google-cloud-container-v1 1.2.0 → 1.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -40,6 +40,9 @@ module Google
40
40
  # net.ipv4.tcp_rmem
41
41
  # net.ipv4.tcp_wmem
42
42
  # net.ipv4.tcp_tw_reuse
43
+ # kernel.shmmni
44
+ # kernel.shmmax
45
+ # kernel.shmall
43
46
  # @!attribute [rw] cgroup_mode
44
47
  # @return [::Google::Cloud::Container::V1::LinuxNodeConfig::CgroupMode]
45
48
  # cgroup_mode specifies the cgroup mode to be used on the node.
@@ -380,9 +383,22 @@ module Google
380
383
  # @!attribute [rw] secondary_boot_disks
381
384
  # @return [::Array<::Google::Cloud::Container::V1::SecondaryBootDisk>]
382
385
  # List of secondary boot disks attached to the nodes.
386
+ # @!attribute [rw] storage_pools
387
+ # @return [::Array<::String>]
388
+ # List of Storage Pools where boot disks are provisioned.
383
389
  # @!attribute [rw] secondary_boot_disk_update_strategy
384
390
  # @return [::Google::Cloud::Container::V1::SecondaryBootDiskUpdateStrategy]
385
391
  # Secondary boot disk update strategy.
392
+ # @!attribute [rw] local_ssd_encryption_mode
393
+ # @return [::Google::Cloud::Container::V1::NodeConfig::LocalSsdEncryptionMode]
394
+ # Specifies which method should be used for encrypting the
395
+ # Local SSDs attahced to the node.
396
+ # @!attribute [r] effective_cgroup_mode
397
+ # @return [::Google::Cloud::Container::V1::NodeConfig::EffectiveCgroupMode]
398
+ # Output only. effective_cgroup_mode is the cgroup mode actually used by the
399
+ # node pool. It is determined by the cgroup mode specified in the
400
+ # LinuxNodeConfig or the default cgroup mode based on the cluster creation
401
+ # version.
386
402
  class NodeConfig
387
403
  include ::Google::Protobuf::MessageExts
388
404
  extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -413,6 +429,41 @@ module Google
413
429
  include ::Google::Protobuf::MessageExts
414
430
  extend ::Google::Protobuf::MessageExts::ClassMethods
415
431
  end
432
+
433
+ # LocalSsdEncryptionMode specifies the method used for encrypting the Local
434
+ # SSDs attached to the node.
435
+ module LocalSsdEncryptionMode
436
+ # The given node will be encrypted using keys managed by Google
437
+ # infrastructure and the keys will be deleted when the node is
438
+ # deleted.
439
+ LOCAL_SSD_ENCRYPTION_MODE_UNSPECIFIED = 0
440
+
441
+ # The given node will be encrypted using keys managed by Google
442
+ # infrastructure and the keys will be deleted when the node is
443
+ # deleted.
444
+ STANDARD_ENCRYPTION = 1
445
+
446
+ # The given node will opt-in for using ephemeral key for
447
+ # encryption of Local SSDs.
448
+ # The Local SSDs will not be able to recover data in case of node
449
+ # crash.
450
+ EPHEMERAL_KEY_ENCRYPTION = 2
451
+ end
452
+
453
+ # Possible effective cgroup modes for the node.
454
+ module EffectiveCgroupMode
455
+ # EFFECTIVE_CGROUP_MODE_UNSPECIFIED means the cgroup configuration for the
456
+ # node pool is unspecified, i.e. the node pool is a Windows node pool.
457
+ EFFECTIVE_CGROUP_MODE_UNSPECIFIED = 0
458
+
459
+ # CGROUP_MODE_V1 means the node pool is configured to use cgroupv1 for the
460
+ # cgroup configuration.
461
+ EFFECTIVE_CGROUP_MODE_V1 = 1
462
+
463
+ # CGROUP_MODE_V2 means the node pool is configured to use cgroupv2 for the
464
+ # cgroup configuration.
465
+ EFFECTIVE_CGROUP_MODE_V2 = 2
466
+ end
416
467
  end
417
468
 
418
469
  # Specifies options for controlling advanced machine features.
@@ -475,7 +526,7 @@ module Google
475
526
  # @return [::Boolean]
476
527
  # Whether nodes have internal IP addresses only.
477
528
  # If enable_private_nodes is not specified, then the value is derived from
478
- # [cluster.privateClusterConfig.enablePrivateNodes][google.container.v1beta1.PrivateClusterConfig.enablePrivateNodes]
529
+ # [Cluster.NetworkConfig.default_enable_private_nodes][]
479
530
  # @!attribute [rw] network_performance_config
480
531
  # @return [::Google::Cloud::Container::V1::NodeNetworkConfig::NetworkPerformanceConfig]
481
532
  # Network bandwidth tier configuration.
@@ -868,7 +919,8 @@ module Google
868
919
  # @!attribute [r] client_certificate
869
920
  # @return [::String]
870
921
  # Output only. Base64-encoded public certificate used by clients to
871
- # authenticate to the cluster endpoint.
922
+ # authenticate to the cluster endpoint. Issued only if
923
+ # client_certificate_config is set.
