Class: Google::Cloud::Container::V1::ContainerdConfig

Inherits:

Object

• Object
• Google::Cloud::Container::V1::ContainerdConfig

Extended by:

Protobuf::MessageExts::ClassMethods

Includes:

Protobuf::MessageExts

Defined in:

proto_docs/google/container/v1/cluster_service.rb

Overview

ContainerdConfig contains configuration to customize containerd.

Defined Under Namespace

Classes: PrivateRegistryAccessConfig, RegistryHostConfig, WritableCgroups

Instance Attribute Summary

• #private_registry_access_config ⇒ ::Google::Cloud::Container::V1::ContainerdConfig::PrivateRegistryAccessConfig

  PrivateRegistryAccessConfig is used to configure access configuration for private container registries.

• #registry_hosts ⇒ ::Array<::Google::Cloud::Container::V1::ContainerdConfig::RegistryHostConfig>

  RegistryHostConfig configures containerd registry host configuration.

• #writable_cgroups ⇒ ::Google::Cloud::Container::V1::ContainerdConfig::WritableCgroups

  Optional.

Instance Attribute Details

#private_registry_access_config ⇒ ::Google::Cloud::Container::V1::ContainerdConfig::PrivateRegistryAccessConfig

Returns PrivateRegistryAccessConfig is used to configure access configuration for private container registries.

Returns:

• (::Google::Cloud::Container::V1::ContainerdConfig::PrivateRegistryAccessConfig) —

  PrivateRegistryAccessConfig is used to configure access configuration for private container registries.

# File 'proto_docs/google/container/v1/cluster_service.rb', line 1507

class ContainerdConfig
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # PrivateRegistryAccessConfig contains access configuration for
  # private container registries.
  # @!attribute [rw] enabled
  #   @return [::Boolean]
  #     Private registry access is enabled.
  # @!attribute [rw] certificate_authority_domain_config
  #   @return [::Array<::Google::Cloud::Container::V1::ContainerdConfig::PrivateRegistryAccessConfig::CertificateAuthorityDomainConfig>]
  #     Private registry access configuration.
  class PrivateRegistryAccessConfig
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # CertificateAuthorityDomainConfig configures one or more fully qualified
    # domain names (FQDN) to a specific certificate.
    # @!attribute [rw] fqdns
    #   @return [::Array<::String>]
    #     List of fully qualified domain names (FQDN).
    #     Specifying port is supported.
    #     Wildcards are NOT supported.
    #     Examples:
    #     - `my.customdomain.com`
    #     - `10.0.1.2:5000`
    # @!attribute [rw] gcp_secret_manager_certificate_config
    #   @return [::Google::Cloud::Container::V1::ContainerdConfig::PrivateRegistryAccessConfig::CertificateAuthorityDomainConfig::GCPSecretManagerCertificateConfig]
    #     Secret Manager certificate configuration.
    class CertificateAuthorityDomainConfig
      include ::Google::Protobuf::MessageExts
      extend ::Google::Protobuf::MessageExts::ClassMethods

      # GCPSecretManagerCertificateConfig configures a secret from
      # [Secret Manager](https://cloud.google.com/secret-manager).
      # @!attribute [rw] secret_uri
      #   @return [::String]
      #     Secret URI, in the form
      #     "projects/$PROJECT_ID/secrets/$SECRET_NAME/versions/$VERSION".
      #     Version can be fixed (e.g. "2") or "latest"
      class GCPSecretManagerCertificateConfig
        include ::Google::Protobuf::MessageExts
        extend ::Google::Protobuf::MessageExts::ClassMethods
      end
    end
  end

