Effect -// can only be one of three types: NoSchedule, PreferNoSchedule or NoExecute. -// -// See -// [here](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration) -// for more information, including usage and the valid values. -message NodeTaint { - // Possible values for Effect in taint. - enum Effect { - // Not set - EFFECT_UNSPECIFIED = 0; - - // NoSchedule - NO_SCHEDULE = 1; - - // PreferNoSchedule - PREFER_NO_SCHEDULE = 2; - - // NoExecute - NO_EXECUTE = 3; - } - - // Key for taint. - string key = 1; - - // Value for taint. - string value = 2; - - // Effect for taint. - Effect effect = 3; -} - -// The authentication information for accessing the master endpoint. -// Authentication can be done using HTTP basic auth or using client -// certificates. -message MasterAuth { - // The username to use for HTTP basic authentication to the master endpoint. - // For clusters v1.6.0 and later, basic authentication can be disabled by - // leaving username unspecified (or setting it to the empty string). - // - // Warning: basic authentication is deprecated, and will be removed in GKE - // control plane versions 1.19 and newer. For a list of recommended - // authentication methods, see: - // https://cloud.google.com/kubernetes-engine/docs/how-to/api-server-authentication - string username = 1 [deprecated = true]; - - // The password to use for HTTP basic authentication to the master endpoint. - // Because the master endpoint is open to the Internet, you should create a - // strong password. If a password is provided for cluster creation, username - // must be non-empty. - // - // Warning: basic authentication is deprecated, and will be removed in GKE - // control plane versions 1.19 and newer. For a list of recommended - // authentication methods, see: - // https://cloud.google.com/kubernetes-engine/docs/how-to/api-server-authentication - string password = 2 [deprecated = true]; - - // Configuration for client certificate authentication on the cluster. For - // clusters before v1.12, if no configuration is specified, a client - // certificate is issued. - ClientCertificateConfig client_certificate_config = 3; - - // [Output only] Base64-encoded public certificate that is the root of - // trust for the cluster. - string cluster_ca_certificate = 100; - - // [Output only] Base64-encoded public certificate used by clients to - // authenticate to the cluster endpoint. - string client_certificate = 101; - - // [Output only] Base64-encoded private key used by clients to authenticate - // to the cluster endpoint. - string client_key = 102; -} - -// Configuration for client certificates on the cluster. -message ClientCertificateConfig { - // Issue a client certificate. - bool issue_client_certificate = 1; -} - -// Configuration for the addons that can be automatically spun up in the -// cluster, enabling additional functionality. -message AddonsConfig { - // Configuration for the HTTP (L7) load balancing controller addon, which - // makes it easy to set up HTTP load balancers for services in a cluster. - HttpLoadBalancing http_load_balancing = 1; - - // Configuration for the horizontal pod autoscaling feature, which - // increases or decreases the number of replica pods a replication controller - // has based on the resource usage of the existing pods. - HorizontalPodAutoscaling horizontal_pod_autoscaling = 2; - - // Configuration for the Kubernetes Dashboard. - // This addon is deprecated, and will be disabled in 1.15. It is recommended - // to use the Cloud Console to manage and monitor your Kubernetes clusters, - // workloads and applications. For more information, see: - // https://cloud.google.com/kubernetes-engine/docs/concepts/dashboards - KubernetesDashboard kubernetes_dashboard = 3 [deprecated = true]; - - // Configuration for NetworkPolicy. This only tracks whether the addon - // is enabled or not on the Master, it does not track whether network policy - // is enabled for the nodes. - NetworkPolicyConfig network_policy_config = 4; - - // Configuration for the Cloud Run addon, which allows the user to use a - // managed Knative service. - CloudRunConfig cloud_run_config = 7; - - // Configuration for NodeLocalDNS, a dns cache running on cluster nodes - DnsCacheConfig dns_cache_config = 8; - - // Configuration for the ConfigConnector add-on, a Kubernetes - // extension to manage hosted GCP services through the Kubernetes API - ConfigConnectorConfig config_connector_config = 10; -} - -// Configuration options for the HTTP (L7) load balancing controller addon, -// which makes it easy to set up HTTP load balancers for services in a cluster. -message HttpLoadBalancing { - // Whether the HTTP Load Balancing controller is enabled in the cluster. - // When enabled, it runs a small pod in the cluster that manages the load - // balancers. - bool disabled = 1; -} - -// Configuration options for the horizontal pod autoscaling feature, which -// increases or decreases the number of replica pods a replication controller -// has based on the resource usage of the existing pods. -message HorizontalPodAutoscaling { - // Whether the Horizontal Pod Autoscaling feature is enabled in the cluster. - // When enabled, it ensures that metrics are collected into Stackdriver - // Monitoring. - bool disabled = 1; -} - -// Configuration for the Kubernetes Dashboard. -message KubernetesDashboard { - // Whether the Kubernetes Dashboard is enabled for this cluster. - bool disabled = 1; -} - -// Configuration for NetworkPolicy. This only tracks whether the addon -// is enabled or not on the Master, it does not track whether network policy -// is enabled for the nodes. -message NetworkPolicyConfig { - // Whether NetworkPolicy is enabled for this cluster. - bool disabled = 1; -} - -// Configuration for NodeLocal DNSCache -message DnsCacheConfig { - // Whether NodeLocal DNSCache is enabled for this cluster. - bool enabled = 1; -} - -// Configuration for controlling master global access settings. -message PrivateClusterMasterGlobalAccessConfig { - // Whenever master is accessible globally or not. - bool enabled = 1; -} - -// Configuration options for private clusters. -message PrivateClusterConfig { - // Whether nodes have internal IP addresses only. If enabled, all nodes are - // given only RFC 1918 private addresses and communicate with the master via - // private networking. - bool enable_private_nodes = 1; - - // Whether the master's internal IP address is used as the cluster endpoint. - bool enable_private_endpoint = 2; - - // The IP range in CIDR notation to use for the hosted master network. This - // range will be used for assigning internal IP addresses to the master or - // set of masters, as well as the ILB VIP. This range must not overlap with - // any other ranges in use within the cluster's network. - string master_ipv4_cidr_block = 3; - - // Output only. The internal IP address of this cluster's master endpoint. - string private_endpoint = 4; - - // Output only. The external IP address of this cluster's master endpoint. - string public_endpoint = 5; - - // Output only. The peering name in the customer VPC used by this cluster. - string peering_name = 7; - - // Controls master global access settings. - PrivateClusterMasterGlobalAccessConfig master_global_access_config = 8; -} - -// Configuration for returning group information from authenticators. -message AuthenticatorGroupsConfig { - // Whether this cluster should return group membership lookups - // during authentication using a group of security groups. - bool enabled = 1; - - // The name of the security group-of-groups to be used. Only relevant - // if enabled = true. - string security_group = 2; -} - -// Configuration options for the Cloud Run feature. -message CloudRunConfig { - // Load balancer type of ingress service of Cloud Run. - enum LoadBalancerType { - // Load balancer type for Cloud Run is unspecified. - LOAD_BALANCER_TYPE_UNSPECIFIED = 0; - - // Install external load balancer for Cloud Run. - LOAD_BALANCER_TYPE_EXTERNAL = 1; - - // Install internal load balancer for Cloud Run. - LOAD_BALANCER_TYPE_INTERNAL = 2; - } - - // Whether Cloud Run addon is enabled for this cluster. - bool disabled = 1; - - // Which load balancer type is installed for Cloud Run. - LoadBalancerType load_balancer_type = 3; -} - -// Configuration options for the Config Connector add-on. -message ConfigConnectorConfig { - // Whether Cloud Connector is enabled for this cluster. - bool enabled = 1; -} - -// Configuration options for the master authorized networks feature. Enabled -// master authorized networks will disallow all external traffic to access -// Kubernetes master through HTTPS except traffic from the given CIDR blocks, -// Google Compute Engine Public IPs and Google Prod IPs. -message MasterAuthorizedNetworksConfig { - // CidrBlock contains an optional name and one CIDR block. - message CidrBlock { - // display_name is an optional field for users to identify CIDR blocks. - string display_name = 1; - - // cidr_block must be specified in CIDR notation. - string cidr_block = 2; - } - - // Whether or not master authorized networks is enabled. - bool enabled = 1; - - // cidr_blocks define up to 50 external networks that could access - // Kubernetes master through HTTPS. - repeated CidrBlock cidr_blocks = 2; -} - -// Configuration for the legacy Attribute Based Access Control authorization -// mode. -message LegacyAbac { - // Whether the ABAC authorizer is enabled for this cluster. When enabled, - // identities in the system, including service accounts, nodes, and - // controllers, will have statically granted permissions beyond those - // provided by the RBAC configuration or IAM. - bool enabled = 1; -} - -// Configuration options for the NetworkPolicy feature. -// https://kubernetes.io/docs/concepts/services-networking/networkpolicies/ -message NetworkPolicy { - // Allowed Network Policy providers. - enum Provider { - // Not set - PROVIDER_UNSPECIFIED = 0; - - // Tigera (Calico Felix). - CALICO = 1; - } - - // The selected network policy provider. - Provider provider = 1; - - // Whether network policy is enabled on the cluster. - bool enabled = 2; -} - -// Configuration for Binary Authorization. -message BinaryAuthorization { - // Enable Binary Authorization for this cluster. If enabled, all container - // images will be validated by Binary Authorization. - bool enabled = 1; -} - -// Configuration for controlling how IPs are allocated in the cluster. -message IPAllocationPolicy { - // Whether alias IPs will be used for pod IPs in the cluster. - // This is used in conjunction with use_routes. It cannot - // be true if use_routes is true. If both use_ip_aliases and use_routes are - // false, then the server picks the default IP allocation mode - bool use_ip_aliases = 1; - - // Whether a new subnetwork will be created automatically for the cluster. - // - // This field is only applicable when `use_ip_aliases` is true. - bool create_subnetwork = 2; - - // A custom subnetwork name to be used if `create_subnetwork` is true. If - // this field is empty, then an automatic name will be chosen for the new - // subnetwork. - string subnetwork_name = 3; - - // This field is deprecated, use cluster_ipv4_cidr_block. - string cluster_ipv4_cidr = 4 [deprecated = true]; - - // This field is deprecated, use node_ipv4_cidr_block. - string node_ipv4_cidr = 5 [deprecated = true]; - - // This field is deprecated, use services_ipv4_cidr_block. - string services_ipv4_cidr = 6 [deprecated = true]; - - // The name of the secondary range to be used for the cluster CIDR - // block. The secondary range will be used for pod IP - // addresses. This must be an existing secondary range associated - // with the cluster subnetwork. - // - // This field is only applicable with use_ip_aliases is true and - // create_subnetwork is false. - string cluster_secondary_range_name = 7; - - // The name of the secondary range to be used as for the services - // CIDR block. The secondary range will be used for service - // ClusterIPs. This must be an existing secondary range associated - // with the cluster subnetwork. - // - // This field is only applicable with use_ip_aliases is true and - // create_subnetwork is false. - string services_secondary_range_name = 8; - - // The IP address range for the cluster pod IPs. If this field is set, then - // `cluster.cluster_ipv4_cidr` must be left blank. - // - // This field is only applicable when `use_ip_aliases` is true. - // - // Set to blank to have a range chosen with the default size. - // - // Set to /netmask (e.g. `/14`) to have a range chosen with a specific - // netmask. - // - // Set to a - // [CIDR](http://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing) - // notation (e.g. `10.96.0.0/14`) from the RFC-1918 private networks (e.g. - // `10.0.0.0/8`, `172.16.0.0/12`, `192.168.0.0/16`) to pick a specific range - // to use. - string cluster_ipv4_cidr_block = 9; - - // The IP address range of the instance IPs in this cluster. - // - // This is applicable only if `create_subnetwork` is true. - // - // Set to blank to have a range chosen with the default size. - // - // Set to /netmask (e.g. `/14`) to have a range chosen with a specific - // netmask. - // - // Set to a - // [CIDR](http://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing) - // notation (e.g. `10.96.0.0/14`) from the RFC-1918 private networks (e.g. - // `10.0.0.0/8`, `172.16.0.0/12`, `192.168.0.0/16`) to pick a specific range - // to use. - string node_ipv4_cidr_block = 10; - - // The IP address range of the services IPs in this cluster. If blank, a range - // will be automatically chosen with the default size. - // - // This field is only applicable when `use_ip_aliases` is true. - // - // Set to blank to have a range chosen with the default size. - // - // Set to /netmask (e.g. `/14`) to have a range chosen with a specific - // netmask. - // - // Set to a - // [CIDR](http://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing) - // notation (e.g. `10.96.0.0/14`) from the RFC-1918 private networks (e.g. - // `10.0.0.0/8`, `172.16.0.0/12`, `192.168.0.0/16`) to pick a specific range - // to use. - string services_ipv4_cidr_block = 11; - - // The IP address range of the Cloud TPUs in this cluster. If unspecified, a - // range will be automatically chosen with the default size. - // - // This field is only applicable when `use_ip_aliases` is true. - // - // If unspecified, the range will use the default size. - // - // Set to /netmask (e.g. `/14`) to have a range chosen with a specific - // netmask. - // - // Set to a - // [CIDR](http://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing) - // notation (e.g. `10.96.0.0/14`) from the RFC-1918 private networks (e.g. - // `10.0.0.0/8`, `172.16.0.0/12`, `192.168.0.0/16`) to pick a specific range - // to use. - string tpu_ipv4_cidr_block = 13; - - // Whether routes will be used for pod IPs in the cluster. - // This is used in conjunction with use_ip_aliases. It cannot be true if - // use_ip_aliases is true. If both use_ip_aliases and use_routes are false, - // then the server picks the default IP allocation mode - bool use_routes = 15; -} - -// A Google Kubernetes Engine cluster. -message Cluster { - // The current status of the cluster. - enum Status { - // Not set. - STATUS_UNSPECIFIED = 0; - - // The PROVISIONING state indicates the cluster is being created. - PROVISIONING = 1; - - // The RUNNING state indicates the cluster has been created and is fully - // usable. - RUNNING = 2; - - // The RECONCILING state indicates that some work is actively being done on - // the cluster, such as upgrading the master or node software. Details can - // be found in the `statusMessage` field. - RECONCILING = 3; - - // The STOPPING state indicates the cluster is being deleted. - STOPPING = 4; - - // The ERROR state indicates the cluster is unusable. It will be - // automatically deleted. Details can be found in the `statusMessage` field. - ERROR = 5; - - // The DEGRADED state indicates the cluster requires user action to restore - // full functionality. Details can be found in the `statusMessage` field. - DEGRADED = 6; - } - - // The name of this cluster. The name must be unique within this project - // and location (e.g. zone or region), and can be up to 40 characters with - // the following restrictions: - // - // * Lowercase letters, numbers, and hyphens only. - // * Must start with a letter. - // * Must end with a number or a letter. - string name = 1; - - // An optional description of this cluster. - string description = 2; - - // The number of nodes to create in this cluster. You must ensure that your - // Compute Engine [resource quota](https://cloud.google.com/compute/quotas) - // is sufficient for this number of instances. You must also have available - // firewall and routes quota. - // For requests, this field should only be used in lieu of a - // "node_pool" object, since this configuration (along with the - // "node_config") will be used to create a "NodePool" object with an - // auto-generated name. Do not use this and a node_pool at the same time. - // - // This field is deprecated, use node_pool.initial_node_count instead. - int32 initial_node_count = 3 [deprecated = true]; - - // Parameters used in creating the cluster's nodes. - // For requests, this field should only be used in lieu of a - // "node_pool" object, since this configuration (along with the - // "initial_node_count") will be used to create a "NodePool" object with an - // auto-generated name. Do not use this and a node_pool at the same time. - // For responses, this field will be populated with the node configuration of - // the first node pool. (For configuration of each node pool, see - // `node_pool.config`) - // - // If unspecified, the defaults are used. - // This field is deprecated, use node_pool.config instead. - NodeConfig node_config = 4 [deprecated = true]; - - // The authentication information for accessing the master endpoint. - // If unspecified, the defaults are used: - // For clusters before v1.12, if master_auth is unspecified, `username` will - // be set to "admin", a random password will be generated, and a client - // certificate will be issued. - MasterAuth master_auth = 5; - - // The logging service the cluster should use to write logs. - // Currently available options: - // - // * `logging.googleapis.com/kubernetes` - The Cloud Logging - // service with a Kubernetes-native resource model - // * `logging.googleapis.com` - The legacy Cloud Logging service (no longer - // available as of GKE 1.15). - // * `none` - no logs will be exported from the cluster. - // - // If left as an empty string,`logging.googleapis.com/kubernetes` will be - // used for GKE 1.14+ or `logging.googleapis.com` for earlier versions. - string logging_service = 6; - - // The monitoring service the cluster should use to write metrics. - // Currently available options: - // - // * "monitoring.googleapis.com/kubernetes" - The Cloud Monitoring - // service with a Kubernetes-native resource model - // * `monitoring.googleapis.com` - The legacy Cloud Monitoring service (no - // longer available as of GKE 1.15). - // * `none` - No metrics will be exported from the cluster. - // - // If left as an empty string,`monitoring.googleapis.com/kubernetes` will be - // used for GKE 1.14+ or `monitoring.googleapis.com` for earlier versions. - string monitoring_service = 7; - - // The name of the Google Compute Engine - // [network](https://cloud.google.com/compute/docs/networks-and-firewalls#networks) - // to which the cluster is connected. If left unspecified, the `default` - // network will be used. - string network = 8; - - // The IP address range of the container pods in this cluster, in - // [CIDR](http://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing) - // notation (e.g. `10.96.0.0/14`). Leave blank to have - // one automatically chosen or specify a `/14` block in `10.0.0.0/8`. - string cluster_ipv4_cidr = 9; - - // Configurations for the various addons available to run in the cluster. - AddonsConfig addons_config = 10; - - // The name of the Google Compute Engine - // [subnetwork](https://cloud.google.com/compute/docs/subnetworks) to which - // the cluster is connected. - string subnetwork = 11; - - // The node pools associated with this cluster. - // This field should not be set if "node_config" or "initial_node_count" are - // specified. - repeated NodePool node_pools = 12; - - // The list of Google Compute Engine - // [zones](https://cloud.google.com/compute/docs/zones#available) in which the - // cluster's nodes should be located. - // - // This field provides a default value if - // [NodePool.Locations](https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1/projects.locations.clusters.nodePools#NodePool.FIELDS.locations) - // are not specified during node pool creation. - // - // Warning: changing cluster locations will update the - // [NodePool.Locations](https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1/projects.locations.clusters.nodePools#NodePool.FIELDS.locations) - // of all node pools and will result in nodes being added and/or removed. - repeated string locations = 13; - - // Kubernetes alpha features are enabled on this cluster. This includes alpha - // API groups (e.g. v1alpha1) and features that may not be production ready in - // the kubernetes version of the master and nodes. - // The cluster has no SLA for uptime and master/node upgrades are disabled. - // Alpha enabled clusters are automatically deleted thirty days after - // creation. - bool enable_kubernetes_alpha = 14; - - // The resource labels for the cluster to use to annotate any related - // Google Compute Engine resources. - map resource_labels = 15; - - // The fingerprint of the set of labels for this cluster. - string label_fingerprint = 16; - - // Configuration for the legacy ABAC authorization mode. - LegacyAbac legacy_abac = 18; - - // Configuration options for the NetworkPolicy feature. - NetworkPolicy network_policy = 19; - - // Configuration for cluster IP allocation. - IPAllocationPolicy ip_allocation_policy = 20; - - // The configuration options for master authorized networks feature. - MasterAuthorizedNetworksConfig master_authorized_networks_config = 22; - - // Configure the maintenance policy for this cluster. - MaintenancePolicy maintenance_policy = 23; - - // Configuration for Binary Authorization. - BinaryAuthorization binary_authorization = 24; - - // Cluster-level autoscaling configuration. - ClusterAutoscaling autoscaling = 26; - - // Configuration for cluster networking. - NetworkConfig network_config = 27; - - // The default constraint on the maximum number of pods that can be run - // simultaneously on a node in the node pool of this cluster. Only honored - // if cluster created with IP Alias support. - MaxPodsConstraint default_max_pods_constraint = 30; - - // Configuration for exporting resource usages. Resource usage export is - // disabled when this config is unspecified. - ResourceUsageExportConfig resource_usage_export_config = 33; - - // Configuration controlling RBAC group membership information. - AuthenticatorGroupsConfig authenticator_groups_config = 34; - - // Configuration for private cluster. - PrivateClusterConfig private_cluster_config = 37; - - // Configuration of etcd encryption. - DatabaseEncryption database_encryption = 38; - - // Cluster-level Vertical Pod Autoscaling configuration. - VerticalPodAutoscaling vertical_pod_autoscaling = 39; - - // Shielded Nodes configuration. - ShieldedNodes shielded_nodes = 40; - - // Release channel configuration. - ReleaseChannel release_channel = 41; - - // Configuration for the use of Kubernetes Service Accounts in GCP IAM - // policies. - WorkloadIdentityConfig workload_identity_config = 43; - - // [Output only] Server-defined URL for the resource. - string self_link = 100; - - // [Output only] The name of the Google Compute Engine - // [zone](https://cloud.google.com/compute/docs/zones#available) in which the - // cluster resides. This field is deprecated, use location instead. - string zone = 101 [deprecated = true]; - - // [Output only] The IP address of this cluster's master endpoint. - // The endpoint can be accessed from the internet at - // `https://username:password@endpoint/`. - // - // See the `masterAuth` property of this resource for username and - // password information. - string endpoint = 102; - - // The initial Kubernetes version for this cluster. Valid versions are those - // found in validMasterVersions returned by getServerConfig. The version can - // be upgraded over time; such upgrades are reflected in - // currentMasterVersion and currentNodeVersion. - // - // Users may specify either explicit versions offered by - // Kubernetes Engine or version aliases, which have the following behavior: - // - // - "latest": picks the highest valid Kubernetes version - // - "1.X": picks the highest valid patch+gke.N patch in the 1.X version - // - "1.X.Y": picks the highest valid gke.N patch in the 1.X.Y version - // - "1.X.Y-gke.N": picks an explicit Kubernetes version - // - "","-": picks the default Kubernetes version - string initial_cluster_version = 103; - - // [Output only] The current software version of the master endpoint. - string current_master_version = 104; - - // [Output only] Deprecated, use - // [NodePools.version](https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1/projects.locations.clusters.nodePools) - // instead. The current version of the node software components. If they are - // currently at multiple versions because they're in the process of being - // upgraded, this reflects the minimum version of all nodes. - string current_node_version = 105 [deprecated = true]; - - // [Output only] The time the cluster was created, in - // [RFC3339](https://www.ietf.org/rfc/rfc3339.txt) text format. - string create_time = 106; - - // [Output only] The current status of this cluster. - Status status = 107; - - // [Output only] Deprecated. Use conditions instead. - // Additional information about the current status of this - // cluster, if available. - string status_message = 108 [deprecated = true]; - - // [Output only] The size of the address space on each node for hosting - // containers. This is provisioned from within the `container_ipv4_cidr` - // range. This field will only be set when cluster is in route-based network - // mode. - int32 node_ipv4_cidr_size = 109; - - // [Output only] The IP address range of the Kubernetes services in - // this cluster, in - // [CIDR](http://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing) - // notation (e.g. `1.2.3.4/29`). Service addresses are - // typically put in the last `/16` from the container CIDR. - string services_ipv4_cidr = 110; - - // Deprecated. Use node_pools.instance_group_urls. - repeated string instance_group_urls = 111 [deprecated = true]; - - // [Output only] The number of nodes currently in the cluster. Deprecated. - // Call Kubernetes API directly to retrieve node information. - int32 current_node_count = 112 [deprecated = true]; - - // [Output only] The time the cluster will be automatically - // deleted in [RFC3339](https://www.ietf.org/rfc/rfc3339.txt) text format. - string expire_time = 113; - - // [Output only] The name of the Google Compute Engine - // [zone](https://cloud.google.com/compute/docs/regions-zones/regions-zones#available) - // or - // [region](https://cloud.google.com/compute/docs/regions-zones/regions-zones#available) - // in which the cluster resides. - string location = 114; - - // Enable the ability to use Cloud TPUs in this cluster. - bool enable_tpu = 115; - - // [Output only] The IP address range of the Cloud TPUs in this cluster, in - // [CIDR](http://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing) - // notation (e.g. `1.2.3.4/29`). - string tpu_ipv4_cidr_block = 116; - - // Which conditions caused the current cluster state. - repeated StatusCondition conditions = 118; -} - -// ClusterUpdate describes an update to the cluster. Exactly one update can -// be applied to a cluster with each request, so at most one field can be -// provided. -message ClusterUpdate { - // The Kubernetes version to change the nodes to (typically an - // upgrade). - // - // Users may specify either explicit versions offered by - // Kubernetes Engine or version aliases, which have the following behavior: - // - // - "latest": picks the highest valid Kubernetes version - // - "1.X": picks the highest valid patch+gke.N patch in the 1.X version - // - "1.X.Y": picks the highest valid gke.N patch in the 1.X.Y version - // - "1.X.Y-gke.N": picks an explicit Kubernetes version - // - "-": picks the Kubernetes master version - string desired_node_version = 4; - - // The monitoring service the cluster should use to write metrics. - // Currently available options: - // - // * "monitoring.googleapis.com/kubernetes" - The Cloud Monitoring - // service with a Kubernetes-native resource model - // * `monitoring.googleapis.com` - The legacy Cloud Monitoring service (no - // longer available as of GKE 1.15). - // * `none` - No metrics will be exported from the cluster. - // - // If left as an empty string,`monitoring.googleapis.com/kubernetes` will be - // used for GKE 1.14+ or `monitoring.googleapis.com` for earlier versions. - string desired_monitoring_service = 5; - - // Configurations for the various addons available to run in the cluster. - AddonsConfig desired_addons_config = 6; - - // The node pool to be upgraded. This field is mandatory if - // "desired_node_version", "desired_image_family" or - // "desired_node_pool_autoscaling" is specified and there is more than one - // node pool on the cluster. - string desired_node_pool_id = 7; - - // The desired image type for the node pool. - // NOTE: Set the "desired_node_pool" field as well. - string desired_image_type = 8; - - // Configuration of etcd encryption. - DatabaseEncryption desired_database_encryption = 46; - - // Configuration for Workload Identity. - WorkloadIdentityConfig desired_workload_identity_config = 47; - - // Configuration for Shielded Nodes. - ShieldedNodes desired_shielded_nodes = 48; - - // Autoscaler configuration for the node pool specified in - // desired_node_pool_id. If there is only one pool in the - // cluster and desired_node_pool_id is not provided then - // the change applies to that single node pool. - NodePoolAutoscaling desired_node_pool_autoscaling = 9; - - // The desired list of Google Compute Engine - // [zones](https://cloud.google.com/compute/docs/zones#available) in which the - // cluster's nodes should be located. - // - // This list must always include the cluster's primary zone. - // - // Warning: changing cluster locations will update the locations of all node - // pools and will result in nodes being added and/or removed. - repeated string desired_locations = 10; - - // The desired configuration options for master authorized networks feature. - MasterAuthorizedNetworksConfig desired_master_authorized_networks_config = 12; - - // Cluster-level autoscaling configuration. - ClusterAutoscaling desired_cluster_autoscaling = 15; - - // The desired configuration options for the Binary Authorization feature. - BinaryAuthorization desired_binary_authorization = 16; - - // The logging service the cluster should use to write logs. - // Currently available options: - // - // * `logging.googleapis.com/kubernetes` - The Cloud Logging - // service with a Kubernetes-native resource model - // * `logging.googleapis.com` - The legacy Cloud Logging service (no longer - // available as of GKE 1.15). - // * `none` - no