872
924
  # @!attribute [r] client_key
873
925
  # @return [::String]
874
926
  # Output only. Base64-encoded private key used by clients to authenticate
@@ -937,6 +989,9 @@ module Google
937
989
  # @!attribute [rw] stateful_ha_config
938
990
  # @return [::Google::Cloud::Container::V1::StatefulHAConfig]
939
991
  # Optional. Configuration for the StatefulHA add-on.
992
+ # @!attribute [rw] parallelstore_csi_driver_config
993
+ # @return [::Google::Cloud::Container::V1::ParallelstoreCsiDriverConfig]
994
+ # Configuration for the Cloud Storage Parallelstore CSI driver.
940
995
  # @!attribute [rw] ray_operator_config
941
996
  # @return [::Google::Cloud::Container::V1::RayOperatorConfig]
942
997
  # Optional. Configuration for Ray Operator addon.
@@ -1010,13 +1065,24 @@ module Google
1010
1065
 
1011
1066
  # Configuration options for private clusters.
1012
1067
  # @!attribute [rw] enable_private_nodes
1068
+ # @deprecated This field is deprecated and may be removed in the next major version update.
1013
1069
  # @return [::Boolean]
1014
1070
  # Whether nodes have internal IP addresses only. If enabled, all nodes are
1015
1071
  # given only RFC 1918 private addresses and communicate with the master via
1016
1072
  # private networking.
1073
+ #
1074
+ # Deprecated: Use
1075
+ # {::Google::Cloud::Container::V1::NetworkConfig#default_enable_private_nodes NetworkConfig.default_enable_private_nodes}
1076
+ # instead.
1017
1077
  # @!attribute [rw] enable_private_endpoint
1078
+ # @deprecated This field is deprecated and may be removed in the next major version update.
1018
1079
  # @return [::Boolean]
1019
1080
  # Whether the master's internal IP address is used as the cluster endpoint.
1081
+ #
1082
+ # Deprecated: Use
1083
+ # {::Google::Cloud::Container::V1::ControlPlaneEndpointsConfig::IPEndpointsConfig#enable_public_endpoint ControlPlaneEndpointsConfig.IPEndpointsConfig.enable_public_endpoint}
1084
+ # instead. Note that the value of enable_public_endpoint is reversed: if
1085
+ # enable_private_endpoint is false, then enable_public_endpoint will be true.
1020
1086
  # @!attribute [rw] master_ipv4_cidr_block
1021
1087
  # @return [::String]
1022
1088
  # The IP range in CIDR notation to use for the hosted master network. This
@@ -1024,21 +1090,41 @@ module Google
1024
1090
  # set of masters, as well as the ILB VIP. This range must not overlap with
1025
1091
  # any other ranges in use within the cluster's network.
1026
1092
  # @!attribute [r] private_endpoint
1093
+ # @deprecated This field is deprecated and may be removed in the next major version update.
1027
1094
  # @return [::String]
1028
1095
  # Output only. The internal IP address of this cluster's master endpoint.
1096
+ #
1097
+ # Deprecated: Use
1098
+ # {::Google::Cloud::Container::V1::ControlPlaneEndpointsConfig::IPEndpointsConfig#private_endpoint ControlPlaneEndpointsConfig.IPEndpointsConfig.private_endpoint}
1099
+ # instead.
1029
1100
  # @!attribute [r] public_endpoint
1101
+ # @deprecated This field is deprecated and may be removed in the next major version update.
1030
1102
  # @return [::String]
1031
1103
  # Output only. The external IP address of this cluster's master endpoint.
1104
+ #
1105
+ # Deprecated:Use
1106
+ # {::Google::Cloud::Container::V1::ControlPlaneEndpointsConfig::IPEndpointsConfig#public_endpoint ControlPlaneEndpointsConfig.IPEndpointsConfig.public_endpoint}
1107
+ # instead.
1032
1108
  # @!attribute [r] peering_name
1033
1109
  # @return [::String]
1034
1110
  # Output only. The peering name in the customer VPC used by this cluster.
1035
1111
  # @!attribute [rw] master_global_access_config
1112
+ # @deprecated This field is deprecated and may be removed in the next major version update.
1036
1113
  # @return [::Google::Cloud::Container::V1::PrivateClusterMasterGlobalAccessConfig]
1037
1114
  # Controls master global access settings.
1115
+ #
1116
+ # Deprecated: Use
1117
+ # [ControlPlaneEndpointsConfig.IPEndpointsConfig.enable_global_access][]
1118
+ # instead.
1038
1119
  # @!attribute [rw] private_endpoint_subnetwork
1120
+ # @deprecated This field is deprecated and may be removed in the next major version update.
1039
1121
  # @return [::String]
1040
1122
  # Subnet to provision the master's private endpoint during cluster creation.
1041
1123
  # Specified in projects/*/regions/*/subnetworks/* format.
1124
+ #
1125
+ # Deprecated: Use
1126
+ # {::Google::Cloud::Container::V1::ControlPlaneEndpointsConfig::IPEndpointsConfig#private_endpoint_subnetwork ControlPlaneEndpointsConfig.IPEndpointsConfig.private_endpoint_subnetwork}
1127
+ # instead.
