Index
- EdgeContainer(interface)
- Authorization(message)
- ChannelConfig(message)
- Cluster(message)
- Cluster.ConnectionState(message)
- Cluster.ConnectionState.State(enum)
- Cluster.ContainerRuntimeConfig(message)
- Cluster.ContainerRuntimeConfig.DefaultContainerRuntime(enum)
- Cluster.ControlPlane(message)
- Cluster.ControlPlane.Local(message)
- Cluster.ControlPlane.Remote(message)
- Cluster.ControlPlane.SharedDeploymentPolicy(enum)
- Cluster.ControlPlaneEncryption(message)
- Cluster.ExternalLoadBalancerPool(message)
- Cluster.GoogleGroupAuthenticationConfig(message)
- Cluster.MaintenanceEvent(message)
- Cluster.MaintenanceEvent.Schedule(enum)
- Cluster.MaintenanceEvent.State(enum)
- Cluster.MaintenanceEvent.Type(enum)
- Cluster.ReleaseChannel(enum)
- Cluster.Status(enum)
- Cluster.SurvivabilityConfig(message)
- Cluster.SystemAddonsConfig(message)
- Cluster.SystemAddonsConfig.Ingress(message)
- Cluster.SystemAddonsConfig.VMServiceConfig(message)
- Cluster.ZoneStorageEncryption(message)
- ClusterNetworking(message)
- ClusterUser(message)
- ConfigData(message)
- CreateClusterRequest(message)
- CreateIdentityProviderRequest(message)
- CreateNodePoolRequest(message)
- CreateServiceAccountRequest(message)
- CreateVpnConnectionRequest(message)
- DeleteClusterRequest(message)
- DeleteIdentityProviderRequest(message)
- DeleteNodePoolRequest(message)
- DeleteServiceAccountRequest(message)
- DeleteVpnConnectionRequest(message)
- EnableZonalProjectRequest(message)
- EnableZonalProjectResponse(message)
- EnableZonalServiceRequest(message)
- Fleet(message)
- GenerateAccessTokenRequest(message)
- GenerateAccessTokenResponse(message)
- GenerateOfflineCredentialRequest(message)
- GenerateOfflineCredentialResponse(message)
- GenerateServiceAccountKeyRequest(message)
- GenerateServiceAccountKeyResponse(message)
- GetClusterRequest(message)
- GetIamPolicyRequest(message)
- GetIdentityProviderRequest(message)
- GetMachineRequest(message)
- GetNodePoolRequest(message)
- GetServerConfigRequest(message)
- GetServiceAccountRequest(message)
- GetVpnConnectionRequest(message)
- GetZonalProjectRequest(message)
- GetZonalServiceRequest(message)
- GetZoneRequest(message)
- IamPolicy(message)
- IamPolicy.Binding(message)
- IamPolicy.Principal(message)
- IdentityProvider(message)
- KmsKeyState(enum)
- ListClustersRequest(message)
- ListClustersResponse(message)
- ListIdentityProvidersRequest(message)
- ListIdentityProvidersResponse(message)
- ListMachinesRequest(message)
- ListMachinesResponse(message)
- ListNodePoolsRequest(message)
- ListNodePoolsResponse(message)
- ListServiceAccountsRequest(message)
- ListServiceAccountsResponse(message)
- ListVpnConnectionsRequest(message)
- ListVpnConnectionsResponse(message)
- ListZonalProjectsRequest(message)
- ListZonalProjectsResponse(message)
- ListZonalServicesRequest(message)
- ListZonalServicesResponse(message)
- ListZonesRequest(message)
- ListZonesResponse(message)
- LocationMetadata(message)
- Machine(message)
- Machine.Purpose(enum)
- Machine.Status(enum)
- MaintenanceExclusionWindow(message)
- MaintenancePolicy(message)
- MaintenanceWindow(message)
- NodePool(message)
- NodePool.LocalDiskEncryption(message)
- NodePool.NodeConfig(message)
- OIDCProviderConfig(message)
- OperationMetadata(message)
- OperationMetadata.StatusReason(enum)
- Quota(message)
- RecurringTimeWindow(message)
- ResourceState(enum)
- ServerConfig(message)
- ServiceAccount(message)
- SetIamPolicyRequest(message)
- TimeWindow(message)
- UpdateClusterRequest(message)
- UpdateNodePoolRequest(message)
- UpgradeClusterRequest(message)
- UpgradeClusterRequest.Schedule(enum)
- Version(message)
- VersionRollout(message)
- VpnConnection(message)
- VpnConnection.BgpRoutingMode(enum)
- VpnConnection.Details(message)
- VpnConnection.Details.CloudRouter(message)
- VpnConnection.Details.CloudVpn(message)
- VpnConnection.Details.State(enum)
- VpnConnection.VpcProject(message)
- ZonalProject(message)
- ZonalProject.State(enum)
- ZonalService(message)
- ZonalService.ServiceSelector(enum)
- ZonalService.State(enum)
- Zone(message)
- Zone.DNSServer(message)
- Zone.State(enum)
- ZoneMetadata(message)
- ZoneMetadata.RackType(enum)
EdgeContainer
EdgeContainer API provides management of Kubernetes Clusters on Google Edge Cloud deployments.
| CreateCluster | 
|---|
| 
 Creates a new Cluster in a given project and location. 
 | 
| CreateIdentityProvider | 
|---|
| 
 Configures an identity provider in the infra cluster. 
 | 
| CreateNodePool | 
|---|
| 
 Creates a new NodePool in a given project and location. 
 | 
| CreateServiceAccount | 
|---|
| 
 CreateServiceAccount creates the project service account CR in the project namespace in the cluster (infra cluster for V2, user cluster for V1). 
 | 
| CreateVpnConnection | 
|---|
| 
 Creates a new VPN connection in a given project and location. 
 | 
| DeleteCluster | 
|---|
| 
 Deletes a single Cluster. 
 | 
| DeleteIdentityProvider | 
|---|
| 
 DeleteIdentityProvider removes the identity provider from the infra cluster. 
 | 
| DeleteNodePool | 
|---|
| 
 Deletes a single NodePool. 
 | 
| DeleteServiceAccount | 
|---|
| 
 DeleteServiceAccount deletes the project service account CR in the project namespace in the cluster (infra cluster for V2, user cluster for V1). 
 | 
| DeleteVpnConnection | 
|---|
| 
 Deletes a single VPN connection. 
 | 
| EnableZonalProject | 
|---|
| 
 EnableZonalProject enables consumer project on the zone. 
 | 
| EnableZonalService | 
|---|
| 
 EnableZonalService enables a service on a zone. 
 | 
| GenerateAccessToken | 
|---|
| 
 Generates an access token for a Cluster. 
 | 
| GenerateOfflineCredential | 
|---|
| 
 Generates an offline credential for a Cluster. 
 | 
| GenerateServiceAccountKey | 
|---|
| 
 GenerateServiceAccountKey generates a keypair for the given service account resource. 
 | 
| GetCluster | 
|---|
| 
 Gets details of a single Cluster. 
 | 
| GetIamPolicy | 
|---|
| 
 GetIamPolicy gets the IAM policies for a project in the infra cluster. 
 | 
| GetIdentityProvider | 
|---|
| 
 GetIdentityProvider gets the identity provider details. 
 | 
| GetMachine | 
|---|
| 
 Gets details of a single Machine. 
