[4SrSSKJr SSKJr SSKJr SSKrSSKrSSKrSSKJ r SSKJ r SSK J r SS KJr SSKJ r SS KJr SS KJr SSKJ r SS KJr SS KJr SSKJr SSKJr SSKJr SSKJr SSK J!r" SSK J#r# SSK$r$Sr%Sr&Sr'Sr(Sr)Sr*Sr+Sr,Sr-Sr.Sr/Sr0S r1S!r2S"r3S#r4S$r5S%r6S&r7S'r8S(r9S)r:S*r;S+rS.r?S/r@S0rAS1rBS2rCS3rDS4rES5rFS6rGS7rHS8rIS7rJS9rKS:rLS;rMSrPS?rQS@rRSArSSBrTSCrUSDrVSErWSFrXSGrYSHrZSIr[SJr\SKr]SLr^SMr_SNr`SOraS@rbSPrcSQrdSRreSSrfSTrgSUrhSVriSWrjSXrkS@rlSYrmS@rnSZroS[rpS\rqSLrrS]rsS^rtSMruSNrvS_rwS`rxSarySbrzScr{Sdr|SMr}Ser~SfrSgrShrSirSjrSkrSlr"SmSn\GR 5rSorSprSqrSrrSsrStrSurSvrSwrSxrSyrSzrS{rS|rS}rS~r"SS\5r"SS\5r"SS\5r"SS\5r"SS\5r"SS\5r"SS\5r"SS\5r"SS\5r"SS\5r"SS\5r"SS\5rSrSrSrSrSrSrSrSrSSjrSSjrSrSSjrSSjrSrSSjrSSjrSrSSjrSrSSjrSrSrSrSrSrS\4Sjrg)z)Common utilities for the containers tool.)absolute_import)division)unicode_literalsN)encoding) exceptions) kubeconfig) enable_api) arg_utils)config)log) properties)yaml)store)resource_printer)update_manager)files) platformsa table( name, zone:label=LOCATION, master_version():label=MASTER_VERSION, endpoint:label=MASTER_IP, nodePools[0].config.machineType, currentNodeVersion:label=NODE_VERSION, firstof(currentNodeCount,initialNodeCount):label=NUM_NODES, status, ipAllocationPolicy.stackType.yesno(no='IPV4'):label=STACK_TYPE ) z table( name, operationType:label=TYPE, zone:label=LOCATION, targetLink.basename():label=TARGET, statusMessage, status, startTime, endTime ) z| table( name, config.machineType, config.diskSizeGb, version:label=NODE_VERSION ) z;ResponseError: code={status_code}, message={status_message}zNode version is specified while node auto-upgrade is enabled. Node-pools created at the specified version will be auto-upgraded whenever auto-upgrade preconditions are met.z Kubernetes Beta APIs are not stable, it is advised to use them with caution. Please read carefully about limitations and associated risks at https://cloud.google.com//kubernetes-engine/docs/how-to/use-beta-apis zR'--max-surge-upgrade' and '--max-unavailable-upgrade' must be used in conjunction.zinsecureKubeletReadonlyPortEnabled specified in both config file and by flag. Please specify either command line option or the value in the config file. kubeletConfigcpuManagerPolicy cpuCFSQuotacpuCFSQuotaPeriod podPidsLimit"insecureKubeletReadonlyPortEnabledallowedUnsafeSysctlscontainerLogMaxSizecontainerLogMaxFilesimageGcHighThresholdPercentimageGcLowThresholdPercentimageMinimumGcAgeimageMaximumGcAgenodeSwapSizeGibmaxParallelImagePulls linuxConfigsysctl cgroupModetransparentHugepageEnabledtransparentHugepageDefraghugepageConfighugepage_size2mhugepage_size1g memoryManagerpolicytopologyManagerscopesingleProcessOomKillkernelOverrideskernelCommandlineOverridesspecRstackOverflow initOnAlloclruGenenabledminTtlMsadditionalEtcHosts additionalEtcSystemdResolvedConfadditionalEtcResolvConftimeZonecustomNodeInit initScriptgcsUri gcsGenerationargsiphostkeyvalue swapConfigencryptionConfigdisabledbootDiskProfileephemeralLocalSsdProfilededicatedLocalSsdProfile swapSizeGibswapSizePercent diskCountprivateRegistryAccessConfigwritableCgroups registryHostsserverhosts overridePathheader dialTimeout capabilitiesgcpSecretManagerSecretUricaclientcert certificateAuthorityDomainConfig!gcpSecretManagerCertificateConfig secretURIfqdns evictionSoftevictionSoftGracePeriodevictionMinimumReclaim evictionMaxPodGracePeriodSecondsc\rSrSrSrSrg)Errorz.Class for errors raised by container commands.N)__name__ __module__ __qualname____firstlineno____doc____static_attributes__rh,lib/googlecloudsdk/api_lib/container/util.pyrfrfs6rorfc[R"5n[R"USR U5US9 UR 5$)Nzlist[title="{0}"])out)ioStringIOrPrintformatgetvalue)titleitemsbufs rp ConstructListr{s7 # 3 : :5 AsK rozAccessing a Kubernetes Engine cluster requires the kubernetes commandline client [kubectl]. To install, run $ gcloud components install kubectl kubectlzCGROUP_MODE_V1 is deprecated. Please use CGROUP_MODE_V2 instead. For additional details, please refer to https://cloud.google.com/kubernetes-engine/docs/how-to/migrate-cgroupv2zNode pool {0} is running cgroupv1 which is deprecated. Please use cgroupv2 instead. For additional details, please refer to https://cloud.google.com/kubernetes-engine/docs/how-to/migrate-cgroupv2zhProblem checking cgroup mode of node pools: {} Please make sure the node pools are running cgroupv2`. c[R"5RbL[RR 5n[ R"USS9nUR5n[U;$g)NF)platform_filterwarn) r Pathssdk_rootrPlatformCurrentr UpdateManagerGetCurrentVersionsInformation_KUBECTL_COMPONENT_NAME)platformmanagerinstalled_componentss rp_KubectlInstalledAsComponentrsZ \\^(!!))