blob: a81cce680ccc3952de2a80bc60979243845f99f1 [file] [log] [blame]
Matteo Scandoloa4285862020-12-01 18:10:10 -08001/*
2Copyright The Kubernetes Authors.
3
4Licensed under the Apache License, Version 2.0 (the "License");
5you may not use this file except in compliance with the License.
6You may obtain a copy of the License at
7
8 http://www.apache.org/licenses/LICENSE-2.0
9
10Unless required by applicable law or agreed to in writing, software
11distributed under the License is distributed on an "AS IS" BASIS,
12WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13See the License for the specific language governing permissions and
14limitations under the License.
15*/
16
17
18// This file was autogenerated by go-to-protobuf. Do not edit it manually!
19
20syntax = 'proto2';
21
22package k8s.io.api.extensions.v1beta1;
23
24import "k8s.io/api/core/v1/generated.proto";
25import "k8s.io/apimachinery/pkg/apis/meta/v1/generated.proto";
26import "k8s.io/apimachinery/pkg/runtime/generated.proto";
27import "k8s.io/apimachinery/pkg/runtime/schema/generated.proto";
28import "k8s.io/apimachinery/pkg/util/intstr/generated.proto";
29
30// Package-wide variables from generator "generated".
31option go_package = "v1beta1";
32
33// AllowedCSIDriver represents a single inline CSI Driver that is allowed to be used.
34message AllowedCSIDriver {
35 // Name is the registered name of the CSI driver
36 optional string name = 1;
37}
38
39// AllowedFlexVolume represents a single Flexvolume that is allowed to be used.
40// Deprecated: use AllowedFlexVolume from policy API Group instead.
41message AllowedFlexVolume {
42 // driver is the name of the Flexvolume driver.
43 optional string driver = 1;
44}
45
46// AllowedHostPath defines the host volume conditions that will be enabled by a policy
47// for pods to use. It requires the path prefix to be defined.
48// Deprecated: use AllowedHostPath from policy API Group instead.
49message AllowedHostPath {
50 // pathPrefix is the path prefix that the host volume must match.
51 // It does not support `*`.
52 // Trailing slashes are trimmed when validating the path prefix with a host path.
53 //
54 // Examples:
55 // `/foo` would allow `/foo`, `/foo/` and `/foo/bar`
56 // `/foo` would not allow `/food` or `/etc/foo`
57 optional string pathPrefix = 1;
58
59 // when set to true, will allow host volumes matching the pathPrefix only if all volume mounts are readOnly.
60 // +optional
61 optional bool readOnly = 2;
62}
63
64// DEPRECATED - This group version of DaemonSet is deprecated by apps/v1beta2/DaemonSet. See the release notes for
65// more information.
66// DaemonSet represents the configuration of a daemon set.
67message DaemonSet {
68 // Standard object's metadata.
69 // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
70 // +optional
71 optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1;
72
73 // The desired behavior of this daemon set.
74 // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
75 // +optional
76 optional DaemonSetSpec spec = 2;
77
78 // The current status of this daemon set. This data may be
79 // out of date by some window of time.
80 // Populated by the system.
81 // Read-only.
82 // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
83 // +optional
84 optional DaemonSetStatus status = 3;
85}
86
87// DaemonSetCondition describes the state of a DaemonSet at a certain point.
88message DaemonSetCondition {
89 // Type of DaemonSet condition.
90 optional string type = 1;
91
92 // Status of the condition, one of True, False, Unknown.
93 optional string status = 2;
94
95 // Last time the condition transitioned from one status to another.
96 // +optional
97 optional k8s.io.apimachinery.pkg.apis.meta.v1.Time lastTransitionTime = 3;
98
99 // The reason for the condition's last transition.
100 // +optional
101 optional string reason = 4;
102
103 // A human readable message indicating details about the transition.
104 // +optional
105 optional string message = 5;
106}
107
108// DaemonSetList is a collection of daemon sets.
109message DaemonSetList {
110 // Standard list metadata.
111 // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
112 // +optional
113 optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1;
114
115 // A list of daemon sets.
116 repeated DaemonSet items = 2;
117}
118
119// DaemonSetSpec is the specification of a daemon set.
120message DaemonSetSpec {
121 // A label query over pods that are managed by the daemon set.
122 // Must match in order to be controlled.
123 // If empty, defaulted to labels on Pod template.
124 // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors
125 // +optional
126 optional k8s.io.apimachinery.pkg.apis.meta.v1.LabelSelector selector = 1;
127
128 // An object that describes the pod that will be created.
129 // The DaemonSet will create exactly one copy of this pod on every node
130 // that matches the template's node selector (or on every node if no node
131 // selector is specified).
132 // More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller#pod-template
133 optional k8s.io.api.core.v1.PodTemplateSpec template = 2;
134
135 // An update strategy to replace existing DaemonSet pods with new pods.
136 // +optional
137 optional DaemonSetUpdateStrategy updateStrategy = 3;
138
139 // The minimum number of seconds for which a newly created DaemonSet pod should
140 // be ready without any of its container crashing, for it to be considered
141 // available. Defaults to 0 (pod will be considered available as soon as it
142 // is ready).
143 // +optional
144 optional int32 minReadySeconds = 4;
145
146 // DEPRECATED.
147 // A sequence number representing a specific generation of the template.
148 // Populated by the system. It can be set only during the creation.
149 // +optional
150 optional int64 templateGeneration = 5;
151
152 // The number of old history to retain to allow rollback.
153 // This is a pointer to distinguish between explicit zero and not specified.
154 // Defaults to 10.
155 // +optional
156 optional int32 revisionHistoryLimit = 6;
157}
158
159// DaemonSetStatus represents the current status of a daemon set.
160message DaemonSetStatus {
161 // The number of nodes that are running at least 1
162 // daemon pod and are supposed to run the daemon pod.
163 // More info: https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/
164 optional int32 currentNumberScheduled = 1;
165
166 // The number of nodes that are running the daemon pod, but are
167 // not supposed to run the daemon pod.
168 // More info: https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/
169 optional int32 numberMisscheduled = 2;
170
171 // The total number of nodes that should be running the daemon
172 // pod (including nodes correctly running the daemon pod).
173 // More info: https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/
174 optional int32 desiredNumberScheduled = 3;
175
176 // The number of nodes that should be running the daemon pod and have one
177 // or more of the daemon pod running and ready.
