grpc1.45.2/third_party/googleapis/google/container/v1/cluster_service.proto

// Copyright 2021 Google LLC
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//     http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

syntax = "proto3";

package google.container.v1;

import "google/api/annotations.proto";
import "google/api/client.proto";
import "google/api/field_behavior.proto";
import "google/protobuf/empty.proto";
import "google/protobuf/timestamp.proto";

option csharp_namespace = "Google.Cloud.Container.V1";
option go_package = "google.golang.org/genproto/googleapis/container/v1;container";
option java_multiple_files = true;
option java_outer_classname = "ClusterServiceProto";
option java_package = "com.google.container.v1";
option php_namespace = "Google\\Cloud\\Container\\V1";
option ruby_package = "Google::Cloud::Container::V1";

// Google Kubernetes Engine Cluster Manager v1
service ClusterManager {
  option (google.api.default_host) = "container.googleapis.com";
  option (google.api.oauth_scopes) = "https://www.googleapis.com/auth/cloud-platform";

  // Lists all clusters owned by a project in either the specified zone or all
  // zones.
  rpc ListClusters(ListClustersRequest) returns (ListClustersResponse) {
    option (google.api.http) = {
      get: "/v1/{parent=projects/*/locations/*}/clusters"
      additional_bindings {
        get: "/v1/projects/{project_id}/zones/{zone}/clusters"
      }
    };
    option (google.api.method_signature) = "project_id,zone";
    option (google.api.method_signature) = "parent";
  }

  // Gets the details of a specific cluster.
  rpc GetCluster(GetClusterRequest) returns (Cluster) {
    option (google.api.http) = {
      get: "/v1/{name=projects/*/locations/*/clusters/*}"
      additional_bindings {
        get: "/v1/projects/{project_id}/zones/{zone}/clusters/{cluster_id}"
      }
    };
    option (google.api.method_signature) = "project_id,zone,cluster_id";
    option (google.api.method_signature) = "name";
  }

  // Creates a cluster, consisting of the specified number and type of Google
  // Compute Engine instances.
  //
  // By default, the cluster is created in the project's
  // [default
  // network](https://cloud.google.com/compute/docs/networks-and-firewalls#networks).
  //
  // One firewall is added for the cluster. After cluster creation,
  // the Kubelet creates routes for each node to allow the containers
  // on that node to communicate with all other instances in the
  // cluster.
  //
  // Finally, an entry is added to the project's global metadata indicating
  // which CIDR range the cluster is using.
  rpc CreateCluster(CreateClusterRequest) returns (Operation) {
    option (google.api.http) = {
      post: "/v1/{parent=projects/*/locations/*}/clusters"
      body: "*"
      additional_bindings {
        post: "/v1/projects/{project_id}/zones/{zone}/clusters"
        body: "*"
      }
    };
    option (google.api.method_signature) = "project_id,zone,cluster";
    option (google.api.method_signature) = "parent,cluster";
  }

  // Updates the settings of a specific cluster.
  rpc UpdateCluster(UpdateClusterRequest) returns (Operation) {
    option (google.api.http) = {
      put: "/v1/{name=projects/*/locations/*/clusters/*}"
      body: "*"
      additional_bindings {
        put: "/v1/projects/{project_id}/zones/{zone}/clusters/{cluster_id}"
        body: "*"
      }
    };
    option (google.api.method_signature) = "project_id,zone,cluster_id,update";
    option (google.api.method_signature) = "name,update";
  }

  // Updates the version and/or image type for the specified node pool.
  rpc UpdateNodePool(UpdateNodePoolRequest) returns (Operation) {
    option (google.api.http) = {
      put: "/v1/{name=projects/*/locations/*/clusters/*/nodePools/*}"
      body: "*"
      additional_bindings {
        post: "/v1/projects/{project_id}/zones/{zone}/clusters/{cluster_id}/nodePools/{node_pool_id}/update"
        body: "*"
      }
    };
  }

  // Sets the autoscaling settings for the specified node pool.
  rpc SetNodePoolAutoscaling(SetNodePoolAutoscalingRequest) returns (Operation) {
    option (google.api.http) = {
      post: "/v1/{name=projects/*/locations/*/clusters/*/nodePools/*}:setAutoscaling"
      body: "*"
      additional_bindings {
        post: "/v1/projects/{project_id}/zones/{zone}/clusters/{cluster_id}/nodePools/{node_pool_id}/autoscaling"
        body: "*"
      }
    };
  }

  // Sets the logging service for a specific cluster.
  rpc SetLoggingService(SetLoggingServiceRequest) returns (Operation) {
    option (google.api.http) = {
      post: "/v1/{name=projects/*/locations/*/clusters/*}:setLogging"
      body: "*"
      additional_bindings {
        post: "/v1/projects/{project_id}/zones/{zone}/clusters/{cluster_id}/logging"
        body: "*"
      }
    };
    option (google.api.method_signature) = "project_id,zone,cluster_id,logging_service";
    option (google.api.method_signature) = "name,logging_service";
  }

  // Sets the monitoring service for a specific cluster.
  rpc SetMonitoringService(SetMonitoringServiceRequest) returns (Operation) {
    option (google.api.http) = {
      post: "/v1/{name=projects/*/locations/*/clusters/*}:setMonitoring"
      body: "*"
      additional_bindings {
        post: "/v1/projects/{project_id}/zones/{zone}/clusters/{cluster_id}/monitoring"
        body: "*"
      }
    };
    option (google.api.method_signature) = "project_id,zone,cluster_id,monitoring_service";
    option (google.api.method_signature) = "name,monitoring_service";
  }

  // Sets the addons for a specific cluster.
  rpc SetAddonsConfig(SetAddonsConfigRequest) returns (Operation) {
    option (google.api.http) = {
      post: "/v1/{name=projects/*/locations/*/clusters/*}:setAddons"
      body: "*"
      additional_bindings {
        post: "/v1/projects/{project_id}/zones/{zone}/clusters/{cluster_id}/addons"
        body: "*"
      }
    };
    option (google.api.method_signature) = "project_id,zone,cluster_id,addons_config";
    option (google.api.method_signature) = "name,addons_config";
  }

  // Sets the locations for a specific cluster.
  // Deprecated. Use
  // [projects.locations.clusters.update](https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1/projects.locations.clusters/update)
  // instead.
  rpc SetLocations(SetLocationsRequest) returns (Operation) {
    option deprecated = true;
    option (google.api.http) = {
      post: "/v1/{name=projects/*/locations/*/clusters/*}:setLocations"
      body: "*"
      additional_bindings {
        post: "/v1/projects/{project_id}/zones/{zone}/clusters/{cluster_id}/locations"
        body: "*"
      }
    };
    option (google.api.method_signature) = "project_id,zone,cluster_id,locations";
    option (google.api.method_signature) = "name,locations";
  }

  // Updates the master for a specific cluster.
  rpc UpdateMaster(UpdateMasterRequest) returns (Operation) {
    option (google.api.http) = {
      post: "/v1/{name=projects/*/locations/*/clusters/*}:updateMaster"
      body: "*"
      additional_bindings {
        post: "/v1/projects/{project_id}/zones/{zone}/clusters/{cluster_id}/master"
        body: "*"
      }
    };
    option (google.api.method_signature) = "project_id,zone,cluster_id,master_version";
    option (google.api.method_signature) = "name,master_version";
  }

  // Sets master auth materials. Currently supports changing the admin password
  // or a specific cluster, either via password generation or explicitly setting
  // the password.
  rpc SetMasterAuth(SetMasterAuthRequest) returns (Operation) {
    option (google.api.http) = {
      post: "/v1/{name=projects/*/locations/*/clusters/*}:setMasterAuth"
      body: "*"
      additional_bindings {
        post: "/v1/projects/{project_id}/zones/{zone}/clusters/{cluster_id}:setMasterAuth"
        body: "*"
      }
    };
  }

  // Deletes the cluster, including the Kubernetes endpoint and all worker
  // nodes.
  //
  // Firewalls and routes that were configured during cluster creation
  // are also deleted.
  //
  // Other Google Compute Engine resources that might be in use by the cluster,
  // such as load balancer resources, are not deleted if they weren't present
  // when the cluster was initially created.
  rpc DeleteCluster(DeleteClusterRequest) returns (Operation) {
    option (google.api.http) = {
      delete: "/v1/{name=projects/*/locations/*/clusters/*}"
      additional_bindings {
        delete: "/v1/projects/{project_id}/zones/{zone}/clusters/{cluster_id}"
      }
    };
    option (google.api.method_signature) = "project_id,zone,cluster_id";
    option (google.api.method_signature) = "name";
  }

  // Lists all operations in a project in a specific zone or all zones.
  rpc ListOperations(ListOperationsRequest) returns (ListOperationsResponse) {
    option (google.api.http) = {
      get: "/v1/{parent=projects/*/locations/*}/operations"
      additional_bindings {
        get: "/v1/projects/{project_id}/zones/{zone}/operations"
      }
    };
    option (google.api.method_signature) = "project_id,zone";
  }

  // Gets the specified operation.
  rpc GetOperation(GetOperationRequest) returns (Operation) {
    option (google.api.http) = {
      get: "/v1/{name=projects/*/locations/*/operations/*}"
      additional_bindings {
        get: "/v1/projects/{project_id}/zones/{zone}/operations/{operation_id}"
      }
    };
    option (google.api.method_signature) = "project_id,zone,operation_id";
    option (google.api.method_signature) = "name";
  }

  // Cancels the specified operation.
  rpc CancelOperation(CancelOperationRequest) returns (google.protobuf.Empty) {
    option (google.api.http) = {
      post: "/v1/{name=projects/*/locations/*/operations/*}:cancel"
      body: "*"
      additional_bindings {
        post: "/v1/projects/{project_id}/zones/{zone}/operations/{operation_id}:cancel"
        body: "*"
      }
    };
    option (google.api.method_signature) = "project_id,zone,operation_id";
    option (google.api.method_signature) = "name";
  }

  // Returns configuration info about the Google Kubernetes Engine service.
  rpc GetServerConfig(GetServerConfigRequest) returns (ServerConfig) {
    option (google.api.http) = {
      get: "/v1/{name=projects/*/locations/*}/serverConfig"
      additional_bindings {
        get: "/v1/projects/{project_id}/zones/{zone}/serverconfig"
      }
    };
    option (google.api.method_signature) = "project_id,zone";
    option (google.api.method_signature) = "name";
  }

  // Gets the public component of the cluster signing keys in
  // JSON Web Key format.
  // This API is not yet intended for general use, and is not available for all
  // clusters.
  rpc GetJSONWebKeys(GetJSONWebKeysRequest) returns (GetJSONWebKeysResponse) {
    option (google.api.http) = {
      get: "/v1/{parent=projects/*/locations/*/clusters/*}/jwks"
    };
  }

  // Lists the node pools for a cluster.
  rpc ListNodePools(ListNodePoolsRequest) returns (ListNodePoolsResponse) {
    option (google.api.http) = {
      get: "/v1/{parent=projects/*/locations/*/clusters/*}/nodePools"
      additional_bindings {
        get: "/v1/projects/{project_id}/zones/{zone}/clusters/{cluster_id}/nodePools"
      }
    };
    option (google.api.method_signature) = "project_id,zone,cluster_id";
    option (google.api.method_signature) = "parent";
  }

  // Retrieves the requested node pool.
  rpc GetNodePool(GetNodePoolRequest) returns (NodePool) {
    option (google.api.http) = {
      get: "/v1/{name=projects/*/locations/*/clusters/*/nodePools/*}"
      additional_bindings {
        get: "/v1/projects/{project_id}/zones/{zone}/clusters/{cluster_id}/nodePools/{node_pool_id}"
      }
    };
    option (google.api.method_signature) = "project_id,zone,cluster_id,node_pool_id";
    option (google.api.method_signature) = "name";
  }

  // Creates a node pool for a cluster.
  rpc CreateNodePool(CreateNodePoolRequest) returns (Operation) {
    option (google.api.http) = {
      post: "/v1/{parent=projects/*/locations/*/clusters/*}/nodePools"
      body: "*"
      additional_bindings {
        post: "/v1/projects/{project_id}/zones/{zone}/clusters/{cluster_id}/nodePools"
        body: "*"
      }
    };
    option (google.api.method_signature) = "project_id,zone,cluster_id,node_pool";
    option (google.api.method_signature) = "parent,node_pool";
  }

  // Deletes a node pool from a cluster.
  rpc DeleteNodePool(DeleteNodePoolRequest) returns (Operation) {
    option (google.api.http) = {
      delete: "/v1/{name=projects/*/locations/*/clusters/*/nodePools/*}"
      additional_bindings {
        delete: "/v1/projects/{project_id}/zones/{zone}/clusters/{cluster_id}/nodePools/{node_pool_id}"
      }
    };
    option (google.api.method_signature) = "project_id,zone,cluster_id,node_pool_id";
    option (google.api.method_signature) = "name";
  }

  // Rolls back a previously Aborted or Failed NodePool upgrade.
  // This makes no changes if the last upgrade successfully completed.
  rpc RollbackNodePoolUpgrade(RollbackNodePoolUpgradeRequest) returns (Operation) {
    option (google.api.http) = {
      post: "/v1/{name=projects/*/locations/*/clusters/*/nodePools/*}:rollback"
      body: "*"
      additional_bindings {
        post: "/v1/projects/{project_id}/zones/{zone}/clusters/{cluster_id}/nodePools/{node_pool_id}:rollback"
        body: "*"
      }
    };
    option (google.api.method_signature) = "project_id,zone,cluster_id,node_pool_id";
    option (google.api.method_signature) = "name";
  }

  // Sets the NodeManagement options for a node pool.
  rpc SetNodePoolManagement(SetNodePoolManagementRequest) returns (Operation) {
    option (google.api.http) = {
      post: "/v1/{name=projects/*/locations/*/clusters/*/nodePools/*}:setManagement"
      body: "*"
      additional_bindings {
        post: "/v1/projects/{project_id}/zones/{zone}/clusters/{cluster_id}/nodePools/{node_pool_id}/setManagement"
        body: "*"
      }
    };
  }

  // Sets labels on a cluster.
  rpc SetLabels(SetLabelsRequest) returns (Operation) {
    option (google.api.http) = {
      post: "/v1/{name=projects/*/locations/*/clusters/*}:setResourceLabels"
      body: "*"
      additional_bindings {
        post: "/v1/projects/{project_id}/zones/{zone}/clusters/{cluster_id}/resourceLabels"
        body: "*"
      }
    };
  }

  // Enables or disables the ABAC authorization mechanism on a cluster.
  rpc SetLegacyAbac(SetLegacyAbacRequest) returns (Operation) {
    option (google.api.http) = {
      post: "/v1/{name=projects/*/locations/*/clusters/*}:setLegacyAbac"
      body: "*"
      additional_bindings {
        post: "/v1/projects/{project_id}/zones/{zone}/clusters/{cluster_id}/legacyAbac"
        body: "*"
      }
    };
    option (google.api.method_signature) = "project_id,zone,cluster_id,enabled";
    option (google.api.method_signature) = "name,enabled";
  }

