Skip to content

Commit b7e9312

Browse files
Google APIscopybara-github
Google APIs
authored and
copybara-github
committed
feat: add API for GPU driver installation config
--- feat: add SecurityPostureConfig API field to allow customers to enable GKE Security Posture capabilities for their clusters --- feat: add workloadPolicyConfig API field to allow customer enable NET_ADMIN capability for their autopilot clusters PiperOrigin-RevId: 538770734
1 parent 1ceef69 commit b7e9312

1 file changed

Lines changed: 78 additions & 0 deletions

File tree

google/container/v1/cluster_service.proto

Lines changed: 78 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1911,6 +1911,9 @@ message Cluster {
19111911
// Fleet information for the cluster.
19121912
Fleet fleet = 140;
19131913

1914+
// Enable/Disable Security Posture API features for the cluster.
1915+
SecurityPostureConfig security_posture_config = 145;
1916+
19141917
// Beta APIs Config
19151918
K8sBetaAPIConfig enable_k8s_beta_apis = 143;
19161919
}
@@ -1921,6 +1924,40 @@ message K8sBetaAPIConfig {
19211924
repeated string enabled_apis = 1;
19221925
}
19231926

1927+
// SecurityPostureConfig defines the flags needed to enable/disable features for
1928+
// the Security Posture API.
1929+
message SecurityPostureConfig {
1930+
// Mode defines enablement mode for GKE Security posture features.
1931+
enum Mode {
1932+
// Default value not specified.
1933+
MODE_UNSPECIFIED = 0;
1934+
1935+
// Disables Security Posture features on the cluster.
1936+
DISABLED = 1;
1937+
1938+
// Applies Security Posture features on the cluster.
1939+
BASIC = 2;
1940+
}
1941+
1942+
// VulnerabilityMode defines enablement mode for vulnerability scanning.
1943+
enum VulnerabilityMode {
1944+
// Default value not specified.
1945+
VULNERABILITY_MODE_UNSPECIFIED = 0;
1946+
1947+
// Disables vulnerability scanning on the cluster.
1948+
VULNERABILITY_DISABLED = 1;
1949+
1950+
// Applies basic vulnerability scanning on the cluster.
1951+
VULNERABILITY_BASIC = 2;
1952+
}
1953+
1954+
// Sets which mode to use for Security Posture features.
1955+
optional Mode mode = 1;
1956+
1957+
// Sets which mode to use for vulnerability scanning.
1958+
optional VulnerabilityMode vulnerability_mode = 2;
1959+
}
1960+
19241961
// Node pool configs that apply to all auto-provisioned node pools
19251962
// in autopilot clusters and node auto-provisioning enabled clusters.
19261963
message NodePoolAutoConfig {
@@ -2145,9 +2182,15 @@ message ClusterUpdate {
21452182
// Kubernetes open source beta apis enabled on the cluster. Only beta apis
21462183
K8sBetaAPIConfig enable_k8s_beta_apis = 122;
21472184

2185+
// Enable/Disable Security Posture API features for the cluster.
2186+
SecurityPostureConfig desired_security_posture_config = 124;
2187+
21482188
// Enable/Disable FQDN Network Policy for the cluster.
21492189
optional bool desired_enable_fqdn_network_policy = 126;
21502190

2191+
// The desired workload policy configuration for the autopilot cluster.
2192+
WorkloadPolicyConfig desired_autopilot_workload_policy_config = 128;
2193+
21512194
// Desired Beta APIs to be enabled for cluster.
21522195
K8sBetaAPIConfig desired_k8s_beta_apis = 131;
21532196
}
@@ -3956,6 +3999,9 @@ message AcceleratorConfig {
39563999

39574000
// The configuration for GPU sharing options.
39584001
optional GPUSharingConfig gpu_sharing_config = 5;
4002+
4003+
// The configuration for auto installation of GPU driver.
4004+
optional GPUDriverInstallationConfig gpu_driver_installation_config = 6;
39594005
}
39604006

39614007
// GPUSharingConfig represents the GPU sharing configuration for Hardware
@@ -3977,6 +4023,28 @@ message GPUSharingConfig {
39774023
optional GPUSharingStrategy gpu_sharing_strategy = 2;
39784024
}
39794025

4026+
// GPUDriverInstallationConfig specifies the version of GPU driver to be auto
4027+
// installed.
4028+
message GPUDriverInstallationConfig {
4029+
// The GPU driver version to install.
4030+
enum GPUDriverVersion {
4031+
// Default value is to not install any GPU driver.
4032+
GPU_DRIVER_VERSION_UNSPECIFIED = 0;
4033+
4034+
// Disable GPU driver auto installation and needs manual installation
4035+
INSTALLATION_DISABLED = 1;
4036+
4037+
// "Default" GPU driver in COS and Ubuntu.
4038+
DEFAULT = 2;
4039+
4040+
// "Latest" GPU driver in COS.
4041+
LATEST = 3;
4042+
}
4043+
4044+
// Mode for how the GPU driver is installed.
4045+
optional GPUDriverVersion gpu_driver_version = 1;
4046+
}
4047+
39804048
// WorkloadMetadataConfig defines the metadata configuration to expose to
39814049
// workloads on the node pool.
39824050
message WorkloadMetadataConfig {
@@ -4785,6 +4853,16 @@ message SecurityBulletinEvent {
47854853
message Autopilot {
47864854
// Enable Autopilot
47874855
bool enabled = 1;
4856+
4857+
// Workload policy configuration for Autopilot.
4858+
WorkloadPolicyConfig workload_policy_config = 2;
4859+
}
4860+
4861+
// WorkloadPolicyConfig is the configuration of workload policy for autopilot
4862+
// clusters.
4863+
message WorkloadPolicyConfig {
4864+
// If true, workloads can use NET_ADMIN capability.
4865+
optional bool allow_net_admin = 1;
47884866
}
47894867

47904868
// LoggingConfig is cluster logging configuration.

0 commit comments

Comments
 (0)