178 optional int32 numberReady = 4;
179
180 // The most recent generation observed by the daemon set controller.
181 // +optional
182 optional int64 observedGeneration = 5;
183
184 // The total number of nodes that are running updated daemon pod
185 // +optional
186 optional int32 updatedNumberScheduled = 6;
187
188 // The number of nodes that should be running the
189 // daemon pod and have one or more of the daemon pod running and
190 // available (ready for at least spec.minReadySeconds)
191 // +optional
192 optional int32 numberAvailable = 7;
193
194 // The number of nodes that should be running the
195 // daemon pod and have none of the daemon pod running and available
196 // (ready for at least spec.minReadySeconds)
197 // +optional
198 optional int32 numberUnavailable = 8;
199
200 // Count of hash collisions for the DaemonSet. The DaemonSet controller
201 // uses this field as a collision avoidance mechanism when it needs to
202 // create the name for the newest ControllerRevision.
203 // +optional
204 optional int32 collisionCount = 9;
205
206 // Represents the latest available observations of a DaemonSet's current state.
207 // +optional
208 // +patchMergeKey=type
209 // +patchStrategy=merge
210 repeated DaemonSetCondition conditions = 10;
211}
212
213message DaemonSetUpdateStrategy {
214 // Type of daemon set update. Can be "RollingUpdate" or "OnDelete".
215 // Default is OnDelete.
216 // +optional
217 optional string type = 1;
218
219 // Rolling update config params. Present only if type = "RollingUpdate".
220 // ---
221 // TODO: Update this to follow our convention for oneOf, whatever we decide it
222 // to be. Same as Deployment `strategy.rollingUpdate`.
223 // See https://github.com/kubernetes/kubernetes/issues/35345
224 // +optional
225 optional RollingUpdateDaemonSet rollingUpdate = 2;
226}
227
228// DEPRECATED - This group version of Deployment is deprecated by apps/v1beta2/Deployment. See the release notes for
229// more information.
230// Deployment enables declarative updates for Pods and ReplicaSets.
231message Deployment {
232 // Standard object metadata.
233 // +optional
234 optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1;
235
236 // Specification of the desired behavior of the Deployment.
237 // +optional
238 optional DeploymentSpec spec = 2;
239
240 // Most recently observed status of the Deployment.
241 // +optional
242 optional DeploymentStatus status = 3;
243}
244
245// DeploymentCondition describes the state of a deployment at a certain point.
246message DeploymentCondition {
247 // Type of deployment condition.
248 optional string type = 1;
249
250 // Status of the condition, one of True, False, Unknown.
251 optional string status = 2;
252
253 // The last time this condition was updated.
254 optional k8s.io.apimachinery.pkg.apis.meta.v1.Time lastUpdateTime = 6;
255
256 // Last time the condition transitioned from one status to another.
257 optional k8s.io.apimachinery.pkg.apis.meta.v1.Time lastTransitionTime = 7;
258
259 // The reason for the condition's last transition.
260 optional string reason = 4;
261
262 // A human readable message indicating details about the transition.
263 optional string message = 5;
264}
265
266// DeploymentList is a list of Deployments.
267message DeploymentList {
268 // Standard list metadata.
269 // +optional
270 optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1;
271
272 // Items is the list of Deployments.
273 repeated Deployment items = 2;
274}
275
276// DEPRECATED.
277// DeploymentRollback stores the information required to rollback a deployment.
278message DeploymentRollback {
279 // Required: This must match the Name of a deployment.
280 optional string name = 1;
281
282 // The annotations to be updated to a deployment
283 // +optional
284 map<string, string> updatedAnnotations = 2;
285
286 // The config of this deployment rollback.
287 optional RollbackConfig rollbackTo = 3;
288}
289
290// DeploymentSpec is the specification of the desired behavior of the Deployment.
291message DeploymentSpec {
292 // Number of desired pods. This is a pointer to distinguish between explicit
293 // zero and not specified. Defaults to 1.
294 // +optional
295 optional int32 replicas = 1;
296
297 // Label selector for pods. Existing ReplicaSets whose pods are
298 // selected by this will be the ones affected by this deployment.
299 // +optional
300 optional k8s.io.apimachinery.pkg.apis.meta.v1.LabelSelector selector = 2;
301
302 // Template describes the pods that will be created.
303 optional k8s.io.api.core.v1.PodTemplateSpec template = 3;
304
305 // The deployment strategy to use to replace existing pods with new ones.
306 // +optional
307 // +patchStrategy=retainKeys
308 optional DeploymentStrategy strategy = 4;
309
310 // Minimum number of seconds for which a newly created pod should be ready
311 // without any of its container crashing, for it to be considered available.
312 // Defaults to 0 (pod will be considered available as soon as it is ready)
313 // +optional
314 optional int32 minReadySeconds = 5;
315
316 // The number of old ReplicaSets to retain to allow rollback.
317 // This is a pointer to distinguish between explicit zero and not specified.
318 // This is set to the max value of int32 (i.e. 2147483647) by default, which
319 // means "retaining all old ReplicaSets".
320 // +optional
321 optional int32 revisionHistoryLimit = 6;
322
323 // Indicates that the deployment is paused and will not be processed by the
324 // deployment controller.
325 // +optional
326 optional bool paused = 7;
327
328 // DEPRECATED.
329 // The config this deployment is rolling back to. Will be cleared after rollback is done.
330 // +optional
331 optional RollbackConfig rollbackTo = 8;
332
333 // The maximum time in seconds for a deployment to make progress before it
334 // is considered to be failed. The deployment controller will continue to
335 // process failed deployments and a condition with a ProgressDeadlineExceeded
336 // reason will be surfaced in the deployment status. Note that progress will
337 // not be estimated during the time a deployment is paused. This is set to
338 // the max value of int32 (i.e. 2147483647) by default, which means "no deadline".
339 // +optional
340 optional int32 progressDeadlineSeconds = 9;
341}
342
343// DeploymentStatus is the most recently observed status of the Deployment.
344message DeploymentStatus {
345 // The generation observed by the deployment controller.
346 // +optional
347 optional int64 observedGeneration = 1;
348
349 // Total number of non-terminated pods targeted by this deployment (their labels match the selector).
350 // +optional
351 optional int32 replicas = 2;
352
353 // Total number of non-terminated pods targeted by this deployment that have the desired template spec.
354 // +optional
355 optional int32 updatedReplicas = 3;
356
357 // Total number of ready pods targeted by this deployment.