  # Defines writable cgroups configuration.
  # @!attribute [rw] enabled
  #   @return [::Boolean]
  #     Optional. Whether writable cgroups is enabled.
  class WritableCgroups
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # RegistryHostConfig configures the top-level structure for a single
  # containerd registry server's configuration, which represents one hosts.toml
  # file on the node. It will override the same fqdns in
  # PrivateRegistryAccessConfig.
  # @!attribute [rw] server
  #   @return [::String]
  #     Defines the host name of the registry server, which will be used to
  #     create configuration file as /etc/containerd/hosts.d/<server>/hosts.toml.
  #     It supports fully qualified domain names (FQDN) and IP addresses:
  #     Specifying port is supported, while scheme and path are NOT supported.
  #     Wildcards are NOT supported.
  #     Examples:
  #     - `my.customdomain.com`
  #     - `10.0.1.2:5000`
  # @!attribute [rw] hosts
  #   @return [::Array<::Google::Cloud::Container::V1::ContainerdConfig::RegistryHostConfig::HostConfig>]
  #     HostConfig configures a list of host-specific configurations for the
  #     server.
  #     Each server can have at most 10 host configurations.
  class RegistryHostConfig
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # CertificateConfig configures certificate for the registry.
    # @!attribute [rw] gcp_secret_manager_secret_uri
    #   @return [::String]
    #     The URI configures a secret from
    #     [Secret Manager](https://cloud.google.com/secret-manager)
    #     in the format
    #     "projects/$PROJECT_ID/secrets/$SECRET_NAME/versions/$VERSION" for
    #     global secret or
    #     "projects/$PROJECT_ID/locations/$REGION/secrets/$SECRET_NAME/versions/$VERSION"
    #     for regional secret. Version can be fixed (e.g. "2") or "latest"
    class CertificateConfig
      include ::Google::Protobuf::MessageExts
      extend ::Google::Protobuf::MessageExts::ClassMethods
    end

    # CertificateConfigPair configures pairs of certificates, which is used for
    # client certificate and key pairs under a registry.
    # @!attribute [rw] cert
    #   @return [::Google::Cloud::Container::V1::ContainerdConfig::RegistryHostConfig::CertificateConfig]
    #     Cert configures the client certificate.
    # @!attribute [rw] key
    #   @return [::Google::Cloud::Container::V1::ContainerdConfig::RegistryHostConfig::CertificateConfig]
    #     Key configures the client private key. Optional.
    class CertificateConfigPair
      include ::Google::Protobuf::MessageExts
      extend ::Google::Protobuf::MessageExts::ClassMethods
    end

    # RegistryHeader configures headers for the registry.
    # @!attribute [rw] key
    #   @return [::String]
    #     Key configures the header key.
    # @!attribute [rw] value
    #   @return [::Array<::String>]
    #     Value configures the header value.
    class RegistryHeader
      include ::Google::Protobuf::MessageExts
      extend ::Google::Protobuf::MessageExts::ClassMethods
    end

    # HostConfig configures the registry host under a given Server.
    # @!attribute [rw] host
    #   @return [::String]
    #     Host configures the registry host/mirror.
    #     It supports fully qualified domain names (FQDNs) and IP addresses.
    #     Specifying scheme, port or path is supported. Scheme can only be http
    #     or https.
    #     Wildcards are NOT supported.
    #     Examples:
    #     - `my.customdomain.com`
    #     - `https://my.customdomain.com/path`
    #     - `10.0.1.2:5000`
    # @!attribute [rw] capabilities
    #   @return [::Array<::Google::Cloud::Container::V1::ContainerdConfig::RegistryHostConfig::HostCapability>]
    #     Capabilities represent the capabilities of the registry host,
    #     specifying what operations a host is capable of performing.
    #     If not set, containerd enables all capabilities by default.
    # @!attribute [rw] override_path
    #   @return [::Boolean]
    #     OverridePath is used to indicate the host's API root endpoint is
    #     defined in the URL path rather than by the API specification. This may
    #     be used with non-compliant OCI registries which are missing the /v2
    #     prefix.
    #     If not set, containerd sets default false.
    # @!attribute [rw] header
    #   @return [::Array<::Google::Cloud::Container::V1::ContainerdConfig::RegistryHostConfig::RegistryHeader>]
    #     Header configures the registry host headers.
    # @!attribute [rw] ca
    #   @return [::Array<::Google::Cloud::Container::V1::ContainerdConfig::RegistryHostConfig::CertificateConfig>]
    #     CA configures the registry host certificate.
    # @!attribute [rw] client
    #   @return [::Array<::Google::Cloud::Container::V1::ContainerdConfig::RegistryHostConfig::CertificateConfigPair>]
    #     Client configures the registry host client certificate and key.
    # @!attribute [rw] dial_timeout
    #   @return [::Google::Protobuf::Duration]
    #     Specifies the maximum duration allowed for a connection attempt to
    #     complete. A shorter timeout helps reduce delays when falling back to
    #     the original registry if the mirror is unreachable.
    #     Maximum allowed value is 180s. If not set, containerd sets default 30s.
    #     The value should be a decimal number of seconds with an `s` suffix.
    class HostConfig
      include ::Google::Protobuf::MessageExts
      extend ::Google::Protobuf::MessageExts::ClassMethods
    end

