public/terraform-provider-google
0
0
Fork 0
mirror of https://github.com/letic/terraform-provider-google.git synced 2024-07-01 07:42:40 +00:00
Code Issues Projects Releases Wiki Activity

Add support for binary authorization in GKE (#1884)

Browse Source 
* revendor container/v1beta1

* add support for binauthz in gke

* update description
This commit is contained in:
Dana Hoffman 2018-08-16 17:51:03 -07:00 committed by GitHub
parent 92afc9c938
commit d1bf585724
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 487 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
google/resource_container_cluster.go
View File

@ -196,6 +196,12 @@ func resourceContainerCluster() *schema.Resource {
ForceNew: true,
},
"enable_binary_authorization": {
Type: schema.TypeBool,
Optional: true,
Default: false,
},
"enable_kubernetes_alpha": {
Type: schema.TypeBool,
Optional: true,
@ -650,6 +656,11 @@ func resourceContainerClusterCreate(d *schema.ResourceData, meta interface{}) er
cluster.ResourceLabels = m
}
cluster.BinaryAuthorization = &containerBeta.BinaryAuthorization{
Enabled: d.Get("enable_binary_authorization").(bool),
ForceSendFields: []string{"Enabled"},
}
req := &containerBeta.CreateClusterRequest{
Cluster: cluster,
}
@ -750,14 +761,14 @@ func resourceContainerClusterRead(d *schema.ResourceData, meta interface{}) erro
d.Set("monitoring_service", cluster.MonitoringService)
d.Set("network", cluster.NetworkConfig.Network)
d.Set("subnetwork", cluster.NetworkConfig.Subnetwork)
d.Set("enable_binary_authorization", cluster.BinaryAuthorization.Enabled)
if err := d.Set("node_config", flattenNodeConfig(cluster.NodeConfig)); err != nil {
return err
}
d.Set("project", project)
if err := d.Set("addons_config", flattenClusterAddonsConfig(cluster.AddonsConfig)); err != nil {
return err
}
nps, err := flattenClusterNodePools(d, config, cluster.NodePools)
if err != nil {
return err
@ -911,6 +922,28 @@ func resourceContainerClusterUpdate(d *schema.ResourceData, meta interface{}) er
}
}
if d.HasChange("enable_binary_authorization") {
enabled := d.Get("enable_binary_authorization").(bool)
req := &containerBeta.UpdateClusterRequest{
Update: &containerBeta.ClusterUpdate{
DesiredBinaryAuthorization: &containerBeta.BinaryAuthorization{
Enabled: enabled,
ForceSendFields: []string{"Enabled"},
},
},
}
updateF := updateFunc(req, "updating GKE binary authorization")
// Call update serially.
if err := lockedCall(lockKey, updateF); err != nil {
return err
}
log.Printf("[INFO] GKE cluster %s's binary authorization has been updated to %v", d.Id(), enabled)
d.SetPartial("enable_binary_authorization")
}
if d.HasChange("maintenance_policy") {
var req *containerBeta.SetMaintenancePolicyRequest
if mp, ok := d.GetOk("maintenance_policy"); ok {

44
google/resource_container_cluster_test.go
View File

@ -1261,6 +1261,38 @@ func TestAccContainerCluster_withResourceLabelsUpdate(t *testing.T) {
})
}
func TestAccContainerCluster_withBinaryAuthorization(t *testing.T) {
t.Parallel()
clusterName := fmt.Sprintf("cluster-test-%s", acctest.RandString(10))
resource.Test(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProviders,
CheckDestroy: testAccCheckContainerClusterDestroy,
Steps: []resource.TestStep{
{
Config: testAccContainerCluster_withBinaryAuthorization(clusterName, true),
},
{
ResourceName: "google_container_cluster.with_binary_authorization",
ImportStateIdPrefix: "us-central1-a/",
ImportState: true,
ImportStateVerify: true,
},
{
Config: testAccContainerCluster_withBinaryAuthorization(clusterName, false),
},
{
ResourceName: "google_container_cluster.with_binary_authorization",
ImportStateIdPrefix: "us-central1-a/",
ImportState: true,
ImportStateVerify: true,
},
},
})
}
func testAccCheckContainerClusterDestroy(s *terraform.State) error {
config := testAccProvider.Meta().(*Config)
@ -2420,3 +2452,15 @@ resource "google_container_cluster" "with_resource_labels" {
}
`, clusterName)
}
func testAccContainerCluster_withBinaryAuthorization(clusterName string, enabled bool) string {
return fmt.Sprintf(`
resource "google_container_cluster" "with_binary_authorization" {
name = "%s"
zone = "us-central1-a"
initial_node_count = 1
enable_binary_authorization = %v
}
`, clusterName, enabled)
}

