230 lines
8.7 KiB
230 lines
8.7 KiB
// Copyright 2022 Google LLC |
|
// |
|
// Licensed under the Apache License, Version 2.0 (the "License"); |
|
// you may not use this file except in compliance with the License. |
|
// You may obtain a copy of the License at |
|
// |
|
// http://www.apache.org/licenses/LICENSE-2.0 |
|
// |
|
// Unless required by applicable law or agreed to in writing, software |
|
// distributed under the License is distributed on an "AS IS" BASIS, |
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
|
// See the License for the specific language governing permissions and |
|
// limitations under the License. |
|
|
|
syntax = "proto3"; |
|
|
|
package google.cloud.gkemulticloud.v1; |
|
|
|
import "google/api/field_behavior.proto"; |
|
import "google/api/resource.proto"; |
|
import "google/cloud/gkemulticloud/v1/common_resources.proto"; |
|
import "google/protobuf/timestamp.proto"; |
|
|
|
option csharp_namespace = "Google.Cloud.GkeMultiCloud.V1"; |
|
option go_package = "google.golang.org/genproto/googleapis/cloud/gkemulticloud/v1;gkemulticloud"; |
|
option java_multiple_files = true; |
|
option java_outer_classname = "AttachedResourcesProto"; |
|
option java_package = "com.google.cloud.gkemulticloud.v1"; |
|
option php_namespace = "Google\\Cloud\\GkeMultiCloud\\V1"; |
|
option ruby_package = "Google::Cloud::GkeMultiCloud::V1"; |
|
|
|
// An Anthos cluster running on customer own infrastructure. |
|
message AttachedCluster { |
|
option (google.api.resource) = { |
|
type: "gkemulticloud.googleapis.com/AttachedCluster" |
|
pattern: "projects/{project}/locations/{location}/attachedClusters/{attached_cluster}" |
|
}; |
|
|
|
// The lifecycle state of the cluster. |
|
enum State { |
|
// Not set. |
|
STATE_UNSPECIFIED = 0; |
|
|
|
// The PROVISIONING state indicates the cluster is being registered. |
|
PROVISIONING = 1; |
|
|
|
// The RUNNING state indicates the cluster has been register and is fully |
|
// usable. |
|
RUNNING = 2; |
|
|
|
// The RECONCILING state indicates that some work is actively being done on |
|
// the cluster, such as upgrading software components. |
|
RECONCILING = 3; |
|
|
|
// The STOPPING state indicates the cluster is being de-registered. |
|
STOPPING = 4; |
|
|
|
// The ERROR state indicates the cluster is in a broken unrecoverable |
|
// state. |
|
ERROR = 5; |
|
|
|
// The DEGRADED state indicates the cluster requires user action to |
|
// restore full functionality. |
|
DEGRADED = 6; |
|
} |
|
|
|
// The name of this resource. |
|
// |
|
// Cluster names are formatted as |
|
// `projects/<project-number>/locations/<region>/attachedClusters/<cluster-id>`. |
|
// |
|
// See [Resource Names](https://cloud.google.com/apis/design/resource_names) |
|
// for more details on GCP resource names. |
|
string name = 1; |
|
|
|
// Optional. A human readable description of this cluster. |
|
// Cannot be longer than 255 UTF-8 encoded bytes. |
|
string description = 2 [(google.api.field_behavior) = OPTIONAL]; |
|
|
|
// Required. OpenID Connect (OIDC) configuration for the cluster. |
|
AttachedOidcConfig oidc_config = 3 [(google.api.field_behavior) = REQUIRED]; |
|
|
|
// Required. The platform version for the cluster (e.g. `1.19.0-gke.1000`). |
|
// |
|
// You can list all supported versions on a given Google Cloud region by |
|
// calling |
|
// [GetAttachedServerConfig][google.cloud.gkemulticloud.v1.AttachedClusters.GetAttachedServerConfig]. |
|
string platform_version = 4 [(google.api.field_behavior) = REQUIRED]; |
|
|
|
// Required. The Kubernetes distribution of the underlying attached cluster. |
|
// |
|
// Supported values: ["eks", "aks"]. |
|
string distribution = 16 [(google.api.field_behavior) = REQUIRED]; |
|
|
|
// Output only. The region where this cluster runs. |
|
// |
|
// For EKS clusters, this is a AWS region. For AKS clusters, |
|
// this is an Azure region. |
|
string cluster_region = 22 [(google.api.field_behavior) = OUTPUT_ONLY]; |
|
|
|
// Required. Fleet configuration. |
|
Fleet fleet = 5 [(google.api.field_behavior) = REQUIRED]; |
|
|
|
// Output only. The current state of the cluster. |
|
State state = 6 [(google.api.field_behavior) = OUTPUT_ONLY]; |
|
|
|
// Output only. A globally unique identifier for the cluster. |
|
string uid = 7 [(google.api.field_behavior) = OUTPUT_ONLY]; |
|
|
|
// Output only. If set, there are currently changes in flight to the cluster. |
|
bool reconciling = 8 [(google.api.field_behavior) = OUTPUT_ONLY]; |
|
|
|
// Output only. The time at which this cluster was registered. |
|
google.protobuf.Timestamp create_time = 9 |
|
[(google.api.field_behavior) = OUTPUT_ONLY]; |
|
|
|
// Output only. The time at which this cluster was last updated. |