logs will be exported from the cluster. - // - // If left as an empty string,`logging.googleapis.com/kubernetes` will be - // used for GKE 1.14+ or `logging.googleapis.com` for earlier versions. - string desired_logging_service = 19; - - // The desired configuration for exporting resource usage. - ResourceUsageExportConfig desired_resource_usage_export_config = 21; - - // Cluster-level Vertical Pod Autoscaling configuration. - VerticalPodAutoscaling desired_vertical_pod_autoscaling = 22; - - // The desired private cluster configuration. - PrivateClusterConfig desired_private_cluster_config = 25; - - // The desired config of Intra-node visibility. - IntraNodeVisibilityConfig desired_intra_node_visibility_config = 26; - - // The desired status of whether to disable default sNAT for this cluster. - DefaultSnatStatus desired_default_snat_status = 28; - - // The desired release channel configuration. - ReleaseChannel desired_release_channel = 31; - - // The Kubernetes version to change the master to. - // - // Users may specify either explicit versions offered by - // Kubernetes Engine or version aliases, which have the following behavior: - // - // - "latest": picks the highest valid Kubernetes version - // - "1.X": picks the highest valid patch+gke.N patch in the 1.X version - // - "1.X.Y": picks the highest valid gke.N patch in the 1.X.Y version - // - "1.X.Y-gke.N": picks an explicit Kubernetes version - // - "-": picks the default Kubernetes version - string desired_master_version = 100; -} - -// This operation resource represents operations that may have happened or are -// happening on the cluster. All fields are output only. -message Operation { - // Current status of the operation. - enum Status { - // Not set. - STATUS_UNSPECIFIED = 0; - - // The operation has been created. - PENDING = 1; - - // The operation is currently running. - RUNNING = 2; - - // The operation is done, either cancelled or completed. - DONE = 3; - - // The operation is aborting. - ABORTING = 4; - } - - // Operation type. - enum Type { - // Not set. - TYPE_UNSPECIFIED = 0; - - // Cluster create. - CREATE_CLUSTER = 1; - - // Cluster delete. - DELETE_CLUSTER = 2; - - // A master upgrade. - UPGRADE_MASTER = 3; - - // A node upgrade. - UPGRADE_NODES = 4; - - // Cluster repair. - REPAIR_CLUSTER = 5; - - // Cluster update. - UPDATE_CLUSTER = 6; - - // Node pool create. - CREATE_NODE_POOL = 7; - - // Node pool delete. - DELETE_NODE_POOL = 8; - - // Set node pool management. - SET_NODE_POOL_MANAGEMENT = 9; - - // Automatic node pool repair. - AUTO_REPAIR_NODES = 10; - - // Automatic node upgrade. - AUTO_UPGRADE_NODES = 11; - - // Set labels. - SET_LABELS = 12; - - // Set/generate master auth materials - SET_MASTER_AUTH = 13; - - // Set node pool size. - SET_NODE_POOL_SIZE = 14; - - // Updates network policy for a cluster. - SET_NETWORK_POLICY = 15; - - // Set the maintenance policy. - SET_MAINTENANCE_POLICY = 16; - } - - // The server-assigned ID for the operation. - string name = 1; - - // The name of the Google Compute Engine - // [zone](https://cloud.google.com/compute/docs/zones#available) in which the - // operation is taking place. This field is deprecated, use location instead. - string zone = 2 [deprecated = true]; - - // The operation type. - Type operation_type = 3; - - // The current status of the operation. - Status status = 4; - - // Detailed operation progress, if available. - string detail = 8; - - // Output only. If an error has occurred, a textual description of the error. - string status_message = 5 [(google.api.field_behavior) = OUTPUT_ONLY]; - - // Server-defined URL for the resource. - string self_link = 6; - - // Server-defined URL for the target of the operation. - string target_link = 7; - - // [Output only] The name of the Google Compute Engine - // [zone](https://cloud.google.com/compute/docs/regions-zones/regions-zones#available) - // or - // [region](https://cloud.google.com/compute/docs/regions-zones/regions-zones#available) - // in which the cluster resides. - string location = 9; - - // [Output only] The time the operation started, in - // [RFC3339](https://www.ietf.org/rfc/rfc3339.txt) text format. - string start_time = 10; - - // [Output only] The time the operation completed, in - // [RFC3339](https://www.ietf.org/rfc/rfc3339.txt) text format. - string end_time = 11; - - // Output only. [Output only] Progress information for an operation. - OperationProgress progress = 12 [(google.api.field_behavior) = OUTPUT_ONLY]; - - // Which conditions caused the current cluster state. - repeated StatusCondition cluster_conditions = 13; - - // Which conditions caused the current node pool state. - repeated StatusCondition nodepool_conditions = 14; -} - -// Information about operation (or operation stage) progress. -message OperationProgress { - // Progress metric is (string, int|float|string) pair. - message Metric { - // Required. Metric name, e.g., "nodes total", "percent done". - string name = 1 [(google.api.field_behavior) = REQUIRED]; - - // Strictly one of the values is required. - oneof value { - // For metrics with integer value. - int64 int_value = 2; - - // For metrics with floating point value. - double double_value = 3; - - // For metrics with custom values (ratios, visual progress, etc.). - string string_value = 4; - } - } - - // A non-parameterized string describing an operation stage. - // Unset for single-stage operations. - string name = 1; - - // Status of an operation stage. - // Unset for single-stage operations. - Operation.Status status = 2; - - // Progress metric bundle, for example: - // metrics: [{name: "nodes done", int_value: 15}, - // {name: "nodes total", int_value: 32}] - // or - // metrics: [{name: "progress", double_value: 0.56}, - // {name: "progress scale", double_value: 1.0}] - repeated Metric metrics = 3; - - // Substages of an operation or a stage. - repeated OperationProgress stages = 4; -} - -// CreateClusterRequest creates a cluster. -message CreateClusterRequest { - // Deprecated. The Google Developers Console [project ID or project - // number](https://support.google.com/cloud/answer/6158840). - // This field has been deprecated and replaced by the parent field. - string project_id = 1 [deprecated = true]; - - // Deprecated. The name of the Google Compute Engine - // [zone](https://cloud.google.com/compute/docs/zones#available) in which the - // cluster resides. This field has been deprecated and replaced by the parent - // field. - string zone = 2 [deprecated = true]; - - // Required. A [cluster - // resource](https://cloud.google.com/container-engine/reference/rest/v1/projects.locations.clusters) - Cluster cluster = 3 [(google.api.field_behavior) = REQUIRED]; - - // The parent (project and location) where the cluster will be created. - // Specified in the format `projects/*/locations/*`. - string parent = 5; -} - -// GetClusterRequest gets the settings of a cluster. -message GetClusterRequest { - // Deprecated. The Google Developers Console [project ID or project - // number](https://support.google.com/cloud/answer/6158840). - // This field has been deprecated and replaced by the name field. - string project_id = 1 [deprecated = true]; - - // Deprecated. The name of the Google Compute Engine - // [zone](https://cloud.google.com/compute/docs/zones#available) in which the - // cluster resides. This field has been deprecated and replaced by the name - // field. - string zone = 2 [deprecated = true]; - - // Deprecated. The name of the cluster to retrieve. - // This field has been deprecated and replaced by the name field. - string cluster_id = 3 [deprecated = true]; - - // The name (project, location, cluster) of the cluster to retrieve. - // Specified in the format `projects/*/locations/*/clusters/*`. - string name = 5; -} - -// UpdateClusterRequest updates the settings of a cluster. -message UpdateClusterRequest { - // Deprecated. The Google Developers Console [project ID or project - // number](https://support.google.com/cloud/answer/6158840). - // This field has been deprecated and replaced by the name field. - string project_id = 1 [deprecated = true]; - - // Deprecated. The name of the Google Compute Engine - // [zone](https://cloud.google.com/compute/docs/zones#available) in which the - // cluster resides. This field has been deprecated and replaced by the name - // field. - string zone = 2 [deprecated = true]; - - // Deprecated. The name of the cluster to upgrade. - // This field has been deprecated and replaced by the name field. - string cluster_id = 3 [deprecated = true]; - - // Required. A description of the update. - ClusterUpdate update = 4 [(google.api.field_behavior) = REQUIRED]; - - // The name (project, location, cluster) of the cluster to update. - // Specified in the format `projects/*/locations/*/clusters/*`. - string name = 5; -} - -// UpdateNodePoolRequests update a node pool's image and/or version. -message UpdateNodePoolRequest { - // Deprecated. The Google Developers Console [project ID or project - // number](https://support.google.com/cloud/answer/6158840). - // This field has been deprecated and replaced by the name field. - string project_id = 1 [deprecated = true]; - - // Deprecated. The name of the Google Compute Engine - // [zone](https://cloud.google.com/compute/docs/zones#available) in which the - // cluster resides. This field has been deprecated and replaced by the name - // field. - string zone = 2 [deprecated = true]; - - // Deprecated. The name of the cluster to upgrade. - // This field has been deprecated and replaced by the name field. - string cluster_id = 3 [deprecated = true]; - - // Deprecated. The name of the node pool to upgrade. - // This field has been deprecated and replaced by the name field. - string node_pool_id = 4 [deprecated = true]; - - // Required. The Kubernetes version to change the nodes to (typically an - // upgrade). - // - // Users may specify either explicit versions offered by Kubernetes Engine or - // version aliases, which have the following behavior: - // - // - "latest": picks the highest valid Kubernetes version - // - "1.X": picks the highest valid patch+gke.N patch in the 1.X version - // - "1.X.Y": picks the highest valid gke.N patch in the 1.X.Y version - // - "1.X.Y-gke.N": picks an explicit Kubernetes version - // - "-": picks the Kubernetes master version - string node_version = 5 [(google.api.field_behavior) = REQUIRED]; - - // Required. The desired image type for the node pool. - string image_type = 6 [(google.api.field_behavior) = REQUIRED]; - - // The name (project, location, cluster, node pool) of the node pool to - // update. Specified in the format - // `projects/*/locations/*/clusters/*/nodePools/*`. - string name = 8; - - // The desired list of Google Compute Engine - // [zones](https://cloud.google.com/compute/docs/zones#available) in which the - // node pool's nodes should be located. Changing the locations for a node pool - // will result in nodes being either created or removed from the node pool, - // depending on whether locations are being added or removed. - repeated string locations = 13; - - // The desired workload metadata config for the node pool. - WorkloadMetadataConfig workload_metadata_config = 14; - - // Upgrade settings control disruption and speed of the upgrade. - NodePool.UpgradeSettings upgrade_settings = 15; -} - -// SetNodePoolAutoscalingRequest sets the autoscaler settings of a node pool. -message SetNodePoolAutoscalingRequest { - // Deprecated. The Google Developers Console [project ID or project - // number](https://support.google.com/cloud/answer/6158840). - // This field has been deprecated and replaced by the name field. - string project_id = 1 [deprecated = true]; - - // Deprecated. The name of the Google Compute Engine - // [zone](https://cloud.google.com/compute/docs/zones#available) in which the - // cluster resides. This field has been deprecated and replaced by the name - // field. - string zone = 2 [deprecated = true]; - - // Deprecated. The name of the cluster to upgrade. - // This field has been deprecated and replaced by the name field. - string cluster_id = 3 [deprecated = true]; - - // Deprecated. The name of the node pool to upgrade. - // This field has been deprecated and replaced by the name field. - string node_pool_id = 4 [deprecated = true]; - - // Required. Autoscaling configuration for the node pool. - NodePoolAutoscaling autoscaling = 5 [(google.api.field_behavior) = REQUIRED]; - - // The name (project, location, cluster, node pool) of the node pool to set - // autoscaler settings. Specified in the format - // `projects/*/locations/*/clusters/*/nodePools/*`. - string name = 6; -} - -// SetLoggingServiceRequest sets the logging service of a cluster. -message SetLoggingServiceRequest { - // Deprecated. The Google Developers Console [project ID or project - // number](https://support.google.com/cloud/answer/6158840). - // This field has been deprecated and replaced by the name field. - string project_id = 1 [deprecated = true]; - - // Deprecated. The name of the Google Compute Engine - // [zone](https://cloud.google.com/compute/docs/zones#available) in which the - // cluster resides. This field has been deprecated and replaced by the name - // field. - string zone = 2 [deprecated = true]; - - // Deprecated. The name of the cluster to upgrade. - // This field has been deprecated and replaced by the name field. - string cluster_id = 3 [deprecated = true]; - - // Required. The logging service the cluster should use to write logs. - // Currently available options: - // - // * `logging.googleapis.com/kubernetes` - The Cloud Logging - // service with a Kubernetes-native resource model - // * `logging.googleapis.com` - The legacy Cloud Logging service (no longer - // available as of GKE 1.15). - // * `none` - no logs will be exported from the cluster. - // - // If left as an empty string,`logging.googleapis.com/kubernetes` will be - // used for GKE 1.14+ or `logging.googleapis.com` for earlier versions. - string logging_service = 4 [(google.api.field_behavior) = REQUIRED]; - - // The name (project, location, cluster) of the cluster to set logging. - // Specified in the format `projects/*/locations/*/clusters/*`. - string name = 5; -} - -// SetMonitoringServiceRequest sets the monitoring service of a cluster. -message SetMonitoringServiceRequest { - // Deprecated. The Google Developers Console [project ID or project - // number](https://support.google.com/cloud/answer/6158840). - // This field has been deprecated and replaced by the name field. - string project_id = 1 [deprecated = true]; - - // Deprecated. The name of the Google Compute Engine - // [zone](https://cloud.google.com/compute/docs/zones#available) in which the - // cluster resides. This field has been deprecated and replaced by the name - // field. - string zone = 2 [deprecated = true]; - - // Deprecated. The name of the cluster to upgrade. - // This field has been deprecated and replaced by the name field. - string cluster_id = 3 [deprecated = true]; - - // Required. The monitoring service the cluster should use to write metrics. - // Currently available options: - // - // * "monitoring.googleapis.com/kubernetes" - The Cloud Monitoring - // service with a Kubernetes-native resource model - // * `monitoring.googleapis.com` - The legacy Cloud Monitoring service (no - // longer available as of GKE 1.15). - // * `none` - No metrics will be exported from the cluster. - // - // If left as an empty string,`monitoring.googleapis.com/kubernetes` will be - // used for GKE 1.14+ or `monitoring.googleapis.com` for earlier versions. - string monitoring_service = 4 [(google.api.field_behavior) = REQUIRED]; - - // The name (project, location, cluster) of the cluster to set monitoring. - // Specified in the format `projects/*/locations/*/clusters/*`. - string name = 6; -} - -// SetAddonsConfigRequest sets the addons associated with the cluster. -message SetAddonsConfigRequest { - // Deprecated. The Google Developers Console [project ID or project - // number](https://support.google.com/cloud/answer/6158840). - // This field has been deprecated and replaced by the name field. - string project_id = 1 [deprecated = true]; - - // Deprecated. The name of the Google Compute Engine - // [zone](https://cloud.google.com/compute/docs/zones#available) in which the - // cluster resides. This field has been deprecated and replaced by the name - // field. - string zone = 2 [deprecated = true]; - - // Deprecated. The name of the cluster to upgrade. - // This field has been deprecated and replaced by the name field. - string cluster_id = 3 [deprecated = true]; - - // Required. The desired configurations for the various addons available to run in the - // cluster. - AddonsConfig addons_config = 4 [(google.api.field_behavior) = REQUIRED]; - - // The name (project, location, cluster) of the cluster to set addons. - // Specified in the format `projects/*/locations/*/clusters/*`. - string name = 6; -} - -// SetLocationsRequest sets the locations of the cluster. -message SetLocationsRequest { - // Deprecated. The Google Developers Console [project ID or project - // number](https://support.google.com/cloud/answer/6158840). - // This field has been deprecated and replaced by the name field. - string project_id = 1 [deprecated = true]; - - // Deprecated. The name of the Google Compute Engine - // [zone](https://cloud.google.com/compute/docs/zones#available) in which the - // cluster resides. This field has been deprecated and replaced by the name - // field. - string zone = 2 [deprecated = true]; - - // Deprecated. The name of the cluster to upgrade. - // This field has been deprecated and replaced by the name field. - string cluster_id = 3 [deprecated = true]; - - // Required. The desired list of Google Compute Engine - // [zones](https://cloud.google.com/compute/docs/zones#available) in which the - // cluster's nodes should be located. Changing the locations a cluster is in - // will result in nodes being either created or removed from the cluster, - // depending on whether locations are being added or removed. - // - // This list must always include the cluster's primary zone. - repeated string locations = 4 [(google.api.field_behavior) = REQUIRED]; - - // The name (project, location, cluster) of the cluster to set locations. - // Specified in the format `projects/*/locations/*/clusters/*`. - string name = 6; -} - -// UpdateMasterRequest updates the master of the cluster. -message UpdateMasterRequest { - // Deprecated. The Google Developers Console [project ID or project - // number](https://support.google.com/cloud/answer/6158840). - // This field has been deprecated and replaced by the name field. - string project_id = 1 [deprecated = true]; - - // Deprecated. The name of the Google Compute Engine - // [zone](https://cloud.google.com/compute/docs/zones#available) in which the - // cluster resides. This field has been deprecated and replaced by the name - // field. - string zone = 2 [deprecated = true]; - - // Deprecated. The name of the cluster to upgrade. - // This field has been deprecated and replaced by the name field. - string cluster_id = 3 [deprecated = true]; - - // Required. The Kubernetes version to change the master to. - // - // Users may specify either explicit versions offered by Kubernetes Engine or - // version aliases, which have the following behavior: - // - // - "latest": picks the highest valid Kubernetes version - // - "1.X": picks the highest valid patch+gke.N patch in the 1.X version - // - "1.X.Y": picks the highest valid gke.N patch in the 1.X.Y version - // - "1.X.Y-gke.N": picks an explicit Kubernetes version - // - "-": picks the default Kubernetes version - string master_version = 4 [(google.api.field_behavior) = REQUIRED]; - - // The name (project, location, cluster) of the cluster to update. - // Specified in the format `projects/*/locations/*/clusters/*`. - string name = 7; -} - -// SetMasterAuthRequest updates the admin password of a cluster. -message SetMasterAuthRequest { - // Operation type: what type update to perform. - enum Action { - // Operation is unknown and will error out. - UNKNOWN = 0; - - // Set the password to a user generated value. - SET_PASSWORD = 1; - - // Generate a new password and set it to that. - GENERATE_PASSWORD = 2; - - // Set the username. If an empty username is provided, basic authentication - // is disabled for the cluster. If a non-empty username is provided, basic - // authentication is enabled, with either a provided password or a generated - // one. - SET_USERNAME = 3; - } - - // Deprecated. The Google Developers Console [project ID or project - // number](https://support.google.com/cloud/answer/6158840). - // This field has been deprecated and replaced by the name field. - string project_id = 1 [deprecated = true]; - - // Deprecated. The name of the Google Compute Engine - // [zone](https://cloud.google.com/compute/docs/zones#available) in which the - // cluster resides. This field has been deprecated and replaced by the name - // field. - string zone = 2 [deprecated = true]; - - // Deprecated. The name of the cluster to upgrade. - // This field has been deprecated and replaced by the name field. - string cluster_id = 3 [deprecated = true]; - - // Required. The exact form of action to be taken on the master auth. - Action action = 4 [(google.api.field_behavior) = REQUIRED]; - - // Required. A description of the update. - MasterAuth update = 5 [(google.api.field_behavior) = REQUIRED]; - - // The name (project, location, cluster) of the cluster to set auth. - // Specified in the format `projects/*/locations/*/clusters/*`. - string name = 7; -} - -// DeleteClusterRequest deletes a cluster. -message DeleteClusterRequest { - // Deprecated. The Google Developers Console [project ID or project - // number](https://support.google.com/cloud/answer/6158840). - // This field has been deprecated and replaced by the name field. - string project_id = 1 [deprecated = true]; - - // Deprecated. The name of the Google Compute Engine - // [zone](https://cloud.google.com/compute/docs/zones#available) in which the - // cluster resides. This field has been deprecated and replaced by the name - // field. - string zone = 2 [deprecated = true]; - - // Deprecated. The name of the cluster to delete. - // This field has been deprecated and replaced by the name field. - string cluster_id = 3 [deprecated = true]; - - // The name (project, location, cluster) of the cluster to delete. - // Specified in the format `projects/*/locations/*/clusters/*`. - string name = 4; -} - -// ListClustersRequest lists clusters. -message ListClustersRequest { - // Deprecated. The Google Developers Console [project ID or project - // number](https://support.google.com/cloud/answer/6158840). - // This field has been deprecated and replaced by the parent field. - string project_id = 1 [deprecated = true]; - - // Deprecated. The name of the Google Compute Engine - // [zone](https://cloud.google.com/compute/docs/zones#available) in which the - // cluster resides, or "-" for all zones. This field has been deprecated and - // replaced by the parent field. - string zone = 2 [deprecated = true]; - - // The parent (project and location) where the clusters will be listed. - // Specified in the format `projects/*/locations/*`. - // Location "-" matches all zones and all regions. - string parent = 4; -} - -// ListClustersResponse is the result of ListClustersRequest. -message ListClustersResponse { - // A list of clusters in the project in the specified zone, or - // across all ones. - repeated Cluster clusters = 1; - - // If any zones are listed here, the list of clusters returned - // may be missing those zones. - repeated string missing_zones = 2; -} - -// GetOperationRequest gets a single operation. -message GetOperationRequest { - // Deprecated. The Google Developers Console [project ID or project - // number](https://support.google.com/cloud/answer/6158840). - // This field has been deprecated and replaced by the name field. - string project_id = 1 [deprecated = true]; - - // Deprecated. The name of the Google Compute Engine - // [zone](https://cloud.google.com/compute/docs/zones#available) in which the - // cluster resides. This field has been deprecated and replaced by the name - // field. - string zone = 2 [deprecated = true]; - - // Deprecated. The server-assigned `name` of the operation. - // This field has been deprecated and replaced by the name field. - string operation_id = 3 [deprecated = true]; - - // The name (project, location, operation id) of the operation to get. - // Specified in the format `projects/*/locations/*/operations/*`. - string name = 5; -} - -// ListOperationsRequest lists operations. -message ListOperationsRequest { - // Deprecated. The Google Developers Console [project ID or project - // number](https://support.google.com/cloud/answer/6158840). - // This field has been deprecated and replaced by the parent field. - string project_id = 1 [deprecated = true]; - - // Deprecated. The name of the Google Compute Engine - // [zone](https://cloud.google.com/compute/docs/zones#available) to return - // operations for, or `-` for all zones. This field has been deprecated and - // replaced by the parent field. - string zone = 2 [deprecated = true]; - - // The parent (project and location) where the operations will be listed. - // Specified in the format `projects/*/locations/*`. - // Location "-" matches all zones and all regions. - string parent = 4; -} - -// CancelOperationRequest cancels a single operation. -message CancelOperationRequest { - // Deprecated. The Google Developers Console [project ID or project - // number](https://support.google.com/cloud/answer/6158840). - // This field has been deprecated and replaced by the name field. - string project_id = 1 [deprecated = true]; - - // Deprecated. The name of the Google Compute Engine - // [zone](https://cloud.google.com/compute/docs/zones#available) in which the - // operation resides. This field has been deprecated and replaced by the name - // field. - string zone = 2 [deprecated = true]; - - // Deprecated. The server-assigned `name` of the operation. - // This field has been deprecated and replaced by the name field. - string operation_id = 3 [deprecated = true]; - - // The name (project, location, operation id) of the operation to cancel. - // Specified in the format `projects/*/locations/*/operations/*`. - string name = 4; -} - -// ListOperationsResponse is the result of ListOperationsRequest. -message ListOperationsResponse { - // A list of operations in the project in the specified zone. - repeated Operation operations = 1; - - // If any zones are listed here, the list of operations returned - // may be missing the operations from those zones. - repeated string missing_zones = 2; -} - -// Gets the current Kubernetes Engine service configuration. -message GetServerConfigRequest { - // Deprecated. The Google Developers Console [project ID or project - // number](https://support.google.com/cloud/answer/6158840). - // This field has been deprecated and replaced by the name field. - string project_id = 1 [deprecated = true]; - - // Deprecated. The name of the Google Compute Engine - // [zone](https://cloud.google.com/compute/docs/zones#available) to return - // operations for. This field has been deprecated and replaced by the name - // field. - string zone = 2 [deprecated = true]; - - // The name (project and location) of the server config to get, - // specified in the format `projects/*/locations/*`. - string name = 4; -} - -// Kubernetes Engine service configuration. -message ServerConfig { - // ReleaseChannelConfig exposes configuration for a release channel. - message ReleaseChannelConfig { - // The release channel this configuration applies to. - ReleaseChannel.Channel channel = 1; - - // The default version for newly created clusters on the channel. - string default_version = 2; - - // List of valid versions for the channel. - repeated string valid_versions = 4; - } - - // Version of Kubernetes the service deploys by default. - string default_cluster_version = 1; - - // List of valid node upgrade target versions, in descending order. - repeated string valid_node_versions = 3; - - // Default image type. - string default_image_type = 4; - - // List of valid image types. - repeated string valid_image_types = 5; - - // List of valid master versions, in descending order. - repeated string valid_master_versions = 6; - - // List of release channel configurations. - repeated ReleaseChannelConfig channels = 9; -} - -// CreateNodePoolRequest creates a node pool for a cluster. -message CreateNodePoolRequest { - // Deprecated. The Google Developers Console [project ID or project - // number](https://developers.google.com/console/help/new/#projectnumber). - // This field has been deprecated and replaced by the parent field. - string project_id = 1 [deprecated = true]; - - // Deprecated. The name of the Google Compute Engine - // [zone](https://cloud.google.com/compute/docs/zones#available) in which the - // cluster resides. This field has been deprecated and replaced by the parent - // field. - string zone = 2 [deprecated = true]; - - // Deprecated. The name of the cluster. - // This field has been deprecated and replaced by the parent field. - string cluster_id = 3 [deprecated = true]; - - // Required. The node pool to create. - NodePool node_pool = 4 [(google.api.field_behavior) = REQUIRED]; - - // The parent (project, location, cluster id) where the node pool will be - // created. Specified in the format - // `projects/*/locations/*/clusters/*`. - string parent = 6; -} - -// DeleteNodePoolRequest deletes a node pool for a cluster. -message DeleteNodePoolRequest { - // Deprecated. The Google Developers Console [project ID or project - // number](https://developers.google.com/console/help/new/#projectnumber). - // This field has been deprecated and replaced by the name field. - string project_id = 1 [deprecated = true]; - - // Deprecated. The name of the Google Compute Engine - // [zone](https://cloud.google.com/compute/docs/zones#available) in which the - // cluster resides. This field has been deprecated and replaced by the name - // field. - string zone = 2 [deprecated = true]; - - // Deprecated. The name of the cluster. - // This field has been deprecated and replaced by the name field. - string cluster_id = 3 [deprecated = true]; - - // Deprecated. The name of the node pool to delete. - // This field has been deprecated and replaced by the name field. - string node_pool_id = 4 [deprecated = true]; - - // The name (project, location, cluster, node pool id) of the node pool to - // delete. Specified in the format - // `projects/*/locations/*/clusters/*/nodePools/*`. - string name = 6; -} - -// ListNodePoolsRequest lists the node pool(s) for a cluster. -message ListNodePoolsRequest { - // Deprecated. The Google Developers Console [project ID or project - // number](https://developers.google.com/console/help/new/#projectnumber). - // This field has been deprecated and replaced by the parent field. - string project_id = 1 [deprecated = true]; - - // Deprecated. The name of the Google Compute Engine - // [zone](https://cloud.google.com/compute/docs/zones#available) in which the - // cluster resides. This field has been deprecated and replaced by the parent - // field. - string zone = 2 [deprecated = true]; - - // Deprecated. The name of the cluster. - // This field has been deprecated and replaced by the parent field. - string cluster_id = 3 [deprecated = true]; - - // The parent (project, location, cluster