kpt-grpc-demo/google/cloud/run/v2/k8s.min.proto

// Copyright 2022 Google LLC
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//     http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

syntax = "proto3";

package google.cloud.run.v2;

import "google/api/field_behavior.proto";
import "google/api/resource.proto";

option go_package = "google.golang.org/genproto/googleapis/cloud/run/v2;run";
option java_multiple_files = true;
option java_outer_classname = "K8sMinProto";
option java_package = "com.google.cloud.run.v2";
option (google.api.resource_definition) = {
  type: "cloudkms.googleapis.com/CryptoKey"
  pattern: "projects/{project}/locations/{location}/keyRings/{key_ring}/cryptoKeys/{crypto_key}"
};
option (google.api.resource_definition) = {
  type: "secretmanager.googleapis.com/Secret"
  pattern: "projects/{project}/secrets/{secret}"
};
option (google.api.resource_definition) = {
  type: "secretmanager.googleapis.com/SecretVersion"
  pattern: "projects/{project}/secrets/{secret}/versions/{version}"
};
option (google.api.resource_definition) = {
  type: "vpcaccess.googleapis.com/Connector"
  pattern: "projects/{project}/locations/{location}/connectors/{connector}"
};

// A single application container.
// This specifies both the container to run, the command to run in the container
// and the arguments to supply to it.
// Note that additional arguments may be supplied by the system to the container
// at runtime.
message Container {
  // Name of the container specified as a DNS_LABEL.
  string name = 1;

  // Required. URL of the Container image in Google Container Registry or Google Artifact
  // Registry. More info: https://kubernetes.io/docs/concepts/containers/images
  string image = 2 [(google.api.field_behavior) = REQUIRED];

  // Entrypoint array. Not executed within a shell.
  // The docker image's ENTRYPOINT is used if this is not provided.
  // Variable references $(VAR_NAME) are expanded using the container's
  // environment. If a variable cannot be resolved, the reference in the input
  // string will be unchanged. The $(VAR_NAME) syntax can be escaped with a
  // double $$, ie: $$(VAR_NAME). Escaped references will never be expanded,
  // regardless of whether the variable exists or not.
  // More info:
  // https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
  repeated string command = 3;

  // Arguments to the entrypoint.
  // The docker image's CMD is used if this is not provided.
  // Variable references $(VAR_NAME) are expanded using the container's
  // environment. If a variable cannot be resolved, the reference in the input
  // string will be unchanged. The $(VAR_NAME) syntax can be escaped with a
  // double $$, ie: $$(VAR_NAME). Escaped references will never be expanded,
  // regardless of whether the variable exists or not.
  // More info:
  // https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
  repeated string args = 4;

  // List of environment variables to set in the container.
  repeated EnvVar env = 5;

  // Compute Resource requirements by this container.
  // More info:
  // https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources
  ResourceRequirements resources = 6;

  // List of ports to expose from the container. Only a single port can be
  // specified. The specified ports must be listening on all interfaces
  // (0.0.0.0) within the container to be accessible.
  //
  // If omitted, a port number will be chosen and passed to the container
  // through the PORT environment variable for the container to listen on.
  repeated ContainerPort ports = 7;

  // Volume to mount into the container's filesystem.
  repeated VolumeMount volume_mounts = 8;

  // Container's working directory.
  // If not specified, the container runtime's default will be used, which
  // might be configured in the container image.
  string working_dir = 9;

  // Periodic probe of container liveness.
  // Container will be restarted if the probe fails.
  // More info:
  // https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
  Probe liveness_probe = 10;

  // Startup probe of application within the container.
  // All other probes are disabled if a startup probe is provided, until it
  // succeeds. Container will not be added to service endpoints if the probe
  // fails.
  // More info:
  // https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
  Probe startup_probe = 11;
}

// ResourceRequirements describes the compute resource requirements.
message ResourceRequirements {
  // Only memory and CPU are supported. Note: The only
  // supported values for CPU are '1', '2',  '4', and '8'. Setting 4 CPU
  // requires at least 2Gi of memory. The values of the map is string form of
  // the 'quantity' k8s type:
  // https://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/apimachinery/pkg/api/resource/quantity.go
  map<string, string> limits = 1;

  // Determines whether CPU should be throttled or not outside of requests.
  bool cpu_idle = 2;
}