    # HostCapability configures capabilities for the registry host.
    module HostCapability
      # UNKNOWN should never be set.
      HOST_CAPABILITY_UNSPECIFIED = 0

      # Pull represents the capability to fetch manifests and blobs by digest.
      HOST_CAPABILITY_PULL = 1

      # Resolve represents the capability to fetch manifests by name.
      HOST_CAPABILITY_RESOLVE = 2

      # Push represents the capability to push blobs and manifests.
      HOST_CAPABILITY_PUSH = 3
    end
  end
end

#registry_hosts ⇒ ::Array<::Google::Cloud::Container::V1::ContainerdConfig::RegistryHostConfig>

Returns RegistryHostConfig configures containerd registry host configuration. Each registry_hosts represents a hosts.toml file. At most 25 registry_hosts are allowed.

Returns:

• (::Array<::Google::Cloud::Container::V1::ContainerdConfig::RegistryHostConfig>) —

  RegistryHostConfig configures containerd registry host configuration. Each registry_hosts represents a hosts.toml file. At most 25 registry_hosts are allowed.

# File 'proto_docs/google/container/v1/cluster_service.rb', line 1507

class ContainerdConfig
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # PrivateRegistryAccessConfig contains access configuration for
  # private container registries.
  # @!attribute [rw] enabled
  #   @return [::Boolean]
  #     Private registry access is enabled.
  # @!attribute [rw] certificate_authority_domain_config
  #   @return [::Array<::Google::Cloud::Container::V1::ContainerdConfig::PrivateRegistryAccessConfig::CertificateAuthorityDomainConfig>]
  #     Private registry access configuration.
  class PrivateRegistryAccessConfig
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # CertificateAuthorityDomainConfig configures one or more fully qualified
    # domain names (FQDN) to a specific certificate.
    # @!attribute [rw] fqdns
    #   @return [::Array<::String>]
    #     List of fully qualified domain names (FQDN).
    #     Specifying port is supported.
    #     Wildcards are NOT supported.
    #     Examples:
    #     - `my.customdomain.com`
    #     - `10.0.1.2:5000`
    # @!attribute [rw] gcp_secret_manager_certificate_config
    #   @return [::Google::Cloud::Container::V1::ContainerdConfig::PrivateRegistryAccessConfig::CertificateAuthorityDomainConfig::GCPSecretManagerCertificateConfig]
    #     Secret Manager certificate configuration.
    class CertificateAuthorityDomainConfig
      include ::Google::Protobuf::MessageExts
      extend ::Google::Protobuf::MessageExts::ClassMethods

      # GCPSecretManagerCertificateConfig configures a secret from
      # [Secret Manager](https://cloud.google.com/secret-manager).
      # @!attribute [rw] secret_uri
      #   @return [::String]
      #     Secret URI, in the form
      #     "projects/$PROJECT_ID/secrets/$SECRET_NAME/versions/$VERSION".
      #     Version can be fixed (e.g. "2") or "latest"
      class GCPSecretManagerCertificateConfig
        include ::Google::Protobuf::MessageExts
        extend ::Google::Protobuf::MessageExts::ClassMethods
      end
    end
  end

  # Defines writable cgroups configuration.
  # @!attribute [rw] enabled
  #   @return [::Boolean]
  #     Optional. Whether writable cgroups is enabled.
  class WritableCgroups
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # RegistryHostConfig configures the top-level structure for a single
  # containerd registry server's configuration, which represents one hosts.toml
  # file on the node. It will override the same fqdns in
  # PrivateRegistryAccessConfig.
  # @!attribute [rw] server
  #   @return [::String]
  #     Defines the host name of the registry server, which will be used to
  #     create configuration file as /etc/containerd/hosts.d/<server>/hosts.toml.
  #     It supports fully qualified domain names (FQDN) and IP addresses:
  #     Specifying port is supported, while scheme and path are NOT supported.
  #     Wildcards are NOT supported.
  #     Examples:
  #     - `my.customdomain.com`
  #     - `10.0.1.2:5000`
  # @!attribute [rw] hosts
  #   @return [::Array<::Google::Cloud::Container::V1::ContainerdConfig::RegistryHostConfig::HostConfig>]
  #     HostConfig configures a list of host-specific configurations for the
  #     server.
  #     Each server can have at most 10 host configurations.
  class RegistryHostConfig
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # CertificateConfig configures certificate for the registry.
    # @!attribute [rw] gcp_secret_manager_secret_uri
    #   @return [::String]
    #     The URI configures a secret from
    #     [Secret Manager](https://cloud.google.com/secret-manager)
    #     in the format
    #     "projects/$PROJECT_ID/secrets/$SECRET_NAME/versions/$VERSION" for
    #     global secret or
    #     "projects/$PROJECT_ID/locations/$REGION/secrets/$SECRET_NAME/versions/$VERSION"
    #     for regional secret. Version can be fixed (e.g. "2") or "latest"
    class CertificateConfig
      include ::Google::Protobuf::MessageExts
      extend ::Google::Protobuf::MessageExts::ClassMethods
    end

