1// Copyright 2023 Google LLC 2// 3// Licensed under the Apache License, Version 2.0 (the "License"); 4// you may not use this file except in compliance with the License. 5// You may obtain a copy of the License at 6// 7// http://www.apache.org/licenses/LICENSE-2.0 8// 9// Unless required by applicable law or agreed to in writing, software 10// distributed under the License is distributed on an "AS IS" BASIS, 11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12// See the License for the specific language governing permissions and 13// limitations under the License. 14 15syntax = "proto3"; 16 17package google.cloud.gkehub.v1beta1; 18 19import "google/api/annotations.proto"; 20import "google/api/client.proto"; 21import "google/api/field_behavior.proto"; 22import "google/api/resource.proto"; 23import "google/longrunning/operations.proto"; 24import "google/protobuf/empty.proto"; 25import "google/protobuf/field_mask.proto"; 26import "google/protobuf/timestamp.proto"; 27import "google/rpc/status.proto"; 28 29option csharp_namespace = "Google.Cloud.GkeHub.V1Beta1"; 30option go_package = "cloud.google.com/go/gkehub/apiv1beta1/gkehubpb;gkehubpb"; 31option java_multiple_files = true; 32option java_package = "com.google.cloud.gkehub.v1beta1"; 33option php_namespace = "Google\\Cloud\\GkeHub\\V1beta1"; 34option ruby_package = "Google::Cloud::GkeHub::V1beta1"; 35 36// The GKE Hub MembershipService handles the registration of many Kubernetes 37// clusters to Google Cloud, represented with the 38// [Membership][google.cloud.gkehub.v1beta1.Membership] resource. 39// 40// GKE Hub is currently available in the global region and all regions in 41// https://cloud.google.com/compute/docs/regions-zones. 42// 43// **Membership management may be non-trivial:** it is recommended to use one 44// of the Google-provided client libraries or tools where possible when working 45// with Membership resources. 46service GkeHubMembershipService { 47 option (google.api.default_host) = "gkehub.googleapis.com"; 48 option (google.api.oauth_scopes) = 49 "https://www.googleapis.com/auth/cloud-platform"; 50 51 // Lists Memberships in a given project and location. 52 rpc ListMemberships(ListMembershipsRequest) 53 returns (ListMembershipsResponse) { 54 option (google.api.http) = { 55 get: "/v1beta1/{parent=projects/*/locations/*}/memberships" 56 }; 57 option (google.api.method_signature) = "parent"; 58 } 59 60 // Gets the details of a Membership. 61 rpc GetMembership(GetMembershipRequest) returns (Membership) { 62 option (google.api.http) = { 63 get: "/v1beta1/{name=projects/*/locations/*/memberships/*}" 64 }; 65 option (google.api.method_signature) = "name"; 66 } 67 68 // Creates a new Membership. 69 // 70 // **This is currently only supported for GKE clusters on Google Cloud**. 71 // To register other clusters, follow the instructions at 72 // https://cloud.google.com/anthos/multicluster-management/connect/registering-a-cluster. 73 rpc CreateMembership(CreateMembershipRequest) 74 returns (google.longrunning.Operation) { 75 option (google.api.http) = { 76 post: "/v1beta1/{parent=projects/*/locations/*}/memberships" 77 body: "resource" 78 }; 79 option (google.api.method_signature) = "parent,resource,membership_id"; 80 option (google.longrunning.operation_info) = { 81 response_type: "Membership" 82 metadata_type: "OperationMetadata" 83 }; 84 } 85 86 // Removes a Membership. 87 // 88 // **This is currently only supported for GKE clusters on Google Cloud**. 89 // To unregister other clusters, follow the instructions at 90 // https://cloud.google.com/anthos/multicluster-management/connect/unregistering-a-cluster. 91 rpc DeleteMembership(DeleteMembershipRequest) 92 returns (google.longrunning.Operation) { 93 option (google.api.http) = { 94 delete: "/v1beta1/{name=projects/*/locations/*/memberships/*}" 95 }; 96 option (google.api.method_signature) = "name"; 97 option (google.longrunning.operation_info) = { 98 response_type: "google.protobuf.Empty" 99 metadata_type: "OperationMetadata" 100 }; 101 } 102 103 // Updates an existing Membership. 104 rpc UpdateMembership(UpdateMembershipRequest) 105 returns (google.longrunning.Operation) { 106 option (google.api.http) = { 107 patch: "/v1beta1/{name=projects/*/locations/*/memberships/*}" 108 body: "resource" 109 }; 110 option (google.api.method_signature) = "name,resource,update_mask"; 111 option (google.longrunning.operation_info) = { 112 response_type: "Membership" 113 metadata_type: "OperationMetadata" 114 }; 115 } 116 117 // Generates the manifest for deployment of the GKE connect agent. 118 // 119 // **This method is used internally by Google-provided libraries.** 120 // Most clients should not need to call this method directly. 121 rpc GenerateConnectManifest(GenerateConnectManifestRequest) 122 returns (GenerateConnectManifestResponse) { 123 option (google.api.http) = { 124 get: "/v1beta1/{name=projects/*/locations/*/memberships/*}:generateConnectManifest" 125 }; 126 } 127 128 // ValidateExclusivity validates the state of exclusivity in the cluster. 129 // The validation does not depend on an existing Hub membership resource. 