feat: add confidential instance type and hyperdisk support to GKE API (#33941)

* feat: add confidential instance type and hyperdisk support to GKE API
feat: add private endpoint enforcement for master authorized networks
feat: add swap memory configuration for node pools
feat: add custom node initialization and kernel module loading policy
feat: add accurate time synchronization (PTP-KVM) support
feat: add advanced Kubelet configurations including image GC and parallel pulls
feat: add Topology Manager and Memory Manager configurations
feat: add node management features (Slurm, readiness, creation, taints)
feat: add cluster disruption budgets and maintenance window configurations
feat: add security and observability enhancements (secret sync, OTel, ML diagnostics)
feat: add GPU Direct and network performance configuration options
feat: update authentication rules with canonical scopes for ClusterManager
docs: various documentation improvements

PiperOrigin-RevId: 914473416

Source-Link: googleapis/googleapis@a0cedfb

Source-Link: googleapis/googleapis-gen@724eb82
Copy-Tag: eyJwIjoiZ29vZ2xlLWNsb3VkLWNvbnRhaW5lci12MS8uT3dsQm90LnlhbWwiLCJoIjoiNzI0ZWI4MjEyMzcwYjY4MDE3ZWFjOTI3ZTA3MjgyOTA3MGQ1ZmJjNiJ9

* 🦉 Updates from OwlBot post-processor

See https://github.com/googleapis/repo-automation-bots/blob/main/packages/owl-bot/README.md

---------

Co-authored-by: Owl Bot <gcf-owl-bot[bot]@users.noreply.github.com>

Author: gcf-owl-bot[bot]

google-cloud-container-v1/.owlbot-manifest.json

@@ -29,6 +29,7 @@
     "proto_docs/README.md",
     "proto_docs/google/api/client.rb",
     "proto_docs/google/api/field_behavior.rb",
+    "proto_docs/google/api/field_info.rb",
     "proto_docs/google/api/launch_stage.rb",
     "proto_docs/google/api/resource.rb",
     "proto_docs/google/container/v1/cluster_service.rb",
@@ -39,6 +40,8 @@
     "proto_docs/google/protobuf/wrappers.rb",
     "proto_docs/google/rpc/code.rb",
     "proto_docs/google/rpc/status.rb",
+    "proto_docs/google/type/date.rb",
+    "proto_docs/google/type/timeofday.rb",
     "snippets/Gemfile",
     "snippets/cluster_manager/cancel_operation.rb",
     "snippets/cluster_manager/check_autopilot_compatibility.rb",

google-cloud-container-v1/lib/google/cloud/container/v1/cluster_manager/client.rb

@@ -689,7 +689,7 @@ def update_cluster request, options = nil
             #   @param options [::Gapic::CallOptions, ::Hash]
             #     Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
             #
-            # @overload update_node_pool(project_id: nil, zone: nil, cluster_id: nil, node_pool_id: nil, node_version: nil, image_type: nil, name: nil, locations: nil, workload_metadata_config: nil, upgrade_settings: nil, tags: nil, taints: nil, labels: nil, linux_node_config: nil, kubelet_config: nil, node_network_config: nil, gcfs_config: nil, confidential_nodes: nil, gvnic: nil, etag: nil, fast_socket: nil, logging_config: nil, resource_labels: nil, windows_node_config: nil, accelerators: nil, machine_type: nil, disk_type: nil, disk_size_gb: nil, resource_manager_tags: nil, containerd_config: nil, queued_provisioning: nil, storage_pools: nil, max_run_duration: nil, flex_start: nil, boot_disk: nil, node_drain_config: nil, consolidation_delay: nil)
+            # @overload update_node_pool(project_id: nil, zone: nil, cluster_id: nil, node_pool_id: nil, node_version: nil, image_type: nil, name: nil, locations: nil, workload_metadata_config: nil, upgrade_settings: nil, tags: nil, taints: nil, labels: nil, linux_node_config: nil, kubelet_config: nil, node_network_config: nil, gcfs_config: nil, confidential_nodes: nil, gvnic: nil, etag: nil, fast_socket: nil, logging_config: nil, resource_labels: nil, windows_node_config: nil, accelerators: nil, machine_type: nil, disk_type: nil, disk_size_gb: nil, resource_manager_tags: nil, containerd_config: nil, queued_provisioning: nil, storage_pools: nil, max_run_duration: nil, flex_start: nil, boot_disk: nil, node_drain_config: nil, consolidation_delay: nil, taint_config: nil)
             #   Pass arguments to `update_node_pool` via keyword arguments. Note that at
             #   least one keyword argument is required. To specify no parameters, or to keep all
             #   the default parameter values, pass an empty Hash as a request object (see above).
@@ -833,6 +833,8 @@ def update_cluster request, options = nil
             #     Consolidation delay defines duration after which the Cluster Autoscaler can
             #     scale down underutilized nodes. If not set, nodes are scaled down by
             #     default behavior, i.e. according to the chosen autoscaling profile.
+            #   @param taint_config [::Google::Cloud::Container::V1::TaintConfig, ::Hash]
+            #     The taint configuration for the node pool.
             #
             # @yield [response, operation] Access the result along with the RPC operation
             # @yieldparam response [::Google::Cloud::Container::V1::Operation]
@@ -3920,7 +3922,7 @@ def fetch_cluster_upgrade_info request, options = nil
             end
 
