...

Text file src/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1beta1/generated.proto

Documentation: k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1beta1

     1/*
     2Copyright The Kubernetes Authors.
     3
     4Licensed under the Apache License, Version 2.0 (the "License");
     5you may not use this file except in compliance with the License.
     6You may obtain a copy of the License at
     7
     8    http://www.apache.org/licenses/LICENSE-2.0
     9
    10Unless required by applicable law or agreed to in writing, software
    11distributed under the License is distributed on an "AS IS" BASIS,
    12WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    13See the License for the specific language governing permissions and
    14limitations under the License.
    15*/
    16
    17
    18// This file was autogenerated by go-to-protobuf. Do not edit it manually!
    19
    20syntax = "proto2";
    21
    22package k8s.io.apiextensions_apiserver.pkg.apis.apiextensions.v1beta1;
    23
    24import "k8s.io/apimachinery/pkg/apis/meta/v1/generated.proto";
    25import "k8s.io/apimachinery/pkg/runtime/generated.proto";
    26import "k8s.io/apimachinery/pkg/runtime/schema/generated.proto";
    27
    28// Package-wide variables from generator "generated".
    29option go_package = "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1beta1";
    30
    31// ConversionRequest describes the conversion request parameters.
    32message ConversionRequest {
    33  // uid is an identifier for the individual request/response. It allows distinguishing instances of requests which are
    34  // otherwise identical (parallel requests, etc).
    35  // The UID is meant to track the round trip (request/response) between the Kubernetes API server and the webhook, not the user request.
    36  // It is suitable for correlating log entries between the webhook and apiserver, for either auditing or debugging.
    37  optional string uid = 1;
    38
    39  // desiredAPIVersion is the version to convert given objects to. e.g. "myapi.example.com/v1"
    40  optional string desiredAPIVersion = 2;
    41
    42  // objects is the list of custom resource objects to be converted.
    43  // +listType=atomic
    44  repeated k8s.io.apimachinery.pkg.runtime.RawExtension objects = 3;
    45}
    46
    47// ConversionResponse describes a conversion response.
    48message ConversionResponse {
    49  // uid is an identifier for the individual request/response.
    50  // This should be copied over from the corresponding `request.uid`.
    51  optional string uid = 1;
    52
    53  // convertedObjects is the list of converted version of `request.objects` if the `result` is successful, otherwise empty.
    54  // The webhook is expected to set `apiVersion` of these objects to the `request.desiredAPIVersion`. The list
    55  // must also have the same size as the input list with the same objects in the same order (equal kind, metadata.uid, metadata.name and metadata.namespace).
    56  // The webhook is allowed to mutate labels and annotations. Any other change to the metadata is silently ignored.
    57  // +listType=atomic
    58  repeated k8s.io.apimachinery.pkg.runtime.RawExtension convertedObjects = 2;
    59
    60  // result contains the result of conversion with extra details if the conversion failed. `result.status` determines if
    61  // the conversion failed or succeeded. The `result.status` field is required and represents the success or failure of the
    62  // conversion. A successful conversion must set `result.status` to `Success`. A failed conversion must set
    63  // `result.status` to `Failure` and provide more details in `result.message` and return http status 200. The `result.message`
    64  // will be used to construct an error message for the end user.
    65  optional k8s.io.apimachinery.pkg.apis.meta.v1.Status result = 3;
    66}
    67
    68// ConversionReview describes a conversion request/response.
    69message ConversionReview {
    70  // request describes the attributes for the conversion request.
    71  // +optional
    72  optional ConversionRequest request = 1;
    73
    74  // response describes the attributes for the conversion response.
    75  // +optional
    76  optional ConversionResponse response = 2;
    77}
    78
    79// CustomResourceColumnDefinition specifies a column for server side printing.
    80message CustomResourceColumnDefinition {
    81  // name is a human readable name for the column.
    82  optional string name = 1;
    83
    84  // type is an OpenAPI type definition for this column.
    85  // See https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md#data-types for details.
    86  optional string type = 2;
    87
    88  // format is an optional OpenAPI type definition for this column. The 'name' format is applied
    89  // to the primary identifier column to assist in clients identifying column is the resource name.
    90  // See https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md#data-types for details.
