From 17f0a29401ffeaafca6166f9f6169a83c00b145a Mon Sep 17 00:00:00 2001 From: Yoshi Automation Bot Date: Mon, 30 Nov 2020 08:55:43 -0800 Subject: [PATCH 1/4] feat: sync v1beta1 GKE API; deprecate SetLocations and use UpdateCluster; support for sysctls config in Linux nodes; support for node kubelet config controlling CPU manager policy, CFS quota; support for Customer Managed Encryption PiperOrigin-RevId: 344443035 Source-Author: Google APIs Source-Date: Thu Nov 26 11:27:06 2020 -0800 Source-Repo: googleapis/googleapis Source-Sha: df4fd38d040c5c8a0869936205bca13fb64b2cff Source-Link: https://github.com/googleapis/googleapis/commit/df4fd38d040c5c8a0869936205bca13fb64b2cff --- google/cloud/container_v1beta1/__init__.py | 54 + .../proto/cluster_service.proto | 1281 ++++++++++++--- .../services/cluster_manager/async_client.py | 121 +- .../services/cluster_manager/client.py | 130 +- .../cluster_manager/transports/base.py | 15 + .../cluster_manager/transports/grpc.py | 35 +- .../transports/grpc_asyncio.py | 36 +- .../cloud/container_v1beta1/types/__init__.py | 50 + .../types/cluster_service.py | 1406 +++++++++++++++-- scripts/fixup_container_v1beta1_keywords.py | 3 +- synth.metadata | 6 +- .../container_v1beta1/test_cluster_manager.py | 183 ++- 12 files changed, 2898 insertions(+), 422 deletions(-) diff --git a/google/cloud/container_v1beta1/__init__.py b/google/cloud/container_v1beta1/__init__.py index b492cba4..e6827164 100644 --- a/google/cloud/container_v1beta1/__init__.py +++ b/google/cloud/container_v1beta1/__init__.py @@ -27,16 +27,28 @@ from .types.cluster_service import CloudRunConfig from .types.cluster_service import Cluster from .types.cluster_service import ClusterAutoscaling +from .types.cluster_service import ClusterTelemetry from .types.cluster_service import ClusterUpdate from .types.cluster_service import CompleteIPRotationRequest +from .types.cluster_service import ConfidentialNodes +from .types.cluster_service import ConfigConnectorConfig from .types.cluster_service import CreateClusterRequest from .types.cluster_service import CreateNodePoolRequest from .types.cluster_service import DailyMaintenanceWindow from .types.cluster_service import DatabaseEncryption +from .types.cluster_service import DatapathProvider +from .types.cluster_service import DefaultSnatStatus from .types.cluster_service import DeleteClusterRequest from .types.cluster_service import DeleteNodePoolRequest +from .types.cluster_service import DnsCacheConfig +from .types.cluster_service import EphemeralStorageConfig +from .types.cluster_service import GcePersistentDiskCsiDriverConfig from .types.cluster_service import GetClusterRequest +from .types.cluster_service import GetJSONWebKeysRequest +from .types.cluster_service import GetJSONWebKeysResponse from .types.cluster_service import GetNodePoolRequest +from .types.cluster_service import GetOpenIDConfigRequest +from .types.cluster_service import GetOpenIDConfigResponse from .types.cluster_service import GetOperationRequest from .types.cluster_service import GetServerConfigRequest from .types.cluster_service import HorizontalPodAutoscaling @@ -44,8 +56,11 @@ from .types.cluster_service import IPAllocationPolicy from .types.cluster_service import IntraNodeVisibilityConfig from .types.cluster_service import IstioConfig +from .types.cluster_service import Jwk +from .types.cluster_service import KalmConfig from .types.cluster_service import KubernetesDashboard from .types.cluster_service import LegacyAbac +from .types.cluster_service import LinuxNodeConfig from .types.cluster_service import ListClustersRequest from .types.cluster_service import ListClustersResponse from .types.cluster_service import ListLocationsRequest @@ -59,6 +74,7 @@ from .types.cluster_service import Location from .types.cluster_service import MaintenancePolicy from .types.cluster_service import MaintenanceWindow +from .types.cluster_service import Master from .types.cluster_service import MasterAuth from .types.cluster_service import MasterAuthorizedNetworksConfig from .types.cluster_service import MaxPodsConstraint @@ -66,18 +82,24 @@ from .types.cluster_service import NetworkPolicy from .types.cluster_service import NetworkPolicyConfig from .types.cluster_service import NodeConfig +from .types.cluster_service import NodeKubeletConfig from .types.cluster_service import NodeManagement from .types.cluster_service import NodePool from .types.cluster_service import NodePoolAutoscaling from .types.cluster_service import NodeTaint +from .types.cluster_service import NotificationConfig from .types.cluster_service import Operation from .types.cluster_service import OperationProgress from .types.cluster_service import PodSecurityPolicyConfig from .types.cluster_service import PrivateClusterConfig +from .types.cluster_service import PrivateClusterMasterGlobalAccessConfig from .types.cluster_service import RecurringTimeWindow +from .types.cluster_service import ReleaseChannel +from .types.cluster_service import ReservationAffinity from .types.cluster_service import ResourceLimit from .types.cluster_service import ResourceUsageExportConfig from .types.cluster_service import RollbackNodePoolUpgradeRequest +from .types.cluster_service import SandboxConfig from .types.cluster_service import ServerConfig from .types.cluster_service import SetAddonsConfigRequest from .types.cluster_service import SetLabelsRequest @@ -92,15 +114,20 @@ from .types.cluster_service import SetNodePoolManagementRequest from .types.cluster_service import SetNodePoolSizeRequest from .types.cluster_service import ShieldedInstanceConfig +from .types.cluster_service import ShieldedNodes from .types.cluster_service import StartIPRotationRequest from .types.cluster_service import StatusCondition from .types.cluster_service import TimeWindow +from .types.cluster_service import TpuConfig from .types.cluster_service import UpdateClusterRequest from .types.cluster_service import UpdateMasterRequest from .types.cluster_service import UpdateNodePoolRequest +from .types.cluster_service import UpgradeEvent +from .types.cluster_service import UpgradeResourceType from .types.cluster_service import UsableSubnetwork from .types.cluster_service import UsableSubnetworkSecondaryRange from .types.cluster_service import VerticalPodAutoscaling +from .types.cluster_service import WorkloadIdentityConfig from .types.cluster_service import WorkloadMetadataConfig @@ -116,16 +143,28 @@ "CloudRunConfig", "Cluster", "ClusterAutoscaling", + "ClusterTelemetry", "ClusterUpdate", "CompleteIPRotationRequest", + "ConfidentialNodes", + "ConfigConnectorConfig", "CreateClusterRequest", "CreateNodePoolRequest", "DailyMaintenanceWindow", "DatabaseEncryption", + "DatapathProvider", + "DefaultSnatStatus", "DeleteClusterRequest", "DeleteNodePoolRequest", + "DnsCacheConfig", + "EphemeralStorageConfig", + "GcePersistentDiskCsiDriverConfig", "GetClusterRequest", + "GetJSONWebKeysRequest", + "GetJSONWebKeysResponse", "GetNodePoolRequest", + "GetOpenIDConfigRequest", + "GetOpenIDConfigResponse", "GetOperationRequest", "GetServerConfigRequest", "HorizontalPodAutoscaling", @@ -133,8 +172,11 @@ "IPAllocationPolicy", "IntraNodeVisibilityConfig", "IstioConfig", + "Jwk", + "KalmConfig", "KubernetesDashboard", "LegacyAbac", + "LinuxNodeConfig", "ListClustersRequest", "ListClustersResponse", "ListLocationsRequest", @@ -148,6 +190,7 @@ "Location", "MaintenancePolicy", "MaintenanceWindow", + "Master", "MasterAuth", "MasterAuthorizedNetworksConfig", "MaxPodsConstraint", @@ -155,18 +198,24 @@ "NetworkPolicy", "NetworkPolicyConfig", "NodeConfig", + "NodeKubeletConfig", "NodeManagement", "NodePool", "NodePoolAutoscaling", "NodeTaint", + "NotificationConfig", "Operation", "OperationProgress", "PodSecurityPolicyConfig", "PrivateClusterConfig", + "PrivateClusterMasterGlobalAccessConfig", "RecurringTimeWindow", + "ReleaseChannel", + "ReservationAffinity", "ResourceLimit", "ResourceUsageExportConfig", "RollbackNodePoolUpgradeRequest", + "SandboxConfig", "ServerConfig", "SetAddonsConfigRequest", "SetLabelsRequest", @@ -181,15 +230,20 @@ "SetNodePoolManagementRequest", "SetNodePoolSizeRequest", "ShieldedInstanceConfig", + "ShieldedNodes", "StartIPRotationRequest", "StatusCondition", "TimeWindow", + "TpuConfig", "UpdateClusterRequest", "UpdateMasterRequest", "UpdateNodePoolRequest", + "UpgradeEvent", + "UpgradeResourceType", "UsableSubnetwork", "UsableSubnetworkSecondaryRange", "VerticalPodAutoscaling", + "WorkloadIdentityConfig", "WorkloadMetadataConfig", "ClusterManagerClient", ) diff --git a/google/cloud/container_v1beta1/proto/cluster_service.proto b/google/cloud/container_v1beta1/proto/cluster_service.proto index f43de9df..bad80382 100644 --- a/google/cloud/container_v1beta1/proto/cluster_service.proto +++ b/google/cloud/container_v1beta1/proto/cluster_service.proto @@ -1,4 +1,4 @@ -// Copyright 2019 Google LLC. +// Copyright 2020 Google LLC // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -11,7 +11,6 @@ // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. // See the License for the specific language governing permissions and // limitations under the License. -// syntax = "proto3"; @@ -20,8 +19,12 @@ package google.container.v1beta1; import "google/api/annotations.proto"; import "google/api/client.proto"; import "google/api/field_behavior.proto"; +import "google/api/resource.proto"; import "google/protobuf/empty.proto"; import "google/protobuf/timestamp.proto"; +import "google/protobuf/wrappers.proto"; +import "google/rpc/code.proto"; +import "google/rpc/status.proto"; option csharp_namespace = "Google.Cloud.Container.V1Beta1"; option go_package = "google.golang.org/genproto/googleapis/container/v1beta1;container"; @@ -30,6 +33,10 @@ option java_outer_classname = "ClusterServiceProto"; option java_package = "com.google.container.v1beta1"; option php_namespace = "Google\\Cloud\\Container\\V1beta1"; option ruby_package = "Google::Cloud::Container::V1beta1"; +option (google.api.resource_definition) = { + type: "pubsub.googleapis.com/Topic" + pattern: "projects/{project}/topics/{topic}" +}; // Google Kubernetes Engine Cluster Manager v1beta1 service ClusterManager { @@ -63,7 +70,8 @@ service ClusterManager { // Compute Engine instances. // // By default, the cluster is created in the project's - // [default network](https://cloud.google.com/compute/docs/networks-and-firewalls#networks). + // [default + // network](https://cloud.google.com/compute/docs/networks-and-firewalls#networks). // // One firewall is added for the cluster. After cluster creation, // the Kubelet creates routes for each node to allow the containers @@ -161,7 +169,11 @@ service ClusterManager { } // Sets the locations for a specific cluster. + // Deprecated. Use + // [projects.locations.clusters.update](https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1beta1/projects.locations.clusters/update) + // instead. rpc SetLocations(SetLocationsRequest) returns (Operation) { + option deprecated = true; option (google.api.http) = { post: "/v1beta1/{name=projects/*/locations/*/clusters/*}:setLocations" body: "*" @@ -276,6 +288,16 @@ service ClusterManager { option (google.api.method_signature) = "project_id,zone,cluster_id"; } + // Gets the public component of the cluster signing keys in + // JSON Web Key format. + // This API is not yet intended for general use, and is not available for all + // clusters. + rpc GetJSONWebKeys(GetJSONWebKeysRequest) returns (GetJSONWebKeysResponse) { + option (google.api.http) = { + get: "/v1beta1/{parent=projects/*/locations/*/clusters/*}/jwks" + }; + } + // Retrieves the requested node pool. rpc GetNodePool(GetNodePoolRequest) returns (NodePool) { option (google.api.http) = { @@ -445,14 +467,67 @@ service ClusterManager { } } +// Parameters that can be configured on Linux nodes. +message LinuxNodeConfig { + // The Linux kernel parameters to be applied to the nodes and all pods running + // on the nodes. + // + // The following parameters are supported. + // + // net.core.netdev_max_backlog + // net.core.rmem_max + // net.core.wmem_default + // net.core.wmem_max + // net.core.optmem_max + // net.core.somaxconn + // net.ipv4.tcp_rmem + // net.ipv4.tcp_wmem + // net.ipv4.tcp_tw_reuse + map sysctls = 1; +} + +// Node kubelet configs. +message NodeKubeletConfig { + // Control the CPU management policy on the node. + // See + // https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/ + // + // The following values are allowed. + // - "none": the default, which represents the existing scheduling behavior. + // - "static": allows pods with certain resource characteristics to be + // granted increased CPU affinity and exclusivity on the node. + // The default value is 'none' if unspecified. + string cpu_manager_policy = 1; + + // Enable CPU CFS quota enforcement for containers that specify CPU limits. + // + // This option is enabled by default which makes kubelet use CFS quota + // (https://www.kernel.org/doc/Documentation/scheduler/sched-bwc.txt) to + // enforce container CPU limits. Otherwise, CPU limits will not be enforced at + // all. + // + // Disable this option to mitigate CPU throttling problems while still having + // your pods to be in Guaranteed QoS class by specifying the CPU limits. + // + // The default value is 'true' if unspecified. + google.protobuf.BoolValue cpu_cfs_quota = 2; + + // Set the CPU CFS quota period value 'cpu.cfs_period_us'. + // + // The string must be a sequence of decimal numbers, each with optional + // fraction and a unit suffix, such as "300ms". + // Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h". + // The value must be a positive duration. + string cpu_cfs_quota_period = 3; +} + // Parameters that describe the nodes in a cluster. message NodeConfig { // The name of a Google Compute Engine [machine - // type](https://cloud.google.com/compute/docs/machine-types) (e.g. - // `n1-standard-1`). + // type](https://cloud.google.com/compute/docs/machine-types). // // If unspecified, the default machine type is - // `n1-standard-1`. + // `e2-medium`. string machine_type = 1; // Size of the disk attached to each node, specified in GB. @@ -471,42 +546,47 @@ message NodeConfig { // persistent storage on your nodes. // * `https://www.googleapis.com/auth/devstorage.read_only` is required for // communicating with **gcr.io** - // (the [Google Container Registry](https://cloud.google.com/container-registry/)). + // (the [Google Container + // Registry](https://cloud.google.com/container-registry/)). // // If unspecified, no scopes are added, unless Cloud Logging or Cloud // Monitoring are enabled, in which case their required scopes will be added. repeated string oauth_scopes = 3; - // The Google Cloud Platform Service Account to be used by the node VMs. If - // no Service Account is specified, the "default" service account is used. + // The Google Cloud Platform Service Account to be used by the node VMs. + // Specify the email address of the Service Account; otherwise, if no Service + // Account is specified, the "default" service account is used. string service_account = 9; // The metadata key/value pairs assigned to instances in the cluster. // - // Keys must conform to the regexp [a-zA-Z0-9-_]+ and be less than 128 bytes + // Keys must conform to the regexp `[a-zA-Z0-9-_]+` and be less than 128 bytes // in length. These are reflected as part of a URL in the metadata server. // Additionally, to avoid ambiguity, keys must not conflict with any other // metadata keys for the project or be one of the reserved keys: - // "cluster-location" - // "cluster-name" - // "cluster-uid" - // "configure-sh" - // "containerd-configure-sh" - // "enable-oslogin" - // "gci-ensure-gke-docker" - // "gci-metrics-enabled" - // "gci-update-strategy" - // "instance-template" - // "kube-env" - // "startup-script" - // "user-data" - // "disable-address-manager" - // "windows-startup-script-ps1" - // "common-psm1" - // "k8s-node-setup-psm1" - // "install-ssh-psm1" - // "user-profile-psm1" - // "serial-port-logging-enable" + // - "cluster-location" + // - "cluster-name" + // - "cluster-uid" + // - "configure-sh" + // - "containerd-configure-sh" + // - "enable-oslogin" + // - "gci-ensure-gke-docker" + // - "gci-metrics-enabled" + // - "gci-update-strategy" + // - "instance-template" + // - "kube-env" + // - "startup-script" + // - "user-data" + // - "disable-address-manager" + // - "windows-startup-script-ps1" + // - "common-psm1" + // - "k8s-node-setup-psm1" + // - "install-ssh-psm1" + // - "user-profile-psm1" + // + // The following keys are reserved for Windows nodes: + // - "serial-port-logging-enable" + // // Values are free-form strings, and only have meaning as interpreted by // the image running in the instance. The only restriction placed on them is // that each value's size must be less than or equal to 32 KB. @@ -552,7 +632,23 @@ message NodeConfig { // support for GPUs. repeated AcceleratorConfig accelerators = 11; - // Type of the disk attached to each node (e.g. 'pd-standard' or 'pd-ssd') + // Sandbox configuration for this node. + SandboxConfig sandbox_config = 17; + + // Setting this field will assign instances of this + // pool to run on the specified node group. This is useful for running + // workloads on [sole tenant + // nodes](https://cloud.google.com/compute/docs/nodes/sole-tenant-nodes). + string node_group = 18; + + // The optional reservation affinity. Setting this field will apply + // the specified [Zonal Compute + // Reservation](https://cloud.google.com/compute/docs/instances/reserving-zonal-resources) + // to this node pool. + ReservationAffinity reservation_affinity = 19; + + // Type of the disk attached to each node (e.g. 'pd-standard', 'pd-ssd' or + // 'pd-balanced') // // If unspecified, the default disk type is 'pd-standard' string disk_type = 12; @@ -560,11 +656,10 @@ message NodeConfig { // Minimum CPU platform to be used by this instance. The instance may be // scheduled on the specified or newer CPU platform. Applicable values are the // friendly names of CPU platforms, such as - // minCpuPlatform: "Intel Haswell" or - // minCpuPlatform: "Intel Sandy Bridge". For more + // `minCpuPlatform: "Intel Haswell"` or + // `minCpuPlatform: "Intel Sandy Bridge"`. For more // information, read [how to specify min CPU // platform](https://cloud.google.com/compute/docs/instances/specify-min-cpu-platform) - // To unset the min cpu platform field pass "automatic" as field value. string min_cpu_platform = 13; // The workload metadata configuration for this node. @@ -576,8 +671,27 @@ message NodeConfig { // https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ repeated NodeTaint taints = 15; + // + // The Customer Managed Encryption Key used to encrypt the boot disk attached + // to each node in the node pool. This should be of the form + // projects/[KEY_PROJECT_ID]/locations/[LOCATION]/keyRings/[RING_NAME]/cryptoKeys/[KEY_NAME]. + // For more information about protecting resources with Cloud KMS Keys please + // see: + // https://cloud.google.com/compute/docs/disks/customer-managed-encryption + string boot_disk_kms_key = 23; + // Shielded Instance options. ShieldedInstanceConfig shielded_instance_config = 20; + + // Parameters that can be configured on Linux nodes. + LinuxNodeConfig linux_node_config = 21; + + // Node kubelet configs. + NodeKubeletConfig kubelet_config = 22; + + // Parameters for the ephemeral storage filesystem. + // If unspecified, ephemeral storage is backed by the boot disk. + EphemeralStorageConfig ephemeral_storage_config = 24; } // A set of Shielded Instance options. @@ -598,11 +712,71 @@ message ShieldedInstanceConfig { bool enable_integrity_monitoring = 2; } +// SandboxConfig contains configurations of the sandbox to use for the node. +message SandboxConfig { + // Possible types of sandboxes. + enum Type { + // Default value. This should not be used. + UNSPECIFIED = 0; + + // Run sandbox using gvisor. + GVISOR = 1; + } + + // Type of the sandbox to use for the node (e.g. 'gvisor') + string sandbox_type = 1 [deprecated = true]; + + // Type of the sandbox to use for the node. + Type type = 2; +} + +// EphemeralStorageConfig contains configuration for the ephemeral storage +// filesystem. +message EphemeralStorageConfig { + // Number of local SSDs to use to back ephemeral storage. Uses NVMe + // interfaces. Each local SSD is 375 GB in size. + // If zero, it means to disable using local SSDs as ephemeral storage. + int32 local_ssd_count = 1; +} + +// [ReservationAffinity](https://cloud.google.com/compute/docs/instances/reserving-zonal-resources) +// is the configuration of desired reservation which instances could take +// capacity from. +message ReservationAffinity { + // Indicates whether to consume capacity from a reservation or not. + enum Type { + // Default value. This should not be used. + UNSPECIFIED = 0; + + // Do not consume from any reserved capacity. + NO_RESERVATION = 1; + + // Consume any reservation available. + ANY_RESERVATION = 2; + + // Must consume from a specific reservation. Must specify key value fields + // for specifying the reservations. + SPECIFIC_RESERVATION = 3; + } + + // Corresponds to the type of reservation consumption. + Type consume_reservation_type = 1; + + // Corresponds to the label key of a reservation resource. To target a + // SPECIFIC_RESERVATION by name, specify "googleapis.com/reservation-name" as + // the key and specify the name of your reservation as its value. + string key = 2; + + // Corresponds to the label value(s) of reservation resource(s). + repeated string values = 3; +} + // Kubernetes taint is comprised of three fields: key, value, and effect. Effect // can only be one of three types: NoSchedule, PreferNoSchedule or NoExecute. // -// For more information, including usage and the valid values, see: -// https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ +// See +// [here](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration) +// for more information, including usage and the valid values. message NodeTaint { // Possible values for Effect in taint. enum Effect { @@ -636,21 +810,29 @@ message MasterAuth { // The username to use for HTTP basic authentication to the master endpoint. // For clusters v1.6.0 and later, basic authentication can be disabled by // leaving username unspecified (or setting it to the empty string). - string username = 1; + // + // Warning: basic authentication is deprecated, and will be removed in GKE + // control plane versions 1.19 and newer. For a list of recommended + // authentication methods, see: + // https://cloud.google.com/kubernetes-engine/docs/how-to/api-server-authentication + string username = 1 [deprecated = true]; // The password to use for HTTP basic authentication to the master endpoint. // Because the master endpoint is open to the Internet, you should create a // strong password. If a password is provided for cluster creation, username // must be non-empty. - string password = 2; + // + // Warning: basic authentication is deprecated, and will be removed in GKE + // control plane versions 1.19 and newer. For a list of recommended + // authentication methods, see: + // https://cloud.google.com/kubernetes-engine/docs/how-to/api-server-authentication + string password = 2 [deprecated = true]; // Configuration for client certificate authentication on the cluster. For // clusters before v1.12, if no configuration is specified, a client // certificate is issued. ClientCertificateConfig client_certificate_config = 3; - // [Output only] Base64-encoded public certificate that is the root of - // trust for the cluster. string cluster_ca_certificate = 100; // [Output only] Base64-encoded public certificate used by clients to @@ -700,6 +882,20 @@ message AddonsConfig { // enabled in order to enable Cloud Run addon. This option