+H**8%PG"@@B "&: :: )roc[R"[5n[5nU(d"U(d[R "[ 5 gU(aU$U$)zBVerify that the kubectl component is installed or print a warning.N) file_utilsFindExecutableOnPathrrr warningMISSING_KUBECTL_MSG) executable components rpCheckKubectlInstalledrs=../FG**,)  KK#$ !0y0roc`SRURURURS9$)Nzchttps://console.cloud.google.com/kubernetes/workload_/gcloud/{location}/{cluster}?project={project})locationclusterproject)rvzone clusterId projectId) cluster_refs rpGenerateClusterUrlrs7@ F#### rocURRRHnURU:XdMUs $ [ X5eN)privateClusterConfigcrossConnectConfigry subnetworkMissingCrossConnectError)rcross_connect_subnetworkitems rp(_GetCrossConnectConfigItemFromSubnetworkrs>**==CCd 22 kD !CCroc0[X5nUR$)zFExtract endpoint for the kubeconfig from the cross connect subnetwork.)rprivateEndpoint)rrcross_connect_config_items rp"_GetCrossConnectSubnetworkEndpointrsF  # 2 22rocNURRnUc [U5eU$)z2Extract endpoint for the kubeconfig from the fqdn.)rprivateEndpointFqdnMissingPrivateFqdnError)rfqdns rp_GetFqdnPrivateEndpointrs(  % % 9 9$ \ !' ** +roc&URSS5$)aConverts a resource identifier (possibly a full URI) to the zonal format. e.g., container.projects.locations.clusters (like projects/foo/locations/us-moon1/clusters/my-cluster) -> container.projects.zones.clusters (like projects/foo/zones/us-moon1/clusters/my-cluster). While the locational format is newer, we have to use a single one because the formats have different fields. This allows either to be input, but the code will use entirely the zonal format. Args: path: A string resource name, possibly a URI (i.e., self link). Returns: The string identifier converted to zonal format if applicable. Unchanged if not applicable (i.e., not a full path or already in zonal format). z /locations/z/zones/)replace)paths rpLocationalResourceToZonalr's$ mY //rocURb\URRbEURRR(d U(dU(dU(a [U5eU(ayURblURRbUURRR (d0[ 5(d [U5e[R"S5 U(dIURbGURRb0URRR(d [U5$U(dU(dU(axUR(d [U5eURR(d [U5eUb [X5$U(a [!U5$URR$UR"(d [%U5eUR"$)z[[U] SRUR55 g)Nz$cluster {0} is missing private fqdn.)superr__init__rvnameselfr __class__s rpr MissingPrivateFqdnError.__init__s% !41.55gllCrorhrirjrkrlrmrrn __classcell__rs@rprrsErorc,^\rSrSrSrU4SjrSrU=r$)rizCError for retrieving DNSEndpoint config of a cluster that has none.c^>[[U] SRUR55 g)Nz)cluster {0} is missing DNSEndpointConfig.)rrrrvrrs rpr&MissingDnsEndpointConfigError.__init__s% '73::7<<Hrorhrrs@rprrsKrorc,^\rSrSrSrU4SjrSrU=r$)riz[[U] SRUR55 g)Nz#cluster {0} is missing DNSEndpoint.)rrrrvrrs rpr MissingDNSEndpointError.__init__s% !41-44W\\Brorhrrs@rprrsDrorc,^\rSrSrSrU4SjrSrU=r$)rizEError for retrieving cross-connect-subnet of a cluster that has none.c`>[[U] SRURU55 g)Nz4cluster {0} is missing cross-connect subnetwork {1}.)rrrrvr)rrcross_connect_subnetrs rpr!MissingCrossConnectError.__init__s+ "D2>EE LL. rorhrrs@rprrsMrorc,^\rSrSrSrU4SjrSrU=r$)riz?Error for attempting to persist a cluster that has no endpoint.c^>[[U] SRUR55 g)Nz:cluster {0} is missing endpoint. Is it still PROVISIONING?)rrrrvrrs rprMissingEndpointError.__init__s( .DKK LL rorhrrs@rprrsGrorc,^\rSrSrSrU4SjrSrU=r$)rizEError for attempting to persist internal IP of a non-private cluster.c^>[[U] SRUR55 g)Nz%cluster {0} is not a private cluster.)rrrrvrrs rprNonPrivateClusterError.__init__s% $0/66w||Drorhrrs@rprrsMrorc,^\rSrSrSrU4SjrSrU=r$)rizBError for attempting to persist a cluster that has no internal IP.c^>[[U] SRUR55 g)NzBcluster {0} is missing private endpoint. Is it still PROVISIONING?)rrrrvrrs rpr$MissingPrivateEndpointError.__init__s& %t5 w||,rorhrrs@rprrsJrorc,^\rSrSrSrU4SjrSrU=r$)NodeConfigErroriz6Error for attempting parse node config YAML/JSON file.cJ>[[U] SRU55 g)NzInvalid node config: {0})rrrrvrers rprNodeConfigError.__init__s /4)*D*K*KA*NOrorhrrs@rprrs>PProrc,^\rSrSrSrU4SjrSrU=r$)AutoprovisioningConfigErrorizBError for attempting parse autoprovisioning config YAML/JSON file.cJ>[[U] SRU55 g)Nz)Invalid autoprovisioning config file: {0})rrrrvrs rpr$AutoprovisioningConfigError.__init__s! %t53::1=rorhrrs@rprrsJrorc,^\rSrSrSrU4SjrSrU=r$)rizXError for attempting to persist internal IP for cluster with ipEndpoint access disabled.c^>[[U] SRUR55 g)Nz&IP access is disabled for cluster {0}.)rrrrvrrs rpr#IPEndpointsIsDisabledError.__init__s% $d4077 Erorhrrs@rprrs`rorc,^\rSrSrSrU4SjrSrU=r$)riz\Error for attempting to persist DNS endpoint for cluster with allowExternalTraffic disabled.c^>[[U] SRUR55 g)Nz_controlPlaneEndpointsConfig.dnsEndpointConfig.allowExternalTraffic is disabled for cluster {0}.)rrrrvrrs rpr,AllowExternalTrafficIsDisabledError.