    91  // +optional
    92  optional string format = 3;
    93
    94  // description is a human readable description of this column.
    95  // +optional
    96  optional string description = 4;
    97
    98  // priority is an integer defining the relative importance of this column compared to others. Lower
    99  // numbers are considered higher priority. Columns that may be omitted in limited space scenarios
   100  // should be given a priority greater than 0.
   101  // +optional
   102  optional int32 priority = 5;
   103
   104  // JSONPath is a simple JSON path (i.e. with array notation) which is evaluated against
   105  // each custom resource to produce the value for this column.
   106  optional string JSONPath = 6;
   107}
   108
   109// CustomResourceConversion describes how to convert different versions of a CR.
   110message CustomResourceConversion {
   111  // strategy specifies how custom resources are converted between versions. Allowed values are:
   112  // - `None`: The converter only change the apiVersion and would not touch any other field in the custom resource.
   113  // - `Webhook`: API Server will call to an external webhook to do the conversion. Additional information
   114  //   is needed for this option. This requires spec.preserveUnknownFields to be false, and spec.conversion.webhookClientConfig to be set.
   115  optional string strategy = 1;
   116
   117  // webhookClientConfig is the instructions for how to call the webhook if strategy is `Webhook`.
   118  // Required when `strategy` is set to `Webhook`.
   119  // +optional
   120  optional WebhookClientConfig webhookClientConfig = 2;
   121
   122  // conversionReviewVersions is an ordered list of preferred `ConversionReview`
   123  // versions the Webhook expects. The API server will use the first version in
   124  // the list which it supports. If none of the versions specified in this list
   125  // are supported by API server, conversion will fail for the custom resource.
   126  // If a persisted Webhook configuration specifies allowed versions and does not
   127  // include any versions known to the API Server, calls to the webhook will fail.
   128  // Defaults to `["v1beta1"]`.
   129  // +optional
   130  // +listType=atomic
   131  repeated string conversionReviewVersions = 3;
   132}
   133
   134// CustomResourceDefinition represents a resource that should be exposed on the API server.  Its name MUST be in the format
   135// <.spec.name>.<.spec.group>.
   136// Deprecated in v1.16, planned for removal in v1.22. Use apiextensions.k8s.io/v1 CustomResourceDefinition instead.
   137message CustomResourceDefinition {
   138  // Standard object's metadata
   139  // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
   140  // +optional
   141  optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1;
   142
   143  // spec describes how the user wants the resources to appear
   144  optional CustomResourceDefinitionSpec spec = 2;
   145
   146  // status indicates the actual state of the CustomResourceDefinition
   147  // +optional
   148  optional CustomResourceDefinitionStatus status = 3;
   149}
   150
   151// CustomResourceDefinitionCondition contains details for the current condition of this pod.
   152message CustomResourceDefinitionCondition {
   153  // type is the type of the condition. Types include Established, NamesAccepted and Terminating.
   154  optional string type = 1;
   155
   156  // status is the status of the condition.
   157  // Can be True, False, Unknown.
   158  optional string status = 2;
   159
   160  // lastTransitionTime last time the condition transitioned from one status to another.
   161  // +optional
   162  optional k8s.io.apimachinery.pkg.apis.meta.v1.Time lastTransitionTime = 3;
   163
   164  // reason is a unique, one-word, CamelCase reason for the condition's last transition.
   165  // +optional
   166  optional string reason = 4;
   167
   168  // message is a human-readable message indicating details about last transition.
   169  // +optional
   170  optional string message = 5;
   171}
   172
   173// CustomResourceDefinitionList is a list of CustomResourceDefinition objects.
   174message CustomResourceDefinitionList {
   175  // Standard object's metadata
   176  // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
   177  // +optional
   178  optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1;
   179
   180  // items list individual CustomResourceDefinition objects
   181  repeated CustomResourceDefinition items = 2;
   182}
   183
   184// CustomResourceDefinitionNames indicates the names to serve this CustomResourceDefinition
   185message CustomResourceDefinitionNames {
   186  // plural is the plural name of the resource to serve.
   187  // The custom resources are served under `/apis/<group>/<version>/.../<plural>`.
   188  // Must match the name of the CustomResourceDefinition (in the form `<names.plural>.<group>`).
   189  // Must be all lowercase.