358 // +optional
359 optional int32 readyReplicas = 7;
360
361 // Total number of available pods (ready for at least minReadySeconds) targeted by this deployment.
362 // +optional
363 optional int32 availableReplicas = 4;
364
365 // Total number of unavailable pods targeted by this deployment. This is the total number of
366 // pods that are still required for the deployment to have 100% available capacity. They may
367 // either be pods that are running but not yet available or pods that still have not been created.
368 // +optional
369 optional int32 unavailableReplicas = 5;
370
371 // Represents the latest available observations of a deployment's current state.
372 // +patchMergeKey=type
373 // +patchStrategy=merge
374 repeated DeploymentCondition conditions = 6;
375
376 // Count of hash collisions for the Deployment. The Deployment controller uses this
377 // field as a collision avoidance mechanism when it needs to create the name for the
378 // newest ReplicaSet.
379 // +optional
380 optional int32 collisionCount = 8;
381}
382
383// DeploymentStrategy describes how to replace existing pods with new ones.
384message DeploymentStrategy {
385 // Type of deployment. Can be "Recreate" or "RollingUpdate". Default is RollingUpdate.
386 // +optional
387 optional string type = 1;
388
389 // Rolling update config params. Present only if DeploymentStrategyType =
390 // RollingUpdate.
391 // ---
392 // TODO: Update this to follow our convention for oneOf, whatever we decide it
393 // to be.
394 // +optional
395 optional RollingUpdateDeployment rollingUpdate = 2;
396}
397
398// FSGroupStrategyOptions defines the strategy type and options used to create the strategy.
399// Deprecated: use FSGroupStrategyOptions from policy API Group instead.
400message FSGroupStrategyOptions {
401 // rule is the strategy that will dictate what FSGroup is used in the SecurityContext.
402 // +optional
403 optional string rule = 1;
404
405 // ranges are the allowed ranges of fs groups. If you would like to force a single
406 // fs group then supply a single range with the same start and end. Required for MustRunAs.
407 // +optional
408 repeated IDRange ranges = 2;
409}
410
411// HTTPIngressPath associates a path with a backend. Incoming urls matching the
412// path are forwarded to the backend.
413message HTTPIngressPath {
414 // Path is matched against the path of an incoming request. Currently it can
415 // contain characters disallowed from the conventional "path" part of a URL
416 // as defined by RFC 3986. Paths must begin with a '/'. When unspecified,
417 // all paths from incoming requests are matched.
418 // +optional
419 optional string path = 1;
420
421 // PathType determines the interpretation of the Path matching. PathType can
422 // be one of the following values:
423 // * Exact: Matches the URL path exactly.
424 // * Prefix: Matches based on a URL path prefix split by '/'. Matching is
425 // done on a path element by element basis. A path element refers is the
426 // list of labels in the path split by the '/' separator. A request is a
427 // match for path p if every p is an element-wise prefix of p of the
428 // request path. Note that if the last element of the path is a substring
429 // of the last element in request path, it is not a match (e.g. /foo/bar
430 // matches /foo/bar/baz, but does not match /foo/barbaz).
431 // * ImplementationSpecific: Interpretation of the Path matching is up to
432 // the IngressClass. Implementations can treat this as a separate PathType
433 // or treat it identically to Prefix or Exact path types.
434 // Implementations are required to support all path types.
435 // Defaults to ImplementationSpecific.
436 optional string pathType = 3;
437
438 // Backend defines the referenced service endpoint to which the traffic
439 // will be forwarded to.
440 optional IngressBackend backend = 2;
441}
442
443// HTTPIngressRuleValue is a list of http selectors pointing to backends.
444// In the example: http://<host>/<path>?<searchpart> -> backend where
445// where parts of the url correspond to RFC 3986, this resource will be used
446// to match against everything after the last '/' and before the first '?'
447// or '#'.
448message HTTPIngressRuleValue {
449 // A collection of paths that map requests to backends.
450 repeated HTTPIngressPath paths = 1;
451}
452
453// HostPortRange defines a range of host ports that will be enabled by a policy
454// for pods to use. It requires both the start and end to be defined.
455// Deprecated: use HostPortRange from policy API Group instead.
456message HostPortRange {
457 // min is the start of the range, inclusive.
458 optional int32 min = 1;
459
460 // max is the end of the range, inclusive.
461 optional int32 max = 2;
462}
463
464// IDRange provides a min/max of an allowed range of IDs.
465// Deprecated: use IDRange from policy API Group instead.
466message IDRange {
467 // min is the start of the range, inclusive.
468 optional int64 min = 1;
469
470 // max is the end of the range, inclusive.
471 optional int64 max = 2;
472}
473
474// DEPRECATED 1.9 - This group version of IPBlock is deprecated by networking/v1/IPBlock.
475// IPBlock describes a particular CIDR (Ex. "192.168.1.1/24","2001:db9::/64") that is allowed
476// to the pods matched by a NetworkPolicySpec's podSelector. The except entry describes CIDRs
477// that should not be included within this rule.
478message IPBlock {
479 // CIDR is a string representing the IP Block
480 // Valid examples are "192.168.1.1/24" or "2001:db9::/64"
481 optional string cidr = 1;
482
483 // Except is a slice of CIDRs that should not be included within an IP Block
484 // Valid examples are "192.168.1.1/24" or "2001:db9::/64"
485 // Except values will be rejected if they are outside the CIDR range
486 // +optional
487 repeated string except = 2;
488}
489
490// Ingress is a collection of rules that allow inbound connections to reach the
491// endpoints defined by a backend. An Ingress can be configured to give services
492// externally-reachable urls, load balance traffic, terminate SSL, offer name
493// based virtual hosting etc.
494// DEPRECATED - This group version of Ingress is deprecated by networking.k8s.io/v1beta1 Ingress. See the release notes for more information.
495message Ingress {
496 // Standard object's metadata.
497 // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
498 // +optional
499 optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1;
500
501 // Spec is the desired state of the Ingress.
502 // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
503 // +optional
504 optional IngressSpec spec = 2;
505
506 // Status is the current state of the Ingress.
507 // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
508 // +optional
509 optional IngressStatus status = 3;
510}
511
512// IngressBackend describes all endpoints for a given service and port.
513message IngressBackend {
514 // Specifies the name of the referenced service.
515 // +optional
516 optional string serviceName = 1;
517
518 // Specifies the port of the referenced service.