id) where the node pools will be - // listed. Specified in the format `projects/*/locations/*/clusters/*`. - string parent = 5; -} - -// GetNodePoolRequest retrieves a node pool for a cluster. -message GetNodePoolRequest { - // Deprecated. The Google Developers Console [project ID or project - // number](https://developers.google.com/console/help/new/#projectnumber). - // This field has been deprecated and replaced by the name field. - string project_id = 1 [deprecated = true]; - - // Deprecated. The name of the Google Compute Engine - // [zone](https://cloud.google.com/compute/docs/zones#available) in which the - // cluster resides. This field has been deprecated and replaced by the name - // field. - string zone = 2 [deprecated = true]; - - // Deprecated. The name of the cluster. - // This field has been deprecated and replaced by the name field. - string cluster_id = 3 [deprecated = true]; - - // Deprecated. The name of the node pool. - // This field has been deprecated and replaced by the name field. - string node_pool_id = 4 [deprecated = true]; - - // The name (project, location, cluster, node pool id) of the node pool to - // get. Specified in the format - // `projects/*/locations/*/clusters/*/nodePools/*`. - string name = 6; -} - -// NodePool contains the name and configuration for a cluster's node pool. -// Node pools are a set of nodes (i.e. VM's), with a common configuration and -// specification, under the control of the cluster master. They may have a set -// of Kubernetes labels applied to them, which may be used to reference them -// during pod scheduling. They may also be resized up or down, to accommodate -// the workload. -message NodePool { - // These upgrade settings control the level of parallelism and the level of - // disruption caused by an upgrade. - // - // maxUnavailable controls the number of nodes that can be simultaneously - // unavailable. - // - // maxSurge controls the number of additional nodes that can be added to the - // node pool temporarily for the time of the upgrade to increase the number of - // available nodes. - // - // (maxUnavailable + maxSurge) determines the level of parallelism (how many - // nodes are being upgraded at the same time). - // - // Note: upgrades inevitably introduce some disruption since workloads need to - // be moved from old nodes to new, upgraded ones. Even if maxUnavailable=0, - // this holds true. (Disruption stays within the limits of - // PodDisruptionBudget, if it is configured.) - // - // Consider a hypothetical node pool with 5 nodes having maxSurge=2, - // maxUnavailable=1. This means the upgrade process upgrades 3 nodes - // simultaneously. It creates 2 additional (upgraded) nodes, then it brings - // down 3 old (not yet upgraded) nodes at the same time. This ensures that - // there are always at least 4 nodes available. - message UpgradeSettings { - // The maximum number of nodes that can be created beyond the current size - // of the node pool during the upgrade process. - int32 max_surge = 1; - - // The maximum number of nodes that can be simultaneously unavailable during - // the upgrade process. A node is considered available if its status is - // Ready. - int32 max_unavailable = 2; - } - - // The current status of the node pool instance. - enum Status { - // Not set. - STATUS_UNSPECIFIED = 0; - - // The PROVISIONING state indicates the node pool is being created. - PROVISIONING = 1; - - // The RUNNING state indicates the node pool has been created - // and is fully usable. - RUNNING = 2; - - // The RUNNING_WITH_ERROR state indicates the node pool has been created - // and is partially usable. Some error state has occurred and some - // functionality may be impaired. Customer may need to reissue a request - // or trigger a new update. - RUNNING_WITH_ERROR = 3; - - // The RECONCILING state indicates that some work is actively being done on - // the node pool, such as upgrading node software. Details can - // be found in the `statusMessage` field. - RECONCILING = 4; - - // The STOPPING state indicates the node pool is being deleted. - STOPPING = 5; - - // The ERROR state indicates the node pool may be unusable. Details - // can be found in the `statusMessage` field. - ERROR = 6; - } - - // The name of the node pool. - string name = 1; - - // The node configuration of the pool. - NodeConfig config = 2; - - // The initial node count for the pool. You must ensure that your - // Compute Engine [resource quota](https://cloud.google.com/compute/quotas) - // is sufficient for this number of instances. You must also have available - // firewall and routes quota. - int32 initial_node_count = 3; - - // The list of Google Compute Engine - // [zones](https://cloud.google.com/compute/docs/zones#available) in which the - // NodePool's nodes should be located. - // - // If this value is unspecified during node pool creation, the - // [Cluster.Locations](https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1/projects.locations.clusters#Cluster.FIELDS.locations) - // value will be used, instead. - // - // Warning: changing node pool locations will result in nodes being added - // and/or removed. - repeated string locations = 13; - - // [Output only] Server-defined URL for the resource. - string self_link = 100; - - // The version of the Kubernetes of this node. - string version = 101; - - // [Output only] The resource URLs of the [managed instance - // groups](https://cloud.google.com/compute/docs/instance-groups/creating-groups-of-managed-instances) - // associated with this node pool. - repeated string instance_group_urls = 102; - - // [Output only] The status of the nodes in this pool instance. - Status status = 103; - - // [Output only] Deprecated. Use conditions instead. - // Additional information about the current status of this - // node pool instance, if available. - string status_message = 104 [deprecated = true]; - - // Autoscaler configuration for this NodePool. Autoscaler is enabled - // only if a valid configuration is present. - NodePoolAutoscaling autoscaling = 4; - - // NodeManagement configuration for this NodePool. - NodeManagement management = 5; - - // The constraint on the maximum number of pods that can be run - // simultaneously on a node in the node pool. - MaxPodsConstraint max_pods_constraint = 6; - - // Which conditions caused the current node pool state. - repeated StatusCondition conditions = 105; - - // [Output only] The pod CIDR block size per node in this node pool. - int32 pod_ipv4_cidr_size = 7; - - // Upgrade settings control disruption and speed of the upgrade. - UpgradeSettings upgrade_settings = 107; -} - -// NodeManagement defines the set of node management services turned on for the -// node pool. -message NodeManagement { - // A flag that specifies whether node auto-upgrade is enabled for the node - // pool. If enabled, node auto-upgrade helps keep the nodes in your node pool - // up to date with the latest release version of Kubernetes. - bool auto_upgrade = 1; - - // A flag that specifies whether the node auto-repair is enabled for the node - // pool. If enabled, the nodes in this node pool will be monitored and, if - // they fail health checks too many times, an automatic repair action will be - // triggered. - bool auto_repair = 2; - - // Specifies the Auto Upgrade knobs for the node pool. - AutoUpgradeOptions upgrade_options = 10; -} - -// AutoUpgradeOptions defines the set of options for the user to control how -// the Auto Upgrades will proceed. -message AutoUpgradeOptions { - // [Output only] This field is set when upgrades are about to commence - // with the approximate start time for the upgrades, in - // [RFC3339](https://www.ietf.org/rfc/rfc3339.txt) text format. - string auto_upgrade_start_time = 1; - - // [Output only] This field is set when upgrades are about to commence - // with the description of the upgrade. - string description = 2; -} - -// MaintenancePolicy defines the maintenance policy to be used for the cluster. -message MaintenancePolicy { - // Specifies the maintenance window in which maintenance may be performed. - MaintenanceWindow window = 1; - - // A hash identifying the version of this policy, so that updates to fields of - // the policy won't accidentally undo intermediate changes (and so that users - // of the API unaware of some fields won't accidentally remove other fields). - // Make a `get()` request to the cluster to get the current - // resource version and include it with requests to set the policy. - string resource_version = 3; -} - -// MaintenanceWindow defines the maintenance window to be used for the cluster. -message MaintenanceWindow { - oneof policy { - // DailyMaintenanceWindow specifies a daily maintenance operation window. - DailyMaintenanceWindow daily_maintenance_window = 2; - - // RecurringWindow specifies some number of recurring time periods for - // maintenance to occur. The time windows may be overlapping. If no - // maintenance windows are set, maintenance can occur at any time. - RecurringTimeWindow recurring_window = 3; - } - - // Exceptions to maintenance window. Non-emergency maintenance should not - // occur in these windows. - map maintenance_exclusions = 4; -} - -// Represents an arbitrary window of time. -message TimeWindow { - // The time that the window first starts. - google.protobuf.Timestamp start_time = 1; - - // The time that the window ends. The end time should take place after the - // start time. - google.protobuf.Timestamp end_time = 2; -} - -// Represents an arbitrary window of time that recurs. -message RecurringTimeWindow { - // The window of the first recurrence. - TimeWindow window = 1; - - // An RRULE (https://tools.ietf.org/html/rfc5545#section-3.8.5.3) for how - // this window reccurs. They go on for the span of time between the start and - // end time. - // - // For example, to have something repeat every weekday, you'd use: - // `FREQ=WEEKLY;BYDAY=MO,TU,WE,TH,FR` - // - // To repeat some window daily (equivalent to the DailyMaintenanceWindow): - // `FREQ=DAILY` - // - // For the first weekend of every month: - // `FREQ=MONTHLY;BYSETPOS=1;BYDAY=SA,SU` - // - // This specifies how frequently the window starts. Eg, if you wanted to have - // a 9-5 UTC-4 window every weekday, you'd use something like: - // ``` - // start time = 2019-01-01T09:00:00-0400 - // end time = 2019-01-01T17:00:00-0400 - // recurrence = FREQ=WEEKLY;BYDAY=MO,TU,WE,TH,FR - // ``` - // - // Windows can span multiple days. Eg, to make the window encompass every - // weekend from midnight Saturday till the last minute of Sunday UTC: - // ``` - // start time = 2019-01-05T00:00:00Z - // end time = 2019-01-07T23:59:00Z - // recurrence = FREQ=WEEKLY;BYDAY=SA - // ``` - // - // Note the start and end time's specific dates are largely arbitrary except - // to specify duration of the window and when it first starts. - // The FREQ values of HOURLY, MINUTELY, and SECONDLY are not supported. - string recurrence = 2; -} - -// Time window specified for daily maintenance operations. -message DailyMaintenanceWindow { - // Time within the maintenance window to start the maintenance operations. - // Time format should be in [RFC3339](https://www.ietf.org/rfc/rfc3339.txt) - // format "HH:MM", where HH : [00-23] and MM : [00-59] GMT. - string start_time = 2; - - // [Output only] Duration of the time window, automatically chosen to be - // smallest possible in the given scenario. - // Duration will be in [RFC3339](https://www.ietf.org/rfc/rfc3339.txt) - // format "PTnHnMnS". - string duration = 3; -} - -// SetNodePoolManagementRequest sets the node management properties of a node -// pool. -message SetNodePoolManagementRequest { - // Deprecated. The Google Developers Console [project ID or project - // number](https://support.google.com/cloud/answer/6158840). - // This field has been deprecated and replaced by the name field. - string project_id = 1 [deprecated = true]; - - // Deprecated. The name of the Google Compute Engine - // [zone](https://cloud.google.com/compute/docs/zones#available) in which the - // cluster resides. This field has been deprecated and replaced by the name - // field. - string zone = 2 [deprecated = true]; - - // Deprecated. The name of the cluster to update. - // This field has been deprecated and replaced by the name field. - string cluster_id = 3 [deprecated = true]; - - // Deprecated. The name of the node pool to update. - // This field has been deprecated and replaced by the name field. - string node_pool_id = 4 [deprecated = true]; - - // Required. NodeManagement configuration for the node pool. - NodeManagement management = 5 [(google.api.field_behavior) = REQUIRED]; - - // The name (project, location, cluster, node pool id) of the node pool to set - // management properties. Specified in the format - // `projects/*/locations/*/clusters/*/nodePools/*`. - string name = 7; -} - -// SetNodePoolSizeRequest sets the size a node -// pool. -message SetNodePoolSizeRequest { - // Deprecated. The Google Developers Console [project ID or project - // number](https://support.google.com/cloud/answer/6158840). - // This field has been deprecated and replaced by the name field. - string project_id = 1 [deprecated = true]; - - // Deprecated. The name of the Google Compute Engine - // [zone](https://cloud.google.com/compute/docs/zones#available) in which the - // cluster resides. This field has been deprecated and replaced by the name - // field. - string zone = 2 [deprecated = true]; - - // Deprecated. The name of the cluster to update. - // This field has been deprecated and replaced by the name field. - string cluster_id = 3 [deprecated = true]; - - // Deprecated. The name of the node pool to update. - // This field has been deprecated and replaced by the name field. - string node_pool_id = 4 [deprecated = true]; - - // Required. The desired node count for the pool. - int32 node_count = 5 [(google.api.field_behavior) = REQUIRED]; - - // The name (project, location, cluster, node pool id) of the node pool to set - // size. - // Specified in the format `projects/*/locations/*/clusters/*/nodePools/*`. - string name = 7; -} - -// RollbackNodePoolUpgradeRequest rollbacks the previously Aborted or Failed -// NodePool upgrade. This will be an no-op if the last upgrade successfully -// completed. -message RollbackNodePoolUpgradeRequest { - // Deprecated. The Google Developers Console [project ID or project - // number](https://support.google.com/cloud/answer/6158840). - // This field has been deprecated and replaced by the name field. - string project_id = 1 [deprecated = true]; - - // Deprecated. The name of the Google Compute Engine - // [zone](https://cloud.google.com/compute/docs/zones#available) in which the - // cluster resides. This field has been deprecated and replaced by the name - // field. - string zone = 2 [deprecated = true]; - - // Deprecated. The name of the cluster to rollback. - // This field has been deprecated and replaced by the name field. - string cluster_id = 3 [deprecated = true]; - - // Deprecated. The name of the node pool to rollback. - // This field has been deprecated and replaced by the name field. - string node_pool_id = 4 [deprecated = true]; - - // The name (project, location, cluster, node pool id) of the node poll to - // rollback upgrade. - // Specified in the format `projects/*/locations/*/clusters/*/nodePools/*`. - string name = 6; -} - -// ListNodePoolsResponse is the result of ListNodePoolsRequest. -message ListNodePoolsResponse { - // A list of node pools for a cluster. - repeated NodePool node_pools = 1; -} - -// ClusterAutoscaling contains global, per-cluster information -// required by Cluster Autoscaler to automatically adjust -// the size of the cluster and create/delete -// node pools based on the current needs. -message ClusterAutoscaling { - // Enables automatic node pool creation and deletion. - bool enable_node_autoprovisioning = 1; - - // Contains global constraints regarding minimum and maximum - // amount of resources in the cluster. - repeated ResourceLimit resource_limits = 2; - - // AutoprovisioningNodePoolDefaults contains defaults for a node pool - // created by NAP. - AutoprovisioningNodePoolDefaults autoprovisioning_node_pool_defaults = 4; - - // The list of Google Compute Engine - // [zones](https://cloud.google.com/compute/docs/zones#available) in which the - // NodePool's nodes can be created by NAP. - repeated string autoprovisioning_locations = 5; -} - -// AutoprovisioningNodePoolDefaults contains defaults for a node pool created -// by NAP. -message AutoprovisioningNodePoolDefaults { - // Scopes that are used by NAP when creating node pools. - repeated string oauth_scopes = 1; - - // The Google Cloud Platform Service Account to be used by the node VMs. - string service_account = 2; - - // Specifies the upgrade settings for NAP created node pools - NodePool.UpgradeSettings upgrade_settings = 3; - - // Specifies the node management options for NAP created node-pools. - NodeManagement management = 4; - - // Minimum CPU platform to be used for NAP created node pools. - // The instance may be scheduled on the specified or newer CPU platform. - // Applicable values are the friendly names of CPU platforms, such as - // minCpuPlatform: Intel Haswell or - // minCpuPlatform: Intel Sandy Bridge. For more - // information, read [how to specify min CPU - // platform](https://cloud.google.com/compute/docs/instances/specify-min-cpu-platform) - // To unset the min cpu platform field pass "automatic" - // as field value. - string min_cpu_platform = 5; - - // Size of the disk attached to each node, specified in GB. - // The smallest allowed disk size is 10GB. - // - // If unspecified, the default disk size is 100GB. - int32 disk_size_gb = 6; - - // Type of the disk attached to each node (e.g. 'pd-standard', 'pd-ssd' or - // 'pd-balanced') - // - // If unspecified, the default disk type is 'pd-standard' - string disk_type = 7; - - // Shielded Instance options. - ShieldedInstanceConfig shielded_instance_config = 8; - - // The Customer Managed Encryption Key used to encrypt the boot disk attached - // to each node in the node pool. This should be of the form - // projects/[KEY_PROJECT_ID]/locations/[LOCATION]/keyRings/[RING_NAME]/cryptoKeys/[KEY_NAME]. - // For more information about protecting resources with Cloud KMS Keys please - // see: - // https://cloud.google.com/compute/docs/disks/customer-managed-encryption - string boot_disk_kms_key = 9; -} - -// Contains information about amount of some resource in the cluster. -// For memory, value should be in GB. -message ResourceLimit { - // Resource name "cpu", "memory" or gpu-specific string. - string resource_type = 1; - - // Minimum amount of the resource in the cluster. - int64 minimum = 2; - - // Maximum amount of the resource in the cluster. - int64 maximum = 3; -} - -// NodePoolAutoscaling contains information required by cluster autoscaler to -// adjust the size of the node pool to the current cluster usage. -message NodePoolAutoscaling { - // Is autoscaling enabled for this node pool. - bool enabled = 1; - - // Minimum number of nodes in the NodePool. Must be >= 1 and <= - // max_node_count. - int32 min_node_count = 2; - - // Maximum number of nodes in the NodePool. Must be >= min_node_count. There - // has to enough quota to scale up the cluster. - int32 max_node_count = 3; - - // Can this node pool be deleted automatically. - bool autoprovisioned = 4; -} - -// SetLabelsRequest sets the Google Cloud Platform labels on a Google Container -// Engine cluster, which will in turn set them for Google Compute Engine -// resources used by that cluster -message SetLabelsRequest { - // Deprecated. The Google Developers Console [project ID or project - // number](https://developers.google.com/console/help/new/#projectnumber). - // This field has been deprecated and replaced by the name field. - string project_id = 1 [deprecated = true]; - - // Deprecated. The name of the Google Compute Engine - // [zone](https://cloud.google.com/compute/docs/zones#available) in which the - // cluster resides. This field has been deprecated and replaced by the name - // field. - string zone = 2 [deprecated = true]; - - // Deprecated. The name of the cluster. - // This field has been deprecated and replaced by the name field. - string cluster_id = 3 [deprecated = true]; - - // Required. The labels to set for that cluster. - map resource_labels = 4 [(google.api.field_behavior) = REQUIRED]; - - // Required. The fingerprint of the previous set of labels for this resource, - // used to detect conflicts. The fingerprint is initially generated by - // Kubernetes Engine and changes after every request to modify or update - // labels. You must always provide an up-to-date fingerprint hash when - // updating or changing labels. Make a `get()` request to the - // resource to get the latest fingerprint. - string label_fingerprint = 5 [(google.api.field_behavior) = REQUIRED]; - - // The name (project, location, cluster id) of the cluster to set labels. - // Specified in the format `projects/*/locations/*/clusters/*`. - string name = 7; -} - -// SetLegacyAbacRequest enables or disables the ABAC authorization mechanism for -// a cluster. -message SetLegacyAbacRequest { - // Deprecated. The Google Developers Console [project ID or project - // number](https://support.google.com/cloud/answer/6158840). - // This field has been deprecated and replaced by the name field. - string project_id = 1 [deprecated = true]; - - // Deprecated. The name of the Google Compute Engine - // [zone](https://cloud.google.com/compute/docs/zones#available) in which the - // cluster resides. This field has been deprecated and replaced by the name - // field. - string zone = 2 [deprecated = true]; - - // Deprecated. The name of the cluster to update. - // This field has been deprecated and replaced by the name field. - string cluster_id = 3 [deprecated = true]; - - // Required. Whether ABAC authorization will be enabled in the cluster. - bool enabled = 4 [(google.api.field_behavior) = REQUIRED]; - - // The name (project, location, cluster id) of the cluster to set legacy abac. - // Specified in the format `projects/*/locations/*/clusters/*`. - string name = 6; -} - -// StartIPRotationRequest creates a new IP for the cluster and then performs -// a node upgrade on each node pool to point to the new IP. -message StartIPRotationRequest { - // Deprecated. The Google Developers Console [project ID or project - // number](https://developers.google.com/console/help/new/#projectnumber). - // This field has been deprecated and replaced by the name field. - string project_id = 1 [deprecated = true]; - - // Deprecated. The name of the Google Compute Engine - // [zone](https://cloud.google.com/compute/docs/zones#available) in which the - // cluster resides. This field has been deprecated and replaced by the name - // field. - string zone = 2 [deprecated = true]; - - // Deprecated. The name of the cluster. - // This field has been deprecated and replaced by the name field. - string cluster_id = 3 [deprecated = true]; - - // The name (project, location, cluster id) of the cluster to start IP - // rotation. Specified in the format `projects/*/locations/*/clusters/*`. - string name = 6; - - // Whether to rotate credentials during IP rotation. - bool rotate_credentials = 7; -} - -// CompleteIPRotationRequest moves the cluster master back into single-IP mode. -message CompleteIPRotationRequest { - // Deprecated. The Google Developers Console [project ID or project - // number](https://developers.google.com/console/help/new/#projectnumber). - // This field has been deprecated and replaced by the name field. - string project_id = 1 [deprecated = true]; - - // Deprecated. The name of the Google Compute Engine - // [zone](https://cloud.google.com/compute/docs/zones#available) in which the - // cluster resides. This field has been deprecated and replaced by the name - // field. - string zone = 2 [deprecated = true]; - - // Deprecated. The name of the cluster. - // This field has been deprecated and replaced by the name field. - string cluster_id = 3 [deprecated = true]; - - // The name (project, location, cluster id) of the cluster to complete IP - // rotation. Specified in the format `projects/*/locations/*/clusters/*`. - string name = 7; -} - -// AcceleratorConfig represents a Hardware Accelerator request. -message AcceleratorConfig { - // The number of the accelerator cards exposed to an instance. - int64 accelerator_count = 1; - - // The accelerator type resource name. List of supported accelerators - // [here](https://cloud.google.com/compute/docs/gpus) - string accelerator_type = 2; -} - -// WorkloadMetadataConfig defines the metadata configuration to expose to -// workloads on the node pool. -message WorkloadMetadataConfig { - // Mode is the configuration for how to expose metadata to workloads running - // on the node. - enum Mode { - // Not set. - MODE_UNSPECIFIED = 0; - - // Expose all Compute Engine metadata to pods. - GCE_METADATA = 1; - - // Run the GKE Metadata Server on this node. The GKE Metadata Server exposes - // a metadata API to workloads that is compatible with the V1 Compute - // Metadata APIs exposed by the Compute Engine and App Engine Metadata - // Servers. This feature can only be enabled if Workload Identity is enabled - // at the cluster level. - GKE_METADATA = 2; - } - - // Mode is the configuration for how to expose metadata to workloads running - // on the node pool. - Mode mode = 2; -} - -// SetNetworkPolicyRequest enables/disables network policy for a cluster. -message SetNetworkPolicyRequest { - // Deprecated. The Google Developers Console [project ID or project - // number](https://developers.google.com/console/help/new/#projectnumber). - // This field has been deprecated and replaced by the name field. - string project_id = 1 [deprecated = true]; - - // Deprecated. The name of the Google Compute Engine - // [zone](https://cloud.google.com/compute/docs/zones#available) in which the - // cluster resides. This field has been deprecated and replaced by the name - // field. - string zone = 2 [deprecated = true]; - - // Deprecated. The name of the cluster. - // This field has been deprecated and replaced by the name field. - string cluster_id = 3 [deprecated = true]; - - // Required. Configuration options for the NetworkPolicy feature. - NetworkPolicy network_policy = 4 [(google.api.field_behavior) = REQUIRED]; - - // The name (project, location, cluster id) of the cluster to set networking - // policy. Specified in the format `projects/*/locations/*/clusters/*`. - string name = 6; -} - -// SetMaintenancePolicyRequest sets the maintenance policy for a cluster. -message SetMaintenancePolicyRequest { - // Required. The Google Developers Console [project ID or project - // number](https://support.google.com/cloud/answer/6158840). - string project_id = 1 [(google.api.field_behavior) = REQUIRED]; - - // Required. The name of the Google Compute Engine - // [zone](https://cloud.google.com/compute/docs/zones#available) in which the - // cluster resides. - string zone = 2 [(google.api.field_behavior) = REQUIRED]; - - // Required. The name of the cluster to update. - string cluster_id = 3 [(google.api.field_behavior) = REQUIRED]; - - // Required. The maintenance policy to be set for the cluster. An empty field - // clears the existing maintenance policy. - MaintenancePolicy maintenance_policy = 4 [(google.api.field_behavior) = REQUIRED]; - - // The name (project, location, cluster id) of the cluster to set maintenance - // policy. - // Specified in the format `projects/*/locations/*/clusters/*`. - string name = 5; -} - -// StatusCondition describes why a cluster or a node pool has a certain status -// (e.g., ERROR or DEGRADED). -message StatusCondition { - // Code for each condition - enum Code { - // UNKNOWN indicates a generic condition. - UNKNOWN = 0; - - // GCE_STOCKOUT indicates that Google Compute Engine resources are - // temporarily unavailable. - GCE_STOCKOUT = 1; - - // GKE_SERVICE_ACCOUNT_DELETED indicates that the user deleted their robot - // service account. - GKE_SERVICE_ACCOUNT_DELETED = 2; - - // Google Compute Engine quota was exceeded. - GCE_QUOTA_EXCEEDED = 3; - - // Cluster state was manually changed by an SRE due to a system logic error. - SET_BY_OPERATOR = 4; - - // Unable to perform an encrypt operation against the CloudKMS key used for - // etcd level encryption. - // More codes TBA - CLOUD_KMS_KEY_ERROR = 7; - } - - // Machine-friendly representation of the condition - Code code = 1; - - // Human-friendly representation of the condition - string message = 2; -} - -// NetworkConfig reports the relative names of network & subnetwork. -message NetworkConfig { - // Output only. The relative name of the Google Compute Engine - // [network][google.container.v1.NetworkConfig.network](https://cloud.google.com/compute/docs/networks-and-firewalls#networks) - // to which the cluster is connected. Example: - // projects/my-project/global/networks/my-network - string network = 1; - - // Output only. The relative name of the Google Compute Engine - // [subnetwork](https://cloud.google.com/compute/docs/vpc) to which the - // cluster is connected. Example: - // projects/my-project/regions/us-central1/subnetworks/my-subnet - string subnetwork = 2; - - // Whether Intra-node visibility is enabled for this cluster. - // This makes same node pod to pod traffic visible for VPC network. - bool enable_intra_node_visibility = 5; - - // Whether the cluster disables default in-node sNAT rules. In-node sNAT rules - // will be disabled when default_snat_status is disabled. When disabled is set - // to false, default IP masquerade rules will be applied to the nodes to - // prevent sNAT on cluster internal traffic. - DefaultSnatStatus default_snat_status = 7; -} - -// GetOpenIDConfigRequest gets the OIDC discovery document for the -// cluster. See the OpenID Connect Discovery 1.0 specification for details. -message GetOpenIDConfigRequest { - // The cluster (project, location, cluster id) to get the discovery document - // for. Specified in the format `projects/*/locations/*/clusters/*`. - string parent = 1; -} - -// GetOpenIDConfigResponse is an OIDC discovery document for the cluster. -// See the OpenID Connect Discovery 1.0 specification for details. -message GetOpenIDConfigResponse { - // OIDC Issuer. - string issuer = 1; - - // JSON Web Key uri. - string jwks_uri = 2; - - // Supported response types. - repeated string response_types_supported = 3; - - // Supported subject types. - repeated string subject_types_supported = 4; - - // supported ID Token signing Algorithms. - repeated string id_token_signing_alg_values_supported = 5; - - // Supported claims. - repeated string claims_supported = 6; - - // Supported grant types. - repeated string grant_types = 7; -} - -// GetJSONWebKeysRequest gets the public component of the keys used by the -// cluster to sign token requests. This will be the jwks_uri for the discover -// document returned by getOpenIDConfig. See the OpenID Connect -// Discovery 1.0 specification for details. -message GetJSONWebKeysRequest { - // The cluster (project, location, cluster id) to get keys for. Specified in - // the format `projects/*/locations/*/clusters/*`. - string parent = 1; -} - -// Jwk is a JSON Web Key as specified in RFC 7517 -message Jwk { - // Key Type. - string kty = 1; - - // Algorithm. - string alg = 2; - - // Permitted uses for the public keys. - string use = 3; - - // Key ID. - string kid = 4; - - // Used for RSA keys. - string n = 