Commit dca135d5 authored by Chao Xu's avatar Chao Xu

run ./remove-original-proto.sh to remove the old proto

parent e185f7e2
This source diff could not be displayed because it is too large. You can view the blob instead.
/*
Copyright 2017 The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// This file was autogenerated by go-to-protobuf. Do not edit it manually!
syntax = 'proto2';
package k8s.io.kubernetes.pkg.apis.admissionregistration.v1alpha1;
import "k8s.io/apimachinery/pkg/apis/meta/v1/generated.proto";
import "k8s.io/apimachinery/pkg/runtime/generated.proto";
import "k8s.io/apimachinery/pkg/runtime/schema/generated.proto";
import "k8s.io/apimachinery/pkg/util/intstr/generated.proto";
// Package-wide variables from generator "generated".
option go_package = "v1alpha1";
// AdmissionHookClientConfig contains the information to make a TLS
// connection with the webhook
message AdmissionHookClientConfig {
// Service is a reference to the service for this webhook. If there is only
// one port open for the service, that port will be used. If there are multiple
// ports open, port 443 will be used if it is open, otherwise it is an error.
// Required
optional ServiceReference service = 1;
// CABundle is a PEM encoded CA bundle which will be used to validate webhook's server certificate.
// Required
optional bytes caBundle = 2;
}
// ExternalAdmissionHook describes an external admission webhook and the
// resources and operations it applies to.
message ExternalAdmissionHook {
// The name of the external admission webhook.
// Name should be fully qualified, e.g., imagepolicy.kubernetes.io, where
// "imagepolicy" is the name of the webhook, and kubernetes.io is the name
// of the organization.
// Required.
optional string name = 1;
// ClientConfig defines how to communicate with the hook.
// Required
optional AdmissionHookClientConfig clientConfig = 2;
// Rules describes what operations on what resources/subresources the webhook cares about.
// The webhook cares about an operation if it matches _any_ Rule.
repeated RuleWithOperations rules = 3;
// FailurePolicy defines how unrecognized errors from the admission endpoint are handled -
// allowed values are Ignore or Fail. Defaults to Ignore.
// +optional
optional string failurePolicy = 4;
}
// ExternalAdmissionHookConfiguration describes the configuration of initializers.
message ExternalAdmissionHookConfiguration {
// Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata.
// +optional
optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1;
// ExternalAdmissionHooks is a list of external admission webhooks and the
// affected resources and operations.
// +optional
// +patchMergeKey=name
// +patchStrategy=merge
repeated ExternalAdmissionHook externalAdmissionHooks = 2;
}
// ExternalAdmissionHookConfigurationList is a list of ExternalAdmissionHookConfiguration.
message ExternalAdmissionHookConfigurationList {
// Standard list metadata.
// More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds
// +optional
optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1;
// List of ExternalAdmissionHookConfiguration.
repeated ExternalAdmissionHookConfiguration items = 2;
}
// Initializer describes the name and the failure policy of an initializer, and
// what resources it applies to.
message Initializer {
// Name is the identifier of the initializer. It will be added to the
// object that needs to be initialized.
// Name should be fully qualified, e.g., alwayspullimages.kubernetes.io, where
// "alwayspullimages" is the name of the webhook, and kubernetes.io is the name
// of the organization.
// Required
optional string name = 1;
// Rules describes what resources/subresources the initializer cares about.
// The initializer cares about an operation if it matches _any_ Rule.
// Rule.Resources must not include subresources.
repeated Rule rules = 2;
// FailurePolicy defines what happens if the responsible initializer controller
// fails to takes action. Allowed values are Ignore, or Fail. If "Ignore" is
// set, initializer is removed from the initializers list of an object if
// the timeout is reached; If "Fail" is set, admissionregistration returns timeout error
// if the timeout is reached.
optional string failurePolicy = 3;
}
// InitializerConfiguration describes the configuration of initializers.
message InitializerConfiguration {
// Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata.
// +optional
optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1;
// Initializers is a list of resources and their default initializers
// Order-sensitive.
// When merging multiple InitializerConfigurations, we sort the initializers
// from different InitializerConfigurations by the name of the
// InitializerConfigurations; the order of the initializers from the same
// InitializerConfiguration is preserved.
// +patchMergeKey=name
// +patchStrategy=merge
// +optional
repeated Initializer initializers = 2;
}
// InitializerConfigurationList is a list of InitializerConfiguration.
message InitializerConfigurationList {
// Standard list metadata.
// More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds
// +optional
optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1;
// List of InitializerConfiguration.
repeated InitializerConfiguration items = 2;
}
// Rule is a tuple of APIGroups, APIVersion, and Resources.It is recommended
// to make sure that all the tuple expansions are valid.
message Rule {
// APIGroups is the API groups the resources belong to. '*' is all groups.
// If '*' is present, the length of the slice must be one.
// Required.
repeated string apiGroups = 1;
// APIVersions is the API versions the resources belong to. '*' is all versions.
// If '*' is present, the length of the slice must be one.
// Required.
repeated string apiVersions = 2;
// Resources is a list of resources this rule applies to.
//
// For example:
// 'pods' means pods.
// 'pods/log' means the log subresource of pods.
// '*' means all resources, but not subresources.
// 'pods/*' means all subresources of pods.
// '*/scale' means all scale subresources.
// '*/*' means all resources and their subresources.
//
// If wildcard is present, the validation rule will ensure resources do not
// overlap with each other.
//
// Depending on the enclosing object, subresources might not be allowed.
// Required.
repeated string resources = 3;
}
// RuleWithOperations is a tuple of Operations and Resources. It is recommended to make
// sure that all the tuple expansions are valid.
message RuleWithOperations {
// Operations is the operations the admission hook cares about - CREATE, UPDATE, or *
// for all operations.
// If '*' is present, the length of the slice must be one.
// Required.
repeated string operations = 1;
// Rule is embedded, it describes other criteria of the rule, like
// APIGroups, APIVersions, Resources, etc.
optional Rule rule = 2;
}
// ServiceReference holds a reference to Service.legacy.k8s.io
message ServiceReference {
// Namespace is the namespace of the service
// Required
optional string namespace = 1;
// Name is the name of the service
// Required
optional string name = 2;
}
/*
Copyright 2017 The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// This file was autogenerated by go-to-protobuf. Do not edit it manually!
syntax = 'proto2';
package k8s.io.kubernetes.pkg.apis.authentication.v1;
import "k8s.io/apimachinery/pkg/apis/meta/v1/generated.proto";
import "k8s.io/apimachinery/pkg/runtime/generated.proto";
import "k8s.io/apimachinery/pkg/runtime/schema/generated.proto";
import "k8s.io/apimachinery/pkg/util/intstr/generated.proto";
// Package-wide variables from generator "generated".
option go_package = "v1";
// ExtraValue masks the value so protobuf can generate
// +protobuf.nullable=true
// +protobuf.options.(gogoproto.goproto_stringer)=false
message ExtraValue {
// items, if empty, will result in an empty slice
repeated string items = 1;
}
// TokenReview attempts to authenticate a token to a known user.
// Note: TokenReview requests may be cached by the webhook token authenticator
// plugin in the kube-apiserver.
message TokenReview {
// +optional
optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1;
// Spec holds information about the request being evaluated
optional TokenReviewSpec spec = 2;
// Status is filled in by the server and indicates whether the request can be authenticated.
// +optional
optional TokenReviewStatus status = 3;
}
// TokenReviewSpec is a description of the token authentication request.
message TokenReviewSpec {
// Token is the opaque bearer token.