 | 
| GetNodePool | 
|---|
| 
 Gets details of a single NodePool. 
 | 
| GetServerConfig | 
|---|
| 
 Gets the server config. 
 | 
| GetServiceAccount | 
|---|
| 
 GetServiceAccount gets the service account details. 
 | 
| GetVpnConnection | 
|---|
| 
 Gets details of a single VPN connection. 
 | 
| GetZonalProject | 
|---|
| 
 GetZonalProject gets the ZonalProject. 
 | 
| GetZonalService | 
|---|
| 
 Get EnabledZonalService gets the enabled service details. 
 | 
| GetZone | 
|---|
| 
 Gets details of a single Zone on which the parent organization is enabled. 
 | 
| ListClusters | 
|---|
| 
 Lists Clusters in a given project and location. 
 | 
| ListIdentityProviders | 
|---|
| 
 Lists identity providers that are configured in the infra cluster. 
 | 
| ListMachines | 
|---|
| 
 Lists Machines in a given project and location. 
 | 
| ListNodePools | 
|---|
| 
 Lists NodePools in a given project and location. 
 | 
| ListServiceAccounts | 
|---|
| 
 ListServiceAccounts lists the details of all the service account resources for a project in the cluster (infra cluster for V2, user cluster for V1). 
 | 
| ListVpnConnections | 
|---|
| 
 Lists VPN connections in a given project and location. 
 | 
| ListZonalProjects | 
|---|
| 
 Lists ZonalProjects on the zone. 
 | 
| ListZonalServices | 
|---|
| 
 Lists ZonalServices in a given project and location. 
 | 
| ListZones | 
|---|
| 
 Lists Zones on which the parent organization is enabled. 
 | 
| SetIamPolicy | 
|---|
| 
 SetIamPolicy sets the IAM policy for a project in the infra cluster. It overrides the existing policy with the provided one. 
 | 
| UpdateCluster | 
|---|
| 
 Updates the parameters of a single Cluster. 
 | 
| UpdateNodePool | 
|---|
| 
 Updates the parameters of a single NodePool. 
 | 
| UpgradeCluster | 
|---|
| 
 Upgrades a single cluster. 
 | 
Authorization
RBAC policy that will be applied and managed by GEC.
| Fields | |
|---|---|
| admin_users | Required. User that will be granted the cluster-admin role on the cluster, providing full access to the cluster. Currently, this is a singular field, but will be expanded to allow multiple admins in the future. | 
ChannelConfig
Configuration for a release channel.
| Fields | |
|---|---|
| default_version | 
 Output only. Default version for this release channel, e.g.: "1.4.0". | 
Cluster
A Google Distributed Cloud Edge Kubernetes cluster.
| Fields | |
|---|---|
| name | 
 Required. The resource name of the cluster. | 
| create_time | Output only. The time when the cluster was created. | 
| update_time | Output only. The time when the cluster was last updated. | 
| labels | 
 Labels associated with this resource. | 
| fleet | Required. Fleet configuration. | 
| networking | Required. Cluster-wide networking configuration. | 
| authorization | Required. Immutable. RBAC policy that will be applied and managed by GEC. | 
| default_max_pods_per_node | 
 Optional. The default maximum number of pods per node used if a maximum value is not specified explicitly for a node pool in this cluster. If unspecified, the Kubernetes default value will be used. | 
| endpoint | 
 Output only. The IP address of the Kubernetes API server. | 
| port | 
 Output only. The port number of the Kubernetes API server. | 
| cluster_ca_certificate | 
 Output only. The PEM-encoded public certificate of the cluster's CA. | 
| maintenance_policy | Optional. Cluster-wide maintenance policy configuration. | 
| control_plane_version | 
 Output only. The control plane release version | 
| node_version | 
 Output only. The lowest release version among all worker nodes. This field can be empty if the cluster does not have any worker nodes. | 
| control_plane | Optional. The configuration of the cluster control plane. | 
| system_addons_config | Optional. The configuration of the system add-ons. | 
| external_load_balancer_ipv4_address_pools[] | 
 Optional. IPv4 address pools for cluster data plane external load balancing. | 
| control_plane_encryption | Optional. Remote control plane disk encryption options. This field is only used when enabling CMEK support. | 
| status | Output only. The current status of the cluster. | 
| maintenance_events[] | Output only. All the maintenance events scheduled for the cluster, including the ones ongoing, planned for the future and done in the past (up to 90 days). | 
| target_version | 
 Optional. The target cluster version. For example: "1.5.0". | 
| release_channel | Optional. The release channel a cluster is subscribed to. | 
| survivability_config | Optional. Configuration of the cluster survivability, e.g., for the case when network connectivity is lost. Note: This only applies to local control plane clusters. | 
| external_load_balancer_ipv6_address_pools[] | 
 Optional. IPv6 address pools for cluster data plane external load balancing. | 
| connection_state | Output only. The current connection state of the cluster. | 
| external_load_balancer_address_pools[] | Optional. External load balancer pools for cluster. | 
| zone_storage_encryption | Optional. The zone storage encryption configuration | 
| container_runtime_config | Optional. The container runtime config of the cluster. | 
| enable_cluster_isolation | 
 Optional. This denotes if the cluster is required to be isolated. go/cluster-isolation-in-gdcc-cluster | 
| google_group_authentication | 
 Optional. The Google Group authentication config of the cluster. | 
ConnectionState
ConnectionState holds the current connection state from the cluster to Google.
| Fields | |
|---|---|
| state | Output only. The current connection state. | 
| update_time | Output only. The time when the connection state was last changed. | 
State
The connection state.
| Enums | |
|---|---|
| STATE_UNSPECIFIED | Unknown connection state. | 
| DISCONNECTED | This cluster is currently disconnected from Google. | 
| CONNECTED | This cluster is currently connected to Google. | 
| CONNECTED_AND_SYNCING | This cluster is currently connected to Google, but may have recently reconnected after a disconnection. It is still syncing back. | 
ContainerRuntimeConfig
Container runtime config of the cluster.
| Fields | |
|---|---|
| default_container_runtime | Optional. The default container runtime to be configured in the cluster. | 
DefaultContainerRuntime
List of supported container runtimes.
| Enums | |
|---|---|
| DEFAULT_CONTAINER_RUNTIME_UNSPECIFIED | Container runtime not specified. | 
| RUNC | Use runc as the default container runtime in the cluster. | 
| GVISOR | Use gVisor as the default container runtime in the cluster. | 
ControlPlane
Configuration of the cluster control plane.
| Fields | |
|---|---|
| Union field  
 | |
| remote | Remote control plane configuration. | 
| local | Local control plane configuration. Warning: Local control plane clusters must be created in their own project. Local control plane clusters cannot coexist in the same project with any other type of clusters, including non-GDCE clusters. Mixing local control plane GDCE clusters with any other type of clusters in the same project can result in data loss. | 
Local
Configuration specific to clusters with a control plane hosted locally.
Warning: Local control plane clusters must be created in their own project. Local control plane clusters cannot coexist in the same project with any other type of clusters, including non-GDCE clusters. Mixing local control plane GDCE clusters with any other type of clusters in the same project can result in data loss.
| Fields | |
|---|---|
| node_location | 
 Name of the Google Distributed Cloud Edge zones where this node pool will be created. For example:  | 
| node_count | 
 The number of nodes to serve as replicas of the Control Plane. | 
| machine_filter | 
 Only machines matching this filter will be allowed to host control plane nodes. The filtering language accepts strings like "name= | 
| shared_deployment_policy | Policy configuration about how user applications are deployed. | 
| control_plane_node_storage_schema | 
 Optional. Name for the storage schema of control plane nodes. | 
Remote
This type has no fields.