    # CertificateConfigPair configures pairs of certificates, which is used for
    # client certificate and key pairs under a registry.
    # @!attribute [rw] cert
    #   @return [::Google::Cloud::Container::V1::ContainerdConfig::RegistryHostConfig::CertificateConfig]
    #     Cert configures the client certificate.
    # @!attribute [rw] key
    #   @return [::Google::Cloud::Container::V1::ContainerdConfig::RegistryHostConfig::CertificateConfig]
    #     Key configures the client private key. Optional.
    class CertificateConfigPair
      include ::Google::Protobuf::MessageExts
      extend ::Google::Protobuf::MessageExts::ClassMethods
    end

    # RegistryHeader configures headers for the registry.
    # @!attribute [rw] key
    #   @return [::String]
    #     Key configures the header key.
    # @!attribute [rw] value
    #   @return [::Array<::String>]
    #     Value configures the header value.
    class RegistryHeader
      include ::Google::Protobuf::MessageExts
      extend ::Google::Protobuf::MessageExts::ClassMethods
    end

    # HostConfig configures the registry host under a given Server.
    # @!attribute [rw] host
    #   @return [::String]
    #     Host configures the registry host/mirror.
    #     It supports fully qualified domain names (FQDNs) and IP addresses.
    #     Specifying scheme, port or path is supported. Scheme can only be http
    #     or https.
    #     Wildcards are NOT supported.
    #     Examples:
    #     - `my.customdomain.com`
    #     - `https://my.customdomain.com/path`
    #     - `10.0.1.2:5000`
    # @!attribute [rw] capabilities
    #   @return [::Array<::Google::Cloud::Container::V1::ContainerdConfig::RegistryHostConfig::HostCapability>]
    #     Capabilities represent the capabilities of the registry host,
    #     specifying what operations a host is capable of performing.
    #     If not set, containerd enables all capabilities by default.
    # @!attribute [rw] override_path
    #   @return [::Boolean]
    #     OverridePath is used to indicate the host's API root endpoint is
    #     defined in the URL path rather than by the API specification. This may
    #     be used with non-compliant OCI registries which are missing the /v2
    #     prefix.
    #     If not set, containerd sets default false.
    # @!attribute [rw] header
    #   @return [::Array<::Google::Cloud::Container::V1::ContainerdConfig::RegistryHostConfig::RegistryHeader>]
    #     Header configures the registry host headers.
    # @!attribute [rw] ca
    #   @return [::Array<::Google::Cloud::Container::V1::ContainerdConfig::RegistryHostConfig::CertificateConfig>]
    #     CA configures the registry host certificate.
    # @!attribute [rw] client
    #   @return [::Array<::Google::Cloud::Container::V1::ContainerdConfig::RegistryHostConfig::CertificateConfigPair>]
    #     Client configures the registry host client certificate and key.
    # @!attribute [rw] dial_timeout
    #   @return [::Google::Protobuf::Duration]
    #     Specifies the maximum duration allowed for a connection attempt to
    #     complete. A shorter timeout helps reduce delays when falling back to
    #     the original registry if the mirror is unreachable.
    #     Maximum allowed value is 180s. If not set, containerd sets default 30s.
    #     The value should be a decimal number of seconds with an `s` suffix.
    class HostConfig
      include ::Google::Protobuf::MessageExts
      extend ::Google::Protobuf::MessageExts::ClassMethods
    end

    # HostCapability configures capabilities for the registry host.
    module HostCapability
      # UNKNOWN should never be set.
      HOST_CAPABILITY_UNSPECIFIED = 0

      # Pull represents the capability to fetch manifests and blobs by digest.
      HOST_CAPABILITY_PULL = 1

      # Resolve represents the capability to fetch manifests by name.
      HOST_CAPABILITY_RESOLVE = 2

      # Push represents the capability to push blobs and manifests.
      HOST_CAPABILITY_PUSH = 3
    end
  end
end

#writable_cgroups ⇒ ::Google::Cloud::Container::V1::ContainerdConfig::WritableCgroups

Returns Optional. WritableCgroups defines writable cgroups configuration for the node pool.