// +optional
optional string token = 1;
}
// TokenReviewStatus is the result of the token authentication request.
message TokenReviewStatus {
// Authenticated indicates that the token was associated with a known user.
// +optional
optional bool authenticated = 1;
// User is the UserInfo associated with the provided token.
// +optional
optional UserInfo user = 2;
// Error indicates that the token couldn't be checked
// +optional
optional string error = 3;
}
// UserInfo holds the information about the user needed to implement the
// user.Info interface.
message UserInfo {
// The name that uniquely identifies this user among all active users.
// +optional
optional string username = 1;
// A unique value that identifies this user across time. If this user is
// deleted and another user by the same name is added, they will have
// different UIDs.
// +optional
optional string uid = 2;
// The names of groups this user is a part of.
// +optional
repeated string groups = 3;
// Any additional information provided by the authenticator.
// +optional
map<string, ExtraValue> extra = 4;
}
/*
Copyright 2017 The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// This file was autogenerated by go-to-protobuf. Do not edit it manually!
syntax = 'proto2';
package k8s.io.kubernetes.pkg.apis.authentication.v1beta1;
import "k8s.io/apimachinery/pkg/apis/meta/v1/generated.proto";
import "k8s.io/apimachinery/pkg/runtime/generated.proto";
import "k8s.io/apimachinery/pkg/runtime/schema/generated.proto";
import "k8s.io/apimachinery/pkg/util/intstr/generated.proto";
// Package-wide variables from generator "generated".
option go_package = "v1beta1";
// ExtraValue masks the value so protobuf can generate
// +protobuf.nullable=true
// +protobuf.options.(gogoproto.goproto_stringer)=false
message ExtraValue {
// items, if empty, will result in an empty slice
repeated string items = 1;
}
// TokenReview attempts to authenticate a token to a known user.
// Note: TokenReview requests may be cached by the webhook token authenticator
// plugin in the kube-apiserver.
message TokenReview {
// +optional
optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1;
// Spec holds information about the request being evaluated
optional TokenReviewSpec spec = 2;
// Status is filled in by the server and indicates whether the request can be authenticated.
// +optional
optional TokenReviewStatus status = 3;
}
// TokenReviewSpec is a description of the token authentication request.
message TokenReviewSpec {
// Token is the opaque bearer token.
// +optional
optional string token = 1;
}
// TokenReviewStatus is the result of the token authentication request.
message TokenReviewStatus {
// Authenticated indicates that the token was associated with a known user.
// +optional
optional bool authenticated = 1;
// User is the UserInfo associated with the provided token.
// +optional
optional UserInfo user = 2;
// Error indicates that the token couldn't be checked
// +optional
optional string error = 3;
}
// UserInfo holds the information about the user needed to implement the
// user.Info interface.
message UserInfo {
// The name that uniquely identifies this user among all active users.
// +optional
optional string username = 1;
// A unique value that identifies this user across time. If this user is
// deleted and another user by the same name is added, they will have
// different UIDs.
// +optional
optional string uid = 2;
// The names of groups this user is a part of.
// +optional
repeated string groups = 3;
// Any additional information provided by the authenticator.
// +optional
map<string, ExtraValue> extra = 4;
}
/*
Copyright 2017 The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// This file was autogenerated by go-to-protobuf. Do not edit it manually!
syntax = 'proto2';
package k8s.io.kubernetes.pkg.apis.authorization.v1;
import "k8s.io/apimachinery/pkg/apis/meta/v1/generated.proto";
import "k8s.io/apimachinery/pkg/runtime/generated.proto";
import "k8s.io/apimachinery/pkg/runtime/schema/generated.proto";
import "k8s.io/apimachinery/pkg/util/intstr/generated.proto";
// Package-wide variables from generator "generated".
option go_package = "v1";
// ExtraValue masks the value so protobuf can generate
// +protobuf.nullable=true
// +protobuf.options.(gogoproto.goproto_stringer)=false
message ExtraValue {
// items, if empty, will result in an empty slice
repeated string items = 1;
}
// LocalSubjectAccessReview checks whether or not a user or group can perform an action in a given namespace.
// Having a namespace scoped resource makes it much easier to grant namespace scoped policy that includes permissions
// checking.
message LocalSubjectAccessReview {
// +optional
optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1;
// Spec holds information about the request being evaluated. spec.namespace must be equal to the namespace
// you made the request against. If empty, it is defaulted.
optional SubjectAccessReviewSpec spec = 2;
// Status is filled in by the server and indicates whether the request is allowed or not
// +optional
optional SubjectAccessReviewStatus status = 3;
}
// NonResourceAttributes includes the authorization attributes available for non-resource requests to the Authorizer interface
message NonResourceAttributes {
// Path is the URL path of the request
// +optional
optional string path = 1;
// Verb is the standard HTTP verb
// +optional
optional string verb = 2;
}
// ResourceAttributes includes the authorization attributes available for resource requests to the Authorizer interface
message ResourceAttributes {
// Namespace is the namespace of the action being requested. Currently, there is no distinction between no namespace and all namespaces
// "" (empty) is defaulted for LocalSubjectAccessReviews
// "" (empty) is empty for cluster-scoped resources
// "" (empty) means "all" for namespace scoped resources from a SubjectAccessReview or SelfSubjectAccessReview
// +optional
optional string namespace = 1;
// Verb is a kubernetes resource API verb, like: get, list, watch, create, update, delete, proxy. "*" means all.
// +optional
optional string verb = 2;
// Group is the API Group of the Resource. "*" means all.
// +optional
optional string group = 3;
// Version is the API Version of the Resource. "*" means all.
// +optional
optional string version = 4;
// Resource is one of the existing resource types. "*" means all.
// +optional
optional string resource = 5;
// Subresource is one of the existing resource types. "" means none.
// +optional
optional string subresource = 6;
// Name is the name of the resource being requested for a "get" or deleted for a "delete". "" (empty) means all.
// +optional
optional string name = 7;
}
// SelfSubjectAccessReview checks whether or the current user can perform an action. Not filling in a
// spec.namespace means "in all namespaces". Self is a special case, because users should always be able
// to check whether they can perform an action
message SelfSubjectAccessReview {
// +optional
optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1;
// Spec holds information about the request being evaluated. user and groups must be empty
optional SelfSubjectAccessReviewSpec spec = 2;
// Status is filled in by the server and indicates whether the request is allowed or not
// +optional
optional SubjectAccessReviewStatus status = 3;
}
// SelfSubjectAccessReviewSpec is a description of the access request. Exactly one of ResourceAuthorizationAttributes
// and NonResourceAuthorizationAttributes must be set
message SelfSubjectAccessReviewSpec {
// ResourceAuthorizationAttributes describes information for a resource access request
// +optional
optional ResourceAttributes resourceAttributes = 1;
// NonResourceAttributes describes information for a non-resource access request
// +optional
optional NonResourceAttributes nonResourceAttributes = 2;
}
// SubjectAccessReview checks whether or not a user or group can perform an action.
message SubjectAccessReview {
// +optional
optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1;
// Spec holds information about the request being evaluated
optional SubjectAccessReviewSpec spec = 2;
// Status is filled in by the server and indicates whether the request is allowed or not
// +optional
optional SubjectAccessReviewStatus status = 3;
}
// SubjectAccessReviewSpec is a description of the access request. Exactly one of ResourceAuthorizationAttributes
// and NonResourceAuthorizationAttributes must be set
message SubjectAccessReviewSpec {
// ResourceAuthorizationAttributes describes information for a resource access request
// +optional
optional ResourceAttributes resourceAttributes = 1;
// NonResourceAttributes describes information for a non-resource access request
// +optional
optional NonResourceAttributes nonResourceAttributes = 2;
// User is the user you're testing for.