130 rpc ValidateExclusivity(ValidateExclusivityRequest) 131 returns (ValidateExclusivityResponse) { 132 option (google.api.http) = { 133 get: "/v1beta1/{parent=projects/*/locations/*}/memberships:validateExclusivity" 134 }; 135 } 136 137 // GenerateExclusivityManifest generates the manifests to update the 138 // exclusivity artifacts in the cluster if needed. 139 // 140 // Exclusivity artifacts include the Membership custom resource definition 141 // (CRD) and the singleton Membership custom resource (CR). Combined with 142 // ValidateExclusivity, exclusivity artifacts guarantee that a Kubernetes 143 // cluster is only registered to a single GKE Hub. 144 // 145 // The Membership CRD is versioned, and may require conversion when the GKE 146 // Hub API server begins serving a newer version of the CRD and 147 // corresponding CR. The response will be the converted CRD and CR if there 148 // are any differences between the versions. 149 rpc GenerateExclusivityManifest(GenerateExclusivityManifestRequest) 150 returns (GenerateExclusivityManifestResponse) { 151 option (google.api.http) = { 152 get: "/v1beta1/{name=projects/*/locations/*/memberships/*}:generateExclusivityManifest" 153 }; 154 } 155} 156 157// Membership contains information about a member cluster. 158message Membership { 159 option (google.api.resource) = { 160 type: "gkehub.googleapis.com/Membership" 161 pattern: "projects/{project}/locations/{location}/memberships/{membership}" 162 }; 163 164 // Specifies the infrastructure type of a Membership. Infrastructure type is 165 // used by Hub to control infrastructure-specific behavior, including pricing. 166 // 167 // Each GKE distribution (on-GCP, on-Prem, on-X,...) will set this field 168 // automatically, but Attached Clusters customers should specify a type 169 // during registration. 170 enum InfrastructureType { 171 // No type was specified. Some Hub functionality may require a type be 172 // specified, and will not support Memberships with this value. 173 INFRASTRUCTURE_TYPE_UNSPECIFIED = 0; 174 175 // Private infrastructure that is owned or operated by customer. This 176 // includes GKE distributions such as GKE-OnPrem and GKE-OnBareMetal. 177 ON_PREM = 1; 178 179 // Public cloud infrastructure. 180 MULTI_CLOUD = 2; 181 } 182 183 // Output only. The full, unique name of this Membership resource in the 184 // format `projects/*/locations/*/memberships/{membership_id}`, set during 185 // creation. 186 // 187 // `membership_id` must be a valid RFC 1123 compliant DNS label: 188 // 189 // 1. At most 63 characters in length 190 // 2. It must consist of lower case alphanumeric characters or `-` 191 // 3. It must start and end with an alphanumeric character 192 // 193 // Which can be expressed as the regex: `[a-z0-9]([-a-z0-9]*[a-z0-9])?`, 194 // with a maximum length of 63 characters. 195 string name = 1 [(google.api.field_behavior) = OUTPUT_ONLY]; 196 197 // Optional. GCP labels for this membership. 198 map<string, string> labels = 2 [(google.api.field_behavior) = OPTIONAL]; 199 200 // Optional. Description of this membership, limited to 63 characters. 201 // Must match the regex: `[a-zA-Z0-9][a-zA-Z0-9_\-\.\ ]*` 202 string description = 3 [(google.api.field_behavior) = OPTIONAL]; 203 204 // Type of resource represented by this Membership 205 oneof type { 206 // Optional. Endpoint information to reach this member. 207 MembershipEndpoint endpoint = 4 [(google.api.field_behavior) = OPTIONAL]; 208 } 209 210 // Output only. State of the Membership resource. 211 MembershipState state = 5 [(google.api.field_behavior) = OUTPUT_ONLY]; 212 213 // Optional. How to identify workloads from this Membership. 214 // See the documentation on Workload Identity for more details: 215 // https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity 216 Authority authority = 9 [(google.api.field_behavior) = OPTIONAL]; 217 218 // Output only. When the Membership was created. 219 google.protobuf.Timestamp create_time = 6 220 [(google.api.field_behavior) = OUTPUT_ONLY]; 221 222 // Output only. When the Membership was last updated. 223 google.protobuf.Timestamp update_time = 7 224 [(google.api.field_behavior) = OUTPUT_ONLY]; 225 226 // Output only. When the Membership was deleted. 227 google.protobuf.Timestamp delete_time = 8 228 [(google.api.field_behavior) = OUTPUT_ONLY]; 229 230 // Optional. An externally-generated and managed ID for this Membership. This 231 // ID may be modified after creation, but this is not recommended. For GKE 232 // clusters, external_id is managed by the Hub API and updates will be 233 // ignored. 234 // 235 // The ID must match the regex: `[a-zA-Z0-9][a-zA-Z0-9_\-\.]*` 236 // 237 // If this Membership represents a Kubernetes cluster, this value should be 238 // set to the UID of the `kube-system` namespace object. 239 string external_id = 10 [(google.api.field_behavior) = OPTIONAL]; 240 241 // Output only. For clusters using Connect, the timestamp of the most recent 242 // connection established with Google Cloud. This time is updated every 243 // several minutes, not continuously. For clusters that do not use GKE 244 // Connect, or that have never connected successfully, this field will be 245 // unset. 