  // Starts master IP rotation.
  rpc StartIPRotation(StartIPRotationRequest) returns (Operation) {
    option (google.api.http) = {
      post: "/v1/{name=projects/*/locations/*/clusters/*}:startIpRotation"
      body: "*"
      additional_bindings {
        post: "/v1/projects/{project_id}/zones/{zone}/clusters/{cluster_id}:startIpRotation"
        body: "*"
      }
    };
    option (google.api.method_signature) = "project_id,zone,cluster_id";
    option (google.api.method_signature) = "name";
  }

  // Completes master IP rotation.
  rpc CompleteIPRotation(CompleteIPRotationRequest) returns (Operation) {
    option (google.api.http) = {
      post: "/v1/{name=projects/*/locations/*/clusters/*}:completeIpRotation"
      body: "*"
      additional_bindings {
        post: "/v1/projects/{project_id}/zones/{zone}/clusters/{cluster_id}:completeIpRotation"
        body: "*"
      }
    };
    option (google.api.method_signature) = "project_id,zone,cluster_id";
    option (google.api.method_signature) = "name";
  }

  // Sets the size for a specific node pool.
  rpc SetNodePoolSize(SetNodePoolSizeRequest) returns (Operation) {
    option (google.api.http) = {
      post: "/v1/{name=projects/*/locations/*/clusters/*/nodePools/*}:setSize"
      body: "*"
      additional_bindings {
        post: "/v1/projects/{project_id}/zones/{zone}/clusters/{cluster_id}/nodePools/{node_pool_id}/setSize"
        body: "*"
      }
    };
  }

  // Enables or disables Network Policy for a cluster.
  rpc SetNetworkPolicy(SetNetworkPolicyRequest) returns (Operation) {
    option (google.api.http) = {
      post: "/v1/{name=projects/*/locations/*/clusters/*}:setNetworkPolicy"
      body: "*"
      additional_bindings {
        post: "/v1/projects/{project_id}/zones/{zone}/clusters/{cluster_id}:setNetworkPolicy"
        body: "*"
      }
    };
    option (google.api.method_signature) = "project_id,zone,cluster_id,network_policy";
    option (google.api.method_signature) = "name,network_policy";
  }

  // Sets the maintenance policy for a cluster.
  rpc SetMaintenancePolicy(SetMaintenancePolicyRequest) returns (Operation) {
    option (google.api.http) = {
      post: "/v1/{name=projects/*/locations/*/clusters/*}:setMaintenancePolicy"
      body: "*"
      additional_bindings {
        post: "/v1/projects/{project_id}/zones/{zone}/clusters/{cluster_id}:setMaintenancePolicy"
        body: "*"
      }
    };
    option (google.api.method_signature) = "project_id,zone,cluster_id,maintenance_policy";
    option (google.api.method_signature) = "name,maintenance_policy";
  }

  // Lists subnetworks that are usable for creating clusters in a project.
  rpc ListUsableSubnetworks(ListUsableSubnetworksRequest) returns (ListUsableSubnetworksResponse) {
    option (google.api.http) = {
      get: "/v1/{parent=projects/*}/aggregated/usableSubnetworks"
    };
  }
}

// Parameters that describe the nodes in a cluster.
message NodeConfig {
  // The name of a Google Compute Engine [machine
  // type](https://cloud.google.com/compute/docs/machine-types)
  //
  // If unspecified, the default machine type is `e2-medium`.
  string machine_type = 1;

  // Size of the disk attached to each node, specified in GB.
  // The smallest allowed disk size is 10GB.
  //
  // If unspecified, the default disk size is 100GB.
  int32 disk_size_gb = 2;

  // The set of Google API scopes to be made available on all of the
  // node VMs under the "default" service account.
  //
  // The following scopes are recommended, but not required, and by default are
  // not included:
  //
  // * `https://www.googleapis.com/auth/compute` is required for mounting
  // persistent storage on your nodes.
  // * `https://www.googleapis.com/auth/devstorage.read_only` is required for
  // communicating with **gcr.io**
  // (the [Google Container
  // Registry](https://cloud.google.com/container-registry/)).
  //
  // If unspecified, no scopes are added, unless Cloud Logging or Cloud
  // Monitoring are enabled, in which case their required scopes will be added.
  repeated string oauth_scopes = 3;

  // The Google Cloud Platform Service Account to be used by the node VMs.
  // Specify the email address of the Service Account; otherwise, if no Service
  // Account is specified, the "default" service account is used.
  string service_account = 9;

  // The metadata key/value pairs assigned to instances in the cluster.
  //
  // Keys must conform to the regexp `[a-zA-Z0-9-_]+` and be less than 128 bytes
  // in length. These are reflected as part of a URL in the metadata server.
  // Additionally, to avoid ambiguity, keys must not conflict with any other
  // metadata keys for the project or be one of the reserved keys:
  //  - "cluster-location"
  //  - "cluster-name"
  //  - "cluster-uid"
  //  - "configure-sh"
  //  - "containerd-configure-sh"
  //  - "enable-os-login"
  //  - "gci-ensure-gke-docker"
  //  - "gci-metrics-enabled"
  //  - "gci-update-strategy"
  //  - "instance-template"
  //  - "kube-env"
  //  - "startup-script"
  //  - "user-data"
  //  - "disable-address-manager"
  //  - "windows-startup-script-ps1"
  //  - "common-psm1"
  //  - "k8s-node-setup-psm1"
  //  - "install-ssh-psm1"
  //  - "user-profile-psm1"
  //
  // The following keys are reserved for Windows nodes:
  //  - "serial-port-logging-enable"
  //
  // Values are free-form strings, and only have meaning as interpreted by
  // the image running in the instance. The only restriction placed on them is
  // that each value's size must be less than or equal to 32 KB.
  //
  // The total size of all keys and values must be less than 512 KB.
  map<string, string> metadata = 4;

  // The image type to use for this node. Note that for a given image type,
  // the latest version of it will be used.
  string image_type = 5;

  // The map of Kubernetes labels (key/value pairs) to be applied to each node.
  // These will added in addition to any default label(s) that
  // Kubernetes may apply to the node.
  // In case of conflict in label keys, the applied set may differ depending on
  // the Kubernetes version -- it's best to assume the behavior is undefined
  // and conflicts should be avoided.
  // For more information, including usage and the valid values, see:
  // https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
  map<string, string> labels = 6;

  // The number of local SSD disks to be attached to the node.
  //
  // The limit for this value is dependent upon the maximum number of
  // disks available on a machine per zone. See:
  // https://cloud.google.com/compute/docs/disks/local-ssd
  // for more information.
  int32 local_ssd_count = 7;

  // The list of instance tags applied to all nodes. Tags are used to identify
  // valid sources or targets for network firewalls and are specified by
  // the client during cluster or node pool creation. Each tag within the list
  // must comply with RFC1035.
  repeated string tags = 8;

  // Whether the nodes are created as preemptible VM instances. See:
  // https://cloud.google.com/compute/docs/instances/preemptible for more
  // information about preemptible VM instances.
  bool preemptible = 10;

  // A list of hardware accelerators to be attached to each node.
  // See https://cloud.google.com/compute/docs/gpus for more information about
  // support for GPUs.
  repeated AcceleratorConfig accelerators = 11;

  // Type of the disk attached to each node (e.g. 'pd-standard', 'pd-ssd' or
  // 'pd-balanced')
  //
  // If unspecified, the default disk type is 'pd-standard'
  string disk_type = 12;

  // Minimum CPU platform to be used by this instance. The instance may be
  // scheduled on the specified or newer CPU platform. Applicable values are the
  // friendly names of CPU platforms, such as
  // `minCpuPlatform: "Intel Haswell"` or
  // `minCpuPlatform: "Intel Sandy Bridge"`. For more
  // information, read [how to specify min CPU
  // platform](https://cloud.google.com/compute/docs/instances/specify-min-cpu-platform)
  string min_cpu_platform = 13;

  // The workload metadata configuration for this node.
  WorkloadMetadataConfig workload_metadata_config = 14;

  // List of kubernetes taints to be applied to each node.
  //
  // For more information, including usage and the valid values, see:
  // https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
  repeated NodeTaint taints = 15;

  // Sandbox configuration for this node.
  SandboxConfig sandbox_config = 17;

  // Setting this field will assign instances of this
  // pool to run on the specified node group. This is useful for running
  // workloads on [sole tenant
  // nodes](https://cloud.google.com/compute/docs/nodes/sole-tenant-nodes).
  string node_group = 18;

  // The optional reservation affinity. Setting this field will apply
  // the specified [Zonal Compute
  // Reservation](https://cloud.google.com/compute/docs/instances/reserving-zonal-resources)
  // to this node pool.
  ReservationAffinity reservation_affinity = 19;

  // Shielded Instance options.
  ShieldedInstanceConfig shielded_instance_config = 20;

  //
  // The Customer Managed Encryption Key used to encrypt the boot disk attached
  // to each node in the node pool. This should be of the form
  // projects/[KEY_PROJECT_ID]/locations/[LOCATION]/keyRings/[RING_NAME]/cryptoKeys/[KEY_NAME].
  // For more information about protecting resources with Cloud KMS Keys please
  // see:
  // https://cloud.google.com/compute/docs/disks/customer-managed-encryption
  string boot_disk_kms_key = 23;
}

// A set of Shielded Instance options.
message ShieldedInstanceConfig {
  // Defines whether the instance has Secure Boot enabled.
  //
  // Secure Boot helps ensure that the system only runs authentic software by
  // verifying the digital signature of all boot components, and halting the
  // boot process if signature verification fails.
  bool enable_secure_boot = 1;

  // Defines whether the instance has integrity monitoring enabled.
  //
  // Enables monitoring and attestation of the boot integrity of the instance.
  // The attestation is performed against the integrity policy baseline. This
  // baseline is initially derived from the implicitly trusted boot image when
  // the instance is created.
  bool enable_integrity_monitoring = 2;
}

// SandboxConfig contains configurations of the sandbox to use for the node.
message SandboxConfig {
  // Possible types of sandboxes.
  enum Type {
    // Default value. This should not be used.
    UNSPECIFIED = 0;

    // Run sandbox using gvisor.
    GVISOR = 1;
  }

  // Type of the sandbox to use for the node.
  Type type = 2;
}

// [ReservationAffinity](https://cloud.google.com/compute/docs/instances/reserving-zonal-resources)
// is the configuration of desired reservation which instances could take
// capacity from.
message ReservationAffinity {
  // Indicates whether to consume capacity from a reservation or not.
  enum Type {
    // Default value. This should not be used.
    UNSPECIFIED = 0;

    // Do not consume from any reserved capacity.
    NO_RESERVATION = 1;

    // Consume any reservation available.
    ANY_RESERVATION = 2;

    // Must consume from a specific reservation. Must specify key value fields
    // for specifying the reservations.
    SPECIFIC_RESERVATION = 3;
  }

  // Corresponds to the type of reservation consumption.
  Type consume_reservation_type = 1;

  // Corresponds to the label key of a reservation resource. To target a
  // SPECIFIC_RESERVATION by name, specify "googleapis.com/reservation-name" as
  // the key and specify the name of your reservation as its value.
  string key = 2;

  // Corresponds to the label value(s) of reservation resource(s).
  repeated string values = 3;
}

// Kubernetes taint is comprised of three fields: key, value, and effect. Effect
// can only be one of three types:  NoSchedule, PreferNoSchedule or NoExecute.
//
// See
// [here](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration)
// for more information, including usage and the valid values.
message NodeTaint {
  // Possible values for Effect in taint.
  enum Effect {
    // Not set
    EFFECT_UNSPECIFIED = 0;

    // NoSchedule
    NO_SCHEDULE = 1;

    // PreferNoSchedule
    PREFER_NO_SCHEDULE = 2;

    // NoExecute
    NO_EXECUTE = 3;
  }

  // Key for taint.
  string key = 1;

  // Value for taint.
  string value = 2;

  // Effect for taint.
  Effect effect = 3;
}

// The authentication information for accessing the master endpoint.
// Authentication can be done using HTTP basic auth or using client
// certificates.
message MasterAuth {
  // The username to use for HTTP basic authentication to the master endpoint.
  // For clusters v1.6.0 and later, basic authentication can be disabled by
  // leaving username unspecified (or setting it to the empty string).
  //
  // Warning: basic authentication is deprecated, and will be removed in GKE
  // control plane versions 1.19 and newer. For a list of recommended
  // authentication methods, see:
  // https://cloud.google.com/kubernetes-engine/docs/how-to/api-server-authentication
  string username = 1 [deprecated = true];

  // The password to use for HTTP basic authentication to the master endpoint.
  // Because the master endpoint is open to the Internet, you should create a
  // strong password.  If a password is provided for cluster creation, username
  // must be non-empty.
  //
  // Warning: basic authentication is deprecated, and will be removed in GKE
  // control plane versions 1.19 and newer. For a list of recommended
  // authentication methods, see:
  // https://cloud.google.com/kubernetes-engine/docs/how-to/api-server-authentication
  string password = 2 [deprecated = true];

  // Configuration for client certificate authentication on the cluster. For
  // clusters before v1.12, if no configuration is specified, a client
  // certificate is issued.
  ClientCertificateConfig client_certificate_config = 3;

  // [Output only] Base64-encoded public certificate that is the root of
  // trust for the cluster.
  string cluster_ca_certificate = 100;

  // [Output only] Base64-encoded public certificate used by clients to
  // authenticate to the cluster endpoint.
  string client_certificate = 101;

  // [Output only] Base64-encoded private key used by clients to authenticate
  // to the cluster endpoint.
  string client_key = 102;
}

// Configuration for client certificates on the cluster.
message ClientCertificateConfig {
  // Issue a client certificate.
  bool issue_client_certificate = 1;
}

// Configuration for the addons that can be automatically spun up in the
// cluster, enabling additional functionality.
message AddonsConfig {
  // Configuration for the HTTP (L7) load balancing controller addon, which
  // makes it easy to set up HTTP load balancers for services in a cluster.
  HttpLoadBalancing http_load_balancing = 1;

  // Configuration for the horizontal pod autoscaling feature, which
  // increases or decreases the number of replica pods a replication controller
  // has based on the resource usage of the existing pods.
  HorizontalPodAutoscaling horizontal_pod_autoscaling = 2;

  // Configuration for the Kubernetes Dashboard.
  // This addon is deprecated, and will be disabled in 1.15. It is recommended
  // to use the Cloud Console to manage and monitor your Kubernetes clusters,
  // workloads and applications. For more information, see:
  // https://cloud.google.com/kubernetes-engine/docs/concepts/dashboards
  KubernetesDashboard kubernetes_dashboard = 3 [deprecated = true];

  // Configuration for NetworkPolicy. This only tracks whether the addon
  // is enabled or not on the Master, it does not track whether network policy
  // is enabled for the nodes.
  NetworkPolicyConfig network_policy_config = 4;

  // Configuration for the Cloud Run addon, which allows the user to use a
  // managed Knative service.
  CloudRunConfig cloud_run_config = 7;

  // Configuration for NodeLocalDNS, a dns cache running on cluster nodes
  DnsCacheConfig dns_cache_config = 8;

  // Configuration for the ConfigConnector add-on, a Kubernetes
  // extension to manage hosted GCP services through the Kubernetes API
  ConfigConnectorConfig config_connector_config = 10;
}