165
vendor/google.golang.org/api/container/v1beta1/container-api.json generated vendored
View File

@ -60,11 +60,6 @@
"location": "query",
"type": "string"
},
"bearer_token": {
"description": "OAuth bearer token.",
"location": "query",
"type": "string"
},
"callback": {
"description": "JSONP",
"location": "query",
@ -85,12 +80,6 @@
"location": "query",
"type": "string"
},
"pp": {
"default": "true",
"description": "Pretty-print response.",
"location": "query",
"type": "boolean"
},
"prettyPrint": {
"default": "true",
"description": "Returns response with indentations and line breaks.",
@ -213,7 +202,7 @@
],
"parameters": {
"parent": {
"description": "Contains the name of the resource requested.\nSpecific in the format 'projects/*/locations'.",
"description": "Contains the name of the resource requested.\nSpecified in the format 'projects/*'.",
"location": "path",
"pattern": "^projects/[^/]+$",
"required": true,
@ -753,7 +742,7 @@
],
"parameters": {
"parent": {
"description": "The parent (project, location, cluster id) where the node pool will be\ncreated. Specified in the format\n'projects/*/locations/*/clusters/*/nodePools/*'.",
"description": "The parent (project, location, cluster id) where the node pool will be\ncreated. Specified in the format\n'projects/*/locations/*/clusters/*'.",
"location": "path",
"pattern": "^projects/[^/]+/locations/[^/]+/clusters/[^/]+$",
"required": true,
@ -2446,7 +2435,7 @@
}
}
},
"revision": "20180504",
"revision": "20180713",
"rootUrl": "https://container.googleapis.com/",
"schemas": {
"AcceleratorConfig": {
@ -2503,6 +2492,17 @@
},
"type": "object"
},
"BinaryAuthorization": {
"description": "Configuration for Binary Authorization.",
"id": "BinaryAuthorization",
"properties": {
"enabled": {
"description": "Enable Binary Authorization for this cluster. If enabled, all container\nimages will be validated by Google Binauthz.",
"type": "boolean"
}
},
"type": "object"
},
"CancelOperationRequest": {
"description": "CancelOperationRequest cancels a single operation.",
"id": "CancelOperationRequest",
@ -2560,6 +2560,10 @@
"$ref": "AddonsConfig",
"description": "Configurations for the various addons available to run in the cluster."
},
"binaryAuthorization": {
"$ref": "BinaryAuthorization",
"description": "Configuration for Binary Authorization."
},
"clusterIpv4Cidr": {
"description": "The IP address range of the container pods in this cluster, in\n[CIDR](http://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing)\nnotation (e.g. `10.96.0.0/14`). Leave blank to have\none automatically chosen or specify a `/14` block in `10.0.0.0/8`.",
"type": "string"
@ -2589,6 +2593,10 @@
"description": "Kubernetes alpha features are enabled on this cluster. This includes alpha\nAPI groups (e.g. v1beta1) and features that may not be production ready in\nthe kubernetes version of the master and nodes.\nThe cluster has no SLA for uptime and master/node upgrades are disabled.\nAlpha enabled clusters are automatically deleted thirty days after\ncreation.",
"type": "boolean"
},
"enableTpu": {
"description": "Enable the ability to use Cloud TPUs in this cluster.",
"type": "boolean"
},
"endpoint": {
"description": "[Output only] The IP address of this cluster's master endpoint.\nThe endpoint can be accessed from the internet at\n`https://username:password@endpoint/`.\n\nSee the `masterAuth` property of this resource for username and\npassword information.",
"type": "string"
@ -2653,7 +2661,7 @@
"description": "The configuration options for master authorized networks feature."
},
"masterIpv4CidrBlock": {
"description": "The IP prefix in CIDR notation to use for the hosted master network.\nThis prefix will be used for assigning private IP addresses to the\nmaster or set of masters, as well as the ILB VIP.",
"description": "The IP prefix in CIDR notation to use for the hosted master network.\nThis prefix will be used for assigning private IP addresses to the\nmaster or set of masters, as well as the ILB VIP.\nThis field is deprecated, use\nprivate_cluster_config.master_ipv4_cidr_block instead.",
"type": "string"
},
"monitoringService": {
@ -2697,9 +2705,13 @@
"description": "Configuration for the PodSecurityPolicy feature."
},
"privateCluster": {