|
google.protobuf.Timestamp update_time = 10 |
|
[(google.api.field_behavior) = OUTPUT_ONLY]; |
|
|
|
// Allows clients to perform consistent read-modify-writes |
|
// through optimistic concurrency control. |
|
// |
|
// Can be sent on update and delete requests to ensure the |
|
// client has an up-to-date value before proceeding. |
|
string etag = 11; |
|
|
|
// Output only. The Kubernetes version of the cluster. |
|
string kubernetes_version = 12 [(google.api.field_behavior) = OUTPUT_ONLY]; |
|
|
|
// Optional. Annotations on the cluster. |
|
// |
|
// This field has the same restrictions as Kubernetes annotations. |
|
// The total size of all keys and values combined is limited to 256k. |
|
// Key can have 2 segments: prefix (optional) and name (required), |
|
// separated by a slash (/). |
|
// Prefix must be a DNS subdomain. |
|
// Name must be 63 characters or less, begin and end with alphanumerics, |
|
// with dashes (-), underscores (_), dots (.), and alphanumerics between. |
|
map<string, string> annotations = 13 [(google.api.field_behavior) = OPTIONAL]; |
|
|
|
// Output only. Workload Identity settings. |
|
WorkloadIdentityConfig workload_identity_config = 14 |
|
[(google.api.field_behavior) = OUTPUT_ONLY]; |
|
|
|
// Optional. Logging configuration for this cluster. |
|
LoggingConfig logging_config = 15 [(google.api.field_behavior) = OPTIONAL]; |
|
|
|
// Output only. A set of errors found in the cluster. |
|
repeated AttachedClusterError errors = 20 |
|
[(google.api.field_behavior) = OUTPUT_ONLY]; |
|
|
|
// Optional. Configuration related to the cluster RBAC settings. |
|
AttachedClustersAuthorization authorization = 21 |
|
[(google.api.field_behavior) = OPTIONAL]; |
|
|
|
// Optional. Monitoring configuration for this cluster. |
|
MonitoringConfig monitoring_config = 23 |
|
[(google.api.field_behavior) = OPTIONAL]; |
|
} |
|
|
|
// Configuration related to the cluster RBAC settings. |
|
message AttachedClustersAuthorization { |
|
// Required. Users that can perform operations as a cluster admin. A managed |
|
// ClusterRoleBinding will be created to grant the `cluster-admin` ClusterRole |
|
// to the users. Up to ten admin users can be provided. |
|
// |
|
// For more info on RBAC, see |
|
// https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles |
|
repeated AttachedClusterUser admin_users = 1 |
|
[(google.api.field_behavior) = REQUIRED]; |
|
} |
|
|
|
// Identities of a user-type subject for Attached clusters. |
|
message AttachedClusterUser { |
|
// Required. The name of the user, e.g. `my-gcp-id@gmail.com`. |
|
string username = 1 [(google.api.field_behavior) = REQUIRED]; |
|
} |
|
|
|
// OIDC discovery information of the target cluster. |
|
// |
|
// Kubernetes Service Account (KSA) tokens are JWT tokens signed by the cluster |
|
// API server. This fields indicates how GCP services |
|
// validate KSA tokens in order to allow system workloads (such as GKE Connect |
|
// and telemetry agents) to authenticate back to GCP. |
|
// |
|
// Both clusters with public and private issuer URLs are supported. |
|
// Clusters with public issuers only need to specify the `issuer_url` field |
|
// while clusters with private issuers need to provide both |
|
// `issuer_url` and `oidc_jwks`. |
|
message AttachedOidcConfig { |
|
// A JSON Web Token (JWT) issuer URI. `issuer` must start with `https://`. |
|
string issuer_url = 1; |
|
|
|
// Optional. OIDC verification keys in JWKS format (RFC 7517). |
|
// It contains a list of OIDC verification keys that can be used to verify |
|
// OIDC JWTs. |
|
// |
|
// This field is required for cluster that doesn't have a publicly available |
|
// discovery endpoint. When provided, it will be directly used |
|
// to verify the OIDC JWT asserted by the IDP. |
|
bytes jwks = 2 [(google.api.field_behavior) = OPTIONAL]; |
|
} |
|
|
|
// AttachedServerConfig provides information about supported |
|
// Kubernetes versions |
|
message AttachedServerConfig { |
|
option (google.api.resource) = { |
|
type: "gkemulticloud.googleapis.com/AttachedServerConfig" |
|
pattern: "projects/{project}/locations/{location}/attachedServerConfig" |
|
}; |
|
|
|
// The resource name of the config. |
|
string name = 1; |
|
|
|
// List of valid platform versions. |
|
repeated AttachedPlatformVersionInfo valid_versions = 2; |
|
} |
|
|
|
// Information about a supported Attached Clusters platform version. |
|
message AttachedPlatformVersionInfo { |
|
// Platform version name. |
|
string version = 1; |
|
} |
|
|
|
// AttachedClusterError describes errors found on attached clusters. |
|
message AttachedClusterError { |
|
// Human-friendly description of the error. |
|
string message = 1; |
|
}
|
|
|