1// Copyright 2023 Google LLC 2// 3// Licensed under the Apache License, Version 2.0 (the "License"); 4// you may not use this file except in compliance with the License. 5// You may obtain a copy of the License at 6// 7// http://www.apache.org/licenses/LICENSE-2.0 8// 9// Unless required by applicable law or agreed to in writing, software 10// distributed under the License is distributed on an "AS IS" BASIS, 11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12// See the License for the specific language governing permissions and 13// limitations under the License. 14 15syntax = "proto3"; 16 17package google.container.v1; 18 19import "google/api/annotations.proto"; 20import "google/api/client.proto"; 21import "google/api/field_behavior.proto"; 22import "google/api/resource.proto"; 23import "google/protobuf/duration.proto"; 24import "google/protobuf/empty.proto"; 25import "google/protobuf/timestamp.proto"; 26import "google/protobuf/wrappers.proto"; 27import "google/rpc/code.proto"; 28import "google/rpc/status.proto"; 29 30option csharp_namespace = "Google.Cloud.Container.V1"; 31option go_package = "cloud.google.com/go/container/apiv1/containerpb;containerpb"; 32option java_multiple_files = true; 33option java_outer_classname = "ClusterServiceProto"; 34option java_package = "com.google.container.v1"; 35option php_namespace = "Google\\Cloud\\Container\\V1"; 36option ruby_package = "Google::Cloud::Container::V1"; 37option (google.api.resource_definition) = { 38 type: "pubsub.googleapis.com/Topic" 39 pattern: "projects/{project}/topics/{topic}" 40}; 41 42// Google Kubernetes Engine Cluster Manager v1 43service ClusterManager { 44 option (google.api.default_host) = "container.googleapis.com"; 45 option (google.api.oauth_scopes) = 46 "https://www.googleapis.com/auth/cloud-platform"; 47 48 // Lists all clusters owned by a project in either the specified zone or all 49 // zones. 50 rpc ListClusters(ListClustersRequest) returns (ListClustersResponse) { 51 option (google.api.http) = { 52 get: "/v1/{parent=projects/*/locations/*}/clusters" 53 additional_bindings { 54 get: "/v1/projects/{project_id}/zones/{zone}/clusters" 55 } 56 }; 57 option (google.api.method_signature) = "project_id,zone"; 58 option (google.api.method_signature) = "parent"; 59 } 60 61 // Gets the details of a specific cluster. 62 rpc GetCluster(GetClusterRequest) returns (Cluster) { 63 option (google.api.http) = { 64 get: "/v1/{name=projects/*/locations/*/clusters/*}" 65 additional_bindings { 66 get: "/v1/projects/{project_id}/zones/{zone}/clusters/{cluster_id}" 67 } 68 }; 69 option (google.api.method_signature) = "project_id,zone,cluster_id"; 70 option (google.api.method_signature) = "name"; 71 } 72 73 // Creates a cluster, consisting of the specified number and type of Google 74 // Compute Engine instances. 75 // 76 // By default, the cluster is created in the project's 77 // [default 78 // network](https://cloud.google.com/compute/docs/networks-and-firewalls#networks). 79 // 80 // One firewall is added for the cluster. After cluster creation, 81 // the Kubelet creates routes for each node to allow the containers 82 // on that node to communicate with all other instances in the 83 // cluster. 84 // 85 // Finally, an entry is added to the project's global metadata indicating 86 // which CIDR range the cluster is using. 87 rpc CreateCluster(CreateClusterRequest) returns (Operation) { 88 option (google.api.http) = { 89 post: "/v1/{parent=projects/*/locations/*}/clusters" 90 body: "*" 91 additional_bindings { 92 post: "/v1/projects/{project_id}/zones/{zone}/clusters" 93 body: "*" 94 } 95 }; 96 option (google.api.method_signature) = "project_id,zone,cluster"; 97 option (google.api.method_signature) = "parent,cluster"; 98 } 99 100 // Updates the settings of a specific cluster. 101 rpc UpdateCluster(UpdateClusterRequest) returns (Operation) { 102 option (google.api.http) = { 103 put: "/v1/{name=projects/*/locations/*/clusters/*}" 104 body: "*" 105 additional_bindings { 106 put: "/v1/projects/{project_id}/zones/{zone}/clusters/{cluster_id}" 107 body: "*" 108 } 109 }; 110 option (google.api.method_signature) = "project_id,zone,cluster_id,update"; 111 option (google.api.method_signature) = "name,update"; 112 } 113 114 // Updates the version and/or image type for the specified node pool. 115 rpc UpdateNodePool(UpdateNodePoolRequest) returns (Operation) { 116 option (google.api.http) = { 117 put: "/v1/{name=projects/*/locations/*/clusters/*/nodePools/*}" 118 body: "*" 119 additional_bindings { 120 post: "/v1/projects/{project_id}/zones/{zone}/clusters/{cluster_id}/nodePools/{node_pool_id}/update" 121 body: "*" 122 } 123 }; 124 } 125 126 // Sets the autoscaling settings for the specified node pool. 127 rpc SetNodePoolAutoscaling(SetNodePoolAutoscalingRequest) 128 returns (Operation) { 129 option (google.api.http) = { 130 post: "/v1/{name=projects/*/locations/*/clusters/*/nodePools/*}:setAutoscaling" 131 body: "*" 132 additional_bindings { 133 post: "/v1/projects/{project_id}/zones/{zone}/clusters/{cluster_id}/nodePools/{node_pool_id}/autoscaling" 134 body: "*" 135 } 136 }; 137 } 138 139 // Sets the logging service for a specific cluster. 140 rpc SetLoggingService(SetLoggingServiceRequest) returns (Operation) { 141 option (google.api.http) = { 142 post: "/v1/{name=projects/*/locations/*/clusters/*}:setLogging" 143 body: "*" 144 additional_bindings { 145 post: "/v1/projects/{project_id}/zones/{zone}/clusters/{cluster_id}/logging" 146 body: "*" 147 } 148 }; 149 option (google.api.method_signature) = 150 "project_id,zone,cluster_id,logging_service"; 151 option (google.api.method_signature) = "name,logging_service"; 152 } 153 154 // Sets the monitoring service for a specific cluster. 155 rpc SetMonitoringService(SetMonitoringServiceRequest) returns (Operation) { 156 option (google.api.http) = { 157 post: "/v1/{name=projects/*/locations/*/clusters/*}:setMonitoring" 158 body: "*" 159 additional_bindings { 160 post: "/v1/projects/{project_id}/zones/{zone}/clusters/{cluster_id}/monitoring" 161 body: "*" 162 } 163 }; 164 option (google.api.method_signature) = 165 "project_id,zone,cluster_id,monitoring_service"; 166 option (google.api.method_signature) = "name,monitoring_service"; 167 } 168 169 // Sets the addons for a specific cluster. 170 rpc SetAddonsConfig(SetAddonsConfigRequest) returns (Operation) { 171 option (google.api.http) = { 172 post: "/v1/{name=projects/*/locations/*/clusters/*}:setAddons" 173 body: "*" 174 additional_bindings { 175 post: "/v1/projects/{project_id}/zones/{zone}/clusters/{cluster_id}/addons" 176 body: "*" 177 } 178 }; 179 option (google.api.method_signature) = 180 "project_id,zone,cluster_id,addons_config"; 181 option (google.api.method_signature) = "name,addons_config"; 182 } 183 184 // Sets the locations for a specific cluster. 185 // Deprecated. Use 186 // [projects.locations.clusters.update](https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1/projects.locations.clusters/update) 187 // instead. 188 rpc SetLocations(SetLocationsRequest) returns (Operation) { 189 option deprecated = true; 190 option (google.api.http) = { 191 post: "/v1/{name=projects/*/locations/*/clusters/*}:setLocations" 192 body: "*" 193 additional_bindings { 194 post: "/v1/projects/{project_id}/zones/{zone}/clusters/{cluster_id}/locations" 195 body: "*" 196 } 197 }; 198 option (google.api.method_signature) = 199 "project_id,zone,cluster_id,locations"; 200 option (google.api.method_signature) = "name,locations"; 201 } 202 203 // Updates the master for a specific cluster. 204 rpc UpdateMaster(UpdateMasterRequest) returns (Operation) { 205 option (google.api.http) = { 206 post: "/v1/{name=projects/*/locations/*/clusters/*}:updateMaster" 207 body: "*" 208 additional_bindings { 209 post: "/v1/projects/{project_id}/zones/{zone}/clusters/{cluster_id}/master" 210 body: "*" 211 } 212 }; 213 option (google.api.method_signature) = 214 "project_id,zone,cluster_id,master_version"; 215 option (google.api.method_signature) = "name,master_version"; 216 } 217 218 // Sets master auth materials. Currently supports changing the admin password 219 // or a specific cluster, either via password generation or explicitly setting 220 // the password. 221 rpc SetMasterAuth(SetMasterAuthRequest) returns (Operation) { 222 option (google.api.http) = { 223 post: "/v1/{name=projects/*/locations/*/clusters/*}:setMasterAuth" 224 body: "*" 225 additional_bindings { 226 post: "/v1/projects/{project_id}/zones/{zone}/clusters/{cluster_id}:setMasterAuth" 227 body: "*" 228 } 229 }; 230 } 231 232 // Deletes the cluster, including the Kubernetes endpoint and all worker 233 // nodes. 234 // 235 // Firewalls and routes that were configured during cluster creation 236 // are also deleted. 237 // 238 // Other Google Compute Engine resources that might be in use by the cluster, 239 // such as load balancer resources, are not deleted if they weren't present 240 // when the cluster was initially created. 241 rpc DeleteCluster(DeleteClusterRequest) returns (Operation) { 242 option (google.api.http) = { 243 delete: "/v1/{name=projects/*/locations/*/clusters/*}" 244 additional_bindings { 245 delete: "/v1/projects/{project_id}/zones/{zone}/clusters/{cluster_id}" 246 } 247 }; 248 option (google.api.method_signature) = "project_id,zone,cluster_id"; 249 option (google.api.method_signature) = "name"; 250 } 251 252 // Lists all operations in a project in a specific zone or all zones. 253 rpc ListOperations(ListOperationsRequest) returns (ListOperationsResponse) { 254 option (google.api.http) = { 255 get: "/v1/{parent=projects/*/locations/*}/operations" 256 additional_bindings { 257 get: "/v1/projects/{project_id}/zones/{zone}/operations" 258 } 259 }; 260 option (google.api.method_signature) = "project_id,zone"; 261 } 262 263 // Gets the specified operation. 264 rpc GetOperation(GetOperationRequest) returns (Operation) { 265 option (google.api.http) = { 266 get: "/v1/{name=projects/*/locations/*/operations/*}" 267 additional_bindings { 268 get: "/v1/projects/{project_id}/zones/{zone}/operations/{operation_id}" 269 } 270 }; 271 option (google.api.method_signature) = "project_id,zone,operation_id"; 272 option (google.api.method_signature) = "name"; 273 } 274 275 // Cancels the specified operation. 276 rpc CancelOperation(CancelOperationRequest) returns (google.protobuf.Empty) { 277 option (google.api.http) = { 278 post: "/v1/{name=projects/*/locations/*/operations/*}:cancel" 279 body: "*" 280 additional_bindings { 281 post: "/v1/projects/{project_id}/zones/{zone}/operations/{operation_id}:cancel" 282 body: "*" 283 } 284 }; 285 option (google.api.method_signature) = "project_id,zone,operation_id"; 286 option (google.api.method_signature) = "name"; 287 } 288 289 // Returns configuration info about the Google Kubernetes Engine service. 290 rpc GetServerConfig(GetServerConfigRequest) returns (ServerConfig) { 291 option (google.api.http) = { 292 get: "/v1/{name=projects/*/locations/*}/serverConfig" 293 additional_bindings { 294 get: "/v1/projects/{project_id}/zones/{zone}/serverconfig" 295 } 296 }; 297 option (google.api.method_signature) = "project_id,zone"; 298 option (google.api.method_signature) = "name"; 299 } 300 301 // Gets the public component of the cluster signing keys in 302 // JSON Web Key format. 303 // This API is not yet intended for general use, and is not available for all 304 // clusters. 305 rpc GetJSONWebKeys(GetJSONWebKeysRequest) returns (GetJSONWebKeysResponse) { 306 option (google.api.http) = { 307 get: "/v1/{parent=projects/*/locations/*/clusters/*}/jwks" 308 }; 309 } 310 311 // Lists the node pools for a cluster. 312 rpc ListNodePools(ListNodePoolsRequest) returns (ListNodePoolsResponse) { 313 option (google.api.http) = { 314 get: "/v1/{parent=projects/*/locations/*/clusters/*}/nodePools" 315 additional_bindings { 316 get: "/v1/projects/{project_id}/zones/{zone}/clusters/{cluster_id}/nodePools" 317 } 318 }; 319 option (google.api.method_signature) = "project_id,zone,cluster_id"; 320 option (google.api.method_signature) = "parent"; 321 } 322 323 // Retrieves the requested node pool. 324 rpc GetNodePool(GetNodePoolRequest) returns (NodePool) { 325 option (google.api.http) = { 326 get: "/v1/{name=projects/*/locations/*/clusters/*/nodePools/*}" 327 additional_bindings { 328 get: "/v1/projects/{project_id}/zones/{zone}/clusters/{cluster_id}/nodePools/{node_pool_id}" 329 } 330 }; 331 option (google.api.method_signature) = 332 "project_id,zone,cluster_id,node_pool_id"; 333 option (google.api.method_signature) = "name"; 334 } 335 336 // Creates a node pool for a cluster. 337 rpc CreateNodePool(CreateNodePoolRequest) returns (Operation) { 338 option (google.api.http) = { 339 post: "/v1/{parent=projects/*/locations/*/clusters/*}/nodePools" 340 body: "*" 341 additional_bindings { 342 post: "/v1/projects/{project_id}/zones/{zone}/clusters/{cluster_id}/nodePools" 343 body: "*" 344 } 345 }; 346 option (google.api.method_signature) = 347 "project_id,zone,cluster_id,node_pool"; 348 option (google.api.method_signature) = "parent,node_pool"; 349 } 350 351 // Deletes a node pool from a cluster. 352 rpc DeleteNodePool(DeleteNodePoolRequest) returns (Operation) { 353 option (google.api.http) = { 354 delete: "/v1/{name=projects/*/locations/*/clusters/*/nodePools/*}" 355 additional_bindings { 356 delete: "/v1/projects/{project_id}/zones/{zone}/clusters/{cluster_id}/nodePools/{node_pool_id}" 357 } 358 }; 359 option (google.api.method_signature) = 360 "project_id,zone,cluster_id,node_pool_id"; 361 option (google.api.method_signature) = "name"; 362 } 363 364 // CompleteNodePoolUpgrade will signal an on-going node pool upgrade to 365 // complete. 366 rpc CompleteNodePoolUpgrade(CompleteNodePoolUpgradeRequest) 367 returns (google.protobuf.Empty) { 368 option (google.api.http) = { 369 post: "/v1/{name=projects/*/locations/*/clusters/*/nodePools/*}:completeUpgrade" 370 body: "*" 371 }; 372 } 373 374 // Rolls back a previously Aborted or Failed NodePool upgrade. 375 // This makes no changes if the last upgrade successfully completed. 376 rpc RollbackNodePoolUpgrade(RollbackNodePoolUpgradeRequest) 377 returns (Operation) { 378 option (google.api.http) = { 379 post: "/v1/{name=projects/*/locations/*/clusters/*/nodePools/*}:rollback" 380 body: "*" 381 additional_bindings { 382 post: "/v1/projects/{project_id}/zones/{zone}/clusters/{cluster_id}/nodePools/{node_pool_id}:rollback" 383 body: "*" 384 } 385 }; 386 option (google.api.method_signature) = 387 "project_id,zone,cluster_id,node_pool_id"; 388 option (google.api.method_signature) = "name"; 389 } 390 391 // Sets the NodeManagement options for a node pool. 392 rpc SetNodePoolManagement(SetNodePoolManagementRequest) returns (Operation) { 393 option (google.api.http) = { 394 post: "/v1/{name=projects/*/locations/*/clusters/*/nodePools/*}:setManagement" 395 body: "*" 396 additional_bindings { 397 post: "/v1/projects/{project_id}/zones/{zone}/clusters/{cluster_id}/nodePools/{node_pool_id}/setManagement" 398 body: "*" 399 } 400 }; 401 } 402 403 // Sets labels on a cluster. 404 rpc SetLabels(SetLabelsRequest) returns (Operation) { 405 option (google.api.http) = { 406 post: "/v1/{name=projects/*/locations/*/clusters/*}:setResourceLabels" 407 body: "*" 408 additional_bindings { 409 post: "/v1/projects/{project_id}/zones/{zone}/clusters/{cluster_id}/resourceLabels" 410 body: "*" 411 } 412 }; 413 } 414 415 // Enables or disables the ABAC authorization mechanism on a cluster. 416 rpc SetLegacyAbac(SetLegacyAbacRequest) returns (Operation) { 417 option (google.api.http) = { 418 post: "/v1/{name=projects/*/locations/*/clusters/*}:setLegacyAbac" 419 body: "*" 420 additional_bindings { 421 post: "/v1/projects/{project_id}/zones/{zone}/clusters/{cluster_id}/legacyAbac" 422 body: "*" 423 } 424 }; 425 option (google.api.method_signature) = "project_id,zone,cluster_id,enabled"; 426 option (google.api.method_signature) = "name,enabled"; 427 } 428 429 // Starts master IP rotation. 430 rpc StartIPRotation(StartIPRotationRequest) returns (Operation) { 431 option (google.api.http) = { 432 post: "/v1/{name=projects/*/locations/*/clusters/*}:startIpRotation" 433 body: "*" 434 additional_bindings { 435 post: "/v1/projects/{project_id}/zones/{zone}/clusters/{cluster_id}:startIpRotation" 436 body: "*" 437 } 438 }; 439 option (google.api.method_signature) = "project_id,zone,cluster_id"; 440 option (google.api.method_signature) = "name"; 441 } 442 443 // Completes master IP rotation. 444 rpc CompleteIPRotation(CompleteIPRotationRequest) returns (Operation) { 445 option (google.api.http) = { 446 post: "/v1/{name=projects/*/locations/*/clusters/*}:completeIpRotation" 447 body: "*" 448 additional_bindings { 449 post: "/v1/projects/{project_id}/zones/{zone}/clusters/{cluster_id}:completeIpRotation" 450 body: "*" 451 } 452 }; 453 option (google.api.method_signature) = "project_id,zone,cluster_id"; 454 option (google.api.method_signature) = "name"; 455 } 456 457 // Sets the size for a specific node pool. The new size will be used for all 458 // replicas, including future replicas created by modifying 459 // [NodePool.locations][google.container.v1.NodePool.locations]. 460 rpc SetNodePoolSize(SetNodePoolSizeRequest) returns (Operation) { 461 option (google.api.http) = { 462 post: "/v1/{name=projects/*/locations/*/clusters/*/nodePools/*}:setSize" 463 body: "*" 464 additional_bindings { 465 post: "/v1/projects/{project_id}/zones/{zone}/clusters/{cluster_id}/nodePools/{node_pool_id}/setSize" 466 body: "*" 467 } 468 }; 469 } 470 471 // Enables or disables Network Policy for a cluster. 472 rpc SetNetworkPolicy(SetNetworkPolicyRequest) returns (Operation) { 473 option (google.api.http) = { 474 post: "/v1/{name=projects/*/locations/*/clusters/*}:setNetworkPolicy" 475 body: "*" 476 additional_bindings { 477 post: "/v1/projects/{project_id}/zones/{zone}/clusters/{cluster_id}:setNetworkPolicy" 478 body: "*" 479 } 480 }; 481 option (google.api.method_signature) = 482 "project_id,zone,cluster_id,network_policy"; 483 option (google.api.method_signature) = "name,network_policy"; 484 } 485 486 // Sets the maintenance policy for a cluster. 487 rpc SetMaintenancePolicy(SetMaintenancePolicyRequest) returns (Operation) { 488 option (google.api.http) = { 489 post: "/v1/{name=projects/*/locations/*/clusters/*}:setMaintenancePolicy" 490 body: "*" 491 additional_bindings { 492 post: "/v1/projects/{project_id}/zones/{zone}/clusters/{cluster_id}:setMaintenancePolicy" 493 body: "*" 494 } 495 }; 496 option (google.api.method_signature) = 497 "project_id,zone,cluster_id,maintenance_policy"; 498 option (google.api.method_signature) = "name,maintenance_policy"; 499 } 500 501 // Lists subnetworks that are usable for creating clusters in a project. 502 rpc ListUsableSubnetworks(ListUsableSubnetworksRequest) 503 returns (ListUsableSubnetworksResponse) { 504 option (google.api.http) = { 505 get: "/v1/{parent=projects/*}/aggregated/usableSubnetworks" 506 }; 507 } 508} 509 510// Parameters that can be configured on Linux nodes. 511message LinuxNodeConfig { 512 // Possible cgroup modes that can be used. 513 enum CgroupMode { 514 // CGROUP_MODE_UNSPECIFIED is when unspecified cgroup configuration is used. 515 // The default for the GKE node OS image will be used. 516 CGROUP_MODE_UNSPECIFIED = 0; 517 518 // CGROUP_MODE_V1 specifies to use cgroupv1 for the cgroup configuration on 519 // the node image. 520 CGROUP_MODE_V1 = 1; 521 522 // CGROUP_MODE_V2 specifies to use cgroupv2 for the cgroup configuration on 523 // the node image. 524 CGROUP_MODE_V2 = 2; 525 } 526 527 // The Linux kernel parameters to be applied to the nodes and all pods running 528 // on the nodes. 529 // 530 // The following parameters are supported. 531 // 532 // net.core.busy_poll 533 // net.core.busy_read 534 // net.core.netdev_max_backlog 535 // net.core.rmem_max 536 // net.core.wmem_default 537 // net.core.wmem_max 538 // net.core.optmem_max 539 // net.core.somaxconn 540 // net.ipv4.tcp_rmem 541 // net.ipv4.tcp_wmem 542 // net.ipv4.tcp_tw_reuse 543 map<string, string> sysctls = 1; 544 545 // cgroup_mode specifies the cgroup mode to be used on the node. 546 CgroupMode cgroup_mode = 2; 547} 548 549// Parameters that can be configured on Windows nodes. 550// Windows Node Config that define the parameters that will be used to 551// configure the Windows node pool settings 552message WindowsNodeConfig { 553 // Possible OS version that can be used. 554 enum OSVersion { 555 // When OSVersion is not specified 556 OS_VERSION_UNSPECIFIED = 0; 557 558 // LTSC2019 specifies to use LTSC2019 as the Windows Servercore Base Image 559 OS_VERSION_LTSC2019 = 1; 560 561 // LTSC2022 specifies to use LTSC2022 as the Windows Servercore Base Image 562 OS_VERSION_LTSC2022 = 2; 563 } 564 565 // OSVersion specifies the Windows node config to be used on the node 566 OSVersion os_version = 1; 567} 568 569// Node kubelet configs. 570message NodeKubeletConfig { 571 // Control the CPU management policy on the node. 572 // See 573 // https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/ 574 // 575 // The following values are allowed. 576 // * "none": the default, which represents the existing scheduling behavior. 577 // * "static": allows pods with certain resource characteristics to be granted 578 // increased CPU affinity and exclusivity on the node. 579 // The default value is 'none' if unspecified. 580 string cpu_manager_policy = 1; 581 582 // Enable CPU CFS quota enforcement for containers that specify CPU limits. 583 // 584 // This option is enabled by default which makes kubelet use CFS quota 585 // (https://www.kernel.org/doc/Documentation/scheduler/sched-bwc.txt) to 586 // enforce container CPU limits. Otherwise, CPU limits will not be enforced at 587 // all. 588 // 589 // Disable this option to mitigate CPU throttling problems while still having 590 // your pods to be in Guaranteed QoS class by specifying the CPU limits. 591 // 592 // The default value is 'true' if unspecified. 593 google.protobuf.BoolValue cpu_cfs_quota = 2; 594 595 // Set the CPU CFS quota period value 'cpu.cfs_period_us'. 596 // 597 // The string must be a sequence of decimal numbers, each with optional 598 // fraction and a unit suffix, such as "300ms". 599 // Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h". 600 // The value must be a positive duration. 601 string cpu_cfs_quota_period = 3; 602 603 // Set the Pod PID limits. See 604 // https://kubernetes.io/docs/concepts/policy/pid-limiting/#pod-pid-limits 605 // 606 // Controls the maximum number of processes allowed to run in a pod. The value 607 // must be greater than or equal to 1024 and less than 4194304. 608 int64 pod_pids_limit = 4; 609} 610 611// Parameters that describe the nodes in a cluster. 612// 613// GKE Autopilot clusters do not 614// recognize parameters in `NodeConfig`. Use 615// [AutoprovisioningNodePoolDefaults][google.container.v1.AutoprovisioningNodePoolDefaults] 616// instead. 617message NodeConfig { 618 // The name of a Google Compute Engine [machine 619 // type](https://cloud.google.com/compute/docs/machine-types) 620 // 621 // If unspecified, the default machine type is `e2-medium`. 622 string machine_type = 1; 623 624 // Size of the disk attached to each node, specified in GB. 625 // The smallest allowed disk size is 10GB. 626 // 627 // If unspecified, the default disk size is 100GB. 628 int32 disk_size_gb = 2; 629 630 // The set of Google API scopes to be made available on all of the 631 // node VMs under the "default" service account. 632 // 633 // The following scopes are recommended, but not required, and by default are 634 // not included: 635 // 636 // * `https://www.googleapis.com/auth/compute` is required for mounting 637 // persistent storage on your nodes. 638 // * `https://www.googleapis.com/auth/devstorage.read_only` is required for 639 // communicating with **gcr.io** 640 // (the [Google Container 641 // Registry](https://cloud.google.com/container-registry/)). 642 // 643 // If unspecified, no scopes are added, unless Cloud Logging or Cloud 644 // Monitoring are enabled, in which case their required scopes will be added. 645 repeated string oauth_scopes = 3; 646 647 // The Google Cloud Platform Service Account to be used by the node VMs. 648 // Specify the email address of the Service Account; otherwise, if no Service 649 // Account is specified, the "default" service account is used. 650 string service_account = 9; 651 652 // The metadata key/value pairs assigned to instances in the cluster. 653 // 654 // Keys must conform to the regexp `[a-zA-Z0-9-_]+` and be less than 128 bytes 655 // in length. These are reflected as part of a URL in the metadata server. 