5; - - // Used for RSA keys. - string e = 6; - - // Used for ECDSA keys. - string x = 7; - - // Used for ECDSA keys. - string y = 8; - - // Used for ECDSA keys. - string crv = 9; -} - -// GetJSONWebKeysResponse is a valid JSON Web Key Set as specififed in rfc 7517 -message GetJSONWebKeysResponse { - // The public component of the keys used by the cluster to sign token - // requests. - repeated Jwk keys = 1; -} - -// ReleaseChannel indicates which release channel a cluster is -// subscribed to. Release channels are arranged in order of risk. -// -// When a cluster is subscribed to a release channel, Google maintains -// both the master version and the node version. Node auto-upgrade -// defaults to true and cannot be disabled. -message ReleaseChannel { - // Possible values for 'channel'. - enum Channel { - // No channel specified. - UNSPECIFIED = 0; - - // RAPID channel is offered on an early access basis for customers who want - // to test new releases. - // - // WARNING: Versions available in the RAPID Channel may be subject to - // unresolved issues with no known workaround and are not subject to any - // SLAs. - RAPID = 1; - - // Clusters subscribed to REGULAR receive versions that are considered GA - // quality. REGULAR is intended for production users who want to take - // advantage of new features. - REGULAR = 2; - - // Clusters subscribed to STABLE receive versions that are known to be - // stable and reliable in production. - STABLE = 3; - } - - // channel specifies which release channel the cluster is subscribed to. - Channel channel = 1; -} - -// IntraNodeVisibilityConfig contains the desired config of the intra-node -// visibility on this cluster. -message IntraNodeVisibilityConfig { - // Enables intra node visibility for this cluster. - bool enabled = 1; -} - -// Constraints applied to pods. -message MaxPodsConstraint { - // Constraint enforced on the max num of pods per node. - int64 max_pods_per_node = 1; -} - -// Configuration for the use of Kubernetes Service Accounts in GCP IAM -// policies. -message WorkloadIdentityConfig { - // The workload pool to attach all Kubernetes service accounts to. - string workload_pool = 2; -} - -// Configuration of etcd encryption. -message DatabaseEncryption { - // State of etcd encryption. - enum State { - // Should never be set - UNKNOWN = 0; - - // Secrets in etcd are encrypted. - ENCRYPTED = 1; - - // Secrets in etcd are stored in plain text (at etcd level) - this is - // unrelated to Compute Engine level full disk encryption. - DECRYPTED = 2; - } - - // Denotes the state of etcd encryption. - State state = 2; - - // Name of CloudKMS key to use for the encryption of secrets in etcd. - // Ex. projects/my-project/locations/global/keyRings/my-ring/cryptoKeys/my-key - string key_name = 1; -} - -// ListUsableSubnetworksRequest requests the list of usable subnetworks -// available to a user for creating clusters. -message ListUsableSubnetworksRequest { - // The parent project where subnetworks are usable. - // Specified in the format `projects/*`. - string parent = 1; - - // Filtering currently only supports equality on the networkProjectId and must - // be in the form: "networkProjectId=[PROJECTID]", where `networkProjectId` - // is the project which owns the listed subnetworks. This defaults to the - // parent project ID. - string filter = 2; - - // The max number of results per page that should be returned. If the number - // of available results is larger than `page_size`, a `next_page_token` is - // returned which can be used to get the next page of results in subsequent - // requests. Acceptable values are 0 to 500, inclusive. (Default: 500) - int32 page_size = 3; - - // Specifies a page token to use. Set this to the nextPageToken returned by - // previous list requests to get the next page of results. - string page_token = 4; -} - -// ListUsableSubnetworksResponse is the response of -// ListUsableSubnetworksRequest. -message ListUsableSubnetworksResponse { - // A list of usable subnetworks in the specified network project. - repeated UsableSubnetwork subnetworks = 1; - - // This token allows you to get the next page of results for list requests. - // If the number of results is larger than `page_size`, use the - // `next_page_token` as a value for the query parameter `page_token` in the - // next request. The value will become empty when there are no more pages. - string next_page_token = 2; -} - -// Secondary IP range of a usable subnetwork. -message UsableSubnetworkSecondaryRange { - // Status shows the current usage of a secondary IP range. - enum Status { - // UNKNOWN is the zero value of the Status enum. It's not a valid status. - UNKNOWN = 0; - - // UNUSED denotes that this range is unclaimed by any cluster. - UNUSED = 1; - - // IN_USE_SERVICE denotes that this range is claimed by a cluster for - // services. It cannot be used for other clusters. - IN_USE_SERVICE = 2; - - // IN_USE_SHAREABLE_POD denotes this range was created by the network admin - // and is currently claimed by a cluster for pods. It can only be used by - // other clusters as a pod range. - IN_USE_SHAREABLE_POD = 3; - - // IN_USE_MANAGED_POD denotes this range was created by GKE and is claimed - // for pods. It cannot be used for other clusters. - IN_USE_MANAGED_POD = 4; - } - - // The name associated with this subnetwork secondary range, used when adding - // an alias IP range to a VM instance. - string range_name = 1; - - // The range of IP addresses belonging to this subnetwork secondary range. - string ip_cidr_range = 2; - - // This field is to determine the status of the secondary range programmably. - Status status = 3; -} - -// UsableSubnetwork resource returns the subnetwork name, its associated network -// and the primary CIDR range. -message UsableSubnetwork { - // Subnetwork Name. - // Example: projects/my-project/regions/us-central1/subnetworks/my-subnet - string subnetwork = 1; - - // Network Name. - // Example: projects/my-project/global/networks/my-network - string network = 2; - - // The range of internal addresses that are owned by this subnetwork. - string ip_cidr_range = 3; - - // Secondary IP ranges. - repeated UsableSubnetworkSecondaryRange secondary_ip_ranges = 4; - - // A human readable status message representing the reasons for cases where - // the caller cannot use the secondary ranges under the subnet. For example if - // the secondary_ip_ranges is empty due to a permission issue, an insufficient - // permission message will be given by status_message. - string status_message = 5; -} - -// Configuration for exporting cluster resource usages. -message ResourceUsageExportConfig { - // Parameters for using BigQuery as the destination of resource usage export. - message BigQueryDestination { - // The ID of a BigQuery Dataset. - string dataset_id = 1; - } - - // Parameters for controlling consumption metering. - message ConsumptionMeteringConfig { - // Whether to enable consumption metering for this cluster. If enabled, a - // second BigQuery table will be created to hold resource consumption - // records. - bool enabled = 1; - } - - // Configuration to use BigQuery as usage export destination. - BigQueryDestination bigquery_destination = 1; - - // Whether to enable network egress metering for this cluster. If enabled, a - // daemonset will be created in the cluster to meter network egress traffic. - bool enable_network_egress_metering = 2; - - // Configuration to enable resource consumption metering. - ConsumptionMeteringConfig consumption_metering_config = 3; -} - -// VerticalPodAutoscaling contains global, per-cluster information -// required by Vertical Pod Autoscaler to automatically adjust -// the resources of pods controlled by it. -message VerticalPodAutoscaling { - // Enables vertical pod autoscaling. - bool enabled = 1; -} - -// DefaultSnatStatus contains the desired state of whether default sNAT should -// be disabled on the cluster. -message DefaultSnatStatus { - // Disables cluster default sNAT rules. - bool disabled = 1; -} - -// Configuration of Shielded Nodes feature. -message ShieldedNodes { - // Whether Shielded Nodes features are enabled on all nodes in this cluster. - bool enabled = 1; -} diff --git a/packages/google-cloud-container/google/cloud/container_v1beta1/proto/__init__.py b/packages/google-cloud-container/google/cloud/container_v1beta1/proto/__init__.py deleted file mode 100644 index e69de29bb2d1..000000000000 diff --git a/packages/google-cloud-container/google/cloud/container_v1beta1/proto/cluster_service.proto b/packages/google-cloud-container/google/cloud/container_v1beta1/proto/cluster_service.proto deleted file mode 100644 index fa4c3ba3bb03..000000000000 --- a/packages/google-cloud-container/google/cloud/container_v1beta1/proto/cluster_service.proto +++ /dev/null @@ -1,4077 +0,0 @@ -// Copyright 2020 Google LLC -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -syntax = "proto3"; - -package google.container.v1beta1; - -import "google/api/annotations.proto"; -import "google/api/client.proto"; -import "google/api/field_behavior.proto"; -import "google/api/resource.proto"; -import "google/protobuf/empty.proto"; -import "google/protobuf/timestamp.proto"; -import "google/protobuf/wrappers.proto"; -import "google/rpc/code.proto"; -import "google/rpc/status.proto"; - -option csharp_namespace = "Google.Cloud.Container.V1Beta1"; -option go_package = "google.golang.org/genproto/googleapis/container/v1beta1;container"; -option java_multiple_files = true; -option java_outer_classname = "ClusterServiceProto"; -option java_package = "com.google.container.v1beta1"; -option php_namespace = "Google\\Cloud\\Container\\V1beta1"; -option ruby_package = "Google::Cloud::Container::V1beta1"; -option (google.api.resource_definition) = { - type: "pubsub.googleapis.com/Topic" - pattern: "projects/{project}/topics/{topic}" -}; - -// Google Kubernetes Engine Cluster Manager v1beta1 -service ClusterManager { - option (google.api.default_host) = "container.googleapis.com"; - option (google.api.oauth_scopes) = "https://www.googleapis.com/auth/cloud-platform"; - - // Lists all clusters owned by a project in either the specified zone or all - // zones. - rpc ListClusters(ListClustersRequest) returns (ListClustersResponse) { - option (google.api.http) = { - get: "/v1beta1/{parent=projects/*/locations/*}/clusters" - additional_bindings { - get: "/v1beta1/projects/{project_id}/zones/{zone}/clusters" - } - }; - option (google.api.method_signature) = "project_id,zone"; - } - - // Gets the details for a specific cluster. - rpc GetCluster(GetClusterRequest) returns (Cluster) { - option (google.api.http) = { - get: "/v1beta1/{name=projects/*/locations/*/clusters/*}" - additional_bindings { - get: "/v1beta1/projects/{project_id}/zones/{zone}/clusters/{cluster_id}" - } - }; - option (google.api.method_signature) = "project_id,zone,cluster_id"; - } - - // Creates a cluster, consisting of the specified number and type of Google - // Compute Engine instances. - // - // By default, the cluster is created in the project's - // [default - // network](https://cloud.google.com/compute/docs/networks-and-firewalls#networks). - // - // One firewall is added for the cluster. After cluster creation, - // the Kubelet creates routes for each node to allow the containers - // on that node to communicate with all other instances in the - // cluster. - // - // Finally, an entry is added to the project's global metadata indicating - // which CIDR range the cluster is using. - rpc CreateCluster(CreateClusterRequest) returns (Operation) { - option (google.api.http) = { - post: "/v1beta1/{parent=projects/*/locations/*}/clusters" - body: "*" - additional_bindings { - post: "/v1beta1/projects/{project_id}/zones/{zone}/clusters" - body: "*" - } - }; - option (google.api.method_signature) = "project_id,zone,cluster"; - } - - // Updates the settings for a specific cluster. - rpc UpdateCluster(UpdateClusterRequest) returns (Operation) { - option (google.api.http) = { - put: "/v1beta1/{name=projects/*/locations/*/clusters/*}" - body: "*" - additional_bindings { - put: "/v1beta1/projects/{project_id}/zones/{zone}/clusters/{cluster_id}" - body: "*" - } - }; - option (google.api.method_signature) = "project_id,zone,cluster_id,update"; - } - - // Updates the version and/or image type of a specific node pool. - rpc UpdateNodePool(UpdateNodePoolRequest) returns (Operation) { - option (google.api.http) = { - put: "/v1beta1/{name=projects/*/locations/*/clusters/*/nodePools/*}" - body: "*" - additional_bindings { - post: "/v1beta1/projects/{project_id}/zones/{zone}/clusters/{cluster_id}/nodePools/{node_pool_id}/update" - body: "*" - } - }; - } - - // Sets the autoscaling settings of a specific node pool. - rpc SetNodePoolAutoscaling(SetNodePoolAutoscalingRequest) returns (Operation) { - option (google.api.http) = { - post: "/v1beta1/{name=projects/*/locations/*/clusters/*/nodePools/*}:setAutoscaling" - body: "*" - additional_bindings { - post: "/v1beta1/projects/{project_id}/zones/{zone}/clusters/{cluster_id}/nodePools/{node_pool_id}/autoscaling" - body: "*" - } - }; - } - - // Sets the logging service for a specific cluster. - rpc SetLoggingService(SetLoggingServiceRequest) returns (Operation) { - option (google.api.http) = { - post: "/v1beta1/{name=projects/*/locations/*/clusters/*}:setLogging" - body: "*" - additional_bindings { - post: "/v1beta1/projects/{project_id}/zones/{zone}/clusters/{cluster_id}/logging" - body: "*" - } - }; - option (google.api.method_signature) = "project_id,zone,cluster_id,logging_service"; - } - - // Sets the monitoring service for a specific cluster. - rpc SetMonitoringService(SetMonitoringServiceRequest) returns (Operation) { - option (google.api.http) = { - post: "/v1beta1/{name=projects/*/locations/*/clusters/*}:setMonitoring" - body: "*" - additional_bindings { - post: "/v1beta1/projects/{project_id}/zones/{zone}/clusters/{cluster_id}/monitoring" - body: "*" - } - }; - option (google.api.method_signature) = "project_id,zone,cluster_id,monitoring_service"; - } - - // Sets the addons for a specific cluster. - rpc SetAddonsConfig(SetAddonsConfigRequest) returns (Operation) { - option (google.api.http) = { - post: "/v1beta1/{name=projects/*/locations/*/clusters/*}:setAddons" - body: "*" - additional_bindings { - post: "/v1beta1/projects/{project_id}/zones/{zone}/clusters/{cluster_id}/addons" - body: "*" - } - }; - option (google.api.method_signature) = "project_id,zone,cluster_id,addons_config"; - } - - // Sets the locations for a specific cluster. - // Deprecated. Use - // [projects.locations.clusters.update](https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1beta1/projects.locations.clusters/update) - // instead. - rpc SetLocations(SetLocationsRequest) returns (Operation) { - option deprecated = true; - option (google.api.http) = { - post: "/v1beta1/{name=projects/*/locations/*/clusters/*}:setLocations" - body: "*" - additional_bindings { - post: "/v1beta1/projects/{project_id}/zones/{zone}/clusters/{cluster_id}/locations" - body: "*" - } - }; - option (google.api.method_signature) = "project_id,zone,cluster_id,locations"; - } - - // Updates the master for a specific cluster. - rpc UpdateMaster(UpdateMasterRequest) returns (Operation) { - option (google.api.http) = { - post: "/v1beta1/{name=projects/*/locations/*/clusters/*}:updateMaster" - body: "*" - additional_bindings { - post: "/v1beta1/projects/{project_id}/zones/{zone}/clusters/{cluster_id}/master" - body: "*" - } - }; - option (google.api.method_signature) = "project_id,zone,cluster_id,master_version"; - } - - // Sets master auth materials. Currently supports changing the admin password - // or a specific cluster, either via password generation or explicitly setting - // the password. - rpc SetMasterAuth(SetMasterAuthRequest) returns (Operation) { - option (google.api.http) = { - post: "/v1beta1/{name=projects/*/locations/*/clusters/*}:setMasterAuth" - body: "*" - additional_bindings { - post: "/v1beta1/projects/{project_id}/zones/{zone}/clusters/{cluster_id}:setMasterAuth" - body: "*" - } - }; - } - - // Deletes the cluster, including the Kubernetes endpoint and all worker - // nodes. - // - // Firewalls and routes that were configured during cluster creation - // are also deleted. - // - // Other Google Compute Engine resources that might be in use by the cluster, - // such as load balancer resources, are not deleted if they weren't present - // when the cluster was initially created. - rpc DeleteCluster(DeleteClusterRequest) returns (Operation) { - option (google.api.http) = { - delete: "/v1beta1/{name=projects/*/locations/*/clusters/*}" - additional_bindings { - delete: "/v1beta1/projects/{project_id}/zones/{zone}/clusters/{cluster_id}" - } - }; - option (google.api.method_signature) = "project_id,zone,cluster_id"; - } - - // Lists all operations in a project in the specified zone or all zones. - rpc ListOperations(ListOperationsRequest) returns (ListOperationsResponse) { - option (google.api.http) = { - get: "/v1beta1/{parent=projects/*/locations/*}/operations" - additional_bindings { - get: "/v1beta1/projects/{project_id}/zones/{zone}/operations" - } - }; - option (google.api.method_signature) = "project_id,zone"; - } - - // Gets the specified operation. - rpc GetOperation(GetOperationRequest) returns (Operation) { - option (google.api.http) = { - get: "/v1beta1/{name=projects/*/locations/*/operations/*}" - additional_bindings { - get: "/v1beta1/projects/{project_id}/zones/{zone}/operations/{operation_id}" - } - }; - option (google.api.method_signature) = "project_id,zone,operation_id"; - } - - // Cancels the specified operation. - rpc CancelOperation(CancelOperationRequest) returns (google.protobuf.Empty) { - option (google.api.http) = { - post: "/v1beta1/{name=projects/*/locations/*/operations/*}:cancel" - body: "*" - additional_bindings { - post: "/v1beta1/projects/{project_id}/zones/{zone}/operations/{operation_id}:cancel" - body: "*" - } - }; - option (google.api.method_signature) = "project_id,zone,operation_id"; - } - - // Returns configuration info about the Google Kubernetes Engine service. - rpc GetServerConfig(GetServerConfigRequest) returns (ServerConfig) { - option (google.api.http) = { - get: "/v1beta1/{name=projects/*/locations/*}/serverConfig" - additional_bindings { - get: "/v1beta1/projects/{project_id}/zones/{zone}/serverconfig" - } - }; - option (google.api.method_signature) = "project_id,zone"; - } - - // Lists the node pools for a cluster. - rpc ListNodePools(ListNodePoolsRequest) returns (ListNodePoolsResponse) { - option (google.api.http) = { - get: "/v1beta1/{parent=projects/*/locations/*/clusters/*}/nodePools" - additional_bindings { - get: "/v1beta1/projects/{project_id}/zones/{zone}/clusters/{cluster_id}/nodePools" - } - }; - option (google.api.method_signature) = "project_id,zone,cluster_id"; - } - - // Gets the public component of the cluster signing keys in - // JSON Web Key format. - // This API is not yet intended for general use, and is not available for all - // clusters. - rpc GetJSONWebKeys(GetJSONWebKeysRequest) returns (GetJSONWebKeysResponse) { - option (google.api.http) = { - get: "/v1beta1/{parent=projects/*/locations/*/clusters/*}/jwks" - }; - } - - // Retrieves the requested node pool. - rpc GetNodePool(GetNodePoolRequest) returns (NodePool) { - option (google.api.http) = { - get: "/v1beta1/{name=projects/*/locations/*/clusters/*/nodePools/*}" - additional_bindings { - get: "/v1beta1/projects/{project_id}/zones/{zone}/clusters/{cluster_id}/nodePools/{node_pool_id}" - } - }; - option (google.api.method_signature) = "project_id,zone,cluster_id,node_pool_id"; - } - - // Creates a node pool for a cluster. - rpc CreateNodePool(CreateNodePoolRequest) returns (Operation) { - option (google.api.http) = { - post: "/v1beta1/{parent=projects/*/locations/*/clusters/*}/nodePools" - body: "*" - additional_bindings { - post: "/v1beta1/projects/{project_id}/zones/{zone}/clusters/{cluster_id}/nodePools" - body: "*" - } - }; - option (google.api.method_signature) = "project_id,zone,cluster_id,node_pool"; - } - - // Deletes a node pool from a cluster. - rpc DeleteNodePool(DeleteNodePoolRequest) returns (Operation) { - option (google.api.http) = { - delete: "/v1beta1/{name=projects/*/locations/*/clusters/*/nodePools/*}" - additional_bindings { - delete: "/v1beta1/projects/{project_id}/zones/{zone}/clusters/{cluster_id}/nodePools/{node_pool_id}" - } - }; - option (google.api.method_signature) = "project_id,zone,cluster_id,node_pool_id"; - } - - // Rolls back a previously Aborted or Failed NodePool upgrade. - // This makes no changes if the last upgrade successfully completed. - rpc RollbackNodePoolUpgrade(RollbackNodePoolUpgradeRequest) returns (Operation) { - option (google.api.http) = { - post: "/v1beta1/{name=projects/*/locations/*/clusters/*/nodePools/*}:rollback" - body: "*" - additional_bindings { - post: "/v1beta1/projects/{project_id}/zones/{zone}/clusters/{cluster_id}/nodePools/{node_pool_id}:rollback" - body: "*" - } - }; - option (google.api.method_signature) = "project_id,zone,cluster_id,node_pool_id"; - } - - // Sets the NodeManagement options for a node pool. - rpc SetNodePoolManagement(SetNodePoolManagementRequest) returns (Operation) { - option (google.api.http) = { - post: "/v1beta1/{name=projects/*/locations/*/clusters/*/nodePools/*}:setManagement" - body: "*" - additional_bindings { - post: "/v1beta1/projects/{project_id}/zones/{zone}/clusters/{cluster_id}/nodePools/{node_pool_id}/setManagement" - body: "*" - } - }; - option (google.api.method_signature) = "project_id,zone,cluster_id,node_pool_id,management"; - } - - // Sets labels on a cluster. - rpc SetLabels(SetLabelsRequest) returns (Operation) { - option (google.api.http) = { - post: "/v1beta1/{name=projects/*/locations/*/clusters/*}:setResourceLabels" - body: "*" - additional_bindings { - post: "/v1beta1/projects/{project_id}/zones/{zone}/clusters/{cluster_id}/resourceLabels" - body: "*" - } - }; - option (google.api.method_signature) = "project_id,zone,cluster_id,resource_labels,label_fingerprint"; - } - - // Enables or disables the ABAC authorization mechanism on a cluster. - rpc SetLegacyAbac(SetLegacyAbacRequest) returns (Operation) { - option (google.api.http) = { - post: "/v1beta1/{name=projects/*/locations/*/clusters/*}:setLegacyAbac" - body: "*" - additional_bindings { - post: "/v1beta1/projects/{project_id}/zones/{zone}/clusters/{cluster_id}/legacyAbac" - body: "*" - } - }; - option (google.api.method_signature) = "project_id,zone,cluster_id,enabled"; - } - - // Starts master IP rotation. - rpc StartIPRotation(StartIPRotationRequest) returns (Operation) { - option (google.api.http) = { - post: "/v1beta1/{name=projects/*/locations/*/clusters/*}:startIpRotation" - body: "*" - additional_bindings { - post: "/v1beta1/projects/{project_id}/zones/{zone}/clusters/{cluster_id}:startIpRotation" - body: "*" - } - }; - option (google.api.method_signature) = "project_id,zone,cluster_id"; - } - - // Completes master IP rotation. - rpc CompleteIPRotation(CompleteIPRotationRequest) returns (Operation) { - option (google.api.http) = { - post: "/v1beta1/{name=projects/*/locations/*/clusters/*}:completeIpRotation" - body: "*" - additional_bindings { - post: "/v1beta1/projects/{project_id}/zones/{zone}/clusters/{cluster_id}:completeIpRotation" - body: "*" - } - }; - option (google.api.method_signature) = "project_id,zone,cluster_id"; - } - - // Sets the size for a specific node pool. - rpc SetNodePoolSize(SetNodePoolSizeRequest) returns (Operation) { - option (google.api.http) = { - post: "/v1beta1/{name=projects/*/locations/*/clusters/*/nodePools/*}:setSize" - body: "*" - additional_bindings { - post: "/v1beta1/projects/{project_id}/zones/{zone}/clusters/{cluster_id}/nodePools/{node_pool_id}/setSize" - body: "*" - } - }; - } - - // Enables or disables Network Policy for a cluster. - rpc SetNetworkPolicy(SetNetworkPolicyRequest) returns (Operation) { - option (google.api.http) = { - post: "/v1beta1/{name=projects/*/locations/*/clusters/*}:setNetworkPolicy" - body: "*" - additional_bindings { - post: "/v1beta1/projects/{project_id}/zones/{zone}/clusters/{cluster_id}:setNetworkPolicy" - body: "*" - } - }; - option (google.api.method_signature) = "project_id,zone,cluster_id,network_policy"; - } - - // Sets the maintenance policy for a cluster. - rpc SetMaintenancePolicy(SetMaintenancePolicyRequest) returns (Operation) { - option (google.api.http) = { - post: "/v1beta1/{name=projects/*/locations/*/clusters/*}:setMaintenancePolicy" - body: "*" - additional_bindings { - post: "/v1beta1/projects/{project_id}/zones/{zone}/clusters/{cluster_id}:setMaintenancePolicy" - body: "*" - } - }; - option (google.api.method_signature) = "project_id,zone,cluster_id,maintenance_policy"; - } - - // Lists subnetworks that can be used for creating clusters in a project. - rpc ListUsableSubnetworks(ListUsableSubnetworksRequest) returns (ListUsableSubnetworksResponse) { - option (google.api.http) = { - get: "/v1beta1/{parent=projects/*}/aggregated/usableSubnetworks" - }; - option (google.api.method_signature) = "parent"; - } - - // Fetches locations that offer Google Kubernetes Engine. - rpc ListLocations(ListLocationsRequest) returns (ListLocationsResponse) { - option (google.api.http) = { - get: "/v1beta1/{parent=projects/*}/locations" - }; - option (google.api.method_signature) = "parent"; - } -} - -// Parameters that can be configured on Linux nodes. -message LinuxNodeConfig { - // The Linux kernel parameters to be applied to the nodes and all pods running - // on the nodes. - // - // The following parameters are supported. - // - // net.core.netdev_max_backlog - // net.core.rmem_max - // net.core.wmem_default - // net.core.wmem_max - // net.core.optmem_max - // net.core.somaxconn - // net.ipv4.tcp_rmem - // net.ipv4.tcp_wmem - // net.ipv4.tcp_tw_reuse - map sysctls = 1; -} - -// Node kubelet configs. -message NodeKubeletConfig { - // Control the CPU management policy on the node. - // See - // https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/ - // - // The following values are allowed. - // - "none": the default, which represents the existing scheduling behavior. - // - "static": allows pods with certain resource characteristics to be - // granted increased CPU affinity and exclusivity on the node. - // The default value is 'none' if unspecified. - string cpu_manager_policy = 1; - - // Enable CPU CFS quota enforcement for containers that specify CPU limits. - // - // This option is enabled by default which makes kubelet use CFS quota - // (https://www.kernel.org/doc/Documentation/scheduler/sched-bwc.txt) to - // enforce container CPU limits. Otherwise, CPU limits will not be enforced at - // all. - // - // Disable this option to mitigate CPU throttling problems while still having - // your pods to be in Guaranteed QoS class by specifying the CPU limits. - // - // The default value is 'true' if unspecified. - google.protobuf.BoolValue cpu_cfs_quota = 2; - - // Set the CPU CFS quota period value 'cpu.cfs_period_us'. - // - // The string must be a sequence of decimal numbers, each with optional - // fraction and a unit suffix, such as "300ms". - // Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h". - // The value must be a positive duration. - string cpu_cfs_quota_period = 3; -} - -// Parameters that describe the nodes in a cluster. -message NodeConfig { - // The name of a Google Compute Engine [machine - // type](https://cloud.google.com/compute/docs/machine-types). - // - // If unspecified, the default machine type is - // `e2-medium`. - string machine_type = 1; - - // Size of the disk attached to each node, specified in GB. - // The smallest allowed disk size is 10GB. - // - // If unspecified, the default disk size is 100GB. - int32 disk_size_gb = 2; - - // The set of Google API scopes to be made available on all of the - // node VMs under the "default" service account. - // - // The following scopes are recommended, but not required, and by default are - // not included: - // - // * `https://www.googleapis.com/auth/compute` is required for mounting - // persistent storage on your nodes. - // * `https://www.googleapis.com/auth/devstorage.read_only` is required for - // communicating with **gcr.io** - // (the [Google Container - // Registry](https://cloud.google.com/container-registry/)). - // - // If unspecified, no scopes are added, unless Cloud Logging or Cloud - // Monitoring are enabled, in which case their required scopes will be added. - repeated string oauth_scopes = 3; - - // The Google Cloud Platform Service Account to be used by the node VMs. - // Specify the email address of the Service Account; otherwise, if no Service - // Account is specified, the "default" service account is used. - string service_account = 9; - - // The metadata key/value pairs assigned to instances in the cluster. - // - // Keys must conform to the regexp `[a-zA-Z0-9-_]+` and be less than 128 bytes - // in length. These are reflected as part of a URL in the metadata server. - // Additionally, to avoid ambiguity, keys must not conflict with any other - // metadata keys for the project or be one of the reserved keys: - // - "cluster-location" - // - "cluster-name" - // - "cluster-uid" - // - "configure-sh" - // - "containerd-configure-sh" - // - "enable-oslogin" - // - "gci-ensure-gke-docker" - // - "gci-metrics-enabled" - // - "gci-update-strategy" - // - "instance-template" - // - "kube-env" - // - "startup-script" - // - "user-data" - // - "disable-address-manager" - // - "windows-startup-script-ps1" - // - "common-psm1" - // - "k8s-node-setup-psm1" - // - "install-ssh-psm1" - // - "user-profile-psm1" - // - // The following keys are reserved for Windows nodes: - // - "serial-port-logging-enable" - // - // Values are free-form strings, and only have meaning as interpreted by - // the image running in the instance. The only restriction placed on them is - // that each value's size must be less than or equal to 32 KB. - // - // The total size of all keys and values must be less than 512 KB. - map metadata = 4; - - // The image type to use for this node. Note that for a given image type, - // the latest version of it will be used. - string image_type = 5; - - // The map of Kubernetes labels (key/value pairs) to be applied to each node. - // These will added in addition to any default label(s) that - // Kubernetes may apply to the node. - // In case of conflict in label keys, the applied set may differ depending on - // the Kubernetes version -- it's best to assume the behavior is undefined - // and conflicts should be avoided. - // For more information, including usage and the valid values, see: - // https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ - map labels = 6; - - // The number of local SSD disks to be attached to the node. - // - // The limit for this value is dependent upon the maximum number of - // disks available on a machine per zone. See: - // https://cloud.google.com/compute/docs/disks/local-ssd - // for more information. - int32 local_ssd_count = 7; - - // The list of instance tags applied to all nodes. Tags are used to identify - // valid sources or targets for network firewalls and are specified by - // the client during cluster or node pool creation. Each tag within the list - // must comply with RFC1035. - repeated string tags = 8; - - // Whether the nodes are created as preemptible VM instances. See: - // https://cloud.google.com/compute/docs/instances/preemptible for more - // inforamtion about preemptible VM instances. - bool preemptible = 10; - - // A list of hardware accelerators to be attached to each node. - // See https://cloud.google.com/compute/docs/gpus for more information about - // support for GPUs. - repeated AcceleratorConfig accelerators = 11; - - // Sandbox configuration for this node. - SandboxConfig sandbox_config = 17; - - // Setting this field will assign instances of this - // pool to run on the specified node group. This is useful for running - // workloads on [sole tenant - // nodes](https://cloud.google.com/compute/docs/nodes/sole-tenant-nodes). - string node_group = 18; - - // The optional reservation affinity. Setting this field will apply - // the specified [Zonal Compute - // Reservation](https://cloud.google.com/compute/docs/instances/reserving-zonal-resources) - // to this node pool. - ReservationAffinity reservation_affinity = 19; - - // Type of the disk attached to each node (e.g. 