summaryrefslogtreecommitdiff
path: root/vendor/k8s.io/api/policy/v1beta1/generated.proto
diff options
context:
space:
mode:
authorDaniel J Walsh <dwalsh@redhat.com>2018-03-30 05:49:37 -0400
committerAtomic Bot <atomic-devel@projectatomic.io>2018-04-03 14:48:52 +0000
commit838df4eec4496868e772d5708e00f38bad478718 (patch)
tree89e72bb0b9668ff4005156d590465602589ec4c3 /vendor/k8s.io/api/policy/v1beta1/generated.proto
parentf41dc0b2580ae83129264edbe45b92231bd119a2 (diff)
downloadpodman-838df4eec4496868e772d5708e00f38bad478718.tar.gz
podman-838df4eec4496868e772d5708e00f38bad478718.tar.bz2
podman-838df4eec4496868e772d5708e00f38bad478718.zip
Vendor in latest containers/image
Some more features. docker-archive generates docker legacy compatible images Do not create $DiffID subdirectories for layers with no configs Ensure the layer IDs in legacy docker/tarfile metadata are unique docker-archive: repeated layers are symlinked in the tar file sysregistries: remove all trailing slashes Improve docker/* error messages Fix failure to make auth directory Create a new slice in Schema1.UpdateLayerInfos Drop unused storageImageDestination.{image,systemContext} Load a *storage.Image only once in storageImageSource Support gzip for docker-archive files Remove .tar extension from blob and config file names ostree, src: support copy of compressed layers ostree: re-pull layer if it misses uncompressed_digest|uncompressed_size image: fix docker schema v1 -> OCI conversion Add /etc/containers/certs.d as default certs directory Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #569 Approved by: mheon
Diffstat (limited to 'vendor/k8s.io/api/policy/v1beta1/generated.proto')
-rw-r--r--vendor/k8s.io/api/policy/v1beta1/generated.proto307
1 files changed, 0 insertions, 307 deletions
diff --git a/vendor/k8s.io/api/policy/v1beta1/generated.proto b/vendor/k8s.io/api/policy/v1beta1/generated.proto
deleted file mode 100644
index 514868a9f..000000000
--- a/vendor/k8s.io/api/policy/v1beta1/generated.proto
+++ /dev/null
@@ -1,307 +0,0 @@
-/*
-Copyright 2018 The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-
-// This file was autogenerated by go-to-protobuf. Do not edit it manually!
-
-syntax = 'proto2';
-
-package k8s.io.api.policy.v1beta1;
-
-import "k8s.io/api/core/v1/generated.proto";
-import "k8s.io/apimachinery/pkg/apis/meta/v1/generated.proto";
-import "k8s.io/apimachinery/pkg/runtime/generated.proto";
-import "k8s.io/apimachinery/pkg/runtime/schema/generated.proto";
-import "k8s.io/apimachinery/pkg/util/intstr/generated.proto";
-
-// Package-wide variables from generator "generated".
-option go_package = "v1beta1";
-
-// AllowedFlexVolume represents a single Flexvolume that is allowed to be used.
-message AllowedFlexVolume {
- // Driver is the name of the Flexvolume driver.
- optional string driver = 1;
-}
-
-// defines the host volume conditions that will be enabled by a policy
-// for pods to use. It requires the path prefix to be defined.
-message AllowedHostPath {
- // is the path prefix that the host volume must match.
- // It does not support `*`.
- // Trailing slashes are trimmed when validating the path prefix with a host path.
- //
- // Examples:
- // `/foo` would allow `/foo`, `/foo/` and `/foo/bar`
- // `/foo` would not allow `/food` or `/etc/foo`
- optional string pathPrefix = 1;
-}
-
-// Eviction evicts a pod from its node subject to certain policies and safety constraints.
-// This is a subresource of Pod. A request to cause such an eviction is
-// created by POSTing to .../pods/<pod name>/evictions.
-message Eviction {
- // ObjectMeta describes the pod that is being evicted.
- optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1;
-
- // DeleteOptions may be provided
- optional k8s.io.apimachinery.pkg.apis.meta.v1.DeleteOptions deleteOptions = 2;
-}
-
-// FSGroupStrategyOptions defines the strategy type and options used to create the strategy.
-message FSGroupStrategyOptions {
- // Rule is the strategy that will dictate what FSGroup is used in the SecurityContext.
- // +optional
- optional string rule = 1;
-
- // Ranges are the allowed ranges of fs groups. If you would like to force a single
- // fs group then supply a single range with the same start and end.