Configuration specific to clusters with a control plane hosted remotely.
ControlPlaneEncryption
Configuration for Customer-managed KMS key support for control plane nodes.
| Fields | |
|---|---|
| kms_key | 
 Optional. The Cloud KMS CryptoKey e.g. projects/{project}/locations/{location}/keyRings/{keyRing}/cryptoKeys/{cryptoKey} to use for protecting control plane disks. If not specified, a Google-managed key will be used instead. | 
| kms_key_active_version | 
 Output only. The Cloud KMS CryptoKeyVersion currently in use for protecting control plane disks. Only applicable if kms_key is set. | 
| kms_key_state | Output only. Availability of the Cloud KMS CryptoKey. If not  | 
| kms_status | Output only. Error status returned by Cloud KMS when using this key. This field may be populated only if  | 
| resource_state | Output only. The current resource state associated with the cmek. | 
ExternalLoadBalancerPool
External load balancer pool with custom config such as name, manual/auto assign, non-overlapping ipv4 and optional ipv6 address range.
| Fields | |
|---|---|
| address_pool | 
 Optional. Name of the external load balancer pool. | 
| ipv4_range[] | 
 Required. Non-overlapping IPv4 address range of the external load balancer pool. | 
| ipv6_range[] | 
 Optional. Non-overlapping IPv6 address range of the external load balancer pool. | 
| avoid_buggy_ips | 
 Optional. If true, the pool omits IP addresses ending in .0 and .255. Some network hardware drops traffic to these special addresses. Its default value is false. | 
| manual_assign | 
 Optional. If true, addresses in this pool are not automatically assigned to Kubernetes Services. If true, an IP address in this pool is used only when it is specified explicitly by a service. Its default value is false. | 
GoogleGroupAuthenticationConfig
Google Group authentication config of the cluster. go/gdc-google-group-authentication
| Fields | |
|---|---|
| enable | 
 Optional. If true, the cluster will be configured to use Google Group authentication. | 
MaintenanceEvent
A Maintenance Event is an operation that could cause temporary disruptions to the cluster workloads, including Google-driven or user-initiated cluster upgrades, user-initiated cluster configuration changes that require restarting nodes, etc.
| Fields | |
|---|---|
| uuid | 
 Output only. UUID of the maintenance event. | 
| target_version | 
 Output only. The target version of the cluster. | 
| operation | 
 Output only. The operation for running the maintenance event. Specified in the format projects/*/locations/*/operations/*. If the maintenance event is split into multiple operations (e.g. due to maintenance windows), the latest one is recorded. | 
| type | Output only. The type of the maintenance event. | 
| schedule | Output only. The schedule of the maintenance event. | 
| state | Output only. The state of the maintenance event. | 
| create_time | Output only. The time when the maintenance event request was created. | 
| start_time | Output only. The time when the maintenance event started. | 
| end_time | Output only. The time when the maintenance event ended, either successfully or not. If the maintenance event is split into multiple maintenance windows, end_time is only updated when the whole flow ends. | 
| update_time | Output only. The time when the maintenance event message was updated. | 
Schedule
Indicates when the maintenance event should be performed.
| Enums | |
|---|---|
| SCHEDULE_UNSPECIFIED | Unspecified. | 
| IMMEDIATELY | Immediately after receiving the request. | 
State
Indicates the maintenance event state.
| Enums | |
|---|---|
| STATE_UNSPECIFIED | Unspecified. | 
| RECONCILING | The maintenance event is ongoing. The cluster might be unusable. | 
| SUCCEEDED | The maintenance event succeeded. | 
| FAILED | The maintenance event failed. | 
Type
Indicates the maintenance event type.
| Enums | |
|---|---|
| TYPE_UNSPECIFIED | Unspecified. | 
| USER_INITIATED_UPGRADE | Upgrade initiated by users. | 
| GOOGLE_DRIVEN_UPGRADE | Upgrade driven by Google. | 
ReleaseChannel
The release channel a cluster is subscribed to.
| Enums | |
|---|---|
| RELEASE_CHANNEL_UNSPECIFIED | Unspecified release channel. This will default to the REGULAR channel. | 
| NONE | No release channel. | 
| REGULAR | Regular release channel. | 
Status
Indicates the status of the cluster.
| Enums | |
|---|---|
| STATUS_UNSPECIFIED | Status unknown. | 
| PROVISIONING | The cluster is being created. | 
| RUNNING | The cluster is created and fully usable. | 
| DELETING | The cluster is being deleted. | 
| ERROR | The status indicates that some errors occurred while reconciling/deleting the cluster. | 
| RECONCILING | The cluster is undergoing some work such as version upgrades, etc. | 
SurvivabilityConfig
Configuration of the cluster survivability, e.g., for the case when network connectivity is lost.
| Fields | |
|---|---|
| offline_reboot_ttl | Optional. Time period that allows the cluster nodes to be rebooted and become functional without network connectivity to Google. The default 0 means not allowed. The maximum is 7 days. | 
SystemAddonsConfig
Config that customers are allowed to define for GDCE system add-ons.
| Fields | |
|---|---|
| ingress | Optional. Config for Ingress. | 
| vm_service_config | Optional. Config for VM Service. | 
Ingress
Config for the Ingress add-on which allows customers to create an Ingress object to manage external access to the servers in a cluster. The add-on consists of istiod and istio-ingress.
| Fields | |
|---|---|
| disabled | 
 Optional. Whether Ingress is disabled. | 
| ipv4_vip | 
 Optional. Ingress VIP. | 
VMServiceConfig
VMServiceConfig defines the configuration for GDCE VM Service.
| Fields | |
|---|---|
| vmm_enabled | 
 Optional. Whether VMM is enabled. | 
ZoneStorageEncryption
Configuration for Zone Storage CMEK Support
| Fields | |
|---|---|
| kms_key | 
 Optional. The Cloud KMS Key | 
| kms_key_active_version | 
 Output only. The Cloud KMS CryptoKeyVersion currently used for encryption/decryption | 
| resource_state | Output only. The current resource state of the CMEK | 
ClusterNetworking
Cluster-wide networking configuration.
| Fields | |
|---|---|
| cluster_ipv4_cidr_blocks[] | 
 Required. All pods in the cluster are assigned an RFC1918 IPv4 address from these blocks. Only a single block is supported. This field cannot be changed after creation. | 
| services_ipv4_cidr_blocks[] | 
 Required. All services in the cluster are assigned an RFC1918 IPv4 address from these blocks. Only a single block is supported. This field cannot be changed after creation. | 
ClusterUser
A user principal for an RBAC policy.
| Fields | |
|---|---|
| username | 
 Required. An active Google username. | 
ConfigData
Config data holds all the config related data for the zone.
| Fields | |
|---|---|
| available_external_lb_pools_ipv4[] | 
 list of available v4 ip pools for external loadbalancer | 
| available_external_lb_pools_ipv6[] | 
 list of available v6 ip pools for external loadbalancer | 
CreateClusterRequest
Creates a cluster.