656 // Additionally, to avoid ambiguity, keys must not conflict with any other 657 // metadata keys for the project or be one of the reserved keys: 658 // 659 // - "cluster-location" 660 // - "cluster-name" 661 // - "cluster-uid" 662 // - "configure-sh" 663 // - "containerd-configure-sh" 664 // - "enable-os-login" 665 // - "gci-ensure-gke-docker" 666 // - "gci-metrics-enabled" 667 // - "gci-update-strategy" 668 // - "instance-template" 669 // - "kube-env" 670 // - "startup-script" 671 // - "user-data" 672 // - "disable-address-manager" 673 // - "windows-startup-script-ps1" 674 // - "common-psm1" 675 // - "k8s-node-setup-psm1" 676 // - "install-ssh-psm1" 677 // - "user-profile-psm1" 678 // 679 // Values are free-form strings, and only have meaning as interpreted by 680 // the image running in the instance. The only restriction placed on them is 681 // that each value's size must be less than or equal to 32 KB. 682 // 683 // The total size of all keys and values must be less than 512 KB. 684 map<string, string> metadata = 4; 685 686 // The image type to use for this node. Note that for a given image type, 687 // the latest version of it will be used. Please see 688 // https://cloud.google.com/kubernetes-engine/docs/concepts/node-images for 689 // available image types. 690 string image_type = 5; 691 692 // The map of Kubernetes labels (key/value pairs) to be applied to each node. 693 // These will added in addition to any default label(s) that 694 // Kubernetes may apply to the node. 695 // In case of conflict in label keys, the applied set may differ depending on 696 // the Kubernetes version -- it's best to assume the behavior is undefined 697 // and conflicts should be avoided. 698 // For more information, including usage and the valid values, see: 699 // https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ 700 map<string, string> labels = 6; 701 702 // The number of local SSD disks to be attached to the node. 703 // 704 // The limit for this value is dependent upon the maximum number of 705 // disks available on a machine per zone. See: 706 // https://cloud.google.com/compute/docs/disks/local-ssd 707 // for more information. 708 int32 local_ssd_count = 7; 709 710 // The list of instance tags applied to all nodes. Tags are used to identify 711 // valid sources or targets for network firewalls and are specified by 712 // the client during cluster or node pool creation. Each tag within the list 713 // must comply with RFC1035. 714 repeated string tags = 8; 715 716 // Whether the nodes are created as preemptible VM instances. See: 717 // https://cloud.google.com/compute/docs/instances/preemptible for more 718 // information about preemptible VM instances. 719 bool preemptible = 10; 720 721 // A list of hardware accelerators to be attached to each node. 722 // See https://cloud.google.com/compute/docs/gpus for more information about 723 // support for GPUs. 724 repeated AcceleratorConfig accelerators = 11; 725 726 // Type of the disk attached to each node (e.g. 'pd-standard', 'pd-ssd' or 727 // 'pd-balanced') 728 // 729 // If unspecified, the default disk type is 'pd-standard' 730 string disk_type = 12; 731 732 // Minimum CPU platform to be used by this instance. The instance may be 733 // scheduled on the specified or newer CPU platform. Applicable values are the 734 // friendly names of CPU platforms, such as 735 // `minCpuPlatform: "Intel Haswell"` or 736 // `minCpuPlatform: "Intel Sandy Bridge"`. For more 737 // information, read [how to specify min CPU 738 // platform](https://cloud.google.com/compute/docs/instances/specify-min-cpu-platform) 739 string min_cpu_platform = 13; 740 741 // The workload metadata configuration for this node. 742 WorkloadMetadataConfig workload_metadata_config = 14; 743 744 // List of kubernetes taints to be applied to each node. 745 // 746 // For more information, including usage and the valid values, see: 747 // https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ 748 repeated NodeTaint taints = 15; 749 750 // Sandbox configuration for this node. 751 SandboxConfig sandbox_config = 17; 752 753 // Setting this field will assign instances of this 754 // pool to run on the specified node group. This is useful for running 755 // workloads on [sole tenant 756 // nodes](https://cloud.google.com/compute/docs/nodes/sole-tenant-nodes). 757 string node_group = 18; 758 759 // The optional reservation affinity. Setting this field will apply 760 // the specified [Zonal Compute 761 // Reservation](https://cloud.google.com/compute/docs/instances/reserving-zonal-resources) 762 // to this node pool. 763 ReservationAffinity reservation_affinity = 19; 764 765 // Shielded Instance options. 766 ShieldedInstanceConfig shielded_instance_config = 20; 767 768 // Parameters that can be configured on Linux nodes. 769 LinuxNodeConfig linux_node_config = 21; 770 771 // Node kubelet configs. 772 NodeKubeletConfig kubelet_config = 22; 773 774 // 775 // The Customer Managed Encryption Key used to encrypt the boot disk attached 776 // to each node in the node pool. This should be of the form 777 // projects/[KEY_PROJECT_ID]/locations/[LOCATION]/keyRings/[RING_NAME]/cryptoKeys/[KEY_NAME]. 778 // For more information about protecting resources with Cloud KMS Keys please 779 // see: 780 // https://cloud.google.com/compute/docs/disks/customer-managed-encryption 781 string boot_disk_kms_key = 23; 782 783 // Google Container File System (image streaming) configs. 784 GcfsConfig gcfs_config = 25; 785 786 // Advanced features for the Compute Engine VM. 787 AdvancedMachineFeatures advanced_machine_features = 26; 788 789 // Enable or disable gvnic in the node pool. 790 VirtualNIC gvnic = 29; 791 792 // Spot flag for enabling Spot VM, which is a rebrand of 793 // the existing preemptible flag. 794 bool spot = 32; 795 796 // Confidential nodes config. 797 // All the nodes in the node pool will be Confidential VM once enabled. 798 ConfidentialNodes confidential_nodes = 35; 799 800 // Enable or disable NCCL fast socket for the node pool. 801 optional FastSocket fast_socket = 36; 802 803 // The resource labels for the node pool to use to annotate any related 804 // Google Compute Engine resources. 805 map<string, string> resource_labels = 37; 806 807 // Logging configuration. 808 NodePoolLoggingConfig logging_config = 38; 809 810 // Parameters that can be configured on Windows nodes. 811 WindowsNodeConfig windows_node_config = 39; 812 813 // Parameters for using raw-block Local NVMe SSDs. 814 LocalNvmeSsdBlockConfig local_nvme_ssd_block_config = 40; 815 816 // Parameters for the node ephemeral storage using Local SSDs. 817 // If unspecified, ephemeral storage is backed by the boot disk. 818 EphemeralStorageLocalSsdConfig ephemeral_storage_local_ssd_config = 41; 819} 820 821// Specifies options for controlling advanced machine features. 822message AdvancedMachineFeatures { 823 // The number of threads per physical core. To disable simultaneous 824 // multithreading (SMT) set this to 1. If unset, the maximum number of threads 825 // supported per core by the underlying processor is assumed. 826 optional int64 threads_per_core = 1; 827} 828 829// Parameters for node pool-level network config. 830message NodeNetworkConfig { 831 // Configuration of all network bandwidth tiers 832 message NetworkPerformanceConfig { 833 // Node network tier 834 enum Tier { 835 // Default value 836 TIER_UNSPECIFIED = 0; 837 838 // Higher bandwidth, actual values based on VM size. 839 TIER_1 = 1; 840 } 841 842 // Specifies the total network bandwidth tier for the NodePool. 843 optional Tier total_egress_bandwidth_tier = 1; 844 } 845 846 // Input only. Whether to create a new range for pod IPs in this node pool. 847 // Defaults are provided for `pod_range` and `pod_ipv4_cidr_block` if they 848 // are not specified. 849 // 850 // If neither `create_pod_range` or `pod_range` are specified, the 851 // cluster-level default (`ip_allocation_policy.cluster_ipv4_cidr_block`) is 852 // used. 853 // 854 // Only applicable if `ip_allocation_policy.use_ip_aliases` is true. 855 // 856 // This field cannot be changed after the node pool has been created. 857 bool create_pod_range = 4 [(google.api.field_behavior) = INPUT_ONLY]; 858 859 // The ID of the secondary range for pod IPs. 860 // If `create_pod_range` is true, this ID is used for the new range. 861 // If `create_pod_range` is false, uses an existing secondary range with this 862 // ID. 863 // 864 // Only applicable if `ip_allocation_policy.use_ip_aliases` is true. 865 // 866 // This field cannot be changed after the node pool has been created. 867 string pod_range = 5; 868 869 // The IP address range for pod IPs in this node pool. 870 // 871 // Only applicable if `create_pod_range` is true. 872 // 873 // Set to blank to have a range chosen with the default size. 874 // 875 // Set to /netmask (e.g. `/14`) to have a range chosen with a specific 876 // netmask. 877 // 878 // Set to a 879 // [CIDR](https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing) 880 // notation (e.g. `10.96.0.0/14`) to pick a specific range to use. 881 // 882 // Only applicable if `ip_allocation_policy.use_ip_aliases` is true. 883 // 884 // This field cannot be changed after the node pool has been created. 885 string pod_ipv4_cidr_block = 6; 886 887 // Whether nodes have internal IP addresses only. 888 // If enable_private_nodes is not specified, then the value is derived from 889 // [cluster.privateClusterConfig.enablePrivateNodes][google.container.v1beta1.PrivateClusterConfig.enablePrivateNodes] 890 optional bool enable_private_nodes = 9; 891 892 // Network bandwidth tier configuration. 893 optional NetworkPerformanceConfig network_performance_config = 11; 894 895 // [PRIVATE FIELD] 896 // Pod CIDR size overprovisioning config for the nodepool. 897 // 898 // Pod CIDR size per node depends on max_pods_per_node. By default, the value 899 // of max_pods_per_node is rounded off to next power of 2 and we then double 900 // that to get the size of pod CIDR block per node. 901 // Example: max_pods_per_node of 30 would result in 64 IPs (/26). 902 // 903 // This config can disable the doubling of IPs (we still round off to next 904 // power of 2) 905 // Example: max_pods_per_node of 30 will result in 32 IPs (/27) when 906 // overprovisioning is disabled. 907 PodCIDROverprovisionConfig pod_cidr_overprovision_config = 13; 908} 909 910// A set of Shielded Instance options. 911message ShieldedInstanceConfig { 912 // Defines whether the instance has Secure Boot enabled. 913 // 914 // Secure Boot helps ensure that the system only runs authentic software by 915 // verifying the digital signature of all boot components, and halting the 916 // boot process if signature verification fails. 917 bool enable_secure_boot = 1; 918 919 // Defines whether the instance has integrity monitoring enabled. 920 // 921 // Enables monitoring and attestation of the boot integrity of the instance. 922 // The attestation is performed against the integrity policy baseline. This 923 // baseline is initially derived from the implicitly trusted boot image when 924 // the instance is created. 925 bool enable_integrity_monitoring = 2; 926} 927 928// SandboxConfig contains configurations of the sandbox to use for the node. 929message SandboxConfig { 930 // Possible types of sandboxes. 931 enum Type { 932 // Default value. This should not be used. 933 UNSPECIFIED = 0; 934 935 // Run sandbox using gvisor. 936 GVISOR = 1; 937 } 938 939 // Type of the sandbox to use for the node. 940 Type type = 2; 941} 942 943// GcfsConfig contains configurations of Google Container File System 944// (image streaming). 945message GcfsConfig { 946 // Whether to use GCFS. 947 bool enabled = 1; 948} 949 950// [ReservationAffinity](https://cloud.google.com/compute/docs/instances/reserving-zonal-resources) 951// is the configuration of desired reservation which instances could take 952// capacity from. 953message ReservationAffinity { 954 // Indicates whether to consume capacity from a reservation or not. 955 enum Type { 956 // Default value. This should not be used. 957 UNSPECIFIED = 0; 958 959 // Do not consume from any reserved capacity. 960 NO_RESERVATION = 1; 961 962 // Consume any reservation available. 963 ANY_RESERVATION = 2; 964 965 // Must consume from a specific reservation. Must specify key value fields 966 // for specifying the reservations. 967 SPECIFIC_RESERVATION = 3; 968 } 969 970 // Corresponds to the type of reservation consumption. 971 Type consume_reservation_type = 1; 972 973 // Corresponds to the label key of a reservation resource. To target a 974 // SPECIFIC_RESERVATION by name, specify 975 // "compute.googleapis.com/reservation-name" as the key and specify the name 976 // of your reservation as its value. 977 string key = 2; 978 979 // Corresponds to the label value(s) of reservation resource(s). 980 repeated string values = 3; 981} 982 983// Kubernetes taint is composed of three fields: key, value, and effect. Effect 984// can only be one of three types: NoSchedule, PreferNoSchedule or NoExecute. 985// 986// See 987// [here](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration) 988// for more information, including usage and the valid values. 989message NodeTaint { 990 // Possible values for Effect in taint. 991 enum Effect { 992 // Not set 993 EFFECT_UNSPECIFIED = 0; 994 995 // NoSchedule 996 NO_SCHEDULE = 1; 997 998 // PreferNoSchedule 999 PREFER_NO_SCHEDULE = 2; 1000 1001 // NoExecute 1002 NO_EXECUTE = 3; 1003 } 1004 1005 // Key for taint. 1006 string key = 1; 1007 1008 // Value for taint. 1009 string value = 2; 1010 1011 // Effect for taint. 1012 Effect effect = 3; 1013} 1014 1015// Collection of Kubernetes [node 1016// taints](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration). 1017message NodeTaints { 1018 // List of node taints. 1019 repeated NodeTaint taints = 1; 1020} 1021 1022// Collection of node-level [Kubernetes 1023// labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels). 1024message NodeLabels { 1025 // Map of node label keys and node label values. 1026 map<string, string> labels = 1; 1027} 1028 1029// Collection of [GCP 1030// labels](https://cloud.google.com/resource-manager/docs/creating-managing-labels). 1031message ResourceLabels { 1032 // Map of node label keys and node label values. 1033 map<string, string> labels = 1; 1034} 1035 1036// Collection of Compute Engine network tags that can be applied to a node's 1037// underlying VM instance. 1038message NetworkTags { 1039 // List of network tags. 1040 repeated string tags = 1; 1041} 1042 1043// The authentication information for accessing the master endpoint. 1044// Authentication can be done using HTTP basic auth or using client 1045// certificates. 1046message MasterAuth { 1047 // The username to use for HTTP basic authentication to the master endpoint. 1048 // For clusters v1.6.0 and later, basic authentication can be disabled by 1049 // leaving username unspecified (or setting it to the empty string). 1050 // 1051 // Warning: basic authentication is deprecated, and will be removed in GKE 1052 // control plane versions 1.19 and newer. For a list of recommended 1053 // authentication methods, see: 1054 // https://cloud.google.com/kubernetes-engine/docs/how-to/api-server-authentication 1055 string username = 1 [deprecated = true]; 1056 1057 // The password to use for HTTP basic authentication to the master endpoint. 1058 // Because the master endpoint is open to the Internet, you should create a 1059 // strong password. If a password is provided for cluster creation, username 1060 // must be non-empty. 1061 // 1062 // Warning: basic authentication is deprecated, and will be removed in GKE 1063 // control plane versions 1.19 and newer. For a list of recommended 1064 // authentication methods, see: 1065 // https://cloud.google.com/kubernetes-engine/docs/how-to/api-server-authentication 1066 string password = 2 [deprecated = true]; 1067 1068 // Configuration for client certificate authentication on the cluster. For 1069 // clusters before v1.12, if no configuration is specified, a client 1070 // certificate is issued. 1071 ClientCertificateConfig client_certificate_config = 3; 1072 1073 // [Output only] Base64-encoded public certificate that is the root of 1074 // trust for the cluster. 1075 string cluster_ca_certificate = 100; 1076 1077 // [Output only] Base64-encoded public certificate used by clients to 1078 // authenticate to the cluster endpoint. 1079 string client_certificate = 101; 1080 1081 // [Output only] Base64-encoded private key used by clients to authenticate 1082 // to the cluster endpoint. 1083 string client_key = 102; 1084} 1085 1086// Configuration for client certificates on the cluster. 1087message ClientCertificateConfig { 1088 // Issue a client certificate. 1089 bool issue_client_certificate = 1; 1090} 1091 1092// Configuration for the addons that can be automatically spun up in the 1093// cluster, enabling additional functionality. 1094message AddonsConfig { 1095 // Configuration for the HTTP (L7) load balancing controller addon, which 1096 // makes it easy to set up HTTP load balancers for services in a cluster. 1097 HttpLoadBalancing http_load_balancing = 1; 1098 1099 // Configuration for the horizontal pod autoscaling feature, which 1100 // increases or decreases the number of replica pods a replication controller 1101 // has based on the resource usage of the existing pods. 1102 HorizontalPodAutoscaling horizontal_pod_autoscaling = 2; 1103 1104 // Configuration for the Kubernetes Dashboard. 1105 // This addon is deprecated, and will be disabled in 1.15. It is recommended 1106 // to use the Cloud Console to manage and monitor your Kubernetes clusters, 1107 // workloads and applications. For more information, see: 1108 // https://cloud.google.com/kubernetes-engine/docs/concepts/dashboards 1109 KubernetesDashboard kubernetes_dashboard = 3 [deprecated = true]; 1110 1111 // Configuration for NetworkPolicy. This only tracks whether the addon 1112 // is enabled or not on the Master, it does not track whether network policy 1113 // is enabled for the nodes. 1114 NetworkPolicyConfig network_policy_config = 4; 1115 1116 // Configuration for the Cloud Run addon, which allows the user to use a 1117 // managed Knative service. 1118 CloudRunConfig cloud_run_config = 7; 1119 1120 // Configuration for NodeLocalDNS, a dns cache running on cluster nodes 1121 DnsCacheConfig dns_cache_config = 8; 1122 1123 // Configuration for the ConfigConnector add-on, a Kubernetes 1124 // extension to manage hosted GCP services through the Kubernetes API 1125 ConfigConnectorConfig config_connector_config = 10; 1126 1127 // Configuration for the Compute Engine Persistent Disk CSI driver. 1128 GcePersistentDiskCsiDriverConfig gce_persistent_disk_csi_driver_config = 11; 1129 1130 // Configuration for the GCP Filestore CSI driver. 1131 GcpFilestoreCsiDriverConfig gcp_filestore_csi_driver_config = 14; 1132 1133 // Configuration for the Backup for GKE agent addon. 1134 GkeBackupAgentConfig gke_backup_agent_config = 16; 1135} 1136 1137// Configuration options for the HTTP (L7) load balancing controller addon, 1138// which makes it easy to set up HTTP load balancers for services in a cluster. 1139message HttpLoadBalancing { 1140 // Whether the HTTP Load Balancing controller is enabled in the cluster. 1141 // When enabled, it runs a small pod in the cluster that manages the load 1142 // balancers. 1143 bool disabled = 1; 1144} 1145 1146// Configuration options for the horizontal pod autoscaling feature, which 1147// increases or decreases the number of replica pods a replication controller 1148// has based on the resource usage of the existing pods. 1149message HorizontalPodAutoscaling { 1150 // Whether the Horizontal Pod Autoscaling feature is enabled in the cluster. 1151 // When enabled, it ensures that metrics are collected into Stackdriver 1152 // Monitoring. 1153 bool disabled = 1; 1154} 1155 1156// Configuration for the Kubernetes Dashboard. 1157message KubernetesDashboard { 1158 // Whether the Kubernetes Dashboard is enabled for this cluster. 1159 bool disabled = 1; 1160} 1161 1162// Configuration for NetworkPolicy. This only tracks whether the addon 1163// is enabled or not on the Master, it does not track whether network policy 1164// is enabled for the nodes. 1165message NetworkPolicyConfig { 1166 // Whether NetworkPolicy is enabled for this cluster. 1167 bool disabled = 1; 1168} 1169 1170// Configuration for NodeLocal DNSCache 1171message DnsCacheConfig { 1172 // Whether NodeLocal DNSCache is enabled for this cluster. 1173 bool enabled = 1; 1174} 1175 1176// Configuration for controlling master global access settings. 1177message PrivateClusterMasterGlobalAccessConfig { 1178 // Whenever master is accessible globally or not. 1179 bool enabled = 1; 1180} 1181 1182// Configuration options for private clusters. 1183message PrivateClusterConfig { 1184 // Whether nodes have internal IP addresses only. If enabled, all nodes are 1185 // given only RFC 1918 private addresses and communicate with the master via 1186 // private networking. 1187 bool enable_private_nodes = 1; 1188 1189 // Whether the master's internal IP address is used as the cluster endpoint. 1190 bool enable_private_endpoint = 2; 1191 1192 // The IP range in CIDR notation to use for the hosted master network. This 1193 // range will be used for assigning internal IP addresses to the master or 1194 // set of masters, as well as the ILB VIP. This range must not overlap with 1195 // any other ranges in use within the cluster's network. 1196 string master_ipv4_cidr_block = 3; 1197 1198 // Output only. The internal IP address of this cluster's master endpoint. 1199 string private_endpoint = 4; 1200 1201 // Output only. The external IP address of this cluster's master endpoint. 1202 string public_endpoint = 5; 1203 1204 // Output only. The peering name in the customer VPC used by this cluster. 1205 string peering_name = 7; 1206 1207 // Controls master global access settings. 1208 PrivateClusterMasterGlobalAccessConfig master_global_access_config = 8; 1209 1210 // Subnet to provision the master's private endpoint during cluster creation. 1211 // Specified in projects/*/regions/*/subnetworks/* format. 1212 string private_endpoint_subnetwork = 10; 1213} 1214 1215// Configuration for returning group information from authenticators. 1216message AuthenticatorGroupsConfig { 1217 // Whether this cluster should return group membership lookups 1218 // during authentication using a group of security groups. 1219 bool enabled = 1; 1220 1221 // The name of the security group-of-groups to be used. Only relevant 1222 // if enabled = true. 1223 string security_group = 2; 1224} 1225 1226// Configuration options for the Cloud Run feature. 1227message CloudRunConfig { 1228 // Load balancer type of ingress service of Cloud Run. 1229 enum LoadBalancerType { 1230 // Load balancer type for Cloud Run is unspecified. 1231 LOAD_BALANCER_TYPE_UNSPECIFIED = 0; 1232 1233 // Install external load balancer for Cloud Run. 1234 LOAD_BALANCER_TYPE_EXTERNAL = 1; 1235 1236 // Install internal load balancer for Cloud Run. 1237 LOAD_BALANCER_TYPE_INTERNAL = 2; 1238 } 1239 1240 // Whether Cloud Run addon is enabled for this cluster. 1241 bool disabled = 1; 1242 1243 // Which load balancer type is installed for Cloud Run. 1244 LoadBalancerType load_balancer_type = 3; 1245} 1246 1247// Configuration options for the Config Connector add-on. 1248message ConfigConnectorConfig { 1249 // Whether Cloud Connector is enabled for this cluster. 1250 bool enabled = 1; 1251} 1252 1253// Configuration for the Compute Engine PD CSI driver. 1254message GcePersistentDiskCsiDriverConfig { 1255 // Whether the Compute Engine PD CSI driver is enabled for this cluster. 1256 bool enabled = 1; 1257} 1258 1259// Configuration for the GCP Filestore CSI driver. 1260message GcpFilestoreCsiDriverConfig { 1261 // Whether the GCP Filestore CSI driver is enabled for this cluster. 1262 bool enabled = 1; 1263} 1264 1265// Configuration for the Backup for GKE Agent. 1266message GkeBackupAgentConfig { 1267 // Whether the Backup for GKE agent is enabled for this cluster. 1268 bool enabled = 1; 1269} 1270 1271// Configuration options for the master authorized networks feature. Enabled 1272// master authorized networks will disallow all external traffic to access 1273// Kubernetes master through HTTPS except traffic from the given CIDR blocks, 1274// Google Compute Engine Public IPs and Google Prod IPs. 1275message MasterAuthorizedNetworksConfig { 1276 // CidrBlock contains an optional name and one CIDR block. 