kpt-grpc-demo/google/container/v1/cluster_service.proto

// Copyright 2022 Google LLC
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//     http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

syntax = "proto3";

package google.container.v1;

import "google/api/annotations.proto";
import "google/api/client.proto";
import "google/api/field_behavior.proto";
import "google/api/resource.proto";
import "google/protobuf/duration.proto";
import "google/protobuf/empty.proto";
import "google/protobuf/timestamp.proto";
import "google/protobuf/wrappers.proto";
import "google/rpc/code.proto";
import "google/rpc/status.proto";

option csharp_namespace = "Google.Cloud.Container.V1";
option go_package = "google.golang.org/genproto/googleapis/container/v1;container";
option java_multiple_files = true;
option java_outer_classname = "ClusterServiceProto";
option java_package = "com.google.container.v1";
option php_namespace = "Google\\Cloud\\Container\\V1";
option ruby_package = "Google::Cloud::Container::V1";
option (google.api.resource_definition) = {
  type: "pubsub.googleapis.com/Topic"
  pattern: "projects/{project}/topics/{topic}"
};

// Google Kubernetes Engine Cluster Manager v1
service ClusterManager {
  option (google.api.default_host) = "container.googleapis.com";
  option (google.api.oauth_scopes) = "https://www.googleapis.com/auth/cloud-platform";

  // Lists all clusters owned by a project in either the specified zone or all
  // zones.
  rpc ListClusters(ListClustersRequest) returns (ListClustersResponse) {
    option (google.api.http) = {
      get: "/v1/{parent=projects/*/locations/*}/clusters"
      additional_bindings {
        get: "/v1/projects/{project_id}/zones/{zone}/clusters"
      }
    };
    option (google.api.method_signature) = "project_id,zone";
    option (google.api.method_signature) = "parent";
  }

  // Gets the details of a specific cluster.
  rpc GetCluster(GetClusterRequest) returns (Cluster) {
    option (google.api.http) = {
      get: "/v1/{name=projects/*/locations/*/clusters/*}"
      additional_bindings {
        get: "/v1/projects/{project_id}/zones/{zone}/clusters/{cluster_id}"
      }
    };
    option (google.api.method_signature) = "project_id,zone,cluster_id";
    option (google.api.method_signature) = "name";
  }

  // Creates a cluster, consisting of the specified number and type of Google
  // Compute Engine instances.
  //
  // By default, the cluster is created in the project's
  // [default
  // network](https://cloud.google.com/compute/docs/networks-and-firewalls#networks).
  //
  // One firewall is added for the cluster. After cluster creation,
  // the Kubelet creates routes for each node to allow the containers
  // on that node to communicate with all other instances in the
  // cluster.
  //
  // Finally, an entry is added to the project's global metadata indicating
  // which CIDR range the cluster is using.
  rpc CreateCluster(CreateClusterRequest) returns (Operation) {
    option (google.api.http) = {
      post: "/v1/{parent=projects/*/locations/*}/clusters"
      body: "*"
      additional_bindings {
        post: "/v1/projects/{project_id}/zones/{zone}/clusters"
        body: "*"
      }
    };
    option (google.api.method_signature) = "project_id,zone,cluster";
    option (google.api.method_signature) = "parent,cluster";
  }

  // Updates the settings of a specific cluster.
  rpc UpdateCluster(UpdateClusterRequest) returns (Operation) {
    option (google.api.http) = {
      put: "/v1/{name=projects/*/locations/*/clusters/*}"
      body: "*"
      additional_bindings {
        put: "/v1/projects/{project_id}/zones/{zone}/clusters/{cluster_id}"
        body: "*"
      }
    };
    option (google.api.method_signature) = "project_id,zone,cluster_id,update";
    option (google.api.method_signature) = "name,update";
  }

  // Updates the version and/or image type for the specified node pool.
  rpc UpdateNodePool(UpdateNodePoolRequest) returns (Operation) {
    option (google.api.http) = {
      put: "/v1/{name=projects/*/locations/*/clusters/*/nodePools/*}"
      body: "*"
      additional_bindings {
        post: "/v1/projects/{project_id}/zones/{zone}/clusters/{cluster_id}/nodePools/{node_pool_id}/update"
        body: "*"
      }
    };
  }

  // Sets the autoscaling settings for the specified node pool.
  rpc SetNodePoolAutoscaling(SetNodePoolAutoscalingRequest) returns (Operation) {
    option (google.api.http) = {
      post: "/v1/{name=projects/*/locations/*/clusters/*/nodePools/*}:setAutoscaling"
      body: "*"
      additional_bindings {
        post: "/v1/projects/{project_id}/zones/{zone}/clusters/{cluster_id}/nodePools/{node_pool_id}/autoscaling"
        body: "*"
      }
    };
  }

  // Sets the logging service for a specific cluster.
  rpc SetLoggingService(SetLoggingServiceRequest) returns (Operation) {
    option (google.api.http) = {
      post: "/v1/{name=projects/*/locations/*/clusters/*}:setLogging"
      body: "*"
      additional_bindings {
        post: "/v1/projects/{project_id}/zones/{zone}/clusters/{cluster_id}/logging"
        body: "*"
      }
    };
    option (google.api.method_signature) = "project_id,zone,cluster_id,logging_service";
    option (google.api.method_signature) = "name,logging_service";
  }

  // Sets the monitoring service for a specific cluster.
  rpc SetMonitoringService(SetMonitoringServiceRequest) returns (Operation) {
    option (google.api.http) = {
      post: "/v1/{name=projects/*/locations/*/clusters/*}:setMonitoring"
      body: "*"
      additional_bindings {
        post: "/v1/projects/{project_id}/zones/{zone}/clusters/{cluster_id}/monitoring"
        body: "*"
      }
    };
    option (google.api.method_signature) = "project_id,zone,cluster_id,monitoring_service";
    option (google.api.method_signature) = "name,monitoring_service";
  }

  // Sets the addons for a specific cluster.
  rpc SetAddonsConfig(SetAddonsConfigRequest) returns (Operation) {
    option (google.api.http) = {
      post: "/v1/{name=projects/*/locations/*/clusters/*}:setAddons"
      body: "*"
      additional_bindings {
        post: "/v1/projects/{project_id}/zones/{zone}/clusters/{cluster_id}/addons"
        body: "*"
      }
    };
    option (google.api.method_signature) = "project_id,zone,cluster_id,addons_config";
    option (google.api.method_signature) = "name,addons_config";
  }

  // Sets the locations for a specific cluster.
  // Deprecated. Use
  // [projects.locations.clusters.update](https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1/projects.locations.clusters/update)
  // instead.
  rpc SetLocations(SetLocationsRequest) returns (Operation) {
    option deprecated = true;
    option (google.api.http) = {
      post: "/v1/{name=projects/*/locations/*/clusters/*}:setLocations"
      body: "*"
      additional_bindings {
        post: "/v1/projects/{project_id}/zones/{zone}/clusters/{cluster_id}/locations"
        body: "*"
      }
    };
    option (google.api.method_signature) = "project_id,zone,cluster_id,locations";
    option (google.api.method_signature) = "name,locations";
  }

  // Updates the master for a specific cluster.
  rpc UpdateMaster(UpdateMasterRequest) returns (Operation) {
    option (google.api.http) = {
      post: "/v1/{name=projects/*/locations/*/clusters/*}:updateMaster"
      body: "*"
      additional_bindings {
        post: "/v1/projects/{project_id}/zones/{zone}/clusters/{cluster_id}/master"
        body: "*"
      }
    };
    option (google.api.method_signature) = "project_id,zone,cluster_id,master_version";
    option (google.api.method_signature) = "name,master_version";
  }

  // Sets master auth materials. Currently supports changing the admin password
  // or a specific cluster, either via password generation or explicitly setting
  // the password.
  rpc SetMasterAuth(SetMasterAuthRequest) returns (Operation) {
    option (google.api.http) = {
      post: "/v1/{name=projects/*/locations/*/clusters/*}:setMasterAuth"
      body: "*"
      additional_bindings {
        post: "/v1/projects/{project_id}/zones/{zone}/clusters/{cluster_id}:setMasterAuth"
        body: "*"
      }
    };
  }

  // Deletes the cluster, including the Kubernetes endpoint and all worker
  // nodes.
  //
  // Firewalls and routes that were configured during cluster creation
  // are also deleted.
  //
  // Other Google Compute Engine resources that might be in use by the cluster,
  // such as load balancer resources, are not deleted if they weren't present
  // when the cluster was initially created.
  rpc DeleteCluster(DeleteClusterRequest) returns (Operation) {
    option (google.api.http) = {
      delete: "/v1/{name=projects/*/locations/*/clusters/*}"
      additional_bindings {
        delete: "/v1/projects/{project_id}/zones/{zone}/clusters/{cluster_id}"
      }
    };
    option (google.api.method_signature) = "project_id,zone,cluster_id";
    option (google.api.method_signature) = "name";
  }

  // Lists all operations in a project in a specific zone or all zones.
  rpc ListOperations(ListOperationsRequest) returns (ListOperationsResponse) {
    option (google.api.http) = {
      get: "/v1/{parent=projects/*/locations/*}/operations"
      additional_bindings {
        get: "/v1/projects/{project_id}/zones/{zone}/operations"
      }
    };
    option (google.api.method_signature) = "project_id,zone";
  }

  // Gets the specified operation.
  rpc GetOperation(GetOperationRequest) returns (Operation) {
    option (google.api.http) = {
      get: "/v1/{name=projects/*/locations/*/operations/*}"
      additional_bindings {
        get: "/v1/projects/{project_id}/zones/{zone}/operations/{operation_id}"
      }
    };
    option (google.api.method_signature) = "project_id,zone,operation_id";
    option (google.api.method_signature) = "name";
  }

  // Cancels the specified operation.
  rpc CancelOperation(CancelOperationRequest) returns (google.protobuf.Empty) {
    option (google.api.http) = {
      post: "/v1/{name=projects/*/locations/*/operations/*}:cancel"
      body: "*"
      additional_bindings {
        post: "/v1/projects/{project_id}/zones/{zone}/operations/{operation_id}:cancel"
        body: "*"
      }
    };
    option (google.api.method_signature) = "project_id,zone,operation_id";
    option (google.api.method_signature) = "name";
  }

  // Returns configuration info about the Google Kubernetes Engine service.
  rpc GetServerConfig(GetServerConfigRequest) returns (ServerConfig) {
    option (google.api.http) = {
      get: "/v1/{name=projects/*/locations/*}/serverConfig"
      additional_bindings {
        get: "/v1/projects/{project_id}/zones/{zone}/serverconfig"
      }
    };
    option (google.api.method_signature) = "project_id,zone";
    option (google.api.method_signature) = "name";
  }

  // Gets the public component of the cluster signing keys in
  // JSON Web Key format.
  // This API is not yet intended for general use, and is not available for all
  // clusters.
  rpc GetJSONWebKeys(GetJSONWebKeysRequest) returns (GetJSONWebKeysResponse) {
    option (google.api.http) = {
      get: "/v1/{parent=projects/*/locations/*/clusters/*}/jwks"
    };
  }

  // Lists the node pools for a cluster.
  rpc ListNodePools(ListNodePoolsRequest) returns (ListNodePoolsResponse) {
    option (google.api.http) = {
      get: "/v1/{parent=projects/*/locations/*/clusters/*}/nodePools"
      additional_bindings {
        get: "/v1/projects/{project_id}/zones/{zone}/clusters/{cluster_id}/nodePools"
      }
    };
    option (google.api.method_signature) = "project_id,zone,cluster_id";
    option (google.api.method_signature) = "parent";
  }

  // Retrieves the requested node pool.
  rpc GetNodePool(GetNodePoolRequest) returns (NodePool) {
    option (google.api.http) = {
      get: "/v1/{name=projects/*/locations/*/clusters/*/nodePools/*}"
      additional_bindings {
        get: "/v1/projects/{project_id}/zones/{zone}/clusters/{cluster_id}/nodePools/{node_pool_id}"
      }
    };
    option (google.api.method_signature) = "project_id,zone,cluster_id,node_pool_id";
    option (google.api.method_signature) = "name";
  }

  // Creates a node pool for a cluster.
  rpc CreateNodePool(CreateNodePoolRequest) returns (Operation) {
    option (google.api.http) = {
      post: "/v1/{parent=projects/*/locations/*/clusters/*}/nodePools"
      body: "*"
      additional_bindings {
        post: "/v1/projects/{project_id}/zones/{zone}/clusters/{cluster_id}/nodePools"
        body: "*"
      }
    };
    option (google.api.method_signature) = "project_id,zone,cluster_id,node_pool";
    option (google.api.method_signature) = "parent,node_pool";
  }

  // Deletes a node pool from a cluster.
  rpc DeleteNodePool(DeleteNodePoolRequest) returns (Operation) {
    option (google.api.http) = {
      delete: "/v1/{name=projects/*/locations/*/clusters/*/nodePools/*}"
      additional_bindings {
        delete: "/v1/projects/{project_id}/zones/{zone}/clusters/{cluster_id}/nodePools/{node_pool_id}"
      }
    };
    option (google.api.method_signature) = "project_id,zone,cluster_id,node_pool_id";
    option (google.api.method_signature) = "name";
  }

  // CompleteNodePoolUpgrade will signal an on-going node pool upgrade to
  // complete.
  rpc CompleteNodePoolUpgrade(CompleteNodePoolUpgradeRequest) returns (google.protobuf.Empty) {
    option (google.api.http) = {
      post: "/v1/{name=projects/*/locations/*/clusters/*/nodePools/*}:completeUpgrade"
      body: "*"
    };
  }

  // Rolls back a previously Aborted or Failed NodePool upgrade.
  // This makes no changes if the last upgrade successfully completed.
  rpc RollbackNodePoolUpgrade(RollbackNodePoolUpgradeRequest) returns (Operation) {
    option (google.api.http) = {
      post: "/v1/{name=projects/*/locations/*/clusters/*/nodePools/*}:rollback"
      body: "*"
      additional_bindings {
        post: "/v1/projects/{project_id}/zones/{zone}/clusters/{cluster_id}/nodePools/{node_pool_id}:rollback"
        body: "*"
      }
    };
    option (google.api.method_signature) = "project_id,zone,cluster_id,node_pool_id";
    option (google.api.method_signature) = "name";
  }

  // Sets the NodeManagement options for a node pool.
  rpc SetNodePoolManagement(SetNodePoolManagementRequest) returns (Operation) {
    option (google.api.http) = {
      post: "/v1/{name=projects/*/locations/*/clusters/*/nodePools/*}:setManagement"
      body: "*"
      additional_bindings {
        post: "/v1/projects/{project_id}/zones/{zone}/clusters/{cluster_id}/nodePools/{node_pool_id}/setManagement"
        body: "*"
      }
    };
  }

  // Sets labels on a cluster.
  rpc SetLabels(SetLabelsRequest) returns (Operation) {
    option (google.api.http) = {
      post: "/v1/{name=projects/*/locations/*/clusters/*}:setResourceLabels"
      body: "*"
      additional_bindings {
        post: "/v1/projects/{project_id}/zones/{zone}/clusters/{cluster_id}/resourceLabels"
        body: "*"
      }
    };
  }

  // Enables or disables the ABAC authorization mechanism on a cluster.
  rpc SetLegacyAbac(SetLegacyAbacRequest) returns (Operation) {
    option (google.api.http) = {
      post: "/v1/{name=projects/*/locations/*/clusters/*}:setLegacyAbac"
      body: "*"
      additional_bindings {
        post: "/v1/projects/{project_id}/zones/{zone}/clusters/{cluster_id}/legacyAbac"
        body: "*"
      }
    };
    option (google.api.method_signature) = "project_id,zone,cluster_id,enabled";
    option (google.api.method_signature) = "name,enabled";
  }

  // Starts master IP rotation.
  rpc StartIPRotation(StartIPRotationRequest) returns (Operation) {
    option (google.api.http) = {
      post: "/v1/{name=projects/*/locations/*/clusters/*}:startIpRotation"
      body: "*"
      additional_bindings {
        post: "/v1/projects/{project_id}/zones/{zone}/clusters/{cluster_id}:startIpRotation"
        body: "*"
      }
    };
    option (google.api.method_signature) = "project_id,zone,cluster_id";
    option (google.api.method_signature) = "name";
  }

  // Completes master IP rotation.
  rpc CompleteIPRotation(CompleteIPRotationRequest) returns (Operation) {
    option (google.api.http) = {
      post: "/v1/{name=projects/*/locations/*/clusters/*}:completeIpRotation"
      body: "*"
      additional_bindings {
        post: "/v1/projects/{project_id}/zones/{zone}/clusters/{cluster_id}:completeIpRotation"
        body: "*"
      }
    };
    option (google.api.method_signature) = "project_id,zone,cluster_id";
    option (google.api.method_signature) = "name";
  }

  // Sets the size for a specific node pool. The new size will be used for all
  // replicas, including future replicas created by modifying
  // [NodePool.locations][google.container.v1.NodePool.locations].
  rpc SetNodePoolSize(SetNodePoolSizeRequest) returns (Operation) {
    option (google.api.http) = {
      post: "/v1/{name=projects/*/locations/*/clusters/*/nodePools/*}:setSize"
      body: "*"
      additional_bindings {
        post: "/v1/projects/{project_id}/zones/{zone}/clusters/{cluster_id}/nodePools/{node_pool_id}/setSize"
        body: "*"
      }
    };
  }

  // Enables or disables Network Policy for a cluster.
  rpc SetNetworkPolicy(SetNetworkPolicyRequest) returns (Operation) {
    option (google.api.http) = {
      post: "/v1/{name=projects/*/locations/*/clusters/*}:setNetworkPolicy"
      body: "*"
      additional_bindings {
        post: "/v1/projects/{project_id}/zones/{zone}/clusters/{cluster_id}:setNetworkPolicy"
        body: "*"
      }
    };
    option (google.api.method_signature) = "project_id,zone,cluster_id,network_policy";
    option (google.api.method_signature) = "name,network_policy";
  }

  // Sets the maintenance policy for a cluster.
  rpc SetMaintenancePolicy(SetMaintenancePolicyRequest) returns (Operation) {
    option (google.api.http) = {
      post: "/v1/{name=projects/*/locations/*/clusters/*}:setMaintenancePolicy"
      body: "*"
      additional_bindings {
        post: "/v1/projects/{project_id}/zones/{zone}/clusters/{cluster_id}:setMaintenancePolicy"
        body: "*"
      }
    };
    option (google.api.method_signature) = "project_id,zone,cluster_id,maintenance_policy";
    option (google.api.method_signature) = "name,maintenance_policy";
  }

  // Lists subnetworks that are usable for creating clusters in a project.
  rpc ListUsableSubnetworks(ListUsableSubnetworksRequest) returns (ListUsableSubnetworksResponse) {
    option (google.api.http) = {
      get: "/v1/{parent=projects/*}/aggregated/usableSubnetworks"
    };
  }
}

// Parameters that can be configured on Linux nodes.
message LinuxNodeConfig {
  // Possible cgroup modes that can be used.
  enum CgroupMode {
    // CGROUP_MODE_UNSPECIFIED is when unspecified cgroup configuration is used.
    // The default for the GKE node OS image will be used.
    CGROUP_MODE_UNSPECIFIED = 0;

    // CGROUP_MODE_V1 specifies to use cgroupv1 for the cgroup configuration on
    // the node image.
    CGROUP_MODE_V1 = 1;

    // CGROUP_MODE_V2 specifies to use cgroupv2 for the cgroup configuration on
    // the node image.
    CGROUP_MODE_V2 = 2;
  }

  // The Linux kernel parameters to be applied to the nodes and all pods running
  // on the nodes.
  //
  // The following parameters are supported.
  //
  // net.core.busy_poll
  // net.core.busy_read
  // net.core.netdev_max_backlog
  // net.core.rmem_max
  // net.core.wmem_default
  // net.core.wmem_max
  // net.core.optmem_max
  // net.core.somaxconn
  // net.ipv4.tcp_rmem
  // net.ipv4.tcp_wmem
  // net.ipv4.tcp_tw_reuse
  map<string, string> sysctls = 1;