__init__s& -t= %%+VGLL%9rorhrrs@rprrsdrorc\rSrSrSrSrSrSrSrSr \ S5r \ S 5r \ S 5r \ S 5r\ S 5r\ S 5r\ S5r\S5r\S5r\SSj5rSr\SSj5r\S5r\S5rSrg) ClusterConfigizzEncapsulates persistent cluster config data. Call ClusterConfig.Load() or ClusterConfig.Persist() to create this object. z{project}_{zone}_{cluster}zgke_{project}_{zone}_{cluster}c USUlUSUlUSUlUSUlUR S5UlUR S5UlUR S5UlUR S5UlUR S 5Ul UR S 5Ul UR S 5Ul UR S 5Ul UR S 5Ul g)N cluster_namezone_id project_idrS auth_provider exec_authca_dataclient_cert_dataclient_key_datarimpersonate_service_accountkubecontext_override use_iam_token)rrrrSgetrrrrrrrrr)rkwargss rprClusterConfig.__init__s~.D)$DL\*DO"DKO4DZZ ,DN::i(DL"JJ'9:D!::&78D >2D'-zz2O'PD$ & +A BDO4Droc\SUR<SUR<SUR<S3$)NzClusterConfig{project:z , cluster:z, zone:})rrrrs rp__str__ClusterConfig.__str__ s#    roc[RR[RRURU55$r)osrabspathjoin config_dir)rfilenames rp _FullpathClusterConfig._Fullpaths( 77??277<<B CCrocl[RURURUR5$r)r GetConfigDirrrrr s rprClusterConfig.config_dirs*  % % 4<< roc[RURURURUR 5$r)r KubeContextrrrrr s rp kube_contextClusterConfig.kube_contexts5  $ $    !!  rocR[UR=(a UR5$r)boolrrr s rp has_cert_dataClusterConfig.has_cert_data$s $$>)>)> ??rocUR$r)rr s rp has_certsClusterConfig.has_certs(s   rocUR$r)rr s rp has_ca_certClusterConfig.has_ca_cert,s <<rocUR$r)rr s rphas_dns_endpointClusterConfig.has_dns_endpoint0s   rocUR$r)rr s rphas_impersonate_service_account-ClusterConfig.has_impersonate_service_account4s  + ++rocp[RRRR 5(+$r)r VALUES containeruse_client_certificateGetBoolrhrorpUseGCPAuthProvider ClusterConfig.UseGCPAuthProvider8s&  **AAIIK KKroc [RR[R"5R [ RRX!US95$)N)rrr) r rrr rcontainer_config_pathr_CONFIG_DIR_FORMATrv)rrrs rprClusterConfig.GetConfigDir<sD 77<< ,,((//l 0  roNcPU(aU$[RRX US9$)N)rrr)rKUBECONTEXT_FORMATrv)rrroverrides rprClusterConfig.KubeContextEs- o  + + 2 2w 3 rocURn[RR5n0nSUR0nUR (aUR US'UR(aURUS'URUS'UR(aSUS'UR(aURUS'UR(a [5US'[R"XU5UR U'[R""U40UD6UR$U'[R&"XR(40UD6UR*U'UR-U5 UR/5 [RR15n[2R4"S U5 [2R6R9[:R=UR>US 95 g ) z%Generate kubeconfig for this cluster.rr cert_datakey_dataTr&r iam_tokenzSaved kubeconfig to %s)rcontextN) rkconfig KubeconfigDefaultrr#rrrrr&r)rr_GenerateIamTokenContextcontextsUserusersClusterrSclustersSetCurrentContext SaveToFile DefaultPathr debugstatusruKUBECONFIG_USAGE_FMTrvr)rr>rcluster_kwargs user_kwargsrs rp GenKubeconfigClusterConfig.GenKubeconfigMsG##++-JN++K "&,,nY !%!6!6k+ $ 4 4k* +/n'( ++  * */0 !2!4k+$+??7W#MJ ' W D DJW#*??$ .$J   )    ) ) +DII&-JJ##D,=,=w#Oroc [UUUUU5n URURUSU -UU S.n U(dIURb@URRb)URRR (dXS'UR n U (a!U R(aU RU S'O[R"S5 UR5(aSU S'O@U R(a/U R(aU RU S'U RU S 'U(aX{S 'U"S 0U D6n U R5 U $) aSaves config data for the given cluster. Persists config file and kubernetes auth file for the given cluster to cloud-sdk config directory and returns ClusterConfig object encapsulating the same data. Args: cluster: valid Cluster message to persist config data for. project_id: project that owns this cluster. use_internal_ip: whether to persist the internal IP of the endpoint. cross_connect_subnetwork: full path of the cross connect subnet whose endpoint to persist (optional) use_private_fqdn: whether to persist the private fqdn. use_dns_endpoint: whether to generate dns endpoint address. impersonate_service_account: the service account to impersonate when connecting to the cluster. kubecontext_override: the path to the kubeconfig file to write to. use_iam_token: whether to generate and persist an IAM token in the kubeconfig file. Returns: ClusterConfig of the persisted data. Raises: Error: if cluster has no endpoint (will be the case for first few seconds while cluster is PROVISIONING). zhttps://)rrrrSrrrrz.Cluster is missing certificate authority data.gcprrrrrh)rrrrrr8 masterAuthclusterCaCertificater rr0clientCertificate clientKeyrQ)clsrrrrrrrrrrrauthc_configs rpPersistClusterConfig.Persistrs+P#  H << x' 4& F++7  / / A A M33EEMM'^   D ))33fY kkBC  %f_  DNN$(NN !%)%;%;!"".I *+}V}H  Oroc [R"SUUU5 [RR 5nUR XX45nUR RU5=(a UR URS5nURRU5=(a URURS5nURRU5=(a URURS5n U(aU(aU (d[R"SU5 gU RS5U:wdU RS5U:wa[R"SU 5 gURS5n [R"S U 5n URS 5n URS 5n U (d[R"S U5 gU (aU (a[R"S 5 gO%U (dU (a[R"S5 gURS5nURS5nURS5nURS5nU=(a UnU=(d U=(d UnU(d[R"SXh5 gUUUU UUU UUS. nU"S0UD6$)asLoad and verify config for given cluster. Args: cluster_name: name of cluster to load config for. zone_id: compute zone the cluster is running in. project_id: project in which the cluster is running. kubecontext_override: the path to the kubeconfig file to read from. Returns: ClusterConfig for the cluster, or None if config data is missing or incomplete. z9Loading cluster config for cluster=%s, zone=%s project=%sruserr>z!missing kubeconfig entries for %sNzinvalid context %srSz\d+\.\d+\.\d+\.