"description": "If this is a private cluster setup. Private clusters are clusters that, by\ndefault have no external IP addresses on the nodes and where nodes and the\nmaster communicate over private IP addresses.",
"description": "If this is a private cluster setup. Private clusters are clusters that, by\ndefault have no external IP addresses on the nodes and where nodes and the\nmaster communicate over private IP addresses.\nThis field is deprecated, use private_cluster_config.enabled instead.",
"type": "boolean"
},
"privateClusterConfig": {
"$ref": "PrivateClusterConfig",
"description": "Configuration for private cluster."
},
"resourceLabels": {
"additionalProperties": {
"type": "string"
@ -2745,6 +2757,10 @@
"description": "The name of the Google Compute Engine\n[subnetwork](/compute/docs/subnetworks) to which the\ncluster is connected. On output this shows the subnetwork ID instead of\nthe name.",
"type": "string"
},
"tpuIpv4CidrBlock": {
"description": "[Output only] The IP address range of the Cloud TPUs in this cluster, in\n[CIDR](http://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing)\nnotation (e.g. `1.2.3.4/29`).",
"type": "string"
},
"zone": {
"description": "[Output only] The name of the Google Compute Engine\n[zone](/compute/docs/zones#available) in which the cluster\nresides.\nThis field is deprecated, use location instead.",
"type": "string"
@ -2760,6 +2776,10 @@
"$ref": "AddonsConfig",
"description": "Configurations for the various addons available to run in the cluster."
},
"desiredBinaryAuthorization": {
"$ref": "BinaryAuthorization",
"description": "The desired configuration options for the Binary Authorization feature."
},
"desiredImageType": {
"description": "The desired image type for the node pool.\nNOTE: Set the \"desired_node_pool\" field as well.",
"type": "string"
@ -2771,6 +2791,10 @@
},
"type": "array"
},
"desiredLoggingService": {
"description": "The logging service the cluster should use to write metrics.\nCurrently available options:\n\n* \"logging.googleapis.com/kubernetes\" - the Google Cloud Logging\nservice with Kubernetes-native resource model in Stackdriver\n* \"logging.googleapis.com\" - the Google Cloud Logging service\n* \"none\" - no logs will be exported from the cluster",
"type": "string"
},
"desiredMasterAuthorizedNetworksConfig": {
"$ref": "MasterAuthorizedNetworksConfig",
"description": "The desired configuration options for master authorized networks feature."
@ -2780,7 +2804,7 @@
"type": "string"
},
"desiredMonitoringService": {
"description": "The monitoring service the cluster should use to write metrics.\nCurrently available options:\n\n* \"monitoring.googleapis.com\" - the Google Cloud Monitoring service\n* \"none\" - no metrics will be exported from the cluster",
"description": "The monitoring service the cluster should use to write metrics.\nCurrently available options:\n\n* \"monitoring.googleapis.com/kubernetes\" - the Google Cloud Monitoring\nservice with Kubernetes-native resource model in Stackdriver\n* \"monitoring.googleapis.com\" - the Google Cloud Monitoring service\n* \"none\" - no metrics will be exported from the cluster",
"type": "string"
},
"desiredNodePoolAutoscaling": {
@ -2861,7 +2885,7 @@
"description": "The node pool to create."
},
"parent": {
"description": "The parent (project, location, cluster id) where the node pool will be\ncreated. Specified in the format\n'projects/*/locations/*/clusters/*/nodePools/*'.",
"description": "The parent (project, location, cluster id) where the node pool will be\ncreated. Specified in the format\n'projects/*/locations/*/clusters/*'.",
"type": "string"
},
"projectId": {
@ -2966,6 +2990,10 @@
"description": "A custom subnetwork name to be used if `create_subnetwork` is true. If\nthis field is empty, then an automatic name will be chosen for the new\nsubnetwork.",
"type": "string"
},
"tpuIpv4CidrBlock": {
"description": "The IP address range of the Cloud TPUs in this cluster. If unspecified, a\nrange will be automatically chosen with the default size.\n\nThis field is only applicable when `use_ip_aliases` is true.\n\nIf unspecified, the range will use the default size.\n\nSet to /netmask (e.g. `/14`) to have a range chosen with a specific\nnetmask.\n\nSet to a\n[CIDR](http://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing)\nnotation (e.g. `10.96.0.0/14`) from the RFC-1918 private networks (e.g.\n`10.0.0.0/8`, `172.16.0.0/12`, `192.168.0.0/16`) to pick a specific range\nto use.",
