Index
EdgeContainer(interface)Authorization(message)Cluster(message)ClusterNetworking(message)ClusterUser(message)CreateClusterRequest(message)CreateNodePoolRequest(message)CreateVpnConnectionRequest(message)DeleteClusterRequest(message)DeleteNodePoolRequest(message)DeleteVpnConnectionRequest(message)Fleet(message)GenerateAccessTokenRequest(message)GenerateAccessTokenResponse(message)GetClusterRequest(message)GetMachineRequest(message)GetNodePoolRequest(message)GetVpnConnectionRequest(message)KmsKeyState(enum)ListClustersRequest(message)ListClustersResponse(message)ListMachinesRequest(message)ListMachinesResponse(message)ListNodePoolsRequest(message)ListNodePoolsResponse(message)ListVpnConnectionsRequest(message)ListVpnConnectionsResponse(message)LocationMetadata(message)Machine(message)MaintenancePolicy(message)MaintenanceWindow(message)NodePool(message)NodePool.LocalDiskEncryption(message)OperationMetadata(message)Quota(message)RecurringTimeWindow(message)TimeWindow(message)UpdateClusterRequest(message)UpdateNodePoolRequest(message)VpnConnection(message)VpnConnection.BgpRoutingMode(enum)VpnConnection.Details(message)VpnConnection.Details.CloudRouter(message)VpnConnection.Details.CloudVpn(message)VpnConnection.Details.State(enum)VpnConnection.VpcProject(message)ZoneMetadata(message)
EdgeContainer
EdgeContainer API provides management of Kubernetes Clusters on Google Edge Cloud deployments.
| CreateCluster |
|---|
|
Creates a new Cluster in a given project and location.
|
| CreateNodePool |
|---|
|
Creates a new NodePool in a given project and location.
|
| CreateVpnConnection |
|---|
|
Creates a new VPN connection in a given project and location.
|
| DeleteCluster |
|---|
|
Deletes a single Cluster.
|
| DeleteNodePool |
|---|
|
Deletes a single NodePool.
|
| DeleteVpnConnection |
|---|
|
Deletes a single VPN connection.
|
| GenerateAccessToken |
|---|
|
Generates an access token for a Cluster.
|
| GetCluster |
|---|
|
Gets details of a single Cluster.
|
| GetMachine |
|---|
|
Gets details of a single Machine.
|
| GetNodePool |
|---|
|
Gets details of a single NodePool.
|
| GetVpnConnection |
|---|
|
Gets details of a single VPN connection.
|
| ListClusters |
|---|
|
Lists Clusters in a given project and location.
|
| ListMachines |
|---|
|
Lists Machines in a given project and location.
|
| ListNodePools |
|---|
|
Lists NodePools in a given project and location.
|
| ListVpnConnections |
|---|
|
Lists VPN connections in a given project and location.
|
| UpdateCluster |
|---|
|
Updates the parameters of a single Cluster.
|
| UpdateNodePool |
|---|
|
Updates the parameters of a single NodePool.
|
Authorization
RBAC policy that will be applied and managed by GEC.
| Fields | |
|---|---|
admin_users |
Required. User that will be granted the cluster-admin role on the cluster, providing full access to the cluster. Currently, this is a singular field, but will be expanded to allow multiple admins in the future. |
Cluster
A Google Distributed Cloud Edge Kubernetes cluster.
| Fields | |
|---|---|
name |
Required. The resource name of the cluster. |
create_time |
Output only. The time when the cluster was created. |
update_time |
Output only. The time when the cluster was last updated. |
labels |
Labels associated with this resource. |
fleet |
Optional. Fleet configuration. |
networking |
Required. Cluster-wide networking configuration. |
authorization |
Required. Immutable. RBAC policy that will be applied and managed by GEC. |
default_max_pods_per_node |
Optional. The default maximum number of pods per node used if a maximum value is not specified explicitly for a node pool in this cluster. If unspecified, the Kubernetes default value will be used. |
endpoint |
Output only. The IP address of the Kubernetes API server. |
cluster_ca_certificate |
Output only. The PEM-encoded public certificate of the cluster's CA. |
maintenance_policy |
Optional. Cluster-wide maintenance policy configuration. |
control_plane_version |
Output only. The control plane release version |
node_version |
Output only. The lowest release version among all worker nodes. This field can be empty if the cluster does not have any worker nodes. |
ClusterNetworking
Cluster-wide networking configuration.