// Configuration options for the HTTP (L7) load balancing controller addon,
// which makes it easy to set up HTTP load balancers for services in a cluster.
message HttpLoadBalancing {
  // Whether the HTTP Load Balancing controller is enabled in the cluster.
  // When enabled, it runs a small pod in the cluster that manages the load
  // balancers.
  bool disabled = 1;
}

// Configuration options for the horizontal pod autoscaling feature, which
// increases or decreases the number of replica pods a replication controller
// has based on the resource usage of the existing pods.
message HorizontalPodAutoscaling {
  // Whether the Horizontal Pod Autoscaling feature is enabled in the cluster.
  // When enabled, it ensures that metrics are collected into Stackdriver
  // Monitoring.
  bool disabled = 1;
}

// Configuration for the Kubernetes Dashboard.
message KubernetesDashboard {
  // Whether the Kubernetes Dashboard is enabled for this cluster.
  bool disabled = 1;
}

// Configuration for NetworkPolicy. This only tracks whether the addon
// is enabled or not on the Master, it does not track whether network policy
// is enabled for the nodes.
message NetworkPolicyConfig {
  // Whether NetworkPolicy is enabled for this cluster.
  bool disabled = 1;
}

// Configuration for NodeLocal DNSCache
message DnsCacheConfig {
  // Whether NodeLocal DNSCache is enabled for this cluster.
  bool enabled = 1;
}

// Configuration for controlling master global access settings.
message PrivateClusterMasterGlobalAccessConfig {
  // Whenever master is accessible globally or not.
  bool enabled = 1;
}

// Configuration options for private clusters.
message PrivateClusterConfig {
  // Whether nodes have internal IP addresses only. If enabled, all nodes are
  // given only RFC 1918 private addresses and communicate with the master via
  // private networking.
  bool enable_private_nodes = 1;

  // Whether the master's internal IP address is used as the cluster endpoint.
  bool enable_private_endpoint = 2;

  // The IP range in CIDR notation to use for the hosted master network. This
  // range will be used for assigning internal IP addresses to the master or
  // set of masters, as well as the ILB VIP. This range must not overlap with
  // any other ranges in use within the cluster's network.
  string master_ipv4_cidr_block = 3;

  // Output only. The internal IP address of this cluster's master endpoint.
  string private_endpoint = 4;

  // Output only. The external IP address of this cluster's master endpoint.
  string public_endpoint = 5;

  // Output only. The peering name in the customer VPC used by this cluster.
  string peering_name = 7;

  // Controls master global access settings.
  PrivateClusterMasterGlobalAccessConfig master_global_access_config = 8;
}

// Configuration for returning group information from authenticators.
message AuthenticatorGroupsConfig {
  // Whether this cluster should return group membership lookups
  // during authentication using a group of security groups.
  bool enabled = 1;

  // The name of the security group-of-groups to be used. Only relevant
  // if enabled = true.
  string security_group = 2;
}

// Configuration options for the Cloud Run feature.
message CloudRunConfig {
  // Load balancer type of ingress service of Cloud Run.
  enum LoadBalancerType {
    // Load balancer type for Cloud Run is unspecified.
    LOAD_BALANCER_TYPE_UNSPECIFIED = 0;

    // Install external load balancer for Cloud Run.
    LOAD_BALANCER_TYPE_EXTERNAL = 1;

    // Install internal load balancer for Cloud Run.
    LOAD_BALANCER_TYPE_INTERNAL = 2;
  }

  // Whether Cloud Run addon is enabled for this cluster.
  bool disabled = 1;

  // Which load balancer type is installed for Cloud Run.
  LoadBalancerType load_balancer_type = 3;
}

// Configuration options for the Config Connector add-on.
message ConfigConnectorConfig {
  // Whether Cloud Connector is enabled for this cluster.
  bool enabled = 1;
}

// Configuration options for the master authorized networks feature. Enabled
// master authorized networks will disallow all external traffic to access
// Kubernetes master through HTTPS except traffic from the given CIDR blocks,
// Google Compute Engine Public IPs and Google Prod IPs.
message MasterAuthorizedNetworksConfig {
  // CidrBlock contains an optional name and one CIDR block.
  message CidrBlock {
    // display_name is an optional field for users to identify CIDR blocks.
    string display_name = 1;

    // cidr_block must be specified in CIDR notation.
    string cidr_block = 2;
  }

  // Whether or not master authorized networks is enabled.
  bool enabled = 1;

  // cidr_blocks define up to 50 external networks that could access
  // Kubernetes master through HTTPS.
  repeated CidrBlock cidr_blocks = 2;
}

// Configuration for the legacy Attribute Based Access Control authorization
// mode.
message LegacyAbac {
  // Whether the ABAC authorizer is enabled for this cluster. When enabled,
  // identities in the system, including service accounts, nodes, and
  // controllers, will have statically granted permissions beyond those
  // provided by the RBAC configuration or IAM.
  bool enabled = 1;
}

// Configuration options for the NetworkPolicy feature.
// https://kubernetes.io/docs/concepts/services-networking/networkpolicies/
message NetworkPolicy {
  // Allowed Network Policy providers.
  enum Provider {
    // Not set
    PROVIDER_UNSPECIFIED = 0;

    // Tigera (Calico Felix).
    CALICO = 1;
  }

  // The selected network policy provider.
  Provider provider = 1;

  // Whether network policy is enabled on the cluster.
  bool enabled = 2;
}

// Configuration for Binary Authorization.
message BinaryAuthorization {
  // Enable Binary Authorization for this cluster. If enabled, all container
  // images will be validated by Binary Authorization.
  bool enabled = 1;
}

// Configuration for controlling how IPs are allocated in the cluster.
message IPAllocationPolicy {
  // Whether alias IPs will be used for pod IPs in the cluster.
  // This is used in conjunction with use_routes. It cannot
  // be true if use_routes is true. If both use_ip_aliases and use_routes are
  // false, then the server picks the default IP allocation mode
  bool use_ip_aliases = 1;

  // Whether a new subnetwork will be created automatically for the cluster.
  //
  // This field is only applicable when `use_ip_aliases` is true.
  bool create_subnetwork = 2;

  // A custom subnetwork name to be used if `create_subnetwork` is true.  If
  // this field is empty, then an automatic name will be chosen for the new
  // subnetwork.
  string subnetwork_name = 3;

  // This field is deprecated, use cluster_ipv4_cidr_block.
  string cluster_ipv4_cidr = 4 [deprecated = true];

  // This field is deprecated, use node_ipv4_cidr_block.
  string node_ipv4_cidr = 5 [deprecated = true];

  // This field is deprecated, use services_ipv4_cidr_block.
  string services_ipv4_cidr = 6 [deprecated = true];

  // The name of the secondary range to be used for the cluster CIDR
  // block.  The secondary range will be used for pod IP
  // addresses. This must be an existing secondary range associated
  // with the cluster subnetwork.
  //
  // This field is only applicable with use_ip_aliases is true and
  // create_subnetwork is false.
  string cluster_secondary_range_name = 7;

  // The name of the secondary range to be used as for the services
  // CIDR block.  The secondary range will be used for service
  // ClusterIPs. This must be an existing secondary range associated
  // with the cluster subnetwork.
  //
  // This field is only applicable with use_ip_aliases is true and
  // create_subnetwork is false.
  string services_secondary_range_name = 8;

  // The IP address range for the cluster pod IPs. If this field is set, then
  // `cluster.cluster_ipv4_cidr` must be left blank.
  //
  // This field is only applicable when `use_ip_aliases` is true.
  //
  // Set to blank to have a range chosen with the default size.
  //
  // Set to /netmask (e.g. `/14`) to have a range chosen with a specific
  // netmask.
  //
  // Set to a
  // [CIDR](http://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing)
  // notation (e.g. `10.96.0.0/14`) from the RFC-1918 private networks (e.g.
  // `10.0.0.0/8`, `172.16.0.0/12`, `192.168.0.0/16`) to pick a specific range
  // to use.
  string cluster_ipv4_cidr_block = 9;

  // The IP address range of the instance IPs in this cluster.
  //
  // This is applicable only if `create_subnetwork` is true.
  //
  // Set to blank to have a range chosen with the default size.
  //
  // Set to /netmask (e.g. `/14`) to have a range chosen with a specific
  // netmask.
  //
  // Set to a
  // [CIDR](http://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing)
  // notation (e.g. `10.96.0.0/14`) from the RFC-1918 private networks (e.g.
  // `10.0.0.0/8`, `172.16.0.0/12`, `192.168.0.0/16`) to pick a specific range
  // to use.
  string node_ipv4_cidr_block = 10;

  // The IP address range of the services IPs in this cluster. If blank, a range
  // will be automatically chosen with the default size.
  //
  // This field is only applicable when `use_ip_aliases` is true.
  //
  // Set to blank to have a range chosen with the default size.
  //
  // Set to /netmask (e.g. `/14`) to have a range chosen with a specific
  // netmask.
  //
  // Set to a
  // [CIDR](http://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing)
  // notation (e.g. `10.96.0.0/14`) from the RFC-1918 private networks (e.g.
  // `10.0.0.0/8`, `172.16.0.0/12`, `192.168.0.0/16`) to pick a specific range
  // to use.
  string services_ipv4_cidr_block = 11;

  // The IP address range of the Cloud TPUs in this cluster. If unspecified, a
  // range will be automatically chosen with the default size.
  //
  // This field is only applicable when `use_ip_aliases` is true.
  //
  // If unspecified, the range will use the default size.
  //
  // Set to /netmask (e.g. `/14`) to have a range chosen with a specific
  // netmask.
  //
  // Set to a
  // [CIDR](http://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing)
  // notation (e.g. `10.96.0.0/14`) from the RFC-1918 private networks (e.g.
  // `10.0.0.0/8`, `172.16.0.0/12`, `192.168.0.0/16`) to pick a specific range
  // to use.
  string tpu_ipv4_cidr_block = 13;

  // Whether routes will be used for pod IPs in the cluster.
  // This is used in conjunction with use_ip_aliases. It cannot be true if
  // use_ip_aliases is true. If both use_ip_aliases and use_routes are false,
  // then the server picks the default IP allocation mode
  bool use_routes = 15;
}

// A Google Kubernetes Engine cluster.
message Cluster {
  // The current status of the cluster.
  enum Status {
    // Not set.
    STATUS_UNSPECIFIED = 0;

    // The PROVISIONING state indicates the cluster is being created.
    PROVISIONING = 1;

    // The RUNNING state indicates the cluster has been created and is fully
    // usable.
    RUNNING = 2;

    // The RECONCILING state indicates that some work is actively being done on
    // the cluster, such as upgrading the master or node software. Details can
    // be found in the `statusMessage` field.
    RECONCILING = 3;

    // The STOPPING state indicates the cluster is being deleted.
    STOPPING = 4;

    // The ERROR state indicates the cluster is unusable. It will be
    // automatically deleted. Details can be found in the `statusMessage` field.
    ERROR = 5;

    // The DEGRADED state indicates the cluster requires user action to restore
    // full functionality. Details can be found in the `statusMessage` field.
    DEGRADED = 6;
  }

  // The name of this cluster. The name must be unique within this project
  // and location (e.g. zone or region), and can be up to 40 characters with
  // the following restrictions:
  //
  // * Lowercase letters, numbers, and hyphens only.
  // * Must start with a letter.
  // * Must end with a number or a letter.
  string name = 1;

  // An optional description of this cluster.
  string description = 2;

  // The number of nodes to create in this cluster. You must ensure that your
  // Compute Engine [resource quota](https://cloud.google.com/compute/quotas)
  // is sufficient for this number of instances. You must also have available
  // firewall and routes quota.
  // For requests, this field should only be used in lieu of a
  // "node_pool" object, since this configuration (along with the
  // "node_config") will be used to create a "NodePool" object with an
  // auto-generated name. Do not use this and a node_pool at the same time.
  //
  // This field is deprecated, use node_pool.initial_node_count instead.
  int32 initial_node_count = 3 [deprecated = true];

  // Parameters used in creating the cluster's nodes.
  // For requests, this field should only be used in lieu of a
  // "node_pool" object, since this configuration (along with the
  // "initial_node_count") will be used to create a "NodePool" object with an
  // auto-generated name. Do not use this and a node_pool at the same time.
  // For responses, this field will be populated with the node configuration of
  // the first node pool. (For configuration of each node pool, see
  // `node_pool.config`)
  //
  // If unspecified, the defaults are used.
  // This field is deprecated, use node_pool.config instead.
  NodeConfig node_config = 4 [deprecated = true];

  // The authentication information for accessing the master endpoint.
  // If unspecified, the defaults are used:
  // For clusters before v1.12, if master_auth is unspecified, `username` will
  // be set to "admin", a random password will be generated, and a client
  // certificate will be issued.
  MasterAuth master_auth = 5;

  // The logging service the cluster should use to write logs.
  // Currently available options:
  //
  // * `logging.googleapis.com/kubernetes` - The Cloud Logging
  // service with a Kubernetes-native resource model
  // * `logging.googleapis.com` - The legacy Cloud Logging service (no longer
  //   available as of GKE 1.15).
  // * `none` - no logs will be exported from the cluster.
  //
  // If left as an empty string,`logging.googleapis.com/kubernetes` will be
  // used for GKE 1.14+ or `logging.googleapis.com` for earlier versions.
  string logging_service = 6;

  // The monitoring service the cluster should use to write metrics.
  // Currently available options:
  //
  // * "monitoring.googleapis.com/kubernetes" - The Cloud Monitoring
  // service with a Kubernetes-native resource model
  // * `monitoring.googleapis.com` - The legacy Cloud Monitoring service (no
  //   longer available as of GKE 1.15).
  // * `none` - No metrics will be exported from the cluster.
  //
  // If left as an empty string,`monitoring.googleapis.com/kubernetes` will be
  // used for GKE 1.14+ or `monitoring.googleapis.com` for earlier versions.
  string monitoring_service = 7;

  // The name of the Google Compute Engine
  // [network](https://cloud.google.com/compute/docs/networks-and-firewalls#networks)
  // to which the cluster is connected. If left unspecified, the `default`
  // network will be used.
  string network = 8;

  // The IP address range of the container pods in this cluster, in
  // [CIDR](http://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing)
  // notation (e.g. `10.96.0.0/14`). Leave blank to have
  // one automatically chosen or specify a `/14` block in `10.0.0.0/8`.
  string cluster_ipv4_cidr = 9;

  // Configurations for the various addons available to run in the cluster.
  AddonsConfig addons_config = 10;

  // The name of the Google Compute Engine
  // [subnetwork](https://cloud.google.com/compute/docs/subnetworks) to which
  // the cluster is connected.
  string subnetwork = 11;

  // The node pools associated with this cluster.
  // This field should not be set if "node_config" or "initial_node_count" are
  // specified.
  repeated NodePool node_pools = 12;

  // The list of Google Compute Engine
  // [zones](https://cloud.google.com/compute/docs/zones#available) in which the
  // cluster's nodes should be located.
  //
  // This field provides a default value if
  // [NodePool.Locations](https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1/projects.locations.clusters.nodePools#NodePool.FIELDS.locations)
  // are not specified during node pool creation.
  //
  // Warning: changing cluster locations will update the
  // [NodePool.Locations](https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1/projects.locations.clusters.nodePools#NodePool.FIELDS.locations)
  // of all node pools and will result in nodes being added and/or removed.
  repeated string locations = 13;