// If you specify "User" but not "Groups", then is it interpreted as "What if User were not a member of any groups
// +optional
optional string verb = 3;
// Groups is the groups you're testing for.
// +optional
repeated string groups = 4;
// Extra corresponds to the user.Info.GetExtra() method from the authenticator. Since that is input to the authorizer
// it needs a reflection here.
// +optional
map<string, ExtraValue> extra = 5;
}
// SubjectAccessReviewStatus
message SubjectAccessReviewStatus {
// Allowed is required. True if the action would be allowed, false otherwise.
optional bool allowed = 1;
// Reason is optional. It indicates why a request was allowed or denied.
// +optional
optional string reason = 2;
// EvaluationError is an indication that some error occurred during the authorization check.
// It is entirely possible to get an error and be able to continue determine authorization status in spite of it.
// For instance, RBAC can be missing a role, but enough roles are still present and bound to reason about the request.
// +optional
optional string evaluationError = 3;
}
/*
Copyright 2017 The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// This file was autogenerated by go-to-protobuf. Do not edit it manually!
syntax = 'proto2';
package k8s.io.kubernetes.pkg.apis.authorization.v1beta1;
import "k8s.io/apimachinery/pkg/apis/meta/v1/generated.proto";
import "k8s.io/apimachinery/pkg/runtime/generated.proto";
import "k8s.io/apimachinery/pkg/runtime/schema/generated.proto";
import "k8s.io/apimachinery/pkg/util/intstr/generated.proto";
// Package-wide variables from generator "generated".
option go_package = "v1beta1";
// ExtraValue masks the value so protobuf can generate
// +protobuf.nullable=true
// +protobuf.options.(gogoproto.goproto_stringer)=false
message ExtraValue {
// items, if empty, will result in an empty slice
repeated string items = 1;
}
// LocalSubjectAccessReview checks whether or not a user or group can perform an action in a given namespace.
// Having a namespace scoped resource makes it much easier to grant namespace scoped policy that includes permissions
// checking.
message LocalSubjectAccessReview {
// +optional
optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1;
// Spec holds information about the request being evaluated. spec.namespace must be equal to the namespace
// you made the request against. If empty, it is defaulted.
optional SubjectAccessReviewSpec spec = 2;
// Status is filled in by the server and indicates whether the request is allowed or not
// +optional
optional SubjectAccessReviewStatus status = 3;
}
// NonResourceAttributes includes the authorization attributes available for non-resource requests to the Authorizer interface
message NonResourceAttributes {
// Path is the URL path of the request
// +optional
optional string path = 1;
// Verb is the standard HTTP verb
// +optional
optional string verb = 2;
}
// ResourceAttributes includes the authorization attributes available for resource requests to the Authorizer interface
message ResourceAttributes {
// Namespace is the namespace of the action being requested. Currently, there is no distinction between no namespace and all namespaces
// "" (empty) is defaulted for LocalSubjectAccessReviews
// "" (empty) is empty for cluster-scoped resources
// "" (empty) means "all" for namespace scoped resources from a SubjectAccessReview or SelfSubjectAccessReview
// +optional
optional string namespace = 1;
// Verb is a kubernetes resource API verb, like: get, list, watch, create, update, delete, proxy. "*" means all.
// +optional
optional string verb = 2;
// Group is the API Group of the Resource. "*" means all.
// +optional
optional string group = 3;
// Version is the API Version of the Resource. "*" means all.
// +optional
optional string version = 4;
// Resource is one of the existing resource types. "*" means all.
// +optional
optional string resource = 5;
// Subresource is one of the existing resource types. "" means none.
// +optional
optional string subresource = 6;
// Name is the name of the resource being requested for a "get" or deleted for a "delete". "" (empty) means all.
// +optional
optional string name = 7;
}
// SelfSubjectAccessReview checks whether or the current user can perform an action. Not filling in a
// spec.namespace means "in all namespaces". Self is a special case, because users should always be able
// to check whether they can perform an action
message SelfSubjectAccessReview {
// +optional
optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1;
// Spec holds information about the request being evaluated. user and groups must be empty
optional SelfSubjectAccessReviewSpec spec = 2;
// Status is filled in by the server and indicates whether the request is allowed or not
// +optional
optional SubjectAccessReviewStatus status = 3;
}
// SelfSubjectAccessReviewSpec is a description of the access request. Exactly one of ResourceAuthorizationAttributes
// and NonResourceAuthorizationAttributes must be set
message SelfSubjectAccessReviewSpec {
// ResourceAuthorizationAttributes describes information for a resource access request
// +optional
optional ResourceAttributes resourceAttributes = 1;
// NonResourceAttributes describes information for a non-resource access request
// +optional
optional NonResourceAttributes nonResourceAttributes = 2;
}
// SubjectAccessReview checks whether or not a user or group can perform an action.
message SubjectAccessReview {
// +optional
optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1;
// Spec holds information about the request being evaluated
optional SubjectAccessReviewSpec spec = 2;
// Status is filled in by the server and indicates whether the request is allowed or not
// +optional
optional SubjectAccessReviewStatus status = 3;
}
// SubjectAccessReviewSpec is a description of the access request. Exactly one of ResourceAuthorizationAttributes
// and NonResourceAuthorizationAttributes must be set
message SubjectAccessReviewSpec {
// ResourceAuthorizationAttributes describes information for a resource access request
// +optional
optional ResourceAttributes resourceAttributes = 1;
// NonResourceAttributes describes information for a non-resource access request
// +optional
optional NonResourceAttributes nonResourceAttributes = 2;
// User is the user you're testing for.
// If you specify "User" but not "Group", then is it interpreted as "What if User were not a member of any groups
// +optional
optional string verb = 3;
// Groups is the groups you're testing for.
// +optional
repeated string group = 4;
// Extra corresponds to the user.Info.GetExtra() method from the authenticator. Since that is input to the authorizer
// it needs a reflection here.
// +optional
map<string, ExtraValue> extra = 5;
}
// SubjectAccessReviewStatus
message SubjectAccessReviewStatus {
// Allowed is required. True if the action would be allowed, false otherwise.
optional bool allowed = 1;
// Reason is optional. It indicates why a request was allowed or denied.
// +optional
optional string reason = 2;
// EvaluationError is an indication that some error occurred during the authorization check.
// It is entirely possible to get an error and be able to continue determine authorization status in spite of it.
// For instance, RBAC can be missing a role, but enough roles are still present and bound to reason about the request.
// +optional
optional string evaluationError = 3;
}
/*
Copyright 2017 The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// This file was autogenerated by go-to-protobuf. Do not edit it manually!
syntax = 'proto2';
package k8s.io.kubernetes.pkg.apis.batch.v1;
import "k8s.io/apimachinery/pkg/apis/meta/v1/generated.proto";
import "k8s.io/apimachinery/pkg/runtime/generated.proto";
import "k8s.io/apimachinery/pkg/runtime/schema/generated.proto";
import "k8s.io/apimachinery/pkg/util/intstr/generated.proto";
import "k8s.io/kubernetes/pkg/api/v1/generated.proto";
// Package-wide variables from generator "generated".
option go_package = "v1";
// Job represents the configuration of a single job.
message Job {
// Standard object's metadata.
