diff --git a/google/container/v1/cluster_service.proto b/google/container/v1/cluster_service.proto
index 6363fc9496dac..040173ec22ff4 100644
--- a/google/container/v1/cluster_service.proto
+++ b/google/container/v1/cluster_service.proto
@@ -1,4 +1,4 @@
-// Copyright 2019 Google LLC.
+// Copyright 2020 Google LLC
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -11,7 +11,6 @@
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
-//
syntax = "proto3";
@@ -65,7 +64,8 @@ service ClusterManager {
// Compute Engine instances.
//
// By default, the cluster is created in the project's
- // [default network](https://cloud.google.com/compute/docs/networks-and-firewalls#networks).
+ // [default
+ // network](https://cloud.google.com/compute/docs/networks-and-firewalls#networks).
//
// One firewall is added for the cluster. After cluster creation,
// the Kubelet creates routes for each node to allow the containers
@@ -168,7 +168,11 @@ service ClusterManager {
}
// Sets the locations for a specific cluster.
+ // Deprecated. Use
+ // [projects.locations.clusters.update](https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1/projects.locations.clusters/update)
+ // instead.
rpc SetLocations(SetLocationsRequest) returns (Operation) {
+ option deprecated = true;
option (google.api.http) = {
post: "/v1/{name=projects/*/locations/*/clusters/*}:setLocations"
body: "*"
@@ -249,6 +253,7 @@ service ClusterManager {
}
};
option (google.api.method_signature) = "project_id,zone,operation_id";
+ option (google.api.method_signature) = "name";
}
// Cancels the specified operation.
@@ -277,6 +282,16 @@ service ClusterManager {
option (google.api.method_signature) = "name";
}
+ // Gets the public component of the cluster signing keys in
+ // JSON Web Key format.
+ // This API is not yet intended for general use, and is not available for all
+ // clusters.
+ rpc GetJSONWebKeys(GetJSONWebKeysRequest) returns (GetJSONWebKeysResponse) {
+ option (google.api.http) = {
+ get: "/v1/{parent=projects/*/locations/*/clusters/*}/jwks"
+ };
+ }
+
// Lists the node pools for a cluster.
rpc ListNodePools(ListNodePoolsRequest) returns (ListNodePoolsResponse) {
option (google.api.http) = {
@@ -459,11 +474,9 @@ service ClusterManager {
// Parameters that describe the nodes in a cluster.
message NodeConfig {
// The name of a Google Compute Engine [machine
- // type](https://cloud.google.com/compute/docs/machine-types) (e.g.
- // `n1-standard-1`).
+ // type](https://cloud.google.com/compute/docs/machine-types)
//
- // If unspecified, the default machine type is
- // `n1-standard-1`.
+ // If unspecified, the default machine type is `e2-medium`.
string machine_type = 1;
// Size of the disk attached to each node, specified in GB.
@@ -482,41 +495,46 @@ message NodeConfig {
// persistent storage on your nodes.
// * `https://www.googleapis.com/auth/devstorage.read_only` is required for
// communicating with **gcr.io**
- // (the [Google Container Registry](https://cloud.google.com/container-registry/)).
+ // (the [Google Container
+ // Registry](https://cloud.google.com/container-registry/)).
//
// If unspecified, no scopes are added, unless Cloud Logging or Cloud
// Monitoring are enabled, in which case their required scopes will be added.
repeated string oauth_scopes = 3;
- // The Google Cloud Platform Service Account to be used by the node VMs. If
- // no Service Account is specified, the "default" service account is used.
+ // The Google Cloud Platform Service Account to be used by the node VMs.
+ // Specify the email address of the Service Account; otherwise, if no Service
+ // Account is specified, the "default" service account is used.
string service_account = 9;
// The metadata key/value pairs assigned to instances in the cluster.
//
- // Keys must conform to the regexp [a-zA-Z0-9-_]+ and be less than 128 bytes
+ // Keys must conform to the regexp `[a-zA-Z0-9-_]+` and be less than 128 bytes
// in length. These are reflected as part of a URL in the metadata server.
// Additionally, to avoid ambiguity, keys must not conflict with any other
// metadata keys for the project or be one of the reserved keys:
- // "cluster-location"
- // "cluster-name"
- // "cluster-uid"
- // "configure-sh"
- // "containerd-configure-sh"
- // "enable-os-login"
- // "gci-update-strategy"
- // "gci-ensure-gke-docker"
- // "instance-template"
- // "kube-env"
- // "startup-script"
- // "user-data"
- // "disable-address-manager"
- // "windows-startup-script-ps1"
- // "common-psm1"
- // "k8s-node-setup-psm1"
- // "install-ssh-psm1"
- // "user-profile-psm1"
- // "serial-port-logging-enable"
+ // - "cluster-location"
+ // - "cluster-name"
+ // - "cluster-uid"
+ // - "configure-sh"
+ // - "containerd-configure-sh"
+ // - "enable-os-login"
+ // - "gci-ensure-gke-docker"
+ // - "gci-metrics-enabled"
+ // - "gci-update-strategy"
+ // - "instance-template"
+ // - "kube-env"
+ // - "startup-script"
+ // - "user-data"
+ // - "disable-address-manager"
+ // - "windows-startup-script-ps1"
+ // - "common-psm1"
+ // - "k8s-node-setup-psm1"
+ // - "install-ssh-psm1"
+ // - "user-profile-psm1"
+ //
+ // The following keys are reserved for Windows nodes:
+ // - "serial-port-logging-enable"
//
// Values are free-form strings, and only have meaning as interpreted by
// the image running in the instance. The only restriction placed on them is
@@ -563,7 +581,8 @@ message NodeConfig {
// support for GPUs.
repeated AcceleratorConfig accelerators = 11;
- // Type of the disk attached to each node (e.g. 'pd-standard' or 'pd-ssd')
+ // Type of the disk attached to each node (e.g. 'pd-standard', 'pd-ssd' or
+ // 'pd-balanced')
//
// If unspecified, the default disk type is 'pd-standard'
string disk_type = 12;
@@ -571,20 +590,47 @@ message NodeConfig {
// Minimum CPU platform to be used by this instance. The instance may be
// scheduled on the specified or newer CPU platform. Applicable values are the
// friendly names of CPU platforms, such as
- // minCpuPlatform: "Intel Haswell"
or
- // minCpuPlatform: "Intel Sandy Bridge"
. For more
+ // `minCpuPlatform: "Intel Haswell"` or
+ // `minCpuPlatform: "Intel Sandy Bridge"`. For more
// information, read [how to specify min CPU
// platform](https://cloud.google.com/compute/docs/instances/specify-min-cpu-platform)
string min_cpu_platform = 13;
+ // The workload metadata configuration for this node.
+ WorkloadMetadataConfig workload_metadata_config = 14;
+
// List of kubernetes taints to be applied to each node.
//
// For more information, including usage and the valid values, see:
// https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
repeated NodeTaint taints = 15;
+ // Sandbox configuration for this node.
+ SandboxConfig sandbox_config = 17;
+
+ // Setting this field will assign instances of this
+ // pool to run on the specified node group. This is useful for running
+ // workloads on [sole tenant
+ // nodes](https://cloud.google.com/compute/docs/nodes/sole-tenant-nodes).
+ string node_group = 18;
+
+ // The optional reservation affinity. Setting this field will apply
+ // the specified [Zonal Compute
+ // Reservation](https://cloud.google.com/compute/docs/instances/reserving-zonal-resources)
+ // to this node pool.
+ ReservationAffinity reservation_affinity = 19;
+
// Shielded Instance options.
ShieldedInstanceConfig shielded_instance_config = 20;
+
+ //
+ // The Customer Managed Encryption Key used to encrypt the boot disk attached
+ // to each node in the node pool. This should be of the form
+ // projects/[KEY_PROJECT_ID]/locations/[LOCATION]/keyRings/[RING_NAME]/cryptoKeys/[KEY_NAME].
+ // For more information about protecting resources with Cloud KMS Keys please
+ // see:
+ // https://cloud.google.com/compute/docs/disks/customer-managed-encryption
+ string boot_disk_kms_key = 23;
}
// A set of Shielded Instance options.
@@ -605,11 +651,59 @@ message ShieldedInstanceConfig {
bool enable_integrity_monitoring = 2;
}
+// SandboxConfig contains configurations of the sandbox to use for the node.
+message SandboxConfig {
+ // Possible types of sandboxes.
+ enum Type {
+ // Default value. This should not be used.
+ UNSPECIFIED = 0;
+
+ // Run sandbox using gvisor.
+ GVISOR = 1;
+ }
+
+ // Type of the sandbox to use for the node.