519 // +optional
520 optional k8s.io.apimachinery.pkg.util.intstr.IntOrString servicePort = 2;
521
522 // Resource is an ObjectRef to another Kubernetes resource in the namespace
523 // of the Ingress object. If resource is specified, serviceName and servicePort
524 // must not be specified.
525 // +optional
526 optional k8s.io.api.core.v1.TypedLocalObjectReference resource = 3;
527}
528
529// IngressList is a collection of Ingress.
530message IngressList {
531 // Standard object's metadata.
532 // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
533 // +optional
534 optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1;
535
536 // Items is the list of Ingress.
537 repeated Ingress items = 2;
538}
539
540// IngressRule represents the rules mapping the paths under a specified host to
541// the related backend services. Incoming requests are first evaluated for a host
542// match, then routed to the backend associated with the matching IngressRuleValue.
543message IngressRule {
544 // Host is the fully qualified domain name of a network host, as defined by RFC 3986.
545 // Note the following deviations from the "host" part of the
546 // URI as defined in RFC 3986:
547 // 1. IPs are not allowed. Currently an IngressRuleValue can only apply to
548 // the IP in the Spec of the parent Ingress.
549 // 2. The `:` delimiter is not respected because ports are not allowed.
550 // Currently the port of an Ingress is implicitly :80 for http and
551 // :443 for https.
552 // Both these may change in the future.
553 // Incoming requests are matched against the host before the
554 // IngressRuleValue. If the host is unspecified, the Ingress routes all
555 // traffic based on the specified IngressRuleValue.
556 //
557 // Host can be "precise" which is a domain name without the terminating dot of
558 // a network host (e.g. "foo.bar.com") or "wildcard", which is a domain name
559 // prefixed with a single wildcard label (e.g. "*.foo.com").
560 // The wildcard character '*' must appear by itself as the first DNS label and
561 // matches only a single label. You cannot have a wildcard label by itself (e.g. Host == "*").
562 // Requests will be matched against the Host field in the following way:
563 // 1. If Host is precise, the request matches this rule if the http host header is equal to Host.
564 // 2. If Host is a wildcard, then the request matches this rule if the http host header
565 // is to equal to the suffix (removing the first label) of the wildcard rule.
566 // +optional
567 optional string host = 1;
568
569 // IngressRuleValue represents a rule to route requests for this IngressRule.
570 // If unspecified, the rule defaults to a http catch-all. Whether that sends
571 // just traffic matching the host to the default backend or all traffic to the
572 // default backend, is left to the controller fulfilling the Ingress. Http is
573 // currently the only supported IngressRuleValue.
574 // +optional
575 optional IngressRuleValue ingressRuleValue = 2;
576}
577
578// IngressRuleValue represents a rule to apply against incoming requests. If the
579// rule is satisfied, the request is routed to the specified backend. Currently
580// mixing different types of rules in a single Ingress is disallowed, so exactly
581// one of the following must be set.
582message IngressRuleValue {
583 // +optional
584 optional HTTPIngressRuleValue http = 1;
585}
586
587// IngressSpec describes the Ingress the user wishes to exist.
588message IngressSpec {
589 // IngressClassName is the name of the IngressClass cluster resource. The
590 // associated IngressClass defines which controller will implement the
591 // resource. This replaces the deprecated `kubernetes.io/ingress.class`
592 // annotation. For backwards compatibility, when that annotation is set, it
593 // must be given precedence over this field. The controller may emit a
594 // warning if the field and annotation have different values.
595 // Implementations of this API should ignore Ingresses without a class
596 // specified. An IngressClass resource may be marked as default, which can
597 // be used to set a default value for this field. For more information,
598 // refer to the IngressClass documentation.
599 // +optional
600 optional string ingressClassName = 4;
601
602 // A default backend capable of servicing requests that don't match any
603 // rule. At least one of 'backend' or 'rules' must be specified. This field
604 // is optional to allow the loadbalancer controller or defaulting logic to
605 // specify a global default.
606 // +optional
607 optional IngressBackend backend = 1;
608
609 // TLS configuration. Currently the Ingress only supports a single TLS
610 // port, 443. If multiple members of this list specify different hosts, they
611 // will be multiplexed on the same port according to the hostname specified
612 // through the SNI TLS extension, if the ingress controller fulfilling the
613 // ingress supports SNI.
614 // +optional
615 repeated IngressTLS tls = 2;
616
617 // A list of host rules used to configure the Ingress. If unspecified, or
618 // no rule matches, all traffic is sent to the default backend.
619 // +optional
620 repeated IngressRule rules = 3;
621}
622
623// IngressStatus describe the current state of the Ingress.
624message IngressStatus {
625 // LoadBalancer contains the current status of the load-balancer.
626 // +optional
627 optional k8s.io.api.core.v1.LoadBalancerStatus loadBalancer = 1;
628}
629
630// IngressTLS describes the transport layer security associated with an Ingress.
631message IngressTLS {
632 // Hosts are a list of hosts included in the TLS certificate. The values in
633 // this list must match the name/s used in the tlsSecret. Defaults to the
634 // wildcard host setting for the loadbalancer controller fulfilling this
635 // Ingress, if left unspecified.
636 // +optional
637 repeated string hosts = 1;
638
639 // SecretName is the name of the secret used to terminate SSL traffic on 443.
640 // Field is left optional to allow SSL routing based on SNI hostname alone.
641 // If the SNI host in a listener conflicts with the "Host" header field used
642 // by an IngressRule, the SNI host is used for termination and value of the
643 // Host header is used for routing.
644 // +optional
645 optional string secretName = 2;
646}
647
648// DEPRECATED 1.9 - This group version of NetworkPolicy is deprecated by networking/v1/NetworkPolicy.
649// NetworkPolicy describes what network traffic is allowed for a set of Pods
650message NetworkPolicy {
651 // Standard object's metadata.
652 // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
653 // +optional
654 optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1;
655
656 // Specification of the desired behavior for this NetworkPolicy.
657 // +optional
658 optional NetworkPolicySpec spec = 2;
659}
660
661// DEPRECATED 1.9 - This group version of NetworkPolicyEgressRule is deprecated by networking/v1/NetworkPolicyEgressRule.
662// NetworkPolicyEgressRule describes a particular set of traffic that is allowed out of pods
663// matched by a NetworkPolicySpec's podSelector. The traffic must match both ports and to.
