membership.proto 9.2 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214
  1. // Copyright 2021 Google LLC
  2. //
  3. // Licensed under the Apache License, Version 2.0 (the "License");
  4. // you may not use this file except in compliance with the License.
  5. // You may obtain a copy of the License at
  6. //
  7. // http://www.apache.org/licenses/LICENSE-2.0
  8. //
  9. // Unless required by applicable law or agreed to in writing, software
  10. // distributed under the License is distributed on an "AS IS" BASIS,
  11. // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  12. // See the License for the specific language governing permissions and
  13. // limitations under the License.
  14. syntax = "proto3";
  15. package google.cloud.gkehub.v1;
  16. import "google/api/field_behavior.proto";
  17. import "google/api/resource.proto";
  18. import "google/protobuf/timestamp.proto";
  19. import "google/api/annotations.proto";
  20. option csharp_namespace = "Google.Cloud.GkeHub.V1";
  21. option go_package = "google.golang.org/genproto/googleapis/cloud/gkehub/v1;gkehub";
  22. option java_multiple_files = true;
  23. option java_outer_classname = "MembershipProto";
  24. option java_package = "com.google.cloud.gkehub.v1";
  25. option php_namespace = "Google\\Cloud\\GkeHub\\V1";
  26. option ruby_package = "Google::Cloud::GkeHub::V1";
  27. // Membership contains information about a member cluster.
  28. message Membership {
  29. option (google.api.resource) = {
  30. type: "gkehub.googleapis.com/Membership"
  31. pattern: "projects/{project}/locations/{location}/memberships/{membership}"
  32. };
  33. // Type of resource represented by this Membership
  34. oneof type {
  35. // Optional. Endpoint information to reach this member.
  36. MembershipEndpoint endpoint = 4 [(google.api.field_behavior) = OPTIONAL];
  37. }
  38. // Output only. The full, unique name of this Membership resource in the format
  39. // `projects/*/locations/*/memberships/{membership_id}`, set during creation.
  40. //
  41. // `membership_id` must be a valid RFC 1123 compliant DNS label:
  42. //
  43. // 1. At most 63 characters in length
  44. // 2. It must consist of lower case alphanumeric characters or `-`
  45. // 3. It must start and end with an alphanumeric character
  46. //
  47. // Which can be expressed as the regex: `[a-z0-9]([-a-z0-9]*[a-z0-9])?`,
  48. // with a maximum length of 63 characters.
  49. string name = 1 [(google.api.field_behavior) = OUTPUT_ONLY];
  50. // Optional. GCP labels for this membership.
  51. map<string, string> labels = 2 [(google.api.field_behavior) = OPTIONAL];
  52. // Output only. Description of this membership, limited to 63 characters.
  53. // Must match the regex: `[a-zA-Z0-9][a-zA-Z0-9_\-\.\ ]*`
  54. //
  55. // This field is present for legacy purposes.
  56. string description = 3 [(google.api.field_behavior) = OUTPUT_ONLY];
  57. // Output only. State of the Membership resource.
  58. MembershipState state = 5 [(google.api.field_behavior) = OUTPUT_ONLY];
  59. // Output only. When the Membership was created.
  60. google.protobuf.Timestamp create_time = 6 [(google.api.field_behavior) = OUTPUT_ONLY];
  61. // Output only. When the Membership was last updated.
  62. google.protobuf.Timestamp update_time = 7 [(google.api.field_behavior) = OUTPUT_ONLY];
  63. // Output only. When the Membership was deleted.
  64. google.protobuf.Timestamp delete_time = 8 [(google.api.field_behavior) = OUTPUT_ONLY];
  65. // Optional. An externally-generated and managed ID for this Membership. This ID may
  66. // be modified after creation, but this is not recommended.
  67. //
  68. // The ID must match the regex: `[a-zA-Z0-9][a-zA-Z0-9_\-\.]*`
  69. //
  70. // If this Membership represents a Kubernetes cluster, this value should be
  71. // set to the UID of the `kube-system` namespace object.
  72. string external_id = 9 [(google.api.field_behavior) = OPTIONAL];
  73. // Output only. For clusters using Connect, the timestamp of the most recent connection
  74. // established with Google Cloud. This time is updated every several minutes,
  75. // not continuously. For clusters that do not use GKE Connect, or that have
  76. // never connected successfully, this field will be unset.
  77. google.protobuf.Timestamp last_connection_time = 10 [(google.api.field_behavior) = OUTPUT_ONLY];
  78. // Output only. Google-generated UUID for this resource. This is unique across all
  79. // Membership resources. If a Membership resource is deleted and another
  80. // resource with the same name is created, it gets a different unique_id.
  81. string unique_id = 11 [(google.api.field_behavior) = OUTPUT_ONLY];
  82. // Optional. How to identify workloads from this Membership.
  83. // See the documentation on Workload Identity for more details:
  84. // https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity
  85. Authority authority = 12 [(google.api.field_behavior) = OPTIONAL];
  86. }
  87. // MembershipEndpoint contains information needed to contact a Kubernetes API,
  88. // endpoint and any additional Kubernetes metadata.
