feat: add APIs for GKE Control Plane Logs

Google APIs · copybara-github · commit 30e2c3b92e23 · 2022-11-04T09:52:58.000-07:00
---
feat: GKE cluster's control plan/node-pool network isolation

Users now can change the network isolation for your public cluster's control plane.
By default, when a new public cluster is created, GKE assigns a public IP address (external endpoint) to the control plane and provisions
public nodes. New APIs allows to change cluster network isolation of the control plane and/or node-pool from the internet

---
feat: add nodeconfig resource_labels api

---
feat: add API to enable GKE Gateway controller
PiperOrigin-RevId: 486164478
diff --git a/google/container/v1/cluster_service.proto b/google/container/v1/cluster_service.proto
@@ -493,6 +493,21 @@ service ClusterManager {
 
 // Parameters that can be configured on Linux nodes.
 message LinuxNodeConfig {
+  // Possible cgroup modes that can be used.
+  enum CgroupMode {
+    // CGROUP_MODE_UNSPECIFIED is when unspecified cgroup configuration is used.
+    // The default for the GKE node OS image will be used.
+    CGROUP_MODE_UNSPECIFIED = 0;
+
+    // CGROUP_MODE_V1 specifies to use cgroupv1 for the cgroup configuration on
+    // the node image.
+    CGROUP_MODE_V1 = 1;
+
+    // CGROUP_MODE_V2 specifies to use cgroupv2 for the cgroup configuration on
+    // the node image.
+    CGROUP_MODE_V2 = 2;
+  }
+
   // The Linux kernel parameters to be applied to the nodes and all pods running
   // on the nodes.
   //
@@ -510,6 +525,9 @@ message LinuxNodeConfig {
   // net.ipv4.tcp_wmem
   // net.ipv4.tcp_tw_reuse
   map<string, string> sysctls = 1;
+
+  // cgroup_mode specifies the cgroup mode to be used on the node.
+  CgroupMode cgroup_mode = 2;
 }
 
 // Node kubelet configs.
@@ -741,6 +759,10 @@ message NodeConfig {
   // All the nodes in the node pool will be Confidential VM once enabled.
   ConfidentialNodes confidential_nodes = 35;
 
+  // The resource labels for the node pool to use to annotate any related
+  // Google Compute Engine resources.
+  map<string, string> resource_labels = 37;
+
   // Logging configuration.
   NodePoolLoggingConfig logging_config = 38;
 }
@@ -811,6 +833,11 @@ message NodeNetworkConfig {
   // This field cannot be changed after the node pool has been created.
   string pod_ipv4_cidr_block = 6;
 
+  // Whether nodes have internal IP addresses only.
+  // If enable_private_nodes is not specified, then the value is derived from
+  // [cluster.privateClusterConfig.enablePrivateNodes][google.container.v1beta1.PrivateClusterConfig.enablePrivateNodes]
+  optional bool enable_private_nodes = 9;
+
   // Network bandwidth tier configuration.
   optional NetworkPerformanceConfig network_performance_config = 11;
 }
@@ -934,6 +961,13 @@ message NodeLabels {
   map<string, string> labels = 1;
 }
 
+// Collection of [GCP
+// labels](https://cloud.google.com/resource-manager/docs/creating-managing-labels).
+message ResourceLabels {
+  // Map of node label keys and node label values.
+  map<string, string> labels = 1;
+}
+
 // Collection of Compute Engine network tags that can be applied to a node's
 // underlying VM instance.
 message NetworkTags {
@@ -1107,6 +1141,10 @@ message PrivateClusterConfig {
 
   // Controls master global access settings.
   PrivateClusterMasterGlobalAccessConfig master_global_access_config = 8;
+
+  // Subnet to provision the master's private endpoint during cluster creation.
+  // Specified in projects/*/regions/*/subnetworks/* format.
+  string private_endpoint_subnetwork = 10;
 }
 