| Fields | |
|---|---|
| parent | 
 Required. The parent location where this cluster will be created. Authorization requires the following IAM permission on the specified resource  
 | 
| cluster_id | 
 Required. A client-specified unique identifier for the cluster. | 
| cluster | Required. The cluster to create. | 
| request_id | 
 A unique identifier for this request. Restricted to 36 ASCII characters. A random UUID is recommended. This request is only idempotent if  | 
CreateIdentityProviderRequest
Request proto to configure the identity provider for an organization.
| Fields | |
|---|---|
| parent | 
 Required. The resource name of the identity provider to configure. e.g. organizations/{organization}/locations/{location} | 
| identity_provider_id | 
 Required. The identity provider id. | 
| identity_provider | Required. The identity provider to configure. | 
| request_id | 
 Optional. A unique identifier for this request. Restricted to 36 ASCII characters. A random UUID is recommended. This request is only idempotent if  | 
CreateNodePoolRequest
Creates a node pool.
| Fields | |
|---|---|
| parent | 
 Required. The parent cluster where this node pool will be created. Authorization requires the following IAM permission on the specified resource  
 | 
| node_pool_id | 
 Required. A client-specified unique identifier for the node pool. | 
| node_pool | Required. The node pool to create. | 
| request_id | 
 A unique identifier for this request. Restricted to 36 ASCII characters. A random UUID is recommended. This request is only idempotent if  | 
CreateServiceAccountRequest
Request proto to create a service account resource.
| Fields | |
|---|---|
| parent | 
 Required. The resource name of the identity provider to configure. e.g. project/{project}/locations/{location} | 
| service_account_id | 
 Required. The service account id. | 
| service_account | Required. The service account to configure. | 
| request_id | 
 Optional. A unique identifier for this request. Restricted to 36 ASCII characters. A random UUID is recommended. This request is only idempotent if  | 
CreateVpnConnectionRequest
Creates a VPN connection.
| Fields | |
|---|---|
| parent | 
 Required. The parent location where this vpn connection will be created. Authorization requires the following IAM permission on the specified resource  
 | 
| vpn_connection_id | 
 Required. The VPN connection identifier. | 
| vpn_connection | Required. The VPN connection to create. | 
| request_id | 
 A unique identifier for this request. Restricted to 36 ASCII characters. A random UUID is recommended. This request is only idempotent if  | 
DeleteClusterRequest
Deletes a cluster.
| Fields | |
|---|---|
| name | 
 Required. The resource name of the cluster. Authorization requires the following IAM permission on the specified resource  
 | 
| request_id | 
 A unique identifier for this request. Restricted to 36 ASCII characters. A random UUID is recommended. This request is only idempotent if  | 
DeleteIdentityProviderRequest
Request proto to delete the identity provider for an organization.
| Fields | |
|---|---|
| name | 
 Required. The resource name of the identity provider to delete. The name to be formatted as: organizations/{organization}/locations/{location}/identityProviders/{identity_provider} | 
| request_id | 
 Optional. A unique identifier for this request. Restricted to 36 ASCII characters. A random UUID is recommended. This request is only idempotent if  | 
| Union field target. The target of the identity provider.targetcan be only one of the following: | |
| zone_id | 
 The zone id of the target zone of the infra cluster for which the identity provider is to be deleted. | 
| cluster | 
 The fully qualified name of the target BMUC for which the identity provider is to be deleted. | 
DeleteNodePoolRequest
Deletes a node pool.
| Fields | |
|---|---|
| name | 
 Required. The resource name of the node pool. Authorization requires the following IAM permission on the specified resource  
 | 
| request_id | 
 A unique identifier for this request. Restricted to 36 ASCII characters. A random UUID is recommended. This request is only idempotent if  | 
DeleteServiceAccountRequest
Request proto to delete a project service account resource.
| Fields | |
|---|---|
| name | 
 Required. The canonical resource name of the project service account. E.g. projects/{project}/locations/{location}/serviceAccounts/{service_account} | 
DeleteVpnConnectionRequest
Deletes a vpn connection.
| Fields | |
|---|---|
| name | 
 Required. The resource name of the vpn connection. Authorization requires the following IAM permission on the specified resource  
 | 
| request_id | 
 A unique identifier for this request. Restricted to 36 ASCII characters. A random UUID is recommended. This request is only idempotent if  | 
EnableZonalProjectRequest
Enables a consumer project (corresponding to the cloud consumer project) on zone(s).
| Fields | |
|---|---|
| parent | 
 Required. The parent zone where the project will be created | 
| zonal_project_id | 
 Required. Specified project_id of the consumer project to be enabled. | 
| zonal_project | Required. The consumer project to be enabled. | 
| request_id | 
 Optional. A unique identifier for this request. Restricted to 36 ASCII characters. A random UUID is recommended. This request is only idempotent if  | 
EnableZonalProjectResponse
Response message for enabling a zonal project.
| Fields | |
|---|---|
| zonal_project | The enabled zonal project. | 
EnableZonalServiceRequest
Enable ZonalService Request. The API will configure access for the service producers on the cluster to create service resources.
| Fields | |
|---|---|
| parent | 
 Required. The parent location, which owns this collection of services. | 
| zonal_service_id | 
 Optional. Specified zonal_service_id. | 
| zonal_service | Required. The service to create. | 
| request_id | 
 Optional. Idempotent request UUID. | 
Fleet
Fleet related configuration.
Fleets are a Google Cloud concept for logically organizing clusters, letting you use and manage multi-cluster capabilities and apply consistent policies across your systems.
| Fields | |
|---|---|
| project | 
 Required. The name of the Fleet host project where this cluster will be registered. Project names are formatted as  | 
| membership | 
 Output only. The name of the managed Hub Membership resource associated to this cluster. Membership names are formatted as  | 
GenerateAccessTokenRequest
Generates an access token for a cluster.
| Fields | |
|---|---|
| cluster | 
 Required. The resource name of the cluster. Authorization requires the following IAM permission on the specified resource  
 | 
GenerateAccessTokenResponse
An access token for a cluster.
| Fields | |
|---|---|
| access_token | 
 Output only. Access token to authenticate to k8s api-server. | 
| expire_time | Output only. Timestamp at which the token will expire. | 
GenerateOfflineCredentialRequest
Generates an offline credential(offline) for a cluster.
| Fields | |
|---|---|
| cluster | 
 Required. The resource name of the cluster. Authorization requires the following IAM permission on the specified resource  
 | 
GenerateOfflineCredentialResponse
An offline credential for a cluster.
| Fields | |
|---|---|
| client_certificate | 
 Output only. Client certificate to authenticate to k8s api-server. | 
| client_key | 
 Output only. Client private key to authenticate to k8s api-server. | 
| user_id | 
 Output only. Client's identity. | 
| expire_time | Output only. Timestamp at which this credential will expire. | 
GenerateServiceAccountKeyRequest
Request proto for GenerateServiceAccountKey API.
| Fields | |
|---|---|
| name | 
 Required. The canonical resource name of the project service account. E.g. projects/{project}/locations/{location}/serviceAccounts/{service_account} | 
| ca_cert_path | 
 Optional. The CA cert path. | 
GenerateServiceAccountKeyResponse
Response proto for GenerateServiceAccountKey API.