can only be enabled // at cluster creation time. CloudRunConfig cloud_run_config = 7; + + // Configuration for NodeLocalDNS, a dns cache running on cluster nodes + DnsCacheConfig dns_cache_config = 8; + + // Configuration for the ConfigConnector add-on, a Kubernetes + // extension to manage hosted GCP services through the Kubernetes API + ConfigConnectorConfig config_connector_config = 10; + + // Configuration for the Compute Engine Persistent Disk CSI driver. + GcePersistentDiskCsiDriverConfig gce_persistent_disk_csi_driver_config = 11; + + // Configuration for the KALM addon, which manages the lifecycle of k8s + // applications. + KalmConfig kalm_config = 12; } // Configuration options for the HTTP (L7) load balancing controller addon, @@ -716,8 +912,8 @@ message HttpLoadBalancing { // has based on the resource usage of the existing pods. message HorizontalPodAutoscaling { // Whether the Horizontal Pod Autoscaling feature is enabled in the cluster. - // When enabled, it ensures that a Heapster pod is running in the cluster, - // which is also used by the Cloud Monitoring service. + // When enabled, it ensures that metrics are collected into Stackdriver + // Monitoring. bool disabled = 1; } @@ -735,6 +931,37 @@ message NetworkPolicyConfig { bool disabled = 1; } +// Configuration for NodeLocal DNSCache +message DnsCacheConfig { + // Whether NodeLocal DNSCache is enabled for this cluster. + bool enabled = 1; +} + +// Configuration options for the KALM addon. +message KalmConfig { + // Whether KALM is enabled for this cluster. + bool enabled = 1; +} + +// Configuration options for the Config Connector add-on. +message ConfigConnectorConfig { + // Whether Cloud Connector is enabled for this cluster. + bool enabled = 1; +} + +// Configuration for the Compute Engine PD CSI driver. This option can only be +// enabled at cluster creation time. +message GcePersistentDiskCsiDriverConfig { + // Whether the Compute Engine PD CSI driver is enabled for this cluster. + bool enabled = 1; +} + +// Configuration for controlling master global access settings. +message PrivateClusterMasterGlobalAccessConfig { + // Whenever master is accessible globally or not. + bool enabled = 1; +} + // Configuration options for private clusters. message PrivateClusterConfig { // Whether nodes have internal IP addresses only. If enabled, all nodes are @@ -756,6 +983,12 @@ message PrivateClusterConfig { // Output only. The external IP address of this cluster's master endpoint. string public_endpoint = 5; + + // Output only. The peering name in the customer VPC used by this cluster. + string peering_name = 7; + + // Controls master global access settings. + PrivateClusterMasterGlobalAccessConfig master_global_access_config = 8; } // Configuration options for Istio addon. @@ -778,8 +1011,23 @@ message IstioConfig { // Configuration options for the Cloud Run feature. message CloudRunConfig { + // Load balancer type of ingress service of Cloud Run. + enum LoadBalancerType { + // Load balancer type for Cloud Run is unspecified. + LOAD_BALANCER_TYPE_UNSPECIFIED = 0; + + // Install external load balancer for Cloud Run. + LOAD_BALANCER_TYPE_EXTERNAL = 1; + + // Install internal load balancer for Cloud Run. + LOAD_BALANCER_TYPE_INTERNAL = 2; + } + // Whether Cloud Run addon is enabled for this cluster. bool disabled = 1; + + // Which load balancer type is installed for Cloud Run. + LoadBalancerType load_balancer_type = 3; } // Configuration options for the master authorized networks feature. Enabled @@ -836,6 +1084,9 @@ message NetworkPolicy { // Configuration for controlling how IPs are allocated in the cluster. message IPAllocationPolicy { // Whether alias IPs will be used for pod IPs in the cluster. + // This is used in conjunction with use_routes. It cannot + // be true if use_routes is true. If both use_ip_aliases and use_routes are + // false, then the server picks the default IP allocation mode bool use_ip_aliases = 1; // Whether a new subnetwork will be created automatically for the cluster. @@ -954,7 +1205,14 @@ message IPAllocationPolicy { // notation (e.g. `10.96.0.0/14`) from the RFC-1918 private networks (e.g. // `10.0.0.0/8`, `172.16.0.0/12`, `192.168.0.0/16`) to pick a specific range // to use. + // This field is deprecated, use cluster.tpu_config.ipv4_cidr_block instead. string tpu_ipv4_cidr_block = 13; + + // Whether routes will be used for pod IPs in the cluster. + // This is used in conjunction with use_ip_aliases. It cannot be true if + // use_ip_aliases is true. If both use_ip_aliases and use_routes are false, + // then the server picks the default IP allocation mode + bool use_routes = 15; } // Configuration for Binary Authorization. @@ -982,6 +1240,27 @@ message AuthenticatorGroupsConfig { string security_group = 2; } +// Telemetry integration for the cluster. +message ClusterTelemetry { + // Type of the integration. + enum Type { + // Not set. + UNSPECIFIED = 0; + + // Monitoring integration is disabled. + DISABLED = 1; + + // Monitoring integration is enabled. + ENABLED = 2; + + // Only system components are monitored and logged. + SYSTEM_ONLY = 3; + } + + // Type of the integration. + Type type = 1; +} + // A Google Kubernetes Engine cluster. message Cluster { // The current status of the cluster. @@ -1060,24 +1339,34 @@ message Cluster { // The logging service the cluster should use to write logs. // Currently available options: // - // * `logging.googleapis.com` - the Google Cloud Logging service. + // * `logging.googleapis.com/kubernetes` - The Cloud Logging + // service with a Kubernetes-native resource model + // * `logging.googleapis.com` - The legacy Cloud Logging service (no longer + // available as of GKE 1.15). // * `none` - no logs will be exported from the cluster. - // * if left as an empty string,`logging.googleapis.com` will be used. + // + // If left as an empty string,`logging.googleapis.com/kubernetes` will be + // used for GKE 1.14+ or `logging.googleapis.com` for earlier versions. string logging_service = 6; // The monitoring service the cluster should use to write metrics. // Currently available options: // - // * `monitoring.googleapis.com` - the Google Cloud Monitoring service. - // * `none` - no metrics will be exported from the cluster. - // * if left as an empty string, `monitoring.googleapis.com` will be used. + // * "monitoring.googleapis.com/kubernetes" - The Cloud Monitoring + // service with a Kubernetes-native resource model + // * `monitoring.googleapis.com` - The legacy Cloud Monitoring service (no + // longer available as of GKE 1.15). + // * `none` - No metrics will be exported from the cluster. + // + // If left as an empty string,`monitoring.googleapis.com/kubernetes` will be + // used for GKE 1.14+ or `monitoring.googleapis.com` for earlier versions. string monitoring_service = 7; // The name of the Google Compute Engine - // [network](https://cloud.google.com/compute/docs/networks-and-firewalls#networks) to which the - // cluster is connected. If left unspecified, the `default` network - // will be used. On output this shows the network ID instead of - // the name. + // [network](https://cloud.google.com/compute/docs/networks-and-firewalls#networks) + // to which the cluster is connected. If left unspecified, the `default` + // network will be used. On output this shows the network ID instead of the + // name. string network = 8; // The IP address range of the container pods in this cluster, in @@ -1090,8 +1379,8 @@ message Cluster { AddonsConfig addons_config = 10; // The name of the Google Compute Engine - // [subnetwork](https://cloud.google.com/compute/docs/subnetworks) to which the - // cluster is connected. On output this shows the subnetwork ID instead of + // [subnetwork](https://cloud.google.com/compute/docs/subnetworks) to which + // the cluster is connected. On output this shows the subnetwork ID instead of // the name. string subnetwork = 11; @@ -1101,8 +1390,16 @@ message Cluster { repeated NodePool node_pools = 12; // The list of Google Compute Engine - // [zones](https://cloud.google.com/compute/docs/zones#available) in which the cluster's nodes - // should be located. + // [zones](https://cloud.google.com/compute/docs/zones#available) in which the + // cluster's nodes should be located. + // + // This field provides a default value if + // [NodePool.Locations](https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1/projects.locations.clusters.nodePools#NodePool.FIELDS.locations) + // are not specified during node pool creation. + // + // Warning: changing cluster locations will update the + // [NodePool.Locations](https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1/projects.locations.clusters.nodePools#NodePool.FIELDS.locations) + // of all node pools and will result in nodes being added and/or removed. repeated string locations = 13; // Kubernetes alpha features are enabled on this cluster. This includes alpha @@ -1179,13 +1476,34 @@ message Cluster { // Cluster-level Vertical Pod Autoscaling configuration. VerticalPodAutoscaling vertical_pod_autoscaling = 39; + // Shielded Nodes configuration. + ShieldedNodes shielded_nodes = 40; + + // Release channel configuration. + ReleaseChannel release_channel = 41; + + // Configuration for the use of Kubernetes Service Accounts in GCP IAM + // policies. + WorkloadIdentityConfig workload_identity_config = 43; + + // Telemetry integration for the cluster. + ClusterTelemetry cluster_telemetry = 46; + + // Configuration for Cloud TPU support; + TpuConfig tpu_config = 47; + + // Notification configuration of the cluster. + NotificationConfig notification_config = 49; + + // Configuration of Confidential Nodes + ConfidentialNodes confidential_nodes = 50; + // [Output only] Server-defined URL for the resource. string self_link = 100; // [Output only] The name of the Google Compute Engine - // [zone](https://cloud.google.com/compute/docs/zones#available) in which the cluster - // resides. - // This field is deprecated, use location instead. + // [zone](https://cloud.google.com/compute/docs/zones#available) in which the + // cluster resides. This field is deprecated, use location instead. string zone = 101 [deprecated = true]; // [Output only] The IP address of this cluster's master endpoint. @@ -1228,7 +1546,8 @@ message Cluster { // [Output only] The current status of this cluster. Status status = 107; - // [Output only] Additional information about the current status of this + // [Output only] Deprecated. Use conditions instead. + // Additional information about the current status of this // cluster, if available. string status_message = 108 [deprecated = true]; @@ -1257,12 +1576,14 @@ message Cluster { string expire_time = 113; // [Output only] The name of the Google Compute Engine - // [zone](https://cloud.google.com/compute/docs/regions-zones/regions-zones#available) or - // [region](https://cloud.google.com/compute/docs/regions-zones/regions-zones#available) in which - // the cluster resides. + // [zone](https://cloud.google.com/compute/docs/regions-zones/regions-zones#available) + // or + // [region](https://cloud.google.com/compute/docs/regions-zones/regions-zones#available) + // in which the cluster resides. string location = 114; // Enable the ability to use Cloud TPUs in this cluster. + // This field is deprecated, use tpu_config.enabled instead. bool enable_tpu = 115; // [Output only] The IP address range of the Cloud TPUs in this cluster, in @@ -1275,6 +1596,9 @@ message Cluster { // Which conditions caused the current cluster state. repeated StatusCondition conditions = 118; + + // Configuration for master components. + Master master = 124; } // ClusterUpdate describes an update to the cluster. Exactly one update can @@ -1297,10 +1621,14 @@ message ClusterUpdate { // The monitoring service the cluster should use to write metrics. // Currently available options: // - // * "monitoring.googleapis.com/kubernetes" - the Google Cloud Monitoring - // service with Kubernetes-native resource model - // * "monitoring.googleapis.com" - the Google Cloud Monitoring service - // * "none" - no metrics will be exported from the cluster + // * "monitoring.googleapis.com/kubernetes" - The Cloud Monitoring + // service with a Kubernetes-native resource model + // * `monitoring.googleapis.com` - The legacy Cloud Monitoring service (no + // longer available as of GKE 1.15). + // * `none` - No metrics will be exported from the cluster. + // + // If left as an empty string,`monitoring.googleapis.com/kubernetes` will be + // used for GKE 1.14+ or `monitoring.googleapis.com` for earlier versions. string desired_monitoring_service = 5; // Configurations for the various addons available to run in the cluster. @@ -1323,12 +1651,13 @@ message ClusterUpdate { NodePoolAutoscaling desired_node_pool_autoscaling = 9; // The desired list of Google Compute Engine - // [zones](https://cloud.google.com/compute/docs/zones#available) in which the cluster's nodes - // should be located. Changing the locations a cluster is in will result - // in nodes being either created or removed from the cluster, depending on - // whether locations are being added or removed. + // [zones](https://cloud.google.com/compute/docs/zones#available) in which the + // cluster's nodes should be located. // // This list must always include the cluster's primary zone. + // + // Warning: changing cluster locations will update the locations of all node + // pools and will result in nodes being added and/or removed. repeated string desired_locations = 10; // The desired configuration options for master authorized networks feature. @@ -1343,13 +1672,17 @@ message ClusterUpdate { // The desired configuration options for the Binary Authorization feature. BinaryAuthorization desired_binary_authorization = 16; - // The logging service the cluster should use to write metrics. + // The logging service the cluster should use to write logs. // Currently available options: // - // * "logging.googleapis.com/kubernetes" - the Google Cloud Logging - // service with Kubernetes-native resource model - // * "logging.googleapis.com" - the Google Cloud Logging service - // * "none" - no logs will be exported from the cluster + // * `logging.googleapis.com/kubernetes` - The Cloud Logging + // service with a Kubernetes-native resource model + // * `logging.googleapis.com` - The legacy Cloud Logging service (no longer + // available as of GKE 1.15). + // * `none` - no logs will be exported from the cluster. + // + // If left as an empty string,`logging.googleapis.com/kubernetes` will be + // used for GKE 1.14+ or `logging.googleapis.com` for earlier versions. string desired_logging_service = 19; // The desired configuration for exporting resource usage. @@ -1358,9 +1691,30 @@ message ClusterUpdate { // Cluster-level Vertical Pod Autoscaling configuration. VerticalPodAutoscaling desired_vertical_pod_autoscaling = 22; + // The desired private cluster configuration. + PrivateClusterConfig desired_private_cluster_config = 25; + // The desired config of Intra-node visibility. IntraNodeVisibilityConfig desired_intra_node_visibility_config = 26; + // The desired status of whether to disable default sNAT for this cluster. + DefaultSnatStatus desired_default_snat_status = 28; + + // The desired telemetry integration for the cluster. + ClusterTelemetry desired_cluster_telemetry = 30; + + // The desired release channel configuration. + ReleaseChannel desired_release_channel = 31; + + // The desired Cloud TPU configuration. + TpuConfig desired_tpu_config = 38; + + // The desired datapath provider for the cluster. + DatapathProvider desired_datapath_provider = 50; + + // The desired notification configuration. + NotificationConfig desired_notification_config = 55; + // The Kubernetes version to change the master to. The only valid value is the // latest supported version. // @@ -1373,6 +1727,18 @@ message ClusterUpdate { // - "1.X.Y-gke.N": picks an explicit Kubernetes version // - "-": picks the default Kubernetes version string desired_master_version = 100; + + // Configuration of etcd encryption. + DatabaseEncryption desired_database_encryption = 46; + + // Configuration for Workload Identity. + WorkloadIdentityConfig desired_workload_identity_config = 47; + + // Configuration for Shielded Nodes. + ShieldedNodes desired_shielded_nodes = 48; + + // Configuration for master components. + Master desired_master = 52; } // This operation resource represents operations that may have happened or are @@ -1454,9 +1820,8 @@ message Operation { string name = 1; // The name of the Google Compute Engine - // [zone](https://cloud.google.com/compute/docs/zones#available) in which the operation - // is taking place. - // This field is deprecated, use location instead. + // [zone](https://cloud.google.com/compute/docs/zones#available) in which the + // operation is taking place. This field is deprecated, use location instead. string zone = 2 [deprecated = true]; // The operation type. @@ -1468,8 +1833,12 @@ message Operation { // Detailed operation progress, if available. string detail = 8; - // If an error has occurred, a textual description of the error. - string status_message = 5 [deprecated = true]; + // Output only. If an error has occurred, a textual description of the error. + // Deprecated. Use field error instead. + string status_message = 5 [ + deprecated = true, + (google.api.field_behavior) = OUTPUT_ONLY + ]; // Server-defined URL for the resource. string self_link = 6; @@ -1478,9 +1847,10 @@ message Operation { string target_link = 7; // [Output only] The name of the Google Compute Engine - // [zone](https://cloud.google.com/compute/docs/regions-zones/regions-zones#available) or - // [region](https://cloud.google.com/compute/docs/regions-zones/regions-zones#available) in which - // the cluster resides. + // [zone](https://cloud.google.com/compute/docs/regions-zones/regions-zones#available) + // or + // [region](https://cloud.google.com/compute/docs/regions-zones/regions-zones#available) + // in which the cluster resides. string location = 9; // [Output only] The time the operation started, in @@ -1491,23 +1861,27 @@ message Operation { // [RFC3339](https://www.ietf.org/rfc/rfc3339.txt) text format. string end_time = 11; - // [Output only] Progress information for an operation. - OperationProgress progress = 12; + // Output only. [Output only] Progress information for an operation. + OperationProgress progress = 12 [(google.api.field_behavior) = OUTPUT_ONLY]; // Which conditions caused the current cluster state. - repeated StatusCondition cluster_conditions = 13; + // Deprecated. Use field error instead. + repeated StatusCondition cluster_conditions = 13 [deprecated = true]; // Which conditions caused the current node pool state. - repeated StatusCondition nodepool_conditions = 14; + // Deprecated. Use field error instead. + repeated StatusCondition nodepool_conditions = 14 [deprecated = true]; + + // The error result of the operation in case of failure. + google.rpc.Status error = 15; } // Information about operation (or operation stage) progress. message OperationProgress { // Progress metric is (string, int|float|string) pair. message Metric { - // Metric name, required. - // e.g., "nodes total", "percent done" - string name = 1; + // Required. Metric name, e.g., "nodes total", "percent done". + string name = 1 [(google.api.field_behavior) = REQUIRED]; // Strictly one of the values is required. oneof value { @@ -1553,16 +1927,16 @@ message CreateClusterRequest { ]; // Required. Deprecated. The name of the Google Compute Engine - // [zone](https://cloud.google.com/compute/docs/zones#available) in which the cluster - // resides. - // This field has been deprecated and replaced by the parent field. + // [zone](https://cloud.google.com/compute/docs/zones#available) in which the + // cluster resides. This field has been deprecated and replaced by the parent + // field. string zone = 2 [ deprecated = true, (google.api.field_behavior) = REQUIRED ]; // Required. A [cluster - // resource](https://cloud.google.com/container-engine/reference/rest/v1beta1/projects.zones.clusters) + // resource](https://cloud.google.com/container-engine/reference/rest/v1beta1/projects.locations.clusters) Cluster cluster = 3 [(google.api.field_behavior) = REQUIRED]; // The parent (project and location) where the cluster will be created. @@ -1581,9 +1955,9 @@ message GetClusterRequest { ]; // Required. Deprecated. The name of the Google Compute Engine - // [zone](https://cloud.google.com/compute/docs/zones#available) in which the cluster - // resides. - // This field has been deprecated and replaced by the name field. + // [zone](https://cloud.google.com/compute/docs/zones#available) in which the + // cluster resides. This field has been deprecated and replaced by the name + // field. string zone = 2 [ deprecated = true, (google.api.field_behavior) = REQUIRED @@ -1612,9 +1986,9 @@ message UpdateClusterRequest { ]; // Required. Deprecated. The name of the Google Compute Engine - // [zone](https://cloud.google.com/compute/docs/zones#available) in which the cluster - // resides. - // This field has been deprecated and replaced by the name field. + // [zone](https://cloud.google.com/compute/docs/zones#available) in which the + // cluster resides. This field has been deprecated and replaced by the name + // field. string zone = 2 [ deprecated = true, (google.api.field_behavior) = REQUIRED @@ -1646,9 +2020,9 @@ message UpdateNodePoolRequest { ]; // Required. Deprecated. The name of the Google Compute Engine - // [zone](https://cloud.google.com/compute/docs/zones#available) in which the cluster - // resides. - // This field has been deprecated and replaced by the name field. + // [zone](https://cloud.google.com/compute/docs/zones#available) in which the + // cluster resides. This field has been deprecated and replaced by the name + // field. string zone = 2 [ deprecated = true, (google.api.field_behavior) = REQUIRED @@ -1684,13 +2058,29 @@ message UpdateNodePoolRequest { // Required. The desired image type for the node pool. string image_type = 6 [(google.api.field_behavior) = REQUIRED]; - // The desired image type for the node pool. + // The desired list of Google Compute Engine + // [zones](https://cloud.google.com/compute/docs/zones#available) in which the + // node pool's nodes should be located. Changing the locations for a node pool + // will result in nodes being either created or removed from the node pool, + // depending on whether locations are being added or removed. + repeated string locations = 13; + + // The desired workload metadata config for the node pool. WorkloadMetadataConfig workload_metadata_config = 14; // The name (project, location, cluster, node pool) of the node pool to // update. Specified in the format // `projects/*/locations/*/clusters/*/nodePools/*`. string name = 8; + + // Upgrade settings control disruption and speed of the upgrade. + NodePool.UpgradeSettings upgrade_settings = 15; + + // Parameters that can be configured on Linux nodes. + LinuxNodeConfig linux_node_config = 19; + + // Node kubelet configs. + NodeKubeletConfig kubelet_config = 20; } // SetNodePoolAutoscalingRequest sets the autoscaler settings of a node pool. @@ -1704,9 +2094,9 @@ message SetNodePoolAutoscalingRequest { ]; // Required. Deprecated. The name of the Google Compute Engine - // [zone](https://cloud.google.com/compute/docs/zones#available) in which the cluster - // resides. - // This field has been deprecated and replaced by the name field. + // [zone](https://cloud.google.com/compute/docs/zones#available) in which the + // cluster resides. This field has been deprecated and replaced by the name + // field. string zone = 2 [ deprecated = true, (google.api.field_behavior) = REQUIRED @@ -1746,9 +2136,9 @@ message SetLoggingServiceRequest { ]; // Required. Deprecated. The name of the Google Compute Engine - // [zone](https://cloud.google.com/compute/docs/zones#available) in which the cluster - // resides. - // This field has been deprecated and replaced by the name field. + // [zone](https://cloud.google.com/compute/docs/zones#available) in which the + // cluster resides. This field has been deprecated and replaced by the name + // field. string zone = 2 [ deprecated = true, (google.api.field_behavior) = REQUIRED @@ -1761,11 +2151,17 @@ message SetLoggingServiceRequest { (google.api.field_behavior) = REQUIRED ]; - // Required. The logging service the cluster should use to write metrics. + // Required. The logging service the cluster should use to write logs. // Currently available options: // - // * "logging.googleapis.com" - the Google Cloud Logging service - // * "none" - no metrics will be exported from the cluster + // * `logging.googleapis.com/kubernetes` - The Cloud Logging + // service with a Kubernetes-native resource model + // * `logging.googleapis.com` - The legacy Cloud Logging service (no longer + // available as of GKE 1.15). + // * `none` - no logs will be exported from the cluster. + // + // If left as an empty string,`logging.googleapis.com/kubernetes` will be + // used for GKE 1.14+ or `logging.googleapis.com` for earlier versions. string logging_service = 4 [(google.api.field_behavior) = REQUIRED]; // The name (project, location, cluster) of the cluster to set logging. @@ -1784,9 +2180,9 @@ message SetMonitoringServiceRequest { ]; // Required. Deprecated. The name of the Google Compute Engine - // [zone](https://cloud.google.com/compute/docs/zones#available) in which the cluster - // resides. - // This field has been deprecated and replaced by the name field. + // [zone](https://cloud.google.com/compute/docs/zones#available) in which the + // cluster resides. This field has been deprecated and replaced by the name + // field. string zone = 2 [ deprecated = true, (google.api.field_behavior) = REQUIRED @@ -1802,8 +2198,14 @@ message SetMonitoringServiceRequest { // Required. The monitoring service the cluster should use to write metrics. // Currently available options: // - // * "monitoring.googleapis.com" - the Google Cloud Monitoring service - // * "none" - no metrics will be exported from the cluster + // * "monitoring.googleapis.com/kubernetes" - The Cloud Monitoring + // service with a Kubernetes-native resource model + // * `monitoring.googleapis.com` - The legacy Cloud Monitoring service (no + // longer available as of GKE 1.15). + // * `none` - No metrics will be exported from the cluster. + // + // If left as an empty string,`monitoring.googleapis.com/kubernetes` will be + // used for GKE 1.14+ or `monitoring.googleapis.com` for earlier versions. string monitoring_service = 4 [(google.api.field_behavior) = REQUIRED]; // The name (project, location, cluster) of the cluster to set monitoring. @@ -1822,9 +2224,9 @@ message SetAddonsConfigRequest { ]; // Required. Deprecated. The name of the Google Compute Engine - // [zone](https://cloud.google.com/compute/docs/zones#available) in which the cluster - // resides. - // This field has been deprecated and replaced by the name field. + // [zone](https://cloud.google.com/compute/docs/zones#available) in which the + // cluster resides. This field has been deprecated and replaced by the name + // field. string zone = 2 [ deprecated = true, (google.api.field_behavior) = REQUIRED @@ -1857,9 +2259,9 @@ message SetLocationsRequest { ]; // Required. Deprecated. The name of the Google Compute Engine - // [zone](https://cloud.google.com/compute/docs/zones#available) in which the cluster - // resides. - // This field has been deprecated and replaced by the name field. + // [zone](https://cloud.google.com/compute/docs/zones#available) in which the + // cluster resides. This field has been deprecated and replaced by the name + // field. string zone = 2 [ deprecated = true, (google.api.field_behavior) = REQUIRED @@ -1873,10 +2275,10 @@ message SetLocationsRequest { ]; // Required. The desired list of Google Compute Engine - // [zones](https://cloud.google.com/compute/docs/zones#available) in which the cluster's nodes - // should be located. Changing the locations a cluster is in will result - // in nodes being either created or removed from the cluster, depending on - // whether locations are being added or removed. + // [zones](https://cloud.google.com/compute/docs/zones#available) in which the + // cluster's nodes should be located. Changing the locations a cluster is in + // will result in nodes being either created or removed from the cluster, + // depending on whether locations are being added or removed. // // This list must always include the cluster's primary zone. repeated string locations = 4 [(google.api.field_behavior) = REQUIRED]; @@ -1897,9 +2299,9 @@ message UpdateMasterRequest { ]; // Required. Deprecated. The name of the Google Compute Engine - // [zone](https://cloud.google.com/compute/docs/zones#available) in which the cluster - // resides. - // This field has been deprecated and replaced by the name field. + // [zone](https://cloud.google.com/compute/docs/zones#available) in which the + // cluster resides. This field has been deprecated and replaced by the name + // field. string zone = 2 [ deprecated = true, (google.api.field_behavior) = REQUIRED @@ -1958,9 +2360,9 @@ message SetMasterAuthRequest { ]; // Required. Deprecated. The name of the Google Compute Engine - // [zone](https://cloud.google.com/compute/docs/zones#available) in which the cluster - // resides. - // This field has been deprecated and replaced by the name field. + // [zone](https://cloud.google.com/compute/docs/zones#available) in which the + // cluster resides. This field has been deprecated and replaced by the name + // field. string zone = 2 [ deprecated = true, (google.api.field_behavior) = REQUIRED @@ -1995,9 +2397,9 @@ message DeleteClusterRequest { ]; // Required. Deprecated. The name of the Google Compute Engine - // [zone](https://cloud.google.com/compute/docs/zones#available) in which the cluster - // resides. - // This field has been deprecated and replaced by the name field. + // [zone](https://cloud.google.com/compute/docs/zones#available) in which the + // cluster resides. This field has been deprecated and replaced by the name + // field. string zone = 2 [ deprecated = true, (google.api.field_behavior) = REQUIRED @@ -2026,9 +2428,9 @@ message ListClustersRequest { ]; // Required. Deprecated. The name of the Google Compute Engine - // [zone](https://cloud.google.com/compute/docs/zones#available) in which the cluster - // resides, or "-" for all zones. - // This field has been deprecated and replaced by the parent field. + // [zone](https://cloud.google.com/compute/docs/zones#available) in which the + // cluster resides, or "-" for all zones. This field has been deprecated and + // replaced by the parent field. string zone = 2 [ deprecated = true, (google.api.field_behavior) = REQUIRED @@ -2062,9 +2464,9 @@ message GetOperationRequest { ]; // Required. Deprecated. The name of the Google Compute Engine - // [zone](https://cloud.google.com/compute/docs/zones#available) in which the cluster - // resides. - // This field has been deprecated and replaced by the name field. + // [zone](https://cloud.google.com/compute/docs/zones#available) in which the + // cluster resides. This field has been deprecated and replaced by the name + // field. string zone = 2 [ deprecated = true, (google.api.field_behavior) = REQUIRED @@ -2093,8 +2495,9 @@ message ListOperationsRequest { ]; // Required. Deprecated. The name of the Google Compute Engine - // [zone](https://cloud.google.com/compute/docs/zones#available) to return operations for, or `-` for - // all zones. This field has been deprecated and replaced by the parent field. + // [zone](https://cloud.google.com/compute/docs/zones#available) to return + // operations for, or `-` for all zones. This field has been deprecated and + // replaced by the parent field. string zone = 2 [ deprecated = true, (google.api.field_behavior) = REQUIRED @@ -2117,8 +2520,9 @@ message CancelOperationRequest { ]; // Required. Deprecated. The name of the Google Compute Engine - // [zone](https://cloud.google.com/compute/docs/zones#available) in which the operation resides. - // This field has been deprecated and replaced by the name field. + // [zone](https://cloud.google.com/compute/docs/zones#available) in which the + // operation resides. This field has been deprecated and replaced by the name + // field. string zone = 2 [ deprecated = true, (google.api.field_behavior) = REQUIRED @@ -2157,8 +2561,9 @@ message GetServerConfigRequest { ]; // Required. Deprecated. The name of the Google Compute Engine - // [zone](https://cloud.google.com/compute/docs/zones#available) to return operations for. - // This field has been deprecated and replaced by the name field. + // [zone](https://cloud.google.com/compute/docs/zones#available) to return + // operations for. This field has been deprecated and replaced by the name + // field. string zone = 2 [ deprecated = true, (google.api.field_behavior) = REQUIRED @@ -2171,10 +2576,38 @@ message GetServerConfigRequest { // Kubernetes Engine service configuration. message ServerConfig { + // ReleaseChannelConfig exposes configuration for a release channel. + message ReleaseChannelConfig { + // Deprecated. + message AvailableVersion { + option deprecated = true; + + // Kubernetes version. + string version = 1; + + // Reason for availability. + string reason = 2; + } + + // The release channel this configuration applies to. + ReleaseChannel.Channel channel = 1; + + // The default version for newly created clusters on the channel. + string default_version = 2; + + // Deprecated. + // This field has been deprecated and replaced with the valid_versions + // field. + repeated AvailableVersion available_versions = 3 [deprecated = true]; + + // List of valid versions for the channel. + repeated string valid_versions = 4; + } + // Version of Kubernetes the service deploys by default. string default_cluster_version = 1; - // List of valid node upgrade target versions. + // List of valid node upgrade target versions, in descending order. repeated string valid_node_versions = 3; // Default image type. @@ -2183,8 +2616,11 @@ message ServerConfig { // List of valid image types. repeated string valid_image_types = 5; - // List of valid master versions. + // List of valid master versions, in descending order. repeated string valid_master_versions = 6; + + // List of release channel configurations. + repeated ReleaseChannelConfig channels = 9; } // CreateNodePoolRequest creates a node pool for a cluster. @@ -2198,9 +2634,9 @@ message CreateNodePoolRequest { ]; // Required. Deprecated. The name of the Google Compute Engine - // [zone](https://cloud.google.com/compute/docs/zones#available) in which the cluster - // resides. - // This field has been deprecated and replaced by the parent field. + // [zone](https://cloud.google.com/compute/docs/zones#available) in which the + // cluster resides. This field has been deprecated and replaced by the parent + // field. string zone = 2 [ deprecated = true, (google.api.field_behavior) = REQUIRED @@ -2233,9 +2669,9 @@ message DeleteNodePoolRequest { ]; // Required. Deprecated. The name of the Google Compute Engine - // [zone](https://cloud.google.com/compute/docs/zones#available) in which the cluster - // resides. - // This field has been deprecated and replaced by the name field. + // [zone](https://cloud.google.com/compute/docs/zones#available) in which the + // cluster resides. This field has been deprecated and replaced by the name + // field. string zone = 2 [ deprecated = true, (google.api.field_behavior) = REQUIRED @@ -2272,9 +2708,9 @@ message ListNodePoolsRequest { ]; // Required. Deprecated. The name of the Google Compute Engine - // [zone](https://cloud.google.com/compute/docs/zones#available) in which the cluster - // resides. - // This field has been deprecated and replaced by the parent field. + // [zone](https://cloud.google.com/compute/docs/zones#available) in which the + // cluster resides. This field has been deprecated and replaced by the parent + // field. string zone = 2 [ deprecated = true, (google.api.field_behavior) = REQUIRED @@ -2303,9 +2739,9 @@ message GetNodePoolRequest { ]; // Required. Deprecated. The name of the Google Compute Engine - // [zone](https://cloud.google.com/compute/docs/zones#available) in which the cluster - // resides. - // This field has been deprecated and replaced by the name field. + // [zone](https://cloud.google.com/compute/docs/zones#available) in which the + // cluster resides. This field has been deprecated and replaced by the name + // field. string zone = 2 [ deprecated = true, (google.api.field_behavior) = REQUIRED @@ -2338,6 +2774,40 @@ message GetNodePoolRequest { // during pod scheduling. They may also be resized up or down, to accommodate // the workload. message NodePool { + // These upgrade settings control the level of parallelism and the level of + // disruption caused by an upgrade. + // + // maxUnavailable controls the number of nodes that can be simultaneously + // unavailable. + // + // maxSurge controls the number of additional nodes that can be added to the + // node pool temporarily for the time of the upgrade to increase the number of + // available nodes. + // + // (maxUnavailable + maxSurge) determines the level of parallelism (how many + // nodes are being upgraded at the same time). + // + // Note: upgrades inevitably introduce some disruption since workloads need to + // be moved from old nodes to new, upgraded ones. Even if maxUnavailable=0, + // this holds true. (Disruption stays within the limits of + // PodDisruptionBudget, if it is configured.) + // + // Consider a hypothetical node pool with 5 nodes having maxSurge=2, + // maxUnavailable=1. This means the upgrade process upgrades 3 nodes + // simultaneously. It creates 2 additional (upgraded) nodes, then it brings + // down 3 old (not yet upgraded) nodes at the same time. This ensures that + // there are always at least 4 nodes available. + message UpgradeSettings { + // The maximum number of nodes that can be created beyond the current size + // of the node pool during the upgrade process. + int32 max_surge = 1; + + // The maximum number of nodes that can be simultaneously unavailable during + // the upgrade process. A node is considered available if its status is + // Ready. + int32 max_unavailable = 2; + } + // The current status of the node pool instance. enum Status { // Not set. @@ -2381,6 +2851,18 @@ message NodePool { // firewall and routes quota. int32 initial_node_count = 3; + // The list of Google Compute Engine + // [zones](https://cloud.google.com/compute/docs/zones#available) in which the + // NodePool's nodes should be located. + // + // If this value is unspecified during node pool creation, the + // [Cluster.Locations](https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1/projects.locations.clusters#Cluster.FIELDS.locations) + // value will be used, instead. + // + // Warning: changing node pool locations will result in nodes being added + // and/or removed. + repeated string locations = 13; + // [Output only] Server-defined URL for the resource. string self_link = 100; @@ -2395,7 +2877,8 @@ message NodePool { // [Output only] The status of the nodes in this pool instance. Status status = 103; - // [Output only] Additional information about the current status of this + // [Output only] Deprecated. Use conditions instead. + // Additional information about the current status of this // node pool instance, if available. string status_message = 104 [deprecated = true]; @@ -2415,6 +2898,9 @@ message NodePool { // [Output only] The pod CIDR block size per node in this node pool. int32 pod_ipv4_cidr_size = 7; + + // Upgrade settings control disruption and speed of the upgrade. + UpgradeSettings upgrade_settings = 107; } // NodeManagement defines the set of node management services turned on for the @@ -2451,7 +2937,7 @@ message MaintenancePolicy { // A hash identifying the version of this policy, so that updates to fields of // the policy won't accidentally undo intermediate changes (and so that users // of the API unaware of some fields won't accidentally remove other fields). - // Make a get() request to the cluster to get the current + // Make a `get()` request to the cluster to get the current // resource version and include it with requests to set the policy. string resource_version = 3; } @@ -2495,25 +2981,30 @@ message RecurringTimeWindow { // end time. // // For example, to have something repeat every weekday, you'd use: - // FREQ=WEEKLY;BYDAY=MO,TU,WE,TH,FR + // `FREQ=WEEKLY;BYDAY=MO,TU,WE,TH,FR` + // // To repeat some window daily (equivalent to the DailyMaintenanceWindow): - // FREQ=DAILY + // `FREQ=DAILY` + // // For the first weekend of every month: - // FREQ=MONTHLY;BYSETPOS=1;BYDAY=SA,SU + // `FREQ=MONTHLY;BYSETPOS=1;BYDAY=SA,SU` + // // This specifies how frequently the window starts. Eg, if you wanted to have // a 9-5 UTC-4 window every weekday, you'd use something like: - // - // start time = 2019-01-01T09:00:00-0400 - // end time = 2019-01-01T17:00:00-0400 - // recurrence = FREQ=WEEKLY;BYDAY=MO,TU,WE,TH,FR - // + // ``` + // start time = 2019-01-01T09:00:00-0400 + // end time = 2019-01-01T17:00:00-0400 + // recurrence = FREQ=WEEKLY;BYDAY=MO,TU,WE,TH,FR + // ``` + // // Windows can span multiple days. Eg, to make the window encompass every // weekend from midnight Saturday till the last minute of Sunday UTC: - // - // start time = 2019-01-05T00:00:00Z - // end time = 2019-01-07T23:59:00Z - // recurrence = FREQ=WEEKLY;BYDAY=SA - // + // ``` + // start time = 2019-01-05T00:00:00Z + // end time = 2019-01-07T23:59:00Z + // recurrence = FREQ=WEEKLY;BYDAY=SA + // ``` + // // Note the start and end time's specific dates are largely arbitrary except // to specify duration of the window and when it first starts. // The FREQ values of HOURLY, MINUTELY, and SECONDLY are not supported. @@ -2543,9 +3034,9 @@ message SetNodePoolManagementRequest { ]; // Required. Deprecated. The name of the Google Compute Engine - // [zone](https://cloud.google.com/compute/docs/zones#available) in which the cluster - // resides. - // This field has been deprecated and replaced by the name field. + // [zone](https://cloud.google.com/compute/docs/zones#available) in which the + // cluster resides. This field has been deprecated and replaced by the name + // field. string zone = 2 [ deprecated = true, (google.api.field_behavior) = REQUIRED @@ -2586,9 +3077,9 @@ message SetNodePoolSizeRequest { ]; // Required. Deprecated. The name of the Google Compute Engine - // [zone](https://cloud.google.com/compute/docs/zones#available) in which the cluster - // resides. - // This field has been deprecated and replaced by the name field. + // [zone](https://cloud.google.com/compute/docs/zones#available) in which the + // cluster resides. This field has been deprecated and replaced by the name + // field. string zone = 2 [ deprecated = true, (google.api.field_behavior) = REQUIRED @@ -2630,9 +3121,9 @@ message RollbackNodePoolUpgradeRequest { ]; // Required. Deprecated. The name of the Google Compute Engine - // [zone](https://cloud.google.com/compute/docs/zones#available) in which the cluster - // resides. - // This field has been deprecated and replaced by the name field. + // [zone](https://cloud.google.com/compute/docs/zones#available) in which the + // cluster resides. This field has been deprecated and replaced by the name + // field. string zone = 2 [ deprecated = true, (google.api.field_behavior) = REQUIRED @@ -2669,6 +3160,18 @@ message ListNodePoolsResponse { // the size of the cluster and create/delete // node pools based on the current needs. message ClusterAutoscaling { + // Defines possible options for autoscaling_profile field. + enum AutoscalingProfile { + // No change to autoscaling configuration. + PROFILE_UNSPECIFIED = 0; + + // Prioritize optimizing utilization of resources. + OPTIMIZE_UTILIZATION = 1; + + // Use default (balanced) autoscaling configuration. + BALANCED = 2; + } + // Enables automatic node pool creation and deletion. bool enable_node_autoprovisioning = 1; @@ -2676,25 +3179,84 @@ message ClusterAutoscaling { // amount of resources in the cluster. repeated ResourceLimit resource_limits = 2; + // Defines autoscaling behaviour. + AutoscalingProfile autoscaling_profile = 3; + // AutoprovisioningNodePoolDefaults contains defaults for a node pool // created by NAP. AutoprovisioningNodePoolDefaults autoprovisioning_node_pool_defaults = 4; - // The list of Google Compute Engine [zones](https://cloud.google.com/compute/docs/zones#available) - // in which the NodePool's nodes can be created by NAP. + // The list of Google Compute Engine + // [zones](https://cloud.google.com/compute/docs/zones#available) in which the + // NodePool's nodes can be created by NAP. repeated string autoprovisioning_locations = 5; } // AutoprovisioningNodePoolDefaults contains defaults for a node pool created // by NAP. message AutoprovisioningNodePoolDefaults { - // Scopes that are used by NAP when creating node pools. If oauth_scopes are - // specified, service_account should be empty. + // The set of Google API scopes to be made available on all of the + // node VMs under the "default" service account. + // + // The following scopes are recommended, but not required, and by default are + // not included: + // + // * `https://www.googleapis.com/auth/compute` is required for mounting + // persistent storage on your nodes. + // * `https://www.googleapis.com/auth/devstorage.read_only` is required for + // communicating with **gcr.io** + // (the [Google Container + // Registry](https://cloud.google.com/container-registry/)). + // + // If unspecified, no scopes are added, unless Cloud Logging or Cloud + // Monitoring are enabled, in which case their required scopes will be added. repeated string oauth_scopes = 1; - // The Google Cloud Platform Service Account to be used by the node VMs. If - // service_account is specified, scopes should be empty. + // The Google Cloud Platform Service Account to be used by the node VMs. + // Specify the email address of the Service Account; otherwise, if no Service + // Account is specified, the "default" service account is used. string service_account = 2; + + // Upgrade settings control disruption and speed of the upgrade. + NodePool.UpgradeSettings upgrade_settings = 3; + + // NodeManagement configuration for this NodePool. + NodeManagement management = 4; + + // Minimum CPU platform to be used by this instance. The instance may be + // scheduled on the specified or newer CPU platform. Applicable values are the + // friendly names of CPU platforms, such as + // `minCpuPlatform: "Intel Haswell"` or + // `minCpuPlatform: "Intel Sandy Bridge"`. For more + // information, read [how to specify min CPU + // platform](https://cloud.google.com/compute/docs/instances/specify-min-cpu-platform) + // To unset the min cpu platform field pass "automatic" + // as field value. + string min_cpu_platform = 5; + + // Size of the disk attached to each node, specified in GB. + // The smallest allowed disk size is 10GB. + // + // If unspecified, the default disk size is 100GB. + int32 disk_size_gb = 6; + + // Type of the disk attached to each node (e.g. 