1042
1128
  class PrivateClusterConfig
1043
1129
  include ::Google::Protobuf::MessageExts
1044
1130
  extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -1118,6 +1204,16 @@ module Google
1118
1204
  extend ::Google::Protobuf::MessageExts::ClassMethods
1119
1205
  end
1120
1206
 
1207
+ # Configuration for the Cloud Storage Parallelstore CSI driver.
1208
+ # @!attribute [rw] enabled
1209
+ # @return [::Boolean]
1210
+ # Whether the Cloud Storage Parallelstore CSI driver is enabled for this
1211
+ # cluster.
1212
+ class ParallelstoreCsiDriverConfig
1213
+ include ::Google::Protobuf::MessageExts
1214
+ extend ::Google::Protobuf::MessageExts::ClassMethods
1215
+ end
1216
+
1121
1217
  # Configuration options for the Ray Operator add-on.
1122
1218
  # @!attribute [rw] enabled
1123
1219
  # @return [::Boolean]
@@ -1165,6 +1261,9 @@ module Google
1165
1261
  # @!attribute [rw] gcp_public_cidrs_access_enabled
1166
1262
  # @return [::Boolean]
1167
1263
  # Whether master is accessbile via Google Compute Engine Public IP addresses.
1264
+ # @!attribute [rw] private_endpoint_enforcement_enabled
1265
+ # @return [::Boolean]
1266
+ # Whether master authorized networks is enforced on private endpoint or not.
1168
1267
  class MasterAuthorizedNetworksConfig
1169
1268
  include ::Google::Protobuf::MessageExts
1170
1269
  extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -1556,8 +1655,13 @@ module Google
1556
1655
  # @return [::Google::Cloud::Container::V1::IPAllocationPolicy]
1557
1656
  # Configuration for cluster IP allocation.
1558
1657
  # @!attribute [rw] master_authorized_networks_config
1658
+ # @deprecated This field is deprecated and may be removed in the next major version update.
1559
1659
  # @return [::Google::Cloud::Container::V1::MasterAuthorizedNetworksConfig]
1560
1660
  # The configuration options for master authorized networks feature.
1661
+ #
1662
+ # Deprecated: Use
1663
+ # {::Google::Cloud::Container::V1::ControlPlaneEndpointsConfig::IPEndpointsConfig#authorized_networks_config ControlPlaneEndpointsConfig.IPEndpointsConfig.authorized_networks_config}
1664
+ # instead.
1561
1665
  # @!attribute [rw] maintenance_policy
1562
1666
  # @return [::Google::Cloud::Container::V1::MaintenancePolicy]
1563
1667
  # Configure the maintenance policy for this cluster.
@@ -1754,18 +1858,34 @@ module Google
1754
1858
  # @!attribute [rw] security_posture_config
1755
1859
  # @return [::Google::Cloud::Container::V1::SecurityPostureConfig]
1756
1860
  # Enable/Disable Security Posture API features for the cluster.
1861
+ # @!attribute [rw] control_plane_endpoints_config
1862
+ # @return [::Google::Cloud::Container::V1::ControlPlaneEndpointsConfig]
1863
+ # Configuration for all cluster's control plane endpoints.
1757
1864
  # @!attribute [rw] enable_k8s_beta_apis
1758
1865
  # @return [::Google::Cloud::Container::V1::K8sBetaAPIConfig]
1759
1866
  # Beta APIs Config
1760
1867
  # @!attribute [rw] enterprise_config
1761
1868
  # @return [::Google::Cloud::Container::V1::EnterpriseConfig]
1762
1869
  # GKE Enterprise Configuration.
1870
+ # @!attribute [rw] secret_manager_config
1871
+ # @return [::Google::Cloud::Container::V1::SecretManagerConfig]
1872
+ # Secret CSI driver configuration.
1873
+ # @!attribute [rw] compliance_posture_config
1874
+ # @return [::Google::Cloud::Container::V1::CompliancePostureConfig]
1875
+ # Enable/Disable Compliance Posture features for the cluster.
1763
1876
  # @!attribute [r] satisfies_pzs
1764
1877
  # @return [::Boolean]
1765
1878
  # Output only. Reserved for future use.
1766
1879
  # @!attribute [r] satisfies_pzi
1767
1880
  # @return [::Boolean]
1768
1881
  # Output only. Reserved for future use.
1882
+ # @!attribute [rw] user_managed_keys_config
1883
+ # @return [::Google::Cloud::Container::V1::UserManagedKeysConfig]
1884
+ # The Custom keys configuration for the cluster.
1885
+ # @!attribute [rw] rbac_binding_config
1886
+ # @return [::Google::Cloud::Container::V1::RBACBindingConfig]
1887
+ # RBACBindingConfig allows user to restrict ClusterRoleBindings an
1888
+ # RoleBindings that can be created.
1769
1889
  class Cluster
1770
1890
  include ::Google::Protobuf::MessageExts
1771
1891
  extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -1809,6 +1929,100 @@ module Google
1809
1929
  end
1810
1930
  end
1811
1931
 
1932
+ # RBACBindingConfig allows user to restrict ClusterRoleBindings an RoleBindings
1933
+ # that can be created.
1934
+ # @!attribute [rw] enable_insecure_binding_system_unauthenticated
1935
+ # @return [::Boolean]
1936
+ # Setting this to true will allow any ClusterRoleBinding and RoleBinding
1937
+ # with subjets system:anonymous or system:unauthenticated.
