8e5b17cf13
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
82 lines
2.9 KiB
Protocol Buffer
82 lines
2.9 KiB
Protocol Buffer
/*
|
|
Copyright 2017 The Kubernetes Authors.
|
|
|
|
Licensed under the Apache License, Version 2.0 (the "License");
|
|
you may not use this file except in compliance with the License.
|
|
You may obtain a copy of the License at
|
|
|
|
http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
Unless required by applicable law or agreed to in writing, software
|
|
distributed under the License is distributed on an "AS IS" BASIS,
|
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
See the License for the specific language governing permissions and
|
|
limitations under the License.
|
|
*/
|
|
|
|
|
|
// This file was autogenerated by go-to-protobuf. Do not edit it manually!
|
|
|
|
syntax = 'proto2';
|
|
|
|
package k8s.io.kubernetes.pkg.apis.imagepolicy.v1alpha1;
|
|
|
|
import "k8s.io/apimachinery/pkg/apis/meta/v1/generated.proto";
|
|
import "k8s.io/apimachinery/pkg/runtime/generated.proto";
|
|
import "k8s.io/apimachinery/pkg/runtime/schema/generated.proto";
|
|
import "k8s.io/kubernetes/pkg/api/resource/generated.proto";
|
|
import "k8s.io/kubernetes/pkg/api/v1/generated.proto";
|
|
import "k8s.io/kubernetes/pkg/util/intstr/generated.proto";
|
|
|
|
// Package-wide variables from generator "generated".
|
|
option go_package = "v1alpha1";
|
|
|
|
// ImageReview checks if the set of images in a pod are allowed.
|
|
message ImageReview {
|
|
// +optional
|
|
optional k8s.io.kubernetes.pkg.api.v1.ObjectMeta metadata = 1;
|
|
|
|
// Spec holds information about the pod being evaluated
|
|
optional ImageReviewSpec spec = 2;
|
|
|
|
// Status is filled in by the backend and indicates whether the pod should be allowed.
|
|
// +optional
|
|
optional ImageReviewStatus status = 3;
|
|
}
|
|
|
|
// ImageReviewContainerSpec is a description of a container within the pod creation request.
|
|
message ImageReviewContainerSpec {
|
|
// This can be in the form image:tag or image@SHA:012345679abcdef.
|
|
// +optional
|
|
optional string image = 1;
|
|
}
|
|
|
|
// ImageReviewSpec is a description of the pod creation request.
|
|
message ImageReviewSpec {
|
|
// Containers is a list of a subset of the information in each container of the Pod being created.
|
|
// +optional
|
|
repeated ImageReviewContainerSpec containers = 1;
|
|
|
|
// Annotations is a list of key-value pairs extracted from the Pod's annotations.
|
|
// It only includes keys which match the pattern `*.image-policy.k8s.io/*`.
|
|
// It is up to each webhook backend to determine how to interpret these annotations, if at all.
|
|
// +optional
|
|
map<string, string> annotations = 2;
|
|
|
|
// Namespace is the namespace the pod is being created in.
|
|
// +optional
|
|
optional string namespace = 3;
|
|
}
|
|
|
|
// ImageReviewStatus is the result of the token authentication request.
|
|
message ImageReviewStatus {
|
|
// Allowed indicates that all images were allowed to be run.
|
|
optional bool allowed = 1;
|
|
|
|
// Reason should be empty unless Allowed is false in which case it
|
|
// may contain a short description of what is wrong. Kubernetes
|
|
// may truncate excessively long errors when displaying to the user.
|
|
// +optional
|
|
optional string reason = 2;
|
|
}
|
|
|