'pd-standard', 'pd-ssd' or + // 'pd-balanced') + // + // If unspecified, the default disk type is 'pd-standard' + string disk_type = 7; + + // Shielded Instance options. + ShieldedInstanceConfig shielded_instance_config = 8; + + // + // The Customer Managed Encryption Key used to encrypt the boot disk attached + // to each node in the node pool. This should be of the form + // projects/[KEY_PROJECT_ID]/locations/[LOCATION]/keyRings/[RING_NAME]/cryptoKeys/[KEY_NAME]. + // For more information about protecting resources with Cloud KMS Keys please + // see: + // https://cloud.google.com/compute/docs/disks/customer-managed-encryption + string boot_disk_kms_key = 9; } // Contains information about amount of some resource in the cluster. @@ -2741,9 +3303,9 @@ message SetLabelsRequest { ]; // Required. Deprecated. The name of the Google Compute Engine - // [zone](https://cloud.google.com/compute/docs/zones#available) in which the cluster - // resides. - // This field has been deprecated and replaced by the name field. + // [zone](https://cloud.google.com/compute/docs/zones#available) in which the + // cluster resides. This field has been deprecated and replaced by the name + // field. string zone = 2 [ deprecated = true, (google.api.field_behavior) = REQUIRED @@ -2763,7 +3325,7 @@ message SetLabelsRequest { // used to detect conflicts. The fingerprint is initially generated by // Kubernetes Engine and changes after every request to modify or update // labels. You must always provide an up-to-date fingerprint hash when - // updating or changing labels. Make a get() request to the + // updating or changing labels. Make a `get()` request to the // resource to get the latest fingerprint. string label_fingerprint = 5 [(google.api.field_behavior) = REQUIRED]; @@ -2784,9 +3346,9 @@ message SetLegacyAbacRequest { ]; // Required. Deprecated. The name of the Google Compute Engine - // [zone](https://cloud.google.com/compute/docs/zones#available) in which the cluster - // resides. - // This field has been deprecated and replaced by the name field. + // [zone](https://cloud.google.com/compute/docs/zones#available) in which the + // cluster resides. This field has been deprecated and replaced by the name + // field. string zone = 2 [ deprecated = true, (google.api.field_behavior) = REQUIRED @@ -2819,9 +3381,9 @@ message StartIPRotationRequest { ]; // Required. Deprecated. The name of the Google Compute Engine - // [zone](https://cloud.google.com/compute/docs/zones#available) in which the cluster - // resides. - // This field has been deprecated and replaced by the name field. + // [zone](https://cloud.google.com/compute/docs/zones#available) in which the + // cluster resides. This field has been deprecated and replaced by the name + // field. string zone = 2 [ deprecated = true, (google.api.field_behavior) = REQUIRED @@ -2853,9 +3415,9 @@ message CompleteIPRotationRequest { ]; // Required. Deprecated. The name of the Google Compute Engine - // [zone](https://cloud.google.com/compute/docs/zones#available) in which the cluster - // resides. - // This field has been deprecated and replaced by the name field. + // [zone](https://cloud.google.com/compute/docs/zones#available) in which the + // cluster resides. This field has been deprecated and replaced by the name + // field. string zone = 2 [ deprecated = true, (google.api.field_behavior) = REQUIRED @@ -2904,11 +3466,39 @@ message WorkloadMetadataConfig { // Expose all VM metadata to pods. EXPOSE = 2; + + // Run the GKE Metadata Server on this node. The GKE Metadata Server exposes + // a metadata API to workloads that is compatible with the V1 Compute + // Metadata APIs exposed by the Compute Engine and App Engine Metadata + // Servers. This feature can only be enabled if Workload Identity is enabled + // at the cluster level. + GKE_METADATA_SERVER = 3; + } + + // Mode is the configuration for how to expose metadata to workloads running + // on the node. + enum Mode { + // Not set. + MODE_UNSPECIFIED = 0; + + // Expose all Compute Engine metadata to pods. + GCE_METADATA = 1; + + // Run the GKE Metadata Server on this node. The GKE Metadata Server exposes + // a metadata API to workloads that is compatible with the V1 Compute + // Metadata APIs exposed by the Compute Engine and App Engine Metadata + // Servers. This feature can only be enabled if Workload Identity is enabled + // at the cluster level. + GKE_METADATA = 2; } // NodeMetadata is the configuration for how to expose metadata to the // workloads running on the node. - NodeMetadata node_metadata = 1; + NodeMetadata node_metadata = 1 [deprecated = true]; + + // Mode is the configuration for how to expose metadata to workloads running + // on the node pool. + Mode mode = 2; } // SetNetworkPolicyRequest enables/disables network policy for a cluster. @@ -2922,9 +3512,9 @@ message SetNetworkPolicyRequest { ]; // Required. Deprecated. The name of the Google Compute Engine - // [zone](https://cloud.google.com/compute/docs/zones#available) in which the cluster - // resides. - // This field has been deprecated and replaced by the name field. + // [zone](https://cloud.google.com/compute/docs/zones#available) in which the + // cluster resides. This field has been deprecated and replaced by the name + // field. string zone = 2 [ deprecated = true, (google.api.field_behavior) = REQUIRED @@ -2952,8 +3542,8 @@ message SetMaintenancePolicyRequest { string project_id = 1 [(google.api.field_behavior) = REQUIRED]; // Required. The name of the Google Compute Engine - // [zone](https://cloud.google.com/compute/docs/zones#available) in which the cluster - // resides. + // [zone](https://cloud.google.com/compute/docs/zones#available) in which the + // cluster resides. string zone = 2 [(google.api.field_behavior) = REQUIRED]; // Required. The name of the cluster to update. @@ -3024,7 +3614,8 @@ message StatusCondition { // UNKNOWN indicates a generic condition. UNKNOWN = 0; - // GCE_STOCKOUT indicates a Google Compute Engine stockout. + // GCE_STOCKOUT indicates that Google Compute Engine resources are + // temporarily unavailable. GCE_STOCKOUT = 1; // GKE_SERVICE_ACCOUNT_DELETED indicates that the user deleted their robot @@ -3044,28 +3635,43 @@ message StatusCondition { } // Machine-friendly representation of the condition - Code code = 1; + // Deprecated. Use canonical_code instead. + Code code = 1 [deprecated = true]; // Human-friendly representation of the condition string message = 2; + + // Canonical code of the condition. + google.rpc.Code canonical_code = 3; } // NetworkConfig reports the relative names of network & subnetwork. message NetworkConfig { // Output only. The relative name of the Google Compute Engine - // [network][google.container.v1beta1.NetworkConfig.network](https://cloud.google.com/compute/docs/networks-and-firewalls#networks) to which - // the cluster is connected. - // Example: projects/my-project/global/networks/my-network + // [network][google.container.v1beta1.NetworkConfig.network](https://cloud.google.com/compute/docs/networks-and-firewalls#networks) + // to which the cluster is connected. Example: + // projects/my-project/global/networks/my-network string network = 1; // Output only. The relative name of the Google Compute Engine - // [subnetwork](https://cloud.google.com/compute/docs/vpc) to which the cluster is connected. - // Example: projects/my-project/regions/us-central1/subnetworks/my-subnet + // [subnetwork](https://cloud.google.com/compute/docs/vpc) to which the + // cluster is connected. Example: + // projects/my-project/regions/us-central1/subnetworks/my-subnet string subnetwork = 2; // Whether Intra-node visibility is enabled for this cluster. // This makes same node pod to pod traffic visible for VPC network. bool enable_intra_node_visibility = 5; + + // Whether the cluster disables default in-node sNAT rules. In-node sNAT rules + // will be disabled when default_snat_status is disabled. When disabled is set + // to false, default IP masquerade rules will be applied to the nodes to + // prevent sNAT on cluster internal traffic. + DefaultSnatStatus default_snat_status = 7; + + // The desired datapath provider for this cluster. By default, uses the + // IPTables-based kube-proxy implementation. + DatapathProvider datapath_provider = 11; } // ListUsableSubnetworksRequest requests the list of usable subnetworks. @@ -3172,6 +3778,13 @@ message VerticalPodAutoscaling { bool enabled = 1; } +// DefaultSnatStatus contains the desired state of whether default sNAT should +// be disabled on the cluster. +message DefaultSnatStatus { + // Disables cluster default sNAT rules. + bool disabled = 1; +} + // IntraNodeVisibilityConfig contains the desired config of the intra-node // visibility on this cluster. message IntraNodeVisibilityConfig { @@ -3185,6 +3798,19 @@ message MaxPodsConstraint { int64 max_pods_per_node = 1; } +// Configuration for the use of Kubernetes Service Accounts in GCP IAM +// policies. +message WorkloadIdentityConfig { + // IAM Identity Namespace to attach all Kubernetes Service Accounts to. + string identity_namespace = 1 [deprecated = true]; + + // The workload pool to attach all Kubernetes service accounts to. + string workload_pool = 2; + + // identity provider is the third party identity provider. + string identity_provider = 3; +} + // Configuration of etcd encryption. message DatabaseEncryption { // State of etcd encryption. @@ -3196,7 +3822,7 @@ message DatabaseEncryption { ENCRYPTED = 1; // Secrets in etcd are stored in plain text (at etcd level) - this is - // unrelated to Google Compute Engine level full disk encryption. + // unrelated to Compute Engine level full disk encryption. DECRYPTED = 2; } @@ -3234,3 +3860,218 @@ message ResourceUsageExportConfig { // Configuration to enable resource consumption metering. ConsumptionMeteringConfig consumption_metering_config = 3; } + +// Configuration of Shielded Nodes feature. +message ShieldedNodes { + // Whether Shielded Nodes features are enabled on all nodes in this cluster. + bool enabled = 1; +} + +// GetOpenIDConfigRequest gets the OIDC discovery document for the +// cluster. See the OpenID Connect Discovery 1.0 specification for details. +message GetOpenIDConfigRequest { + // The cluster (project, location, cluster id) to get the discovery document + // for. Specified in the format `projects/*/locations/*/clusters/*`. + string parent = 1; +} + +// GetOpenIDConfigResponse is an OIDC discovery document for the cluster. +// See the OpenID Connect Discovery 1.0 specification for details. +message GetOpenIDConfigResponse { + // OIDC Issuer. + string issuer = 1; + + // JSON Web Key uri. + string jwks_uri = 2; + + // Supported response types. + repeated string response_types_supported = 3; + + // Supported subject types. + repeated string subject_types_supported = 4; + + // supported ID Token signing Algorithms. + repeated string id_token_signing_alg_values_supported = 5; + + // Supported claims. + repeated string claims_supported = 6; + + // Supported grant types. + repeated string grant_types = 7; +} + +// GetJSONWebKeysRequest gets the public component of the keys used by the +// cluster to sign token requests. This will be the jwks_uri for the discover +// document returned by getOpenIDConfig. See the OpenID Connect +// Discovery 1.0 specification for details. +message GetJSONWebKeysRequest { + // The cluster (project, location, cluster id) to get keys for. Specified in + // the format `projects/*/locations/*/clusters/*`. + string parent = 1; +} + +// Jwk is a JSON Web Key as specified in RFC 7517 +message Jwk { + // Key Type. + string kty = 1; + + // Algorithm. + string alg = 2; + + // Permitted uses for the public keys. + string use = 3; + + // Key ID. + string kid = 4; + + // Used for RSA keys. + string n = 5; + + // Used for RSA keys. + string e = 6; + + // Used for ECDSA keys. + string x = 7; + + // Used for ECDSA keys. + string y = 8; + + // Used for ECDSA keys. + string crv = 9; +} + +// GetJSONWebKeysResponse is a valid JSON Web Key Set as specififed in rfc 7517 +message GetJSONWebKeysResponse { + // The public component of the keys used by the cluster to sign token + // requests. + repeated Jwk keys = 1; +} + +// ReleaseChannel indicates which release channel a cluster is +// subscribed to. Release channels are arranged in order of risk. +// +// When a cluster is subscribed to a release channel, Google maintains +// both the master version and the node version. Node auto-upgrade +// defaults to true and cannot be disabled. +message ReleaseChannel { + // Possible values for 'channel'. + enum Channel { + // No channel specified. + UNSPECIFIED = 0; + + // RAPID channel is offered on an early access basis for customers who want + // to test new releases. + // + // WARNING: Versions available in the RAPID Channel may be subject to + // unresolved issues with no known workaround and are not subject to any + // SLAs. + RAPID = 1; + + // Clusters subscribed to REGULAR receive versions that are considered GA + // quality. REGULAR is intended for production users who want to take + // advantage of new features. + REGULAR = 2; + + // Clusters subscribed to STABLE receive versions that are known to be + // stable and reliable in production. + STABLE = 3; + } + + // channel specifies which release channel the cluster is subscribed to. + Channel channel = 1; +} + +// Configuration for Cloud TPU. +message TpuConfig { + // Whether Cloud TPU integration is enabled or not. + bool enabled = 1; + + // Whether to use service networking for Cloud TPU or not. + bool use_service_networking = 2; + + // IPv4 CIDR block reserved for Cloud TPU in the VPC. + string ipv4_cidr_block = 3; +} + +// Master is the configuration for components on master. +message Master { + +} + +// NotificationConfig is the configuration of notifications. +message NotificationConfig { + // Pub/Sub specific notification config. + message PubSub { + // Enable notifications for Pub/Sub. + bool enabled = 1; + + // The desired Pub/Sub topic to which notifications will be + // sent by GKE. Format is `projects/{project}/topics/{topic}`. + string topic = 2 [(google.api.resource_reference) = { + type: "pubsub.googleapis.com/Topic" + }]; + } + + // Notification config for Pub/Sub. + PubSub pubsub = 1; +} + +// ConfidentialNodes is configuration for the confidential nodes feature, which +// makes nodes run on confidential VMs. +message ConfidentialNodes { + // Whether Confidential Nodes feature is enabled for all nodes in this + // cluster. + bool enabled = 1; +} + +// UpgradeEvent is a notification sent to customers by the cluster server when +// a resource is upgrading. +message UpgradeEvent { + // Required. The resource type that is upgrading. + UpgradeResourceType resource_type = 1 [(google.api.field_behavior) = REQUIRED]; + + // Required. The operation associated with this upgrade. + string operation = 2 [(google.api.field_behavior) = REQUIRED]; + + // Required. The time when the operation was started. + google.protobuf.Timestamp operation_start_time = 3 [(google.api.field_behavior) = REQUIRED]; + + // Required. The current version before the upgrade. + string current_version = 4 [(google.api.field_behavior) = REQUIRED]; + + // Required. The target version for the upgrade. + string target_version = 5 [(google.api.field_behavior) = REQUIRED]; + + // Optional. Optional relative path to the resource. For example in node pool upgrades, + // the relative path of the node pool. + string resource = 6 [(google.api.field_behavior) = OPTIONAL]; +} + +// The datapath provider selects the implementation of the Kubernetes networking +// // model for service resolution and network policy enforcement. +enum DatapathProvider { + // Default value. + DATAPATH_PROVIDER_UNSPECIFIED = 0; + + // Use the IPTables implementation based on kube-proxy. + LEGACY_DATAPATH = 1; + + // Use the eBPF based GKE Dataplane V2 with additional features. See the [GKE + // Dataplane V2 + // documentation](https://cloud.google.com/kubernetes-enginw/docs/how-to/dataplane-v2) + // for more. + ADVANCED_DATAPATH = 2; +} + +// UpgradeResourceType is the resource type that is upgrading. It is used +// in upgrade notifications. +enum UpgradeResourceType { + // Default value. This shouldn't be used. + UPGRADE_RESOURCE_TYPE_UNSPECIFIED = 0; + + // Master / control plane + MASTER = 1; + + // Node pool + NODE_POOL = 2; +} diff --git a/google/cloud/container_v1beta1/services/cluster_manager/async_client.py b/google/cloud/container_v1beta1/services/cluster_manager/async_client.py index 64984693..36da61fb 100644 --- a/google/cloud/container_v1beta1/services/cluster_manager/async_client.py +++ b/google/cloud/container_v1beta1/services/cluster_manager/async_client.py @@ -30,6 +30,7 @@ from google.cloud.container_v1beta1.services.cluster_manager import pagers from google.cloud.container_v1beta1.types import cluster_service +from google.rpc import status_pb2 as status # type: ignore from .transports.base import ClusterManagerTransport, DEFAULT_CLIENT_INFO from .transports.grpc_asyncio import ClusterManagerGrpcAsyncIOTransport @@ -44,6 +45,9 @@ class ClusterManagerAsyncClient: DEFAULT_ENDPOINT = ClusterManagerClient.DEFAULT_ENDPOINT DEFAULT_MTLS_ENDPOINT = ClusterManagerClient.DEFAULT_MTLS_ENDPOINT + topic_path = staticmethod(ClusterManagerClient.topic_path) + parse_topic_path = staticmethod(ClusterManagerClient.parse_topic_path) + common_billing_account_path = staticmethod( ClusterManagerClient.common_billing_account_path ) @@ -386,7 +390,7 @@ async def create_cluster( should not be set. cluster (:class:`~.cluster_service.Cluster`): Required. A `cluster - resource `__ + resource `__ This corresponds to the ``cluster`` field on the ``request`` instance; if ``request`` is provided, this should not be set. @@ -710,11 +714,19 @@ async def set_logging_service( should not be set. logging_service (:class:`str`): Required. The logging service the cluster should use to - write metrics. Currently available options: - - - "logging.googleapis.com" - the Google Cloud Logging - service - - "none" - no metrics will be exported from the cluster + write logs. Currently available options: + + - ``logging.googleapis.com/kubernetes`` - The Cloud + Logging service with a Kubernetes-native resource + model + - ``logging.googleapis.com`` - The legacy Cloud Logging + service (no longer available as of GKE 1.15). + - ``none`` - no logs will be exported from the cluster. + + If left as an empty + string,\ ``logging.googleapis.com/kubernetes`` will be + used for GKE 1.14+ or ``logging.googleapis.com`` for + earlier versions. This corresponds to the ``logging_service`` field on the ``request`` instance; if ``request`` is provided, this should not be set. @@ -825,9 +837,19 @@ async def set_monitoring_service( Required. The monitoring service the cluster should use to write metrics. Currently available options: - - "monitoring.googleapis.com" - the Google Cloud - Monitoring service - - "none" - no metrics will be exported from the cluster + - "monitoring.googleapis.com/kubernetes" - The Cloud + Monitoring service with a Kubernetes-native resource + model + - ``monitoring.googleapis.com`` - The legacy Cloud + Monitoring service (no longer available as of GKE + 1.15). + - ``none`` - No metrics will be exported from the + cluster. + + If left as an empty + string,\ ``monitoring.googleapis.com/kubernetes`` will + be used for GKE 1.14+ or ``monitoring.googleapis.com`` + for earlier versions. This corresponds to the ``monitoring_service`` field on the ``request`` instance; if ``request`` is provided, this should not be set. @@ -1012,7 +1034,9 @@ async def set_locations( timeout: float = None, metadata: Sequence[Tuple[str, str]] = (), ) -> cluster_service.Operation: - r"""Sets the locations for a specific cluster. + r"""Sets the locations for a specific cluster. Deprecated. Use + `projects.locations.clusters.update `__ + instead. Args: request (:class:`~.cluster_service.SetLocationsRequest`): @@ -1906,6 +1930,64 @@ async def list_node_pools( # Done; return the response. return response + async def get_json_web_keys( + self, + request: cluster_service.GetJSONWebKeysRequest = None, + *, + retry: retries.Retry = gapic_v1.method.DEFAULT, + timeout: float = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> cluster_service.GetJSONWebKeysResponse: + r"""Gets the public component of the cluster signing keys + in JSON Web Key format. + This API is not yet intended for general use, and is not + available for all clusters. + + Args: + request (:class:`~.cluster_service.GetJSONWebKeysRequest`): + The request object. GetJSONWebKeysRequest gets the + public component of the keys used by the cluster to sign + token requests. This will be the jwks_uri for the + discover document returned by getOpenIDConfig. See the + OpenID Connect Discovery 1.0 specification for details. + + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + ~.cluster_service.GetJSONWebKeysResponse: + GetJSONWebKeysResponse is a valid + JSON Web Key Set as specififed in rfc + 7517 + + """ + # Create or coerce a protobuf request object. + + request = cluster_service.GetJSONWebKeysRequest(request) + + # Wrap the RPC method; this adds retry and timeout information, + # and friendly error handling. + rpc = gapic_v1.method_async.wrap_method( + self._client._transport.get_json_web_keys, + default_timeout=None, + client_info=DEFAULT_CLIENT_INFO, + ) + + # Certain fields should be provided within the metadata header; + # add these here. + metadata = tuple(metadata) + ( + gapic_v1.routing_header.to_grpc_metadata((("parent", request.parent),)), + ) + + # Send the request. + response = await rpc(request, retry=retry, timeout=timeout, metadata=metadata,) + + # Done; return the response. + return response + async def get_node_pool( self, request: cluster_service.GetNodePoolRequest = None, @@ -2547,17 +2629,14 @@ async def set_labels( on the ``request`` instance; if ``request`` is provided, this should not be set. label_fingerprint (:class:`str`): - Required. The fingerprint of the - previous set of labels for this - resource, used to detect conflicts. The - fingerprint is initially generated by - Kubernetes Engine and changes after - every request to modify or update - labels. You must always provide an up- - to-date fingerprint hash when updating - or changing labels. Make a - get() request to the - resource to get the latest fingerprint. + Required. The fingerprint of the previous set of labels + for this resource, used to detect conflicts. The + fingerprint is initially generated by Kubernetes Engine + and changes after every request to modify or update + labels. You must always provide an up-to-date + fingerprint hash when updating or changing labels. Make + a ``get()`` request to the resource to get the latest + fingerprint. This corresponds to the ``label_fingerprint`` field on the ``request`` instance; if ``request`` is provided, this should not be set. diff --git a/google/cloud/container_v1beta1/services/cluster_manager/client.py b/google/cloud/container_v1beta1/services/cluster_manager/client.py index 31d42dea..af40fcf9 100644 --- a/google/cloud/container_v1beta1/services/cluster_manager/client.py +++ b/google/cloud/container_v1beta1/services/cluster_manager/client.py @@ -34,6 +34,7 @@ from google.cloud.container_v1beta1.services.cluster_manager import pagers from google.cloud.container_v1beta1.types import cluster_service +from google.rpc import status_pb2 as status # type: ignore from .transports.base import ClusterManagerTransport, DEFAULT_CLIENT_INFO from .transports.grpc import ClusterManagerGrpcTransport @@ -139,6 +140,17 @@ def transport(self) -> ClusterManagerTransport: """ return self._transport + @staticmethod + def topic_path(project: str, topic: str,) -> str: + """Return a fully-qualified topic string.""" + return "projects/{project}/topics/{topic}".format(project=project, topic=topic,) + + @staticmethod + def parse_topic_path(path: str) -> Dict[str, str]: + """Parse a topic path into its component segments.""" + m = re.match(r"^projects/(?P.+?)