- // +optional
- repeated IDRange ranges = 2;
-}
-
-// Host Port Range defines a range of host ports that will be enabled by a policy
-// for pods to use. It requires both the start and end to be defined.
-message HostPortRange {
- // min is the start of the range, inclusive.
- optional int32 min = 1;
-
- // max is the end of the range, inclusive.
- optional int32 max = 2;
-}
-
-// ID Range provides a min/max of an allowed range of IDs.
-message IDRange {
- // Min is the start of the range, inclusive.
- optional int64 min = 1;
-
- // Max is the end of the range, inclusive.
- optional int64 max = 2;
-}
-
-// PodDisruptionBudget is an object to define the max disruption that can be caused to a collection of pods
-message PodDisruptionBudget {
- optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1;
-
- // Specification of the desired behavior of the PodDisruptionBudget.
- optional PodDisruptionBudgetSpec spec = 2;
-
- // Most recently observed status of the PodDisruptionBudget.
- optional PodDisruptionBudgetStatus status = 3;
-}
-
-// PodDisruptionBudgetList is a collection of PodDisruptionBudgets.
-message PodDisruptionBudgetList {
- optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1;
-
- repeated PodDisruptionBudget items = 2;
-}
-
-// PodDisruptionBudgetSpec is a description of a PodDisruptionBudget.
-message PodDisruptionBudgetSpec {
- // An eviction is allowed if at least "minAvailable" pods selected by
- // "selector" will still be available after the eviction, i.e. even in the
- // absence of the evicted pod. So for example you can prevent all voluntary
- // evictions by specifying "100%".
- optional k8s.io.apimachinery.pkg.util.intstr.IntOrString minAvailable = 1;
-
- // Label query over pods whose evictions are managed by the disruption
- // budget.
- optional k8s.io.apimachinery.pkg.apis.meta.v1.LabelSelector selector = 2;
-
- // An eviction is allowed if at most "maxUnavailable" pods selected by
- // "selector" are unavailable after the eviction, i.e. even in absence of
- // the evicted pod. For example, one can prevent all voluntary evictions
- // by specifying 0. This is a mutually exclusive setting with "minAvailable".
- optional k8s.io.apimachinery.pkg.util.intstr.IntOrString maxUnavailable = 3;
-}
-
-// PodDisruptionBudgetStatus represents information about the status of a
-// PodDisruptionBudget. Status may trail the actual state of a system.
-message PodDisruptionBudgetStatus {
- // Most recent generation observed when updating this PDB status. PodDisruptionsAllowed and other
- // status informatio is valid only if observedGeneration equals to PDB's object generation.
- // +optional
- optional int64 observedGeneration = 1;
-
- // DisruptedPods contains information about pods whose eviction was
- // processed by the API server eviction subresource handler but has not
- // yet been observed by the PodDisruptionBudget controller.
- // A pod will be in this map from the time when the API server processed the
- // eviction request to the time when the pod is seen by PDB controller
- // as having been marked for deletion (or after a timeout). The key in the map is the name of the pod
- // and the value is the time when the API server processed the eviction request. If
- // the deletion didn't occur and a pod is still there it will be removed from
- // the list automatically by PodDisruptionBudget controller after some time.
- // If everything goes smooth this map should be empty for the most of the time.
- // Large number of entries in the map may indicate problems with pod deletions.
- map<string, k8s.io.apimachinery.pkg.apis.meta.v1.Time> disruptedPods = 2;
-
- // Number of pod disruptions that are currently allowed.
- optional int32 disruptionsAllowed = 3;
-
- // current number of healthy pods
- optional int32 currentHealthy = 4;
-
- // minimum desired number of healthy pods
- optional int32 desiredHealthy = 5;
-
- // total number of pods counted by this disruption budget
- optional int32 expectedPods = 6;
-}
-
-// Pod Security Policy governs the ability to make requests that affect the Security Context
-// that will be applied to a pod and container.
-message PodSecurityPolicy {
- // Standard object's metadata.
- // More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata
- // +optional
- optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1;
-
- // spec defines the policy enforced.
- // +optional
- optional PodSecurityPolicySpec spec = 2;
-}
-
-// Pod Security Policy List is a list of PodSecurityPolicy objects.
-message PodSecurityPolicyList {
- // Standard list metadata.
- // More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata
- // +optional
- optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1;
-
- // Items is a list of schema objects.
- repeated PodSecurityPolicy items = 2;
-}
-
-// Pod Security Policy Spec defines the policy enforced.
-message PodSecurityPolicySpec {
- // privileged determines if a pod can request to be run as privileged.
