feat: [container] add API for GPU driver installation config (#4330)

- [ ] Regenerate this pull request now. --- feat: add SecurityPostureConfig API field to allow customers to enable GKE Security Posture capabilities for their clusters --- feat: add workloadPolicyConfig API field to allow customer enable NET_ADMIN capability for their autopilot clusters PiperOrigin-RevId: 539136563 Source-Link: https://togithub.com/googleapis/googleapis/commit/ca49cb95bdb183eb7d6009414dd2cfccdb727d61 Source-Link: https://togithub.com/googleapis/googleapis-gen/commit/b7903fd0e95031cce1ed78dbb82f44d7c3ba5ba1 Copy-Tag: eyJwIjoicGFja2FnZXMvZ29vZ2xlLWNvbnRhaW5lci8uT3dsQm90LnlhbWwiLCJoIjoiYjc5MDNmZDBlOTUwMzFjY2UxZWQ3OGRiYjgyZjQ0ZDdjM2JhNWJhMSJ9 BEGIN_NESTED_COMMIT feat: [container] add API for GPU driver installation config --- feat: add SecurityPostureConfig API field to allow customers to enable GKE Security Posture capabilities for their clusters --- feat: add workloadPolicyConfig API field to allow customer enable NET_ADMIN capability for their autopilot clusters PiperOrigin-RevId: 538770734 Source-Link: https://togithub.com/googleapis/googleapis/commit/b7e93121d514f1ab1f2b446de0969125a18914c8 Source-Link: https://togithub.com/googleapis/googleapis-gen/commit/0988e7e1feed3b087096b2167dc262320ead297a Copy-Tag: eyJwIjoicGFja2FnZXMvZ29vZ2xlLWNvbnRhaW5lci8uT3dsQm90LnlhbWwiLCJoIjoiMDk4OGU3ZTFmZWVkM2IwODcwOTZiMjE2N2RjMjYyMzIwZWFkMjk3YSJ9 END_NESTED_COMMIT
googleapis · Jun 13, 2023 · f5b1533 · f5b1533
1 parent 0552bb9
commit f5b1533
Show file tree

Hide file tree

Showing 5 changed files with 3,108 additions and 2 deletions.
diff --git a/packages/google-container/protos/google/container/v1/cluster_service.proto b/packages/google-container/protos/google/container/v1/cluster_service.proto
@@ -1911,6 +1911,9 @@ message Cluster {
   // Fleet information for the cluster.
   Fleet fleet = 140;
 
+  // Enable/Disable Security Posture API features for the cluster.
+  SecurityPostureConfig security_posture_config = 145;
+
   // Beta APIs Config
   K8sBetaAPIConfig enable_k8s_beta_apis = 143;
 }
@@ -1921,6 +1924,40 @@ message K8sBetaAPIConfig {
   repeated string enabled_apis = 1;
 }
 
+// SecurityPostureConfig defines the flags needed to enable/disable features for
+// the Security Posture API.
+message SecurityPostureConfig {
+  // Mode defines enablement mode for GKE Security posture features.
+  enum Mode {
+    // Default value not specified.
+    MODE_UNSPECIFIED = 0;
+
+    // Disables Security Posture features on the cluster.
+    DISABLED = 1;
+
+    // Applies Security Posture features on the cluster.
+    BASIC = 2;
+  }
+
+  // VulnerabilityMode defines enablement mode for vulnerability scanning.
+  enum VulnerabilityMode {
+    // Default value not specified.
+    VULNERABILITY_MODE_UNSPECIFIED = 0;
+
+    // Disables vulnerability scanning on the cluster.
+    VULNERABILITY_DISABLED = 1;
+
+    // Applies basic vulnerability scanning on the cluster.
+    VULNERABILITY_BASIC = 2;
+  }
+
+  // Sets which mode to use for Security Posture features.
+  optional Mode mode = 1;
+
+  // Sets which mode to use for vulnerability scanning.
+  optional VulnerabilityMode vulnerability_mode = 2;
+}
+
 // Node pool configs that apply to all auto-provisioned node pools
 // in autopilot clusters and node auto-provisioning enabled clusters.
 message NodePoolAutoConfig {
@@ -2145,9 +2182,15 @@ message ClusterUpdate {
   // Kubernetes open source beta apis enabled on the cluster. Only beta apis
   K8sBetaAPIConfig enable_k8s_beta_apis = 122;
 