664// This type is beta-level in 1.8
665message NetworkPolicyEgressRule {
666 // List of destination ports for outgoing traffic.
667 // Each item in this list is combined using a logical OR. If this field is
668 // empty or missing, this rule matches all ports (traffic not restricted by port).
669 // If this field is present and contains at least one item, then this rule allows
670 // traffic only if the traffic matches at least one port in the list.
671 // +optional
672 repeated NetworkPolicyPort ports = 1;
673
674 // List of destinations for outgoing traffic of pods selected for this rule.
675 // Items in this list are combined using a logical OR operation. If this field is
676 // empty or missing, this rule matches all destinations (traffic not restricted by
677 // destination). If this field is present and contains at least one item, this rule
678 // allows traffic only if the traffic matches at least one item in the to list.
679 // +optional
680 repeated NetworkPolicyPeer to = 2;
681}
682
683// DEPRECATED 1.9 - This group version of NetworkPolicyIngressRule is deprecated by networking/v1/NetworkPolicyIngressRule.
684// This NetworkPolicyIngressRule matches traffic if and only if the traffic matches both ports AND from.
685message NetworkPolicyIngressRule {
686 // List of ports which should be made accessible on the pods selected for this rule.
687 // Each item in this list is combined using a logical OR.
688 // If this field is empty or missing, this rule matches all ports (traffic not restricted by port).
689 // If this field is present and contains at least one item, then this rule allows traffic
690 // only if the traffic matches at least one port in the list.
691 // +optional
692 repeated NetworkPolicyPort ports = 1;
693
694 // List of sources which should be able to access the pods selected for this rule.
695 // Items in this list are combined using a logical OR operation.
696 // If this field is empty or missing, this rule matches all sources (traffic not restricted by source).
697 // If this field is present and contains at least one item, this rule allows traffic only if the
698 // traffic matches at least one item in the from list.
699 // +optional
700 repeated NetworkPolicyPeer from = 2;
701}
702
703// DEPRECATED 1.9 - This group version of NetworkPolicyList is deprecated by networking/v1/NetworkPolicyList.
704// Network Policy List is a list of NetworkPolicy objects.
705message NetworkPolicyList {
706 // Standard list metadata.
707 // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
708 // +optional
709 optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1;
710
711 // Items is a list of schema objects.
712 repeated NetworkPolicy items = 2;
713}
714
715// DEPRECATED 1.9 - This group version of NetworkPolicyPeer is deprecated by networking/v1/NetworkPolicyPeer.
716message NetworkPolicyPeer {
717 // This is a label selector which selects Pods. This field follows standard label
718 // selector semantics; if present but empty, it selects all pods.
719 //
720 // If NamespaceSelector is also set, then the NetworkPolicyPeer as a whole selects
721 // the Pods matching PodSelector in the Namespaces selected by NamespaceSelector.
722 // Otherwise it selects the Pods matching PodSelector in the policy's own Namespace.
723 // +optional
724 optional k8s.io.apimachinery.pkg.apis.meta.v1.LabelSelector podSelector = 1;
725
726 // Selects Namespaces using cluster-scoped labels. This field follows standard label
727 // selector semantics; if present but empty, it selects all namespaces.
728 //
729 // If PodSelector is also set, then the NetworkPolicyPeer as a whole selects
730 // the Pods matching PodSelector in the Namespaces selected by NamespaceSelector.
731 // Otherwise it selects all Pods in the Namespaces selected by NamespaceSelector.
732 // +optional
733 optional k8s.io.apimachinery.pkg.apis.meta.v1.LabelSelector namespaceSelector = 2;
734
735 // IPBlock defines policy on a particular IPBlock. If this field is set then
736 // neither of the other fields can be.
737 // +optional
738 optional IPBlock ipBlock = 3;
739}
740
741// DEPRECATED 1.9 - This group version of NetworkPolicyPort is deprecated by networking/v1/NetworkPolicyPort.
742message NetworkPolicyPort {
743 // Optional. The protocol (TCP, UDP, or SCTP) which traffic must match.
744 // If not specified, this field defaults to TCP.
745 // +optional
746 optional string protocol = 1;
747
748 // If specified, the port on the given protocol. This can
749 // either be a numerical or named port on a pod. If this field is not provided,
750 // this matches all port names and numbers.
751 // If present, only traffic on the specified protocol AND port
752 // will be matched.
753 // +optional
754 optional k8s.io.apimachinery.pkg.util.intstr.IntOrString port = 2;
755}
756
757// DEPRECATED 1.9 - This group version of NetworkPolicySpec is deprecated by networking/v1/NetworkPolicySpec.
758message NetworkPolicySpec {
759 // Selects the pods to which this NetworkPolicy object applies. The array of ingress rules
760 // is applied to any pods selected by this field. Multiple network policies can select the
761 // same set of pods. In this case, the ingress rules for each are combined additively.
762 // This field is NOT optional and follows standard label selector semantics.
763 // An empty podSelector matches all pods in this namespace.
764 optional k8s.io.apimachinery.pkg.apis.meta.v1.LabelSelector podSelector = 1;
765
766 // List of ingress rules to be applied to the selected pods.
767 // Traffic is allowed to a pod if there are no NetworkPolicies selecting the pod
768 // OR if the traffic source is the pod's local node,
769 // OR if the traffic matches at least one ingress rule across all of the NetworkPolicy
770 // objects whose podSelector matches the pod.
771 // If this field is empty then this NetworkPolicy does not allow any traffic
772 // (and serves solely to ensure that the pods it selects are isolated by default).
773 // +optional
774 repeated NetworkPolicyIngressRule ingress = 2;
775
776 // List of egress rules to be applied to the selected pods. Outgoing traffic is
777 // allowed if there are no NetworkPolicies selecting the pod (and cluster policy
778 // otherwise allows the traffic), OR if the traffic matches at least one egress rule
779 // across all of the NetworkPolicy objects whose podSelector matches the pod. If
780 // this field is empty then this NetworkPolicy limits all outgoing traffic (and serves
781 // solely to ensure that the pods it selects are isolated by default).
782 // This field is beta-level in 1.8
783 // +optional
784 repeated NetworkPolicyEgressRule egress = 3;
785
786 // List of rule types that the NetworkPolicy relates to.
787 // Valid options are "Ingress", "Egress", or "Ingress,Egress".
788 // If this field is not specified, it will default based on the existence of Ingress or Egress rules;
789 // policies that contain an Egress section are assumed to affect Egress, and all policies
790 // (whether or not they contain an Ingress section) are assumed to affect Ingress.
791 // If you want to write an egress-only policy, you must explicitly specify policyTypes [ "Egress" ].
792 // Likewise, if you want to write a policy that specifies that no egress is allowed,
793 // you must specify a policyTypes value that include "Egress" (since such a policy would not include
794 // an Egress section and would otherwise default to just [ "Ingress" ]).
795 // This field is beta-level in 1.8
796 // +optional
797 repeated string policyTypes = 4;
798}
799
800// PodSecurityPolicy governs the ability to make requests that affect the Security Context
801// that will be applied to a pod and container.
802// Deprecated: use PodSecurityPolicy from policy API Group instead.
803message PodSecurityPolicy {
804 // Standard object's metadata.
805 // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
806 // +optional
807 optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1;
808
809 // spec defines the policy enforced.
810 // +optional
811 optional PodSecurityPolicySpec spec = 2;
812}
813
814// PodSecurityPolicyList is a list of PodSecurityPolicy objects.
815// Deprecated: use PodSecurityPolicyList from policy API Group instead.
816message PodSecurityPolicyList {
817 // Standard list metadata.
818 // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
819 // +optional
820 optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1;
821
822 // items is a list of schema objects.
823 repeated PodSecurityPolicy items = 2;
824}
825
826// PodSecurityPolicySpec defines the policy enforced.
827// Deprecated: use PodSecurityPolicySpec from policy API Group instead.
828message PodSecurityPolicySpec {
829 // privileged determines if a pod can request to be run as privileged.
830 // +optional
831 optional bool privileged = 1;
832
833 // defaultAddCapabilities is the default set of capabilities that will be added to the container
834 // unless the pod spec specifically drops the capability. You may not list a capability in both
835 // defaultAddCapabilities and requiredDropCapabilities. Capabilities added here are implicitly
836 // allowed, and need not be included in the allowedCapabilities list.
837 // +optional
838 repeated string defaultAddCapabilities = 2;
839
840 // requiredDropCapabilities are the capabilities that will be dropped from the container. These
841 // are required to be dropped and cannot be added.
842 // +optional
843 repeated string requiredDropCapabilities = 3;
844
845 // allowedCapabilities is a list of capabilities that can be requested to add to the container.
846 // Capabilities in this field may be added at the pod author's discretion.
847 // You must not list a capability in both allowedCapabilities and requiredDropCapabilities.
848 // +optional
849 repeated string allowedCapabilities = 4;
850
851 // volumes is an allowlist of volume plugins. Empty indicates that
852 // no volumes may be used. To allow all volumes you may use '*'.
853 // +optional
854 repeated string volumes = 5;
855
856 // hostNetwork determines if the policy allows the use of HostNetwork in the pod spec.
857 // +optional
858 optional bool hostNetwork = 6;
859
860 // hostPorts determines which host port ranges are allowed to be exposed.
861 // +optional
862 repeated HostPortRange hostPorts = 7;
863
864 // hostPID determines if the policy allows the use of HostPID in the pod spec.
865 // +optional
866 optional bool hostPID = 8;
867
868 // hostIPC determines if the policy allows the use of HostIPC in the pod spec.
869 // +optional
870 optional bool hostIPC = 9;
871
872 // seLinux is the strategy that will dictate the allowable labels that may be set.
873 optional SELinuxStrategyOptions seLinux = 10;
874
875 // runAsUser is the strategy that will dictate the allowable RunAsUser values that may be set.
876 optional RunAsUserStrategyOptions runAsUser = 11;
877
878 // RunAsGroup is the strategy that will dictate the allowable RunAsGroup values that may be set.
879 // If this field is omitted, the pod's RunAsGroup can take any value. This field requires the
880 // RunAsGroup feature gate to be enabled.
881 // +optional
882 optional RunAsGroupStrategyOptions runAsGroup = 22;
883
884 // supplementalGroups is the strategy that will dictate what supplemental groups are used by the SecurityContext.
885 optional SupplementalGroupsStrategyOptions supplementalGroups = 12;
886
887 // fsGroup is the strategy that will dictate what fs group is used by the SecurityContext.
888 optional FSGroupStrategyOptions fsGroup = 13;
889
890 // readOnlyRootFilesystem when set to true will force containers to run with a read only root file
891 // system. If the container specifically requests to run with a non-read only root file system
892 // the PSP should deny the pod.
893 // If set to false the container may run with a read only root file system if it wishes but it
894 // will not be forced to.
895 // +optional
896 optional bool readOnlyRootFilesystem = 14;
897
898 // defaultAllowPrivilegeEscalation controls the default setting for whether a
899 // process can gain more privileges than its parent process.
900 // +optional
901 optional bool defaultAllowPrivilegeEscalation = 15;
902
903 // allowPrivilegeEscalation determines if a pod can request to allow
904 // privilege escalation. If unspecified, defaults to true.
905 // +optional
906 optional bool allowPrivilegeEscalation = 16;
907
908 // allowedHostPaths is an allowlist of host paths. Empty indicates
909 // that all host paths may be used.
910 // +optional
911 repeated AllowedHostPath allowedHostPaths = 17;
912
913 // allowedFlexVolumes is an allowlist of Flexvolumes. Empty or nil indicates that all
914 // Flexvolumes may be used. This parameter is effective only when the usage of the Flexvolumes
915 // is allowed in the "volumes" field.
916 // +optional
917 repeated AllowedFlexVolume allowedFlexVolumes = 18;
918
919 // AllowedCSIDrivers is an allowlist of inline CSI drivers that must be explicitly set to be embedded within a pod spec.
920 // An empty value indicates that any CSI driver can be used for inline ephemeral volumes.
921 // +optional
922 repeated AllowedCSIDriver allowedCSIDrivers = 23;
923
924 // allowedUnsafeSysctls is a list of explicitly allowed unsafe sysctls, defaults to none.
925 // Each entry is either a plain sysctl name or ends in "*" in which case it is considered
926 // as a prefix of allowed sysctls. Single * means all unsafe sysctls are allowed.
927 // Kubelet has to allowlist all unsafe sysctls explicitly to avoid rejection.
928 //
929 // Examples:
930 // e.g. "foo/*" allows "foo/bar", "foo/baz", etc.