   190  optional string plural = 1;
   191
   192  // singular is the singular name of the resource. It must be all lowercase. Defaults to lowercased `kind`.
   193  // +optional
   194  optional string singular = 2;
   195
   196  // shortNames are short names for the resource, exposed in API discovery documents,
   197  // and used by clients to support invocations like `kubectl get <shortname>`.
   198  // It must be all lowercase.
   199  // +optional
   200  // +listType=atomic
   201  repeated string shortNames = 3;
   202
   203  // kind is the serialized kind of the resource. It is normally CamelCase and singular.
   204  // Custom resource instances will use this value as the `kind` attribute in API calls.
   205  optional string kind = 4;
   206
   207  // listKind is the serialized kind of the list for this resource. Defaults to "`kind`List".
   208  // +optional
   209  optional string listKind = 5;
   210
   211  // categories is a list of grouped resources this custom resource belongs to (e.g. 'all').
   212  // This is published in API discovery documents, and used by clients to support invocations like
   213  // `kubectl get all`.
   214  // +optional
   215  // +listType=atomic
   216  repeated string categories = 6;
   217}
   218
   219// CustomResourceDefinitionSpec describes how a user wants their resource to appear
   220message CustomResourceDefinitionSpec {
   221  // group is the API group of the defined custom resource.
   222  // The custom resources are served under `/apis/<group>/...`.
   223  // Must match the name of the CustomResourceDefinition (in the form `<names.plural>.<group>`).
   224  optional string group = 1;
   225
   226  // version is the API version of the defined custom resource.
   227  // The custom resources are served under `/apis/<group>/<version>/...`.
   228  // Must match the name of the first item in the `versions` list if `version` and `versions` are both specified.
   229  // Optional if `versions` is specified.
   230  // Deprecated: use `versions` instead.
   231  // +optional
   232  optional string version = 2;
   233
   234  // names specify the resource and kind names for the custom resource.
   235  optional CustomResourceDefinitionNames names = 3;
   236
   237  // scope indicates whether the defined custom resource is cluster- or namespace-scoped.
   238  // Allowed values are `Cluster` and `Namespaced`. Default is `Namespaced`.
   239  optional string scope = 4;
   240
   241  // validation describes the schema used for validation and pruning of the custom resource.
   242  // If present, this validation schema is used to validate all versions.
   243  // Top-level and per-version schemas are mutually exclusive.
   244  // +optional
   245  optional CustomResourceValidation validation = 5;
   246
   247  // subresources specify what subresources the defined custom resource has.
   248  // If present, this field configures subresources for all versions.
   249  // Top-level and per-version subresources are mutually exclusive.
   250  // +optional
   251  optional CustomResourceSubresources subresources = 6;
   252
   253  // versions is the list of all API versions of the defined custom resource.
   254  // Optional if `version` is specified.
   255  // The name of the first item in the `versions` list must match the `version` field if `version` and `versions` are both specified.
   256  // Version names are used to compute the order in which served versions are listed in API discovery.
   257  // If the version string is "kube-like", it will sort above non "kube-like" version strings, which are ordered
   258  // lexicographically. "Kube-like" versions start with a "v", then are followed by a number (the major version),
   259  // then optionally the string "alpha" or "beta" and another number (the minor version). These are sorted first
   260  // by GA > beta > alpha (where GA is a version with no suffix such as beta or alpha), and then by comparing
   261  // major version, then minor version. An example sorted list of versions:
   262  // v10, v2, v1, v11beta2, v10beta3, v3beta1, v12alpha1, v11alpha2, foo1, foo10.
   263  // +optional
   264  // +listType=atomic
   265  repeated CustomResourceDefinitionVersion versions = 7;
   266
   267  // additionalPrinterColumns specifies additional columns returned in Table output.
   268  // See https://kubernetes.io/docs/reference/using-api/api-concepts/#receiving-resources-as-tables for details.
   269  // If present, this field configures columns for all versions.
   270  // Top-level and per-version columns are mutually exclusive.
   271  // If no top-level or per-version columns are specified, a single column displaying the age of the custom resource is used.
   272  // +optional
   273  // +listType=atomic
   274  repeated CustomResourceColumnDefinition additionalPrinterColumns = 8;
   275
   276  // selectableFields specifies paths to fields that may be used as field selectors.