// More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata
// +optional
optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1;
// Specification of the desired behavior of a job.
// More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#spec-and-status
// +optional
optional JobSpec spec = 2;
// Current status of a job.
// More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#spec-and-status
// +optional
optional JobStatus status = 3;
}
// JobCondition describes current state of a job.
message JobCondition {
// Type of job condition, Complete or Failed.
optional string type = 1;
// Status of the condition, one of True, False, Unknown.
optional string status = 2;
// Last time the condition was checked.
// +optional
optional k8s.io.apimachinery.pkg.apis.meta.v1.Time lastProbeTime = 3;
// Last time the condition transit from one status to another.
// +optional
optional k8s.io.apimachinery.pkg.apis.meta.v1.Time lastTransitionTime = 4;
// (brief) reason for the condition's last transition.
// +optional
optional string reason = 5;
// Human readable message indicating details about last transition.
// +optional
optional string message = 6;
}
// JobList is a collection of jobs.
message JobList {
// Standard list metadata.
// More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata
// +optional
optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1;
// items is the list of Jobs.
repeated Job items = 2;
}
// JobSpec describes how the job execution will look like.
message JobSpec {
// Specifies the maximum desired number of pods the job should
// run at any given time. The actual number of pods running in steady state will
// be less than this number when ((.spec.completions - .status.successful) < .spec.parallelism),
// i.e. when the work left to do is less than max parallelism.
// More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/
// +optional
optional int32 parallelism = 1;
// Specifies the desired number of successfully finished pods the
// job should be run with. Setting to nil means that the success of any
// pod signals the success of all pods, and allows parallelism to have any positive
// value. Setting to 1 means that parallelism is limited to 1 and the success of that
// pod signals the success of the job.
// More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/
// +optional
optional int32 completions = 2;
// Optional duration in seconds relative to the startTime that the job may be active
// before the system tries to terminate it; value must be positive integer
// +optional
optional int64 activeDeadlineSeconds = 3;
// A label query over pods that should match the pod count.
// Normally, the system sets this field for you.
// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors
// +optional
optional k8s.io.apimachinery.pkg.apis.meta.v1.LabelSelector selector = 4;
// manualSelector controls generation of pod labels and pod selectors.
// Leave `manualSelector` unset unless you are certain what you are doing.
// When false or unset, the system pick labels unique to this job
// and appends those labels to the pod template. When true,
// the user is responsible for picking unique labels and specifying
// the selector. Failure to pick a unique label may cause this
// and other jobs to not function correctly. However, You may see
// `manualSelector=true` in jobs that were created with the old `extensions/v1beta1`
// API.
// More info: https://git.k8s.io/community/contributors/design-proposals/selector-generation.md
// +optional
optional bool manualSelector = 5;
// Describes the pod that will be created when executing a job.
// More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/
optional k8s.io.kubernetes.pkg.api.v1.PodTemplateSpec template = 6;
}
// JobStatus represents the current state of a Job.
message JobStatus {
// The latest available observations of an object's current state.
// More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/
// +optional
// +patchMergeKey=type
// +patchStrategy=merge
repeated JobCondition conditions = 1;
// Represents time when the job was acknowledged by the job controller.
// It is not guaranteed to be set in happens-before order across separate operations.
// It is represented in RFC3339 form and is in UTC.
// +optional
optional k8s.io.apimachinery.pkg.apis.meta.v1.Time startTime = 2;
// Represents time when the job was completed. It is not guaranteed to
// be set in happens-before order across separate operations.
// It is represented in RFC3339 form and is in UTC.
// +optional
optional k8s.io.apimachinery.pkg.apis.meta.v1.Time completionTime = 3;
// The number of actively running pods.
// +optional
optional int32 active = 4;
// The number of pods which reached phase Succeeded.
// +optional
optional int32 succeeded = 5;
// The number of pods which reached phase Failed.
// +optional
optional int32 failed = 6;
}
/*
Copyright 2017 The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// This file was autogenerated by go-to-protobuf. Do not edit it manually!
syntax = 'proto2';
package k8s.io.kubernetes.pkg.apis.batch.v2alpha1;
import "k8s.io/apimachinery/pkg/apis/meta/v1/generated.proto";
import "k8s.io/apimachinery/pkg/runtime/generated.proto";
import "k8s.io/apimachinery/pkg/runtime/schema/generated.proto";
import "k8s.io/apimachinery/pkg/util/intstr/generated.proto";
import "k8s.io/kubernetes/pkg/api/v1/generated.proto";
import "k8s.io/kubernetes/pkg/apis/batch/v1/generated.proto";
// Package-wide variables from generator "generated".
option go_package = "v2alpha1";
// CronJob represents the configuration of a single cron job.
message CronJob {
// Standard object's metadata.
// More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata
// +optional
optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1;
// Specification of the desired behavior of a cron job, including the schedule.
// More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#spec-and-status
// +optional
optional CronJobSpec spec = 2;
// Current status of a cron job.
// More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#spec-and-status
// +optional
optional CronJobStatus status = 3;
}
// CronJobList is a collection of cron jobs.
message CronJobList {
// Standard list metadata.
// More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata
// +optional
optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1;
// items is the list of CronJobs.
repeated CronJob items = 2;
}
// CronJobSpec describes how the job execution will look like and when it will actually run.
message CronJobSpec {
// The schedule in Cron format, see https://en.wikipedia.org/wiki/Cron.
optional string schedule = 1;
// Optional deadline in seconds for starting the job if it misses scheduled
// time for any reason. Missed jobs executions will be counted as failed ones.
// +optional
optional int64 startingDeadlineSeconds = 2;
// Specifies how to treat concurrent executions of a Job.
// Defaults to Allow.
// +optional
optional string concurrencyPolicy = 3;
// This flag tells the controller to suspend subsequent executions, it does
// not apply to already started executions. Defaults to false.
// +optional
optional bool suspend = 4;
// Specifies the job that will be created when executing a CronJob.
optional JobTemplateSpec jobTemplate = 5;
// The number of successful finished jobs to retain.
// This is a pointer to distinguish between explicit zero and not specified.
// +optional
optional int32 successfulJobsHistoryLimit = 6;
// The number of failed finished jobs to retain.
// This is a pointer to distinguish between explicit zero and not specified.
// +optional
optional int32 failedJobsHistoryLimit = 7;
}
// CronJobStatus represents the current state of a cron job.
message CronJobStatus {
// A list of pointers to currently running jobs.
// +optional
repeated k8s.io.kubernetes.pkg.api.v1.ObjectReference active = 1;
// Information when was the last time the job was successfully scheduled.
// +optional
optional k8s.io.apimachinery.pkg.apis.meta.v1.Time lastScheduleTime = 4;
}
// JobTemplate describes a template for creating copies of a predefined pod.
message JobTemplate {
// Standard object's metadata.
// More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata
// +optional
optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1;
// Defines jobs that will be created from this template.
// https://git.k8s.io/community/contributors/devel/api-conventions.md#spec-and-status
// +optional
optional JobTemplateSpec template = 2;
}
// JobTemplateSpec describes the data a Job should have when created from a template
message JobTemplateSpec {
// Standard object's metadata of the jobs created from this template.
// More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata
// +optional
optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1;
// Specification of the desired behavior of the job.