  // cgroup_mode specifies the cgroup mode to be used on the node.
  CgroupMode cgroup_mode = 2;
}

// Node kubelet configs.
message NodeKubeletConfig {
  // Control the CPU management policy on the node.
  // See
  // https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/
  //
  // The following values are allowed.
  // * "none": the default, which represents the existing scheduling behavior.
  // * "static": allows pods with certain resource characteristics to be granted
  // increased CPU affinity and exclusivity on the node.
  // The default value is 'none' if unspecified.
  string cpu_manager_policy = 1;

  // Enable CPU CFS quota enforcement for containers that specify CPU limits.
  //
  // This option is enabled by default which makes kubelet use CFS quota
  // (https://www.kernel.org/doc/Documentation/scheduler/sched-bwc.txt) to
  // enforce container CPU limits. Otherwise, CPU limits will not be enforced at
  // all.
  //
  // Disable this option to mitigate CPU throttling problems while still having
  // your pods to be in Guaranteed QoS class by specifying the CPU limits.
  //
  // The default value is 'true' if unspecified.
  google.protobuf.BoolValue cpu_cfs_quota = 2;

  // Set the CPU CFS quota period value 'cpu.cfs_period_us'.
  //
  // The string must be a sequence of decimal numbers, each with optional
  // fraction and a unit suffix, such as "300ms".
  // Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h".
  // The value must be a positive duration.
  string cpu_cfs_quota_period = 3;

  // Set the Pod PID limits. See
  // https://kubernetes.io/docs/concepts/policy/pid-limiting/#pod-pid-limits
  //
  // Controls the maximum number of processes allowed to run in a pod. The value
  // must be greater than or equal to 1024 and less than 4194304.
  int64 pod_pids_limit = 4;
}

// Parameters that describe the nodes in a cluster.
//
// GKE Autopilot clusters do not
// recognize parameters in `NodeConfig`. Use
// [AutoprovisioningNodePoolDefaults][google.container.v1.AutoprovisioningNodePoolDefaults]
// instead.
message NodeConfig {
  // The name of a Google Compute Engine [machine
  // type](https://cloud.google.com/compute/docs/machine-types)
  //
  // If unspecified, the default machine type is `e2-medium`.
  string machine_type = 1;

  // Size of the disk attached to each node, specified in GB.
  // The smallest allowed disk size is 10GB.
  //
  // If unspecified, the default disk size is 100GB.
  int32 disk_size_gb = 2;

  // The set of Google API scopes to be made available on all of the
  // node VMs under the "default" service account.
  //
  // The following scopes are recommended, but not required, and by default are
  // not included:
  //
  // * `https://www.googleapis.com/auth/compute` is required for mounting
  // persistent storage on your nodes.
  // * `https://www.googleapis.com/auth/devstorage.read_only` is required for
  // communicating with **gcr.io**
  // (the [Google Container
  // Registry](https://cloud.google.com/container-registry/)).
  //
  // If unspecified, no scopes are added, unless Cloud Logging or Cloud
  // Monitoring are enabled, in which case their required scopes will be added.
  repeated string oauth_scopes = 3;

  // The Google Cloud Platform Service Account to be used by the node VMs.
  // Specify the email address of the Service Account; otherwise, if no Service
  // Account is specified, the "default" service account is used.
  string service_account = 9;

  // The metadata key/value pairs assigned to instances in the cluster.
  //
  // Keys must conform to the regexp `[a-zA-Z0-9-_]+` and be less than 128 bytes
  // in length. These are reflected as part of a URL in the metadata server.
  // Additionally, to avoid ambiguity, keys must not conflict with any other
  // metadata keys for the project or be one of the reserved keys:
  //
  //  - "cluster-location"
  //  - "cluster-name"
  //  - "cluster-uid"
  //  - "configure-sh"
  //  - "containerd-configure-sh"
  //  - "enable-os-login"
  //  - "gci-ensure-gke-docker"
  //  - "gci-metrics-enabled"
  //  - "gci-update-strategy"
  //  - "instance-template"
  //  - "kube-env"
  //  - "startup-script"
  //  - "user-data"
  //  - "disable-address-manager"
  //  - "windows-startup-script-ps1"
  //  - "common-psm1"
  //  - "k8s-node-setup-psm1"
  //  - "install-ssh-psm1"
  //  - "user-profile-psm1"
  //
  // Values are free-form strings, and only have meaning as interpreted by
  // the image running in the instance. The only restriction placed on them is
  // that each value's size must be less than or equal to 32 KB.
  //
  // The total size of all keys and values must be less than 512 KB.
  map<string, string> metadata = 4;

  // The image type to use for this node. Note that for a given image type,
  // the latest version of it will be used.
  string image_type = 5;

  // The map of Kubernetes labels (key/value pairs) to be applied to each node.
  // These will added in addition to any default label(s) that
  // Kubernetes may apply to the node.
  // In case of conflict in label keys, the applied set may differ depending on
  // the Kubernetes version -- it's best to assume the behavior is undefined
  // and conflicts should be avoided.
  // For more information, including usage and the valid values, see:
  // https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
  map<string, string> labels = 6;

  // The number of local SSD disks to be attached to the node.
  //
  // The limit for this value is dependent upon the maximum number of
  // disks available on a machine per zone. See:
  // https://cloud.google.com/compute/docs/disks/local-ssd
  // for more information.
  int32 local_ssd_count = 7;

  // The list of instance tags applied to all nodes. Tags are used to identify
  // valid sources or targets for network firewalls and are specified by
  // the client during cluster or node pool creation. Each tag within the list
  // must comply with RFC1035.
  repeated string tags = 8;

  // Whether the nodes are created as preemptible VM instances. See:
  // https://cloud.google.com/compute/docs/instances/preemptible for more
  // information about preemptible VM instances.
  bool preemptible = 10;

  // A list of hardware accelerators to be attached to each node.
  // See https://cloud.google.com/compute/docs/gpus for more information about
  // support for GPUs.
  repeated AcceleratorConfig accelerators = 11;

  // Type of the disk attached to each node (e.g. 'pd-standard', 'pd-ssd' or
  // 'pd-balanced')
  //
  // If unspecified, the default disk type is 'pd-standard'
  string disk_type = 12;

  // Minimum CPU platform to be used by this instance. The instance may be
  // scheduled on the specified or newer CPU platform. Applicable values are the
  // friendly names of CPU platforms, such as
  // `minCpuPlatform: "Intel Haswell"` or
  // `minCpuPlatform: "Intel Sandy Bridge"`. For more
  // information, read [how to specify min CPU
  // platform](https://cloud.google.com/compute/docs/instances/specify-min-cpu-platform)
  string min_cpu_platform = 13;

  // The workload metadata configuration for this node.
  WorkloadMetadataConfig workload_metadata_config = 14;

  // List of kubernetes taints to be applied to each node.
  //
  // For more information, including usage and the valid values, see:
  // https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
  repeated NodeTaint taints = 15;

  // Sandbox configuration for this node.
  SandboxConfig sandbox_config = 17;

  // Setting this field will assign instances of this
  // pool to run on the specified node group. This is useful for running
  // workloads on [sole tenant
  // nodes](https://cloud.google.com/compute/docs/nodes/sole-tenant-nodes).
  string node_group = 18;

  // The optional reservation affinity. Setting this field will apply
  // the specified [Zonal Compute
  // Reservation](https://cloud.google.com/compute/docs/instances/reserving-zonal-resources)
  // to this node pool.
  ReservationAffinity reservation_affinity = 19;

  // Shielded Instance options.
  ShieldedInstanceConfig shielded_instance_config = 20;

  // Parameters that can be configured on Linux nodes.
  LinuxNodeConfig linux_node_config = 21;

  // Node kubelet configs.
  NodeKubeletConfig kubelet_config = 22;

  //
  // The Customer Managed Encryption Key used to encrypt the boot disk attached
  // to each node in the node pool. This should be of the form
  // projects/[KEY_PROJECT_ID]/locations/[LOCATION]/keyRings/[RING_NAME]/cryptoKeys/[KEY_NAME].
  // For more information about protecting resources with Cloud KMS Keys please
  // see:
  // https://cloud.google.com/compute/docs/disks/customer-managed-encryption
  string boot_disk_kms_key = 23;

  // Google Container File System (image streaming) configs.
  GcfsConfig gcfs_config = 25;

  // Advanced features for the Compute Engine VM.
  AdvancedMachineFeatures advanced_machine_features = 26;

  // Enable or disable gvnic in the node pool.
  VirtualNIC gvnic = 29;

  // Spot flag for enabling Spot VM, which is a rebrand of
  // the existing preemptible flag.
  bool spot = 32;

  // Confidential nodes config.
  // All the nodes in the node pool will be Confidential VM once enabled.
  ConfidentialNodes confidential_nodes = 35;

  // Enable or disable NCCL fast socket for the node pool.
  optional FastSocket fast_socket = 36;

  // The resource labels for the node pool to use to annotate any related
  // Google Compute Engine resources.
  map<string, string> resource_labels = 37;

  // Logging configuration.
  NodePoolLoggingConfig logging_config = 38;
}

// Specifies options for controlling advanced machine features.
message AdvancedMachineFeatures {
  // The number of threads per physical core. To disable simultaneous
  // multithreading (SMT) set this to 1. If unset, the maximum number of threads
  // supported per core by the underlying processor is assumed.
  optional int64 threads_per_core = 1;
}

// Parameters for node pool-level network config.
message NodeNetworkConfig {
  // Configuration of all network bandwidth tiers
  message NetworkPerformanceConfig {
    // Node network tier
    enum Tier {
      // Default value
      TIER_UNSPECIFIED = 0;

      // Higher bandwidth, actual values based on VM size.
      TIER_1 = 1;
    }

    // Specifies the total network bandwidth tier for the NodePool.
    optional Tier total_egress_bandwidth_tier = 1;
  }

  // Input only. Whether to create a new range for pod IPs in this node pool.
  // Defaults are provided for `pod_range` and `pod_ipv4_cidr_block` if they
  // are not specified.
  //
  // If neither `create_pod_range` or `pod_range` are specified, the
  // cluster-level default (`ip_allocation_policy.cluster_ipv4_cidr_block`) is
  // used.
  //
  // Only applicable if `ip_allocation_policy.use_ip_aliases` is true.
  //
  // This field cannot be changed after the node pool has been created.
  bool create_pod_range = 4 [(google.api.field_behavior) = INPUT_ONLY];

  // The ID of the secondary range for pod IPs.
  // If `create_pod_range` is true, this ID is used for the new range.
  // If `create_pod_range` is false, uses an existing secondary range with this
  // ID.
  //
  // Only applicable if `ip_allocation_policy.use_ip_aliases` is true.
  //
  // This field cannot be changed after the node pool has been created.
  string pod_range = 5;

  // The IP address range for pod IPs in this node pool.
  //
  // Only applicable if `create_pod_range` is true.
  //
  // Set to blank to have a range chosen with the default size.
  //
  // Set to /netmask (e.g. `/14`) to have a range chosen with a specific
  // netmask.
  //
  // Set to a
  // [CIDR](https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing)
  // notation (e.g. `10.96.0.0/14`) to pick a specific range to use.
  //
  // Only applicable if `ip_allocation_policy.use_ip_aliases` is true.
  //
  // This field cannot be changed after the node pool has been created.
  string pod_ipv4_cidr_block = 6;

  // Whether nodes have internal IP addresses only.
  // If enable_private_nodes is not specified, then the value is derived from
  // [cluster.privateClusterConfig.enablePrivateNodes][google.container.v1beta1.PrivateClusterConfig.enablePrivateNodes]
  optional bool enable_private_nodes = 9;

  // Network bandwidth tier configuration.
  optional NetworkPerformanceConfig network_performance_config = 11;
}

// A set of Shielded Instance options.
message ShieldedInstanceConfig {
  // Defines whether the instance has Secure Boot enabled.
  //
  // Secure Boot helps ensure that the system only runs authentic software by
  // verifying the digital signature of all boot components, and halting the
  // boot process if signature verification fails.
  bool enable_secure_boot = 1;

  // Defines whether the instance has integrity monitoring enabled.
  //
  // Enables monitoring and attestation of the boot integrity of the instance.
  // The attestation is performed against the integrity policy baseline. This
  // baseline is initially derived from the implicitly trusted boot image when
  // the instance is created.
  bool enable_integrity_monitoring = 2;
}

// SandboxConfig contains configurations of the sandbox to use for the node.
message SandboxConfig {
  // Possible types of sandboxes.
  enum Type {
    // Default value. This should not be used.
    UNSPECIFIED = 0;

    // Run sandbox using gvisor.
    GVISOR = 1;
  }

  // Type of the sandbox to use for the node.
  Type type = 2;
}

// GcfsConfig contains configurations of Google Container File System
// (image streaming).
message GcfsConfig {
  // Whether to use GCFS.
  bool enabled = 1;
}

// [ReservationAffinity](https://cloud.google.com/compute/docs/instances/reserving-zonal-resources)
// is the configuration of desired reservation which instances could take
// capacity from.
message ReservationAffinity {
  // Indicates whether to consume capacity from a reservation or not.
  enum Type {
    // Default value. This should not be used.
    UNSPECIFIED = 0;

    // Do not consume from any reserved capacity.
    NO_RESERVATION = 1;

    // Consume any reservation available.
    ANY_RESERVATION = 2;

    // Must consume from a specific reservation. Must specify key value fields
    // for specifying the reservations.
    SPECIFIC_RESERVATION = 3;
  }

  // Corresponds to the type of reservation consumption.
  Type consume_reservation_type = 1;

  // Corresponds to the label key of a reservation resource. To target a
  // SPECIFIC_RESERVATION by name, specify
  // "compute.googleapis.com/reservation-name" as the key and specify the name
  // of your reservation as its value.
  string key = 2;

  // Corresponds to the label value(s) of reservation resource(s).
  repeated string values = 3;
}

// Kubernetes taint is comprised of three fields: key, value, and effect. Effect
// can only be one of three types:  NoSchedule, PreferNoSchedule or NoExecute.
//
// See
// [here](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration)
// for more information, including usage and the valid values.
message NodeTaint {
  // Possible values for Effect in taint.
  enum Effect {
    // Not set
    EFFECT_UNSPECIFIED = 0;

    // NoSchedule
    NO_SCHEDULE = 1;

    // PreferNoSchedule
    PREFER_NO_SCHEDULE = 2;

    // NoExecute
    NO_EXECUTE = 3;
  }

  // Key for taint.
  string key = 1;

  // Value for taint.
  string value = 2;

  // Effect for taint.
  Effect effect = 3;
}

// Collection of Kubernetes [node
// taints](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration).
message NodeTaints {
  // List of node taints.
  repeated NodeTaint taints = 1;
}

// Collection of node-level [Kubernetes
// labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels).
message NodeLabels {
  // Map of node label keys and node label values.
  map<string, string> labels = 1;
}

// Collection of [GCP
// labels](https://cloud.google.com/resource-manager/docs/creating-managing-labels).
message ResourceLabels {
  // Map of node label keys and node label values.
  map<string, string> labels = 1;
}

// Collection of Compute Engine network tags that can be applied to a node's
// underlying VM instance.
message NetworkTags {
  // List of network tags.
  repeated string tags = 1;
}

// The authentication information for accessing the master endpoint.
// Authentication can be done using HTTP basic auth or using client
// certificates.
message MasterAuth {
  // The username to use for HTTP basic authentication to the master endpoint.
  // For clusters v1.6.0 and later, basic authentication can be disabled by
  // leaving username unspecified (or setting it to the empty string).
  //
  // Warning: basic authentication is deprecated, and will be removed in GKE
  // control plane versions 1.19 and newer. For a list of recommended
  // authentication methods, see:
  // https://cloud.google.com/kubernetes-engine/docs/how-to/api-server-authentication
  string username = 1 [deprecated = true];

  // The password to use for HTTP basic authentication to the master endpoint.
  // Because the master endpoint is open to the Internet, you should create a
  // strong password.  If a password is provided for cluster creation, username
  // must be non-empty.
  //
  // Warning: basic authentication is deprecated, and will be removed in GKE
  // control plane versions 1.19 and newer. For a list of recommended
  // authentication methods, see:
  // https://cloud.google.com/kubernetes-engine/docs/how-to/api-server-authentication
  string password = 2 [deprecated = true];

  // Configuration for client certificate authentication on the cluster. For
  // clusters before v1.12, if no configuration is specified, a client
  // certificate is issued.
  ClientCertificateConfig client_certificate_config = 3;

  // [Output only] Base64-encoded public certificate that is the root of
  // trust for the cluster.
  string cluster_ca_certificate = 100;

  // [Output only] Base64-encoded public certificate used by clients to
  // authenticate to the cluster endpoint.
  string client_certificate = 101;

  // [Output only] Base64-encoded private key used by clients to authenticate
  // to the cluster endpoint.
  string client_key = 102;
}

// Configuration for client certificates on the cluster.
message ClientCertificateConfig {
  // Issue a client certificate.
  bool issue_client_certificate = 1;
}

// Configuration for the addons that can be automatically spun up in the
// cluster, enabling additional functionality.
message AddonsConfig {
  // Configuration for the HTTP (L7) load balancing controller addon, which
  // makes it easy to set up HTTP load balancers for services in a cluster.
  HttpLoadBalancing http_load_balancing = 1;

  // Configuration for the horizontal pod autoscaling feature, which
  // increases or decreases the number of replica pods a replication controller
  // has based on the resource usage of the existing pods.
  HorizontalPodAutoscaling horizontal_pod_autoscaling = 2;

  // Configuration for the Kubernetes Dashboard.
  // This addon is deprecated, and will be disabled in 1.15. It is recommended
  // to use the Cloud Console to manage and monitor your Kubernetes clusters,
  // workloads and applications. For more information, see:
  // https://cloud.google.com/kubernetes-engine/docs/concepts/dashboards
  KubernetesDashboard kubernetes_dashboard = 3 [deprecated = true];

  // Configuration for NetworkPolicy. This only tracks whether the addon
  // is enabled or not on the Master, it does not track whether network policy
  // is enabled for the nodes.
  NetworkPolicyConfig network_policy_config = 4;

  // Configuration for the Cloud Run addon, which allows the user to use a
  // managed Knative service.
  CloudRunConfig cloud_run_config = 7;

  // Configuration for NodeLocalDNS, a dns cache running on cluster nodes
  DnsCacheConfig dns_cache_config = 8;

  // Configuration for the ConfigConnector add-on, a Kubernetes
  // extension to manage hosted GCP services through the Kubernetes API
  ConfigConnectorConfig config_connector_config = 10;

  // Configuration for the Compute Engine Persistent Disk CSI driver.
  GcePersistentDiskCsiDriverConfig gce_persistent_disk_csi_driver_config = 11;

  // Configuration for the GCP Filestore CSI driver.
  GcpFilestoreCsiDriverConfig gcp_filestore_csi_driver_config = 14;

  // Configuration for the Backup for GKE agent addon.
  GkeBackupAgentConfig gke_backup_agent_config = 16;
}

// Configuration options for the HTTP (L7) load balancing controller addon,
// which makes it easy to set up HTTP load balancers for services in a cluster.
message HttpLoadBalancing {
  // Whether the HTTP Load Balancing controller is enabled in the cluster.
  // When enabled, it runs a small pod in the cluster that manages the load
  // balancers.
  bool disabled = 1;
}

// Configuration options for the horizontal pod autoscaling feature, which
// increases or decreases the number of replica pods a replication controller
// has based on the resource usage of the existing pods.
message HorizontalPodAutoscaling {
  // Whether the Horizontal Pod Autoscaling feature is enabled in the cluster.
  // When enabled, it ensures that metrics are collected into Stackdriver
  // Monitoring.
  bool disabled = 1;
}

// Configuration for the Kubernetes Dashboard.
message KubernetesDashboard {
  // Whether the Kubernetes Dashboard is enabled for this cluster.
  bool disabled = 1;
}

// Configuration for NetworkPolicy. This only tracks whether the addon
// is enabled or not on the Master, it does not track whether network policy
// is enabled for the nodes.
message NetworkPolicyConfig {
  // Whether NetworkPolicy is enabled for this cluster.
  bool disabled = 1;
}

