blob: efcda7ebdea5835a654352cebbc84dd944fdcdc3 [file] [log] [blame]
Scott Bakere7144bc2019-10-01 14:16:47 -07001/*
2Copyright The Kubernetes Authors.
3
4Licensed under the Apache License, Version 2.0 (the "License");
5you may not use this file except in compliance with the License.
6You may obtain a copy of the License at
7
8 http://www.apache.org/licenses/LICENSE-2.0
9
10Unless required by applicable law or agreed to in writing, software
11distributed under the License is distributed on an "AS IS" BASIS,
12WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13See the License for the specific language governing permissions and
14limitations under the License.
15*/
16
17
18// This file was autogenerated by go-to-protobuf. Do not edit it manually!
19
20syntax = 'proto2';
21
22package k8s.io.api.extensions.v1beta1;
23
24import "k8s.io/api/core/v1/generated.proto";
25import "k8s.io/apimachinery/pkg/apis/meta/v1/generated.proto";
26import "k8s.io/apimachinery/pkg/runtime/generated.proto";
27import "k8s.io/apimachinery/pkg/runtime/schema/generated.proto";
28import "k8s.io/apimachinery/pkg/util/intstr/generated.proto";
29
30// Package-wide variables from generator "generated".
31option go_package = "v1beta1";
32
33// AllowedFlexVolume represents a single Flexvolume that is allowed to be used.
34// Deprecated: use AllowedFlexVolume from policy API Group instead.
35message AllowedFlexVolume {
36 // driver is the name of the Flexvolume driver.
37 optional string driver = 1;
38}
39
40// AllowedHostPath defines the host volume conditions that will be enabled by a policy
41// for pods to use. It requires the path prefix to be defined.
42// Deprecated: use AllowedHostPath from policy API Group instead.
43message AllowedHostPath {
44 // pathPrefix is the path prefix that the host volume must match.
45 // It does not support `*`.
46 // Trailing slashes are trimmed when validating the path prefix with a host path.
47 //
48 // Examples:
49 // `/foo` would allow `/foo`, `/foo/` and `/foo/bar`
50 // `/foo` would not allow `/food` or `/etc/foo`
51 optional string pathPrefix = 1;
52
53 // when set to true, will allow host volumes matching the pathPrefix only if all volume mounts are readOnly.
54 // +optional
55 optional bool readOnly = 2;
56}
57
58// DEPRECATED - This group version of DaemonSet is deprecated by apps/v1beta2/DaemonSet. See the release notes for
59// more information.
60// DaemonSet represents the configuration of a daemon set.
61message DaemonSet {
62 // Standard object's metadata.
63 // More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata
64 // +optional
65 optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1;
66
67 // The desired behavior of this daemon set.
68 // More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#spec-and-status
69 // +optional
70 optional DaemonSetSpec spec = 2;
71
72 // The current status of this daemon set. This data may be
73 // out of date by some window of time.
74 // Populated by the system.
75 // Read-only.
76 // More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#spec-and-status
77 // +optional
78 optional DaemonSetStatus status = 3;
79}
80
81// DaemonSetCondition describes the state of a DaemonSet at a certain point.
82message DaemonSetCondition {
83 // Type of DaemonSet condition.
84 optional string type = 1;
85
86 // Status of the condition, one of True, False, Unknown.
87 optional string status = 2;
88
89 // Last time the condition transitioned from one status to another.
90 // +optional
91 optional k8s.io.apimachinery.pkg.apis.meta.v1.Time lastTransitionTime = 3;
92
93 // The reason for the condition's last transition.
94 // +optional
95 optional string reason = 4;
96
97 // A human readable message indicating details about the transition.
98 // +optional
99 optional string message = 5;
100}
101
102// DaemonSetList is a collection of daemon sets.
103message DaemonSetList {
104 // Standard list metadata.
105 // More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata
106 // +optional
107 optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1;
108
109 // A list of daemon sets.
110 repeated DaemonSet items = 2;
111}
112
113// DaemonSetSpec is the specification of a daemon set.
114message DaemonSetSpec {
115 // A label query over pods that are managed by the daemon set.
116 // Must match in order to be controlled.
117 // If empty, defaulted to labels on Pod template.
118 // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors
119 // +optional
120 optional k8s.io.apimachinery.pkg.apis.meta.v1.LabelSelector selector = 1;
121
122 // An object that describes the pod that will be created.
123 // The DaemonSet will create exactly one copy of this pod on every node
124 // that matches the template's node selector (or on every node if no node
125 // selector is specified).
126 // More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller#pod-template
127 optional k8s.io.api.core.v1.PodTemplateSpec template = 2;
128
129 // An update strategy to replace existing DaemonSet pods with new pods.
130 // +optional
131 optional DaemonSetUpdateStrategy updateStrategy = 3;
132
133 // The minimum number of seconds for which a newly created DaemonSet pod should
134 // be ready without any of its container crashing, for it to be considered
135 // available. Defaults to 0 (pod will be considered available as soon as it
136 // is ready).
137 // +optional
138 optional int32 minReadySeconds = 4;
139
140 // DEPRECATED.
141 // A sequence number representing a specific generation of the template.
142 // Populated by the system. It can be set only during the creation.
143 // +optional
144 optional int64 templateGeneration = 5;
145
146 // The number of old history to retain to allow rollback.
147 // This is a pointer to distinguish between explicit zero and not specified.
148 // Defaults to 10.
149 // +optional
150 optional int32 revisionHistoryLimit = 6;
151}
152
153// DaemonSetStatus represents the current status of a daemon set.
154message DaemonSetStatus {
155 // The number of nodes that are running at least 1
156 // daemon pod and are supposed to run the daemon pod.
157 // More info: https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/
158 optional int32 currentNumberScheduled = 1;
159
160 // The number of nodes that are running the daemon pod, but are
161 // not supposed to run the daemon pod.