   277  // See https://kubernetes.io/docs/concepts/overview/working-with-objects/field-selectors
   278  //
   279  // +featureGate=CustomResourceFieldSelectors
   280  // +optional
   281  // +listType=atomic
   282  repeated SelectableField selectableFields = 11;
   283
   284  // conversion defines conversion settings for the CRD.
   285  // +optional
   286  optional CustomResourceConversion conversion = 9;
   287
   288  // preserveUnknownFields indicates that object fields which are not specified
   289  // in the OpenAPI schema should be preserved when persisting to storage.
   290  // apiVersion, kind, metadata and known fields inside metadata are always preserved.
   291  // If false, schemas must be defined for all versions.
   292  // Defaults to true in v1beta for backwards compatibility.
   293  // Deprecated: will be required to be false in v1. Preservation of unknown fields can be specified
   294  // in the validation schema using the `x-kubernetes-preserve-unknown-fields: true` extension.
   295  // See https://kubernetes.io/docs/tasks/extend-kubernetes/custom-resources/custom-resource-definitions/#field-pruning for details.
   296  // +optional
   297  optional bool preserveUnknownFields = 10;
   298}
   299
   300// CustomResourceDefinitionStatus indicates the state of the CustomResourceDefinition
   301message CustomResourceDefinitionStatus {
   302  // conditions indicate state for particular aspects of a CustomResourceDefinition
   303  // +optional
   304  // +listType=map
   305  // +listMapKey=type
   306  repeated CustomResourceDefinitionCondition conditions = 1;
   307
   308  // acceptedNames are the names that are actually being used to serve discovery.
   309  // They may be different than the names in spec.
   310  // +optional
   311  optional CustomResourceDefinitionNames acceptedNames = 2;
   312
   313  // storedVersions lists all versions of CustomResources that were ever persisted. Tracking these
   314  // versions allows a migration path for stored versions in etcd. The field is mutable
   315  // so a migration controller can finish a migration to another version (ensuring
   316  // no old objects are left in storage), and then remove the rest of the
   317  // versions from this list.
   318  // Versions may not be removed from `spec.versions` while they exist in this list.
   319  // +optional
   320  // +listType=atomic
   321  repeated string storedVersions = 3;
   322}
   323
   324// CustomResourceDefinitionVersion describes a version for CRD.
   325message CustomResourceDefinitionVersion {
   326  // name is the version name, e.g. “v1”, “v2beta1”, etc.
   327  // The custom resources are served under this version at `/apis/<group>/<version>/...` if `served` is true.
   328  optional string name = 1;
   329
   330  // served is a flag enabling/disabling this version from being served via REST APIs
   331  optional bool served = 2;
   332
   333  // storage indicates this version should be used when persisting custom resources to storage.
   334  // There must be exactly one version with storage=true.
   335  optional bool storage = 3;
   336
   337  // deprecated indicates this version of the custom resource API is deprecated.
   338  // When set to true, API requests to this version receive a warning header in the server response.
   339  // Defaults to false.
   340  // +optional
   341  optional bool deprecated = 7;
   342
   343  // deprecationWarning overrides the default warning returned to API clients.
   344  // May only be set when `deprecated` is true.
   345  // The default warning indicates this version is deprecated and recommends use
   346  // of the newest served version of equal or greater stability, if one exists.
   347  // +optional
   348  optional string deprecationWarning = 8;
   349
   350  // schema describes the schema used for validation and pruning of this version of the custom resource.
   351  // Top-level and per-version schemas are mutually exclusive.
   352  // Per-version schemas must not all be set to identical values (top-level validation schema should be used instead).
   353  // +optional
   354  optional CustomResourceValidation schema = 4;
   355
   356  // subresources specify what subresources this version of the defined custom resource have.
   357  // Top-level and per-version subresources are mutually exclusive.
   358  // Per-version subresources must not all be set to identical values (top-level subresources should be used instead).
   359  // +optional
   360  optional CustomResourceSubresources subresources = 5;
   361
   362  // additionalPrinterColumns specifies additional columns returned in Table output.
   363  // See https://kubernetes.io/docs/reference/using-api/api-concepts/#receiving-resources-as-tables for details.
   364  // Top-level and per-version columns are mutually exclusive.
