Skip to content

Commit f5b1533

Browse files
gcf-owl-bot[bot]gcf-owl-bot[bot]
authored
feat: [container] add API for GPU driver installation config (#4330)
- [ ] Regenerate this pull request now. --- feat: add SecurityPostureConfig API field to allow customers to enable GKE Security Posture capabilities for their clusters --- feat: add workloadPolicyConfig API field to allow customer enable NET_ADMIN capability for their autopilot clusters PiperOrigin-RevId: 539136563 Source-Link: https://togithub.com/googleapis/googleapis/commit/ca49cb95bdb183eb7d6009414dd2cfccdb727d61 Source-Link: https://togithub.com/googleapis/googleapis-gen/commit/b7903fd0e95031cce1ed78dbb82f44d7c3ba5ba1 Copy-Tag: eyJwIjoicGFja2FnZXMvZ29vZ2xlLWNvbnRhaW5lci8uT3dsQm90LnlhbWwiLCJoIjoiYjc5MDNmZDBlOTUwMzFjY2UxZWQ3OGRiYjgyZjQ0ZDdjM2JhNWJhMSJ9 BEGIN_NESTED_COMMIT feat: [container] add API for GPU driver installation config --- feat: add SecurityPostureConfig API field to allow customers to enable GKE Security Posture capabilities for their clusters --- feat: add workloadPolicyConfig API field to allow customer enable NET_ADMIN capability for their autopilot clusters PiperOrigin-RevId: 538770734 Source-Link: https://togithub.com/googleapis/googleapis/commit/b7e93121d514f1ab1f2b446de0969125a18914c8 Source-Link: https://togithub.com/googleapis/googleapis-gen/commit/0988e7e1feed3b087096b2167dc262320ead297a Copy-Tag: eyJwIjoicGFja2FnZXMvZ29vZ2xlLWNvbnRhaW5lci8uT3dsQm90LnlhbWwiLCJoIjoiMDk4OGU3ZTFmZWVkM2IwODcwOTZiMjE2N2RjMjYyMzIwZWFkMjk3YSJ9 END_NESTED_COMMIT
1 parent 0552bb9 commit f5b1533

5 files changed

Lines changed: 3108 additions & 2 deletions

File tree

packages/google-container/protos/google/container/v1/cluster_service.proto

Lines changed: 78 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1911,6 +1911,9 @@ message Cluster {
19111911
// Fleet information for the cluster.
19121912
Fleet fleet = 140;
19131913

1914+
// Enable/Disable Security Posture API features for the cluster.
1915+
SecurityPostureConfig security_posture_config = 145;
1916+
19141917
// Beta APIs Config
19151918
K8sBetaAPIConfig enable_k8s_beta_apis = 143;
19161919
}
@@ -1921,6 +1924,40 @@ message K8sBetaAPIConfig {
19211924
repeated string enabled_apis = 1;
19221925
}
19231926

1927+
// SecurityPostureConfig defines the flags needed to enable/disable features for
1928+
// the Security Posture API.
1929+
message SecurityPostureConfig {
1930+
// Mode defines enablement mode for GKE Security posture features.
1931+
enum Mode {
1932+
// Default value not specified.
1933+
MODE_UNSPECIFIED = 0;
1934+
1935+
// Disables Security Posture features on the cluster.
1936+
DISABLED = 1;
1937+
1938+
// Applies Security Posture features on the cluster.
1939+
BASIC = 2;
1940+
}
1941+
1942+
// VulnerabilityMode defines enablement mode for vulnerability scanning.
1943+
enum VulnerabilityMode {
1944+
// Default value not specified.
1945+
VULNERABILITY_MODE_UNSPECIFIED = 0;
1946+
1947+
// Disables vulnerability scanning on the cluster.
1948+
VULNERABILITY_DISABLED = 1;
1949+
1950+
// Applies basic vulnerability scanning on the cluster.
1951+
VULNERABILITY_BASIC = 2;
1952+
}
1953+
1954+
// Sets which mode to use for Security Posture features.
1955+
optional Mode mode = 1;
1956+
1957+
// Sets which mode to use for vulnerability scanning.
1958+
optional VulnerabilityMode vulnerability_mode = 2;
1959+
}
1960+
19241961
// Node pool configs that apply to all auto-provisioned node pools
19251962
// in autopilot clusters and node auto-provisioning enabled clusters.
19261963
message NodePoolAutoConfig {
@@ -2145,9 +2182,15 @@ message ClusterUpdate {
21452182
// Kubernetes open source beta apis enabled on the cluster. Only beta apis
21462183
K8sBetaAPIConfig enable_k8s_beta_apis = 122;
21472184