\d+zinsecure-skip-tls-verifyzcertificate-authority-dataz#missing cluster.server entry for %szScluster cannot specify both certificate-authority-data and insecure-skip-tls-verifyzOcluster must specify one of certificate-authority-data|insecure-skip-tls-verifyz auth-providerexeczclient-certificate-datazclient-key-dataz!missing auth info for user %s: %s) rrrrSrrrrrrh) r rLr?r@rArrHrrFrDresearch)rYrrrrkrErr_r>rSuses_ip_endpointinsecurerrrr;r< cert_authhas_valid_authrs rpLoadClusterConfig.LoadsBIIC  ""$A //z CjjnnS!Dajjo&9&9)&DG 77;;s  8 0 0 8DjjnnS!Dajjo&9&9)&DG $g ii3S9 {{6c!W[[%;s%B ii$g. [[ "Fyy!6?{{56Hkk67G  ii5s;    +   ) ii @HH_-M I23Ixx)*H&hI"[[@[[B[[D[ 0En[ [ Xg5 URG5Ul$UR[5URHl%UR[5URHl&UR[5URHl'UR[5URHl(UR["5URHl)UR[(5URHl*UR[*5URHl+UR[.5URHl,UR[,5URHl-UR[05URHl.UR[25URHl/UR[85URHl0UR[:5URHl1UR[<5URHl2[[[[[[S.n[g[>UURhU5URHl5[g[@UURlU5URHl7[g[BUURpU5URHl9UR[D5URHl:UR[65n U (aUURw5URHl<U R[z5n U (aXRHRxl>UR[45n U (aUR5URHl@U R[5n U (aU URHRl>U R[5n U (aXRHRlCUR[$5nU(aXRHlDUSL=(a- URHSL=(a URHRRSLnUSLnU(aU(a[[5eUR[5nU(Ga[ [U[[[[[[[[[[[[[[[[&[[&[[&[[[[0 5 UR5UlSUR[5nU(aURR5URlU[[R"U55Hhunn[UU[5 URRRRURRRUUS95 Mj UR[5nU(a[URS5(d[SR U55eURRRURRRURRRS.nUU;a[S R U55eUS :Xa[R"[5 UUURleUR[5nU(aURRRURRRURRRURRRS .nUU;a[S R U55eUUURlkUR[5nU(aURRRURRRURRRURRRURRRURRRS .nUU;a[SR U55eUUURlsUR[5nU(aUR5URluUR[5nU(aUURRlwUR[5nU(aUURRlyUR[5=n(GaUR5URl{[ [U[[[[[[[[G[[05 UR[5nUbUURRlUR[5n U (aUGR5URRl[ [U G[[05 U RG[5n!U!b&U!URRGRlUR[5n"U"(aUGR 5n#[ [U"G[[ G[[ 05 U"RG[5n$U$bU$U#lU"RG[5n%U%bU%U#lU#URRlUR[5n&U&(aUGR5n'[ [U&G[[ G[[ 05 U&RG[5n$U$bU$U'lU&RG[5n%U%bU%U'lU'URRlURG[5n(U((aiUGR5n)[ G[U(G[[ 05 U(RG[5n*U*bU*U)lU)URRlUR[5n+U+GbZUGR%5URl[ [U+G[([G[*[05 U+RG[(5n,U,Gb5U,RG[,5n-U,RG[.5n.UGR15URGR&lU-blSn/U-U/:XaIUGR0GR4GR6URGR&GR2lO[SR U-U/55eU.blSn0U.U0:XaIUGR0GR:GR<URGR&GR2lO[SR U.U055eU+RG[*5n1U1bUGRA5URGR&lU1RG[D5n2U1RG[F5n3U2b'U2URGR&GRBlU3b'U3URGR&GRBlUR[5n4/URlU4(aG[MU45Hun5n[ SR [U55UG[N[G[P[05 UGRS5n6URG[N5U6lURG[P5U6lURGRJRU65 M UR[5n7/URlU7(aG[MU75Hun5n[ SR [U55UG[Z[G[\[&05 UGR_5n8URG[Z5U8lURG[\5U8lURGRXRU85 M UR[5n9/URlU9(aG[MU95Hun5n[ SR [U55UG[Z[G[\[&05 UGR_5n8URG[Z5U8lURG[\5U8lURGRdRU85 M UR[5n:U:(aU:URlUR[5n;U;(GapUGRi5URl[ [U;G[l[05 U;RG[l5n)memoryAvailablenodefsAvailablenodefsInodesFreeimagefsAvailableimagefsInodesFree pidAvailable)rErFr(z*setting cgroupMode as {0} is not supported)CGROUP_MODE_UNSPECIFIEDCGROUP_MODE_V1CGROUP_MODE_V2zucgroup mode "{0}" is not supported, the supported options are CGROUP_MODE_UNSPECIFIED, CGROUP_MODE_V1, CGROUP_MODE_V2r)(TRANSPARENT_HUGEPAGE_ENABLED_UNSPECIFIED#TRANSPARENT_HUGEPAGE_ENABLED_ALWAYS$TRANSPARENT_HUGEPAGE_ENABLED_MADVISE"TRANSPARENT_HUGEPAGE_ENABLED_NEVERztransparent hugepage enabled "{0}" is not supported, the supported options are TRANSPARENT_HUGEPAGE_ENABLED_ALWAYS, TRANSPARENT_HUGEPAGE_ENABLED_MADVISE, TRANSPARENT_HUGEPAGE_ENABLED_NEVER, TRANSPARENT_HUGEPAGE_ENABLED_UNSPECIFIED)'TRANSPARENT_HUGEPAGE_DEFRAG_UNSPECIFIED"TRANSPARENT_HUGEPAGE_DEFRAG_ALWAYS!TRANSPARENT_HUGEPAGE_DEFRAG_DEFER.TRANSPARENT_HUGEPAGE_DEFRAG_DEFER_WITH_MADVISE#TRANSPARENT_HUGEPAGE_DEFRAG_MADVISE!TRANSPARENT_HUGEPAGE_DEFRAG_NEVERa4transparent hugepage defrag "{0}" is not supported, the supported options are TRANSPARENT_HUGEPAGE_DEFRAG_ALWAYS, TRANSPARENT_HUGEPAGE_DEFRAG_DEFER, TRANSPARENT_HUGEPAGE_DEFRAG_DEFER_WITH_MADVISE, TRANSPARENT_HUGEPAGE_DEFRAG_MADVISE, TRANSPARENT_HUGEPAGE_DEFRAG_NEVER, TRANSPARENT_HUGEPAGE_DEFRAG_UNSPECIFIEDSPEC_RSTACK_OVERFLOW_OFFzPsetting specRstackOverflow as {0} is not supported. The supported options is {1}INIT_ON_ALLOC_OFFzIsetting initOnAlloc as {0} is not supported. The supported options is {1}{0}[{1}])rloadYAMLParseErrorrrvrNC_KUBELET_CONFIGdictNC_LINUX_CONFIGrNC_CPU_MANAGER_POLICYstrNC_CPU_CFS_QUOTArNC_CPU_CFS_QUOTA_PERIODNC_POD_PIDS_LIMITr{NC_KUBELET_READONLY_PORTNC_ALLOWED_UNSAFE_SYSCTLSlistNC_CONTAINER_LOG_MAX_SIZENC_CONTAINER_LOG_MAX_FILES"NC_IMAGE_GC_HIGH_THRESHOLD_PERCENT!NC_IMAGE_GC_LOW_THRESHOLD_PERCENTNC_IMAGE_MINIMUM_GC_AGENC_IMAGE_MAXIMUM_GC_AGENC_TOPOLOGY_MANAGERNC_MEMORY_MANAGERNC_SINGLE_PROCESS_OOMKILLNC_NODE_SWAP_SIZE_GIBNC_MAX_PARALLEL_IMAGE_PULLSNC_EVICTION_SOFTNC_EVICTION_SOFT_GRACE_PERIODNC_EVICTION_MINIMUM_RECLAIM(NC_EVICTION_MAX_POD_GRACE_PERIOD_SECONDSNodeKubeletConfigrr cpuCfsQuotacpuCfsQuotaPeriodrrrrr!r r"r#r2r$r%rEvictionSignalsraEvictionGracePeriodrbEvictionMinimumReclaimrcrd MemoryManagerr.NC_MEMORY_MANAGER_POLICYr/TopologyManagerr0NC_TOPOLOGY_MANAGER_POLICYNC_TOPOLOGY_MANAGER_SCOPEr1rINVALID_NC_FLAG_CONFIG_OVERLAP NC_SYSCTLNC_CGROUP_MODE NC_HUGEPAGENC_TRANSPARENT_HUGEPAGE_ENABLEDNC_TRANSPARENT_HUGEPAGE_DEFRAGNC_SWAP_CONFIGNC_KERNEL_OVERRIDESNC_ADDITIONAL_ETC_HOSTS'NC_ADDITIONAL_ETC_SYSTEMD_RESOLVED_CONFNC_ADDITIONAL_ETC_RESOLV_CONF