Skip to content

Commit ca49cb9

Browse files
Google APIscopybara-github
Google APIs
authored and
copybara-github
committed
feat: add API for GPU driver installation config
--- feat: add SecurityPostureConfig API field to allow customers to enable GKE Security Posture capabilities for their clusters --- feat: add workloadPolicyConfig API field to allow customer enable NET_ADMIN capability for their autopilot clusters PiperOrigin-RevId: 539136563
1 parent 77c99e4 commit ca49cb9

1 file changed

Lines changed: 78 additions & 0 deletions

File tree

google/container/v1beta1/cluster_service.proto

Lines changed: 78 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2098,6 +2098,9 @@ message Cluster {
20982098

20992099
// Fleet information for the cluster.
21002100
Fleet fleet = 140;
2101+
2102+
// Enable/Disable Security Posture API features for the cluster.
2103+
SecurityPostureConfig security_posture_config = 145;
21012104
}
21022105

21032106
// Kubernetes open source beta apis enabled on the cluster.
@@ -2157,6 +2160,40 @@ message ProtectConfig {
21572160
optional WorkloadVulnerabilityMode workload_vulnerability_mode = 2;
21582161
}
21592162

2163+
// SecurityPostureConfig defines the flags needed to enable/disable features for
2164+
// the Security Posture API.
2165+
message SecurityPostureConfig {
2166+
// Mode defines enablement mode for GKE Security posture features.
2167+
enum Mode {
2168+
// Default value not specified.
2169+
MODE_UNSPECIFIED = 0;
2170+
2171+
// Disables Security Posture features on the cluster.
2172+
DISABLED = 1;
2173+
2174+
// Applies Security Posture features on the cluster.
2175+
BASIC = 2;
2176+
}
2177+
2178+
// VulnerabilityMode defines enablement mode for vulnerability scanning.
2179+
enum VulnerabilityMode {
2180+
// Default value not specified.
2181+
VULNERABILITY_MODE_UNSPECIFIED = 0;
2182+
2183+
// Disables vulnerability scanning on the cluster.
2184+
VULNERABILITY_DISABLED = 1;
2185+
2186+
// Applies basic vulnerability scanning on the cluster.
2187+
VULNERABILITY_BASIC = 2;
2188+
}
2189+
2190+
// Sets which mode to use for Security Posture features.
2191+
optional Mode mode = 1;
2192+
2193+
// Sets which mode to use for vulnerability scanning.
2194+
optional VulnerabilityMode vulnerability_mode = 2;
2195+
}
2196+
21602197
// Subset of Nodepool message that has defaults.
21612198
message NodePoolDefaults {
21622199
// Subset of NodeConfig message that has defaults.
@@ -2405,9 +2442,15 @@ message ClusterUpdate {
24052442
// Kubernetes open source beta apis enabled on the cluster. Only beta apis
24062443
K8sBetaAPIConfig enable_k8s_beta_apis = 122;
24072444

2445+
// Enable/Disable Security Posture API features for the cluster.
2446+
SecurityPostureConfig desired_security_posture_config = 124;
2447+
24082448
// Enable/Disable FQDN Network Policy for the cluster.
24092449
optional bool desired_enable_fqdn_network_policy = 126;
24102450

2451+
// The desired workload policy configuration for the autopilot cluster.
2452+
WorkloadPolicyConfig desired_autopilot_workload_policy_config = 128;
2453+
24112454
// Beta APIs enabled for cluster.
24122455
K8sBetaAPIConfig desired_k8s_beta_apis = 131;
24132456
}
@@ -4326,6 +4369,9 @@ message AcceleratorConfig {
43264369

43274370
// The configuration for GPU sharing options.
43284371
optional GPUSharingConfig gpu_sharing_config = 5;
4372+
4373+
// The configuration for auto installation of GPU driver.
4374+
optional GPUDriverInstallationConfig gpu_driver_installation_config = 6;
43294375
}
43304376

43314377
// GPUSharingConfig represents the GPU sharing configuration for Hardware
@@ -4347,6 +4393,28 @@ message GPUSharingConfig {
43474393
optional GPUSharingStrategy gpu_sharing_strategy = 2;
43484394
}
43494395

4396+
// GPUDriverInstallationConfig specifies the version of GPU driver to be auto
4397+
// installed.
4398+
message GPUDriverInstallationConfig {
4399+
// The GPU driver version to install.
4400+
enum GPUDriverVersion {
4401+
// Default value is to not install any GPU driver.
4402+
GPU_DRIVER_VERSION_UNSPECIFIED = 0;
4403+
4404+
// Disable GPU driver auto installation and needs manual installation
4405+
INSTALLATION_DISABLED = 1;
4406+
4407+
// "Default" GPU driver in COS and Ubuntu.
4408+
DEFAULT = 2;
4409+
4410+
// "Latest" GPU driver in COS.
4411+
LATEST = 3;
4412+
}
4413+
4414+
// Mode for how the GPU driver is installed.
4415+
optional GPUDriverVersion gpu_driver_version = 1;
4416+
}
4417+
43504418
// ManagedPrometheusConfig defines the configuration for
43514419
// Google Cloud Managed Service for Prometheus.
43524420
message ManagedPrometheusConfig {
@@ -5132,6 +5200,16 @@ message Master {}
51325200
message Autopilot {
51335201
// Enable Autopilot
51345202
bool enabled = 1;
5203+
5204+
// Workload policy configuration for Autopilot.
5205+
WorkloadPolicyConfig workload_policy_config = 2;
5206+
}
5207+
5208+
// WorkloadPolicyConfig is the configuration of workload policy for autopilot
5209+
// clusters.
5210+
message WorkloadPolicyConfig {
5211+
// If true, workloads can use NET_ADMIN capability.
5212+
optional bool allow_net_admin = 1;
51355213
}
51365214

51375215
// NotificationConfig is the configuration of notifications.

0 commit comments

Comments
 (0)