931 // e.g. "foo.*" allows "foo.bar", "foo.baz", etc.
932 // +optional
933 repeated string allowedUnsafeSysctls = 19;
934
935 // forbiddenSysctls is a list of explicitly forbidden sysctls, defaults to none.
936 // Each entry is either a plain sysctl name or ends in "*" in which case it is considered
937 // as a prefix of forbidden sysctls. Single * means all sysctls are forbidden.
938 //
939 // Examples:
940 // e.g. "foo/*" forbids "foo/bar", "foo/baz", etc.
941 // e.g. "foo.*" forbids "foo.bar", "foo.baz", etc.
942 // +optional
943 repeated string forbiddenSysctls = 20;
944
945 // AllowedProcMountTypes is an allowlist of allowed ProcMountTypes.
946 // Empty or nil indicates that only the DefaultProcMountType may be used.
947 // This requires the ProcMountType feature flag to be enabled.
948 // +optional
949 repeated string allowedProcMountTypes = 21;
950
951 // runtimeClass is the strategy that will dictate the allowable RuntimeClasses for a pod.
952 // If this field is omitted, the pod's runtimeClassName field is unrestricted.
953 // Enforcement of this field depends on the RuntimeClass feature gate being enabled.
954 // +optional
955 optional RuntimeClassStrategyOptions runtimeClass = 24;
956}
957
958// DEPRECATED - This group version of ReplicaSet is deprecated by apps/v1beta2/ReplicaSet. See the release notes for
959// more information.
960// ReplicaSet ensures that a specified number of pod replicas are running at any given time.
961message ReplicaSet {
962 // If the Labels of a ReplicaSet are empty, they are defaulted to
963 // be the same as the Pod(s) that the ReplicaSet manages.
964 // Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
965 // +optional
966 optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1;
967
968 // Spec defines the specification of the desired behavior of the ReplicaSet.
969 // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
970 // +optional
971 optional ReplicaSetSpec spec = 2;
972
973 // Status is the most recently observed status of the ReplicaSet.
974 // This data may be out of date by some window of time.
975 // Populated by the system.
976 // Read-only.
977 // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
978 // +optional
979 optional ReplicaSetStatus status = 3;
980}
981
982// ReplicaSetCondition describes the state of a replica set at a certain point.
983message ReplicaSetCondition {
984 // Type of replica set condition.
985 optional string type = 1;
986
987 // Status of the condition, one of True, False, Unknown.
988 optional string status = 2;
989
990 // The last time the condition transitioned from one status to another.
991 // +optional
992 optional k8s.io.apimachinery.pkg.apis.meta.v1.Time lastTransitionTime = 3;
993
994 // The reason for the condition's last transition.
995 // +optional
996 optional string reason = 4;
997
998 // A human readable message indicating details about the transition.
999 // +optional
1000 optional string message = 5;
1001}
1002
1003// ReplicaSetList is a collection of ReplicaSets.
1004message ReplicaSetList {
1005 // Standard list metadata.
1006 // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
1007 // +optional
1008 optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1;
1009
1010 // List of ReplicaSets.
1011 // More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller
1012 repeated ReplicaSet items = 2;
1013}
1014
1015// ReplicaSetSpec is the specification of a ReplicaSet.
1016message ReplicaSetSpec {
1017 // Replicas is the number of desired replicas.
1018 // This is a pointer to distinguish between explicit zero and unspecified.
1019 // Defaults to 1.
1020 // More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller/#what-is-a-replicationcontroller
1021 // +optional
1022 optional int32 replicas = 1;
1023
1024 // Minimum number of seconds for which a newly created pod should be ready
1025 // without any of its container crashing, for it to be considered available.
1026 // Defaults to 0 (pod will be considered available as soon as it is ready)
1027 // +optional
1028 optional int32 minReadySeconds = 4;
1029
1030 // Selector is a label query over pods that should match the replica count.
1031 // If the selector is empty, it is defaulted to the labels present on the pod template.
1032 // Label keys and values that must match in order to be controlled by this replica set.
1033 // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors
1034 // +optional
1035 optional k8s.io.apimachinery.pkg.apis.meta.v1.LabelSelector selector = 2;
1036
1037 // Template is the object that describes the pod that will be created if
1038 // insufficient replicas are detected.
1039 // More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller#pod-template
1040 // +optional
1041 optional k8s.io.api.core.v1.PodTemplateSpec template = 3;
1042}
1043
1044// ReplicaSetStatus represents the current status of a ReplicaSet.
1045message ReplicaSetStatus {
1046 // Replicas is the most recently oberved number of replicas.
1047 // More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller/#what-is-a-replicationcontroller
1048 optional int32 replicas = 1;
1049
1050 // The number of pods that have labels matching the labels of the pod template of the replicaset.
1051 // +optional
1052 optional int32 fullyLabeledReplicas = 2;
1053
1054 // The number of ready replicas for this replica set.
1055 // +optional
1056 optional int32 readyReplicas = 4;
1057
1058 // The number of available replicas (ready for at least minReadySeconds) for this replica set.
1059 // +optional
1060 optional int32 availableReplicas = 5;
1061
1062 // ObservedGeneration reflects the generation of the most recently observed ReplicaSet.
1063 // +optional
1064 optional int64 observedGeneration = 3;
1065
1066 // Represents the latest available observations of a replica set's current state.
1067 // +optional
1068 // +patchMergeKey=type
1069 // +patchStrategy=merge
1070 repeated ReplicaSetCondition conditions = 6;
1071}
1072
1073// DEPRECATED.
1074message RollbackConfig {
1075 // The revision to rollback to. If set to 0, rollback to the last revision.
1076 // +optional
1077 optional int64 revision = 1;
1078}
1079
1080// Spec to control the desired behavior of daemon set rolling update.
1081message RollingUpdateDaemonSet {
1082 // The maximum number of DaemonSet pods that can be unavailable during the
1083 // update. Value can be an absolute number (ex: 5) or a percentage of total
1084 // number of DaemonSet pods at the start of the update (ex: 10%). Absolute
1085 // number is calculated from percentage by rounding up.
1086 // This cannot be 0.
1087 // Default value is 1.
1088 // Example: when this is set to 30%, at most 30% of the total number of nodes
1089 // that should be running the daemon pod (i.e. status.desiredNumberScheduled)
1090 // can have their pods stopped for an update at any given
1091 // time. The update starts by stopping at most 30% of those DaemonSet pods
1092 // and then brings up new DaemonSet pods in their place. Once the new pods
1093 // are available, it then proceeds onto other DaemonSet pods, thus ensuring
1094 // that at least 70% of original number of DaemonSet pods are available at
1095 // all times during the update.