1938
+ # @!attribute [rw] enable_insecure_binding_system_authenticated
1939
+ # @return [::Boolean]
1940
+ # Setting this to true will allow any ClusterRoleBinding and RoleBinding
1941
+ # with subjects system:authenticated.
1942
+ class RBACBindingConfig
1943
+ include ::Google::Protobuf::MessageExts
1944
+ extend ::Google::Protobuf::MessageExts::ClassMethods
1945
+ end
1946
+
1947
+ # UserManagedKeysConfig holds the resource address to Keys which are used
1948
+ # for signing certs and token that are used for communication within cluster.
1949
+ # @!attribute [rw] cluster_ca
1950
+ # @return [::String]
1951
+ # The Certificate Authority Service caPool to use for the cluster CA in this
1952
+ # cluster.
1953
+ # @!attribute [rw] etcd_api_ca
1954
+ # @return [::String]
1955
+ # Resource path of the Certificate Authority Service caPool to use for the
1956
+ # etcd API CA in this cluster.
1957
+ # @!attribute [rw] etcd_peer_ca
1958
+ # @return [::String]
1959
+ # Resource path of the Certificate Authority Service caPool to use for the
1960
+ # etcd peer CA in this cluster.
1961
+ # @!attribute [rw] service_account_signing_keys
1962
+ # @return [::Array<::String>]
1963
+ # The Cloud KMS cryptoKeyVersions to use for signing service account JWTs
1964
+ # issued by this cluster.
1965
+ #
1966
+ # Format:
1967
+ # `projects/{project}/locations/{location}/keyRings/{keyring}/cryptoKeys/{cryptoKey}/cryptoKeyVersions/{cryptoKeyVersion}`
1968
+ # @!attribute [rw] service_account_verification_keys
1969
+ # @return [::Array<::String>]
1970
+ # The Cloud KMS cryptoKeyVersions to use for verifying service account JWTs
1971
+ # issued by this cluster.
1972
+ #
1973
+ # Format:
1974
+ # `projects/{project}/locations/{location}/keyRings/{keyring}/cryptoKeys/{cryptoKey}/cryptoKeyVersions/{cryptoKeyVersion}`
1975
+ # @!attribute [rw] aggregation_ca
1976
+ # @return [::String]
1977
+ # The Certificate Authority Service caPool to use for the aggregation CA in
1978
+ # this cluster.
1979
+ # @!attribute [rw] control_plane_disk_encryption_key
1980
+ # @return [::String]
1981
+ # The Cloud KMS cryptoKey to use for Confidential Hyperdisk on the control
1982
+ # plane nodes.
1983
+ # @!attribute [rw] gkeops_etcd_backup_encryption_key
1984
+ # @return [::String]
1985
+ # Resource path of the Cloud KMS cryptoKey to use for encryption of internal
1986
+ # etcd backups.
1987
+ class UserManagedKeysConfig
1988
+ include ::Google::Protobuf::MessageExts
1989
+ extend ::Google::Protobuf::MessageExts::ClassMethods
1990
+ end
1991
+
1992
+ # CompliancePostureConfig defines the settings needed to enable/disable
1993
+ # features for the Compliance Posture.
1994
+ # @!attribute [rw] mode
1995
+ # @return [::Google::Cloud::Container::V1::CompliancePostureConfig::Mode]
1996
+ # Defines the enablement mode for Compliance Posture.
1997
+ # @!attribute [rw] compliance_standards
1998
+ # @return [::Array<::Google::Cloud::Container::V1::CompliancePostureConfig::ComplianceStandard>]
1999
+ # List of enabled compliance standards.
2000
+ class CompliancePostureConfig
2001
+ include ::Google::Protobuf::MessageExts
2002
+ extend ::Google::Protobuf::MessageExts::ClassMethods
2003
+
2004
+ # Defines the details of a compliance standard.
2005
+ # @!attribute [rw] standard
2006
+ # @return [::String]
2007
+ # Name of the compliance standard.
2008
+ class ComplianceStandard
2009
+ include ::Google::Protobuf::MessageExts
2010
+ extend ::Google::Protobuf::MessageExts::ClassMethods
2011
+ end
2012
+
2013
+ # Mode defines enablement mode for Compliance Posture.
2014
+ module Mode
2015
+ # Default value not specified.
2016
+ MODE_UNSPECIFIED = 0
2017
+
2018
+ # Disables Compliance Posture features on the cluster.
2019
+ DISABLED = 1
2020
+
2021
+ # Enables Compliance Posture features on the cluster.
2022
+ ENABLED = 2
2023
+ end
2024
+ end
2025
+
1812
2026
  # K8sBetaAPIConfig , configuration for beta APIs
1813
2027
  # @!attribute [rw] enabled_apis
1814
2028
  # @return [::Array<::String>]
@@ -1879,6 +2093,9 @@ module Google
1879
2093
  # NodeKubeletConfig controls the defaults for autoprovisioned node-pools.
1880
2094
  #
1881
2095
  # Currently only `insecure_kubelet_readonly_port_enabled` can be set here.
2096
+ # @!attribute [r] linux_node_config
2097
+ # @return [::Google::Cloud::Container::V1::LinuxNodeConfig]
2098
+ # Output only. Configuration options for Linux nodes.