// Configuration for NodeLocal DNSCache
message DnsCacheConfig {
  // Whether NodeLocal DNSCache is enabled for this cluster.
  bool enabled = 1;
}

// Configuration for controlling master global access settings.
message PrivateClusterMasterGlobalAccessConfig {
  // Whenever master is accessible globally or not.
  bool enabled = 1;
}

// Configuration options for private clusters.
message PrivateClusterConfig {
  // Whether nodes have internal IP addresses only. If enabled, all nodes are
  // given only RFC 1918 private addresses and communicate with the master via
  // private networking.
  bool enable_private_nodes = 1;

  // Whether the master's internal IP address is used as the cluster endpoint.
  bool enable_private_endpoint = 2;

  // The IP range in CIDR notation to use for the hosted master network. This
  // range will be used for assigning internal IP addresses to the master or
  // set of masters, as well as the ILB VIP. This range must not overlap with
  // any other ranges in use within the cluster's network.
  string master_ipv4_cidr_block = 3;

  // Output only. The internal IP address of this cluster's master endpoint.
  string private_endpoint = 4;

  // Output only. The external IP address of this cluster's master endpoint.
  string public_endpoint = 5;

  // Output only. The peering name in the customer VPC used by this cluster.
  string peering_name = 7;

  // Controls master global access settings.
  PrivateClusterMasterGlobalAccessConfig master_global_access_config = 8;

  // Subnet to provision the master's private endpoint during cluster creation.
  // Specified in projects/*/regions/*/subnetworks/* format.
  string private_endpoint_subnetwork = 10;
}

// Configuration for returning group information from authenticators.
message AuthenticatorGroupsConfig {
  // Whether this cluster should return group membership lookups
  // during authentication using a group of security groups.
  bool enabled = 1;

  // The name of the security group-of-groups to be used. Only relevant
  // if enabled = true.
  string security_group = 2;
}

// Configuration options for the Cloud Run feature.
message CloudRunConfig {
  // Load balancer type of ingress service of Cloud Run.
  enum LoadBalancerType {
    // Load balancer type for Cloud Run is unspecified.
    LOAD_BALANCER_TYPE_UNSPECIFIED = 0;

    // Install external load balancer for Cloud Run.
    LOAD_BALANCER_TYPE_EXTERNAL = 1;

    // Install internal load balancer for Cloud Run.
    LOAD_BALANCER_TYPE_INTERNAL = 2;
  }

  // Whether Cloud Run addon is enabled for this cluster.
  bool disabled = 1;

  // Which load balancer type is installed for Cloud Run.
  LoadBalancerType load_balancer_type = 3;
}

// Configuration options for the Config Connector add-on.
message ConfigConnectorConfig {
  // Whether Cloud Connector is enabled for this cluster.
  bool enabled = 1;
}

// Configuration for the Compute Engine PD CSI driver.
message GcePersistentDiskCsiDriverConfig {
  // Whether the Compute Engine PD CSI driver is enabled for this cluster.
  bool enabled = 1;
}

// Configuration for the GCP Filestore CSI driver.
message GcpFilestoreCsiDriverConfig {
  // Whether the GCP Filestore CSI driver is enabled for this cluster.
  bool enabled = 1;
}

// Configuration for the Backup for GKE Agent.
message GkeBackupAgentConfig {
  // Whether the Backup for GKE agent is enabled for this cluster.
  bool enabled = 1;
}

// Configuration options for the master authorized networks feature. Enabled
// master authorized networks will disallow all external traffic to access
// Kubernetes master through HTTPS except traffic from the given CIDR blocks,
// Google Compute Engine Public IPs and Google Prod IPs.
message MasterAuthorizedNetworksConfig {
  // CidrBlock contains an optional name and one CIDR block.
  message CidrBlock {
    // display_name is an optional field for users to identify CIDR blocks.
    string display_name = 1;

    // cidr_block must be specified in CIDR notation.
    string cidr_block = 2;
  }

  // Whether or not master authorized networks is enabled.
  bool enabled = 1;

  // cidr_blocks define up to 50 external networks that could access
  // Kubernetes master through HTTPS.
  repeated CidrBlock cidr_blocks = 2;

  // Whether master is accessbile via Google Compute Engine Public IP addresses.
  optional bool gcp_public_cidrs_access_enabled = 3;
}

// Configuration for the legacy Attribute Based Access Control authorization
// mode.
message LegacyAbac {
  // Whether the ABAC authorizer is enabled for this cluster. When enabled,
  // identities in the system, including service accounts, nodes, and
  // controllers, will have statically granted permissions beyond those
  // provided by the RBAC configuration or IAM.
  bool enabled = 1;
}

// Configuration options for the NetworkPolicy feature.
// https://kubernetes.io/docs/concepts/services-networking/networkpolicies/
message NetworkPolicy {
  // Allowed Network Policy providers.
  enum Provider {
    // Not set
    PROVIDER_UNSPECIFIED = 0;

    // Tigera (Calico Felix).
    CALICO = 1;
  }

  // The selected network policy provider.
  Provider provider = 1;

  // Whether network policy is enabled on the cluster.
  bool enabled = 2;
}

// Configuration for Binary Authorization.
message BinaryAuthorization {
  // Binary Authorization mode of operation.
  enum EvaluationMode {
    // Default value
    EVALUATION_MODE_UNSPECIFIED = 0;

    // Disable BinaryAuthorization
    DISABLED = 1;

    // Enforce Kubernetes admission requests with BinaryAuthorization using the
    // project's singleton policy. This is equivalent to setting the
    // enabled boolean to true.
    PROJECT_SINGLETON_POLICY_ENFORCE = 2;
  }

  // This field is deprecated. Leave this unset and instead configure
  // BinaryAuthorization using evaluation_mode. If evaluation_mode is set to
  // anything other than EVALUATION_MODE_UNSPECIFIED, this field is ignored.
  bool enabled = 1 [deprecated = true];

  // Mode of operation for binauthz policy evaluation. If unspecified, defaults
  // to DISABLED.
  EvaluationMode evaluation_mode = 2;
}

// Configuration for controlling how IPs are allocated in the cluster.
message IPAllocationPolicy {
  // Whether alias IPs will be used for pod IPs in the cluster.
  // This is used in conjunction with use_routes. It cannot
  // be true if use_routes is true. If both use_ip_aliases and use_routes are
  // false, then the server picks the default IP allocation mode
  bool use_ip_aliases = 1;

  // Whether a new subnetwork will be created automatically for the cluster.
  //
  // This field is only applicable when `use_ip_aliases` is true.
  bool create_subnetwork = 2;

  // A custom subnetwork name to be used if `create_subnetwork` is true.  If
  // this field is empty, then an automatic name will be chosen for the new
  // subnetwork.
  string subnetwork_name = 3;

  // This field is deprecated, use cluster_ipv4_cidr_block.
  string cluster_ipv4_cidr = 4 [deprecated = true];

  // This field is deprecated, use node_ipv4_cidr_block.
  string node_ipv4_cidr = 5 [deprecated = true];

  // This field is deprecated, use services_ipv4_cidr_block.
  string services_ipv4_cidr = 6 [deprecated = true];

  // The name of the secondary range to be used for the cluster CIDR
  // block.  The secondary range will be used for pod IP
  // addresses. This must be an existing secondary range associated
  // with the cluster subnetwork.
  //
  // This field is only applicable with use_ip_aliases is true and
  // create_subnetwork is false.
  string cluster_secondary_range_name = 7;

  // The name of the secondary range to be used as for the services
  // CIDR block.  The secondary range will be used for service
  // ClusterIPs. This must be an existing secondary range associated
  // with the cluster subnetwork.
  //
  // This field is only applicable with use_ip_aliases is true and
  // create_subnetwork is false.
  string services_secondary_range_name = 8;

  // The IP address range for the cluster pod IPs. If this field is set, then
  // `cluster.cluster_ipv4_cidr` must be left blank.
  //
  // This field is only applicable when `use_ip_aliases` is true.
  //
  // Set to blank to have a range chosen with the default size.
  //
  // Set to /netmask (e.g. `/14`) to have a range chosen with a specific
  // netmask.
  //
  // Set to a
  // [CIDR](http://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing)
  // notation (e.g. `10.96.0.0/14`) from the RFC-1918 private networks (e.g.
  // `10.0.0.0/8`, `172.16.0.0/12`, `192.168.0.0/16`) to pick a specific range
  // to use.
  string cluster_ipv4_cidr_block = 9;

  // The IP address range of the instance IPs in this cluster.
  //
  // This is applicable only if `create_subnetwork` is true.
  //
  // Set to blank to have a range chosen with the default size.
  //
  // Set to /netmask (e.g. `/14`) to have a range chosen with a specific
  // netmask.
  //
  // Set to a
  // [CIDR](http://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing)
  // notation (e.g. `10.96.0.0/14`) from the RFC-1918 private networks (e.g.
  // `10.0.0.0/8`, `172.16.0.0/12`, `192.168.0.0/16`) to pick a specific range
  // to use.
  string node_ipv4_cidr_block = 10;

  // The IP address range of the services IPs in this cluster. If blank, a range
  // will be automatically chosen with the default size.
  //
  // This field is only applicable when `use_ip_aliases` is true.
  //
  // Set to blank to have a range chosen with the default size.
  //
  // Set to /netmask (e.g. `/14`) to have a range chosen with a specific
  // netmask.
  //
  // Set to a
  // [CIDR](http://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing)
  // notation (e.g. `10.96.0.0/14`) from the RFC-1918 private networks (e.g.
  // `10.0.0.0/8`, `172.16.0.0/12`, `192.168.0.0/16`) to pick a specific range
  // to use.
  string services_ipv4_cidr_block = 11;

  // The IP address range of the Cloud TPUs in this cluster. If unspecified, a
  // range will be automatically chosen with the default size.
  //
  // This field is only applicable when `use_ip_aliases` is true.
  //
  // If unspecified, the range will use the default size.
  //
  // Set to /netmask (e.g. `/14`) to have a range chosen with a specific
  // netmask.
  //
  // Set to a
  // [CIDR](http://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing)
  // notation (e.g. `10.96.0.0/14`) from the RFC-1918 private networks (e.g.
  // `10.0.0.0/8`, `172.16.0.0/12`, `192.168.0.0/16`) to pick a specific range
  // to use.
  string tpu_ipv4_cidr_block = 13;

  // Whether routes will be used for pod IPs in the cluster.
  // This is used in conjunction with use_ip_aliases. It cannot be true if
  // use_ip_aliases is true. If both use_ip_aliases and use_routes are false,
  // then the server picks the default IP allocation mode
  bool use_routes = 15;

  // The IP stack type of the cluster
  StackType stack_type = 16;

  // The ipv6 access type (internal or external) when create_subnetwork is true
  IPv6AccessType ipv6_access_type = 17;
}

// A Google Kubernetes Engine cluster.
message Cluster {
  // The current status of the cluster.
  enum Status {
    // Not set.
    STATUS_UNSPECIFIED = 0;

    // The PROVISIONING state indicates the cluster is being created.
    PROVISIONING = 1;

    // The RUNNING state indicates the cluster has been created and is fully
    // usable.
    RUNNING = 2;

    // The RECONCILING state indicates that some work is actively being done on
    // the cluster, such as upgrading the master or node software. Details can
    // be found in the `statusMessage` field.
    RECONCILING = 3;

    // The STOPPING state indicates the cluster is being deleted.
    STOPPING = 4;

    // The ERROR state indicates the cluster is unusable. It will be
    // automatically deleted. Details can be found in the `statusMessage` field.
    ERROR = 5;

    // The DEGRADED state indicates the cluster requires user action to restore
    // full functionality. Details can be found in the `statusMessage` field.
    DEGRADED = 6;
  }

  // The name of this cluster. The name must be unique within this project
  // and location (e.g. zone or region), and can be up to 40 characters with
  // the following restrictions:
  //
  // * Lowercase letters, numbers, and hyphens only.
  // * Must start with a letter.
  // * Must end with a number or a letter.
  string name = 1;

  // An optional description of this cluster.
  string description = 2;

  // The number of nodes to create in this cluster. You must ensure that your
  // Compute Engine [resource quota](https://cloud.google.com/compute/quotas)
  // is sufficient for this number of instances. You must also have available
  // firewall and routes quota.
  // For requests, this field should only be used in lieu of a
  // "node_pool" object, since this configuration (along with the
  // "node_config") will be used to create a "NodePool" object with an
  // auto-generated name. Do not use this and a node_pool at the same time.
  //
  // This field is deprecated, use node_pool.initial_node_count instead.
  int32 initial_node_count = 3 [deprecated = true];

  // Parameters used in creating the cluster's nodes.
  // For requests, this field should only be used in lieu of a
  // "node_pool" object, since this configuration (along with the
  // "initial_node_count") will be used to create a "NodePool" object with an
  // auto-generated name. Do not use this and a node_pool at the same time.
  // For responses, this field will be populated with the node configuration of
  // the first node pool. (For configuration of each node pool, see
  // `node_pool.config`)
  //
  // If unspecified, the defaults are used.
  // This field is deprecated, use node_pool.config instead.
  NodeConfig node_config = 4 [deprecated = true];

  // The authentication information for accessing the master endpoint.
  // If unspecified, the defaults are used:
  // For clusters before v1.12, if master_auth is unspecified, `username` will
  // be set to "admin", a random password will be generated, and a client
  // certificate will be issued.
  MasterAuth master_auth = 5;

  // The logging service the cluster should use to write logs.
  // Currently available options:
  //
  // * `logging.googleapis.com/kubernetes` - The Cloud Logging
  // service with a Kubernetes-native resource model
  // * `logging.googleapis.com` - The legacy Cloud Logging service (no longer
  //   available as of GKE 1.15).
  // * `none` - no logs will be exported from the cluster.
  //
  // If left as an empty string,`logging.googleapis.com/kubernetes` will be
  // used for GKE 1.14+ or `logging.googleapis.com` for earlier versions.
  string logging_service = 6;

  // The monitoring service the cluster should use to write metrics.
  // Currently available options:
  //
  // * "monitoring.googleapis.com/kubernetes" - The Cloud Monitoring
  // service with a Kubernetes-native resource model
  // * `monitoring.googleapis.com` - The legacy Cloud Monitoring service (no
  //   longer available as of GKE 1.15).
  // * `none` - No metrics will be exported from the cluster.
  //
  // If left as an empty string,`monitoring.googleapis.com/kubernetes` will be
  // used for GKE 1.14+ or `monitoring.googleapis.com` for earlier versions.
  string monitoring_service = 7;

  // The name of the Google Compute Engine
  // [network](https://cloud.google.com/compute/docs/networks-and-firewalls#networks)
  // to which the cluster is connected. If left unspecified, the `default`
  // network will be used.
  string network = 8;

  // The IP address range of the container pods in this cluster, in
  // [CIDR](http://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing)
  // notation (e.g. `10.96.0.0/14`). Leave blank to have
  // one automatically chosen or specify a `/14` block in `10.0.0.0/8`.
  string cluster_ipv4_cidr = 9;

  // Configurations for the various addons available to run in the cluster.
  AddonsConfig addons_config = 10;

  // The name of the Google Compute Engine
  // [subnetwork](https://cloud.google.com/compute/docs/subnetworks) to which
  // the cluster is connected.
  string subnetwork = 11;

  // The node pools associated with this cluster.
  // This field should not be set if "node_config" or "initial_node_count" are
  // specified.
  repeated NodePool node_pools = 12;

  // The list of Google Compute Engine
  // [zones](https://cloud.google.com/compute/docs/zones#available) in which the
  // cluster's nodes should be located.
  //
  // This field provides a default value if
  // [NodePool.Locations](https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1/projects.locations.clusters.nodePools#NodePool.FIELDS.locations)
  // are not specified during node pool creation.
  //
  // Warning: changing cluster locations will update the
  // [NodePool.Locations](https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1/projects.locations.clusters.nodePools#NodePool.FIELDS.locations)
  // of all node pools and will result in nodes being added and/or removed.
  repeated string locations = 13;

  // Kubernetes alpha features are enabled on this cluster. This includes alpha
  // API groups (e.g. v1alpha1) and features that may not be production ready in
  // the kubernetes version of the master and nodes.
  // The cluster has no SLA for uptime and master/node upgrades are disabled.
  // Alpha enabled clusters are automatically deleted thirty days after
  // creation.
  bool enable_kubernetes_alpha = 14;

  // The resource labels for the cluster to use to annotate any related
  // Google Compute Engine resources.
  map<string, string> resource_labels = 15;

  // The fingerprint of the set of labels for this cluster.
  string label_fingerprint = 16;

  // Configuration for the legacy ABAC authorization mode.
  LegacyAbac legacy_abac = 18;

  // Configuration options for the NetworkPolicy feature.
  NetworkPolicy network_policy = 19;

  // Configuration for cluster IP allocation.
  IPAllocationPolicy ip_allocation_policy = 20;

  // The configuration options for master authorized networks feature.
  MasterAuthorizedNetworksConfig master_authorized_networks_config = 22;

  // Configure the maintenance policy for this cluster.
  MaintenancePolicy maintenance_policy = 23;

  // Configuration for Binary Authorization.
  BinaryAuthorization binary_authorization = 24;

  // Cluster-level autoscaling configuration.
  ClusterAutoscaling autoscaling = 26;

  // Configuration for cluster networking.
  NetworkConfig network_config = 27;

  // The default constraint on the maximum number of pods that can be run
  // simultaneously on a node in the node pool of this cluster. Only honored
  // if cluster created with IP Alias support.
  MaxPodsConstraint default_max_pods_constraint = 30;

  // Configuration for exporting resource usages. Resource usage export is
  // disabled when this config is unspecified.
  ResourceUsageExportConfig resource_usage_export_config = 33;

  // Configuration controlling RBAC group membership information.
  AuthenticatorGroupsConfig authenticator_groups_config = 34;

  // Configuration for private cluster.
  PrivateClusterConfig private_cluster_config = 37;

  // Configuration of etcd encryption.
  DatabaseEncryption database_encryption = 38;

  // Cluster-level Vertical Pod Autoscaling configuration.
  VerticalPodAutoscaling vertical_pod_autoscaling = 39;

  // Shielded Nodes configuration.
  ShieldedNodes shielded_nodes = 40;

  // Release channel configuration.
  ReleaseChannel release_channel = 41;

  // Configuration for the use of Kubernetes Service Accounts in GCP IAM
  // policies.
  WorkloadIdentityConfig workload_identity_config = 43;

  // Configuration for issuance of mTLS keys and certificates to Kubernetes
  // pods.
  MeshCertificates mesh_certificates = 67;

  // Configuration for the fine-grained cost management feature.
  CostManagementConfig cost_management_config = 45;

  // Notification configuration of the cluster.
  NotificationConfig notification_config = 49;

  // Configuration of Confidential Nodes.
  // All the nodes in the cluster will be Confidential VM once enabled.
  ConfidentialNodes confidential_nodes = 50;

  // Configuration for Identity Service component.
  IdentityServiceConfig identity_service_config = 54;

  // [Output only] Server-defined URL for the resource.
  string self_link = 100;

  // [Output only] The name of the Google Compute Engine
  // [zone](https://cloud.google.com/compute/docs/zones#available) in which the
  // cluster resides. This field is deprecated, use location instead.
  string zone = 101 [deprecated = true];

  // [Output only] The IP address of this cluster's master endpoint.
  // The endpoint can be accessed from the internet at
  // `https://username:password@endpoint/`.
  //
  // See the `masterAuth` property of this resource for username and
  // password information.
  string endpoint = 102;

  // The initial Kubernetes version for this cluster.  Valid versions are those
  // found in validMasterVersions returned by getServerConfig.  The version can
  // be upgraded over time; such upgrades are reflected in
  // currentMasterVersion and currentNodeVersion.
  //
  // Users may specify either explicit versions offered by
  // Kubernetes Engine or version aliases, which have the following behavior:
  //
  // - "latest": picks the highest valid Kubernetes version
  // - "1.X": picks the highest valid patch+gke.N patch in the 1.X version
  // - "1.X.Y": picks the highest valid gke.N patch in the 1.X.Y version
  // - "1.X.Y-gke.N": picks an explicit Kubernetes version
  // - "","-": picks the default Kubernetes version
  string initial_cluster_version = 103;