'pd-standard', 'pd-ssd' or - // 'pd-balanced') - // - // If unspecified, the default disk type is 'pd-standard' - string disk_type = 12; - - // Minimum CPU platform to be used by this instance. The instance may be - // scheduled on the specified or newer CPU platform. Applicable values are the - // friendly names of CPU platforms, such as - // `minCpuPlatform: "Intel Haswell"` or - // `minCpuPlatform: "Intel Sandy Bridge"`. For more - // information, read [how to specify min CPU - // platform](https://cloud.google.com/compute/docs/instances/specify-min-cpu-platform) - string min_cpu_platform = 13; - - // The workload metadata configuration for this node. - WorkloadMetadataConfig workload_metadata_config = 14; - - // List of kubernetes taints to be applied to each node. - // - // For more information, including usage and the valid values, see: - // https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ - repeated NodeTaint taints = 15; - - // - // The Customer Managed Encryption Key used to encrypt the boot disk attached - // to each node in the node pool. This should be of the form - // projects/[KEY_PROJECT_ID]/locations/[LOCATION]/keyRings/[RING_NAME]/cryptoKeys/[KEY_NAME]. - // For more information about protecting resources with Cloud KMS Keys please - // see: - // https://cloud.google.com/compute/docs/disks/customer-managed-encryption - string boot_disk_kms_key = 23; - - // Shielded Instance options. - ShieldedInstanceConfig shielded_instance_config = 20; - - // Parameters that can be configured on Linux nodes. - LinuxNodeConfig linux_node_config = 21; - - // Node kubelet configs. - NodeKubeletConfig kubelet_config = 22; - - // Parameters for the ephemeral storage filesystem. - // If unspecified, ephemeral storage is backed by the boot disk. - EphemeralStorageConfig ephemeral_storage_config = 24; -} - -// A set of Shielded Instance options. -message ShieldedInstanceConfig { - // Defines whether the instance has Secure Boot enabled. - // - // Secure Boot helps ensure that the system only runs authentic software by - // verifying the digital signature of all boot components, and halting the - // boot process if signature verification fails. - bool enable_secure_boot = 1; - - // Defines whether the instance has integrity monitoring enabled. - // - // Enables monitoring and attestation of the boot integrity of the instance. - // The attestation is performed against the integrity policy baseline. This - // baseline is initially derived from the implicitly trusted boot image when - // the instance is created. - bool enable_integrity_monitoring = 2; -} - -// SandboxConfig contains configurations of the sandbox to use for the node. -message SandboxConfig { - // Possible types of sandboxes. - enum Type { - // Default value. This should not be used. - UNSPECIFIED = 0; - - // Run sandbox using gvisor. - GVISOR = 1; - } - - // Type of the sandbox to use for the node (e.g. 'gvisor') - string sandbox_type = 1 [deprecated = true]; - - // Type of the sandbox to use for the node. - Type type = 2; -} - -// EphemeralStorageConfig contains configuration for the ephemeral storage -// filesystem. -message EphemeralStorageConfig { - // Number of local SSDs to use to back ephemeral storage. Uses NVMe - // interfaces. Each local SSD is 375 GB in size. - // If zero, it means to disable using local SSDs as ephemeral storage. - int32 local_ssd_count = 1; -} - -// [ReservationAffinity](https://cloud.google.com/compute/docs/instances/reserving-zonal-resources) -// is the configuration of desired reservation which instances could take -// capacity from. -message ReservationAffinity { - // Indicates whether to consume capacity from a reservation or not. - enum Type { - // Default value. This should not be used. - UNSPECIFIED = 0; - - // Do not consume from any reserved capacity. - NO_RESERVATION = 1; - - // Consume any reservation available. - ANY_RESERVATION = 2; - - // Must consume from a specific reservation. Must specify key value fields - // for specifying the reservations. - SPECIFIC_RESERVATION = 3; - } - - // Corresponds to the type of reservation consumption. - Type consume_reservation_type = 1; - - // Corresponds to the label key of a reservation resource. To target a - // SPECIFIC_RESERVATION by name, specify "googleapis.com/reservation-name" as - // the key and specify the name of your reservation as its value. - string key = 2; - - // Corresponds to the label value(s) of reservation resource(s). - repeated string values = 3; -} - -// Kubernetes taint is comprised of three fields: key, value, and effect. Effect -// can only be one of three types: NoSchedule, PreferNoSchedule or NoExecute. -// -// See -// [here](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration) -// for more information, including usage and the valid values. -message NodeTaint { - // Possible values for Effect in taint. - enum Effect { - // Not set - EFFECT_UNSPECIFIED = 0; - - // NoSchedule - NO_SCHEDULE = 1; - - // PreferNoSchedule - PREFER_NO_SCHEDULE = 2; - - // NoExecute - NO_EXECUTE = 3; - } - - // Key for taint. - string key = 1; - - // Value for taint. - string value = 2; - - // Effect for taint. - Effect effect = 3; -} - -// The authentication information for accessing the master endpoint. -// Authentication can be done using HTTP basic auth or using client -// certificates. -message MasterAuth { - // The username to use for HTTP basic authentication to the master endpoint. - // For clusters v1.6.0 and later, basic authentication can be disabled by - // leaving username unspecified (or setting it to the empty string). - // - // Warning: basic authentication is deprecated, and will be removed in GKE - // control plane versions 1.19 and newer. For a list of recommended - // authentication methods, see: - // https://cloud.google.com/kubernetes-engine/docs/how-to/api-server-authentication - string username = 1 [deprecated = true]; - - // The password to use for HTTP basic authentication to the master endpoint. - // Because the master endpoint is open to the Internet, you should create a - // strong password. If a password is provided for cluster creation, username - // must be non-empty. - // - // Warning: basic authentication is deprecated, and will be removed in GKE - // control plane versions 1.19 and newer. For a list of recommended - // authentication methods, see: - // https://cloud.google.com/kubernetes-engine/docs/how-to/api-server-authentication - string password = 2 [deprecated = true]; - - // Configuration for client certificate authentication on the cluster. For - // clusters before v1.12, if no configuration is specified, a client - // certificate is issued. - ClientCertificateConfig client_certificate_config = 3; - - string cluster_ca_certificate = 100; - - // [Output only] Base64-encoded public certificate used by clients to - // authenticate to the cluster endpoint. - string client_certificate = 101; - - // [Output only] Base64-encoded private key used by clients to authenticate - // to the cluster endpoint. - string client_key = 102; -} - -// Configuration for client certificates on the cluster. -message ClientCertificateConfig { - // Issue a client certificate. - bool issue_client_certificate = 1; -} - -// Configuration for the addons that can be automatically spun up in the -// cluster, enabling additional functionality. -message AddonsConfig { - // Configuration for the HTTP (L7) load balancing controller addon, which - // makes it easy to set up HTTP load balancers for services in a cluster. - HttpLoadBalancing http_load_balancing = 1; - - // Configuration for the horizontal pod autoscaling feature, which - // increases or decreases the number of replica pods a replication controller - // has based on the resource usage of the existing pods. - HorizontalPodAutoscaling horizontal_pod_autoscaling = 2; - - // Configuration for the Kubernetes Dashboard. - // This addon is deprecated, and will be disabled in 1.15. It is recommended - // to use the Cloud Console to manage and monitor your Kubernetes clusters, - // workloads and applications. For more information, see: - // https://cloud.google.com/kubernetes-engine/docs/concepts/dashboards - KubernetesDashboard kubernetes_dashboard = 3 [deprecated = true]; - - // Configuration for NetworkPolicy. This only tracks whether the addon - // is enabled or not on the Master, it does not track whether network policy - // is enabled for the nodes. - NetworkPolicyConfig network_policy_config = 4; - - // Configuration for Istio, an open platform to connect, manage, and secure - // microservices. - IstioConfig istio_config = 5; - - // Configuration for the Cloud Run addon. The `IstioConfig` addon must be - // enabled in order to enable Cloud Run addon. This option can only be enabled - // at cluster creation time. - CloudRunConfig cloud_run_config = 7; - - // Configuration for NodeLocalDNS, a dns cache running on cluster nodes - DnsCacheConfig dns_cache_config = 8; - - // Configuration for the ConfigConnector add-on, a Kubernetes - // extension to manage hosted GCP services through the Kubernetes API - ConfigConnectorConfig config_connector_config = 10; - - // Configuration for the Compute Engine Persistent Disk CSI driver. - GcePersistentDiskCsiDriverConfig gce_persistent_disk_csi_driver_config = 11; - - // Configuration for the KALM addon, which manages the lifecycle of k8s - // applications. - KalmConfig kalm_config = 12; -} - -// Configuration options for the HTTP (L7) load balancing controller addon, -// which makes it easy to set up HTTP load balancers for services in a cluster. -message HttpLoadBalancing { - // Whether the HTTP Load Balancing controller is enabled in the cluster. - // When enabled, it runs a small pod in the cluster that manages the load - // balancers. - bool disabled = 1; -} - -// Configuration options for the horizontal pod autoscaling feature, which -// increases or decreases the number of replica pods a replication controller -// has based on the resource usage of the existing pods. -message HorizontalPodAutoscaling { - // Whether the Horizontal Pod Autoscaling feature is enabled in the cluster. - // When enabled, it ensures that metrics are collected into Stackdriver - // Monitoring. - bool disabled = 1; -} - -// Configuration for the Kubernetes Dashboard. -message KubernetesDashboard { - // Whether the Kubernetes Dashboard is enabled for this cluster. - bool disabled = 1; -} - -// Configuration for NetworkPolicy. This only tracks whether the addon -// is enabled or not on the Master, it does not track whether network policy -// is enabled for the nodes. -message NetworkPolicyConfig { - // Whether NetworkPolicy is enabled for this cluster. - bool disabled = 1; -} - -// Configuration for NodeLocal DNSCache -message DnsCacheConfig { - // Whether NodeLocal DNSCache is enabled for this cluster. - bool enabled = 1; -} - -// Configuration options for the KALM addon. -message KalmConfig { - // Whether KALM is enabled for this cluster. - bool enabled = 1; -} - -// Configuration options for the Config Connector add-on. -message ConfigConnectorConfig { - // Whether Cloud Connector is enabled for this cluster. - bool enabled = 1; -} - -// Configuration for the Compute Engine PD CSI driver. This option can only be -// enabled at cluster creation time. -message GcePersistentDiskCsiDriverConfig { - // Whether the Compute Engine PD CSI driver is enabled for this cluster. - bool enabled = 1; -} - -// Configuration for controlling master global access settings. -message PrivateClusterMasterGlobalAccessConfig { - // Whenever master is accessible globally or not. - bool enabled = 1; -} - -// Configuration options for private clusters. -message PrivateClusterConfig { - // Whether nodes have internal IP addresses only. If enabled, all nodes are - // given only RFC 1918 private addresses and communicate with the master via - // private networking. - bool enable_private_nodes = 1; - - // Whether the master's internal IP address is used as the cluster endpoint. - bool enable_private_endpoint = 2; - - // The IP range in CIDR notation to use for the hosted master network. This - // range will be used for assigning internal IP addresses to the master or - // set of masters, as well as the ILB VIP. This range must not overlap with - // any other ranges in use within the cluster's network. - string master_ipv4_cidr_block = 3; - - // Output only. The internal IP address of this cluster's master endpoint. - string private_endpoint = 4; - - // Output only. The external IP address of this cluster's master endpoint. - string public_endpoint = 5; - - // Output only. The peering name in the customer VPC used by this cluster. - string peering_name = 7; - - // Controls master global access settings. - PrivateClusterMasterGlobalAccessConfig master_global_access_config = 8; -} - -// Configuration options for Istio addon. -message IstioConfig { - // Istio auth mode, https://istio.io/docs/concepts/security/mutual-tls.html - enum IstioAuthMode { - // auth not enabled - AUTH_NONE = 0; - - // auth mutual TLS enabled - AUTH_MUTUAL_TLS = 1; - } - - // Whether Istio is enabled for this cluster. - bool disabled = 1; - - // The specified Istio auth mode, either none, or mutual TLS. - IstioAuthMode auth = 2; -} - -// Configuration options for the Cloud Run feature. -message CloudRunConfig { - // Load balancer type of ingress service of Cloud Run. - enum LoadBalancerType { - // Load balancer type for Cloud Run is unspecified. - LOAD_BALANCER_TYPE_UNSPECIFIED = 0; - - // Install external load balancer for Cloud Run. - LOAD_BALANCER_TYPE_EXTERNAL = 1; - - // Install internal load balancer for Cloud Run. - LOAD_BALANCER_TYPE_INTERNAL = 2; - } - - // Whether Cloud Run addon is enabled for this cluster. - bool disabled = 1; - - // Which load balancer type is installed for Cloud Run. - LoadBalancerType load_balancer_type = 3; -} - -// Configuration options for the master authorized networks feature. Enabled -// master authorized networks will disallow all external traffic to access -// Kubernetes master through HTTPS except traffic from the given CIDR blocks, -// Google Compute Engine Public IPs and Google Prod IPs. -message MasterAuthorizedNetworksConfig { - // CidrBlock contains an optional name and one CIDR block. - message CidrBlock { - // display_name is an optional field for users to identify CIDR blocks. - string display_name = 1; - - // cidr_block must be specified in CIDR notation. - string cidr_block = 2; - } - - // Whether or not master authorized networks is enabled. - bool enabled = 1; - - // cidr_blocks define up to 10 external networks that could access - // Kubernetes master through HTTPS. - repeated CidrBlock cidr_blocks = 2; -} - -// Configuration for the legacy Attribute Based Access Control authorization -// mode. -message LegacyAbac { - // Whether the ABAC authorizer is enabled for this cluster. When enabled, - // identities in the system, including service accounts, nodes, and - // controllers, will have statically granted permissions beyond those - // provided by the RBAC configuration or IAM. - bool enabled = 1; -} - -// Configuration options for the NetworkPolicy feature. -// https://kubernetes.io/docs/concepts/services-networking/networkpolicies/ -message NetworkPolicy { - // Allowed Network Policy providers. - enum Provider { - // Not set - PROVIDER_UNSPECIFIED = 0; - - // Tigera (Calico Felix). - CALICO = 1; - } - - // The selected network policy provider. - Provider provider = 1; - - // Whether network policy is enabled on the cluster. - bool enabled = 2; -} - -// Configuration for controlling how IPs are allocated in the cluster. -message IPAllocationPolicy { - // Whether alias IPs will be used for pod IPs in the cluster. - // This is used in conjunction with use_routes. It cannot - // be true if use_routes is true. If both use_ip_aliases and use_routes are - // false, then the server picks the default IP allocation mode - bool use_ip_aliases = 1; - - // Whether a new subnetwork will be created automatically for the cluster. - // - // This field is only applicable when `use_ip_aliases` is true. - bool create_subnetwork = 2; - - // A custom subnetwork name to be used if `create_subnetwork` is true. If - // this field is empty, then an automatic name will be chosen for the new - // subnetwork. - string subnetwork_name = 3; - - // This field is deprecated, use cluster_ipv4_cidr_block. - string cluster_ipv4_cidr = 4 [deprecated = true]; - - // This field is deprecated, use node_ipv4_cidr_block. - string node_ipv4_cidr = 5 [deprecated = true]; - - // This field is deprecated, use services_ipv4_cidr_block. - string services_ipv4_cidr = 6 [deprecated = true]; - - // The name of the secondary range to be used for the cluster CIDR - // block. The secondary range will be used for pod IP - // addresses. This must be an existing secondary range associated - // with the cluster subnetwork. - // - // This field is only applicable with use_ip_aliases and - // create_subnetwork is false. - string cluster_secondary_range_name = 7; - - // The name of the secondary range to be used as for the services - // CIDR block. The secondary range will be used for service - // ClusterIPs. This must be an existing secondary range associated - // with the cluster subnetwork. - // - // This field is only applicable with use_ip_aliases and - // create_subnetwork is false. - string services_secondary_range_name = 8; - - // The IP address range for the cluster pod IPs. If this field is set, then - // `cluster.cluster_ipv4_cidr` must be left blank. - // - // This field is only applicable when `use_ip_aliases` is true. - // - // Set to blank to have a range chosen with the default size. - // - // Set to /netmask (e.g. `/14`) to have a range chosen with a specific - // netmask. - // - // Set to a - // [CIDR](http://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing) - // notation (e.g. `10.96.0.0/14`) from the RFC-1918 private networks (e.g. - // `10.0.0.0/8`, `172.16.0.0/12`, `192.168.0.0/16`) to pick a specific range - // to use. - string cluster_ipv4_cidr_block = 9; - - // The IP address range of the instance IPs in this cluster. - // - // This is applicable only if `create_subnetwork` is true. - // - // Set to blank to have a range chosen with the default size. - // - // Set to /netmask (e.g. `/14`) to have a range chosen with a specific - // netmask. - // - // Set to a - // [CIDR](http://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing) - // notation (e.g. `10.96.0.0/14`) from the RFC-1918 private networks (e.g. - // `10.0.0.0/8`, `172.16.0.0/12`, `192.168.0.0/16`) to pick a specific range - // to use. - string node_ipv4_cidr_block = 10; - - // The IP address range of the services IPs in this cluster. If blank, a range - // will be automatically chosen with the default size. - // - // This field is only applicable when `use_ip_aliases` is true. - // - // Set to blank to have a range chosen with the default size. - // - // Set to /netmask (e.g. `/14`) to have a range chosen with a specific - // netmask. - // - // Set to a - // [CIDR](http://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing) - // notation (e.g. `10.96.0.0/14`) from the RFC-1918 private networks (e.g. - // `10.0.0.0/8`, `172.16.0.0/12`, `192.168.0.0/16`) to pick a specific range - // to use. - string services_ipv4_cidr_block = 11; - - // If true, allow allocation of cluster CIDR ranges that overlap with certain - // kinds of network routes. By default we do not allow cluster CIDR ranges to - // intersect with any user declared routes. With allow_route_overlap == true, - // we allow overlapping with CIDR ranges that are larger than the cluster CIDR - // range. - // - // If this field is set to true, then cluster and services CIDRs must be - // fully-specified (e.g. `10.96.0.0/14`, but not `/14`), which means: - // 1) When `use_ip_aliases` is true, `cluster_ipv4_cidr_block` and - // `services_ipv4_cidr_block` must be fully-specified. - // 2) When `use_ip_aliases` is false, `cluster.cluster_ipv4_cidr` muse be - // fully-specified. - bool allow_route_overlap = 12; - - // The IP address range of the Cloud TPUs in this cluster. If unspecified, a - // range will be automatically chosen with the default size. - // - // This field is only applicable when `use_ip_aliases` is true. - // - // If unspecified, the range will use the default size. - // - // Set to /netmask (e.g. `/14`) to have a range chosen with a specific - // netmask. - // - // Set to a - // [CIDR](http://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing) - // notation (e.g. `10.96.0.0/14`) from the RFC-1918 private networks (e.g. - // `10.0.0.0/8`, `172.16.0.0/12`, `192.168.0.0/16`) to pick a specific range - // to use. - // This field is deprecated, use cluster.tpu_config.ipv4_cidr_block instead. - string tpu_ipv4_cidr_block = 13; - - // Whether routes will be used for pod IPs in the cluster. - // This is used in conjunction with use_ip_aliases. It cannot be true if - // use_ip_aliases is true. If both use_ip_aliases and use_routes are false, - // then the server picks the default IP allocation mode - bool use_routes = 15; -} - -// Configuration for Binary Authorization. -message BinaryAuthorization { - // Enable Binary Authorization for this cluster. If enabled, all container - // images will be validated by Google Binauthz. - bool enabled = 1; -} - -// Configuration for the PodSecurityPolicy feature. -message PodSecurityPolicyConfig { - // Enable the PodSecurityPolicy controller for this cluster. If enabled, pods - // must be valid under a PodSecurityPolicy to be created. - bool enabled = 1; -} - -// Configuration for returning group information from authenticators. -message AuthenticatorGroupsConfig { - // Whether this cluster should return group membership lookups - // during authentication using a group of security groups. - bool enabled = 1; - - // The name of the security group-of-groups to be used. Only relevant - // if enabled = true. - string security_group = 2; -} - -// Telemetry integration for the cluster. -message ClusterTelemetry { - // Type of the integration. - enum Type { - // Not set. - UNSPECIFIED = 0; - - // Monitoring integration is disabled. - DISABLED = 1; - - // Monitoring integration is enabled. - ENABLED = 2; - - // Only system components are monitored and logged. - SYSTEM_ONLY = 3; - } - - // Type of the integration. - Type type = 1; -} - -// A Google Kubernetes Engine cluster. -message Cluster { - // The current status of the cluster. - enum Status { - // Not set. - STATUS_UNSPECIFIED = 0; - - // The PROVISIONING state indicates the cluster is being created. - PROVISIONING = 1; - - // The RUNNING state indicates the cluster has been created and is fully - // usable. - RUNNING = 2; - - // The RECONCILING state indicates that some work is actively being done on - // the cluster, such as upgrading the master or node software. Details can - // be found in the `statusMessage` field. - RECONCILING = 3; - - // The STOPPING state indicates the cluster is being deleted. - STOPPING = 4; - - // The ERROR state indicates the cluster may be unusable. Details - // can be found in the `statusMessage` field. - ERROR = 5; - - // The DEGRADED state indicates the cluster requires user action to restore - // full functionality. Details can be found in the `statusMessage` field. - DEGRADED = 6; - } - - // The name of this cluster. The name must be unique within this project - // and location (e.g. zone or region), and can be up to 40 characters with - // the following restrictions: - // - // * Lowercase letters, numbers, and hyphens only. - // * Must start with a letter. - // * Must end with a number or a letter. - string name = 1; - - // An optional description of this cluster. - string description = 2; - - // The number of nodes to create in this cluster. You must ensure that your - // Compute Engine [resource quota](https://cloud.google.com/compute/quotas) - // is sufficient for this number of instances. You must also have available - // firewall and routes quota. - // For requests, this field should only be used in lieu of a - // "node_pool" object, since this configuration (along with the - // "node_config") will be used to create a "NodePool" object with an - // auto-generated name. Do not use this and a node_pool at the same time. - // - // This field is deprecated, use node_pool.initial_node_count instead. - int32 initial_node_count = 3 [deprecated = true]; - - // Parameters used in creating the cluster's nodes. - // For requests, this field should only be used in lieu of a - // "node_pool" object, since this configuration (along with the - // "initial_node_count") will be used to create a "NodePool" object with an - // auto-generated name. Do not use this and a node_pool at the same time. - // For responses, this field will be populated with the node configuration of - // the first node pool. (For configuration of each node pool, see - // `node_pool.config`) - // - // If unspecified, the defaults are used. - // This field is deprecated, use node_pool.config instead. - NodeConfig node_config = 4 [deprecated = true]; - - // The authentication information for accessing the master endpoint. - // If unspecified, the defaults are used: - // For clusters before v1.12, if master_auth is unspecified, `username` will - // be set to "admin", a random password will be generated, and a client - // certificate will be issued. - MasterAuth master_auth = 5; - - // The logging service the cluster should use to write logs. - // Currently available options: - // - // * `logging.googleapis.com/kubernetes` - The Cloud Logging - // service with a Kubernetes-native resource model - // * `logging.googleapis.com` - The legacy Cloud Logging service (no longer - // available as of GKE 1.15). - // * `none` - no logs will be exported from the cluster. - // - // If left as an empty string,`logging.googleapis.com/kubernetes` will be - // used for GKE 1.14+ or `logging.googleapis.com` for earlier versions. - string logging_service = 6; - - // The monitoring service the cluster should use to write metrics. - // Currently available options: - // - // * "monitoring.googleapis.com/kubernetes" - The Cloud Monitoring - // service with a Kubernetes-native resource model - // * `monitoring.googleapis.com` - The legacy Cloud Monitoring service (no - // longer available as of GKE 1.15). - // * `none` - No metrics will be exported from the cluster. - // - // If left as an empty string,`monitoring.googleapis.com/kubernetes` will be - // used for GKE 1.14+ or `monitoring.googleapis.com` for earlier versions. - string monitoring_service = 7; - - // The name of the Google Compute Engine - // [network](https://cloud.google.com/compute/docs/networks-and-firewalls#networks) - // to which the cluster is connected. If left unspecified, the `default` - // network will be used. On output this shows the network ID instead of the - // name. - string network = 8; - - // The IP address range of the container pods in this cluster, in - // [CIDR](http://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing) - // notation (e.g. `10.96.0.0/14`). Leave blank to have - // one automatically chosen or specify a `/14` block in `10.0.0.0/8`. - string cluster_ipv4_cidr = 9; - - // Configurations for the various addons available to run in the cluster. - AddonsConfig addons_config = 10; - - // The name of the Google Compute Engine - // [subnetwork](https://cloud.google.com/compute/docs/subnetworks) to which - // the cluster is connected. On output this shows the subnetwork ID instead of - // the name. - string subnetwork = 11; - - // The node pools associated with this cluster. - // This field should not be set if "node_config" or "initial_node_count" are - // specified. - repeated NodePool node_pools = 12; - - // The list of Google Compute Engine - // [zones](https://cloud.google.com/compute/docs/zones#available) in which the - // cluster's nodes should be located. - // - // This field provides a default value if - // [NodePool.Locations](https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1/projects.locations.clusters.nodePools#NodePool.FIELDS.locations) - // are not specified during node pool creation. - // - // Warning: changing cluster locations will update the - // [NodePool.Locations](https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1/projects.locations.clusters.nodePools#NodePool.FIELDS.locations) - // of all node pools and will result in nodes being added and/or removed. - repeated string locations = 13; - - // Kubernetes alpha features are enabled on this cluster. This includes alpha - // API groups (e.g. v1beta1) and features that may not be production ready in - // the kubernetes version of the master and nodes. - // The cluster has no SLA for uptime and master/node upgrades are disabled. - // Alpha enabled clusters are automatically deleted thirty days after - // creation. - bool enable_kubernetes_alpha = 14; - - // The resource labels for the cluster to use to annotate any related - // Google Compute Engine resources. - map resource_labels = 15; - - // The fingerprint of the set of labels for this cluster. - string label_fingerprint = 16; - - // Configuration for the legacy ABAC authorization mode. - LegacyAbac legacy_abac = 18; - - // Configuration options for the NetworkPolicy feature. - NetworkPolicy network_policy = 19; - - // Configuration for cluster IP allocation. - IPAllocationPolicy ip_allocation_policy = 20; - - // The configuration options for master authorized networks feature. - MasterAuthorizedNetworksConfig master_authorized_networks_config = 22; - - // Configure the maintenance policy for this cluster. - MaintenancePolicy maintenance_policy = 23; - - // Configuration for Binary Authorization. - BinaryAuthorization binary_authorization = 24; - - // Configuration for the PodSecurityPolicy feature. - PodSecurityPolicyConfig pod_security_policy_config = 25; - - // Cluster-level autoscaling configuration. - ClusterAutoscaling autoscaling = 26; - - // Configuration for cluster networking. - NetworkConfig network_config = 27; - - // If this is a private cluster setup. Private clusters are clusters that, by - // default have no external IP addresses on the nodes and where nodes and the - // master communicate over private IP addresses. - // This field is deprecated, use private_cluster_config.enable_private_nodes - // instead. - bool private_cluster = 28 [deprecated = true]; - - // The IP prefix in CIDR notation to use for the hosted master network. - // This prefix will be used for assigning private IP addresses to the - // master or set of masters, as well as the ILB VIP. - // This field is deprecated, use - // private_cluster_config.master_ipv4_cidr_block instead. - string master_ipv4_cidr_block = 