+  // Enable/Disable Security Posture API features for the cluster.
+  SecurityPostureConfig desired_security_posture_config = 124;
+
   // Enable/Disable FQDN Network Policy for the cluster.
   optional bool desired_enable_fqdn_network_policy = 126;
 
+  // The desired workload policy configuration for the autopilot cluster.
+  WorkloadPolicyConfig desired_autopilot_workload_policy_config = 128;
+
   // Desired Beta APIs to be enabled for cluster.
   K8sBetaAPIConfig desired_k8s_beta_apis = 131;
 }
@@ -3956,6 +3999,9 @@ message AcceleratorConfig {
 
   // The configuration for GPU sharing options.
   optional GPUSharingConfig gpu_sharing_config = 5;
+
+  // The configuration for auto installation of GPU driver.
+  optional GPUDriverInstallationConfig gpu_driver_installation_config = 6;
 }
 
 // GPUSharingConfig represents the GPU sharing configuration for Hardware
@@ -3977,6 +4023,28 @@ message GPUSharingConfig {
   optional GPUSharingStrategy gpu_sharing_strategy = 2;
 }
 
+// GPUDriverInstallationConfig specifies the version of GPU driver to be auto
+// installed.
+message GPUDriverInstallationConfig {
+  // The GPU driver version to install.
+  enum GPUDriverVersion {
+    // Default value is to not install any GPU driver.
+    GPU_DRIVER_VERSION_UNSPECIFIED = 0;
+
+    // Disable GPU driver auto installation and needs manual installation
+    INSTALLATION_DISABLED = 1;
+
+    // "Default" GPU driver in COS and Ubuntu.
+    DEFAULT = 2;
+
+    // "Latest" GPU driver in COS.
+    LATEST = 3;
+  }
+
+  // Mode for how the GPU driver is installed.
+  optional GPUDriverVersion gpu_driver_version = 1;
+}
+
 // WorkloadMetadataConfig defines the metadata configuration to expose to
 // workloads on the node pool.
 message WorkloadMetadataConfig {
@@ -4785,6 +4853,16 @@ message SecurityBulletinEvent {
 message Autopilot {
   // Enable Autopilot
   bool enabled = 1;
+
+  // Workload policy configuration for Autopilot.
+  WorkloadPolicyConfig workload_policy_config = 2;
+}
+
+// WorkloadPolicyConfig is the configuration of workload policy for autopilot
+// clusters.
+message WorkloadPolicyConfig {
+  // If true, workloads can use NET_ADMIN capability.
+  optional bool allow_net_admin = 1;
 }
 
 // LoggingConfig is cluster logging configuration.

diff --git a/packages/google-container/protos/google/container/v1beta1/cluster_service.proto b/packages/google-container/protos/google/container/v1beta1/cluster_service.proto
@@ -2098,6 +2098,9 @@ message Cluster {
 
   // Fleet information for the cluster.
   Fleet fleet = 140;
+
+  // Enable/Disable Security Posture API features for the cluster.
+  SecurityPostureConfig security_posture_config = 145;
 }
 
 // Kubernetes open source beta apis enabled on the cluster.
@@ -2157,6 +2160,40 @@ message ProtectConfig {
   optional WorkloadVulnerabilityMode workload_vulnerability_mode = 2;
 }
 