  // [Output only] The current software version of the master endpoint.
  string current_master_version = 104;

  // [Output only] Deprecated, use
  // [NodePools.version](https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1/projects.locations.clusters.nodePools)
  // instead. The current version of the node software components. If they are
  // currently at multiple versions because they're in the process of being
  // upgraded, this reflects the minimum version of all nodes.
  string current_node_version = 105 [deprecated = true];

  // [Output only] The time the cluster was created, in
  // [RFC3339](https://www.ietf.org/rfc/rfc3339.txt) text format.
  string create_time = 106;

  // [Output only] The current status of this cluster.
  Status status = 107;

  // [Output only] Deprecated. Use conditions instead.
  // Additional information about the current status of this
  // cluster, if available.
  string status_message = 108 [deprecated = true];

  // [Output only] The size of the address space on each node for hosting
  // containers. This is provisioned from within the `container_ipv4_cidr`
  // range. This field will only be set when cluster is in route-based network
  // mode.
  int32 node_ipv4_cidr_size = 109;

  // [Output only] The IP address range of the Kubernetes services in
  // this cluster, in
  // [CIDR](http://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing)
  // notation (e.g. `1.2.3.4/29`). Service addresses are
  // typically put in the last `/16` from the container CIDR.
  string services_ipv4_cidr = 110;

  // Deprecated. Use node_pools.instance_group_urls.
  repeated string instance_group_urls = 111 [deprecated = true];

  // [Output only]  The number of nodes currently in the cluster. Deprecated.
  // Call Kubernetes API directly to retrieve node information.
  int32 current_node_count = 112 [deprecated = true];

  // [Output only] The time the cluster will be automatically
  // deleted in [RFC3339](https://www.ietf.org/rfc/rfc3339.txt) text format.
  string expire_time = 113;

  // [Output only] The name of the Google Compute Engine
  // [zone](https://cloud.google.com/compute/docs/regions-zones/regions-zones#available)
  // or
  // [region](https://cloud.google.com/compute/docs/regions-zones/regions-zones#available)
  // in which the cluster resides.
  string location = 114;

  // Enable the ability to use Cloud TPUs in this cluster.
  bool enable_tpu = 115;

  // [Output only] The IP address range of the Cloud TPUs in this cluster, in
  // [CIDR](http://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing)
  // notation (e.g. `1.2.3.4/29`).
  string tpu_ipv4_cidr_block = 116;

  // Which conditions caused the current cluster state.
  repeated StatusCondition conditions = 118;

  // Autopilot configuration for the cluster.
  Autopilot autopilot = 128;

  // Output only. Unique id for the cluster.
  string id = 129 [(google.api.field_behavior) = OUTPUT_ONLY];

  // Default NodePool settings for the entire cluster. These settings are
  // overridden if specified on the specific NodePool object.
  optional NodePoolDefaults node_pool_defaults = 131;

  // Logging configuration for the cluster.
  LoggingConfig logging_config = 132;

  // Monitoring configuration for the cluster.
  MonitoringConfig monitoring_config = 133;

  // Node pool configs that apply to all auto-provisioned node pools
  // in autopilot clusters and node auto-provisioning enabled clusters.
  NodePoolAutoConfig node_pool_auto_config = 136;
}

// Node pool configs that apply to all auto-provisioned node pools
// in autopilot clusters and node auto-provisioning enabled clusters.
message NodePoolAutoConfig {
  // The list of instance tags applied to all nodes. Tags are used to identify
  // valid sources or targets for network firewalls and are specified by
  // the client during cluster creation. Each tag within the list
  // must comply with RFC1035.
  NetworkTags network_tags = 1;
}

// Subset of Nodepool message that has defaults.
message NodePoolDefaults {
  // Subset of NodeConfig message that has defaults.
  NodeConfigDefaults node_config_defaults = 1;
}

// Subset of NodeConfig message that has defaults.
message NodeConfigDefaults {
  // GCFS (Google Container File System, also known as Riptide) options.
  GcfsConfig gcfs_config = 1;

  // Logging configuration for node pools.
  NodePoolLoggingConfig logging_config = 3;
}

// ClusterUpdate describes an update to the cluster. Exactly one update can
// be applied to a cluster with each request, so at most one field can be
// provided.
message ClusterUpdate {
  // The Kubernetes version to change the nodes to (typically an
  // upgrade).
  //
  // Users may specify either explicit versions offered by
  // Kubernetes Engine or version aliases, which have the following behavior:
  //
  // - "latest": picks the highest valid Kubernetes version
  // - "1.X": picks the highest valid patch+gke.N patch in the 1.X version
  // - "1.X.Y": picks the highest valid gke.N patch in the 1.X.Y version
  // - "1.X.Y-gke.N": picks an explicit Kubernetes version
  // - "-": picks the Kubernetes master version
  string desired_node_version = 4;

  // The monitoring service the cluster should use to write metrics.
  // Currently available options:
  //
  // * "monitoring.googleapis.com/kubernetes" - The Cloud Monitoring
  // service with a Kubernetes-native resource model
  // * `monitoring.googleapis.com` - The legacy Cloud Monitoring service (no
  //   longer available as of GKE 1.15).
  // * `none` - No metrics will be exported from the cluster.
  //
  // If left as an empty string,`monitoring.googleapis.com/kubernetes` will be
  // used for GKE 1.14+ or `monitoring.googleapis.com` for earlier versions.
  string desired_monitoring_service = 5;

  // Configurations for the various addons available to run in the cluster.
  AddonsConfig desired_addons_config = 6;

  // The node pool to be upgraded. This field is mandatory if
  // "desired_node_version", "desired_image_family" or
  // "desired_node_pool_autoscaling" is specified and there is more than one
  // node pool on the cluster.
  string desired_node_pool_id = 7;

  // The desired image type for the node pool.
  // NOTE: Set the "desired_node_pool" field as well.
  string desired_image_type = 8;

  // Configuration of etcd encryption.
  DatabaseEncryption desired_database_encryption = 46;

  // Configuration for Workload Identity.
  WorkloadIdentityConfig desired_workload_identity_config = 47;

  // Configuration for issuance of mTLS keys and certificates to Kubernetes
  // pods.
  MeshCertificates desired_mesh_certificates = 67;

  // Configuration for Shielded Nodes.
  ShieldedNodes desired_shielded_nodes = 48;

  // The desired configuration for the fine-grained cost management feature.
  CostManagementConfig desired_cost_management_config = 49;

  // DNSConfig contains clusterDNS config for this cluster.
  DNSConfig desired_dns_config = 53;

  // Autoscaler configuration for the node pool specified in
  // desired_node_pool_id. If there is only one pool in the
  // cluster and desired_node_pool_id is not provided then
  // the change applies to that single node pool.
  NodePoolAutoscaling desired_node_pool_autoscaling = 9;

  // The desired list of Google Compute Engine
  // [zones](https://cloud.google.com/compute/docs/zones#available) in which the
  // cluster's nodes should be located.
  //
  // This list must always include the cluster's primary zone.
  //
  // Warning: changing cluster locations will update the locations of all node
  // pools and will result in nodes being added and/or removed.
  repeated string desired_locations = 10;

  // The desired configuration options for master authorized networks feature.
  MasterAuthorizedNetworksConfig desired_master_authorized_networks_config = 12;

  // Cluster-level autoscaling configuration.
  ClusterAutoscaling desired_cluster_autoscaling = 15;

  // The desired configuration options for the Binary Authorization feature.
  BinaryAuthorization desired_binary_authorization = 16;

  // The logging service the cluster should use to write logs.
  // Currently available options:
  //
  // * `logging.googleapis.com/kubernetes` - The Cloud Logging
  // service with a Kubernetes-native resource model
  // * `logging.googleapis.com` - The legacy Cloud Logging service (no longer
  //   available as of GKE 1.15).
  // * `none` - no logs will be exported from the cluster.
  //
  // If left as an empty string,`logging.googleapis.com/kubernetes` will be
  // used for GKE 1.14+ or `logging.googleapis.com` for earlier versions.
  string desired_logging_service = 19;

  // The desired configuration for exporting resource usage.
  ResourceUsageExportConfig desired_resource_usage_export_config = 21;

  // Cluster-level Vertical Pod Autoscaling configuration.
  VerticalPodAutoscaling desired_vertical_pod_autoscaling = 22;

  // The desired private cluster configuration.
  PrivateClusterConfig desired_private_cluster_config = 25;

  // The desired config of Intra-node visibility.
  IntraNodeVisibilityConfig desired_intra_node_visibility_config = 26;

  // The desired status of whether to disable default sNAT for this cluster.
  DefaultSnatStatus desired_default_snat_status = 28;

  // The desired release channel configuration.
  ReleaseChannel desired_release_channel = 31;

  // The desired L4 Internal Load Balancer Subsetting configuration.
  ILBSubsettingConfig desired_l4ilb_subsetting_config = 39;

  // The desired datapath provider for the cluster.
  DatapathProvider desired_datapath_provider = 50;

  // The desired state of IPv6 connectivity to Google Services.
  PrivateIPv6GoogleAccess desired_private_ipv6_google_access = 51;

  // The desired notification configuration.
  NotificationConfig desired_notification_config = 55;

  // The desired authenticator groups config for the cluster.
  AuthenticatorGroupsConfig desired_authenticator_groups_config = 63;

  // The desired logging configuration.
  LoggingConfig desired_logging_config = 64;

  // The desired monitoring configuration.
  MonitoringConfig desired_monitoring_config = 65;

  // The desired Identity Service component configuration.
  IdentityServiceConfig desired_identity_service_config = 66;

  // ServiceExternalIPsConfig specifies the config for the use of Services with
  // ExternalIPs field.
  ServiceExternalIPsConfig desired_service_external_ips_config = 60;

  // Enable/Disable private endpoint for the cluster's master.
  optional bool desired_enable_private_endpoint = 71;

  // The Kubernetes version to change the master to.
  //
  // Users may specify either explicit versions offered by
  // Kubernetes Engine or version aliases, which have the following behavior:
  //
  // - "latest": picks the highest valid Kubernetes version
  // - "1.X": picks the highest valid patch+gke.N patch in the 1.X version
  // - "1.X.Y": picks the highest valid gke.N patch in the 1.X.Y version
  // - "1.X.Y-gke.N": picks an explicit Kubernetes version
  // - "-": picks the default Kubernetes version
  string desired_master_version = 100;

  // The desired GCFS config for the cluster
  GcfsConfig desired_gcfs_config = 109;

  // The desired network tags that apply to all auto-provisioned node pools
  // in autopilot clusters and node auto-provisioning enabled clusters.
  NetworkTags desired_node_pool_auto_config_network_tags = 110;

  // The desired config of Gateway API on this cluster.
  GatewayAPIConfig desired_gateway_api_config = 114;

  // The desired node pool logging configuration defaults for the cluster.
  NodePoolLoggingConfig desired_node_pool_logging_config = 116;
}

// This operation resource represents operations that may have happened or are
// happening on the cluster. All fields are output only.
message Operation {
  // Current status of the operation.
  enum Status {
    // Not set.
    STATUS_UNSPECIFIED = 0;

    // The operation has been created.
    PENDING = 1;

    // The operation is currently running.
    RUNNING = 2;

    // The operation is done, either cancelled or completed.
    DONE = 3;

    // The operation is aborting.
    ABORTING = 4;
  }

  // Operation type.
  enum Type {
    // Not set.
    TYPE_UNSPECIFIED = 0;

    // Cluster create.
    CREATE_CLUSTER = 1;

    // Cluster delete.
    DELETE_CLUSTER = 2;

    // A master upgrade.
    UPGRADE_MASTER = 3;

    // A node upgrade.
    UPGRADE_NODES = 4;

    // Cluster repair.
    REPAIR_CLUSTER = 5;

    // Cluster update.
    UPDATE_CLUSTER = 6;

    // Node pool create.
    CREATE_NODE_POOL = 7;

    // Node pool delete.
    DELETE_NODE_POOL = 8;

    // Set node pool management.
    SET_NODE_POOL_MANAGEMENT = 9;

    // Automatic node pool repair.
    AUTO_REPAIR_NODES = 10;

    // Automatic node upgrade.
    AUTO_UPGRADE_NODES = 11;

    // Set labels.
    SET_LABELS = 12;

    // Set/generate master auth materials
    SET_MASTER_AUTH = 13;

    // Set node pool size.
    SET_NODE_POOL_SIZE = 14;

    // Updates network policy for a cluster.
    SET_NETWORK_POLICY = 15;

    // Set the maintenance policy.
    SET_MAINTENANCE_POLICY = 16;
  }

  // The server-assigned ID for the operation.
  string name = 1;

  // The name of the Google Compute Engine
  // [zone](https://cloud.google.com/compute/docs/zones#available) in which the
  // operation is taking place. This field is deprecated, use location instead.
  string zone = 2 [deprecated = true];

  // The operation type.
  Type operation_type = 3;

  // The current status of the operation.
  Status status = 4;

  // Detailed operation progress, if available.
  string detail = 8;

  // Output only. If an error has occurred, a textual description of the error.
  // Deprecated. Use the field error instead.
  string status_message = 5 [
    deprecated = true,
    (google.api.field_behavior) = OUTPUT_ONLY
  ];

  // Server-defined URL for the resource.
  string self_link = 6;

  // Server-defined URL for the target of the operation.
  string target_link = 7;

  // [Output only] The name of the Google Compute Engine
  // [zone](https://cloud.google.com/compute/docs/regions-zones/regions-zones#available)
  // or
  // [region](https://cloud.google.com/compute/docs/regions-zones/regions-zones#available)
  // in which the cluster resides.
  string location = 9;

  // [Output only] The time the operation started, in
  // [RFC3339](https://www.ietf.org/rfc/rfc3339.txt) text format.
  string start_time = 10;

  // [Output only] The time the operation completed, in
  // [RFC3339](https://www.ietf.org/rfc/rfc3339.txt) text format.
  string end_time = 11;

  // Output only. [Output only] Progress information for an operation.
  OperationProgress progress = 12 [(google.api.field_behavior) = OUTPUT_ONLY];

  // Which conditions caused the current cluster state.
  // Deprecated. Use field error instead.
  repeated StatusCondition cluster_conditions = 13 [deprecated = true];

  // Which conditions caused the current node pool state.
  // Deprecated. Use field error instead.
  repeated StatusCondition nodepool_conditions = 14 [deprecated = true];

  // The error result of the operation in case of failure.
  google.rpc.Status error = 15;
}

// Information about operation (or operation stage) progress.
message OperationProgress {
  // Progress metric is (string, int|float|string) pair.
  message Metric {
    // Required. Metric name, e.g., "nodes total", "percent done".
    string name = 1 [(google.api.field_behavior) = REQUIRED];

    // Strictly one of the values is required.
    oneof value {
      // For metrics with integer value.
      int64 int_value = 2;

      // For metrics with floating point value.
      double double_value = 3;

      // For metrics with custom values (ratios, visual progress, etc.).
      string string_value = 4;
    }
  }

  // A non-parameterized string describing an operation stage.
  // Unset for single-stage operations.
  string name = 1;

  // Status of an operation stage.
  // Unset for single-stage operations.
  Operation.Status status = 2;

  // Progress metric bundle, for example:
  //   metrics: [{name: "nodes done",     int_value: 15},
  //             {name: "nodes total",    int_value: 32}]
  // or
  //   metrics: [{name: "progress",       double_value: 0.56},
  //             {name: "progress scale", double_value: 1.0}]
  repeated Metric metrics = 3;

  // Substages of an operation or a stage.
  repeated OperationProgress stages = 4;
}

// CreateClusterRequest creates a cluster.
message CreateClusterRequest {
  // Deprecated. The Google Developers Console [project ID or project
  // number](https://cloud.google.com/resource-manager/docs/creating-managing-projects).
  // This field has been deprecated and replaced by the parent field.
  string project_id = 1 [deprecated = true];

  // Deprecated. The name of the Google Compute Engine
  // [zone](https://cloud.google.com/compute/docs/zones#available) in which the
  // cluster resides. This field has been deprecated and replaced by the parent
  // field.
  string zone = 2 [deprecated = true];

  // Required. A [cluster
  // resource](https://cloud.google.com/container-engine/reference/rest/v1/projects.locations.clusters)
  Cluster cluster = 3 [(google.api.field_behavior) = REQUIRED];

  // The parent (project and location) where the cluster will be created.
  // Specified in the format `projects/*/locations/*`.
  string parent = 5;
}

// GetClusterRequest gets the settings of a cluster.
message GetClusterRequest {
  // Deprecated. The Google Developers Console [project ID or project
  // number](https://cloud.google.com/resource-manager/docs/creating-managing-projects).
  // This field has been deprecated and replaced by the name field.
  string project_id = 1 [deprecated = true];

  // Deprecated. The name of the Google Compute Engine
  // [zone](https://cloud.google.com/compute/docs/zones#available) in which the
  // cluster resides. This field has been deprecated and replaced by the name
  // field.
  string zone = 2 [deprecated = true];

  // Deprecated. The name of the cluster to retrieve.
  // This field has been deprecated and replaced by the name field.
  string cluster_id = 3 [deprecated = true];

  // The name (project, location, cluster) of the cluster to retrieve.
  // Specified in the format `projects/*/locations/*/clusters/*`.
  string name = 5;
}

// UpdateClusterRequest updates the settings of a cluster.
message UpdateClusterRequest {
  // Deprecated. The Google Developers Console [project ID or project
  // number](https://cloud.google.com/resource-manager/docs/creating-managing-projects).
  // This field has been deprecated and replaced by the name field.
  string project_id = 1 [deprecated = true];

  // Deprecated. The name of the Google Compute Engine
  // [zone](https://cloud.google.com/compute/docs/zones#available) in which the
  // cluster resides. This field has been deprecated and replaced by the name
  // field.
  string zone = 2 [deprecated = true];

  // Deprecated. The name of the cluster to upgrade.
  // This field has been deprecated and replaced by the name field.
  string cluster_id = 3 [deprecated = true];

  // Required. A description of the update.
  ClusterUpdate update = 4 [(google.api.field_behavior) = REQUIRED];

  // The name (project, location, cluster) of the cluster to update.
  // Specified in the format `projects/*/locations/*/clusters/*`.
  string name = 5;
}

// UpdateNodePoolRequests update a node pool's image and/or version.
message UpdateNodePoolRequest {
  // Deprecated. The Google Developers Console [project ID or project
  // number](https://cloud.google.com/resource-manager/docs/creating-managing-projects).
  // This field has been deprecated and replaced by the name field.
  string project_id = 1 [deprecated = true];

  // Deprecated. The name of the Google Compute Engine
  // [zone](https://cloud.google.com/compute/docs/zones#available) in which the
  // cluster resides. This field has been deprecated and replaced by the name
  // field.
  string zone = 2 [deprecated = true];

  // Deprecated. The name of the cluster to upgrade.
  // This field has been deprecated and replaced by the name field.
  string cluster_id = 3 [deprecated = true];

  // Deprecated. The name of the node pool to upgrade.
  // This field has been deprecated and replaced by the name field.
  string node_pool_id = 4 [deprecated = true];

  // Required. The Kubernetes version to change the nodes to (typically an
  // upgrade).
  //
  // Users may specify either explicit versions offered by Kubernetes Engine or
  // version aliases, which have the following behavior:
  //
  // - "latest": picks the highest valid Kubernetes version
  // - "1.X": picks the highest valid patch+gke.N patch in the 1.X version
  // - "1.X.Y": picks the highest valid gke.N patch in the 1.X.Y version
  // - "1.X.Y-gke.N": picks an explicit Kubernetes version
  // - "-": picks the Kubernetes master version
  string node_version = 5 [(google.api.field_behavior) = REQUIRED];

  // Required. The desired image type for the node pool.
  string image_type = 6 [(google.api.field_behavior) = REQUIRED];

  // The name (project, location, cluster, node pool) of the node pool to
  // update. Specified in the format
  // `projects/*/locations/*/clusters/*/nodePools/*`.
  string name = 8;