  89. message MembershipEndpoint {
  90. // Optional. GKE-specific information. Only present if this Membership is a GKE cluster.
  91. GkeCluster gke_cluster = 1 [(google.api.field_behavior) = OPTIONAL];
  92. // Output only. Useful Kubernetes-specific metadata.
  93. KubernetesMetadata kubernetes_metadata = 2 [(google.api.field_behavior) = OUTPUT_ONLY];
  94. }
  95. // GkeCluster contains information specific to GKE clusters.
  96. message GkeCluster {
  97. // Immutable. Self-link of the GCP resource for the GKE cluster. For example:
  98. //
  99. // //container.googleapis.com/projects/my-project/locations/us-west1-a/clusters/my-cluster
  100. //
  101. // Zonal clusters are also supported.
  102. string resource_link = 1 [(google.api.field_behavior) = IMMUTABLE];
  103. }
  104. // KubernetesMetadata provides informational metadata for Memberships
  105. // representing Kubernetes clusters.
  106. message KubernetesMetadata {
  107. // Output only. Kubernetes API server version string as reported by `/version`.
  108. string kubernetes_api_server_version = 1 [(google.api.field_behavior) = OUTPUT_ONLY];
  109. // Output only. Node providerID as reported by the first node in the list of nodes on
  110. // the Kubernetes endpoint. On Kubernetes platforms that support zero-node
  111. // clusters (like GKE-on-GCP), the node_count will be zero and the
  112. // node_provider_id will be empty.
  113. string node_provider_id = 2 [(google.api.field_behavior) = OUTPUT_ONLY];
  114. // Output only. Node count as reported by Kubernetes nodes resources.
  115. int32 node_count = 3 [(google.api.field_behavior) = OUTPUT_ONLY];
  116. // Output only. vCPU count as reported by Kubernetes nodes resources.
  117. int32 vcpu_count = 4 [(google.api.field_behavior) = OUTPUT_ONLY];
  118. // Output only. The total memory capacity as reported by the sum of all Kubernetes nodes
  119. // resources, defined in MB.
  120. int32 memory_mb = 5 [(google.api.field_behavior) = OUTPUT_ONLY];
  121. // Output only. The time at which these details were last updated. This update_time is
  122. // different from the Membership-level update_time since EndpointDetails are
  123. // updated internally for API consumers.
  124. google.protobuf.Timestamp update_time = 100 [(google.api.field_behavior) = OUTPUT_ONLY];
  125. }
  126. // MembershipState describes the state of a Membership resource.
  127. message MembershipState {
  128. // Code describes the state of a Membership resource.
  129. enum Code {
  130. // The code is not set.
  131. CODE_UNSPECIFIED = 0;
  132. // The cluster is being registered.
  133. CREATING = 1;
  134. // The cluster is registered.
  135. READY = 2;
  136. // The cluster is being unregistered.
  137. DELETING = 3;
  138. // The Membership is being updated.
  139. UPDATING = 4;
  140. // The Membership is being updated by the Hub Service.
  141. SERVICE_UPDATING = 5;
  142. }
  143. // Output only. The current state of the Membership resource.
  144. Code code = 1 [(google.api.field_behavior) = OUTPUT_ONLY];
  145. }
  146. // Authority encodes how Google will recognize identities from this Membership.
  147. // See the workload identity documentation for more details:
  148. // https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity
  149. message Authority {
  150. // Optional. A JSON Web Token (JWT) issuer URI. `issuer` must start with `https://` and
  151. // be a valid URL with length <2000 characters.
  152. //
  153. // If set, then Google will allow valid OIDC tokens from this issuer to
  154. // authenticate within the workload_identity_pool. OIDC discovery will be
  155. // performed on this URI to validate tokens from the issuer.
  156. //
  157. // Clearing `issuer` disables Workload Identity. `issuer` cannot be directly
  158. // modified; it must be cleared (and Workload Identity disabled) before using
  159. // a new issuer (and re-enabling Workload Identity).
  160. string issuer = 1 [(google.api.field_behavior) = OPTIONAL];
  161. // Output only. The name of the workload identity pool in which `issuer` will be
  162. // recognized.
  163. //
  164. // There is a single Workload Identity Pool per Hub that is shared
  165. // between all Memberships that belong to that Hub. For a Hub hosted in
  166. // {PROJECT_ID}, the workload pool format is `{PROJECT_ID}.hub.id.goog`,
  167. // although this is subject to change in newer versions of this API.
  168. string workload_identity_pool = 2 [(google.api.field_behavior) = OUTPUT_ONLY];
  169. // Output only. An identity provider that reflects the `issuer` in the workload identity
  170. // pool.
  171. string identity_provider = 3 [(google.api.field_behavior) = OUTPUT_ONLY];
  172. // Optional. OIDC verification keys for this Membership in JWKS format (RFC 7517).
  173. //
  174. // When this field is set, OIDC discovery will NOT be performed on `issuer`,
  175. // and instead OIDC tokens will be validated using this field.
  176. bytes oidc_jwks = 4 [(google.api.field_behavior) = OPTIONAL];
  177. }