Returns:

• (::Google::Cloud::Container::V1::ContainerdConfig::WritableCgroups) —

  Optional. WritableCgroups defines writable cgroups configuration for the node pool.

# File 'proto_docs/google/container/v1/cluster_service.rb', line 1507

class ContainerdConfig
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # PrivateRegistryAccessConfig contains access configuration for
  # private container registries.
  # @!attribute [rw] enabled
  #   @return [::Boolean]
  #     Private registry access is enabled.
  # @!attribute [rw] certificate_authority_domain_config
  #   @return [::Array<::Google::Cloud::Container::V1::ContainerdConfig::PrivateRegistryAccessConfig::CertificateAuthorityDomainConfig>]
  #     Private registry access configuration.
  class PrivateRegistryAccessConfig
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # CertificateAuthorityDomainConfig configures one or more fully qualified
    # domain names (FQDN) to a specific certificate.
    # @!attribute [rw] fqdns
    #   @return [::Array<::String>]
    #     List of fully qualified domain names (FQDN).
    #     Specifying port is supported.
    #     Wildcards are NOT supported.
    #     Examples:
    #     - `my.customdomain.com`
    #     - `10.0.1.2:5000`
    # @!attribute [rw] gcp_secret_manager_certificate_config
    #   @return [::Google::Cloud::Container::V1::ContainerdConfig::PrivateRegistryAccessConfig::CertificateAuthorityDomainConfig::GCPSecretManagerCertificateConfig]
    #     Secret Manager certificate configuration.
    class CertificateAuthorityDomainConfig
      include ::Google::Protobuf::MessageExts
      extend ::Google::Protobuf::MessageExts::ClassMethods

      # GCPSecretManagerCertificateConfig configures a secret from
      # [Secret Manager](https://cloud.google.com/secret-manager).
      # @!attribute [rw] secret_uri
      #   @return [::String]
      #     Secret URI, in the form
      #     "projects/$PROJECT_ID/secrets/$SECRET_NAME/versions/$VERSION".
      #     Version can be fixed (e.g. "2") or "latest"
      class GCPSecretManagerCertificateConfig
        include ::Google::Protobuf::MessageExts
        extend ::Google::Protobuf::MessageExts::ClassMethods
      end
    end
  end

  # Defines writable cgroups configuration.
  # @!attribute [rw] enabled
  #   @return [::Boolean]
  #     Optional. Whether writable cgroups is enabled.
  class WritableCgroups
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # RegistryHostConfig configures the top-level structure for a single
  # containerd registry server's configuration, which represents one hosts.toml
  # file on the node. It will override the same fqdns in
  # PrivateRegistryAccessConfig.
  # @!attribute [rw] server
  #   @return [::String]
  #     Defines the host name of the registry server, which will be used to
  #     create configuration file as /etc/containerd/hosts.d/<server>/hosts.toml.
  #     It supports fully qualified domain names (FQDN) and IP addresses:
  #     Specifying port is supported, while scheme and path are NOT supported.
  #     Wildcards are NOT supported.
  #     Examples:
  #     - `my.customdomain.com`
  #     - `10.0.1.2:5000`
  # @!attribute [rw] hosts
  #   @return [::Array<::Google::Cloud::Container::V1::ContainerdConfig::RegistryHostConfig::HostConfig>]
  #     HostConfig configures a list of host-specific configurations for the
  #     server.
  #     Each server can have at most 10 host configurations.
  class RegistryHostConfig
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # CertificateConfig configures certificate for the registry.
    # @!attribute [rw] gcp_secret_manager_secret_uri
    #   @return [::String]
    #     The URI configures a secret from
    #     [Secret Manager](https://cloud.google.com/secret-manager)
    #     in the format
    #     "projects/$PROJECT_ID/secrets/$SECRET_NAME/versions/$VERSION" for
    #     global secret or
    #     "projects/$PROJECT_ID/locations/$REGION/secrets/$SECRET_NAME/versions/$VERSION"
    #     for regional secret. Version can be fixed (e.g. "2") or "latest"
    class CertificateConfig
      include ::Google::Protobuf::MessageExts
      extend ::Google::Protobuf::MessageExts::ClassMethods
    end

