feat(container-v1beta1): Support ResourceManagerTags API (#23486)

google-cloud-container-v1beta1/lib/google/cloud/container/v1beta1/cluster_manager/client.rb

@@ -661,7 +661,7 @@ def update_cluster request, options = nil
             #   @param options [::Gapic::CallOptions, ::Hash]
             #     Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
             #
-            # @overload update_node_pool(project_id: nil, zone: nil, cluster_id: nil, node_pool_id: nil, node_version: nil, image_type: nil, locations: nil, workload_metadata_config: nil, name: nil, upgrade_settings: nil, tags: nil, taints: nil, labels: nil, linux_node_config: nil, kubelet_config: nil, node_network_config: nil, gcfs_config: nil, confidential_nodes: nil, gvnic: nil, etag: nil, fast_socket: nil, logging_config: nil, resource_labels: nil, windows_node_config: nil, machine_type: nil, disk_type: nil, disk_size_gb: nil)
+            # @overload update_node_pool(project_id: nil, zone: nil, cluster_id: nil, node_pool_id: nil, node_version: nil, image_type: nil, locations: nil, workload_metadata_config: nil, name: nil, upgrade_settings: nil, tags: nil, taints: nil, labels: nil, linux_node_config: nil, kubelet_config: nil, node_network_config: nil, gcfs_config: nil, confidential_nodes: nil, gvnic: nil, etag: nil, fast_socket: nil, logging_config: nil, resource_labels: nil, windows_node_config: nil, machine_type: nil, disk_type: nil, disk_size_gb: nil, resource_manager_tags: nil)
             #   Pass arguments to `update_node_pool` via keyword arguments. Note that at
             #   least one keyword argument is required. To specify no parameters, or to keep all
             #   the default parameter values, pass an empty Hash as a request object (see above).
@@ -761,6 +761,10 @@ def update_cluster request, options = nil
             #     Optional. The desired disk size for nodes in the node pool.
             #     Initiates an upgrade operation that migrates the nodes in the
             #     node pool to the specified disk size.
+            #   @param resource_manager_tags [::Google::Cloud::Container::V1beta1::ResourceManagerTags, ::Hash]
+            #     Desired resource manager tag keys and values to be attached to the nodes
+            #     for managing Compute Engine firewalls using Network Firewall Policies.
+            #     Existing tags will be replaced with new values.
             #
             # @yield [response, operation] Access the result along with the RPC operation
             # @yieldparam response [::Google::Cloud::Container::V1beta1::Operation]

google-cloud-container-v1beta1/proto_docs/google/container/v1beta1/cluster_service.rb

