feat: [container] add a flag to toggle the Kubelet read only port (#4387

) * feat: Add `KUBE_DNS` option to `DNSConfig.cluster_dns` --- feat: add Tier 1 cluster-level API network_performance_config PiperOrigin-RevId: 544446757 Source-Link: googleapis/googleapis@becb844 Source-Link: googleapis/googleapis-gen@0ffa236 Copy-Tag: eyJwIjoicGFja2FnZXMvZ29vZ2xlLWNvbnRhaW5lci8uT3dsQm90LnlhbWwiLCJoIjoiMGZmYTIzNjE5NjdlMmY3NzZhMGY5M2ZlNWUzM2MwMWRhN2I2MGViYSJ9 * 🦉 Updates from OwlBot post-processor See https://github.com/googleapis/repo-automation-bots/blob/main/packages/owl-bot/README.md * feat: add a flag to toggle the Kubelet read only port A new optional field `InsecureKubeletReadonlyPortEnabled` is available in `NodeKubeletConfig` and `AutoProvisioningNodePoolDefaults`. Setting the field to `false` turns off the read-only port. If un-set, the default for the GKE version is used. --- feat: publicize tpu topology in beta API --- feat: add a Pod IP Utilization API Users can use `cluster describe` command to check the Pod IP ranges utilizations consumed by all the node pools within the same cluster. This percentage can be seen at cluster default Pod range, additional Pod ranges, and node pool level Pod ranges. PiperOrigin-RevId: 545172252 Source-Link: googleapis/googleapis@5b2d46f Source-Link: googleapis/googleapis-gen@efa201a Copy-Tag: eyJwIjoicGFja2FnZXMvZ29vZ2xlLWNvbnRhaW5lci8uT3dsQm90LnlhbWwiLCJoIjoiZWZhMjAxYTJiZGQwNjQyYmQ1ZGZkZWNmOTJmN2MzYTBjMzhkY2E4NSJ9 * 🦉 Updates from OwlBot post-processor See https://github.com/googleapis/repo-automation-bots/blob/main/packages/owl-bot/README.md --------- Co-authored-by: Owl Bot <gcf-owl-bot[bot]@users.noreply.github.com> Co-authored-by: Denis DelGrosso <[email protected]>
googleapis · Jul 6, 2023 · 1c86e27 · 1c86e27
1 parent 12d6ac6
commit 1c86e27
Show file tree

Hide file tree

Showing 4 changed files with 1,187 additions and 5 deletions.
diff --git a/packages/google-container/protos/google/container/v1beta1/cluster_service.proto b/packages/google-container/protos/google/container/v1beta1/cluster_service.proto
@@ -606,6 +606,9 @@ message NodeKubeletConfig {
   // Controls the maximum number of processes allowed to run in a pod. The value
   // must be greater than or equal to 1024 and less than 4194304.
   int64 pod_pids_limit = 4;
+
+  // Enable or disable Kubelet read only port.
+  optional bool insecure_kubelet_readonly_port_enabled = 7;
 }
 
 // Parameters that describe the nodes in a cluster.
@@ -716,7 +719,7 @@ message NodeConfig {
 
   // Whether the nodes are created as preemptible VM instances. See:
   // https://cloud.google.com/compute/docs/instances/preemptible for more
-  // inforamtion about preemptible VM instances.
+  // information about preemptible VM instances.
   bool preemptible = 10;
 
   // A list of hardware accelerators to be attached to each node.
@@ -918,6 +921,12 @@ message NodeNetworkConfig {
   // Example: max_pods_per_node of 30 will result in 32 IPs (/27) when
   // overprovisioning is disabled.
   PodCIDROverprovisionConfig pod_cidr_overprovision_config = 13;
+
+  // Output only. [Output only] The utilization of the IPv4 range for pod.
+  // The ratio is Usage/[Total number of IPs in the secondary range],
+  // Usage=numNodes*numZones*podIPsPerNode.
+  double pod_ipv4_range_utilization = 16
+      [(google.api.field_behavior) = OUTPUT_ONLY];
 }
 