2185+
// Enable/Disable Security Posture API features for the cluster.
2186+
SecurityPostureConfig desired_security_posture_config = 124;
2187+
21482188
// Enable/Disable FQDN Network Policy for the cluster.
21492189
optional bool desired_enable_fqdn_network_policy = 126;
21502190

2191+
// The desired workload policy configuration for the autopilot cluster.
2192+
WorkloadPolicyConfig desired_autopilot_workload_policy_config = 128;
2193+
21512194
// Desired Beta APIs to be enabled for cluster.
21522195
K8sBetaAPIConfig desired_k8s_beta_apis = 131;
21532196
}
@@ -3956,6 +3999,9 @@ message AcceleratorConfig {
39563999

39574000
// The configuration for GPU sharing options.
39584001
optional GPUSharingConfig gpu_sharing_config = 5;
4002+
4003+
// The configuration for auto installation of GPU driver.
4004+
optional GPUDriverInstallationConfig gpu_driver_installation_config = 6;
39594005
}
39604006

39614007
// GPUSharingConfig represents the GPU sharing configuration for Hardware
@@ -3977,6 +4023,28 @@ message GPUSharingConfig {
39774023
optional GPUSharingStrategy gpu_sharing_strategy = 2;
39784024
}
39794025

4026+
// GPUDriverInstallationConfig specifies the version of GPU driver to be auto
4027+
// installed.
4028+
message GPUDriverInstallationConfig {
4029+
// The GPU driver version to install.
4030+
enum GPUDriverVersion {
4031+
// Default value is to not install any GPU driver.
4032+
GPU_DRIVER_VERSION_UNSPECIFIED = 0;
4033+
4034+
// Disable GPU driver auto installation and needs manual installation
4035+
INSTALLATION_DISABLED = 1;
4036+
4037+
// "Default" GPU driver in COS and Ubuntu.
4038+
DEFAULT = 2;
4039+
4040+
// "Latest" GPU driver in COS.
4041+
LATEST = 3;
4042+
}
4043+
4044+
// Mode for how the GPU driver is installed.
4045+
optional GPUDriverVersion gpu_driver_version = 1;
4046+
}
4047+
39804048
// WorkloadMetadataConfig defines the metadata configuration to expose to
39814049
// workloads on the node pool.
39824050
message WorkloadMetadataConfig {
@@ -4785,6 +4853,16 @@ message SecurityBulletinEvent {
47854853
message Autopilot {
47864854
// Enable Autopilot
47874855
bool enabled = 1;
4856+
4857+
// Workload policy configuration for Autopilot.
4858+
WorkloadPolicyConfig workload_policy_config = 2;
4859+
}
4860+
4861+
// WorkloadPolicyConfig is the configuration of workload policy for autopilot
4862+
// clusters.
4863+
message WorkloadPolicyConfig {
4864+
// If true, workloads can use NET_ADMIN capability.
4865+
optional bool allow_net_admin = 1;
47884866
}
47894867

47904868
// LoggingConfig is cluster logging configuration.

packages/google-container/protos/google/container/v1beta1/cluster_service.proto

Lines changed: 78 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2098,6 +2098,9 @@ message Cluster {
20982098

20992099
// Fleet information for the cluster.
21002100
Fleet fleet = 140;
2101+
2102+
// Enable/Disable Security Posture API features for the cluster.
2103+
SecurityPostureConfig security_posture_config = 145;
21012104
}
21022105

21032106
// Kubernetes open source beta apis enabled on the cluster.
@@ -2157,6 +2160,40 @@ message ProtectConfig {
21572160
optional WorkloadVulnerabilityMode workload_vulnerability_mode = 2;
21582161
}
21592162