162 // More info: https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/
163 optional int32 numberMisscheduled = 2;
164
165 // The total number of nodes that should be running the daemon
166 // pod (including nodes correctly running the daemon pod).
167 // More info: https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/
168 optional int32 desiredNumberScheduled = 3;
169
170 // The number of nodes that should be running the daemon pod and have one
171 // or more of the daemon pod running and ready.
172 optional int32 numberReady = 4;
173
174 // The most recent generation observed by the daemon set controller.
175 // +optional
176 optional int64 observedGeneration = 5;
177
178 // The total number of nodes that are running updated daemon pod
179 // +optional
180 optional int32 updatedNumberScheduled = 6;
181
182 // The number of nodes that should be running the
183 // daemon pod and have one or more of the daemon pod running and
184 // available (ready for at least spec.minReadySeconds)
185 // +optional
186 optional int32 numberAvailable = 7;
187
188 // The number of nodes that should be running the
189 // daemon pod and have none of the daemon pod running and available
190 // (ready for at least spec.minReadySeconds)
191 // +optional
192 optional int32 numberUnavailable = 8;
193
194 // Count of hash collisions for the DaemonSet. The DaemonSet controller
195 // uses this field as a collision avoidance mechanism when it needs to
196 // create the name for the newest ControllerRevision.
197 // +optional
198 optional int32 collisionCount = 9;
199
200 // Represents the latest available observations of a DaemonSet's current state.
201 // +optional
202 // +patchMergeKey=type
203 // +patchStrategy=merge
204 repeated DaemonSetCondition conditions = 10;
205}
206
207message DaemonSetUpdateStrategy {
208 // Type of daemon set update. Can be "RollingUpdate" or "OnDelete".
209 // Default is OnDelete.
210 // +optional
211 optional string type = 1;
212
213 // Rolling update config params. Present only if type = "RollingUpdate".
214 // ---
215 // TODO: Update this to follow our convention for oneOf, whatever we decide it
216 // to be. Same as Deployment `strategy.rollingUpdate`.
217 // See https://github.com/kubernetes/kubernetes/issues/35345
218 // +optional
219 optional RollingUpdateDaemonSet rollingUpdate = 2;
220}
221
222// DEPRECATED - This group version of Deployment is deprecated by apps/v1beta2/Deployment. See the release notes for
223// more information.
224// Deployment enables declarative updates for Pods and ReplicaSets.
225message Deployment {
226 // Standard object metadata.
227 // +optional
228 optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1;
229
230 // Specification of the desired behavior of the Deployment.
231 // +optional
232 optional DeploymentSpec spec = 2;
233
234 // Most recently observed status of the Deployment.
235 // +optional
236 optional DeploymentStatus status = 3;
237}
238
239// DeploymentCondition describes the state of a deployment at a certain point.
240message DeploymentCondition {
241 // Type of deployment condition.
242 optional string type = 1;
243
244 // Status of the condition, one of True, False, Unknown.
245 optional string status = 2;
246
247 // The last time this condition was updated.
248 optional k8s.io.apimachinery.pkg.apis.meta.v1.Time lastUpdateTime = 6;
249
250 // Last time the condition transitioned from one status to another.
251 optional k8s.io.apimachinery.pkg.apis.meta.v1.Time lastTransitionTime = 7;
252
253 // The reason for the condition's last transition.
254 optional string reason = 4;
255
256 // A human readable message indicating details about the transition.
257 optional string message = 5;
258}
259
260// DeploymentList is a list of Deployments.
261message DeploymentList {
262 // Standard list metadata.
263 // +optional
264 optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1;
265
266 // Items is the list of Deployments.
267 repeated Deployment items = 2;
268}
269
270// DEPRECATED.
271// DeploymentRollback stores the information required to rollback a deployment.
272message DeploymentRollback {
273 // Required: This must match the Name of a deployment.
274 optional string name = 1;
275
276 // The annotations to be updated to a deployment
277 // +optional
278 map<string, string> updatedAnnotations = 2;
279
280 // The config of this deployment rollback.
281 optional RollbackConfig rollbackTo = 3;
282}
283
284// DeploymentSpec is the specification of the desired behavior of the Deployment.
285message DeploymentSpec {
286 // Number of desired pods. This is a pointer to distinguish between explicit
287 // zero and not specified. Defaults to 1.
288 // +optional
289 optional int32 replicas = 1;
290
291 // Label selector for pods. Existing ReplicaSets whose pods are
292 // selected by this will be the ones affected by this deployment.
293 // +optional
294 optional k8s.io.apimachinery.pkg.apis.meta.v1.LabelSelector selector = 2;
295
296 // Template describes the pods that will be created.
297 optional k8s.io.api.core.v1.PodTemplateSpec template = 3;
298
299 // The deployment strategy to use to replace existing pods with new ones.
300 // +optional
301 // +patchStrategy=retainKeys
302 optional DeploymentStrategy strategy = 4;
303
304 // Minimum number of seconds for which a newly created pod should be ready
305 // without any of its container crashing, for it to be considered available.
306 // Defaults to 0 (pod will be considered available as soon as it is ready)
307 // +optional
308 optional int32 minReadySeconds = 5;
309
310 // The number of old ReplicaSets to retain to allow rollback.
311 // This is a pointer to distinguish between explicit zero and not specified.
312 // This is set to the max value of int32 (i.e. 2147483647) by default, which
313 // means "retaining all old RelicaSets".
314 // +optional
315 optional int32 revisionHistoryLimit = 6;
316
317 // Indicates that the deployment is paused and will not be processed by the
318 // deployment controller.
319 // +optional
320 optional bool paused = 7;
321
322 // DEPRECATED.
323 // The config this deployment is rolling back to. Will be cleared after rollback is done.