  // Kubernetes alpha features are enabled on this cluster. This includes alpha
  // API groups (e.g. v1alpha1) and features that may not be production ready in
  // the kubernetes version of the master and nodes.
  // The cluster has no SLA for uptime and master/node upgrades are disabled.
  // Alpha enabled clusters are automatically deleted thirty days after
  // creation.
  bool enable_kubernetes_alpha = 14;

  // The resource labels for the cluster to use to annotate any related
  // Google Compute Engine resources.
  map<string, string> resource_labels = 15;

  // The fingerprint of the set of labels for this cluster.
  string label_fingerprint = 16;

  // Configuration for the legacy ABAC authorization mode.
  LegacyAbac legacy_abac = 18;

  // Configuration options for the NetworkPolicy feature.
  NetworkPolicy network_policy = 19;

  // Configuration for cluster IP allocation.
  IPAllocationPolicy ip_allocation_policy = 20;

  // The configuration options for master authorized networks feature.
  MasterAuthorizedNetworksConfig master_authorized_networks_config = 22;

  // Configure the maintenance policy for this cluster.
  MaintenancePolicy maintenance_policy = 23;

  // Configuration for Binary Authorization.
  BinaryAuthorization binary_authorization = 24;

  // Cluster-level autoscaling configuration.
  ClusterAutoscaling autoscaling = 26;

  // Configuration for cluster networking.
  NetworkConfig network_config = 27;

  // The default constraint on the maximum number of pods that can be run
  // simultaneously on a node in the node pool of this cluster. Only honored
  // if cluster created with IP Alias support.
  MaxPodsConstraint default_max_pods_constraint = 30;

  // Configuration for exporting resource usages. Resource usage export is
  // disabled when this config is unspecified.
  ResourceUsageExportConfig resource_usage_export_config = 33;

  // Configuration controlling RBAC group membership information.
  AuthenticatorGroupsConfig authenticator_groups_config = 34;

  // Configuration for private cluster.
  PrivateClusterConfig private_cluster_config = 37;

  // Configuration of etcd encryption.
  DatabaseEncryption database_encryption = 38;

  // Cluster-level Vertical Pod Autoscaling configuration.
  VerticalPodAutoscaling vertical_pod_autoscaling = 39;

  // Shielded Nodes configuration.
  ShieldedNodes shielded_nodes = 40;

  // Release channel configuration.
  ReleaseChannel release_channel = 41;

  // Configuration for the use of Kubernetes Service Accounts in GCP IAM
  // policies.
  WorkloadIdentityConfig workload_identity_config = 43;

  // [Output only] Server-defined URL for the resource.
  string self_link = 100;

  // [Output only] The name of the Google Compute Engine
  // [zone](https://cloud.google.com/compute/docs/zones#available) in which the
  // cluster resides. This field is deprecated, use location instead.
  string zone = 101 [deprecated = true];

  // [Output only] The IP address of this cluster's master endpoint.
  // The endpoint can be accessed from the internet at
  // `https://username:password@endpoint/`.
  //
  // See the `masterAuth` property of this resource for username and
  // password information.
  string endpoint = 102;

  // The initial Kubernetes version for this cluster.  Valid versions are those
  // found in validMasterVersions returned by getServerConfig.  The version can
  // be upgraded over time; such upgrades are reflected in
  // currentMasterVersion and currentNodeVersion.
  //
  // Users may specify either explicit versions offered by
  // Kubernetes Engine or version aliases, which have the following behavior:
  //
  // - "latest": picks the highest valid Kubernetes version
  // - "1.X": picks the highest valid patch+gke.N patch in the 1.X version
  // - "1.X.Y": picks the highest valid gke.N patch in the 1.X.Y version
  // - "1.X.Y-gke.N": picks an explicit Kubernetes version
  // - "","-": picks the default Kubernetes version
  string initial_cluster_version = 103;

  // [Output only] The current software version of the master endpoint.
  string current_master_version = 104;

  // [Output only] Deprecated, use
  // [NodePools.version](https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1/projects.locations.clusters.nodePools)
  // instead. The current version of the node software components. If they are
  // currently at multiple versions because they're in the process of being
  // upgraded, this reflects the minimum version of all nodes.
  string current_node_version = 105 [deprecated = true];

  // [Output only] The time the cluster was created, in
  // [RFC3339](https://www.ietf.org/rfc/rfc3339.txt) text format.
  string create_time = 106;

  // [Output only] The current status of this cluster.
  Status status = 107;

  // [Output only] Deprecated. Use conditions instead.
  // Additional information about the current status of this
  // cluster, if available.
  string status_message = 108 [deprecated = true];

  // [Output only] The size of the address space on each node for hosting
  // containers. This is provisioned from within the `container_ipv4_cidr`
  // range. This field will only be set when cluster is in route-based network
  // mode.
  int32 node_ipv4_cidr_size = 109;

  // [Output only] The IP address range of the Kubernetes services in
  // this cluster, in
  // [CIDR](http://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing)
  // notation (e.g. `1.2.3.4/29`). Service addresses are
  // typically put in the last `/16` from the container CIDR.
  string services_ipv4_cidr = 110;

  // Deprecated. Use node_pools.instance_group_urls.
  repeated string instance_group_urls = 111 [deprecated = true];

  // [Output only]  The number of nodes currently in the cluster. Deprecated.
  // Call Kubernetes API directly to retrieve node information.
  int32 current_node_count = 112 [deprecated = true];

  // [Output only] The time the cluster will be automatically
  // deleted in [RFC3339](https://www.ietf.org/rfc/rfc3339.txt) text format.
  string expire_time = 113;

  // [Output only] The name of the Google Compute Engine
  // [zone](https://cloud.google.com/compute/docs/regions-zones/regions-zones#available)
  // or
  // [region](https://cloud.google.com/compute/docs/regions-zones/regions-zones#available)
  // in which the cluster resides.
  string location = 114;

  // Enable the ability to use Cloud TPUs in this cluster.
  bool enable_tpu = 115;

  // [Output only] The IP address range of the Cloud TPUs in this cluster, in
  // [CIDR](http://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing)
  // notation (e.g. `1.2.3.4/29`).
  string tpu_ipv4_cidr_block = 116;

  // Which conditions caused the current cluster state.
  repeated StatusCondition conditions = 118;
}

// ClusterUpdate describes an update to the cluster. Exactly one update can
// be applied to a cluster with each request, so at most one field can be
// provided.
message ClusterUpdate {
  // The Kubernetes version to change the nodes to (typically an
  // upgrade).
  //
  // Users may specify either explicit versions offered by
  // Kubernetes Engine or version aliases, which have the following behavior:
  //
  // - "latest": picks the highest valid Kubernetes version
  // - "1.X": picks the highest valid patch+gke.N patch in the 1.X version
  // - "1.X.Y": picks the highest valid gke.N patch in the 1.X.Y version
  // - "1.X.Y-gke.N": picks an explicit Kubernetes version
  // - "-": picks the Kubernetes master version
  string desired_node_version = 4;

  // The monitoring service the cluster should use to write metrics.
  // Currently available options:
  //
  // * "monitoring.googleapis.com/kubernetes" - The Cloud Monitoring
  // service with a Kubernetes-native resource model
  // * `monitoring.googleapis.com` - The legacy Cloud Monitoring service (no
  //   longer available as of GKE 1.15).
  // * `none` - No metrics will be exported from the cluster.
  //
  // If left as an empty string,`monitoring.googleapis.com/kubernetes` will be
  // used for GKE 1.14+ or `monitoring.googleapis.com` for earlier versions.
  string desired_monitoring_service = 5;

  // Configurations for the various addons available to run in the cluster.
  AddonsConfig desired_addons_config = 6;

  // The node pool to be upgraded. This field is mandatory if
  // "desired_node_version", "desired_image_family" or
  // "desired_node_pool_autoscaling" is specified and there is more than one
  // node pool on the cluster.
  string desired_node_pool_id = 7;

  // The desired image type for the node pool.
  // NOTE: Set the "desired_node_pool" field as well.
  string desired_image_type = 8;

  // Configuration of etcd encryption.
  DatabaseEncryption desired_database_encryption = 46;

  // Configuration for Workload Identity.
  WorkloadIdentityConfig desired_workload_identity_config = 47;

  // Configuration for Shielded Nodes.
  ShieldedNodes desired_shielded_nodes = 48;

  // Autoscaler configuration for the node pool specified in
  // desired_node_pool_id. If there is only one pool in the
  // cluster and desired_node_pool_id is not provided then
  // the change applies to that single node pool.
  NodePoolAutoscaling desired_node_pool_autoscaling = 9;

  // The desired list of Google Compute Engine
  // [zones](https://cloud.google.com/compute/docs/zones#available) in which the
  // cluster's nodes should be located.
  //
  // This list must always include the cluster's primary zone.
  //
  // Warning: changing cluster locations will update the locations of all node
  // pools and will result in nodes being added and/or removed.
  repeated string desired_locations = 10;

  // The desired configuration options for master authorized networks feature.
  MasterAuthorizedNetworksConfig desired_master_authorized_networks_config = 12;

  // Cluster-level autoscaling configuration.
  ClusterAutoscaling desired_cluster_autoscaling = 15;

  // The desired configuration options for the Binary Authorization feature.
  BinaryAuthorization desired_binary_authorization = 16;

  // The logging service the cluster should use to write logs.
  // Currently available options:
  //
  // * `logging.googleapis.com/kubernetes` - The Cloud Logging
  // service with a Kubernetes-native resource model
  // * `logging.googleapis.com` - The legacy Cloud Logging service (no longer
  //   available as of GKE 1.15).
  // * `none` - no logs will be exported from the cluster.
  //
  // If left as an empty string,`logging.googleapis.com/kubernetes` will be
  // used for GKE 1.14+ or `logging.googleapis.com` for earlier versions.
  string desired_logging_service = 19;

  // The desired configuration for exporting resource usage.
  ResourceUsageExportConfig desired_resource_usage_export_config = 21;

  // Cluster-level Vertical Pod Autoscaling configuration.
  VerticalPodAutoscaling desired_vertical_pod_autoscaling = 22;

  // The desired private cluster configuration.
  PrivateClusterConfig desired_private_cluster_config = 25;

  // The desired config of Intra-node visibility.
  IntraNodeVisibilityConfig desired_intra_node_visibility_config = 26;

  // The desired status of whether to disable default sNAT for this cluster.
  DefaultSnatStatus desired_default_snat_status = 28;

  // The desired release channel configuration.
  ReleaseChannel desired_release_channel = 31;

  // The desired authenticator groups config for the cluster.
  AuthenticatorGroupsConfig desired_authenticator_groups_config = 63;

  // The Kubernetes version to change the master to.
  //
  // Users may specify either explicit versions offered by
  // Kubernetes Engine or version aliases, which have the following behavior:
  //
  // - "latest": picks the highest valid Kubernetes version
  // - "1.X": picks the highest valid patch+gke.N patch in the 1.X version
  // - "1.X.Y": picks the highest valid gke.N patch in the 1.X.Y version
  // - "1.X.Y-gke.N": picks an explicit Kubernetes version
  // - "-": picks the default Kubernetes version
  string desired_master_version = 100;
}

// This operation resource represents operations that may have happened or are
// happening on the cluster. All fields are output only.
message Operation {
  // Current status of the operation.
  enum Status {
    // Not set.
    STATUS_UNSPECIFIED = 0;

    // The operation has been created.
    PENDING = 1;

    // The operation is currently running.
    RUNNING = 2;

    // The operation is done, either cancelled or completed.
    DONE = 3;

    // The operation is aborting.
    ABORTING = 4;
  }

  // Operation type.
  enum Type {
    // Not set.
    TYPE_UNSPECIFIED = 0;

    // Cluster create.
    CREATE_CLUSTER = 1;

    // Cluster delete.
    DELETE_CLUSTER = 2;

    // A master upgrade.
    UPGRADE_MASTER = 3;

    // A node upgrade.
    UPGRADE_NODES = 4;

    // Cluster repair.
    REPAIR_CLUSTER = 5;

    // Cluster update.
    UPDATE_CLUSTER = 6;

    // Node pool create.
    CREATE_NODE_POOL = 7;

    // Node pool delete.
    DELETE_NODE_POOL = 8;

    // Set node pool management.
    SET_NODE_POOL_MANAGEMENT = 9;

    // Automatic node pool repair.
    AUTO_REPAIR_NODES = 10;

    // Automatic node upgrade.
    AUTO_UPGRADE_NODES = 11;

    // Set labels.
    SET_LABELS = 12;

    // Set/generate master auth materials
    SET_MASTER_AUTH = 13;

    // Set node pool size.
    SET_NODE_POOL_SIZE = 14;

    // Updates network policy for a cluster.
    SET_NETWORK_POLICY = 15;

    // Set the maintenance policy.
    SET_MAINTENANCE_POLICY = 16;
  }

  // The server-assigned ID for the operation.
  string name = 1;

  // The name of the Google Compute Engine
  // [zone](https://cloud.google.com/compute/docs/zones#available) in which the
  // operation is taking place. This field is deprecated, use location instead.
  string zone = 2 [deprecated = true];

  // The operation type.
  Type operation_type = 3;

  // The current status of the operation.
  Status status = 4;

  // Detailed operation progress, if available.
  string detail = 8;

  // Output only. If an error has occurred, a textual description of the error.
  string status_message = 5 [(google.api.field_behavior) = OUTPUT_ONLY];

  // Server-defined URL for the resource.
  string self_link = 6;

  // Server-defined URL for the target of the operation.
  string target_link = 7;

  // [Output only] The name of the Google Compute Engine
  // [zone](https://cloud.google.com/compute/docs/regions-zones/regions-zones#available)
  // or
  // [region](https://cloud.google.com/compute/docs/regions-zones/regions-zones#available)
  // in which the cluster resides.
  string location = 9;

  // [Output only] The time the operation started, in
  // [RFC3339](https://www.ietf.org/rfc/rfc3339.txt) text format.
  string start_time = 10;

  // [Output only] The time the operation completed, in
  // [RFC3339](https://www.ietf.org/rfc/rfc3339.txt) text format.
  string end_time = 11;

  // Output only. [Output only] Progress information for an operation.
  OperationProgress progress = 12 [(google.api.field_behavior) = OUTPUT_ONLY];

  // Which conditions caused the current cluster state.
  repeated StatusCondition cluster_conditions = 13;

  // Which conditions caused the current node pool state.
  repeated StatusCondition nodepool_conditions = 14;
}

// Information about operation (or operation stage) progress.
message OperationProgress {
  // Progress metric is (string, int|float|string) pair.
  message Metric {
    // Required. Metric name, e.g., "nodes total", "percent done".
    string name = 1 [(google.api.field_behavior) = REQUIRED];

    // Strictly one of the values is required.
    oneof value {
      // For metrics with integer value.
      int64 int_value = 2;

      // For metrics with floating point value.
      double double_value = 3;

      // For metrics with custom values (ratios, visual progress, etc.).
      string string_value = 4;
    }
  }

  // A non-parameterized string describing an operation stage.
  // Unset for single-stage operations.
  string name = 1;

