Blame - vendor/k8s.io/api/admissionregistration/v1beta1/generated.proto - voltha-api-server

blob: 1c40ae530dea2d0774e0671da4eb491a13b70423 [file] [log] [blame]

Scott Baker	e7144bc	2019-10-01 14:16:47 -0700	[diff] [blame^]	1	/*
				2	Copyright The Kubernetes Authors.
				3
				4	Licensed under the Apache License, Version 2.0 (the "License");
				5	you may not use this file except in compliance with the License.
				6	You may obtain a copy of the License at
				7
				8	http://www.apache.org/licenses/LICENSE-2.0
				9
				10	Unless required by applicable law or agreed to in writing, software
				11	distributed under the License is distributed on an "AS IS" BASIS,
				12	WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
				13	See the License for the specific language governing permissions and
				14	limitations under the License.
				15	*/
				16
				17
				18	// This file was autogenerated by go-to-protobuf. Do not edit it manually!
				19
				20	syntax = 'proto2';
				21
				22	package k8s.io.api.admissionregistration.v1beta1;
				23
				24	import "k8s.io/apimachinery/pkg/apis/meta/v1/generated.proto";
				25	import "k8s.io/apimachinery/pkg/runtime/generated.proto";
				26	import "k8s.io/apimachinery/pkg/runtime/schema/generated.proto";
				27
				28	// Package-wide variables from generator "generated".
				29	option go_package = "v1beta1";
				30
				31	// MutatingWebhookConfiguration describes the configuration of and admission webhook that accept or reject and may change the object.
				32	message MutatingWebhookConfiguration {
				33	// Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata.
				34	// +optional
				35	optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1;
				36
				37	// Webhooks is a list of webhooks and the affected resources and operations.
				38	// +optional
				39	// +patchMergeKey=name
				40	// +patchStrategy=merge
				41	repeated Webhook Webhooks = 2;
				42	}
				43
				44	// MutatingWebhookConfigurationList is a list of MutatingWebhookConfiguration.
				45	message MutatingWebhookConfigurationList {
				46	// Standard list metadata.
				47	// More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds
				48	// +optional
				49	optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1;
				50
				51	// List of MutatingWebhookConfiguration.
				52	repeated MutatingWebhookConfiguration items = 2;
				53	}
				54
				55	// Rule is a tuple of APIGroups, APIVersion, and Resources.It is recommended
				56	// to make sure that all the tuple expansions are valid.
				57	message Rule {
				58	// APIGroups is the API groups the resources belong to. '*' is all groups.
				59	// If '*' is present, the length of the slice must be one.
				60	// Required.
				61	repeated string apiGroups = 1;
				62
				63	// APIVersions is the API versions the resources belong to. '*' is all versions.
				64	// If '*' is present, the length of the slice must be one.
				65	// Required.
				66	repeated string apiVersions = 2;
				67
				68	// Resources is a list of resources this rule applies to.
				69	//
				70	// For example:
				71	// 'pods' means pods.
				72	// 'pods/log' means the log subresource of pods.
				73	// '*' means all resources, but not subresources.
				74	// 'pods/*' means all subresources of pods.
				75	// '*/scale' means all scale subresources.
				76	// '/' means all resources and their subresources.
				77	//
				78	// If wildcard is present, the validation rule will ensure resources do not
				79	// overlap with each other.
				80	//
				81	// Depending on the enclosing object, subresources might not be allowed.
				82	// Required.
				83	repeated string resources = 3;
				84	}
				85
				86	// RuleWithOperations is a tuple of Operations and Resources. It is recommended to make
				87	// sure that all the tuple expansions are valid.
				88	message RuleWithOperations {
				89	// Operations is the operations the admission hook cares about - CREATE, UPDATE, or *
				90	// for all operations.
				91	// If '*' is present, the length of the slice must be one.
				92	// Required.
				93	repeated string operations = 1;
				94
				95	// Rule is embedded, it describes other criteria of the rule, like
				96	// APIGroups, APIVersions, Resources, etc.
				97	optional Rule rule = 2;
				98	}
				99
				100	// ServiceReference holds a reference to Service.legacy.k8s.io
				101	message ServiceReference {
				102	// `namespace` is the namespace of the service.
				103	// Required
				104	optional string namespace = 1;
				105
				106	// `name` is the name of the service.
				107	// Required
				108	optional string name = 2;
				109
				110	// `path` is an optional URL path which will be sent in any request to
				111	// this service.
				112	// +optional
				113	optional string path = 3;
				114	}
				115
				116	// ValidatingWebhookConfiguration describes the configuration of and admission webhook that accept or reject and object without changing it.
				117	message ValidatingWebhookConfiguration {
				118	// Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata.
				119	// +optional
				120	optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1;
				121
				122	// Webhooks is a list of webhooks and the affected resources and operations.
				123	// +optional
				124	// +patchMergeKey=name
				125	// +patchStrategy=merge
				126	repeated Webhook Webhooks = 2;
				127	}
				128
				129	// ValidatingWebhookConfigurationList is a list of ValidatingWebhookConfiguration.
				130	message ValidatingWebhookConfigurationList {
				131	// Standard list metadata.
				132	// More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds
				133	// +optional
				134	optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1;
				135
				136	// List of ValidatingWebhookConfiguration.
				137	repeated ValidatingWebhookConfiguration items = 2;
				138	}
				139
				140	// Webhook describes an admission webhook and the resources and operations it applies to.