             ##
-            # Fetch upgrade information of a specific nodepool.
+            # Fetch upgrade information of a specific node pool.
             #
             # @overload fetch_node_pool_upgrade_info(request, options = nil)
             #   Pass arguments to `fetch_node_pool_upgrade_info` via a request object, either of type
@@ -3938,7 +3940,7 @@ def fetch_cluster_upgrade_info request, options = nil
             #   the default parameter values, pass an empty Hash as a request object (see above).
             #
             #   @param name [::String]
-            #     Required. The name (project, location, cluster, nodepool) of the nodepool
+            #     Required. The name (project, location, cluster, node pool) of the node pool
             #     to get. Specified in the format
             #     `projects/*/locations/*/clusters/*/nodePools/*` or
             #     `projects/*/zones/*/clusters/*/nodePools/*`.

google-cloud-container-v1/lib/google/cloud/container/v1/cluster_manager/credentials.rb

@@ -26,7 +26,9 @@ module ClusterManager
           # Credentials for the ClusterManager API.
           class Credentials < ::Google::Auth::Credentials
             self.scope = [
-              "https://www.googleapis.com/auth/cloud-platform"
+              "https://www.googleapis.com/auth/cloud-platform",
+              "https://www.googleapis.com/auth/container",
+              "https://www.googleapis.com/auth/container.read-only"
             ]
             self.env_vars = [
               "CONTAINER_CREDENTIALS",

google-cloud-container-v1/lib/google/cloud/container/v1/cluster_manager/rest/client.rb

@@ -654,7 +654,7 @@ def update_cluster request, options = nil
               #   @param options [::Gapic::CallOptions, ::Hash]
               #     Overrides the default settings for this call, e.g, timeout, retries etc. Optional.
               #
-              # @overload update_node_pool(project_id: nil, zone: nil, cluster_id: nil, node_pool_id: nil, node_version: nil, image_type: nil, name: nil, locations: nil, workload_metadata_config: nil, upgrade_settings: nil, tags: nil, taints: nil, labels: nil, linux_node_config: nil, kubelet_config: nil, node_network_config: nil, gcfs_config: nil, confidential_nodes: nil, gvnic: nil, etag: nil, fast_socket: nil, logging_config: nil, resource_labels: nil, windows_node_config: nil, accelerators: nil, machine_type: nil, disk_type: nil, disk_size_gb: nil, resource_manager_tags: nil, containerd_config: nil, queued_provisioning: nil, storage_pools: nil, max_run_duration: nil, flex_start: nil, boot_disk: nil, node_drain_config: nil, consolidation_delay: nil)
+              # @overload update_node_pool(project_id: nil, zone: nil, cluster_id: nil, node_pool_id: nil, node_version: nil, image_type: nil, name: nil, locations: nil, workload_metadata_config: nil, upgrade_settings: nil, tags: nil, taints: nil, labels: nil, linux_node_config: nil, kubelet_config: nil, node_network_config: nil, gcfs_config: nil, confidential_nodes: nil, gvnic: nil, etag: nil, fast_socket: nil, logging_config: nil, resource_labels: nil, windows_node_config: nil, accelerators: nil, machine_type: nil, disk_type: nil, disk_size_gb: nil, resource_manager_tags: nil, containerd_config: nil, queued_provisioning: nil, storage_pools: nil, max_run_duration: nil, flex_start: nil, boot_disk: nil, node_drain_config: nil, consolidation_delay: nil, taint_config: nil)
               #   Pass arguments to `update_node_pool` via keyword arguments. Note that at
               #   least one keyword argument is required. To specify no parameters, or to keep all
               #   the default parameter values, pass an empty Hash as a request object (see above).
@@ -798,6 +798,8 @@ def update_cluster request, options = nil
               #     Consolidation delay defines duration after which the Cluster Autoscaler can
               #     scale down underutilized nodes. If not set, nodes are scaled down by
               #     default behavior, i.e. according to the chosen autoscaling profile.
+              #   @param taint_config [::Google::Cloud::Container::V1::TaintConfig, ::Hash]
+              #     The taint configuration for the node pool.
               # @yield [result, operation] Access the result along with the TransportOperation object
               # @yieldparam result [::Google::Cloud::Container::V1::Operation]
               # @yieldparam operation [::Gapic::Rest::TransportOperation]
@@ -3666,7 +3668,7 @@ def fetch_cluster_upgrade_info request, options = nil
               end
 