"type": "string"
},
"useIpAliases": {
"description": "Whether alias IPs will be used for pod IPs in the cluster.",
"type": "boolean"
@ -3092,7 +3120,7 @@
"id": "Location",
"properties": {
"name": {
"description": "Contains the name of the resource requested.\nSpecific in the format 'projects/*/locations/*'.",
"description": "Contains the name of the resource requested.\nSpecified in the format 'projects/*/locations/*'.",
"type": "string"
},
"recommended": {
@ -3187,6 +3215,31 @@
},
"type": "object"
},
"Metric": {
"description": "Progress metric is (string, int|float|string) pair.",
"id": "Metric",
"properties": {
"doubleValue": {
"description": "For metrics with floating point value.",
"format": "double",
"type": "number"
},
"intValue": {
"description": "For metrics with integer value.",
"format": "int64",
"type": "string"
},
"name": {
"description": "Metric name, required.\ne.g., \"nodes total\", \"percent done\"",
"type": "string"
},
"stringValue": {
"description": "For metrics with custom values (ratios, visual progress, etc.).",
"type": "string"
}
},
"type": "object"
},
"NetworkConfig": {
"description": "NetworkConfig reports the relative names of network \u0026 subnetwork.",
"id": "NetworkConfig",
@ -3525,6 +3578,10 @@
],
"type": "string"
},
"progress": {
"$ref": "OperationProgress",
"description": "[Output only] Progress information for an operation."
},
"selfLink": {
"description": "Server-defined URL for the resource.",
"type": "string"
@ -3566,6 +3623,49 @@
},
"type": "object"
},
"OperationProgress": {
"description": "Information about operation (or operation stage) progress.",
"id": "OperationProgress",
"properties": {
"metrics": {
"description": "Progress metric bundle, for example:\n metrics: [{name: \"nodes done\", int_value: 15},\n {name: \"nodes total\", int_value: 32}]\nor\n metrics: [{name: \"progress\", double_value: 0.56},\n {name: \"progress scale\", double_value: 1.0}]",
"items": {
"$ref": "Metric"
},
"type": "array"
},
"name": {
"description": "A non-parameterized string describing an operation stage.\nUnset for single-stage operations.",
"type": "string"
},
"stages": {
"description": "Substages of an operation or a stage.",
"items": {
"$ref": "OperationProgress"
},
"type": "array"
},
"status": {
"description": "Status of an operation stage.\nUnset for single-stage operations.",
"enum": [
"STATUS_UNSPECIFIED",
"PENDING",
"RUNNING",
"DONE",
"ABORTING"
],
"enumDescriptions": [
"Not set.",
"The operation has been created.",
"The operation is currently running.",
"The operation is done, either cancelled or completed.",
"The operation is aborting."
],
"type": "string"
}
},
"type": "object"
},
"PodSecurityPolicyConfig": {
"description": "Configuration for the PodSecurityPolicy feature.",
"id": "PodSecurityPolicyConfig",
@ -3577,6 +3677,33 @@
},
"type": "object"
},
"PrivateClusterConfig": {
"description": "Configuration options for private clusters.",
"id": "PrivateClusterConfig",
"properties": {
"enablePrivateEndpoint": {
"description": "Whether the master's internal IP address is used as the cluster endpoint.",
"type": "boolean"
},
"enablePrivateNodes": {
"description": "Whether nodes have only private IP addresses, and communicate with the\nmaster via private networking.",
"type": "boolean"
},
"masterIpv4CidrBlock": {
"description": "The IP prefix in CIDR notation to use for the hosted master network. This\nprefix will be used for assigning private IP addresses to the master or\nset of masters, as well as the ILB VIP.",
"type": "string"
},
"privateEndpoint": {
"description": "Output only. The internal IP address of this cluster's master endpoint.",
"type": "string"
},
"publicEndpoint": {
"description": "Output only. The external IP address of this cluster's master endpoint.",
"type": "string"
}
},
"type": "object"
},
"RollbackNodePoolUpgradeRequest": {
"description": "RollbackNodePoolUpgradeRequest rollbacks the previously Aborted or Failed\nNodePool upgrade. This will be an no-op if the last upgrade successfully\ncompleted.",
"id": "RollbackNodePoolUpgradeRequest",