1882
2099
  class NodePoolAutoConfig
1883
2100
  include ::Google::Protobuf::MessageExts
1884
2101
  extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -1991,8 +2208,13 @@ module Google
1991
2208
  # Warning: changing cluster locations will update the locations of all node
1992
2209
  # pools and will result in nodes being added and/or removed.
1993
2210
  # @!attribute [rw] desired_master_authorized_networks_config
2211
+ # @deprecated This field is deprecated and may be removed in the next major version update.
1994
2212
  # @return [::Google::Cloud::Container::V1::MasterAuthorizedNetworksConfig]
1995
2213
  # The desired configuration options for master authorized networks feature.
2214
+ #
2215
+ # Deprecated: Use
2216
+ # desired_control_plane_endpoints_config.ip_endpoints_config.authorized_networks_config
2217
+ # instead.
1996
2218
  # @!attribute [rw] desired_cluster_autoscaling
1997
2219
  # @return [::Google::Cloud::Container::V1::ClusterAutoscaling]
1998
2220
  # Cluster-level autoscaling configuration.
@@ -2019,6 +2241,7 @@ module Google
2019
2241
  # @return [::Google::Cloud::Container::V1::VerticalPodAutoscaling]
2020
2242
  # Cluster-level Vertical Pod Autoscaling configuration.
2021
2243
  # @!attribute [rw] desired_private_cluster_config
2244
+ # @deprecated This field is deprecated and may be removed in the next major version update.
2022
2245
  # @return [::Google::Cloud::Container::V1::PrivateClusterConfig]
2023
2246
  # The desired private cluster configuration. master_global_access_config is
2024
2247
  # the only field that can be changed via this field.
@@ -2026,6 +2249,10 @@ module Google
2026
2249
  # {::Google::Cloud::Container::V1::ClusterUpdate#desired_enable_private_endpoint ClusterUpdate.desired_enable_private_endpoint}
2027
2250
  # for modifying other fields within
2028
2251
  # {::Google::Cloud::Container::V1::PrivateClusterConfig PrivateClusterConfig}.
2252
+ #
2253
+ # Deprecated: Use
2254
+ # desired_control_plane_endpoints_config.ip_endpoints_config.global_access
2255
+ # instead.
2029
2256
  # @!attribute [rw] desired_intra_node_visibility_config
2030
2257
  # @return [::Google::Cloud::Container::V1::IntraNodeVisibilityConfig]
2031
2258
  # The desired config of Intra-node visibility.
@@ -2064,8 +2291,24 @@ module Google
2064
2291
  # ServiceExternalIPsConfig specifies the config for the use of Services with
2065
2292
  # ExternalIPs field.
2066
2293
  # @!attribute [rw] desired_enable_private_endpoint
2294
+ # @deprecated This field is deprecated and may be removed in the next major version update.
2067
2295
  # @return [::Boolean]
2068
2296
  # Enable/Disable private endpoint for the cluster's master.
2297
+ #
2298
+ # Deprecated: Use
2299
+ # desired_control_plane_endpoints_config.ip_endpoints_config.enable_public_endpoint
2300
+ # instead. Note that the value of enable_public_endpoint is reversed: if
2301
+ # enable_private_endpoint is false, then enable_public_endpoint will be true.
2302
+ # @!attribute [rw] desired_default_enable_private_nodes
2303
+ # @return [::Boolean]
2304
+ # Override the default setting of whether future created
2305
+ # nodes have private IP addresses only, namely
2306
+ # {::Google::Cloud::Container::V1::NetworkConfig#default_enable_private_nodes NetworkConfig.default_enable_private_nodes}
2307
+ # @!attribute [rw] desired_control_plane_endpoints_config
2308
+ # @return [::Google::Cloud::Container::V1::ControlPlaneEndpointsConfig]
2309
+ # [Control plane
2310
+ # endpoints][google.container.v1.Cluster.control_plane_endpoints_config]
2311
+ # configuration.
2069
2312
  # @!attribute [rw] desired_master_version
2070
2313
  # @return [::String]
2071
2314
  # The Kubernetes version to change the master to.
@@ -2147,6 +2390,12 @@ module Google
2147
2390
  # @!attribute [rw] desired_enable_cilium_clusterwide_network_policy
2148
2391
  # @return [::Boolean]
2149
2392
  # Enable/Disable Cilium Clusterwide Network Policy for the cluster.
2393
+ # @!attribute [rw] desired_secret_manager_config
2394
+ # @return [::Google::Cloud::Container::V1::SecretManagerConfig]
2395
+ # Enable/Disable Secret Manager Config.
2396
+ # @!attribute [rw] desired_compliance_posture_config
2397
+ # @return [::Google::Cloud::Container::V1::CompliancePostureConfig]
2398
+ # Enable/Disable Compliance Posture features for the cluster.