@@ -363,6 +363,9 @@ class NodeKubeletConfig
         #   @return [::Google::Cloud::Container::V1beta1::HostMaintenancePolicy]
         #     HostMaintenancePolicy contains the desired maintenance policy for the
         #     Google Compute Engine hosts.
+        # @!attribute [rw] resource_manager_tags
+        #   @return [::Google::Cloud::Container::V1beta1::ResourceManagerTags]
+        #     A map of resource manager tag keys and values to be attached to the nodes.
         # @!attribute [rw] enable_confidential_storage
         #   @return [::Boolean]
         #     Optional. Enable confidential storage on Hyperdisk.
@@ -592,8 +595,22 @@ module Type
         # @!attribute [rw] local_ssd_count
         #   @return [::Integer]
         #     Number of local SSDs to use to back ephemeral storage. Uses NVMe
-        #     interfaces. Each local SSD is 375 GB in size.
-        #     If zero, it means to disable using local SSDs as ephemeral storage.
+        #     interfaces. The limit for this value is dependent upon the maximum number
+        #     of disk available on a machine per zone. See:
+        #     https://cloud.google.com/compute/docs/disks/local-ssd
+        #     for more information.
+        #
+        #     A zero (or unset) value has different meanings depending on machine type
+        #     being used:
+        #     1. For pre-Gen3 machines, which support flexible numbers of local ssds,
+        #     zero (or unset) means to disable using local SSDs as ephemeral storage.
+        #     2. For Gen3 machines which dictate a specific number of local ssds, zero
+        #     (or unset) means to use the default number of local ssds that goes with
+        #     that machine type. For example, for a c3-standard-8-lssd machine, 2 local
+        #     ssds would be provisioned. For c3-standard-8 (which doesn't support local
+        #     ssds), 0 will be provisioned. See
+        #     https://cloud.google.com/compute/docs/disks/local-ssd#choose_number_local_ssds
+        #     for more info.
         class EphemeralStorageConfig
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -603,13 +620,22 @@ class EphemeralStorageConfig
         # NVMe SSDs
         # @!attribute [rw] local_ssd_count
         #   @return [::Integer]
-        #     The number of raw-block local NVMe SSD disks to be attached to the node.
-        #     Each local SSD is 375 GB in size. If zero, it means no raw-block local NVMe
-        #     SSD disks to be attached to the node.
-        #     The limit for this value is dependent upon the maximum number of
-        #     disks available on a machine per zone. See:
+        #     Number of local NVMe SSDs to use.  The limit for this value is dependent
+        #     upon the maximum number of disk available on a machine per zone. See:
         #     https://cloud.google.com/compute/docs/disks/local-ssd
         #     for more information.
+        #
+        #     A zero (or unset) value has different meanings depending on machine type
+        #     being used:
+        #     1. For pre-Gen3 machines, which support flexible numbers of local ssds,
+        #     zero (or unset) means to disable using local SSDs as ephemeral storage.
+        #     2. For Gen3 machines which dictate a specific number of local ssds, zero
+        #     (or unset) means to use the default number of local ssds that goes with
+        #     that machine type. For example, for a c3-standard-8-lssd machine, 2 local
+        #     ssds would be provisioned. For c3-standard-8 (which doesn't support local
+        #     ssds), 0 will be provisioned. See
+        #     https://cloud.google.com/compute/docs/disks/local-ssd#choose_number_local_ssds
+        #     for more info.
         class LocalNvmeSsdBlockConfig
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -620,12 +646,23 @@ class LocalNvmeSsdBlockConfig
         # @!attribute [rw] local_ssd_count
         #   @return [::Integer]
         #     Number of local SSDs to use to back ephemeral storage. Uses NVMe
-        #     interfaces. Each local SSD is 375 GB in size.
-        #     If zero, it means to disable using local SSDs as ephemeral storage.
-        #     The limit for this value is dependent upon the maximum number of
-        #     disks available on a machine per zone. See:
+        #     interfaces.
+        #
+        #     A zero (or unset) value has different meanings depending on machine type
+        #     being used:
+        #     1. For pre-Gen3 machines, which support flexible numbers of local ssds,
+        #     zero (or unset) means to disable using local SSDs as ephemeral storage. The
+        #     limit for this value is dependent upon the maximum number of disk
+        #     available on a machine per zone. See:
         #     https://cloud.google.com/compute/docs/disks/local-ssd
         #     for more information.
+        #     2. For Gen3 machines which dictate a specific number of local ssds, zero
+        #     (or unset) means to use the default number of local ssds that goes with
+        #     that machine type. For example, for a c3-standard-8-lssd machine, 2 local
+        #     ssds would be provisioned. For c3-standard-8 (which doesn't support local
+        #     ssds), 0 will be provisioned. See
+        #     https://cloud.google.com/compute/docs/disks/local-ssd#choose_number_local_ssds
+        #     for more info.
         class EphemeralStorageLocalSsdConfig
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -721,10 +758,35 @@ module Operator
         # @!attribute [rw] maintenance_interval
         #   @return [::Google::Cloud::Container::V1beta1::HostMaintenancePolicy::MaintenanceInterval]
         #     Specifies the frequency of planned maintenance events.
+        # @!attribute [rw] opportunistic_maintenance_strategy
+        #   @return [::Google::Cloud::Container::V1beta1::HostMaintenancePolicy::OpportunisticMaintenanceStrategy]
+        #     Strategy that will trigger maintenance on behalf of the customer.
         class HostMaintenancePolicy
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods
 
+          # Strategy that will trigger maintenance on behalf of the customer.
+          # @!attribute [rw] node_idle_time_window
+          #   @return [::Google::Protobuf::Duration]
+          #     The amount of time that a node can remain idle (no customer owned
+          #     workloads running), before triggering maintenance.
+          # @!attribute [rw] maintenance_availability_window
+          #   @return [::Google::Protobuf::Duration]
+          #     The window of time that opportunistic maintenance can run. Example: A
+          #     setting of 14 days implies that opportunistic maintenance can only be ran
+          #     in the 2 weeks leading up to the scheduled maintenance date. Setting 28
+          #     days allows opportunistic maintenance to run at any time in the scheduled
+          #     maintenance window (all `PERIODIC` maintenance is set 28 days in
+          #     advance).
+          # @!attribute [rw] min_nodes_per_pool
+          #   @return [::Integer]
+          #     The minimum nodes required to be available in a pool. Blocks maintenance
+          #     if it would cause the number of running nodes to dip below this value.
+          class OpportunisticMaintenanceStrategy
+            include ::Google::Protobuf::MessageExts
+            extend ::Google::Protobuf::MessageExts::ClassMethods
+          end
+
           # Allows selecting how infrastructure upgrades should be applied to the
           # cluster or node pool.
           module MaintenanceInterval
@@ -2078,6 +2140,10 @@ class NodeConfigDefaults
         #     valid sources or targets for network firewalls and are specified by
         #     the client during cluster creation. Each tag within the list
         #     must comply with RFC1035.
+        # @!attribute [rw] resource_manager_tags
+        #   @return [::Google::Cloud::Container::V1beta1::ResourceManagerTags]
+        #     Resource manager tag keys and values to be attached to the nodes
+        #     for managing Compute Engine firewalls using Network Firewall Policies.
         class NodePoolAutoConfig
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -2325,6 +2391,13 @@ class NodePoolAutoConfig
         #   @return [::Google::Cloud::Container::V1beta1::HostMaintenancePolicy]
         #     HostMaintenancePolicy contains the desired maintenance policy for the
         #     Google Compute Engine hosts.
+        # @!attribute [rw] desired_node_pool_auto_config_resource_manager_tags
+        #   @return [::Google::Cloud::Container::V1beta1::ResourceManagerTags]
+        #     The desired resource manager tags that apply to all auto-provisioned node
+        #     pools in autopilot clusters and node auto-provisioning enabled clusters.
+        # @!attribute [rw] desired_in_transit_encryption_config
+        #   @return [::Google::Cloud::Container::V1beta1::InTransitEncryptionConfig]
+        #     Specify the details of in-transit encryption.
         class ClusterUpdate
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -2570,6 +2643,10 @@ module Type
             # [documentation on
             # resizes](https://cloud.google.com/kubernetes-engine/docs/concepts/maintenance-windows-and-exclusions#repairs).
             RESIZE_CLUSTER = 18
+
+            # Fleet features of GKE Enterprise are being upgraded. The cluster should
+            # be assumed to be blocked for other upgrades until the operation finishes.
+            FLEET_FEATURE_UPGRADE = 19
           end
         end
 