 // A set of Shielded Instance options.
@@ -1636,6 +1645,12 @@ message IPAllocationPolicy {
   // IPAllocationPolicy.
   AdditionalPodRangesConfig additional_pod_ranges_config = 24
       [(google.api.field_behavior) = OUTPUT_ONLY];
+
+  // Output only. [Output only] The utilization of the cluster default IPv4
+  // range for pod. The ratio is Usage/[Total number of IPs in the secondary
+  // range], Usage=numNodes*numZones*podIPsPerNode.
+  double default_pod_ipv4_range_utilization = 25
+      [(google.api.field_behavior) = OUTPUT_ONLY];
 }
 
 // Configuration for Binary Authorization.
@@ -2445,6 +2460,10 @@ message ClusterUpdate {
   // Enable/Disable Security Posture API features for the cluster.
   SecurityPostureConfig desired_security_posture_config = 124;
 
+  // The desired network performance config.
+  NetworkConfig.ClusterNetworkPerformanceConfig
+      desired_network_performance_config = 125;
+
   // Enable/Disable FQDN Network Policy for the cluster.
   optional bool desired_enable_fqdn_network_policy = 126;
 
@@ -2460,6 +2479,19 @@ message ClusterUpdate {
 message AdditionalPodRangesConfig {
   // Name for pod secondary ipv4 range which has the actual range defined ahead.
   repeated string pod_range_names = 1;
+
+  // Output only. [Output only] Information for additional pod range.
+  repeated RangeInfo pod_range_info = 2
+      [(google.api.field_behavior) = OUTPUT_ONLY];
+}
+
+// RangeInfo contains the range name and the range utilization by this cluster.
+message RangeInfo {
+  // Output only. [Output only] Name of a range.
+  string range_name = 1 [(google.api.field_behavior) = OUTPUT_ONLY];
+
+  // Output only. [Output only] The utilization of the range.
+  double utilization = 2 [(google.api.field_behavior) = OUTPUT_ONLY];
 }
 
 // This operation resource represents operations that may have happened or are
@@ -3705,6 +3737,10 @@ message NodePool {
 
     // The type of placement.
     Type type = 1;
+
+    // TPU placement topology for pod slice node pool.
+    // https://cloud.google.com/tpu/docs/types-topologies#tpu_topologies
+    string tpu_topology = 2;
   }
 
   // The name of the node pool.
@@ -4170,6 +4206,9 @@ message AutoprovisioningNodePoolDefaults {
   // https://cloud.google.com/kubernetes-engine/docs/concepts/node-images for
   // available image types.
   string image_type = 10;
+
+  // Enable or disable Kubelet read only port.
+  optional bool insecure_kubelet_readonly_port_enabled = 13;
 }
 
 // Contains information about amount of some resource in the cluster.
@@ -4623,6 +4662,21 @@ message StatusCondition {
 
 // NetworkConfig reports the relative names of network & subnetwork.
 message NetworkConfig {
+  // Configuration of all network bandwidth tiers
+  message ClusterNetworkPerformanceConfig {
+    // Node network tier
+    enum Tier {
+      // Default value
+      TIER_UNSPECIFIED = 0;
+
+      // Higher bandwidth, actual values based on VM size.
+      TIER_1 = 1;
+    }
+
+    // Specifies the total network bandwidth tier for the NodePool.
+    optional Tier total_egress_bandwidth_tier = 1;
+  }
+
   // Output only. The relative name of the Google Compute Engine
   // [network][google.container.v1beta1.NetworkConfig.network](https://cloud.google.com/compute/docs/networks-and-firewalls#networks)
   // to which the cluster is connected. Example:
@@ -4668,6 +4722,9 @@ message NetworkConfig {
   // cluster.
   GatewayAPIConfig gateway_api_config = 16;
 
+  // Network bandwidth tier configuration.
+  ClusterNetworkPerformanceConfig network_performance_config = 18;
+
   // Whether FQDN Network Policy is enabled on this cluster.
   optional bool enable_fqdn_network_policy = 19;
 }
@@ -4837,6 +4894,9 @@ message DNSConfig {
 
     // Use CloudDNS for DNS resolution.
     CLOUD_DNS = 2;
+
+    // Use KubeDNS for DNS resolution
+    KUBE_DNS = 3;
   }
 
   // DNSScope lists the various scopes of access to cluster DNS records.