1277 message CidrBlock { 1278 // display_name is an optional field for users to identify CIDR blocks. 1279 string display_name = 1; 1280 1281 // cidr_block must be specified in CIDR notation. 1282 string cidr_block = 2; 1283 } 1284 1285 // Whether or not master authorized networks is enabled. 1286 bool enabled = 1; 1287 1288 // cidr_blocks define up to 50 external networks that could access 1289 // Kubernetes master through HTTPS. 1290 repeated CidrBlock cidr_blocks = 2; 1291 1292 // Whether master is accessbile via Google Compute Engine Public IP addresses. 1293 optional bool gcp_public_cidrs_access_enabled = 3; 1294} 1295 1296// Configuration for the legacy Attribute Based Access Control authorization 1297// mode. 1298message LegacyAbac { 1299 // Whether the ABAC authorizer is enabled for this cluster. When enabled, 1300 // identities in the system, including service accounts, nodes, and 1301 // controllers, will have statically granted permissions beyond those 1302 // provided by the RBAC configuration or IAM. 1303 bool enabled = 1; 1304} 1305 1306// Configuration options for the NetworkPolicy feature. 1307// https://kubernetes.io/docs/concepts/services-networking/networkpolicies/ 1308message NetworkPolicy { 1309 // Allowed Network Policy providers. 1310 enum Provider { 1311 // Not set 1312 PROVIDER_UNSPECIFIED = 0; 1313 1314 // Tigera (Calico Felix). 1315 CALICO = 1; 1316 } 1317 1318 // The selected network policy provider. 1319 Provider provider = 1; 1320 1321 // Whether network policy is enabled on the cluster. 1322 bool enabled = 2; 1323} 1324 1325// Configuration for Binary Authorization. 1326message BinaryAuthorization { 1327 // Binary Authorization mode of operation. 1328 enum EvaluationMode { 1329 // Default value 1330 EVALUATION_MODE_UNSPECIFIED = 0; 1331 1332 // Disable BinaryAuthorization 1333 DISABLED = 1; 1334 1335 // Enforce Kubernetes admission requests with BinaryAuthorization using the 1336 // project's singleton policy. This is equivalent to setting the 1337 // enabled boolean to true. 1338 PROJECT_SINGLETON_POLICY_ENFORCE = 2; 1339 } 1340 1341 // This field is deprecated. Leave this unset and instead configure 1342 // BinaryAuthorization using evaluation_mode. If evaluation_mode is set to 1343 // anything other than EVALUATION_MODE_UNSPECIFIED, this field is ignored. 1344 bool enabled = 1 [deprecated = true]; 1345 1346 // Mode of operation for binauthz policy evaluation. If unspecified, defaults 1347 // to DISABLED. 1348 EvaluationMode evaluation_mode = 2; 1349} 1350 1351// [PRIVATE FIELD] 1352// Config for pod CIDR size overprovisioning. 1353message PodCIDROverprovisionConfig { 1354 // Whether Pod CIDR overprovisioning is disabled. 1355 // Note: Pod CIDR overprovisioning is enabled by default. 1356 bool disable = 1; 1357} 1358 1359// Configuration for controlling how IPs are allocated in the cluster. 1360message IPAllocationPolicy { 1361 // Whether alias IPs will be used for pod IPs in the cluster. 1362 // This is used in conjunction with use_routes. It cannot 1363 // be true if use_routes is true. If both use_ip_aliases and use_routes are 1364 // false, then the server picks the default IP allocation mode 1365 bool use_ip_aliases = 1; 1366 1367 // Whether a new subnetwork will be created automatically for the cluster. 1368 // 1369 // This field is only applicable when `use_ip_aliases` is true. 1370 bool create_subnetwork = 2; 1371 1372 // A custom subnetwork name to be used if `create_subnetwork` is true. If 1373 // this field is empty, then an automatic name will be chosen for the new 1374 // subnetwork. 1375 string subnetwork_name = 3; 1376 1377 // This field is deprecated, use cluster_ipv4_cidr_block. 1378 string cluster_ipv4_cidr = 4 [deprecated = true]; 1379 1380 // This field is deprecated, use node_ipv4_cidr_block. 1381 string node_ipv4_cidr = 5 [deprecated = true]; 1382 1383 // This field is deprecated, use services_ipv4_cidr_block. 1384 string services_ipv4_cidr = 6 [deprecated = true]; 1385 1386 // The name of the secondary range to be used for the cluster CIDR 1387 // block. The secondary range will be used for pod IP 1388 // addresses. This must be an existing secondary range associated 1389 // with the cluster subnetwork. 1390 // 1391 // This field is only applicable with use_ip_aliases is true and 1392 // create_subnetwork is false. 1393 string cluster_secondary_range_name = 7; 1394 1395 // The name of the secondary range to be used as for the services 1396 // CIDR block. The secondary range will be used for service 1397 // ClusterIPs. This must be an existing secondary range associated 1398 // with the cluster subnetwork. 1399 // 1400 // This field is only applicable with use_ip_aliases is true and 1401 // create_subnetwork is false. 1402 string services_secondary_range_name = 8; 1403 1404 // The IP address range for the cluster pod IPs. If this field is set, then 1405 // `cluster.cluster_ipv4_cidr` must be left blank. 1406 // 1407 // This field is only applicable when `use_ip_aliases` is true. 1408 // 1409 // Set to blank to have a range chosen with the default size. 1410 // 1411 // Set to /netmask (e.g. `/14`) to have a range chosen with a specific 1412 // netmask. 1413 // 1414 // Set to a 1415 // [CIDR](http://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing) 1416 // notation (e.g. `10.96.0.0/14`) from the RFC-1918 private networks (e.g. 1417 // `10.0.0.0/8`, `172.16.0.0/12`, `192.168.0.0/16`) to pick a specific range 1418 // to use. 1419 string cluster_ipv4_cidr_block = 9; 1420 1421 // The IP address range of the instance IPs in this cluster. 1422 // 1423 // This is applicable only if `create_subnetwork` is true. 1424 // 1425 // Set to blank to have a range chosen with the default size. 1426 // 1427 // Set to /netmask (e.g. `/14`) to have a range chosen with a specific 1428 // netmask. 1429 // 1430 // Set to a 1431 // [CIDR](http://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing) 1432 // notation (e.g. `10.96.0.0/14`) from the RFC-1918 private networks (e.g. 1433 // `10.0.0.0/8`, `172.16.0.0/12`, `192.168.0.0/16`) to pick a specific range 1434 // to use. 1435 string node_ipv4_cidr_block = 10; 1436 1437 // The IP address range of the services IPs in this cluster. If blank, a range 1438 // will be automatically chosen with the default size. 1439 // 1440 // This field is only applicable when `use_ip_aliases` is true. 1441 // 1442 // Set to blank to have a range chosen with the default size. 1443 // 1444 // Set to /netmask (e.g. `/14`) to have a range chosen with a specific 1445 // netmask. 1446 // 1447 // Set to a 1448 // [CIDR](http://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing) 1449 // notation (e.g. `10.96.0.0/14`) from the RFC-1918 private networks (e.g. 1450 // `10.0.0.0/8`, `172.16.0.0/12`, `192.168.0.0/16`) to pick a specific range 1451 // to use. 1452 string services_ipv4_cidr_block = 11; 1453 1454 // The IP address range of the Cloud TPUs in this cluster. If unspecified, a 1455 // range will be automatically chosen with the default size. 1456 // 1457 // This field is only applicable when `use_ip_aliases` is true. 1458 // 1459 // If unspecified, the range will use the default size. 1460 // 1461 // Set to /netmask (e.g. `/14`) to have a range chosen with a specific 1462 // netmask. 1463 // 1464 // Set to a 1465 // [CIDR](http://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing) 1466 // notation (e.g. `10.96.0.0/14`) from the RFC-1918 private networks (e.g. 1467 // `10.0.0.0/8`, `172.16.0.0/12`, `192.168.0.0/16`) to pick a specific range 1468 // to use. 1469 string tpu_ipv4_cidr_block = 13; 1470 1471 // Whether routes will be used for pod IPs in the cluster. 1472 // This is used in conjunction with use_ip_aliases. It cannot be true if 1473 // use_ip_aliases is true. If both use_ip_aliases and use_routes are false, 1474 // then the server picks the default IP allocation mode 1475 bool use_routes = 15; 1476 1477 // The IP stack type of the cluster 1478 StackType stack_type = 16; 1479 1480 // The ipv6 access type (internal or external) when create_subnetwork is true 1481 IPv6AccessType ipv6_access_type = 17; 1482 1483 // [PRIVATE FIELD] 1484 // Pod CIDR size overprovisioning config for the cluster. 1485 // 1486 // Pod CIDR size per node depends on max_pods_per_node. By default, the value 1487 // of max_pods_per_node is doubled and then rounded off to next power of 2 to 1488 // get the size of pod CIDR block per node. 1489 // Example: max_pods_per_node of 30 would result in 64 IPs (/26). 1490 // 1491 // This config can disable the doubling of IPs (we still round off to next 1492 // power of 2) 1493 // Example: max_pods_per_node of 30 will result in 32 IPs (/27) when 1494 // overprovisioning is disabled. 1495 PodCIDROverprovisionConfig pod_cidr_overprovision_config = 21; 1496 1497 // Output only. [Output only] The subnet's IPv6 CIDR block used by nodes and 1498 // pods. 1499 string subnet_ipv6_cidr_block = 22 1500 [(google.api.field_behavior) = OUTPUT_ONLY]; 1501 1502 // Output only. [Output only] The services IPv6 CIDR block for the cluster. 1503 string services_ipv6_cidr_block = 23 1504 [(google.api.field_behavior) = OUTPUT_ONLY]; 1505 1506 // Output only. [Output only] The additional pod ranges that are added to the 1507 // cluster. These pod ranges can be used by new node pools to allocate pod IPs 1508 // automatically. Once the range is removed it will not show up in 1509 // IPAllocationPolicy. 1510 AdditionalPodRangesConfig additional_pod_ranges_config = 24 1511 [(google.api.field_behavior) = OUTPUT_ONLY]; 1512} 1513 1514// A Google Kubernetes Engine cluster. 1515message Cluster { 1516 // The current status of the cluster. 1517 enum Status { 1518 // Not set. 1519 STATUS_UNSPECIFIED = 0; 1520 1521 // The PROVISIONING state indicates the cluster is being created. 1522 PROVISIONING = 1; 1523 1524 // The RUNNING state indicates the cluster has been created and is fully 1525 // usable. 1526 RUNNING = 2; 1527 1528 // The RECONCILING state indicates that some work is actively being done on 1529 // the cluster, such as upgrading the master or node software. Details can 1530 // be found in the `statusMessage` field. 1531 RECONCILING = 3; 1532 1533 // The STOPPING state indicates the cluster is being deleted. 1534 STOPPING = 4; 1535 1536 // The ERROR state indicates the cluster is unusable. It will be 1537 // automatically deleted. Details can be found in the `statusMessage` field. 1538 ERROR = 5; 1539 1540 // The DEGRADED state indicates the cluster requires user action to restore 1541 // full functionality. Details can be found in the `statusMessage` field. 1542 DEGRADED = 6; 1543 } 1544 1545 // The name of this cluster. The name must be unique within this project 1546 // and location (e.g. zone or region), and can be up to 40 characters with 1547 // the following restrictions: 1548 // 1549 // * Lowercase letters, numbers, and hyphens only. 1550 // * Must start with a letter. 1551 // * Must end with a number or a letter. 1552 string name = 1; 1553 1554 // An optional description of this cluster. 1555 string description = 2; 1556 1557 // The number of nodes to create in this cluster. You must ensure that your 1558 // Compute Engine [resource quota](https://cloud.google.com/compute/quotas) 1559 // is sufficient for this number of instances. You must also have available 1560 // firewall and routes quota. 1561 // For requests, this field should only be used in lieu of a 1562 // "node_pool" object, since this configuration (along with the 1563 // "node_config") will be used to create a "NodePool" object with an 1564 // auto-generated name. Do not use this and a node_pool at the same time. 1565 // 1566 // This field is deprecated, use node_pool.initial_node_count instead. 1567 int32 initial_node_count = 3 [deprecated = true]; 1568 1569 // Parameters used in creating the cluster's nodes. 1570 // For requests, this field should only be used in lieu of a 1571 // "node_pool" object, since this configuration (along with the 1572 // "initial_node_count") will be used to create a "NodePool" object with an 1573 // auto-generated name. Do not use this and a node_pool at the same time. 1574 // For responses, this field will be populated with the node configuration of 1575 // the first node pool. (For configuration of each node pool, see 1576 // `node_pool.config`) 1577 // 1578 // If unspecified, the defaults are used. 1579 // This field is deprecated, use node_pool.config instead. 1580 NodeConfig node_config = 4 [deprecated = true]; 1581 1582 // The authentication information for accessing the master endpoint. 1583 // If unspecified, the defaults are used: 1584 // For clusters before v1.12, if master_auth is unspecified, `username` will 1585 // be set to "admin", a random password will be generated, and a client 1586 // certificate will be issued. 1587 MasterAuth master_auth = 5; 1588 1589 // The logging service the cluster should use to write logs. 1590 // Currently available options: 1591 // 1592 // * `logging.googleapis.com/kubernetes` - The Cloud Logging 1593 // service with a Kubernetes-native resource model 1594 // * `logging.googleapis.com` - The legacy Cloud Logging service (no longer 1595 // available as of GKE 1.15). 1596 // * `none` - no logs will be exported from the cluster. 1597 // 1598 // If left as an empty string,`logging.googleapis.com/kubernetes` will be 1599 // used for GKE 1.14+ or `logging.googleapis.com` for earlier versions. 1600 string logging_service = 6; 1601 1602 // The monitoring service the cluster should use to write metrics. 1603 // Currently available options: 1604 // 1605 // * "monitoring.googleapis.com/kubernetes" - The Cloud Monitoring 1606 // service with a Kubernetes-native resource model 1607 // * `monitoring.googleapis.com` - The legacy Cloud Monitoring service (no 1608 // longer available as of GKE 1.15). 1609 // * `none` - No metrics will be exported from the cluster. 1610 // 1611 // If left as an empty string,`monitoring.googleapis.com/kubernetes` will be 1612 // used for GKE 1.14+ or `monitoring.googleapis.com` for earlier versions. 1613 string monitoring_service = 7; 1614 1615 // The name of the Google Compute Engine 1616 // [network](https://cloud.google.com/compute/docs/networks-and-firewalls#networks) 1617 // to which the cluster is connected. If left unspecified, the `default` 1618 // network will be used. 1619 string network = 8; 1620 1621 // The IP address range of the container pods in this cluster, in 1622 // [CIDR](http://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing) 1623 // notation (e.g. `10.96.0.0/14`). Leave blank to have 1624 // one automatically chosen or specify a `/14` block in `10.0.0.0/8`. 1625 string cluster_ipv4_cidr = 9; 1626 1627 // Configurations for the various addons available to run in the cluster. 1628 AddonsConfig addons_config = 10; 1629 1630 // The name of the Google Compute Engine 1631 // [subnetwork](https://cloud.google.com/compute/docs/subnetworks) to which 1632 // the cluster is connected. 1633 string subnetwork = 11; 1634 1635 // The node pools associated with this cluster. 1636 // This field should not be set if "node_config" or "initial_node_count" are 1637 // specified. 1638 repeated NodePool node_pools = 12; 1639 1640 // The list of Google Compute Engine 1641 // [zones](https://cloud.google.com/compute/docs/zones#available) in which the 1642 // cluster's nodes should be located. 1643 // 1644 // This field provides a default value if 1645 // [NodePool.Locations](https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1/projects.locations.clusters.nodePools#NodePool.FIELDS.locations) 1646 // are not specified during node pool creation. 1647 // 1648 // Warning: changing cluster locations will update the 1649 // [NodePool.Locations](https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1/projects.locations.clusters.nodePools#NodePool.FIELDS.locations) 1650 // of all node pools and will result in nodes being added and/or removed. 1651 repeated string locations = 13; 1652 1653 // Kubernetes alpha features are enabled on this cluster. This includes alpha 1654 // API groups (e.g. v1alpha1) and features that may not be production ready in 1655 // the kubernetes version of the master and nodes. 1656 // The cluster has no SLA for uptime and master/node upgrades are disabled. 1657 // Alpha enabled clusters are automatically deleted thirty days after 1658 // creation. 1659 bool enable_kubernetes_alpha = 14; 1660 1661 // The resource labels for the cluster to use to annotate any related 1662 // Google Compute Engine resources. 1663 map<string, string> resource_labels = 15; 1664 1665 // The fingerprint of the set of labels for this cluster. 1666 string label_fingerprint = 16; 1667 1668 // Configuration for the legacy ABAC authorization mode. 1669 LegacyAbac legacy_abac = 18; 1670 1671 // Configuration options for the NetworkPolicy feature. 1672 NetworkPolicy network_policy = 19; 1673 1674 // Configuration for cluster IP allocation. 1675 IPAllocationPolicy ip_allocation_policy = 20; 1676 1677 // The configuration options for master authorized networks feature. 1678 MasterAuthorizedNetworksConfig master_authorized_networks_config = 22; 1679 1680 // Configure the maintenance policy for this cluster. 1681 MaintenancePolicy maintenance_policy = 23; 1682 1683 // Configuration for Binary Authorization. 1684 BinaryAuthorization binary_authorization = 24; 1685 1686 // Cluster-level autoscaling configuration. 1687 ClusterAutoscaling autoscaling = 26; 1688 1689 // Configuration for cluster networking. 1690 NetworkConfig network_config = 27; 1691 1692 // The default constraint on the maximum number of pods that can be run 1693 // simultaneously on a node in the node pool of this cluster. Only honored 1694 // if cluster created with IP Alias support. 1695 MaxPodsConstraint default_max_pods_constraint = 30; 1696 1697 // Configuration for exporting resource usages. Resource usage export is 1698 // disabled when this config is unspecified. 1699 ResourceUsageExportConfig resource_usage_export_config = 33; 1700 1701 // Configuration controlling RBAC group membership information. 1702 AuthenticatorGroupsConfig authenticator_groups_config = 34; 1703 1704 // Configuration for private cluster. 1705 PrivateClusterConfig private_cluster_config = 37; 1706 1707 // Configuration of etcd encryption. 1708 DatabaseEncryption database_encryption = 38; 1709 1710 // Cluster-level Vertical Pod Autoscaling configuration. 1711 VerticalPodAutoscaling vertical_pod_autoscaling = 39; 1712 1713 // Shielded Nodes configuration. 1714 ShieldedNodes shielded_nodes = 40; 1715 1716 // Release channel configuration. 1717 ReleaseChannel release_channel = 41; 1718 1719 // Configuration for the use of Kubernetes Service Accounts in GCP IAM 1720 // policies. 1721 WorkloadIdentityConfig workload_identity_config = 43; 1722 1723 // Configuration for issuance of mTLS keys and certificates to Kubernetes 1724 // pods. 1725 MeshCertificates mesh_certificates = 67; 1726 1727 // Configuration for the fine-grained cost management feature. 1728 CostManagementConfig cost_management_config = 45; 1729 1730 // Notification configuration of the cluster. 1731 NotificationConfig notification_config = 49; 1732 1733 // Configuration of Confidential Nodes. 1734 // All the nodes in the cluster will be Confidential VM once enabled. 1735 ConfidentialNodes confidential_nodes = 50; 1736 1737 // Configuration for Identity Service component. 1738 IdentityServiceConfig identity_service_config = 54; 1739 1740 // [Output only] Server-defined URL for the resource. 1741 string self_link = 100; 1742 1743 // [Output only] The name of the Google Compute Engine 1744 // [zone](https://cloud.google.com/compute/docs/zones#available) in which the 1745 // cluster resides. This field is deprecated, use location instead. 1746 string zone = 101 [deprecated = true]; 1747 1748 // [Output only] The IP address of this cluster's master endpoint. 1749 // The endpoint can be accessed from the internet at 1750 // `https://username:password@endpoint/`. 1751 // 1752 // See the `masterAuth` property of this resource for username and 1753 // password information. 1754 string endpoint = 102; 1755 1756 // The initial Kubernetes version for this cluster. Valid versions are those 1757 // found in validMasterVersions returned by getServerConfig. The version can 1758 // be upgraded over time; such upgrades are reflected in 1759 // currentMasterVersion and currentNodeVersion. 1760 // 1761 // Users may specify either explicit versions offered by 1762 // Kubernetes Engine or version aliases, which have the following behavior: 1763 // 1764 // - "latest": picks the highest valid Kubernetes version 1765 // - "1.X": picks the highest valid patch+gke.N patch in the 1.X version 1766 // - "1.X.Y": picks the highest valid gke.N patch in the 1.X.Y version 1767 // - "1.X.Y-gke.N": picks an explicit Kubernetes version 1768 // - "","-": picks the default Kubernetes version 1769 string initial_cluster_version = 103; 1770 1771 // [Output only] The current software version of the master endpoint. 1772 string current_master_version = 104; 1773 1774 // [Output only] Deprecated, use 1775 // [NodePools.version](https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1/projects.locations.clusters.nodePools) 1776 // instead. The current version of the node software components. If they are 1777 // currently at multiple versions because they're in the process of being 1778 // upgraded, this reflects the minimum version of all nodes. 1779 string current_node_version = 105 [deprecated = true]; 1780 1781 // [Output only] The time the cluster was created, in 1782 // [RFC3339](https://www.ietf.org/rfc/rfc3339.txt) text format. 1783 string create_time = 106; 1784 1785 // [Output only] The current status of this cluster. 1786 Status status = 107; 1787 1788 // [Output only] Deprecated. Use conditions instead. 1789 // Additional information about the current status of this 1790 // cluster, if available. 1791 string status_message = 108 [deprecated = true]; 1792 1793 // [Output only] The size of the address space on each node for hosting 1794 // containers. This is provisioned from within the `container_ipv4_cidr` 1795 // range. This field will only be set when cluster is in route-based network 1796 // mode. 1797 int32 node_ipv4_cidr_size = 109; 1798 1799 // [Output only] The IP address range of the Kubernetes services in 1800 // this cluster, in 1801 // [CIDR](http://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing) 1802 // notation (e.g. `1.2.3.4/29`). Service addresses are 1803 // typically put in the last `/16` from the container CIDR. 1804 string services_ipv4_cidr = 110; 1805 1806 // Deprecated. Use node_pools.instance_group_urls. 1807 repeated string instance_group_urls = 111 [deprecated = true]; 1808 1809 // [Output only] The number of nodes currently in the cluster. Deprecated. 1810 // Call Kubernetes API directly to retrieve node information. 1811 int32 current_node_count = 112 [deprecated = true]; 1812 1813 // [Output only] The time the cluster will be automatically 1814 // deleted in [RFC3339](https://www.ietf.org/rfc/rfc3339.txt) text format. 1815 string expire_time = 113; 1816 1817 // [Output only] The name of the Google Compute Engine 1818 // [zone](https://cloud.google.com/compute/docs/regions-zones/regions-zones#available) 1819 // or 1820 // [region](https://cloud.google.com/compute/docs/regions-zones/regions-zones#available) 1821 // in which the cluster resides. 1822 string location = 114; 1823 1824 // Enable the ability to use Cloud TPUs in this cluster. 1825 bool enable_tpu = 115; 1826 1827 // [Output only] The IP address range of the Cloud TPUs in this cluster, in 1828 // [CIDR](http://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing) 1829 // notation (e.g. `1.2.3.4/29`). 1830 string tpu_ipv4_cidr_block = 116; 1831 1832 // Which conditions caused the current cluster state. 1833 repeated StatusCondition conditions = 118; 1834 1835 // Autopilot configuration for the cluster. 1836 Autopilot autopilot = 128; 1837 1838 // Output only. Unique id for the cluster. 1839 string id = 129 [(google.api.field_behavior) = OUTPUT_ONLY]; 1840 1841 // Default NodePool settings for the entire cluster. These settings are 1842 // overridden if specified on the specific NodePool object. 1843 optional NodePoolDefaults node_pool_defaults = 131; 1844 1845 // Logging configuration for the cluster. 