1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
|
/*
Copyright 2017 The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// This file was autogenerated by go-to-protobuf. Do not edit it manually!
syntax = 'proto2';
package k8s.io.client_go.pkg.apis.admissionregistration.v1alpha1;
import "k8s.io/apimachinery/pkg/apis/meta/v1/generated.proto";
import "k8s.io/apimachinery/pkg/runtime/generated.proto";
import "k8s.io/apimachinery/pkg/runtime/schema/generated.proto";
import "k8s.io/apimachinery/pkg/util/intstr/generated.proto";
// Package-wide variables from generator "generated".
option go_package = "v1alpha1";
// AdmissionHookClientConfig contains the information to make a TLS
// connection with the webhook
message AdmissionHookClientConfig {
// Service is a reference to the service for this webhook. If there is only
// one port open for the service, that port will be used. If there are multiple
// ports open, port 443 will be used if it is open, otherwise it is an error.
// Required
optional ServiceReference service = 1;
// CABundle is a PEM encoded CA bundle which will be used to validate webhook's server certificate.
// Required
optional bytes caBundle = 2;
}
// ExternalAdmissionHook describes an external admission webhook and the
// resources and operations it applies to.
message ExternalAdmissionHook {
// The name of the external admission webhook.
// Name should be fully qualified, e.g., imagepolicy.kubernetes.io, where
// "imagepolicy" is the name of the webhook, and kubernetes.io is the name
// of the organization.
// Required.
optional string name = 1;
// ClientConfig defines how to communicate with the hook.
// Required
optional AdmissionHookClientConfig clientConfig = 2;
// Rules describes what operations on what resources/subresources the webhook cares about.
// The webhook cares about an operation if it matches _any_ Rule.
repeated RuleWithOperations rules = 3;
// FailurePolicy defines how unrecognized errors from the admission endpoint are handled -
// allowed values are Ignore or Fail. Defaults to Ignore.
// +optional
optional string failurePolicy = 4;
}
// ExternalAdmissionHookConfiguration describes the configuration of initializers.
message ExternalAdmissionHookConfiguration {
// Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata.
// +optional
optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1;
// ExternalAdmissionHooks is a list of external admission webhooks and the
// affected resources and operations.
// +optional
// +patchMergeKey=name
// +patchStrategy=merge
repeated ExternalAdmissionHook externalAdmissionHooks = 2;
}
// ExternalAdmissionHookConfigurationList is a list of ExternalAdmissionHookConfiguration.
message ExternalAdmissionHookConfigurationList {
// Standard list metadata.
// More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds
// +optional
optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1;
// List of ExternalAdmissionHookConfiguration.
repeated ExternalAdmissionHookConfiguration items = 2;
}
// Initializer describes the name and the failure policy of an initializer, and
// what resources it applies to.
message Initializer {
// Name is the identifier of the initializer. It will be added to the
// object that needs to be initialized.
// Name should be fully qualified, e.g., alwayspullimages.kubernetes.io, where
// "alwayspullimages" is the name of the webhook, and kubernetes.io is the name
// of the organization.
// Required
optional string name = 1;
// Rules describes what resources/subresources the initializer cares about.
// The initializer cares about an operation if it matches _any_ Rule.
// Rule.Resources must not include subresources.
repeated Rule rules = 2;
// FailurePolicy defines what happens if the responsible initializer controller
// fails to takes action. Allowed values are Ignore, or Fail. If "Ignore" is
// set, initializer is removed from the initializers list of an object if
// the timeout is reached; If "Fail" is set, admissionregistration returns timeout error
// if the timeout is reached.
optional string failurePolicy = 3;
}
// InitializerConfiguration describes the configuration of initializers.
message InitializerConfiguration {
// Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata.
// +optional
optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1;
// Initializers is a list of resources and their default initializers
// Order-sensitive.
// When merging multiple InitializerConfigurations, we sort the initializers
// from different InitializerConfigurations by the name of the
// InitializerConfigurations; the order of the initializers from the same
// InitializerConfiguration is preserved.
// +patchMergeKey=name
// +patchStrategy=merge
// +optional
repeated Initializer initializers = 2;
}
// InitializerConfigurationList is a list of InitializerConfiguration.
message InitializerConfigurationList {
// Standard list metadata.
// More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds
// +optional
optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1;
// List of InitializerConfiguration.
repeated InitializerConfiguration items = 2;
}
// Rule is a tuple of APIGroups, APIVersion, and Resources.It is recommended
// to make sure that all the tuple expansions are valid.
message Rule {
// APIGroups is the API groups the resources belong to. '*' is all groups.
// If '*' is present, the length of the slice must be one.
// Required.
repeated string apiGroups = 1;
// APIVersions is the API versions the resources belong to. '*' is all versions.
// If '*' is present, the length of the slice must be one.
// Required.
repeated string apiVersions = 2;
// Resources is a list of resources this rule applies to.
//
// For example:
// 'pods' means pods.
// 'pods/log' means the log subresource of pods.
// '*' means all resources, but not subresources.
// 'pods/*' means all subresources of pods.
// '*/scale' means all scale subresources.
// '*/*' means all resources and their subresources.
//
// If wildcard is present, the validation rule will ensure resources do not
// overlap with each other.
//
// Depending on the enclosing object, subresources might not be allowed.
// Required.
repeated string resources = 3;
}
// RuleWithOperations is a tuple of Operations and Resources. It is recommended to make
// sure that all the tuple expansions are valid.
message RuleWithOperations {
// Operations is the operations the admission hook cares about - CREATE, UPDATE, or *
// for all operations.
// If '*' is present, the length of the slice must be one.
// Required.
repeated string operations = 1;
// Rule is embedded, it describes other criteria of the rule, like
// APIGroups, APIVersions, Resources, etc.
optional Rule rule = 2;
}
// ServiceReference holds a reference to Service.legacy.k8s.io
message ServiceReference {
// Namespace is the namespace of the service
// Required
optional string namespace = 1;
// Name is the name of the service
// Required
optional string name = 2;
}
|