| Fields | |
|---|---|
| type | 
 The credential type. | 
| project | 
 Output only. The project that the service account belongs to. | 
| private_key_id | 
 Output only. The private key id. | 
| private_key | 
 Output only. The private key. | 
| name | 
 Output only. The name of service identity. | 
| token_uri | 
 Output only. The token URI. | 
| format_version | 
 Output only. The format version. | 
| ca_cert_path | 
 Output only. The CA cert path. | 
GetClusterRequest
Gets a cluster.
| Fields | |
|---|---|
| name | 
 Required. The resource name of the cluster. Authorization requires the following IAM permission on the specified resource  
 | 
GetIamPolicyRequest
Request proto to get the iam policy associated with a project in a zone.
| Fields | |
|---|---|
| name | 
 Required. The canonical name of the zone from which the IamPolicy is to be fetched. E.g. projects/*/locations/*/zones/* | 
GetIdentityProviderRequest
Request proto to get the identity provider for an organization.
| Fields | |
|---|---|
| name | 
 Required. The canonical resource name of the identity provider. E.g. organizations/*/locations/*/identityProviders/* | 
| Union field target. The target from which the identity provider is fetched.targetcan be only one of the following: | |
| zone_id | 
 The zone id of the target zone for which the identity provider is configured. | 
| cluster | 
 The cluster name of the target BMUC for which the identity provider is configured. | 
GetMachineRequest
Gets a machine.
| Fields | |
|---|---|
| name | 
 Required. The resource name of the machine. Authorization requires the following IAM permission on the specified resource  
 | 
GetNodePoolRequest
Gets a node pool.
| Fields | |
|---|---|
| name | 
 Required. The resource name of the node pool. Authorization requires the following IAM permission on the specified resource  
 | 
GetServerConfigRequest
Gets the server config.
| Fields | |
|---|---|
| name | 
 Required. The name (project and location) of the server config to get, specified in the format  Authorization requires the following IAM permission on the specified resource  
 | 
GetServiceAccountRequest
Request proto to get a service account resource.
| Fields | |
|---|---|
| name | 
 Required. The canonical resource name of the project service account. E.g. projects/{project}/locations/{location}/serviceAccounts/{service_account} | 
GetVpnConnectionRequest
Gets a VPN connection.
| Fields | |
|---|---|
| name | 
 Required. The resource name of the vpn connection. Authorization requires the following IAM permission on the specified resource  
 | 
GetZonalProjectRequest
Gets a zonal project resource.
| Fields | |
|---|---|
| name | 
 Required. The canonical resource name of the zonal project. E.g. organizations/*/locations/*/zonalProjects/* | 
GetZonalServiceRequest
Get ZonalService Request.
| Fields | |
|---|---|
| name | 
 Required. The resource name of the service. | 
GetZoneRequest
Gets a zone.
| Fields | |
|---|---|
| name | 
 Required. The canonical resource name of the zone. E.g. organizations/*/locations/*/zone/* | 
IamPolicy
IamPolicy represents a IAM policy.
| Fields | |
|---|---|
| bindings[] | Optional. The policy is a list of bindings. | 
| etag | 
 Optional. The etag of the IAM policy. | 
Binding
Binding represents a role binding in the IAM policy.
| Fields | |
|---|---|
| role | 
 Required. The role in the IAM policy to bind the members to. | 
| members[] | Optional. The members to bind the role to. | 
Principal
Principal represents a principal in the IAM policy.
| Fields | |
|---|---|
| Union field identity. The principal to bind the role to.identitycan be only one of the following: | |
| user | 
 User represents a user in the IAM policy. | 
| service_account | 
 Service account represents a service account in the IAM policy. | 
IdentityProvider
Represents an identity provider resource which represents the identity provider configuration for the organization.
| Fields | |
|---|---|
| name | 
 Identifier. The canonical resource name of the identity provider. E.g. organizations/{organization}/locations/{location}/identityProviders/{identity_provider} | 
| create_time | Output only. The time when the identity provider was created. | 
| update_time | Output only. The time when the identity provider was last updated. | 
| delete_time | Output only. The time when the identity provider was deleted. | 
| labels | 
 Optional. Labels associated with this resource. | 
| Union field config. The configuration of the identity provider.configcan be only one of the following: | |
| oidc_config | The OIDC provider configuration. | 
| Union field target. The target of the identity provider.targetcan be only one of the following: | |
| zone_id | 
 The zone id of the target zone of the infra cluster for which the identity provider is to be configured. | 
| cluster | 
 The fully qualified name of the target BMUC for which the identity provider is to be configured. | 
KmsKeyState
Represents the accessibility state of a customer-managed KMS key used for CMEK integration.
| Enums | |
|---|---|
| KMS_KEY_STATE_UNSPECIFIED | Unspecified. | 
| KMS_KEY_STATE_KEY_AVAILABLE | The key is available for use, and dependent resources should be accessible. | 
| KMS_KEY_STATE_KEY_UNAVAILABLE | The key is unavailable for an unspecified reason. Dependent resources may be inaccessible. | 
ListClustersRequest
Lists clusters in a location.
| Fields | |
|---|---|
| parent | 
 Required. The parent location, which owns this collection of clusters. Authorization requires the following IAM permission on the specified resource  
 | 
| page_size | 
 The maximum number of resources to list. | 
| page_token | 
 A page token received from previous list request. A page token received from previous list request. | 
| filter | 
 Only resources matching this filter will be listed. | 
| order_by | 
 Specifies the order in which resources will be listed. | 
ListClustersResponse
List of clusters in a location.
| Fields | |
|---|---|
| clusters[] | Clusters in the location. | 
| next_page_token | 
 A token to retrieve next page of results. | 
| unreachable[] | 
 Locations that could not be reached. | 
ListIdentityProvidersRequest
Request proto to list the identity providers for an organization.
| Fields | |
|---|---|
| parent | 
 Required. The parent organization and region for the identity providers. | 
| page_size | 
 Optional. The maximum number of resources to list. | 
| page_token | 
 Optional. A page token received from previous list request. | 
| Union field target. The target of the identity provider.targetcan be only one of the following: | |
| zone_id | 
 The zone id of the target zone of the infra cluster for which the identity providers are to be listed. | 
| cluster | 
 The fully qualified name of the target BMUC for which the identity providers are to be listed. | 
ListIdentityProvidersResponse
Response proto to list the identity providers for an organization.
| Fields | |
|---|---|
| identity_providers[] | A list of identity providers matching the request. | 
| next_page_token | 
 A token to retrieve next page of results. | 
ListMachinesRequest
Lists machines in a site.
| Fields | |
|---|---|
| parent | 
 Required. The parent site, which owns this collection of machines. Authorization requires the following IAM permission on the specified resource  
 | 
| page_size | 
 The maximum number of resources to list. | 
| page_token | 
 A page token received from previous list request. | 
| filter | 
 Only resources matching this filter will be listed. | 
| order_by | 
 Specifies the order in which resources will be listed. | 
ListMachinesResponse
List of machines in a site.
| Fields | |
|---|---|
| machines[] | Machines in the site. | 
| next_page_token | 
 A token to retrieve next page of results. | 
| unreachable[] | 
 Locations that could not be reached. | 
ListNodePoolsRequest
Lists node pools in a cluster.
