feat: add API to enable/disable secret manager csi component on GKE clusters

Google APIs · copybara-github · commit 8d73440c77f9 · 2024-03-05T22:34:43.000-08:00
PiperOrigin-RevId: 613087806
diff --git a/google/container/v1beta1/cluster_service.proto b/google/container/v1beta1/cluster_service.proto
@@ -2284,6 +2284,9 @@ message Cluster {
 
   // GKE Enterprise Configuration.
   EnterpriseConfig enterprise_config = 149;
+
+  // Secret CSI driver configuration.
+  SecretManagerConfig secret_manager_config = 150;
 }
 
 // Kubernetes open source beta apis enabled on the cluster.
@@ -2664,6 +2667,12 @@ message ClusterUpdate {
 
   // Specify the details of in-transit encryption.
   optional InTransitEncryptionConfig desired_in_transit_encryption_config = 137;
+
+  // Enable/Disable Cilium Clusterwide Network Policy for the cluster.
+  optional bool desired_enable_cilium_clusterwide_network_policy = 138;
+
+  // Enable/Disable Secret Manager Config.
+  optional SecretManagerConfig desired_secret_manager_config = 139;
 }
 
 // AdditionalPodRangesConfig is the configuration for additional pod secondary
@@ -4979,6 +4988,9 @@ message NetworkConfig {
 
   // Specify the details of in-transit encryption.
   optional InTransitEncryptionConfig in_transit_encryption_config = 20;
+
+  // Whether CiliumClusterWideNetworkPolicy is enabled on this cluster.
+  optional bool enable_cilium_clusterwide_network_policy = 21;
 }
 
 // GatewayAPIConfig contains the desired config of Gateway API on this cluster.
@@ -5942,6 +5954,12 @@ message EnterpriseConfig {
   ClusterTier cluster_tier = 1 [(google.api.field_behavior) = OUTPUT_ONLY];
 }
 
+// SecretManagerConfig is config for secret manager enablement.
+message SecretManagerConfig {
+  // Whether the cluster is configured to use secret manager CSI component.
+  optional bool enabled = 1;
+}
+
 // SecondaryBootDisk represents a persistent disk attached to a node
 // with special configurations based on its mode.
 message SecondaryBootDisk {