| Fields | |
|---|---|
cluster_ipv4_cidr_blocks[] |
Required. All pods in the cluster are assigned an RFC1918 IPv4 address from these blocks. Only a single block is supported. This field cannot be changed after creation. |
services_ipv4_cidr_blocks[] |
Required. All services in the cluster are assigned an RFC1918 IPv4 address from these blocks. Only a single block is supported. This field cannot be changed after creation. |
ClusterUser
A user principal for an RBAC policy.
| Fields | |
|---|---|
username |
Required. An active Google username. |
CreateClusterRequest
Creates a cluster.
| Fields | |
|---|---|
parent |
Required. The parent location where this cluster will be created. Authorization requires the following IAM permission on the specified resource
|
cluster_id |
Required. A client-specified unique identifier for the cluster. |
cluster |
Required. The cluster to create. |
request_id |
A unique identifier for this request. Restricted to 36 ASCII characters. A random UUID is recommended. This request is only idempotent if |
CreateNodePoolRequest
Creates a node pool.
| Fields | |
|---|---|
parent |
Required. The parent cluster where this node pool will be created. Authorization requires the following IAM permission on the specified resource
|
node_pool_id |
Required. A client-specified unique identifier for the node pool. |
node_pool |
Required. The node pool to create. |
request_id |
A unique identifier for this request. Restricted to 36 ASCII characters. A random UUID is recommended. This request is only idempotent if |
CreateVpnConnectionRequest
Creates a VPN connection.
| Fields | |
|---|---|
parent |
Required. The parent location where this vpn connection will be created. Authorization requires the following IAM permission on the specified resource
|
vpn_connection_id |
Required. The VPN connection identifier. |
vpn_connection |
Required. The VPN connection to create. |
request_id |
A unique identifier for this request. Restricted to 36 ASCII characters. A random UUID is recommended. This request is only idempotent if |
DeleteClusterRequest
Deletes a cluster.
| Fields | |
|---|---|
name |
Required. The resource name of the cluster. Authorization requires the following IAM permission on the specified resource
|
request_id |
A unique identifier for this request. Restricted to 36 ASCII characters. A random UUID is recommended. This request is only idempotent if |
DeleteNodePoolRequest
Deletes a node pool.
| Fields | |
|---|---|
name |
Required. The resource name of the node pool. Authorization requires the following IAM permission on the specified resource
|
request_id |
A unique identifier for this request. Restricted to 36 ASCII characters. A random UUID is recommended. This request is only idempotent if |
DeleteVpnConnectionRequest
Deletes a vpn connection.
| Fields | |
|---|---|
name |
Required. The resource name of the vpn connection. Authorization requires the following IAM permission on the specified resource
|
request_id |
A unique identifier for this request. Restricted to 36 ASCII characters. A random UUID is recommended. This request is only idempotent if |
Fleet
Fleet related configuration.
Fleets are a Google Cloud concept for logically organizing clusters, letting you use and manage multi-cluster capabilities and apply consistent policies across your systems.
| Fields | |
|---|---|
project |
Required. The name of the Fleet host project where this cluster will be registered. Project names are formatted as |
membership |
Output only. The name of the managed Hub Membership resource associated to this cluster. Membership names are formatted as |
GenerateAccessTokenRequest
Generates an access token for a cluster.
| Fields | |
|---|---|
cluster |
Required. The resource name of the cluster. Authorization requires the following IAM permission on the specified resource
|
GenerateAccessTokenResponse
An access token for a cluster.