+// SecurityPostureConfig defines the flags needed to enable/disable features for
+// the Security Posture API.
+message SecurityPostureConfig {
+  // Mode defines enablement mode for GKE Security posture features.
+  enum Mode {
+    // Default value not specified.
+    MODE_UNSPECIFIED = 0;
+
+    // Disables Security Posture features on the cluster.
+    DISABLED = 1;
+
+    // Applies Security Posture features on the cluster.
+    BASIC = 2;
+  }
+
+  // VulnerabilityMode defines enablement mode for vulnerability scanning.
+  enum VulnerabilityMode {
+    // Default value not specified.
+    VULNERABILITY_MODE_UNSPECIFIED = 0;
+
+    // Disables vulnerability scanning on the cluster.
+    VULNERABILITY_DISABLED = 1;
+
+    // Applies basic vulnerability scanning on the cluster.
+    VULNERABILITY_BASIC = 2;
+  }
+
+  // Sets which mode to use for Security Posture features.
+  optional Mode mode = 1;
+
+  // Sets which mode to use for vulnerability scanning.
+  optional VulnerabilityMode vulnerability_mode = 2;
+}
+
 // Subset of Nodepool message that has defaults.
 message NodePoolDefaults {
   // Subset of NodeConfig message that has defaults.
@@ -2405,9 +2442,15 @@ message ClusterUpdate {
   // Kubernetes open source beta apis enabled on the cluster. Only beta apis
   K8sBetaAPIConfig enable_k8s_beta_apis = 122;
 
+  // Enable/Disable Security Posture API features for the cluster.
+  SecurityPostureConfig desired_security_posture_config = 124;
+
   // Enable/Disable FQDN Network Policy for the cluster.
   optional bool desired_enable_fqdn_network_policy = 126;
 
+  // The desired workload policy configuration for the autopilot cluster.
+  WorkloadPolicyConfig desired_autopilot_workload_policy_config = 128;
+
   // Beta APIs enabled for cluster.
   K8sBetaAPIConfig desired_k8s_beta_apis = 131;
 }
@@ -4326,6 +4369,9 @@ message AcceleratorConfig {
 
   // The configuration for GPU sharing options.
   optional GPUSharingConfig gpu_sharing_config = 5;
+
+  // The configuration for auto installation of GPU driver.
+  optional GPUDriverInstallationConfig gpu_driver_installation_config = 6;
 }
 
 // GPUSharingConfig represents the GPU sharing configuration for Hardware
@@ -4347,6 +4393,28 @@ message GPUSharingConfig {
   optional GPUSharingStrategy gpu_sharing_strategy = 2;
 }
 
+// GPUDriverInstallationConfig specifies the version of GPU driver to be auto
+// installed.
+message GPUDriverInstallationConfig {
+  // The GPU driver version to install.
+  enum GPUDriverVersion {
+    // Default value is to not install any GPU driver.
+    GPU_DRIVER_VERSION_UNSPECIFIED = 0;
+
+    // Disable GPU driver auto installation and needs manual installation
+    INSTALLATION_DISABLED = 1;
+
+    // "Default" GPU driver in COS and Ubuntu.
+    DEFAULT = 2;
+
+    // "Latest" GPU driver in COS.
+    LATEST = 3;
+  }
+
+  // Mode for how the GPU driver is installed.
+  optional GPUDriverVersion gpu_driver_version = 1;
+}
+
 // ManagedPrometheusConfig defines the configuration for
 // Google Cloud Managed Service for Prometheus.
 message ManagedPrometheusConfig {
@@ -5132,6 +5200,16 @@ message Master {}
 message Autopilot {
   // Enable Autopilot
   bool enabled = 1;
+
+  // Workload policy configuration for Autopilot.
+  WorkloadPolicyConfig workload_policy_config = 2;
+}
+
+// WorkloadPolicyConfig is the configuration of workload policy for autopilot
+// clusters.
+message WorkloadPolicyConfig {
+  // If true, workloads can use NET_ADMIN capability.
+  optional bool allow_net_admin = 1;
 }
 
 // NotificationConfig is the configuration of notifications.