  // Status of an operation stage.
  // Unset for single-stage operations.
  Operation.Status status = 2;

  // Progress metric bundle, for example:
  //   metrics: [{name: "nodes done",     int_value: 15},
  //             {name: "nodes total",    int_value: 32}]
  // or
  //   metrics: [{name: "progress",       double_value: 0.56},
  //             {name: "progress scale", double_value: 1.0}]
  repeated Metric metrics = 3;

  // Substages of an operation or a stage.
  repeated OperationProgress stages = 4;
}

// CreateClusterRequest creates a cluster.
message CreateClusterRequest {
  // Deprecated. The Google Developers Console [project ID or project
  // number](https://support.google.com/cloud/answer/6158840).
  // This field has been deprecated and replaced by the parent field.
  string project_id = 1 [deprecated = true];

  // Deprecated. The name of the Google Compute Engine
  // [zone](https://cloud.google.com/compute/docs/zones#available) in which the
  // cluster resides. This field has been deprecated and replaced by the parent
  // field.
  string zone = 2 [deprecated = true];

  // Required. A [cluster
  // resource](https://cloud.google.com/container-engine/reference/rest/v1/projects.locations.clusters)
  Cluster cluster = 3 [(google.api.field_behavior) = REQUIRED];

  // The parent (project and location) where the cluster will be created.
  // Specified in the format `projects/*/locations/*`.
  string parent = 5;
}

// GetClusterRequest gets the settings of a cluster.
message GetClusterRequest {
  // Deprecated. The Google Developers Console [project ID or project
  // number](https://support.google.com/cloud/answer/6158840).
  // This field has been deprecated and replaced by the name field.
  string project_id = 1 [deprecated = true];

  // Deprecated. The name of the Google Compute Engine
  // [zone](https://cloud.google.com/compute/docs/zones#available) in which the
  // cluster resides. This field has been deprecated and replaced by the name
  // field.
  string zone = 2 [deprecated = true];

  // Deprecated. The name of the cluster to retrieve.
  // This field has been deprecated and replaced by the name field.
  string cluster_id = 3 [deprecated = true];

  // The name (project, location, cluster) of the cluster to retrieve.
  // Specified in the format `projects/*/locations/*/clusters/*`.
  string name = 5;
}

// UpdateClusterRequest updates the settings of a cluster.
message UpdateClusterRequest {
  // Deprecated. The Google Developers Console [project ID or project
  // number](https://support.google.com/cloud/answer/6158840).
  // This field has been deprecated and replaced by the name field.
  string project_id = 1 [deprecated = true];

  // Deprecated. The name of the Google Compute Engine
  // [zone](https://cloud.google.com/compute/docs/zones#available) in which the
  // cluster resides. This field has been deprecated and replaced by the name
  // field.
  string zone = 2 [deprecated = true];

  // Deprecated. The name of the cluster to upgrade.
  // This field has been deprecated and replaced by the name field.
  string cluster_id = 3 [deprecated = true];

  // Required. A description of the update.
  ClusterUpdate update = 4 [(google.api.field_behavior) = REQUIRED];

  // The name (project, location, cluster) of the cluster to update.
  // Specified in the format `projects/*/locations/*/clusters/*`.
  string name = 5;
}

// UpdateNodePoolRequests update a node pool's image and/or version.
message UpdateNodePoolRequest {
  // Deprecated. The Google Developers Console [project ID or project
  // number](https://support.google.com/cloud/answer/6158840).
  // This field has been deprecated and replaced by the name field.
  string project_id = 1 [deprecated = true];

  // Deprecated. The name of the Google Compute Engine
  // [zone](https://cloud.google.com/compute/docs/zones#available) in which the
  // cluster resides. This field has been deprecated and replaced by the name
  // field.
  string zone = 2 [deprecated = true];

  // Deprecated. The name of the cluster to upgrade.
  // This field has been deprecated and replaced by the name field.
  string cluster_id = 3 [deprecated = true];

  // Deprecated. The name of the node pool to upgrade.
  // This field has been deprecated and replaced by the name field.
  string node_pool_id = 4 [deprecated = true];

  // Required. The Kubernetes version to change the nodes to (typically an
  // upgrade).
  //
  // Users may specify either explicit versions offered by Kubernetes Engine or
  // version aliases, which have the following behavior:
  //
  // - "latest": picks the highest valid Kubernetes version
  // - "1.X": picks the highest valid patch+gke.N patch in the 1.X version
  // - "1.X.Y": picks the highest valid gke.N patch in the 1.X.Y version
  // - "1.X.Y-gke.N": picks an explicit Kubernetes version
  // - "-": picks the Kubernetes master version
  string node_version = 5 [(google.api.field_behavior) = REQUIRED];

  // Required. The desired image type for the node pool.
  string image_type = 6 [(google.api.field_behavior) = REQUIRED];

  // The name (project, location, cluster, node pool) of the node pool to
  // update. Specified in the format
  // `projects/*/locations/*/clusters/*/nodePools/*`.
  string name = 8;

  // The desired list of Google Compute Engine
  // [zones](https://cloud.google.com/compute/docs/zones#available) in which the
  // node pool's nodes should be located. Changing the locations for a node pool
  // will result in nodes being either created or removed from the node pool,
  // depending on whether locations are being added or removed.
  repeated string locations = 13;

  // The desired workload metadata config for the node pool.
  WorkloadMetadataConfig workload_metadata_config = 14;

  // Upgrade settings control disruption and speed of the upgrade.
  NodePool.UpgradeSettings upgrade_settings = 15;
}

// SetNodePoolAutoscalingRequest sets the autoscaler settings of a node pool.
message SetNodePoolAutoscalingRequest {
  // Deprecated. The Google Developers Console [project ID or project
  // number](https://support.google.com/cloud/answer/6158840).
  // This field has been deprecated and replaced by the name field.
  string project_id = 1 [deprecated = true];

  // Deprecated. The name of the Google Compute Engine
  // [zone](https://cloud.google.com/compute/docs/zones#available) in which the
  // cluster resides. This field has been deprecated and replaced by the name
  // field.
  string zone = 2 [deprecated = true];

  // Deprecated. The name of the cluster to upgrade.
  // This field has been deprecated and replaced by the name field.
  string cluster_id = 3 [deprecated = true];

  // Deprecated. The name of the node pool to upgrade.
  // This field has been deprecated and replaced by the name field.
  string node_pool_id = 4 [deprecated = true];

  // Required. Autoscaling configuration for the node pool.
  NodePoolAutoscaling autoscaling = 5 [(google.api.field_behavior) = REQUIRED];

  // The name (project, location, cluster, node pool) of the node pool to set
  // autoscaler settings. Specified in the format
  // `projects/*/locations/*/clusters/*/nodePools/*`.
  string name = 6;
}

// SetLoggingServiceRequest sets the logging service of a cluster.
message SetLoggingServiceRequest {
  // Deprecated. The Google Developers Console [project ID or project
  // number](https://support.google.com/cloud/answer/6158840).
  // This field has been deprecated and replaced by the name field.
  string project_id = 1 [deprecated = true];

  // Deprecated. The name of the Google Compute Engine
  // [zone](https://cloud.google.com/compute/docs/zones#available) in which the
  // cluster resides. This field has been deprecated and replaced by the name
  // field.
  string zone = 2 [deprecated = true];

  // Deprecated. The name of the cluster to upgrade.
  // This field has been deprecated and replaced by the name field.
  string cluster_id = 3 [deprecated = true];

  // Required. The logging service the cluster should use to write logs.
  // Currently available options:
  //
  // * `logging.googleapis.com/kubernetes` - The Cloud Logging
  // service with a Kubernetes-native resource model
  // * `logging.googleapis.com` - The legacy Cloud Logging service (no longer
  //   available as of GKE 1.15).
  // * `none` - no logs will be exported from the cluster.
  //
  // If left as an empty string,`logging.googleapis.com/kubernetes` will be
  // used for GKE 1.14+ or `logging.googleapis.com` for earlier versions.
  string logging_service = 4 [(google.api.field_behavior) = REQUIRED];

  // The name (project, location, cluster) of the cluster to set logging.
  // Specified in the format `projects/*/locations/*/clusters/*`.
  string name = 5;
}

// SetMonitoringServiceRequest sets the monitoring service of a cluster.
message SetMonitoringServiceRequest {
  // Deprecated. The Google Developers Console [project ID or project
  // number](https://support.google.com/cloud/answer/6158840).
  // This field has been deprecated and replaced by the name field.
  string project_id = 1 [deprecated = true];

  // Deprecated. The name of the Google Compute Engine
  // [zone](https://cloud.google.com/compute/docs/zones#available) in which the
  // cluster resides. This field has been deprecated and replaced by the name
  // field.
  string zone = 2 [deprecated = true];

  // Deprecated. The name of the cluster to upgrade.
  // This field has been deprecated and replaced by the name field.
  string cluster_id = 3 [deprecated = true];

  // Required. The monitoring service the cluster should use to write metrics.
  // Currently available options:
  //
  // * "monitoring.googleapis.com/kubernetes" - The Cloud Monitoring
  // service with a Kubernetes-native resource model
  // * `monitoring.googleapis.com` - The legacy Cloud Monitoring service (no
  //   longer available as of GKE 1.15).
  // * `none` - No metrics will be exported from the cluster.
  //
  // If left as an empty string,`monitoring.googleapis.com/kubernetes` will be
  // used for GKE 1.14+ or `monitoring.googleapis.com` for earlier versions.
  string monitoring_service = 4 [(google.api.field_behavior) = REQUIRED];

  // The name (project, location, cluster) of the cluster to set monitoring.
  // Specified in the format `projects/*/locations/*/clusters/*`.
  string name = 6;
}

// SetAddonsConfigRequest sets the addons associated with the cluster.
message SetAddonsConfigRequest {
  // Deprecated. The Google Developers Console [project ID or project
  // number](https://support.google.com/cloud/answer/6158840).
  // This field has been deprecated and replaced by the name field.
  string project_id = 1 [deprecated = true];

  // Deprecated. The name of the Google Compute Engine
  // [zone](https://cloud.google.com/compute/docs/zones#available) in which the
  // cluster resides. This field has been deprecated and replaced by the name
  // field.
  string zone = 2 [deprecated = true];

  // Deprecated. The name of the cluster to upgrade.
  // This field has been deprecated and replaced by the name field.
  string cluster_id = 3 [deprecated = true];

  // Required. The desired configurations for the various addons available to run in the
  // cluster.
  AddonsConfig addons_config = 4 [(google.api.field_behavior) = REQUIRED];

  // The name (project, location, cluster) of the cluster to set addons.
  // Specified in the format `projects/*/locations/*/clusters/*`.
  string name = 6;
}

// SetLocationsRequest sets the locations of the cluster.
message SetLocationsRequest {
  // Deprecated. The Google Developers Console [project ID or project
  // number](https://support.google.com/cloud/answer/6158840).
  // This field has been deprecated and replaced by the name field.
  string project_id = 1 [deprecated = true];

  // Deprecated. The name of the Google Compute Engine
  // [zone](https://cloud.google.com/compute/docs/zones#available) in which the
  // cluster resides. This field has been deprecated and replaced by the name
  // field.
  string zone = 2 [deprecated = true];

  // Deprecated. The name of the cluster to upgrade.
  // This field has been deprecated and replaced by the name field.
  string cluster_id = 3 [deprecated = true];

  // Required. The desired list of Google Compute Engine
  // [zones](https://cloud.google.com/compute/docs/zones#available) in which the
  // cluster's nodes should be located. Changing the locations a cluster is in
  // will result in nodes being either created or removed from the cluster,
  // depending on whether locations are being added or removed.
  //
  // This list must always include the cluster's primary zone.
  repeated string locations = 4 [(google.api.field_behavior) = REQUIRED];

  // The name (project, location, cluster) of the cluster to set locations.
  // Specified in the format `projects/*/locations/*/clusters/*`.
  string name = 6;
}

// UpdateMasterRequest updates the master of the cluster.
message UpdateMasterRequest {
  // Deprecated. The Google Developers Console [project ID or project
  // number](https://support.google.com/cloud/answer/6158840).
  // This field has been deprecated and replaced by the name field.
  string project_id = 1 [deprecated = true];

  // Deprecated. The name of the Google Compute Engine
  // [zone](https://cloud.google.com/compute/docs/zones#available) in which the
  // cluster resides. This field has been deprecated and replaced by the name
  // field.
  string zone = 2 [deprecated = true];

  // Deprecated. The name of the cluster to upgrade.
  // This field has been deprecated and replaced by the name field.
  string cluster_id = 3 [deprecated = true];

  // Required. The Kubernetes version to change the master to.
  //
  // Users may specify either explicit versions offered by Kubernetes Engine or
  // version aliases, which have the following behavior:
  //
  // - "latest": picks the highest valid Kubernetes version
  // - "1.X": picks the highest valid patch+gke.N patch in the 1.X version
  // - "1.X.Y": picks the highest valid gke.N patch in the 1.X.Y version
  // - "1.X.Y-gke.N": picks an explicit Kubernetes version
  // - "-": picks the default Kubernetes version
  string master_version = 4 [(google.api.field_behavior) = REQUIRED];

  // The name (project, location, cluster) of the cluster to update.
  // Specified in the format `projects/*/locations/*/clusters/*`.
  string name = 7;
}

// SetMasterAuthRequest updates the admin password of a cluster.
message SetMasterAuthRequest {
  // Operation type: what type update to perform.
  enum Action {
    // Operation is unknown and will error out.
    UNKNOWN = 0;

    // Set the password to a user generated value.
    SET_PASSWORD = 1;

    // Generate a new password and set it to that.
    GENERATE_PASSWORD = 2;

    // Set the username.  If an empty username is provided, basic authentication
    // is disabled for the cluster.  If a non-empty username is provided, basic
    // authentication is enabled, with either a provided password or a generated
    // one.
    SET_USERNAME = 3;
  }

  // Deprecated. The Google Developers Console [project ID or project
  // number](https://support.google.com/cloud/answer/6158840).
  // This field has been deprecated and replaced by the name field.
  string project_id = 1 [deprecated = true];

  // Deprecated. The name of the Google Compute Engine
  // [zone](https://cloud.google.com/compute/docs/zones#available) in which the
  // cluster resides. This field has been deprecated and replaced by the name
  // field.
  string zone = 2 [deprecated = true];

  // Deprecated. The name of the cluster to upgrade.
  // This field has been deprecated and replaced by the name field.
  string cluster_id = 3 [deprecated = true];

  // Required. The exact form of action to be taken on the master auth.
  Action action = 4 [(google.api.field_behavior) = REQUIRED];

  // Required. A description of the update.
  MasterAuth update = 5 [(google.api.field_behavior) = REQUIRED];

  // The name (project, location, cluster) of the cluster to set auth.
  // Specified in the format `projects/*/locations/*/clusters/*`.
  string name = 7;
}

// DeleteClusterRequest deletes a cluster.
message DeleteClusterRequest {
  // Deprecated. The Google Developers Console [project ID or project
  // number](https://support.google.com/cloud/answer/6158840).
  // This field has been deprecated and replaced by the name field.
  string project_id = 1 [deprecated = true];