| Fields | |
|---|---|
access_token |
Output only. Access token to authenticate to k8s api-server. |
expire_time |
Output only. Timestamp at which the token will expire. |
GetClusterRequest
Gets a cluster.
| Fields | |
|---|---|
name |
Required. The resource name of the cluster. Authorization requires the following IAM permission on the specified resource
|
GetMachineRequest
Gets a machine.
| Fields | |
|---|---|
name |
Required. The resource name of the machine. Authorization requires the following IAM permission on the specified resource
|
GetNodePoolRequest
Gets a node pool.
| Fields | |
|---|---|
name |
Required. The resource name of the node pool. Authorization requires the following IAM permission on the specified resource
|
GetVpnConnectionRequest
Gets a VPN connection.
| Fields | |
|---|---|
name |
Required. The resource name of the vpn connection. Authorization requires the following IAM permission on the specified resource
|
KmsKeyState
Represents the accessibility state of a customer-managed KMS key used for CMEK integration.
| Enums | |
|---|---|
KMS_KEY_STATE_UNSPECIFIED |
Unspecified. |
KMS_KEY_STATE_KEY_AVAILABLE |
The key is available for use, and dependent resources should be accessible. |
KMS_KEY_STATE_KEY_UNAVAILABLE |
The key is unavailable for an unspecified reason. Dependent resources may be inaccessible. |
ListClustersRequest
Lists clusters in a location.
| Fields | |
|---|---|
parent |
Required. The parent location, which owns this collection of clusters. Authorization requires the following IAM permission on the specified resource
|
page_size |
The maximum number of resources to list. |
page_token |
A page token received from previous list request. A page token received from previous list request. |
filter |
Only resources matching this filter will be listed. |
order_by |
Specifies the order in which resources will be listed. |
ListClustersResponse
List of clusters in a location.
| Fields | |
|---|---|
clusters[] |
Clusters in the location. |
next_page_token |
A token to retrieve next page of results. |
unreachable[] |
Locations that could not be reached. |
ListMachinesRequest
Lists machines in a site.
| Fields | |
|---|---|
parent |
Required. The parent site, which owns this collection of machines. Authorization requires the following IAM permission on the specified resource
|
page_size |
The maximum number of resources to list. |
page_token |
A page token received from previous list request. |
filter |
Only resources matching this filter will be listed. |
order_by |
Specifies the order in which resources will be listed. |
ListMachinesResponse
List of machines in a site.
| Fields | |
|---|---|
machines[] |
Machines in the site. |
next_page_token |
A token to retrieve next page of results. |
unreachable[] |
Locations that could not be reached. |
ListNodePoolsRequest
Lists node pools in a cluster.
| Fields | |
|---|---|
parent |
Required. The parent cluster, which owns this collection of node pools. Authorization requires the following IAM permission on the specified resource
|
page_size |
The maximum number of resources to list. |
page_token |
A page token received from previous list request. |
filter |
Only resources matching this filter will be listed. |
order_by |
Specifies the order in which resources will be listed. |
ListNodePoolsResponse
List of node pools in a cluster.
| Fields | |
|---|---|
node_pools[] |
Node pools in the cluster. |
next_page_token |
A token to retrieve next page of results. |
unreachable[] |
Locations that could not be reached. |
ListVpnConnectionsRequest
Lists VPN connections.
| Fields | |
|---|---|
parent |
Required. The parent location, which owns this collection of VPN connections. Authorization requires the following IAM permission on the specified resource
|
page_size |
The maximum number of resources to list. |
page_token |
A page token received from previous list request. |
filter |
Only resources matching this filter will be listed. |
order_by |
Specifies the order in which resources will be listed. |
ListVpnConnectionsResponse
List of VPN connections in a location.
| Fields | |
|---|---|
vpn_connections[] |
VpnConnections in the location. |
next_page_token |
A token to retrieve next page of results. |
unreachable[] |
Locations that could not be reached. |
LocationMetadata
Metadata for a given google.cloud.location.Location.