324 // +optional
325 optional RollbackConfig rollbackTo = 8;
326
327 // The maximum time in seconds for a deployment to make progress before it
328 // is considered to be failed. The deployment controller will continue to
329 // process failed deployments and a condition with a ProgressDeadlineExceeded
330 // reason will be surfaced in the deployment status. Note that progress will
331 // not be estimated during the time a deployment is paused. This is set to
332 // the max value of int32 (i.e. 2147483647) by default, which means "no deadline".
333 // +optional
334 optional int32 progressDeadlineSeconds = 9;
335}
336
337// DeploymentStatus is the most recently observed status of the Deployment.
338message DeploymentStatus {
339 // The generation observed by the deployment controller.
340 // +optional
341 optional int64 observedGeneration = 1;
342
343 // Total number of non-terminated pods targeted by this deployment (their labels match the selector).
344 // +optional
345 optional int32 replicas = 2;
346
347 // Total number of non-terminated pods targeted by this deployment that have the desired template spec.
348 // +optional
349 optional int32 updatedReplicas = 3;
350
351 // Total number of ready pods targeted by this deployment.
352 // +optional
353 optional int32 readyReplicas = 7;
354
355 // Total number of available pods (ready for at least minReadySeconds) targeted by this deployment.
356 // +optional
357 optional int32 availableReplicas = 4;
358
359 // Total number of unavailable pods targeted by this deployment. This is the total number of
360 // pods that are still required for the deployment to have 100% available capacity. They may
361 // either be pods that are running but not yet available or pods that still have not been created.
362 // +optional
363 optional int32 unavailableReplicas = 5;
364
365 // Represents the latest available observations of a deployment's current state.
366 // +patchMergeKey=type
367 // +patchStrategy=merge
368 repeated DeploymentCondition conditions = 6;
369
370 // Count of hash collisions for the Deployment. The Deployment controller uses this
371 // field as a collision avoidance mechanism when it needs to create the name for the
372 // newest ReplicaSet.
373 // +optional
374 optional int32 collisionCount = 8;
375}
376
377// DeploymentStrategy describes how to replace existing pods with new ones.
378message DeploymentStrategy {
379 // Type of deployment. Can be "Recreate" or "RollingUpdate". Default is RollingUpdate.
380 // +optional
381 optional string type = 1;
382
383 // Rolling update config params. Present only if DeploymentStrategyType =
384 // RollingUpdate.
385 // ---
386 // TODO: Update this to follow our convention for oneOf, whatever we decide it
387 // to be.
388 // +optional
389 optional RollingUpdateDeployment rollingUpdate = 2;
390}
391
392// FSGroupStrategyOptions defines the strategy type and options used to create the strategy.
393// Deprecated: use FSGroupStrategyOptions from policy API Group instead.
394message FSGroupStrategyOptions {
395 // rule is the strategy that will dictate what FSGroup is used in the SecurityContext.
396 // +optional
397 optional string rule = 1;
398
399 // ranges are the allowed ranges of fs groups. If you would like to force a single
400 // fs group then supply a single range with the same start and end. Required for MustRunAs.
401 // +optional
402 repeated IDRange ranges = 2;
403}
404
405// HTTPIngressPath associates a path regex with a backend. Incoming urls matching
406// the path are forwarded to the backend.
407message HTTPIngressPath {
408 // Path is an extended POSIX regex as defined by IEEE Std 1003.1,
409 // (i.e this follows the egrep/unix syntax, not the perl syntax)
410 // matched against the path of an incoming request. Currently it can
411 // contain characters disallowed from the conventional "path"
412 // part of a URL as defined by RFC 3986. Paths must begin with
413 // a '/'. If unspecified, the path defaults to a catch all sending
414 // traffic to the backend.
415 // +optional
416 optional string path = 1;
417
418 // Backend defines the referenced service endpoint to which the traffic
419 // will be forwarded to.
420 optional IngressBackend backend = 2;
421}
422
423// HTTPIngressRuleValue is a list of http selectors pointing to backends.
424// In the example: http://<host>/<path>?<searchpart> -> backend where
425// where parts of the url correspond to RFC 3986, this resource will be used
426// to match against everything after the last '/' and before the first '?'
427// or '#'.
428message HTTPIngressRuleValue {
429 // A collection of paths that map requests to backends.
430 repeated HTTPIngressPath paths = 1;
431}
432
433// HostPortRange defines a range of host ports that will be enabled by a policy
434// for pods to use. It requires both the start and end to be defined.
435// Deprecated: use HostPortRange from policy API Group instead.
436message HostPortRange {
437 // min is the start of the range, inclusive.
438 optional int32 min = 1;
439
440 // max is the end of the range, inclusive.
441 optional int32 max = 2;
442}
443
444// IDRange provides a min/max of an allowed range of IDs.
445// Deprecated: use IDRange from policy API Group instead.
446message IDRange {
447 // min is the start of the range, inclusive.
448 optional int64 min = 1;
449
450 // max is the end of the range, inclusive.
451 optional int64 max = 2;
452}
453
454// DEPRECATED 1.9 - This group version of IPBlock is deprecated by networking/v1/IPBlock.
455// IPBlock describes a particular CIDR (Ex. "192.168.1.1/24") that is allowed to the pods
456// matched by a NetworkPolicySpec's podSelector. The except entry describes CIDRs that should
457// not be included within this rule.
458message IPBlock {
459 // CIDR is a string representing the IP Block
460 // Valid examples are "192.168.1.1/24"
461 optional string cidr = 1;
462
463 // Except is a slice of CIDRs that should not be included within an IP Block
464 // Valid examples are "192.168.1.1/24"
465 // Except values will be rejected if they are outside the CIDR range
466 // +optional
467 repeated string except = 2;
468}
469
470// Ingress is a collection of rules that allow inbound connections to reach the
471// endpoints defined by a backend. An Ingress can be configured to give services
472// externally-reachable urls, load balance traffic, terminate SSL, offer name
473// based virtual hosting etc.
474message Ingress {
475 // Standard object's metadata.
476 // More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata
477 // +optional
478 optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1;
479
480 // Spec is the desired state of the Ingress.