246 google.protobuf.Timestamp last_connection_time = 11 247 [(google.api.field_behavior) = OUTPUT_ONLY]; 248 249 // Output only. Google-generated UUID for this resource. This is unique across 250 // all Membership resources. If a Membership resource is deleted and another 251 // resource with the same name is created, it gets a different unique_id. 252 string unique_id = 12 [(google.api.field_behavior) = OUTPUT_ONLY]; 253 254 // Optional. The infrastructure type this Membership is running on. 255 InfrastructureType infrastructure_type = 13 256 [(google.api.field_behavior) = OPTIONAL]; 257 258 // Optional. The monitoring config information for this membership. 259 MonitoringConfig monitoring_config = 14 260 [(google.api.field_behavior) = OPTIONAL]; 261} 262 263// MembershipEndpoint contains information needed to contact a Kubernetes API, 264// endpoint and any additional Kubernetes metadata. 265message MembershipEndpoint { 266 // Cluster information of the registered cluster. 267 oneof type { 268 // Optional. Specific information for a GKE-on-GCP cluster. 269 GkeCluster gke_cluster = 4 [(google.api.field_behavior) = OPTIONAL]; 270 271 // Optional. Specific information for a GKE On-Prem cluster. An onprem 272 // user-cluster who has no resourceLink is not allowed to use this field, it 273 // should have a nil "type" instead. 274 OnPremCluster on_prem_cluster = 7 [(google.api.field_behavior) = OPTIONAL]; 275 276 // Optional. Specific information for a GKE Multi-Cloud cluster. 277 MultiCloudCluster multi_cloud_cluster = 8 278 [(google.api.field_behavior) = OPTIONAL]; 279 280 // Optional. Specific information for a Google Edge cluster. 281 EdgeCluster edge_cluster = 9 [(google.api.field_behavior) = OPTIONAL]; 282 283 // Optional. Specific information for a GDC Edge Appliance cluster. 284 ApplianceCluster appliance_cluster = 10 285 [(google.api.field_behavior) = OPTIONAL]; 286 } 287 288 // Output only. Useful Kubernetes-specific metadata. 289 KubernetesMetadata kubernetes_metadata = 5 290 [(google.api.field_behavior) = OUTPUT_ONLY]; 291 292 // Optional. The in-cluster Kubernetes Resources that should be applied for a 293 // correctly registered cluster, in the steady state. These resources: 294 // 295 // * Ensure that the cluster is exclusively registered to one and only one 296 // Hub Membership. 297 // * Propagate Workload Pool Information available in the Membership 298 // Authority field. 299 // * Ensure proper initial configuration of default Hub Features. 300 KubernetesResource kubernetes_resource = 6 301 [(google.api.field_behavior) = OPTIONAL]; 302} 303 304// KubernetesResource contains the YAML manifests and configuration for 305// Membership Kubernetes resources in the cluster. After CreateMembership or 306// UpdateMembership, these resources should be re-applied in the cluster. 307message KubernetesResource { 308 // Input only. The YAML representation of the Membership CR. This field is 309 // ignored for GKE clusters where Hub can read the CR directly. 310 // 311 // Callers should provide the CR that is currently present in the cluster 312 // during CreateMembership or UpdateMembership, or leave this field empty if 313 // none exists. The CR manifest is used to validate the cluster has not been 314 // registered with another Membership. 315 string membership_cr_manifest = 1 [(google.api.field_behavior) = INPUT_ONLY]; 316 317 // Output only. Additional Kubernetes resources that need to be applied to the 318 // cluster after Membership creation, and after every update. 319 // 320 // This field is only populated in the Membership returned from a successful 321 // long-running operation from CreateMembership or UpdateMembership. It is not 322 // populated during normal GetMembership or ListMemberships requests. To get 323 // the resource manifest after the initial registration, the caller should 324 // make a UpdateMembership call with an empty field mask. 325 repeated ResourceManifest membership_resources = 2 326 [(google.api.field_behavior) = OUTPUT_ONLY]; 327 328 // Output only. The Kubernetes resources for installing the GKE Connect agent 329 // 330 // This field is only populated in the Membership returned from a successful 331 // long-running operation from CreateMembership or UpdateMembership. It is not 332 // populated during normal GetMembership or ListMemberships requests. To get 333 // the resource manifest after the initial registration, the caller should 334 // make a UpdateMembership call with an empty field mask. 335 repeated ResourceManifest connect_resources = 3 336 [(google.api.field_behavior) = OUTPUT_ONLY]; 337 338 // Optional. Options for Kubernetes resource generation. 339 ResourceOptions resource_options = 4 [(google.api.field_behavior) = OPTIONAL]; 340} 341 342// ResourceOptions represent options for Kubernetes resource generation. 343message ResourceOptions { 344 // Optional. The Connect agent version to use for connect_resources. Defaults 345 // to the latest GKE Connect version. The version must be a currently 346 // supported version, obsolete versions will be rejected. 347 string connect_version = 1 [(google.api.field_behavior) = OPTIONAL]; 348 349 // Optional. Use `apiextensions/v1beta1` instead of `apiextensions/v1` for 350 // CustomResourceDefinition resources. 