// EnvVar represents an environment variable present in a Container.
message EnvVar {
  // Required. Name of the environment variable. Must be a C_IDENTIFIER, and mnay not
  // exceed 32768 characters.
  string name = 1 [(google.api.field_behavior) = REQUIRED];

  oneof values {
    // Variable references $(VAR_NAME) are expanded
    // using the previous defined environment variables in the container and
    // any route environment variables. If a variable cannot be resolved,
    // the reference in the input string will be unchanged. The $(VAR_NAME)
    // syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped
    // references will never be expanded, regardless of whether the variable
    // exists or not.
    // Defaults to "", and the maximum length is 32768 bytes.
    string value = 2;

    // Source for the environment variable's value.
    EnvVarSource value_source = 3;
  }
}

// EnvVarSource represents a source for the value of an EnvVar.
message EnvVarSource {
  // Selects a secret and a specific version from Cloud Secret Manager.
  SecretKeySelector secret_key_ref = 1;
}

// SecretEnvVarSource represents a source for the value of an EnvVar.
message SecretKeySelector {
  // Required. The name of the secret in Cloud Secret Manager.
  // Format: {secret_name} if the secret is in the same project.
  // projects/{project}/secrets/{secret_name} if the secret is
  // in a different project.
  string secret = 1 [
    (google.api.field_behavior) = REQUIRED,
    (google.api.resource_reference) = {
      type: "secretmanager.googleapis.com/Secret"
    }
  ];

  // The Cloud Secret Manager secret version.
  // Can be 'latest' for the latest version, an integer for a specific version,
  // or a version alias.
  string version = 2 [(google.api.resource_reference) = {
                        type: "secretmanager.googleapis.com/SecretVersion"
                      }];
}

// ContainerPort represents a network port in a single container.
message ContainerPort {
  // If specified, used to specify which protocol to use.
  // Allowed values are "http1" and "h2c".
  string name = 1;

  // Port number the container listens on.
  // This must be a valid TCP port number, 0 < container_port < 65536.
  int32 container_port = 3;
}

// VolumeMount describes a mounting of a Volume within a container.
message VolumeMount {
  // Required. This must match the Name of a Volume.
  string name = 1 [(google.api.field_behavior) = REQUIRED];

  // Required. Path within the container at which the volume should be mounted.  Must
  // not contain ':'. For Cloud SQL volumes, it can be left empty, or must
  // otherwise be `/cloudsql`. All instances defined in the Volume will be
  // available as `/cloudsql/[instance]`. For more information on Cloud SQL
  // volumes, visit https://cloud.google.com/sql/docs/mysql/connect-run
  string mount_path = 3 [(google.api.field_behavior) = REQUIRED];
}

// Volume represents a named volume in a container.
message Volume {
  // Required. Volume's name.
  string name = 1 [(google.api.field_behavior) = REQUIRED];

  oneof volume_type {
    // Secret represents a secret that should populate this volume.
    // More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
    SecretVolumeSource secret = 2;

    // For Cloud SQL volumes, contains the specific instances that should be
    // mounted. Visit https://cloud.google.com/sql/docs/mysql/connect-run for
    // more information on how to connect Cloud SQL and Cloud Run.
    CloudSqlInstance cloud_sql_instance = 3;
  }
}

// The secret's value will be presented as the content of a file whose
// name is defined in the item path. If no items are defined, the name of
// the file is the secret.
message SecretVolumeSource {
  // Required. The name of the secret in Cloud Secret Manager.
  // Format: {secret} if the secret is in the same project.
  // projects/{project}/secrets/{secret} if the secret is
  // in a different project.
  string secret = 1 [(google.api.field_behavior) = REQUIRED];

  // If unspecified, the volume will expose a file whose name is the
  // secret, relative to VolumeMount.mount_path.
  // If specified, the key will be used as the version to fetch from Cloud
  // Secret Manager and the path will be the name of the file exposed in the
  // volume. When items are defined, they must specify a path and a version.
  repeated VersionToPath items = 2;

  // Integer representation of mode bits to use on created files by default.
  // Must be a value between 0000 and 0777 (octal), defaulting to 0444.
  // Directories within the path are not affected by  this setting.
  //
  // Notes
  //
  // * Internally, a umask of 0222 will be applied to any non-zero value.
  // * This is an integer representation of the mode bits. So, the octal
  // integer value should look exactly as the chmod numeric notation with a
  // leading zero. Some examples: for chmod 777 (a=rwx), set to 0777 (octal) or
  // 511 (base-10). For chmod 640 (u=rw,g=r), set to 0640 (octal) or
  // 416 (base-10). For chmod 755 (u=rwx,g=rx,o=rx), set to 0755 (octal) or 493
  // (base-10).
  // * This might be in conflict with other options that affect the
  // file mode, like fsGroup, and the result can be other mode bits set.
  //
  // This might be in conflict with other options that affect the
  // file mode, like fsGroup, and as a result, other mode bits could be set.
  int32 default_mode = 3;
}