481 // More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#spec-and-status
482 // +optional
483 optional IngressSpec spec = 2;
484
485 // Status is the current state of the Ingress.
486 // More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#spec-and-status
487 // +optional
488 optional IngressStatus status = 3;
489}
490
491// IngressBackend describes all endpoints for a given service and port.
492message IngressBackend {
493 // Specifies the name of the referenced service.
494 optional string serviceName = 1;
495
496 // Specifies the port of the referenced service.
497 optional k8s.io.apimachinery.pkg.util.intstr.IntOrString servicePort = 2;
498}
499
500// IngressList is a collection of Ingress.
501message IngressList {
502 // Standard object's metadata.
503 // More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata
504 // +optional
505 optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1;
506
507 // Items is the list of Ingress.
508 repeated Ingress items = 2;
509}
510
511// IngressRule represents the rules mapping the paths under a specified host to
512// the related backend services. Incoming requests are first evaluated for a host
513// match, then routed to the backend associated with the matching IngressRuleValue.
514message IngressRule {
515 // Host is the fully qualified domain name of a network host, as defined
516 // by RFC 3986. Note the following deviations from the "host" part of the
517 // URI as defined in the RFC:
518 // 1. IPs are not allowed. Currently an IngressRuleValue can only apply to the
519 // IP in the Spec of the parent Ingress.
520 // 2. The `:` delimiter is not respected because ports are not allowed.
521 // Currently the port of an Ingress is implicitly :80 for http and
522 // :443 for https.
523 // Both these may change in the future.
524 // Incoming requests are matched against the host before the IngressRuleValue.
525 // If the host is unspecified, the Ingress routes all traffic based on the
526 // specified IngressRuleValue.
527 // +optional
528 optional string host = 1;
529
530 // IngressRuleValue represents a rule to route requests for this IngressRule.
531 // If unspecified, the rule defaults to a http catch-all. Whether that sends
532 // just traffic matching the host to the default backend or all traffic to the
533 // default backend, is left to the controller fulfilling the Ingress. Http is
534 // currently the only supported IngressRuleValue.
535 // +optional
536 optional IngressRuleValue ingressRuleValue = 2;
537}
538
539// IngressRuleValue represents a rule to apply against incoming requests. If the
540// rule is satisfied, the request is routed to the specified backend. Currently
541// mixing different types of rules in a single Ingress is disallowed, so exactly
542// one of the following must be set.
543message IngressRuleValue {
544 // +optional
545 optional HTTPIngressRuleValue http = 1;
546}
547
548// IngressSpec describes the Ingress the user wishes to exist.
549message IngressSpec {
550 // A default backend capable of servicing requests that don't match any
551 // rule. At least one of 'backend' or 'rules' must be specified. This field
552 // is optional to allow the loadbalancer controller or defaulting logic to
553 // specify a global default.
554 // +optional
555 optional IngressBackend backend = 1;
556
557 // TLS configuration. Currently the Ingress only supports a single TLS
558 // port, 443. If multiple members of this list specify different hosts, they
559 // will be multiplexed on the same port according to the hostname specified
560 // through the SNI TLS extension, if the ingress controller fulfilling the
561 // ingress supports SNI.
562 // +optional
563 repeated IngressTLS tls = 2;
564
565 // A list of host rules used to configure the Ingress. If unspecified, or
566 // no rule matches, all traffic is sent to the default backend.
567 // +optional
568 repeated IngressRule rules = 3;
569}
570
571// IngressStatus describe the current state of the Ingress.
572message IngressStatus {
573 // LoadBalancer contains the current status of the load-balancer.
574 // +optional
575 optional k8s.io.api.core.v1.LoadBalancerStatus loadBalancer = 1;
576}
577
578// IngressTLS describes the transport layer security associated with an Ingress.
579message IngressTLS {
580 // Hosts are a list of hosts included in the TLS certificate. The values in
581 // this list must match the name/s used in the tlsSecret. Defaults to the
582 // wildcard host setting for the loadbalancer controller fulfilling this
583 // Ingress, if left unspecified.
584 // +optional
585 repeated string hosts = 1;
586
587 // SecretName is the name of the secret used to terminate SSL traffic on 443.
588 // Field is left optional to allow SSL routing based on SNI hostname alone.
589 // If the SNI host in a listener conflicts with the "Host" header field used
590 // by an IngressRule, the SNI host is used for termination and value of the
591 // Host header is used for routing.
592 // +optional
593 optional string secretName = 2;
594}
595
596// DEPRECATED 1.9 - This group version of NetworkPolicy is deprecated by networking/v1/NetworkPolicy.
597// NetworkPolicy describes what network traffic is allowed for a set of Pods
598message NetworkPolicy {
599 // Standard object's metadata.
600 // More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata
601 // +optional
602 optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1;
603
604 // Specification of the desired behavior for this NetworkPolicy.
605 // +optional
606 optional NetworkPolicySpec spec = 2;
607}
608
609// DEPRECATED 1.9 - This group version of NetworkPolicyEgressRule is deprecated by networking/v1/NetworkPolicyEgressRule.
610// NetworkPolicyEgressRule describes a particular set of traffic that is allowed out of pods
611// matched by a NetworkPolicySpec's podSelector. The traffic must match both ports and to.
612// This type is beta-level in 1.8
613message NetworkPolicyEgressRule {
614 // List of destination ports for outgoing traffic.
615 // Each item in this list is combined using a logical OR. If this field is
616 // empty or missing, this rule matches all ports (traffic not restricted by port).
617 // If this field is present and contains at least one item, then this rule allows
618 // traffic only if the traffic matches at least one port in the list.
619 // +optional
620 repeated NetworkPolicyPort ports = 1;
621
622 // List of destinations for outgoing traffic of pods selected for this rule.