351 // This option should be set for clusters with Kubernetes apiserver versions 352 // <1.16. 353 bool v1beta1_crd = 2 [(google.api.field_behavior) = OPTIONAL]; 354 355 // Optional. Major version of the Kubernetes cluster. This is only used to 356 // determine which version to use for the CustomResourceDefinition resources, 357 // `apiextensions/v1beta1` or`apiextensions/v1`. 358 string k8s_version = 3 [(google.api.field_behavior) = OPTIONAL]; 359} 360 361// ResourceManifest represents a single Kubernetes resource to be applied to 362// the cluster. 363message ResourceManifest { 364 // YAML manifest of the resource. 365 string manifest = 1; 366 367 // Whether the resource provided in the manifest is `cluster_scoped`. 368 // If unset, the manifest is assumed to be namespace scoped. 369 // 370 // This field is used for REST mapping when applying the resource in a 371 // cluster. 372 bool cluster_scoped = 2; 373} 374 375// GkeCluster contains information specific to GKE clusters. 376message GkeCluster { 377 // Immutable. Self-link of the GCP resource for the GKE cluster. For example: 378 // 379 // //container.googleapis.com/projects/my-project/locations/us-west1-a/clusters/my-cluster 380 // 381 // Zonal clusters are also supported. 382 string resource_link = 1 [(google.api.field_behavior) = IMMUTABLE]; 383 384 // Output only. If cluster_missing is set then it denotes that the GKE cluster 385 // no longer exists in the GKE Control Plane. 386 bool cluster_missing = 3 [(google.api.field_behavior) = OUTPUT_ONLY]; 387} 388 389// OnPremCluster contains information specific to GKE On-Prem clusters. 390message OnPremCluster { 391 // ClusterType describes on prem cluster's type. 392 enum ClusterType { 393 // The ClusterType is not set. 394 CLUSTERTYPE_UNSPECIFIED = 0; 395 396 // The ClusterType is bootstrap cluster. 397 BOOTSTRAP = 1; 398 399 // The ClusterType is baremetal hybrid cluster. 400 HYBRID = 2; 401 402 // The ClusterType is baremetal standalone cluster. 403 STANDALONE = 3; 404 405 // The ClusterType is user cluster. 406 USER = 4; 407 } 408 409 // Immutable. Self-link of the GCP resource for the GKE On-Prem cluster. For 410 // example: 411 // 412 // //gkeonprem.googleapis.com/projects/my-project/locations/us-west1-a/vmwareClusters/my-cluster 413 // //gkeonprem.googleapis.com/projects/my-project/locations/us-west1-a/bareMetalClusters/my-cluster 414 string resource_link = 1 [(google.api.field_behavior) = IMMUTABLE]; 415 416 // Output only. If cluster_missing is set then it denotes that 417 // API(gkeonprem.googleapis.com) resource for this GKE On-Prem cluster no 418 // longer exists. 419 bool cluster_missing = 2 [(google.api.field_behavior) = OUTPUT_ONLY]; 420 421 // Immutable. Whether the cluster is an admin cluster. 422 bool admin_cluster = 3 [(google.api.field_behavior) = IMMUTABLE]; 423 424 // Immutable. The on prem cluster's type. 425 ClusterType cluster_type = 4 [(google.api.field_behavior) = IMMUTABLE]; 426} 427 428// MultiCloudCluster contains information specific to GKE Multi-Cloud clusters. 429message MultiCloudCluster { 430 // Immutable. Self-link of the GCP resource for the GKE Multi-Cloud cluster. 431 // For example: 432 // 433 // //gkemulticloud.googleapis.com/projects/my-project/locations/us-west1-a/awsClusters/my-cluster 434 // //gkemulticloud.googleapis.com/projects/my-project/locations/us-west1-a/azureClusters/my-cluster 435 // //gkemulticloud.googleapis.com/projects/my-project/locations/us-west1-a/attachedClusters/my-cluster 436 string resource_link = 1 [(google.api.field_behavior) = IMMUTABLE]; 437 438 // Output only. If cluster_missing is set then it denotes that 439 // API(gkemulticloud.googleapis.com) resource for this GKE Multi-Cloud cluster 440 // no longer exists. 441 bool cluster_missing = 2 [(google.api.field_behavior) = OUTPUT_ONLY]; 442} 443 444// EdgeCluster contains information specific to Google Edge Clusters. 445message EdgeCluster { 446 // Immutable. Self-link of the GCP resource for the Edge Cluster. For 447 // example: 448 // 449 // //edgecontainer.googleapis.com/projects/my-project/locations/us-west1-a/clusters/my-cluster 450 string resource_link = 1 [(google.api.field_behavior) = IMMUTABLE]; 451} 452 453// ApplianceCluster contains information specific to GDC Edge Appliance 454// Clusters. 455message ApplianceCluster { 456 // Immutable. Self-link of the GCP resource for the Appliance Cluster. For 457 // example: 458 // 459 // //transferappliance.googleapis.com/projects/my-project/locations/us-west1-a/appliances/my-appliance 460 string resource_link = 1 [(google.api.field_behavior) = IMMUTABLE]; 461} 462 463// KubernetesMetadata provides informational metadata for Memberships 464// representing Kubernetes clusters. 465message KubernetesMetadata { 466 // Output only. Kubernetes API server version string as reported by 467 // '/version'. 468 string kubernetes_api_server_version = 1 469 [(google.api.field_behavior) = OUTPUT_ONLY]; 470 471 // Output only. Node providerID as reported by the first node in the list of 472 // nodes on the Kubernetes endpoint. On Kubernetes platforms that support 473 // zero-node clusters (like GKE-on-GCP), the node_count will be zero and the 474 // node_provider_id will be empty. 