| Fields | |
|---|---|
| parent | 
 Required. The parent cluster, which owns this collection of node pools. Authorization requires the following IAM permission on the specified resource  
 | 
| page_size | 
 The maximum number of resources to list. | 
| page_token | 
 A page token received from previous list request. | 
| filter | 
 Only resources matching this filter will be listed. | 
| order_by | 
 Specifies the order in which resources will be listed. | 
ListNodePoolsResponse
List of node pools in a cluster.
| Fields | |
|---|---|
| node_pools[] | Node pools in the cluster. | 
| next_page_token | 
 A token to retrieve next page of results. | 
| unreachable[] | 
 Locations that could not be reached. | 
ListServiceAccountsRequest
List ServiceAccounts Request.
| Fields | |
|---|---|
| parent | 
 Required. The parent location, which owns this collection of project service accounts. | 
| page_size | 
 Optional. The maximum number of resources to list. | 
| page_token | 
 Optional. A page token received from previous list request. | 
| filter | 
 Optional. Only resources matching this filter will be listed. | 
| order_by | 
 Optional. Specifies the order in which resources will be listed. Order by fields for the result. | 
ListServiceAccountsResponse
List ServiceAccounts Response.
| Fields | |
|---|---|
| service_accounts[] | List of ServiceAccounts matching the request. | 
| next_page_token | 
 A token to retrieve next page of results. | 
| unreachable[] | 
 Locations that could not be reached. | 
ListVpnConnectionsRequest
Lists VPN connections.
| Fields | |
|---|---|
| parent | 
 Required. The parent location, which owns this collection of VPN connections. Authorization requires the following IAM permission on the specified resource  
 | 
| page_size | 
 The maximum number of resources to list. | 
| page_token | 
 A page token received from previous list request. | 
| filter | 
 Only resources matching this filter will be listed. | 
| order_by | 
 Specifies the order in which resources will be listed. | 
ListVpnConnectionsResponse
List of VPN connections in a location.
| Fields | |
|---|---|
| vpn_connections[] | VpnConnections in the location. | 
| next_page_token | 
 A token to retrieve next page of results. | 
| unreachable[] | 
 Locations that could not be reached. | 
ListZonalProjectsRequest
Lists consumer projects in an organization.
| Fields | |
|---|---|
| parent | 
 Required. The parent zone where the project will be created. | 
| page_size | 
 Optional. The maximum number of resources to list. | 
| page_token | 
 Optional. A page token received from previous list request. | 
| filter | 
 Optional. Only resources matching this filter will be listed. | 
| order_by | 
 Optional. Specifies the order in which resources will be listed. Order by fields for the result. | 
ListZonalProjectsResponse
List of consumer projects in a organization response.
| Fields | |
|---|---|
| zonal_projects[] | Clusters in the location. | 
| next_page_token | 
 A token to retrieve next page of results. | 
| unreachable[] | 
 zones that could not be reached. | 
ListZonalServicesRequest
List ZonalServices Request.
| Fields | |
|---|---|
| parent | 
 Required. The parent location, which owns this collection of services. | 
| page_size | 
 Optional. The maximum number of resources to list. | 
| page_token | 
 Optional. A page token received from previous list request. | 
| filter | 
 Optional. Only resources matching this filter will be listed. | 
| order_by | 
 Optional. Specifies the order in which resources will be listed. Order by fields for the result. | 
ListZonalServicesResponse
List ZonalServices Response.
| Fields | |
|---|---|
| zonal_services[] | ZonalServices in the location. | 
| next_page_token | 
 A token to retrieve next page of results. | 
| unreachable[] | 
 Locations that could not be reached. | 
ListZonesRequest
Lists zones on which the parent organization is enabled.
| Fields | |
|---|---|
| parent | 
 Required. The parent organization and location. | 
| page_size | 
 Optional. The maximum number of items to return. | 
| page_token | 
 Optional. The next_page_token value returned from a previous List request, if any. | 
| filter | 
 Optional. Only resources matching this filter will be listed. | 
| order_by | 
 Optional. Specifies the order in which resources will be listed. | 
ListZonesResponse
Response message for listing zones.
| Fields | |
|---|---|
| zones[] | A list of zones matching the request. | 
| next_page_token | 
 A token to retrieve next page of results. | 
| unreachable[] | 
 Locations that could not be reached. | 
LocationMetadata
Metadata for a given google.cloud.location.Location.
| Fields | |
|---|---|
| available_zones | 
 The set of available Google Distributed Cloud Edge zones in the location. The map is keyed by the lowercase ID of each zone. | 
Machine
A Google Distributed Cloud Edge machine capable of acting as a Kubernetes node.
| Fields | |
|---|---|
| name | 
 Required. The resource name of the machine. | 
| create_time | Output only. The time when the node pool was created. | 
| update_time | Output only. The time when the node pool was last updated. | 
| labels | 
 Labels associated with this resource. | 
| hosted_node | 
 Canonical resource name of the node that this machine is responsible for hosting e.g. projects/{project}/locations/{location}/clusters/{cluster_id}/nodePools/{pool_id}/{node}, Or empty if the machine is not assigned to assume the role of a node. For control plane nodes hosted on edge machines, this will return the following format: "projects/{project}/locations/{location}/clusters/{cluster_id}/controlPlaneNodes/{node}". | 
| zone | 
 The Google Distributed Cloud Edge zone of this machine. | 
| version | 
 Output only. The software version of the machine. | 
| disabled | 
 Output only. Whether the machine is disabled. If disabled, the machine is unable to enter service. | 
| status | Output only. The current status of the machine. | 
| purpose | The type of cluster the machine is used for. | 
Purpose
Machine purpose can be either VIRTUALIZED_WORKLOAD or BAREMETAL_CLUSTER.
| Enums | |
|---|---|
| PURPOSE_UNSPECIFIED | Unspecified purpose. | 
| VIRTUALIZED_WORKLOAD | Machine is used for virtual workload. | 
| BAREMETAL_CLUSTER | Machine is used for a baremetal user cluster. | 
Status
Indicates the status of the machine.
| Enums | |
|---|---|
| STATUS_UNSPECIFIED | Status unknown. | 
| READY | The machine is ready to host a node. This is the default. | 
| DISABLED_FOR_REPAIR | The machine has been disabled for repair by adding 1 or more disable claims. | 
MaintenanceExclusionWindow
Represents a maintenance exclusion window.
| Fields | |
|---|---|
| window | Optional. The time window. | 
| id | 
 Optional. A unique (per cluster) id for the window. | 
MaintenancePolicy
Maintenance policy configuration.
| Fields | |
|---|---|
| window | Specifies the maintenance window in which maintenance may be performed. | 
| maintenance_exclusions[] | Optional. Exclusions to automatic maintenance. Non-emergency maintenance should not occur in these windows. Each exclusion has a unique name and may be active or expired. The max number of maintenance exclusions allowed at a given time is 3. | 
MaintenanceWindow
Maintenance window configuration
| Fields | |
|---|---|
| recurring_window | Configuration of a recurring maintenance window. | 
NodePool
A set of Kubernetes nodes in a cluster with common configuration and specification.