+ Type type = 2;
+}
+
+// [ReservationAffinity](https://cloud.google.com/compute/docs/instances/reserving-zonal-resources)
+// is the configuration of desired reservation which instances could take
+// capacity from.
+message ReservationAffinity {
+ // Indicates whether to consume capacity from a reservation or not.
+ enum Type {
+ // Default value. This should not be used.
+ UNSPECIFIED = 0;
+
+ // Do not consume from any reserved capacity.
+ NO_RESERVATION = 1;
+
+ // Consume any reservation available.
+ ANY_RESERVATION = 2;
+
+ // Must consume from a specific reservation. Must specify key value fields
+ // for specifying the reservations.
+ SPECIFIC_RESERVATION = 3;
+ }
+
+ // Corresponds to the type of reservation consumption.
+ Type consume_reservation_type = 1;
+
+ // Corresponds to the label key of a reservation resource. To target a
+ // SPECIFIC_RESERVATION by name, specify "googleapis.com/reservation-name" as
+ // the key and specify the name of your reservation as its value.
+ string key = 2;
+
+ // Corresponds to the label value(s) of reservation resource(s).
+ repeated string values = 3;
+}
+
// Kubernetes taint is comprised of three fields: key, value, and effect. Effect
// can only be one of three types: NoSchedule, PreferNoSchedule or NoExecute.
//
-// For more information, including usage and the valid values, see:
-// https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
+// See
+// [here](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration)
+// for more information, including usage and the valid values.
message NodeTaint {
// Possible values for Effect in taint.
enum Effect {
@@ -643,13 +737,23 @@ message MasterAuth {
// The username to use for HTTP basic authentication to the master endpoint.
// For clusters v1.6.0 and later, basic authentication can be disabled by
// leaving username unspecified (or setting it to the empty string).
- string username = 1;
+ //
+ // Warning: basic authentication is deprecated, and will be removed in GKE
+ // control plane versions 1.19 and newer. For a list of recommended
+ // authentication methods, see:
+ // https://cloud.google.com/kubernetes-engine/docs/how-to/api-server-authentication
+ string username = 1 [deprecated = true];
// The password to use for HTTP basic authentication to the master endpoint.
// Because the master endpoint is open to the Internet, you should create a
// strong password. If a password is provided for cluster creation, username
// must be non-empty.
- string password = 2;
+ //
+ // Warning: basic authentication is deprecated, and will be removed in GKE
+ // control plane versions 1.19 and newer. For a list of recommended
+ // authentication methods, see:
+ // https://cloud.google.com/kubernetes-engine/docs/how-to/api-server-authentication
+ string password = 2 [deprecated = true];
// Configuration for client certificate authentication on the cluster. For
// clusters before v1.12, if no configuration is specified, a client
@@ -702,6 +806,13 @@ message AddonsConfig {
// Configuration for the Cloud Run addon, which allows the user to use a
// managed Knative service.
CloudRunConfig cloud_run_config = 7;
+
+ // Configuration for NodeLocalDNS, a dns cache running on cluster nodes
+ DnsCacheConfig dns_cache_config = 8;
+
+ // Configuration for the ConfigConnector add-on, a Kubernetes
+ // extension to manage hosted GCP services through the Kubernetes API
+ ConfigConnectorConfig config_connector_config = 10;
}
// Configuration options for the HTTP (L7) load balancing controller addon,
@@ -718,8 +829,8 @@ message HttpLoadBalancing {
// has based on the resource usage of the existing pods.
message HorizontalPodAutoscaling {
// Whether the Horizontal Pod Autoscaling feature is enabled in the cluster.
- // When enabled, it ensures that a Heapster pod is running in the cluster,
- // which is also used by the Cloud Monitoring service.
+ // When enabled, it ensures that metrics are collected into Stackdriver
+ // Monitoring.
bool disabled = 1;
}
@@ -737,6 +848,18 @@ message NetworkPolicyConfig {
bool disabled = 1;
}
+// Configuration for NodeLocal DNSCache
+message DnsCacheConfig {
+ // Whether NodeLocal DNSCache is enabled for this cluster.
+ bool enabled = 1;
+}
+
+// Configuration for controlling master global access settings.
+message PrivateClusterMasterGlobalAccessConfig {
+ // Whenever master is accessible globally or not.
+ bool enabled = 1;
+}
+
// Configuration options for private clusters.
message PrivateClusterConfig {
// Whether nodes have internal IP addresses only. If enabled, all nodes are
@@ -758,6 +881,12 @@ message PrivateClusterConfig {
// Output only. The external IP address of this cluster's master endpoint.
string public_endpoint = 5;
+
+ // Output only. The peering name in the customer VPC used by this cluster.
+ string peering_name = 7;
+
+ // Controls master global access settings.
+ PrivateClusterMasterGlobalAccessConfig master_global_access_config = 8;
}
// Configuration for returning group information from authenticators.
@@ -773,8 +902,29 @@ message AuthenticatorGroupsConfig {
// Configuration options for the Cloud Run feature.
message CloudRunConfig {
+ // Load balancer type of ingress service of Cloud Run.
+ enum LoadBalancerType {
+ // Load balancer type for Cloud Run is unspecified.
+ LOAD_BALANCER_TYPE_UNSPECIFIED = 0;
+
+ // Install external load balancer for Cloud Run.
+ LOAD_BALANCER_TYPE_EXTERNAL = 1;
+
+ // Install internal load balancer for Cloud Run.
+ LOAD_BALANCER_TYPE_INTERNAL = 2;
+ }
+
// Whether Cloud Run addon is enabled for this cluster.
bool disabled = 1;
+
+ // Which load balancer type is installed for Cloud Run.
+ LoadBalancerType load_balancer_type = 3;
+}
+
+// Configuration options for the Config Connector add-on.
+message ConfigConnectorConfig {
+ // Whether Cloud Connector is enabled for this cluster.
+ bool enabled = 1;
}
// Configuration options for the master authorized networks feature. Enabled
@@ -838,6 +988,9 @@ message BinaryAuthorization {
// Configuration for controlling how IPs are allocated in the cluster.
message IPAllocationPolicy {
// Whether alias IPs will be used for pod IPs in the cluster.
+ // This is used in conjunction with use_routes. It cannot
+ // be true if use_routes is true. If both use_ip_aliases and use_routes are
+ // false, then the server picks the default IP allocation mode
bool use_ip_aliases = 1;
// Whether a new subnetwork will be created automatically for the cluster.
@@ -943,6 +1096,12 @@ message IPAllocationPolicy {
// `10.0.0.0/8`, `172.16.0.0/12`, `192.168.0.0/16`) to pick a specific range
// to use.
string tpu_ipv4_cidr_block = 13;
+
+ // Whether routes will be used for pod IPs in the cluster.
+ // This is used in conjunction with use_ip_aliases. It cannot be true if
+ // use_ip_aliases is true. If both use_ip_aliases and use_routes are false,
+ // then the server picks the default IP allocation mode
+ bool use_routes = 15;
}
// A Google Kubernetes Engine cluster.
@@ -967,8 +1126,8 @@ message Cluster {
// The STOPPING state indicates the cluster is being deleted.
STOPPING = 4;
- // The ERROR state indicates the cluster may be unusable. Details
- // can be found in the `statusMessage` field.
+ // The ERROR state indicates the cluster is unusable. It will be
+ // automatically deleted. Details can be found in the `statusMessage` field.
ERROR = 5;
// The DEGRADED state indicates the cluster requires user action to restore
@@ -1023,25 +1182,33 @@ message Cluster {
// The logging service the cluster should use to write logs.
// Currently available options:
//
- // * "logging.googleapis.com/kubernetes" - the Google Cloud Logging
- // service with Kubernetes-native resource model
- // * `logging.googleapis.com` - the Google Cloud Logging service.
+ // * `logging.googleapis.com/kubernetes` - The Cloud Logging
+ // service with a Kubernetes-native resource model
+ // * `logging.googleapis.com` - The legacy Cloud Logging service (no longer
+ // available as of GKE 1.15).
// * `none` - no logs will be exported from the cluster.
- // * if left as an empty string,`logging.googleapis.com` will be used.
+ //
+ // If left as an empty string,`logging.googleapis.com/kubernetes` will be
+ // used for GKE 1.14+ or `logging.googleapis.com` for earlier versions.
string logging_service = 6;
// The monitoring service the cluster should use to write metrics.
// Currently available options:
//
- // * `monitoring.googleapis.com` - the Google Cloud Monitoring service.
- // * `none` - no metrics will be exported from the cluster.