475 string node_provider_id = 2 [(google.api.field_behavior) = OUTPUT_ONLY]; 476 477 // Output only. Node count as reported by Kubernetes nodes resources. 478 int32 node_count = 3 [(google.api.field_behavior) = OUTPUT_ONLY]; 479 480 // Output only. vCPU count as reported by Kubernetes nodes resources. 481 int32 vcpu_count = 4 [(google.api.field_behavior) = OUTPUT_ONLY]; 482 483 // Output only. The total memory capacity as reported by the sum of all 484 // Kubernetes nodes resources, defined in MB. 485 int32 memory_mb = 5 [(google.api.field_behavior) = OUTPUT_ONLY]; 486 487 // Output only. The time at which these details were last updated. This 488 // update_time is different from the Membership-level update_time since 489 // EndpointDetails are updated internally for API consumers. 490 google.protobuf.Timestamp update_time = 100 491 [(google.api.field_behavior) = OUTPUT_ONLY]; 492} 493 494// Authority encodes how Google will recognize identities from this Membership. 495// See the workload identity documentation for more details: 496// https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity 497message Authority { 498 // Optional. A JSON Web Token (JWT) issuer URI. `issuer` must start with 499 // `https://` and be a valid URL with length <2000 characters. 500 // 501 // If set, then Google will allow valid OIDC tokens from this issuer to 502 // authenticate within the workload_identity_pool. OIDC discovery will be 503 // performed on this URI to validate tokens from the issuer. 504 // 505 // Clearing `issuer` disables Workload Identity. `issuer` cannot be directly 506 // modified; it must be cleared (and Workload Identity disabled) before using 507 // a new issuer (and re-enabling Workload Identity). 508 string issuer = 1 [(google.api.field_behavior) = OPTIONAL]; 509 510 // Output only. The name of the workload identity pool in which `issuer` will 511 // be recognized. 512 // 513 // There is a single Workload Identity Pool per Hub that is shared 514 // between all Memberships that belong to that Hub. For a Hub hosted in 515 // {PROJECT_ID}, the workload pool format is `{PROJECT_ID}.hub.id.goog`, 516 // although this is subject to change in newer versions of this API. 517 string workload_identity_pool = 2 [(google.api.field_behavior) = OUTPUT_ONLY]; 518 519 // Output only. An identity provider that reflects the `issuer` in the 520 // workload identity pool. 521 string identity_provider = 3 [(google.api.field_behavior) = OUTPUT_ONLY]; 522 523 // Optional. OIDC verification keys for this Membership in JWKS format (RFC 524 // 7517). 525 // 526 // When this field is set, OIDC discovery will NOT be performed on `issuer`, 527 // and instead OIDC tokens will be validated using this field. 528 bytes oidc_jwks = 4 [(google.api.field_behavior) = OPTIONAL]; 529} 530 531// This field informs Fleet-based applications/services/UIs with the necessary 532// information for where each underlying Cluster reports its metrics. 533message MonitoringConfig { 534 // Immutable. Project used to report Metrics 535 string project_id = 1 [(google.api.field_behavior) = IMMUTABLE]; 536 537 // Immutable. Location used to report Metrics 538 string location = 2 [(google.api.field_behavior) = IMMUTABLE]; 539 540 // Immutable. Cluster name used to report metrics. 541 // For Anthos on VMWare/Baremetal, it would be in format 542 // `memberClusters/cluster_name`; And for Anthos on MultiCloud, it would be in 543 // format 544 // `{azureClusters, awsClusters}/cluster_name`. 545 string cluster = 3 [(google.api.field_behavior) = IMMUTABLE]; 546 547 // Kubernetes system metrics, if available, are written to this prefix. 548 // This defaults to kubernetes.io for GKE, and kubernetes.io/anthos for Anthos 549 // eventually. Noted: Anthos MultiCloud will have kubernetes.io prefix today 550 // but will migration to be under kubernetes.io/anthos 551 string kubernetes_metrics_prefix = 4; 552 553 // Immutable. Cluster hash, this is a unique string generated by google code, 554 // which does not contain any PII, which we can use to reference the cluster. 555 // This is expected to be created by the monitoring stack and persisted into 556 // the Cluster object as well as to GKE-Hub. 557 string cluster_hash = 5 [(google.api.field_behavior) = IMMUTABLE]; 558} 559 560// State of the Membership resource. 561message MembershipState { 562 // Code describes the state of a Membership resource. 563 enum Code { 564 // The code is not set. 565 CODE_UNSPECIFIED = 0; 566 567 // The cluster is being registered. 568 CREATING = 1; 569 570 // The cluster is registered. 571 READY = 2; 572 573 // The cluster is being unregistered. 574 DELETING = 3; 575 576 // The Membership is being updated. 577 UPDATING = 4; 578 579 // The Membership is being updated by the Hub Service. 580 SERVICE_UPDATING = 5; 581 } 582 583 // Output only. The current state of the Membership resource. 584 Code code = 1 [(google.api.field_behavior) = OUTPUT_ONLY]; 585 586 // This field is never set by the Hub Service. 587 string description = 2 [deprecated = true]; 588 589 // This field is never set by the Hub Service. 590 google.protobuf.Timestamp update_time = 3 [deprecated = true]; 591} 592 593// Request message for `GkeHubMembershipService.ListMemberships` method. 