From e38b3a10663641a0472e9dfbd3a346cbc0570bb1 Mon Sep 17 00:00:00 2001 From: "gcf-owl-bot[bot]" <78513119+gcf-owl-bot[bot]@users.noreply.github.com> Date: Wed, 18 Sep 2024 17:10:21 -0400 Subject: [PATCH] feat: An optional field `security_posture_config` in message `.google.cloud.gkemulticloud.v1.AttachedCluster` is added (#7675) feat: An optional field `kubelet_config` in message `.google.cloud.gkemulticloud.v1.AwsNodePool` is added PiperOrigin-RevId: 674451558 Source-Link: https://github.com/googleapis/googleapis/commit/31df26d0ff3193117fbf9d6dd25280dc3f8ca978 Source-Link: https://github.com/googleapis/googleapis-gen/commit/23e655713582360b568172348be5d883caa40efb Copy-Tag: eyJwIjoiR2tlTXVsdGlDbG91ZC8uT3dsQm90LnlhbWwiLCJoIjoiMjNlNjU1NzEzNTgyMzYwYjU2ODE3MjM0OGJlNWQ4ODNjYWE0MGVmYiJ9 --- .../metadata/V1/AttachedResources.php | Bin 3628 -> 3720 bytes GkeMultiCloud/metadata/V1/AwsResources.php | Bin 8270 -> 8349 bytes GkeMultiCloud/metadata/V1/CommonResources.php | Bin 2515 -> 3061 bytes .../import_attached_cluster.php | 2 +- GkeMultiCloud/src/V1/AttachedCluster.php | 44 +++ GkeMultiCloud/src/V1/AwsNodePool.php | 44 +++ GkeMultiCloud/src/V1/AwsProxyConfig.php | 8 +- GkeMultiCloud/src/V1/AzureProxyConfig.php | 8 +- .../src/V1/ImportAttachedClusterRequest.php | 8 +- GkeMultiCloud/src/V1/NodeKubeletConfig.php | 335 ++++++++++++++++++ .../src/V1/SecurityPostureConfig.php | 68 ++++ .../VulnerabilityMode.php | 63 ++++ .../src/V1/UpdateAttachedClusterRequest.php | 5 + 13 files changed, 572 insertions(+), 13 deletions(-) create mode 100644 GkeMultiCloud/src/V1/NodeKubeletConfig.php create mode 100644 GkeMultiCloud/src/V1/SecurityPostureConfig.php create mode 100644 GkeMultiCloud/src/V1/SecurityPostureConfig/VulnerabilityMode.php diff --git a/GkeMultiCloud/metadata/V1/AttachedResources.php b/GkeMultiCloud/metadata/V1/AttachedResources.php index 93800c00950918742b46d2b89b7b5ae293b3232f..343f0b9900896b4869828eda9fa6c99ba035ab24 100644 GIT binary patch delta 94 zcmZ1@(;>UzD-+9cF)p)--e!~anI|!wryP!yMVacXjDQD#YHd_jJ3Noi4P nd~$wXT4uV0lmep$w~@)@jV$t_!B8~;5GBrF6`R{Qmazf=6qF$% delta 32 ocmeB>T_dyMD-+9WQ7*HI-e!~anI|!Q;@*6i`2@@6=Nt=J0mx1aP5=M^ diff --git a/GkeMultiCloud/metadata/V1/AwsResources.php b/GkeMultiCloud/metadata/V1/AwsResources.php index 4163515796ab81495e740bfb47708ca138d7decf..c45c3fbfda31c3286709daf5a11ddcc17a5b6841 100644 GIT binary patch delta 69 zcmX@-FxPQ|95d4OAYvvG*rrVjM@Jk|6Thg{Wpu7`alV|n6S#8QKIkzb z@C91*2GPDJ2wJr7j#??TJ?D4+ALk|UnR*-v!V{XA!j(9E5MaD+>*T`k5reRzZ4KxU zox&WoJks}Ff=3GnyF}A%%a~xtb{Qs?)-#AMfebi~$l_Z8pd*O-j*m^v(uTz4m_hp! zN#MZN9H@kD0YGWE9Z>y&hsVA>Wtt@ZjHrNs$idwef@#v$kenUPuf@yLJCcmYHvRo?1;ST>~b<6BI{3@Jf z-vLavf`%xYG;ELYs+Q&TAiD7li?~{k8r;Pu?{{8QG+(~^*i29V&7E{tLp7esj$!Rau1*bC`s$4Qg18G MMpJFg?jz^m3wJH8D*ylh delta 25 hcmew=epz@!HWSl4zRkHz5zL#vv0Y)>yqn945dea*33C7d diff --git a/GkeMultiCloud/samples/V1/AttachedClustersClient/import_attached_cluster.php b/GkeMultiCloud/samples/V1/AttachedClustersClient/import_attached_cluster.php index 1bac2a21595f..76d9a1f94837 100644 --- a/GkeMultiCloud/samples/V1/AttachedClustersClient/import_attached_cluster.php +++ b/GkeMultiCloud/samples/V1/AttachedClustersClient/import_attached_cluster.php @@ -59,7 +59,7 @@ * [GetAttachedServerConfig][google.cloud.gkemulticloud.v1.AttachedClusters.GetAttachedServerConfig]. * @param string $distribution The Kubernetes distribution of the underlying attached cluster. * - * Supported values: ["eks", "aks"]. + * Supported values: ["eks", "aks", "generic"]. */ function import_attached_cluster_sample( string $formattedParent, diff --git a/GkeMultiCloud/src/V1/AttachedCluster.php b/GkeMultiCloud/src/V1/AttachedCluster.php index 75061e581c14..f86ea9844efa 100644 --- a/GkeMultiCloud/src/V1/AttachedCluster.php +++ b/GkeMultiCloud/src/V1/AttachedCluster.php @@ -168,6 +168,12 @@ class AttachedCluster extends \Google\Protobuf\Internal\Message * Generated from protobuf field .google.cloud.gkemulticloud.v1.BinaryAuthorization binary_authorization = 25 [(.google.api.field_behavior) = OPTIONAL]; */ protected $binary_authorization = null; + /** + * Optional. Security Posture configuration for this cluster. + * + * Generated from protobuf field .google.cloud.gkemulticloud.v1.SecurityPostureConfig security_posture_config = 26 [(.google.api.field_behavior) = OPTIONAL]; + */ + protected $security_posture_config = null; /** * Constructor. @@ -240,6 +246,8 @@ class AttachedCluster extends \Google\Protobuf\Internal\Message * Optional. Proxy configuration for outbound HTTP(S) traffic. * @type \Google\Cloud\GkeMultiCloud\V1\BinaryAuthorization $binary_authorization * Optional. Binary Authorization configuration for this cluster. + * @type \Google\Cloud\GkeMultiCloud\V1\SecurityPostureConfig $security_posture_config + * Optional. Security Posture configuration for this cluster. * } */ public function __construct($data = NULL) { @@ -961,5 +969,41 @@ public function setBinaryAuthorization($var) return $this; } + /** + * Optional. Security Posture configuration for this cluster. + * + * Generated from protobuf field .google.cloud.gkemulticloud.v1.SecurityPostureConfig security_posture_config = 26 [(.google.api.field_behavior) = OPTIONAL]; + * @return \Google\Cloud\GkeMultiCloud\V1\SecurityPostureConfig|null + */ + public function getSecurityPostureConfig() + { + return $this->security_posture_config; + } + + public function hasSecurityPostureConfig() + { + return isset($this->security_posture_config); + } + + public function clearSecurityPostureConfig() + { + unset($this->security_posture_config); + } + + /** + * Optional. Security Posture configuration for this cluster. + * + * Generated from protobuf field .google.cloud.gkemulticloud.v1.SecurityPostureConfig security_posture_config = 26 [(.google.api.field_behavior) = OPTIONAL]; + * @param \Google\Cloud\GkeMultiCloud\V1\SecurityPostureConfig $var + * @return $this + */ + public function setSecurityPostureConfig($var) + { + GPBUtil::checkMessage($var, \Google\Cloud\GkeMultiCloud\V1\SecurityPostureConfig::class); + $this->security_posture_config = $var; + + return $this; + } + } diff --git a/GkeMultiCloud/src/V1/AwsNodePool.php b/GkeMultiCloud/src/V1/AwsNodePool.php index e7187eca223d..7ece9f98386a 100644 --- a/GkeMultiCloud/src/V1/AwsNodePool.php +++ b/GkeMultiCloud/src/V1/AwsNodePool.php @@ -125,6 +125,12 @@ class AwsNodePool extends \Google\Protobuf\Internal\Message * Generated from protobuf field .google.cloud.gkemulticloud.v1.AwsNodeManagement management = 30 [(.google.api.field_behavior) = OPTIONAL]; */ protected $management = null; + /** + * Optional. Node kubelet configs. + * + * Generated from protobuf field .google.cloud.gkemulticloud.v1.NodeKubeletConfig kubelet_config = 31 [(.google.api.field_behavior) = OPTIONAL]; + */ + protected $kubelet_config = null; /** * Optional. Update settings control the speed and disruption of the update. * @@ -188,6 +194,8 @@ class AwsNodePool extends \Google\Protobuf\Internal\Message * Output only. A set of errors found in the node pool. * @type \Google\Cloud\GkeMultiCloud\V1\AwsNodeManagement $management * Optional. The Management configuration for this node pool. + * @type \Google\Cloud\GkeMultiCloud\V1\NodeKubeletConfig $kubelet_config + * Optional. Node kubelet configs. * @type \Google\Cloud\GkeMultiCloud\V1\UpdateSettings $update_settings * Optional. Update settings control the speed and disruption of the update. * } @@ -687,6 +695,42 @@ public function setManagement($var) return $this; } + /** + * Optional. Node kubelet configs. + * + * Generated from protobuf field .google.cloud.gkemulticloud.v1.NodeKubeletConfig kubelet_config = 31 [(.google.api.field_behavior) = OPTIONAL]; + * @return \Google\Cloud\GkeMultiCloud\V1\NodeKubeletConfig|null + */ + public function getKubeletConfig() + { + return $this->kubelet_config; + } + + public function hasKubeletConfig() + { + return isset($this->kubelet_config); + } + + public function clearKubeletConfig() + { + unset($this->kubelet_config); + } + + /** + * Optional. Node kubelet configs. + * + * Generated from protobuf field .google.cloud.gkemulticloud.v1.NodeKubeletConfig kubelet_config = 31 [(.google.api.field_behavior) = OPTIONAL]; + * @param \Google\Cloud\GkeMultiCloud\V1\NodeKubeletConfig $var + * @return $this + */ + public function setKubeletConfig($var) + { + GPBUtil::checkMessage($var, \Google\Cloud\GkeMultiCloud\V1\NodeKubeletConfig::class); + $this->kubelet_config = $var; + + return $this; + } + /** * Optional. Update settings control the speed and disruption of the update. * diff --git a/GkeMultiCloud/src/V1/AwsProxyConfig.php b/GkeMultiCloud/src/V1/AwsProxyConfig.php index 2e5856c7b329..25712e08c4ae 100644 --- a/GkeMultiCloud/src/V1/AwsProxyConfig.php +++ b/GkeMultiCloud/src/V1/AwsProxyConfig.php @@ -20,7 +20,7 @@ class AwsProxyConfig extends \Google\Protobuf\Internal\Message * configuration. * The secret must be a JSON encoded proxy configuration * as described in - * https://cloud.google.com/anthos/clusters/docs/multi-cloud/aws/how-to/use-a-proxy#create_a_proxy_configuration_file + * https://cloud.google.com/kubernetes-engine/multi-cloud/docs/aws/how-to/use-a-proxy#create_a_proxy_configuration_file * * Generated from protobuf field string secret_arn = 1; */ @@ -44,7 +44,7 @@ class AwsProxyConfig extends \Google\Protobuf\Internal\Message * configuration. * The secret must be a JSON encoded proxy configuration * as described in - * https://cloud.google.com/anthos/clusters/docs/multi-cloud/aws/how-to/use-a-proxy#create_a_proxy_configuration_file + * https://cloud.google.com/kubernetes-engine/multi-cloud/docs/aws/how-to/use-a-proxy#create_a_proxy_configuration_file * @type string $secret_version * The version string of the AWS Secret Manager secret that contains the * HTTP(S) proxy configuration. @@ -60,7 +60,7 @@ public function __construct($data = NULL) { * configuration. * The secret must be a JSON encoded proxy configuration * as described in - * https://cloud.google.com/anthos/clusters/docs/multi-cloud/aws/how-to/use-a-proxy#create_a_proxy_configuration_file + * https://cloud.google.com/kubernetes-engine/multi-cloud/docs/aws/how-to/use-a-proxy#create_a_proxy_configuration_file * * Generated from protobuf field string secret_arn = 1; * @return string @@ -75,7 +75,7 @@ public function getSecretArn() * configuration. * The secret must be a JSON encoded proxy configuration * as described in - * https://cloud.google.com/anthos/clusters/docs/multi-cloud/aws/how-to/use-a-proxy#create_a_proxy_configuration_file + * https://cloud.google.com/kubernetes-engine/multi-cloud/docs/aws/how-to/use-a-proxy#create_a_proxy_configuration_file * * Generated from protobuf field string secret_arn = 1; * @param string $var diff --git a/GkeMultiCloud/src/V1/AzureProxyConfig.php b/GkeMultiCloud/src/V1/AzureProxyConfig.php index 15d6eae15612..18b6b84acf57 100644 --- a/GkeMultiCloud/src/V1/AzureProxyConfig.php +++ b/GkeMultiCloud/src/V1/AzureProxyConfig.php @@ -27,7 +27,7 @@ class AzureProxyConfig extends \Google\Protobuf\Internal\Message * The URL the of the proxy setting secret with its version. * The secret must be a JSON encoded proxy configuration * as described in - * https://cloud.google.com/anthos/clusters/docs/multi-cloud/azure/how-to/use-a-proxy#create_a_proxy_configuration_file + * https://cloud.google.com/kubernetes-engine/multi-cloud/docs/azure/how-to/use-a-proxy#create_a_proxy_configuration_file * Secret ids are formatted as * `https://.vault.azure.net/secrets//`. * @@ -49,7 +49,7 @@ class AzureProxyConfig extends \Google\Protobuf\Internal\Message * The URL the of the proxy setting secret with its version. * The secret must be a JSON encoded proxy configuration * as described in - * https://cloud.google.com/anthos/clusters/docs/multi-cloud/azure/how-to/use-a-proxy#create_a_proxy_configuration_file + * https://cloud.google.com/kubernetes-engine/multi-cloud/docs/azure/how-to/use-a-proxy#create_a_proxy_configuration_file * Secret ids are formatted as * `https://.vault.azure.net/secrets//`. * } @@ -93,7 +93,7 @@ public function setResourceGroupId($var) * The URL the of the proxy setting secret with