| Fields | |
|---|---|
available_zones |
The set of available Google Distributed Cloud Edge zones in the location. The map is keyed by the lowercase ID of each zone. |
Machine
A Google Distributed Cloud Edge machine capable of acting as a Kubernetes node.
| Fields | |
|---|---|
name |
Required. The resource name of the machine. |
create_time |
Output only. The time when the node pool was created. |
update_time |
Output only. The time when the node pool was last updated. |
labels |
Labels associated with this resource. |
hosted_node |
Canonical resource name of the node that this machine is responsible for hosting e.g. projects/{project}/locations/{location}/clusters/{cluster_id}/nodePools/{pool_id}/{node}, Or empty if the machine is not assigned to assume the role of a node. For control plane nodes hosted on edge machines, this will return the following format: "projects/{project}/locations/{location}/clusters/{cluster_id}/controlPlaneNodes/{node}". |
zone |
The Google Distributed Cloud Edge zone of this machine. |
version |
Output only. The software version of the machine. |
disabled |
Output only. Whether the machine is disabled. If disabled, the machine is unable to enter service. |
MaintenancePolicy
Maintenance policy configuration.
| Fields | |
|---|---|
window |
Specifies the maintenance window in which maintenance may be performed. |
MaintenanceWindow
Maintenance window configuration
| Fields | |
|---|---|
recurring_window |
Configuration of a recurring maintenance window. |
NodePool
A set of Kubernetes nodes in a cluster with common configuration and specification.
| Fields | |
|---|---|
name |
Required. The resource name of the node pool. |
create_time |
Output only. The time when the node pool was created. |
update_time |
Output only. The time when the node pool was last updated. |
labels |
Labels associated with this resource. |
node_location |
Name of the Google Distributed Cloud Edge zone where this node pool will be created. For example: |
node_count |
Required. The number of nodes in the pool. |
machine_filter |
Only machines matching this filter will be allowed to join the node pool. The filtering language accepts strings like "name= |
local_disk_encryption |
Optional. Local disk encryption options. This field is only used when enabling CMEK support. |
node_version |
Output only. The lowest release version among all worker nodes. |
LocalDiskEncryption
Configuration for CMEK support for edge machine local disk encryption.
| Fields | |
|---|---|
kms_key |
Immutable. The Cloud KMS CryptoKey e.g. projects/{project}/locations/{location}/keyRings/{keyRing}/cryptoKeys/{cryptoKey} to use for protecting node local disks. If not specified, a Google-managed key will be used instead. |
kms_key_active_version |
Output only. The Cloud KMS CryptoKeyVersion currently in use for protecting node local disks. Only applicable if kms_key is set. |
kms_key_state |
Output only. Availability of the Cloud KMS CryptoKey. If not |
kms_status |
Output only. Error status returned by Cloud KMS when using this key. This field may be populated only if |
OperationMetadata
Long-running operation metadata for Edge Container API methods.
| Fields | |
|---|---|
create_time |
The time the operation was created. |
end_time |
The time the operation finished running. |
target |
Server-defined resource path for the target of the operation. |
verb |
The verb executed by the operation. |
status_message |
Human-readable status of the operation, if any. |
requested_cancellation |
Identifies whether the user has requested cancellation of the operation. Operations that have successfully been cancelled have [Operation.error][] value with a |
api_version |
API version used to start the operation. |
warnings[] |
Warnings that do not block the operation, but still hold relevant information for the end user to receive. |
Quota
Represents quota for Edge Container resources.
| Fields | |
|---|---|
metric |
Name of the quota metric. |
limit |
Quota limit for this metric. |
usage |
Current usage of this metric. |
RecurringTimeWindow
Represents an arbitrary window of time that recurs.
| Fields | |
|---|---|
window |
The window of the first recurrence. |
recurrence |
An RRULE (https://tools.ietf.org/html/rfc5545#section-3.8.5.3) for how this window recurs. They go on for the span of time between the start and end time. |
TimeWindow
Represents an arbitrary window of time.