1096 // +optional
1097 optional k8s.io.apimachinery.pkg.util.intstr.IntOrString maxUnavailable = 1;
1098}
1099
1100// Spec to control the desired behavior of rolling update.
1101message RollingUpdateDeployment {
1102 // The maximum number of pods that can be unavailable during the update.
1103 // Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%).
1104 // Absolute number is calculated from percentage by rounding down.
1105 // This can not be 0 if MaxSurge is 0.
1106 // By default, a fixed value of 1 is used.
1107 // Example: when this is set to 30%, the old RC can be scaled down to 70% of desired pods
1108 // immediately when the rolling update starts. Once new pods are ready, old RC
1109 // can be scaled down further, followed by scaling up the new RC, ensuring
1110 // that the total number of pods available at all times during the update is at
1111 // least 70% of desired pods.
1112 // +optional
1113 optional k8s.io.apimachinery.pkg.util.intstr.IntOrString maxUnavailable = 1;
1114
1115 // The maximum number of pods that can be scheduled above the desired number of
1116 // pods.
1117 // Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%).
1118 // This can not be 0 if MaxUnavailable is 0.
1119 // Absolute number is calculated from percentage by rounding up.
1120 // By default, a value of 1 is used.
1121 // Example: when this is set to 30%, the new RC can be scaled up immediately when
1122 // the rolling update starts, such that the total number of old and new pods do not exceed
1123 // 130% of desired pods. Once old pods have been killed,
1124 // new RC can be scaled up further, ensuring that total number of pods running
1125 // at any time during the update is at most 130% of desired pods.
1126 // +optional
1127 optional k8s.io.apimachinery.pkg.util.intstr.IntOrString maxSurge = 2;
1128}
1129
1130// RunAsGroupStrategyOptions defines the strategy type and any options used to create the strategy.
1131// Deprecated: use RunAsGroupStrategyOptions from policy API Group instead.
1132message RunAsGroupStrategyOptions {
1133 // rule is the strategy that will dictate the allowable RunAsGroup values that may be set.
1134 optional string rule = 1;
1135
1136 // ranges are the allowed ranges of gids that may be used. If you would like to force a single gid
1137 // then supply a single range with the same start and end. Required for MustRunAs.
1138 // +optional
1139 repeated IDRange ranges = 2;
1140}
1141
1142// RunAsUserStrategyOptions defines the strategy type and any options used to create the strategy.
1143// Deprecated: use RunAsUserStrategyOptions from policy API Group instead.
1144message RunAsUserStrategyOptions {
1145 // rule is the strategy that will dictate the allowable RunAsUser values that may be set.
1146 optional string rule = 1;
1147
1148 // ranges are the allowed ranges of uids that may be used. If you would like to force a single uid
1149 // then supply a single range with the same start and end. Required for MustRunAs.
1150 // +optional
1151 repeated IDRange ranges = 2;
1152}
1153
1154// RuntimeClassStrategyOptions define the strategy that will dictate the allowable RuntimeClasses
1155// for a pod.
1156message RuntimeClassStrategyOptions {
1157 // allowedRuntimeClassNames is an allowlist of RuntimeClass names that may be specified on a pod.
1158 // A value of "*" means that any RuntimeClass name is allowed, and must be the only item in the
1159 // list. An empty list requires the RuntimeClassName field to be unset.
1160 repeated string allowedRuntimeClassNames = 1;
1161
1162 // defaultRuntimeClassName is the default RuntimeClassName to set on the pod.
1163 // The default MUST be allowed by the allowedRuntimeClassNames list.
1164 // A value of nil does not mutate the Pod.
1165 // +optional
1166 optional string defaultRuntimeClassName = 2;
1167}
1168
1169// SELinuxStrategyOptions defines the strategy type and any options used to create the strategy.
1170// Deprecated: use SELinuxStrategyOptions from policy API Group instead.
1171message SELinuxStrategyOptions {
1172 // rule is the strategy that will dictate the allowable labels that may be set.
1173 optional string rule = 1;
1174
1175 // seLinuxOptions required to run as; required for MustRunAs
1176 // More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
1177 // +optional
1178 optional k8s.io.api.core.v1.SELinuxOptions seLinuxOptions = 2;
1179}
1180
1181// represents a scaling request for a resource.
1182message Scale {
1183 // Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.
1184 // +optional
1185 optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1;
1186
1187 // defines the behavior of the scale. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status.
1188 // +optional
1189 optional ScaleSpec spec = 2;
1190
1191 // current status of the scale. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status. Read-only.
1192 // +optional
1193 optional ScaleStatus status = 3;
1194}
1195
1196// describes the attributes of a scale subresource
1197message ScaleSpec {
1198 // desired number of instances for the scaled object.
1199 // +optional
1200 optional int32 replicas = 1;
1201}
1202
1203// represents the current status of a scale subresource.
1204message ScaleStatus {
1205 // actual number of observed instances of the scaled object.
1206 optional int32 replicas = 1;
1207
1208 // label query over pods that should match the replicas count. More info: http://kubernetes.io/docs/user-guide/labels#label-selectors
1209 // +optional
1210 map<string, string> selector = 2;
1211
1212 // label selector for pods that should match the replicas count. This is a serializated
1213 // version of both map-based and more expressive set-based selectors. This is done to
1214 // avoid introspection in the clients. The string will be in the same format as the
1215 // query-param syntax. If the target type only supports map-based selectors, both this
1216 // field and map-based selector field are populated.
1217 // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors
1218 // +optional
1219 optional string targetSelector = 3;
1220}
1221
1222// SupplementalGroupsStrategyOptions defines the strategy type and options used to create the strategy.
1223// Deprecated: use SupplementalGroupsStrategyOptions from policy API Group instead.
1224message SupplementalGroupsStrategyOptions {
1225 // rule is the strategy that will dictate what supplemental groups is used in the SecurityContext.
1226 // +optional
1227 optional string rule = 1;
1228
1229 // ranges are the allowed ranges of supplemental groups. If you would like to force a single
1230 // supplemental group then supply a single range with the same start and end. Required for MustRunAs.
1231 // +optional
1232 repeated IDRange ranges = 2;
1233}
1234