1846 LoggingConfig logging_config = 132; 1847 1848 // Monitoring configuration for the cluster. 1849 MonitoringConfig monitoring_config = 133; 1850 1851 // Node pool configs that apply to all auto-provisioned node pools 1852 // in autopilot clusters and node auto-provisioning enabled clusters. 1853 NodePoolAutoConfig node_pool_auto_config = 136; 1854 1855 // This checksum is computed by the server based on the value of cluster 1856 // fields, and may be sent on update requests to ensure the client has an 1857 // up-to-date value before proceeding. 1858 string etag = 139; 1859 1860 // Fleet information for the cluster. 1861 Fleet fleet = 140; 1862} 1863 1864// Node pool configs that apply to all auto-provisioned node pools 1865// in autopilot clusters and node auto-provisioning enabled clusters. 1866message NodePoolAutoConfig { 1867 // The list of instance tags applied to all nodes. Tags are used to identify 1868 // valid sources or targets for network firewalls and are specified by 1869 // the client during cluster creation. Each tag within the list 1870 // must comply with RFC1035. 1871 NetworkTags network_tags = 1; 1872} 1873 1874// Subset of Nodepool message that has defaults. 1875message NodePoolDefaults { 1876 // Subset of NodeConfig message that has defaults. 1877 NodeConfigDefaults node_config_defaults = 1; 1878} 1879 1880// Subset of NodeConfig message that has defaults. 1881message NodeConfigDefaults { 1882 // GCFS (Google Container File System, also known as Riptide) options. 1883 GcfsConfig gcfs_config = 1; 1884 1885 // Logging configuration for node pools. 1886 NodePoolLoggingConfig logging_config = 3; 1887} 1888 1889// ClusterUpdate describes an update to the cluster. Exactly one update can 1890// be applied to a cluster with each request, so at most one field can be 1891// provided. 1892message ClusterUpdate { 1893 // The Kubernetes version to change the nodes to (typically an 1894 // upgrade). 1895 // 1896 // Users may specify either explicit versions offered by 1897 // Kubernetes Engine or version aliases, which have the following behavior: 1898 // 1899 // - "latest": picks the highest valid Kubernetes version 1900 // - "1.X": picks the highest valid patch+gke.N patch in the 1.X version 1901 // - "1.X.Y": picks the highest valid gke.N patch in the 1.X.Y version 1902 // - "1.X.Y-gke.N": picks an explicit Kubernetes version 1903 // - "-": picks the Kubernetes master version 1904 string desired_node_version = 4; 1905 1906 // The monitoring service the cluster should use to write metrics. 1907 // Currently available options: 1908 // 1909 // * "monitoring.googleapis.com/kubernetes" - The Cloud Monitoring 1910 // service with a Kubernetes-native resource model 1911 // * `monitoring.googleapis.com` - The legacy Cloud Monitoring service (no 1912 // longer available as of GKE 1.15). 1913 // * `none` - No metrics will be exported from the cluster. 1914 // 1915 // If left as an empty string,`monitoring.googleapis.com/kubernetes` will be 1916 // used for GKE 1.14+ or `monitoring.googleapis.com` for earlier versions. 1917 string desired_monitoring_service = 5; 1918 1919 // Configurations for the various addons available to run in the cluster. 1920 AddonsConfig desired_addons_config = 6; 1921 1922 // The node pool to be upgraded. This field is mandatory if 1923 // "desired_node_version", "desired_image_family" or 1924 // "desired_node_pool_autoscaling" is specified and there is more than one 1925 // node pool on the cluster. 1926 string desired_node_pool_id = 7; 1927 1928 // The desired image type for the node pool. 1929 // NOTE: Set the "desired_node_pool" field as well. 1930 string desired_image_type = 8; 1931 1932 // Configuration of etcd encryption. 1933 DatabaseEncryption desired_database_encryption = 46; 1934 1935 // Configuration for Workload Identity. 1936 WorkloadIdentityConfig desired_workload_identity_config = 47; 1937 1938 // Configuration for issuance of mTLS keys and certificates to Kubernetes 1939 // pods. 1940 MeshCertificates desired_mesh_certificates = 67; 1941 1942 // Configuration for Shielded Nodes. 1943 ShieldedNodes desired_shielded_nodes = 48; 1944 1945 // The desired configuration for the fine-grained cost management feature. 1946 CostManagementConfig desired_cost_management_config = 49; 1947 1948 // DNSConfig contains clusterDNS config for this cluster. 1949 DNSConfig desired_dns_config = 53; 1950 1951 // Autoscaler configuration for the node pool specified in 1952 // desired_node_pool_id. If there is only one pool in the 1953 // cluster and desired_node_pool_id is not provided then 1954 // the change applies to that single node pool. 1955 NodePoolAutoscaling desired_node_pool_autoscaling = 9; 1956 1957 // The desired list of Google Compute Engine 1958 // [zones](https://cloud.google.com/compute/docs/zones#available) in which the 1959 // cluster's nodes should be located. 1960 // 1961 // This list must always include the cluster's primary zone. 1962 // 1963 // Warning: changing cluster locations will update the locations of all node 1964 // pools and will result in nodes being added and/or removed. 1965 repeated string desired_locations = 10; 1966 1967 // The desired configuration options for master authorized networks feature. 1968 MasterAuthorizedNetworksConfig desired_master_authorized_networks_config = 12; 1969 1970 // Cluster-level autoscaling configuration. 1971 ClusterAutoscaling desired_cluster_autoscaling = 15; 1972 1973 // The desired configuration options for the Binary Authorization feature. 1974 BinaryAuthorization desired_binary_authorization = 16; 1975 1976 // The logging service the cluster should use to write logs. 1977 // Currently available options: 1978 // 1979 // * `logging.googleapis.com/kubernetes` - The Cloud Logging 1980 // service with a Kubernetes-native resource model 1981 // * `logging.googleapis.com` - The legacy Cloud Logging service (no longer 1982 // available as of GKE 1.15). 1983 // * `none` - no logs will be exported from the cluster. 1984 // 1985 // If left as an empty string,`logging.googleapis.com/kubernetes` will be 1986 // used for GKE 1.14+ or `logging.googleapis.com` for earlier versions. 1987 string desired_logging_service = 19; 1988 1989 // The desired configuration for exporting resource usage. 1990 ResourceUsageExportConfig desired_resource_usage_export_config = 21; 1991 1992 // Cluster-level Vertical Pod Autoscaling configuration. 1993 VerticalPodAutoscaling desired_vertical_pod_autoscaling = 22; 1994 1995 // The desired private cluster configuration. 1996 PrivateClusterConfig desired_private_cluster_config = 25; 1997 1998 // The desired config of Intra-node visibility. 1999 IntraNodeVisibilityConfig desired_intra_node_visibility_config = 26; 2000 2001 // The desired status of whether to disable default sNAT for this cluster. 2002 DefaultSnatStatus desired_default_snat_status = 28; 2003 2004 // The desired release channel configuration. 2005 ReleaseChannel desired_release_channel = 31; 2006 2007 // The desired L4 Internal Load Balancer Subsetting configuration. 2008 ILBSubsettingConfig desired_l4ilb_subsetting_config = 39; 2009 2010 // The desired datapath provider for the cluster. 2011 DatapathProvider desired_datapath_provider = 50; 2012 2013 // The desired state of IPv6 connectivity to Google Services. 2014 PrivateIPv6GoogleAccess desired_private_ipv6_google_access = 51; 2015 2016 // The desired notification configuration. 2017 NotificationConfig desired_notification_config = 55; 2018 2019 // The desired authenticator groups config for the cluster. 2020 AuthenticatorGroupsConfig desired_authenticator_groups_config = 63; 2021 2022 // The desired logging configuration. 2023 LoggingConfig desired_logging_config = 64; 2024 2025 // The desired monitoring configuration. 2026 MonitoringConfig desired_monitoring_config = 65; 2027 2028 // The desired Identity Service component configuration. 2029 IdentityServiceConfig desired_identity_service_config = 66; 2030 2031 // ServiceExternalIPsConfig specifies the config for the use of Services with 2032 // ExternalIPs field. 2033 ServiceExternalIPsConfig desired_service_external_ips_config = 60; 2034 2035 // Enable/Disable private endpoint for the cluster's master. 2036 optional bool desired_enable_private_endpoint = 71; 2037 2038 // The Kubernetes version to change the master to. 2039 // 2040 // Users may specify either explicit versions offered by 2041 // Kubernetes Engine or version aliases, which have the following behavior: 2042 // 2043 // - "latest": picks the highest valid Kubernetes version 2044 // - "1.X": picks the highest valid patch+gke.N patch in the 1.X version 2045 // - "1.X.Y": picks the highest valid gke.N patch in the 1.X.Y version 2046 // - "1.X.Y-gke.N": picks an explicit Kubernetes version 2047 // - "-": picks the default Kubernetes version 2048 string desired_master_version = 100; 2049 2050 // The desired GCFS config for the cluster 2051 GcfsConfig desired_gcfs_config = 109; 2052 2053 // The desired network tags that apply to all auto-provisioned node pools 2054 // in autopilot clusters and node auto-provisioning enabled clusters. 2055 NetworkTags desired_node_pool_auto_config_network_tags = 110; 2056 2057 // The desired config of Gateway API on this cluster. 2058 GatewayAPIConfig desired_gateway_api_config = 114; 2059 2060 // The current etag of the cluster. 2061 // If an etag is provided and does not match the current etag of the cluster, 2062 // update will be blocked and an ABORTED error will be returned. 2063 string etag = 115; 2064 2065 // The desired node pool logging configuration defaults for the cluster. 2066 NodePoolLoggingConfig desired_node_pool_logging_config = 116; 2067 2068 // The desired fleet configuration for the cluster. 2069 Fleet desired_fleet = 117; 2070 2071 // The desired stack type of the cluster. 2072 // If a stack type is provided and does not match the current stack type of 2073 // the cluster, update will attempt to change the stack type to the new type. 2074 StackType desired_stack_type = 119; 2075 2076 // The additional pod ranges to be added to the cluster. These pod ranges 2077 // can be used by node pools to allocate pod IPs. 2078 AdditionalPodRangesConfig additional_pod_ranges_config = 120; 2079 2080 // The additional pod ranges that are to be removed from the cluster. 2081 // The pod ranges specified here must have been specified earlier in the 2082 // 'additional_pod_ranges_config' argument. 2083 AdditionalPodRangesConfig removed_additional_pod_ranges_config = 121; 2084} 2085 2086// AdditionalPodRangesConfig is the configuration for additional pod secondary 2087// ranges supporting the ClusterUpdate message. 2088message AdditionalPodRangesConfig { 2089 // Name for pod secondary ipv4 range which has the actual range defined ahead. 2090 repeated string pod_range_names = 1; 2091} 2092 2093// This operation resource represents operations that may have happened or are 2094// happening on the cluster. All fields are output only. 2095message Operation { 2096 // Current status of the operation. 2097 enum Status { 2098 // Not set. 2099 STATUS_UNSPECIFIED = 0; 2100 2101 // The operation has been created. 2102 PENDING = 1; 2103 2104 // The operation is currently running. 2105 RUNNING = 2; 2106 2107 // The operation is done, either cancelled or completed. 2108 DONE = 3; 2109 2110 // The operation is aborting. 2111 ABORTING = 4; 2112 } 2113 2114 // Operation type categorizes the operation. 2115 enum Type { 2116 // Not set. 2117 TYPE_UNSPECIFIED = 0; 2118 2119 // The cluster is being created. The cluster should be assumed to be 2120 // unusable until the operation finishes. 2121 // 2122 // In the event of the operation failing, the cluster will enter the [ERROR 2123 // state][Cluster.Status.ERROR] and eventually be deleted. 2124 CREATE_CLUSTER = 1; 2125 2126 // The cluster is being deleted. The cluster should be assumed to be 2127 // unusable as soon as this operation starts. 2128 // 2129 // In the event of the operation failing, the cluster will enter the [ERROR 2130 // state][Cluster.Status.ERROR] and the deletion will be automatically 2131 // retried until completed. 2132 DELETE_CLUSTER = 2; 2133 2134 // The [cluster 2135 // version][google.container.v1.ClusterUpdate.desired_master_version] is 2136 // being updated. Note that this includes "upgrades" to the same version, 2137 // which are simply a recreation. This also includes 2138 // [auto-upgrades](https://cloud.google.com/kubernetes-engine/docs/concepts/cluster-upgrades#upgrading_automatically). 2139 // For more details, see [documentation on cluster 2140 // upgrades](https://cloud.google.com/kubernetes-engine/docs/concepts/cluster-upgrades#cluster_upgrades). 2141 UPGRADE_MASTER = 3; 2142 2143 // A node pool is being updated. Despite calling this an "upgrade", this 2144 // includes most forms of updates to node pools. This also includes 2145 // [auto-upgrades](https://cloud.google.com/kubernetes-engine/docs/how-to/node-auto-upgrades). 2146 // 2147 // This operation sets the 2148 // [progress][google.container.v1.Operation.progress] field and may be 2149 // [canceled][google.container.v1.ClusterManager.CancelOperation]. 2150 // 2151 // The upgrade strategy depends on [node pool 2152 // configuration](https://cloud.google.com/kubernetes-engine/docs/concepts/node-pool-upgrade-strategies). 2153 // The nodes are generally still usable during this operation. 2154 UPGRADE_NODES = 4; 2155 2156 // A problem has been detected with the control plane and is being repaired. 2157 // This operation type is initiated by GKE. For more details, see 2158 // [documentation on 2159 // repairs](https://cloud.google.com/kubernetes-engine/docs/concepts/maintenance-windows-and-exclusions#repairs). 2160 REPAIR_CLUSTER = 5; 2161 2162 // The cluster is being updated. This is a broad category of operations and 2163 // includes operations that only change metadata as well as those that must 2164 // recreate the entire cluster. If the control plane must be recreated, this 2165 // will cause temporary downtime for zonal clusters. 2166 // 2167 // Some features require recreating the nodes as well. Those will be 2168 // recreated as separate operations and the update may not be completely 2169 // functional until the node pools recreations finish. Node recreations will 2170 // generally follow [maintenance 2171 // policies](https://cloud.google.com/kubernetes-engine/docs/concepts/maintenance-windows-and-exclusions). 2172 // 2173 // Some GKE-initiated operations use this type. This includes certain types 2174 // of auto-upgrades and incident mitigations. 2175 UPDATE_CLUSTER = 6; 2176 2177 // A node pool is being created. The node pool should be assumed to be 2178 // unusable until this operation finishes. In the event of an error, the 2179 // node pool may be partially created. 2180 // 2181 // If enabled, [node 2182 // autoprovisioning](https://cloud.google.com/kubernetes-engine/docs/how-to/node-auto-provisioning) 2183 // may have automatically initiated such operations. 2184 CREATE_NODE_POOL = 7; 2185 2186 // The node pool is being deleted. The node pool should be assumed to be 2187 // unusable as soon as this operation starts. 2188 DELETE_NODE_POOL = 8; 2189 2190 // The node pool's [manamagent][google.container.v1.NodePool.management] 2191 // field is being updated. These operations only update metadata and may be 2192 // concurrent with most other operations. 2193 SET_NODE_POOL_MANAGEMENT = 9; 2194 2195 // A problem has been detected with nodes and [they are being 2196 // repaired](https://cloud.google.com/kubernetes-engine/docs/how-to/node-auto-repair). 2197 // This operation type is initiated by GKE, typically automatically. This 2198 // operation may be concurrent with other operations and there may be 2199 // multiple repairs occurring on the same node pool. 2200 AUTO_REPAIR_NODES = 10; 2201 2202 // Unused. Automatic node upgrade uses 2203 // [UPGRADE_NODES][google.container.v1.Operation.Type.UPGRADE_NODES]. 2204 AUTO_UPGRADE_NODES = 11 [deprecated = true]; 2205 2206 // Unused. Updating labels uses 2207 // [UPDATE_CLUSTER][google.container.v1.Operation.Type.UPDATE_CLUSTER]. 2208 SET_LABELS = 12 [deprecated = true]; 2209 2210 // Unused. Updating master auth uses 2211 // [UPDATE_CLUSTER][google.container.v1.Operation.Type.UPDATE_CLUSTER]. 2212 SET_MASTER_AUTH = 13 [deprecated = true]; 2213 2214 // The node pool is being resized. With the exception of resizing to or from 2215 // size zero, the node pool is generally usable during this operation. 2216 SET_NODE_POOL_SIZE = 14; 2217 2218 // Unused. Updating network policy uses 2219 // [UPDATE_CLUSTER][google.container.v1.Operation.Type.UPDATE_CLUSTER]. 2220 SET_NETWORK_POLICY = 15 [deprecated = true]; 2221 2222 // Unused. Updating maintenance policy uses 2223 // [UPDATE_CLUSTER][google.container.v1.Operation.Type.UPDATE_CLUSTER]. 2224 SET_MAINTENANCE_POLICY = 16 [deprecated = true]; 2225 2226 // The control plane is being resized. This operation type is initiated by 2227 // GKE. These operations are often performed preemptively to ensure that the 2228 // control plane has sufficient resources and is not typically an indication 2229 // of issues. For more details, see 2230 // [documentation on 2231 // resizes](https://cloud.google.com/kubernetes-engine/docs/concepts/maintenance-windows-and-exclusions#repairs). 2232 RESIZE_CLUSTER = 18; 2233 } 2234 2235 // The server-assigned ID for the operation. 2236 string name = 1; 2237 2238 // The name of the Google Compute Engine 2239 // [zone](https://cloud.google.com/compute/docs/zones#available) in which the 2240 // operation is taking place. This field is deprecated, use location instead. 2241 string zone = 2 [deprecated = true]; 2242 2243 // The operation type. 2244 Type operation_type = 3; 2245 2246 // The current status of the operation. 2247 Status status = 4; 2248 2249 // Detailed operation progress, if available. 2250 string detail = 8; 2251 2252 // Output only. If an error has occurred, a textual description of the error. 2253 // Deprecated. Use the field error instead. 2254 string status_message = 5 2255 [deprecated = true, (google.api.field_behavior) = OUTPUT_ONLY]; 2256 2257 // Server-defined URI for the operation. Example: 2258 // `https://container.googleapis.com/v1alpha1/projects/123/locations/us-central1/operations/operation-123`. 2259 string self_link = 6; 2260 2261 // Server-defined URI for the target of the operation. The format of this is a 2262 // URI to the resource being modified (such as a cluster, node pool, or node). 2263 // For node pool repairs, there may be multiple nodes being repaired, but only 2264 // one will be the target. 2265 // 2266 // Examples: 2267 // 2268 // - 2269 // `https://container.googleapis.com/v1/projects/123/locations/us-central1/clusters/my-cluster` 2270 // - 2271 // `https://container.googleapis.com/v1/projects/123/zones/us-central1-c/clusters/my-cluster/nodePools/my-np` 2272 // - 2273 // `https://container.googleapis.com/v1/projects/123/zones/us-central1-c/clusters/my-cluster/nodePools/my-np/node/my-node` 2274 string target_link = 7; 2275 2276 // [Output only] The name of the Google Compute Engine 2277 // [zone](https://cloud.google.com/compute/docs/regions-zones/regions-zones#available) 2278 // or 2279 // [region](https://cloud.google.com/compute/docs/regions-zones/regions-zones#available) 2280 // in which the cluster resides. 2281 string location = 9; 2282 2283 // [Output only] The time the operation started, in 2284 // [RFC3339](https://www.ietf.org/rfc/rfc3339.txt) text format. 2285 string start_time = 10; 2286 2287 // [Output only] The time the operation completed, in 2288 // [RFC3339](https://www.ietf.org/rfc/rfc3339.txt) text format. 2289 string end_time = 11; 2290 2291 // Output only. [Output only] Progress information for an operation. 2292 OperationProgress progress = 12 [(google.api.field_behavior) = OUTPUT_ONLY]; 2293 2294 // Which conditions caused the current cluster state. 2295 // Deprecated. Use field error instead. 2296 repeated StatusCondition cluster_conditions = 13 [deprecated = true]; 2297 2298 // Which conditions caused the current node pool state. 2299 // Deprecated. Use field error instead. 2300 repeated StatusCondition nodepool_conditions = 14 [deprecated = true]; 2301 2302 // The error result of the operation in case of failure. 2303 google.rpc.Status error = 15; 2304} 2305 2306// Information about operation (or operation stage) progress. 2307message OperationProgress { 2308 // Progress metric is (string, int|float|string) pair. 2309 message Metric { 2310 // Required. Metric name, e.g., "nodes total", "percent done". 2311 string name = 1 [(google.api.field_behavior) = REQUIRED]; 2312 2313 // Strictly one of the values is required. 2314 oneof value { 2315 // For metrics with integer value. 2316 int64 int_value = 2; 2317 2318 // For metrics with floating point value. 2319 double double_value = 3; 2320 2321 // For metrics with custom values (ratios, visual progress, etc.). 2322 string string_value = 4; 2323 } 2324 } 2325 2326 // A non-parameterized string describing an operation stage. 2327 // Unset for single-stage operations. 2328 string name = 1; 2329 2330 // Status of an operation stage. 2331 // Unset for single-stage operations. 2332 Operation.Status status = 2; 2333 2334 // Progress metric bundle, for example: 2335 // metrics: [{name: "nodes done", int_value: 15}, 2336 // {name: "nodes total", int_value: 32}] 2337 // or 2338 // metrics: [{name: "progress", double_value: 0.56}, 2339 // {name: "progress scale", double_value: 1.0}] 2340 repeated Metric metrics = 3; 2341 2342 // Substages of an operation or a stage. 2343 repeated OperationProgress stages = 4; 2344} 2345 2346// CreateClusterRequest creates a cluster. 2347message CreateClusterRequest { 2348 // Deprecated. The Google Developers Console [project ID or project 2349 // number](https://cloud.google.com/resource-manager/docs/creating-managing-projects). 2350 // This field has been deprecated and replaced by the parent field. 2351 string project_id = 1 [deprecated = true]; 2352 2353 // Deprecated. The name of the Google Compute Engine 2354 // [zone](https://cloud.google.com/compute/docs/zones#available) in which the 2355 // cluster resides. This field has been deprecated and replaced by the parent 2356 // field. 2357 string zone = 2 [deprecated = true]; 2358 2359 // Required. A [cluster 2360 // resource](https://cloud.google.com/container-engine/reference/rest/v1/projects.locations.clusters) 2361 Cluster cluster = 3 [(google.api.field_behavior) = REQUIRED]; 2362 2363 // The parent (project and location) where the cluster will be created. 2364 // Specified in the format `projects/*/locations/*`. 2365 string parent = 5; 2366} 2367 2368// GetClusterRequest gets the settings of a cluster. 2369message GetClusterRequest { 2370 // Deprecated. The Google Developers Console [project ID or project 2371 // number](https://cloud.google.com/resource-manager/docs/creating-managing-projects). 2372 // This field has been deprecated and replaced by the name field. 2373 string project_id = 1 [deprecated = true]; 2374 2375 // Deprecated. The name of the Google Compute Engine 2376 // [zone](https://cloud.google.com/compute/docs/zones#available) in which the 2377 // cluster resides. This field has been deprecated and replaced by the name 2378 // field. 2379 string zone = 2 [deprecated = true]; 2380 2381 // Deprecated. The name of the cluster to retrieve. 2382 // This field has been deprecated and replaced by the name field. 2383 string cluster_id = 3 [deprecated = true]; 2384 2385 // The name (project, location, cluster) of the cluster to retrieve. 2386 // Specified in the format `projects/*/locations/*/clusters/*`. 2387 string name = 5; 2388} 2389 2390// UpdateClusterRequest updates the settings of a cluster. 2391message UpdateClusterRequest { 2392 // Deprecated. The Google Developers Console [project ID or project 2393 // number](https://cloud.google.com/resource-manager/docs/creating-managing-projects). 2394 // This field has been deprecated and replaced by the name field. 2395 string project_id = 1 [deprecated = true]; 2396 2397 // Deprecated. The name of the Google Compute Engine 2398 // [zone](https://cloud.google.com/compute/docs/zones#available) in which the 2399 // cluster resides. This field has been deprecated and replaced by the name 2400 // field. 2401 string zone = 2 [deprecated = true]; 2402 2403 // Deprecated. The name of the cluster to upgrade. 2404 // This field has been deprecated and replaced by the name field. 