| Fields | |
|---|---|
start_time |
The time that the window first starts. |
end_time |
The time that the window ends. The end time must take place after the start time. |
UpdateClusterRequest
Updates a cluster.
| Fields | |
|---|---|
update_mask |
Field mask is used to specify the fields to be overwritten in the Cluster resource by the update. The fields specified in the update_mask are relative to the resource, not the full request. A field will be overwritten if it is in the mask. If the user does not provide a mask then all fields will be overwritten. |
cluster |
The updated cluster. Authorization requires the following IAM permission on the specified resource
|
request_id |
A unique identifier for this request. Restricted to 36 ASCII characters. A random UUID is recommended. This request is only idempotent if |
UpdateNodePoolRequest
Updates a node pool.
| Fields | |
|---|---|
update_mask |
Field mask is used to specify the fields to be overwritten in the NodePool resource by the update. The fields specified in the update_mask are relative to the resource, not the full request. A field will be overwritten if it is in the mask. If the user does not provide a mask then all fields will be overwritten. |
node_pool |
The updated node pool. Authorization requires the following IAM permission on the specified resource
|
request_id |
A unique identifier for this request. Restricted to 36 ASCII characters. A random UUID is recommended. This request is only idempotent if |
VpnConnection
A VPN connection .
| Fields | |
|---|---|
name |
Required. The resource name of VPN connection |
create_time |
Output only. The time when the VPN connection was created. |
update_time |
Output only. The time when the VPN connection was last updated. |
labels |
Labels associated with this resource. |
nat_gateway_ip |
NAT gateway IP, or WAN IP address. If a customer has multiple NAT IPs, the customer needs to configure NAT such that only one external IP maps to the GMEC Anthos cluster. This is empty if NAT is not used. |
bgp_routing_mode |
Dynamic routing mode of the VPC network, |
cluster |
The canonical Cluster name to connect to. It is in the form of projects/{project}/locations/{location}/clusters/{cluster}. |
vpc |
The network ID of VPC to connect to. |
vpc_project |
Optional. Project detail of the VPC network. Required if VPC is in a different project than the cluster project. |
enable_high_availability |
Whether this VPN connection has HA enabled on cluster side. If enabled, when creating VPN connection we will attempt to use 2 ANG floating IPs. |
details |
Output only. The created connection details. |
BgpRoutingMode
Routing mode.
| Enums | |
|---|---|
BGP_ROUTING_MODE_UNSPECIFIED |
Unknown. |
REGIONAL |
Regional mode. |
GLOBAL |
Global mode. |
Details
The created connection details.
| Fields | |
|---|---|
state |
The state of this connection. |
error |
The error message. This is only populated when state=ERROR. |
cloud_router |
The Cloud Router info. |
cloud_vpns[] |
Each connection has multiple Cloud VPN gateways. |
CloudRouter
The Cloud Router info.
| Fields | |
|---|---|
name |
The associated Cloud Router name. |
CloudVpn
The Cloud VPN info.
| Fields | |
|---|---|
gateway |
The created Cloud VPN gateway name. |
State
The current connection state.
| Enums | |
|---|---|
STATE_UNSPECIFIED |
Unknown. |
STATE_CONNECTED |
Connected. |
STATE_CONNECTING |
Still connecting. |
STATE_ERROR |
Error occurred. |
VpcProject
Project detail of the VPC network.
| Fields | |
|---|---|
project_id |
The project of the VPC to connect to. If not specified, it is the same as the cluster project. |
service_account |
Optional. The service account in the VPC project configured by user. It is used to create/delete Cloud Router and Cloud HA VPNs for VPN connection. If this SA is changed during/after a VPN connection is created, you need to remove the Cloud Router and Cloud VPN resources in |project_id|. It is in the form of service-{project_number}@gcp-sa-edgecontainer.iam.gserviceaccount.com. |
ZoneMetadata
A Google Distributed Cloud Edge zone where edge machines are located.
| Fields | |
|---|---|
quota[] |
Quota for resources in this zone. |