/topics/(?P.+?)$", path) + return m.groupdict() if m else {} + @staticmethod def common_billing_account_path(billing_account: str,) -> str: """Return a fully-qualified billing_account string.""" @@ -550,7 +562,7 @@ def create_cluster( should not be set. cluster (:class:`~.cluster_service.Cluster`): Required. A `cluster - resource `__ + resource `__ This corresponds to the ``cluster`` field on the ``request`` instance; if ``request`` is provided, this should not be set. @@ -880,11 +892,19 @@ def set_logging_service( should not be set. logging_service (:class:`str`): Required. The logging service the cluster should use to - write metrics. Currently available options: - - - "logging.googleapis.com" - the Google Cloud Logging - service - - "none" - no metrics will be exported from the cluster + write logs. Currently available options: + + - ``logging.googleapis.com/kubernetes`` - The Cloud + Logging service with a Kubernetes-native resource + model + - ``logging.googleapis.com`` - The legacy Cloud Logging + service (no longer available as of GKE 1.15). + - ``none`` - no logs will be exported from the cluster. + + If left as an empty + string,\ ``logging.googleapis.com/kubernetes`` will be + used for GKE 1.14+ or ``logging.googleapis.com`` for + earlier versions. This corresponds to the ``logging_service`` field on the ``request`` instance; if ``request`` is provided, this should not be set. @@ -996,9 +1016,19 @@ def set_monitoring_service( Required. The monitoring service the cluster should use to write metrics. Currently available options: - - "monitoring.googleapis.com" - the Google Cloud - Monitoring service - - "none" - no metrics will be exported from the cluster + - "monitoring.googleapis.com/kubernetes" - The Cloud + Monitoring service with a Kubernetes-native resource + model + - ``monitoring.googleapis.com`` - The legacy Cloud + Monitoring service (no longer available as of GKE + 1.15). + - ``none`` - No metrics will be exported from the + cluster. + + If left as an empty + string,\ ``monitoring.googleapis.com/kubernetes`` will + be used for GKE 1.14+ or ``monitoring.googleapis.com`` + for earlier versions. This corresponds to the ``monitoring_service`` field on the ``request`` instance; if ``request`` is provided, this should not be set. @@ -1185,7 +1215,9 @@ def set_locations( timeout: float = None, metadata: Sequence[Tuple[str, str]] = (), ) -> cluster_service.Operation: - r"""Sets the locations for a specific cluster. + r"""Sets the locations for a specific cluster. Deprecated. Use + `projects.locations.clusters.update `__ + instead. Args: request (:class:`~.cluster_service.SetLocationsRequest`): @@ -2048,6 +2080,65 @@ def list_node_pools( # Done; return the response. return response + def get_json_web_keys( + self, + request: cluster_service.GetJSONWebKeysRequest = None, + *, + retry: retries.Retry = gapic_v1.method.DEFAULT, + timeout: float = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> cluster_service.GetJSONWebKeysResponse: + r"""Gets the public component of the cluster signing keys + in JSON Web Key format. + This API is not yet intended for general use, and is not + available for all clusters. + + Args: + request (:class:`~.cluster_service.GetJSONWebKeysRequest`): + The request object. GetJSONWebKeysRequest gets the + public component of the keys used by the cluster to sign + token requests. This will be the jwks_uri for the + discover document returned by getOpenIDConfig. See the + OpenID Connect Discovery 1.0 specification for details. + + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + ~.cluster_service.GetJSONWebKeysResponse: + GetJSONWebKeysResponse is a valid + JSON Web Key Set as specififed in rfc + 7517 + + """ + # Create or coerce a protobuf request object. + + # Minor optimization to avoid making a copy if the user passes + # in a cluster_service.GetJSONWebKeysRequest. + # There's no risk of modifying the input as we've already verified + # there are no flattened fields. + if not isinstance(request, cluster_service.GetJSONWebKeysRequest): + request = cluster_service.GetJSONWebKeysRequest(request) + + # Wrap the RPC method; this adds retry and timeout information, + # and friendly error handling. + rpc = self._transport._wrapped_methods[self._transport.get_json_web_keys] + + # Certain fields should be provided within the metadata header; + # add these here. + metadata = tuple(metadata) + ( + gapic_v1.routing_header.to_grpc_metadata((("parent", request.parent),)), + ) + + # Send the request. + response = rpc(request, retry=retry, timeout=timeout, metadata=metadata,) + + # Done; return the response. + return response + def get_node_pool( self, request: cluster_service.GetNodePoolRequest = None, @@ -2680,17 +2771,14 @@ def set_labels( on the ``request`` instance; if ``request`` is provided, this should not be set. label_fingerprint (:class:`str`): - Required. The fingerprint of the - previous set of labels for this - resource, used to detect conflicts. The - fingerprint is initially generated by - Kubernetes Engine and changes after - every request to modify or update - labels. You must always provide an up- - to-date fingerprint hash when updating - or changing labels. Make a - get() request to the - resource to get the latest fingerprint. + Required. The fingerprint of the previous set of labels + for this resource, used to detect conflicts. The + fingerprint is initially generated by Kubernetes Engine + and changes after every request to modify or update + labels. You must always provide an up-to-date + fingerprint hash when updating or changing labels. Make + a ``get()`` request to the resource to get the latest + fingerprint. This corresponds to the ``label_fingerprint`` field on the ``request`` instance; if ``request`` is provided, this should not be set. diff --git a/google/cloud/container_v1beta1/services/cluster_manager/transports/base.py b/google/cloud/container_v1beta1/services/cluster_manager/transports/base.py index e021648f..055667ac 100644 --- a/google/cloud/container_v1beta1/services/cluster_manager/transports/base.py +++ b/google/cloud/container_v1beta1/services/cluster_manager/transports/base.py @@ -233,6 +233,9 @@ def _prep_wrapped_messages(self, client_info): default_timeout=20.0, client_info=client_info, ), + self.get_json_web_keys: gapic_v1.method.wrap_method( + self.get_json_web_keys, default_timeout=None, client_info=client_info, + ), self.get_node_pool: gapic_v1.method.wrap_method( self.get_node_pool, default_retry=retries.Retry( @@ -524,6 +527,18 @@ def list_node_pools( ]: raise NotImplementedError() + @property + def get_json_web_keys( + self, + ) -> typing.Callable[ + [cluster_service.GetJSONWebKeysRequest], + typing.Union[ + cluster_service.GetJSONWebKeysResponse, + typing.Awaitable[cluster_service.GetJSONWebKeysResponse], + ], + ]: + raise NotImplementedError() + @property def get_node_pool( self, diff --git a/google/cloud/container_v1beta1/services/cluster_manager/transports/grpc.py b/google/cloud/container_v1beta1/services/cluster_manager/transports/grpc.py index 9642b7b7..3ebce39c 100644 --- a/google/cloud/container_v1beta1/services/cluster_manager/transports/grpc.py +++ b/google/cloud/container_v1beta1/services/cluster_manager/transports/grpc.py @@ -493,7 +493,9 @@ def set_locations( ) -> Callable[[cluster_service.SetLocationsRequest], cluster_service.Operation]: r"""Return a callable for the set locations method over gRPC. - Sets the locations for a specific cluster. + Sets the locations for a specific cluster. Deprecated. Use + `projects.locations.clusters.update `__ + instead. Returns: Callable[[~.SetLocationsRequest], @@ -741,6 +743,37 @@ def list_node_pools( ) return self._stubs["list_node_pools"] + @property + def get_json_web_keys( + self, + ) -> Callable[ + [cluster_service.GetJSONWebKeysRequest], cluster_service.GetJSONWebKeysResponse + ]: + r"""Return a callable for the get json web keys method over gRPC. + + Gets the public component of the cluster signing keys + in JSON Web Key format. + This API is not yet intended for general use, and is not + available for all clusters. + + Returns: + Callable[[~.GetJSONWebKeysRequest], + ~.GetJSONWebKeysResponse]: + A function that, when called, will call the underlying RPC + on the server. + """ + # Generate a "stub function" on-the-fly which will actually make + # the request. + # gRPC handles serialization and deserialization, so we just need + # to pass in the functions for each. + if "get_json_web_keys" not in self._stubs: + self._stubs["get_json_web_keys"] = self.grpc_channel.unary_unary( + "/google.container.v1beta1.ClusterManager/GetJSONWebKeys", + request_serializer=cluster_service.GetJSONWebKeysRequest.serialize, + response_deserializer=cluster_service.GetJSONWebKeysResponse.deserialize, + ) + return self._stubs["get_json_web_keys"] + @property def get_node_pool( self, diff --git a/google/cloud/container_v1beta1/services/cluster_manager/transports/grpc_asyncio.py b/google/cloud/container_v1beta1/services/cluster_manager/transports/grpc_asyncio.py index 309593bb..9a9a39a4 100644 --- a/google/cloud/container_v1beta1/services/cluster_manager/transports/grpc_asyncio.py +++ b/google/cloud/container_v1beta1/services/cluster_manager/transports/grpc_asyncio.py @@ -512,7 +512,9 @@ def set_locations( ]: r"""Return a callable for the set locations method over gRPC. - Sets the locations for a specific cluster. + Sets the locations for a specific cluster. Deprecated. Use + `projects.locations.clusters.update `__ + instead. Returns: Callable[[~.SetLocationsRequest], @@ -771,6 +773,38 @@ def list_node_pools( ) return self._stubs["list_node_pools"] + @property + def get_json_web_keys( + self, + ) -> Callable[ + [cluster_service.GetJSONWebKeysRequest], + Awaitable[cluster_service.GetJSONWebKeysResponse], + ]: + r"""Return a callable for the get json web keys method over gRPC. + + Gets the public component of the cluster signing keys + in JSON Web Key format. + This API is not yet intended for general use, and is not + available for all clusters. + + Returns: + Callable[[~.GetJSONWebKeysRequest], + Awaitable[~.GetJSONWebKeysResponse]]: + A function that, when called, will call the underlying RPC + on the server. + """ + # Generate a "stub function" on-the-fly which will actually make + # the request. + # gRPC handles serialization and deserialization, so we just need + # to pass in the functions for each. + if "get_json_web_keys" not in self._stubs: + self._stubs["get_json_web_keys"] = self.grpc_channel.unary_unary( + "/google.container.v1beta1.ClusterManager/GetJSONWebKeys", + request_serializer=cluster_service.GetJSONWebKeysRequest.serialize, + response_deserializer=cluster_service.GetJSONWebKeysResponse.deserialize, + ) + return self._stubs["get_json_web_keys"] + @property def get_node_pool( self, diff --git a/google/cloud/container_v1beta1/types/__init__.py b/google/cloud/container_v1beta1/types/__init__.py index 05ef29f6..fe493d78 100644 --- a/google/cloud/container_v1beta1/types/__init__.py +++ b/google/cloud/container_v1beta1/types/__init__.py @@ -16,8 +16,13 @@ # from .cluster_service import ( + LinuxNodeConfig, + NodeKubeletConfig, NodeConfig, ShieldedInstanceConfig, + SandboxConfig, + EphemeralStorageConfig, + ReservationAffinity, NodeTaint, MasterAuth, ClientCertificateConfig, @@ -26,6 +31,11 @@ HorizontalPodAutoscaling, KubernetesDashboard, NetworkPolicyConfig, + DnsCacheConfig, + KalmConfig, + ConfigConnectorConfig, + GcePersistentDiskCsiDriverConfig, + PrivateClusterMasterGlobalAccessConfig, PrivateClusterConfig, IstioConfig, CloudRunConfig, @@ -36,6 +46,7 @@ BinaryAuthorization, PodSecurityPolicyConfig, AuthenticatorGroupsConfig, + ClusterTelemetry, Cluster, ClusterUpdate, Operation, @@ -98,16 +109,35 @@ UsableSubnetworkSecondaryRange, UsableSubnetwork, VerticalPodAutoscaling, + DefaultSnatStatus, IntraNodeVisibilityConfig, MaxPodsConstraint, + WorkloadIdentityConfig, DatabaseEncryption, ResourceUsageExportConfig, + ShieldedNodes, + GetOpenIDConfigRequest, + GetOpenIDConfigResponse, + GetJSONWebKeysRequest, + Jwk, + GetJSONWebKeysResponse, + ReleaseChannel, + TpuConfig, + Master, + NotificationConfig, + ConfidentialNodes, + UpgradeEvent, ) __all__ = ( + "LinuxNodeConfig", + "NodeKubeletConfig", "NodeConfig", "ShieldedInstanceConfig", + "SandboxConfig", + "EphemeralStorageConfig", + "ReservationAffinity", "NodeTaint", "MasterAuth", "ClientCertificateConfig", @@ -116,6 +146,11 @@ "HorizontalPodAutoscaling", "KubernetesDashboard", "NetworkPolicyConfig", + "DnsCacheConfig", + "KalmConfig", + "ConfigConnectorConfig", + "GcePersistentDiskCsiDriverConfig", + "PrivateClusterMasterGlobalAccessConfig", "PrivateClusterConfig", "IstioConfig", "CloudRunConfig", @@ -126,6 +161,7 @@ "BinaryAuthorization", "PodSecurityPolicyConfig", "AuthenticatorGroupsConfig", + "ClusterTelemetry", "Cluster", "ClusterUpdate", "Operation", @@ -188,8 +224,22 @@ "UsableSubnetworkSecondaryRange", "UsableSubnetwork", "VerticalPodAutoscaling", + "DefaultSnatStatus", "IntraNodeVisibilityConfig", "MaxPodsConstraint", + "WorkloadIdentityConfig", "DatabaseEncryption", "ResourceUsageExportConfig", + "ShieldedNodes", + "GetOpenIDConfigRequest", + "GetOpenIDConfigResponse", + "GetJSONWebKeysRequest", + "Jwk", + "GetJSONWebKeysResponse", + "ReleaseChannel", + "TpuConfig", + "Master", + "NotificationConfig", + "ConfidentialNodes", + "UpgradeEvent", ) diff --git a/google/cloud/container_v1beta1/types/cluster_service.py b/google/cloud/container_v1beta1/types/cluster_service.py index 8248233b..e3185724 100644 --- a/google/cloud/container_v1beta1/types/cluster_service.py +++ b/google/cloud/container_v1beta1/types/cluster_service.py @@ -19,13 +19,23 @@ from google.protobuf import timestamp_pb2 as timestamp # type: ignore +from google.protobuf import wrappers_pb2 as wrappers # type: ignore +from google.rpc import code_pb2 as gr_code # type: ignore +from google.rpc import status_pb2 as gr_status # type: ignore __protobuf__ = proto.module( package="google.container.v1beta1", manifest={ + "DatapathProvider", + "UpgradeResourceType", + "LinuxNodeConfig", + "NodeKubeletConfig", "NodeConfig", "ShieldedInstanceConfig", + "SandboxConfig", + "EphemeralStorageConfig", + "ReservationAffinity", "NodeTaint", "MasterAuth", "ClientCertificateConfig", @@ -34,6 +44,11 @@ "HorizontalPodAutoscaling", "KubernetesDashboard", "NetworkPolicyConfig", + "DnsCacheConfig", + "KalmConfig", + "ConfigConnectorConfig", + "GcePersistentDiskCsiDriverConfig", + "PrivateClusterMasterGlobalAccessConfig", "PrivateClusterConfig", "IstioConfig", "CloudRunConfig", @@ -44,6 +59,7 @@ "BinaryAuthorization", "PodSecurityPolicyConfig", "AuthenticatorGroupsConfig", + "ClusterTelemetry", "Cluster", "ClusterUpdate", "Operation", @@ -106,25 +122,123 @@ "UsableSubnetworkSecondaryRange", "UsableSubnetwork", "VerticalPodAutoscaling", + "DefaultSnatStatus", "IntraNodeVisibilityConfig", "MaxPodsConstraint", + "WorkloadIdentityConfig", "DatabaseEncryption", "ResourceUsageExportConfig", + "ShieldedNodes", + "GetOpenIDConfigRequest", + "GetOpenIDConfigResponse", + "GetJSONWebKeysRequest", + "Jwk", + "GetJSONWebKeysResponse", + "ReleaseChannel", + "TpuConfig", + "Master", + "NotificationConfig", + "ConfidentialNodes", + "UpgradeEvent", }, ) +class DatapathProvider(proto.Enum): + r"""The datapath provider selects the implementation of the + Kubernetes networking // model for service resolution and + network policy enforcement. + """ + DATAPATH_PROVIDER_UNSPECIFIED = 0 + LEGACY_DATAPATH = 1 + ADVANCED_DATAPATH = 2 + + +class UpgradeResourceType(proto.Enum): + r"""UpgradeResourceType is the resource type that is upgrading. + It is used in upgrade notifications. + """ + UPGRADE_RESOURCE_TYPE_UNSPECIFIED = 0 + MASTER = 1 + NODE_POOL = 2 + + +class LinuxNodeConfig(proto.Message): + r"""Parameters that can be configured on Linux nodes. + + Attributes: + sysctls (Sequence[~.cluster_service.LinuxNodeConfig.SysctlsEntry]): + The Linux kernel parameters to be applied to the nodes and + all pods running on the nodes. + + The following parameters are supported. + + net.core.netdev_max_backlog net.core.rmem_max + net.core.wmem_default net.core.wmem_max net.core.optmem_max + net.core.somaxconn net.ipv4.tcp_rmem net.ipv4.tcp_wmem + net.ipv4.tcp_tw_reuse + """ + + sysctls = proto.MapField(proto.STRING, proto.STRING, number=1) + + +class NodeKubeletConfig(proto.Message): + r"""Node kubelet configs. + + Attributes: + cpu_manager_policy (str): + Control the CPU management policy on the + node. See + https://kubernetes.io/docs/tasks/administer- + cluster/cpu-management-policies/ + The following values are allowed. + - "none": the default, which represents the + existing scheduling behavior. - "static": + allows pods with certain resource + characteristics to be granted + increased CPU affinity and exclusivity on the + node. The default value is 'none' if + unspecified. + cpu_cfs_quota (~.wrappers.BoolValue): + Enable CPU CFS quota enforcement for + containers that specify CPU limits. + This option is enabled by default which makes + kubelet use CFS quota + (https://www.kernel.org/doc/Documentation/scheduler/sched- + bwc.txt) to enforce container CPU limits. + Otherwise, CPU limits will not be enforced at + all. + + Disable this option to mitigate CPU throttling + problems while still having your pods to be in + Guaranteed QoS class by specifying the CPU + limits. + The default value is 'true' if unspecified. + cpu_cfs_quota_period (str): + Set the CPU CFS quota period value 'cpu.cfs_period_us'. + + The string must be a sequence of decimal numbers, each with + optional fraction and a unit suffix, such as "300ms". Valid + time units are "ns", "us" (or "µs"), "ms", "s", "m", "h". + The value must be a positive duration. + """ + + cpu_manager_policy = proto.Field(proto.STRING, number=1) + + cpu_cfs_quota = proto.Field(proto.MESSAGE, number=2, message=wrappers.BoolValue,) + + cpu_cfs_quota_period = proto.Field(proto.STRING, number=3) + + class NodeConfig(proto.Message): r"""Parameters that describe the nodes in a cluster. Attributes: machine_type (str): The name of a Google Compute Engine `machine - type `__ - (e.g. ``n1-standard-1``). + type `__. - If unspecified, the default machine type is - ``n1-standard-1``. + If unspecified, the default machine type is ``e2-medium``. disk_size_gb (int): Size of the disk attached to each node, specified in GB. The smallest allowed disk size @@ -149,29 +263,48 @@ class NodeConfig(proto.Message): scopes will be added. service_account (str): The Google Cloud Platform Service Account to - be used by the node VMs. If no Service Account - is specified, the "default" service account is - used. + be used by the node VMs. Specify the email + address of the Service Account; otherwise, if no + Service Account is specified, the "default" + service account is used. metadata (Sequence[~.cluster_service.NodeConfig.MetadataEntry]): The metadata key/value pairs assigned to instances in the cluster. - Keys must conform to the regexp [a-zA-Z0-9-_]+ and be less - than 128 bytes in length. These are reflected as part of a - URL in the metadata server. Additionally, to avoid + Keys must conform to the regexp ``[a-zA-Z0-9-_]+`` and be + less than 128 bytes in length. These are reflected as part + of a URL in the metadata server. Additionally, to avoid ambiguity, keys must not conflict with any other metadata keys for the project or be one of the reserved keys: - "cluster-location" "cluster-name" "cluster-uid" - "configure-sh" "containerd-configure-sh" "enable-oslogin" - "gci-ensure-gke-docker" "gci-metrics-enabled" - "gci-update-strategy" "instance-template" "kube-env" - "startup-script" "user-data" "disable-address-manager" - "windows-startup-script-ps1" "common-psm1" - "k8s-node-setup-psm1" "install-ssh-psm1" "user-profile-psm1" - "serial-port-logging-enable" Values are free-form strings, - and only have meaning as interpreted by the image running in - the instance. The only restriction placed on them is that - each value's size must be less than or equal to 32 KB. + + - "cluster-location" + - "cluster-name" + - "cluster-uid" + - "configure-sh" + - "containerd-configure-sh" + - "enable-oslogin" + - "gci-ensure-gke-docker" + - "gci-metrics-enabled" + - "gci-update-strategy" + - "instance-template" + - "kube-env" + - "startup-script" + - "user-data" + - "disable-address-manager" + - "windows-startup-script-ps1" + - "common-psm1" + - "k8s-node-setup-psm1" + - "install-ssh-psm1" + - "user-profile-psm1" + + The following keys are reserved for Windows nodes: + + - "serial-port-logging-enable" + + Values are free-form strings, and only have meaning as + interpreted by the image running in the instance. The only + restriction placed on them is that each value's size must be + less than or equal to 32 KB. The total size of all keys and values must be less than 512 KB. @@ -218,21 +351,32 @@ class NodeConfig(proto.Message): attached to each node. See https://cloud.google.com/compute/docs/gpus for more information about support for GPUs. + sandbox_config (~.cluster_service.SandboxConfig): + Sandbox configuration for this node. + node_group (str): + Setting this field will assign instances of this pool to run + on the specified node group. This is useful for running + workloads on `sole tenant + nodes `__. + reservation_affinity (~.cluster_service.ReservationAffinity): + The optional reservation affinity. Setting this field will + apply the specified `Zonal Compute + Reservation `__ + to this node pool. disk_type (str): Type of the disk attached to each node (e.g. - 'pd-standard' or 'pd-ssd') + 'pd-standard', 'pd-ssd' or 'pd-balanced') + If unspecified, the default disk type is 'pd- standard' min_cpu_platform (str): Minimum CPU platform to be used by this instance. The instance may be scheduled on the specified or newer CPU platform. Applicable values are the friendly names of CPU - platforms, such as minCpuPlatform: "Intel Haswell" or - minCpuPlatform: "Intel Sandy Bridge". For more information, - read `how to specify min CPU + platforms, such as ``minCpuPlatform: "Intel Haswell"`` or + ``minCpuPlatform: "Intel Sandy Bridge"``. For more + information, read `how to specify min CPU platform `__ - To unset the min cpu platform field pass "automatic" as - field value. workload_metadata_config (~.cluster_service.WorkloadMetadataConfig): The workload metadata configuration for this node. @@ -243,8 +387,25 @@ class NodeConfig(proto.Message): valid values, see: https://kubernetes.io/docs/concepts/configuration/taint- and-toleration/ + boot_disk_kms_key (str): + The Customer Managed Encryption Key used to encrypt the boot + disk attached to each node in the node pool. This should be + of the form + projects/[KEY_PROJECT_ID]/locations/[LOCATION]/keyRings/[RING_NAME]/cryptoKeys/[KEY_NAME]. + For more information about protecting resources with Cloud + KMS Keys please see: + https://cloud.google.com/compute/docs/disks/customer-managed-encryption shielded_instance_config (~.cluster_service.ShieldedInstanceConfig): Shielded Instance options. + linux_node_config (~.cluster_service.LinuxNodeConfig): + Parameters that can be configured on Linux + nodes. + kubelet_config (~.cluster_service.NodeKubeletConfig): + Node kubelet configs. + ephemeral_storage_config (~.cluster_service.EphemeralStorageConfig): + Parameters for the ephemeral storage + filesystem. If unspecified, ephemeral storage is + backed by the boot disk. """ machine_type = proto.Field(proto.STRING, number=1) @@ -271,6 +432,14 @@ class NodeConfig(proto.Message): proto.MESSAGE, number=11, message="AcceleratorConfig", ) + sandbox_config = proto.Field(proto.MESSAGE, number=17, message="SandboxConfig",) + + node_group = proto.Field(proto.STRING, number=18) + + reservation_affinity = proto.Field( + proto.MESSAGE, number=19, message="ReservationAffinity", + ) + disk_type = proto.Field(proto.STRING, number=12) min_cpu_platform = proto.Field(proto.STRING, number=13) @@ -281,10 +450,22 @@ class NodeConfig(proto.Message): taints = proto.RepeatedField(proto.MESSAGE, number=15, message="NodeTaint",) + boot_disk_kms_key = proto.Field(proto.STRING, number=23) + shielded_instance_config = proto.Field( proto.MESSAGE, number=20, message="ShieldedInstanceConfig", ) + linux_node_config = proto.Field( + proto.MESSAGE, number=21, message="LinuxNodeConfig", + ) + + kubelet_config = proto.Field(proto.MESSAGE, number=22, message="NodeKubeletConfig",) + + ephemeral_storage_config = proto.Field( + proto.MESSAGE, number=24, message="EphemeralStorageConfig", + ) + class ShieldedInstanceConfig(proto.Message): r"""A set of Shielded Instance options. @@ -314,13 +495,86 @@ class ShieldedInstanceConfig(proto.Message): enable_integrity_monitoring = proto.Field(proto.BOOL, number=2) +class SandboxConfig(proto.Message): + r"""SandboxConfig contains configurations of the sandbox to use + for the node. + + Attributes: + sandbox_type (str): + Type of the sandbox to use for the node (e.g. + 'gvisor') + type_ (~.cluster_service.SandboxConfig.Type): + Type of the sandbox to use for the node. + """ + + class Type(proto.Enum): + r"""Possible types of sandboxes.""" + UNSPECIFIED = 0 + GVISOR = 1 + + sandbox_type = proto.Field(proto.STRING, number=1) + + type_ = proto.Field(proto.ENUM, number=2, enum=Type,) + + +class EphemeralStorageConfig(proto.Message): + r"""EphemeralStorageConfig contains configuration for the + ephemeral storage filesystem. + + Attributes: + local_ssd_count (int): + Number of local SSDs to use to back ephemeral + storage. Uses NVMe interfaces. Each local SSD is + 375 GB in size. If zero, it means to disable + using local SSDs as ephemeral storage. + """ + + local_ssd_count = proto.Field(proto.INT32, number=1) + + +class ReservationAffinity(proto.Message): + r"""`ReservationAffinity `__ + is the configuration of desired reservation which instances could + take capacity from. + + Attributes: + consume_reservation_type (~.cluster_service.ReservationAffinity.Type): + Corresponds to the type of reservation + consumption. + key (str): + Corresponds to the label key of a reservation resource. To + target a SPECIFIC_RESERVATION by name, specify + "googleapis.com/reservation-name" as the key and specify the + name of your reservation as its value. + values (Sequence[str]): + Corresponds to the label value(s) of + reservation resource(s). + """ + + class Type(proto.Enum): + r"""Indicates whether to consume capacity from a reservation or + not. + """ + UNSPECIFIED = 0 + NO_RESERVATION = 1 + ANY_RESERVATION = 2 + SPECIFIC_RESERVATION = 3 + + consume_reservation_type = proto.Field(proto.ENUM, number=1, enum=Type,) + + key = proto.Field(proto.STRING, number=2) + + values = proto.RepeatedField(proto.STRING, number=3) + + class NodeTaint(proto.Message): - r"""Kubernetes taint is comprised of three fields: key, value, - and effect. Effect can only be one of three types: NoSchedule, + r"""Kubernetes taint is comprised of three fields: key, value, and + effect. Effect can only be one of three types: NoSchedule, PreferNoSchedule or NoExecute. - For more information, including usage and the valid values, see: - https://kubernetes.io/docs/concepts/configuration/taint-and- - toleration/ + + See + `here `__ + for more information, including usage and the valid values. Attributes: key (str): @@ -357,6 +611,12 @@ class MasterAuth(proto.Message): clusters v1.6.0 and later, basic authentication can be disabled by leaving username unspecified (or setting it to the empty string). + Warning: basic authentication is deprecated, and + will be removed in GKE control plane versions + 1.19 and newer. For a list of recommended + authentication methods, see: + https://cloud.google.com/kubernetes- + engine/docs/how-to/api-server-authentication password (str): The password to use for HTTP basic authentication to the master endpoint. Because @@ -364,14 +624,20 @@ class MasterAuth(proto.Message): should create a strong password. If a password is provided for cluster creation, username must be non-empty. + + Warning: basic authentication is deprecated, and + will be removed in GKE control plane versions + 1.19 and newer. For a list of recommended + authentication methods, see: + https://cloud.google.com/kubernetes- + engine/docs/how-to/api-server-authentication client_certificate_config (~.cluster_service.ClientCertificateConfig): Configuration for client certificate authentication on the cluster. For clusters before v1.12, if no configuration is specified, a client certificate is issued. cluster_ca_certificate (str): - [Output only] Base64-encoded public certificate that is the - root of trust for the cluster. + client_certificate (str): [Output only] Base64-encoded public certificate used by clients to authenticate to the cluster endpoint. @@ -443,6 +709,19 @@ class AddonsConfig(proto.Message): Configuration for the Cloud Run addon. The ``IstioConfig`` addon must be enabled in order to enable Cloud Run addon. This option can only be enabled at cluster creation time. + dns_cache_config (~.cluster_service.DnsCacheConfig): + Configuration for NodeLocalDNS, a dns cache + running on cluster nodes + config_connector_config (~.cluster_service.ConfigConnectorConfig): + Configuration for the ConfigConnector add-on, + a Kubernetes extension to manage hosted GCP + services through the Kubernetes API + gce_persistent_disk_csi_driver_config (~.cluster_service.GcePersistentDiskCsiDriverConfig): + Configuration for the Compute Engine + Persistent Disk CSI driver. + kalm_config (~.cluster_service.KalmConfig): + Configuration for the KALM addon, which + manages the lifecycle of k8s applications. """ http_load_balancing = proto.Field( @@ -465,6 +744,18 @@ class AddonsConfig(proto.Message): cloud_run_config = proto.Field(proto.MESSAGE, number=7, message="CloudRunConfig",) + dns_cache_config = proto.Field(proto.MESSAGE, number=8, message="DnsCacheConfig",) + + config_connector_config = proto.Field( + proto.MESSAGE, number=10, message="ConfigConnectorConfig", + ) + + gce_persistent_disk_csi_driver_config = proto.Field( + proto.MESSAGE, number=11, message="GcePersistentDiskCsiDriverConfig", + ) + + kalm_config = proto.Field(proto.MESSAGE, number=12, message="KalmConfig",) + class HttpLoadBalancing(proto.Message): r"""Configuration options for the HTTP (L7) load balancing @@ -492,9 +783,8 @@ class HorizontalPodAutoscaling(proto.Message): disabled (bool): Whether the Horizontal Pod Autoscaling feature is enabled in the cluster. When enabled, - it ensures that a Heapster pod is running in the - cluster, which is also used by the Cloud - Monitoring service. + it ensures that metrics are collected into + Stackdriver Monitoring. """ disabled = proto.Field(proto.BOOL, number=1) @@ -526,6 +816,66 @@ class NetworkPolicyConfig(proto.Message): disabled = proto.Field(proto.BOOL, number=1) +class DnsCacheConfig(proto.Message): + r"""Configuration for NodeLocal DNSCache + + Attributes: + enabled (bool): + Whether NodeLocal DNSCache is enabled for + this cluster. + """ + + enabled = proto.Field(proto.BOOL, number=1) + + +class KalmConfig(proto.Message): + r"""Configuration options for the KALM addon. + + Attributes: + enabled (bool): + Whether KALM is enabled for this cluster. + """ + + enabled = proto.Field(proto.BOOL, number=1) + + +class ConfigConnectorConfig(proto.Message): + r"""Configuration options for the Config Connector add-on. + + Attributes: + enabled (bool): + Whether Cloud Connector is enabled for this + cluster. + """ + + enabled = proto.Field(proto.BOOL, number=1) + + +class GcePersistentDiskCsiDriverConfig(proto.Message): + r"""Configuration for the Compute Engine PD CSI driver. This + option can only be enabled at cluster creation time. + + Attributes: + enabled (bool): + Whether the Compute Engine PD CSI driver is + enabled for this cluster. + """ + + enabled = proto.Field(proto.BOOL, number=1) + + +class PrivateClusterMasterGlobalAccessConfig(proto.Message): + r"""Configuration for controlling master global access settings. + + Attributes: + enabled (bool): + Whenever master is accessible globally or + not. + """ + + enabled = proto.Field(proto.BOOL, number=1) + + class PrivateClusterConfig(proto.Message): r"""Configuration options for private clusters. @@ -551,6 +901,11 @@ class PrivateClusterConfig(proto.Message): public_endpoint (str): Output only. The external IP address of this cluster's master endpoint. + peering_name (str): + Output only. The peering name in the customer + VPC used by this cluster. + master_global_access_config (~.cluster_service.PrivateClusterMasterGlobalAccessConfig): + Controls master global access settings. """ enable_private_nodes = proto.Field(proto.BOOL, number=1) @@ -563,6 +918,12 @@ class PrivateClusterConfig(proto.Message): public_endpoint = proto.Field(proto.STRING, number=5) + peering_name = proto.Field(proto.STRING, number=7) + + master_global_access_config = proto.Field( + proto.MESSAGE, number=8, message="PrivateClusterMasterGlobalAccessConfig", + ) + class IstioConfig(proto.Message): r"""Configuration options for Istio addon. @@ -594,10 +955,21 @@ class CloudRunConfig(proto.Message): disabled (bool): Whether Cloud Run addon is enabled for this cluster. + load_balancer_type (~.cluster_service.CloudRunConfig.LoadBalancerType): + Which load balancer type is installed for + Cloud Run. """ + class LoadBalancerType(proto.Enum): + r"""Load balancer type of ingress service of Cloud Run.""" + LOAD_BALANCER_TYPE_UNSPECIFIED = 0 + LOAD_BALANCER_TYPE_EXTERNAL = 1 + LOAD_BALANCER_TYPE_INTERNAL = 2 + disabled = proto.Field(proto.BOOL, number=1) + load_balancer_type = proto.Field(proto.ENUM, number=3, enum=LoadBalancerType,) + class MasterAuthorizedNetworksConfig(proto.Message): r"""Configuration options for the master authorized networks @@ -681,8 +1053,11 @@ class IPAllocationPolicy(proto.Message): Attributes: use_ip_aliases (bool): - Whether alias IPs will be used for pod IPs in - the cluster. + Whether alias IPs will be used for pod IPs in the cluster. + This is used in conjunction with use_routes. It cannot be + true if use_routes is true. If both use_ip_aliases and + use_routes are false, then the server picks the default IP + allocation mode create_subnetwork (bool): Whether a new subnetwork will be created automatically for the cluster. @@ -800,7 +1175,15 @@ class IPAllocationPolicy(proto.Message): `CIDR `__ notation (e.g. ``10.96.0.0/14``) from the RFC-1918 private networks (e.g. ``10.0.0.0/8``, ``172.16.0.0/12``, - ``192.168.0.0/16``) to pick a specific range to use. + ``192.168.0.0/16``) to pick a specific range to use. This + field is deprecated, use cluster.tpu_config.ipv4_cidr_block + instead. + use_routes (bool): + Whether routes will be used for pod IPs in the cluster. This + is used in conjunction with use_ip_aliases. It cannot be + true if use_ip_aliases is true. If both use_ip_aliases and + use_routes are false, then the server picks the default IP + allocation mode """ use_ip_aliases = proto.Field(proto.BOOL, number=1) @@ -829,6 +1212,8 @@ class IPAllocationPolicy(proto.Message): tpu_ipv4_cidr_block = proto.Field(proto.STRING, number=13) + use_routes = proto.Field(proto.BOOL, number=15) + class BinaryAuthorization(proto.Message): r"""Configuration for Binary Authorization. @@ -875,6 +1260,24 @@ class AuthenticatorGroupsConfig(proto.Message): security_group = proto.Field(proto.STRING, number=2) +class ClusterTelemetry(proto.Message): + r"""Telemetry integration for the cluster. + + Attributes: + type_ (~.cluster_service.ClusterTelemetry.Type): + Type of the integration. + """ + + class Type(proto.Enum): + r"""Type of the integration.""" + UNSPECIFIED = 0 + DISABLED = 1 + ENABLED = 2 + SYSTEM_ONLY = 3 + + type_ = proto.Field(proto.ENUM, number=1, enum=Type,) + + class Cluster(proto.Message): r"""A Google Kubernetes Engine cluster. @@ -925,20 +1328,31 @@ class Cluster(proto.Message): The logging service the cluster should use to write logs. Currently available options: - - ``logging.googleapis.com`` - the Google Cloud Logging - service. + - ``logging.googleapis.com/kubernetes`` - The Cloud Logging + service with a Kubernetes-native resource model + - ``logging.googleapis.com`` - The legacy Cloud Logging + service (no longer available as of GKE 1.15). - ``none`` - no logs will be exported from the cluster. - - if left as an empty string,\ ``logging.googleapis.com`` - will be used. + + If left as an empty + string,\ ``logging.googleapis.com/kubernetes`` will be used + for GKE 1.14+ or ``logging.googleapis.com`` for earlier + versions. monitoring_service (str): The monitoring service the cluster should use to write metrics. Currently available options: - - ``monitoring.googleapis.com`` - the Google Cloud - Monitoring service. - - ``none`` - no metrics will be exported from the cluster. - - if left as an empty string, ``monitoring.googleapis.com`` - will be used. + - "monitoring.googleapis.com/kubernetes" - The Cloud + Monitoring service with a Kubernetes-native resource + model + - ``monitoring.googleapis.com`` - The legacy Cloud + Monitoring service (no longer available as of GKE 1.15). + - ``none`` - No metrics will be exported from the cluster. + + If left as an empty + string,\ ``monitoring.googleapis.com/kubernetes`` will be + used for GKE 1.14+ or ``monitoring.googleapis.com`` for + earlier versions. network (str): The name of the Google Compute Engine `network `__ @@ -968,6 +1382,15 @@ class Cluster(proto.Message): The list of Google Compute Engine `zones `__ in which the cluster's nodes should be located. + + This field provides a default value if + `NodePool.Locations `__ + are not specified during node pool creation. + + Warning: changing cluster locations will update the + `NodePool.Locations `__ + of all node pools and will result in nodes being added + and/or removed. enable_kubernetes_alpha (bool): Kubernetes alpha features are enabled on this cluster. This includes alpha API groups (e.g. @@ -1036,6 +1459,21 @@ class Cluster(proto.Message): vertical_pod_autoscaling (~.cluster_service.VerticalPodAutoscaling): Cluster-level Vertical Pod Autoscaling configuration. + shielded_nodes (~.cluster_service.ShieldedNodes): + Shielded Nodes configuration. + release_channel (~.cluster_service.ReleaseChannel): + Release channel configuration. + workload_identity_config (~.cluster_service.WorkloadIdentityConfig): + Configuration for the use of Kubernetes + Service Accounts in GCP IAM policies. + cluster_telemetry (~.cluster_service.ClusterTelemetry): + Telemetry integration for the cluster. + tpu_config (~.cluster_service.TpuConfig): + Configuration for Cloud TPU support; + notification_config (~.cluster_service.NotificationConfig): + Notification configuration of the cluster. + confidential_nodes (~.cluster_service.ConfidentialNodes): + Configuration of Confidential Nodes self_link (str): [Output only] Server-defined URL for the resource. zone (str): @@ -1085,8 +1523,9 @@ class Cluster(proto.Message): status (~.cluster_service.Cluster.Status): [Output only] The current status of this cluster. status_message (str): - [Output only] Additional information about the current - status of this cluster, if available. + [Output only] Deprecated. Use conditions instead. Additional + information about the current status of this cluster, if + available. node_ipv4_cidr_size (int): [Output only] The size of the address space on each node for hosting containers. This is provisioned from within the @@ -1116,8 +1555,8 @@ class Cluster(proto.Message): `region `__ in which the cluster resides. enable_tpu (bool): - Enable the ability to use Cloud TPUs in this - cluster. + Enable the ability to use Cloud TPUs in this cluster. This + field is deprecated, use tpu_config.enabled instead. tpu_ipv4_cidr_block (str): [Output only] The IP address range of the Cloud TPUs in this cluster, in @@ -1128,6 +1567,8 @@ class Cluster(proto.Message): conditions (Sequence[~.cluster_service.StatusCondition]): Which conditions caused the current cluster state. + master (~.cluster_service.Master): + Configuration for master components. """ class Status(proto.Enum): @@ -1224,6 +1665,28 @@ class Status(proto.Enum): proto.MESSAGE, number=39, message="VerticalPodAutoscaling", ) + shielded_nodes = proto.Field(proto.MESSAGE, number=40, message="ShieldedNodes",) + + release_channel = proto.Field(proto.MESSAGE, number=41, message="ReleaseChannel",) + + workload_identity_config = proto.Field( + proto.MESSAGE, number=43, message="WorkloadIdentityConfig", + ) + + cluster_telemetry = proto.Field( + proto.MESSAGE, number=46, message="ClusterTelemetry", + ) + + tpu_config = proto.Field(proto.MESSAGE, number=47, message="TpuConfig",) + + notification_config = proto.Field( + proto.MESSAGE, number=49, message="NotificationConfig", + ) + + confidential_nodes = proto.Field( + proto.MESSAGE, number=50, message="ConfidentialNodes", + ) + self_link = proto.Field(proto.STRING, number=100) zone = proto.Field(proto.STRING, number=101) @@ -1266,6 +1729,8 @@ class Status(proto.Enum): proto.MESSAGE, number=118, message="StatusCondition", ) + master = proto.Field(proto.MESSAGE, number=124, message="Master",) + class ClusterUpdate(proto.Message): r"""ClusterUpdate describes an update to the cluster. Exactly one @@ -1291,11 +1756,17 @@ class ClusterUpdate(proto.Message): The monitoring service the cluster should use to write metrics. Currently available options: - - "monitoring.googleapis.com/kubernetes" - the Google Cloud - Monitoring service with Kubernetes-native resource model - - "monitoring.googleapis.com" - the Google Cloud Monitoring - service - - "none" - no metrics will be exported from the cluster + - "monitoring.googleapis.com/kubernetes" - The Cloud + Monitoring service with a Kubernetes-native resource + model + - ``monitoring.googleapis.com`` - The legacy Cloud + Monitoring service (no longer available as of GKE 1.15). + - ``none`` - No metrics will be exported from the cluster. + + If left as an empty + string,\ ``monitoring.googleapis.com/kubernetes`` will be + used for GKE 1.14+ or ``monitoring.googleapis.com`` for + earlier versions. desired_addons_config (~.cluster_service.AddonsConfig): Configurations for the various addons available to run in the cluster. @@ -1316,12 +1787,13 @@ class ClusterUpdate(proto.Message): desired_locations (Sequence[str]): The desired list of Google Compute Engine `zones `__ - in which the cluster's nodes should be located. Changing the - locations a cluster is in will result in nodes being either - created or removed from the cluster, depending on whether - locations are being added or removed. + in which the cluster's nodes should be located. This list must always include the cluster's primary zone. + + Warning: changing cluster locations will update the + locations of all node pools and will result in nodes being + added and/or removed. desired_master_authorized_networks_config (~.cluster_service.MasterAuthorizedNetworksConfig): The desired configuration options for master authorized networks feature. @@ -1334,22 +1806,44 @@ class ClusterUpdate(proto.Message): The desired configuration options for the Binary Authorization feature. desired_logging_service (str): - The logging service the cluster should use to write metrics. + The logging service the cluster should use to write logs. Currently available options: - - "logging.googleapis.com/kubernetes" - the Google Cloud - Logging service with Kubernetes-native resource model - - "logging.googleapis.com" - the Google Cloud Logging - service - - "none" - no logs will be exported from the cluster + - ``logging.googleapis.com/kubernetes`` - The Cloud Logging + service with a Kubernetes-native resource model + - ``logging.googleapis.com`` - The legacy Cloud Logging + service (no longer available as of GKE 1.15). + - ``none`` - no logs will be exported from the cluster. + + If left as an empty + string,\ ``logging.googleapis.com/kubernetes`` will be used + for GKE 1.14+ or ``logging.googleapis.com`` for earlier + versions. desired_resource_usage_export_config (~.cluster_service.ResourceUsageExportConfig): The desired configuration for exporting resource usage. desired_vertical_pod_autoscaling (~.cluster_service.VerticalPodAutoscaling): Cluster-level Vertical Pod Autoscaling configuration. + desired_private_cluster_config (~.cluster_service.PrivateClusterConfig): + The desired private cluster configuration. desired_intra_node_visibility_config (~.cluster_service.IntraNodeVisibilityConfig): The desired config of Intra-node visibility. + desired_default_snat_status (~.cluster_service.DefaultSnatStatus): + The desired status of whether to disable + default sNAT for this cluster. + desired_cluster_telemetry (~.cluster_service.ClusterTelemetry): + The desired telemetry integration for the + cluster. + desired_release_channel (~.cluster_service.ReleaseChannel): + The desired release channel configuration. + desired_tpu_config (~.cluster_service.TpuConfig): + The desired Cloud TPU configuration. + desired_datapath_provider (~.cluster_service.DatapathProvider): + The desired datapath provider for the + cluster. + desired_notification_config (~.cluster_service.NotificationConfig): + The desired notification configuration. desired_master_version (str): The Kubernetes version to change the master to. The only valid value is the latest supported @@ -1364,6 +1858,14 @@ class ClusterUpdate(proto.Message): version - "1.X.Y-gke.N": picks an explicit Kubernetes version - "-": picks the default Kubernetes version + desired_database_encryption (~.cluster_service.DatabaseEncryption): + Configuration of etcd encryption. + desired_workload_identity_config (~.cluster_service.WorkloadIdentityConfig): + Configuration for Workload Identity. + desired_shielded_nodes (~.cluster_service.ShieldedNodes): + Configuration for Shielded Nodes. + desired_master (~.cluster_service.Master): + Configuration for master components. """ desired_node_version = proto.Field(proto.STRING, number=4) @@ -1410,12 +1912,52 @@ class ClusterUpdate(proto.Message): proto.MESSAGE, number=22, message="VerticalPodAutoscaling", ) + desired_private_cluster_config = proto.Field( + proto.MESSAGE, number=25, message="PrivateClusterConfig", + ) + desired_intra_node_visibility_config = proto.Field( proto.MESSAGE, number=26, message="IntraNodeVisibilityConfig", ) + desired_default_snat_status = proto.Field( + proto.MESSAGE, number=28, message="DefaultSnatStatus", + ) + + desired_cluster_telemetry = proto.Field( + proto.MESSAGE, number=30, message="ClusterTelemetry", + ) + + desired_release_channel = proto.Field( + proto.MESSAGE, number=31, message="ReleaseChannel", + ) + + desired_tpu_config = proto.Field(proto.MESSAGE, number=38, message="TpuConfig",) + + desired_datapath_provider = proto.Field( + proto.ENUM, number=50, enum="DatapathProvider", + ) + + desired_notification_config = proto.Field( + proto.MESSAGE, number=55, message="NotificationConfig", + ) + desired_master_version = proto.Field(proto.STRING, number=100) + desired_database_encryption = proto.Field( + proto.MESSAGE, number=46, message="DatabaseEncryption", + ) + + desired_workload_identity_config = proto.Field( + proto.MESSAGE, number=47, message="WorkloadIdentityConfig", + ) + + desired_shielded_nodes = proto.Field( + proto.MESSAGE, number=48, message="ShieldedNodes", + ) + + desired_master = proto.Field(proto.MESSAGE, number=52, message="Master",) + class Operation(proto.Message): r"""This operation resource represents operations that may have @@ -1437,8 +1979,9 @@ class Operation(proto.Message): detail (str): Detailed operation progress, if available. status_message (str): - If an error has occurred, a textual - description