262
vendor/google.golang.org/api/container/v1beta1/container-gen.go generated vendored
View File

@ -333,6 +333,36 @@ func (s *AutoUpgradeOptions) MarshalJSON() ([]byte, error) {
return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
}
// BinaryAuthorization: Configuration for Binary Authorization.
type BinaryAuthorization struct {
// Enabled: Enable Binary Authorization for this cluster. If enabled,
// all container
// images will be validated by Google Binauthz.
Enabled bool `json:"enabled,omitempty"`
// ForceSendFields is a list of field names (e.g. "Enabled") to
// unconditionally include in API requests. By default, fields with
// empty values are omitted from API requests. However, any non-pointer,
// non-interface field appearing in ForceSendFields will be sent to the
// server regardless of whether the field is empty or not. This may be
// used to include empty fields in Patch requests.
ForceSendFields []string `json:"-"`
// NullFields is a list of field names (e.g. "Enabled") to include in
// API requests with the JSON null value. By default, fields with empty
// values are omitted from API requests. However, any field with an
// empty value appearing in NullFields will be sent to the server as
// null. It is an error if a field in this list has a non-empty value.
// This may be used to include null fields in Patch requests.
NullFields []string `json:"-"`
}
func (s *BinaryAuthorization) MarshalJSON() ([]byte, error) {
type NoMethod BinaryAuthorization
raw := NoMethod(*s)
return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
}
// CancelOperationRequest: CancelOperationRequest cancels a single
// operation.
type CancelOperationRequest struct {
@ -452,6 +482,9 @@ type Cluster struct {
// in the cluster.
AddonsConfig *AddonsConfig `json:"addonsConfig,omitempty"`
// BinaryAuthorization: Configuration for Binary Authorization.
BinaryAuthorization *BinaryAuthorization `json:"binaryAuthorization,omitempty"`
// ClusterIpv4Cidr: The IP address range of the container pods in this
// cluster,
// in
@ -496,6 +529,9 @@ type Cluster struct {
// creation.
EnableKubernetesAlpha bool `json:"enableKubernetesAlpha,omitempty"`
// EnableTpu: Enable the ability to use Cloud TPUs in this cluster.
EnableTpu bool `json:"enableTpu,omitempty"`
// Endpoint: [Output only] The IP address of this cluster's master
// endpoint.
// The endpoint can be accessed from the internet
@ -603,6 +639,9 @@ type Cluster struct {
// This prefix will be used for assigning private IP addresses to
// the
// master or set of masters, as well as the ILB VIP.
// This field is deprecated,
// use
// private_cluster_config.master_ipv4_cidr_block instead.
MasterIpv4CidrBlock string `json:"masterIpv4CidrBlock,omitempty"`
// MonitoringService: The monitoring service the cluster should use to
@ -679,8 +718,12 @@ type Cluster struct {
// default have no external IP addresses on the nodes and where nodes
// and the
// master communicate over private IP addresses.
// This field is deprecated, use private_cluster_config.enabled instead.
PrivateCluster bool `json:"privateCluster,omitempty"`
// PrivateClusterConfig: Configuration for private cluster.
PrivateClusterConfig *PrivateClusterConfig `json:"privateClusterConfig,omitempty"`
// ResourceLabels: The resource labels for the cluster to use to
// annotate any related
// Google Compute Engine resources.
@ -737,6 +780,14 @@ type Cluster struct {
// the name.
Subnetwork string `json:"subnetwork,omitempty"`
// TpuIpv4CidrBlock: [Output only] The IP address range of the Cloud
// TPUs in this cluster,
// in
// [CIDR](http://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing)
//
// notation (e.g. `1.2.3.4/29`).
TpuIpv4CidrBlock string `json:"tpuIpv4CidrBlock,omitempty"`
// Zone: [Output only] The name of the Google Compute
// Engine
// [zone](/compute/docs/zones#available) in which the
@ -782,6 +833,10 @@ type ClusterUpdate struct {
// to run in the cluster.
DesiredAddonsConfig *AddonsConfig `json:"desiredAddonsConfig,omitempty"`
// DesiredBinaryAuthorization: The desired configuration options for the
// Binary Authorization feature.
DesiredBinaryAuthorization *BinaryAuthorization `json:"desiredBinaryAuthorization,omitempty"`
// DesiredImageType: The desired image type for the node pool.
// NOTE: Set the "desired_node_pool" field as well.
DesiredImageType string `json:"desiredImageType,omitempty"`
@ -799,6 +854,17 @@ type ClusterUpdate struct {
// This list must always include the cluster's primary zone.
DesiredLocations []string `json:"desiredLocations,omitempty"`
// DesiredLoggingService: The logging service the cluster should use to
// write metrics.
// Currently available options:
//
// * "logging.googleapis.com/kubernetes" - the Google Cloud
// Logging
// service with Kubernetes-native resource model in Stackdriver
// * "logging.googleapis.com" - the Google Cloud Logging service
// * "none" - no logs will be exported from the cluster
DesiredLoggingService string `json:"desiredLoggingService,omitempty"`
// DesiredMasterAuthorizedNetworksConfig: The desired configuration
// options for master authorized networks feature.
DesiredMasterAuthorizedNetworksConfig *MasterAuthorizedNetworksConfig `json:"desiredMasterAuthorizedNetworksConfig,omitempty"`
@ -823,6 +889,9 @@ type ClusterUpdate struct {