  // Deprecated. The name of the Google Compute Engine
  // [zone](https://cloud.google.com/compute/docs/zones#available) in which the
  // cluster resides. This field has been deprecated and replaced by the name
  // field.
  string zone = 2 [deprecated = true];

  // Deprecated. The name of the cluster to delete.
  // This field has been deprecated and replaced by the name field.
  string cluster_id = 3 [deprecated = true];

  // The name (project, location, cluster) of the cluster to delete.
  // Specified in the format `projects/*/locations/*/clusters/*`.
  string name = 4;
}

// ListClustersRequest lists clusters.
message ListClustersRequest {
  // Deprecated. The Google Developers Console [project ID or project
  // number](https://support.google.com/cloud/answer/6158840).
  // This field has been deprecated and replaced by the parent field.
  string project_id = 1 [deprecated = true];

  // Deprecated. The name of the Google Compute Engine
  // [zone](https://cloud.google.com/compute/docs/zones#available) in which the
  // cluster resides, or "-" for all zones. This field has been deprecated and
  // replaced by the parent field.
  string zone = 2 [deprecated = true];

  // The parent (project and location) where the clusters will be listed.
  // Specified in the format `projects/*/locations/*`.
  // Location "-" matches all zones and all regions.
  string parent = 4;
}

// ListClustersResponse is the result of ListClustersRequest.
message ListClustersResponse {
  // A list of clusters in the project in the specified zone, or
  // across all ones.
  repeated Cluster clusters = 1;

  // If any zones are listed here, the list of clusters returned
  // may be missing those zones.
  repeated string missing_zones = 2;
}

// GetOperationRequest gets a single operation.
message GetOperationRequest {
  // Deprecated. The Google Developers Console [project ID or project
  // number](https://support.google.com/cloud/answer/6158840).
  // This field has been deprecated and replaced by the name field.
  string project_id = 1 [deprecated = true];

  // Deprecated. The name of the Google Compute Engine
  // [zone](https://cloud.google.com/compute/docs/zones#available) in which the
  // cluster resides. This field has been deprecated and replaced by the name
  // field.
  string zone = 2 [deprecated = true];

  // Deprecated. The server-assigned `name` of the operation.
  // This field has been deprecated and replaced by the name field.
  string operation_id = 3 [deprecated = true];

  // The name (project, location, operation id) of the operation to get.
  // Specified in the format `projects/*/locations/*/operations/*`.
  string name = 5;
}

// ListOperationsRequest lists operations.
message ListOperationsRequest {
  // Deprecated. The Google Developers Console [project ID or project
  // number](https://support.google.com/cloud/answer/6158840).
  // This field has been deprecated and replaced by the parent field.
  string project_id = 1 [deprecated = true];

  // Deprecated. The name of the Google Compute Engine
  // [zone](https://cloud.google.com/compute/docs/zones#available) to return
  // operations for, or `-` for all zones. This field has been deprecated and
  // replaced by the parent field.
  string zone = 2 [deprecated = true];

  // The parent (project and location) where the operations will be listed.
  // Specified in the format `projects/*/locations/*`.
  // Location "-" matches all zones and all regions.
  string parent = 4;
}

// CancelOperationRequest cancels a single operation.
message CancelOperationRequest {
  // Deprecated. The Google Developers Console [project ID or project
  // number](https://support.google.com/cloud/answer/6158840).
  // This field has been deprecated and replaced by the name field.
  string project_id = 1 [deprecated = true];

  // Deprecated. The name of the Google Compute Engine
  // [zone](https://cloud.google.com/compute/docs/zones#available) in which the
  // operation resides. This field has been deprecated and replaced by the name
  // field.
  string zone = 2 [deprecated = true];

  // Deprecated. The server-assigned `name` of the operation.
  // This field has been deprecated and replaced by the name field.
  string operation_id = 3 [deprecated = true];

  // The name (project, location, operation id) of the operation to cancel.
  // Specified in the format `projects/*/locations/*/operations/*`.
  string name = 4;
}

// ListOperationsResponse is the result of ListOperationsRequest.
message ListOperationsResponse {
  // A list of operations in the project in the specified zone.
  repeated Operation operations = 1;

  // If any zones are listed here, the list of operations returned
  // may be missing the operations from those zones.
  repeated string missing_zones = 2;
}

// Gets the current Kubernetes Engine service configuration.
message GetServerConfigRequest {
  // Deprecated. The Google Developers Console [project ID or project
  // number](https://support.google.com/cloud/answer/6158840).
  // This field has been deprecated and replaced by the name field.
  string project_id = 1 [deprecated = true];

  // Deprecated. The name of the Google Compute Engine
  // [zone](https://cloud.google.com/compute/docs/zones#available) to return
  // operations for. This field has been deprecated and replaced by the name
  // field.
  string zone = 2 [deprecated = true];

  // The name (project and location) of the server config to get,
  // specified in the format `projects/*/locations/*`.
  string name = 4;
}

// Kubernetes Engine service configuration.
message ServerConfig {
  // ReleaseChannelConfig exposes configuration for a release channel.
  message ReleaseChannelConfig {
    // The release channel this configuration applies to.
    ReleaseChannel.Channel channel = 1;

    // The default version for newly created clusters on the channel.
    string default_version = 2;

    // List of valid versions for the channel.
    repeated string valid_versions = 4;
  }

  // Version of Kubernetes the service deploys by default.
  string default_cluster_version = 1;

  // List of valid node upgrade target versions, in descending order.
  repeated string valid_node_versions = 3;

  // Default image type.
  string default_image_type = 4;

  // List of valid image types.
  repeated string valid_image_types = 5;

  // List of valid master versions, in descending order.
  repeated string valid_master_versions = 6;

  // List of release channel configurations.
  repeated ReleaseChannelConfig channels = 9;
}

// CreateNodePoolRequest creates a node pool for a cluster.
message CreateNodePoolRequest {
  // Deprecated. The Google Developers Console [project ID or project
  // number](https://developers.google.com/console/help/new/#projectnumber).
  // This field has been deprecated and replaced by the parent field.
  string project_id = 1 [deprecated = true];

  // Deprecated. The name of the Google Compute Engine
  // [zone](https://cloud.google.com/compute/docs/zones#available) in which the
  // cluster resides. This field has been deprecated and replaced by the parent
  // field.
  string zone = 2 [deprecated = true];

  // Deprecated. The name of the cluster.
  // This field has been deprecated and replaced by the parent field.
  string cluster_id = 3 [deprecated = true];

  // Required. The node pool to create.
  NodePool node_pool = 4 [(google.api.field_behavior) = REQUIRED];

  // The parent (project, location, cluster id) where the node pool will be
  // created. Specified in the format
  // `projects/*/locations/*/clusters/*`.
  string parent = 6;
}

// DeleteNodePoolRequest deletes a node pool for a cluster.
message DeleteNodePoolRequest {
  // Deprecated. The Google Developers Console [project ID or project
  // number](https://developers.google.com/console/help/new/#projectnumber).
  // This field has been deprecated and replaced by the name field.
  string project_id = 1 [deprecated = true];

  // Deprecated. The name of the Google Compute Engine
  // [zone](https://cloud.google.com/compute/docs/zones#available) in which the
  // cluster resides. This field has been deprecated and replaced by the name
  // field.
  string zone = 2 [deprecated = true];

  // Deprecated. The name of the cluster.
  // This field has been deprecated and replaced by the name field.
  string cluster_id = 3 [deprecated = true];

  // Deprecated. The name of the node pool to delete.
  // This field has been deprecated and replaced by the name field.
  string node_pool_id = 4 [deprecated = true];

  // The name (project, location, cluster, node pool id) of the node pool to
  // delete. Specified in the format
  // `projects/*/locations/*/clusters/*/nodePools/*`.
  string name = 6;
}

// ListNodePoolsRequest lists the node pool(s) for a cluster.
message ListNodePoolsRequest {
  // Deprecated. The Google Developers Console [project ID or project
  // number](https://developers.google.com/console/help/new/#projectnumber).
  // This field has been deprecated and replaced by the parent field.
  string project_id = 1 [deprecated = true];

  // Deprecated. The name of the Google Compute Engine
  // [zone](https://cloud.google.com/compute/docs/zones#available) in which the
  // cluster resides. This field has been deprecated and replaced by the parent
  // field.
  string zone = 2 [deprecated = true];

  // Deprecated. The name of the cluster.
  // This field has been deprecated and replaced by the parent field.
  string cluster_id = 3 [deprecated = true];

  // The parent (project, location, cluster id) where the node pools will be
  // listed. Specified in the format `projects/*/locations/*/clusters/*`.
  string parent = 5;
}

// GetNodePoolRequest retrieves a node pool for a cluster.
message GetNodePoolRequest {
  // Deprecated. The Google Developers Console [project ID or project
  // number](https://developers.google.com/console/help/new/#projectnumber).
  // This field has been deprecated and replaced by the name field.
  string project_id = 1 [deprecated = true];

  // Deprecated. The name of the Google Compute Engine
  // [zone](https://cloud.google.com/compute/docs/zones#available) in which the
  // cluster resides. This field has been deprecated and replaced by the name
  // field.
  string zone = 2 [deprecated = true];

  // Deprecated. The name of the cluster.
  // This field has been deprecated and replaced by the name field.
  string cluster_id = 3 [deprecated = true];

  // Deprecated. The name of the node pool.
  // This field has been deprecated and replaced by the name field.
  string node_pool_id = 4 [deprecated = true];

  // The name (project, location, cluster, node pool id) of the node pool to
  // get. Specified in the format
  // `projects/*/locations/*/clusters/*/nodePools/*`.
  string name = 6;
}

// NodePool contains the name and configuration for a cluster's node pool.
// Node pools are a set of nodes (i.e. VM's), with a common configuration and
// specification, under the control of the cluster master. They may have a set
// of Kubernetes labels applied to them, which may be used to reference them
// during pod scheduling. They may also be resized up or down, to accommodate
// the workload.
message NodePool {
  // These upgrade settings control the level of parallelism and the level of
  // disruption caused by an upgrade.
  //
  // maxUnavailable controls the number of nodes that can be simultaneously
  // unavailable.
  //
  // maxSurge controls the number of additional nodes that can be added to the
  // node pool temporarily for the time of the upgrade to increase the number of
  // available nodes.
  //
  // (maxUnavailable + maxSurge) determines the level of parallelism (how many
  // nodes are being upgraded at the same time).
  //
  // Note: upgrades inevitably introduce some disruption since workloads need to
  // be moved from old nodes to new, upgraded ones. Even if maxUnavailable=0,
  // this holds true. (Disruption stays within the limits of
  // PodDisruptionBudget, if it is configured.)
  //
  // Consider a hypothetical node pool with 5 nodes having maxSurge=2,
  // maxUnavailable=1. This means the upgrade process upgrades 3 nodes
  // simultaneously. It creates 2 additional (upgraded) nodes, then it brings
  // down 3 old (not yet upgraded) nodes at the same time. This ensures that
  // there are always at least 4 nodes available.
  message UpgradeSettings {
    // The maximum number of nodes that can be created beyond the current size
    // of the node pool during the upgrade process.
    int32 max_surge = 1;

    // The maximum number of nodes that can be simultaneously unavailable during
    // the upgrade process. A node is considered available if its status is
    // Ready.
    int32 max_unavailable = 2;
  }

  // The current status of the node pool instance.
  enum Status {
    // Not set.
    STATUS_UNSPECIFIED = 0;

    // The PROVISIONING state indicates the node pool is being created.
    PROVISIONING = 1;

    // The RUNNING state indicates the node pool has been created
    // and is fully usable.
    RUNNING = 2;

    // The RUNNING_WITH_ERROR state indicates the node pool has been created
    // and is partially usable. Some error state has occurred and some
    // functionality may be impaired. Customer may need to reissue a request
    // or trigger a new update.
    RUNNING_WITH_ERROR = 3;

    // The RECONCILING state indicates that some work is actively being done on
    // the node pool, such as upgrading node software. Details can
    // be found in the `statusMessage` field.
    RECONCILING = 4;

    // The STOPPING state indicates the node pool is being deleted.
    STOPPING = 5;

    // The ERROR state indicates the node pool may be unusable. Details
    // can be found in the `statusMessage` field.
    ERROR = 6;
  }

  // The name of the node pool.
  string name = 1;

  // The node configuration of the pool.
  NodeConfig config = 2;

  // The initial node count for the pool. You must ensure that your
  // Compute Engine [resource quota](https://cloud.google.com/compute/quotas)
  // is sufficient for this number of instances. You must also have available
  // firewall and routes quota.
  int32 initial_node_count = 3;

  // The list of Google Compute Engine
  // [zones](https://cloud.google.com/compute/docs/zones#available) in which the
  // NodePool's nodes should be located.
  //
  // If this value is unspecified during node pool creation, the
  // [Cluster.Locations](https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1/projects.locations.clusters#Cluster.FIELDS.locations)
  // value will be used, instead.
  //
  // Warning: changing node pool locations will result in nodes being added
  // and/or removed.
  repeated string locations = 13;

  // [Output only] Server-defined URL for the resource.
  string self_link = 100;

  // The version of the Kubernetes of this node.
  string version = 101;

  // [Output only] The resource URLs of the [managed instance
  // groups](https://cloud.google.com/compute/docs/instance-groups/creating-groups-of-managed-instances)
  // associated with this node pool.
  repeated string instance_group_urls = 102;

  // [Output only] The status of the nodes in this pool instance.
  Status status = 103;

  // [Output only] Deprecated. Use conditions instead.
  // Additional information about the current status of this
  // node pool instance, if available.
  string status_message = 104 [deprecated = true];

  // Autoscaler configuration for this NodePool. Autoscaler is enabled
  // only if a valid configuration is present.
  NodePoolAutoscaling autoscaling = 4;

  // NodeManagement configuration for this NodePool.
  NodeManagement management = 5;

  // The constraint on the maximum number of pods that can be run
  // simultaneously on a node in the node pool.
  MaxPodsConstraint max_pods_constraint = 6;

  // Which conditions caused the current node pool state.
  repeated StatusCondition conditions = 105;

  // [Output only] The pod CIDR block size per node in this node pool.
  int32 pod_ipv4_cidr_size = 7;

  // Upgrade settings control disruption and speed of the upgrade.
  UpgradeSettings upgrade_settings = 107;
}

// NodeManagement defines the set of node management services turned on for the
// node pool.
message NodeManagement {
  // A flag that specifies whether node auto-upgrade is enabled for the node
  // pool. If enabled, node auto-upgrade helps keep the nodes in your node pool
  // up to date with the latest release version of Kubernetes.
  bool auto_upgrade = 1;

  // A flag that specifies whether the node auto-repair is enabled for the node
  // pool. If enabled, the nodes in this node pool will be monitored and, if
  // they fail health checks too many times, an automatic repair action will be
  // triggered.
  bool auto_repair = 2;

  // Specifies the Auto Upgrade knobs for the node pool.
  AutoUpgradeOptions upgrade_options = 10;
}

// AutoUpgradeOptions defines the set of options for the user to control how
// the Auto Upgrades will proceed.
message AutoUpgradeOptions {
  // [Output only] This field is set when upgrades are about to commence
  // with the approximate start time for the upgrades, in
  // [RFC3339](https://www.ietf.org/rfc/rfc3339.txt) text format.
  string auto_upgrade_start_time = 1;