623 // Items in this list are combined using a logical OR operation. If this field is
624 // empty or missing, this rule matches all destinations (traffic not restricted by
625 // destination). If this field is present and contains at least one item, this rule
626 // allows traffic only if the traffic matches at least one item in the to list.
627 // +optional
628 repeated NetworkPolicyPeer to = 2;
629}
630
631// DEPRECATED 1.9 - This group version of NetworkPolicyIngressRule is deprecated by networking/v1/NetworkPolicyIngressRule.
632// This NetworkPolicyIngressRule matches traffic if and only if the traffic matches both ports AND from.
633message NetworkPolicyIngressRule {
634 // List of ports which should be made accessible on the pods selected for this rule.
635 // Each item in this list is combined using a logical OR.
636 // If this field is empty or missing, this rule matches all ports (traffic not restricted by port).
637 // If this field is present and contains at least one item, then this rule allows traffic
638 // only if the traffic matches at least one port in the list.
639 // +optional
640 repeated NetworkPolicyPort ports = 1;
641
642 // List of sources which should be able to access the pods selected for this rule.
643 // Items in this list are combined using a logical OR operation.
644 // If this field is empty or missing, this rule matches all sources (traffic not restricted by source).
645 // If this field is present and contains at least on item, this rule allows traffic only if the
646 // traffic matches at least one item in the from list.
647 // +optional
648 repeated NetworkPolicyPeer from = 2;
649}
650
651// DEPRECATED 1.9 - This group version of NetworkPolicyList is deprecated by networking/v1/NetworkPolicyList.
652// Network Policy List is a list of NetworkPolicy objects.
653message NetworkPolicyList {
654 // Standard list metadata.
655 // More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata
656 // +optional
657 optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1;
658
659 // Items is a list of schema objects.
660 repeated NetworkPolicy items = 2;
661}
662
663// DEPRECATED 1.9 - This group version of NetworkPolicyPeer is deprecated by networking/v1/NetworkPolicyPeer.
664message NetworkPolicyPeer {
665 // This is a label selector which selects Pods. This field follows standard label
666 // selector semantics; if present but empty, it selects all pods.
667 //
668 // If NamespaceSelector is also set, then the NetworkPolicyPeer as a whole selects
669 // the Pods matching PodSelector in the Namespaces selected by NamespaceSelector.
670 // Otherwise it selects the Pods matching PodSelector in the policy's own Namespace.
671 // +optional
672 optional k8s.io.apimachinery.pkg.apis.meta.v1.LabelSelector podSelector = 1;
673
674 // Selects Namespaces using cluster-scoped labels. This field follows standard label
675 // selector semantics; if present but empty, it selects all namespaces.
676 //
677 // If PodSelector is also set, then the NetworkPolicyPeer as a whole selects
678 // the Pods matching PodSelector in the Namespaces selected by NamespaceSelector.
679 // Otherwise it selects all Pods in the Namespaces selected by NamespaceSelector.
680 // +optional
681 optional k8s.io.apimachinery.pkg.apis.meta.v1.LabelSelector namespaceSelector = 2;
682
683 // IPBlock defines policy on a particular IPBlock. If this field is set then
684 // neither of the other fields can be.
685 // +optional
686 optional IPBlock ipBlock = 3;
687}
688
689// DEPRECATED 1.9 - This group version of NetworkPolicyPort is deprecated by networking/v1/NetworkPolicyPort.
690message NetworkPolicyPort {
691 // Optional. The protocol (TCP, UDP, or SCTP) which traffic must match.
692 // If not specified, this field defaults to TCP.
693 // +optional
694 optional string protocol = 1;
695
696 // If specified, the port on the given protocol. This can
697 // either be a numerical or named port on a pod. If this field is not provided,
698 // this matches all port names and numbers.
699 // If present, only traffic on the specified protocol AND port
700 // will be matched.
701 // +optional
702 optional k8s.io.apimachinery.pkg.util.intstr.IntOrString port = 2;
703}
704
705// DEPRECATED 1.9 - This group version of NetworkPolicySpec is deprecated by networking/v1/NetworkPolicySpec.
706message NetworkPolicySpec {
707 // Selects the pods to which this NetworkPolicy object applies. The array of ingress rules
708 // is applied to any pods selected by this field. Multiple network policies can select the
709 // same set of pods. In this case, the ingress rules for each are combined additively.
710 // This field is NOT optional and follows standard label selector semantics.
711 // An empty podSelector matches all pods in this namespace.
712 optional k8s.io.apimachinery.pkg.apis.meta.v1.LabelSelector podSelector = 1;
713
714 // List of ingress rules to be applied to the selected pods.
715 // Traffic is allowed to a pod if there are no NetworkPolicies selecting the pod
716 // OR if the traffic source is the pod's local node,
717 // OR if the traffic matches at least one ingress rule across all of the NetworkPolicy
718 // objects whose podSelector matches the pod.
719 // If this field is empty then this NetworkPolicy does not allow any traffic
720 // (and serves solely to ensure that the pods it selects are isolated by default).
721 // +optional
722 repeated NetworkPolicyIngressRule ingress = 2;
723
724 // List of egress rules to be applied to the selected pods. Outgoing traffic is
725 // allowed if there are no NetworkPolicies selecting the pod (and cluster policy
726 // otherwise allows the traffic), OR if the traffic matches at least one egress rule
727 // across all of the NetworkPolicy objects whose podSelector matches the pod. If
728 // this field is empty then this NetworkPolicy limits all outgoing traffic (and serves
729 // solely to ensure that the pods it selects are isolated by default).
730 // This field is beta-level in 1.8
731 // +optional
732 repeated NetworkPolicyEgressRule egress = 3;
733
734 // List of rule types that the NetworkPolicy relates to.
735 // Valid options are Ingress, Egress, or Ingress,Egress.
736 // If this field is not specified, it will default based on the existence of Ingress or Egress rules;
737 // policies that contain an Egress section are assumed to affect Egress, and all policies
738 // (whether or not they contain an Ingress section) are assumed to affect Ingress.