2405 string cluster_id = 3 [deprecated = true]; 2406 2407 // Required. A description of the update. 2408 ClusterUpdate update = 4 [(google.api.field_behavior) = REQUIRED]; 2409 2410 // The name (project, location, cluster) of the cluster to update. 2411 // Specified in the format `projects/*/locations/*/clusters/*`. 2412 string name = 5; 2413} 2414 2415// UpdateNodePoolRequests update a node pool's image and/or version. 2416message UpdateNodePoolRequest { 2417 // Deprecated. The Google Developers Console [project ID or project 2418 // number](https://cloud.google.com/resource-manager/docs/creating-managing-projects). 2419 // This field has been deprecated and replaced by the name field. 2420 string project_id = 1 [deprecated = true]; 2421 2422 // Deprecated. The name of the Google Compute Engine 2423 // [zone](https://cloud.google.com/compute/docs/zones#available) in which the 2424 // cluster resides. This field has been deprecated and replaced by the name 2425 // field. 2426 string zone = 2 [deprecated = true]; 2427 2428 // Deprecated. The name of the cluster to upgrade. 2429 // This field has been deprecated and replaced by the name field. 2430 string cluster_id = 3 [deprecated = true]; 2431 2432 // Deprecated. The name of the node pool to upgrade. 2433 // This field has been deprecated and replaced by the name field. 2434 string node_pool_id = 4 [deprecated = true]; 2435 2436 // Required. The Kubernetes version to change the nodes to (typically an 2437 // upgrade). 2438 // 2439 // Users may specify either explicit versions offered by Kubernetes Engine or 2440 // version aliases, which have the following behavior: 2441 // 2442 // - "latest": picks the highest valid Kubernetes version 2443 // - "1.X": picks the highest valid patch+gke.N patch in the 1.X version 2444 // - "1.X.Y": picks the highest valid gke.N patch in the 1.X.Y version 2445 // - "1.X.Y-gke.N": picks an explicit Kubernetes version 2446 // - "-": picks the Kubernetes master version 2447 string node_version = 5 [(google.api.field_behavior) = REQUIRED]; 2448 2449 // Required. The desired image type for the node pool. Please see 2450 // https://cloud.google.com/kubernetes-engine/docs/concepts/node-images for 2451 // available image types. 2452 string image_type = 6 [(google.api.field_behavior) = REQUIRED]; 2453 2454 // The name (project, location, cluster, node pool) of the node pool to 2455 // update. Specified in the format 2456 // `projects/*/locations/*/clusters/*/nodePools/*`. 2457 string name = 8; 2458 2459 // The desired list of Google Compute Engine 2460 // [zones](https://cloud.google.com/compute/docs/zones#available) in which the 2461 // node pool's nodes should be located. Changing the locations for a node pool 2462 // will result in nodes being either created or removed from the node pool, 2463 // depending on whether locations are being added or removed. 2464 repeated string locations = 13; 2465 2466 // The desired workload metadata config for the node pool. 2467 WorkloadMetadataConfig workload_metadata_config = 14; 2468 2469 // Upgrade settings control disruption and speed of the upgrade. 2470 NodePool.UpgradeSettings upgrade_settings = 15; 2471 2472 // The desired network tags to be applied to all nodes in the node pool. 2473 // If this field is not present, the tags will not be changed. Otherwise, 2474 // the existing network tags will be *replaced* with the provided tags. 2475 NetworkTags tags = 16; 2476 2477 // The desired node taints to be applied to all nodes in the node pool. 2478 // If this field is not present, the taints will not be changed. Otherwise, 2479 // the existing node taints will be *replaced* with the provided taints. 2480 NodeTaints taints = 17; 2481 2482 // The desired node labels to be applied to all nodes in the node pool. 2483 // If this field is not present, the labels will not be changed. Otherwise, 2484 // the existing node labels will be *replaced* with the provided labels. 2485 NodeLabels labels = 18; 2486 2487 // Parameters that can be configured on Linux nodes. 2488 LinuxNodeConfig linux_node_config = 19; 2489 2490 // Node kubelet configs. 2491 NodeKubeletConfig kubelet_config = 20; 2492 2493 // Node network config. 2494 NodeNetworkConfig node_network_config = 21; 2495 2496 // GCFS config. 2497 GcfsConfig gcfs_config = 22; 2498 2499 // Confidential nodes config. 2500 // All the nodes in the node pool will be Confidential VM once enabled. 2501 ConfidentialNodes confidential_nodes = 23; 2502 2503 // Enable or disable gvnic on the node pool. 2504 VirtualNIC gvnic = 29; 2505 2506 // The current etag of the node pool. 2507 // If an etag is provided and does not match the current etag of the node 2508 // pool, update will be blocked and an ABORTED error will be returned. 2509 string etag = 30; 2510 2511 // Enable or disable NCCL fast socket for the node pool. 2512 FastSocket fast_socket = 31; 2513 2514 // Logging configuration. 2515 NodePoolLoggingConfig logging_config = 32; 2516 2517 // The resource labels for the node pool to use to annotate any related 2518 // Google Compute Engine resources. 2519 ResourceLabels resource_labels = 33; 2520 2521 // Parameters that can be configured on Windows nodes. 2522 WindowsNodeConfig windows_node_config = 34; 2523} 2524 2525// SetNodePoolAutoscalingRequest sets the autoscaler settings of a node pool. 2526message SetNodePoolAutoscalingRequest { 2527 // Deprecated. The Google Developers Console [project ID or project 2528 // number](https://cloud.google.com/resource-manager/docs/creating-managing-projects). 2529 // This field has been deprecated and replaced by the name field. 2530 string project_id = 1 [deprecated = true]; 2531 2532 // Deprecated. The name of the Google Compute Engine 2533 // [zone](https://cloud.google.com/compute/docs/zones#available) in which the 2534 // cluster resides. This field has been deprecated and replaced by the name 2535 // field. 2536 string zone = 2 [deprecated = true]; 2537 2538 // Deprecated. The name of the cluster to upgrade. 2539 // This field has been deprecated and replaced by the name field. 2540 string cluster_id = 3 [deprecated = true]; 2541 2542 // Deprecated. The name of the node pool to upgrade. 2543 // This field has been deprecated and replaced by the name field. 2544 string node_pool_id = 4 [deprecated = true]; 2545 2546 // Required. Autoscaling configuration for the node pool. 2547 NodePoolAutoscaling autoscaling = 5 [(google.api.field_behavior) = REQUIRED]; 2548 2549 // The name (project, location, cluster, node pool) of the node pool to set 2550 // autoscaler settings. Specified in the format 2551 // `projects/*/locations/*/clusters/*/nodePools/*`. 2552 string name = 6; 2553} 2554 2555// SetLoggingServiceRequest sets the logging service of a cluster. 2556message SetLoggingServiceRequest { 2557 // Deprecated. The Google Developers Console [project ID or project 2558 // number](https://cloud.google.com/resource-manager/docs/creating-managing-projects). 2559 // This field has been deprecated and replaced by the name field. 2560 string project_id = 1 [deprecated = true]; 2561 2562 // Deprecated. The name of the Google Compute Engine 2563 // [zone](https://cloud.google.com/compute/docs/zones#available) in which the 2564 // cluster resides. This field has been deprecated and replaced by the name 2565 // field. 2566 string zone = 2 [deprecated = true]; 2567 2568 // Deprecated. The name of the cluster to upgrade. 2569 // This field has been deprecated and replaced by the name field. 2570 string cluster_id = 3 [deprecated = true]; 2571 2572 // Required. The logging service the cluster should use to write logs. 2573 // Currently available options: 2574 // 2575 // * `logging.googleapis.com/kubernetes` - The Cloud Logging 2576 // service with a Kubernetes-native resource model 2577 // * `logging.googleapis.com` - The legacy Cloud Logging service (no longer 2578 // available as of GKE 1.15). 2579 // * `none` - no logs will be exported from the cluster. 2580 // 2581 // If left as an empty string,`logging.googleapis.com/kubernetes` will be 2582 // used for GKE 1.14+ or `logging.googleapis.com` for earlier versions. 2583 string logging_service = 4 [(google.api.field_behavior) = REQUIRED]; 2584 2585 // The name (project, location, cluster) of the cluster to set logging. 2586 // Specified in the format `projects/*/locations/*/clusters/*`. 2587 string name = 5; 2588} 2589 2590// SetMonitoringServiceRequest sets the monitoring service of a cluster. 2591message SetMonitoringServiceRequest { 2592 // Deprecated. The Google Developers Console [project ID or project 2593 // number](https://cloud.google.com/resource-manager/docs/creating-managing-projects). 2594 // This field has been deprecated and replaced by the name field. 2595 string project_id = 1 [deprecated = true]; 2596 2597 // Deprecated. The name of the Google Compute Engine 2598 // [zone](https://cloud.google.com/compute/docs/zones#available) in which the 2599 // cluster resides. This field has been deprecated and replaced by the name 2600 // field. 2601 string zone = 2 [deprecated = true]; 2602 2603 // Deprecated. The name of the cluster to upgrade. 2604 // This field has been deprecated and replaced by the name field. 2605 string cluster_id = 3 [deprecated = true]; 2606 2607 // Required. The monitoring service the cluster should use to write metrics. 2608 // Currently available options: 2609 // 2610 // * "monitoring.googleapis.com/kubernetes" - The Cloud Monitoring 2611 // service with a Kubernetes-native resource model 2612 // * `monitoring.googleapis.com` - The legacy Cloud Monitoring service (no 2613 // longer available as of GKE 1.15). 2614 // * `none` - No metrics will be exported from the cluster. 2615 // 2616 // If left as an empty string,`monitoring.googleapis.com/kubernetes` will be 2617 // used for GKE 1.14+ or `monitoring.googleapis.com` for earlier versions. 2618 string monitoring_service = 4 [(google.api.field_behavior) = REQUIRED]; 2619 2620 // The name (project, location, cluster) of the cluster to set monitoring. 2621 // Specified in the format `projects/*/locations/*/clusters/*`. 2622 string name = 6; 2623} 2624 2625// SetAddonsConfigRequest sets the addons associated with the cluster. 2626message SetAddonsConfigRequest { 2627 // Deprecated. The Google Developers Console [project ID or project 2628 // number](https://cloud.google.com/resource-manager/docs/creating-managing-projects). 2629 // This field has been deprecated and replaced by the name field. 2630 string project_id = 1 [deprecated = true]; 2631 2632 // Deprecated. The name of the Google Compute Engine 2633 // [zone](https://cloud.google.com/compute/docs/zones#available) in which the 2634 // cluster resides. This field has been deprecated and replaced by the name 2635 // field. 2636 string zone = 2 [deprecated = true]; 2637 2638 // Deprecated. The name of the cluster to upgrade. 2639 // This field has been deprecated and replaced by the name field. 2640 string cluster_id = 3 [deprecated = true]; 2641 2642 // Required. The desired configurations for the various addons available to 2643 // run in the cluster. 2644 AddonsConfig addons_config = 4 [(google.api.field_behavior) = REQUIRED]; 2645 2646 // The name (project, location, cluster) of the cluster to set addons. 2647 // Specified in the format `projects/*/locations/*/clusters/*`. 2648 string name = 6; 2649} 2650 2651// SetLocationsRequest sets the locations of the cluster. 2652message SetLocationsRequest { 2653 // Deprecated. The Google Developers Console [project ID or project 2654 // number](https://cloud.google.com/resource-manager/docs/creating-managing-projects). 2655 // This field has been deprecated and replaced by the name field. 2656 string project_id = 1 [deprecated = true]; 2657 2658 // Deprecated. The name of the Google Compute Engine 2659 // [zone](https://cloud.google.com/compute/docs/zones#available) in which the 2660 // cluster resides. This field has been deprecated and replaced by the name 2661 // field. 2662 string zone = 2 [deprecated = true]; 2663 2664 // Deprecated. The name of the cluster to upgrade. 2665 // This field has been deprecated and replaced by the name field. 2666 string cluster_id = 3 [deprecated = true]; 2667 2668 // Required. The desired list of Google Compute Engine 2669 // [zones](https://cloud.google.com/compute/docs/zones#available) in which the 2670 // cluster's nodes should be located. Changing the locations a cluster is in 2671 // will result in nodes being either created or removed from the cluster, 2672 // depending on whether locations are being added or removed. 2673 // 2674 // This list must always include the cluster's primary zone. 2675 repeated string locations = 4 [(google.api.field_behavior) = REQUIRED]; 2676 2677 // The name (project, location, cluster) of the cluster to set locations. 2678 // Specified in the format `projects/*/locations/*/clusters/*`. 2679 string name = 6; 2680} 2681 2682// UpdateMasterRequest updates the master of the cluster. 2683message UpdateMasterRequest { 2684 // Deprecated. The Google Developers Console [project ID or project 2685 // number](https://cloud.google.com/resource-manager/docs/creating-managing-projects). 2686 // This field has been deprecated and replaced by the name field. 2687 string project_id = 1 [deprecated = true]; 2688 2689 // Deprecated. The name of the Google Compute Engine 2690 // [zone](https://cloud.google.com/compute/docs/zones#available) in which the 2691 // cluster resides. This field has been deprecated and replaced by the name 2692 // field. 2693 string zone = 2 [deprecated = true]; 2694 2695 // Deprecated. The name of the cluster to upgrade. 2696 // This field has been deprecated and replaced by the name field. 2697 string cluster_id = 3 [deprecated = true]; 2698 2699 // Required. The Kubernetes version to change the master to. 2700 // 2701 // Users may specify either explicit versions offered by Kubernetes Engine or 2702 // version aliases, which have the following behavior: 2703 // 2704 // - "latest": picks the highest valid Kubernetes version 2705 // - "1.X": picks the highest valid patch+gke.N patch in the 1.X version 2706 // - "1.X.Y": picks the highest valid gke.N patch in the 1.X.Y version 2707 // - "1.X.Y-gke.N": picks an explicit Kubernetes version 2708 // - "-": picks the default Kubernetes version 2709 string master_version = 4 [(google.api.field_behavior) = REQUIRED]; 2710 2711 // The name (project, location, cluster) of the cluster to update. 2712 // Specified in the format `projects/*/locations/*/clusters/*`. 2713 string name = 7; 2714} 2715 2716// SetMasterAuthRequest updates the admin password of a cluster. 2717message SetMasterAuthRequest { 2718 // Operation type: what type update to perform. 2719 enum Action { 2720 // Operation is unknown and will error out. 2721 UNKNOWN = 0; 2722 2723 // Set the password to a user generated value. 2724 SET_PASSWORD = 1; 2725 2726 // Generate a new password and set it to that. 2727 GENERATE_PASSWORD = 2; 2728 2729 // Set the username. If an empty username is provided, basic authentication 2730 // is disabled for the cluster. If a non-empty username is provided, basic 2731 // authentication is enabled, with either a provided password or a generated 2732 // one. 2733 SET_USERNAME = 3; 2734 } 2735 2736 // Deprecated. The Google Developers Console [project ID or project 2737 // number](https://cloud.google.com/resource-manager/docs/creating-managing-projects). 2738 // This field has been deprecated and replaced by the name field. 2739 string project_id = 1 [deprecated = true]; 2740 2741 // Deprecated. The name of the Google Compute Engine 2742 // [zone](https://cloud.google.com/compute/docs/zones#available) in which the 2743 // cluster resides. This field has been deprecated and replaced by the name 2744 // field. 2745 string zone = 2 [deprecated = true]; 2746 2747 // Deprecated. The name of the cluster to upgrade. 2748 // This field has been deprecated and replaced by the name field. 2749 string cluster_id = 3 [deprecated = true]; 2750 2751 // Required. The exact form of action to be taken on the master auth. 2752 Action action = 4 [(google.api.field_behavior) = REQUIRED]; 2753 2754 // Required. A description of the update. 2755 MasterAuth update = 5 [(google.api.field_behavior) = REQUIRED]; 2756 2757 // The name (project, location, cluster) of the cluster to set auth. 2758 // Specified in the format `projects/*/locations/*/clusters/*`. 2759 string name = 7; 2760} 2761 2762// DeleteClusterRequest deletes a cluster. 2763message DeleteClusterRequest { 2764 // Deprecated. The Google Developers Console [project ID or project 2765 // number](https://cloud.google.com/resource-manager/docs/creating-managing-projects). 2766 // This field has been deprecated and replaced by the name field. 2767 string project_id = 1 [deprecated = true]; 2768 2769 // Deprecated. The name of the Google Compute Engine 2770 // [zone](https://cloud.google.com/compute/docs/zones#available) in which the 2771 // cluster resides. This field has been deprecated and replaced by the name 2772 // field. 2773 string zone = 2 [deprecated = true]; 2774 2775 // Deprecated. The name of the cluster to delete. 2776 // This field has been deprecated and replaced by the name field. 2777 string cluster_id = 3 [deprecated = true]; 2778 2779 // The name (project, location, cluster) of the cluster to delete. 2780 // Specified in the format `projects/*/locations/*/clusters/*`. 2781 string name = 4; 2782} 2783 2784// ListClustersRequest lists clusters. 2785message ListClustersRequest { 2786 // Deprecated. The Google Developers Console [project ID or project 2787 // number](https://cloud.google.com/resource-manager/docs/creating-managing-projects). 2788 // This field has been deprecated and replaced by the parent field. 2789 string project_id = 1 [deprecated = true]; 2790 2791 // Deprecated. The name of the Google Compute Engine 2792 // [zone](https://cloud.google.com/compute/docs/zones#available) in which the 2793 // cluster resides, or "-" for all zones. This field has been deprecated and 2794 // replaced by the parent field. 2795 string zone = 2 [deprecated = true]; 2796 2797 // The parent (project and location) where the clusters will be listed. 2798 // Specified in the format `projects/*/locations/*`. 2799 // Location "-" matches all zones and all regions. 2800 string parent = 4; 2801} 2802 2803// ListClustersResponse is the result of ListClustersRequest. 2804message ListClustersResponse { 2805 // A list of clusters in the project in the specified zone, or 2806 // across all ones. 2807 repeated Cluster clusters = 1; 2808 2809 // If any zones are listed here, the list of clusters returned 2810 // may be missing those zones. 2811 repeated string missing_zones = 2; 2812} 2813 2814// GetOperationRequest gets a single operation. 2815message GetOperationRequest { 2816 // Deprecated. The Google Developers Console [project ID or project 2817 // number](https://cloud.google.com/resource-manager/docs/creating-managing-projects). 2818 // This field has been deprecated and replaced by the name field. 2819 string project_id = 1 [deprecated = true]; 2820 2821 // Deprecated. The name of the Google Compute Engine 2822 // [zone](https://cloud.google.com/compute/docs/zones#available) in which the 2823 // cluster resides. This field has been deprecated and replaced by the name 2824 // field. 2825 string zone = 2 [deprecated = true]; 2826 2827 // Deprecated. The server-assigned `name` of the operation. 2828 // This field has been deprecated and replaced by the name field. 2829 string operation_id = 3 [deprecated = true]; 2830 2831 // The name (project, location, operation id) of the operation to get. 2832 // Specified in the format `projects/*/locations/*/operations/*`. 2833 string name = 5; 2834} 2835 2836// ListOperationsRequest lists operations. 2837message ListOperationsRequest { 2838 // Deprecated. The Google Developers Console [project ID or project 2839 // number](https://cloud.google.com/resource-manager/docs/creating-managing-projects). 2840 // This field has been deprecated and replaced by the parent field. 2841 string project_id = 1 [deprecated = true]; 2842 2843 // Deprecated. The name of the Google Compute Engine 2844 // [zone](https://cloud.google.com/compute/docs/zones#available) to return 2845 // operations for, or `-` for all zones. This field has been deprecated and 2846 // replaced by the parent field. 2847 string zone = 2 [deprecated = true]; 2848 2849 // The parent (project and location) where the operations will be listed. 2850 // Specified in the format `projects/*/locations/*`. 2851 // Location "-" matches all zones and all regions. 2852 string parent = 4; 2853} 2854 2855// CancelOperationRequest cancels a single operation. 2856message CancelOperationRequest { 2857 // Deprecated. The Google Developers Console [project ID or project 2858 // number](https://cloud.google.com/resource-manager/docs/creating-managing-projects). 2859 // This field has been deprecated and replaced by the name field. 2860 string project_id = 1 [deprecated = true]; 2861 2862 // Deprecated. The name of the Google Compute Engine 2863 // [zone](https://cloud.google.com/compute/docs/zones#available) in which the 2864 // operation resides. This field has been deprecated and replaced by the name 2865 // field. 2866 string zone = 2 [deprecated = true]; 2867 2868 // Deprecated. The server-assigned `name` of the operation. 2869 // This field has been deprecated and replaced by the name field. 2870 string operation_id = 3 [deprecated = true]; 2871 2872 // The name (project, location, operation id) of the operation to cancel. 2873 // Specified in the format `projects/*/locations/*/operations/*`. 2874 string name = 4; 2875} 2876 2877// ListOperationsResponse is the result of ListOperationsRequest. 2878message ListOperationsResponse { 2879 // A list of operations in the project in the specified zone. 2880 repeated Operation operations = 1; 2881 2882 // If any zones are listed here, the list of operations returned 2883 // may be missing the operations from those zones. 2884 repeated string missing_zones = 2; 2885} 2886 2887// Gets the current Kubernetes Engine service configuration. 2888message GetServerConfigRequest { 2889 // Deprecated. The Google Developers Console [project ID or project 2890 // number](https://cloud.google.com/resource-manager/docs/creating-managing-projects). 2891 // This field has been deprecated and replaced by the name field. 2892 string project_id = 1 [deprecated = true]; 2893 2894 // Deprecated. The name of the Google Compute Engine 2895 // [zone](https://cloud.google.com/compute/docs/zones#available) to return 2896 // operations for. This field has been deprecated and replaced by the name 2897 // field. 2898 string zone = 2 [deprecated = true]; 2899 2900 // The name (project and location) of the server config to get, 2901 // specified in the format `projects/*/locations/*`. 2902 string name = 4; 2903} 2904 2905// Kubernetes Engine service configuration. 2906message ServerConfig { 2907 // ReleaseChannelConfig exposes configuration for a release channel. 2908 message ReleaseChannelConfig { 2909 // The release channel this configuration applies to. 2910 ReleaseChannel.Channel channel = 1; 2911 2912 // The default version for newly created clusters on the channel. 2913 string default_version = 2; 2914 2915 // List of valid versions for the channel. 2916 repeated string valid_versions = 4; 2917 } 2918 2919 // Version of Kubernetes the service deploys by default. 2920 string default_cluster_version = 1; 2921 2922 // List of valid node upgrade target versions, in descending order. 2923 repeated string valid_node_versions = 3; 2924 2925 // Default image type. 2926 string default_image_type = 4; 2927 2928 // List of valid image types. 2929 repeated string valid_image_types = 5; 2930 2931 // List of valid master versions, in descending order. 2932 repeated string valid_master_versions = 6; 2933 2934 // List of release channel configurations. 2935 repeated ReleaseChannelConfig channels = 9; 2936} 2937 2938// CreateNodePoolRequest creates a node pool for a cluster. 2939message CreateNodePoolRequest { 2940 // Deprecated. The Google Developers Console [project ID or project 2941 // number](https://cloud.google.com/resource-manager/docs/creating-managing-projects). 2942 // This field has been deprecated and replaced by the parent field. 2943 string project_id = 1 [deprecated = true]; 2944 2945 // Deprecated. The name of the Google Compute Engine 2946 // [zone](https://cloud.google.com/compute/docs/zones#available) in which the 2947 // cluster resides. This field has been deprecated and replaced by the parent 2948 // field. 