- // * if left as an empty string, `monitoring.googleapis.com` will be used.
+ // * "monitoring.googleapis.com/kubernetes" - The Cloud Monitoring
+ // service with a Kubernetes-native resource model
+ // * `monitoring.googleapis.com` - The legacy Cloud Monitoring service (no
+ // longer available as of GKE 1.15).
+ // * `none` - No metrics will be exported from the cluster.
+ //
+ // If left as an empty string,`monitoring.googleapis.com/kubernetes` will be
+ // used for GKE 1.14+ or `monitoring.googleapis.com` for earlier versions.
string monitoring_service = 7;
// The name of the Google Compute Engine
- // [network](https://cloud.google.com/compute/docs/networks-and-firewalls#networks) to which the
- // cluster is connected. If left unspecified, the `default` network
- // will be used.
+ // [network](https://cloud.google.com/compute/docs/networks-and-firewalls#networks)
+ // to which the cluster is connected. If left unspecified, the `default`
+ // network will be used.
string network = 8;
// The IP address range of the container pods in this cluster, in
@@ -1054,8 +1221,8 @@ message Cluster {
AddonsConfig addons_config = 10;
// The name of the Google Compute Engine
- // [subnetwork](https://cloud.google.com/compute/docs/subnetworks) to which the
- // cluster is connected.
+ // [subnetwork](https://cloud.google.com/compute/docs/subnetworks) to which
+ // the cluster is connected.
string subnetwork = 11;
// The node pools associated with this cluster.
@@ -1064,8 +1231,16 @@ message Cluster {
repeated NodePool node_pools = 12;
// The list of Google Compute Engine
- // [zones](https://cloud.google.com/compute/docs/zones#available) in which the cluster's nodes
- // should be located.
+ // [zones](https://cloud.google.com/compute/docs/zones#available) in which the
+ // cluster's nodes should be located.
+ //
+ // This field provides a default value if
+ // [NodePool.Locations](https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1/projects.locations.clusters.nodePools#NodePool.FIELDS.locations)
+ // are not specified during node pool creation.
+ //
+ // Warning: changing cluster locations will update the
+ // [NodePool.Locations](https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1/projects.locations.clusters.nodePools#NodePool.FIELDS.locations)
+ // of all node pools and will result in nodes being added and/or removed.
repeated string locations = 13;
// Kubernetes alpha features are enabled on this cluster. This includes alpha
@@ -1128,13 +1303,22 @@ message Cluster {
// Cluster-level Vertical Pod Autoscaling configuration.
VerticalPodAutoscaling vertical_pod_autoscaling = 39;
+ // Shielded Nodes configuration.
+ ShieldedNodes shielded_nodes = 40;
+
+ // Release channel configuration.
+ ReleaseChannel release_channel = 41;
+
+ // Configuration for the use of Kubernetes Service Accounts in GCP IAM
+ // policies.
+ WorkloadIdentityConfig workload_identity_config = 43;
+
// [Output only] Server-defined URL for the resource.
string self_link = 100;
// [Output only] The name of the Google Compute Engine
- // [zone](https://cloud.google.com/compute/docs/zones#available) in which the cluster
- // resides.
- // This field is deprecated, use location instead.
+ // [zone](https://cloud.google.com/compute/docs/zones#available) in which the
+ // cluster resides. This field is deprecated, use location instead.
string zone = 101 [deprecated = true];
// [Output only] The IP address of this cluster's master endpoint.
@@ -1164,7 +1348,7 @@ message Cluster {
string current_master_version = 104;
// [Output only] Deprecated, use
- // [NodePools.version](https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1/projects.zones.clusters.nodePools)
+ // [NodePools.version](https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1/projects.locations.clusters.nodePools)
// instead. The current version of the node software components. If they are
// currently at multiple versions because they're in the process of being
// upgraded, this reflects the minimum version of all nodes.
@@ -1177,9 +1361,10 @@ message Cluster {
// [Output only] The current status of this cluster.
Status status = 107;
- // [Output only] Additional information about the current status of this
+ // [Output only] Deprecated. Use conditions instead.
+ // Additional information about the current status of this
// cluster, if available.
- string status_message = 108;
+ string status_message = 108 [deprecated = true];
// [Output only] The size of the address space on each node for hosting
// containers. This is provisioned from within the `container_ipv4_cidr`
@@ -1206,9 +1391,10 @@ message Cluster {
string expire_time = 113;
// [Output only] The name of the Google Compute Engine
- // [zone](https://cloud.google.com/compute/docs/regions-zones/regions-zones#available) or
- // [region](https://cloud.google.com/compute/docs/regions-zones/regions-zones#available) in which
- // the cluster resides.
+ // [zone](https://cloud.google.com/compute/docs/regions-zones/regions-zones#available)
+ // or
+ // [region](https://cloud.google.com/compute/docs/regions-zones/regions-zones#available)
+ // in which the cluster resides.
string location = 114;
// Enable the ability to use Cloud TPUs in this cluster.
@@ -1243,10 +1429,14 @@ message ClusterUpdate {
// The monitoring service the cluster should use to write metrics.
// Currently available options:
//
- // * "monitoring.googleapis.com/kubernetes" - the Google Cloud Monitoring
- // service with Kubernetes-native resource model
- // * "monitoring.googleapis.com" - the Google Cloud Monitoring service
- // * "none" - no metrics will be exported from the cluster
+ // * "monitoring.googleapis.com/kubernetes" - The Cloud Monitoring
+ // service with a Kubernetes-native resource model
+ // * `monitoring.googleapis.com` - The legacy Cloud Monitoring service (no
+ // longer available as of GKE 1.15).
+ // * `none` - No metrics will be exported from the cluster.
+ //
+ // If left as an empty string,`monitoring.googleapis.com/kubernetes` will be
+ // used for GKE 1.14+ or `monitoring.googleapis.com` for earlier versions.
string desired_monitoring_service = 5;
// Configurations for the various addons available to run in the cluster.
@@ -1265,6 +1455,12 @@ message ClusterUpdate {
// Configuration of etcd encryption.
DatabaseEncryption desired_database_encryption = 46;
+ // Configuration for Workload Identity.
+ WorkloadIdentityConfig desired_workload_identity_config = 47;
+
+ // Configuration for Shielded Nodes.
+ ShieldedNodes desired_shielded_nodes = 48;
+
// Autoscaler configuration for the node pool specified in
// desired_node_pool_id. If there is only one pool in the
// cluster and desired_node_pool_id is not provided then
@@ -1272,12 +1468,13 @@ message ClusterUpdate {
NodePoolAutoscaling desired_node_pool_autoscaling = 9;
// The desired list of Google Compute Engine
- // [zones](https://cloud.google.com/compute/docs/zones#available) in which the cluster's nodes
- // should be located. Changing the locations a cluster is in will result
- // in nodes being either created or removed from the cluster, depending on
- // whether locations are being added or removed.
+ // [zones](https://cloud.google.com/compute/docs/zones#available) in which the
+ // cluster's nodes should be located.
//
// This list must always include the cluster's primary zone.
+ //
+ // Warning: changing cluster locations will update the locations of all node
+ // pools and will result in nodes being added and/or removed.
repeated string desired_locations = 10;
// The desired configuration options for master authorized networks feature.
@@ -1292,10 +1489,14 @@ message ClusterUpdate {
// The logging service the cluster should use to write logs.
// Currently available options:
//
- // * "logging.googleapis.com/kubernetes" - the Google Cloud Logging
- // service with Kubernetes-native resource model
- // * "logging.googleapis.com" - the Google Cloud Logging service
- // * "none" - no logs will be exported from the cluster
+ // * `logging.googleapis.com/kubernetes` - The Cloud Logging
+ // service with a Kubernetes-native resource model
+ // * `logging.googleapis.com` - The legacy Cloud Logging service (no longer
+ // available as of GKE 1.15).
+ // * `none` - no logs will be exported from the cluster.
+ //
+ // If left as an empty string,`logging.googleapis.com/kubernetes` will be
+ // used for GKE 1.14+ or `logging.googleapis.com` for earlier versions.
string desired_logging_service = 19;
// The desired configuration for exporting resource usage.
@@ -1304,9 +1505,18 @@ message ClusterUpdate {
// Cluster-level Vertical Pod Autoscaling configuration.
VerticalPodAutoscaling desired_vertical_pod_autoscaling = 22;
+ // The desired private cluster configuration.
+ PrivateClusterConfig desired_private_cluster_config = 25;
+
// The desired config of Intra-node visibility.
IntraNodeVisibilityConfig desired_intra_node_visibility_config = 26;
+ // The desired status of whether to disable default sNAT for this cluster.