2150
2399
  # @!attribute [rw] desired_node_kubelet_config
2151
2400
  # @return [::Google::Cloud::Container::V1::NodeKubeletConfig]
2152
2401
  # The desired node kubelet config for the cluster.
@@ -2154,6 +2403,22 @@ module Google
2154
2403
  # @return [::Google::Cloud::Container::V1::NodeKubeletConfig]
2155
2404
  # The desired node kubelet config for all auto-provisioned node pools
2156
2405
  # in autopilot clusters and node auto-provisioning enabled clusters.
2406
+ # @!attribute [rw] user_managed_keys_config
2407
+ # @return [::Google::Cloud::Container::V1::UserManagedKeysConfig]
2408
+ # The Custom keys configuration for the cluster.
2409
+ # @!attribute [rw] desired_rbac_binding_config
2410
+ # @return [::Google::Cloud::Container::V1::RBACBindingConfig]
2411
+ # RBACBindingConfig allows user to restrict ClusterRoleBindings an
2412
+ # RoleBindings that can be created.
2413
+ # @!attribute [rw] desired_enterprise_config
2414
+ # @return [::Google::Cloud::Container::V1::DesiredEnterpriseConfig]
2415
+ # The desired enterprise configuration for the cluster.
2416
+ # @!attribute [rw] desired_node_pool_auto_config_linux_node_config
2417
+ # @return [::Google::Cloud::Container::V1::LinuxNodeConfig]
2418
+ # The desired Linux node config for all auto-provisioned node pools
2419
+ # in autopilot clusters and node auto-provisioning enabled clusters.
2420
+ #
2421
+ # Currently only `cgroup_mode` can be set here.
2157
2422
  class ClusterUpdate
2158
2423
  include ::Google::Protobuf::MessageExts
2159
2424
  extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -2184,6 +2449,15 @@ module Google
2184
2449
  extend ::Google::Protobuf::MessageExts::ClassMethods
2185
2450
  end
2186
2451
 
2452
+ # DesiredEnterpriseConfig is a wrapper used for updating enterprise_config.
2453
+ # @!attribute [rw] desired_tier
2454
+ # @return [::Google::Cloud::Container::V1::EnterpriseConfig::ClusterTier]
2455
+ # desired_tier specifies the desired tier of the cluster.
2456
+ class DesiredEnterpriseConfig
2457
+ include ::Google::Protobuf::MessageExts
2458
+ extend ::Google::Protobuf::MessageExts::ClassMethods
2459
+ end
2460
+
2187
2461
  # This operation resource represents operations that may have happened or are
2188
2462
  # happening on the cluster. All fields are output only.
2189
2463
  # @!attribute [r] name
@@ -2686,6 +2960,10 @@ module Google
2686
2960
  # @!attribute [rw] queued_provisioning
2687
2961
  # @return [::Google::Cloud::Container::V1::NodePool::QueuedProvisioning]
2688
2962
  # Specifies the configuration of queued provisioning.
2963
+ # @!attribute [rw] storage_pools
2964
+ # @return [::Array<::String>]
2965
+ # List of Storage Pools where boot disks are provisioned.
2966
+ # Existing Storage Pools will be replaced with storage-pools.
2689
2967
  class UpdateNodePoolRequest
2690
2968
  include ::Google::Protobuf::MessageExts
2691
2969
  extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -3186,6 +3464,9 @@ module Google
3186
3464
  # @!attribute [rw] valid_versions
3187
3465
  # @return [::Array<::String>]
3188
3466
  # List of valid versions for the channel.
3467
+ # @!attribute [rw] upgrade_target_version
3468
+ # @return [::String]
3469
+ # The auto upgrade target version for clusters on the channel.
3189
3470
  class ReleaseChannelConfig
3190
3471
  include ::Google::Protobuf::MessageExts
3191
3472
  extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -4113,11 +4394,11 @@ module Google
4113
4394
  # Is autoscaling enabled for this node pool.
4114
4395
  # @!attribute [rw] min_node_count
4115
4396
  # @return [::Integer]
4116
- # Minimum number of nodes for one location in the NodePool. Must be >= 1 and
4117
- # <= max_node_count.
4397
+ # Minimum number of nodes for one location in the node pool. Must be greater
4398
+ # than or equal to 0 and less than or equal to max_node_count.
4118
4399
  # @!attribute [rw] max_node_count
4119
4400
  # @return [::Integer]
4120
- # Maximum number of nodes for one location in the NodePool. Must be >=
4401
+ # Maximum number of nodes for one location in the node pool. Must be >=
4121
4402
  # min_node_count. There has to be enough quota to scale up the cluster.
4122
4403
  # @!attribute [rw] autoprovisioned
4123
4404
  # @return [::Boolean]
@@ -4127,13 +4408,13 @@ module Google
4127
4408
  # Location policy used when scaling up a nodepool.
4128
4409
  # @!attribute [rw] total_min_node_count
4129
4410
  # @return [::Integer]
4130
- # Minimum number of nodes in the node pool. Must be greater than 1 less than
4131
- # total_max_node_count.
4411
+ # Minimum number of nodes in the node pool. Must be greater than or equal
4412
+ # to 0 and less than or equal to total_max_node_count.