2949 string zone = 2 [deprecated = true]; 2950 2951 // Deprecated. The name of the cluster. 2952 // This field has been deprecated and replaced by the parent field. 2953 string cluster_id = 3 [deprecated = true]; 2954 2955 // Required. The node pool to create. 2956 NodePool node_pool = 4 [(google.api.field_behavior) = REQUIRED]; 2957 2958 // The parent (project, location, cluster name) where the node pool will be 2959 // created. Specified in the format 2960 // `projects/*/locations/*/clusters/*`. 2961 string parent = 6; 2962} 2963 2964// DeleteNodePoolRequest deletes a node pool for a cluster. 2965message DeleteNodePoolRequest { 2966 // Deprecated. The Google Developers Console [project ID or project 2967 // number](https://cloud.google.com/resource-manager/docs/creating-managing-projects). 2968 // This field has been deprecated and replaced by the name field. 2969 string project_id = 1 [deprecated = true]; 2970 2971 // Deprecated. The name of the Google Compute Engine 2972 // [zone](https://cloud.google.com/compute/docs/zones#available) in which the 2973 // cluster resides. This field has been deprecated and replaced by the name 2974 // field. 2975 string zone = 2 [deprecated = true]; 2976 2977 // Deprecated. The name of the cluster. 2978 // This field has been deprecated and replaced by the name field. 2979 string cluster_id = 3 [deprecated = true]; 2980 2981 // Deprecated. The name of the node pool to delete. 2982 // This field has been deprecated and replaced by the name field. 2983 string node_pool_id = 4 [deprecated = true]; 2984 2985 // The name (project, location, cluster, node pool id) of the node pool to 2986 // delete. Specified in the format 2987 // `projects/*/locations/*/clusters/*/nodePools/*`. 2988 string name = 6; 2989} 2990 2991// ListNodePoolsRequest lists the node pool(s) for a cluster. 2992message ListNodePoolsRequest { 2993 // Deprecated. The Google Developers Console [project ID or project 2994 // number](https://cloud.google.com/resource-manager/docs/creating-managing-projects). 2995 // This field has been deprecated and replaced by the parent field. 2996 string project_id = 1 [deprecated = true]; 2997 2998 // Deprecated. The name of the Google Compute Engine 2999 // [zone](https://cloud.google.com/compute/docs/zones#available) in which the 3000 // cluster resides. This field has been deprecated and replaced by the parent 3001 // field. 3002 string zone = 2 [deprecated = true]; 3003 3004 // Deprecated. The name of the cluster. 3005 // This field has been deprecated and replaced by the parent field. 3006 string cluster_id = 3 [deprecated = true]; 3007 3008 // The parent (project, location, cluster name) where the node pools will be 3009 // listed. Specified in the format `projects/*/locations/*/clusters/*`. 3010 string parent = 5; 3011} 3012 3013// GetNodePoolRequest retrieves a node pool for a cluster. 3014message GetNodePoolRequest { 3015 // Deprecated. The Google Developers Console [project ID or project 3016 // number](https://cloud.google.com/resource-manager/docs/creating-managing-projects). 3017 // This field has been deprecated and replaced by the name field. 3018 string project_id = 1 [deprecated = true]; 3019 3020 // Deprecated. The name of the Google Compute Engine 3021 // [zone](https://cloud.google.com/compute/docs/zones#available) in which the 3022 // cluster resides. This field has been deprecated and replaced by the name 3023 // field. 3024 string zone = 2 [deprecated = true]; 3025 3026 // Deprecated. The name of the cluster. 3027 // This field has been deprecated and replaced by the name field. 3028 string cluster_id = 3 [deprecated = true]; 3029 3030 // Deprecated. The name of the node pool. 3031 // This field has been deprecated and replaced by the name field. 3032 string node_pool_id = 4 [deprecated = true]; 3033 3034 // The name (project, location, cluster, node pool id) of the node pool to 3035 // get. Specified in the format 3036 // `projects/*/locations/*/clusters/*/nodePools/*`. 3037 string name = 6; 3038} 3039 3040// Settings for blue-green upgrade. 3041message BlueGreenSettings { 3042 // Standard rollout policy is the default policy for blue-green. 3043 message StandardRolloutPolicy { 3044 // Blue pool size to drain in a batch. 3045 oneof update_batch_size { 3046 // Percentage of the blue pool nodes to drain in a batch. 3047 // The range of this field should be (0.0, 1.0]. 3048 float batch_percentage = 1; 3049 3050 // Number of blue nodes to drain in a batch. 3051 int32 batch_node_count = 2; 3052 } 3053 3054 // Soak time after each batch gets drained. Default to zero. 3055 optional google.protobuf.Duration batch_soak_duration = 3; 3056 } 3057 3058 // The rollout policy controls the general rollout progress of blue-green. 3059 oneof rollout_policy { 3060 // Standard policy for the blue-green upgrade. 3061 StandardRolloutPolicy standard_rollout_policy = 1; 3062 } 3063 3064 // Time needed after draining entire blue pool. After this period, blue pool 3065 // will be cleaned up. 3066 optional google.protobuf.Duration node_pool_soak_duration = 2; 3067} 3068 3069// NodePool contains the name and configuration for a cluster's node pool. 3070// Node pools are a set of nodes (i.e. VM's), with a common configuration and 3071// specification, under the control of the cluster master. They may have a set 3072// of Kubernetes labels applied to them, which may be used to reference them 3073// during pod scheduling. They may also be resized up or down, to accommodate 3074// the workload. 3075message NodePool { 3076 // These upgrade settings control the level of parallelism and the level of 3077 // disruption caused by an upgrade. 3078 // 3079 // maxUnavailable controls the number of nodes that can be simultaneously 3080 // unavailable. 3081 // 3082 // maxSurge controls the number of additional nodes that can be added to the 3083 // node pool temporarily for the time of the upgrade to increase the number of 3084 // available nodes. 3085 // 3086 // (maxUnavailable + maxSurge) determines the level of parallelism (how many 3087 // nodes are being upgraded at the same time). 3088 // 3089 // Note: upgrades inevitably introduce some disruption since workloads need to 3090 // be moved from old nodes to new, upgraded ones. Even if maxUnavailable=0, 3091 // this holds true. (Disruption stays within the limits of 3092 // PodDisruptionBudget, if it is configured.) 3093 // 3094 // Consider a hypothetical node pool with 5 nodes having maxSurge=2, 3095 // maxUnavailable=1. This means the upgrade process upgrades 3 nodes 3096 // simultaneously. It creates 2 additional (upgraded) nodes, then it brings 3097 // down 3 old (not yet upgraded) nodes at the same time. This ensures that 3098 // there are always at least 4 nodes available. 3099 // 3100 // These upgrade settings configure the upgrade strategy for the node pool. 3101 // Use strategy to switch between the strategies applied to the node pool. 3102 // 3103 // If the strategy is ROLLING, use max_surge and max_unavailable to control 3104 // the level of parallelism and the level of disruption caused by upgrade. 3105 // 1. maxSurge controls the number of additional nodes that can be added to 3106 // the node pool temporarily for the time of the upgrade to increase the 3107 // number of available nodes. 3108 // 2. maxUnavailable controls the number of nodes that can be simultaneously 3109 // unavailable. 3110 // 3. (maxUnavailable + maxSurge) determines the level of parallelism (how 3111 // many nodes are being upgraded at the same time). 3112 // 3113 // If the strategy is BLUE_GREEN, use blue_green_settings to configure the 3114 // blue-green upgrade related settings. 3115 // 1. standard_rollout_policy is the default policy. The policy is used to 3116 // control the way blue pool gets drained. The draining is executed in the 3117 // batch mode. The batch size could be specified as either percentage of the 3118 // node pool size or the number of nodes. batch_soak_duration is the soak 3119 // time after each batch gets drained. 3120 // 2. node_pool_soak_duration is the soak time after all blue nodes are 3121 // drained. After this period, the blue pool nodes will be deleted. 3122 message UpgradeSettings { 3123 // The maximum number of nodes that can be created beyond the current size 3124 // of the node pool during the upgrade process. 3125 int32 max_surge = 1; 3126 3127 // The maximum number of nodes that can be simultaneously unavailable during 3128 // the upgrade process. A node is considered available if its status is 3129 // Ready. 3130 int32 max_unavailable = 2; 3131 3132 // Update strategy of the node pool. 3133 optional NodePoolUpdateStrategy strategy = 3; 3134 3135 // Settings for blue-green upgrade strategy. 3136 optional BlueGreenSettings blue_green_settings = 4; 3137 } 3138 3139 // UpdateInfo contains resource (instance groups, etc), status and other 3140 // intermediate information relevant to a node pool upgrade. 3141 message UpdateInfo { 3142 // Information relevant to blue-green upgrade. 3143 message BlueGreenInfo { 3144 // Phase represents the different stages blue-green upgrade is running in. 3145 enum Phase { 3146 // Unspecified phase. 3147 PHASE_UNSPECIFIED = 0; 3148 3149 // blue-green upgrade has been initiated. 3150 UPDATE_STARTED = 1; 3151 3152 // Start creating green pool nodes. 3153 CREATING_GREEN_POOL = 2; 3154 3155 // Start cordoning blue pool nodes. 3156 CORDONING_BLUE_POOL = 3; 3157 3158 // Start draining blue pool nodes. 3159 DRAINING_BLUE_POOL = 4; 3160 3161 // Start soaking time after draining entire blue pool. 3162 NODE_POOL_SOAKING = 5; 3163 3164 // Start deleting blue nodes. 3165 DELETING_BLUE_POOL = 6; 3166 3167 // Rollback has been initiated. 3168 ROLLBACK_STARTED = 7; 3169 } 3170 3171 // Current blue-green upgrade phase. 3172 Phase phase = 1; 3173 3174 // The resource URLs of the [managed instance groups] 3175 // (/compute/docs/instance-groups/creating-groups-of-managed-instances) 3176 // associated with blue pool. 3177 repeated string blue_instance_group_urls = 2; 3178 3179 // The resource URLs of the [managed instance groups] 3180 // (/compute/docs/instance-groups/creating-groups-of-managed-instances) 3181 // associated with green pool. 3182 repeated string green_instance_group_urls = 3; 3183 3184 // Time to start deleting blue pool to complete blue-green upgrade, 3185 // in [RFC3339](https://www.ietf.org/rfc/rfc3339.txt) text format. 3186 string blue_pool_deletion_start_time = 4; 3187 3188 // Version of green pool. 3189 string green_pool_version = 5; 3190 } 3191 3192 // Information of a blue-green upgrade. 3193 BlueGreenInfo blue_green_info = 1; 3194 } 3195 3196 // The current status of the node pool instance. 3197 enum Status { 3198 // Not set. 3199 STATUS_UNSPECIFIED = 0; 3200 3201 // The PROVISIONING state indicates the node pool is being created. 3202 PROVISIONING = 1; 3203 3204 // The RUNNING state indicates the node pool has been created 3205 // and is fully usable. 3206 RUNNING = 2; 3207 3208 // The RUNNING_WITH_ERROR state indicates the node pool has been created 3209 // and is partially usable. Some error state has occurred and some 3210 // functionality may be impaired. Customer may need to reissue a request 3211 // or trigger a new update. 3212 RUNNING_WITH_ERROR = 3; 3213 3214 // The RECONCILING state indicates that some work is actively being done on 3215 // the node pool, such as upgrading node software. Details can 3216 // be found in the `statusMessage` field. 3217 RECONCILING = 4; 3218 3219 // The STOPPING state indicates the node pool is being deleted. 3220 STOPPING = 5; 3221 3222 // The ERROR state indicates the node pool may be unusable. Details 3223 // can be found in the `statusMessage` field. 3224 ERROR = 6; 3225 } 3226 3227 // PlacementPolicy defines the placement policy used by the node pool. 3228 message PlacementPolicy { 3229 // Type defines the type of placement policy. 3230 enum Type { 3231 // TYPE_UNSPECIFIED specifies no requirements on nodes 3232 // placement. 3233 TYPE_UNSPECIFIED = 0; 3234 3235 // COMPACT specifies node placement in the same availability domain to 3236 // ensure low communication latency. 3237 COMPACT = 1; 3238 } 3239 3240 // The type of placement. 3241 Type type = 1; 3242 } 3243 3244 // The name of the node pool. 3245 string name = 1; 3246 3247 // The node configuration of the pool. 3248 NodeConfig config = 2; 3249 3250 // The initial node count for the pool. You must ensure that your 3251 // Compute Engine [resource quota](https://cloud.google.com/compute/quotas) 3252 // is sufficient for this number of instances. You must also have available 3253 // firewall and routes quota. 3254 int32 initial_node_count = 3; 3255 3256 // The list of Google Compute Engine 3257 // [zones](https://cloud.google.com/compute/docs/zones#available) in which the 3258 // NodePool's nodes should be located. 3259 // 3260 // If this value is unspecified during node pool creation, the 3261 // [Cluster.Locations](https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1/projects.locations.clusters#Cluster.FIELDS.locations) 3262 // value will be used, instead. 3263 // 3264 // Warning: changing node pool locations will result in nodes being added 3265 // and/or removed. 3266 repeated string locations = 13; 3267 3268 // Networking configuration for this NodePool. If specified, it overrides the 3269 // cluster-level defaults. 3270 NodeNetworkConfig network_config = 14; 3271 3272 // [Output only] Server-defined URL for the resource. 3273 string self_link = 100; 3274 3275 // The version of Kubernetes running on this NodePool's nodes. If unspecified, 3276 // it defaults as described 3277 // [here](https://cloud.google.com/kubernetes-engine/versioning#specifying_node_version). 3278 string version = 101; 3279 3280 // [Output only] The resource URLs of the [managed instance 3281 // groups](https://cloud.google.com/compute/docs/instance-groups/creating-groups-of-managed-instances) 3282 // associated with this node pool. 3283 // During the node pool blue-green upgrade operation, the URLs contain both 3284 // blue and green resources. 3285 repeated string instance_group_urls = 102; 3286 3287 // [Output only] The status of the nodes in this pool instance. 3288 Status status = 103; 3289 3290 // [Output only] Deprecated. Use conditions instead. 3291 // Additional information about the current status of this 3292 // node pool instance, if available. 3293 string status_message = 104 [deprecated = true]; 3294 3295 // Autoscaler configuration for this NodePool. Autoscaler is enabled 3296 // only if a valid configuration is present. 3297 NodePoolAutoscaling autoscaling = 4; 3298 3299 // NodeManagement configuration for this NodePool. 3300 NodeManagement management = 5; 3301 3302 // The constraint on the maximum number of pods that can be run 3303 // simultaneously on a node in the node pool. 3304 MaxPodsConstraint max_pods_constraint = 6; 3305 3306 // Which conditions caused the current node pool state. 3307 repeated StatusCondition conditions = 105; 3308 3309 // [Output only] The pod CIDR block size per node in this node pool. 3310 int32 pod_ipv4_cidr_size = 7; 3311 3312 // Upgrade settings control disruption and speed of the upgrade. 3313 UpgradeSettings upgrade_settings = 107; 3314 3315 // Specifies the node placement policy. 3316 PlacementPolicy placement_policy = 108; 3317 3318 // Output only. [Output only] Update info contains relevant information during 3319 // a node pool update. 3320 UpdateInfo update_info = 109 [(google.api.field_behavior) = OUTPUT_ONLY]; 3321 3322 // This checksum is computed by the server based on the value of node pool 3323 // fields, and may be sent on update requests to ensure the client has an 3324 // up-to-date value before proceeding. 3325 string etag = 110; 3326} 3327 3328// NodeManagement defines the set of node management services turned on for the 3329// node pool. 3330message NodeManagement { 3331 // A flag that specifies whether node auto-upgrade is enabled for the node 3332 // pool. If enabled, node auto-upgrade helps keep the nodes in your node pool 3333 // up to date with the latest release version of Kubernetes. 3334 bool auto_upgrade = 1; 3335 3336 // A flag that specifies whether the node auto-repair is enabled for the node 3337 // pool. If enabled, the nodes in this node pool will be monitored and, if 3338 // they fail health checks too many times, an automatic repair action will be 3339 // triggered. 3340 bool auto_repair = 2; 3341 3342 // Specifies the Auto Upgrade knobs for the node pool. 3343 AutoUpgradeOptions upgrade_options = 10; 3344} 3345 3346// AutoUpgradeOptions defines the set of options for the user to control how 3347// the Auto Upgrades will proceed. 3348message AutoUpgradeOptions { 3349 // [Output only] This field is set when upgrades are about to commence 3350 // with the approximate start time for the upgrades, in 3351 // [RFC3339](https://www.ietf.org/rfc/rfc3339.txt) text format. 3352 string auto_upgrade_start_time = 1; 3353 3354 // [Output only] This field is set when upgrades are about to commence 3355 // with the description of the upgrade. 3356 string description = 2; 3357} 3358 3359// MaintenancePolicy defines the maintenance policy to be used for the cluster. 3360message MaintenancePolicy { 3361 // Specifies the maintenance window in which maintenance may be performed. 3362 MaintenanceWindow window = 1; 3363 3364 // A hash identifying the version of this policy, so that updates to fields of 3365 // the policy won't accidentally undo intermediate changes (and so that users 3366 // of the API unaware of some fields won't accidentally remove other fields). 3367 // Make a `get()` request to the cluster to get the current 3368 // resource version and include it with requests to set the policy. 3369 string resource_version = 3; 3370} 3371 3372// MaintenanceWindow defines the maintenance window to be used for the cluster. 3373message MaintenanceWindow { 3374 oneof policy { 3375 // DailyMaintenanceWindow specifies a daily maintenance operation window. 3376 DailyMaintenanceWindow daily_maintenance_window = 2; 3377 3378 // RecurringWindow specifies some number of recurring time periods for 3379 // maintenance to occur. The time windows may be overlapping. If no 3380 // maintenance windows are set, maintenance can occur at any time. 3381 RecurringTimeWindow recurring_window = 3; 3382 } 3383 3384 // Exceptions to maintenance window. Non-emergency maintenance should not 3385 // occur in these windows. 3386 map<string, TimeWindow> maintenance_exclusions = 4; 3387} 3388 3389// Represents an arbitrary window of time. 3390message TimeWindow { 3391 oneof options { 3392 // MaintenanceExclusionOptions provides maintenance exclusion related 3393 // options. 3394 MaintenanceExclusionOptions maintenance_exclusion_options = 3; 3395 } 3396 3397 // The time that the window first starts. 3398 google.protobuf.Timestamp start_time = 1; 3399 3400 // The time that the window ends. The end time should take place after the 3401 // start time. 3402 google.protobuf.Timestamp end_time = 2; 3403} 3404 3405// Represents the Maintenance exclusion option. 3406message MaintenanceExclusionOptions { 3407 // Scope of exclusion. 3408 enum Scope { 3409 // NO_UPGRADES excludes all upgrades, including patch upgrades and minor 3410 // upgrades across control planes and nodes. This is the default exclusion 3411 // behavior. 3412 NO_UPGRADES = 0; 3413 3414 // NO_MINOR_UPGRADES excludes all minor upgrades for the cluster, only 3415 // patches are allowed. 3416 NO_MINOR_UPGRADES = 1; 3417 3418 // NO_MINOR_OR_NODE_UPGRADES excludes all minor upgrades for the cluster, 3419 // and also exclude all node pool upgrades. Only control 3420 // plane patches are allowed. 3421 NO_MINOR_OR_NODE_UPGRADES = 2; 3422 } 3423 3424 // Scope specifies the upgrade scope which upgrades are blocked by the 3425 // exclusion. 3426 Scope scope = 1; 3427} 3428 3429// Represents an arbitrary window of time that recurs. 3430message RecurringTimeWindow { 3431 // The window of the first recurrence. 3432 TimeWindow window = 1; 3433 3434 // An RRULE (https://tools.ietf.org/html/rfc5545#section-3.8.5.3) for how 3435 // this window reccurs. They go on for the span of time between the start and 3436 // end time. 3437 // 3438 // For example, to have something repeat every weekday, you'd use: 3439 // `FREQ=WEEKLY;BYDAY=MO,TU,WE,TH,FR` 3440 // 3441 // To repeat some window daily (equivalent to the DailyMaintenanceWindow): 3442 // `FREQ=DAILY` 3443 // 3444 // For the first weekend of every month: 3445 // `FREQ=MONTHLY;BYSETPOS=1;BYDAY=SA,SU` 3446 // 3447 // This specifies how frequently the window starts. Eg, if you wanted to have 3448 // a 9-5 UTC-4 window every weekday, you'd use something like: 3449 // ``` 3450 // start time = 2019-01-01T09:00:00-0400 3451 // end time = 2019-01-01T17:00:00-0400 3452 // recurrence = FREQ=WEEKLY;BYDAY=MO,TU,WE,TH,FR 3453 // ``` 3454 // 3455 // Windows can span multiple days. Eg, to make the window encompass every 3456 // weekend from midnight Saturday till the last minute of Sunday UTC: 3457 // ``` 3458 // start time = 2019-01-05T00:00:00Z 3459 // end time = 2019-01-07T23:59:00Z 3460 // recurrence = FREQ=WEEKLY;BYDAY=SA 3461 // ``` 3462 // 3463 // Note the start and end time's specific dates are largely arbitrary except 3464 // to specify duration of the window and when it first starts. 3465 // The FREQ values of HOURLY, MINUTELY, and SECONDLY are not supported. 3466 string recurrence = 2; 3467} 3468 3469// Time window specified for daily maintenance operations. 3470message DailyMaintenanceWindow { 3471 // Time within the maintenance window to start the maintenance operations. 3472 // Time format should be in [RFC3339](https://www.ietf.org/rfc/rfc3339.txt) 3473 // format "HH:MM", where HH : [00-23] and MM : [00-59] GMT. 3474 string start_time = 2; 3475 3476 // [Output only] Duration of the time window, automatically chosen to be 3477 // smallest possible in the given scenario. 3478 // Duration will be in [RFC3339](https://www.ietf.org/rfc/rfc3339.txt) 3479 // format "PTnHnMnS". 3480 string duration = 3; 3481} 3482 3483// SetNodePoolManagementRequest sets the node management properties of a node 3484// pool. 3485message SetNodePoolManagementRequest { 3486 // Deprecated. The Google Developers Console [project ID or project 3487 // number](https://cloud.google.com/resource-manager/docs/creating-managing-projects). 3488 // This field has been deprecated and replaced by the name field. 3489 string project_id = 1 [deprecated = true]; 3490 3491 // Deprecated. The name of the Google Compute Engine 3492 // [zone](https://cloud.google.com/compute/docs/zones#available) in which the 3493 // cluster resides. This field has been deprecated and replaced by the name 3494 // field. 3495 string zone = 2 [deprecated = true]; 3496 3497 // Deprecated. The name of the cluster to update. 3498 // This field has been deprecated and replaced by the name field. 3499 string cluster_id = 3 [deprecated = true]; 3500 3501 // Deprecated. The name of the node pool to update. 3502 // This field has been deprecated and replaced by the name field. 3503 string node_pool_id = 4 [deprecated = true]; 3504 3505 // Required. NodeManagement configuration for the node pool. 3506 NodeManagement management = 5 [(google.api.field_behavior) = REQUIRED]; 3507 3508 // The name (project, location, cluster, node pool id) of the node pool to set 3509 // management properties. Specified in the format 3510 // `projects/*/locations/*/clusters/*/nodePools/*`. 3511 string name = 7; 3512} 3513 3514// SetNodePoolSizeRequest sets the size of a node pool. 3515message SetNodePoolSizeRequest { 3516 // Deprecated. The Google Developers Console [project ID or project 3517 // number](https://cloud.google.com/resource-manager/docs/creating-managing-projects). 3518 // This field has been deprecated and replaced by the name field. 3519 string project_id = 1 [deprecated = true]; 3520 3521 // Deprecated. The name of the Google Compute Engine 3522 // [zone](https://cloud.google.com/compute/docs/zones#available) in which the 3523 // cluster resides. This field has been deprecated and replaced by the name 3524 // field. 3525 string zone = 2 [deprecated = true]; 3526 3527 // Deprecated. The name of the cluster to update. 3528 // This field has been deprecated and replaced by the name field. 3529 string cluster_id = 3 [deprecated = true]; 3530 3531 // Deprecated. The name of the node pool to update. 