+ DefaultSnatStatus desired_default_snat_status = 28;
+
+ // The desired release channel configuration.
+ ReleaseChannel desired_release_channel = 31;
+
// The Kubernetes version to change the master to.
//
// Users may specify either explicit versions offered by
@@ -1399,9 +1609,8 @@ message Operation {
string name = 1;
// The name of the Google Compute Engine
- // [zone](https://cloud.google.com/compute/docs/zones#available) in which the operation
- // is taking place.
- // This field is deprecated, use location instead.
+ // [zone](https://cloud.google.com/compute/docs/zones#available) in which the
+ // operation is taking place. This field is deprecated, use location instead.
string zone = 2 [deprecated = true];
// The operation type.
@@ -1413,8 +1622,8 @@ message Operation {
// Detailed operation progress, if available.
string detail = 8;
- // If an error has occurred, a textual description of the error.
- string status_message = 5;
+ // Output only. If an error has occurred, a textual description of the error.
+ string status_message = 5 [(google.api.field_behavior) = OUTPUT_ONLY];
// Server-defined URL for the resource.
string self_link = 6;
@@ -1423,9 +1632,10 @@ message Operation {
string target_link = 7;
// [Output only] The name of the Google Compute Engine
- // [zone](https://cloud.google.com/compute/docs/regions-zones/regions-zones#available) or
- // [region](https://cloud.google.com/compute/docs/regions-zones/regions-zones#available) in which
- // the cluster resides.
+ // [zone](https://cloud.google.com/compute/docs/regions-zones/regions-zones#available)
+ // or
+ // [region](https://cloud.google.com/compute/docs/regions-zones/regions-zones#available)
+ // in which the cluster resides.
string location = 9;
// [Output only] The time the operation started, in
@@ -1436,6 +1646,9 @@ message Operation {
// [RFC3339](https://www.ietf.org/rfc/rfc3339.txt) text format.
string end_time = 11;
+ // Output only. [Output only] Progress information for an operation.
+ OperationProgress progress = 12 [(google.api.field_behavior) = OUTPUT_ONLY];
+
// Which conditions caused the current cluster state.
repeated StatusCondition cluster_conditions = 13;
@@ -1443,6 +1656,46 @@ message Operation {
repeated StatusCondition nodepool_conditions = 14;
}
+// Information about operation (or operation stage) progress.
+message OperationProgress {
+ // Progress metric is (string, int|float|string) pair.
+ message Metric {
+ // Required. Metric name, e.g., "nodes total", "percent done".
+ string name = 1 [(google.api.field_behavior) = REQUIRED];
+
+ // Strictly one of the values is required.
+ oneof value {
+ // For metrics with integer value.
+ int64 int_value = 2;
+
+ // For metrics with floating point value.
+ double double_value = 3;
+
+ // For metrics with custom values (ratios, visual progress, etc.).
+ string string_value = 4;
+ }
+ }
+
+ // A non-parameterized string describing an operation stage.
+ // Unset for single-stage operations.
+ string name = 1;
+
+ // Status of an operation stage.
+ // Unset for single-stage operations.
+ Operation.Status status = 2;
+
+ // Progress metric bundle, for example:
+ // metrics: [{name: "nodes done", int_value: 15},
+ // {name: "nodes total", int_value: 32}]
+ // or
+ // metrics: [{name: "progress", double_value: 0.56},
+ // {name: "progress scale", double_value: 1.0}]
+ repeated Metric metrics = 3;
+
+ // Substages of an operation or a stage.
+ repeated OperationProgress stages = 4;
+}
+
// CreateClusterRequest creates a cluster.
message CreateClusterRequest {
// Deprecated. The Google Developers Console [project ID or project
@@ -1451,13 +1704,13 @@ message CreateClusterRequest {
string project_id = 1 [deprecated = true];
// Deprecated. The name of the Google Compute Engine
- // [zone](https://cloud.google.com/compute/docs/zones#available) in which the cluster
- // resides.
- // This field has been deprecated and replaced by the parent field.
+ // [zone](https://cloud.google.com/compute/docs/zones#available) in which the
+ // cluster resides. This field has been deprecated and replaced by the parent
+ // field.
string zone = 2 [deprecated = true];
// Required. A [cluster
- // resource](https://cloud.google.com/container-engine/reference/rest/v1/projects.zones.clusters)
+ // resource](https://cloud.google.com/container-engine/reference/rest/v1/projects.locations.clusters)
Cluster cluster = 3 [(google.api.field_behavior) = REQUIRED];
// The parent (project and location) where the cluster will be created.
@@ -1473,9 +1726,9 @@ message GetClusterRequest {
string project_id = 1 [deprecated = true];
// Deprecated. The name of the Google Compute Engine
- // [zone](https://cloud.google.com/compute/docs/zones#available) in which the cluster
- // resides.
- // This field has been deprecated and replaced by the name field.
+ // [zone](https://cloud.google.com/compute/docs/zones#available) in which the
+ // cluster resides. This field has been deprecated and replaced by the name
+ // field.
string zone = 2 [deprecated = true];
// Deprecated. The name of the cluster to retrieve.
@@ -1495,9 +1748,9 @@ message UpdateClusterRequest {
string project_id = 1 [deprecated = true];
// Deprecated. The name of the Google Compute Engine
- // [zone](https://cloud.google.com/compute/docs/zones#available) in which the cluster
- // resides.
- // This field has been deprecated and replaced by the name field.
+ // [zone](https://cloud.google.com/compute/docs/zones#available) in which the
+ // cluster resides. This field has been deprecated and replaced by the name
+ // field.
string zone = 2 [deprecated = true];
// Deprecated. The name of the cluster to upgrade.
@@ -1520,9 +1773,9 @@ message UpdateNodePoolRequest {
string project_id = 1 [deprecated = true];
// Deprecated. The name of the Google Compute Engine
- // [zone](https://cloud.google.com/compute/docs/zones#available) in which the cluster
- // resides.
- // This field has been deprecated and replaced by the name field.
+ // [zone](https://cloud.google.com/compute/docs/zones#available) in which the
+ // cluster resides. This field has been deprecated and replaced by the name
+ // field.
string zone = 2 [deprecated = true];
// Deprecated. The name of the cluster to upgrade.
@@ -1553,6 +1806,19 @@ message UpdateNodePoolRequest {
// update. Specified in the format
// `projects/*/locations/*/clusters/*/nodePools/*`.
string name = 8;
+
+ // The desired list of Google Compute Engine
+ // [zones](https://cloud.google.com/compute/docs/zones#available) in which the
+ // node pool's nodes should be located. Changing the locations for a node pool
+ // will result in nodes being either created or removed from the node pool,
+ // depending on whether locations are being added or removed.
+ repeated string locations = 13;
+
+ // The desired workload metadata config for the node pool.
+ WorkloadMetadataConfig workload_metadata_config = 14;
+
+ // Upgrade settings control disruption and speed of the upgrade.
+ NodePool.UpgradeSettings upgrade_settings = 15;
}
// SetNodePoolAutoscalingRequest sets the autoscaler settings of a node pool.
@@ -1563,9 +1829,9 @@ message SetNodePoolAutoscalingRequest {
string project_id = 1 [deprecated = true];
// Deprecated. The name of the Google Compute Engine
- // [zone](https://cloud.google.com/compute/docs/zones#available) in which the cluster
- // resides.
- // This field has been deprecated and replaced by the name field.
+ // [zone](https://cloud.google.com/compute/docs/zones#available) in which the
+ // cluster resides. This field has been deprecated and replaced by the name
+ // field.
string zone = 2 [deprecated = true];
// Deprecated. The name of the cluster to upgrade.
@@ -1593,20 +1859,26 @@ message SetLoggingServiceRequest {
string project_id = 1 [deprecated = true];
// Deprecated. The name of the Google Compute Engine
- // [zone](https://cloud.google.com/compute/docs/zones#available) in which the cluster
- // resides.
- // This field has been deprecated and replaced by the name field.
+ // [zone](https://cloud.google.com/compute/docs/zones#available) in which the
+ // cluster resides. This field has been deprecated and replaced by the name
+ // field.
string zone = 2 [deprecated = true];
// Deprecated. The name of the cluster to upgrade.
// This field has been deprecated and replaced by the name field.
string cluster_id = 3 [deprecated = true];
- // Required. The logging service the cluster should use to write metrics.
+ // Required. The logging service the cluster should use to write logs.
