mirror of https://github.com/k3s-io/k3s
87 lines
3.0 KiB
Protocol Buffer
87 lines
3.0 KiB
Protocol Buffer
|
/*
|
||
|
Copyright The Kubernetes Authors.
|
||
|
|
||
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||
|
you may not use this file except in compliance with the License.
|
||
|
You may obtain a copy of the License at
|
||
|
|
||
|
http://www.apache.org/licenses/LICENSE-2.0
|
||
|
|
||
|
Unless required by applicable law or agreed to in writing, software
|
||
|
distributed under the License is distributed on an "AS IS" BASIS,
|
||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||
|
See the License for the specific language governing permissions and
|
||
|
limitations under the License.
|
||
|
*/
|
||
|
|
||
|
|
||
|
// This file was autogenerated by go-to-protobuf. Do not edit it manually!
|
||
|
|
||
|
syntax = 'proto2';
|
||
|
|
||
|
package k8s.io.api.imagepolicy.v1alpha1;
|
||
|
|
||
|
import "k8s.io/apimachinery/pkg/apis/meta/v1/generated.proto";
|
||
|
import "k8s.io/apimachinery/pkg/runtime/generated.proto";
|
||
|
import "k8s.io/apimachinery/pkg/runtime/schema/generated.proto";
|
||
|
|
||
|
// Package-wide variables from generator "generated".
|
||
|
option go_package = "v1alpha1";
|
||
|
|
||
|
// ImageReview checks if the set of images in a pod are allowed.
|
||
|
message ImageReview {
|
||
|
// +optional
|
||
|
optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1;
|
||
|
|
||
|
// Spec holds information about the pod being evaluated
|
||
|
optional ImageReviewSpec spec = 2;
|
||
|
|
||
|
// Status is filled in by the backend and indicates whether the pod should be allowed.
|
||
|
// +optional
|
||
|
optional ImageReviewStatus status = 3;
|
||
|
}
|
||
|
|
||
|
// ImageReviewContainerSpec is a description of a container within the pod creation request.
|
||
|
message ImageReviewContainerSpec {
|
||
|
// This can be in the form image:tag or image@SHA:012345679abcdef.
|
||
|
// +optional
|
||
|
optional string image = 1;
|
||
|
}
|
||
|
|
||
|
// ImageReviewSpec is a description of the pod creation request.
|
||
|
message ImageReviewSpec {
|
||
|
// Containers is a list of a subset of the information in each container of the Pod being created.
|
||
|
// +optional
|
||
|
repeated ImageReviewContainerSpec containers = 1;
|
||
|
|
||
|
// Annotations is a list of key-value pairs extracted from the Pod's annotations.
|
||
|
// It only includes keys which match the pattern `*.image-policy.k8s.io/*`.
|
||
|
// It is up to each webhook backend to determine how to interpret these annotations, if at all.
|
||
|
// +optional
|
||
|
map<string, string> annotations = 2;
|
||
|
|
||
|
// Namespace is the namespace the pod is being created in.
|
||
|
// +optional
|
||
|
optional string namespace = 3;
|
||
|
}
|
||
|
|
||
|
// ImageReviewStatus is the result of the review for the pod creation request.
|
||
|
message ImageReviewStatus {
|
||
|
// Allowed indicates that all images were allowed to be run.
|
||
|
optional bool allowed = 1;
|
||
|
|
||
|
// Reason should be empty unless Allowed is false in which case it
|
||
|
// may contain a short description of what is wrong. Kubernetes
|
||
|
// may truncate excessively long errors when displaying to the user.
|
||
|
// +optional
|
||
|
optional string reason = 2;
|
||
|
|
||
|
// AuditAnnotations will be added to the attributes object of the
|
||
|
// admission controller request using 'AddAnnotation'. The keys should
|
||
|
// be prefix-less (i.e., the admission controller will add an
|
||
|
// appropriate prefix).
|
||
|
// +optional
|
||
|
map<string, string> auditAnnotations = 3;
|
||
|
}
|
||
|
|