 // Configuration for returning group information from authenticators.
@@ -1185,6 +1223,9 @@ message MasterAuthorizedNetworksConfig {
   // cidr_blocks define up to 50 external networks that could access
   // Kubernetes master through HTTPS.
   repeated CidrBlock cidr_blocks = 2;
+
+  // Whether master is accessbile via Google Compute Engine Public IP addresses.
+  optional bool gcp_public_cidrs_access_enabled = 3;
 }
 
 // Configuration for the legacy Attribute Based Access Control authorization
@@ -1881,6 +1922,9 @@ message ClusterUpdate {
   // ExternalIPs field.
   ServiceExternalIPsConfig desired_service_external_ips_config = 60;
 
+  // Enable/Disable private endpoint for the cluster's master.
+  optional bool desired_enable_private_endpoint = 71;
+
   // The Kubernetes version to change the master to.
   //
   // Users may specify either explicit versions offered by
@@ -1900,6 +1944,9 @@ message ClusterUpdate {
   // in autopilot clusters and node auto-provisioning enabled clusters.
   NetworkTags desired_node_pool_auto_config_network_tags = 110;
 
+  // The desired config of Gateway API on this cluster.
+  GatewayAPIConfig desired_gateway_api_config = 114;
+
   // The desired node pool logging configuration defaults for the cluster.
   NodePoolLoggingConfig desired_node_pool_logging_config = 116;
 }
@@ -2239,6 +2286,10 @@ message UpdateNodePoolRequest {
 
   // Logging configuration.
   NodePoolLoggingConfig logging_config = 32;
+
+  // The resource labels for the node pool to use to annotate any related
+  // Google Compute Engine resources.
+  ResourceLabels resource_labels = 33;
 }
 
 // SetNodePoolAutoscalingRequest sets the autoscaler settings of a node pool.
@@ -2762,7 +2813,7 @@ message BlueGreenSettings {
   message StandardRolloutPolicy {
     // Blue pool size to drain in a batch.
     oneof update_batch_size {
-      // Percentage of the bool pool nodes to drain in a batch.
+      // Percentage of the blue pool nodes to drain in a batch.
       // The range of this field should be (0.0, 1.0].
       float batch_percentage = 1;
 
@@ -3737,6 +3788,32 @@ message NetworkConfig {
   // ServiceExternalIPsConfig specifies if services with externalIPs field are
   // blocked or not.
   ServiceExternalIPsConfig service_external_ips_config = 15;
+
+  // GatewayAPIConfig contains the desired config of Gateway API on this
+  // cluster.
+  GatewayAPIConfig gateway_api_config = 16;
+}
+
+// GatewayAPIConfig contains the desired config of Gateway API on this cluster.
+message GatewayAPIConfig {
+  // Channel describes if/how Gateway API should be installed and implemented in
+  // a cluster.
+  enum Channel {
+    // Default value.
+    CHANNEL_UNSPECIFIED = 0;
+
+    // Gateway API support is disabled
+    CHANNEL_DISABLED = 1;
+
+    // Gateway API support is enabled, experimental CRDs are installed
+    CHANNEL_EXPERIMENTAL = 3;
+
+    // Gateway API support is enabled, standard CRDs are installed
+    CHANNEL_STANDARD = 4;
+  }
+
+  // The Gateway API release channel to use for Gateway API.
+  Channel channel = 1;
 }
 
 // Config to block services with externalIPs field.
@@ -4310,6 +4387,15 @@ message LoggingComponentConfig {
 
     // workloads
     WORKLOADS = 2;
+
+    // kube-apiserver
+    APISERVER = 3;
+
+    // kube-scheduler
+    SCHEDULER = 4;
+
+    // kube-controller-manager
+    CONTROLLER_MANAGER = 5;
   }
 
   // Select components to collect logs. An empty set would disable all logging.
diff --git a/google/container/v1/container_v1.yaml b/google/container/v1/container_v1.yaml
@@ -34,3 +34,6 @@ authentication:
     oauth:
       canonical_scopes: |-
         https://www.googleapis.com/auth/cloud-platform
+
+publishing:
+  organization: CLIENT_LIBRARY_ORGANIZATION_UNSPECIFIED