// Currently available options:
//
- // * "logging.googleapis.com" - the Google Cloud Logging service
- // * "none" - no metrics will be exported from the cluster
+ // * `logging.googleapis.com/kubernetes` - The Cloud Logging
+ // service with a Kubernetes-native resource model
+ // * `logging.googleapis.com` - The legacy Cloud Logging service (no longer
+ // available as of GKE 1.15).
+ // * `none` - no logs will be exported from the cluster.
+ //
+ // If left as an empty string,`logging.googleapis.com/kubernetes` will be
+ // used for GKE 1.14+ or `logging.googleapis.com` for earlier versions.
string logging_service = 4 [(google.api.field_behavior) = REQUIRED];
// The name (project, location, cluster) of the cluster to set logging.
@@ -1622,9 +1894,9 @@ message SetMonitoringServiceRequest {
string project_id = 1 [deprecated = true];
// Deprecated. The name of the Google Compute Engine
- // [zone](https://cloud.google.com/compute/docs/zones#available) in which the cluster
- // resides.
- // This field has been deprecated and replaced by the name field.
+ // [zone](https://cloud.google.com/compute/docs/zones#available) in which the
+ // cluster resides. This field has been deprecated and replaced by the name
+ // field.
string zone = 2 [deprecated = true];
// Deprecated. The name of the cluster to upgrade.
@@ -1634,10 +1906,14 @@ message SetMonitoringServiceRequest {
// Required. The monitoring service the cluster should use to write metrics.
// Currently available options:
//
- // * "monitoring.googleapis.com/kubernetes" - the Google Cloud Monitoring
- // service with Kubernetes-native resource model
- // * "monitoring.googleapis.com" - the Google Cloud Monitoring service
- // * "none" - no metrics will be exported from the cluster
+ // * "monitoring.googleapis.com/kubernetes" - The Cloud Monitoring
+ // service with a Kubernetes-native resource model
+ // * `monitoring.googleapis.com` - The legacy Cloud Monitoring service (no
+ // longer available as of GKE 1.15).
+ // * `none` - No metrics will be exported from the cluster.
+ //
+ // If left as an empty string,`monitoring.googleapis.com/kubernetes` will be
+ // used for GKE 1.14+ or `monitoring.googleapis.com` for earlier versions.
string monitoring_service = 4 [(google.api.field_behavior) = REQUIRED];
// The name (project, location, cluster) of the cluster to set monitoring.
@@ -1653,9 +1929,9 @@ message SetAddonsConfigRequest {
string project_id = 1 [deprecated = true];
// Deprecated. The name of the Google Compute Engine
- // [zone](https://cloud.google.com/compute/docs/zones#available) in which the cluster
- // resides.
- // This field has been deprecated and replaced by the name field.
+ // [zone](https://cloud.google.com/compute/docs/zones#available) in which the
+ // cluster resides. This field has been deprecated and replaced by the name
+ // field.
string zone = 2 [deprecated = true];
// Deprecated. The name of the cluster to upgrade.
@@ -1679,9 +1955,9 @@ message SetLocationsRequest {
string project_id = 1 [deprecated = true];
// Deprecated. The name of the Google Compute Engine
- // [zone](https://cloud.google.com/compute/docs/zones#available) in which the cluster
- // resides.
- // This field has been deprecated and replaced by the name field.
+ // [zone](https://cloud.google.com/compute/docs/zones#available) in which the
+ // cluster resides. This field has been deprecated and replaced by the name
+ // field.
string zone = 2 [deprecated = true];
// Deprecated. The name of the cluster to upgrade.
@@ -1689,10 +1965,10 @@ message SetLocationsRequest {
string cluster_id = 3 [deprecated = true];
// Required. The desired list of Google Compute Engine
- // [zones](https://cloud.google.com/compute/docs/zones#available) in which the cluster's nodes
- // should be located. Changing the locations a cluster is in will result
- // in nodes being either created or removed from the cluster, depending on
- // whether locations are being added or removed.
+ // [zones](https://cloud.google.com/compute/docs/zones#available) in which the
+ // cluster's nodes should be located. Changing the locations a cluster is in
+ // will result in nodes being either created or removed from the cluster,
+ // depending on whether locations are being added or removed.
//
// This list must always include the cluster's primary zone.
repeated string locations = 4 [(google.api.field_behavior) = REQUIRED];
@@ -1710,9 +1986,9 @@ message UpdateMasterRequest {
string project_id = 1 [deprecated = true];
// Deprecated. The name of the Google Compute Engine
- // [zone](https://cloud.google.com/compute/docs/zones#available) in which the cluster
- // resides.
- // This field has been deprecated and replaced by the name field.
+ // [zone](https://cloud.google.com/compute/docs/zones#available) in which the
+ // cluster resides. This field has been deprecated and replaced by the name
+ // field.
string zone = 2 [deprecated = true];
// Deprecated. The name of the cluster to upgrade.
@@ -1762,9 +2038,9 @@ message SetMasterAuthRequest {
string project_id = 1 [deprecated = true];
// Deprecated. The name of the Google Compute Engine
- // [zone](https://cloud.google.com/compute/docs/zones#available) in which the cluster
- // resides.
- // This field has been deprecated and replaced by the name field.
+ // [zone](https://cloud.google.com/compute/docs/zones#available) in which the
+ // cluster resides. This field has been deprecated and replaced by the name
+ // field.
string zone = 2 [deprecated = true];
// Deprecated. The name of the cluster to upgrade.
@@ -1790,9 +2066,9 @@ message DeleteClusterRequest {
string project_id = 1 [deprecated = true];
// Deprecated. The name of the Google Compute Engine
- // [zone](https://cloud.google.com/compute/docs/zones#available) in which the cluster
- // resides.
- // This field has been deprecated and replaced by the name field.
+ // [zone](https://cloud.google.com/compute/docs/zones#available) in which the
+ // cluster resides. This field has been deprecated and replaced by the name
+ // field.
string zone = 2 [deprecated = true];
// Deprecated. The name of the cluster to delete.
@@ -1812,9 +2088,9 @@ message ListClustersRequest {
string project_id = 1 [deprecated = true];
// Deprecated. The name of the Google Compute Engine
- // [zone](https://cloud.google.com/compute/docs/zones#available) in which the cluster
- // resides, or "-" for all zones.
- // This field has been deprecated and replaced by the parent field.
+ // [zone](https://cloud.google.com/compute/docs/zones#available) in which the
+ // cluster resides, or "-" for all zones. This field has been deprecated and
+ // replaced by the parent field.
string zone = 2 [deprecated = true];
// The parent (project and location) where the clusters will be listed.
@@ -1842,9 +2118,9 @@ message GetOperationRequest {
string project_id = 1 [deprecated = true];
// Deprecated. The name of the Google Compute Engine
- // [zone](https://cloud.google.com/compute/docs/zones#available) in which the cluster
- // resides.
- // This field has been deprecated and replaced by the name field.
+ // [zone](https://cloud.google.com/compute/docs/zones#available) in which the
+ // cluster resides. This field has been deprecated and replaced by the name
+ // field.
string zone = 2 [deprecated = true];
// Deprecated. The server-assigned `name` of the operation.
@@ -1864,8 +2140,9 @@ message ListOperationsRequest {
string project_id = 1 [deprecated = true];
// Deprecated. The name of the Google Compute Engine
- // [zone](https://cloud.google.com/compute/docs/zones#available) to return operations for, or `-` for
- // all zones. This field has been deprecated and replaced by the parent field.
+ // [zone](https://cloud.google.com/compute/docs/zones#available) to return
+ // operations for, or `-` for all zones. This field has been deprecated and
+ // replaced by the parent field.
string zone = 2 [deprecated = true];
// The parent (project and location) where the operations will be listed.
@@ -1882,8 +2159,9 @@ message CancelOperationRequest {
string project_id = 1 [deprecated = true];
// Deprecated. The name of the Google Compute Engine
- // [zone](https://cloud.google.com/compute/docs/zones#available) in which the operation resides.
- // This field has been deprecated and replaced by the name field.
+ // [zone](https://cloud.google.com/compute/docs/zones#available) in which the
+ // operation resides. This field has been deprecated and replaced by the name
+ // field.
string zone = 2 [deprecated = true];
// Deprecated. The server-assigned `name` of the operation.
@@ -1913,8 +2191,9 @@ message GetServerConfigRequest {
string project_id = 1 [deprecated = true];
// Deprecated. The name of the Google Compute Engine
- // [zone](https://cloud.google.com/compute/docs/zones#available) to return operations for.
- // This field has been deprecated and replaced by the name field.