  // [Output only] This field is set when upgrades are about to commence
  // with the description of the upgrade.
  string description = 2;
}

// MaintenancePolicy defines the maintenance policy to be used for the cluster.
message MaintenancePolicy {
  // Specifies the maintenance window in which maintenance may be performed.
  MaintenanceWindow window = 1;

  // A hash identifying the version of this policy, so that updates to fields of
  // the policy won't accidentally undo intermediate changes (and so that users
  // of the API unaware of some fields won't accidentally remove other fields).
  // Make a `get()` request to the cluster to get the current
  // resource version and include it with requests to set the policy.
  string resource_version = 3;
}

// MaintenanceWindow defines the maintenance window to be used for the cluster.
message MaintenanceWindow {
  oneof policy {
    // DailyMaintenanceWindow specifies a daily maintenance operation window.
    DailyMaintenanceWindow daily_maintenance_window = 2;

    // RecurringWindow specifies some number of recurring time periods for
    // maintenance to occur. The time windows may be overlapping. If no
    // maintenance windows are set, maintenance can occur at any time.
    RecurringTimeWindow recurring_window = 3;
  }

  // Exceptions to maintenance window. Non-emergency maintenance should not
  // occur in these windows.
  map<string, TimeWindow> maintenance_exclusions = 4;
}

// Represents an arbitrary window of time.
message TimeWindow {
  // The time that the window first starts.
  google.protobuf.Timestamp start_time = 1;

  // The time that the window ends. The end time should take place after the
  // start time.
  google.protobuf.Timestamp end_time = 2;
}

// Represents an arbitrary window of time that recurs.
message RecurringTimeWindow {
  // The window of the first recurrence.
  TimeWindow window = 1;

  // An RRULE (https://tools.ietf.org/html/rfc5545#section-3.8.5.3) for how
  // this window reccurs. They go on for the span of time between the start and
  // end time.
  //
  // For example, to have something repeat every weekday, you'd use:
  // `FREQ=WEEKLY;BYDAY=MO,TU,WE,TH,FR`
  //
  // To repeat some window daily (equivalent to the DailyMaintenanceWindow):
  // `FREQ=DAILY`
  //
  // For the first weekend of every month:
  // `FREQ=MONTHLY;BYSETPOS=1;BYDAY=SA,SU`
  //
  // This specifies how frequently the window starts. Eg, if you wanted to have
  // a 9-5 UTC-4 window every weekday, you'd use something like:
  // ```
  // start time = 2019-01-01T09:00:00-0400
  // end time = 2019-01-01T17:00:00-0400
  // recurrence = FREQ=WEEKLY;BYDAY=MO,TU,WE,TH,FR
  // ```
  //
  // Windows can span multiple days. Eg, to make the window encompass every
  // weekend from midnight Saturday till the last minute of Sunday UTC:
  // ```
  // start time = 2019-01-05T00:00:00Z
  // end time = 2019-01-07T23:59:00Z
  // recurrence = FREQ=WEEKLY;BYDAY=SA
  // ```
  //
  // Note the start and end time's specific dates are largely arbitrary except
  // to specify duration of the window and when it first starts.
  // The FREQ values of HOURLY, MINUTELY, and SECONDLY are not supported.
  string recurrence = 2;
}

// Time window specified for daily maintenance operations.
message DailyMaintenanceWindow {
  // Time within the maintenance window to start the maintenance operations.
  // Time format should be in [RFC3339](https://www.ietf.org/rfc/rfc3339.txt)
  // format "HH:MM", where HH : [00-23] and MM : [00-59] GMT.
  string start_time = 2;

  // [Output only] Duration of the time window, automatically chosen to be
  // smallest possible in the given scenario.
  // Duration will be in [RFC3339](https://www.ietf.org/rfc/rfc3339.txt)
  // format "PTnHnMnS".
  string duration = 3;
}

// SetNodePoolManagementRequest sets the node management properties of a node
// pool.
message SetNodePoolManagementRequest {
  // Deprecated. The Google Developers Console [project ID or project
  // number](https://support.google.com/cloud/answer/6158840).
  // This field has been deprecated and replaced by the name field.
  string project_id = 1 [deprecated = true];

  // Deprecated. The name of the Google Compute Engine
  // [zone](https://cloud.google.com/compute/docs/zones#available) in which the
  // cluster resides. This field has been deprecated and replaced by the name
  // field.
  string zone = 2 [deprecated = true];

  // Deprecated. The name of the cluster to update.
  // This field has been deprecated and replaced by the name field.
  string cluster_id = 3 [deprecated = true];

  // Deprecated. The name of the node pool to update.
  // This field has been deprecated and replaced by the name field.
  string node_pool_id = 4 [deprecated = true];

  // Required. NodeManagement configuration for the node pool.
  NodeManagement management = 5 [(google.api.field_behavior) = REQUIRED];

  // The name (project, location, cluster, node pool id) of the node pool to set
  // management properties. Specified in the format
  // `projects/*/locations/*/clusters/*/nodePools/*`.
  string name = 7;
}

// SetNodePoolSizeRequest sets the size a node
// pool.
message SetNodePoolSizeRequest {
  // Deprecated. The Google Developers Console [project ID or project
  // number](https://support.google.com/cloud/answer/6158840).
  // This field has been deprecated and replaced by the name field.
  string project_id = 1 [deprecated = true];

  // Deprecated. The name of the Google Compute Engine
  // [zone](https://cloud.google.com/compute/docs/zones#available) in which the
  // cluster resides. This field has been deprecated and replaced by the name
  // field.
  string zone = 2 [deprecated = true];

  // Deprecated. The name of the cluster to update.
  // This field has been deprecated and replaced by the name field.
  string cluster_id = 3 [deprecated = true];

  // Deprecated. The name of the node pool to update.
  // This field has been deprecated and replaced by the name field.
  string node_pool_id = 4 [deprecated = true];

  // Required. The desired node count for the pool.
  int32 node_count = 5 [(google.api.field_behavior) = REQUIRED];

  // The name (project, location, cluster, node pool id) of the node pool to set
  // size.
  // Specified in the format `projects/*/locations/*/clusters/*/nodePools/*`.
  string name = 7;
}

// RollbackNodePoolUpgradeRequest rollbacks the previously Aborted or Failed
// NodePool upgrade. This will be an no-op if the last upgrade successfully
// completed.
message RollbackNodePoolUpgradeRequest {
  // Deprecated. The Google Developers Console [project ID or project
  // number](https://support.google.com/cloud/answer/6158840).
  // This field has been deprecated and replaced by the name field.
  string project_id = 1 [deprecated = true];

  // Deprecated. The name of the Google Compute Engine
  // [zone](https://cloud.google.com/compute/docs/zones#available) in which the
  // cluster resides. This field has been deprecated and replaced by the name
  // field.
  string zone = 2 [deprecated = true];

  // Deprecated. The name of the cluster to rollback.
  // This field has been deprecated and replaced by the name field.
  string cluster_id = 3 [deprecated = true];

  // Deprecated. The name of the node pool to rollback.
  // This field has been deprecated and replaced by the name field.
  string node_pool_id = 4 [deprecated = true];

  // The name (project, location, cluster, node pool id) of the node poll to
  // rollback upgrade.
  // Specified in the format `projects/*/locations/*/clusters/*/nodePools/*`.
  string name = 6;
}

// ListNodePoolsResponse is the result of ListNodePoolsRequest.
message ListNodePoolsResponse {
  // A list of node pools for a cluster.
  repeated NodePool node_pools = 1;
}

// ClusterAutoscaling contains global, per-cluster information
// required by Cluster Autoscaler to automatically adjust
// the size of the cluster and create/delete
// node pools based on the current needs.
message ClusterAutoscaling {
  // Enables automatic node pool creation and deletion.
  bool enable_node_autoprovisioning = 1;

  // Contains global constraints regarding minimum and maximum
  // amount of resources in the cluster.
  repeated ResourceLimit resource_limits = 2;

  // AutoprovisioningNodePoolDefaults contains defaults for a node pool
  // created by NAP.
  AutoprovisioningNodePoolDefaults autoprovisioning_node_pool_defaults = 4;

  // The list of Google Compute Engine
  // [zones](https://cloud.google.com/compute/docs/zones#available) in which the
  // NodePool's nodes can be created by NAP.
  repeated string autoprovisioning_locations = 5;
}

// AutoprovisioningNodePoolDefaults contains defaults for a node pool created
// by NAP.
message AutoprovisioningNodePoolDefaults {
  // Scopes that are used by NAP when creating node pools.
  repeated string oauth_scopes = 1;

  // The Google Cloud Platform Service Account to be used by the node VMs.
  string service_account = 2;

  // Specifies the upgrade settings for NAP created node pools
  NodePool.UpgradeSettings upgrade_settings = 3;

  // Specifies the node management options for NAP created node-pools.
  NodeManagement management = 4;

  // Minimum CPU platform to be used for NAP created node pools.
  // The instance may be scheduled on the specified or newer CPU platform.
  // Applicable values are the friendly names of CPU platforms, such as
  // minCpuPlatform: Intel Haswell or
  // minCpuPlatform: Intel Sandy Bridge. For more
  // information, read [how to specify min CPU
  // platform](https://cloud.google.com/compute/docs/instances/specify-min-cpu-platform)
  // To unset the min cpu platform field pass "automatic"
  // as field value.
  string min_cpu_platform = 5;

  // Size of the disk attached to each node, specified in GB.
  // The smallest allowed disk size is 10GB.
  //
  // If unspecified, the default disk size is 100GB.
  int32 disk_size_gb = 6;

  // Type of the disk attached to each node (e.g. 'pd-standard', 'pd-ssd' or
  // 'pd-balanced')
  //
  // If unspecified, the default disk type is 'pd-standard'
  string disk_type = 7;

  // Shielded Instance options.
  ShieldedInstanceConfig shielded_instance_config = 8;

  // The Customer Managed Encryption Key used to encrypt the boot disk attached
  // to each node in the node pool. This should be of the form
  // projects/[KEY_PROJECT_ID]/locations/[LOCATION]/keyRings/[RING_NAME]/cryptoKeys/[KEY_NAME].
  // For more information about protecting resources with Cloud KMS Keys please
  // see:
  // https://cloud.google.com/compute/docs/disks/customer-managed-encryption
  string boot_disk_kms_key = 9;

  // The image type to use for NAP created node.
  string image_type = 10;
}

// Contains information about amount of some resource in the cluster.
// For memory, value should be in GB.
message ResourceLimit {
  // Resource name "cpu", "memory" or gpu-specific string.
  string resource_type = 1;

  // Minimum amount of the resource in the cluster.
  int64 minimum = 2;

  // Maximum amount of the resource in the cluster.
  int64 maximum = 3;
}

// NodePoolAutoscaling contains information required by cluster autoscaler to
// adjust the size of the node pool to the current cluster usage.
message NodePoolAutoscaling {
  // Is autoscaling enabled for this node pool.
  bool enabled = 1;

  // Minimum number of nodes in the NodePool. Must be >= 1 and <=
  // max_node_count.
  int32 min_node_count = 2;

  // Maximum number of nodes in the NodePool. Must be >= min_node_count. There
  // has to enough quota to scale up the cluster.
  int32 max_node_count = 3;

  // Can this node pool be deleted automatically.
  bool autoprovisioned = 4;
}

// SetLabelsRequest sets the Google Cloud Platform labels on a Google Container
// Engine cluster, which will in turn set them for Google Compute Engine
// resources used by that cluster
message SetLabelsRequest {
  // Deprecated. The Google Developers Console [project ID or project
  // number](https://developers.google.com/console/help/new/#projectnumber).
  // This field has been deprecated and replaced by the name field.
  string project_id = 1 [deprecated = true];

  // Deprecated. The name of the Google Compute Engine
  // [zone](https://cloud.google.com/compute/docs/zones#available) in which the
  // cluster resides. This field has been deprecated and replaced by the name
  // field.
  string zone = 2 [deprecated = true];

  // Deprecated. The name of the cluster.
  // This field has been deprecated and replaced by the name field.
  string cluster_id = 3 [deprecated = true];

  // Required. The labels to set for that cluster.
  map<string, string> resource_labels = 4 [(google.api.field_behavior) = REQUIRED];

  // Required. The fingerprint of the previous set of labels for this resource,
  // used to detect conflicts. The fingerprint is initially generated by
  // Kubernetes Engine and changes after every request to modify or update
  // labels. You must always provide an up-to-date fingerprint hash when
  // updating or changing labels. Make a `get()` request to the
  // resource to get the latest fingerprint.
  string label_fingerprint = 5 [(google.api.field_behavior) = REQUIRED];

  // The name (project, location, cluster id) of the cluster to set labels.
  // Specified in the format `projects/*/locations/*/clusters/*`.
  string name = 7;
}

// SetLegacyAbacRequest enables or disables the ABAC authorization mechanism for
// a cluster.
message SetLegacyAbacRequest {
  // Deprecated. The Google Developers Console [project ID or project
  // number](https://support.google.com/cloud/answer/6158840).
  // This field has been deprecated and replaced by the name field.
  string project_id = 1 [deprecated = true];

  // Deprecated. The name of the Google Compute Engine
  // [zone](https://cloud.google.com/compute/docs/zones#available) in which the
  // cluster resides. This field has been deprecated and replaced by the name
  // field.
  string zone = 2 [deprecated = true];

  // Deprecated. The name of the cluster to update.
  // This field has been deprecated and replaced by the name field.
  string cluster_id = 3 [deprecated = true];

  // Required. Whether ABAC authorization will be enabled in the cluster.
  bool enabled = 4 [(google.api.field_behavior) = REQUIRED];

  // The name (project, location, cluster id) of the cluster to set legacy abac.
  // Specified in the format `projects/*/locations/*/clusters/*`.
  string name = 6;
}

// StartIPRotationRequest creates a new IP for the cluster and then performs
// a node upgrade on each node pool to point to the new IP.
message StartIPRotationRequest {
  // Deprecated. The Google Developers Console [project ID or project
  // number](https://developers.google.com/console/help/new/#projectnumber).
  // This field has been deprecated and replaced by the name field.
  string project_id = 1 [deprecated = true];

  // Deprecated. The name of the Google Compute Engine
  // [zone](https://cloud.google.com/compute/docs/zones#available) in which the
  // cluster resides. This field has been deprecated and replaced by the name
  // field.
  string zone = 2 [deprecated = true];

  // Deprecated. The name of the cluster.
  // This field has been deprecated and replaced by the name field.
  string cluster_id = 3 [deprecated = true];

  // The name (project, location, cluster id) of the cluster to start IP
  // rotation. Specified in the format `projects/*/locations/*/clusters/*`.
  string name = 6;

  // Whether to rotate credentials during IP rotation.
  bool rotate_credentials = 7;
}

// CompleteIPRotationRequest moves the cluster master back into single-IP mode.
message CompleteIPRotationRequest {
  // Deprecated. The Google Developers Console [project ID or project
  // number](https://developers.google.com/console/help/new/#projectnumber).
  // This field has been deprecated and replaced by the name field.
  string project_id = 1 [deprecated = true];