its version. * The secret must be a JSON encoded proxy configuration * as described in - * https://cloud.google.com/anthos/clusters/docs/multi-cloud/azure/how-to/use-a-proxy#create_a_proxy_configuration_file + * https://cloud.google.com/kubernetes-engine/multi-cloud/docs/azure/how-to/use-a-proxy#create_a_proxy_configuration_file * Secret ids are formatted as * `https://.vault.azure.net/secrets//`. * @@ -109,7 +109,7 @@ public function getSecretId() * The URL the of the proxy setting secret with its version. * The secret must be a JSON encoded proxy configuration * as described in - * https://cloud.google.com/anthos/clusters/docs/multi-cloud/azure/how-to/use-a-proxy#create_a_proxy_configuration_file + * https://cloud.google.com/kubernetes-engine/multi-cloud/docs/azure/how-to/use-a-proxy#create_a_proxy_configuration_file * Secret ids are formatted as * `https://.vault.azure.net/secrets//`. * diff --git a/GkeMultiCloud/src/V1/ImportAttachedClusterRequest.php b/GkeMultiCloud/src/V1/ImportAttachedClusterRequest.php index 2402fd36bcbb..58f15ee6285f 100644 --- a/GkeMultiCloud/src/V1/ImportAttachedClusterRequest.php +++ b/GkeMultiCloud/src/V1/ImportAttachedClusterRequest.php @@ -49,7 +49,7 @@ class ImportAttachedClusterRequest extends \Google\Protobuf\Internal\Message protected $platform_version = ''; /** * Required. The Kubernetes distribution of the underlying attached cluster. - * Supported values: ["eks", "aks"]. + * Supported values: ["eks", "aks", "generic"]. * * Generated from protobuf field string distribution = 5 [(.google.api.field_behavior) = REQUIRED]; */ @@ -108,7 +108,7 @@ public static function build(string $parent, string $fleetMembership): self * [GetAttachedServerConfig][google.cloud.gkemulticloud.v1.AttachedClusters.GetAttachedServerConfig]. * @type string $distribution * Required. The Kubernetes distribution of the underlying attached cluster. - * Supported values: ["eks", "aks"]. + * Supported values: ["eks", "aks", "generic"]. * @type \Google\Cloud\GkeMultiCloud\V1\AttachedProxyConfig $proxy_config * Optional. Proxy configuration for outbound HTTP(S) traffic. * } @@ -240,7 +240,7 @@ public function setPlatformVersion($var) /** * Required. The Kubernetes distribution of the underlying attached cluster. - * Supported values: ["eks", "aks"]. + * Supported values: ["eks", "aks", "generic"]. * * Generated from protobuf field string distribution = 5 [(.google.api.field_behavior) = REQUIRED]; * @return string @@ -252,7 +252,7 @@ public function getDistribution() /** * Required. The Kubernetes distribution of the underlying attached cluster. - * Supported values: ["eks", "aks"]. + * Supported values: ["eks", "aks", "generic"]. * * Generated from protobuf field string distribution = 5 [(.google.api.field_behavior) = REQUIRED]; * @param string $var diff --git a/GkeMultiCloud/src/V1/NodeKubeletConfig.php b/GkeMultiCloud/src/V1/NodeKubeletConfig.php new file mode 100644 index 000000000000..12e9c4b56475 --- /dev/null +++ b/GkeMultiCloud/src/V1/NodeKubeletConfig.php @@ -0,0 +1,335 @@ +google.cloud.gkemulticloud.v1.NodeKubeletConfig + */ +class NodeKubeletConfig extends \Google\Protobuf\Internal\Message +{ + /** + * Optional. Enable the insecure kubelet read only port. + * + * Generated from protobuf field bool insecure_kubelet_readonly_port_enabled = 1 [(.google.api.field_behavior) = OPTIONAL]; + */ + protected $insecure_kubelet_readonly_port_enabled = false; + /** + * Optional. Control the CPU management policy on the node. + * See + * https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/ + * The following values are allowed. + * * "none": the default, which represents the existing scheduling behavior. + * * "static": allows pods with certain resource characteristics to be granted + * increased CPU affinity and exclusivity on the node. + * The default value is 'none' if unspecified. + * + * Generated from protobuf field optional string cpu_manager_policy = 2 [(.google.api.field_behavior) = OPTIONAL]; + */ + protected $cpu_manager_policy = null; + /** + * Optional. Enable CPU CFS quota enforcement for containers that specify CPU + * limits. + * This option is enabled by default which makes kubelet use CFS quota + * (https://www.kernel.org/doc/Documentation/scheduler/sched-bwc.txt) to + * enforce container CPU limits. Otherwise, CPU limits will not be enforced at + * all. + * Disable this option to mitigate CPU throttling problems while still having + * your pods to be in Guaranteed QoS class by specifying the CPU limits. + * The default value is 'true' if unspecified. + * + * Generated from protobuf field optional bool cpu_cfs_quota = 3 [(.google.api.field_behavior) = OPTIONAL]; + */ + protected $cpu_cfs_quota = null; + /** + * Optional. Set the CPU CFS quota period value 'cpu.cfs_period_us'. + * The string must be a sequence of decimal numbers, each with optional + * fraction and a unit suffix, such as "300ms". + * Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h". + * The value must be a positive duration. + * The default value is '100ms' if unspecified. + * + * Generated from protobuf field optional string cpu_cfs_quota_period = 4 [(.google.api.field_behavior) = OPTIONAL]; + */ + protected $cpu_cfs_quota_period = null; + /** + * Optional. Set the Pod PID limits. See + * https://kubernetes.io/docs/concepts/policy/pid-limiting/#pod-pid-limits + * Controls the maximum number of processes allowed to run in a pod. The value + * must be greater than or equal to 1024 and less than 4194304. + * + * Generated from protobuf field optional int64 pod_pids_limit = 5 [(.google.api.field_behavior) = OPTIONAL]; + */ + protected $pod_pids_limit = null; + + /** + * Constructor. + * + * @param array $data { + * Optional. Data for populating the Message object. + * + * @type bool $insecure_kubelet_readonly_port_enabled + * Optional. Enable the insecure kubelet read only port. + * @type string $cpu_manager_policy + * Optional. Control the CPU management policy on the node. + * See + * https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/ + * The following values are allowed. + * * "none": the default, which represents the existing scheduling behavior. + * * "static": allows pods with certain resource characteristics to be granted + * increased CPU affinity and exclusivity on the node. + * The default value is 'none' if unspecified. + * @type bool $cpu_cfs_quota + * Optional. Enable CPU CFS quota enforcement for containers that specify CPU + * limits. + * This option is enabled by default which makes kubelet use CFS quota + * (https://www.kernel.org/doc/Documentation/scheduler/sched-bwc.txt) to + * enforce container CPU limits. Otherwise, CPU limits will not be enforced at + * all. + * Disable this option to mitigate CPU throttling problems while still having + * your pods to be in Guaranteed QoS class by specifying the CPU limits. + * The default value is 'true' if unspecified. + * @type string $cpu_cfs_quota_period + * Optional. Set the CPU CFS quota period value 'cpu.cfs_period_us'. + * The string must be a sequence of decimal numbers, each with optional + * fraction and a unit suffix, such as "300ms". + * Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h". + * The value must be a positive duration. + * The default value is '100ms' if unspecified. + * @type int|string $pod_pids_limit + * Optional. Set the Pod PID limits. See + * https://kubernetes.io/docs/concepts/policy/pid-limiting/#pod-pid-limits + * Controls the maximum number of processes allowed to run in a pod. The value + * must be greater than or equal to 1024 and less than 4194304. + * } + */ + public function __construct($data = NULL) { + \GPBMetadata\Google\Cloud\Gkemulticloud\V1\CommonResources::initOnce(); + parent::__construct($data); + } + + /** + * Optional. Enable the insecure kubelet read only port. + * + * Generated from protobuf field bool insecure_kubelet_readonly_port_enabled = 1 [(.google.api.field_behavior) = OPTIONAL]; + * @return bool + */ + public function getInsecureKubeletReadonlyPortEnabled() + { + return $this->insecure_kubelet_readonly_port_enabled; + } + + /** + * Optional. Enable the insecure kubelet read only port. + * + * Generated from protobuf field bool insecure_kubelet_readonly_port_enabled = 1 [(.google.api.field_behavior) = OPTIONAL]; + * @param bool $var + * @return $this + */ + public function setInsecureKubeletReadonlyPortEnabled($var) + { + GPBUtil::checkBool($var); + $this->insecure_kubelet_readonly_port_enabled = $var; + + return $this; + } + + /** + * Optional. Control the CPU management policy on the node. + * See + * https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/ + * The following values are allowed. + * * "none": the default, which represents the existing scheduling behavior. + * * "static": allows pods with certain resource characteristics to be granted + * increased CPU affinity and exclusivity on the node. + * The default value is 'none' if unspecified. + * + * Generated from protobuf field optional string cpu_manager_policy = 2 [(.google.api.field_behavior) = OPTIONAL]; + * @return string + */ + public function getCpuManagerPolicy() + { + return isset($this->cpu_manager_policy) ? $this->cpu_manager_policy : ''; + } + + public function hasCpuManagerPolicy() + { + return isset($this->cpu_manager_policy); + } + + public function clearCpuManagerPolicy() + { + unset($this->cpu_manager_policy); + } + + /** + * Optional. Control the CPU management policy on the node. + * See + * https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/ + * The following values are allowed. + * * "none": the default, which represents the existing scheduling behavior. + * * "static": allows pods with certain resource characteristics to be granted + * increased CPU affinity and exclusivity on the node. + * The default value is 'none' if unspecified. + * + * Generated from protobuf field optional string cpu_manager_policy = 2 [(.google.api.field_behavior) = OPTIONAL]; + * @param string $var + * @return $this + */ + public function setCpuManagerPolicy($var) + { + GPBUtil::checkString($var, True); + $this->cpu_manager_policy = $var; + + return $this; + } + + /** + * Optional. Enable CPU CFS quota enforcement for containers that specify CPU + * limits. + * This option is enabled by default which makes kubelet use CFS quota + * (https://www.kernel.org/doc/Documentation/scheduler/sched-bwc.txt) to + * enforce container CPU limits. Otherwise, CPU limits will not be enforced at + * all. + * Disable this option to mitigate CPU throttling problems while still having + * your pods to be in Guaranteed QoS class by specifying the CPU limits. + * The default value is 'true' if unspecified. + * + * Generated from protobuf field optional bool cpu_cfs_quota = 3 [(.google.api.field_behavior) = OPTIONAL]; + * @return bool + */ + public function getCpuCfsQuota() + { + return isset($this->cpu_cfs_quota) ? $this->cpu_cfs_quota : false; + } + + public function hasCpuCfsQuota() + { + return isset($this->cpu_cfs_quota); + } + + public function clearCpuCfsQuota() + { + unset($this->cpu_cfs_quota); + } + + /** + * Optional. Enable CPU CFS quota enforcement for containers that specify CPU + * limits. + * This option is enabled by default which makes kubelet use CFS quota + * (https://www.kernel.org/doc/Documentation/scheduler/sched-bwc.txt) to + * enforce container CPU limits. Otherwise, CPU limits will not be enforced at + * all. + * Disable this option to mitigate CPU throttling problems while still having + * your pods to be in Guaranteed QoS class by specifying the CPU limits. + * The default value is 'true' if unspecified. + * + * Generated from protobuf field optional bool cpu_cfs_quota = 3 [(.google.api.field_behavior) = OPTIONAL]; + * @param bool $var + * @return $this + */ + public function setCpuCfsQuota($var) + { + GPBUtil::checkBool($var); + $this->cpu_cfs_quota = $var; + + return $this; + } + + /** + * Optional. Set the CPU CFS quota period value 'cpu.cfs_period_us'. + * The string must be a sequence of decimal numbers, each with optional + * fraction and a unit suffix, such as "300ms". + * Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h". + * The value must be a positive duration. + * The default value is '100ms' if unspecified. + * + * Generated from protobuf field optional string cpu_cfs_quota_period = 4 [(.google.api.field_behavior) = OPTIONAL]; + * @return string + */ + public function getCpuCfsQuotaPeriod() + { + return isset($this->cpu_cfs_quota_period) ? $this->cpu_cfs_quota_period : ''; + } + + public function hasCpuCfsQuotaPeriod() + { + return isset($this->cpu_cfs_quota_period); + } + + public function clearCpuCfsQuotaPeriod() + { + unset($this->cpu_cfs_quota_period); + } + + /** + * Optional. Set the CPU CFS quota period value 'cpu.cfs_period_us'. + * The string must be a sequence of decimal numbers, each with optional + * fraction and a unit suffix, such as "300ms". + * Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h". + * The value must be a positive duration. + * The default value is '100ms' if unspecified. + * + * Generated from protobuf field optional string cpu_cfs_quota_period = 4 [(.google.api.field_behavior) = OPTIONAL]; + * @param string $var + * @return $this + */ + public function setCpuCfsQuotaPeriod($var) + { + GPBUtil::checkString($var, True); + $this->cpu_cfs_quota_period = $var; + + return $this; + } + + /** + * Optional. Set the Pod PID limits. See + * https://kubernetes.io/docs/concepts/policy/pid-limiting/#pod-pid-limits + * Controls the maximum number of processes allowed to run in a pod. The value + * must be greater than or equal to 1024 and less than 4194304. + * + * Generated from protobuf field optional int64 pod_pids_limit = 5 [(.google.api.field_behavior) = OPTIONAL]; + * @return int|string + */ + public function getPodPidsLimit() + { + return isset($this->pod_pids_limit) ? $this->pod_pids_limit : 0; + } + + public function hasPodPidsLimit() + { + return isset($this->pod_pids_limit); + } + + public function clearPodPidsLimit() + { + unset($this->pod_pids_limit); + } + + /** + * Optional. Set the Pod PID limits. See + * https://kubernetes.io/docs/concepts/policy/pid-limiting/#pod-pid-limits + * Controls the maximum number of processes allowed to run in a pod. The value + * must be greater than or equal to 1024 and less than 4194304. + * + * Generated from protobuf field optional int64 pod_pids_limit = 5 [(.google.api.field_behavior) = OPTIONAL]; + * @param int|string $var + * @return $this + */ + public function setPodPidsLimit($var) + { + GPBUtil::checkInt64($var); + $this->pod_pids_limit = $var; + + return $this; + } + +} + diff --git a/GkeMultiCloud/src/V1/SecurityPostureConfig.php b/GkeMultiCloud/src/V1/SecurityPostureConfig.php new file mode 100644 index 000000000000..58591f498820 --- /dev/null +++ b/GkeMultiCloud/src/V1/SecurityPostureConfig.php @@ -0,0 +1,68 @@ +google.cloud.gkemulticloud.v1.SecurityPostureConfig + */ +class SecurityPostureConfig extends \Google\Protobuf\Internal\Message +{ + /** + * Sets which mode to use for vulnerability scanning. + * + * Generated from protobuf field .google.cloud.gkemulticloud.v1.SecurityPostureConfig.VulnerabilityMode vulnerability_mode = 1; + */ + protected $vulnerability_mode = 0; + + /** + * Constructor. + * + * @param array $data { + * Optional. Data for populating the Message object. + * + * @type int $vulnerability_mode + * Sets which mode to use for vulnerability scanning. + * } + */ + public function __construct($data = NULL) { + \GPBMetadata\Google\Cloud\Gkemulticloud\V1\CommonResources::initOnce(); + parent::__construct($data); + } + + /** + * Sets which mode to use for vulnerability scanning. + * + * Generated from protobuf field .google.cloud.gkemulticloud.v1.SecurityPostureConfig.VulnerabilityMode vulnerability_mode = 1; + * @return int + */ + public function getVulnerabilityMode() + { + return $this->vulnerability_mode; + } + + /** + * Sets which mode to use for vulnerability scanning. + * + * Generated from protobuf field .google.cloud.gkemulticloud.v1.SecurityPostureConfig.VulnerabilityMode vulnerability_mode = 1; + * @param int $var + * @return $this + */ + public function setVulnerabilityMode($var) + { + GPBUtil::checkEnum($var, \Google\Cloud\GkeMultiCloud\V1\SecurityPostureConfig\VulnerabilityMode::class); + $this->vulnerability_mode = $var; + + return $this; + } + +} + diff --git a/GkeMultiCloud/src/V1/SecurityPostureConfig/VulnerabilityMode.php b/GkeMultiCloud/src/V1/SecurityPostureConfig/VulnerabilityMode.php new file mode 100644 index 000000000000..813ceaf5ab9f --- /dev/null +++ b/GkeMultiCloud/src/V1/SecurityPostureConfig/VulnerabilityMode.php @@ -0,0 +1,63 @@ +google.cloud.gkemulticloud.v1.SecurityPostureConfig.VulnerabilityMode + */ +class VulnerabilityMode +{ + /** + * Default value not specified. + * + * Generated from protobuf enum VULNERABILITY_MODE_UNSPECIFIED = 0; + */ + const VULNERABILITY_MODE_UNSPECIFIED = 0; + /** + * Disables vulnerability scanning on the cluster. + * + * Generated from protobuf enum VULNERABILITY_DISABLED = 1; + */ + const VULNERABILITY_DISABLED = 1; + /** + * Applies the Security Posture's vulnerability on cluster Enterprise level + * features. + * + * Generated from protobuf enum VULNERABILITY_ENTERPRISE = 2; + */ + const VULNERABILITY_ENTERPRISE = 2; + + private static $valueToName = [ + self::VULNERABILITY_MODE_UNSPECIFIED => 'VULNERABILITY_MODE_UNSPECIFIED', + self::VULNERABILITY_DISABLED => 'VULNERABILITY_DISABLED', + self::VULNERABILITY_ENTERPRISE => 'VULNERABILITY_ENTERPRISE', + ]; + + public static function name($value) + { + if (!isset(self::$valueToName[$value])) { + throw new UnexpectedValueException(sprintf( + 'Enum %s has no name defined for value %s', __CLASS__, $value)); + } + return self::$valueToName[$value]; + } + + + public static function value($name) + { + $const = __CLASS__ . '::' . strtoupper($name); + if (!defined($const)) { + throw new UnexpectedValueException(sprintf( + 'Enum %s has no value defined for name %s', __CLASS__, $name)); + } + return constant($const); + } +} + + diff --git a/GkeMultiCloud/src/V1/UpdateAttachedClusterRequest.php b/GkeMultiCloud/src/V1/UpdateAttachedClusterRequest.php index a45ece2a28f9..8464aba0b296 100644 --- a/GkeMultiCloud/src/V1/UpdateAttachedClusterRequest.php +++ b/GkeMultiCloud/src/V1/UpdateAttachedClusterRequest.php @@ -44,6 +44,7 @@ class UpdateAttachedClusterRequest extends \Google\Protobuf\Internal\Message * * `platform_version`. * * `proxy_config.kubernetes_secret.name`. * * `proxy_config.kubernetes_secret.namespace`. + * * `security_posture_config.vulnerability_mode` * * Generated from protobuf field .google.protobuf.FieldMask update_mask = 3 [(.google.api.field_behavior) = REQUIRED]; */ @@ -68,6 +69,7 @@ class UpdateAttachedClusterRequest extends \Google\Protobuf\Internal\Message * * `platform_version`. * * `proxy_config.kubernetes_secret.name`. * * `proxy_config.kubernetes_secret.namespace`. + * * `security_posture_config.vulnerability_mode` * * @return \Google\Cloud\GkeMultiCloud\V1\UpdateAttachedClusterRequest * @@ -107,6 +109,7 @@ public static function build(\Google\Cloud\GkeMultiCloud\V1\AttachedCluster $att * * `platform_version`. * * `proxy_config.kubernetes_secret.name`. * * `proxy_config.kubernetes_secret.namespace`. + * * `security_posture_config.vulnerability_mode` * } */ public function __construct($data = NULL) { @@ -195,6 +198,7 @@ public function setValidateOnly($var) * * `platform_version`. * * `proxy_config.kubernetes_secret.name`. * * `proxy_config.kubernetes_secret.namespace`. + * * `security_posture_config.vulnerability_mode` * * Generated from protobuf field .google.protobuf.FieldMask update_mask = 3 [(.google.api.field_behavior) = REQUIRED]; * @return \Google\Protobuf\FieldMask|null @@ -229,6 +233,7 @@ public function clearUpdateMask() * * `platform_version`. * * `proxy_config.kubernetes_secret.name`. * * `proxy_config.kubernetes_secret.namespace`. + * * `security_posture_config.vulnerability_mode` * * Generated from protobuf field .google.protobuf.FieldMask update_mask = 3 [(.google.api.field_behavior) = REQUIRED]; * @param \Google\Protobuf\FieldMask $var