+ // [zone](https://cloud.google.com/compute/docs/zones#available) to return
+ // operations for. This field has been deprecated and replaced by the name
+ // field.
string zone = 2 [deprecated = true];
// The name (project and location) of the server config to get,
@@ -1924,10 +2203,22 @@ message GetServerConfigRequest {
// Kubernetes Engine service configuration.
message ServerConfig {
+ // ReleaseChannelConfig exposes configuration for a release channel.
+ message ReleaseChannelConfig {
+ // The release channel this configuration applies to.
+ ReleaseChannel.Channel channel = 1;
+
+ // The default version for newly created clusters on the channel.
+ string default_version = 2;
+
+ // List of valid versions for the channel.
+ repeated string valid_versions = 4;
+ }
+
// Version of Kubernetes the service deploys by default.
string default_cluster_version = 1;
- // List of valid node upgrade target versions.
+ // List of valid node upgrade target versions, in descending order.
repeated string valid_node_versions = 3;
// Default image type.
@@ -1936,8 +2227,11 @@ message ServerConfig {
// List of valid image types.
repeated string valid_image_types = 5;
- // List of valid master versions.
+ // List of valid master versions, in descending order.
repeated string valid_master_versions = 6;
+
+ // List of release channel configurations.
+ repeated ReleaseChannelConfig channels = 9;
}
// CreateNodePoolRequest creates a node pool for a cluster.
@@ -1948,9 +2242,9 @@ message CreateNodePoolRequest {
string project_id = 1 [deprecated = true];
// Deprecated. The name of the Google Compute Engine
- // [zone](https://cloud.google.com/compute/docs/zones#available) in which the cluster
- // resides.
- // This field has been deprecated and replaced by the parent field.
+ // [zone](https://cloud.google.com/compute/docs/zones#available) in which the
+ // cluster resides. This field has been deprecated and replaced by the parent
+ // field.
string zone = 2 [deprecated = true];
// Deprecated. The name of the cluster.
@@ -1974,9 +2268,9 @@ message DeleteNodePoolRequest {
string project_id = 1 [deprecated = true];
// Deprecated. The name of the Google Compute Engine
- // [zone](https://cloud.google.com/compute/docs/zones#available) in which the cluster
- // resides.
- // This field has been deprecated and replaced by the name field.
+ // [zone](https://cloud.google.com/compute/docs/zones#available) in which the
+ // cluster resides. This field has been deprecated and replaced by the name
+ // field.
string zone = 2 [deprecated = true];
// Deprecated. The name of the cluster.
@@ -2001,9 +2295,9 @@ message ListNodePoolsRequest {
string project_id = 1 [deprecated = true];
// Deprecated. The name of the Google Compute Engine
- // [zone](https://cloud.google.com/compute/docs/zones#available) in which the cluster
- // resides.
- // This field has been deprecated and replaced by the parent field.
+ // [zone](https://cloud.google.com/compute/docs/zones#available) in which the
+ // cluster resides. This field has been deprecated and replaced by the parent
+ // field.
string zone = 2 [deprecated = true];
// Deprecated. The name of the cluster.
@@ -2023,9 +2317,9 @@ message GetNodePoolRequest {
string project_id = 1 [deprecated = true];
// Deprecated. The name of the Google Compute Engine
- // [zone](https://cloud.google.com/compute/docs/zones#available) in which the cluster
- // resides.
- // This field has been deprecated and replaced by the name field.
+ // [zone](https://cloud.google.com/compute/docs/zones#available) in which the
+ // cluster resides. This field has been deprecated and replaced by the name
+ // field.
string zone = 2 [deprecated = true];
// Deprecated. The name of the cluster.
@@ -2049,6 +2343,40 @@ message GetNodePoolRequest {
// during pod scheduling. They may also be resized up or down, to accommodate
// the workload.
message NodePool {
+ // These upgrade settings control the level of parallelism and the level of
+ // disruption caused by an upgrade.
+ //
+ // maxUnavailable controls the number of nodes that can be simultaneously
+ // unavailable.
+ //
+ // maxSurge controls the number of additional nodes that can be added to the
+ // node pool temporarily for the time of the upgrade to increase the number of
+ // available nodes.
+ //
+ // (maxUnavailable + maxSurge) determines the level of parallelism (how many
+ // nodes are being upgraded at the same time).
+ //
+ // Note: upgrades inevitably introduce some disruption since workloads need to
+ // be moved from old nodes to new, upgraded ones. Even if maxUnavailable=0,
+ // this holds true. (Disruption stays within the limits of
+ // PodDisruptionBudget, if it is configured.)
+ //
+ // Consider a hypothetical node pool with 5 nodes having maxSurge=2,
+ // maxUnavailable=1. This means the upgrade process upgrades 3 nodes
+ // simultaneously. It creates 2 additional (upgraded) nodes, then it brings
+ // down 3 old (not yet upgraded) nodes at the same time. This ensures that
+ // there are always at least 4 nodes available.
+ message UpgradeSettings {
+ // The maximum number of nodes that can be created beyond the current size
+ // of the node pool during the upgrade process.
+ int32 max_surge = 1;
+
+ // The maximum number of nodes that can be simultaneously unavailable during
+ // the upgrade process. A node is considered available if its status is
+ // Ready.
+ int32 max_unavailable = 2;
+ }
+
// The current status of the node pool instance.
enum Status {
// Not set.
@@ -2092,6 +2420,18 @@ message NodePool {
// firewall and routes quota.
int32 initial_node_count = 3;
+ // The list of Google Compute Engine
+ // [zones](https://cloud.google.com/compute/docs/zones#available) in which the
+ // NodePool's nodes should be located.
+ //
+ // If this value is unspecified during node pool creation, the
+ // [Cluster.Locations](https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1/projects.locations.clusters#Cluster.FIELDS.locations)
+ // value will be used, instead.
+ //
+ // Warning: changing node pool locations will result in nodes being added
+ // and/or removed.
+ repeated string locations = 13;
+
// [Output only] Server-defined URL for the resource.
string self_link = 100;
@@ -2106,9 +2446,10 @@ message NodePool {
// [Output only] The status of the nodes in this pool instance.
Status status = 103;
- // [Output only] Additional information about the current status of this
+ // [Output only] Deprecated. Use conditions instead.
+ // Additional information about the current status of this
// node pool instance, if available.
- string status_message = 104;
+ string status_message = 104 [deprecated = true];
// Autoscaler configuration for this NodePool. Autoscaler is enabled
// only if a valid configuration is present.
@@ -2126,6 +2467,9 @@ message NodePool {
// [Output only] The pod CIDR block size per node in this node pool.
int32 pod_ipv4_cidr_size = 7;
+
+ // Upgrade settings control disruption and speed of the upgrade.
+ UpgradeSettings upgrade_settings = 107;
}
// NodeManagement defines the set of node management services turned on for the
@@ -2167,7 +2511,7 @@ message MaintenancePolicy {
// A hash identifying the version of this policy, so that updates to fields of
// the policy won't accidentally undo intermediate changes (and so that users
// of the API unaware of some fields won't accidentally remove other fields).
- // Make a get()
request to the cluster to get the current
+ // Make a `get()` request to the cluster to get the current
// resource version and include it with requests to set the policy.
string resource_version = 3;
}
@@ -2209,25 +2553,30 @@ message RecurringTimeWindow {
// end time.
//
// For example, to have something repeat every weekday, you'd use:
- // FREQ=WEEKLY;BYDAY=MO,TU,WE,TH,FR
+ // `FREQ=WEEKLY;BYDAY=MO,TU,WE,TH,FR`
+ //
// To repeat some window daily (equivalent to the DailyMaintenanceWindow):
- // FREQ=DAILY
+ // `FREQ=DAILY`
+ //
// For the first weekend of every month:
- // FREQ=MONTHLY;BYSETPOS=1;BYDAY=SA,SU
+ // `FREQ=MONTHLY;BYSETPOS=1;BYDAY=SA,SU`
+ //
// This specifies how frequently the window starts. Eg, if you wanted to have
// a 9-5 UTC-4 window every weekday, you'd use something like:
- //
- // start time = 2019-01-01T09:00:00-0400
- // end time = 2019-01-01T17:00:00-0400
- // recurrence = FREQ=WEEKLY;BYDAY=MO,TU,WE,TH,FR
- //
+ // ```
+ // start time = 2019-01-01T09:00:00-0400
+ // end time = 2019-01-01T17:00:00-0400
+ // recurrence = FREQ=WEEKLY;BYDAY=MO,TU,WE,TH,FR
+ // ```
+ //
// Windows can span multiple days. Eg, to make the window encompass every
// weekend from midnight Saturday till the last minute of Sunday UTC:
- //
- // start time = 2019-01-05T00:00:00Z
- // end time = 2019-01-07T23:59:00Z
- // recurrence = FREQ=WEEKLY;BYDAY=SA
- //
+ // ```
+ // start time = 2019-01-05T00:00:00Z
+ // end time = 2019-01-07T23:59:00Z
+ // recurrence = FREQ=WEEKLY;BYDAY=SA
+ // ```
+ //
// Note the start and end time's specific dates are largely arbitrary except
// to specify duration of the window and when it first starts.