2163+
// SecurityPostureConfig defines the flags needed to enable/disable features for
2164+
// the Security Posture API.
2165+
message SecurityPostureConfig {
2166+
// Mode defines enablement mode for GKE Security posture features.
2167+
enum Mode {
2168+
// Default value not specified.
2169+
MODE_UNSPECIFIED = 0;
2170+
2171+
// Disables Security Posture features on the cluster.
2172+
DISABLED = 1;
2173+
2174+
// Applies Security Posture features on the cluster.
2175+
BASIC = 2;
2176+
}
2177+
2178+
// VulnerabilityMode defines enablement mode for vulnerability scanning.
2179+
enum VulnerabilityMode {
2180+
// Default value not specified.
2181+
VULNERABILITY_MODE_UNSPECIFIED = 0;
2182+
2183+
// Disables vulnerability scanning on the cluster.
2184+
VULNERABILITY_DISABLED = 1;
2185+
2186+
// Applies basic vulnerability scanning on the cluster.
2187+
VULNERABILITY_BASIC = 2;
2188+
}
2189+
2190+
// Sets which mode to use for Security Posture features.
2191+
optional Mode mode = 1;
2192+
2193+
// Sets which mode to use for vulnerability scanning.
2194+
optional VulnerabilityMode vulnerability_mode = 2;
2195+
}
2196+
21602197
// Subset of Nodepool message that has defaults.
21612198
message NodePoolDefaults {
21622199
// Subset of NodeConfig message that has defaults.
@@ -2405,9 +2442,15 @@ message ClusterUpdate {
24052442
// Kubernetes open source beta apis enabled on the cluster. Only beta apis
24062443
K8sBetaAPIConfig enable_k8s_beta_apis = 122;
24072444

2445+
// Enable/Disable Security Posture API features for the cluster.
2446+
SecurityPostureConfig desired_security_posture_config = 124;
2447+
24082448
// Enable/Disable FQDN Network Policy for the cluster.
24092449
optional bool desired_enable_fqdn_network_policy = 126;
24102450

2451+
// The desired workload policy configuration for the autopilot cluster.
2452+
WorkloadPolicyConfig desired_autopilot_workload_policy_config = 128;
2453+
24112454
// Beta APIs enabled for cluster.
24122455
K8sBetaAPIConfig desired_k8s_beta_apis = 131;
24132456
}
@@ -4326,6 +4369,9 @@ message AcceleratorConfig {
43264369

43274370
// The configuration for GPU sharing options.
43284371
optional GPUSharingConfig gpu_sharing_config = 5;
4372+
4373+
// The configuration for auto installation of GPU driver.
4374+
optional GPUDriverInstallationConfig gpu_driver_installation_config = 6;
43294375
}
43304376

43314377
// GPUSharingConfig represents the GPU sharing configuration for Hardware
@@ -4347,6 +4393,28 @@ message GPUSharingConfig {
43474393
optional GPUSharingStrategy gpu_sharing_strategy = 2;
43484394
}
43494395

4396+
// GPUDriverInstallationConfig specifies the version of GPU driver to be auto
4397+
// installed.
4398+
message GPUDriverInstallationConfig {
4399+
// The GPU driver version to install.
4400+
enum GPUDriverVersion {
4401+
// Default value is to not install any GPU driver.
4402+
GPU_DRIVER_VERSION_UNSPECIFIED = 0;
4403+
4404+
// Disable GPU driver auto installation and needs manual installation
4405+
INSTALLATION_DISABLED = 1;
4406+
4407+
// "Default" GPU driver in COS and Ubuntu.
4408+
DEFAULT = 2;
4409+
4410+
// "Latest" GPU driver in COS.
4411+
LATEST = 3;
4412+
}
4413+
4414+
// Mode for how the GPU driver is installed.
4415+
optional GPUDriverVersion gpu_driver_version = 1;
4416+
}
4417+
43504418
// ManagedPrometheusConfig defines the configuration for
43514419
// Google Cloud Managed Service for Prometheus.
43524420
message ManagedPrometheusConfig {
@@ -5132,6 +5200,16 @@ message Master {}
51325200
message Autopilot {
51335201
// Enable Autopilot
51345202
bool enabled = 1;
5203+
5204+
// Workload policy configuration for Autopilot.
5205+
WorkloadPolicyConfig workload_policy_config = 2;
5206+
}
5207+
5208+
// WorkloadPolicyConfig is the configuration of workload policy for autopilot
5209+
// clusters.
5210+
message WorkloadPolicyConfig {
5211+
// If true, workloads can use NET_ADMIN capability.
5212+
optional bool allow_net_admin = 1;
51355213
}
51365214

51375215
// NotificationConfig is the configuration of notifications.

0 commit comments

Comments
 (0)