| Fields | |
|---|---|
| name | 
 Required. The resource name of the node pool. | 
| create_time | Output only. The time when the node pool was created. | 
| update_time | Output only. The time when the node pool was last updated. | 
| labels | 
 Labels associated with this resource. | 
| node_location | 
 Name of the Google Distributed Cloud Edge zone where this node pool will be created. For example:  | 
| node_count | 
 Required. The number of nodes in the pool. | 
| machine_filter | 
 Only machines matching this filter will be allowed to join the node pool. The filtering language accepts strings like "name= | 
| local_disk_encryption | Optional. Local disk encryption options. This field is only used when enabling CMEK support. | 
| node_version | 
 Output only. The lowest release version among all worker nodes. | 
| node_config | Optional. Configuration for each node in the NodePool | 
LocalDiskEncryption
Configuration for CMEK support for edge machine local disk encryption.
| Fields | |
|---|---|
| kms_key | 
 Optional. The Cloud KMS CryptoKey e.g. projects/{project}/locations/{location}/keyRings/{keyRing}/cryptoKeys/{cryptoKey} to use for protecting node local disks. If not specified, a Google-managed key will be used instead. | 
| kms_key_active_version | 
 Output only. The Cloud KMS CryptoKeyVersion currently in use for protecting node local disks. Only applicable if kms_key is set. | 
| kms_key_state | Output only. Availability of the Cloud KMS CryptoKey. If not  | 
| kms_status | Output only. Error status returned by Cloud KMS when using this key. This field may be populated only if  | 
| resource_state | Output only. The current resource state associated with the cmek. | 
NodeConfig
Configuration for each node in the NodePool
| Fields | |
|---|---|
| labels | 
 Optional. The Kubernetes node labels | 
| node_storage_schema | 
 Optional. Name for the storage schema of worker nodes. | 
OIDCProviderConfig
Represents the OIDC provider configuration.
| Fields | |
|---|---|
| client_id | 
 Required. The client id of the identity provider. | 
| client_secret | 
 Optional. The client secret of the identity provider. | 
| issuer_uri | 
 Required. The issuer uri of the identity provider. | 
| scopes | 
 Required. The scopes of the identity provider. | 
| user_claim | 
 Optional. The user claim of the identity provider. | 
| cloud_console_redirect_uri | 
 Optional. CloudConsoleRedirectURI is the URI to redirect users going through the OAuth flow using cloud console. | 
| enable_access_token | 
 Optional. Flag that denotes if the access-token should be included in the request as part of the bearer token by  | 
| extra_params | 
 Optional. Comma-separated list of key-value pairs that will be query-encoded and sent with the authentication endpoint request. | 
| kubectl_redirect_uri | 
 Optional. KubectlRedirectURI is the URI to redirect users authenticating to an OIDC provider with the kubectl plugin. | 
OperationMetadata
Long-running operation metadata for Edge Container API methods.
| Fields | |
|---|---|
| create_time | The time the operation was created. | 
| end_time | The time the operation finished running. | 
| target | 
 Server-defined resource path for the target of the operation. | 
| verb | 
 The verb executed by the operation. | 
| status_message | 
 Human-readable status of the operation, if any. | 
| requested_cancellation | 
 Identifies whether the user has requested cancellation of the operation. Operations that have successfully been cancelled have [Operation.error][] value with a  | 
| api_version | 
 API version used to start the operation. | 
| warnings[] | 
 Warnings that do not block the operation, but still hold relevant information for the end user to receive. | 
| status_reason | Machine-readable status of the operation, if any. | 
StatusReason
Indicates the reason for the status of the operation.
| Enums | |
|---|---|
| STATUS_REASON_UNSPECIFIED | Reason unknown. | 
| UPGRADE_PAUSED | The cluster upgrade is currently paused. | 
| RETRYABLE_ERROR | The request has errored, but the error is retryable. | 
Quota
Represents quota for Edge Container resources.
| Fields | |
|---|---|
| metric | 
 Name of the quota metric. | 
| limit | 
 Quota limit for this metric. | 
| usage | 
 Current usage of this metric. | 
RecurringTimeWindow
Represents an arbitrary window of time that recurs.
| Fields | |
|---|---|
| window | The window of the first recurrence. | 
| recurrence | 
 An RRULE (https://tools.ietf.org/html/rfc5545#section-3.8.5.3) for how this window recurs. They go on for the span of time between the start and end time. | 
ResourceState
Represents if the resource is in lock down state or pending.
| Enums | |
|---|---|
| RESOURCE_STATE_UNSPECIFIED | Default value. | 
| RESOURCE_STATE_LOCK_DOWN | The resource is in LOCK DOWN state. | 
| RESOURCE_STATE_LOCK_DOWN_PENDING | The resource is pending lock down. | 
ServerConfig
Server configuration for supported versions and release channels.
| Fields | |
|---|---|
| channels | 
 Output only. Mapping from release channel to channel config. | 
| versions[] | Output only. Supported versions, e.g.: ["1.4.0", "1.5.0"]. | 
| default_version | 
 Output only. Default version, e.g.: "1.4.0". | 
| version_rollouts[] | Output only. Rollout information for the server config. | 
ServiceAccount
Represents the service account resource.
| Fields | |
|---|---|
| name | 
 Identifier. The canonical resource name of the project service account. E.g. projects/{project}/locations/{location}/serviceAccounts/{service_account} | 
| zone | 
 Required. The zone id of the zone on which the project service account has to be created. | 
| create_time | Output only. The time when the project service account was created. | 
| update_time | Output only. The time when the project service account was last updated. | 
| labels | 
 Optional. Labels associated with this resource. | 
SetIamPolicyRequest
Request proto to set the IAM policy for a project in a zone.
| Fields | |
|---|---|
| name | 
 Required. The canonical resource name of the zone. projects/{project}/locations/{location}/zones/{zone} | 
| policy | Required. The IAM policy to be set. | 
| request_id | 
 Optional. A unique identifier for this request. Restricted to 36 ASCII characters. A random UUID is recommended. This request is only idempotent if  | 
TimeWindow
Represents an arbitrary window of time.
| Fields | |
|---|---|
| start_time | The time that the window first starts. | 
| end_time | The time that the window ends. The end time must take place after the start time. | 
UpdateClusterRequest
Updates a cluster.
| Fields | |
|---|---|
| update_mask | Field mask is used to specify the fields to be overwritten in the Cluster resource by the update. The fields specified in the update_mask are relative to the resource, not the full request. A field will be overwritten if it is in the mask. If the user does not provide a mask then all fields will be overwritten. | 
| cluster | The updated cluster. Authorization requires the following IAM permission on the specified resource  
 | 
| request_id | 
 A unique identifier for this request. Restricted to 36 ASCII characters. A random UUID is recommended. This request is only idempotent if  | 
UpdateNodePoolRequest
Updates a node pool.
| Fields | |
|---|---|
| update_mask | Field mask is used to specify the fields to be overwritten in the NodePool resource by the update. The fields specified in the update_mask are relative to the resource, not the full request. A field will be overwritten if it is in the mask. If the user does not provide a mask then all fields will be overwritten. | 
| node_pool | The updated node pool. Authorization requires the following IAM permission on the specified resource  
 | 
| request_id | 
 A unique identifier for this request. Restricted to 36 ASCII characters. A random UUID is recommended. This request is only idempotent if  | 
UpgradeClusterRequest
Upgrades a cluster.
| Fields | |
|---|---|
| name | 
 Required. The resource name of the cluster. Authorization requires the following IAM permission on the specified resource  
 | 
| target_version | 
 Required. The version the cluster is going to be upgraded to. | 
| schedule | The schedule for the upgrade. | 
| request_id | 
 A unique identifier for this request. Restricted to 36 ASCII characters. A random UUID is recommended. This request is only idempotent if  | 
Schedule
Represents the schedule about when the cluster is going to be upgraded.