NC_TIME_ZONENC_CUSTOM_NODE_INITLinuxNodeConfiglinuxNodeConfig SysctlsValuesysctlssortedsix iteritems_CheckNodeConfigValueTypeadditionalPropertiesappendAdditionalPropertyhasattrCgroupModeValueValuesEnumrrrr rCGROUPV1_DEPRECATED_MSGr()TransparentHugepageEnabledValueValuesEnumrrrrr)(TransparentHugepageDefragValueValuesEnumrrrrrrr*HugepagesConfig hugepagesNC_HUGEPAGE_2MhugepageSize2mNC_HUGEPAGE_1GhugepageSize1g SwapConfigrGNC_SWAP_CONFIG_ENABLED NC_SWAP_CONFIG_ENCRYPTION_CONFIG NC_SWAP_CONFIG_BOOT_DISK_PROFILE*NC_SWAP_CONFIG_EPHEMERAL_LOCAL_SSD_PROFILE*NC_SWAP_CONFIG_DEDICATED_LOCAL_SSD_PROFILEr8EncryptionConfigrH)NC_SWAP_CONFIG_ENCRYPTION_CONFIG_DISABLEDrIBootDiskProfileNC_SWAP_CONFIG_SWAP_SIZE_GIB NC_SWAP_CONFIG_SWAP_SIZE_PERCENTrMrNrJEphemeralLocalSsdProfilerKDedicatedLocalSsdProfileNC_SWAP_CONFIG_DISK_COUNTrOrLKernelOverridesr3NC_KERNEL_COMMANDLINE_OVERRIDES NC_LRU_GENNC_KERNEL_SPEC_RSTACK_OVERFLOWNC_KERNEL_INIT_ON_ALLOCKernelCommandlineOverridesr4!SpecRstackOverflowValueValuesEnumrr5InitOnAllocValueValuesEnumrr6LRUGenr7NC_LRU_GEN_ENABLEDNC_LRU_GEN_MIN_TTL_MSr9r: enumerateNC_ETC_HOSTS_ENTRY_IPNC_ETC_HOSTS_ENTRY_HOST EtcHostsEntryrCrDr;NC_RESOLVED_CONF_ENTRY_KEYNC_RESOLVED_CONF_ENTRY_VALUEResolvedConfEntryrErFr<r=CustomNodeInitr>NC_CUSTOM_NODE_INIT_SCRIPT InitScriptr?"NC_CUSTOM_NODE_INIT_SCRIPT_GCS_URI)NC_CUSTOM_NODE_INIT_SCRIPT_GCS_GENERATIONNC_CUSTOM_NODE_INIT_SCRIPT_ARGSr@rArB)> node_configcontentopt_readonly_port_flagmessagesrrkubelet_config_opts config_fieldseviction_map_string_fieldsmemory_manager_optsmemory_manager_policytopology_manager_optstopology_manager_policytopology_manager_scoper ro_in_cfg ro_in_flaglinux_config_opts sysctl_optsrErFcgroup_mode_optscgroup_mode_mapping!transparent_hugepage_enabled_opts$transparent_hugepage_enabled_mapping transparent_hugepage_defrag_opts#transparent_hugepage_defrag_mapping hugepage_optsr,r-swap_config_optsr8encryption_config_optsrIboot_disk_profile_optsboot_disk_profile_msg swap_size_gibswap_size_percent ephemeral_local_ssd_profile_optsephemeral_local_ssd_profile_msg dedicated_local_ssd_profile_optsdedicated_local_ssd_profile_msg disk_countkernel_overrides_optskernel_commandlinespec_rstack_overflow init_on_allocspec_rstack_overflow_offinit_on_alloc_offlru_genlru_gen_enabled min_ttl_msadditional_etc_hosts_optsietc_hosts_entry)additional_etc_systemd_resolved_conf_optsresolved_conf_entryadditional_etc_resolv_conf_optstime_zone_optscustom_node_init_optsinit_script_opts init_argss> rpLoadSystemConfigFromYAMLrLZsJ 99W D T 4!23s$  3  !$  "4  "3 #C +C *3   T 4 "4 s!" $S#$ $%t#T0#+M..!) : : .112CD080F0F0Hk-1556NO 9N!!//6/334GH2:2J2J2Lk/ 5 9 9 $! ! # !!118 588 #  :P!!117!%%&?@G7>4  # #4 /  # # F F   &T1*: 8 99hh/ t C  +S *C D  #T 3T )4 #  $#+":":"v08   ..N O!!;&))+6M.6.F.F.Hk!!+%)).9o ?N ##--<%)).9o ?N ##--<,00@@@/7/B/B/Dk!!,  $d..8$8$   !$$%;*:)=)= 4*& *  - - / (  6 ,,c0#  9<< (   $8E ) 5<@@ ,   (?'!T   ;Q ? *C,d  '88:"&((+E"F$(HH-I$J!##;;BB  @"'**<8N-;k!!*.112EF3;3J3J3Lk!!0   %t , /223MN    !!00;  & 2C93/    !C D ##22==D  !J K ##22==K%(()HI  GP+ % % 4 4 ? ? D !# S {   J >EEaH IIJsAS/S/AT"TATTAT"cH[US5(a[URS5(auURR(aYURRRS:Xa4[R "[ RUR55 ggggg)zCCheck cgroup mode of the node pool and print a warning if it is V1.r effectiveCgroupModeEFFECTIVE_CGROUP_MODE_V1N)rr rNrr rCGROUPV1_NODEPOOLS_MSGrv)pools rpCheckForCgroupModeV1rRsv T86K!L!L '' KK + + 0 04N N kk(// :; O ("Mroc[R"U5n[ SU[ [[[[[05 UR[ 5=n(Ga[[[[0n[ [ XV5 UR5UlUR[5UR lUR[5=n(Ga%[$[[&[0n/UR l[+U5Hup[ SR [U5X5 U R[$5n U (d [S5e[ [$U [,[.05 UR15n UR35U lU R[,5U R4lU R[&5U lUR R(R;U 5 M UR[5=n (aU[<[0n[ [X5 UR?5Ul U R[<5UR@lUR[5n U (Ga3/Ul![+U 5GHup[ SR [U5U[D[.[F[05 URI5nUR[D5Ul%UR[F5nU(Ga~/Ul&[+U5GHgunn[ SR [U[FU5U[N[.[P[[R[[T[[V[.[X[[Z[05 UR]5nUR[N5Ul/UR[P5Ul0UR[R5nU(aUR\RbRdUR\RbRfUR\RbRhUR\RbRjS.nUHYnUU;a[SR U55eURl(d/Ul6URlR;UU5 M[ UR[T5nU(a/Ul7UHn[ S U[p[.[r[05 URu5nUR[p5Ul;UR[r5Ul<URnR;U5 M UR[V5nU(aUUl=UR[X5nU(al/Ul>UH_n[ S U[~[.05 UR5nUR[~5UlAUR|R;U5 Ma UR[Z5nU(Ga&/UlBUGHn[ S U[[[[05 UR5n UR[5n!U!(aH[ S U![~[.05 UR5n"U!R[~5U"lAU"U lFUR[5n#U#(aH[ S U#[~[.05 UR5n$U#R[~5U$lAU$U l;URR;U 5 GM URLR;U5 GMj URBR;U5 GM gg![Ran[SR U55eSnAff=f)afLoad containerd configuration from YAML/JSON file. Args: containerd_config: The containerd config object to be populated (either from a node or from node config defaults). content: The YAML/JSON string that contains private CR config. messages: The message module. Raises: Error: when there's any errors on parsing the YAML/JSON system config. rNrrzlprivateRegistryAccessConfig.certificateAuthorityDomainConfig must specify a secret config, none was providedz{0}[{1}].