3532 // This field has been deprecated and replaced by the name field. 3533 string node_pool_id = 4 [deprecated = true]; 3534 3535 // Required. The desired node count for the pool. 3536 int32 node_count = 5 [(google.api.field_behavior) = REQUIRED]; 3537 3538 // The name (project, location, cluster, node pool id) of the node pool to set 3539 // size. 3540 // Specified in the format `projects/*/locations/*/clusters/*/nodePools/*`. 3541 string name = 7; 3542} 3543 3544// CompleteNodePoolUpgradeRequest sets the name of target node pool to complete 3545// upgrade. 3546message CompleteNodePoolUpgradeRequest { 3547 // The name (project, location, cluster, node pool id) of the node pool to 3548 // complete upgrade. 3549 // Specified in the format `projects/*/locations/*/clusters/*/nodePools/*`. 3550 string name = 1; 3551} 3552 3553// RollbackNodePoolUpgradeRequest rollbacks the previously Aborted or Failed 3554// NodePool upgrade. This will be an no-op if the last upgrade successfully 3555// completed. 3556message RollbackNodePoolUpgradeRequest { 3557 // Deprecated. The Google Developers Console [project ID or project 3558 // number](https://cloud.google.com/resource-manager/docs/creating-managing-projects). 3559 // This field has been deprecated and replaced by the name field. 3560 string project_id = 1 [deprecated = true]; 3561 3562 // Deprecated. The name of the Google Compute Engine 3563 // [zone](https://cloud.google.com/compute/docs/zones#available) in which the 3564 // cluster resides. This field has been deprecated and replaced by the name 3565 // field. 3566 string zone = 2 [deprecated = true]; 3567 3568 // Deprecated. The name of the cluster to rollback. 3569 // This field has been deprecated and replaced by the name field. 3570 string cluster_id = 3 [deprecated = true]; 3571 3572 // Deprecated. The name of the node pool to rollback. 3573 // This field has been deprecated and replaced by the name field. 3574 string node_pool_id = 4 [deprecated = true]; 3575 3576 // The name (project, location, cluster, node pool id) of the node poll to 3577 // rollback upgrade. 3578 // Specified in the format `projects/*/locations/*/clusters/*/nodePools/*`. 3579 string name = 6; 3580 3581 // Option for rollback to ignore the PodDisruptionBudget. 3582 // Default value is false. 3583 bool respect_pdb = 7; 3584} 3585 3586// ListNodePoolsResponse is the result of ListNodePoolsRequest. 3587message ListNodePoolsResponse { 3588 // A list of node pools for a cluster. 3589 repeated NodePool node_pools = 1; 3590} 3591 3592// ClusterAutoscaling contains global, per-cluster information 3593// required by Cluster Autoscaler to automatically adjust 3594// the size of the cluster and create/delete 3595// node pools based on the current needs. 3596message ClusterAutoscaling { 3597 // Defines possible options for autoscaling_profile field. 3598 enum AutoscalingProfile { 3599 // No change to autoscaling configuration. 3600 PROFILE_UNSPECIFIED = 0; 3601 3602 // Prioritize optimizing utilization of resources. 3603 OPTIMIZE_UTILIZATION = 1; 3604 3605 // Use default (balanced) autoscaling configuration. 3606 BALANCED = 2; 3607 } 3608 3609 // Enables automatic node pool creation and deletion. 3610 bool enable_node_autoprovisioning = 1; 3611 3612 // Contains global constraints regarding minimum and maximum 3613 // amount of resources in the cluster. 3614 repeated ResourceLimit resource_limits = 2; 3615 3616 // Defines autoscaling behaviour. 3617 AutoscalingProfile autoscaling_profile = 3; 3618 3619 // AutoprovisioningNodePoolDefaults contains defaults for a node pool 3620 // created by NAP. 3621 AutoprovisioningNodePoolDefaults autoprovisioning_node_pool_defaults = 4; 3622 3623 // The list of Google Compute Engine 3624 // [zones](https://cloud.google.com/compute/docs/zones#available) in which the 3625 // NodePool's nodes can be created by NAP. 3626 repeated string autoprovisioning_locations = 5; 3627} 3628 3629// AutoprovisioningNodePoolDefaults contains defaults for a node pool created 3630// by NAP. 3631message AutoprovisioningNodePoolDefaults { 3632 // Scopes that are used by NAP when creating node pools. 3633 repeated string oauth_scopes = 1; 3634 3635 // The Google Cloud Platform Service Account to be used by the node VMs. 3636 string service_account = 2; 3637 3638 // Specifies the upgrade settings for NAP created node pools 3639 NodePool.UpgradeSettings upgrade_settings = 3; 3640 3641 // Specifies the node management options for NAP created node-pools. 3642 NodeManagement management = 4; 3643 3644 // Deprecated. Minimum CPU platform to be used for NAP created node pools. 3645 // The instance may be scheduled on the specified or newer CPU platform. 3646 // Applicable values are the friendly names of CPU platforms, such as 3647 // minCpuPlatform: Intel Haswell or 3648 // minCpuPlatform: Intel Sandy Bridge. For more 3649 // information, read [how to specify min CPU 3650 // platform](https://cloud.google.com/compute/docs/instances/specify-min-cpu-platform). 3651 // This field is deprecated, min_cpu_platform should be specified using 3652 // `cloud.google.com/requested-min-cpu-platform` label selector on the pod. 3653 // To unset the min cpu platform field pass "automatic" 3654 // as field value. 3655 string min_cpu_platform = 5 [deprecated = true]; 3656 3657 // Size of the disk attached to each node, specified in GB. 3658 // The smallest allowed disk size is 10GB. 3659 // 3660 // If unspecified, the default disk size is 100GB. 3661 int32 disk_size_gb = 6; 3662 3663 // Type of the disk attached to each node (e.g. 'pd-standard', 'pd-ssd' or 3664 // 'pd-balanced') 3665 // 3666 // If unspecified, the default disk type is 'pd-standard' 3667 string disk_type = 7; 3668 3669 // Shielded Instance options. 3670 ShieldedInstanceConfig shielded_instance_config = 8; 3671 3672 // The Customer Managed Encryption Key used to encrypt the boot disk attached 3673 // to each node in the node pool. This should be of the form 3674 // projects/[KEY_PROJECT_ID]/locations/[LOCATION]/keyRings/[RING_NAME]/cryptoKeys/[KEY_NAME]. 3675 // For more information about protecting resources with Cloud KMS Keys please 3676 // see: 3677 // https://cloud.google.com/compute/docs/disks/customer-managed-encryption 3678 string boot_disk_kms_key = 9; 3679 3680 // The image type to use for NAP created node. Please see 3681 // https://cloud.google.com/kubernetes-engine/docs/concepts/node-images for 3682 // available image types. 3683 string image_type = 10; 3684} 3685 3686// Contains information about amount of some resource in the cluster. 3687// For memory, value should be in GB. 3688message ResourceLimit { 3689 // Resource name "cpu", "memory" or gpu-specific string. 3690 string resource_type = 1; 3691 3692 // Minimum amount of the resource in the cluster. 3693 int64 minimum = 2; 3694 3695 // Maximum amount of the resource in the cluster. 3696 int64 maximum = 3; 3697} 3698 3699// NodePoolAutoscaling contains information required by cluster autoscaler to 3700// adjust the size of the node pool to the current cluster usage. 3701message NodePoolAutoscaling { 3702 // Location policy specifies how zones are picked when scaling up the 3703 // nodepool. 3704 enum LocationPolicy { 3705 // Not set. 3706 LOCATION_POLICY_UNSPECIFIED = 0; 3707 3708 // BALANCED is a best effort policy that aims to balance the sizes of 3709 // different zones. 3710 BALANCED = 1; 3711 3712 // ANY policy picks zones that have the highest capacity available. 3713 ANY = 2; 3714 } 3715 3716 // Is autoscaling enabled for this node pool. 3717 bool enabled = 1; 3718 3719 // Minimum number of nodes for one location in the NodePool. Must be >= 1 and 3720 // <= max_node_count. 3721 int32 min_node_count = 2; 3722 3723 // Maximum number of nodes for one location in the NodePool. Must be >= 3724 // min_node_count. There has to be enough quota to scale up the cluster. 3725 int32 max_node_count = 3; 3726 3727 // Can this node pool be deleted automatically. 3728 bool autoprovisioned = 4; 3729 3730 // Location policy used when scaling up a nodepool. 3731 LocationPolicy location_policy = 5; 3732 3733 // Minimum number of nodes in the node pool. Must be greater than 1 less than 3734 // total_max_node_count. 3735 // The total_*_node_count fields are mutually exclusive with the *_node_count 3736 // fields. 3737 int32 total_min_node_count = 6; 3738 3739 // Maximum number of nodes in the node pool. Must be greater than 3740 // total_min_node_count. There has to be enough quota to scale up the cluster. 3741 // The total_*_node_count fields are mutually exclusive with the *_node_count 3742 // fields. 3743 int32 total_max_node_count = 7; 3744} 3745 3746// SetLabelsRequest sets the Google Cloud Platform labels on a Google Container 3747// Engine cluster, which will in turn set them for Google Compute Engine 3748// resources used by that cluster 3749message SetLabelsRequest { 3750 // Deprecated. The Google Developers Console [project ID or project 3751 // number](https://cloud.google.com/resource-manager/docs/creating-managing-projects). 3752 // This field has been deprecated and replaced by the name field. 3753 string project_id = 1 [deprecated = true]; 3754 3755 // Deprecated. The name of the Google Compute Engine 3756 // [zone](https://cloud.google.com/compute/docs/zones#available) in which the 3757 // cluster resides. This field has been deprecated and replaced by the name 3758 // field. 3759 string zone = 2 [deprecated = true]; 3760 3761 // Deprecated. The name of the cluster. 3762 // This field has been deprecated and replaced by the name field. 3763 string cluster_id = 3 [deprecated = true]; 3764 3765 // Required. The labels to set for that cluster. 3766 map<string, string> resource_labels = 4 3767 [(google.api.field_behavior) = REQUIRED]; 3768 3769 // Required. The fingerprint of the previous set of labels for this resource, 3770 // used to detect conflicts. The fingerprint is initially generated by 3771 // Kubernetes Engine and changes after every request to modify or update 3772 // labels. You must always provide an up-to-date fingerprint hash when 3773 // updating or changing labels. Make a `get()` request to the 3774 // resource to get the latest fingerprint. 3775 string label_fingerprint = 5 [(google.api.field_behavior) = REQUIRED]; 3776 3777 // The name (project, location, cluster name) of the cluster to set labels. 3778 // Specified in the format `projects/*/locations/*/clusters/*`. 3779 string name = 7; 3780} 3781 3782// SetLegacyAbacRequest enables or disables the ABAC authorization mechanism for 3783// a cluster. 3784message SetLegacyAbacRequest { 3785 // Deprecated. The Google Developers Console [project ID or project 3786 // number](https://cloud.google.com/resource-manager/docs/creating-managing-projects). 3787 // This field has been deprecated and replaced by the name field. 3788 string project_id = 1 [deprecated = true]; 3789 3790 // Deprecated. The name of the Google Compute Engine 3791 // [zone](https://cloud.google.com/compute/docs/zones#available) in which the 3792 // cluster resides. This field has been deprecated and replaced by the name 3793 // field. 3794 string zone = 2 [deprecated = true]; 3795 3796 // Deprecated. The name of the cluster to update. 3797 // This field has been deprecated and replaced by the name field. 3798 string cluster_id = 3 [deprecated = true]; 3799 3800 // Required. Whether ABAC authorization will be enabled in the cluster. 3801 bool enabled = 4 [(google.api.field_behavior) = REQUIRED]; 3802 3803 // The name (project, location, cluster name) of the cluster to set legacy 3804 // abac. Specified in the format `projects/*/locations/*/clusters/*`. 3805 string name = 6; 3806} 3807 3808// StartIPRotationRequest creates a new IP for the cluster and then performs 3809// a node upgrade on each node pool to point to the new IP. 3810message StartIPRotationRequest { 3811 // Deprecated. The Google Developers Console [project ID or project 3812 // number](https://cloud.google.com/resource-manager/docs/creating-managing-projects). 3813 // This field has been deprecated and replaced by the name field. 3814 string project_id = 1 [deprecated = true]; 3815 3816 // Deprecated. The name of the Google Compute Engine 3817 // [zone](https://cloud.google.com/compute/docs/zones#available) in which the 3818 // cluster resides. This field has been deprecated and replaced by the name 3819 // field. 3820 string zone = 2 [deprecated = true]; 3821 3822 // Deprecated. The name of the cluster. 3823 // This field has been deprecated and replaced by the name field. 3824 string cluster_id = 3 [deprecated = true]; 3825 3826 // The name (project, location, cluster name) of the cluster to start IP 3827 // rotation. Specified in the format `projects/*/locations/*/clusters/*`. 3828 string name = 6; 3829 3830 // Whether to rotate credentials during IP rotation. 3831 bool rotate_credentials = 7; 3832} 3833 3834// CompleteIPRotationRequest moves the cluster master back into single-IP mode. 3835message CompleteIPRotationRequest { 3836 // Deprecated. The Google Developers Console [project ID or project 3837 // number](https://cloud.google.com/resource-manager/docs/creating-managing-projects). 3838 // This field has been deprecated and replaced by the name field. 3839 string project_id = 1 [deprecated = true]; 3840 3841 // Deprecated. The name of the Google Compute Engine 3842 // [zone](https://cloud.google.com/compute/docs/zones#available) in which the 3843 // cluster resides. This field has been deprecated and replaced by the name 3844 // field. 3845 string zone = 2 [deprecated = true]; 3846 3847 // Deprecated. The name of the cluster. 3848 // This field has been deprecated and replaced by the name field. 3849 string cluster_id = 3 [deprecated = true]; 3850 3851 // The name (project, location, cluster name) of the cluster to complete IP 3852 // rotation. Specified in the format `projects/*/locations/*/clusters/*`. 3853 string name = 7; 3854} 3855 3856// AcceleratorConfig represents a Hardware Accelerator request. 3857message AcceleratorConfig { 3858 // The number of the accelerator cards exposed to an instance. 3859 int64 accelerator_count = 1; 3860 3861 // The accelerator type resource name. List of supported accelerators 3862 // [here](https://cloud.google.com/compute/docs/gpus) 3863 string accelerator_type = 2; 3864 3865 // Size of partitions to create on the GPU. Valid values are described in the 3866 // NVIDIA [mig user 3867 // guide](https://docs.nvidia.com/datacenter/tesla/mig-user-guide/#partitioning). 3868 string gpu_partition_size = 3; 3869 3870 // The configuration for GPU sharing options. 3871 optional GPUSharingConfig gpu_sharing_config = 5; 3872} 3873 3874// GPUSharingConfig represents the GPU sharing configuration for Hardware 3875// Accelerators. 3876message GPUSharingConfig { 3877 // The type of GPU sharing strategy currently provided. 3878 enum GPUSharingStrategy { 3879 // Default value. 3880 GPU_SHARING_STRATEGY_UNSPECIFIED = 0; 3881 3882 // GPUs are time-shared between containers. 3883 TIME_SHARING = 1; 3884 } 3885 3886 // The max number of containers that can share a physical GPU. 3887 int64 max_shared_clients_per_gpu = 1; 3888 3889 // The type of GPU sharing strategy to enable on the GPU node. 3890 optional GPUSharingStrategy gpu_sharing_strategy = 2; 3891} 3892 3893// WorkloadMetadataConfig defines the metadata configuration to expose to 3894// workloads on the node pool. 3895message WorkloadMetadataConfig { 3896 // Mode is the configuration for how to expose metadata to workloads running 3897 // on the node. 3898 enum Mode { 3899 // Not set. 3900 MODE_UNSPECIFIED = 0; 3901 3902 // Expose all Compute Engine metadata to pods. 3903 GCE_METADATA = 1; 3904 3905 // Run the GKE Metadata Server on this node. The GKE Metadata Server exposes 3906 // a metadata API to workloads that is compatible with the V1 Compute 3907 // Metadata APIs exposed by the Compute Engine and App Engine Metadata 3908 // Servers. This feature can only be enabled if Workload Identity is enabled 3909 // at the cluster level. 3910 GKE_METADATA = 2; 3911 } 3912 3913 // Mode is the configuration for how to expose metadata to workloads running 3914 // on the node pool. 3915 Mode mode = 2; 3916} 3917 3918// SetNetworkPolicyRequest enables/disables network policy for a cluster. 3919message SetNetworkPolicyRequest { 3920 // Deprecated. The Google Developers Console [project ID or project 3921 // number](https://cloud.google.com/resource-manager/docs/creating-managing-projects). 3922 // This field has been deprecated and replaced by the name field. 3923 string project_id = 1 [deprecated = true]; 3924 3925 // Deprecated. The name of the Google Compute Engine 3926 // [zone](https://cloud.google.com/compute/docs/zones#available) in which the 3927 // cluster resides. This field has been deprecated and replaced by the name 3928 // field. 3929 string zone = 2 [deprecated = true]; 3930 3931 // Deprecated. The name of the cluster. 3932 // This field has been deprecated and replaced by the name field. 3933 string cluster_id = 3 [deprecated = true]; 3934 3935 // Required. Configuration options for the NetworkPolicy feature. 3936 NetworkPolicy network_policy = 4 [(google.api.field_behavior) = REQUIRED]; 3937 3938 // The name (project, location, cluster name) of the cluster to set networking 3939 // policy. Specified in the format `projects/*/locations/*/clusters/*`. 3940 string name = 6; 3941} 3942 3943// SetMaintenancePolicyRequest sets the maintenance policy for a cluster. 3944message SetMaintenancePolicyRequest { 3945 // Required. The Google Developers Console [project ID or project 3946 // number](https://cloud.google.com/resource-manager/docs/creating-managing-projects). 3947 string project_id = 1 [(google.api.field_behavior) = REQUIRED]; 3948 3949 // Required. The name of the Google Compute Engine 3950 // [zone](https://cloud.google.com/compute/docs/zones#available) in which the 3951 // cluster resides. 3952 string zone = 2 [(google.api.field_behavior) = REQUIRED]; 3953 3954 // Required. The name of the cluster to update. 3955 string cluster_id = 3 [(google.api.field_behavior) = REQUIRED]; 3956 3957 // Required. The maintenance policy to be set for the cluster. An empty field 3958 // clears the existing maintenance policy. 3959 MaintenancePolicy maintenance_policy = 4 3960 [(google.api.field_behavior) = REQUIRED]; 3961 3962 // The name (project, location, cluster name) of the cluster to set 3963 // maintenance policy. 3964 // Specified in the format `projects/*/locations/*/clusters/*`. 3965 string name = 5; 3966} 3967 3968// StatusCondition describes why a cluster or a node pool has a certain status 3969// (e.g., ERROR or DEGRADED). 3970message StatusCondition { 3971 // Code for each condition 3972 enum Code { 3973 // UNKNOWN indicates a generic condition. 3974 UNKNOWN = 0; 3975 3976 // GCE_STOCKOUT indicates that Google Compute Engine resources are 3977 // temporarily unavailable. 3978 GCE_STOCKOUT = 1; 3979 3980 // GKE_SERVICE_ACCOUNT_DELETED indicates that the user deleted their robot 3981 // service account. 3982 GKE_SERVICE_ACCOUNT_DELETED = 2; 3983 3984 // Google Compute Engine quota was exceeded. 3985 GCE_QUOTA_EXCEEDED = 3; 3986 3987 // Cluster state was manually changed by an SRE due to a system logic error. 3988 SET_BY_OPERATOR = 4; 3989 3990 // Unable to perform an encrypt operation against the CloudKMS key used for 3991 // etcd level encryption. 3992 CLOUD_KMS_KEY_ERROR = 7; 3993 3994 // Cluster CA is expiring soon. 3995 CA_EXPIRING = 9; 3996 } 3997 3998 // Machine-friendly representation of the condition 3999 // Deprecated. Use canonical_code instead. 4000 Code code = 1 [deprecated = true]; 4001 4002 // Human-friendly representation of the condition 4003 string message = 2; 4004 4005 // Canonical code of the condition. 4006 google.rpc.Code canonical_code = 3; 4007} 4008 4009// NetworkConfig reports the relative names of network & subnetwork. 4010message NetworkConfig { 4011 // Output only. The relative name of the Google Compute Engine 4012 // [network][google.container.v1.NetworkConfig.network](https://cloud.google.com/compute/docs/networks-and-firewalls#networks) 4013 // to which the cluster is connected. Example: 4014 // projects/my-project/global/networks/my-network 4015 string network = 1; 4016 4017 // Output only. The relative name of the Google Compute Engine 4018 // [subnetwork](https://cloud.google.com/compute/docs/vpc) to which the 4019 // cluster is connected. Example: 4020 // projects/my-project/regions/us-central1/subnetworks/my-subnet 4021 string subnetwork = 2; 4022 4023 // Whether Intra-node visibility is enabled for this cluster. 4024 // This makes same node pod to pod traffic visible for VPC network. 4025 bool enable_intra_node_visibility = 5; 4026 4027 // Whether the cluster disables default in-node sNAT rules. In-node sNAT rules 4028 // will be disabled when default_snat_status is disabled. When disabled is set 4029 // to false, default IP masquerade rules will be applied to the nodes to 4030 // prevent sNAT on cluster internal traffic. 4031 DefaultSnatStatus default_snat_status = 7; 4032 4033 // Whether L4ILB Subsetting is enabled for this cluster. 4034 bool enable_l4ilb_subsetting = 10; 4035 4036 // The desired datapath provider for this cluster. By default, uses the 4037 // IPTables-based kube-proxy implementation. 4038 DatapathProvider datapath_provider = 11; 4039 4040 // The desired state of IPv6 connectivity to Google Services. 4041 // By default, no private IPv6 access to or from Google Services (all access 4042 // will be via IPv4) 4043 PrivateIPv6GoogleAccess private_ipv6_google_access = 12; 4044 4045 // DNSConfig contains clusterDNS config for this cluster. 4046 DNSConfig dns_config = 13; 4047 4048 // ServiceExternalIPsConfig specifies if services with externalIPs field are 4049 // blocked or not. 4050 ServiceExternalIPsConfig service_external_ips_config = 15; 4051 4052 // GatewayAPIConfig contains the desired config of Gateway API on this 4053 // cluster. 4054 GatewayAPIConfig gateway_api_config = 16; 4055} 4056 4057// GatewayAPIConfig contains the desired config of Gateway API on this cluster. 4058message GatewayAPIConfig { 4059 // Channel describes if/how Gateway API should be installed and implemented in 4060 // a cluster. 4061 enum Channel { 4062 // Default value. 4063 CHANNEL_UNSPECIFIED = 0; 4064 4065 // Gateway API support is disabled 4066 CHANNEL_DISABLED = 1; 4067 4068 // Gateway API support is enabled, experimental CRDs are installed 4069 CHANNEL_EXPERIMENTAL = 3; 4070 4071 // Gateway API support is enabled, standard CRDs are installed 4072 CHANNEL_STANDARD = 4; 4073 } 4074 4075 // The Gateway API release channel to use for Gateway API. 4076 Channel channel = 1; 4077} 4078 4079// Config to block services with externalIPs field. 4080message ServiceExternalIPsConfig { 4081 // Whether Services with ExternalIPs field are allowed or not. 4082 bool enabled = 1; 4083} 4084 4085// GetOpenIDConfigRequest gets the OIDC discovery document for the 4086// cluster. See the OpenID Connect Discovery 1.0 specification for details. 4087message GetOpenIDConfigRequest { 4088 // The cluster (project, location, cluster name) to get the discovery document 4089 // for. Specified in the format `projects/*/locations/*/clusters/*`. 4090 string parent = 1; 4091} 4092 4093// GetOpenIDConfigResponse is an OIDC discovery document for the cluster. 4094// See the OpenID Connect Discovery 1.0 specification for details. 4095message GetOpenIDConfigResponse { 4096 // OIDC Issuer. 4097 string issuer = 1; 4098 4099 // JSON Web Key uri. 4100 string jwks_uri = 2; 4101 4102 // Supported response types. 4103 repeated string response_types_supported = 3; 4104 4105 // Supported subject types. 4106 repeated string subject_types_supported = 4; 4107 4108 // supported ID Token signing Algorithms. 4109 repeated string id_token_signing_alg_values_supported = 5; 4110 4111 // Supported claims. 4112 repeated string claims_supported = 6; 4113 4114 // Supported grant types. 4115 repeated string grant_types = 7; 4116} 4117 4118// GetJSONWebKeysRequest gets the public component of the keys used by the 4119// cluster to sign token requests. This will be the jwks_uri for the discover 4120// document returned by getOpenIDConfig. See the OpenID Connect 4121// Discovery 1.0 specification for details. 4122message GetJSONWebKeysRequest { 4123 // The cluster (project, location, cluster name) to get keys for. Specified in 4124 // the format `projects/*/locations/*/clusters/*`. 