// More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#spec-and-status
// +optional
optional k8s.io.kubernetes.pkg.apis.batch.v1.JobSpec spec = 2;
}
/*
Copyright 2017 The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// This file was autogenerated by go-to-protobuf. Do not edit it manually!
syntax = 'proto2';
package k8s.io.kubernetes.pkg.apis.certificates.v1beta1;
import "k8s.io/apimachinery/pkg/apis/meta/v1/generated.proto";
import "k8s.io/apimachinery/pkg/runtime/generated.proto";
import "k8s.io/apimachinery/pkg/runtime/schema/generated.proto";
import "k8s.io/apimachinery/pkg/util/intstr/generated.proto";
// Package-wide variables from generator "generated".
option go_package = "v1beta1";
// Describes a certificate signing request
message CertificateSigningRequest {
// +optional
optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1;
// The certificate request itself and any additional information.
// +optional
optional CertificateSigningRequestSpec spec = 2;
// Derived information about the request.
// +optional
optional CertificateSigningRequestStatus status = 3;
}
message CertificateSigningRequestCondition {
// request approval state, currently Approved or Denied.
optional string type = 1;
// brief reason for the request state
// +optional
optional string reason = 2;
// human readable message with details about the request state
// +optional
optional string message = 3;
// timestamp for the last update to this condition
// +optional
optional k8s.io.apimachinery.pkg.apis.meta.v1.Time lastUpdateTime = 4;
}
message CertificateSigningRequestList {
// +optional
optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1;
repeated CertificateSigningRequest items = 2;
}
// This information is immutable after the request is created. Only the Request
// and Usages fields can be set on creation, other fields are derived by
// Kubernetes and cannot be modified by users.
message CertificateSigningRequestSpec {
// Base64-encoded PKCS#10 CSR data
optional bytes request = 1;
// allowedUsages specifies a set of usage contexts the key will be
// valid for.
// See: https://tools.ietf.org/html/rfc5280#section-4.2.1.3
// https://tools.ietf.org/html/rfc5280#section-4.2.1.12
repeated string keyUsage = 5;
// Information about the requesting user.
// See user.Info interface for details.
// +optional
optional string username = 2;
// UID information about the requesting user.
// See user.Info interface for details.
// +optional
optional string uid = 3;
// Group information about the requesting user.
// See user.Info interface for details.
// +optional
repeated string groups = 4;
// Extra information about the requesting user.
// See user.Info interface for details.
// +optional
map<string, ExtraValue> extra = 6;
}
message CertificateSigningRequestStatus {
// Conditions applied to the request, such as approval or denial.
// +optional
repeated CertificateSigningRequestCondition conditions = 1;
// If request was approved, the controller will place the issued certificate here.
// +optional
optional bytes certificate = 2;
}
// ExtraValue masks the value so protobuf can generate
// +protobuf.nullable=true
// +protobuf.options.(gogoproto.goproto_stringer)=false
message ExtraValue {
// items, if empty, will result in an empty slice
repeated string items = 1;
}
/*
Copyright 2017 The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// This file was autogenerated by go-to-protobuf. Do not edit it manually!
syntax = 'proto2';
package k8s.io.kubernetes.pkg.apis.imagepolicy.v1alpha1;
import "k8s.io/apimachinery/pkg/apis/meta/v1/generated.proto";
import "k8s.io/apimachinery/pkg/runtime/generated.proto";
import "k8s.io/apimachinery/pkg/runtime/schema/generated.proto";
import "k8s.io/apimachinery/pkg/util/intstr/generated.proto";
// Package-wide variables from generator "generated".
option go_package = "v1alpha1";
// ImageReview checks if the set of images in a pod are allowed.
message ImageReview {
// +optional
optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1;
// Spec holds information about the pod being evaluated
optional ImageReviewSpec spec = 2;
// Status is filled in by the backend and indicates whether the pod should be allowed.
// +optional
optional ImageReviewStatus status = 3;
}
// ImageReviewContainerSpec is a description of a container within the pod creation request.
message ImageReviewContainerSpec {
// This can be in the form image:tag or image@SHA:012345679abcdef.
// +optional
optional string image = 1;
}
// ImageReviewSpec is a description of the pod creation request.
message ImageReviewSpec {
// Containers is a list of a subset of the information in each container of the Pod being created.
// +optional
repeated ImageReviewContainerSpec containers = 1;
// Annotations is a list of key-value pairs extracted from the Pod's annotations.
// It only includes keys which match the pattern `*.image-policy.k8s.io/*`.
// It is up to each webhook backend to determine how to interpret these annotations, if at all.
// +optional
map<string, string> annotations = 2;
// Namespace is the namespace the pod is being created in.
// +optional
optional string namespace = 3;
}
// ImageReviewStatus is the result of the token authentication request.
message ImageReviewStatus {
// Allowed indicates that all images were allowed to be run.
optional bool allowed = 1;
// Reason should be empty unless Allowed is false in which case it
// may contain a short description of what is wrong. Kubernetes
// may truncate excessively long errors when displaying to the user.
// +optional
optional string reason = 2;
}
/*
Copyright 2017 The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// This file was autogenerated by go-to-protobuf. Do not edit it manually!
syntax = 'proto2';
package k8s.io.kubernetes.pkg.apis.networking.v1;
import "k8s.io/apimachinery/pkg/apis/meta/v1/generated.proto";
import "k8s.io/apimachinery/pkg/runtime/generated.proto";
import "k8s.io/apimachinery/pkg/runtime/schema/generated.proto";
import "k8s.io/apimachinery/pkg/util/intstr/generated.proto";
import "k8s.io/kubernetes/pkg/api/v1/generated.proto";
import "k8s.io/kubernetes/pkg/apis/extensions/v1beta1/generated.proto";
import "k8s.io/kubernetes/pkg/apis/policy/v1beta1/generated.proto";
// Package-wide variables from generator "generated".
option go_package = "v1";
// NetworkPolicy describes what network traffic is allowed for a set of Pods
message NetworkPolicy {
// Standard object's metadata.
// More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata
// +optional
optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1;
// Specification of the desired behavior for this NetworkPolicy.
// +optional
optional NetworkPolicySpec spec = 2;
}
// NetworkPolicyIngressRule describes a particular set of traffic that is allowed to the pods
// matched by a NetworkPolicySpec's podSelector. The traffic must match both ports and from.
message NetworkPolicyIngressRule {
// List of ports which should be made accessible on the pods selected for this
// rule. Each item in this list is combined using a logical OR. If this field is
// empty or missing, this rule matches all ports (traffic not restricted by port).
// If this field is present and contains at least one item, then this rule allows
// traffic only if the traffic matches at least one port in the list.
// +optional
repeated NetworkPolicyPort ports = 1;
// List of sources which should be able to access the pods selected for this rule.
// Items in this list are combined using a logical OR operation. If this field is
// empty or missing, this rule matches all sources (traffic not restricted by
// source). If this field is present and contains at least on item, this rule
// allows traffic only if the traffic matches at least one item in the from list.
// +optional
repeated NetworkPolicyPeer from = 2;
}
// NetworkPolicyList is a list of NetworkPolicy objects.
message NetworkPolicyList {
// Standard list metadata.
// More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata
// +optional
optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1;
// Items is a list of schema objects.
repeated NetworkPolicy items = 2;
}
// NetworkPolicyPeer describes a peer to allow traffic from. Exactly one of its fields
// must be specified.
message NetworkPolicyPeer {
// This is a label selector which selects Pods in this namespace. This field
// follows standard label selector semantics. If present but empty, this selector
// selects all pods in this namespace.