{2}[{3}])HOST_CAPABILITY_UNSPECIFIEDHOST_CAPABILITY_PULLHOST_CAPABILITY_RESOLVEHOST_CAPABILITY_PUSHzcapability "{0}" is not supported, the supported options are HOST_CAPABILITY_PULL, HOST_CAPABILITY_RESOLVE, HOST_CAPABILITY_PUSHrVrZr[r\rE)GrrrrrvrNC_CC_PRIVATE_CR_CONFIGrNC_CC_WRITABLE_CGROUPS&NC_CC_PRIVATE_CR_CONFIG_REGISTRY_HOSTSrrNC_CC_PRIVATE_CR_CONFIG_ENABLEDrNC_CC_CA_CONFIGPrivateRegistryAccessConfigrPr8NC_CC_GCP_SECRET_CONFIGNC_CC_PRIVATE_CR_FQDNS_CONFIGr]r "NC_CC_GCP_SECRET_CONFIG_SECRET_URIr CertificateAuthorityDomainConfig!GCPSecretManagerCertificateConfigr^ secretUrir`rNC_CC_WRITABLE_CGROUPS_ENABLEDWritableCgroupsrQrR-NC_CC_PRIVATE_CR_CONFIG_REGISTRY_HOSTS_SERVER,NC_CC_PRIVATE_CR_CONFIG_REGISTRY_HOSTS_HOSTSRegistryHostConfigrSrT+NC_CC_PRIVATE_CR_CONFIG_REGISTRY_HOSTS_HOST4NC_CC_PRIVATE_CR_CONFIG_REGISTRY_HOSTS_OVERRIDE_PATH3NC_CC_PRIVATE_CR_CONFIG_REGISTRY_HOSTS_CAPABILITIES-NC_CC_PRIVATE_CR_CONFIG_REGISTRY_HOSTS_HEADER3NC_CC_PRIVATE_CR_CONFIG_REGISTRY_HOSTS_DIAL_TIMEOUT)NC_CC_PRIVATE_CR_CONFIG_REGISTRY_HOSTS_CA-NC_CC_PRIVATE_CR_CONFIG_REGISTRY_HOSTS_CLIENT HostConfigrDrU$CapabilitiesValueListEntryValuesEnumrTrUrVrWrXrV1NC_CC_PRIVATE_CR_CONFIG_REGISTRY_HOSTS_HEADER_KEY3NC_CC_PRIVATE_CR_CONFIG_REGISTRY_HOSTS_HEADER_VALUERegistryHeaderrErFrWrZ5NC_CC_PRIVATE_CR_CONFIG_REGISTRY_HOSTS_GCP_SECRET_URICertificateConfigrYr[2NC_CC_PRIVATE_CR_CONFIG_REGISTRY_HOSTS_CLIENT_CERT1NC_CC_PRIVATE_CR_CONFIG_REGISTRY_HOSTS_CLIENT_KEYCertificateConfigPairr\)%containerd_configrrrrprivate_registry_optsrca_domain_optsrCca_itemgcp_secret_opts ca_configwritable_cgroups_optsregistry_hosts_optsregistry_host_optregistry_host_msg hosts_optsjhost_opthost_msgcapabilities_optscapability_mappingcap_opt header_opts header_opt header_msgdial_timeout_optca_optsca_optca_msg client_opts client_opt client_msgcert_optcert_msgkey_optkey_msgs% rpLoadContainerdConfigFromYAMLrsJ 99W D !4 $ 0$#hh'>???'M!6 ,,.1 !!"AB119/22?CC~C !4 'm 33T".1*!   oq 17 "++&=>A    #  / 5 ==?  6 6 8 3    B C 33="++&CD 55VV]]  /28#hh'=>>>&M 5)1(@(@(B%0E0I0I&1%%-!GH&(# )*= >   BA F ;S:D #557!2!6!6 7"%(( 6j "$$Z0KAx !((8>  =sFEt?Es;T? $((*(",,9 (-#+,,B# ( 'llA ''LLhh''LLaa''LLdd''LLaa " - 22%,,2F7O **(*%##**+=g+FG-! ; + HO) $GI4$224j)~~C jn",E"joo$$Z0!*$&\\A #3H LL!JK' HK!$H#N  113f17G2f.kk  ("! ; + HO) $H$G$99;j#Dh&M$5575=\\I62#+ "Cg&M#4464;KKI51") oo$$Z0c*f  ! ! ( ( 2y1z%%,,->?a!?[   J >EEaH IIJs__6_11_6c &[X[5 [UR55[UR55- nU(a-[ SR [ [U55U55eUHn[XAUX$5 M g)abCheck whether the children of the config option are valid or not. Args: parent_name: The name of the config option to be checked. parent: The config option to be checked. spec: The spec defining the expected children and their value type. Raises: NodeConfigError: if there is any unknown fields or any of the fields doesn't satisfy the spec. zunknown fields: {0} in "{1}"N)rrsetkeysrrvrr)rparentspecunknown_fields field_names rprrsyK6v{{}%DIIK(88. &-- 4' (+   jj*NOrocl[X5(d$[SRXR55eg)a*Check whether the config option has the expected value type. Args: name: The name of the config option to be checked. value: The value of the config option to be checked. value_type: The expected value type (e.g., str, bool, dict). Raises: NodeConfigError: if value is not of value_type. zvalue of "{0}" must be {1}N) isinstancerrvri)rrF value_types rprrs5 E & & $++D2E2EF  'rocSSSS.$)NrIz outbound-only bidirectional)#PRIVATE_IPV6_GOOGLE_ACCESS_DISABLED$PRIVATE_IPV6_GOOGLE_ACCESS_TO_GOOGLE(PRIVATE_IPV6_GOOGLE_ACCESS_BIDIRECTIONALrhrhrorp_GetPrivateIPv6CustomMappingsrs-7.=2A rocnSn[R"SURR[ 5UUS9$)zReturns a mapper from text options to the PrivateIpv6GoogleAccess enum. Args: messages: The message module. hidden: Whether the flag should be hidden in the choice_arg aC Sets the type of private access to Google services over IPv6. PRIVATE_IPV6_GOOGLE_ACCESS_TYPE must be one of: bidirectional Allows Google services to initiate connections to GKE pods in this cluster. This is not intended for common use, and requires previous integration with Google services. disabled Default value. Disables private access to Google services over IPv6. outbound-only Allows GKE pods to make fast, secure requests to Google services over IPv6. This is the most common use of private IPv6 access. $ gcloud alpha container clusters create --private-ipv6-google-access-type=disabled $ gcloud alpha container clusters create --private-ipv6-google-access-type=outbound-only $ gcloud alpha container clusters create --private-ipv6-google-access-type=bidirectional !