// The FREQ values of HOURLY, MINUTELY, and SECONDLY are not supported.
@@ -2257,9 +2606,9 @@ message SetNodePoolManagementRequest {
string project_id = 1 [deprecated = true];
// Deprecated. The name of the Google Compute Engine
- // [zone](https://cloud.google.com/compute/docs/zones#available) in which the cluster
- // resides.
- // This field has been deprecated and replaced by the name field.
+ // [zone](https://cloud.google.com/compute/docs/zones#available) in which the
+ // cluster resides. This field has been deprecated and replaced by the name
+ // field.
string zone = 2 [deprecated = true];
// Deprecated. The name of the cluster to update.
@@ -2288,9 +2637,9 @@ message SetNodePoolSizeRequest {
string project_id = 1 [deprecated = true];
// Deprecated. The name of the Google Compute Engine
- // [zone](https://cloud.google.com/compute/docs/zones#available) in which the cluster
- // resides.
- // This field has been deprecated and replaced by the name field.
+ // [zone](https://cloud.google.com/compute/docs/zones#available) in which the
+ // cluster resides. This field has been deprecated and replaced by the name
+ // field.
string zone = 2 [deprecated = true];
// Deprecated. The name of the cluster to update.
@@ -2320,9 +2669,9 @@ message RollbackNodePoolUpgradeRequest {
string project_id = 1 [deprecated = true];
// Deprecated. The name of the Google Compute Engine
- // [zone](https://cloud.google.com/compute/docs/zones#available) in which the cluster
- // resides.
- // This field has been deprecated and replaced by the name field.
+ // [zone](https://cloud.google.com/compute/docs/zones#available) in which the
+ // cluster resides. This field has been deprecated and replaced by the name
+ // field.
string zone = 2 [deprecated = true];
// Deprecated. The name of the cluster to rollback.
@@ -2361,21 +2710,60 @@ message ClusterAutoscaling {
// created by NAP.
AutoprovisioningNodePoolDefaults autoprovisioning_node_pool_defaults = 4;
- // The list of Google Compute Engine [zones](https://cloud.google.com/compute/docs/zones#available)
- // in which the NodePool's nodes can be created by NAP.
+ // The list of Google Compute Engine
+ // [zones](https://cloud.google.com/compute/docs/zones#available) in which the
+ // NodePool's nodes can be created by NAP.
repeated string autoprovisioning_locations = 5;
}
// AutoprovisioningNodePoolDefaults contains defaults for a node pool created
// by NAP.
message AutoprovisioningNodePoolDefaults {
- // Scopes that are used by NAP when creating node pools. If oauth_scopes are
- // specified, service_account should be empty.
+ // Scopes that are used by NAP when creating node pools.
repeated string oauth_scopes = 1;
- // The Google Cloud Platform Service Account to be used by the node VMs. If
- // service_account is specified, scopes should be empty.
+ // The Google Cloud Platform Service Account to be used by the node VMs.
string service_account = 2;
+
+ // Specifies the upgrade settings for NAP created node pools
+ NodePool.UpgradeSettings upgrade_settings = 3;
+
+ // Specifies the node management options for NAP created node-pools.
+ NodeManagement management = 4;
+
+ // Minimum CPU platform to be used for NAP created node pools.
+ // The instance may be scheduled on the specified or newer CPU platform.
+ // Applicable values are the friendly names of CPU platforms, such as
+ // minCpuPlatform: Intel Haswell or
+ // minCpuPlatform: Intel Sandy Bridge. For more
+ // information, read [how to specify min CPU
+ // platform](https://cloud.google.com/compute/docs/instances/specify-min-cpu-platform)
+ // To unset the min cpu platform field pass "automatic"
+ // as field value.
+ string min_cpu_platform = 5;
+
+ // Size of the disk attached to each node, specified in GB.
+ // The smallest allowed disk size is 10GB.
+ //
+ // If unspecified, the default disk size is 100GB.
+ int32 disk_size_gb = 6;
+
+ // Type of the disk attached to each node (e.g. 'pd-standard', 'pd-ssd' or
+ // 'pd-balanced')
+ //
+ // If unspecified, the default disk type is 'pd-standard'
+ string disk_type = 7;
+
+ // Shielded Instance options.
+ ShieldedInstanceConfig shielded_instance_config = 8;
+
+ // The Customer Managed Encryption Key used to encrypt the boot disk attached
+ // to each node in the node pool. This should be of the form
+ // projects/[KEY_PROJECT_ID]/locations/[LOCATION]/keyRings/[RING_NAME]/cryptoKeys/[KEY_NAME].
+ // For more information about protecting resources with Cloud KMS Keys please
+ // see:
+ // https://cloud.google.com/compute/docs/disks/customer-managed-encryption
+ string boot_disk_kms_key = 9;
}
// Contains information about amount of some resource in the cluster.
@@ -2419,9 +2807,9 @@ message SetLabelsRequest {
string project_id = 1 [deprecated = true];
// Deprecated. The name of the Google Compute Engine
- // [zone](https://cloud.google.com/compute/docs/zones#available) in which the cluster
- // resides.
- // This field has been deprecated and replaced by the name field.
+ // [zone](https://cloud.google.com/compute/docs/zones#available) in which the
+ // cluster resides. This field has been deprecated and replaced by the name
+ // field.
string zone = 2 [deprecated = true];
// Deprecated. The name of the cluster.
@@ -2435,7 +2823,7 @@ message SetLabelsRequest {
// used to detect conflicts. The fingerprint is initially generated by
// Kubernetes Engine and changes after every request to modify or update
// labels. You must always provide an up-to-date fingerprint hash when
- // updating or changing labels. Make a get()
request to the
+ // updating or changing labels. Make a `get()` request to the
// resource to get the latest fingerprint.
string label_fingerprint = 5 [(google.api.field_behavior) = REQUIRED];
@@ -2453,9 +2841,9 @@ message SetLegacyAbacRequest {
string project_id = 1 [deprecated = true];
// Deprecated. The name of the Google Compute Engine
- // [zone](https://cloud.google.com/compute/docs/zones#available) in which the cluster
- // resides.
- // This field has been deprecated and replaced by the name field.
+ // [zone](https://cloud.google.com/compute/docs/zones#available) in which the
+ // cluster resides. This field has been deprecated and replaced by the name
+ // field.
string zone = 2 [deprecated = true];
// Deprecated. The name of the cluster to update.
@@ -2479,9 +2867,9 @@ message StartIPRotationRequest {
string project_id = 1 [deprecated = true];
// Deprecated. The name of the Google Compute Engine
- // [zone](https://cloud.google.com/compute/docs/zones#available) in which the cluster
- // resides.
- // This field has been deprecated and replaced by the name field.
+ // [zone](https://cloud.google.com/compute/docs/zones#available) in which the
+ // cluster resides. This field has been deprecated and replaced by the name
+ // field.
string zone = 2 [deprecated = true];
// Deprecated. The name of the cluster.
@@ -2504,9 +2892,9 @@ message CompleteIPRotationRequest {
string project_id = 1 [deprecated = true];
// Deprecated. The name of the Google Compute Engine
- // [zone](https://cloud.google.com/compute/docs/zones#available) in which the cluster
- // resides.
- // This field has been deprecated and replaced by the name field.
+ // [zone](https://cloud.google.com/compute/docs/zones#available) in which the
+ // cluster resides. This field has been deprecated and replaced by the name
+ // field.
string zone = 2 [deprecated = true];
// Deprecated. The name of the cluster.
@@ -2528,6 +2916,31 @@ message AcceleratorConfig {
string accelerator_type = 2;
}
+// WorkloadMetadataConfig defines the metadata configuration to expose to
+// workloads on the node pool.
+message WorkloadMetadataConfig {
+ // Mode is the configuration for how to expose metadata to workloads running
+ // on the node.
+ enum Mode {
+ // Not set.
+ MODE_UNSPECIFIED = 0;
+
+ // Expose all Compute Engine metadata to pods.
+ GCE_METADATA = 1;
+
+ // Run the GKE Metadata Server on this node. The GKE Metadata Server exposes
+ // a metadata API to workloads that is compatible with the V1 Compute
+ // Metadata APIs exposed by the Compute Engine and App Engine Metadata
+ // Servers. This feature can only be enabled if Workload Identity is enabled
+ // at the cluster level.