| Enums | |
|---|---|
| SCHEDULE_UNSPECIFIED | Unspecified. The default is to upgrade the cluster immediately which is the only option today. | 
| IMMEDIATELY | The cluster is going to be upgraded immediately after receiving the request. | 
Version
Version of a cluster.
| Fields | |
|---|---|
| name | 
 Output only. Name of the version, e.g.: "1.4.0". | 
VersionRollout
VersionRollout contains the Version rollout information.
| Fields | |
|---|---|
| version | 
 Output only. Semantic version, e.g.: "1.4.0". | 
| available_zones[] | 
 Output only. List of zones in which the version has been rolled out, e.g.: ["us-central1", "us-west1"]. | 
VpnConnection
A VPN connection .
| Fields | |
|---|---|
| name | 
 Required. The resource name of VPN connection | 
| create_time | Output only. The time when the VPN connection was created. | 
| update_time | Output only. The time when the VPN connection was last updated. | 
| labels | 
 Labels associated with this resource. | 
| nat_gateway_ip | 
 NAT gateway IP, or WAN IP address. If a customer has multiple NAT IPs, the customer needs to configure NAT such that only one external IP maps to the GMEC Anthos cluster. This is empty if NAT is not used. | 
| bgp_routing_mode | Dynamic routing mode of the VPC network,  | 
| cluster | 
 The canonical Cluster name to connect to. It is in the form of projects/{project}/locations/{location}/clusters/{cluster}. | 
| vpc | 
 The network ID of VPC to connect to. | 
| vpc_project | Optional. Project detail of the VPC network. Required if VPC is in a different project than the cluster project. | 
| enable_high_availability | 
 Whether this VPN connection has HA enabled on cluster side. If enabled, when creating VPN connection we will attempt to use 2 ANG floating IPs. | 
| router | 
 Optional. The VPN connection Cloud Router name. | 
| details | Output only. The created connection details. | 
BgpRoutingMode
Routing mode.
| Enums | |
|---|---|
| BGP_ROUTING_MODE_UNSPECIFIED | Unknown. | 
| REGIONAL | Regional mode. | 
| GLOBAL | Global mode. | 
Details
The created connection details.
| Fields | |
|---|---|
| state | The state of this connection. | 
| error | 
 The error message. This is only populated when state=ERROR. | 
| cloud_router | The Cloud Router info. | 
| cloud_vpns[] | Each connection has multiple Cloud VPN gateways. | 
CloudRouter
The Cloud Router info.
| Fields | |
|---|---|
| name | 
 The associated Cloud Router name. | 
CloudVpn
The Cloud VPN info.
| Fields | |
|---|---|
| gateway | 
 The created Cloud VPN gateway name. | 
State
The current connection state.
| Enums | |
|---|---|
| STATE_UNSPECIFIED | Unknown. | 
| STATE_CONNECTED | Connected. | 
| STATE_CONNECTING | Still connecting. | 
| STATE_ERROR | Error occurred. | 
VpcProject
Project detail of the VPC network.
| Fields | |
|---|---|
| project_id | 
 The project of the VPC to connect to. If not specified, it is the same as the cluster project. | 
| service_account | 
 Optional. Deprecated: do not use. | 
ZonalProject
Zonal project (corresponding to the cloud consumer project) which get enabled on Zone(s).
| Fields | |
|---|---|
| name | 
 Identifier. The resource name of the project. | 
| create_time | Output only. The time when the project was created. | 
| update_time | Output only. The time when the project was last updated. | 
| labels | 
 Optional. Labels associated with this resource. | 
| state | Output only. The state of the project on the zone. | 
State
The state of the project on the zone.
| Enums | |
|---|---|
| STATE_UNSPECIFIED | Unspecified. | 
| STATE_ON | The project is enabled on the zone. | 
| STATE_OFF | The project is disabled on the zone. | 
ZonalService
Service enabled on the project.
| Fields | |
|---|---|
| name | 
 Identifier. The resource name of the service. | 
| service_selector | Optional. The service to enable/disable. Only one of service_selector or service_name must be specified. | 
| state | Output only. The state of the service. | 
| create_time | Output only. The time when the service was enabled. | 
| update_time | Output only. The time when the service was last updated. | 
| labels | 
 Optional. Labels associated with this resource. | 
| Union field zone_or_cluster. The zone or cluster on which the service has to be enabled/disabled.zone_or_clustercan be only one of the following: | |
| zone | 
 The zone id of the zone on which the service has to be enabled/disabled. | 
| cluster | 
 The fully qualified name of the cluster on which the service has to be enabled/disabled. | 
| service_name | 
 Optional. The full service name, e.g.: alloydb.googleapis.com. Only one of service_selector or service_name must be specified. It will be used to enable/disable the service on the project. | 
ServiceSelector
Services that can be enabled/disabled.
| Enums | |
|---|---|
| SERVICE_SELECTOR_UNSPECIFIED | Unspecified. | 
| ALLOYDB | AlloyDB service, alloydb.googleapis.com. | 
| VMM | VMM service, gdcvmmanager.googleapis.com. | 
| BOOKSTORE | Bookstore service, bookstore.googleapis.com. | 
| VERTEX | Vertex service, aiplatform.googleapis.com. | 
| BOOKSTORE_AI | Bookstore.AI service, bookstore-ai.googleapis.com. | 
State
The state of the service.
| Enums | |
|---|---|
| STATE_UNSPECIFIED | Unspecified. | 
| STATE_ENABLED | The service is enabled on the project. | 
| STATE_DISABLED | The service is disabled on the project. | 
| STATE_ENABLING | The service is being enabled on the project. | 
| STATE_DISABLING | The service is being disabled on the project. | 
Zone
Represents a zone.
| Fields | |
|---|---|
| name | 
 Identifier. The canonical resource name of the zone. E.g. organizations/{organization}/locations/{location}/zones/{zone} | 
| create_time | Output only. The time when the zone was created. | 
| labels | 
 Optional. Labels associated with this resource. | 
| certificate_authorities[] | 
 Output only. The web CA certificate for the zone. | 
| dns_servers[] | Output only. The DNS servers for the zone. | 
| state | Output only. The state of the zone. | 
DNSServer
Represents a DNS server for the zone.
| Fields | |
|---|---|
| ip_address | 
 Output only. The IP address of the DNS server. | 
| tld | 
 Output only. The DNS server's top level domain. | 
State
The state of the zone.
| Enums | |
|---|---|
| STATE_UNSPECIFIED | Unspecified. | 
| STATE_RUNNING | The zone is in RUNNING state. | 
| STATE_ERROR | The zone is in ERROR state. | 
ZoneMetadata
A Google Distributed Cloud Edge zone where edge machines are located.
| Fields | |
|---|---|
| quota[] | Quota for resources in this zone. | 
| rack_types | 
 The map keyed by rack name and has value of RackType. | 
| config_data | Config data for the zone. | 
RackType
Type of the rack.
| Enums | |
|---|---|
| RACK_TYPE_UNSPECIFIED | Unspecified rack type, single rack also belongs to this type. | 
| BASE | Base rack type, a pair of two modified Config-1 racks containing Aggregation switches. | 
| EXPANSION | Expansion rack type, also known as standalone racks, added by customers on demand. |