4132
4413
  # The total_*_node_count fields are mutually exclusive with the *_node_count
4133
4414
  # fields.
4134
4415
  # @!attribute [rw] total_max_node_count
4135
4416
  # @return [::Integer]
4136
- # Maximum number of nodes in the node pool. Must be greater than
4417
+ # Maximum number of nodes in the node pool. Must be greater than or equal to
4137
4418
  # total_min_node_count. There has to be enough quota to scale up the cluster.
4138
4419
  # The total_*_node_count fields are mutually exclusive with the *_node_count
4139
4420
  # fields.
@@ -4565,6 +4846,13 @@ module Google
4565
4846
  # @!attribute [rw] enable_cilium_clusterwide_network_policy
4566
4847
  # @return [::Boolean]
4567
4848
  # Whether CiliumClusterwideNetworkPolicy is enabled on this cluster.
4849
+ # @!attribute [rw] default_enable_private_nodes
4850
+ # @return [::Boolean]
4851
+ # Controls whether by default nodes have private IP addresses only.
4852
+ # It is invalid to specify both [PrivateClusterConfig.enablePrivateNodes][]
4853
+ # and this field at the same time.
4854
+ # To update the default setting, use
4855
+ # {::Google::Cloud::Container::V1::ClusterUpdate#desired_default_enable_private_nodes ClusterUpdate.desired_default_enable_private_nodes}
4568
4856
  class NetworkConfig
4569
4857
  include ::Google::Protobuf::MessageExts
4570
4858
  extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -5312,6 +5600,59 @@ module Google
5312
5600
  extend ::Google::Protobuf::MessageExts::ClassMethods
5313
5601
  end
5314
5602
 
5603
+ # UpgradeInfoEvent is a notification sent to customers about the upgrade
5604
+ # information of a resource.
5605
+ # @!attribute [rw] resource_type
5606
+ # @return [::Google::Cloud::Container::V1::UpgradeResourceType]
5607
+ # The resource type associated with the upgrade.
5608
+ # @!attribute [rw] operation
5609
+ # @return [::String]
5610
+ # The operation associated with this upgrade.
5611
+ # @!attribute [rw] start_time
5612
+ # @return [::Google::Protobuf::Timestamp]
5613
+ # The time when the operation was started.
5614
+ # @!attribute [rw] end_time
5615
+ # @return [::Google::Protobuf::Timestamp]
5616
+ # The time when the operation ended.
5617
+ # @!attribute [rw] current_version
5618
+ # @return [::String]
5619
+ # The current version before the upgrade.
5620
+ # @!attribute [rw] target_version
5621
+ # @return [::String]
5622
+ # The target version for the upgrade.
5623
+ # @!attribute [rw] resource
5624
+ # @return [::String]
5625
+ # Optional relative path to the resource. For example in node pool upgrades,
5626
+ # the relative path of the node pool.
5627
+ # @!attribute [r] state
5628
+ # @return [::Google::Cloud::Container::V1::UpgradeInfoEvent::State]
5629
+ # Output only. The state of the upgrade.
5630
+ # @!attribute [rw] description
5631
+ # @return [::String]
5632
+ # A brief description of the event.
5633
+ class UpgradeInfoEvent
5634
+ include ::Google::Protobuf::MessageExts
5635
+ extend ::Google::Protobuf::MessageExts::ClassMethods
5636
+
5637
+ # The state of the upgrade.
5638
+ module State
5639
+ # STATE_UNSPECIFIED indicates the state is unspecified.
5640
+ STATE_UNSPECIFIED = 0
5641
+
5642
+ # STARTED indicates the upgrade has started.
5643
+ STARTED = 3
5644
+
5645
+ # SUCCEEDED indicates the upgrade has completed successfully.
5646
+ SUCCEEDED = 4
5647
+
5648
+ # FAILED indicates the upgrade has failed.
5649
+ FAILED = 5
5650
+
5651
+ # CANCELED indicates the upgrade has canceled.
5652
+ CANCELED = 6
5653
+ end
5654
+ end
5655
+
5315
5656
  # UpgradeAvailableEvent is a notification sent to customers when a new
5316
5657
  # available version is released.
5317
5658
  # @!attribute [rw] version
@@ -5436,6 +5777,12 @@ module Google
5436
5777
 
5437
5778
  # kube-controller-manager
5438
5779
  CONTROLLER_MANAGER = 5
5780
+
5781
+ # kcp-sshd
5782
+ KCP_SSHD = 7
5783
+
5784
+ # kcp connection logs
5785
+ KCP_CONNECTION = 8
5439
5786
  end
5440
5787
  end
5441
5788
 
@@ -5620,6 +5967,79 @@ module Google
5620
5967
  extend ::Google::Protobuf::MessageExts::ClassMethods
5621
5968
  end
5622
5969
 
5970
+ # Configuration for all of the cluster's control plane endpoints.
5971
+ # @!attribute [rw] dns_endpoint_config
5972
+ # @return [::Google::Cloud::Container::V1::ControlPlaneEndpointsConfig::DNSEndpointConfig]
5973
+ # DNS endpoint configuration.
5974
+ # @!attribute [rw] ip_endpoints_config
5975
+ # @return [::Google::Cloud::Container::V1::ControlPlaneEndpointsConfig::IPEndpointsConfig]
5976
+ # IP endpoints configuration.
5977
+ class ControlPlaneEndpointsConfig
5978
+ include ::Google::Protobuf::MessageExts
5979
+ extend ::Google::Protobuf::MessageExts::ClassMethods
5980
+
5981
+ # Describes the configuration of a DNS endpoint.