of the error. + Output only. If an error has occurred, a + textual description of the error. Deprecated. + Use field error instead. self_link (str): Server-defined URL for the resource. target_link (str): @@ -1459,13 +2002,17 @@ class Operation(proto.Message): `RFC3339 `__ text format. progress (~.cluster_service.OperationProgress): - [Output only] Progress information for an operation. + Output only. [Output only] Progress information for an + operation. cluster_conditions (Sequence[~.cluster_service.StatusCondition]): Which conditions caused the current cluster - state. + state. Deprecated. Use field error instead. nodepool_conditions (Sequence[~.cluster_service.StatusCondition]): Which conditions caused the current node pool - state. + state. Deprecated. Use field error instead. + error (~.gr_status.Status): + The error result of the operation in case of + failure. """ class Status(proto.Enum): @@ -1528,6 +2075,8 @@ class Type(proto.Enum): proto.MESSAGE, number=14, message="StatusCondition", ) + error = proto.Field(proto.MESSAGE, number=15, message=gr_status.Status,) + class OperationProgress(proto.Message): r"""Information about operation (or operation stage) progress. @@ -1554,8 +2103,8 @@ class Metric(proto.Message): Attributes: name (str): - Metric name, required. - e.g., "nodes total", "percent done". + Required. Metric name, e.g., "nodes total", + "percent done". int_value (int): For metrics with integer value. double_value (float): @@ -1599,7 +2148,7 @@ class CreateClusterRequest(proto.Message): and replaced by the parent field. cluster (~.cluster_service.Cluster): Required. A `cluster - resource `__ + resource `__ parent (str): The parent (project and location) where the cluster will be created. Specified in the format ``projects/*/locations/*``. @@ -1726,12 +2275,28 @@ class UpdateNodePoolRequest(proto.Message): image_type (str): Required. The desired image type for the node pool. + locations (Sequence[str]): + The desired list of Google Compute Engine + `zones `__ + in which the node pool's nodes should be located. Changing + the locations for a node pool will result in nodes being + either created or removed from the node pool, depending on + whether locations are being added or removed. workload_metadata_config (~.cluster_service.WorkloadMetadataConfig): - The desired image type for the node pool. + The desired workload metadata config for the + node pool. name (str): The name (project, location, cluster, node pool) of the node pool to update. Specified in the format ``projects/*/locations/*/clusters/*/nodePools/*``. + upgrade_settings (~.cluster_service.NodePool.UpgradeSettings): + Upgrade settings control disruption and speed + of the upgrade. + linux_node_config (~.cluster_service.LinuxNodeConfig): + Parameters that can be configured on Linux + nodes. + kubelet_config (~.cluster_service.NodeKubeletConfig): + Node kubelet configs. """ project_id = proto.Field(proto.STRING, number=1) @@ -1746,12 +2311,24 @@ class UpdateNodePoolRequest(proto.Message): image_type = proto.Field(proto.STRING, number=6) + locations = proto.RepeatedField(proto.STRING, number=13) + workload_metadata_config = proto.Field( proto.MESSAGE, number=14, message="WorkloadMetadataConfig", ) name = proto.Field(proto.STRING, number=8) + upgrade_settings = proto.Field( + proto.MESSAGE, number=15, message="NodePool.UpgradeSettings", + ) + + linux_node_config = proto.Field( + proto.MESSAGE, number=19, message="LinuxNodeConfig", + ) + + kubelet_config = proto.Field(proto.MESSAGE, number=20, message="NodeKubeletConfig",) + class SetNodePoolAutoscalingRequest(proto.Message): r"""SetNodePoolAutoscalingRequest sets the autoscaler settings of @@ -1821,11 +2398,18 @@ class SetLoggingServiceRequest(proto.Message): replaced by the name field. logging_service (str): Required. The logging service the cluster should use to - write metrics. Currently available options: + write logs. Currently available options: - - "logging.googleapis.com" - the Google Cloud Logging - service - - "none" - no metrics will be exported from the cluster + - ``logging.googleapis.com/kubernetes`` - The Cloud Logging + service with a Kubernetes-native resource model + - ``logging.googleapis.com`` - The legacy Cloud Logging + service (no longer available as of GKE 1.15). + - ``none`` - no logs will be exported from the cluster. + + If left as an empty + string,\ ``logging.googleapis.com/kubernetes`` will be used + for GKE 1.14+ or ``logging.googleapis.com`` for earlier + versions. name (str): The name (project, location, cluster) of the cluster to set logging. Specified in the format @@ -1867,9 +2451,17 @@ class SetMonitoringServiceRequest(proto.Message): Required. The monitoring service the cluster should use to write metrics. Currently available options: - - "monitoring.googleapis.com" - the Google Cloud Monitoring - service - - "none" - no metrics will be exported from the cluster + - "monitoring.googleapis.com/kubernetes" - The Cloud + Monitoring service with a Kubernetes-native resource + model + - ``monitoring.googleapis.com`` - The legacy Cloud + Monitoring service (no longer available as of GKE 1.15). + - ``none`` - No metrics will be exported from the cluster. + + If left as an empty + string,\ ``monitoring.googleapis.com/kubernetes`` will be + used for GKE 1.14+ or ``monitoring.googleapis.com`` for + earlier versions. name (str): The name (project, location, cluster) of the cluster to set monitoring. Specified in the format @@ -2300,15 +2892,63 @@ class ServerConfig(proto.Message): Version of Kubernetes the service deploys by default. valid_node_versions (Sequence[str]): - List of valid node upgrade target versions. + List of valid node upgrade target versions, + in descending order. default_image_type (str): Default image type. valid_image_types (Sequence[str]): List of valid image types. valid_master_versions (Sequence[str]): - List of valid master versions. + List of valid master versions, in descending + order. + channels (Sequence[~.cluster_service.ServerConfig.ReleaseChannelConfig]): + List of release channel configurations. """ + class ReleaseChannelConfig(proto.Message): + r"""ReleaseChannelConfig exposes configuration for a release + channel. + + Attributes: + channel (~.cluster_service.ReleaseChannel.Channel): + The release channel this configuration + applies to. + default_version (str): + The default version for newly created + clusters on the channel. + available_versions (Sequence[~.cluster_service.ServerConfig.ReleaseChannelConfig.AvailableVersion]): + Deprecated. This field has been deprecated and replaced with + the valid_versions field. + valid_versions (Sequence[str]): + List of valid versions for the channel. + """ + + class AvailableVersion(proto.Message): + r"""Deprecated. + + Attributes: + version (str): + Kubernetes version. + reason (str): + Reason for availability. + """ + + version = proto.Field(proto.STRING, number=1) + + reason = proto.Field(proto.STRING, number=2) + + channel = proto.Field(proto.ENUM, number=1, enum="ReleaseChannel.Channel",) + + default_version = proto.Field(proto.STRING, number=2) + + available_versions = proto.RepeatedField( + proto.MESSAGE, + number=3, + message="ServerConfig.ReleaseChannelConfig.AvailableVersion", + ) + + valid_versions = proto.RepeatedField(proto.STRING, number=4) + default_cluster_version = proto.Field(proto.STRING, number=1) valid_node_versions = proto.RepeatedField(proto.STRING, number=3) @@ -2319,6 +2959,10 @@ class ServerConfig(proto.Message): valid_master_versions = proto.RepeatedField(proto.STRING, number=6) + channels = proto.RepeatedField( + proto.MESSAGE, number=9, message=ReleaseChannelConfig, + ) + class CreateNodePoolRequest(proto.Message): r"""CreateNodePoolRequest creates a node pool for a cluster. @@ -2492,6 +3136,17 @@ class NodePool(proto.Message): quota `__ is sufficient for this number of instances. You must also have available firewall and routes quota. + locations (Sequence[str]): + The list of Google Compute Engine + `zones `__ + in which the NodePool's nodes should be located. + + If this value is unspecified during node pool creation, the + `Cluster.Locations `__ + value will be used, instead. + + Warning: changing node pool locations will result in nodes + being added and/or removed. self_link (str): [Output only] Server-defined URL for the resource. version (str): @@ -2503,8 +3158,9 @@ class NodePool(proto.Message): status (~.cluster_service.NodePool.Status): [Output only] The status of the nodes in this pool instance. status_message (str): - [Output only] Additional information about the current - status of this node pool instance, if available. + [Output only] Deprecated. Use conditions instead. Additional + information about the current status of this node pool + instance, if available. autoscaling (~.cluster_service.NodePoolAutoscaling): Autoscaler configuration for this NodePool. Autoscaler is enabled only if a valid @@ -2522,6 +3178,9 @@ class NodePool(proto.Message): pod_ipv4_cidr_size (int): [Output only] The pod CIDR block size per node in this node pool. + upgrade_settings (~.cluster_service.NodePool.UpgradeSettings): + Upgrade settings control disruption and speed + of the upgrade. """ class Status(proto.Enum): @@ -2534,12 +3193,56 @@ class Status(proto.Enum): STOPPING = 5 ERROR = 6 + class UpgradeSettings(proto.Message): + r"""These upgrade settings control the level of parallelism and + the level of disruption caused by an upgrade. + + maxUnavailable controls the number of nodes that can be + simultaneously unavailable. + + maxSurge controls the number of additional nodes that can be + added to the node pool temporarily for the time of the upgrade + to increase the number of available nodes. + + (maxUnavailable + maxSurge) determines the level of parallelism + (how many nodes are being upgraded at the same time). + + Note: upgrades inevitably introduce some disruption since + workloads need to be moved from old nodes to new, upgraded ones. + Even if maxUnavailable=0, this holds true. (Disruption stays + within the limits of PodDisruptionBudget, if it is configured.) + + Consider a hypothetical node pool with 5 nodes having + maxSurge=2, maxUnavailable=1. This means the upgrade process + upgrades 3 nodes simultaneously. It creates 2 additional + (upgraded) nodes, then it brings down 3 old (not yet upgraded) + nodes at the same time. This ensures that there are always at + least 4 nodes available. + + Attributes: + max_surge (int): + The maximum number of nodes that can be + created beyond the current size of the node pool + during the upgrade process. + max_unavailable (int): + The maximum number of nodes that can be + simultaneously unavailable during the upgrade + process. A node is considered available if its + status is Ready. + """ + + max_surge = proto.Field(proto.INT32, number=1) + + max_unavailable = proto.Field(proto.INT32, number=2) + name = proto.Field(proto.STRING, number=1) config = proto.Field(proto.MESSAGE, number=2, message="NodeConfig",) initial_node_count = proto.Field(proto.INT32, number=3) + locations = proto.RepeatedField(proto.STRING, number=13) + self_link = proto.Field(proto.STRING, number=100) version = proto.Field(proto.STRING, number=101) @@ -2564,6 +3267,8 @@ class Status(proto.Enum): pod_ipv4_cidr_size = proto.Field(proto.INT32, number=7) + upgrade_settings = proto.Field(proto.MESSAGE, number=107, message=UpgradeSettings,) + class NodeManagement(proto.Message): r"""NodeManagement defines the set of node management services @@ -2619,14 +3324,13 @@ class MaintenancePolicy(proto.Message): Specifies the maintenance window in which maintenance may be performed. resource_version (str): - A hash identifying the version of this - policy, so that updates to fields of the policy - won't accidentally undo intermediate changes - (and so that users of the API unaware of some - fields won't accidentally remove other fields). - Make a get() request to the cluster - to get the current resource version and include - it with requests to set the policy. + A hash identifying the version of this policy, so that + updates to fields of the policy won't accidentally undo + intermediate changes (and so that users of the API unaware + of some fields won't accidentally remove other fields). Make + a ``get()`` request to the cluster to get the current + resource version and include it with requests to set the + policy. """ window = proto.Field(proto.MESSAGE, number=1, message="MaintenanceWindow",) @@ -2691,38 +3395,43 @@ class RecurringTimeWindow(proto.Message): The window of the first recurrence. recurrence (str): An RRULE - (https://tools.ietf.org/html/rfc5545#section-3.8.5.3) - for how this window reccurs. They go on for the - span of time between the start and end time. - - For example, to have something repeat every - weekday, you'd use: - FREQ=WEEKLY;BYDAY=MO,TU,WE,TH,FR To - repeat some window daily (equivalent to the - DailyMaintenanceWindow): - FREQ=DAILY + (https://tools.ietf.org/html/rfc5545#section-3.8.5.3) for + how this window reccurs. They go on for the span of time + between the start and end time. + + For example, to have something repeat every weekday, you'd + use: ``FREQ=WEEKLY;BYDAY=MO,TU,WE,TH,FR`` + + To repeat some window daily (equivalent to the + DailyMaintenanceWindow): ``FREQ=DAILY`` + For the first weekend of every month: - FREQ=MONTHLY;BYSETPOS=1;BYDAY=SA,SU - This specifies how frequently the window starts. - Eg, if you wanted to have a 9-5 UTC-4 window - every weekday, you'd use something like: - start time = 2019-01-01T09:00:00-0400 - end time = 2019-01-01T17:00:00-0400 - recurrence = FREQ=WEEKLY;BYDAY=MO,TU,WE,TH,FR - - Windows can span multiple days. Eg, to make the - window encompass every weekend from midnight - Saturday till the last minute of Sunday UTC: - - start time = 2019-01-05T00:00:00Z - end time = 2019-01-07T23:59:00Z - recurrence = FREQ=WEEKLY;BYDAY=SA - - Note the start and end time's specific dates are - largely arbitrary except to specify duration of - the window and when it first starts. The FREQ - values of HOURLY, MINUTELY, and SECONDLY are not - supported. + ``FREQ=MONTHLY;BYSETPOS=1;BYDAY=SA,SU`` + + This specifies how frequently the window starts. Eg, if you + wanted to have a 9-5 UTC-4 window every weekday, you'd use + something like: + + :: + + start time = 2019-01-01T09:00:00-0400 + end time = 2019-01-01T17:00:00-0400 + recurrence = FREQ=WEEKLY;BYDAY=MO,TU,WE,TH,FR + + Windows can span multiple days. Eg, to make the window + encompass every weekend from midnight Saturday till the last + minute of Sunday UTC: + + :: + + start time = 2019-01-05T00:00:00Z + end time = 2019-01-07T23:59:00Z + recurrence = FREQ=WEEKLY;BYDAY=SA + + Note the start and end time's specific dates are largely + arbitrary except to specify duration of the window and when + it first starts. The FREQ values of HOURLY, MINUTELY, and + SECONDLY are not supported. """ window = proto.Field(proto.MESSAGE, number=1, message="TimeWindow",) @@ -2906,6 +3615,8 @@ class ClusterAutoscaling(proto.Message): resource_limits (Sequence[~.cluster_service.ResourceLimit]): Contains global constraints regarding minimum and maximum amount of resources in the cluster. + autoscaling_profile (~.cluster_service.ClusterAutoscaling.AutoscalingProfile): + Defines autoscaling behaviour. autoprovisioning_node_pool_defaults (~.cluster_service.AutoprovisioningNodePoolDefaults): AutoprovisioningNodePoolDefaults contains defaults for a node pool created by NAP. @@ -2915,12 +3626,20 @@ class ClusterAutoscaling(proto.Message): in which the NodePool's nodes can be created by NAP. """ + class AutoscalingProfile(proto.Enum): + r"""Defines possible options for autoscaling_profile field.""" + PROFILE_UNSPECIFIED = 0 + OPTIMIZE_UTILIZATION = 1 + BALANCED = 2 + enable_node_autoprovisioning = proto.Field(proto.BOOL, number=1) resource_limits = proto.RepeatedField( proto.MESSAGE, number=2, message="ResourceLimit", ) + autoscaling_profile = proto.Field(proto.ENUM, number=3, enum=AutoscalingProfile,) + autoprovisioning_node_pool_defaults = proto.Field( proto.MESSAGE, number=4, message="AutoprovisioningNodePoolDefaults", ) @@ -2934,18 +3653,89 @@ class AutoprovisioningNodePoolDefaults(proto.Message): Attributes: oauth_scopes (Sequence[str]): - Scopes that are used by NAP when creating node pools. If - oauth_scopes are specified, service_account should be empty. + The set of Google API scopes to be made available on all of + the node VMs under the "default" service account. + + The following scopes are recommended, but not required, and + by default are not included: + + - ``https://www.googleapis.com/auth/compute`` is required + for mounting persistent storage on your nodes. + - ``https://www.googleapis.com/auth/devstorage.read_only`` + is required for communicating with **gcr.io** (the + `Google Container + Registry `__). + + If unspecified, no scopes are added, unless Cloud Logging or + Cloud Monitoring are enabled, in which case their required + scopes will be added. service_account (str): - The Google Cloud Platform Service Account to be used by the - node VMs. If service_account is specified, scopes should be - empty. + The Google Cloud Platform Service Account to + be used by the node VMs. Specify the email + address of the Service Account; otherwise, if no + Service Account is specified, the "default" + service account is used. + upgrade_settings (~.cluster_service.NodePool.UpgradeSettings): + Upgrade settings control disruption and speed + of the upgrade. + management (~.cluster_service.NodeManagement): + NodeManagement configuration for this + NodePool. + min_cpu_platform (str): + Minimum CPU platform to be used by this instance. The + instance may be scheduled on the specified or newer CPU + platform. Applicable values are the friendly names of CPU + platforms, such as ``minCpuPlatform: "Intel Haswell"`` or + ``minCpuPlatform: "Intel Sandy Bridge"``. For more + information, read `how to specify min CPU + platform `__ + To unset the min cpu platform field pass "automatic" as + field value. + disk_size_gb (int): + Size of the disk attached to each node, + specified in GB. The smallest allowed disk size + is 10GB. + If unspecified, the default disk size is 100GB. + disk_type (str): + Type of the disk attached to each node (e.g. + 'pd-standard', 'pd-ssd' or 'pd-balanced') + + If unspecified, the default disk type is 'pd- + standard' + shielded_instance_config (~.cluster_service.ShieldedInstanceConfig): + Shielded Instance options. + boot_disk_kms_key (str): + The Customer Managed Encryption Key used to encrypt the boot + disk attached to each node in the node pool. This should be + of the form + projects/[KEY_PROJECT_ID]/locations/[LOCATION]/keyRings/[RING_NAME]/cryptoKeys/[KEY_NAME]. + For more information about protecting resources with Cloud + KMS Keys please see: + https://cloud.google.com/compute/docs/disks/customer-managed-encryption """ oauth_scopes = proto.RepeatedField(proto.STRING, number=1) service_account = proto.Field(proto.STRING, number=2) + upgrade_settings = proto.Field( + proto.MESSAGE, number=3, message="NodePool.UpgradeSettings", + ) + + management = proto.Field(proto.MESSAGE, number=4, message="NodeManagement",) + + min_cpu_platform = proto.Field(proto.STRING, number=5) + + disk_size_gb = proto.Field(proto.INT32, number=6) + + disk_type = proto.Field(proto.STRING, number=7) + + shielded_instance_config = proto.Field( + proto.MESSAGE, number=8, message="ShieldedInstanceConfig", + ) + + boot_disk_kms_key = proto.Field(proto.STRING, number=9) + class ResourceLimit(proto.Message): r"""Contains information about amount of some resource in the @@ -3022,14 +3812,12 @@ class SetLabelsRequest(proto.Message): resource_labels (Sequence[~.cluster_service.SetLabelsRequest.ResourceLabelsEntry]): Required. The labels to set for that cluster. label_fingerprint (str): - Required. The fingerprint of the previous set - of labels for this resource, used to detect - conflicts. The fingerprint is initially - generated by Kubernetes Engine and changes after - every request to modify or update labels. You - must always provide an up-to-date fingerprint - hash when updating or changing labels. Make a - get() request to the resource to + Required. The fingerprint of the previous set of labels for + this resource, used to detect conflicts. The fingerprint is + initially generated by Kubernetes Engine and changes after + every request to modify or update labels. You must always + provide an up-to-date fingerprint hash when updating or + changing labels. Make a ``get()`` request to the resource to get the latest fingerprint. name (str): The name (project, location, cluster id) of the cluster to @@ -3193,6 +3981,9 @@ class WorkloadMetadataConfig(proto.Message): NodeMetadata is the configuration for how to expose metadata to the workloads running on the node. + mode (~.cluster_service.WorkloadMetadataConfig.Mode): + Mode is the configuration for how to expose + metadata to workloads running on the node pool. """ class NodeMetadata(proto.Enum): @@ -3202,9 +3993,20 @@ class NodeMetadata(proto.Enum): UNSPECIFIED = 0 SECURE = 1 EXPOSE = 2 + GKE_METADATA_SERVER = 3 + + class Mode(proto.Enum): + r"""Mode is the configuration for how to expose metadata to + workloads running on the node. + """ + MODE_UNSPECIFIED = 0 + GCE_METADATA = 1 + GKE_METADATA = 2 node_metadata = proto.Field(proto.ENUM, number=1, enum=NodeMetadata,) + mode = proto.Field(proto.ENUM, number=2, enum=Mode,) + class SetNetworkPolicyRequest(proto.Message): r"""SetNetworkPolicyRequest enables/disables network policy for a @@ -3356,11 +4158,13 @@ class StatusCondition(proto.Message): Attributes: code (~.cluster_service.StatusCondition.Code): - Machine-friendly representation of the - condition + Machine-friendly representation of the condition Deprecated. + Use canonical_code instead. message (str): Human-friendly representation of the condition + canonical_code (~.gr_code.Code): + Canonical code of the condition. """ class Code(proto.Enum): @@ -3376,6 +4180,8 @@ class Code(proto.Enum): message = proto.Field(proto.STRING, number=2) + canonical_code = proto.Field(proto.ENUM, number=3, enum=gr_code.Code,) + class NetworkConfig(proto.Message): r"""NetworkConfig reports the relative names of network & @@ -3396,6 +4202,16 @@ class NetworkConfig(proto.Message): Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network. + default_snat_status (~.cluster_service.DefaultSnatStatus): + Whether the cluster disables default in-node sNAT rules. + In-node sNAT rules will be disabled when default_snat_status + is disabled. When disabled is set to false, default IP + masquerade rules will be applied to the nodes to prevent + sNAT on cluster internal traffic. + datapath_provider (~.cluster_service.DatapathProvider): + The desired datapath provider for this + cluster. By default, uses the IPTables-based + kube-proxy implementation. """ network = proto.Field(proto.STRING, number=1) @@ -3404,6 +4220,12 @@ class NetworkConfig(proto.Message): enable_intra_node_visibility = proto.Field(proto.BOOL, number=5) + default_snat_status = proto.Field( + proto.MESSAGE, number=7, message="DefaultSnatStatus", + ) + + datapath_provider = proto.Field(proto.ENUM, number=11, enum="DatapathProvider",) + class ListUsableSubnetworksRequest(proto.Message): r"""ListUsableSubnetworksRequest requests the list of usable @@ -3551,6 +4373,18 @@ class VerticalPodAutoscaling(proto.Message): enabled = proto.Field(proto.BOOL, number=1) +class DefaultSnatStatus(proto.Message): + r"""DefaultSnatStatus contains the desired state of whether + default sNAT should be disabled on the cluster. + + Attributes: + disabled (bool): + Disables cluster default sNAT rules. + """ + + disabled = proto.Field(proto.BOOL, number=1) + + class