// use to write metrics.
// Currently available options:
//
// * "monitoring.googleapis.com/kubernetes" - the Google Cloud
// Monitoring
// service with Kubernetes-native resource model in Stackdriver
// * "monitoring.googleapis.com" - the Google Cloud Monitoring service
// * "none" - no metrics will be exported from the cluster
DesiredMonitoringService string `json:"desiredMonitoringService,omitempty"`
@ -1001,9 +1070,8 @@ type CreateNodePoolRequest struct {
// Parent: The parent (project, location, cluster id) where the node
// pool will be
// created. Specified in the
// format
// 'projects/*/locations/*/clusters/*/nodePools/*'.
// created. Specified in the format
// 'projects/*/locations/*/clusters/*'.
Parent string `json:"parent,omitempty"`
// ProjectId: Deprecated. The Google Developers Console [project ID or
@ -1307,6 +1375,29 @@ type IPAllocationPolicy struct {
// subnetwork.
SubnetworkName string `json:"subnetworkName,omitempty"`
// TpuIpv4CidrBlock: The IP address range of the Cloud TPUs in this
// cluster. If unspecified, a
// range will be automatically chosen with the default size.
//
// This field is only applicable when `use_ip_aliases` is true.
//
// If unspecified, the range will use the default size.
//
// Set to /netmask (e.g. `/14`) to have a range chosen with a
// specific
// netmask.
//
// Set to
// a
// [CIDR](http://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing)
//
// notation (e.g. `10.96.0.0/14`) from the RFC-1918 private networks
// (e.g.
// `10.0.0.0/8`, `172.16.0.0/12`, `192.168.0.0/16`) to pick a specific
// range
// to use.
TpuIpv4CidrBlock string `json:"tpuIpv4CidrBlock,omitempty"`
// UseIpAliases: Whether alias IPs will be used for pod IPs in the
// cluster.
UseIpAliases bool `json:"useIpAliases,omitempty"`
@ -1605,7 +1696,7 @@ func (s *ListUsableSubnetworksResponse) MarshalJSON() ([]byte, error) {
// for GKE cluster scheduling.
type Location struct {
// Name: Contains the name of the resource requested.
// Specific in the format 'projects/*/locations/*'.
// Specified in the format 'projects/*/locations/*'.
Name string `json:"name,omitempty"`
// Recommended: Recommended is a bool combining the drain state of the
@ -1816,6 +1907,59 @@ func (s *MasterAuthorizedNetworksConfig) MarshalJSON() ([]byte, error) {
return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
}
// Metric: Progress metric is (string, int|float|string) pair.
type Metric struct {
// DoubleValue: For metrics with floating point value.
DoubleValue float64 `json:"doubleValue,omitempty"`
// IntValue: For metrics with integer value.
IntValue int64 `json:"intValue,omitempty,string"`
// Name: Metric name, required.
// e.g., "nodes total", "percent done"
Name string `json:"name,omitempty"`
// StringValue: For metrics with custom values (ratios, visual progress,
// etc.).
StringValue string `json:"stringValue,omitempty"`
// ForceSendFields is a list of field names (e.g. "DoubleValue") to
// unconditionally include in API requests. By default, fields with
// empty values are omitted from API requests. However, any non-pointer,
// non-interface field appearing in ForceSendFields will be sent to the
// server regardless of whether the field is empty or not. This may be
// used to include empty fields in Patch requests.
ForceSendFields []string `json:"-"`
// NullFields is a list of field names (e.g. "DoubleValue") to include
// in API requests with the JSON null value. By default, fields with
// empty values are omitted from API requests. However, any field with
// an empty value appearing in NullFields will be sent to the server as
// null. It is an error if a field in this list has a non-empty value.
// This may be used to include null fields in Patch requests.
NullFields []string `json:"-"`
}
func (s *Metric) MarshalJSON() ([]byte, error) {
type NoMethod Metric
raw := NoMethod(*s)
return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
}
func (s *Metric) UnmarshalJSON(data []byte) error {
type NoMethod Metric
var s1 struct {
DoubleValue gensupport.JSONFloat64 `json:"doubleValue"`
*NoMethod
}
s1.NoMethod = (*NoMethod)(s)
if err := json.Unmarshal(data, &s1); err != nil {
return err
}
s.DoubleValue = float64(s1.DoubleValue)
return nil
}
// NetworkConfig: NetworkConfig reports the relative names of network &
// subnetwork.
type NetworkConfig struct {
@ -2391,6 +2535,9 @@ type Operation struct {
// "SET_MAINTENANCE_POLICY" - Set the maintenance policy.
OperationType string `json:"operationType,omitempty"`
// Progress: [Output only] Progress information for an operation.
Progress *OperationProgress `json:"progress,omitempty"`
// SelfLink: Server-defined URL for the resource.
SelfLink string `json:"selfLink,omitempty"`
@ -2450,6 +2597,58 @@ func (s *Operation) MarshalJSON() ([]byte, error) {
return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
}
// OperationProgress: Information about operation (or operation stage)
// progress.
type OperationProgress struct {
// Metrics: Progress metric bundle, for example:
// metrics: [{name: "nodes done", int_value: 15},
// {name: "nodes total", int_value: 32}]
// or
// metrics: [{name: "progress", double_value: 0.56},
// {name: "progress scale", double_value: 1.0}]
Metrics []*Metric `json:"metrics,omitempty"`