5982
+ # @!attribute [r] endpoint
5983
+ # @return [::String]
5984
+ # Output only. The cluster's DNS endpoint configuration.
5985
+ # A DNS format address. This is accessible from the public internet.
5986
+ # Ex: uid.us-central1.gke.goog.
5987
+ # Always present, but the behavior may change according to the value of
5988
+ # {::Google::Cloud::Container::V1::ControlPlaneEndpointsConfig::DNSEndpointConfig#allow_external_traffic DNSEndpointConfig.allow_external_traffic}.
5989
+ # @!attribute [rw] allow_external_traffic
5990
+ # @return [::Boolean]
5991
+ # Controls whether user traffic is allowed over this endpoint. Note that
5992
+ # GCP-managed services may still use the endpoint even if this is false.
5993
+ class DNSEndpointConfig
5994
+ include ::Google::Protobuf::MessageExts
5995
+ extend ::Google::Protobuf::MessageExts::ClassMethods
5996
+ end
5997
+
5998
+ # IP endpoints configuration.
5999
+ # @!attribute [rw] enabled
6000
+ # @return [::Boolean]
6001
+ # Controls whether to allow direct IP access.
6002
+ # @!attribute [rw] enable_public_endpoint
6003
+ # @return [::Boolean]
6004
+ # Controls whether the control plane allows access through a public IP.
6005
+ # It is invalid to specify both
6006
+ # [PrivateClusterConfig.enablePrivateEndpoint][] and this field at the same
6007
+ # time.
6008
+ # @!attribute [rw] global_access
6009
+ # @return [::Boolean]
6010
+ # Controls whether the control plane's private endpoint is accessible from
6011
+ # sources in other regions.
6012
+ # It is invalid to specify both
6013
+ # {::Google::Cloud::Container::V1::PrivateClusterMasterGlobalAccessConfig#enabled PrivateClusterMasterGlobalAccessConfig.enabled}
6014
+ # and this field at the same time.
6015
+ # @!attribute [rw] authorized_networks_config
6016
+ # @return [::Google::Cloud::Container::V1::MasterAuthorizedNetworksConfig]
6017
+ # Configuration of authorized networks. If enabled, restricts access to the
6018
+ # control plane based on source IP.
6019
+ # It is invalid to specify both
6020
+ # [Cluster.masterAuthorizedNetworksConfig][] and this field at the same
6021
+ # time.
6022
+ # @!attribute [r] public_endpoint
6023
+ # @return [::String]
6024
+ # Output only. The external IP address of this cluster's control plane.
6025
+ # Only populated if enabled.
6026
+ # @!attribute [r] private_endpoint
6027
+ # @return [::String]
6028
+ # Output only. The internal IP address of this cluster's control plane.
6029
+ # Only populated if enabled.
6030
+ # @!attribute [rw] private_endpoint_subnetwork
6031
+ # @return [::String]
6032
+ # Subnet to provision the master's private endpoint during cluster
6033
+ # creation. Specified in projects/*/regions/*/subnetworks/* format. It is
6034
+ # invalid to specify both
6035
+ # [PrivateClusterConfig.privateEndpointSubnetwork][] and this field at the
6036
+ # same time.
6037
+ class IPEndpointsConfig
6038
+ include ::Google::Protobuf::MessageExts
6039
+ extend ::Google::Protobuf::MessageExts::ClassMethods
6040
+ end
6041
+ end
6042
+
5623
6043
  # LocalNvmeSsdBlockConfig contains configuration for using raw-block local
5624
6044
  # NVMe SSDs
5625
6045
  # @!attribute [rw] local_ssd_count
@@ -5701,7 +6121,10 @@ module Google
5701
6121
  # EnterpriseConfig is the cluster enterprise configuration.
5702
6122
  # @!attribute [r] cluster_tier
5703
6123
  # @return [::Google::Cloud::Container::V1::EnterpriseConfig::ClusterTier]
5704
- # Output only. cluster_tier specifies the premium tier of the cluster.
6124
+ # Output only. cluster_tier indicates the effective tier of the cluster.
6125
+ # @!attribute [rw] desired_tier
6126
+ # @return [::Google::Cloud::Container::V1::EnterpriseConfig::ClusterTier]
6127
+ # desired_tier specifies the desired tier of the cluster.
5705
6128
  class EnterpriseConfig
5706
6129
  include ::Google::Protobuf::MessageExts
5707
6130
  extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -5719,6 +6142,15 @@ module Google
5719
6142
  end
5720
6143
  end
5721
6144
 
6145
+ # SecretManagerConfig is config for secret manager enablement.
6146
+ # @!attribute [rw] enabled
6147
+ # @return [::Boolean]
6148
+ # Enable/Disable Secret Manager Config.
6149
+ class SecretManagerConfig
6150
+ include ::Google::Protobuf::MessageExts
6151
+ extend ::Google::Protobuf::MessageExts::ClassMethods
6152
+ end
6153
+
5722
6154
  # SecondaryBootDisk represents a persistent disk attached to a node
5723
6155
  # with special configurations based on its mode.
5724
6156
  # @!attribute [rw] mode