@@ -2817,6 +2894,11 @@ class UpdateClusterRequest
         #     Optional. The desired disk size for nodes in the node pool.
         #     Initiates an upgrade operation that migrates the nodes in the
         #     node pool to the specified disk size.
+        # @!attribute [rw] resource_manager_tags
+        #   @return [::Google::Cloud::Container::V1beta1::ResourceManagerTags]
+        #     Desired resource manager tag keys and values to be attached to the nodes
+        #     for managing Compute Engine firewalls using Network Firewall Policies.
+        #     Existing tags will be replaced with new values.
         class UpdateNodePoolRequest
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -3707,6 +3789,9 @@ module Phase
                 # Start cordoning blue pool nodes.
                 CORDONING_BLUE_POOL = 3
 
+                # Start waiting after cordoning the blue pool and before draining it.
+                WAITING_TO_DRAIN_BLUE_POOL = 8
+
                 # Start draining blue pool nodes.
                 DRAINING_BLUE_POOL = 4
 
@@ -4752,6 +4837,9 @@ module Code
         # @!attribute [rw] enable_fqdn_network_policy
         #   @return [::Boolean]
         #     Whether FQDN Network Policy is enabled on this cluster.
+        # @!attribute [rw] in_transit_encryption_config
+        #   @return [::Google::Cloud::Container::V1beta1::InTransitEncryptionConfig]
+        #     Specify the details of in-transit encryption.
         class NetworkConfig
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -5765,6 +5853,32 @@ class Fleet
           extend ::Google::Protobuf::MessageExts::ClassMethods
         end
 
+        # A map of resource manager tag keys and values to be attached to the nodes
+        # for managing Compute Engine firewalls using Network Firewall Policies.
+        # Tags must be according to specifications in
+        # https://cloud.google.com/vpc/docs/tags-firewalls-overview#specifications.
+        # A maximum of 5 tag key-value pairs can be specified.
+        # Existing tags will be replaced with new values.
+        # @!attribute [rw] tags
+        #   @return [::Google::Protobuf::Map{::String => ::String}]
+        #     Tags must be in one of the following formats ([KEY]=[VALUE])
+        #     1. `tagKeys/{tag_key_id}=tagValues/{tag_value_id}`
+        #     2. `{org_id}/{tag_key_name}={tag_value_name}`
+        #     3. `{project_id}/{tag_key_name}={tag_value_name}`
+        class ResourceManagerTags
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+
+          # @!attribute [rw] key
+          #   @return [::String]
+          # @!attribute [rw] value
+          #   @return [::String]
+          class TagsEntry
+            include ::Google::Protobuf::MessageExts
+            extend ::Google::Protobuf::MessageExts::ClassMethods
+          end
+        end
+
         # PrivateIPv6GoogleAccess controls whether and how the pods can communicate
         # with Google Services through gRPC over IPv6.
         module PrivateIPv6GoogleAccess
@@ -5835,6 +5949,19 @@ module StackType
           # The value used if the cluster is a dual stack cluster
           IPV4_IPV6 = 2
         end
+
+        # Options for in-transit encryption.
+        module InTransitEncryptionConfig
+          # Unspecified, will be inferred as default -
+          # IN_TRANSIT_ENCRYPTION_UNSPECIFIED.
+          IN_TRANSIT_ENCRYPTION_CONFIG_UNSPECIFIED = 0
+
+          # In-transit encryption is disabled.
+          IN_TRANSIT_ENCRYPTION_DISABLED = 1
+
+          # Data in-transit is encrypted using inter-node transparent encryption.
+          IN_TRANSIT_ENCRYPTION_INTER_NODE_TRANSPARENT = 2
+        end
       end
     end
   end