// VersionToPath maps a specific version of a secret to a relative file to mount
// to, relative to VolumeMount's mount_path.
message VersionToPath {
  // Required. The relative path of the secret in the container.
  string path = 1 [(google.api.field_behavior) = REQUIRED];

  // The Cloud Secret Manager secret version.
  // Can be 'latest' for the latest value, or an integer or a secret alias for a
  // specific version.
  string version = 2;

  // Integer octal mode bits to use on this file, must be a value between
  // 01 and 0777 (octal). If 0 or not set, the Volume's default mode will be
  // used.
  //
  // Notes
  //
  // * Internally, a umask of 0222 will be applied to any non-zero value.
  // * This is an integer representation of the mode bits. So, the octal
  // integer value should look exactly as the chmod numeric notation with a
  // leading zero. Some examples: for chmod 777 (a=rwx), set to 0777 (octal) or
  // 511 (base-10). For chmod 640 (u=rw,g=r), set to 0640 (octal) or
  // 416 (base-10). For chmod 755 (u=rwx,g=rx,o=rx), set to 0755 (octal) or 493
  // (base-10).
  // * This might be in conflict with other options that affect the
  // file mode, like fsGroup, and the result can be other mode bits set.
  int32 mode = 3;
}

// Represents a specific Cloud SQL instance.
message CloudSqlInstance {
  // The Cloud SQL instance connection names, as can be found in
  // https://console.cloud.google.com/sql/instances. Visit
  // https://cloud.google.com/sql/docs/mysql/connect-run for more information on
  // how to connect Cloud SQL and Cloud Run. Format:
  // {project}:{location}:{instance}
  repeated string instances = 1;
}

// Probe describes a health check to be performed against a container to
// determine whether it is alive or ready to receive traffic.
message Probe {
  // Number of seconds after the container has started before the probe is
  // initiated.
  // Defaults to 0 seconds. Minimum value is 0. Maximum value for liveness probe
  // is 3600. Maximum value for startup probe is 240.
  // More info:
  // https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
  int32 initial_delay_seconds = 1;

  // Number of seconds after which the probe times out.
  // Defaults to 1 second. Minimum value is 1. Maximum value is 3600.
  // Must be smaller than period_seconds.
  // More info:
  // https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
  int32 timeout_seconds = 2;

  // How often (in seconds) to perform the probe.
  // Default to 10 seconds. Minimum value is 1. Maximum value for liveness probe
  // is 3600. Maximum value for startup probe is 240.
  // Must be greater or equal than timeout_seconds.
  int32 period_seconds = 3;

  // Minimum consecutive failures for the probe to be considered failed after
  // having succeeded. Defaults to 3. Minimum value is 1.
  int32 failure_threshold = 4;

  oneof probe_type {
    // HTTPGet specifies the http request to perform.
    // Exactly one of httpGet, tcpSocket, or grpc must be specified.
    HTTPGetAction http_get = 5;

    // TCPSocket specifies an action involving a TCP port.
    // Exactly one of httpGet, tcpSocket, or grpc must be specified.
    TCPSocketAction tcp_socket = 6;

    // GRPC specifies an action involving a gRPC port.
    // Exactly one of httpGet, tcpSocket, or grpc must be specified.
    GRPCAction grpc = 7;
  }
}

// HTTPGetAction describes an action based on HTTP Get requests.
message HTTPGetAction {
  // Path to access on the HTTP server. Defaults to '/'.
  string path = 1;

  // Custom headers to set in the request. HTTP allows repeated headers.
  repeated HTTPHeader http_headers = 4;
}

// HTTPHeader describes a custom header to be used in HTTP probes
message HTTPHeader {
  // Required. The header field name
  string name = 1 [(google.api.field_behavior) = REQUIRED];

  // The header field value
  string value = 2;
}

// TCPSocketAction describes an action based on opening a socket
message TCPSocketAction {
  // Port number to access on the container. Must be in the range 1 to 65535.
  // If not specified, defaults to 8080.
  int32 port = 1;
}

// GRPCAction describes an action involving a GRPC port.
message GRPCAction {
  // Port number of the gRPC service. Number must be in the range 1 to 65535.
  // If not specified, defaults to 8080.
  int32 port = 1;

  // Service is the name of the service to place in the gRPC HealthCheckRequest
  // (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). If
  // this is not specified, the default behavior is defined by gRPC.
  string service = 2;
}