--private-ipv6-google-access-typehiddenhelp_str)r ChoiceEnumMapper NetworkConfig&PrivateIpv6GoogleAccessValueValuesEnumrrr help_texts rp$GetPrivateIpv6GoogleAccessTypeMapperrs<)0  # #)CC#%   rocj[R"SURR[ 5USS9$)zReturns a mapper from the text options to the PrivateIpv6GoogleAccess enum. Args: messages: The message module. hidden: Whether the flag should be hidden in the choice_arg. The choice_arg will never actually be used for this mode. rr)r r ClusterUpdate-DesiredPrivateIpv6GoogleAccessValueValuesEnumrrrs rp-GetPrivateIpv6GoogleAccessTypeMapperForUpdater)s5  # #)JJ#%   roc SSS.$)Nipv4z ipv4-ipv6)IPV4 IPV4_IPV6rhrhrorp_GetStackTypeCustomMappingsr:s rocnSn[R"SURR[ 5UUS9$)zReturns a mapper from text options to the InTransitEncryptionConfig enum. Args: messages: The message module. hidden: Whether the flag should be hidden in the choice_arg. a Sets the in-transit encryption type for dataplane v2 clusters. --in-transit-encryption must be one of: inter-node-transparent Changes clusters to use transparent, dataplane v2, node-to-node encryption. none: Disables dataplane v2 in-transit encryption. $ gcloud container clusters create --in-transit-encryption=inter-node-transparent $ gcloud container clusters create --in-transit-encryption=none --in-transit-encryptionr)r rr(InTransitEncryptionConfigValueValuesEnum+_GetInTransitEncryptionConfigCustomMappingsrs rp(GetCreateInTransitEncryptionConfigMapperrAs<)  # #EE13   rocnSn[R"SURR[ 5UUS9$)zReturns a mapper from text options to the InTransitEncryptionConfig enum. Args: messages: The message module. hidden: Whether the flag should be a hidden flag. a Updates the in-transit encryption type for dataplane v2 clusters. --in-transit-encryption must be one of: inter-node-transparent Changes clusters to use transparent, dataplane v2, node-to-node encryption. none: Disables dataplane v2 in-transit encryption. $ gcloud container clusters update --in-transit-encryption=inter-node-transparent $ gcloud container clusters update --in-transit-encryption=none rr)r rr/DesiredInTransitEncryptionConfigValueValuesEnumrrs rp(GetUpdateInTransitEncryptionConfigMapperrbs<)  # #LL13   roc SSS.$)Nzinter-node-transparentnone),IN_TRANSIT_ENCRYPTION_INTER_NODE_TRANSPARENTIN_TRANSIT_ENCRYPTION_DISABLEDrhrhrorprrs6N(. rocnSn[R"SURR[ 5UUS9$)Returns a mapper from text options to the StackType enum. Args: messages: The message module. hidden: Whether the flag should be hidden in the choice_arg a> Sets the stack type for the cluster nodes and pods. STACK_TYPE must be one of: ipv4 Default value. Creates IPv4 single stack clusters. ipv4-ipv6 Creates dual stack clusters. $ gcloud container clusters create --stack-type=ipv4 $ gcloud container clusters create --stack-type=ipv4-ipv6 --stack-typer)r rIPAllocationPolicyStackTypeValueValuesEnumrrs rpGetCreateStackTypeMapperrs<)  # #!!::!#   rocnSn[R"SURR[ 5UUS9$)raJ Updates the stack type for the cluster nodes and pods. STACK_TYPE must be one of: ipv4 Changes clusters to IPv4 single stack clusters. ipv4-ipv6 Changes clusters to dual stack clusters. $ gcloud container clusters update --stack-type=ipv4 $ gcloud container clusters update --stack-type=ipv4-ipv6 rr)r rrDesiredStackTypeValueValuesEnumrrs rpGetUpdateStackTypeMapperrs<)  # #<<!#   roc SSS.$)Ninternalexternal)INTERNALEXTERNALrhrhrorp _GetIpv6AccessTypeCustomMappingsrs rocnSn[R"SURR[ 5UUS9$)zReturns a mapper from text options to the Ipv6AccessType enum. Args: messages: The message module. hidden: Whether the flag should be hidden in the choice_arg a| Sets the IPv6 access type for the subnet created by GKE. IPV6_ACCESS_TYPE must be one of: internal Creates a subnet with INTERNAL IPv6 access type. external Default value. Creates a subnet with EXTERNAL IPv6 access type. $ gcloud container clusters create --ipv6-access-type=internal $ gcloud container clusters create --ipv6-access-type=external z--ipv6-access-typer)r rrIpv6AccessTypeValueValuesEnumrrs rpGetIpv6AccessTypeMapperrs<)  # #!!??&(   rocSSSSS.$)NrIz project-singleton-policy-enforcezpolicy-bindingsz4policy-bindings-and-project-singleton-policy-enforce)DISABLED PROJECT_SINGLETON_POLICY_ENFORCEPOLICY_BINDINGS4POLICY_BINDINGS_AND_PROJECT_SINGLETON_POLICY_ENFORCErhrhrorp(_GetBinauthzEvaluationModeCustomMappingsrs*L* @  rocj[R"SURR[ 5USS9$)zReturns a mapper from text options to the evaluation mode enum. Args: messages: The message module. hidden: Whether the flag should be hidden in the choice_arg z--binauthz-evaluation-moderr)r rBinaryAuthorizationEvaluationModeValueValuesEnumrrs rpGetBinauthzEvaluationModeMapperrs5  # #"""@@.0   rocU(dg[UR55U- (a:SRSR[UR55U- 55$g)Nz'following names are not recognised: {0} )rrrvr)actualknowns rpHasUnknownKeysrsO  % 4 ; ; V[[]#e+,  roc[R"U5nU(d [S5e1Skn[ X5nU(a [U5eUR S5(a1SS1n[ UR S5U5nU(a [U5eUR S5(a1S S 1n[ UR S5U5nU(a [U5eUR S 5(a2S S 1n[ UR S 5U5nU(a [U5egg![Ran[SR U55eSnAff=f)aLoad and Validate Autoprovisioning configuration from YAML/JSON file. Args: nap_config_file: The YAML/JSON string that contains sysctl and kubelet options. Raises: Error: when there's any errors on parsing the YAML/JSON system config or wrong name are present. z8autoprovisioning config file is not valid YAML/JSON: {0}Nz,autoprovisioning config file cannot be empty> scopesdiskType imageType diskSizeGb managementbootDiskKmsKeyminCpuPlatformresourceLimitsserviceAccountupgradeSettingsshieldedInstanceConfigautoprovisioningLocationsrmaxSurgeUpgrademaxUnavailableUpgrader autoUpgrade autoRepairrenableSecureBootenableIntegrityMonitoring)rrrrrvrr)nap_config_file nap_configr nap_paramserrupgrade_settings_paramsnode_management_paramsshielded_paramss rp"ValidateAutoprovisioningConfigFilersQ?+J  %6  * z.# %c **^^%&&02IJ ()+B C ' ,,^^L!!+\:  57M NC ' ,,^^,--)+FGO /0/ C ' ,, .Q    %BII!L sD""E6EEcSn[R"X5(d[R"S5 gg![R [ R4a [R"S5 gf=f)z3Checks if the Container File System API is enabled.z"containerfilesystem.googleapis.comaContainer File System API (containerfilesystem.googleapis.com) has not been enabled on the project. Please enable it for image streaming to fully work. For additional details, please refer to https://cloud.google.com/kubernetes-engine/docs/how-to/image-streaming#requirementsaFailed to check if Container File System API (containerfilesystem.googleapis.com) has been enabled. Please make sure to enable it for image streaming to work. For additional details, please refer to https://cloud.google.com/kubernetes-engine/docs/how-to/image-streaming#requirementsN)r IsServiceEnabledr rr#GetServicePermissionDeniedExceptionapitools_exceptions HttpError)r service_names rp2CheckForContainerFileSystemApiEnablementWithPromptrWsm5,  & &w = = kk a >44##  KK _ s17:A43A4c6U(d [S5e[R"U5(d [S5e/nUHnSnU(d [S5e[R"UR U5nUR(d [S5eUR5(a3[SRURUR555eURU5 M URUS9$![ an[U5eSnAff=f)z8Loads json/yaml node affinities from yaml file contents.ziNo node affinity labels specified. You must specify at least one label to create a sole tenancy instance.z3Node affinities must be specified as JSON/YAML listNz"Empty list item in JSON/YAML file.z6A key must be specified for every node affinity label.z,Key [{0}] has invalid field formats for: {1})nodeAffinities) rfr list_likerPyValueToMessage NodeAffinity ExceptionrEall_unrecognized_fieldsrvrSoleTenantConfig)affinities_yamlrnode_affinitiesaffinity node_affinityrs rp(LoadSoleTenantConfigFromNodeAffinityYamlrps    3   ( ( E FF/!hM  6 77//0E0ExPm    J KK,,..  8 ? ?!F!F!H   =)!"$  " "/ " BB  !Hns!C>> D DDc[RRRR 5nUSL=(a UR 5R S5$)z+Returns a bool noting if User is a Googler.Nz @google.com)r r,coreaccountGetlowerendswith)emails rprrsC    ( ( , , .% d  Du{{}55mDDroreturnc[5(d [S5e[R"SSS9n[R R RRSS9n[R"U5nSURSU3$)aGenerates an IAM token for the current user, if the user is a Googler. The IAM token consists of three concatenated strings: 1. The `iam-` prefix. 2. The token associated with the credentials from the active account. 3. The authorization token stored in the auth.authorization_token_file property. Returns: The IAM token for the current user. Raises: Error: if the user is not a Googler. zNIAM tokens are only supported for internal users. Please use a Google account.TF)use_google_authallow_account_impersonation)requiredziam-^) rrfc_storerhr r,rZauthorization_token_filerrReadFileContentstoken)credauth_token_file auth_tokens rprBrBs     d N$%%**CCGGH/**?;*  |1ZL ))ro)F)T)rm __future__rrrrsr raapitools.base.pyrrr  googlecloudsdk.api_lib.containerrr?googlecloudsdk.api_lib.servicesr $googlecloudsdk.command_lib.util.apisr googlecloudsdk.corer core_exceptionsr r rgooglecloudsdk.core.credentialsrr)googlecloudsdk.core.resourcergooglecloudsdk.core.updaterrgooglecloudsdk.core.utilrrrrCLUSTERS_FORMATOPERATIONS_FORMATNODEPOOLS_FORMATHTTP_ERROR_FORMAT*WARN_NODE_VERSION_WITH_AUTOUPGRADE_ENABLEDWARN_BETA_APIS_ENABLEDINVALIID_SURGE_UPGRADE_SETTINGSrrxr}r|rrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr rrrrrrrrrr r rrrrrrrrrrrrrXr[rYrdrZrfrgrirjrlrrrsrmrkrurnrorwrxr\r^r`r_rrrrrfr{rrrrPCGROUPV1_CHECKING_FAILURE_MSGrrrrrrrrrrNrrrrrrrrrrrobjectrrrrLrRrrrrrrrrrrrrrrrrrrrrrrrBrhrorprDsY0&' %>B66:&=#*$<968.   B 3+N '!# "#* -"?213%B"$@!--)5  ">!< ""##'%#2'">!5'  ".*L' 9 &)%-",;)"( "&"#5 ,6)#4 -G*-G*,#4 '7"+*!*)8&08-/6,.4+7E408-4916=36C36D36-1)08-5;24914=%0" '! 96+M(7O ! !7  $OO? ;1D30*8v -eEeu5U%PeP%%q;Fq;h 5<0T Qn<M@`P6$&R"BBBBB  <-~2CDE *3*ro