IntraNodeVisibilityConfig(proto.Message): r"""IntraNodeVisibilityConfig contains the desired config of the intra-node visibility on this cluster. @@ -3576,6 +4410,29 @@ class MaxPodsConstraint(proto.Message): max_pods_per_node = proto.Field(proto.INT64, number=1) +class WorkloadIdentityConfig(proto.Message): + r"""Configuration for the use of Kubernetes Service Accounts in + GCP IAM policies. + + Attributes: + identity_namespace (str): + IAM Identity Namespace to attach all + Kubernetes Service Accounts to. + workload_pool (str): + The workload pool to attach all Kubernetes + service accounts to. + identity_provider (str): + identity provider is the third party identity + provider. + """ + + identity_namespace = proto.Field(proto.STRING, number=1) + + workload_pool = proto.Field(proto.STRING, number=2) + + identity_provider = proto.Field(proto.STRING, number=3) + + class DatabaseEncryption(proto.Message): r"""Configuration of etcd encryption. @@ -3652,4 +4509,269 @@ class ConsumptionMeteringConfig(proto.Message): ) +class ShieldedNodes(proto.Message): + r"""Configuration of Shielded Nodes feature. + + Attributes: + enabled (bool): + Whether Shielded Nodes features are enabled + on all nodes in this cluster. + """ + + enabled = proto.Field(proto.BOOL, number=1) + + +class GetOpenIDConfigRequest(proto.Message): + r"""GetOpenIDConfigRequest gets the OIDC discovery document for + the cluster. See the OpenID Connect Discovery 1.0 specification + for details. + + Attributes: + parent (str): + The cluster (project, location, cluster id) to get the + discovery document for. Specified in the format + ``projects/*/locations/*/clusters/*``. + """ + + parent = proto.Field(proto.STRING, number=1) + + +class GetOpenIDConfigResponse(proto.Message): + r"""GetOpenIDConfigResponse is an OIDC discovery document for the + cluster. See the OpenID Connect Discovery 1.0 specification for + details. + + Attributes: + issuer (str): + OIDC Issuer. + jwks_uri (str): + JSON Web Key uri. + response_types_supported (Sequence[str]): + Supported response types. + subject_types_supported (Sequence[str]): + Supported subject types. + id_token_signing_alg_values_supported (Sequence[str]): + supported ID Token signing Algorithms. + claims_supported (Sequence[str]): + Supported claims. + grant_types (Sequence[str]): + Supported grant types. + """ + + issuer = proto.Field(proto.STRING, number=1) + + jwks_uri = proto.Field(proto.STRING, number=2) + + response_types_supported = proto.RepeatedField(proto.STRING, number=3) + + subject_types_supported = proto.RepeatedField(proto.STRING, number=4) + + id_token_signing_alg_values_supported = proto.RepeatedField(proto.STRING, number=5) + + claims_supported = proto.RepeatedField(proto.STRING, number=6) + + grant_types = proto.RepeatedField(proto.STRING, number=7) + + +class GetJSONWebKeysRequest(proto.Message): + r"""GetJSONWebKeysRequest gets the public component of the keys used by + the cluster to sign token requests. This will be the jwks_uri for + the discover document returned by getOpenIDConfig. See the OpenID + Connect Discovery 1.0 specification for details. + + Attributes: + parent (str): + The cluster (project, location, cluster id) to get keys for. + Specified in the format + ``projects/*/locations/*/clusters/*``. + """ + + parent = proto.Field(proto.STRING, number=1) + + +class Jwk(proto.Message): + r"""Jwk is a JSON Web Key as specified in RFC 7517 + + Attributes: + kty (str): + Key Type. + alg (str): + Algorithm. + use (str): + Permitted uses for the public keys. + kid (str): + Key ID. + n (str): + Used for RSA keys. + e (str): + Used for RSA keys. + x (str): + Used for ECDSA keys. + y (str): + Used for ECDSA keys. + crv (str): + Used for ECDSA keys. + """ + + kty = proto.Field(proto.STRING, number=1) + + alg = proto.Field(proto.STRING, number=2) + + use = proto.Field(proto.STRING, number=3) + + kid = proto.Field(proto.STRING, number=4) + + n = proto.Field(proto.STRING, number=5) + + e = proto.Field(proto.STRING, number=6) + + x = proto.Field(proto.STRING, number=7) + + y = proto.Field(proto.STRING, number=8) + + crv = proto.Field(proto.STRING, number=9) + + +class GetJSONWebKeysResponse(proto.Message): + r"""GetJSONWebKeysResponse is a valid JSON Web Key Set as + specififed in rfc 7517 + + Attributes: + keys (Sequence[~.cluster_service.Jwk]): + The public component of the keys used by the + cluster to sign token requests. + """ + + keys = proto.RepeatedField(proto.MESSAGE, number=1, message="Jwk",) + + +class ReleaseChannel(proto.Message): + r"""ReleaseChannel indicates which release channel a cluster is + subscribed to. Release channels are arranged in order of risk. + When a cluster is subscribed to a release channel, Google + maintains both the master version and the node version. Node + auto-upgrade defaults to true and cannot be disabled. + + Attributes: + channel (~.cluster_service.ReleaseChannel.Channel): + channel specifies which release channel the + cluster is subscribed to. + """ + + class Channel(proto.Enum): + r"""Possible values for 'channel'.""" + UNSPECIFIED = 0 + RAPID = 1 + REGULAR = 2 + STABLE = 3 + + channel = proto.Field(proto.ENUM, number=1, enum=Channel,) + + +class TpuConfig(proto.Message): + r"""Configuration for Cloud TPU. + + Attributes: + enabled (bool): + Whether Cloud TPU integration is enabled or + not. + use_service_networking (bool): + Whether to use service networking for Cloud + TPU or not. + ipv4_cidr_block (str): + IPv4 CIDR block reserved for Cloud TPU in the + VPC. + """ + + enabled = proto.Field(proto.BOOL, number=1) + + use_service_networking = proto.Field(proto.BOOL, number=2) + + ipv4_cidr_block = proto.Field(proto.STRING, number=3) + + +class Master(proto.Message): + r"""Master is the configuration for components on master.""" + + +class NotificationConfig(proto.Message): + r"""NotificationConfig is the configuration of notifications. + + Attributes: + pubsub (~.cluster_service.NotificationConfig.PubSub): + Notification config for Pub/Sub. + """ + + class PubSub(proto.Message): + r"""Pub/Sub specific notification config. + + Attributes: + enabled (bool): + Enable notifications for Pub/Sub. + topic (str): + The desired Pub/Sub topic to which notifications will be + sent by GKE. Format is + ``projects/{project}/topics/{topic}``. + """ + + enabled = proto.Field(proto.BOOL, number=1) + + topic = proto.Field(proto.STRING, number=2) + + pubsub = proto.Field(proto.MESSAGE, number=1, message=PubSub,) + + +class ConfidentialNodes(proto.Message): + r"""ConfidentialNodes is configuration for the confidential nodes + feature, which makes nodes run on confidential VMs. + + Attributes: + enabled (bool): + Whether Confidential Nodes feature is enabled + for all nodes in this cluster. + """ + + enabled = proto.Field(proto.BOOL, number=1) + + +class UpgradeEvent(proto.Message): + r"""UpgradeEvent is a notification sent to customers by the + cluster server when a resource is upgrading. + + Attributes: + resource_type (~.cluster_service.UpgradeResourceType): + Required. The resource type that is + upgrading. + operation (str): + Required. The operation associated with this + upgrade. + operation_start_time (~.timestamp.Timestamp): + Required. The time when the operation was + started. + current_version (str): + Required. The current version before the + upgrade. + target_version (str): + Required. The target version for the upgrade. + resource (str): + Optional. Optional relative path to the + resource. For example in node pool upgrades, the + relative path of the node pool. + """ + + resource_type = proto.Field(proto.ENUM, number=1, enum="UpgradeResourceType",) + + operation = proto.Field(proto.STRING, number=2) + + operation_start_time = proto.Field( + proto.MESSAGE, number=3, message=timestamp.Timestamp, + ) + + current_version = proto.Field(proto.STRING, number=4) + + target_version = proto.Field(proto.STRING, number=5) + + resource = proto.Field(proto.STRING, number=6) + + __all__ = tuple(sorted(__protobuf__.manifest)) diff --git a/scripts/fixup_container_v1beta1_keywords.py b/scripts/fixup_container_v1beta1_keywords.py index f06d07fd..5865b51c 100644 --- a/scripts/fixup_container_v1beta1_keywords.py +++ b/scripts/fixup_container_v1beta1_keywords.py @@ -48,6 +48,7 @@ class containerCallTransformer(cst.CSTTransformer): 'delete_cluster': ('project_id', 'zone', 'cluster_id', 'name', ), 'delete_node_pool': ('project_id', 'zone', 'cluster_id', 'node_pool_id', 'name', ), 'get_cluster': ('project_id', 'zone', 'cluster_id', 'name', ), + 'get_json_web_keys': ('parent', ), 'get_node_pool': ('project_id', 'zone', 'cluster_id', 'node_pool_id', 'name', ), 'get_operation': ('project_id', 'zone', 'operation_id', 'name', ), 'get_server_config': ('project_id', 'zone', 'name', ), @@ -72,7 +73,7 @@ class containerCallTransformer(cst.CSTTransformer): 'start_ip_rotation': ('project_id', 'zone', 'cluster_id', 'name', 'rotate_credentials', ), 'update_cluster': ('project_id', 'zone', 'cluster_id', 'update', 'name', ), 'update_master': ('project_id', 'zone', 'cluster_id', 'master_version', 'name', ), - 'update_node_pool': ('project_id', 'zone', 'cluster_id', 'node_pool_id', 'node_version', 'image_type', 'workload_metadata_config', 'name', ), + 'update_node_pool': ('project_id', 'zone', 'cluster_id', 'node_pool_id', 'node_version', 'image_type', 'locations', 'workload_metadata_config', 'name', 'upgrade_settings', 'linux_node_config', 'kubelet_config', ), } diff --git a/synth.metadata b/synth.metadata index 08d174af..8c8cb6d2 100644 --- a/synth.metadata +++ b/synth.metadata @@ -4,15 +4,15 @@ "git": { "name": ".", "remote": "https://github.com/googleapis/python-container.git", - "sha": "2f3ba9672930d7698bc8808decfce90646723a82" + "sha": "20401fb2dfa4ac59d385926d345db979473c4688" } }, { "git": { "name": "googleapis", "remote": "https://github.com/googleapis/googleapis.git", - "sha": "3ac5ef0436d8dfeb2ca0091dc7fa8012da1c85af", - "internalRef": "342835449" + "sha": "df4fd38d040c5c8a0869936205bca13fb64b2cff", + "internalRef": "344443035" } }, { diff --git a/tests/unit/gapic/container_v1beta1/test_cluster_manager.py b/tests/unit/gapic/container_v1beta1/test_cluster_manager.py index 4f883f88..a46e18f7 100644 --- a/tests/unit/gapic/container_v1beta1/test_cluster_manager.py +++ b/tests/unit/gapic/container_v1beta1/test_cluster_manager.py @@ -41,6 +41,9 @@ from google.cloud.container_v1beta1.types import cluster_service from google.oauth2 import service_account from google.protobuf import timestamp_pb2 as timestamp # type: ignore +from google.protobuf import wrappers_pb2 as wrappers # type: ignore +from google.rpc import code_pb2 as code # type: ignore +from google.rpc import status_pb2 as status # type: ignore def client_cert_source_callback(): @@ -5073,6 +5076,134 @@ async def test_list_node_pools_flattened_error_async(): ) +def test_get_json_web_keys( + transport: str = "grpc", request_type=cluster_service.GetJSONWebKeysRequest +): + client = ClusterManagerClient( + credentials=credentials.AnonymousCredentials(), transport=transport, + ) + + # Everything is optional in proto3 as far as the runtime is concerned, + # and we are mocking out the actual API, so just send an empty request. + request = request_type() + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.get_json_web_keys), "__call__" + ) as call: + # Designate an appropriate return value for the call. + call.return_value = cluster_service.GetJSONWebKeysResponse() + + response = client.get_json_web_keys(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + + assert args[0] == cluster_service.GetJSONWebKeysRequest() + + # Establish that the response is the type that we expect. + + assert isinstance(response, cluster_service.GetJSONWebKeysResponse) + + +def test_get_json_web_keys_from_dict(): + test_get_json_web_keys(request_type=dict) + + +@pytest.mark.asyncio +async def test_get_json_web_keys_async( + transport: str = "grpc_asyncio", request_type=cluster_service.GetJSONWebKeysRequest +): + client = ClusterManagerAsyncClient( + credentials=credentials.AnonymousCredentials(), transport=transport, + ) + + # Everything is optional in proto3 as far as the runtime is concerned, + # and we are mocking out the actual API, so just send an empty request. + request = request_type() + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.get_json_web_keys), "__call__" + ) as call: + # Designate an appropriate return value for the call. + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( + cluster_service.GetJSONWebKeysResponse() + ) + + response = await client.get_json_web_keys(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + + assert args[0] == cluster_service.GetJSONWebKeysRequest() + + # Establish that the response is the type that we expect. + assert isinstance(response, cluster_service.GetJSONWebKeysResponse) + + +@pytest.mark.asyncio +async def test_get_json_web_keys_async_from_dict(): + await test_get_json_web_keys_async(request_type=dict) + + +def test_get_json_web_keys_field_headers(): + client = ClusterManagerClient(credentials=credentials.AnonymousCredentials(),) + + # Any value that is part of the HTTP/1.1 URI should be sent as + # a field header. Set these to a non-empty value. + request = cluster_service.GetJSONWebKeysRequest() + request.parent = "parent/value" + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.get_json_web_keys), "__call__" + ) as call: + call.return_value = cluster_service.GetJSONWebKeysResponse() + + client.get_json_web_keys(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the field header was sent. + _, _, kw = call.mock_calls[0] + assert ("x-goog-request-params", "parent=parent/value",) in kw["metadata"] + + +@pytest.mark.asyncio +async def test_get_json_web_keys_field_headers_async(): + client = ClusterManagerAsyncClient(credentials=credentials.AnonymousCredentials(),) + + # Any value that is part of the HTTP/1.1 URI should be sent as + # a field header. Set these to a non-empty value. + request = cluster_service.GetJSONWebKeysRequest() + request.parent = "parent/value" + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.get_json_web_keys), "__call__" + ) as call: + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( + cluster_service.GetJSONWebKeysResponse() + ) + + await client.get_json_web_keys(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the field header was sent. + _, _, kw = call.mock_calls[0] + assert ("x-goog-request-params", "parent=parent/value",) in kw["metadata"] + + def test_get_node_pool( transport: str = "grpc", request_type=cluster_service.GetNodePoolRequest ): @@ -5090,6 +5221,7 @@ def test_get_node_pool( call.return_value = cluster_service.NodePool( name="name_value", initial_node_count=1911, + locations=["locations_value"], self_link="self_link_value", version="version_value", instance_group_urls=["instance_group_urls_value"], @@ -5114,6 +5246,8 @@ def test_get_node_pool( assert response.initial_node_count == 1911 + assert response.locations == ["locations_value"] + assert response.self_link == "self_link_value" assert response.version == "version_value" @@ -5150,6 +5284,7 @@ async def test_get_node_pool_async( cluster_service.NodePool( name="name_value", initial_node_count=1911, + locations=["locations_value"], self_link="self_link_value", version="version_value", instance_group_urls=["instance_group_urls_value"], @@ -5174,6 +5309,8 @@ async def test_get_node_pool_async( assert response.initial_node_count == 1911 + assert response.locations == ["locations_value"] + assert response.self_link == "self_link_value" assert response.version == "version_value" @@ -9201,6 +9338,7 @@ def test_cluster_manager_base_transport(): "cancel_operation", "get_server_config", "list_node_pools", + "get_json_web_keys", "get_node_pool", "create_node_pool", "delete_node_pool", @@ -9408,8 +9546,29 @@ def test_cluster_manager_transport_channel_mtls_with_adc(transport_class): assert transport.grpc_channel == mock_grpc_channel +def test_topic_path(): + project = "squid" + topic = "clam" + + expected = "projects/{project}/topics/{topic}".format(project=project, topic=topic,) + actual = ClusterManagerClient.topic_path(project, topic) + assert expected == actual + + +def test_parse_topic_path(): + expected = { + "project": "whelk", + "topic": "octopus", + } + path = ClusterManagerClient.topic_path(**expected) + + # Check that the path construction is reversible. + actual = ClusterManagerClient.parse_topic_path(path) + assert expected == actual + + def test_common_billing_account_path(): - billing_account = "squid" + billing_account = "oyster" expected = "billingAccounts/{billing_account}".format( billing_account=billing_account, @@ -9420,7 +9579,7 @@ def test_common_billing_account_path(): def test_parse_common_billing_account_path(): expected = { - "billing_account": "clam", + "billing_account": "nudibranch", } path = ClusterManagerClient.common_billing_account_path(**expected) @@ -9430,7 +9589,7 @@ def test_parse_common_billing_account_path(): def test_common_folder_path(): - folder = "whelk" + folder = "cuttlefish" expected = "folders/{folder}".format(folder=folder,) actual = ClusterManagerClient.common_folder_path(folder) @@ -9439,7 +9598,7 @@ def test_common_folder_path(): def test_parse_common_folder_path(): expected = { - "folder": "octopus", + "folder": "mussel", } path = ClusterManagerClient.common_folder_path(**expected) @@ -9449,7 +9608,7 @@ def test_parse_common_folder_path(): def test_common_organization_path(): - organization = "oyster" + organization = "winkle" expected = "organizations/{organization}".format(organization=organization,) actual = ClusterManagerClient.common_organization_path(organization) @@ -9458,7 +9617,7 @@ def test_common_organization_path(): def test_parse_common_organization_path(): expected = { - "organization": "nudibranch", + "organization": "nautilus", } path = ClusterManagerClient.common_organization_path(**expected) @@ -9468,7 +9627,7 @@ def test_parse_common_organization_path(): def test_common_project_path(): - project = "cuttlefish" + project = "scallop" expected = "projects/{project}".format(project=project,) actual = ClusterManagerClient.common_project_path(project) @@ -9477,7 +9636,7 @@ def test_common_project_path(): def test_parse_common_project_path(): expected = { - "project": "mussel", + "project": "abalone", } path = ClusterManagerClient.common_project_path(**expected) @@ -9487,8 +9646,8 @@ def test_parse_common_project_path(): def test_common_location_path(): - project = "winkle" - location = "nautilus" + project = "squid" + location = "clam" expected = "projects/{project}/locations/{location}".format( project=project, location=location, @@ -9499,8 +9658,8 @@ def test_common_location_path(): def test_parse_common_location_path(): expected = { - "project": "scallop", - "location": "abalone", + "project": "whelk", + "location": "octopus", } path = ClusterManagerClient.common_location_path(**expected) From 6a0fef7f30976357cc9f42c0213931d1a2c76eac Mon Sep 17 00:00:00 2001 From: Yoshi Automation Bot Date: Mon, 7 Dec 2020 16:12:05 -0800 Subject: [PATCH 2/4] docs(python): update intersphinx for grpc and auth (#53) This PR was generated using Autosynth. :rainbow: Synth log will be available here: https://source.cloud.google.com/results/invocations/6f0f288a-a1e8-4b2d-a85f-00b1c6150185/targets - [ ] To automatically regenerate this PR, check this box. Source-Link: https://github.com/googleapis/synthtool/commit/9a7d9fbb7045c34c9d3d22c1ff766eeae51f04c9 --- docs/conf.py | 9 ++++++--- synth.metadata | 2 +- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/docs/conf.py b/docs/conf.py index bc32a9d7..67b6599e 100644 --- a/docs/conf.py +++ b/docs/conf.py @@ -345,10 +345,13 @@ # Example configuration for intersphinx: refer to the Python standard library. intersphinx_mapping = { - "python": ("http://python.readthedocs.org/en/latest/", None), - "google-auth": ("https://google-auth.readthedocs.io/en/stable", None), + "python": ("https://python.readthedocs.org/en/latest/", None), + "google-auth": ( + "https://googleapis.dev/python/google-auth/latest/index.html", + None, + ), "google.api_core": ("https://googleapis.dev/python/google-api-core/latest/", None,), - "grpc": ("https://grpc.io/grpc/python/", None), + "grpc": ("https://grpc.github.io/grpc/python/", None), "proto-plus": ("https://proto-plus-python.readthedocs.io/en/latest/", None), } diff --git a/synth.metadata b/synth.metadata index 8c8cb6d2..4cd79d6a 100644 --- a/synth.metadata +++ b/synth.metadata @@ -19,7 +19,7 @@ "git": { "name": "synthtool", "remote": "https://github.com/googleapis/synthtool.git", - "sha": "6542bd723403513626f61642fc02ddca528409aa" + "sha": "9a7d9fbb7045c34c9d3d22c1ff766eeae51f04c9" } } ], From 0f9a41eb3394d4940941bc38a3e2e5cb3ad6b8dd Mon Sep 17 00:00:00 2001 From: Don McCasland Date: Tue, 8 Dec 2020 12:52:03 -0800 Subject: [PATCH 3/4] fix: Update CODEOWNERS (#59) fix #58 update codeowners to include dpe cicd team --- .github/CODEOWNERS | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index 30c3973a..e2ec9cbc 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -5,7 +5,7 @@ # https://help.github.com/en/github/creating-cloning-and-archiving-repositories/about-code-owners#codeowners-syntax # The @googleapis/yoshi-python is the default owner for changes in this repo -* @googleapis/yoshi-python +* @googleapis/yoshi-python @googleapis/cicd # The python-samples-reviewers team is the default owner for samples changes -/samples/ @googleapis/python-samples-owners \ No newline at end of file +/samples/ @googleapis/python-samples-owners From 74a4ec1a99d5fcd74bafeab6939da337674c4fa5 Mon Sep 17 00:00:00 2001 From: "release-please[bot]" <55107282+release-please[bot]@users.noreply.github.com> Date: Tue, 8 Dec 2020 13:59:31 -0800 Subject: [PATCH 4/4] chore: release 2.3.0 (#55) Co-authored-by: release-please[bot] <55107282+release-please[bot]@users.noreply.github.com> --- CHANGELOG.md | 17 +++++++++++++++++ setup.py | 2 +- 2 files changed, 18 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 671e415d..d81fe0b7 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,23 @@ [1]: https://pypi.org/project/google-cloud-container/#history +## [2.3.0](https://www.github.com/googleapis/python-container/compare/v2.2.0...v2.3.0) (2020-12-08) + + +### Features + +* sync v1beta1 GKE API; deprecate SetLocations and use UpdateCluster; support for sysctls config in Linux nodes; support for node kubelet config controlling CPU manager policy, CFS quota; support for Customer Managed Encryption ([17f0a29](https://www.github.com/googleapis/python-container/commit/17f0a29401ffeaafca6166f9f6169a83c00b145a)) + + +### Bug Fixes + +* Update CODEOWNERS ([#59](https://www.github.com/googleapis/python-container/issues/59)) ([0f9a41e](https://www.github.com/googleapis/python-container/commit/0f9a41eb3394d4940941bc38a3e2e5cb3ad6b8dd)), closes [#58](https://www.github.com/googleapis/python-container/issues/58) + + +### Documentation + +* **python:** update intersphinx for grpc and auth ([#53](https://www.github.com/googleapis/python-container/issues/53)) ([6a0fef7](https://www.github.com/googleapis/python-container/commit/6a0fef7f30976357cc9f42c0213931d1a2c76eac)) + ## [2.2.0](https://www.github.com/googleapis/python-container/compare/v2.1.0...v2.2.0) (2020-11-17) All changes are from [#51](https://www.github.com/googleapis/python-container/issues/51) / [d3f5465](https://www.github.com/googleapis/python-container/commit/d3f546574300cd18bb0cb1627f226cfe34ee8098) diff --git a/setup.py b/setup.py index 4269f48b..3b14054e 100644 --- a/setup.py +++ b/setup.py @@ -22,7 +22,7 @@ name = "google-cloud-container" description = "Google Container Engine API client library" -version = "2.2.0" +version = "2.3.0" # Should be one of: # 'Development Status :: 3 - Alpha' # 'Development Status :: 4 - Beta'