  // The desired list of Google Compute Engine
  // [zones](https://cloud.google.com/compute/docs/zones#available) in which the
  // node pool's nodes should be located. Changing the locations for a node pool
  // will result in nodes being either created or removed from the node pool,
  // depending on whether locations are being added or removed.
  repeated string locations = 13;

  // The desired workload metadata config for the node pool.
  WorkloadMetadataConfig workload_metadata_config = 14;

  // Upgrade settings control disruption and speed of the upgrade.
  NodePool.UpgradeSettings upgrade_settings = 15;

  // The desired network tags to be applied to all nodes in the node pool.
  // If this field is not present, the tags will not be changed. Otherwise,
  // the existing network tags will be *replaced* with the provided tags.
  NetworkTags tags = 16;

  // The desired node taints to be applied to all nodes in the node pool.
  // If this field is not present, the taints will not be changed. Otherwise,
  // the existing node taints will be *replaced* with the provided taints.
  NodeTaints taints = 17;

  // The desired node labels to be applied to all nodes in the node pool.
  // If this field is not present, the labels will not be changed. Otherwise,
  // the existing node labels will be *replaced* with the provided labels.
  NodeLabels labels = 18;

  // Parameters that can be configured on Linux nodes.
  LinuxNodeConfig linux_node_config = 19;

  // Node kubelet configs.
  NodeKubeletConfig kubelet_config = 20;

  // Node network config.
  NodeNetworkConfig node_network_config = 21;

  // GCFS config.
  GcfsConfig gcfs_config = 22;

  // Confidential nodes config.
  // All the nodes in the node pool will be Confidential VM once enabled.
  ConfidentialNodes confidential_nodes = 23;

  // Enable or disable gvnic on the node pool.
  VirtualNIC gvnic = 29;

  // Enable or disable NCCL fast socket for the node pool.
  FastSocket fast_socket = 31;

  // Logging configuration.
  NodePoolLoggingConfig logging_config = 32;

  // The resource labels for the node pool to use to annotate any related
  // Google Compute Engine resources.
  ResourceLabels resource_labels = 33;
}

// SetNodePoolAutoscalingRequest sets the autoscaler settings of a node pool.
message SetNodePoolAutoscalingRequest {
  // Deprecated. The Google Developers Console [project ID or project
  // number](https://cloud.google.com/resource-manager/docs/creating-managing-projects).
  // This field has been deprecated and replaced by the name field.
  string project_id = 1 [deprecated = true];

  // Deprecated. The name of the Google Compute Engine
  // [zone](https://cloud.google.com/compute/docs/zones#available) in which the
  // cluster resides. This field has been deprecated and replaced by the name
  // field.
  string zone = 2 [deprecated = true];

  // Deprecated. The name of the cluster to upgrade.
  // This field has been deprecated and replaced by the name field.
  string cluster_id = 3 [deprecated = true];

  // Deprecated. The name of the node pool to upgrade.
  // This field has been deprecated and replaced by the name field.
  string node_pool_id = 4 [deprecated = true];

  // Required. Autoscaling configuration for the node pool.
  NodePoolAutoscaling autoscaling = 5 [(google.api.field_behavior) = REQUIRED];

  // The name (project, location, cluster, node pool) of the node pool to set
  // autoscaler settings. Specified in the format
  // `projects/*/locations/*/clusters/*/nodePools/*`.
  string name = 6;
}

// SetLoggingServiceRequest sets the logging service of a cluster.
message SetLoggingServiceRequest {
  // Deprecated. The Google Developers Console [project ID or project
  // number](https://cloud.google.com/resource-manager/docs/creating-managing-projects).
  // This field has been deprecated and replaced by the name field.
  string project_id = 1 [deprecated = true];

  // Deprecated. The name of the Google Compute Engine
  // [zone](https://cloud.google.com/compute/docs/zones#available) in which the
  // cluster resides. This field has been deprecated and replaced by the name
  // field.
  string zone = 2 [deprecated = true];

  // Deprecated. The name of the cluster to upgrade.
  // This field has been deprecated and replaced by the name field.
  string cluster_id = 3 [deprecated = true];

  // Required. The logging service the cluster should use to write logs.
  // Currently available options:
  //
  // * `logging.googleapis.com/kubernetes` - The Cloud Logging
  // service with a Kubernetes-native resource model
  // * `logging.googleapis.com` - The legacy Cloud Logging service (no longer
  //   available as of GKE 1.15).
  // * `none` - no logs will be exported from the cluster.
  //
  // If left as an empty string,`logging.googleapis.com/kubernetes` will be
  // used for GKE 1.14+ or `logging.googleapis.com` for earlier versions.
  string logging_service = 4 [(google.api.field_behavior) = REQUIRED];

  // The name (project, location, cluster) of the cluster to set logging.
  // Specified in the format `projects/*/locations/*/clusters/*`.
  string name = 5;
}

// SetMonitoringServiceRequest sets the monitoring service of a cluster.
message SetMonitoringServiceRequest {
  // Deprecated. The Google Developers Console [project ID or project
  // number](https://cloud.google.com/resource-manager/docs/creating-managing-projects).
  // This field has been deprecated and replaced by the name field.
  string project_id = 1 [deprecated = true];

  // Deprecated. The name of the Google Compute Engine
  // [zone](https://cloud.google.com/compute/docs/zones#available) in which the
  // cluster resides. This field has been deprecated and replaced by the name
  // field.
  string zone = 2 [deprecated = true];

  // Deprecated. The name of the cluster to upgrade.
  // This field has been deprecated and replaced by the name field.
  string cluster_id = 3 [deprecated = true];

  // Required. The monitoring service the cluster should use to write metrics.
  // Currently available options:
  //
  // * "monitoring.googleapis.com/kubernetes" - The Cloud Monitoring
  // service with a Kubernetes-native resource model
  // * `monitoring.googleapis.com` - The legacy Cloud Monitoring service (no
  //   longer available as of GKE 1.15).
  // * `none` - No metrics will be exported from the cluster.
  //
  // If left as an empty string,`monitoring.googleapis.com/kubernetes` will be
  // used for GKE 1.14+ or `monitoring.googleapis.com` for earlier versions.
  string monitoring_service = 4 [(google.api.field_behavior) = REQUIRED];

  // The name (project, location, cluster) of the cluster to set monitoring.
  // Specified in the format `projects/*/locations/*/clusters/*`.
  string name = 6;
}

// SetAddonsConfigRequest sets the addons associated with the cluster.
message SetAddonsConfigRequest {
  // Deprecated. The Google Developers Console [project ID or project
  // number](https://cloud.google.com/resource-manager/docs/creating-managing-projects).
  // This field has been deprecated and replaced by the name field.
  string project_id = 1 [deprecated = true];

  // Deprecated. The name of the Google Compute Engine
  // [zone](https://cloud.google.com/compute/docs/zones#available) in which the
  // cluster resides. This field has been deprecated and replaced by the name
  // field.
  string zone = 2 [deprecated = true];

  // Deprecated. The name of the cluster to upgrade.
  // This field has been deprecated and replaced by the name field.
  string cluster_id = 3 [deprecated = true];

  // Required. The desired configurations for the various addons available to run in the
  // cluster.
  AddonsConfig addons_config = 4 [(google.api.field_behavior) = REQUIRED];

  // The name (project, location, cluster) of the cluster to set addons.
  // Specified in the format `projects/*/locations/*/clusters/*`.
  string name = 6;
}

// SetLocationsRequest sets the locations of the cluster.
message SetLocationsRequest {
  // Deprecated. The Google Developers Console [project ID or project
  // number](https://cloud.google.com/resource-manager/docs/creating-managing-projects).
  // This field has been deprecated and replaced by the name field.
  string project_id = 1 [deprecated = true];

  // Deprecated. The name of the Google Compute Engine
  // [zone](https://cloud.google.com/compute/docs/zones#available) in which the
  // cluster resides. This field has been deprecated and replaced by the name
  // field.
  string zone = 2 [deprecated = true];

  // Deprecated. The name of the cluster to upgrade.
  // This field has been deprecated and replaced by the name field.
  string cluster_id = 3 [deprecated = true];

  // Required. The desired list of Google Compute Engine
  // [zones](https://cloud.google.com/compute/docs/zones#available) in which the
  // cluster's nodes should be located. Changing the locations a cluster is in
  // will result in nodes being either created or removed from the cluster,
  // depending on whether locations are being added or removed.
  //
  // This list must always include the cluster's primary zone.
  repeated string locations = 4 [(google.api.field_behavior) = REQUIRED];

  // The name (project, location, cluster) of the cluster to set locations.
  // Specified in the format `projects/*/locations/*/clusters/*`.
  string name = 6;
}

// UpdateMasterRequest updates the master of the cluster.
message UpdateMasterRequest {
  // Deprecated. The Google Developers Console [project ID or project
  // number](https://cloud.google.com/resource-manager/docs/creating-managing-projects).
  // This field has been deprecated and replaced by the name field.
  string project_id = 1 [deprecated = true];

  // Deprecated. The name of the Google Compute Engine
  // [zone](https://cloud.google.com/compute/docs/zones#available) in which the
  // cluster resides. This field has been deprecated and replaced by the name
  // field.
  string zone = 2 [deprecated = true];

  // Deprecated. The name of the cluster to upgrade.
  // This field has been deprecated and replaced by the name field.
  string cluster_id = 3 [deprecated = true];

  // Required. The Kubernetes version to change the master to.
  //
  // Users may specify either explicit versions offered by Kubernetes Engine or
  // version aliases, which have the following behavior:
  //
  // - "latest": picks the highest valid Kubernetes version
  // - "1.X": picks the highest valid patch+gke.N patch in the 1.X version
  // - "1.X.Y": picks the highest valid gke.N patch in the 1.X.Y version
  // - "1.X.Y-gke.N": picks an explicit Kubernetes version
  // - "-": picks the default Kubernetes version
  string master_version = 4 [(google.api.field_behavior) = REQUIRED];

  // The name (project, location, cluster) of the cluster to update.
  // Specified in the format `projects/*/locations/*/clusters/*`.
  string name = 7;
}

// SetMasterAuthRequest updates the admin password of a cluster.
message SetMasterAuthRequest {
  // Operation type: what type update to perform.
  enum Action {
    // Operation is unknown and will error out.
    UNKNOWN = 0;

    // Set the password to a user generated value.
    SET_PASSWORD = 1;

    // Generate a new password and set it to that.
    GENERATE_PASSWORD = 2;

    // Set the username.  If an empty username is provided, basic authentication
    // is disabled for the cluster.  If a non-empty username is provided, basic
    // authentication is enabled, with either a provided password or a generated
    // one.
    SET_USERNAME = 3;
  }

  // Deprecated. The Google Developers Console [project ID or project
  // number](https://cloud.google.com/resource-manager/docs/creating-managing-projects).
  // This field has been deprecated and replaced by the name field.
  string project_id = 1 [deprecated = true];

  // Deprecated. The name of the Google Compute Engine
  // [zone](https://cloud.google.com/compute/docs/zones#available) in which the
  // cluster resides. This field has been deprecated and replaced by the name
  // field.
  string zone = 2 [deprecated = true];

  // Deprecated. The name of the cluster to upgrade.
  // This field has been deprecated and replaced by the name field.
  string cluster_id = 3 [deprecated = true];

  // Required. The exact form of action to be taken on the master auth.
  Action action = 4 [(google.api.field_behavior) = REQUIRED];

  // Required. A description of the update.
  MasterAuth update = 5 [(google.api.field_behavior) = REQUIRED];

  // The name (project, location, cluster) of the cluster to set auth.
  // Specified in the format `projects/*/locations/*/clusters/*`.
  string name = 7;
}

// DeleteClusterRequest deletes a cluster.
message DeleteClusterRequest {
  // Deprecated. The Google Developers Console [project ID or project
  // number](https://cloud.google.com/resource-manager/docs/creating-managing-projects).
  // This field has been deprecated and replaced by the name field.
  string project_id = 1 [deprecated = true];

  // Deprecated. The name of the Google Compute Engine
  // [zone](https://cloud.google.com/compute/docs/zones#available) in which the
  // cluster resides. This field has been deprecated and replaced by the name
  // field.
  string zone = 2 [deprecated = true];

  // Deprecated. The name of the cluster to delete.
  // This field has been deprecated and replaced by the name field.
  string cluster_id = 3 [deprecated = true];

  // The name (project, location, cluster) of the cluster to delete.
  // Specified in the format `projects/*/locations/*/clusters/*`.
  string name = 4;
}

// ListClustersRequest lists clusters.
message ListClustersRequest {
  // Deprecated. The Google Developers Console [project ID or project
  // number](https://cloud.google.com/resource-manager/docs/creating-managing-projects).
  // This field has been deprecated and replaced by the parent field.
  string project_id = 1 [deprecated = true];

  // Deprecated. The name of the Google Compute Engine
  // [zone](https://cloud.google.com/compute/docs/zones#available) in which the
  // cluster resides, or "-" for all zones. This field has been deprecated and
  // replaced by the parent field.
  string zone = 2 [deprecated = true];

  // The parent (project and location) where the clusters will be listed.
  // Specified in the format `projects/*/locations/*`.
  // Location "-" matches all zones and all regions.
  string parent = 4;
}

// ListClustersResponse is the result of ListClustersRequest.
message ListClustersResponse {
  // A list of clusters in the project in the specified zone, or
  // across all ones.
  repeated Cluster clusters = 1;

  // If any zones are listed here, the list of clusters returned
  // may be missing those zones.
  repeated string missing_zones = 2;
}

// GetOperationRequest gets a single operation.
message GetOperationRequest {
  // Deprecated. The Google Developers Console [project ID or project
  // number](https://cloud.google.com/resource-manager/docs/creating-managing-projects).
  // This field has been deprecated and replaced by the name field.
  string project_id = 1 [deprecated = true];

  // Deprecated. The name of the Google Compute Engine
  // [zone](https://cloud.google.com/compute/docs/zones#available) in which the
  // cluster resides. This field has been deprecated and replaced by the name
  // field.
  string zone = 2 [deprecated = true];

  // Deprecated. The server-assigned `name` of the operation.
  // This field has been deprecated and replaced by the name field.
  string operation_id = 3 [deprecated = true];

  // The name (project, location, operation id) of the operation to get.
  // Specified in the format `projects/*/locations/*/operations/*`.
  string name = 5;
}

// ListOperationsRequest lists operations.
message ListOperationsRequest {
  // Deprecated. The Google Developers Console [project ID or project
  // number](https://cloud.google.com/resource-manager/docs/creating-managing-projects).
  // This field has been deprecated and replaced by the parent field.
  string project_id = 1 [deprecated = true];

  // Deprecated. The name of the Google Compute Engine
  // [zone](https://cloud.google.com/compute/docs/zones#available) to return
  // operations for, or `-` for all zones. This field has been deprecated and
  // replaced by the parent field.
  string zone = 2 [deprecated = true];

  // The parent (project and location) where the operations will be listed.
  // Specified in the format `projects/*/locations/*`.
  // Location "-" matches all zones and all regions.
  string parent = 4;
}

// CancelOperationRequest cancels a single operation.
message CancelOperationRequest {
  // Deprecated. The Google Developers Console [project ID or project
  // number](https://cloud.google.com/resource-manager/docs/creating-managing-projects).
  // This field has been deprecated and replaced by the name field.
  string project_id = 1 [deprecated = true];

  // Deprecated. The name of the Google Compute Engine
  // [zone](https://cloud.google.com/compute/docs/zones#available) in which the
  // operation resides. This field has been deprecated and replaced by the name
  // field.
  string zone = 2 [deprecated = true];

  // Deprecated. The server-assigned `name` of the operation.
  // This field has been deprecated and replaced by the name field.
  string operation_id = 3 [deprecated = true];

  // The name (project, location, operation id) of the operation to cancel.
  // Specified in the format `projects/*/locations/*/operations/*`.
  string name = 4;
}

// ListOperationsResponse is the result of ListOperationsRequest.
message ListOperationsResponse {
  // A list of operations in the project in the specified zone.
  repeated Operation operations = 1;

  // If any zones are listed here, the list of operations returned
  // may be missing the operations from those zones.
  repeated string missing_zones = 2;
}

// Gets the current Kubernetes Engine service configuration.
message GetServerConfigRequest {
  // Deprecated. The Google Developers Console [project ID or project
  // number](https://cloud.google.com/resource-manager/docs/creating-managing-projects).
  // This field has been deprecated and replaced by the name field.
  string project_id = 1 [deprecated = true];

  // Deprecated. The name of the Google Compute Engine
  // [zone](https://cloud.google.com/compute/docs/zones#available) to return
  // operations for. This field has been deprecated and replaced by the name
  // field.
  string zone = 2 [deprecated = true];

  // The name (project and location) of the server config to get,
  // specified in the format `projects/*/locations/*`.
  string name = 4;
}

// Kubernetes Engine service configuration.
message ServerConfig {
  // ReleaseChannelConfig exposes configuration for a release channel.
  message ReleaseChannelConfig {
    // The release channel this configuration applies to.
    ReleaseChannel.Channel channel = 1;

    // The default version for newly created clusters on the channel.
    string default_version = 2;

    // List of valid versions for the channel.
    repeated string valid_versions = 4;
  }

  // Version of Kubernetes the service deploys by default.
  string default_cluster_version = 1;

  // List of valid node upgrade target versions, in descending order.
  repeated string valid_node_versions = 3;

  // Default image type.
  string default_image_type = 4;

  // List of valid image types.
  repeated string valid_image_types = 5;

  // List of valid master versions, in descending order.
  repeated string valid_master_versions = 6;

  // List of release channel configurations.
  repeated ReleaseChannelConfig channels = 9;
}

// CreateNodePoolRequest creates a node pool for a cluster.
message CreateNodePoolRequest {
  // Deprecated. The Google Developers Console [project ID or project
  // number](https://cloud.google.com/resource-manager/docs/creating-managing-projects).
  // This field has been deprecated and replaced by the parent field.
  string project_id = 1 [deprecated = true];

  // Deprecated. The name of the Google Compute Engine
  // [zone](https://cloud.google.com/compute/docs/zones#available) in which the
  // cluster resides. This field has been deprecated and replaced by the parent
  // field.
  string zone = 2 [deprecated = true];

  // Deprecated. The name of the cluster.
  // This field has been deprecated and replaced by the parent field.
  string cluster_id = 3 [deprecated = true];

  // Required. The node pool to create.
  NodePool node_pool = 4 [(google.api.field_behavior) = REQUIRED];

  // The parent (project, location, cluster name) where the node pool will be
  // created. Specified in the format
  // `projects/*/locations/*/clusters/*`.
  string parent = 6;
}

// DeleteNodePoolRequest deletes a node pool for a cluster.
message DeleteNodePoolRequest {
  // Deprecated. The Google Developers Console [project ID or project
  // number](https://cloud.google.com/resource-manager/docs/creating-managing-projects).
  // This field has been deprecated and replaced by the name field.
  string project_id = 1 [deprecated = true];

  // Deprecated. The name of the Google Compute Engine
  // [zone](https://cloud.google.com/compute/docs/zones#available) in which the
  // cluster resides. This field has been deprecated and replaced by the name
  // field.
  string zone = 2 [deprecated = true];

  // Deprecated. The name of the cluster.
  // This field has been deprecated and replaced by the name field.
  string cluster_id = 3 [deprecated = true];

  // Deprecated. The name of the node pool to delete.
  // This field has been deprecated and replaced by the name field.
  string node_pool_id = 4 [deprecated = true];

  // The name (project, location, cluster, node pool id) of the node pool to
  // delete. Specified in the format
  // `projects/*/locations/*/clusters/*/nodePools/*`.
  string name = 6;
}

// ListNodePoolsRequest lists the node pool(s) for a cluster.
message ListNodePoolsRequest {
  // Deprecated. The Google Developers Console [project ID or project
  // number](https://cloud.google.com/resource-manager/docs/creating-managing-projects).
  // This field has been deprecated and replaced by the parent field.
  string project_id = 1 [deprecated = true];