    # CertificateConfigPair configures pairs of certificates, which is used for
    # client certificate and key pairs under a registry.
    # @!attribute [rw] cert
    #   @return [::Google::Cloud::Container::V1::ContainerdConfig::RegistryHostConfig::CertificateConfig]
    #     Cert configures the client certificate.
    # @!attribute [rw] key
    #   @return [::Google::Cloud::Container::V1::ContainerdConfig::RegistryHostConfig::CertificateConfig]
    #     Key configures the client private key. Optional.
    class CertificateConfigPair
      include ::Google::Protobuf::MessageExts
      extend ::Google::Protobuf::MessageExts::ClassMethods
    end

    # RegistryHeader configures headers for the registry.
    # @!attribute [rw] key
    #   @return [::String]
    #     Key configures the header key.
    # @!attribute [rw] value
    #   @return [::Array<::String>]
    #     Value configures the header value.
    class RegistryHeader
      include ::Google::Protobuf::MessageExts
      extend ::Google::Protobuf::MessageExts::ClassMethods
    end

    # HostConfig configures the registry host under a given Server.
    # @!attribute [rw] host
    #   @return [::String]
    #     Host configures the registry host/mirror.
    #     It supports fully qualified domain names (FQDNs) and IP addresses.
    #     Specifying scheme, port or path is supported. Scheme can only be http
    #     or https.
    #     Wildcards are NOT supported.
    #     Examples:
    #     - `my.customdomain.com`
    #     - `https://my.customdomain.com/path`
    #     - `10.0.1.2:5000`
    # @!attribute [rw] capabilities
    #   @return [::Array<::Google::Cloud::Container::V1::ContainerdConfig::RegistryHostConfig::HostCapability>]
    #     Capabilities represent the capabilities of the registry host,
    #     specifying what operations a host is capable of performing.
    #     If not set, containerd enables all capabilities by default.
    # @!attribute [rw] override_path
    #   @return [::Boolean]
    #     OverridePath is used to indicate the host's API root endpoint is
    #     defined in the URL path rather than by the API specification. This may
    #     be used with non-compliant OCI registries which are missing the /v2
    #     prefix.
    #     If not set, containerd sets default false.
    # @!attribute [rw] header
    #   @return [::Array<::Google::Cloud::Container::V1::ContainerdConfig::RegistryHostConfig::RegistryHeader>]
    #     Header configures the registry host headers.
    # @!attribute [rw] ca
    #   @return [::Array<::Google::Cloud::Container::V1::ContainerdConfig::RegistryHostConfig::CertificateConfig>]
    #     CA configures the registry host certificate.
    # @!attribute [rw] client
    #   @return [::Array<::Google::Cloud::Container::V1::ContainerdConfig::RegistryHostConfig::CertificateConfigPair>]
    #     Client configures the registry host client certificate and key.
    # @!attribute [rw] dial_timeout
    #   @return [::Google::Protobuf::Duration]
    #     Specifies the maximum duration allowed for a connection attempt to
    #     complete. A shorter timeout helps reduce delays when falling back to
    #     the original registry if the mirror is unreachable.
    #     Maximum allowed value is 180s. If not set, containerd sets default 30s.
    #     The value should be a decimal number of seconds with an `s` suffix.
    class HostConfig
      include ::Google::Protobuf::MessageExts
      extend ::Google::Protobuf::MessageExts::ClassMethods
    end

    # HostCapability configures capabilities for the registry host.
    module HostCapability
      # UNKNOWN should never be set.
      HOST_CAPABILITY_UNSPECIFIED = 0

      # Pull represents the capability to fetch manifests and blobs by digest.
      HOST_CAPABILITY_PULL = 1

      # Resolve represents the capability to fetch manifests by name.
      HOST_CAPABILITY_RESOLVE = 2

      # Push represents the capability to push blobs and manifests.
      HOST_CAPABILITY_PUSH = 3
    end
  end
end