feat: add ResourceManagerTags API to attach tags on the underlying Compute Engine VMs of GKE Nodes which can be used to selectively enforce Cloud Firewall network firewall policies

Google APIs · copybara-github · commit facb658ce05e · 2023-10-30T12:57:13.000-07:00
---
feat: add CompleteConvertToAutopilot API to commit Autopilot conversion operation

---
docs: updated comments
PiperOrigin-RevId: 577928708
diff --git a/google/container/v1/cluster_service.proto b/google/container/v1/cluster_service.proto
@@ -831,6 +831,9 @@ message NodeConfig {
 
   // Parameters for node pools to be backed by shared sole tenant node groups.
   SoleTenantConfig sole_tenant_config = 42;
+
+  // A map of resource manager tag keys and values to be attached to the nodes.
+  ResourceManagerTags resource_manager_tags = 45;
 }
 
 // Specifies options for controlling advanced machine features.
@@ -2022,6 +2025,10 @@ message NodePoolAutoConfig {
   // the client during cluster creation. Each tag within the list
   // must comply with RFC1035.
   NetworkTags network_tags = 1;
+
+  // Resource manager tag keys and values to be attached to the nodes
+  // for managing Compute Engine firewalls using Network Firewall Policies.
+  ResourceManagerTags resource_manager_tags = 2;
 }
 
 // Subset of Nodepool message that has defaults.
@@ -2253,6 +2260,10 @@ message ClusterUpdate {
 
   // Desired Beta APIs to be enabled for cluster.
   K8sBetaAPIConfig desired_k8s_beta_apis = 131;
+
+  // The desired resource manager tags that apply to all auto-provisioned node
+  // pools in autopilot clusters and node auto-provisioning enabled clusters.
+  ResourceManagerTags desired_node_pool_auto_config_resource_manager_tags = 136;
 }
 
 // AdditionalPodRangesConfig is the configuration for additional pod secondary
@@ -2415,6 +2426,10 @@ message Operation {
     // [documentation on
     // resizes](https://cloud.google.com/kubernetes-engine/docs/concepts/maintenance-windows-and-exclusions#repairs).
     RESIZE_CLUSTER = 18;
+
+    // Fleet features of GKE Enterprise are being upgraded. The cluster should
+    // be assumed to be blocked for other upgrades until the operation finishes.
+    FLEET_FEATURE_UPGRADE = 19;
   }
 
   // The server-assigned ID for the operation.
@@ -2725,6 +2740,11 @@ message UpdateNodePoolRequest {
   // Initiates an upgrade operation that migrates the nodes in the
   // node pool to the specified disk size.
   int64 disk_size_gb = 38 [(google.api.field_behavior) = OPTIONAL];
+
+  // Desired resource manager tag keys and values to be attached to the nodes
+  // for managing Compute Engine firewalls using Network Firewall Policies.
+  // Existing tags will be replaced with new values.
+  ResourceManagerTags resource_manager_tags = 39;
 }
 
 // SetNodePoolAutoscalingRequest sets the autoscaler settings of a node pool.
@@ -5210,27 +5230,61 @@ enum IPv6AccessType {
 }
 
 // LocalNvmeSsdBlockConfig contains configuration for using raw-block local
-// NVMe SSD.
+// NVMe SSDs
 message LocalNvmeSsdBlockConfig {
-  // The number of raw-block local NVMe SSD disks to be attached to the node.
-  // Each local SSD is 375 GB in size. If zero, it means no raw-block local NVMe
-  // SSD disks to be attached to the node.
-  // The limit for this value is dependent upon the maximum number of
-  // disks available on a machine per zone. See:
+  // Number of local NVMe SSDs to use.  The limit for this value is dependent
+  // upon the maximum number of disk available on a machine per zone. See:
   // https://cloud.google.com/compute/docs/disks/local-ssd
   // for more information.
+  //
+  // A zero (or unset) value has different meanings depending on machine type
+  // being used:
+  // 1. For pre-Gen3 machines, which support flexible numbers of local ssds,
+  // zero (or unset) means to disable using local SSDs as ephemeral storage.
+  // 2. For Gen3 machines which dictate a specific number of local ssds, zero
+  // (or unset) means to use the default number of local ssds that goes with
+  // that machine type. For example, for a c3-standard-8-lssd machine, 2 local
+  // ssds would be provisioned. For c3-standard-8 (which doesn't support local
+  // ssds), 0 will be provisioned. See
+  // https://cloud.google.com/compute/docs/disks/local-ssd#choose_number_local_ssds
+  // for more info.
   int32 local_ssd_count = 1;
 }
 
 // EphemeralStorageLocalSsdConfig contains configuration for the node ephemeral
-// storage using Local SSD.
+// storage using Local SSDs.
 message EphemeralStorageLocalSsdConfig {
   // Number of local SSDs to use to back ephemeral storage. Uses NVMe
-  // interfaces. Each local SSD is 375 GB in size.
-  // If zero, it means to disable using local SSDs as ephemeral storage.
-  // The limit for this value is dependent upon the maximum number of
-  // disks available on a machine per zone. See:
+  // interfaces.
+  //
+  // A zero (or unset) value has different meanings depending on machine type
+  // being used:
+  // 1. For pre-Gen3 machines, which support flexible numbers of local ssds,
+  // zero (or unset) means to disable using local SSDs as ephemeral storage. The
+  // limit for this value is dependent upon the maximum number of disk
+  // available on a machine per zone. See:
   // https://cloud.google.com/compute/docs/disks/local-ssd
   // for more information.
+  // 2. For Gen3 machines which dictate a specific number of local ssds, zero
+  // (or unset) means to use the default number of local ssds that goes with
+  // that machine type. For example, for a c3-standard-8-lssd machine, 2 local
+  // ssds would be provisioned. For c3-standard-8 (which doesn't support local
+  // ssds), 0 will be provisioned. See
+  // https://cloud.google.com/compute/docs/disks/local-ssd#choose_number_local_ssds
+  // for more info.
   int32 local_ssd_count = 1;
 }
+
+// A map of resource manager tag keys and values to be attached to the nodes
+// for managing Compute Engine firewalls using Network Firewall Policies.
+// Tags must be according to specifications in
+// https://cloud.google.com/vpc/docs/tags-firewalls-overview#specifications.
+// A maximum of 5 tag key-value pairs can be specified.
+// Existing tags will be replaced with new values.
+message ResourceManagerTags {
+  // TagKeyValue must be in one of the following formats ([KEY]=[VALUE])
+  // 1. `tagKeys/{tag_key_id}=tagValues/{tag_value_id}`
+  // 2. `{org_id}/{tag_key_name}={tag_value_name}`
+  // 3. `{project_id}/{tag_key_name}={tag_value_name}`
+  map<string, string> tags = 1;
+}