// Name: A non-parameterized string describing an operation stage.
// Unset for single-stage operations.
Name string `json:"name,omitempty"`
// Stages: Substages of an operation or a stage.
Stages []*OperationProgress `json:"stages,omitempty"`
// Status: Status of an operation stage.
// Unset for single-stage operations.
//
// Possible values:
// "STATUS_UNSPECIFIED" - Not set.
// "PENDING" - The operation has been created.
// "RUNNING" - The operation is currently running.
// "DONE" - The operation is done, either cancelled or completed.
// "ABORTING" - The operation is aborting.
Status string `json:"status,omitempty"`
// ForceSendFields is a list of field names (e.g. "Metrics") to
// unconditionally include in API requests. By default, fields with
// empty values are omitted from API requests. However, any non-pointer,
// non-interface field appearing in ForceSendFields will be sent to the
// server regardless of whether the field is empty or not. This may be
// used to include empty fields in Patch requests.
ForceSendFields []string `json:"-"`
// NullFields is a list of field names (e.g. "Metrics") to include in
// API requests with the JSON null value. By default, fields with empty
// values are omitted from API requests. However, any field with an
// empty value appearing in NullFields will be sent to the server as
// null. It is an error if a field in this list has a non-empty value.
// This may be used to include null fields in Patch requests.
NullFields []string `json:"-"`
}
func (s *OperationProgress) MarshalJSON() ([]byte, error) {
type NoMethod OperationProgress
raw := NoMethod(*s)
return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
}
// PodSecurityPolicyConfig: Configuration for the PodSecurityPolicy
// feature.
type PodSecurityPolicyConfig struct {
@ -2481,6 +2680,57 @@ func (s *PodSecurityPolicyConfig) MarshalJSON() ([]byte, error) {
return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
}
// PrivateClusterConfig: Configuration options for private clusters.
type PrivateClusterConfig struct {
// EnablePrivateEndpoint: Whether the master's internal IP address is
// used as the cluster endpoint.
EnablePrivateEndpoint bool `json:"enablePrivateEndpoint,omitempty"`
// EnablePrivateNodes: Whether nodes have only private IP addresses, and
// communicate with the
// master via private networking.
EnablePrivateNodes bool `json:"enablePrivateNodes,omitempty"`
// MasterIpv4CidrBlock: The IP prefix in CIDR notation to use for the
// hosted master network. This
// prefix will be used for assigning private IP addresses to the master
// or
// set of masters, as well as the ILB VIP.
MasterIpv4CidrBlock string `json:"masterIpv4CidrBlock,omitempty"`
// PrivateEndpoint: Output only. The internal IP address of this
// cluster's master endpoint.
PrivateEndpoint string `json:"privateEndpoint,omitempty"`
// PublicEndpoint: Output only. The external IP address of this
// cluster's master endpoint.
PublicEndpoint string `json:"publicEndpoint,omitempty"`
// ForceSendFields is a list of field names (e.g.
// "EnablePrivateEndpoint") to unconditionally include in API requests.
// By default, fields with empty values are omitted from API requests.
// However, any non-pointer, non-interface field appearing in
// ForceSendFields will be sent to the server regardless of whether the
// field is empty or not. This may be used to include empty fields in
// Patch requests.
ForceSendFields []string `json:"-"`
// NullFields is a list of field names (e.g. "EnablePrivateEndpoint") to
// include in API requests with the JSON null value. By default, fields
// with empty values are omitted from API requests. However, any field
// with an empty value appearing in NullFields will be sent to the
// server as null. It is an error if a field in this list has a
// non-empty value. This may be used to include null fields in Patch
// requests.
NullFields []string `json:"-"`
}
func (s *PrivateClusterConfig) MarshalJSON() ([]byte, error) {
type NoMethod PrivateClusterConfig
raw := NoMethod(*s)
return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
}
// RollbackNodePoolUpgradeRequest: RollbackNodePoolUpgradeRequest
// rollbacks the previously Aborted or Failed
// NodePool upgrade. This will be an no-op if the last upgrade
@ -4131,7 +4381,7 @@ func (c *ProjectsLocationsListCall) Do(opts ...googleapi.CallOption) (*ListLocat
// ],
// "parameters": {
// "parent": {
// "description": "Contains the name of the resource requested.\nSpecific in the format 'projects/*/locations'.",
// "description": "Contains the name of the resource requested.\nSpecified in the format 'projects/*'.",
// "location": "path",
// "pattern": "^projects/[^/]+$",
// "required": true,
@ -6711,7 +6961,7 @@ func (c *ProjectsLocationsClustersNodePoolsCreateCall) Do(opts ...googleapi.Call
// ],
// "parameters": {
// "parent": {
// "description": "The parent (project, location, cluster id) where the node pool will be\ncreated. Specified in the format\n'projects/*/locations/*/clusters/*/nodePools/*'.",
// "description": "The parent (project, location, cluster id) where the node pool will be\ncreated. Specified in the format\n'projects/*/locations/*/clusters/*'.",
// "location": "path",
// "pattern": "^projects/[^/]+/locations/[^/]+/clusters/[^/]+$",
// "required": true,

