Zack Williams | e940c7a | 2019-08-21 14:25:39 -0700 | [diff] [blame] | 1 | /* |
| 2 | Copyright 2017 The Kubernetes Authors. |
| 3 | |
| 4 | Licensed under the Apache License, Version 2.0 (the "License"); |
| 5 | you may not use this file except in compliance with the License. |
| 6 | You may obtain a copy of the License at |
| 7 | |
| 8 | http://www.apache.org/licenses/LICENSE-2.0 |
| 9 | |
| 10 | Unless required by applicable law or agreed to in writing, software |
| 11 | distributed under the License is distributed on an "AS IS" BASIS, |
| 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 13 | See the License for the specific language governing permissions and |
| 14 | limitations under the License. |
| 15 | */ |
| 16 | |
| 17 | // This file should be consistent with pkg/api/annotation_key_constants.go. |
| 18 | |
| 19 | package v1 |
| 20 | |
| 21 | const ( |
| 22 | // ImagePolicyFailedOpenKey is added to pods created by failing open when the image policy |
| 23 | // webhook backend fails. |
| 24 | ImagePolicyFailedOpenKey string = "alpha.image-policy.k8s.io/failed-open" |
| 25 | |
| 26 | // PodPresetOptOutAnnotationKey represents the annotation key for a pod to exempt itself from pod preset manipulation |
| 27 | PodPresetOptOutAnnotationKey string = "podpreset.admission.kubernetes.io/exclude" |
| 28 | |
| 29 | // MirrorAnnotationKey represents the annotation key set by kubelets when creating mirror pods |
| 30 | MirrorPodAnnotationKey string = "kubernetes.io/config.mirror" |
| 31 | |
| 32 | // TolerationsAnnotationKey represents the key of tolerations data (json serialized) |
| 33 | // in the Annotations of a Pod. |
| 34 | TolerationsAnnotationKey string = "scheduler.alpha.kubernetes.io/tolerations" |
| 35 | |
| 36 | // TaintsAnnotationKey represents the key of taints data (json serialized) |
| 37 | // in the Annotations of a Node. |
| 38 | TaintsAnnotationKey string = "scheduler.alpha.kubernetes.io/taints" |
| 39 | |
| 40 | // SeccompPodAnnotationKey represents the key of a seccomp profile applied |
| 41 | // to all containers of a pod. |
| 42 | SeccompPodAnnotationKey string = "seccomp.security.alpha.kubernetes.io/pod" |
| 43 | |
| 44 | // SeccompContainerAnnotationKeyPrefix represents the key of a seccomp profile applied |
| 45 | // to one container of a pod. |
| 46 | SeccompContainerAnnotationKeyPrefix string = "container.seccomp.security.alpha.kubernetes.io/" |
| 47 | |
| 48 | // SeccompProfileRuntimeDefault represents the default seccomp profile used by container runtime. |
| 49 | SeccompProfileRuntimeDefault string = "runtime/default" |
| 50 | |
| 51 | // DeprecatedSeccompProfileDockerDefault represents the default seccomp profile used by docker. |
| 52 | // This is now deprecated and should be replaced by SeccompProfileRuntimeDefault. |
| 53 | DeprecatedSeccompProfileDockerDefault string = "docker/default" |
| 54 | |
| 55 | // PreferAvoidPodsAnnotationKey represents the key of preferAvoidPods data (json serialized) |
| 56 | // in the Annotations of a Node. |
| 57 | PreferAvoidPodsAnnotationKey string = "scheduler.alpha.kubernetes.io/preferAvoidPods" |
| 58 | |
| 59 | // ObjectTTLAnnotations represents a suggestion for kubelet for how long it can cache |
| 60 | // an object (e.g. secret, config map) before fetching it again from apiserver. |
| 61 | // This annotation can be attached to node. |
| 62 | ObjectTTLAnnotationKey string = "node.alpha.kubernetes.io/ttl" |
| 63 | |
| 64 | // annotation key prefix used to identify non-convertible json paths. |
| 65 | NonConvertibleAnnotationPrefix = "non-convertible.kubernetes.io" |
| 66 | |
| 67 | kubectlPrefix = "kubectl.kubernetes.io/" |
| 68 | |
| 69 | // LastAppliedConfigAnnotation is the annotation used to store the previous |
| 70 | // configuration of a resource for use in a three way diff by UpdateApplyAnnotation. |
| 71 | LastAppliedConfigAnnotation = kubectlPrefix + "last-applied-configuration" |
| 72 | |
| 73 | // AnnotationLoadBalancerSourceRangesKey is the key of the annotation on a service to set allowed ingress ranges on their LoadBalancers |
| 74 | // |
| 75 | // It should be a comma-separated list of CIDRs, e.g. `0.0.0.0/0` to |
| 76 | // allow full access (the default) or `18.0.0.0/8,56.0.0.0/8` to allow |
| 77 | // access only from the CIDRs currently allocated to MIT & the USPS. |
| 78 | // |
| 79 | // Not all cloud providers support this annotation, though AWS & GCE do. |
| 80 | AnnotationLoadBalancerSourceRangesKey = "service.beta.kubernetes.io/load-balancer-source-ranges" |
| 81 | |
| 82 | // EndpointsLastChangeTriggerTime is the annotation key, set for endpoints objects, that |
| 83 | // represents the timestamp (stored as RFC 3339 date-time string, e.g. '2018-10-22T19:32:52.1Z') |
| 84 | // of the last change, of some Pod or Service object, that triggered the endpoints object change. |
| 85 | // In other words, if a Pod / Service changed at time T0, that change was observed by endpoints |
| 86 | // controller at T1, and the Endpoints object was changed at T2, the |
| 87 | // EndpointsLastChangeTriggerTime would be set to T0. |
| 88 | // |
| 89 | // The "endpoints change trigger" here means any Pod or Service change that resulted in the |
| 90 | // Endpoints object change. |
| 91 | // |
| 92 | // Given the definition of the "endpoints change trigger", please note that this annotation will |
| 93 | // be set ONLY for endpoints object changes triggered by either Pod or Service change. If the |
| 94 | // Endpoints object changes due to other reasons, this annotation won't be set (or updated if it's |
| 95 | // already set). |
| 96 | // |
| 97 | // This annotation will be used to compute the in-cluster network programming latency SLI, see |
| 98 | // https://github.com/kubernetes/community/blob/master/sig-scalability/slos/network_programming_latency.md |
| 99 | EndpointsLastChangeTriggerTime = "endpoints.kubernetes.io/last-change-trigger-time" |
| 100 | |
| 101 | // MigratedPluginsAnnotationKey is the annotation key, set for CSINode objects, that is a comma-separated |
| 102 | // list of in-tree plugins that will be serviced by the CSI backend on the Node represented by CSINode. |
| 103 | // This annotation is used by the Attach Detach Controller to determine whether to use the in-tree or |
| 104 | // CSI Backend for a volume plugin on a specific node. |
| 105 | MigratedPluginsAnnotationKey = "storage.alpha.kubernetes.io/migrated-plugins" |
| 106 | ) |