// +optional
optional k8s.io.apimachinery.pkg.apis.meta.v1.LabelSelector podSelector = 1;
// Selects Namespaces using cluster scoped-labels. This matches all pods in all
// namespaces selected by this label selector. This field follows standard label
// selector semantics. If present but empty, this selector selects all namespaces.
// +optional
optional k8s.io.apimachinery.pkg.apis.meta.v1.LabelSelector namespaceSelector = 2;
}
// NetworkPolicyPort describes a port to allow traffic on
message NetworkPolicyPort {
// The protocol (TCP or UDP) which traffic must match. If not specified, this
// field defaults to TCP.
// +optional
optional string protocol = 1;
// The port on the given protocol. This can either be a numerical or named port on
// a pod. If this field is not provided, this matches all port names and numbers.
// +optional
optional k8s.io.apimachinery.pkg.util.intstr.IntOrString port = 2;
}
// NetworkPolicySpec provides the specification of a NetworkPolicy
message NetworkPolicySpec {
// Selects the pods to which this NetworkPolicy object applies. The array of
// ingress rules is applied to any pods selected by this field. Multiple network
// policies can select the same set of pods. In this case, the ingress rules for
// each are combined additively. This field is NOT optional and follows standard
// label selector semantics. An empty podSelector matches all pods in this
// namespace.
optional k8s.io.apimachinery.pkg.apis.meta.v1.LabelSelector podSelector = 1;
// List of ingress rules to be applied to the selected pods. Traffic is allowed to
// a pod if there are no NetworkPolicies selecting the pod
// (and cluster policy otherwise allows the traffic), OR if the traffic source is
// the pod's local node, OR if the traffic matches at least one ingress rule
// across all of the NetworkPolicy objects whose podSelector matches the pod. If
// this field is empty then this NetworkPolicy does not allow any traffic (and serves
// solely to ensure that the pods it selects are isolated by default)
// +optional
repeated NetworkPolicyIngressRule ingress = 2;
}
/*
Copyright 2017 The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// This file was autogenerated by go-to-protobuf. Do not edit it manually!
syntax = 'proto2';
package k8s.io.kubernetes.pkg.apis.policy.v1beta1;
import "k8s.io/apimachinery/pkg/apis/meta/v1/generated.proto";
import "k8s.io/apimachinery/pkg/runtime/generated.proto";
import "k8s.io/apimachinery/pkg/runtime/schema/generated.proto";
import "k8s.io/apimachinery/pkg/util/intstr/generated.proto";
import "k8s.io/kubernetes/pkg/api/v1/generated.proto";
// Package-wide variables from generator "generated".
option go_package = "v1beta1";
// Eviction evicts a pod from its node subject to certain policies and safety constraints.
// This is a subresource of Pod. A request to cause such an eviction is
// created by POSTing to .../pods/<pod name>/evictions.
message Eviction {
// ObjectMeta describes the pod that is being evicted.
optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1;
// DeleteOptions may be provided
optional k8s.io.apimachinery.pkg.apis.meta.v1.DeleteOptions deleteOptions = 2;
}
// PodDisruptionBudget is an object to define the max disruption that can be caused to a collection of pods
message PodDisruptionBudget {
optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1;
// Specification of the desired behavior of the PodDisruptionBudget.
optional PodDisruptionBudgetSpec spec = 2;
// Most recently observed status of the PodDisruptionBudget.
optional PodDisruptionBudgetStatus status = 3;
}
// PodDisruptionBudgetList is a collection of PodDisruptionBudgets.
message PodDisruptionBudgetList {
optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1;
repeated PodDisruptionBudget items = 2;
}
// PodDisruptionBudgetSpec is a description of a PodDisruptionBudget.
message PodDisruptionBudgetSpec {
// An eviction is allowed if at least "minAvailable" pods selected by
// "selector" will still be available after the eviction, i.e. even in the
// absence of the evicted pod. So for example you can prevent all voluntary
// evictions by specifying "100%".
optional k8s.io.apimachinery.pkg.util.intstr.IntOrString minAvailable = 1;
// Label query over pods whose evictions are managed by the disruption
// budget.
optional k8s.io.apimachinery.pkg.apis.meta.v1.LabelSelector selector = 2;
// An eviction is allowed if at most "maxUnavailable" pods selected by
// "selector" are unavailable after the eviction, i.e. even in absence of
// the evicted pod. For example, one can prevent all voluntary evictions
// by specifying 0. This is a mutually exclusive setting with "minAvailable".
optional k8s.io.apimachinery.pkg.util.intstr.IntOrString maxUnavailable = 3;
}
// PodDisruptionBudgetStatus represents information about the status of a
// PodDisruptionBudget. Status may trail the actual state of a system.
message PodDisruptionBudgetStatus {
// Most recent generation observed when updating this PDB status. PodDisruptionsAllowed and other
// status informatio is valid only if observedGeneration equals to PDB's object generation.
// +optional
optional int64 observedGeneration = 1;
// DisruptedPods contains information about pods whose eviction was
// processed by the API server eviction subresource handler but has not
// yet been observed by the PodDisruptionBudget controller.
// A pod will be in this map from the time when the API server processed the
// eviction request to the time when the pod is seen by PDB controller
// as having been marked for deletion (or after a timeout). The key in the map is the name of the pod
// and the value is the time when the API server processed the eviction request. If
// the deletion didn't occur and a pod is still there it will be removed from
// the list automatically by PodDisruptionBudget controller after some time.
// If everything goes smooth this map should be empty for the most of the time.
// Large number of entries in the map may indicate problems with pod deletions.
map<string, k8s.io.apimachinery.pkg.apis.meta.v1.Time> disruptedPods = 2;
// Number of pod disruptions that are currently allowed.
optional int32 disruptionsAllowed = 3;
// current number of healthy pods
optional int32 currentHealthy = 4;
// minimum desired number of healthy pods
optional int32 desiredHealthy = 5;
// total number of pods counted by this disruption budget
optional int32 expectedPods = 6;
}
/*
Copyright 2017 The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// This file was autogenerated by go-to-protobuf. Do not edit it manually!
syntax = 'proto2';
package k8s.io.kubernetes.pkg.apis.rbac.v1alpha1;
import "k8s.io/apimachinery/pkg/apis/meta/v1/generated.proto";
import "k8s.io/apimachinery/pkg/runtime/generated.proto";
import "k8s.io/apimachinery/pkg/runtime/schema/generated.proto";
import "k8s.io/apimachinery/pkg/util/intstr/generated.proto";
// Package-wide variables from generator "generated".
option go_package = "v1alpha1";
// ClusterRole is a cluster level, logical grouping of PolicyRules that can be referenced as a unit by a RoleBinding or ClusterRoleBinding.
message ClusterRole {
// Standard object's metadata.
// +optional
optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1;
// Rules holds all the PolicyRules for this ClusterRole
repeated PolicyRule rules = 2;
}
// ClusterRoleBinding references a ClusterRole, but not contain it. It can reference a ClusterRole in the global namespace,
// and adds who information via Subject.
message ClusterRoleBinding {
// Standard object's metadata.
// +optional
optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1;
// Subjects holds references to the objects the role applies to.
repeated Subject subjects = 2;
// RoleRef can only reference a ClusterRole in the global namespace.
// If the RoleRef cannot be resolved, the Authorizer must return an error.
optional RoleRef roleRef = 3;
}
// +k8s:deepcopy-gen=false
// ClusterRoleBindingBuilder let's us attach methods. A no-no for API types.