4125 string parent = 1; 4126} 4127 4128// Jwk is a JSON Web Key as specified in RFC 7517 4129message Jwk { 4130 // Key Type. 4131 string kty = 1; 4132 4133 // Algorithm. 4134 string alg = 2; 4135 4136 // Permitted uses for the public keys. 4137 string use = 3; 4138 4139 // Key ID. 4140 string kid = 4; 4141 4142 // Used for RSA keys. 4143 string n = 5; 4144 4145 // Used for RSA keys. 4146 string e = 6; 4147 4148 // Used for ECDSA keys. 4149 string x = 7; 4150 4151 // Used for ECDSA keys. 4152 string y = 8; 4153 4154 // Used for ECDSA keys. 4155 string crv = 9; 4156} 4157 4158// GetJSONWebKeysResponse is a valid JSON Web Key Set as specififed in rfc 7517 4159message GetJSONWebKeysResponse { 4160 // The public component of the keys used by the cluster to sign token 4161 // requests. 4162 repeated Jwk keys = 1; 4163} 4164 4165// ReleaseChannel indicates which release channel a cluster is 4166// subscribed to. Release channels are arranged in order of risk. 4167// 4168// When a cluster is subscribed to a release channel, Google maintains 4169// both the master version and the node version. Node auto-upgrade 4170// defaults to true and cannot be disabled. 4171message ReleaseChannel { 4172 // Possible values for 'channel'. 4173 enum Channel { 4174 // No channel specified. 4175 UNSPECIFIED = 0; 4176 4177 // RAPID channel is offered on an early access basis for customers who want 4178 // to test new releases. 4179 // 4180 // WARNING: Versions available in the RAPID Channel may be subject to 4181 // unresolved issues with no known workaround and are not subject to any 4182 // SLAs. 4183 RAPID = 1; 4184 4185 // Clusters subscribed to REGULAR receive versions that are considered GA 4186 // quality. REGULAR is intended for production users who want to take 4187 // advantage of new features. 4188 REGULAR = 2; 4189 4190 // Clusters subscribed to STABLE receive versions that are known to be 4191 // stable and reliable in production. 4192 STABLE = 3; 4193 } 4194 4195 // channel specifies which release channel the cluster is subscribed to. 4196 Channel channel = 1; 4197} 4198 4199// Configuration for fine-grained cost management feature. 4200message CostManagementConfig { 4201 // Whether the feature is enabled or not. 4202 bool enabled = 1; 4203} 4204 4205// IntraNodeVisibilityConfig contains the desired config of the intra-node 4206// visibility on this cluster. 4207message IntraNodeVisibilityConfig { 4208 // Enables intra node visibility for this cluster. 4209 bool enabled = 1; 4210} 4211 4212// ILBSubsettingConfig contains the desired config of L4 Internal LoadBalancer 4213// subsetting on this cluster. 4214message ILBSubsettingConfig { 4215 // Enables l4 ILB subsetting for this cluster. 4216 bool enabled = 1; 4217} 4218 4219// DNSConfig contains the desired set of options for configuring clusterDNS. 4220message DNSConfig { 4221 // Provider lists the various in-cluster DNS providers. 4222 enum Provider { 4223 // Default value 4224 PROVIDER_UNSPECIFIED = 0; 4225 4226 // Use GKE default DNS provider(kube-dns) for DNS resolution. 4227 PLATFORM_DEFAULT = 1; 4228 4229 // Use CloudDNS for DNS resolution. 4230 CLOUD_DNS = 2; 4231 } 4232 4233 // DNSScope lists the various scopes of access to cluster DNS records. 4234 enum DNSScope { 4235 // Default value, will be inferred as cluster scope. 4236 DNS_SCOPE_UNSPECIFIED = 0; 4237 4238 // DNS records are accessible from within the cluster. 4239 CLUSTER_SCOPE = 1; 4240 4241 // DNS records are accessible from within the VPC. 4242 VPC_SCOPE = 2; 4243 } 4244 4245 // cluster_dns indicates which in-cluster DNS provider should be used. 4246 Provider cluster_dns = 1; 4247 4248 // cluster_dns_scope indicates the scope of access to cluster DNS records. 4249 DNSScope cluster_dns_scope = 2; 4250 4251 // cluster_dns_domain is the suffix used for all cluster service records. 4252 string cluster_dns_domain = 3; 4253} 4254 4255// Constraints applied to pods. 4256message MaxPodsConstraint { 4257 // Constraint enforced on the max num of pods per node. 4258 int64 max_pods_per_node = 1; 4259} 4260 4261// Configuration for the use of Kubernetes Service Accounts in GCP IAM 4262// policies. 4263message WorkloadIdentityConfig { 4264 // The workload pool to attach all Kubernetes service accounts to. 4265 string workload_pool = 2; 4266} 4267 4268// IdentityServiceConfig is configuration for Identity Service which allows 4269// customers to use external identity providers with the K8S API 4270message IdentityServiceConfig { 4271 // Whether to enable the Identity Service component 4272 bool enabled = 1; 4273} 4274 4275// Configuration for issuance of mTLS keys and certificates to Kubernetes pods. 4276message MeshCertificates { 4277 // enable_certificates controls issuance of workload mTLS certificates. 4278 // 4279 // If set, the GKE Workload Identity Certificates controller and node agent 4280 // will be deployed in the cluster, which can then be configured by creating a 4281 // WorkloadCertificateConfig Custom Resource. 4282 // 4283 // Requires Workload Identity 4284 // ([workload_pool][google.container.v1.WorkloadIdentityConfig.workload_pool] 4285 // must be non-empty). 4286 google.protobuf.BoolValue enable_certificates = 1; 4287} 4288 4289// Configuration of etcd encryption. 4290message DatabaseEncryption { 4291 // State of etcd encryption. 4292 enum State { 4293 // Should never be set 4294 UNKNOWN = 0; 4295 4296 // Secrets in etcd are encrypted. 4297 ENCRYPTED = 1; 4298 4299 // Secrets in etcd are stored in plain text (at etcd level) - this is 4300 // unrelated to Compute Engine level full disk encryption. 4301 DECRYPTED = 2; 4302 } 4303 4304 // Name of CloudKMS key to use for the encryption of secrets in etcd. 4305 // Ex. projects/my-project/locations/global/keyRings/my-ring/cryptoKeys/my-key 4306 string key_name = 1; 4307 4308 // The desired state of etcd encryption. 4309 State state = 2; 4310} 4311 4312// ListUsableSubnetworksRequest requests the list of usable subnetworks 4313// available to a user for creating clusters. 4314message ListUsableSubnetworksRequest { 4315 // The parent project where subnetworks are usable. 4316 // Specified in the format `projects/*`. 4317 string parent = 1; 4318 4319 // Filtering currently only supports equality on the networkProjectId and must 4320 // be in the form: "networkProjectId=[PROJECTID]", where `networkProjectId` 4321 // is the project which owns the listed subnetworks. This defaults to the 4322 // parent project ID. 4323 string filter = 2; 4324 4325 // The max number of results per page that should be returned. If the number 4326 // of available results is larger than `page_size`, a `next_page_token` is 4327 // returned which can be used to get the next page of results in subsequent 4328 // requests. Acceptable values are 0 to 500, inclusive. (Default: 500) 4329 int32 page_size = 3; 4330 4331 // Specifies a page token to use. Set this to the nextPageToken returned by 4332 // previous list requests to get the next page of results. 4333 string page_token = 4; 4334} 4335 4336// ListUsableSubnetworksResponse is the response of 4337// ListUsableSubnetworksRequest. 4338message ListUsableSubnetworksResponse { 4339 // A list of usable subnetworks in the specified network project. 4340 repeated UsableSubnetwork subnetworks = 1; 4341 4342 // This token allows you to get the next page of results for list requests. 4343 // If the number of results is larger than `page_size`, use the 4344 // `next_page_token` as a value for the query parameter `page_token` in the 4345 // next request. The value will become empty when there are no more pages. 4346 string next_page_token = 2; 4347} 4348 4349// Secondary IP range of a usable subnetwork. 4350message UsableSubnetworkSecondaryRange { 4351 // Status shows the current usage of a secondary IP range. 4352 enum Status { 4353 // UNKNOWN is the zero value of the Status enum. It's not a valid status. 4354 UNKNOWN = 0; 4355 4356 // UNUSED denotes that this range is unclaimed by any cluster. 4357 UNUSED = 1; 4358 4359 // IN_USE_SERVICE denotes that this range is claimed by cluster(s) for 4360 // services. User-managed services range can be shared between clusters 4361 // within the same subnetwork. 4362 IN_USE_SERVICE = 2; 4363 4364 // IN_USE_SHAREABLE_POD denotes this range was created by the network admin 4365 // and is currently claimed by a cluster for pods. It can only be used by 4366 // other clusters as a pod range. 4367 IN_USE_SHAREABLE_POD = 3; 4368 4369 // IN_USE_MANAGED_POD denotes this range was created by GKE and is claimed 4370 // for pods. It cannot be used for other clusters. 4371 IN_USE_MANAGED_POD = 4; 4372 } 4373 4374 // The name associated with this subnetwork secondary range, used when adding 4375 // an alias IP range to a VM instance. 4376 string range_name = 1; 4377 4378 // The range of IP addresses belonging to this subnetwork secondary range. 4379 string ip_cidr_range = 2; 4380 4381 // This field is to determine the status of the secondary range programmably. 4382 Status status = 3; 4383} 4384 4385// UsableSubnetwork resource returns the subnetwork name, its associated network 4386// and the primary CIDR range. 4387message UsableSubnetwork { 4388 // Subnetwork Name. 4389 // Example: projects/my-project/regions/us-central1/subnetworks/my-subnet 4390 string subnetwork = 1; 4391 4392 // Network Name. 4393 // Example: projects/my-project/global/networks/my-network 4394 string network = 2; 4395 4396 // The range of internal addresses that are owned by this subnetwork. 4397 string ip_cidr_range = 3; 4398 4399 // Secondary IP ranges. 4400 repeated UsableSubnetworkSecondaryRange secondary_ip_ranges = 4; 4401 4402 // A human readable status message representing the reasons for cases where 4403 // the caller cannot use the secondary ranges under the subnet. For example if 4404 // the secondary_ip_ranges is empty due to a permission issue, an insufficient 4405 // permission message will be given by status_message. 4406 string status_message = 5; 4407} 4408 4409// Configuration for exporting cluster resource usages. 4410message ResourceUsageExportConfig { 4411 // Parameters for using BigQuery as the destination of resource usage export. 4412 message BigQueryDestination { 4413 // The ID of a BigQuery Dataset. 4414 string dataset_id = 1; 4415 } 4416 4417 // Parameters for controlling consumption metering. 4418 message ConsumptionMeteringConfig { 4419 // Whether to enable consumption metering for this cluster. If enabled, a 4420 // second BigQuery table will be created to hold resource consumption 4421 // records. 4422 bool enabled = 1; 4423 } 4424 4425 // Configuration to use BigQuery as usage export destination. 4426 BigQueryDestination bigquery_destination = 1; 4427 4428 // Whether to enable network egress metering for this cluster. If enabled, a 4429 // daemonset will be created in the cluster to meter network egress traffic. 4430 bool enable_network_egress_metering = 2; 4431 4432 // Configuration to enable resource consumption metering. 4433 ConsumptionMeteringConfig consumption_metering_config = 3; 4434} 4435 4436// VerticalPodAutoscaling contains global, per-cluster information 4437// required by Vertical Pod Autoscaler to automatically adjust 4438// the resources of pods controlled by it. 4439message VerticalPodAutoscaling { 4440 // Enables vertical pod autoscaling. 4441 bool enabled = 1; 4442} 4443 4444// DefaultSnatStatus contains the desired state of whether default sNAT should 4445// be disabled on the cluster. 4446message DefaultSnatStatus { 4447 // Disables cluster default sNAT rules. 4448 bool disabled = 1; 4449} 4450 4451// Configuration of Shielded Nodes feature. 4452message ShieldedNodes { 4453 // Whether Shielded Nodes features are enabled on all nodes in this cluster. 4454 bool enabled = 1; 4455} 4456 4457// Configuration of gVNIC feature. 4458message VirtualNIC { 4459 // Whether gVNIC features are enabled in the node pool. 4460 bool enabled = 1; 4461} 4462 4463// Configuration of Fast Socket feature. 4464message FastSocket { 4465 // Whether Fast Socket features are enabled in the node pool. 4466 bool enabled = 1; 4467} 4468 4469// PrivateIPv6GoogleAccess controls whether and how the pods can communicate 4470// with Google Services through gRPC over IPv6. 4471enum PrivateIPv6GoogleAccess { 4472 // Default value. Same as DISABLED 4473 PRIVATE_IPV6_GOOGLE_ACCESS_UNSPECIFIED = 0; 4474 4475 // No private access to or from Google Services 4476 PRIVATE_IPV6_GOOGLE_ACCESS_DISABLED = 1; 4477 4478 // Enables private IPv6 access to Google Services from GKE 4479 PRIVATE_IPV6_GOOGLE_ACCESS_TO_GOOGLE = 2; 4480 4481 // Enables private IPv6 access to and from Google Services 4482 PRIVATE_IPV6_GOOGLE_ACCESS_BIDIRECTIONAL = 3; 4483} 4484 4485// NotificationConfig is the configuration of notifications. 4486message NotificationConfig { 4487 // Types of notifications currently supported. Can be used to filter what 4488 // notifications are sent. 4489 enum EventType { 4490 // Not set, will be ignored. 4491 EVENT_TYPE_UNSPECIFIED = 0; 4492 4493 // Corresponds with UpgradeAvailableEvent. 4494 UPGRADE_AVAILABLE_EVENT = 1; 4495 4496 // Corresponds with UpgradeEvent. 4497 UPGRADE_EVENT = 2; 4498 4499 // Corresponds with SecurityBulletinEvent. 4500 SECURITY_BULLETIN_EVENT = 3; 4501 } 4502 4503 // Pub/Sub specific notification config. 4504 message PubSub { 4505 // Enable notifications for Pub/Sub. 4506 bool enabled = 1; 4507 4508 // The desired Pub/Sub topic to which notifications will be 4509 // sent by GKE. Format is `projects/{project}/topics/{topic}`. 4510 string topic = 2 [ 4511 (google.api.resource_reference) = { type: "pubsub.googleapis.com/Topic" } 4512 ]; 4513 4514 // Allows filtering to one or more specific event types. If no filter is 4515 // specified, or if a filter is specified with no event types, all event 4516 // types will be sent 4517 Filter filter = 3; 4518 } 4519 4520 // Allows filtering to one or more specific event types. If event types are 4521 // present, those and only those event types will be transmitted to the 4522 // cluster. Other types will be skipped. If no filter is specified, or no 4523 // event types are present, all event types will be sent 4524 message Filter { 4525 // Event types to allowlist. 4526 repeated EventType event_type = 1; 4527 } 4528 4529 // Notification config for Pub/Sub. 4530 PubSub pubsub = 1; 4531} 4532 4533// ConfidentialNodes is configuration for the confidential nodes feature, which 4534// makes nodes run on confidential VMs. 4535message ConfidentialNodes { 4536 // Whether Confidential Nodes feature is enabled. 4537 bool enabled = 1; 4538} 4539 4540// UpgradeResourceType is the resource type that is upgrading. It is used 4541// in upgrade notifications. 4542enum UpgradeResourceType { 4543 // Default value. This shouldn't be used. 4544 UPGRADE_RESOURCE_TYPE_UNSPECIFIED = 0; 4545 4546 // Master / control plane 4547 MASTER = 1; 4548 4549 // Node pool 4550 NODE_POOL = 2; 4551} 4552 4553// UpgradeEvent is a notification sent to customers by the cluster server when 4554// a resource is upgrading. 4555message UpgradeEvent { 4556 // The resource type that is upgrading. 4557 UpgradeResourceType resource_type = 1; 4558 4559 // The operation associated with this upgrade. 4560 string operation = 2; 4561 4562 // The time when the operation was started. 4563 google.protobuf.Timestamp operation_start_time = 3; 4564 4565 // The current version before the upgrade. 4566 string current_version = 4; 4567 4568 // The target version for the upgrade. 4569 string target_version = 5; 4570 4571 // Optional relative path to the resource. For example in node pool upgrades, 4572 // the relative path of the node pool. 4573 string resource = 6; 4574} 4575 4576// UpgradeAvailableEvent is a notification sent to customers when a new 4577// available version is released. 4578message UpgradeAvailableEvent { 4579 // The release version available for upgrade. 4580 string version = 1; 4581 4582 // The resource type of the release version. 4583 UpgradeResourceType resource_type = 2; 4584 4585 // The release channel of the version. If empty, it means a non-channel 4586 // release. 4587 ReleaseChannel release_channel = 3; 4588 4589 // Optional relative path to the resource. For example, the relative path of 4590 // the node pool. 4591 string resource = 4; 4592} 4593 4594// SecurityBulletinEvent is a notification sent to customers when a security 4595// bulletin has been posted that they are vulnerable to. 4596message SecurityBulletinEvent { 4597 // The resource type (node/control plane) that has the vulnerability. Multiple 4598 // notifications (1 notification per resource type) will be sent for a 4599 // vulnerability that affects > 1 resource type. 4600 string resource_type_affected = 1; 4601 4602 // The ID of the bulletin corresponding to the vulnerability. 4603 string bulletin_id = 2; 4604 4605 // The CVEs associated with this bulletin. 4606 repeated string cve_ids = 3; 4607 4608 // The severity of this bulletin as it relates to GKE. 4609 string severity = 4; 4610 4611 // The URI link to the bulletin on the website for more information. 4612 string bulletin_uri = 5; 4613 4614 // A brief description of the bulletin. See the bulletin pointed to by the 4615 // bulletin_uri field for an expanded description. 4616 string brief_description = 6; 4617 4618 // The GKE minor versions affected by this vulnerability. 4619 repeated string affected_supported_minors = 7; 4620 4621 // The GKE versions where this vulnerability is patched. 4622 repeated string patched_versions = 8; 4623 4624 // This represents a version selected from the patched_versions field that 4625 // the cluster receiving this notification should most likely want to upgrade 4626 // to based on its current version. Note that if this notification is being 4627 // received by a given cluster, it means that this version is currently 4628 // available as an upgrade target in that cluster's location. 4629 string suggested_upgrade_target = 9; 4630 4631 // If this field is specified, it means there are manual steps that the user 4632 // must take to make their clusters safe. 4633 bool manual_steps_required = 10; 4634} 4635 4636// Autopilot is the configuration for Autopilot settings on the cluster. 4637message Autopilot { 4638 // Enable Autopilot 4639 bool enabled = 1; 4640} 4641 4642// LoggingConfig is cluster logging configuration. 4643message LoggingConfig { 4644 // Logging components configuration 4645 LoggingComponentConfig component_config = 1; 4646} 4647 4648// LoggingComponentConfig is cluster logging component configuration. 4649message LoggingComponentConfig { 4650 // GKE components exposing logs 4651 enum Component { 4652 // Default value. This shouldn't be used. 4653 COMPONENT_UNSPECIFIED = 0; 4654 4655 // system components 4656 SYSTEM_COMPONENTS = 1; 4657 4658 // workloads 4659 WORKLOADS = 2; 4660 4661 // kube-apiserver 4662 APISERVER = 3; 4663 4664 // kube-scheduler 4665 SCHEDULER = 4; 4666 4667 // kube-controller-manager 4668 CONTROLLER_MANAGER = 5; 4669 } 4670 4671 // Select components to collect logs. An empty set would disable all logging. 4672 repeated Component enable_components = 1; 4673} 4674 4675// MonitoringConfig is cluster monitoring configuration. 4676message MonitoringConfig { 4677 // Monitoring components configuration 4678 MonitoringComponentConfig component_config = 1; 4679 4680 // Enable Google Cloud Managed Service for Prometheus 4681 // in the cluster. 4682 ManagedPrometheusConfig managed_prometheus_config = 2; 4683} 4684 4685// NodePoolLoggingConfig specifies logging configuration for nodepools. 4686message NodePoolLoggingConfig { 4687 // Logging variant configuration. 4688 LoggingVariantConfig variant_config = 1; 4689} 4690 4691// LoggingVariantConfig specifies the behaviour of the logging component. 4692message LoggingVariantConfig { 4693 // Logging component variants. 4694 enum Variant { 4695 // Default value. This shouldn't be used. 4696 VARIANT_UNSPECIFIED = 0; 4697 4698 // default logging variant. 4699 DEFAULT = 1; 4700 4701 // maximum logging throughput variant. 4702 MAX_THROUGHPUT = 2; 4703 } 4704 4705 // Logging variant deployed on nodes. 4706 Variant variant = 1; 4707} 4708 4709// MonitoringComponentConfig is cluster monitoring component configuration. 4710message MonitoringComponentConfig { 4711 // GKE components exposing metrics 4712 enum Component { 4713 // Default value. This shouldn't be used. 4714 COMPONENT_UNSPECIFIED = 0; 4715 4716 // system components 4717 SYSTEM_COMPONENTS = 1; 4718 4719 // kube-apiserver 4720 APISERVER = 3; 4721 4722 // kube-scheduler 4723 SCHEDULER = 4; 4724 4725 // kube-controller-manager 4726 CONTROLLER_MANAGER = 5; 4727 } 4728 4729 // Select components to collect metrics. An empty set would disable all 4730 // monitoring. 4731 repeated Component enable_components = 1; 4732} 4733 4734// The datapath provider selects the implementation of the Kubernetes networking 4735// model for service resolution and network policy enforcement. 4736enum DatapathProvider { 4737 // Default value. 4738 DATAPATH_PROVIDER_UNSPECIFIED = 0; 4739 4740 // Use the IPTables implementation based on kube-proxy. 4741 LEGACY_DATAPATH = 1; 4742 4743 // Use the eBPF based GKE Dataplane V2 with additional features. See the [GKE 4744 // Dataplane V2 4745 // documentation](https://cloud.google.com/kubernetes-engine/docs/how-to/dataplane-v2) 4746 // for more. 4747 ADVANCED_DATAPATH = 2; 4748} 4749 4750// Strategy used for node pool update. 4751enum NodePoolUpdateStrategy { 4752 // Default value if unset. GKE internally defaults the update strategy to 4753 // SURGE for unspecified strategies. 4754 NODE_POOL_UPDATE_STRATEGY_UNSPECIFIED = 0; 4755 4756 // blue-green upgrade. 4757 BLUE_GREEN = 2; 4758 4759 // SURGE is the traditional way of upgrade a node pool. 4760 // max_surge and max_unavailable determines the level of upgrade parallelism. 4761 SURGE = 3; 4762} 4763 4764// ManagedPrometheusConfig defines the configuration for 4765// Google Cloud Managed Service for Prometheus. 4766message ManagedPrometheusConfig { 4767 // Enable Managed Collection. 4768 bool enabled = 1; 4769} 4770 4771// Fleet is the fleet configuration for the cluster. 4772message Fleet { 4773 // The Fleet host project(project ID or project number) where this cluster 4774 // will be registered to. This field cannot be changed after the cluster has 4775 // been registered. 4776 string project = 1; 4777 4778 // [Output only] The full resource name of the registered fleet membership of 4779 // the cluster, in the format 4780 // `//gkehub.googleapis.com/projects/*/locations/*/memberships/*`. 4781 string membership = 2; 4782 4783 // [Output only] Whether the cluster has been registered through the fleet 4784 // API. 4785 bool pre_registered = 3; 4786} 4787 4788// Possible values for IP stack type 4789enum StackType { 4790 // Default value, will be defaulted as IPV4 only 4791 STACK_TYPE_UNSPECIFIED = 0; 4792 4793 // Cluster is IPV4 only 4794 IPV4 = 1; 4795 4796 // Cluster can use both IPv4 and IPv6 4797 IPV4_IPV6 = 2; 4798} 4799 4800// Possible values for IPv6 access type 4801enum IPv6AccessType { 4802 // Default value, will be defaulted as type external. 4803 IPV6_ACCESS_TYPE_UNSPECIFIED = 0; 4804 4805 // Access type internal (all v6 addresses are internal IPs) 4806 INTERNAL = 1; 4807 4808 // Access type external (all v6 addresses are external IPs) 4809 EXTERNAL = 2; 4810} 4811 4812// LocalNvmeSsdBlockConfig contains configuration for using raw-block local 4813// NVMe SSD. 4814message LocalNvmeSsdBlockConfig { 4815 // The number of raw-block local NVMe SSD disks to be attached to the node. 4816 // Each local SSD is 375 GB in size. If zero, it means no raw-block local NVMe 4817 // SSD disks to be attached to the node. 4818 // The limit for this value is dependent upon the maximum number of 4819 // disks available on a machine per zone. See: 4820 // https://cloud.google.com/compute/docs/disks/local-ssd 4821 // for more information. 4822 int32 local_ssd_count = 1; 4823} 4824 4825// EphemeralStorageLocalSsdConfig contains configuration for the node ephemeral 4826// storage using Local SSD. 4827message EphemeralStorageLocalSsdConfig { 4828 // Number of local SSDs to use to back ephemeral storage. Uses NVMe 4829 // interfaces. Each local SSD is 375 GB in size. 4830 // If zero, it means to disable using local SSDs as ephemeral storage. 4831 // The limit for this value is dependent upon the maximum number of 4832 // disks available on a machine per zone. See: 4833 // https://cloud.google.com/compute/docs/disks/local-ssd 4834 // for more information. 4835 int32 local_ssd_count = 1; 4836} 4837