               ##
-              # Fetch upgrade information of a specific nodepool.
+              # Fetch upgrade information of a specific node pool.
               #
               # @overload fetch_node_pool_upgrade_info(request, options = nil)
               #   Pass arguments to `fetch_node_pool_upgrade_info` via a request object, either of type
@@ -3684,7 +3686,7 @@ def fetch_cluster_upgrade_info request, options = nil
               #   the default parameter values, pass an empty Hash as a request object (see above).
               #
               #   @param name [::String]
-              #     Required. The name (project, location, cluster, nodepool) of the nodepool
+              #     Required. The name (project, location, cluster, node pool) of the node pool
               #     to get. Specified in the format
               #     `projects/*/locations/*/clusters/*/nodePools/*` or
               #     `projects/*/zones/*/clusters/*/nodePools/*`.

google-cloud-container-v1/lib/google/container/v1/cluster_service_pb.rb

@@ -31,6 +31,8 @@ module Api
     # @!attribute [rw] selective_gapic_generation
     #   @return [::Google::Api::SelectiveGapicGeneration]
     #     Configuration for which RPCs should be generated in the GAPIC client.
+    #
+    #     Note: This field should not be used in most cases.
     class CommonLanguageSettings
       include ::Google::Protobuf::MessageExts
       extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -441,6 +443,8 @@ class LongRunning
 
     # This message is used to configure the generation of a subset of the RPCs in
     # a service for client libraries.
+    #
+    # Note: This feature should not be used in most cases.
     # @!attribute [rw] methods
     #   @return [::Array<::String>]
     #     An allowlist of the fully qualified names of RPCs that should be included

google-cloud-container-v1/lib/google/container/v1/cluster_service_services_pb.rb

@@ -0,0 +1,88 @@
+# frozen_string_literal: true
+
+# Copyright 2026 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
+
+
+module Google
+  module Api
+    # Rich semantic information of an API field beyond basic typing.
+    # @!attribute [rw] format
+    #   @return [::Google::Api::FieldInfo::Format]
+    #     The standard format of a field value. This does not explicitly configure
+    #     any API consumer, just documents the API's format for the field it is
+    #     applied to.
+    # @!attribute [rw] referenced_types
+    #   @return [::Array<::Google::Api::TypeReference>]
+    #     The type(s) that the annotated, generic field may represent.
+    #
+    #     Currently, this must only be used on fields of type `google.protobuf.Any`.
+    #     Supporting other generic types may be considered in the future.
+    class FieldInfo
+      include ::Google::Protobuf::MessageExts
+      extend ::Google::Protobuf::MessageExts::ClassMethods
+
+      # The standard format of a field value. The supported formats are all backed
+      # by either an RFC defined by the IETF or a Google-defined AIP.
+      module Format
+        # Default, unspecified value.
+        FORMAT_UNSPECIFIED = 0
+
+        # Universally Unique Identifier, version 4, value as defined by
+        # https://datatracker.ietf.org/doc/html/rfc4122. The value may be
+        # normalized to entirely lowercase letters. For example, the value
+        # `F47AC10B-58CC-0372-8567-0E02B2C3D479` would be normalized to
+        # `f47ac10b-58cc-0372-8567-0e02b2c3d479`.
+        UUID4 = 1
+
+        # Internet Protocol v4 value as defined by [RFC
+        # 791](https://datatracker.ietf.org/doc/html/rfc791). The value may be
+        # condensed, with leading zeros in each octet stripped. For example,
+        # `001.022.233.040` would be condensed to `1.22.233.40`.
+        IPV4 = 2
+
+        # Internet Protocol v6 value as defined by [RFC
+        # 2460](https://datatracker.ietf.org/doc/html/rfc2460). The value may be
+        # normalized to entirely lowercase letters with zeros compressed, following
+        # [RFC 5952](https://datatracker.ietf.org/doc/html/rfc5952). For example,
+        # the value `2001:0DB8:0::0` would be normalized to `2001:db8::`.
+        IPV6 = 3
+
+        # An IP address in either v4 or v6 format as described by the individual
+        # values defined herein. See the comments on the IPV4 and IPV6 types for
+        # allowed normalizations of each.
+        IPV4_OR_IPV6 = 4
+      end
+    end
+
+    # A reference to a message type, for use in {::Google::Api::FieldInfo FieldInfo}.
+    # @!attribute [rw] type_name
+    #   @return [::String]
+    #     The name of the type that the annotated, generic field may represent.
+    #     If the type is in the same protobuf package, the value can be the simple
+    #     message name e.g., `"MyMessage"`. Otherwise, the value must be the
+    #     fully-qualified message name e.g., `"google.library.v1.Book"`.
+    #
+    #     If the type(s) are unknown to the service (e.g. the field accepts generic
+    #     user input), use the wildcard `"*"` to denote this behavior.
+    #
+    #     See [AIP-202](https://google.aip.dev/202#type-references) for more details.
+    class TypeReference
+      include ::Google::Protobuf::MessageExts
+      extend ::Google::Protobuf::MessageExts::ClassMethods
+    end
+  end
+end