  // Deprecated. The name of the Google Compute Engine
  // [zone](https://cloud.google.com/compute/docs/zones#available) in which the
  // cluster resides. This field has been deprecated and replaced by the name
  // field.
  string zone = 2 [deprecated = true];

  // Deprecated. The name of the cluster.
  // This field has been deprecated and replaced by the name field.
  string cluster_id = 3 [deprecated = true];

  // The name (project, location, cluster id) of the cluster to complete IP
  // rotation. Specified in the format `projects/*/locations/*/clusters/*`.
  string name = 7;
}

// AcceleratorConfig represents a Hardware Accelerator request.
message AcceleratorConfig {
  // The number of the accelerator cards exposed to an instance.
  int64 accelerator_count = 1;

  // The accelerator type resource name. List of supported accelerators
  // [here](https://cloud.google.com/compute/docs/gpus)
  string accelerator_type = 2;
}

// WorkloadMetadataConfig defines the metadata configuration to expose to
// workloads on the node pool.
message WorkloadMetadataConfig {
  // Mode is the configuration for how to expose metadata to workloads running
  // on the node.
  enum Mode {
    // Not set.
    MODE_UNSPECIFIED = 0;

    // Expose all Compute Engine metadata to pods.
    GCE_METADATA = 1;

    // Run the GKE Metadata Server on this node. The GKE Metadata Server exposes
    // a metadata API to workloads that is compatible with the V1 Compute
    // Metadata APIs exposed by the Compute Engine and App Engine Metadata
    // Servers. This feature can only be enabled if Workload Identity is enabled
    // at the cluster level.
    GKE_METADATA = 2;
  }

  // Mode is the configuration for how to expose metadata to workloads running
  // on the node pool.
  Mode mode = 2;
}

// SetNetworkPolicyRequest enables/disables network policy for a cluster.
message SetNetworkPolicyRequest {
  // Deprecated. The Google Developers Console [project ID or project
  // number](https://developers.google.com/console/help/new/#projectnumber).
  // This field has been deprecated and replaced by the name field.
  string project_id = 1 [deprecated = true];

  // Deprecated. The name of the Google Compute Engine
  // [zone](https://cloud.google.com/compute/docs/zones#available) in which the
  // cluster resides. This field has been deprecated and replaced by the name
  // field.
  string zone = 2 [deprecated = true];

  // Deprecated. The name of the cluster.
  // This field has been deprecated and replaced by the name field.
  string cluster_id = 3 [deprecated = true];

  // Required. Configuration options for the NetworkPolicy feature.
  NetworkPolicy network_policy = 4 [(google.api.field_behavior) = REQUIRED];

  // The name (project, location, cluster id) of the cluster to set networking
  // policy. Specified in the format `projects/*/locations/*/clusters/*`.
  string name = 6;
}

// SetMaintenancePolicyRequest sets the maintenance policy for a cluster.
message SetMaintenancePolicyRequest {
  // Required. The Google Developers Console [project ID or project
  // number](https://support.google.com/cloud/answer/6158840).
  string project_id = 1 [(google.api.field_behavior) = REQUIRED];

  // Required. The name of the Google Compute Engine
  // [zone](https://cloud.google.com/compute/docs/zones#available) in which the
  // cluster resides.
  string zone = 2 [(google.api.field_behavior) = REQUIRED];

  // Required. The name of the cluster to update.
  string cluster_id = 3 [(google.api.field_behavior) = REQUIRED];

  // Required. The maintenance policy to be set for the cluster. An empty field
  // clears the existing maintenance policy.
  MaintenancePolicy maintenance_policy = 4 [(google.api.field_behavior) = REQUIRED];

  // The name (project, location, cluster id) of the cluster to set maintenance
  // policy.
  // Specified in the format `projects/*/locations/*/clusters/*`.
  string name = 5;
}

// StatusCondition describes why a cluster or a node pool has a certain status
// (e.g., ERROR or DEGRADED).
message StatusCondition {
  // Code for each condition
  enum Code {
    // UNKNOWN indicates a generic condition.
    UNKNOWN = 0;

    // GCE_STOCKOUT indicates that Google Compute Engine resources are
    // temporarily unavailable.
    GCE_STOCKOUT = 1;

    // GKE_SERVICE_ACCOUNT_DELETED indicates that the user deleted their robot
    // service account.
    GKE_SERVICE_ACCOUNT_DELETED = 2;

    // Google Compute Engine quota was exceeded.
    GCE_QUOTA_EXCEEDED = 3;

    // Cluster state was manually changed by an SRE due to a system logic error.
    SET_BY_OPERATOR = 4;

    // Unable to perform an encrypt operation against the CloudKMS key used for
    // etcd level encryption.
    // More codes TBA
    CLOUD_KMS_KEY_ERROR = 7;
  }

  // Machine-friendly representation of the condition
  Code code = 1;

  // Human-friendly representation of the condition
  string message = 2;
}

// NetworkConfig reports the relative names of network & subnetwork.
message NetworkConfig {
  // Output only. The relative name of the Google Compute Engine
  // [network][google.container.v1.NetworkConfig.network](https://cloud.google.com/compute/docs/networks-and-firewalls#networks)
  // to which the cluster is connected. Example:
  // projects/my-project/global/networks/my-network
  string network = 1;

  // Output only. The relative name of the Google Compute Engine
  // [subnetwork](https://cloud.google.com/compute/docs/vpc) to which the
  // cluster is connected. Example:
  // projects/my-project/regions/us-central1/subnetworks/my-subnet
  string subnetwork = 2;

  // Whether Intra-node visibility is enabled for this cluster.
  // This makes same node pod to pod traffic visible for VPC network.
  bool enable_intra_node_visibility = 5;

  // Whether the cluster disables default in-node sNAT rules. In-node sNAT rules
  // will be disabled when default_snat_status is disabled. When disabled is set
  // to false, default IP masquerade rules will be applied to the nodes to
  // prevent sNAT on cluster internal traffic.
  DefaultSnatStatus default_snat_status = 7;
}

// GetOpenIDConfigRequest gets the OIDC discovery document for the
// cluster. See the OpenID Connect Discovery 1.0 specification for details.
message GetOpenIDConfigRequest {
  // The cluster (project, location, cluster id) to get the discovery document
  // for. Specified in the format `projects/*/locations/*/clusters/*`.
  string parent = 1;
}

// GetOpenIDConfigResponse is an OIDC discovery document for the cluster.
// See the OpenID Connect Discovery 1.0 specification for details.
message GetOpenIDConfigResponse {
  // OIDC Issuer.
  string issuer = 1;

  // JSON Web Key uri.
  string jwks_uri = 2;

  // Supported response types.
  repeated string response_types_supported = 3;

  // Supported subject types.
  repeated string subject_types_supported = 4;

  // supported ID Token signing Algorithms.
  repeated string id_token_signing_alg_values_supported = 5;

  // Supported claims.
  repeated string claims_supported = 6;

  // Supported grant types.
  repeated string grant_types = 7;
}

// GetJSONWebKeysRequest gets the public component of the keys used by the
// cluster to sign token requests. This will be the jwks_uri for the discover
// document returned by getOpenIDConfig. See the OpenID Connect
// Discovery 1.0 specification for details.
message GetJSONWebKeysRequest {
  // The cluster (project, location, cluster id) to get keys for. Specified in
  // the format `projects/*/locations/*/clusters/*`.
  string parent = 1;
}

// Jwk is a JSON Web Key as specified in RFC 7517
message Jwk {
  // Key Type.
  string kty = 1;

  // Algorithm.
  string alg = 2;

  // Permitted uses for the public keys.
  string use = 3;

  // Key ID.
  string kid = 4;

  // Used for RSA keys.
  string n = 5;

  // Used for RSA keys.
  string e = 6;

  // Used for ECDSA keys.
  string x = 7;

  // Used for ECDSA keys.
  string y = 8;

  // Used for ECDSA keys.
  string crv = 9;
}

// GetJSONWebKeysResponse is a valid JSON Web Key Set as specififed in rfc 7517
message GetJSONWebKeysResponse {
  // The public component of the keys used by the cluster to sign token
  // requests.
  repeated Jwk keys = 1;
}

// ReleaseChannel indicates which release channel a cluster is
// subscribed to. Release channels are arranged in order of risk.
//
// When a cluster is subscribed to a release channel, Google maintains
// both the master version and the node version. Node auto-upgrade
// defaults to true and cannot be disabled.
message ReleaseChannel {
  // Possible values for 'channel'.
  enum Channel {
    // No channel specified.
    UNSPECIFIED = 0;

    // RAPID channel is offered on an early access basis for customers who want
    // to test new releases.
    //
    // WARNING: Versions available in the RAPID Channel may be subject to
    // unresolved issues with no known workaround and are not subject to any
    // SLAs.
    RAPID = 1;

    // Clusters subscribed to REGULAR receive versions that are considered GA
    // quality. REGULAR is intended for production users who want to take
    // advantage of new features.
    REGULAR = 2;

    // Clusters subscribed to STABLE receive versions that are known to be
    // stable and reliable in production.
    STABLE = 3;
  }

  // channel specifies which release channel the cluster is subscribed to.
  Channel channel = 1;
}

// IntraNodeVisibilityConfig contains the desired config of the intra-node
// visibility on this cluster.
message IntraNodeVisibilityConfig {
  // Enables intra node visibility for this cluster.
  bool enabled = 1;
}

// Constraints applied to pods.
message MaxPodsConstraint {
  // Constraint enforced on the max num of pods per node.
  int64 max_pods_per_node = 1;
}

// Configuration for the use of Kubernetes Service Accounts in GCP IAM
// policies.
message WorkloadIdentityConfig {
  // The workload pool to attach all Kubernetes service accounts to.
  string workload_pool = 2;
}

// Configuration of etcd encryption.
message DatabaseEncryption {
  // State of etcd encryption.
  enum State {
    // Should never be set
    UNKNOWN = 0;

    // Secrets in etcd are encrypted.
    ENCRYPTED = 1;

    // Secrets in etcd are stored in plain text (at etcd level) - this is
    // unrelated to Compute Engine level full disk encryption.
    DECRYPTED = 2;
  }

  // Denotes the state of etcd encryption.
  State state = 2;

  // Name of CloudKMS key to use for the encryption of secrets in etcd.
  // Ex. projects/my-project/locations/global/keyRings/my-ring/cryptoKeys/my-key
  string key_name = 1;
}

// ListUsableSubnetworksRequest requests the list of usable subnetworks
// available to a user for creating clusters.
message ListUsableSubnetworksRequest {
  // The parent project where subnetworks are usable.
  // Specified in the format `projects/*`.
  string parent = 1;

  // Filtering currently only supports equality on the networkProjectId and must
  // be in the form: "networkProjectId=[PROJECTID]", where `networkProjectId`
  // is the project which owns the listed subnetworks. This defaults to the
  // parent project ID.
  string filter = 2;

  // The max number of results per page that should be returned. If the number
  // of available results is larger than `page_size`, a `next_page_token` is
  // returned which can be used to get the next page of results in subsequent
  // requests. Acceptable values are 0 to 500, inclusive. (Default: 500)
  int32 page_size = 3;

  // Specifies a page token to use. Set this to the nextPageToken returned by
  // previous list requests to get the next page of results.
  string page_token = 4;
}

// ListUsableSubnetworksResponse is the response of
// ListUsableSubnetworksRequest.
message ListUsableSubnetworksResponse {
  // A list of usable subnetworks in the specified network project.
  repeated UsableSubnetwork subnetworks = 1;

  // This token allows you to get the next page of results for list requests.
  // If the number of results is larger than `page_size`, use the
  // `next_page_token` as a value for the query parameter `page_token` in the
  // next request. The value will become empty when there are no more pages.
  string next_page_token = 2;
}

// Secondary IP range of a usable subnetwork.
message UsableSubnetworkSecondaryRange {
  // Status shows the current usage of a secondary IP range.
  enum Status {
    // UNKNOWN is the zero value of the Status enum. It's not a valid status.
    UNKNOWN = 0;

    // UNUSED denotes that this range is unclaimed by any cluster.
    UNUSED = 1;

    // IN_USE_SERVICE denotes that this range is claimed by a cluster for
    // services. It cannot be used for other clusters.
    IN_USE_SERVICE = 2;

    // IN_USE_SHAREABLE_POD denotes this range was created by the network admin
    // and is currently claimed by a cluster for pods. It can only be used by
    // other clusters as a pod range.
    IN_USE_SHAREABLE_POD = 3;

    // IN_USE_MANAGED_POD denotes this range was created by GKE and is claimed
    // for pods. It cannot be used for other clusters.
    IN_USE_MANAGED_POD = 4;
  }

  // The name associated with this subnetwork secondary range, used when adding
  // an alias IP range to a VM instance.
  string range_name = 1;

  // The range of IP addresses belonging to this subnetwork secondary range.
  string ip_cidr_range = 2;

  // This field is to determine the status of the secondary range programmably.
  Status status = 3;
}

// UsableSubnetwork resource returns the subnetwork name, its associated network
// and the primary CIDR range.
message UsableSubnetwork {
  // Subnetwork Name.
  // Example: projects/my-project/regions/us-central1/subnetworks/my-subnet
  string subnetwork = 1;

  // Network Name.
  // Example: projects/my-project/global/networks/my-network
  string network = 2;

  // The range of internal addresses that are owned by this subnetwork.
  string ip_cidr_range = 3;

  // Secondary IP ranges.
  repeated UsableSubnetworkSecondaryRange secondary_ip_ranges = 4;

  // A human readable status message representing the reasons for cases where
  // the caller cannot use the secondary ranges under the subnet. For example if
  // the secondary_ip_ranges is empty due to a permission issue, an insufficient
  // permission message will be given by status_message.
  string status_message = 5;
}

// Configuration for exporting cluster resource usages.
message ResourceUsageExportConfig {
  // Parameters for using BigQuery as the destination of resource usage export.
  message BigQueryDestination {
    // The ID of a BigQuery Dataset.
    string dataset_id = 1;
  }

  // Parameters for controlling consumption metering.
  message ConsumptionMeteringConfig {
    // Whether to enable consumption metering for this cluster. If enabled, a
    // second BigQuery table will be created to hold resource consumption
    // records.
    bool enabled = 1;
  }

  // Configuration to use BigQuery as usage export destination.
  BigQueryDestination bigquery_destination = 1;

  // Whether to enable network egress metering for this cluster. If enabled, a
  // daemonset will be created in the cluster to meter network egress traffic.
  bool enable_network_egress_metering = 2;

  // Configuration to enable resource consumption metering.
  ConsumptionMeteringConfig consumption_metering_config = 3;
}

// VerticalPodAutoscaling contains global, per-cluster information
// required by Vertical Pod Autoscaler to automatically adjust
// the resources of pods controlled by it.
message VerticalPodAutoscaling {
  // Enables vertical pod autoscaling.
  bool enabled = 1;
}

// DefaultSnatStatus contains the desired state of whether default sNAT should
// be disabled on the cluster.
message DefaultSnatStatus {
  // Disables cluster default sNAT rules.
  bool disabled = 1;
}

// Configuration of Shielded Nodes feature.
message ShieldedNodes {
  // Whether Shielded Nodes features are enabled on all nodes in this cluster.
  bool enabled = 1;
}