594message ListMembershipsRequest { 595 // Required. The parent (project and location) where the Memberships will be 596 // listed. Specified in the format `projects/*/locations/*`. 597 // `projects/*/locations/-` list memberships in all the regions. 598 string parent = 1 [ 599 (google.api.field_behavior) = REQUIRED, 600 (google.api.resource_reference) = { 601 child_type: "gkehub.googleapis.com/Membership" 602 } 603 ]; 604 605 // Optional. When requesting a 'page' of resources, `page_size` specifies 606 // number of resources to return. If unspecified or set to 0, all resources 607 // will be returned. 608 int32 page_size = 2 [(google.api.field_behavior) = OPTIONAL]; 609 610 // Optional. Token returned by previous call to `ListMemberships` which 611 // specifies the position in the list from where to continue listing the 612 // resources. 613 string page_token = 3 [(google.api.field_behavior) = OPTIONAL]; 614 615 // Optional. Lists Memberships that match the filter expression, following the 616 // syntax outlined in https://google.aip.dev/160. 617 // 618 // Examples: 619 // 620 // - Name is `bar` in project `foo-proj` and location `global`: 621 // 622 // name = "projects/foo-proj/locations/global/membership/bar" 623 // 624 // - Memberships that have a label called `foo`: 625 // 626 // labels.foo:* 627 // 628 // - Memberships that have a label called `foo` whose value is `bar`: 629 // 630 // labels.foo = bar 631 // 632 // - Memberships in the CREATING state: 633 // 634 // state = CREATING 635 string filter = 4 [(google.api.field_behavior) = OPTIONAL]; 636 637 // Optional. One or more fields to compare and use to sort the output. 638 // See https://google.aip.dev/132#ordering. 639 string order_by = 5 [(google.api.field_behavior) = OPTIONAL]; 640} 641 642// Response message for the `GkeHubMembershipService.ListMemberships` method. 643message ListMembershipsResponse { 644 // The list of matching Memberships. 645 repeated Membership resources = 1; 646 647 // A token to request the next page of resources from the 648 // `ListMemberships` method. The value of an empty string means that 649 // there are no more resources to return. 650 string next_page_token = 2; 651 652 // List of locations that could not be reached while fetching this list. 653 repeated string unreachable = 3; 654} 655 656// Request message for `GkeHubMembershipService.GetMembership` method. 657message GetMembershipRequest { 658 // Required. The Membership resource name in the format 659 // `projects/*/locations/*/memberships/*`. 660 string name = 1 [ 661 (google.api.field_behavior) = REQUIRED, 662 (google.api.resource_reference) = { 663 type: "gkehub.googleapis.com/Membership" 664 } 665 ]; 666} 667 668// Request message for the `GkeHubMembershipService.CreateMembership` method. 669message CreateMembershipRequest { 670 // Required. The parent (project and location) where the Memberships will be 671 // created. Specified in the format `projects/*/locations/*`. 672 string parent = 1 [ 673 (google.api.field_behavior) = REQUIRED, 674 (google.api.resource_reference) = { 675 child_type: "gkehub.googleapis.com/Membership" 676 } 677 ]; 678 679 // Required. Client chosen ID for the membership. `membership_id` must be a 680 // valid RFC 1123 compliant DNS label: 681 // 682 // 1. At most 63 characters in length 683 // 2. It must consist of lower case alphanumeric characters or `-` 684 // 3. It must start and end with an alphanumeric character 685 // 686 // Which can be expressed as the regex: `[a-z0-9]([-a-z0-9]*[a-z0-9])?`, 687 // with a maximum length of 63 characters. 688 string membership_id = 2 [(google.api.field_behavior) = REQUIRED]; 689 690 // Required. The membership to create. 691 Membership resource = 3 [(google.api.field_behavior) = REQUIRED]; 692 693 // Optional. A request ID to identify requests. Specify a unique request ID 694 // so that if you must retry your request, the server will know to ignore 695 // the request if it has already been completed. The server will guarantee 696 // that for at least 60 minutes after the first request. 697 // 698 // For example, consider a situation where you make an initial request and 699 // the request times out. If you make the request again with the same request 700 // ID, the server can check if original operation with the same request ID 701 // was received, and if so, will ignore the second request. This prevents 702 // clients from accidentally creating duplicate commitments. 703 // 704 // The request ID must be a valid UUID with the exception that zero UUID is 705 // not supported (00000000-0000-0000-0000-000000000000). 706 string request_id = 4 [(google.api.field_behavior) = OPTIONAL]; 707} 708 709// Request message for `GkeHubMembershipService.DeleteMembership` method. 710message DeleteMembershipRequest { 711 // Required. The Membership resource name in the format 712 // `projects/*/locations/*/memberships/*`. 713 string name = 1 [ 714 (google.api.field_behavior) = REQUIRED, 715 (google.api.resource_reference) = { 716 type: "gkehub.googleapis.com/Membership" 717 } 718 ]; 719 720 // Optional. A request ID to identify requests. Specify a unique request ID 721 // so that if you must retry your request, the server will know to ignore 722 // the request if it has already been completed. The server will guarantee 723 // that for at least 60 minutes after the first request. 