6
vendor/vendor.json vendored
View File

@ -1316,10 +1316,10 @@
"revisionTime": "2017-10-21T00:03:56Z"
},
{
"checksumSHA1": "yZERJY3ohvczGG15QPUyUh6VlFQ=",
"checksumSHA1": "fPjdgvz7HJGaoi+SRAelRopu8tM=",
"path": "google.golang.org/api/container/v1beta1",
"revision": "348810ff778af56686d572415ce79e6c9fad9613",
"revisionTime": "2018-05-08T15:48:10Z"
"revision": "0e8d13b5c025da6a7cf249bb854e5869921dd459",
"revisionTime": "2018-08-14T00:05:10Z"
},
{
"checksumSHA1": "pxXDGWhDrfcAOCQCjgxLfZA4NOw=",

3
website/docs/r/container_cluster.html.markdown
View File

@ -92,6 +92,9 @@ output "cluster_ca_certificate" {
* `description` - (Optional) Description of the cluster.
* `enable_binary_authorization` - (Optional) Enable Binary Authorization for this cluster.
If enabled, all container images will be validated by Google Binary Authorization.
* `enable_kubernetes_alpha` - (Optional) Whether to enable Kubernetes Alpha features for
this cluster. Note that when this option is enabled, the cluster cannot be upgraded
and will be automatically deleted after 30 days.