// We use it to construct bindings in code. It's more compact than trying to write them
// out in a literal.
message ClusterRoleBindingBuilder {
optional ClusterRoleBinding clusterRoleBinding = 1;
}
// ClusterRoleBindingList is a collection of ClusterRoleBindings
message ClusterRoleBindingList {
// Standard object's metadata.
// +optional
optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1;
// Items is a list of ClusterRoleBindings
repeated ClusterRoleBinding items = 2;
}
// ClusterRoleList is a collection of ClusterRoles
message ClusterRoleList {
// Standard object's metadata.
// +optional
optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1;
// Items is a list of ClusterRoles
repeated ClusterRole items = 2;
}
// PolicyRule holds information that describes a policy rule, but does not contain information
// about who the rule applies to or which namespace the rule applies to.
message PolicyRule {
// Verbs is a list of Verbs that apply to ALL the ResourceKinds and AttributeRestrictions contained in this rule. VerbAll represents all kinds.
repeated string verbs = 1;
// APIGroups is the name of the APIGroup that contains the resources. If multiple API groups are specified, any action requested against one of
// the enumerated resources in any API group will be allowed.
// +optional
repeated string apiGroups = 3;
// Resources is a list of resources this rule applies to. ResourceAll represents all resources.
// +optional
repeated string resources = 4;
// ResourceNames is an optional white list of names that the rule applies to. An empty set means that everything is allowed.
// +optional
repeated string resourceNames = 5;
// NonResourceURLs is a set of partial urls that a user should have access to. *s are allowed, but only as the full, final step in the path
// This name is intentionally different than the internal type so that the DefaultConvert works nicely and because the ordering may be different.
// Since non-resource URLs are not namespaced, this field is only applicable for ClusterRoles referenced from a ClusterRoleBinding.
// Rules can either apply to API resources (such as "pods" or "secrets") or non-resource URL paths (such as "/api"), but not both.
// +optional
repeated string nonResourceURLs = 6;
}
// +k8s:deepcopy-gen=false
// PolicyRuleBuilder let's us attach methods. A no-no for API types.
// We use it to construct rules in code. It's more compact than trying to write them
// out in a literal and allows us to perform some basic checking during construction
message PolicyRuleBuilder {
optional PolicyRule policyRule = 1;
}
// Role is a namespaced, logical grouping of PolicyRules that can be referenced as a unit by a RoleBinding.
message Role {
// Standard object's metadata.
// +optional
optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1;
// Rules holds all the PolicyRules for this Role
repeated PolicyRule rules = 2;
}
// RoleBinding references a role, but does not contain it. It can reference a Role in the same namespace or a ClusterRole in the global namespace.
// It adds who information via Subjects and namespace information by which namespace it exists in. RoleBindings in a given
// namespace only have effect in that namespace.
message RoleBinding {
// Standard object's metadata.
// +optional
optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1;
// Subjects holds references to the objects the role applies to.
repeated Subject subjects = 2;
// RoleRef can reference a Role in the current namespace or a ClusterRole in the global namespace.
// If the RoleRef cannot be resolved, the Authorizer must return an error.
optional RoleRef roleRef = 3;
}
// RoleBindingList is a collection of RoleBindings
message RoleBindingList {
// Standard object's metadata.
// +optional
optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1;
// Items is a list of RoleBindings
repeated RoleBinding items = 2;
}
// RoleList is a collection of Roles
message RoleList {
// Standard object's metadata.
// +optional
optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1;
// Items is a list of Roles
repeated Role items = 2;
}
// RoleRef contains information that points to the role being used
message RoleRef {
// APIGroup is the group for the resource being referenced
optional string apiGroup = 1;
// Kind is the type of resource being referenced
optional string kind = 2;
// Name is the name of resource being referenced
optional string name = 3;
}
// Subject contains a reference to the object or user identities a role binding applies to. This can either hold a direct API object reference,
// or a value for non-objects such as user and group names.
message Subject {
// Kind of object being referenced. Values defined by this API group are "User", "Group", and "ServiceAccount".
// If the Authorizer does not recognized the kind value, the Authorizer should report an error.
optional string kind = 1;
// APIVersion holds the API group and version of the referenced subject.
// Defaults to "v1" for ServiceAccount subjects.
// Defaults to "rbac.authorization.k8s.io/v1alpha1" for User and Group subjects.
// +k8s:conversion-gen=false
// +optional
optional string apiVersion = 2;
// Name of the object being referenced.
optional string name = 3;
// Namespace of the referenced object. If the object kind is non-namespace, such as "User" or "Group", and this value is not empty
// the Authorizer should report an error.
// +optional
optional string namespace = 4;
}
/*
Copyright 2017 The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// This file was autogenerated by go-to-protobuf. Do not edit it manually!
syntax = 'proto2';
package k8s.io.kubernetes.pkg.apis.rbac.v1beta1;
import "k8s.io/apimachinery/pkg/apis/meta/v1/generated.proto";
import "k8s.io/apimachinery/pkg/runtime/generated.proto";
import "k8s.io/apimachinery/pkg/runtime/schema/generated.proto";
import "k8s.io/apimachinery/pkg/util/intstr/generated.proto";
// Package-wide variables from generator "generated".
option go_package = "v1beta1";
// ClusterRole is a cluster level, logical grouping of PolicyRules that can be referenced as a unit by a RoleBinding or ClusterRoleBinding.
message ClusterRole {
// Standard object's metadata.
// +optional
optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1;
// Rules holds all the PolicyRules for this ClusterRole
repeated PolicyRule rules = 2;
}
// ClusterRoleBinding references a ClusterRole, but not contain it. It can reference a ClusterRole in the global namespace,
// and adds who information via Subject.
message ClusterRoleBinding {
// Standard object's metadata.
// +optional
optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1;
// Subjects holds references to the objects the role applies to.
repeated Subject subjects = 2;
// RoleRef can only reference a ClusterRole in the global namespace.
// If the RoleRef cannot be resolved, the Authorizer must return an error.
optional RoleRef roleRef = 3;
}
// +k8s:deepcopy-gen=false
// ClusterRoleBindingBuilder let's us attach methods. A no-no for API types.
// We use it to construct bindings in code. It's more compact than trying to write them
// out in a literal.
message ClusterRoleBindingBuilder {
optional ClusterRoleBinding clusterRoleBinding = 1;
}
// ClusterRoleBindingList is a collection of ClusterRoleBindings
message ClusterRoleBindingList {
// Standard object's metadata.
// +optional
optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1;
// Items is a list of ClusterRoleBindings
repeated ClusterRoleBinding items = 2;
}
// ClusterRoleList is a collection of ClusterRoles
message ClusterRoleList {
// Standard object's metadata.
// +optional
optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1;
// Items is a list of ClusterRoles
repeated ClusterRole items = 2;
}
// PolicyRule holds information that describes a policy rule, but does not contain information
// about who the rule applies to or which namespace the rule applies to.
message PolicyRule {
// Verbs is a list of Verbs that apply to ALL the ResourceKinds and AttributeRestrictions contained in this rule. VerbAll represents all kinds.
repeated string verbs = 1;
// APIGroups is the name of the APIGroup that contains the resources. If multiple API groups are specified, any action requested against one of
// the enumerated resources in any API group will be allowed.
// +optional
repeated string apiGroups = 2;
// Resources is a list of resources this rule applies to. ResourceAll represents all resources.
// +optional
repeated string resources = 3;
// ResourceNames is an optional white list of names that the rule applies to. An empty set means that everything is allowed.