724 // 725 // For example, consider a situation where you make an initial request and 726 // the request times out. If you make the request again with the same request 727 // ID, the server can check if original operation with the same request ID 728 // was received, and if so, will ignore the second request. This prevents 729 // clients from accidentally creating duplicate commitments. 730 // 731 // The request ID must be a valid UUID with the exception that zero UUID is 732 // not supported (00000000-0000-0000-0000-000000000000). 733 string request_id = 4 [(google.api.field_behavior) = OPTIONAL]; 734 735 // Optional. If set to true, any subresource from this Membership will also be 736 // deleted. Otherwise, the request will only work if the Membership has no 737 // subresource. 738 bool force = 5 [(google.api.field_behavior) = OPTIONAL]; 739} 740 741// Request message for `GkeHubMembershipService.UpdateMembership` method. 742message UpdateMembershipRequest { 743 // Required. The membership resource name in the format: 744 // `projects/[project_id]/locations/global/memberships/[membership_id]` 745 string name = 1 [ 746 (google.api.field_behavior) = REQUIRED, 747 (google.api.resource_reference) = { 748 type: "gkehub.googleapis.com/Membership" 749 } 750 ]; 751 752 // Required. Mask of fields to update. At least one field path must be 753 // specified in this mask. 754 google.protobuf.FieldMask update_mask = 2 755 [(google.api.field_behavior) = REQUIRED]; 756 757 // Required. Only fields specified in update_mask are updated. 758 // If you specify a field in the update_mask but don't specify its value here 759 // that field will be deleted. 760 // If you are updating a map field, set the value of a key to null or empty 761 // string to delete the key from the map. It's not possible to update a key's 762 // value to the empty string. 763 // If you specify the update_mask to be a special path "*", fully replaces all 764 // user-modifiable fields to match `resource`. 765 Membership resource = 3 [(google.api.field_behavior) = REQUIRED]; 766 767 // Optional. A request ID to identify requests. Specify a unique request ID 768 // so that if you must retry your request, the server will know to ignore 769 // the request if it has already been completed. The server will guarantee 770 // that for at least 60 minutes after the first request. 771 // 772 // For example, consider a situation where you make an initial request and 773 // the request times out. If you make the request again with the same request 774 // ID, the server can check if original operation with the same request ID 775 // was received, and if so, will ignore the second request. This prevents 776 // clients from accidentally creating duplicate commitments. 777 // 778 // The request ID must be a valid UUID with the exception that zero UUID is 779 // not supported (00000000-0000-0000-0000-000000000000). 780 string request_id = 4 [(google.api.field_behavior) = OPTIONAL]; 781} 782 783// Request message for `GkeHubMembershipService.GenerateConnectManifest` 784// method. 785message GenerateConnectManifestRequest { 786 // Required. The Membership resource name the Agent will associate with, in 787 // the format `projects/*/locations/*/memberships/*`. 788 string name = 1 [ 789 (google.api.field_behavior) = REQUIRED, 790 (google.api.resource_reference) = { 791 type: "gkehub.googleapis.com/Membership" 792 } 793 ]; 794 795 // Optional. The connect agent to generate manifest for. 796 ConnectAgent connect_agent = 2 [(google.api.field_behavior) = OPTIONAL]; 797 798 // Optional. The Connect agent version to use. Defaults to the most current 799 // version. 800 string version = 3 [(google.api.field_behavior) = OPTIONAL]; 801 802 // Optional. If true, generate the resources for upgrade only. Some resources 803 // generated only for installation (e.g. secrets) will be excluded. 804 bool is_upgrade = 4 [(google.api.field_behavior) = OPTIONAL]; 805 806 // Optional. The registry to fetch the connect agent image from. Defaults to 807 // gcr.io/gkeconnect. 808 string registry = 5 [(google.api.field_behavior) = OPTIONAL]; 809 810 // Optional. The image pull secret content for the registry, if not public. 811 bytes image_pull_secret_content = 6 [(google.api.field_behavior) = OPTIONAL]; 812} 813 814// GenerateConnectManifestResponse contains manifest information for 815// installing/upgrading a Connect agent. 816message GenerateConnectManifestResponse { 817 // The ordered list of Kubernetes resources that need to be applied to the 818 // cluster for GKE Connect agent installation/upgrade. 819 repeated ConnectAgentResource manifest = 1; 820} 821 822// ConnectAgentResource represents a Kubernetes resource manifest for Connect 823// Agent deployment. 824message ConnectAgentResource { 825 // Kubernetes type of the resource. 826 TypeMeta type = 1; 827 828 // YAML manifest of the resource. 829 string manifest = 2; 830} 831 832// TypeMeta is the type information needed for content unmarshalling of 833// Kubernetes resources in the manifest. 