  // Deprecated. The name of the Google Compute Engine
  // [zone](https://cloud.google.com/compute/docs/zones#available) in which the
  // cluster resides. This field has been deprecated and replaced by the parent
  // field.
  string zone = 2 [deprecated = true];

  // Deprecated. The name of the cluster.
  // This field has been deprecated and replaced by the parent field.
  string cluster_id = 3 [deprecated = true];

  // The parent (project, location, cluster name) where the node pools will be
  // listed. Specified in the format `projects/*/locations/*/clusters/*`.
  string parent = 5;
}

// GetNodePoolRequest retrieves a node pool for a cluster.
message GetNodePoolRequest {
  // Deprecated. The Google Developers Console [project ID or project
  // number](https://cloud.google.com/resource-manager/docs/creating-managing-projects).
  // This field has been deprecated and replaced by the name field.
  string project_id = 1 [deprecated = true];

  // Deprecated. The name of the Google Compute Engine
  // [zone](https://cloud.google.com/compute/docs/zones#available) in which the
  // cluster resides. This field has been deprecated and replaced by the name
  // field.
  string zone = 2 [deprecated = true];

  // Deprecated. The name of the cluster.
  // This field has been deprecated and replaced by the name field.
  string cluster_id = 3 [deprecated = true];

  // Deprecated. The name of the node pool.
  // This field has been deprecated and replaced by the name field.
  string node_pool_id = 4 [deprecated = true];

  // The name (project, location, cluster, node pool id) of the node pool to
  // get. Specified in the format
  // `projects/*/locations/*/clusters/*/nodePools/*`.
  string name = 6;
}

// Settings for blue-green upgrade.
message BlueGreenSettings {
  // Standard rollout policy is the default policy for blue-green.
  message StandardRolloutPolicy {
    // Blue pool size to drain in a batch.
    oneof update_batch_size {
      // Percentage of the blue pool nodes to drain in a batch.
      // The range of this field should be (0.0, 1.0].
      float batch_percentage = 1;

      // Number of blue nodes to drain in a batch.
      int32 batch_node_count = 2;
    }

    // Soak time after each batch gets drained. Default to zero.
    optional google.protobuf.Duration batch_soak_duration = 3;
  }

  // The rollout policy controls the general rollout progress of blue-green.
  oneof rollout_policy {
    // Standard policy for the blue-green upgrade.
    StandardRolloutPolicy standard_rollout_policy = 1;
  }

  // Time needed after draining entire blue pool. After this period, blue pool
  // will be cleaned up.
  optional google.protobuf.Duration node_pool_soak_duration = 2;
}

// NodePool contains the name and configuration for a cluster's node pool.
// Node pools are a set of nodes (i.e. VM's), with a common configuration and
// specification, under the control of the cluster master. They may have a set
// of Kubernetes labels applied to them, which may be used to reference them
// during pod scheduling. They may also be resized up or down, to accommodate
// the workload.
message NodePool {
  // These upgrade settings control the level of parallelism and the level of
  // disruption caused by an upgrade.
  //
  // maxUnavailable controls the number of nodes that can be simultaneously
  // unavailable.
  //
  // maxSurge controls the number of additional nodes that can be added to the
  // node pool temporarily for the time of the upgrade to increase the number of
  // available nodes.
  //
  // (maxUnavailable + maxSurge) determines the level of parallelism (how many
  // nodes are being upgraded at the same time).
  //
  // Note: upgrades inevitably introduce some disruption since workloads need to
  // be moved from old nodes to new, upgraded ones. Even if maxUnavailable=0,
  // this holds true. (Disruption stays within the limits of
  // PodDisruptionBudget, if it is configured.)
  //
  // Consider a hypothetical node pool with 5 nodes having maxSurge=2,
  // maxUnavailable=1. This means the upgrade process upgrades 3 nodes
  // simultaneously. It creates 2 additional (upgraded) nodes, then it brings
  // down 3 old (not yet upgraded) nodes at the same time. This ensures that
  // there are always at least 4 nodes available.
  //
  // These upgrade settings configure the upgrade strategy for the node pool.
  // Use strategy to switch between the strategies applied to the node pool.
  //
  // If the strategy is ROLLING, use max_surge and max_unavailable to control
  // the level of parallelism and the level of disruption caused by upgrade.
  // 1. maxSurge controls the number of additional nodes that can be added to
  // the node pool temporarily for the time of the upgrade to increase the
  // number of available nodes.
  // 2. maxUnavailable controls the number of nodes that can be simultaneously
  // unavailable.
  // 3. (maxUnavailable + maxSurge) determines the level of parallelism (how
  // many nodes are being upgraded at the same time).
  //
  // If the strategy is BLUE_GREEN, use blue_green_settings to configure the
  // blue-green upgrade related settings.
  // 1. standard_rollout_policy is the default policy. The policy is used to
  // control the way blue pool gets drained. The draining is executed in the
  // batch mode. The batch size could be specified as either percentage of the
  // node pool size or the number of nodes. batch_soak_duration is the soak
  // time after each batch gets drained.
  // 2. node_pool_soak_duration is the soak time after all blue nodes are
  // drained. After this period, the blue pool nodes will be deleted.
  message UpgradeSettings {
    // The maximum number of nodes that can be created beyond the current size
    // of the node pool during the upgrade process.
    int32 max_surge = 1;

    // The maximum number of nodes that can be simultaneously unavailable during
    // the upgrade process. A node is considered available if its status is
    // Ready.
    int32 max_unavailable = 2;

    // Update strategy of the node pool.
    optional NodePoolUpdateStrategy strategy = 3;

    // Settings for blue-green upgrade strategy.
    optional BlueGreenSettings blue_green_settings = 4;
  }

  // UpdateInfo contains resource (instance groups, etc), status and other
  // intermediate information relevant to a node pool upgrade.
  message UpdateInfo {
    // Information relevant to blue-green upgrade.
    message BlueGreenInfo {
      // Phase represents the different stages blue-green upgrade is running in.
      enum Phase {
        // Unspecified phase.
        PHASE_UNSPECIFIED = 0;

        // blue-green upgrade has been initiated.
        UPDATE_STARTED = 1;

        // Start creating green pool nodes.
        CREATING_GREEN_POOL = 2;

        // Start cordoning blue pool nodes.
        CORDONING_BLUE_POOL = 3;

        // Start draining blue pool nodes.
        DRAINING_BLUE_POOL = 4;

        // Start soaking time after draining entire blue pool.
        NODE_POOL_SOAKING = 5;

        // Start deleting blue nodes.
        DELETING_BLUE_POOL = 6;

        // Rollback has been initiated.
        ROLLBACK_STARTED = 7;
      }

      // Current blue-green upgrade phase.
      Phase phase = 1;

      // The resource URLs of the [managed instance groups]
      // (/compute/docs/instance-groups/creating-groups-of-managed-instances)
      // associated with blue pool.
      repeated string blue_instance_group_urls = 2;

      // The resource URLs of the [managed instance groups]
      // (/compute/docs/instance-groups/creating-groups-of-managed-instances)
      // associated with green pool.
      repeated string green_instance_group_urls = 3;

      // Time to start deleting blue pool to complete blue-green upgrade,
      // in [RFC3339](https://www.ietf.org/rfc/rfc3339.txt) text format.
      string blue_pool_deletion_start_time = 4;

      // Version of green pool.
      string green_pool_version = 5;
    }

    // Information of a blue-green upgrade.
    BlueGreenInfo blue_green_info = 1;
  }

  // The current status of the node pool instance.
  enum Status {
    // Not set.
    STATUS_UNSPECIFIED = 0;

    // The PROVISIONING state indicates the node pool is being created.
    PROVISIONING = 1;

    // The RUNNING state indicates the node pool has been created
    // and is fully usable.
    RUNNING = 2;

    // The RUNNING_WITH_ERROR state indicates the node pool has been created
    // and is partially usable. Some error state has occurred and some
    // functionality may be impaired. Customer may need to reissue a request
    // or trigger a new update.
    RUNNING_WITH_ERROR = 3;

    // The RECONCILING state indicates that some work is actively being done on
    // the node pool, such as upgrading node software. Details can
    // be found in the `statusMessage` field.
    RECONCILING = 4;

    // The STOPPING state indicates the node pool is being deleted.
    STOPPING = 5;

    // The ERROR state indicates the node pool may be unusable. Details
    // can be found in the `statusMessage` field.
    ERROR = 6;
  }

  // PlacementPolicy defines the placement policy used by the node pool.
  message PlacementPolicy {
    // Type defines the type of placement policy.
    enum Type {
      // TYPE_UNSPECIFIED specifies no requirements on nodes
      // placement.
      TYPE_UNSPECIFIED = 0;

      // COMPACT specifies node placement in the same availability domain to
      // ensure low communication latency.
      COMPACT = 1;
    }

    // The type of placement.
    Type type = 1;
  }

  // The name of the node pool.
  string name = 1;

  // The node configuration of the pool.
  NodeConfig config = 2;

  // The initial node count for the pool. You must ensure that your
  // Compute Engine [resource quota](https://cloud.google.com/compute/quotas)
  // is sufficient for this number of instances. You must also have available
  // firewall and routes quota.
  int32 initial_node_count = 3;

  // The list of Google Compute Engine
  // [zones](https://cloud.google.com/compute/docs/zones#available) in which the
  // NodePool's nodes should be located.
  //
  // If this value is unspecified during node pool creation, the
  // [Cluster.Locations](https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1/projects.locations.clusters#Cluster.FIELDS.locations)
  // value will be used, instead.
  //
  // Warning: changing node pool locations will result in nodes being added
  // and/or removed.
  repeated string locations = 13;

  // Networking configuration for this NodePool. If specified, it overrides the
  // cluster-level defaults.
  NodeNetworkConfig network_config = 14;

  // [Output only] Server-defined URL for the resource.
  string self_link = 100;

  // The version of the Kubernetes of this node.
  string version = 101;

  // [Output only] The resource URLs of the [managed instance
  // groups](https://cloud.google.com/compute/docs/instance-groups/creating-groups-of-managed-instances)
  // associated with this node pool.
  // During the node pool blue-green upgrade operation, the URLs contain both
  // blue and green resources.
  repeated string instance_group_urls = 102;

  // [Output only] The status of the nodes in this pool instance.
  Status status = 103;

  // [Output only] Deprecated. Use conditions instead.
  // Additional information about the current status of this
  // node pool instance, if available.
  string status_message = 104 [deprecated = true];

  // Autoscaler configuration for this NodePool. Autoscaler is enabled
  // only if a valid configuration is present.
  NodePoolAutoscaling autoscaling = 4;

  // NodeManagement configuration for this NodePool.
  NodeManagement management = 5;

  // The constraint on the maximum number of pods that can be run
  // simultaneously on a node in the node pool.
  MaxPodsConstraint max_pods_constraint = 6;

  // Which conditions caused the current node pool state.
  repeated StatusCondition conditions = 105;

  // [Output only] The pod CIDR block size per node in this node pool.
  int32 pod_ipv4_cidr_size = 7;

  // Upgrade settings control disruption and speed of the upgrade.
  UpgradeSettings upgrade_settings = 107;

  // Specifies the node placement policy.
  PlacementPolicy placement_policy = 108;

  // Output only. [Output only] Update info contains relevant information during a node
  // pool update.
  UpdateInfo update_info = 109 [(google.api.field_behavior) = OUTPUT_ONLY];
}

// NodeManagement defines the set of node management services turned on for the
// node pool.
message NodeManagement {
  // A flag that specifies whether node auto-upgrade is enabled for the node
  // pool. If enabled, node auto-upgrade helps keep the nodes in your node pool
  // up to date with the latest release version of Kubernetes.
  bool auto_upgrade = 1;

  // A flag that specifies whether the node auto-repair is enabled for the node
  // pool. If enabled, the nodes in this node pool will be monitored and, if
  // they fail health checks too many times, an automatic repair action will be
  // triggered.
  bool auto_repair = 2;

  // Specifies the Auto Upgrade knobs for the node pool.
  AutoUpgradeOptions upgrade_options = 10;
}

// AutoUpgradeOptions defines the set of options for the user to control how
// the Auto Upgrades will proceed.
message AutoUpgradeOptions {
  // [Output only] This field is set when upgrades are about to commence
  // with the approximate start time for the upgrades, in
  // [RFC3339](https://www.ietf.org/rfc/rfc3339.txt) text format.
  string auto_upgrade_start_time = 1;

  // [Output only] This field is set when upgrades are about to commence
  // with the description of the upgrade.
  string description = 2;
}

// MaintenancePolicy defines the maintenance policy to be used for the cluster.
message MaintenancePolicy {
  // Specifies the maintenance window in which maintenance may be performed.
  MaintenanceWindow window = 1;

  // A hash identifying the version of this policy, so that updates to fields of
  // the policy won't accidentally undo intermediate changes (and so that users
  // of the API unaware of some fields won't accidentally remove other fields).
  // Make a `get()` request to the cluster to get the current
  // resource version and include it with requests to set the policy.
  string resource_version = 3;
}

// MaintenanceWindow defines the maintenance window to be used for the cluster.
message MaintenanceWindow {
  oneof policy {
    // DailyMaintenanceWindow specifies a daily maintenance operation window.
    DailyMaintenanceWindow daily_maintenance_window = 2;

    // RecurringWindow specifies some number of recurring time periods for
    // maintenance to occur. The time windows may be overlapping. If no
    // maintenance windows are set, maintenance can occur at any time.
    RecurringTimeWindow recurring_window = 3;
  }

  // Exceptions to maintenance window. Non-emergency maintenance should not
  // occur in these windows.
  map<string, TimeWindow> maintenance_exclusions = 4;
}

// Represents an arbitrary window of time.
message TimeWindow {
  oneof options {
    // MaintenanceExclusionOptions provides maintenance exclusion related
    // options.
    MaintenanceExclusionOptions maintenance_exclusion_options = 3;
  }

  // The time that the window first starts.
  google.protobuf.Timestamp start_time = 1;

  // The time that the window ends. The end time should take place after the
  // start time.
  google.protobuf.Timestamp end_time = 2;
}

// Represents the Maintenance exclusion option.
message MaintenanceExclusionOptions {
  // Scope of exclusion.
  enum Scope {
    // NO_UPGRADES excludes all upgrades, including patch upgrades and minor
    // upgrades across control planes and nodes. This is the default exclusion
    // behavior.
    NO_UPGRADES = 0;

    // NO_MINOR_UPGRADES excludes all minor upgrades for the cluster, only
    // patches are allowed.
    NO_MINOR_UPGRADES = 1;

    // NO_MINOR_OR_NODE_UPGRADES excludes all minor upgrades for the cluster,
    // and also exclude all node pool upgrades. Only control
    // plane patches are allowed.
    NO_MINOR_OR_NODE_UPGRADES = 2;
  }

  // Scope specifies the upgrade scope which upgrades are blocked by the
  // exclusion.
  Scope scope = 1;
}

// Represents an arbitrary window of time that recurs.
message RecurringTimeWindow {
  // The window of the first recurrence.
  TimeWindow window = 1;

  // An RRULE (https://tools.ietf.org/html/rfc5545#section-3.8.5.3) for how
  // this window reccurs. They go on for the span of time between the start and
  // end time.
  //
  // For example, to have something repeat every weekday, you'd use:
  // `FREQ=WEEKLY;BYDAY=MO,TU,WE,TH,FR`
  //
  // To repeat some window daily (equivalent to the DailyMaintenanceWindow):
  // `FREQ=DAILY`
  //
  // For the first weekend of every month:
  // `FREQ=MONTHLY;BYSETPOS=1;BYDAY=SA,SU`
  //
  // This specifies how frequently the window starts. Eg, if you wanted to have
  // a 9-5 UTC-4 window every weekday, you'd use something like:
  // ```
  // start time = 2019-01-01T09:00:00-0400
  // end time = 2019-01-01T17:00:00-0400
  // recurrence = FREQ=WEEKLY;BYDAY=MO,TU,WE,TH,FR
  // ```
  //
  // Windows can span multiple days. Eg, to make the window encompass every
  // weekend from midnight Saturday till the last minute of Sunday UTC:
  // ```
  // start time = 2019-01-05T00:00:00Z
  // end time = 2019-01-07T23:59:00Z
  // recurrence = FREQ=WEEKLY;BYDAY=SA
  // ```
  //
  // Note the start and end time's specific dates are largely arbitrary except
  // to specify duration of the window and when it first starts.
  // The FREQ values of HOURLY, MINUTELY, and SECONDLY are not supported.
  string recurrence = 2;
}

// Time window specified for daily maintenance operations.
message DailyMaintenanceWindow {
  // Time within the maintenance window to start the maintenance operations.
  // Time format should be in [RFC3339](https://www.ietf.org/rfc/rfc3339.txt)
  // format "HH:MM", where HH : [00-23] and MM : [00-59] GMT.
  string start_time = 2;

  // [Output only] Duration of the time window, automatically chosen to be
  // smallest possible in the given scenario.
  // Duration will be in [RFC3339](https://www.ietf.org/rfc/rfc3339.txt)
  // format "PTnHnMnS".
  string duration = 3;
}

// SetNodePoolManagementRequest sets the node management properties of a node
// pool.
message SetNodePoolManagementRequest {
  // Deprecated. The Google Developers Console [project ID or project
  // number](https://cloud.google.com/resource-manager/docs/creating-managing-projects).
  // This field has been deprecated and replaced by the name field.
  string project_id = 1 [deprecated = true];

  // Deprecated. The name of the Google Compute Engine
  // [zone](https://cloud.google.com/compute/docs/zones#available) in which the
  // cluster resides. This field has been deprecated and replaced by the name
  // field.
  string zone = 2 [deprecated = true];

  // Deprecated. The name of the cluster to update.
  // This field has been deprecated and replaced by the name field.
  string cluster_id = 3 [deprecated = true];

  // Deprecated. The name of the node pool to update.
  // This field has been deprecated and replaced by the name field.
  string node_pool_id = 4 [deprecated = true];

  // Required. NodeManagement configuration for the node pool.
  NodeManagement management = 5 [(google.api.field_behavior) = REQUIRED];

  // The name (project, location, cluster, node pool id) of the node pool to set
  // management properties. Specified in the format
  // `projects/*/locations/*/clusters/*/nodePools/*`.
  string name = 7;
}

// SetNodePoolSizeRequest sets the size of a node pool.
message SetNodePoolSizeRequest {
  // Deprecated. The Google Developers Console [project ID or project
  // number](https://cloud.google.com/resource-manager/docs/creating-managing-projects).
  // This field has been deprecated and replaced by the name field.
  string project_id = 1 [deprecated = true];

  // Deprecated. The name of the Google Compute Engine
  // [zone](https://cloud.google.com/compute/docs/zones#available) in which the
  // cluster resides. This field has been deprecated and replaced by the name
  // field.
  string zone = 2 [deprecated = true];

  // Deprecated. The name of the cluster to update.
  // This field has been deprecated and replaced by the name field.
  string cluster_id = 3 [deprecated = true];

  // Deprecated. The name of the node pool to update.
  // This field has been deprecated and replaced by the name field.
  string node_pool_id = 4 [deprecated = true];

  // Required. The desired node count for the pool.
  int32 node_count = 5 [(google.api.field_behavior) = REQUIRED];

  // The name (project, location, cluster, node pool id) of the node pool to set
  // size.
  // Specified in the format `projects/*/locations/*/clusters/*/nodePools/*`.
  string name = 7;
}

// CompleteNodePoolUpgradeRequest sets the name of target node pool to complete
// upgrade.
message CompleteNodePoolUpgradeRequest {
  // The name (project, location, cluster, node pool id) of the node pool to
  // complete upgrade.
  // Specified in the format `projects/*/locations/*/clusters/*/nodePools/*`.
  string name = 1;
}

// RollbackNodePoolUpgradeRequest rollbacks the previously Aborted or Failed
// NodePool upgrade. This will be an no-op if the last upgrade successfully
// completed.
message RollbackNodePoolUpgradeRequest {
  // Deprecated. The Google Developers Console [project ID or project
  // number](https://cloud.google.com/resource-manager/docs/creating-managing-projects).
  // This field has been deprecated and replaced by the name field.
  string project_id = 1 [deprecated = true];