+ GKE_METADATA = 2;
+ }
+
+ // Mode is the configuration for how to expose metadata to workloads running
+ // on the node pool.
+ Mode mode = 2;
+}
+
// SetNetworkPolicyRequest enables/disables network policy for a cluster.
message SetNetworkPolicyRequest {
// Deprecated. The Google Developers Console [project ID or project
@@ -2536,9 +2949,9 @@ message SetNetworkPolicyRequest {
string project_id = 1 [deprecated = true];
// Deprecated. The name of the Google Compute Engine
- // [zone](https://cloud.google.com/compute/docs/zones#available) in which the cluster
- // resides.
- // This field has been deprecated and replaced by the name field.
+ // [zone](https://cloud.google.com/compute/docs/zones#available) in which the
+ // cluster resides. This field has been deprecated and replaced by the name
+ // field.
string zone = 2 [deprecated = true];
// Deprecated. The name of the cluster.
@@ -2560,8 +2973,8 @@ message SetMaintenancePolicyRequest {
string project_id = 1 [(google.api.field_behavior) = REQUIRED];
// Required. The name of the Google Compute Engine
- // [zone](https://cloud.google.com/compute/docs/zones#available) in which the cluster
- // resides.
+ // [zone](https://cloud.google.com/compute/docs/zones#available) in which the
+ // cluster resides.
string zone = 2 [(google.api.field_behavior) = REQUIRED];
// Required. The name of the cluster to update.
@@ -2585,7 +2998,8 @@ message StatusCondition {
// UNKNOWN indicates a generic condition.
UNKNOWN = 0;
- // GCE_STOCKOUT indicates a Google Compute Engine stockout.
+ // GCE_STOCKOUT indicates that Google Compute Engine resources are
+ // temporarily unavailable.
GCE_STOCKOUT = 1;
// GKE_SERVICE_ACCOUNT_DELETED indicates that the user deleted their robot
@@ -2614,19 +3028,140 @@ message StatusCondition {
// NetworkConfig reports the relative names of network & subnetwork.
message NetworkConfig {
// Output only. The relative name of the Google Compute Engine
- // [network][google.container.v1.NetworkConfig.network](https://cloud.google.com/compute/docs/networks-and-firewalls#networks) to which
- // the cluster is connected.
- // Example: projects/my-project/global/networks/my-network
+ // [network][google.container.v1.NetworkConfig.network](https://cloud.google.com/compute/docs/networks-and-firewalls#networks)
+ // to which the cluster is connected. Example:
+ // projects/my-project/global/networks/my-network
string network = 1;
// Output only. The relative name of the Google Compute Engine
- // [subnetwork](https://cloud.google.com/compute/docs/vpc) to which the cluster is connected.
- // Example: projects/my-project/regions/us-central1/subnetworks/my-subnet
+ // [subnetwork](https://cloud.google.com/compute/docs/vpc) to which the
+ // cluster is connected. Example:
+ // projects/my-project/regions/us-central1/subnetworks/my-subnet
string subnetwork = 2;
// Whether Intra-node visibility is enabled for this cluster.
// This makes same node pod to pod traffic visible for VPC network.
bool enable_intra_node_visibility = 5;
+
+ // Whether the cluster disables default in-node sNAT rules. In-node sNAT rules
+ // will be disabled when default_snat_status is disabled. When disabled is set
+ // to false, default IP masquerade rules will be applied to the nodes to
+ // prevent sNAT on cluster internal traffic.
+ DefaultSnatStatus default_snat_status = 7;
+}
+
+// GetOpenIDConfigRequest gets the OIDC discovery document for the
+// cluster. See the OpenID Connect Discovery 1.0 specification for details.
+message GetOpenIDConfigRequest {
+ // The cluster (project, location, cluster id) to get the discovery document
+ // for. Specified in the format `projects/*/locations/*/clusters/*`.
+ string parent = 1;
+}
+
+// GetOpenIDConfigResponse is an OIDC discovery document for the cluster.
+// See the OpenID Connect Discovery 1.0 specification for details.
+message GetOpenIDConfigResponse {
+ // OIDC Issuer.
+ string issuer = 1;
+
+ // JSON Web Key uri.
+ string jwks_uri = 2;
+
+ // Supported response types.
+ repeated string response_types_supported = 3;
+
+ // Supported subject types.
+ repeated string subject_types_supported = 4;
+
+ // supported ID Token signing Algorithms.
+ repeated string id_token_signing_alg_values_supported = 5;
+
+ // Supported claims.
+ repeated string claims_supported = 6;
+
+ // Supported grant types.
+ repeated string grant_types = 7;
+}
+
+// GetJSONWebKeysRequest gets the public component of the keys used by the
+// cluster to sign token requests. This will be the jwks_uri for the discover
+// document returned by getOpenIDConfig. See the OpenID Connect
+// Discovery 1.0 specification for details.
+message GetJSONWebKeysRequest {
+ // The cluster (project, location, cluster id) to get keys for. Specified in
+ // the format `projects/*/locations/*/clusters/*`.
+ string parent = 1;
+}
+
+// Jwk is a JSON Web Key as specified in RFC 7517
+message Jwk {
+ // Key Type.
+ string kty = 1;
+
+ // Algorithm.
+ string alg = 2;
+
+ // Permitted uses for the public keys.
+ string use = 3;
+
+ // Key ID.
+ string kid = 4;
+
+ // Used for RSA keys.
+ string n = 5;
+
+ // Used for RSA keys.
+ string e = 6;
+
+ // Used for ECDSA keys.
+ string x = 7;
+
+ // Used for ECDSA keys.
+ string y = 8;
+
+ // Used for ECDSA keys.
+ string crv = 9;
+}
+
+// GetJSONWebKeysResponse is a valid JSON Web Key Set as specififed in rfc 7517
+message GetJSONWebKeysResponse {
+ // The public component of the keys used by the cluster to sign token
+ // requests.
+ repeated Jwk keys = 1;
+}
+
+// ReleaseChannel indicates which release channel a cluster is
+// subscribed to. Release channels are arranged in order of risk.
+//
+// When a cluster is subscribed to a release channel, Google maintains
+// both the master version and the node version. Node auto-upgrade
+// defaults to true and cannot be disabled.
+message ReleaseChannel {
+ // Possible values for 'channel'.
+ enum Channel {
+ // No channel specified.
+ UNSPECIFIED = 0;
+
+ // RAPID channel is offered on an early access basis for customers who want
+ // to test new releases.
+ //
+ // WARNING: Versions available in the RAPID Channel may be subject to
+ // unresolved issues with no known workaround and are not subject to any
+ // SLAs.
+ RAPID = 1;
+
+ // Clusters subscribed to REGULAR receive versions that are considered GA
+ // quality. REGULAR is intended for production users who want to take
+ // advantage of new features.
+ REGULAR = 2;
+
+ // Clusters subscribed to STABLE receive versions that are known to be
+ // stable and reliable in production.
+ STABLE = 3;
+ }
+
+ // channel specifies which release channel the cluster is subscribed to.
+ Channel channel = 1;
}
// IntraNodeVisibilityConfig contains the desired config of the intra-node
@@ -2642,6 +3177,13 @@ message MaxPodsConstraint {
int64 max_pods_per_node = 1;
}
+// Configuration for the use of Kubernetes Service Accounts in GCP IAM
+// policies.
+message WorkloadIdentityConfig {
+ // The workload pool to attach all Kubernetes service accounts to.
+ string workload_pool = 2;
+}
+
// Configuration of etcd encryption.
message DatabaseEncryption {
// State of etcd encryption.
@@ -2653,7 +3195,7 @@ message DatabaseEncryption {
ENCRYPTED = 1;
// Secrets in etcd are stored in plain text (at etcd level) - this is
- // unrelated to GCE level full disk encryption.
+ // unrelated to Compute Engine level full disk encryption.
DECRYPTED = 2;
}
@@ -2795,3 +3337,16 @@ message VerticalPodAutoscaling {
// Enables vertical pod autoscaling.
bool enabled = 1;
}
+
+// DefaultSnatStatus contains the desired state of whether default sNAT should
+// be disabled on the cluster.
+message DefaultSnatStatus {
+ // Disables cluster default sNAT rules.
+ bool disabled = 1;
+}
+
+// Configuration of Shielded Nodes feature.
+message ShieldedNodes {
+ // Whether Shielded Nodes features are enabled on all nodes in this cluster.
+ bool enabled = 1;
+}