				141	message Webhook {
				142	// The name of the admission webhook.
				143	// Name should be fully qualified, e.g., imagepolicy.kubernetes.io, where
				144	// "imagepolicy" is the name of the webhook, and kubernetes.io is the name
				145	// of the organization.
				146	// Required.
				147	optional string name = 1;
				148
				149	// ClientConfig defines how to communicate with the hook.
				150	// Required
				151	optional WebhookClientConfig clientConfig = 2;
				152
				153	// Rules describes what operations on what resources/subresources the webhook cares about.
				154	// The webhook cares about an operation if it matches _any_ Rule.
				155	// However, in order to prevent ValidatingAdmissionWebhooks and MutatingAdmissionWebhooks
				156	// from putting the cluster in a state which cannot be recovered from without completely
				157	// disabling the plugin, ValidatingAdmissionWebhooks and MutatingAdmissionWebhooks are never called
				158	// on admission requests for ValidatingWebhookConfiguration and MutatingWebhookConfiguration objects.
				159	repeated RuleWithOperations rules = 3;
				160
				161	// FailurePolicy defines how unrecognized errors from the admission endpoint are handled -
				162	// allowed values are Ignore or Fail. Defaults to Ignore.
				163	// +optional
				164	optional string failurePolicy = 4;
				165
				166	// NamespaceSelector decides whether to run the webhook on an object based
				167	// on whether the namespace for that object matches the selector. If the
				168	// object itself is a namespace, the matching is performed on
				169	// object.metadata.labels. If the object is another cluster scoped resource,
				170	// it never skips the webhook.
				171	//
				172	// For example, to run the webhook on any objects whose namespace is not
				173	// associated with "runlevel" of "0" or "1"; you will set the selector as
				174	// follows:
				175	// "namespaceSelector": {
				176	// "matchExpressions": [
				177	// {
				178	// "key": "runlevel",
				179	// "operator": "NotIn",
				180	// "values": [
				181	// "0",
				182	// "1"
				183	// ]
				184	// }
				185	// ]
				186	// }
				187	//
				188	// If instead you want to only run the webhook on any objects whose
				189	// namespace is associated with the "environment" of "prod" or "staging";
				190	// you will set the selector as follows:
				191	// "namespaceSelector": {
				192	// "matchExpressions": [
				193	// {
				194	// "key": "environment",
				195	// "operator": "In",
				196	// "values": [
				197	// "prod",
				198	// "staging"
				199	// ]
				200	// }
				201	// ]
				202	// }
				203	//
				204	// See
				205	// https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
				206	// for more examples of label selectors.
				207	//
				208	// Default to the empty LabelSelector, which matches everything.
				209	// +optional
				210	optional k8s.io.apimachinery.pkg.apis.meta.v1.LabelSelector namespaceSelector = 5;
				211
				212	// SideEffects states whether this webhookk has side effects.
				213	// Acceptable values are: Unknown, None, Some, NoneOnDryRun
				214	// Webhooks with side effects MUST implement a reconciliation system, since a request may be
				215	// rejected by a future step in the admission change and the side effects therefore need to be undone.
				216	// Requests with the dryRun attribute will be auto-rejected if they match a webhook with
				217	// sideEffects == Unknown or Some. Defaults to Unknown.
				218	// +optional
				219	optional string sideEffects = 6;
				220	}
				221
				222	// WebhookClientConfig contains the information to make a TLS
				223	// connection with the webhook
				224	message WebhookClientConfig {
				225	// `url` gives the location of the webhook, in standard URL form
				226	// (`scheme://host:port/path`). Exactly one of `url` or `service`
				227	// must be specified.
				228	//
				229	// The `host` should not refer to a service running in the cluster; use
				230	// the `service` field instead. The host might be resolved via external
				231	// DNS in some apiservers (e.g., `kube-apiserver` cannot resolve
				232	// in-cluster DNS as that would be a layering violation). `host` may
				233	// also be an IP address.
				234	//
				235	// Please note that using `localhost` or `127.0.0.1` as a `host` is
				236	// risky unless you take great care to run this webhook on all hosts
				237	// which run an apiserver which might need to make calls to this
				238	// webhook. Such installs are likely to be non-portable, i.e., not easy
				239	// to turn up in a new cluster.
				240	//
				241	// The scheme must be "https"; the URL must begin with "https://".
				242	//
				243	// A path is optional, and if present may be any string permissible in
				244	// a URL. You may use the path to pass an arbitrary string to the
				245	// webhook, for example, a cluster identifier.
				246	//
				247	// Attempting to use a user or basic auth e.g. "user:password@" is not
				248	// allowed. Fragments ("#...") and query parameters ("?...") are not
				249	// allowed, either.
				250	//
				251	// +optional
				252	optional string url = 3;
				253
				254	// `service` is a reference to the service for this webhook. Either
				255	// `service` or `url` must be specified.
				256	//
				257	// If the webhook is running within the cluster, then you should use `service`.
				258	//
				259	// Port 443 will be used if it is open, otherwise it is an error.
				260	//
				261	// +optional
				262	optional ServiceReference service = 1;
				263
				264	// `caBundle` is a PEM encoded CA bundle which will be used to validate the webhook's server certificate.
				265	// If unspecified, system trust roots on the apiserver are used.
				266	// +optional
				267	optional bytes caBundle = 2;
				268	}
				269