739 // If you want to write an egress-only policy, you must explicitly specify policyTypes [ "Egress" ].
740 // Likewise, if you want to write a policy that specifies that no egress is allowed,
741 // you must specify a policyTypes value that include "Egress" (since such a policy would not include
742 // an Egress section and would otherwise default to just [ "Ingress" ]).
743 // This field is beta-level in 1.8
744 // +optional
745 repeated string policyTypes = 4;
746}
747
748// PodSecurityPolicy governs the ability to make requests that affect the Security Context
749// that will be applied to a pod and container.
750// Deprecated: use PodSecurityPolicy from policy API Group instead.
751message PodSecurityPolicy {
752 // Standard object's metadata.
753 // More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata
754 // +optional
755 optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1;
756
757 // spec defines the policy enforced.
758 // +optional
759 optional PodSecurityPolicySpec spec = 2;
760}
761
762// PodSecurityPolicyList is a list of PodSecurityPolicy objects.
763// Deprecated: use PodSecurityPolicyList from policy API Group instead.
764message PodSecurityPolicyList {
765 // Standard list metadata.
766 // More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata
767 // +optional
768 optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1;
769
770 // items is a list of schema objects.
771 repeated PodSecurityPolicy items = 2;
772}
773
774// PodSecurityPolicySpec defines the policy enforced.
775// Deprecated: use PodSecurityPolicySpec from policy API Group instead.
776message PodSecurityPolicySpec {
777 // privileged determines if a pod can request to be run as privileged.
778 // +optional
779 optional bool privileged = 1;
780
781 // defaultAddCapabilities is the default set of capabilities that will be added to the container
782 // unless the pod spec specifically drops the capability. You may not list a capability in both
783 // defaultAddCapabilities and requiredDropCapabilities. Capabilities added here are implicitly
784 // allowed, and need not be included in the allowedCapabilities list.
785 // +optional
786 repeated string defaultAddCapabilities = 2;
787
788 // requiredDropCapabilities are the capabilities that will be dropped from the container. These
789 // are required to be dropped and cannot be added.
790 // +optional
791 repeated string requiredDropCapabilities = 3;
792
793 // allowedCapabilities is a list of capabilities that can be requested to add to the container.
794 // Capabilities in this field may be added at the pod author's discretion.
795 // You must not list a capability in both allowedCapabilities and requiredDropCapabilities.
796 // +optional
797 repeated string allowedCapabilities = 4;
798
799 // volumes is a white list of allowed volume plugins. Empty indicates that
800 // no volumes may be used. To allow all volumes you may use '*'.
801 // +optional
802 repeated string volumes = 5;
803
804 // hostNetwork determines if the policy allows the use of HostNetwork in the pod spec.
805 // +optional
806 optional bool hostNetwork = 6;
807
808 // hostPorts determines which host port ranges are allowed to be exposed.
809 // +optional
810 repeated HostPortRange hostPorts = 7;
811
812 // hostPID determines if the policy allows the use of HostPID in the pod spec.
813 // +optional
814 optional bool hostPID = 8;
815
816 // hostIPC determines if the policy allows the use of HostIPC in the pod spec.
817 // +optional
818 optional bool hostIPC = 9;
819
820 // seLinux is the strategy that will dictate the allowable labels that may be set.
821 optional SELinuxStrategyOptions seLinux = 10;
822
823 // runAsUser is the strategy that will dictate the allowable RunAsUser values that may be set.
824 optional RunAsUserStrategyOptions runAsUser = 11;
825
826 // RunAsGroup is the strategy that will dictate the allowable RunAsGroup values that may be set.
827 // If this field is omitted, the pod's RunAsGroup can take any value. This field requires the
828 // RunAsGroup feature gate to be enabled.
829 // +optional
830 optional RunAsGroupStrategyOptions runAsGroup = 22;
831
832 // supplementalGroups is the strategy that will dictate what supplemental groups are used by the SecurityContext.
833 optional SupplementalGroupsStrategyOptions supplementalGroups = 12;
834
835 // fsGroup is the strategy that will dictate what fs group is used by the SecurityContext.
836 optional FSGroupStrategyOptions fsGroup = 13;
837
838 // readOnlyRootFilesystem when set to true will force containers to run with a read only root file
839 // system. If the container specifically requests to run with a non-read only root file system
840 // the PSP should deny the pod.
841 // If set to false the container may run with a read only root file system if it wishes but it
842 // will not be forced to.
843 // +optional
844 optional bool readOnlyRootFilesystem = 14;
845
846 // defaultAllowPrivilegeEscalation controls the default setting for whether a
847 // process can gain more privileges than its parent process.
848 // +optional
849 optional bool defaultAllowPrivilegeEscalation = 15;
850
851 // allowPrivilegeEscalation determines if a pod can request to allow
852 // privilege escalation. If unspecified, defaults to true.
853 // +optional
854 optional bool allowPrivilegeEscalation = 16;
855
856 // allowedHostPaths is a white list of allowed host paths. Empty indicates
857 // that all host paths may be used.
858 // +optional
859 repeated AllowedHostPath allowedHostPaths = 17;
860
861 // allowedFlexVolumes is a whitelist of allowed Flexvolumes. Empty or nil indicates that all
862 // Flexvolumes may be used. This parameter is effective only when the usage of the Flexvolumes
863 // is allowed in the "volumes" field.
864 // +optional
865 repeated AllowedFlexVolume allowedFlexVolumes = 18;
866
867 // allowedUnsafeSysctls is a list of explicitly allowed unsafe sysctls, defaults to none.
868 // Each entry is either a plain sysctl name or ends in "*" in which case it is considered
869 // as a prefix of allowed sysctls. Single * means all unsafe sysctls are allowed.
870 // Kubelet has to whitelist all allowed unsafe sysctls explicitly to avoid rejection.