29 [deprecated = true]; - - // The default constraint on the maximum number of pods that can be run - // simultaneously on a node in the node pool of this cluster. Only honored - // if cluster created with IP Alias support. - MaxPodsConstraint default_max_pods_constraint = 30; - - // Configuration for exporting resource usages. Resource usage export is - // disabled when this config unspecified. - ResourceUsageExportConfig resource_usage_export_config = 33; - - // Configuration controlling RBAC group membership information. - AuthenticatorGroupsConfig authenticator_groups_config = 34; - - // Configuration for private cluster. - PrivateClusterConfig private_cluster_config = 37; - - // Cluster-level Vertical Pod Autoscaling configuration. - VerticalPodAutoscaling vertical_pod_autoscaling = 39; - - // Shielded Nodes configuration. - ShieldedNodes shielded_nodes = 40; - - // Release channel configuration. - ReleaseChannel release_channel = 41; - - // Configuration for the use of Kubernetes Service Accounts in GCP IAM - // policies. - WorkloadIdentityConfig workload_identity_config = 43; - - // Telemetry integration for the cluster. - ClusterTelemetry cluster_telemetry = 46; - - // Configuration for Cloud TPU support; - TpuConfig tpu_config = 47; - - // Notification configuration of the cluster. - NotificationConfig notification_config = 49; - - // Configuration of Confidential Nodes - ConfidentialNodes confidential_nodes = 50; - - // [Output only] Server-defined URL for the resource. - string self_link = 100; - - // [Output only] The name of the Google Compute Engine - // [zone](https://cloud.google.com/compute/docs/zones#available) in which the - // cluster resides. This field is deprecated, use location instead. - string zone = 101 [deprecated = true]; - - // [Output only] The IP address of this cluster's master endpoint. - // The endpoint can be accessed from the internet at - // `https://username:password@endpoint/`. - // - // See the `masterAuth` property of this resource for username and - // password information. - string endpoint = 102; - - // The initial Kubernetes version for this cluster. Valid versions are those - // found in validMasterVersions returned by getServerConfig. The version can - // be upgraded over time; such upgrades are reflected in - // currentMasterVersion and currentNodeVersion. - // - // Users may specify either explicit versions offered by - // Kubernetes Engine or version aliases, which have the following behavior: - // - // - "latest": picks the highest valid Kubernetes version - // - "1.X": picks the highest valid patch+gke.N patch in the 1.X version - // - "1.X.Y": picks the highest valid gke.N patch in the 1.X.Y version - // - "1.X.Y-gke.N": picks an explicit Kubernetes version - // - "","-": picks the default Kubernetes version - string initial_cluster_version = 103; - - // [Output only] The current software version of the master endpoint. - string current_master_version = 104; - - // [Output only] Deprecated, use - // [NodePool.version](https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1beta1/projects.locations.clusters.nodePools) - // instead. The current version of the node software components. - // If they are currently at multiple versions because they're in the process - // of being upgraded, this reflects the minimum version of all nodes. - string current_node_version = 105 [deprecated = true]; - - // [Output only] The time the cluster was created, in - // [RFC3339](https://www.ietf.org/rfc/rfc3339.txt) text format. - string create_time = 106; - - // [Output only] The current status of this cluster. - Status status = 107; - - // [Output only] Deprecated. Use conditions instead. - // Additional information about the current status of this - // cluster, if available. - string status_message = 108 [deprecated = true]; - - // [Output only] The size of the address space on each node for hosting - // containers. This is provisioned from within the `container_ipv4_cidr` - // range. This field will only be set when cluster is in route-based network - // mode. - int32 node_ipv4_cidr_size = 109; - - // [Output only] The IP address range of the Kubernetes services in - // this cluster, in - // [CIDR](http://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing) - // notation (e.g. `1.2.3.4/29`). Service addresses are - // typically put in the last `/16` from the container CIDR. - string services_ipv4_cidr = 110; - - // Deprecated. Use node_pools.instance_group_urls. - repeated string instance_group_urls = 111 [deprecated = true]; - - // [Output only] The number of nodes currently in the cluster. Deprecated. - // Call Kubernetes API directly to retrieve node information. - int32 current_node_count = 112 [deprecated = true]; - - // [Output only] The time the cluster will be automatically - // deleted in [RFC3339](https://www.ietf.org/rfc/rfc3339.txt) text format. - string expire_time = 113; - - // [Output only] The name of the Google Compute Engine - // [zone](https://cloud.google.com/compute/docs/regions-zones/regions-zones#available) - // or - // [region](https://cloud.google.com/compute/docs/regions-zones/regions-zones#available) - // in which the cluster resides. - string location = 114; - - // Enable the ability to use Cloud TPUs in this cluster. - // This field is deprecated, use tpu_config.enabled instead. - bool enable_tpu = 115; - - // [Output only] The IP address range of the Cloud TPUs in this cluster, in - // [CIDR](http://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing) - // notation (e.g. `1.2.3.4/29`). - string tpu_ipv4_cidr_block = 116; - - // Configuration of etcd encryption. - DatabaseEncryption database_encryption = 38; - - // Which conditions caused the current cluster state. - repeated StatusCondition conditions = 118; - - // Configuration for master components. - Master master = 124; -} - -// ClusterUpdate describes an update to the cluster. Exactly one update can -// be applied to a cluster with each request, so at most one field can be -// provided. -message ClusterUpdate { - // The Kubernetes version to change the nodes to (typically an - // upgrade). - // - // Users may specify either explicit versions offered by - // Kubernetes Engine or version aliases, which have the following behavior: - // - // - "latest": picks the highest valid Kubernetes version - // - "1.X": picks the highest valid patch+gke.N patch in the 1.X version - // - "1.X.Y": picks the highest valid gke.N patch in the 1.X.Y version - // - "1.X.Y-gke.N": picks an explicit Kubernetes version - // - "-": picks the Kubernetes master version - string desired_node_version = 4; - - // The monitoring service the cluster should use to write metrics. - // Currently available options: - // - // * "monitoring.googleapis.com/kubernetes" - The Cloud Monitoring - // service with a Kubernetes-native resource model - // * `monitoring.googleapis.com` - The legacy Cloud Monitoring service (no - // longer available as of GKE 1.15). - // * `none` - No metrics will be exported from the cluster. - // - // If left as an empty string,`monitoring.googleapis.com/kubernetes` will be - // used for GKE 1.14+ or `monitoring.googleapis.com` for earlier versions. - string desired_monitoring_service = 5; - - // Configurations for the various addons available to run in the cluster. - AddonsConfig desired_addons_config = 6; - - // The node pool to be upgraded. This field is mandatory if - // "desired_node_version", "desired_image_family", - // "desired_node_pool_autoscaling", or "desired_workload_metadata_config" - // is specified and there is more than one node pool on the cluster. - string desired_node_pool_id = 7; - - // The desired image type for the node pool. - // NOTE: Set the "desired_node_pool" field as well. - string desired_image_type = 8; - - // Autoscaler configuration for the node pool specified in - // desired_node_pool_id. If there is only one pool in the - // cluster and desired_node_pool_id is not provided then - // the change applies to that single node pool. - NodePoolAutoscaling desired_node_pool_autoscaling = 9; - - // The desired list of Google Compute Engine - // [zones](https://cloud.google.com/compute/docs/zones#available) in which the - // cluster's nodes should be located. - // - // This list must always include the cluster's primary zone. - // - // Warning: changing cluster locations will update the locations of all node - // pools and will result in nodes being added and/or removed. - repeated string desired_locations = 10; - - // The desired configuration options for master authorized networks feature. - MasterAuthorizedNetworksConfig desired_master_authorized_networks_config = 12; - - // The desired configuration options for the PodSecurityPolicy feature. - PodSecurityPolicyConfig desired_pod_security_policy_config = 14; - - // Cluster-level autoscaling configuration. - ClusterAutoscaling desired_cluster_autoscaling = 15; - - // The desired configuration options for the Binary Authorization feature. - BinaryAuthorization desired_binary_authorization = 16; - - // The logging service the cluster should use to write logs. - // Currently available options: - // - // * `logging.googleapis.com/kubernetes` - The Cloud Logging - // service with a Kubernetes-native resource model - // * `logging.googleapis.com` - The legacy Cloud Logging service (no longer - // available as of GKE 1.15). - // * `none` - no logs will be exported from the cluster. - // - // If left as an empty string,`logging.googleapis.com/kubernetes` will be - // used for GKE 1.14+ or `logging.googleapis.com` for earlier versions. - string desired_logging_service = 19; - - // The desired configuration for exporting resource usage. - ResourceUsageExportConfig desired_resource_usage_export_config = 21; - - // Cluster-level Vertical Pod Autoscaling configuration. - VerticalPodAutoscaling desired_vertical_pod_autoscaling = 22; - - // The desired private cluster configuration. - PrivateClusterConfig desired_private_cluster_config = 25; - - // The desired config of Intra-node visibility. - IntraNodeVisibilityConfig desired_intra_node_visibility_config = 26; - - // The desired status of whether to disable default sNAT for this cluster. - DefaultSnatStatus desired_default_snat_status = 28; - - // The desired telemetry integration for the cluster. - ClusterTelemetry desired_cluster_telemetry = 30; - - // The desired release channel configuration. - ReleaseChannel desired_release_channel = 31; - - // The desired Cloud TPU configuration. - TpuConfig desired_tpu_config = 38; - - // The desired datapath provider for the cluster. - DatapathProvider desired_datapath_provider = 50; - - // The desired notification configuration. - NotificationConfig desired_notification_config = 55; - - // The Kubernetes version to change the master to. The only valid value is the - // latest supported version. - // - // Users may specify either explicit versions offered by - // Kubernetes Engine or version aliases, which have the following behavior: - // - // - "latest": picks the highest valid Kubernetes version - // - "1.X": picks the highest valid patch+gke.N patch in the 1.X version - // - "1.X.Y": picks the highest valid gke.N patch in the 1.X.Y version - // - "1.X.Y-gke.N": picks an explicit Kubernetes version - // - "-": picks the default Kubernetes version - string desired_master_version = 100; - - // Configuration of etcd encryption. - DatabaseEncryption desired_database_encryption = 46; - - // Configuration for Workload Identity. - WorkloadIdentityConfig desired_workload_identity_config = 47; - - // Configuration for Shielded Nodes. - ShieldedNodes desired_shielded_nodes = 48; - - // Configuration for master components. - Master desired_master = 52; -} - -// This operation resource represents operations that may have happened or are -// happening on the cluster. All fields are output only. -message Operation { - // Current status of the operation. - enum Status { - // Not set. - STATUS_UNSPECIFIED = 0; - - // The operation has been created. - PENDING = 1; - - // The operation is currently running. - RUNNING = 2; - - // The operation is done, either cancelled or completed. - DONE = 3; - - // The operation is aborting. - ABORTING = 4; - } - - // Operation type. - enum Type { - // Not set. - TYPE_UNSPECIFIED = 0; - - // Cluster create. - CREATE_CLUSTER = 1; - - // Cluster delete. - DELETE_CLUSTER = 2; - - // A master upgrade. - UPGRADE_MASTER = 3; - - // A node upgrade. - UPGRADE_NODES = 4; - - // Cluster repair. - REPAIR_CLUSTER = 5; - - // Cluster update. - UPDATE_CLUSTER = 6; - - // Node pool create. - CREATE_NODE_POOL = 7; - - // Node pool delete. - DELETE_NODE_POOL = 8; - - // Set node pool management. - SET_NODE_POOL_MANAGEMENT = 9; - - // Automatic node pool repair. - AUTO_REPAIR_NODES = 10; - - // Automatic node upgrade. - AUTO_UPGRADE_NODES = 11; - - // Set labels. - SET_LABELS = 12; - - // Set/generate master auth materials - SET_MASTER_AUTH = 13; - - // Set node pool size. - SET_NODE_POOL_SIZE = 14; - - // Updates network policy for a cluster. - SET_NETWORK_POLICY = 15; - - // Set the maintenance policy. - SET_MAINTENANCE_POLICY = 16; - } - - // The server-assigned ID for the operation. - string name = 1; - - // The name of the Google Compute Engine - // [zone](https://cloud.google.com/compute/docs/zones#available) in which the - // operation is taking place. This field is deprecated, use location instead. - string zone = 2 [deprecated = true]; - - // The operation type. - Type operation_type = 3; - - // The current status of the operation. - Status status = 4; - - // Detailed operation progress, if available. - string detail = 8; - - // Output only. If an error has occurred, a textual description of the error. - // Deprecated. Use field error instead. - string status_message = 5 [ - deprecated = true, - (google.api.field_behavior) = OUTPUT_ONLY - ]; - - // Server-defined URL for the resource. - string self_link = 6; - - // Server-defined URL for the target of the operation. - string target_link = 7; - - // [Output only] The name of the Google Compute Engine - // [zone](https://cloud.google.com/compute/docs/regions-zones/regions-zones#available) - // or - // [region](https://cloud.google.com/compute/docs/regions-zones/regions-zones#available) - // in which the cluster resides. - string location = 9; - - // [Output only] The time the operation started, in - // [RFC3339](https://www.ietf.org/rfc/rfc3339.txt) text format. - string start_time = 10; - - // [Output only] The time the operation completed, in - // [RFC3339](https://www.ietf.org/rfc/rfc3339.txt) text format. - string end_time = 11; - - // Output only. [Output only] Progress information for an operation. - OperationProgress progress = 12 [(google.api.field_behavior) = OUTPUT_ONLY]; - - // Which conditions caused the current cluster state. - // Deprecated. Use field error instead. - repeated StatusCondition cluster_conditions = 13 [deprecated = true]; - - // Which conditions caused the current node pool state. - // Deprecated. Use field error instead. - repeated StatusCondition nodepool_conditions = 14 [deprecated = true]; - - // The error result of the operation in case of failure. - google.rpc.Status error = 15; -} - -// Information about operation (or operation stage) progress. -message OperationProgress { - // Progress metric is (string, int|float|string) pair. - message Metric { - // Required. Metric name, e.g., "nodes total", "percent done". - string name = 1 [(google.api.field_behavior) = REQUIRED]; - - // Strictly one of the values is required. - oneof value { - // For metrics with integer value. - int64 int_value = 2; - - // For metrics with floating point value. - double double_value = 3; - - // For metrics with custom values (ratios, visual progress, etc.). - string string_value = 4; - } - } - - // A non-parameterized string describing an operation stage. - // Unset for single-stage operations. - string name = 1; - - // Status of an operation stage. - // Unset for single-stage operations. - Operation.Status status = 2; - - // Progress metric bundle, for example: - // metrics: [{name: "nodes done", int_value: 15}, - // {name: "nodes total", int_value: 32}] - // or - // metrics: [{name: "progress", double_value: 0.56}, - // {name: "progress scale", double_value: 1.0}] - repeated Metric metrics = 3; - - // Substages of an operation or a stage. - repeated OperationProgress stages = 4; -} - -// CreateClusterRequest creates a cluster. -message CreateClusterRequest { - // Required. Deprecated. The Google Developers Console [project ID or project - // number](https://support.google.com/cloud/answer/6158840). - // This field has been deprecated and replaced by the parent field. - string project_id = 1 [ - deprecated = true, - (google.api.field_behavior) = REQUIRED - ]; - - // Required. Deprecated. The name of the Google Compute Engine - // [zone](https://cloud.google.com/compute/docs/zones#available) in which the - // cluster resides. This field has been deprecated and replaced by the parent - // field. - string zone = 2 [ - deprecated = true, - (google.api.field_behavior) = REQUIRED - ]; - - // Required. A [cluster - // resource](https://cloud.google.com/container-engine/reference/rest/v1beta1/projects.locations.clusters) - Cluster cluster = 3 [(google.api.field_behavior) = REQUIRED]; - - // The parent (project and location) where the cluster will be created. - // Specified in the format `projects/*/locations/*`. - string parent = 5; -} - -// GetClusterRequest gets the settings of a cluster. -message GetClusterRequest { - // Required. Deprecated. The Google Developers Console [project ID or project - // number](https://support.google.com/cloud/answer/6158840). - // This field has been deprecated and replaced by the name field. - string project_id = 1 [ - deprecated = true, - (google.api.field_behavior) = REQUIRED - ]; - - // Required. Deprecated. The name of the Google Compute Engine - // [zone](https://cloud.google.com/compute/docs/zones#available) in which the - // cluster resides. This field has been deprecated and replaced by the name - // field. - string zone = 2 [ - deprecated = true, - (google.api.field_behavior) = REQUIRED - ]; - - // Required. Deprecated. The name of the cluster to retrieve. - // This field has been deprecated and replaced by the name field. - string cluster_id = 3 [ - deprecated = true, - (google.api.field_behavior) = REQUIRED - ]; - - // The name (project, location, cluster) of the cluster to retrieve. - // Specified in the format `projects/*/locations/*/clusters/*`. - string name = 5; -} - -// UpdateClusterRequest updates the settings of a cluster. -message UpdateClusterRequest { - // Required. Deprecated. The Google Developers Console [project ID or project - // number](https://support.google.com/cloud/answer/6158840). - // This field has been deprecated and replaced by the name field. - string project_id = 1 [ - deprecated = true, - (google.api.field_behavior) = REQUIRED - ]; - - // Required. Deprecated. The name of the Google Compute Engine - // [zone](https://cloud.google.com/compute/docs/zones#available) in which the - // cluster resides. This field has been deprecated and replaced by the name - // field. - string zone = 2 [ - deprecated = true, - (google.api.field_behavior) = REQUIRED - ]; - - // Required. Deprecated. The name of the cluster to upgrade. - // This field has been deprecated and replaced by the name field. - string cluster_id = 3 [ - deprecated = true, - (google.api.field_behavior) = REQUIRED - ]; - - // Required. A description of the update. - ClusterUpdate update = 4 [(google.api.field_behavior) = REQUIRED]; - - // The name (project, location, cluster) of the cluster to update. - // Specified in the format `projects/*/locations/*/clusters/*`. - string name = 5; -} - -// SetNodePoolVersionRequest updates the version of a node pool. -message UpdateNodePoolRequest { - // Required. Deprecated. The Google Developers Console [project ID or project - // number](https://support.google.com/cloud/answer/6158840). - // This field has been deprecated and replaced by the name field. - string project_id = 1 [ - deprecated = true, - (google.api.field_behavior) = REQUIRED - ]; - - // Required. Deprecated. The name of the Google Compute Engine - // [zone](https://cloud.google.com/compute/docs/zones#available) in which the - // cluster resides. This field has been deprecated and replaced by the name - // field. - string zone = 2 [ - deprecated = true, - (google.api.field_behavior) = REQUIRED - ]; - - // Required. Deprecated. The name of the cluster to upgrade. - // This field has been deprecated and replaced by the name field. - string cluster_id = 3 [ - deprecated = true, - (google.api.field_behavior) = REQUIRED - ]; - - // Required. Deprecated. The name of the node pool to upgrade. - // This field has been deprecated and replaced by the name field. - string node_pool_id = 4 [ - deprecated = true, - (google.api.field_behavior) = REQUIRED - ]; - - // Required. The Kubernetes version to change the nodes to (typically an - // upgrade). - // - // Users may specify either explicit versions offered by Kubernetes Engine or - // version aliases, which have the following behavior: - // - // - "latest": picks the highest valid Kubernetes version - // - "1.X": picks the highest valid patch+gke.N patch in the 1.X version - // - "1.X.Y": picks the highest valid gke.N patch in the 1.X.Y version - // - "1.X.Y-gke.N": picks an explicit Kubernetes version - // - "-": picks the Kubernetes master version - string node_version = 5 [(google.api.field_behavior) = REQUIRED]; - - // Required. The desired image type for the node pool. - string image_type = 6 [(google.api.field_behavior) = REQUIRED]; - - // The desired list of Google Compute Engine - // [zones](https://cloud.google.com/compute/docs/zones#available) in which the - // node pool's nodes should be located. Changing the locations for a node pool - // will result in nodes being either created or removed from the node pool, - // depending on whether locations are being added or removed. - repeated string locations = 13; - - // The desired workload metadata config for the node pool. - WorkloadMetadataConfig workload_metadata_config = 14; - - // The name (project, location, cluster, node pool) of the node pool to - // update. Specified in the format - // `projects/*/locations/*/clusters/*/nodePools/*`. - string name = 8; - - // Upgrade settings control disruption and speed of the upgrade. - NodePool.UpgradeSettings upgrade_settings = 15; - - // Parameters that can be configured on Linux nodes. - LinuxNodeConfig linux_node_config = 19; - - // Node kubelet configs. - NodeKubeletConfig kubelet_config = 20; -} - -// SetNodePoolAutoscalingRequest sets the autoscaler settings of a node pool. -message SetNodePoolAutoscalingRequest { - // Required. Deprecated. The Google Developers Console [project ID or project - // number](https://support.google.com/cloud/answer/6158840). - // This field has been deprecated and replaced by the name field. - string project_id = 1 [ - deprecated = true, - (google.api.field_behavior) = REQUIRED - ]; - - // Required. Deprecated. The name of the Google Compute Engine - // [zone](https://cloud.google.com/compute/docs/zones#available) in which the - // cluster resides. This field has been deprecated and replaced by the name - // field. - string zone = 2 [ - deprecated = true, - (google.api.field_behavior) = REQUIRED - ]; - - // Required. Deprecated. The name of the cluster to upgrade. - // This field has been deprecated and replaced by the name field. - string cluster_id = 3 [ - deprecated = true, - (google.api.field_behavior) = REQUIRED - ]; - - // Required. Deprecated. The name of the node pool to upgrade. - // This field has been deprecated and replaced by the name field. - string node_pool_id = 4 [ - deprecated = true, - (google.api.field_behavior) = REQUIRED - ]; - - // Required. Autoscaling configuration for the node pool. - NodePoolAutoscaling autoscaling = 5 [(google.api.field_behavior) = REQUIRED]; - - // The name (project, location, cluster, node pool) of the node pool to set - // autoscaler settings. Specified in the format - // `projects/*/locations/*/clusters/*/nodePools/*`. - string name = 6; -} - -// SetLoggingServiceRequest sets the logging service of a cluster. -message SetLoggingServiceRequest { - // Required. Deprecated. The Google Developers Console [project ID or project - // number](https://support.google.com/cloud/answer/6158840). - // This field has been deprecated and replaced by the name field. - string project_id = 1 [ - deprecated = true, - (google.api.field_behavior) = REQUIRED - ]; - - // Required. Deprecated. The name of the Google Compute Engine - // [zone](https://cloud.google.com/compute/docs/zones#available) in which the - // cluster resides. This field has been deprecated and replaced by the name - // field. - string zone = 2 [ - deprecated = true, - (google.api.field_behavior) = REQUIRED - ]; - - // Required. Deprecated. The name of the cluster to upgrade. - // This field has been deprecated and replaced by the name field. - string cluster_id = 3 [ - deprecated = true, - (google.api.field_behavior) = REQUIRED - ]; - - // Required. The logging service the cluster should use to write logs. - // Currently available options: - // - // * `logging.googleapis.com/kubernetes` - The Cloud Logging - // service with a Kubernetes-native resource model - // * `logging.googleapis.com` - The legacy Cloud Logging service (no longer - // available as of GKE 1.15). - // * `none` - no logs will be exported from the cluster. - // - // If left as an empty string,`logging.googleapis.com/kubernetes` will be - // used for GKE 1.14+ or `logging.googleapis.com` for earlier versions. - string logging_service = 4 [(google.api.field_behavior) = REQUIRED]; - - // The name (project, location, cluster) of the cluster to set logging. - // Specified in the format `projects/*/locations/*/clusters/*`. - string name = 5; -} - -// SetMonitoringServiceRequest sets the monitoring service of a cluster. -message SetMonitoringServiceRequest { - // Required. Deprecated. The Google Developers Console [project ID or project - // number](https://support.google.com/cloud/answer/6158840). - // This field has been deprecated and replaced by the name field. - string project_id = 1 [ - deprecated = true, - (google.api.field_behavior) = REQUIRED - ]; - - // Required. Deprecated. The name of the Google Compute Engine - // [zone](https://cloud.google.com/compute/docs/zones#available) in which the - // cluster resides. This field has been deprecated and replaced by the name - // field. - string zone = 2 [ - deprecated = true, - (google.api.field_behavior) = REQUIRED - ]; - - // Required. Deprecated. The name of the cluster to upgrade. - // This field has been deprecated and replaced by the name field. - string cluster_id = 3 [ - deprecated = true, - (google.api.field_behavior) = REQUIRED - ]; - - // Required. The monitoring service the cluster should use to write metrics. - // Currently available options: - // - // * "monitoring.googleapis.com/kubernetes" - The Cloud Monitoring - // service with a Kubernetes-native resource model - // * `monitoring.googleapis.com` - The legacy Cloud Monitoring service (no - // longer available as of GKE 1.15). - // * `none` - No metrics will be exported from the cluster. - // - // If left as an empty string,`monitoring.googleapis.com/kubernetes` will be - // used for GKE 1.14+ or `monitoring.googleapis.com` for earlier versions. - string monitoring_service = 4 [(google.api.field_behavior) = REQUIRED]; - - // The name (project, location, cluster) of the cluster to set monitoring. - // Specified in the format `projects/*/locations/*/clusters/*`. - string name = 6; -} - -// SetAddonsRequest sets the addons associated with the cluster. -message SetAddonsConfigRequest { - // Required. Deprecated. The Google Developers Console [project ID or project - // number](https://support.google.com/cloud/answer/6158840). - // This field has been deprecated and replaced by the name field. - string project_id = 1 [ - deprecated = true, - (google.api.field_behavior) = REQUIRED - ]; - - // Required. Deprecated. The name of the Google Compute Engine - // [zone](https://cloud.google.com/compute/docs/zones#available) in which the - // cluster resides. This field has been deprecated and replaced by the name - // field. - string zone = 2 [ - deprecated = true, - (google.api.field_behavior) = REQUIRED - ]; - - // Required. Deprecated. The name of the cluster to upgrade. - // This field has been deprecated and replaced by the name field. - string cluster_id = 3 [ - deprecated = true, - (google.api.field_behavior) = REQUIRED - ]; - - // Required. The desired configurations for the various addons available to run in the - // cluster. - AddonsConfig addons_config = 4 [(google.api.field_behavior) = REQUIRED]; - - // The name (project, location, cluster) of the cluster to set addons. - // Specified in the format `projects/*/locations/*/clusters/*`. - string name = 6; -} - -// SetLocationsRequest sets the locations of the cluster. -message SetLocationsRequest { - // Required. Deprecated. The Google Developers Console [project ID or project - // number](https://support.google.com/cloud/answer/6158840). - // This field has been deprecated and replaced by the name field. - string project_id = 1 [ - deprecated = true, - (google.api.field_behavior) = REQUIRED - ]; - - // Required. Deprecated. The name of the Google Compute Engine - // [zone](https://cloud.google.com/compute/docs/zones#available) in which the - // cluster resides. This field has been deprecated and replaced by the name - // field. - string zone = 2 [ - deprecated = true, - (google.api.field_behavior) = REQUIRED - ]; - - // Required. Deprecated. The name of the cluster to upgrade. - // This field has been deprecated and replaced by the name field. - string cluster_id = 3 [ - deprecated = true, - (google.api.field_behavior) = REQUIRED - ]; - - // Required. The desired list of Google Compute Engine - // [zones](https://cloud.google.com/compute/docs/zones#available) in which the - // cluster's nodes should be located. Changing the locations a cluster is in - // will result in nodes being either created or removed from the cluster, - // depending on whether locations are being added or removed. - // - // This list must always include the cluster's primary zone. - repeated string locations = 4 [(google.api.field_behavior) = REQUIRED]; - - // The name (project, location, cluster) of the cluster to set locations. - // Specified in the format `projects/*/locations/*/clusters/*`. - string name = 6; -} - -// UpdateMasterRequest updates the master of the cluster. -message UpdateMasterRequest { - // Required. Deprecated. The Google Developers Console [project ID or project - // number](https://support.google.com/cloud/answer/6158840). - // This field has been deprecated and replaced by the name field. - string project_id = 1 [ - deprecated = true, - (google.api.field_behavior) = REQUIRED - ]; - - // Required. Deprecated. The name of the Google Compute Engine - // [zone](https://cloud.google.com/compute/docs/zones#available) in which the - // cluster resides. This field has been deprecated and replaced by the name - // field. - string zone = 2 [ - deprecated = true, - (google.api.field_behavior) = REQUIRED - ]; - - // Required. Deprecated. The name of the cluster to upgrade. - // This field has been deprecated and replaced by the name field. - string cluster_id = 3 [ - deprecated = true, - (google.api.field_behavior) = REQUIRED - ]; - - // Required. The Kubernetes version to change the master to. - // - // Users may specify either explicit versions offered by - // Kubernetes Engine or version aliases, which have the following behavior: - // - // - "latest": picks the highest valid Kubernetes version - // - "1.X": picks the highest valid patch+gke.N patch in the 1.X version - // - "1.X.Y": picks the highest valid gke.N patch in the 1.X.Y version - // - "1.X.Y-gke.N": picks an explicit Kubernetes version - // - "-": picks the default Kubernetes version - string master_version = 4 [(google.api.field_behavior) = REQUIRED]; - - // The name (project, location, cluster) of the cluster to update. - // Specified in the format `projects/*/locations/*/clusters/*`. - string name = 7; -} - -// SetMasterAuthRequest updates the admin password of a cluster. -message SetMasterAuthRequest { - // Operation type: what type update to perform. - enum Action { - // Operation is unknown and will error out. - UNKNOWN = 0; - - // Set the password to a user generated value. - SET_PASSWORD = 1; - - // Generate a new password and set it to that. - GENERATE_PASSWORD = 2; - - // Set the username. If an empty username is provided, basic authentication - // is disabled for the cluster. If a non-empty username is provided, basic - // authentication is enabled, with either a provided password or a generated - // one. - SET_USERNAME = 3; - } - - // Required. Deprecated. The Google Developers Console [project ID or project - // number](https://support.google.com/cloud/answer/6158840). - // This field has been deprecated and replaced by the name field. - string project_id = 1 [ - deprecated = true, - (google.api.field_behavior) = REQUIRED - ]; - - // Required. Deprecated. The name of the Google Compute Engine - // [zone](https://cloud.google.com/compute/docs/zones#available) in which the - // cluster resides. This field has been deprecated and replaced by the name - // field. - string zone = 2 [ - deprecated = true, - (google.api.field_behavior) = REQUIRED - ]; - - // Required. Deprecated. The name of the cluster to upgrade. - // This field has been deprecated and replaced by the name field. - string cluster_id = 3 [ - deprecated = true, - (google.api.field_behavior) = REQUIRED - ]; - - // Required. The exact form of action to be taken on the master auth. - Action action = 4 [(google.api.field_behavior) = REQUIRED]; - - // Required. A description of the update. - MasterAuth update = 5 [(google.api.field_behavior) = REQUIRED]; - - // The name (project, location, cluster) of the cluster to set auth. - // Specified in the format `projects/*/locations/*/clusters/*`. - string name = 7; -} - -// DeleteClusterRequest deletes a cluster. -message DeleteClusterRequest { - // Required. Deprecated. The Google Developers Console [project ID or project - // number](https://support.google.com/cloud/answer/6158840). - // This field has been deprecated and replaced by the name field. - string project_id = 1 [ - deprecated = true, - (google.api.field_behavior) = REQUIRED - ]; - - // Required. Deprecated. The name of the Google Compute Engine - // [zone](https://cloud.google.com/compute/docs/zones#available) in which the - // cluster resides. This field has been deprecated and replaced by the name - // field. - string zone = 2 [ - deprecated = true, - (google.api.field_behavior) = REQUIRED - ]; - - // Required. Deprecated. The name of the cluster to delete. - // This field has been deprecated and replaced by the name field. - string cluster_id = 3 [ - deprecated = true, - (google.api.field_behavior) = REQUIRED - ]; - - // The name (project, location, cluster) of the cluster to delete. - // Specified in the format `projects/*/locations/*/clusters/*`. - string name = 4; -} - -// ListClustersRequest lists clusters. -message ListClustersRequest { - // Required. Deprecated. The Google Developers Console [project ID or project - // number](https://support.google.com/cloud/answer/6158840). - // This field has been deprecated and replaced by the parent field. - string project_id = 1 [ - deprecated = true, - (google.api.field_behavior) = REQUIRED - ]; - - // Required. Deprecated. The name of the Google Compute Engine - // [zone](https://cloud.google.com/compute/docs/zones#available) in which the - // cluster resides, or "-" for all zones. This field has been deprecated and - // replaced by the parent field. - string zone = 2 [ - deprecated = true, - (google.api.field_behavior) = REQUIRED - ]; - - // The parent (project and location) where the clusters will be listed. - // Specified in the format `projects/*/locations/*`. - // Location "-" matches all zones and all regions. - string parent = 4; -} - -// ListClustersResponse is the result of ListClustersRequest. -message ListClustersResponse { - // A list of clusters in the project in the specified zone, or - // across all ones. - repeated Cluster clusters = 1; - - // If any zones are listed here, the list of clusters returned - // may be missing those zones. - repeated string missing_zones = 2; -} - -// GetOperationRequest gets a single operation. -message GetOperationRequest { - // Required. Deprecated. The Google Developers Console [project ID or project - // number](https://support.google.com/cloud/answer/6158840). - // This field has been deprecated and replaced by the name field. - string project_id = 1 [ - deprecated = true, - (google.api.field_behavior) = REQUIRED - ]; - - // Required. Deprecated. The name of the Google Compute Engine - // [zone](https://cloud.google.com/compute/docs/zones#available) in which the - // cluster resides. This field has been deprecated and replaced by the name - // field. - string zone = 2 [ - deprecated = true, - (google.api.field_behavior) = REQUIRED - ]; - - // Required. Deprecated. The server-assigned `name` of the operation. - // This field has been deprecated and replaced by the name field. - string operation_id = 3 [ - deprecated = true, - (google.api.field_behavior) = REQUIRED - ]; - - // The name (project, location, operation id) of the operation to get. - // Specified in the format `projects/*/locations/*/operations/*`. - string name = 5; -} - -// ListOperationsRequest lists operations. -message ListOperationsRequest { - // Required. Deprecated. The Google Developers Console [project ID or project - // number](https://support.google.com/cloud/answer/6158840). - // This field has been deprecated and replaced by the parent field. - string project_id = 1 [ - deprecated = true, - (google.api.field_behavior) = REQUIRED - ]; - - // Required. Deprecated. The name of the Google Compute Engine - // [zone](https://cloud.google.com/compute/docs/zones#available) to return - // operations for, or `-` for all zones. This field has been deprecated and - // replaced by the parent field. - string zone = 2 [ - deprecated = true, - (google.api.field_behavior) = REQUIRED - ]; - - // The parent (project and location) where the operations will be listed. - // Specified in the format `projects/*/locations/*`. - // Location "-" matches all zones and all regions. - string parent = 4; -} - -// CancelOperationRequest cancels a single operation. -message CancelOperationRequest { - // Required. Deprecated. The Google Developers Console [project ID or project - // number](https://support.google.com/cloud/answer/6158840). - // This field has been deprecated and replaced by the name field. - string project_id = 1 [ - deprecated = true, - (google.api.field_behavior) = REQUIRED - ]; - - // Required. Deprecated. The name of the Google Compute Engine - // [zone](https://cloud.google.com/compute/docs/zones#available) in which the - // operation resides. This field has been deprecated and replaced by the name - // field. - string zone = 2 [ - deprecated = true, - (google.api.field_behavior) = REQUIRED - ]; - - // Required. Deprecated. The server-assigned `name` of the operation. - // This field has been deprecated and replaced by the name field. - string operation_id = 3 [ - deprecated = true, - (google.api.field_behavior) = REQUIRED - ]; - - // The name (project, location, operation id) of the operation to cancel. - // Specified in the format `projects/*/locations/*/operations/*`. - string name = 4; -} - -// ListOperationsResponse is the result of ListOperationsRequest. -message ListOperationsResponse { - // A list of operations in the project in the specified zone. - repeated Operation operations = 1; - - // If any zones are listed here, the list of operations returned - // may be missing the operations from those zones. - repeated string missing_zones = 2; -} - -// Gets the current Kubernetes Engine service configuration. -message GetServerConfigRequest { - // Required. Deprecated. The Google Developers Console [project ID or project - // number](https://support.google.com/cloud/answer/6158840). - // This field has been deprecated and replaced by the name field. - string project_id = 1 [ - deprecated = true, - (google.api.field_behavior) = REQUIRED - ]; - - // Required. Deprecated. The name of the Google Compute Engine - // [zone](https://cloud.google.com/compute/docs/zones#available) to return - // operations for. This field has been deprecated and replaced by the name - // field. - string zone = 2 [ - deprecated = true, - (google.api.field_behavior) = REQUIRED - ]; - - // The name (project and location) of the server config to get, - // specified in the format `projects/*/locations/*`. - string name = 4; -} - -// Kubernetes Engine service configuration. -message ServerConfig { - // ReleaseChannelConfig exposes configuration for a release channel. - message ReleaseChannelConfig { - // Deprecated. - message AvailableVersion { - option deprecated = true; - - // Kubernetes version. - string version = 1; - - // Reason for availability. - string reason = 2; - } - - // The release channel this configuration applies to. - ReleaseChannel.Channel channel = 1; - - // The default version for newly created clusters on the channel. - string default_version = 2; - - // Deprecated. - // This field has been deprecated and replaced with the valid_versions - // field. - repeated AvailableVersion available_versions = 3 [deprecated = true]; - - // List of valid versions for the channel. - repeated string valid_versions = 4; - } - - // Version of Kubernetes the service deploys by default. - string default_cluster_version = 1; - - // List of valid node upgrade target versions, in descending order. - repeated string valid_node_versions = 3; - - // Default image type. - string default_image_type = 4; - - // List of valid image types. - repeated string valid_image_types = 5; - - // List of valid master versions, in descending order. - repeated string valid_master_versions = 6; - - // List of release channel configurations. - repeated ReleaseChannelConfig channels = 9; -} - -// CreateNodePoolRequest creates a node pool for a cluster. -message CreateNodePoolRequest { - // Required. Deprecated. The Google Developers Console [project ID or project - // number](https://developers.google.com/console/help/new/#projectnumber). - // This field has been deprecated and replaced by the parent field. - string project_id = 1 [ - deprecated = true, - (google.api.field_behavior) = REQUIRED - ]; - - // Required. Deprecated. The name of the Google Compute Engine - // [zone](https://cloud.google.com/compute/docs/zones#available) in which the - // cluster resides. This field has been deprecated and replaced by the parent - // field. - string zone = 2 [ - deprecated = true, - (google.api.field_behavior) = REQUIRED - ]; - - // Required. Deprecated. The name of the cluster. - // This field has been deprecated and replaced by the parent field. - string cluster_id = 3 [ - deprecated = true, - (google.api.field_behavior) = REQUIRED - ]; - - // Required. The node pool to create. - NodePool node_pool = 4 [(google.api.field_behavior) = REQUIRED]; - - // The parent (project, location, cluster id) where the node pool will be - // created. Specified in the format - // `projects/*/locations/*/clusters/*`. - string parent = 6; -} - -// DeleteNodePoolRequest deletes a node pool for a cluster. -message DeleteNodePoolRequest { - // Required. Deprecated. The Google Developers Console [project ID or project - // number](https://developers.google.com/console/help/new/#projectnumber). - // This field has been deprecated and replaced by the name field. - string project_id = 1 [ - deprecated = true, - (google.api.field_behavior) = REQUIRED - ]; - - // Required. Deprecated. The name of the Google Compute Engine - // [zone](https://cloud.google.com/compute/docs/zones#available) in which the - // cluster resides. This field has been deprecated and replaced by the name - // field. - string zone = 2 [ - deprecated = true, - (google.api.field_behavior) = REQUIRED - ]; - - // Required. Deprecated. The name of the cluster. - // This field has been deprecated and replaced by the name field. - string cluster_id = 3 [ - deprecated = true, - (google.api.field_behavior) = REQUIRED - ]; - - // Required. Deprecated. The name of the node pool to delete. - // This field has been deprecated and replaced by the name field. - string node_pool_id = 4 [ - deprecated = true, - (google.api.field_behavior) = REQUIRED - ]; - - // The name (project, location, cluster, node pool id) of the node pool to - // delete. Specified in the format - // `projects/*/locations/*/clusters/*/nodePools/*`. - string name = 6; -} - -// ListNodePoolsRequest lists the node pool(s) for a cluster. -message ListNodePoolsRequest { - // Required. Deprecated. The Google Developers Console [project ID or project - // number](https://developers.google.com/console/help/new/#projectnumber). - // This field has been deprecated and replaced by the parent field. - string project_id = 1 [ - deprecated = true, - (google.api.field_behavior) = REQUIRED - ]; - - // Required. Deprecated. The name of the Google Compute Engine - // [zone](https://cloud.google.com/compute/docs/zones#available) in which the - // cluster resides. This field has been deprecated and replaced by the parent - // field. - string zone = 2 [ - deprecated = true, - (google.api.field_behavior) = REQUIRED - ]; - - // Required. Deprecated. The name of the cluster. - // This field has been deprecated and replaced by the parent field. - string cluster_id = 3 [ - deprecated = true, - (google.api.field_behavior) = REQUIRED - ]; - - // The parent (project, location, cluster id) where the node pools will be - // listed. Specified in the format `projects/*/locations/*/clusters/*`. - string parent = 5; -} - -// GetNodePoolRequest retrieves a node pool for a cluster. -message GetNodePoolRequest { - // Required. Deprecated. The Google Developers Console [project ID or project - // number](https://developers.google.com/console/help/new/#projectnumber). - // This field has been deprecated and replaced by the name field. - string project_id = 1 [ - deprecated = true, - (google.api.field_behavior) = REQUIRED - ]; - - // Required. Deprecated. The name of the Google Compute Engine - // [zone](https://cloud.google.com/compute/docs/zones#available) in which the - // cluster resides. This field has been deprecated and replaced by the name - // field. - string zone = 2 [ - deprecated = true, - (google.api.field_behavior) = REQUIRED - ]; - - // Required. Deprecated. The name of the cluster. - // This field has been deprecated and replaced by the name field. - string cluster_id = 3 [ - deprecated = true, - (google.api.field_behavior) = REQUIRED - ]; - - // Required. Deprecated. The name of the node pool. - // This field has been deprecated and replaced by the name field. - string node_pool_id = 4 [ - deprecated = true, - (google.api.field_behavior) = REQUIRED - ]; - - // The name (project, location, cluster, node pool id) of the node pool to - // get. Specified in the format - // `projects/*/locations/*/clusters/*/nodePools/*`. - string name = 6; -} - -// NodePool contains the name and configuration for a cluster's node pool. -// Node pools are a set of nodes (i.e. VM's), with a common configuration and -// specification, under the control of the cluster master. They may have a set -// of Kubernetes labels applied to them, which may be used to reference them -// during pod scheduling. They may also be resized up or down, to accommodate -// the workload. -message NodePool { - // These upgrade settings control the level of parallelism and the level of - // disruption caused by an upgrade. - // - // maxUnavailable controls the number of nodes that can be simultaneously - // unavailable. - // - // maxSurge controls the number of additional nodes that can be added to the - // node pool temporarily for the time of the upgrade to increase the number of - // available nodes. - // - // (maxUnavailable + maxSurge) determines the level of parallelism (how many - // nodes are being upgraded at the same time). - // - // Note: upgrades inevitably introduce some disruption since workloads need to - // be moved from old nodes to new, upgraded ones. Even if maxUnavailable=0, - // this holds true. (Disruption stays within the limits of - // PodDisruptionBudget, if it is configured.) - // - // Consider a hypothetical node pool with 5 nodes having maxSurge=2, - // maxUnavailable=1. This means the upgrade process upgrades 3 nodes - // simultaneously. It creates 2 additional (upgraded) nodes, then it brings - // down 3 old (not yet upgraded) nodes at the same time. This ensures that - // there are always at least 4 nodes available. - message UpgradeSettings { - // The maximum number of nodes that can be created beyond the current size - // of the node pool during the upgrade process. - int32 max_surge = 1; - - // The maximum number of nodes that can be simultaneously unavailable during - // the upgrade process. A node is considered available if its status is - // Ready. - int32 max_unavailable = 2; - } - - // The current status of the node pool instance. - enum Status { - // Not set. - STATUS_UNSPECIFIED = 0; - - // The PROVISIONING state indicates the node pool is being created. - PROVISIONING = 1; - - // The RUNNING state indicates the node pool has been created - // and is fully usable. - RUNNING = 2; - - // The RUNNING_WITH_ERROR state indicates the node pool has been created - // and is partially usable. Some error state has occurred and some - // functionality may be impaired. Customer may need to reissue a request - // or trigger a new update. - RUNNING_WITH_ERROR = 3; - - // The RECONCILING state indicates that some work is actively being done on - // the node pool, such as upgrading node software. Details can - // be found in the `statusMessage` field. - RECONCILING = 4; - - // The STOPPING state indicates the node pool is being deleted. - STOPPING = 5; - - // The ERROR state indicates the node pool may be unusable. Details - // can be found in the `statusMessage` field. - ERROR = 6; - } - - // The name of the node pool. - string name = 1; - - // The node configuration of the pool. - NodeConfig config = 2; - - // The initial node count for the pool. You must ensure that your - // Compute Engine [resource quota](https://cloud.google.com/compute/quotas) - // is sufficient for this number of instances. You must also have available - // firewall and routes quota. - int32 initial_node_count = 3; - - // The list of Google Compute Engine - // [zones](https://cloud.google.com/compute/docs/zones#available) in which the - // NodePool's nodes should be located. - // - // If this value is unspecified during node pool creation, the - // [Cluster.Locations](https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1/projects.locations.clusters#Cluster.FIELDS.locations) - // value will be used, instead. - // - // Warning: changing node pool locations will result in nodes being added - // and/or removed. - repeated string locations = 13; - - // [Output only] Server-defined URL for the resource. - string self_link = 100; - - // The version of the Kubernetes of this node. - string version = 101; - - // [Output only] The resource URLs of the [managed instance - // groups](https://cloud.google.com/compute/docs/instance-groups/creating-groups-of-managed-instances) - // associated with this node pool. - repeated string instance_group_urls = 102; - - // [Output only] The status of the nodes in this pool instance. - Status status = 103; - - // [Output only] Deprecated. Use conditions instead. - // Additional information about the current status of this - // node pool instance, if available. - string status_message = 104 [deprecated = true]; - - // Autoscaler configuration for this NodePool. Autoscaler is enabled - // only if a valid configuration is present. - NodePoolAutoscaling autoscaling = 4; - - // NodeManagement configuration for this NodePool. - NodeManagement management = 5; - - // The constraint on the maximum number of pods that can be run - // simultaneously on a node in the node pool. - MaxPodsConstraint max_pods_constraint = 6; - - // Which conditions caused the current node pool state. - repeated StatusCondition conditions = 105; - - // [Output only] The pod CIDR block size per node in this node pool. - int32 pod_ipv4_cidr_size = 7; - - // Upgrade settings control disruption and speed of the upgrade. - UpgradeSettings upgrade_settings = 107; -} - -// NodeManagement defines the set of node management services turned on for the -// node pool. -message NodeManagement { - // Whether the nodes will be automatically upgraded. - bool auto_upgrade = 1; - - // Whether the nodes will be automatically repaired. - bool auto_repair = 2; - - // Specifies the Auto Upgrade knobs for the node pool. - AutoUpgradeOptions upgrade_options = 10; -} - -// AutoUpgradeOptions defines the set of options for the user to control how -// the Auto Upgrades will proceed. -message AutoUpgradeOptions { - // [Output only] This field is set when upgrades are about to commence - // with the approximate start time for the upgrades, in - // [RFC3339](https://www.ietf.org/rfc/rfc3339.txt) text format. - string auto_upgrade_start_time = 1; - - // [Output only] This field is set when upgrades are about to commence - // with the description of the upgrade. - string description = 2; -} - -// MaintenancePolicy defines the maintenance policy to be used for the cluster. -message MaintenancePolicy { - // Specifies the maintenance window in which maintenance may be performed. - MaintenanceWindow window = 1; - - // A hash identifying the version of this policy, so that updates to fields of - // the policy won't accidentally undo intermediate changes (and so that users - // of the API unaware of some fields won't accidentally remove other fields). - // Make a `get()` request to the cluster to get the current - // resource version and include it with requests to set the policy. - string resource_version = 3; -} - -// MaintenanceWindow defines the maintenance window to be used for the cluster. -message MaintenanceWindow { - // Unimplemented, reserved for future use. - // HourlyMaintenanceWindow hourly_maintenance_window = 1; - oneof policy { - // DailyMaintenanceWindow specifies a daily maintenance operation window. - DailyMaintenanceWindow daily_maintenance_window = 2; - - // RecurringWindow specifies some number of recurring time periods for - // maintenance to occur. The time windows may be overlapping. If no - // maintenance windows are set, maintenance can occur at any time. - RecurringTimeWindow recurring_window = 3; - } - - // Exceptions to maintenance window. Non-emergency maintenance should not - // occur in these windows. - map maintenance_exclusions = 4; -} - -// Represents an arbitrary window of time. -message TimeWindow { - // The time that the window first starts. - google.protobuf.Timestamp start_time = 1; - - // The time that the window ends. The end time should take place after the - // start time. - google.protobuf.Timestamp end_time = 2; -} - -// Represents an arbitrary window of time that recurs. -message RecurringTimeWindow { - // The window of the first recurrence. - TimeWindow window = 1; - - // An RRULE (https://tools.ietf.org/html/rfc5545#section-3.8.5.3) for how - // this window reccurs. They go on for the span of time between the start and - // end time. - // - // For example, to have something repeat every weekday, you'd use: - // `FREQ=WEEKLY;BYDAY=MO,TU,WE,TH,FR` - // - // To repeat some window daily (equivalent to the DailyMaintenanceWindow): - // `FREQ=DAILY` - // - // For the first weekend of every month: - // `FREQ=MONTHLY;BYSETPOS=1;BYDAY=SA,SU` - // - // This specifies how frequently the window starts. Eg, if you wanted to have - // a 9-5 UTC-4 window every weekday, you'd use something like: - // ``` - // start time = 2019-01-01T09:00:00-0400 - // end time = 2019-01-01T17:00:00-0400 - // recurrence = FREQ=WEEKLY;BYDAY=MO,TU,WE,TH,FR - // ``` - // - // Windows can span multiple days. Eg, to make the window encompass every - // weekend from midnight Saturday till the last minute of Sunday UTC: - // ``` - // start time = 2019-01-05T00:00:00Z - // end time = 2019-01-07T23:59:00Z - // recurrence = FREQ=WEEKLY;BYDAY=SA - // ``` - // - // Note the start and end time's specific dates are largely arbitrary except - // to specify duration of the window and when it first starts. - // The FREQ values of HOURLY, MINUTELY, and SECONDLY are not supported. - string recurrence = 2; -} - -// Time window specified for daily maintenance operations. -message DailyMaintenanceWindow { - // Time within the maintenance window to start the maintenance operations. - // It must be in format "HH:MM", where HH : [00-23] and MM : [00-59] GMT. - string start_time = 2; - - // [Output only] Duration of the time window, automatically chosen to be - // smallest possible in the given scenario. - string duration = 3; -} - -// SetNodePoolManagementRequest sets the node management properties of a node -// pool. -message SetNodePoolManagementRequest { - // Required. Deprecated. The Google Developers Console [project ID or project - // number](https://support.google.com/cloud/answer/6158840). - // This field has been deprecated and replaced by the name field. - string project_id = 1 [ - deprecated = true, - (google.api.field_behavior) = REQUIRED - ]; - - // Required. Deprecated. The name of the Google Compute Engine - // [zone](https://cloud.google.com/compute/docs/zones#available) in which the - // cluster resides. This field has been deprecated and replaced by the name - // field. - string zone = 2 [ - deprecated = true, - (google.api.field_behavior) = REQUIRED - ]; - - // Required. Deprecated. The name of the cluster to update. - // This field has been deprecated and replaced by the name field. - string cluster_id = 3 [ - deprecated = true, - (google.api.field_behavior) = REQUIRED - ]; - - // Required. Deprecated. The name of the node pool to update. - // This field has been deprecated and replaced by the name field. - string node_pool_id = 4 [ - deprecated = true, - (google.api.field_behavior) = REQUIRED - ]; - - // Required. NodeManagement configuration for the node pool. - NodeManagement management = 5 [(google.api.field_behavior) = REQUIRED]; - - // The name (project, location, cluster, node pool id) of the node pool to set - // management properties. Specified in the format - // `projects/*/locations/*/clusters/*/nodePools/*`. - string name = 7; -} - -// SetNodePoolSizeRequest sets the size a node -// pool. -message SetNodePoolSizeRequest { - // Required. Deprecated. The Google Developers Console [project ID or project - // number](https://support.google.com/cloud/answer/6158840). - // This field has been deprecated and replaced by the name field. - string project_id = 1 [ - deprecated = true, - (google.api.field_behavior) = REQUIRED - ]; - - // Required. Deprecated. The name of the Google Compute Engine - // [zone](https://cloud.google.com/compute/docs/zones#available) in which the - // cluster resides. This field has been deprecated and replaced by the name - // field. - string zone = 2 [ - deprecated = true, - (google.api.field_behavior) = REQUIRED - ]; - - // Required. Deprecated. The name of the cluster to update. - // This field has been deprecated and replaced by the name field. - string cluster_id = 3 [ - deprecated = true, - (google.api.field_behavior) = REQUIRED - ]; - - // Required. Deprecated. The name of the node pool to update. - // This field has been deprecated and replaced by the name field. - string node_pool_id = 4 [ - deprecated = true, - (google.api.field_behavior) = REQUIRED - ]; - - // Required. The desired node count for the pool. - int32 node_count = 5 [(google.api.field_behavior) = REQUIRED]; - - // The name (project, location, cluster, node pool id) of the node pool to set - // size. - // Specified in the format `projects/*/locations/*/clusters/*/nodePools/*`. - string name = 7; -} - -// RollbackNodePoolUpgradeRequest rollbacks the previously Aborted or Failed -// NodePool upgrade. This will be an no-op if the last upgrade successfully -// completed. -message RollbackNodePoolUpgradeRequest { - // Required. Deprecated. The Google Developers Console [project ID or project - // number](https://support.google.com/cloud/answer/6158840). - // This field has been deprecated and replaced by the name field. - string project_id = 1 [ - deprecated = true, - (google.api.field_behavior) = REQUIRED - ]; - - // Required. Deprecated. The name of the Google Compute Engine - // [zone](https://cloud.google.com/compute/docs/zones#available) in which the - // cluster resides. This field has been deprecated and replaced by the name - // field. - string zone = 2 [ - deprecated = true, - (google.api.field_behavior) = REQUIRED - ]; - - // Required. Deprecated. The name of the cluster to rollback. - // This field has been deprecated and replaced by the name field. - string cluster_id = 3 [ - deprecated = true, - (google.api.field_behavior) = REQUIRED - ]; - - // Required. Deprecated. The name of the node pool to rollback. - // This field has been deprecated and replaced by the name field. - string node_pool_id = 4 [ - deprecated = true, - (google.api.field_behavior) = REQUIRED - ]; - - // The name (project, location, cluster, node pool id) of the node poll to - // rollback upgrade. - // Specified in the format `projects/*/locations/*/clusters/*/nodePools/*`. - string name = 6; -} - -// ListNodePoolsResponse is the result of ListNodePoolsRequest. -message ListNodePoolsResponse { - // A list of node pools for a cluster. - repeated NodePool node_pools = 1; -} - -// ClusterAutoscaling contains global, per-cluster information -// required by Cluster Autoscaler to automatically adjust -// the size of the cluster and create/delete -// node pools based on the current needs. -message ClusterAutoscaling { - // Defines possible options for autoscaling_profile field. - enum AutoscalingProfile { - // No change to autoscaling configuration. - PROFILE_UNSPECIFIED = 0; - - // Prioritize optimizing utilization of resources. - OPTIMIZE_UTILIZATION = 1; - - // Use default (balanced) autoscaling configuration. - BALANCED = 2; - } - - // Enables automatic node pool creation and deletion. - bool enable_node_autoprovisioning = 1; - - // Contains global constraints regarding minimum and maximum - // amount of resources in the cluster. - repeated ResourceLimit resource_limits = 2; - - // Defines autoscaling behaviour. - AutoscalingProfile autoscaling_profile = 3; - - // AutoprovisioningNodePoolDefaults contains defaults for a node pool - // created by NAP. - AutoprovisioningNodePoolDefaults autoprovisioning_node_pool_defaults = 4; - - // The list of Google Compute Engine - // [zones](https://cloud.google.com/compute/docs/zones#available) in which the - // NodePool's nodes can be created by NAP. - repeated string autoprovisioning_locations = 5; -} - -// AutoprovisioningNodePoolDefaults contains defaults for a node pool created -// by NAP. -message AutoprovisioningNodePoolDefaults { - // The set of Google API scopes to be made available on all of the - // node VMs under the "default" service account. - // - // The following scopes are recommended, but not required, and by default are - // not included: - // - // * `https://www.googleapis.com/auth/compute` is required for mounting - // persistent storage on your nodes. - // * `https://www.googleapis.com/auth/devstorage.read_only` is required for - // communicating with **gcr.io** - // (the [Google Container - // Registry](https://cloud.google.com/container-registry/)). - // - // If unspecified, no scopes are added, unless Cloud Logging or Cloud - // Monitoring are enabled, in which case their required scopes will be added. - repeated string oauth_scopes = 1; - - // The Google Cloud Platform Service Account to be used by the node VMs. - // Specify the email address of the Service Account; otherwise, if no Service - // Account is specified, the "default" service account is used. - string service_account = 2; - - // Upgrade settings control disruption and speed of the upgrade. - NodePool.UpgradeSettings upgrade_settings = 3; - - // NodeManagement configuration for this NodePool. - NodeManagement management = 4; - - // Minimum CPU platform to be used by this instance. The instance may be - // scheduled on the specified or newer CPU platform. Applicable values are the - // friendly names of CPU platforms, such as - // `minCpuPlatform: "Intel Haswell"` or - // `minCpuPlatform: "Intel Sandy Bridge"`. For more - // information, read [how to specify min CPU - // platform](https://cloud.google.com/compute/docs/instances/specify-min-cpu-platform) - // To unset the min cpu platform field pass "automatic" - // as field value. - string min_cpu_platform = 5; - - // Size of the disk attached to each node, specified in GB. - // The smallest allowed disk size is 10GB. - // - // If unspecified, the default disk size is 100GB. - int32 disk_size_gb = 6; - - // Type of the disk attached to each node (e.g. 