- // +optional
- optional bool privileged = 1;
-
- // DefaultAddCapabilities is the default set of capabilities that will be added to the container
- // unless the pod spec specifically drops the capability. You may not list a capability in both
- // DefaultAddCapabilities and RequiredDropCapabilities. Capabilities added here are implicitly
- // allowed, and need not be included in the AllowedCapabilities list.
- // +optional
- repeated string defaultAddCapabilities = 2;
-
- // RequiredDropCapabilities are the capabilities that will be dropped from the container. These
- // are required to be dropped and cannot be added.
- // +optional
- repeated string requiredDropCapabilities = 3;
-
- // AllowedCapabilities is a list of capabilities that can be requested to add to the container.
- // Capabilities in this field may be added at the pod author's discretion.
- // You must not list a capability in both AllowedCapabilities and RequiredDropCapabilities.
- // +optional
- repeated string allowedCapabilities = 4;
-
- // volumes is a white list of allowed volume plugins. Empty indicates that all plugins
- // may be used.
- // +optional
- repeated string volumes = 5;
-
- // hostNetwork determines if the policy allows the use of HostNetwork in the pod spec.
- // +optional
- optional bool hostNetwork = 6;
-
- // hostPorts determines which host port ranges are allowed to be exposed.
- // +optional
- repeated HostPortRange hostPorts = 7;
-
- // hostPID determines if the policy allows the use of HostPID in the pod spec.
- // +optional
- optional bool hostPID = 8;
-
- // hostIPC determines if the policy allows the use of HostIPC in the pod spec.
- // +optional
- optional bool hostIPC = 9;
-
- // seLinux is the strategy that will dictate the allowable labels that may be set.
- optional SELinuxStrategyOptions seLinux = 10;
-
- // runAsUser is the strategy that will dictate the allowable RunAsUser values that may be set.
- optional RunAsUserStrategyOptions runAsUser = 11;
-
- // SupplementalGroups is the strategy that will dictate what supplemental groups are used by the SecurityContext.
- optional SupplementalGroupsStrategyOptions supplementalGroups = 12;
-
- // FSGroup is the strategy that will dictate what fs group is used by the SecurityContext.
- optional FSGroupStrategyOptions fsGroup = 13;
-
- // ReadOnlyRootFilesystem when set to true will force containers to run with a read only root file
- // system. If the container specifically requests to run with a non-read only root file system
- // the PSP should deny the pod.
- // If set to false the container may run with a read only root file system if it wishes but it
- // will not be forced to.
- // +optional
- optional bool readOnlyRootFilesystem = 14;
-
- // DefaultAllowPrivilegeEscalation controls the default setting for whether a
- // process can gain more privileges than its parent process.
- // +optional
- optional bool defaultAllowPrivilegeEscalation = 15;
-
- // AllowPrivilegeEscalation determines if a pod can request to allow
- // privilege escalation. If unspecified, defaults to true.
- // +optional
- optional bool allowPrivilegeEscalation = 16;
-
- // is a white list of allowed host paths. Empty indicates that all host paths may be used.
- // +optional
- repeated AllowedHostPath allowedHostPaths = 17;
-
- // AllowedFlexVolumes is a whitelist of allowed Flexvolumes. Empty or nil indicates that all
- // Flexvolumes may be used. This parameter is effective only when the usage of the Flexvolumes
- // is allowed in the "Volumes" field.
- // +optional
- repeated AllowedFlexVolume allowedFlexVolumes = 18;
-}
-
-// Run A sUser Strategy Options defines the strategy type and any options used to create the strategy.
-message RunAsUserStrategyOptions {
- // Rule is the strategy that will dictate the allowable RunAsUser values that may be set.
- optional string rule = 1;
-
- // Ranges are the allowed ranges of uids that may be used.
- // +optional
- repeated IDRange ranges = 2;
-}
-
-// SELinux Strategy Options defines the strategy type and any options used to create the strategy.
-message SELinuxStrategyOptions {
- // type is the strategy that will dictate the allowable labels that may be set.
- optional string rule = 1;
-
- // seLinuxOptions required to run as; required for MustRunAs
- // More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
- // +optional
- optional k8s.io.api.core.v1.SELinuxOptions seLinuxOptions = 2;
-}
-
-// SupplementalGroupsStrategyOptions defines the strategy type and options used to create the strategy.
-message SupplementalGroupsStrategyOptions {
- // Rule is the strategy that will dictate what supplemental groups is used in the SecurityContext.
- // +optional
- optional string rule = 1;
-
- // Ranges are the allowed ranges of supplemental groups. If you would like to force a single
- // supplemental group then supply a single range with the same start and end.
- // +optional
- repeated IDRange ranges = 2;
-}
-