871 //
872 // Examples:
873 // e.g. "foo/*" allows "foo/bar", "foo/baz", etc.
874 // e.g. "foo.*" allows "foo.bar", "foo.baz", etc.
875 // +optional
876 repeated string allowedUnsafeSysctls = 19;
877
878 // forbiddenSysctls is a list of explicitly forbidden sysctls, defaults to none.
879 // Each entry is either a plain sysctl name or ends in "*" in which case it is considered
880 // as a prefix of forbidden sysctls. Single * means all sysctls are forbidden.
881 //
882 // Examples:
883 // e.g. "foo/*" forbids "foo/bar", "foo/baz", etc.
884 // e.g. "foo.*" forbids "foo.bar", "foo.baz", etc.
885 // +optional
886 repeated string forbiddenSysctls = 20;
887
888 // AllowedProcMountTypes is a whitelist of allowed ProcMountTypes.
889 // Empty or nil indicates that only the DefaultProcMountType may be used.
890 // This requires the ProcMountType feature flag to be enabled.
891 // +optional
892 repeated string allowedProcMountTypes = 21;
893}
894
895// DEPRECATED - This group version of ReplicaSet is deprecated by apps/v1beta2/ReplicaSet. See the release notes for
896// more information.
897// ReplicaSet ensures that a specified number of pod replicas are running at any given time.
898message ReplicaSet {
899 // If the Labels of a ReplicaSet are empty, they are defaulted to
900 // be the same as the Pod(s) that the ReplicaSet manages.
901 // Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata
902 // +optional
903 optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1;
904
905 // Spec defines the specification of the desired behavior of the ReplicaSet.
906 // More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#spec-and-status
907 // +optional
908 optional ReplicaSetSpec spec = 2;
909
910 // Status is the most recently observed status of the ReplicaSet.
911 // This data may be out of date by some window of time.
912 // Populated by the system.
913 // Read-only.
914 // More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#spec-and-status
915 // +optional
916 optional ReplicaSetStatus status = 3;
917}
918
919// ReplicaSetCondition describes the state of a replica set at a certain point.
920message ReplicaSetCondition {
921 // Type of replica set condition.
922 optional string type = 1;
923
924 // Status of the condition, one of True, False, Unknown.
925 optional string status = 2;
926
927 // The last time the condition transitioned from one status to another.
928 // +optional
929 optional k8s.io.apimachinery.pkg.apis.meta.v1.Time lastTransitionTime = 3;
930
931 // The reason for the condition's last transition.
932 // +optional
933 optional string reason = 4;
934
935 // A human readable message indicating details about the transition.
936 // +optional
937 optional string message = 5;
938}
939
940// ReplicaSetList is a collection of ReplicaSets.
941message ReplicaSetList {
942 // Standard list metadata.
943 // More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds
944 // +optional
945 optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1;
946
947 // List of ReplicaSets.
948 // More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller
949 repeated ReplicaSet items = 2;
950}
951
952// ReplicaSetSpec is the specification of a ReplicaSet.
953message ReplicaSetSpec {
954 // Replicas is the number of desired replicas.
955 // This is a pointer to distinguish between explicit zero and unspecified.
956 // Defaults to 1.
957 // More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller/#what-is-a-replicationcontroller
958 // +optional
959 optional int32 replicas = 1;
960
961 // Minimum number of seconds for which a newly created pod should be ready
962 // without any of its container crashing, for it to be considered available.
963 // Defaults to 0 (pod will be considered available as soon as it is ready)
964 // +optional
965 optional int32 minReadySeconds = 4;
966
967 // Selector is a label query over pods that should match the replica count.
968 // If the selector is empty, it is defaulted to the labels present on the pod template.
969 // Label keys and values that must match in order to be controlled by this replica set.
970 // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors
971 // +optional
972 optional k8s.io.apimachinery.pkg.apis.meta.v1.LabelSelector selector = 2;
973
974 // Template is the object that describes the pod that will be created if
975 // insufficient replicas are detected.
976 // More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller#pod-template
977 // +optional
978 optional k8s.io.api.core.v1.PodTemplateSpec template = 3;
979}
980
981// ReplicaSetStatus represents the current status of a ReplicaSet.
982message ReplicaSetStatus {
983 // Replicas is the most recently oberved number of replicas.
984 // More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller/#what-is-a-replicationcontroller
985 optional int32 replicas = 1;
986
987 // The number of pods that have labels matching the labels of the pod template of the replicaset.
988 // +optional
989 optional int32 fullyLabeledReplicas = 2;
990
991 // The number of ready replicas for this replica set.
992 // +optional
993 optional int32 readyReplicas = 4;
994
995 // The number of available replicas (ready for at least minReadySeconds) for this replica set.
996 // +optional
997 optional int32 availableReplicas = 5;
998
999 // ObservedGeneration reflects the generation of the most recently observed ReplicaSet.
1000 // +optional
1001 optional int64 observedGeneration = 3;
1002
1003 // Represents the latest available observations of a replica set's current state.
1004 // +optional
1005 // +patchMergeKey=type
1006 // +patchStrategy=merge
1007 repeated ReplicaSetCondition conditions = 6;
1008}
1009
1010// Dummy definition
1011message ReplicationControllerDummy {
1012}
1013
1014// DEPRECATED.
1015message RollbackConfig {
1016 // The revision to rollback to. If set to 0, rollback to the last revision.
1017 // +optional
1018 optional int64 revision = 1;
1019}
1020
1021// Spec to control the desired behavior of daemon set rolling update.
1022message RollingUpdateDaemonSet {
1023 // The maximum number of DaemonSet pods that can be unavailable during the
1024 // update. Value can be an absolute number (ex: 5) or a percentage of total
1025 // number of DaemonSet pods at the start of the update (ex: 10%). Absolute
1026 // number is calculated from percentage by rounding up.
1027 // This cannot be 0.
1028 // Default value is 1.