  // Deprecated. The name of the Google Compute Engine
  // [zone](https://cloud.google.com/compute/docs/zones#available) in which the
  // cluster resides. This field has been deprecated and replaced by the name
  // field.
  string zone = 2 [deprecated = true];

  // Deprecated. The name of the cluster to rollback.
  // This field has been deprecated and replaced by the name field.
  string cluster_id = 3 [deprecated = true];

  // Deprecated. The name of the node pool to rollback.
  // This field has been deprecated and replaced by the name field.
  string node_pool_id = 4 [deprecated = true];

  // The name (project, location, cluster, node pool id) of the node poll to
  // rollback upgrade.
  // Specified in the format `projects/*/locations/*/clusters/*/nodePools/*`.
  string name = 6;

  // Option for rollback to ignore the PodDisruptionBudget.
  // Default value is false.
  bool respect_pdb = 7;
}

// ListNodePoolsResponse is the result of ListNodePoolsRequest.
message ListNodePoolsResponse {
  // A list of node pools for a cluster.
  repeated NodePool node_pools = 1;
}

// ClusterAutoscaling contains global, per-cluster information
// required by Cluster Autoscaler to automatically adjust
// the size of the cluster and create/delete
// node pools based on the current needs.
message ClusterAutoscaling {
  // Defines possible options for autoscaling_profile field.
  enum AutoscalingProfile {
    // No change to autoscaling configuration.
    PROFILE_UNSPECIFIED = 0;

    // Prioritize optimizing utilization of resources.
    OPTIMIZE_UTILIZATION = 1;

    // Use default (balanced) autoscaling configuration.
    BALANCED = 2;
  }

  // Enables automatic node pool creation and deletion.
  bool enable_node_autoprovisioning = 1;

  // Contains global constraints regarding minimum and maximum
  // amount of resources in the cluster.
  repeated ResourceLimit resource_limits = 2;

  // Defines autoscaling behaviour.
  AutoscalingProfile autoscaling_profile = 3;

  // AutoprovisioningNodePoolDefaults contains defaults for a node pool
  // created by NAP.
  AutoprovisioningNodePoolDefaults autoprovisioning_node_pool_defaults = 4;

  // The list of Google Compute Engine
  // [zones](https://cloud.google.com/compute/docs/zones#available) in which the
  // NodePool's nodes can be created by NAP.
  repeated string autoprovisioning_locations = 5;
}

// AutoprovisioningNodePoolDefaults contains defaults for a node pool created
// by NAP.
message AutoprovisioningNodePoolDefaults {
  // Scopes that are used by NAP when creating node pools.
  repeated string oauth_scopes = 1;

  // The Google Cloud Platform Service Account to be used by the node VMs.
  string service_account = 2;

  // Specifies the upgrade settings for NAP created node pools
  NodePool.UpgradeSettings upgrade_settings = 3;

  // Specifies the node management options for NAP created node-pools.
  NodeManagement management = 4;

  // Deprecated. Minimum CPU platform to be used for NAP created node pools.
  // The instance may be scheduled on the specified or newer CPU platform.
  // Applicable values are the friendly names of CPU platforms, such as
  // minCpuPlatform: Intel Haswell or
  // minCpuPlatform: Intel Sandy Bridge. For more
  // information, read [how to specify min CPU
  // platform](https://cloud.google.com/compute/docs/instances/specify-min-cpu-platform).
  // This field is deprecated, min_cpu_platform should be specified using
  // https://cloud.google.com/requested-min-cpu-platform label selector on the
  // pod.
  // To unset the min cpu platform field pass "automatic"
  // as field value.
  string min_cpu_platform = 5 [deprecated = true];

  // Size of the disk attached to each node, specified in GB.
  // The smallest allowed disk size is 10GB.
  //
  // If unspecified, the default disk size is 100GB.
  int32 disk_size_gb = 6;

  // Type of the disk attached to each node (e.g. 'pd-standard', 'pd-ssd' or
  // 'pd-balanced')
  //
  // If unspecified, the default disk type is 'pd-standard'
  string disk_type = 7;

  // Shielded Instance options.
  ShieldedInstanceConfig shielded_instance_config = 8;

  // The Customer Managed Encryption Key used to encrypt the boot disk attached
  // to each node in the node pool. This should be of the form
  // projects/[KEY_PROJECT_ID]/locations/[LOCATION]/keyRings/[RING_NAME]/cryptoKeys/[KEY_NAME].
  // For more information about protecting resources with Cloud KMS Keys please
  // see:
  // https://cloud.google.com/compute/docs/disks/customer-managed-encryption
  string boot_disk_kms_key = 9;

  // The image type to use for NAP created node.
  string image_type = 10;
}

// Contains information about amount of some resource in the cluster.
// For memory, value should be in GB.
message ResourceLimit {
  // Resource name "cpu", "memory" or gpu-specific string.
  string resource_type = 1;

  // Minimum amount of the resource in the cluster.
  int64 minimum = 2;

  // Maximum amount of the resource in the cluster.
  int64 maximum = 3;
}

// NodePoolAutoscaling contains information required by cluster autoscaler to
// adjust the size of the node pool to the current cluster usage.
message NodePoolAutoscaling {
  // Location policy specifies how zones are picked when scaling up the
  // nodepool.
  enum LocationPolicy {
    // Not set.
    LOCATION_POLICY_UNSPECIFIED = 0;

    // BALANCED is a best effort policy that aims to balance the sizes of
    // different zones.
    BALANCED = 1;

    // ANY policy picks zones that have the highest capacity available.
    ANY = 2;
  }

  // Is autoscaling enabled for this node pool.
  bool enabled = 1;

  // Minimum number of nodes for one location in the NodePool. Must be >= 1 and
  // <= max_node_count.
  int32 min_node_count = 2;

  // Maximum number of nodes for one location in the NodePool. Must be >=
  // min_node_count. There has to be enough quota to scale up the cluster.
  int32 max_node_count = 3;

  // Can this node pool be deleted automatically.
  bool autoprovisioned = 4;

  // Location policy used when scaling up a nodepool.
  LocationPolicy location_policy = 5;

  // Minimum number of nodes in the node pool. Must be greater than 1 less than
  // total_max_node_count.
  // The total_*_node_count fields are mutually exclusive with the *_node_count
  // fields.
  int32 total_min_node_count = 6;

  // Maximum number of nodes in the node pool. Must be greater than
  // total_min_node_count. There has to be enough quota to scale up the cluster.
  // The total_*_node_count fields are mutually exclusive with the *_node_count
  // fields.
  int32 total_max_node_count = 7;
}

// SetLabelsRequest sets the Google Cloud Platform labels on a Google Container
// Engine cluster, which will in turn set them for Google Compute Engine
// resources used by that cluster
message SetLabelsRequest {
  // Deprecated. The Google Developers Console [project ID or project
  // number](https://cloud.google.com/resource-manager/docs/creating-managing-projects).
  // This field has been deprecated and replaced by the name field.
  string project_id = 1 [deprecated = true];

  // Deprecated. The name of the Google Compute Engine
  // [zone](https://cloud.google.com/compute/docs/zones#available) in which the
  // cluster resides. This field has been deprecated and replaced by the name
  // field.
  string zone = 2 [deprecated = true];

  // Deprecated. The name of the cluster.
  // This field has been deprecated and replaced by the name field.
  string cluster_id = 3 [deprecated = true];

  // Required. The labels to set for that cluster.
  map<string, string> resource_labels = 4 [(google.api.field_behavior) = REQUIRED];

  // Required. The fingerprint of the previous set of labels for this resource,
  // used to detect conflicts. The fingerprint is initially generated by
  // Kubernetes Engine and changes after every request to modify or update
  // labels. You must always provide an up-to-date fingerprint hash when
  // updating or changing labels. Make a `get()` request to the
  // resource to get the latest fingerprint.
  string label_fingerprint = 5 [(google.api.field_behavior) = REQUIRED];

  // The name (project, location, cluster name) of the cluster to set labels.
  // Specified in the format `projects/*/locations/*/clusters/*`.
  string name = 7;
}

// SetLegacyAbacRequest enables or disables the ABAC authorization mechanism for
// a cluster.
message SetLegacyAbacRequest {
  // Deprecated. The Google Developers Console [project ID or project
  // number](https://cloud.google.com/resource-manager/docs/creating-managing-projects).
  // This field has been deprecated and replaced by the name field.
  string project_id = 1 [deprecated = true];

  // Deprecated. The name of the Google Compute Engine
  // [zone](https://cloud.google.com/compute/docs/zones#available) in which the
  // cluster resides. This field has been deprecated and replaced by the name
  // field.
  string zone = 2 [deprecated = true];

  // Deprecated. The name of the cluster to update.
  // This field has been deprecated and replaced by the name field.
  string cluster_id = 3 [deprecated = true];

  // Required. Whether ABAC authorization will be enabled in the cluster.
  bool enabled = 4 [(google.api.field_behavior) = REQUIRED];

  // The name (project, location, cluster name) of the cluster to set legacy
  // abac. Specified in the format `projects/*/locations/*/clusters/*`.
  string name = 6;
}

// StartIPRotationRequest creates a new IP for the cluster and then performs
// a node upgrade on each node pool to point to the new IP.
message StartIPRotationRequest {
  // Deprecated. The Google Developers Console [project ID or project
  // number](https://cloud.google.com/resource-manager/docs/creating-managing-projects).
  // This field has been deprecated and replaced by the name field.
  string project_id = 1 [deprecated = true];

  // Deprecated. The name of the Google Compute Engine
  // [zone](https://cloud.google.com/compute/docs/zones#available) in which the
  // cluster resides. This field has been deprecated and replaced by the name
  // field.
  string zone = 2 [deprecated = true];

  // Deprecated. The name of the cluster.
  // This field has been deprecated and replaced by the name field.
  string cluster_id = 3 [deprecated = true];

  // The name (project, location, cluster name) of the cluster to start IP
  // rotation. Specified in the format `projects/*/locations/*/clusters/*`.
  string name = 6;

  // Whether to rotate credentials during IP rotation.
  bool rotate_credentials = 7;
}

// CompleteIPRotationRequest moves the cluster master back into single-IP mode.
message CompleteIPRotationRequest {
  // Deprecated. The Google Developers Console [project ID or project
  // number](https://cloud.google.com/resource-manager/docs/creating-managing-projects).
  // This field has been deprecated and replaced by the name field.
  string project_id = 1 [deprecated = true];

  // Deprecated. The name of the Google Compute Engine
  // [zone](https://cloud.google.com/compute/docs/zones#available) in which the
  // cluster resides. This field has been deprecated and replaced by the name
  // field.
  string zone = 2 [deprecated = true];

  // Deprecated. The name of the cluster.
  // This field has been deprecated and replaced by the name field.
  string cluster_id = 3 [deprecated = true];

  // The name (project, location, cluster name) of the cluster to complete IP
  // rotation. Specified in the format `projects/*/locations/*/clusters/*`.
  string name = 7;
}

// AcceleratorConfig represents a Hardware Accelerator request.
message AcceleratorConfig {
  // The number of the accelerator cards exposed to an instance.
  int64 accelerator_count = 1;

  // The accelerator type resource name. List of supported accelerators
  // [here](https://cloud.google.com/compute/docs/gpus)
  string accelerator_type = 2;

  // Size of partitions to create on the GPU. Valid values are described in the
  // NVIDIA [mig user
  // guide](https://docs.nvidia.com/datacenter/tesla/mig-user-guide/#partitioning).
  string gpu_partition_size = 3;

  // The configuration for GPU sharing options.
  optional GPUSharingConfig gpu_sharing_config = 5;
}

// GPUSharingConfig represents the GPU sharing configuration for Hardware
// Accelerators.
message GPUSharingConfig {
  // The type of GPU sharing strategy currently provided.
  enum GPUSharingStrategy {
    // Default value.
    GPU_SHARING_STRATEGY_UNSPECIFIED = 0;

    // GPUs are time-shared between containers.
    TIME_SHARING = 1;
  }

  // The max number of containers that can share a physical GPU.
  int64 max_shared_clients_per_gpu = 1;

  // The type of GPU sharing strategy to enable on the GPU node.
  optional GPUSharingStrategy gpu_sharing_strategy = 2;
}

// WorkloadMetadataConfig defines the metadata configuration to expose to
// workloads on the node pool.
message WorkloadMetadataConfig {
  // Mode is the configuration for how to expose metadata to workloads running
  // on the node.
  enum Mode {
    // Not set.
    MODE_UNSPECIFIED = 0;

    // Expose all Compute Engine metadata to pods.
    GCE_METADATA = 1;

    // Run the GKE Metadata Server on this node. The GKE Metadata Server exposes
    // a metadata API to workloads that is compatible with the V1 Compute
    // Metadata APIs exposed by the Compute Engine and App Engine Metadata
    // Servers. This feature can only be enabled if Workload Identity is enabled
    // at the cluster level.
    GKE_METADATA = 2;
  }

  // Mode is the configuration for how to expose metadata to workloads running
  // on the node pool.
  Mode mode = 2;
}

// SetNetworkPolicyRequest enables/disables network policy for a cluster.
message SetNetworkPolicyRequest {
  // Deprecated. The Google Developers Console [project ID or project
  // number](https://cloud.google.com/resource-manager/docs/creating-managing-projects).
  // This field has been deprecated and replaced by the name field.
  string project_id = 1 [deprecated = true];

  // Deprecated. The name of the Google Compute Engine
  // [zone](https://cloud.google.com/compute/docs/zones#available) in which the
  // cluster resides. This field has been deprecated and replaced by the name
  // field.
  string zone = 2 [deprecated = true];

  // Deprecated. The name of the cluster.
  // This field has been deprecated and replaced by the name field.
  string cluster_id = 3 [deprecated = true];

  // Required. Configuration options for the NetworkPolicy feature.
  NetworkPolicy network_policy = 4 [(google.api.field_behavior) = REQUIRED];

  // The name (project, location, cluster name) of the cluster to set networking
  // policy. Specified in the format `projects/*/locations/*/clusters/*`.
  string name = 6;
}

// SetMaintenancePolicyRequest sets the maintenance policy for a cluster.
message SetMaintenancePolicyRequest {
  // Required. The Google Developers Console [project ID or project
  // number](https://cloud.google.com/resource-manager/docs/creating-managing-projects).
  string project_id = 1 [(google.api.field_behavior) = REQUIRED];

  // Required. The name of the Google Compute Engine
  // [zone](https://cloud.google.com/compute/docs/zones#available) in which the
  // cluster resides.
  string zone = 2 [(google.api.field_behavior) = REQUIRED];

  // Required. The name of the cluster to update.
  string cluster_id = 3 [(google.api.field_behavior) = REQUIRED];

  // Required. The maintenance policy to be set for the cluster. An empty field
  // clears the existing maintenance policy.
  MaintenancePolicy maintenance_policy = 4 [(google.api.field_behavior) = REQUIRED];

  // The name (project, location, cluster name) of the cluster to set
  // maintenance policy.
  // Specified in the format `projects/*/locations/*/clusters/*`.
  string name = 5;
}

// StatusCondition describes why a cluster or a node pool has a certain status
// (e.g., ERROR or DEGRADED).
message StatusCondition {
  // Code for each condition
  enum Code {
    // UNKNOWN indicates a generic condition.
    UNKNOWN = 0;

    // GCE_STOCKOUT indicates that Google Compute Engine resources are
    // temporarily unavailable.
    GCE_STOCKOUT = 1;

    // GKE_SERVICE_ACCOUNT_DELETED indicates that the user deleted their robot
    // service account.
    GKE_SERVICE_ACCOUNT_DELETED = 2;

    // Google Compute Engine quota was exceeded.
    GCE_QUOTA_EXCEEDED = 3;

    // Cluster state was manually changed by an SRE due to a system logic error.
    SET_BY_OPERATOR = 4;

    // Unable to perform an encrypt operation against the CloudKMS key used for
    // etcd level encryption.
    CLOUD_KMS_KEY_ERROR = 7;

    // Cluster CA is expiring soon.
    CA_EXPIRING = 9;
  }

  // Machine-friendly representation of the condition
  // Deprecated. Use canonical_code instead.
  Code code = 1 [deprecated = true];

  // Human-friendly representation of the condition
  string message = 2;

  // Canonical code of the condition.
  google.rpc.Code canonical_code = 3;
}

// NetworkConfig reports the relative names of network & subnetwork.
message NetworkConfig {
  // Output only. The relative name of the Google Compute Engine
  // [network][google.container.v1.NetworkConfig.network](https://cloud.google.com/compute/docs/networks-and-firewalls#networks)
  // to which the cluster is connected. Example:
  // projects/my-project/global/networks/my-network
  string network = 1;

  // Output only. The relative name of the Google Compute Engine
  // [subnetwork](https://cloud.google.com/compute/docs/vpc) to which the
  // cluster is connected. Example:
  // projects/my-project/regions/us-central1/subnetworks/my-subnet
  string subnetwork = 2;

  // Whether Intra-node visibility is enabled for this cluster.
  // This makes same node pod to pod traffic visible for VPC network.
  bool enable_intra_node_visibility = 5;

  // Whether the cluster disables default in-node sNAT rules. In-node sNAT rules
  // will be disabled when default_snat_status is disabled. When disabled is set
  // to false, default IP masquerade rules will be applied to the nodes to
  // prevent sNAT on cluster internal traffic.
  DefaultSnatStatus default_snat_status = 7;

  // Whether L4ILB Subsetting is enabled for this cluster.
  bool enable_l4ilb_subsetting = 10;

  // The desired datapath provider for this cluster. By default, uses the
  // IPTables-based kube-proxy implementation.
  DatapathProvider datapath_provider = 11;

  // The desired state of IPv6 connectivity to Google Services.
  // By default, no private IPv6 access to or from Google Services (all access
  // will be via IPv4)
  PrivateIPv6GoogleAccess private_ipv6_google_access = 12;

  // DNSConfig contains clusterDNS config for this cluster.
  DNSConfig dns_config = 13;

  // ServiceExternalIPsConfig specifies if services with externalIPs field are
  // blocked or not.
  ServiceExternalIPsConfig service_external_ips_config = 15;

  // GatewayAPIConfig contains the desired config of Gateway API on this
  // cluster.
  GatewayAPIConfig gateway_api_config = 16;
}

// GatewayAPIConfig contains the desired config of Gateway API on this cluster.
message GatewayAPIConfig {
  // Channel describes if/how Gateway API should be installed and implemented in
  // a cluster.
  enum Channel {
    // Default value.
    CHANNEL_UNSPECIFIED = 0;

    // Gateway API support is disabled
    CHANNEL_DISABLED = 1;

    // Gateway API support is enabled, experimental CRDs are installed
    CHANNEL_EXPERIMENTAL = 3;

    // Gateway API support is enabled, standard CRDs are installed
    CHANNEL_STANDARD = 4;
  }

  // The Gateway API release channel to use for Gateway API.
  Channel channel = 1;
}

// Config to block services with externalIPs field.
message ServiceExternalIPsConfig {
  // Whether Services with ExternalIPs field are allowed or not.
  bool enabled = 1;
}

// GetOpenIDConfigRequest gets the OIDC discovery document for the
// cluster. See the OpenID Connect Discovery 1.0 specification for details.
message GetOpenIDConfigRequest {
  // The cluster (project, location, cluster name) to get the discovery document
  // for. Specified in the format `projects/*/locations/*/clusters/*`.
  string parent = 1;
}

// GetOpenIDConfigResponse is an OIDC discovery document for the cluster.
// See the OpenID Connect Discovery 1.0 specification for details.
message GetOpenIDConfigResponse {
  // OIDC Issuer.
  string issuer = 1;

  // JSON Web Key uri.
  string jwks_uri = 2;

  // Supported response types.
  repeated string response_types_supported = 3;

  // Supported subject types.
  repeated string subject_types_supported = 4;

  // supported ID Token signing Algorithms.
  repeated string id_token_signing_alg_values_supported = 5;

  // Supported claims.
  repeated string claims_supported = 6;