'pd-standard', 'pd-ssd' or - // 'pd-balanced') - // - // If unspecified, the default disk type is 'pd-standard' - string disk_type = 7; - - // Shielded Instance options. - ShieldedInstanceConfig shielded_instance_config = 8; - - // - // The Customer Managed Encryption Key used to encrypt the boot disk attached - // to each node in the node pool. This should be of the form - // projects/[KEY_PROJECT_ID]/locations/[LOCATION]/keyRings/[RING_NAME]/cryptoKeys/[KEY_NAME]. - // For more information about protecting resources with Cloud KMS Keys please - // see: - // https://cloud.google.com/compute/docs/disks/customer-managed-encryption - string boot_disk_kms_key = 9; -} - -// Contains information about amount of some resource in the cluster. -// For memory, value should be in GB. -message ResourceLimit { - // Resource name "cpu", "memory" or gpu-specific string. - string resource_type = 1; - - // Minimum amount of the resource in the cluster. - int64 minimum = 2; - - // Maximum amount of the resource in the cluster. - int64 maximum = 3; -} - -// NodePoolAutoscaling contains information required by cluster autoscaler to -// adjust the size of the node pool to the current cluster usage. -message NodePoolAutoscaling { - // Is autoscaling enabled for this node pool. - bool enabled = 1; - - // Minimum number of nodes in the NodePool. Must be >= 1 and <= - // max_node_count. - int32 min_node_count = 2; - - // Maximum number of nodes in the NodePool. Must be >= min_node_count. There - // has to enough quota to scale up the cluster. - int32 max_node_count = 3; - - // Can this node pool be deleted automatically. - bool autoprovisioned = 4; -} - -// SetLabelsRequest sets the Google Cloud Platform labels on a Google Container -// Engine cluster, which will in turn set them for Google Compute Engine -// resources used by that cluster -message SetLabelsRequest { - // Required. Deprecated. The Google Developers Console [project ID or project - // number](https://developers.google.com/console/help/new/#projectnumber). - // This field has been deprecated and replaced by the name field. - string project_id = 1 [ - deprecated = true, - (google.api.field_behavior) = REQUIRED - ]; - - // Required. Deprecated. The name of the Google Compute Engine - // [zone](https://cloud.google.com/compute/docs/zones#available) in which the - // cluster resides. This field has been deprecated and replaced by the name - // field. - string zone = 2 [ - deprecated = true, - (google.api.field_behavior) = REQUIRED - ]; - - // Required. Deprecated. The name of the cluster. - // This field has been deprecated and replaced by the name field. - string cluster_id = 3 [ - deprecated = true, - (google.api.field_behavior) = REQUIRED - ]; - - // Required. The labels to set for that cluster. - map resource_labels = 4 [(google.api.field_behavior) = REQUIRED]; - - // Required. The fingerprint of the previous set of labels for this resource, - // used to detect conflicts. The fingerprint is initially generated by - // Kubernetes Engine and changes after every request to modify or update - // labels. You must always provide an up-to-date fingerprint hash when - // updating or changing labels. Make a `get()` request to the - // resource to get the latest fingerprint. - string label_fingerprint = 5 [(google.api.field_behavior) = REQUIRED]; - - // The name (project, location, cluster id) of the cluster to set labels. - // Specified in the format `projects/*/locations/*/clusters/*`. - string name = 7; -} - -// SetLegacyAbacRequest enables or disables the ABAC authorization mechanism for -// a cluster. -message SetLegacyAbacRequest { - // Required. Deprecated. The Google Developers Console [project ID or project - // number](https://support.google.com/cloud/answer/6158840). - // This field has been deprecated and replaced by the name field. - string project_id = 1 [ - deprecated = true, - (google.api.field_behavior) = REQUIRED - ]; - - // Required. Deprecated. The name of the Google Compute Engine - // [zone](https://cloud.google.com/compute/docs/zones#available) in which the - // cluster resides. This field has been deprecated and replaced by the name - // field. - string zone = 2 [ - deprecated = true, - (google.api.field_behavior) = REQUIRED - ]; - - // Required. Deprecated. The name of the cluster to update. - // This field has been deprecated and replaced by the name field. - string cluster_id = 3 [ - deprecated = true, - (google.api.field_behavior) = REQUIRED - ]; - - // Required. Whether ABAC authorization will be enabled in the cluster. - bool enabled = 4 [(google.api.field_behavior) = REQUIRED]; - - // The name (project, location, cluster id) of the cluster to set legacy abac. - // Specified in the format `projects/*/locations/*/clusters/*`. - string name = 6; -} - -// StartIPRotationRequest creates a new IP for the cluster and then performs -// a node upgrade on each node pool to point to the new IP. -message StartIPRotationRequest { - // Required. Deprecated. The Google Developers Console [project ID or project - // number](https://developers.google.com/console/help/new/#projectnumber). - // This field has been deprecated and replaced by the name field. - string project_id = 1 [ - deprecated = true, - (google.api.field_behavior) = REQUIRED - ]; - - // Required. Deprecated. The name of the Google Compute Engine - // [zone](https://cloud.google.com/compute/docs/zones#available) in which the - // cluster resides. This field has been deprecated and replaced by the name - // field. - string zone = 2 [ - deprecated = true, - (google.api.field_behavior) = REQUIRED - ]; - - // Required. Deprecated. The name of the cluster. - // This field has been deprecated and replaced by the name field. - string cluster_id = 3 [ - deprecated = true, - (google.api.field_behavior) = REQUIRED - ]; - - // The name (project, location, cluster id) of the cluster to start IP - // rotation. Specified in the format `projects/*/locations/*/clusters/*`. - string name = 6; - - // Whether to rotate credentials during IP rotation. - bool rotate_credentials = 7; -} - -// CompleteIPRotationRequest moves the cluster master back into single-IP mode. -message CompleteIPRotationRequest { - // Required. Deprecated. The Google Developers Console [project ID or project - // number](https://developers.google.com/console/help/new/#projectnumber). - // This field has been deprecated and replaced by the name field. - string project_id = 1 [ - deprecated = true, - (google.api.field_behavior) = REQUIRED - ]; - - // Required. Deprecated. The name of the Google Compute Engine - // [zone](https://cloud.google.com/compute/docs/zones#available) in which the - // cluster resides. This field has been deprecated and replaced by the name - // field. - string zone = 2 [ - deprecated = true, - (google.api.field_behavior) = REQUIRED - ]; - - // Required. Deprecated. The name of the cluster. - // This field has been deprecated and replaced by the name field. - string cluster_id = 3 [ - deprecated = true, - (google.api.field_behavior) = REQUIRED - ]; - - // The name (project, location, cluster id) of the cluster to complete IP - // rotation. Specified in the format `projects/*/locations/*/clusters/*`. - string name = 7; -} - -// AcceleratorConfig represents a Hardware Accelerator request. -message AcceleratorConfig { - // The number of the accelerator cards exposed to an instance. - int64 accelerator_count = 1; - - // The accelerator type resource name. List of supported accelerators - // [here](https://cloud.google.com/compute/docs/gpus) - string accelerator_type = 2; -} - -// WorkloadMetadataConfig defines the metadata configuration to expose to -// workloads on the node pool. -message WorkloadMetadataConfig { - // NodeMetadata is the configuration for if and how to expose the node - // metadata to the workload running on the node. - enum NodeMetadata { - // Not set. - UNSPECIFIED = 0; - - // Prevent workloads not in hostNetwork from accessing certain VM metadata, - // specifically kube-env, which contains Kubelet credentials, and the - // instance identity token. - // - // Metadata concealment is a temporary security solution available while the - // bootstrapping process for cluster nodes is being redesigned with - // significant security improvements. This feature is scheduled to be - // deprecated in the future and later removed. - SECURE = 1; - - // Expose all VM metadata to pods. - EXPOSE = 2; - - // Run the GKE Metadata Server on this node. The GKE Metadata Server exposes - // a metadata API to workloads that is compatible with the V1 Compute - // Metadata APIs exposed by the Compute Engine and App Engine Metadata - // Servers. This feature can only be enabled if Workload Identity is enabled - // at the cluster level. - GKE_METADATA_SERVER = 3; - } - - // Mode is the configuration for how to expose metadata to workloads running - // on the node. - enum Mode { - // Not set. - MODE_UNSPECIFIED = 0; - - // Expose all Compute Engine metadata to pods. - GCE_METADATA = 1; - - // Run the GKE Metadata Server on this node. The GKE Metadata Server exposes - // a metadata API to workloads that is compatible with the V1 Compute - // Metadata APIs exposed by the Compute Engine and App Engine Metadata - // Servers. This feature can only be enabled if Workload Identity is enabled - // at the cluster level. - GKE_METADATA = 2; - } - - // NodeMetadata is the configuration for how to expose metadata to the - // workloads running on the node. - NodeMetadata node_metadata = 1 [deprecated = true]; - - // Mode is the configuration for how to expose metadata to workloads running - // on the node pool. - Mode mode = 2; -} - -// SetNetworkPolicyRequest enables/disables network policy for a cluster. -message SetNetworkPolicyRequest { - // Required. Deprecated. The Google Developers Console [project ID or project - // number](https://developers.google.com/console/help/new/#projectnumber). - // This field has been deprecated and replaced by the name field. - string project_id = 1 [ - deprecated = true, - (google.api.field_behavior) = REQUIRED - ]; - - // Required. Deprecated. The name of the Google Compute Engine - // [zone](https://cloud.google.com/compute/docs/zones#available) in which the - // cluster resides. This field has been deprecated and replaced by the name - // field. - string zone = 2 [ - deprecated = true, - (google.api.field_behavior) = REQUIRED - ]; - - // Required. Deprecated. The name of the cluster. - // This field has been deprecated and replaced by the name field. - string cluster_id = 3 [ - deprecated = true, - (google.api.field_behavior) = REQUIRED - ]; - - // Required. Configuration options for the NetworkPolicy feature. - NetworkPolicy network_policy = 4 [(google.api.field_behavior) = REQUIRED]; - - // The name (project, location, cluster id) of the cluster to set networking - // policy. Specified in the format `projects/*/locations/*/clusters/*`. - string name = 6; -} - -// SetMaintenancePolicyRequest sets the maintenance policy for a cluster. -message SetMaintenancePolicyRequest { - // Required. The Google Developers Console [project ID or project - // number](https://support.google.com/cloud/answer/6158840). - string project_id = 1 [(google.api.field_behavior) = REQUIRED]; - - // Required. The name of the Google Compute Engine - // [zone](https://cloud.google.com/compute/docs/zones#available) in which the - // cluster resides. - string zone = 2 [(google.api.field_behavior) = REQUIRED]; - - // Required. The name of the cluster to update. - string cluster_id = 3 [(google.api.field_behavior) = REQUIRED]; - - // Required. The maintenance policy to be set for the cluster. An empty field - // clears the existing maintenance policy. - MaintenancePolicy maintenance_policy = 4 [(google.api.field_behavior) = REQUIRED]; - - // The name (project, location, cluster id) of the cluster to set maintenance - // policy. - // Specified in the format `projects/*/locations/*/clusters/*`. - string name = 5; -} - -// ListLocationsRequest is used to request the locations that offer GKE. -message ListLocationsRequest { - // Required. Contains the name of the resource requested. - // Specified in the format `projects/*`. - string parent = 1 [(google.api.field_behavior) = REQUIRED]; -} - -// ListLocationsResponse returns the list of all GKE locations and their -// recommendation state. -message ListLocationsResponse { - // A full list of GKE locations. - repeated Location locations = 1; - - // Only return ListLocationsResponse that occur after the page_token. This - // value should be populated from the ListLocationsResponse.next_page_token if - // that response token was set (which happens when listing more Locations than - // fit in a single ListLocationsResponse). - string next_page_token = 2; -} - -// Location returns the location name, and if the location is recommended -// for GKE cluster scheduling. -message Location { - // LocationType is the type of GKE location, regional or zonal. - enum LocationType { - // LOCATION_TYPE_UNSPECIFIED means the location type was not determined. - LOCATION_TYPE_UNSPECIFIED = 0; - - // A GKE Location where Zonal clusters can be created. - ZONE = 1; - - // A GKE Location where Regional clusters can be created. - REGION = 2; - } - - // Contains the type of location this Location is for. - // Regional or Zonal. - LocationType type = 1; - - // Contains the name of the resource requested. - // Specified in the format `projects/*/locations/*`. - string name = 2; - - // Whether the location is recomended for GKE cluster scheduling. - bool recommended = 3; -} - -// StatusCondition describes why a cluster or a node pool has a certain status -// (e.g., ERROR or DEGRADED). -message StatusCondition { - // Code for each condition - enum Code { - // UNKNOWN indicates a generic condition. - UNKNOWN = 0; - - // GCE_STOCKOUT indicates that Google Compute Engine resources are - // temporarily unavailable. - GCE_STOCKOUT = 1; - - // GKE_SERVICE_ACCOUNT_DELETED indicates that the user deleted their robot - // service account. - GKE_SERVICE_ACCOUNT_DELETED = 2; - - // Google Compute Engine quota was exceeded. - GCE_QUOTA_EXCEEDED = 3; - - // Cluster state was manually changed by an SRE due to a system logic error. - SET_BY_OPERATOR = 4; - - // Unable to perform an encrypt operation against the CloudKMS key used for - // etcd level encryption. - // More codes TBA - CLOUD_KMS_KEY_ERROR = 7; - } - - // Machine-friendly representation of the condition - // Deprecated. Use canonical_code instead. - Code code = 1 [deprecated = true]; - - // Human-friendly representation of the condition - string message = 2; - - // Canonical code of the condition. - google.rpc.Code canonical_code = 3; -} - -// NetworkConfig reports the relative names of network & subnetwork. -message NetworkConfig { - // Output only. The relative name of the Google Compute Engine - // [network][google.container.v1beta1.NetworkConfig.network](https://cloud.google.com/compute/docs/networks-and-firewalls#networks) - // to which the cluster is connected. Example: - // projects/my-project/global/networks/my-network - string network = 1; - - // Output only. The relative name of the Google Compute Engine - // [subnetwork](https://cloud.google.com/compute/docs/vpc) to which the - // cluster is connected. Example: - // projects/my-project/regions/us-central1/subnetworks/my-subnet - string subnetwork = 2; - - // Whether Intra-node visibility is enabled for this cluster. - // This makes same node pod to pod traffic visible for VPC network. - bool enable_intra_node_visibility = 5; - - // Whether the cluster disables default in-node sNAT rules. In-node sNAT rules - // will be disabled when default_snat_status is disabled. When disabled is set - // to false, default IP masquerade rules will be applied to the nodes to - // prevent sNAT on cluster internal traffic. - DefaultSnatStatus default_snat_status = 7; - - // The desired datapath provider for this cluster. By default, uses the - // IPTables-based kube-proxy implementation. - DatapathProvider datapath_provider = 11; -} - -// ListUsableSubnetworksRequest requests the list of usable subnetworks. -// available to a user for creating clusters. -message ListUsableSubnetworksRequest { - // Required. The parent project where subnetworks are usable. - // Specified in the format `projects/*`. - string parent = 1 [(google.api.field_behavior) = REQUIRED]; - - // Filtering currently only supports equality on the networkProjectId and must - // be in the form: "networkProjectId=[PROJECTID]", where `networkProjectId` - // is the project which owns the listed subnetworks. This defaults to the - // parent project ID. - string filter = 2; - - // The max number of results per page that should be returned. If the number - // of available results is larger than `page_size`, a `next_page_token` is - // returned which can be used to get the next page of results in subsequent - // requests. Acceptable values are 0 to 500, inclusive. (Default: 500) - int32 page_size = 3; - - // Specifies a page token to use. Set this to the nextPageToken returned by - // previous list requests to get the next page of results. - string page_token = 4; -} - -// ListUsableSubnetworksResponse is the response of -// ListUsableSubnetworksRequest. -message ListUsableSubnetworksResponse { - // A list of usable subnetworks in the specified network project. - repeated UsableSubnetwork subnetworks = 1; - - // This token allows you to get the next page of results for list requests. - // If the number of results is larger than `page_size`, use the - // `next_page_token` as a value for the query parameter `page_token` in the - // next request. The value will become empty when there are no more pages. - string next_page_token = 2; -} - -// Secondary IP range of a usable subnetwork. -message UsableSubnetworkSecondaryRange { - // Status shows the current usage of a secondary IP range. - enum Status { - // UNKNOWN is the zero value of the Status enum. It's not a valid status. - UNKNOWN = 0; - - // UNUSED denotes that this range is unclaimed by any cluster. - UNUSED = 1; - - // IN_USE_SERVICE denotes that this range is claimed by a cluster for - // services. It cannot be used for other clusters. - IN_USE_SERVICE = 2; - - // IN_USE_SHAREABLE_POD denotes this range was created by the network admin - // and is currently claimed by a cluster for pods. It can only be used by - // other clusters as a pod range. - IN_USE_SHAREABLE_POD = 3; - - // IN_USE_MANAGED_POD denotes this range was created by GKE and is claimed - // for pods. It cannot be used for other clusters. - IN_USE_MANAGED_POD = 4; - } - - // The name associated with this subnetwork secondary range, used when adding - // an alias IP range to a VM instance. - string range_name = 1; - - // The range of IP addresses belonging to this subnetwork secondary range. - string ip_cidr_range = 2; - - // This field is to determine the status of the secondary range programmably. - Status status = 3; -} - -// UsableSubnetwork resource returns the subnetwork name, its associated network -// and the primary CIDR range. -message UsableSubnetwork { - // Subnetwork Name. - // Example: projects/my-project/regions/us-central1/subnetworks/my-subnet - string subnetwork = 1; - - // Network Name. - // Example: projects/my-project/global/networks/my-network - string network = 2; - - // The range of internal addresses that are owned by this subnetwork. - string ip_cidr_range = 3; - - // Secondary IP ranges. - repeated UsableSubnetworkSecondaryRange secondary_ip_ranges = 4; - - // A human readable status message representing the reasons for cases where - // the caller cannot use the secondary ranges under the subnet. For example if - // the secondary_ip_ranges is empty due to a permission issue, an insufficient - // permission message will be given by status_message. - string status_message = 5; -} - -// VerticalPodAutoscaling contains global, per-cluster information -// required by Vertical Pod Autoscaler to automatically adjust -// the resources of pods controlled by it. -message VerticalPodAutoscaling { - // Enables vertical pod autoscaling. - bool enabled = 1; -} - -// DefaultSnatStatus contains the desired state of whether default sNAT should -// be disabled on the cluster. -message DefaultSnatStatus { - // Disables cluster default sNAT rules. - bool disabled = 1; -} - -// IntraNodeVisibilityConfig contains the desired config of the intra-node -// visibility on this cluster. -message IntraNodeVisibilityConfig { - // Enables intra node visibility for this cluster. - bool enabled = 1; -} - -// Constraints applied to pods. -message MaxPodsConstraint { - // Constraint enforced on the max num of pods per node. - int64 max_pods_per_node = 1; -} - -// Configuration for the use of Kubernetes Service Accounts in GCP IAM -// policies. -message WorkloadIdentityConfig { - // IAM Identity Namespace to attach all Kubernetes Service Accounts to. - string identity_namespace = 1 [deprecated = true]; - - // The workload pool to attach all Kubernetes service accounts to. - string workload_pool = 2; - - // identity provider is the third party identity provider. - string identity_provider = 3; -} - -// Configuration of etcd encryption. -message DatabaseEncryption { - // State of etcd encryption. - enum State { - // Should never be set - UNKNOWN = 0; - - // Secrets in etcd are encrypted. - ENCRYPTED = 1; - - // Secrets in etcd are stored in plain text (at etcd level) - this is - // unrelated to Compute Engine level full disk encryption. - DECRYPTED = 2; - } - - // Denotes the state of etcd encryption. - State state = 2; - - // Name of CloudKMS key to use for the encryption of secrets in etcd. - // Ex. projects/my-project/locations/global/keyRings/my-ring/cryptoKeys/my-key - string key_name = 1; -} - -// Configuration for exporting cluster resource usages. -message ResourceUsageExportConfig { - // Parameters for using BigQuery as the destination of resource usage export. - message BigQueryDestination { - // The ID of a BigQuery Dataset. - string dataset_id = 1; - } - - // Parameters for controlling consumption metering. - message ConsumptionMeteringConfig { - // Whether to enable consumption metering for this cluster. If enabled, a - // second BigQuery table will be created to hold resource consumption - // records. - bool enabled = 1; - } - - // Configuration to use BigQuery as usage export destination. - BigQueryDestination bigquery_destination = 1; - - // Whether to enable network egress metering for this cluster. If enabled, a - // daemonset will be created in the cluster to meter network egress traffic. - bool enable_network_egress_metering = 2; - - // Configuration to enable resource consumption metering. - ConsumptionMeteringConfig consumption_metering_config = 3; -} - -// Configuration of Shielded Nodes feature. -message ShieldedNodes { - // Whether Shielded Nodes features are enabled on all nodes in this cluster. - bool enabled = 1; -} - -// GetOpenIDConfigRequest gets the OIDC discovery document for the -// cluster. See the OpenID Connect Discovery 1.0 specification for details. -message GetOpenIDConfigRequest { - // The cluster (project, location, cluster id) to get the discovery document - // for. Specified in the format `projects/*/locations/*/clusters/*`. - string parent = 1; -} - -// GetOpenIDConfigResponse is an OIDC discovery document for the cluster. -// See the OpenID Connect Discovery 1.0 specification for details. -message GetOpenIDConfigResponse { - // OIDC Issuer. - string issuer = 1; - - // JSON Web Key uri. - string jwks_uri = 2; - - // Supported response types. - repeated string response_types_supported = 3; - - // Supported subject types. - repeated string subject_types_supported = 4; - - // supported ID Token signing Algorithms. - repeated string id_token_signing_alg_values_supported = 5; - - // Supported claims. - repeated string claims_supported = 6; - - // Supported grant types. - repeated string grant_types = 7; -} - -// GetJSONWebKeysRequest gets the public component of the keys used by the -// cluster to sign token requests. This will be the jwks_uri for the discover -// document returned by getOpenIDConfig. See the OpenID Connect -// Discovery 1.0 specification for details. -message GetJSONWebKeysRequest { - // The cluster (project, location, cluster id) to get keys for. Specified in - // the format `projects/*/locations/*/clusters/*`. - string parent = 1; -} - -// Jwk is a JSON Web Key as specified in RFC 7517 -message Jwk { - // Key Type. - string kty = 1; - - // Algorithm. - string alg = 2; - - // Permitted uses for the public keys. - string use = 3; - - // Key ID. - string kid = 4; - - // Used for RSA keys. - string n = 5; - - // Used for RSA keys. - string e = 6; - - // Used for ECDSA keys. - string x = 7; - - // Used for ECDSA keys. - string y = 8; - - // Used for ECDSA keys. - string crv = 9; -} - -// GetJSONWebKeysResponse is a valid JSON Web Key Set as specififed in rfc 7517 -message GetJSONWebKeysResponse { - // The public component of the keys used by the cluster to sign token - // requests. - repeated Jwk keys = 1; -} - -// ReleaseChannel indicates which release channel a cluster is -// subscribed to. Release channels are arranged in order of risk. -// -// When a cluster is subscribed to a release channel, Google maintains -// both the master version and the node version. Node auto-upgrade -// defaults to true and cannot be disabled. -message ReleaseChannel { - // Possible values for 'channel'. - enum Channel { - // No channel specified. - UNSPECIFIED = 0; - - // RAPID channel is offered on an early access basis for customers who want - // to test new releases. - // - // WARNING: Versions available in the RAPID Channel may be subject to - // unresolved issues with no known workaround and are not subject to any - // SLAs. - RAPID = 1; - - // Clusters subscribed to REGULAR receive versions that are considered GA - // quality. REGULAR is intended for production users who want to take - // advantage of new features. - REGULAR = 2; - - // Clusters subscribed to STABLE receive versions that are known to be - // stable and reliable in production. - STABLE = 3; - } - - // channel specifies which release channel the cluster is subscribed to. - Channel channel = 1; -} - -// Configuration for Cloud TPU. -message TpuConfig { - // Whether Cloud TPU integration is enabled or not. - bool enabled = 1; - - // Whether to use service networking for Cloud TPU or not. - bool use_service_networking = 2; - - // IPv4 CIDR block reserved for Cloud TPU in the VPC. - string ipv4_cidr_block = 3; -} - -// Master is the configuration for components on master. -message Master { - -} - -// NotificationConfig is the configuration of notifications. -message NotificationConfig { - // Pub/Sub specific notification config. - message PubSub { - // Enable notifications for Pub/Sub. - bool enabled = 1; - - // The desired Pub/Sub topic to which notifications will be - // sent by GKE. Format is `projects/{project}/topics/{topic}`. - string topic = 2 [(google.api.resource_reference) = { - type: "pubsub.googleapis.com/Topic" - }]; - } - - // Notification config for Pub/Sub. - PubSub pubsub = 1; -} - -// ConfidentialNodes is configuration for the confidential nodes feature, which -// makes nodes run on confidential VMs. -message ConfidentialNodes { - // Whether Confidential Nodes feature is enabled for all nodes in this - // cluster. - bool enabled = 1; -} - -// UpgradeEvent is a notification sent to customers by the cluster server when -// a resource is upgrading. -message UpgradeEvent { - // Required. The resource type that is upgrading. - UpgradeResourceType resource_type = 1 [(google.api.field_behavior) = REQUIRED]; - - // Required. The operation associated with this upgrade. - string operation = 2 [(google.api.field_behavior) = REQUIRED]; - - // Required. The time when the operation was started. - google.protobuf.Timestamp operation_start_time = 3 [(google.api.field_behavior) = REQUIRED]; - - // Required. The current version before the upgrade. - string current_version = 4 [(google.api.field_behavior) = REQUIRED]; - - // Required. The target version for the upgrade. - string target_version = 5 [(google.api.field_behavior) = REQUIRED]; - - // Optional. Optional relative path to the resource. For example in node pool upgrades, - // the relative path of the node pool. - string resource = 6 [(google.api.field_behavior) = OPTIONAL]; -} - -// The datapath provider selects the implementation of the Kubernetes networking -// // model for service resolution and network policy enforcement. -enum DatapathProvider { - // Default value. - DATAPATH_PROVIDER_UNSPECIFIED = 0; - - // Use the IPTables implementation based on kube-proxy. - LEGACY_DATAPATH = 1; - - // Use the eBPF based GKE Dataplane V2 with additional features. See the [GKE - // Dataplane V2 - // documentation](https://cloud.google.com/kubernetes-engine/docs/how-to/dataplane-v2) - // for more. - ADVANCED_DATAPATH = 2; -} - -// UpgradeResourceType is the resource type that is upgrading. It is used -// in upgrade notifications. -enum UpgradeResourceType { - // Default value. This shouldn't be used. - UPGRADE_RESOURCE_TYPE_UNSPECIFIED = 0; - - // Master / control plane - MASTER = 1; - - // Node pool - NODE_POOL = 2; -}