1029 // Example: when this is set to 30%, at most 30% of the total number of nodes
1030 // that should be running the daemon pod (i.e. status.desiredNumberScheduled)
1031 // can have their pods stopped for an update at any given
1032 // time. The update starts by stopping at most 30% of those DaemonSet pods
1033 // and then brings up new DaemonSet pods in their place. Once the new pods
1034 // are available, it then proceeds onto other DaemonSet pods, thus ensuring
1035 // that at least 70% of original number of DaemonSet pods are available at
1036 // all times during the update.
1037 // +optional
1038 optional k8s.io.apimachinery.pkg.util.intstr.IntOrString maxUnavailable = 1;
1039}
1040
1041// Spec to control the desired behavior of rolling update.
1042message RollingUpdateDeployment {
1043 // The maximum number of pods that can be unavailable during the update.
1044 // Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%).
1045 // Absolute number is calculated from percentage by rounding down.
1046 // This can not be 0 if MaxSurge is 0.
1047 // By default, a fixed value of 1 is used.
1048 // Example: when this is set to 30%, the old RC can be scaled down to 70% of desired pods
1049 // immediately when the rolling update starts. Once new pods are ready, old RC
1050 // can be scaled down further, followed by scaling up the new RC, ensuring
1051 // that the total number of pods available at all times during the update is at
1052 // least 70% of desired pods.
1053 // +optional
1054 optional k8s.io.apimachinery.pkg.util.intstr.IntOrString maxUnavailable = 1;
1055
1056 // The maximum number of pods that can be scheduled above the desired number of
1057 // pods.
1058 // Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%).
1059 // This can not be 0 if MaxUnavailable is 0.
1060 // Absolute number is calculated from percentage by rounding up.
1061 // By default, a value of 1 is used.
1062 // Example: when this is set to 30%, the new RC can be scaled up immediately when
1063 // the rolling update starts, such that the total number of old and new pods do not exceed
1064 // 130% of desired pods. Once old pods have been killed,
1065 // new RC can be scaled up further, ensuring that total number of pods running
1066 // at any time during the update is atmost 130% of desired pods.
1067 // +optional
1068 optional k8s.io.apimachinery.pkg.util.intstr.IntOrString maxSurge = 2;
1069}
1070
1071// RunAsGroupStrategyOptions defines the strategy type and any options used to create the strategy.
1072// Deprecated: use RunAsGroupStrategyOptions from policy API Group instead.
1073message RunAsGroupStrategyOptions {
1074 // rule is the strategy that will dictate the allowable RunAsGroup values that may be set.
1075 optional string rule = 1;
1076
1077 // ranges are the allowed ranges of gids that may be used. If you would like to force a single gid
1078 // then supply a single range with the same start and end. Required for MustRunAs.
1079 // +optional
1080 repeated IDRange ranges = 2;
1081}
1082
1083// RunAsUserStrategyOptions defines the strategy type and any options used to create the strategy.
1084// Deprecated: use RunAsUserStrategyOptions from policy API Group instead.
1085message RunAsUserStrategyOptions {
1086 // rule is the strategy that will dictate the allowable RunAsUser values that may be set.
1087 optional string rule = 1;
1088
1089 // ranges are the allowed ranges of uids that may be used. If you would like to force a single uid
1090 // then supply a single range with the same start and end. Required for MustRunAs.
1091 // +optional
1092 repeated IDRange ranges = 2;
1093}
1094
1095// SELinuxStrategyOptions defines the strategy type and any options used to create the strategy.
1096// Deprecated: use SELinuxStrategyOptions from policy API Group instead.
1097message SELinuxStrategyOptions {
1098 // rule is the strategy that will dictate the allowable labels that may be set.
1099 optional string rule = 1;
1100
1101 // seLinuxOptions required to run as; required for MustRunAs
1102 // More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
1103 // +optional
1104 optional k8s.io.api.core.v1.SELinuxOptions seLinuxOptions = 2;
1105}
1106
1107// represents a scaling request for a resource.
1108message Scale {
1109 // Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata.
1110 // +optional
1111 optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1;
1112
1113 // defines the behavior of the scale. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#spec-and-status.
1114 // +optional
1115 optional ScaleSpec spec = 2;
1116
1117 // current status of the scale. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#spec-and-status. Read-only.
1118 // +optional
1119 optional ScaleStatus status = 3;
1120}
1121
1122// describes the attributes of a scale subresource
1123message ScaleSpec {
1124 // desired number of instances for the scaled object.
1125 // +optional
1126 optional int32 replicas = 1;
1127}
1128
1129// represents the current status of a scale subresource.
1130message ScaleStatus {
1131 // actual number of observed instances of the scaled object.
1132 optional int32 replicas = 1;
1133
1134 // label query over pods that should match the replicas count. More info: http://kubernetes.io/docs/user-guide/labels#label-selectors
1135 // +optional
1136 map<string, string> selector = 2;
1137
1138 // label selector for pods that should match the replicas count. This is a serializated
1139 // version of both map-based and more expressive set-based selectors. This is done to
1140 // avoid introspection in the clients. The string will be in the same format as the
1141 // query-param syntax. If the target type only supports map-based selectors, both this
1142 // field and map-based selector field are populated.
1143 // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors
1144 // +optional
1145 optional string targetSelector = 3;
1146}
1147
1148// SupplementalGroupsStrategyOptions defines the strategy type and options used to create the strategy.
1149// Deprecated: use SupplementalGroupsStrategyOptions from policy API Group instead.
1150message SupplementalGroupsStrategyOptions {
1151 // rule is the strategy that will dictate what supplemental groups is used in the SecurityContext.
1152 // +optional
1153 optional string rule = 1;
1154
1155 // ranges are the allowed ranges of supplemental groups. If you would like to force a single
1156 // supplemental group then supply a single range with the same start and end. Required for MustRunAs.
1157 // +optional
1158 repeated IDRange ranges = 2;
1159}
1160