  // Supported grant types.
  repeated string grant_types = 7;
}

// GetJSONWebKeysRequest gets the public component of the keys used by the
// cluster to sign token requests. This will be the jwks_uri for the discover
// document returned by getOpenIDConfig. See the OpenID Connect
// Discovery 1.0 specification for details.
message GetJSONWebKeysRequest {
  // The cluster (project, location, cluster name) to get keys for. Specified in
  // the format `projects/*/locations/*/clusters/*`.
  string parent = 1;
}

// Jwk is a JSON Web Key as specified in RFC 7517
message Jwk {
  // Key Type.
  string kty = 1;

  // Algorithm.
  string alg = 2;

  // Permitted uses for the public keys.
  string use = 3;

  // Key ID.
  string kid = 4;

  // Used for RSA keys.
  string n = 5;

  // Used for RSA keys.
  string e = 6;

  // Used for ECDSA keys.
  string x = 7;

  // Used for ECDSA keys.
  string y = 8;

  // Used for ECDSA keys.
  string crv = 9;
}

// GetJSONWebKeysResponse is a valid JSON Web Key Set as specififed in rfc 7517
message GetJSONWebKeysResponse {
  // The public component of the keys used by the cluster to sign token
  // requests.
  repeated Jwk keys = 1;
}

// ReleaseChannel indicates which release channel a cluster is
// subscribed to. Release channels are arranged in order of risk.
//
// When a cluster is subscribed to a release channel, Google maintains
// both the master version and the node version. Node auto-upgrade
// defaults to true and cannot be disabled.
message ReleaseChannel {
  // Possible values for 'channel'.
  enum Channel {
    // No channel specified.
    UNSPECIFIED = 0;

    // RAPID channel is offered on an early access basis for customers who want
    // to test new releases.
    //
    // WARNING: Versions available in the RAPID Channel may be subject to
    // unresolved issues with no known workaround and are not subject to any
    // SLAs.
    RAPID = 1;

    // Clusters subscribed to REGULAR receive versions that are considered GA
    // quality. REGULAR is intended for production users who want to take
    // advantage of new features.
    REGULAR = 2;

    // Clusters subscribed to STABLE receive versions that are known to be
    // stable and reliable in production.
    STABLE = 3;
  }

  // channel specifies which release channel the cluster is subscribed to.
  Channel channel = 1;
}

// Configuration for fine-grained cost management feature.
message CostManagementConfig {
  // Whether the feature is enabled or not.
  bool enabled = 1;
}

// IntraNodeVisibilityConfig contains the desired config of the intra-node
// visibility on this cluster.
message IntraNodeVisibilityConfig {
  // Enables intra node visibility for this cluster.
  bool enabled = 1;
}

// ILBSubsettingConfig contains the desired config of L4 Internal LoadBalancer
// subsetting on this cluster.
message ILBSubsettingConfig {
  // Enables l4 ILB subsetting for this cluster.
  bool enabled = 1;
}

// DNSConfig contains the desired set of options for configuring clusterDNS.
message DNSConfig {
  // Provider lists the various in-cluster DNS providers.
  enum Provider {
    // Default value
    PROVIDER_UNSPECIFIED = 0;

    // Use GKE default DNS provider(kube-dns) for DNS resolution.
    PLATFORM_DEFAULT = 1;

    // Use CloudDNS for DNS resolution.
    CLOUD_DNS = 2;
  }

  // DNSScope lists the various scopes of access to cluster DNS records.
  enum DNSScope {
    // Default value, will be inferred as cluster scope.
    DNS_SCOPE_UNSPECIFIED = 0;

    // DNS records are accessible from within the VPC.
    VPC_SCOPE = 2;
  }

  // cluster_dns indicates which in-cluster DNS provider should be used.
  Provider cluster_dns = 1;

  // cluster_dns_scope indicates the scope of access to cluster DNS records.
  DNSScope cluster_dns_scope = 2;

  // cluster_dns_domain is the suffix used for all cluster service records.
  string cluster_dns_domain = 3;
}

// Constraints applied to pods.
message MaxPodsConstraint {
  // Constraint enforced on the max num of pods per node.
  int64 max_pods_per_node = 1;
}

// Configuration for the use of Kubernetes Service Accounts in GCP IAM
// policies.
message WorkloadIdentityConfig {
  // The workload pool to attach all Kubernetes service accounts to.
  string workload_pool = 2;
}

// IdentityServiceConfig is configuration for Identity Service which allows
// customers to use external identity providers with the K8S API
message IdentityServiceConfig {
  // Whether to enable the Identity Service component
  bool enabled = 1;
}

// Configuration for issuance of mTLS keys and certificates to Kubernetes pods.
message MeshCertificates {
  // enable_certificates controls issuance of workload mTLS certificates.
  //
  // If set, the GKE Workload Identity Certificates controller and node agent
  // will be deployed in the cluster, which can then be configured by creating a
  // WorkloadCertificateConfig Custom Resource.
  //
  // Requires Workload Identity
  // ([workload_pool][google.container.v1.WorkloadIdentityConfig.workload_pool]
  // must be non-empty).
  google.protobuf.BoolValue enable_certificates = 1;
}

// Configuration of etcd encryption.
message DatabaseEncryption {
  // State of etcd encryption.
  enum State {
    // Should never be set
    UNKNOWN = 0;

    // Secrets in etcd are encrypted.
    ENCRYPTED = 1;

    // Secrets in etcd are stored in plain text (at etcd level) - this is
    // unrelated to Compute Engine level full disk encryption.
    DECRYPTED = 2;
  }

  // Denotes the state of etcd encryption.
  State state = 2;

  // Name of CloudKMS key to use for the encryption of secrets in etcd.
  // Ex. projects/my-project/locations/global/keyRings/my-ring/cryptoKeys/my-key
  string key_name = 1;
}

// ListUsableSubnetworksRequest requests the list of usable subnetworks
// available to a user for creating clusters.
message ListUsableSubnetworksRequest {
  // The parent project where subnetworks are usable.
  // Specified in the format `projects/*`.
  string parent = 1;

  // Filtering currently only supports equality on the networkProjectId and must
  // be in the form: "networkProjectId=[PROJECTID]", where `networkProjectId`
  // is the project which owns the listed subnetworks. This defaults to the
  // parent project ID.
  string filter = 2;

  // The max number of results per page that should be returned. If the number
  // of available results is larger than `page_size`, a `next_page_token` is
  // returned which can be used to get the next page of results in subsequent
  // requests. Acceptable values are 0 to 500, inclusive. (Default: 500)
  int32 page_size = 3;

  // Specifies a page token to use. Set this to the nextPageToken returned by
  // previous list requests to get the next page of results.
  string page_token = 4;
}

// ListUsableSubnetworksResponse is the response of
// ListUsableSubnetworksRequest.
message ListUsableSubnetworksResponse {
  // A list of usable subnetworks in the specified network project.
  repeated UsableSubnetwork subnetworks = 1;

  // This token allows you to get the next page of results for list requests.
  // If the number of results is larger than `page_size`, use the
  // `next_page_token` as a value for the query parameter `page_token` in the
  // next request. The value will become empty when there are no more pages.
  string next_page_token = 2;
}

// Secondary IP range of a usable subnetwork.
message UsableSubnetworkSecondaryRange {
  // Status shows the current usage of a secondary IP range.
  enum Status {
    // UNKNOWN is the zero value of the Status enum. It's not a valid status.
    UNKNOWN = 0;

    // UNUSED denotes that this range is unclaimed by any cluster.
    UNUSED = 1;

    // IN_USE_SERVICE denotes that this range is claimed by a cluster for
    // services. It cannot be used for other clusters.
    IN_USE_SERVICE = 2;

    // IN_USE_SHAREABLE_POD denotes this range was created by the network admin
    // and is currently claimed by a cluster for pods. It can only be used by
    // other clusters as a pod range.
    IN_USE_SHAREABLE_POD = 3;

    // IN_USE_MANAGED_POD denotes this range was created by GKE and is claimed
    // for pods. It cannot be used for other clusters.
    IN_USE_MANAGED_POD = 4;
  }

  // The name associated with this subnetwork secondary range, used when adding
  // an alias IP range to a VM instance.
  string range_name = 1;

  // The range of IP addresses belonging to this subnetwork secondary range.
  string ip_cidr_range = 2;

  // This field is to determine the status of the secondary range programmably.
  Status status = 3;
}

// UsableSubnetwork resource returns the subnetwork name, its associated network
// and the primary CIDR range.
message UsableSubnetwork {
  // Subnetwork Name.
  // Example: projects/my-project/regions/us-central1/subnetworks/my-subnet
  string subnetwork = 1;

  // Network Name.
  // Example: projects/my-project/global/networks/my-network
  string network = 2;

  // The range of internal addresses that are owned by this subnetwork.
  string ip_cidr_range = 3;

  // Secondary IP ranges.
  repeated UsableSubnetworkSecondaryRange secondary_ip_ranges = 4;

  // A human readable status message representing the reasons for cases where
  // the caller cannot use the secondary ranges under the subnet. For example if
  // the secondary_ip_ranges is empty due to a permission issue, an insufficient
  // permission message will be given by status_message.
  string status_message = 5;
}

// Configuration for exporting cluster resource usages.
message ResourceUsageExportConfig {
  // Parameters for using BigQuery as the destination of resource usage export.
  message BigQueryDestination {
    // The ID of a BigQuery Dataset.
    string dataset_id = 1;
  }

  // Parameters for controlling consumption metering.
  message ConsumptionMeteringConfig {
    // Whether to enable consumption metering for this cluster. If enabled, a
    // second BigQuery table will be created to hold resource consumption
    // records.
    bool enabled = 1;
  }

  // Configuration to use BigQuery as usage export destination.
  BigQueryDestination bigquery_destination = 1;

  // Whether to enable network egress metering for this cluster. If enabled, a
  // daemonset will be created in the cluster to meter network egress traffic.
  bool enable_network_egress_metering = 2;

  // Configuration to enable resource consumption metering.
  ConsumptionMeteringConfig consumption_metering_config = 3;
}

// VerticalPodAutoscaling contains global, per-cluster information
// required by Vertical Pod Autoscaler to automatically adjust
// the resources of pods controlled by it.
message VerticalPodAutoscaling {
  // Enables vertical pod autoscaling.
  bool enabled = 1;
}

// DefaultSnatStatus contains the desired state of whether default sNAT should
// be disabled on the cluster.
message DefaultSnatStatus {
  // Disables cluster default sNAT rules.
  bool disabled = 1;
}

// Configuration of Shielded Nodes feature.
message ShieldedNodes {
  // Whether Shielded Nodes features are enabled on all nodes in this cluster.
  bool enabled = 1;
}

// Configuration of gVNIC feature.
message VirtualNIC {
  // Whether gVNIC features are enabled in the node pool.
  bool enabled = 1;
}

// Configuration of Fast Socket feature.
message FastSocket {
  // Whether Fast Socket features are enabled in the node pool.
  bool enabled = 1;
}

// PrivateIPv6GoogleAccess controls whether and how the pods can communicate
// with Google Services through gRPC over IPv6.
enum PrivateIPv6GoogleAccess {
  // Default value. Same as DISABLED
  PRIVATE_IPV6_GOOGLE_ACCESS_UNSPECIFIED = 0;

  // No private access to or from Google Services
  PRIVATE_IPV6_GOOGLE_ACCESS_DISABLED = 1;

  // Enables private IPv6 access to Google Services from GKE
  PRIVATE_IPV6_GOOGLE_ACCESS_TO_GOOGLE = 2;

  // Enables priate IPv6 access to and from Google Services
  PRIVATE_IPV6_GOOGLE_ACCESS_BIDIRECTIONAL = 3;
}

// NotificationConfig is the configuration of notifications.
message NotificationConfig {
  // Types of notifications currently supported. Can be used to filter what
  // notifications are sent.
  enum EventType {
    // Not set, will be ignored.
    EVENT_TYPE_UNSPECIFIED = 0;

    // Corresponds with UpgradeAvailableEvent.
    UPGRADE_AVAILABLE_EVENT = 1;

    // Corresponds with UpgradeEvent.
    UPGRADE_EVENT = 2;

    // Corresponds with SecurityBulletinEvent.
    SECURITY_BULLETIN_EVENT = 3;
  }

  // Pub/Sub specific notification config.
  message PubSub {
    // Enable notifications for Pub/Sub.
    bool enabled = 1;

    // The desired Pub/Sub topic to which notifications will be
    // sent by GKE. Format is `projects/{project}/topics/{topic}`.
    string topic = 2 [(google.api.resource_reference) = {
                        type: "pubsub.googleapis.com/Topic"
                      }];

    // Allows filtering to one or more specific event types. If no filter is
    // specified, or if a filter is specified with no event types, all event
    // types will be sent
    Filter filter = 3;
  }

  // Allows filtering to one or more specific event types. If event types are
  // present, those and only those event types will be transmitted to the
  // cluster. Other types will be skipped. If no filter is specified, or no
  // event types are present, all event types will be sent
  message Filter {
    // Event types to allowlist.
    repeated EventType event_type = 1;
  }

  // Notification config for Pub/Sub.
  PubSub pubsub = 1;
}

// ConfidentialNodes is configuration for the confidential nodes feature, which
// makes nodes run on confidential VMs.
message ConfidentialNodes {
  // Whether Confidential Nodes feature is enabled.
  bool enabled = 1;
}

// UpgradeResourceType is the resource type that is upgrading. It is used
// in upgrade notifications.
enum UpgradeResourceType {
  // Default value. This shouldn't be used.
  UPGRADE_RESOURCE_TYPE_UNSPECIFIED = 0;

  // Master / control plane
  MASTER = 1;

  // Node pool
  NODE_POOL = 2;
}

// UpgradeEvent is a notification sent to customers by the cluster server when
// a resource is upgrading.
message UpgradeEvent {
  // The resource type that is upgrading.
  UpgradeResourceType resource_type = 1;

  // The operation associated with this upgrade.
  string operation = 2;

  // The time when the operation was started.
  google.protobuf.Timestamp operation_start_time = 3;

  // The current version before the upgrade.
  string current_version = 4;

  // The target version for the upgrade.
  string target_version = 5;

  // Optional relative path to the resource. For example in node pool upgrades,
  // the relative path of the node pool.
  string resource = 6;
}

// UpgradeAvailableEvent is a notification sent to customers when a new
// available version is released.
message UpgradeAvailableEvent {
  // The release version available for upgrade.
  string version = 1;

  // The resource type of the release version.
  UpgradeResourceType resource_type = 2;

  // The release channel of the version. If empty, it means a non-channel
  // release.
  ReleaseChannel release_channel = 3;

  // Optional relative path to the resource. For example, the relative path of
  // the node pool.
  string resource = 4;
}

// SecurityBulletinEvent is a notification sent to customers when a security
// bulletin has been posted that they are vulnerable to.
message SecurityBulletinEvent {
  // The resource type (node/control plane) that has the vulnerability. Multiple
  // notifications (1 notification per resource type) will be sent for a
  // vulnerability that affects > 1 resource type.
  string resource_type_affected = 1;

  // The ID of the bulletin corresponding to the vulnerability.
  string bulletin_id = 2;

  // The CVEs associated with this bulletin.
  repeated string cve_ids = 3;

  // The severity of this bulletin as it relates to GKE.
  string severity = 4;

  // The URI link to the bulletin on the website for more information.
  string bulletin_uri = 5;

  // A brief description of the bulletin. See the bulletin pointed to by the
  // bulletin_uri field for an expanded description.
  string brief_description = 6;

  // The GKE minor versions affected by this vulnerability.
  repeated string affected_supported_minors = 7;

  // The GKE versions where this vulnerability is patched.
  repeated string patched_versions = 8;

  // This represents a version selected from the patched_versions field that
  // the cluster receiving this notification should most likely want to upgrade
  // to based on its current version. Note that if this notification is being
  // received by a given cluster, it means that this version is currently
  // available as an upgrade target in that cluster's location.
  string suggested_upgrade_target = 9;

  // If this field is specified, it means there are manual steps that the user
  // must take to make their clusters safe.
  bool manual_steps_required = 10;
}

// Autopilot is the configuration for Autopilot settings on the cluster.
message Autopilot {
  // Enable Autopilot
  bool enabled = 1;
}

// LoggingConfig is cluster logging configuration.
message LoggingConfig {
  // Logging components configuration
  LoggingComponentConfig component_config = 1;
}

// LoggingComponentConfig is cluster logging component configuration.
message LoggingComponentConfig {
  // GKE components exposing logs
  enum Component {
    // Default value. This shouldn't be used.
    COMPONENT_UNSPECIFIED = 0;

    // system components
    SYSTEM_COMPONENTS = 1;

    // workloads
    WORKLOADS = 2;

    // kube-apiserver
    APISERVER = 3;

    // kube-scheduler
    SCHEDULER = 4;

    // kube-controller-manager
    CONTROLLER_MANAGER = 5;
  }

  // Select components to collect logs. An empty set would disable all logging.
  repeated Component enable_components = 1;
}

// MonitoringConfig is cluster monitoring configuration.
message MonitoringConfig {
  // Monitoring components configuration
  MonitoringComponentConfig component_config = 1;

  // Enable Google Cloud Managed Service for Prometheus
  // in the cluster.
  ManagedPrometheusConfig managed_prometheus_config = 2;
}

// NodePoolLoggingConfig specifies logging configuration for nodepools.
message NodePoolLoggingConfig {
  // Logging variant configuration.
  LoggingVariantConfig variant_config = 1;
}

// LoggingVariantConfig specifies the behaviour of the logging component.
message LoggingVariantConfig {
  // Logging component variants.
  enum Variant {
    // Default value. This shouldn't be used.
    VARIANT_UNSPECIFIED = 0;

    // default logging variant.
    DEFAULT = 1;

    // maximum logging throughput variant.
    MAX_THROUGHPUT = 2;
  }

  // Logging variant deployed on nodes.
  Variant variant = 1;
}

// MonitoringComponentConfig is cluster monitoring component configuration.
message MonitoringComponentConfig {
  // GKE components exposing metrics
  enum Component {
    // Default value. This shouldn't be used.
    COMPONENT_UNSPECIFIED = 0;

    // system components
    SYSTEM_COMPONENTS = 1;

    // kube-apiserver
    APISERVER = 3;

    // kube-scheduler
    SCHEDULER = 4;

    // kube-controller-manager
    CONTROLLER_MANAGER = 5;
  }

  // Select components to collect metrics. An empty set would disable all
  // monitoring.
  repeated Component enable_components = 1;
}

// The datapath provider selects the implementation of the Kubernetes networking
// model for service resolution and network policy enforcement.
enum DatapathProvider {
  // Default value.
  DATAPATH_PROVIDER_UNSPECIFIED = 0;

  // Use the IPTables implementation based on kube-proxy.
  LEGACY_DATAPATH = 1;

  // Use the eBPF based GKE Dataplane V2 with additional features. See the [GKE
  // Dataplane V2
  // documentation](https://cloud.google.com/kubernetes-engine/docs/how-to/dataplane-v2)
  // for more.
  ADVANCED_DATAPATH = 2;
}

// Strategy used for node pool update.
enum NodePoolUpdateStrategy {
  // Default value.
  NODE_POOL_UPDATE_STRATEGY_UNSPECIFIED = 0;

  // blue-green upgrade.
  BLUE_GREEN = 2;

  // SURGE is the traditional way of upgrade a node pool.
  // max_surge and max_unavailable determines the level of upgrade parallelism.
  SURGE = 3;
}

// ManagedPrometheusConfig defines the configuration for
// Google Cloud Managed Service for Prometheus.
message ManagedPrometheusConfig {
  // Enable Managed Collection.
  bool enabled = 1;
}

// Possible values for IP stack type
enum StackType {
  // Default value, will be defaulted as IPV4 only
  STACK_TYPE_UNSPECIFIED = 0;

  // Cluster is IPV4 only
  IPV4 = 1;

  // Cluster can use both IPv4 and IPv6
  IPV4_IPV6 = 2;
}

// Possible values for IPv6 access type
enum IPv6AccessType {
  // Default value, will be defaulted as type external.
  IPV6_ACCESS_TYPE_UNSPECIFIED = 0;

  // Access type internal (all v6 addresses are internal IPs)
  INTERNAL = 1;

  // Access type external (all v6 addresses are external IPs)
  EXTERNAL = 2;
}