// +optional
repeated string resourceNames = 4;
// NonResourceURLs is a set of partial urls that a user should have access to. *s are allowed, but only as the full, final step in the path
// Since non-resource URLs are not namespaced, this field is only applicable for ClusterRoles referenced from a ClusterRoleBinding.
// Rules can either apply to API resources (such as "pods" or "secrets") or non-resource URL paths (such as "/api"), but not both.
// +optional
repeated string nonResourceURLs = 5;
}
// +k8s:deepcopy-gen=false
// PolicyRuleBuilder let's us attach methods. A no-no for API types.
// We use it to construct rules in code. It's more compact than trying to write them
// out in a literal and allows us to perform some basic checking during construction
message PolicyRuleBuilder {
optional PolicyRule policyRule = 1;
}
// Role is a namespaced, logical grouping of PolicyRules that can be referenced as a unit by a RoleBinding.
message Role {
// Standard object's metadata.
// +optional
optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1;
// Rules holds all the PolicyRules for this Role
repeated PolicyRule rules = 2;
}
// RoleBinding references a role, but does not contain it. It can reference a Role in the same namespace or a ClusterRole in the global namespace.
// It adds who information via Subjects and namespace information by which namespace it exists in. RoleBindings in a given
// namespace only have effect in that namespace.
message RoleBinding {
// Standard object's metadata.
// +optional
optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1;
// Subjects holds references to the objects the role applies to.
repeated Subject subjects = 2;
// RoleRef can reference a Role in the current namespace or a ClusterRole in the global namespace.
// If the RoleRef cannot be resolved, the Authorizer must return an error.
optional RoleRef roleRef = 3;
}
// RoleBindingList is a collection of RoleBindings
message RoleBindingList {
// Standard object's metadata.
// +optional
optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1;
// Items is a list of RoleBindings
repeated RoleBinding items = 2;
}
// RoleList is a collection of Roles
message RoleList {
// Standard object's metadata.
// +optional
optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1;
// Items is a list of Roles
repeated Role items = 2;
}
// RoleRef contains information that points to the role being used
message RoleRef {
// APIGroup is the group for the resource being referenced
optional string apiGroup = 1;
// Kind is the type of resource being referenced
optional string kind = 2;
// Name is the name of resource being referenced
optional string name = 3;
}
// Subject contains a reference to the object or user identities a role binding applies to. This can either hold a direct API object reference,
// or a value for non-objects such as user and group names.
message Subject {
// Kind of object being referenced. Values defined by this API group are "User", "Group", and "ServiceAccount".
// If the Authorizer does not recognized the kind value, the Authorizer should report an error.
optional string kind = 1;
// APIGroup holds the API group of the referenced subject.
// Defaults to "" for ServiceAccount subjects.
// Defaults to "rbac.authorization.k8s.io" for User and Group subjects.
// +optional
optional string apiGroup = 2;
// Name of the object being referenced.
optional string name = 3;
// Namespace of the referenced object. If the object kind is non-namespace, such as "User" or "Group", and this value is not empty
// the Authorizer should report an error.
// +optional
optional string namespace = 4;
}
/*
Copyright 2017 The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// This file was autogenerated by go-to-protobuf. Do not edit it manually!
syntax = 'proto2';
package k8s.io.kubernetes.pkg.apis.settings.v1alpha1;
import "k8s.io/apimachinery/pkg/apis/meta/v1/generated.proto";
import "k8s.io/apimachinery/pkg/runtime/generated.proto";
import "k8s.io/apimachinery/pkg/runtime/schema/generated.proto";
import "k8s.io/kubernetes/pkg/api/v1/generated.proto";
// Package-wide variables from generator "generated".
option go_package = "v1alpha1";
// PodPreset is a policy resource that defines additional runtime
// requirements for a Pod.
message PodPreset {
// +optional
optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1;
// +optional
optional PodPresetSpec spec = 2;
}
// PodPresetList is a list of PodPreset objects.
message PodPresetList {
// Standard list metadata.
// More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata
// +optional
optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1;
// Items is a list of schema objects.
repeated PodPreset items = 2;
}
// PodPresetSpec is a description of a pod preset.
message PodPresetSpec {
// Selector is a label query over a set of resources, in this case pods.
// Required.
optional k8s.io.apimachinery.pkg.apis.meta.v1.LabelSelector selector = 1;
// Env defines the collection of EnvVar to inject into containers.
// +optional
repeated k8s.io.kubernetes.pkg.api.v1.EnvVar env = 2;
// EnvFrom defines the collection of EnvFromSource to inject into containers.
// +optional
repeated k8s.io.kubernetes.pkg.api.v1.EnvFromSource envFrom = 3;
// Volumes defines the collection of Volume to inject into the pod.
// +optional
repeated k8s.io.kubernetes.pkg.api.v1.Volume volumes = 4;
// VolumeMounts defines the collection of VolumeMount to inject into containers.
// +optional
repeated k8s.io.kubernetes.pkg.api.v1.VolumeMount volumeMounts = 5;
}
/*
Copyright 2017 The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// This file was autogenerated by go-to-protobuf. Do not edit it manually!
syntax = 'proto2';
package k8s.io.kubernetes.pkg.apis.storage.v1;
import "k8s.io/apimachinery/pkg/apis/meta/v1/generated.proto";
import "k8s.io/apimachinery/pkg/runtime/generated.proto";
import "k8s.io/apimachinery/pkg/runtime/schema/generated.proto";
import "k8s.io/apimachinery/pkg/util/intstr/generated.proto";
// Package-wide variables from generator "generated".
option go_package = "v1";
// StorageClass describes the parameters for a class of storage for
// which PersistentVolumes can be dynamically provisioned.
//
// StorageClasses are non-namespaced; the name of the storage class
// according to etcd is in ObjectMeta.Name.
message StorageClass {
// Standard object's metadata.
// More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata
// +optional
optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1;
// Provisioner indicates the type of the provisioner.
optional string provisioner = 2;
// Parameters holds the parameters for the provisioner that should
// create volumes of this storage class.
// +optional
map<string, string> parameters = 3;
}
// StorageClassList is a collection of storage classes.
message StorageClassList {
// Standard list metadata
// More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata
// +optional
optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1;
// Items is the list of StorageClasses
repeated StorageClass items = 2;
}
/*
Copyright 2017 The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// This file was autogenerated by go-to-protobuf. Do not edit it manually!
syntax = 'proto2';
package k8s.io.kubernetes.pkg.apis.storage.v1beta1;
import "k8s.io/apimachinery/pkg/apis/meta/v1/generated.proto";
import "k8s.io/apimachinery/pkg/runtime/generated.proto";
import "k8s.io/apimachinery/pkg/runtime/schema/generated.proto";
import "k8s.io/apimachinery/pkg/util/intstr/generated.proto";
// Package-wide variables from generator "generated".
option go_package = "v1beta1";
// StorageClass describes the parameters for a class of storage for
// which PersistentVolumes can be dynamically provisioned.
//
// StorageClasses are non-namespaced; the name of the storage class
// according to etcd is in ObjectMeta.Name.
message StorageClass {
// Standard object's metadata.
// More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata
// +optional
optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1;
// Provisioner indicates the type of the provisioner.
optional string provisioner = 2;
// Parameters holds the parameters for the provisioner that should
// create volumes of this storage class.
// +optional
map<string, string> parameters = 3;
}
// StorageClassList is a collection of storage classes.
message StorageClassList {
// Standard list metadata
// More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata
// +optional
optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1;
// Items is the list of StorageClasses
repeated StorageClass items = 2;
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment