feat: A new message HugepagesConfig is added

Google APIs · copybara-github · commit 9516e70a70d6 · 2024-06-07T11:30:54.000-07:00
feat: A new field `hugepages` is added to message `.google.container.v1.LinuxNodeConfig`
feat: A new field `containerd_config` is added to message `.google.container.v1.NodeConfig`
feat: A new field `enable_nested_virtualization` is added to message `.google.container.v1.AdvancedMachineFeatures`
feat: A new message `ContainerdConfig` is added
feat: A new field `satisfies_pzs` is added to message `.google.container.v1.Cluster`
feat: A new field `satisfies_pzi` is added to message `.google.container.v1.Cluster`
feat: A new value `ENTERPRISE` is added to enum `Mode`
feat: A new field `node_kubelet_config` is added to message `.google.container.v1.NodePoolAutoConfig`
feat: A new field `containerd_config` is added to message `.google.container.v1.NodeConfigDefaults`
feat: A new field `node_kubelet_config` is added to message `.google.container.v1.NodeConfigDefaults`
feat: A new field `desired_containerd_config` is added to message `.google.container.v1.ClusterUpdate`
feat: A new field `desired_node_kubelet_config` is added to message `.google.container.v1.ClusterUpdate`
feat: A new field `desired_node_pool_auto_config_kubelet_config` is added to message `.google.container.v1.ClusterUpdate`
feat: A new field `accelerators` is added to message `.google.container.v1.UpdateNodePoolRequest`
feat: A new field `containerd_config` is added to message `.google.container.v1.UpdateNodePoolRequest`
feat: A new value `MPS` is added to enum `GPUSharingStrategy`
feat: A new field `additive_vpc_scope_dns_domain` is added to message `.google.container.v1.DNSConfig`
feat: A new value `CADVISOR` is added to enum `Component`
feat: A new value `KUBELET` is added to enum `Component`
docs: A comment for field `desired_private_cluster_config` in message `.google.container.v1.ClusterUpdate` is changed
docs: A comment for field `in_transit_encryption_config` in message `.google.container.v1.NetworkConfig` is changed

PiperOrigin-RevId: 641308642
diff --git a/google/container/v1/cluster_service.proto b/google/container/v1/cluster_service.proto
@@ -532,6 +532,15 @@ message LinuxNodeConfig {
     CGROUP_MODE_V2 = 2;
   }
 
+  // Hugepages amount in both 2m and 1g size
+  message HugepagesConfig {
+    // Optional. Amount of 2M hugepages
+    optional int32 hugepage_size2m = 1 [(google.api.field_behavior) = OPTIONAL];
+
+    // Optional. Amount of 1G hugepages
+    optional int32 hugepage_size1g = 2 [(google.api.field_behavior) = OPTIONAL];
+  }
+
   // The Linux kernel parameters to be applied to the nodes and all pods running
   // on the nodes.
   //
@@ -552,6 +561,10 @@ message LinuxNodeConfig {
 
   // cgroup_mode specifies the cgroup mode to be used on the node.
   CgroupMode cgroup_mode = 2;
+
+  // Optional. Amounts for 2M and 1G hugepages
+  optional HugepagesConfig hugepages = 3
+      [(google.api.field_behavior) = OPTIONAL];
 }
 
 // Parameters that can be configured on Windows nodes.
@@ -831,6 +844,9 @@ message NodeConfig {
   // Parameters for node pools to be backed by shared sole tenant node groups.
   SoleTenantConfig sole_tenant_config = 42;
 
+  // Parameters for containerd customization.
+  ContainerdConfig containerd_config = 43;
+
   // A map of resource manager tag keys and values to be attached to the nodes.
   ResourceManagerTags resource_manager_tags = 45;
 
@@ -852,6 +868,9 @@ message AdvancedMachineFeatures {
   // multithreading (SMT) set this to 1. If unset, the maximum number of threads
   // supported per core by the underlying processor is assumed.
   optional int64 threads_per_core = 1;
+
+  // Whether or not to enable nested virtualization (defaults to false).
+  optional bool enable_nested_virtualization = 2;
 }
 
 // Parameters for node pool-level network config.
@@ -1080,6 +1099,53 @@ message SoleTenantConfig {
   repeated NodeAffinity node_affinities = 1;
 }
 
+// ContainerdConfig contains configuration to customize containerd.
+message ContainerdConfig {
+  // PrivateRegistryAccessConfig contains access configuration for
+  // private container registries.
+  message PrivateRegistryAccessConfig {
+    // CertificateAuthorityDomainConfig configures one or more fully qualified
+    // domain names (FQDN) to a specific certificate.
+    message CertificateAuthorityDomainConfig {
+      // GCPSecretManagerCertificateConfig configures a secret from
+      // [Google Secret Manager](https://cloud.google.com/secret-manager).
+      message GCPSecretManagerCertificateConfig {
+        // Secret URI, in the form
+        // "projects/$PROJECT_ID/secrets/$SECRET_NAME/versions/$VERSION".
+        // Version can be fixed (e.g. "2") or "latest"
+        string secret_uri = 1;
+      }
+
+      // List of fully qualified domain names (FQDN).
+      // Specifying port is supported.
+      // Wilcards are NOT supported.
+      // Examples:
+      // - my.customdomain.com
+      // - 10.0.1.2:5000
+      repeated string fqdns = 1;
+
+      // Certificate access config. The following are supported:
+      // - GCPSecretManagerCertificateConfig
+      oneof certificate_config {
+        // Google Secret Manager (GCP) certificate configuration.
+        GCPSecretManagerCertificateConfig
+            gcp_secret_manager_certificate_config = 2;
+      }
+    }
+
+    // Private registry access is enabled.
+    bool enabled = 1;
+
+    // Private registry access configuration.
+    repeated CertificateAuthorityDomainConfig
+        certificate_authority_domain_config = 2;
+  }
+
+  // PrivateRegistryAccessConfig is used to configure access configuration
+  // for private container registries.
+  PrivateRegistryAccessConfig private_registry_access_config = 1;
+}
+
 // Kubernetes taint is composed of three fields: key, value, and effect. Effect
 // can only be one of three types:  NoSchedule, PreferNoSchedule or NoExecute.
 //
@@ -1998,6 +2064,12 @@ message Cluster {
 
   // GKE Enterprise Configuration.
   EnterpriseConfig enterprise_config = 149;
+
+  // Output only. Reserved for future use.
+  optional bool satisfies_pzs = 152 [(google.api.field_behavior) = OUTPUT_ONLY];
+
+  // Output only. Reserved for future use.
+  optional bool satisfies_pzi = 153 [(google.api.field_behavior) = OUTPUT_ONLY];
 }
 
 // K8sBetaAPIConfig , configuration for beta APIs
@@ -2019,6 +2091,9 @@ message SecurityPostureConfig {
 
     // Applies Security Posture features on the cluster.
     BASIC = 2;
+
+    // Applies the Security Posture off cluster Enterprise level features.
+    ENTERPRISE = 3;
   }
 
   // VulnerabilityMode defines enablement mode for vulnerability scanning.
@@ -2056,6 +2131,11 @@ message NodePoolAutoConfig {
   // Resource manager tag keys and values to be attached to the nodes
   // for managing Compute Engine firewalls using Network Firewall Policies.
   ResourceManagerTags resource_manager_tags = 2;
+
+  // NodeKubeletConfig controls the defaults for autoprovisioned node-pools.
+  //
+  // Currently only `insecure_kubelet_readonly_port_enabled` can be set here.
+  NodeKubeletConfig node_kubelet_config = 3;
 }
 
 // Subset of Nodepool message that has defaults.
@@ -2071,6 +2151,14 @@ message NodeConfigDefaults {
 
   // Logging configuration for node pools.
   NodePoolLoggingConfig logging_config = 3;
+
+  // Parameters for containerd customization.
+  ContainerdConfig containerd_config = 4;
+
+  // NodeKubeletConfig controls the defaults for new node-pools.
+  //
+  // Currently only `insecure_kubelet_readonly_port_enabled` can be set here.
+  NodeKubeletConfig node_kubelet_config = 6;
 }
 
 // ClusterUpdate describes an update to the cluster. Exactly one update can
@@ -2179,7 +2267,12 @@ message ClusterUpdate {
   // Cluster-level Vertical Pod Autoscaling configuration.
   VerticalPodAutoscaling desired_vertical_pod_autoscaling = 22;
 
-  // The desired private cluster configuration.
+  // The desired private cluster configuration. master_global_access_config is
+  // the only field that can be changed via this field.
+  // See also
+  // [ClusterUpdate.desired_enable_private_endpoint][google.container.v1.ClusterUpdate.desired_enable_private_endpoint]
+  // for modifying other fields within
+  // [PrivateClusterConfig][google.container.v1.PrivateClusterConfig].
   PrivateClusterConfig desired_private_cluster_config = 25;
 
   // The desired config of Intra-node visibility.
@@ -2288,6 +2381,9 @@ message ClusterUpdate {
   // Desired Beta APIs to be enabled for cluster.
   K8sBetaAPIConfig desired_k8s_beta_apis = 131;
 
+  // The desired containerd config for the cluster.
+  ContainerdConfig desired_containerd_config = 134;
+
   // Enable/Disable Multi-Networking for the cluster
   optional bool desired_enable_multi_networking = 135;
 
@@ -2300,6 +2396,13 @@ message ClusterUpdate {
 
   // Enable/Disable Cilium Clusterwide Network Policy for the cluster.
   optional bool desired_enable_cilium_clusterwide_network_policy = 138;
+
+  // The desired node kubelet config for the cluster.
+  NodeKubeletConfig desired_node_kubelet_config = 141;
+
+  // The desired node kubelet config for all auto-provisioned node pools
+  // in autopilot clusters and node auto-provisioning enabled clusters.
+  NodeKubeletConfig desired_node_pool_auto_config_kubelet_config = 142;
 }
 
 // AdditionalPodRangesConfig is the configuration for additional pod secondary
@@ -2759,6 +2862,11 @@ message UpdateNodePoolRequest {
   // Parameters that can be configured on Windows nodes.
   WindowsNodeConfig windows_node_config = 34;
 
+  // A list of hardware accelerators to be attached to each node.
+  // See https://cloud.google.com/compute/docs/gpus for more information about
+  // support for GPUs.
+  repeated AcceleratorConfig accelerators = 35;
+
   // Optional. The desired [Google Compute Engine machine
   // type](https://cloud.google.com/compute/docs/machine-types) for nodes in the
   // node pool. Initiates an upgrade operation that migrates the nodes in the
@@ -2782,6 +2890,11 @@ message UpdateNodePoolRequest {
   // Existing tags will be replaced with new values.
   ResourceManagerTags resource_manager_tags = 39;
 
+  // The desired containerd config for nodes in the node pool.
+  // Initiates an upgrade operation that recreates the nodes with the new
+  // config.
+  ContainerdConfig containerd_config = 40;
+
   // Specifies the configuration of queued provisioning.
   NodePool.QueuedProvisioning queued_provisioning = 42;
 }
@@ -4187,6 +4300,9 @@ message GPUSharingConfig {
 
     // GPUs are time-shared between containers.
     TIME_SHARING = 1;
+
+    // GPUs are shared between containers with NVIDIA MPS.
+    MPS = 2;
   }
 
   // The max number of containers that can share a physical GPU.
@@ -4406,6 +4522,7 @@ message NetworkConfig {
   optional bool enable_fqdn_network_policy = 19;
 
   // Specify the details of in-transit encryption.
+  // Now named inter-node transparent encryption.
   optional InTransitEncryptionConfig in_transit_encryption_config = 20;
 
   // Whether CiliumClusterwideNetworkPolicy is enabled on this cluster.
@@ -4669,6 +4786,10 @@ message DNSConfig {
 
   // cluster_dns_domain is the suffix used for all cluster service records.
   string cluster_dns_domain = 3;
+
+  // Optional. The domain used in Additive VPC scope.
+  string additive_vpc_scope_dns_domain = 5
+      [(google.api.field_behavior) = OPTIONAL];
 }
 
 // Constraints applied to pods.
@@ -5259,6 +5380,12 @@ message MonitoringComponentConfig {
 
     // Statefulset
     STATEFULSET = 12;
+
+    // CADVISOR
+    CADVISOR = 13;
+
+    // KUBELET
+    KUBELET = 14;
   }
 
   // Select components to collect metrics. An empty set would disable all