834message TypeMeta { 835 // Kind of the resource (e.g. Deployment). 836 string kind = 1; 837 838 // APIVersion of the resource (e.g. v1). 839 string api_version = 2; 840} 841 842// The information required from end users to use GKE Connect. 843message ConnectAgent { 844 // Do not set. 845 string name = 1 [deprecated = true]; 846 847 // Optional. URI of a proxy if connectivity from the agent to 848 // gkeconnect.googleapis.com requires the use of a proxy. Format must be in 849 // the form `http(s)://{proxy_address}`, depending on the HTTP/HTTPS protocol 850 // supported by the proxy. This will direct the connect agent's outbound 851 // traffic through a HTTP(S) proxy. 852 bytes proxy = 2 [(google.api.field_behavior) = OPTIONAL]; 853 854 // Optional. Namespace for GKE Connect agent resources. Defaults to 855 // `gke-connect`. 856 // 857 // The Connect Agent is authorized automatically when run in the default 858 // namespace. Otherwise, explicit authorization must be granted with an 859 // additional IAM binding. 860 string namespace = 3 [(google.api.field_behavior) = OPTIONAL]; 861} 862 863// The request to validate the existing state of the membership CR in the 864// cluster. 865message ValidateExclusivityRequest { 866 // Required. The parent (project and location) where the Memberships will be 867 // created. Specified in the format `projects/*/locations/*`. 868 string parent = 1 [ 869 (google.api.field_behavior) = REQUIRED, 870 (google.api.resource_reference) = { 871 child_type: "gkehub.googleapis.com/Membership" 872 } 873 ]; 874 875 // Optional. The YAML of the membership CR in the cluster. Empty if the 876 // membership CR does not exist. 877 string cr_manifest = 2 [(google.api.field_behavior) = OPTIONAL]; 878 879 // Required. The intended membership name under the `parent`. This method only 880 // does validation in anticipation of a CreateMembership call with the same 881 // name. 882 string intended_membership = 3 [(google.api.field_behavior) = REQUIRED]; 883} 884 885// The response of exclusivity artifacts validation result status. 886message ValidateExclusivityResponse { 887 // The validation result. 888 // 889 // * `OK` means that exclusivity is validated, assuming the manifest produced 890 // by GenerateExclusivityManifest is successfully applied. 891 // * `ALREADY_EXISTS` means that the Membership CRD is already owned by 892 // another Hub. See `status.message` for more information. 893 google.rpc.Status status = 1; 894} 895 896// The request to generate the manifests for exclusivity artifacts. 897message GenerateExclusivityManifestRequest { 898 // Required. The Membership resource name in the format 899 // `projects/*/locations/*/memberships/*`. 900 string name = 1 [ 901 (google.api.field_behavior) = REQUIRED, 902 (google.api.resource_reference) = { 903 type: "gkehub.googleapis.com/Membership" 904 } 905 ]; 906 907 // Optional. The YAML manifest of the membership CRD retrieved by 908 // `kubectl get customresourcedefinitions membership`. 909 // Leave empty if the resource does not exist. 910 string crd_manifest = 2 [(google.api.field_behavior) = OPTIONAL]; 911 912 // Optional. The YAML manifest of the membership CR retrieved by 913 // `kubectl get memberships membership`. 914 // Leave empty if the resource does not exist. 915 string cr_manifest = 3 [(google.api.field_behavior) = OPTIONAL]; 916} 917 918// The response of the exclusivity artifacts manifests for the client to apply. 919message GenerateExclusivityManifestResponse { 920 // The YAML manifest of the membership CRD to apply if a newer version of the 921 // CRD is available. Empty if no update needs to be applied. 922 string crd_manifest = 1; 923 924 // The YAML manifest of the membership CR to apply if a new version of the 925 // CR is available. Empty if no update needs to be applied. 926 string cr_manifest = 2; 927} 928 929// Represents the metadata of the long-running operation. 930message OperationMetadata { 931 // Output only. The time the operation was created. 932 google.protobuf.Timestamp create_time = 1 933 [(google.api.field_behavior) = OUTPUT_ONLY]; 934 935 // Output only. The time the operation finished running. 936 google.protobuf.Timestamp end_time = 2 937 [(google.api.field_behavior) = OUTPUT_ONLY]; 938 939 // Output only. Server-defined resource path for the target of the operation. 940 string target = 3 [(google.api.field_behavior) = OUTPUT_ONLY]; 941 942 // Output only. Name of the verb executed by the operation. 943 string verb = 4 [(google.api.field_behavior) = OUTPUT_ONLY]; 944 945 // Output only. Human-readable status of the operation, if any. 946 string status_detail = 5 [(google.api.field_behavior) = OUTPUT_ONLY]; 947 948 // Output only. Identifies whether the user has requested cancellation 949 // of the operation. Operations that have successfully been cancelled 950 // have [Operation.error][] value with a 951 // [google.rpc.Status.code][google.rpc.Status.code] of 1, corresponding to 952 // `Code.CANCELLED`. 953 bool cancel_requested = 6 [(google.api.field_behavior) = OUTPUT_ONLY]; 954 955 // Output only. API version used to start the operation. 956 string api_version = 7 [(google.api.field_behavior) = OUTPUT_ONLY]; 957} 958