1/*
2Copyright The Kubernetes Authors.
3
4Licensed under the Apache License, Version 2.0 (the "License");
5you may not use this file except in compliance with the License.
6You may obtain a copy of the License at
7
8 http://www.apache.org/licenses/LICENSE-2.0
9
10Unless required by applicable law or agreed to in writing, software
11distributed under the License is distributed on an "AS IS" BASIS,
12WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13See the License for the specific language governing permissions and
14limitations under the License.
15*/
16
17
18// This file was autogenerated by go-to-protobuf. Do not edit it manually!
19
20syntax = "proto2";
21
22package k8s.io.api.imagepolicy.v1alpha1;
23
24import "k8s.io/apimachinery/pkg/apis/meta/v1/generated.proto";
25import "k8s.io/apimachinery/pkg/runtime/generated.proto";
26import "k8s.io/apimachinery/pkg/runtime/schema/generated.proto";
27
28// Package-wide variables from generator "generated".
29option go_package = "k8s.io/api/imagepolicy/v1alpha1";
30
31// ImageReview checks if the set of images in a pod are allowed.
32message ImageReview {
33 // Standard object's metadata.
34 // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
35 // +optional
36 optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1;
37
38 // Spec holds information about the pod being evaluated
39 optional ImageReviewSpec spec = 2;
40
41 // Status is filled in by the backend and indicates whether the pod should be allowed.
42 // +optional
43 optional ImageReviewStatus status = 3;
44}
45
46// ImageReviewContainerSpec is a description of a container within the pod creation request.
47message ImageReviewContainerSpec {
48 // This can be in the form image:tag or image@SHA:012345679abcdef.
49 // +optional
50 optional string image = 1;
51}
52
53// ImageReviewSpec is a description of the pod creation request.
54message ImageReviewSpec {
55 // Containers is a list of a subset of the information in each container of the Pod being created.
56 // +optional
57 // +listType=atomic
58 repeated ImageReviewContainerSpec containers = 1;
59
60 // Annotations is a list of key-value pairs extracted from the Pod's annotations.
61 // It only includes keys which match the pattern `*.image-policy.k8s.io/*`.
62 // It is up to each webhook backend to determine how to interpret these annotations, if at all.
63 // +optional
64 map<string, string> annotations = 2;
65
66 // Namespace is the namespace the pod is being created in.
67 // +optional
68 optional string namespace = 3;
69}
70
71// ImageReviewStatus is the result of the review for the pod creation request.
72message ImageReviewStatus {
73 // Allowed indicates that all images were allowed to be run.
74 optional bool allowed = 1;
75
76 // Reason should be empty unless Allowed is false in which case it
77 // may contain a short description of what is wrong. Kubernetes
78 // may truncate excessively long errors when displaying to the user.
79 // +optional
80 optional string reason = 2;
81
82 // AuditAnnotations will be added to the attributes object of the
83 // admission controller request using 'AddAnnotation'. The keys should
84 // be prefix-less (i.e., the admission controller will add an
85 // appropriate prefix).
86 // +optional
87 map<string, string> auditAnnotations = 3;
88}
89
View as plain text