   365  // Per-version columns must not all be set to identical values (top-level columns should be used instead).
   366  // If no top-level or per-version columns are specified, a single column displaying the age of the custom resource is used.
   367  // +optional
   368  // +listType=atomic
   369  repeated CustomResourceColumnDefinition additionalPrinterColumns = 6;
   370
   371  // selectableFields specifies paths to fields that may be used as field selectors.
   372  // See https://kubernetes.io/docs/concepts/overview/working-with-objects/field-selectors
   373  //
   374  // +featureGate=CustomResourceFieldSelectors
   375  // +optional
   376  // +listType=atomic
   377  repeated SelectableField selectableFields = 9;
   378}
   379
   380// CustomResourceSubresourceScale defines how to serve the scale subresource for CustomResources.
   381message CustomResourceSubresourceScale {
   382  // specReplicasPath defines the JSON path inside of a custom resource that corresponds to Scale `spec.replicas`.
   383  // Only JSON paths without the array notation are allowed.
   384  // Must be a JSON Path under `.spec`.
   385  // If there is no value under the given path in the custom resource, the `/scale` subresource will return an error on GET.
   386  optional string specReplicasPath = 1;
   387
   388  // statusReplicasPath defines the JSON path inside of a custom resource that corresponds to Scale `status.replicas`.
   389  // Only JSON paths without the array notation are allowed.
   390  // Must be a JSON Path under `.status`.
   391  // If there is no value under the given path in the custom resource, the `status.replicas` value in the `/scale` subresource
   392  // will default to 0.
   393  optional string statusReplicasPath = 2;
   394
   395  // labelSelectorPath defines the JSON path inside of a custom resource that corresponds to Scale `status.selector`.
   396  // Only JSON paths without the array notation are allowed.
   397  // Must be a JSON Path under `.status` or `.spec`.
   398  // Must be set to work with HorizontalPodAutoscaler.
   399  // The field pointed by this JSON path must be a string field (not a complex selector struct)
   400  // which contains a serialized label selector in string form.
   401  // More info: https://kubernetes.io/docs/tasks/access-kubernetes-api/custom-resources/custom-resource-definitions#scale-subresource
   402  // If there is no value under the given path in the custom resource, the `status.selector` value in the `/scale`
   403  // subresource will default to the empty string.
   404  // +optional
   405  optional string labelSelectorPath = 3;
   406}
   407
   408// CustomResourceSubresourceStatus defines how to serve the status subresource for CustomResources.
   409// Status is represented by the `.status` JSON path inside of a CustomResource. When set,
   410// * exposes a /status subresource for the custom resource
   411// * PUT requests to the /status subresource take a custom resource object, and ignore changes to anything except the status stanza
   412// * PUT/POST/PATCH requests to the custom resource ignore changes to the status stanza
   413message CustomResourceSubresourceStatus {
   414}
   415
   416// CustomResourceSubresources defines the status and scale subresources for CustomResources.
   417message CustomResourceSubresources {
   418  // status indicates the custom resource should serve a `/status` subresource.
   419  // When enabled:
   420  // 1. requests to the custom resource primary endpoint ignore changes to the `status` stanza of the object.
   421  // 2. requests to the custom resource `/status` subresource ignore changes to anything other than the `status` stanza of the object.
   422  // +optional
   423  optional CustomResourceSubresourceStatus status = 1;
   424
   425  // scale indicates the custom resource should serve a `/scale` subresource that returns an `autoscaling/v1` Scale object.
   426  // +optional
   427  optional CustomResourceSubresourceScale scale = 2;
   428}
   429
   430// CustomResourceValidation is a list of validation methods for CustomResources.
   431message CustomResourceValidation {
   432  // openAPIV3Schema is the OpenAPI v3 schema to use for validation and pruning.
   433  // +optional
   434  optional JSONSchemaProps openAPIV3Schema = 1;
   435}
   436
   437// ExternalDocumentation allows referencing an external resource for extended documentation.
   438message ExternalDocumentation {
   439  optional string description = 1;
   440
   441  optional string url = 2;
   442}
   443
   444// JSON represents any valid JSON value.
   445// These types are supported: bool, int64, float64, string, []interface{}, map[string]interface{} and nil.
   446message JSON {
   447  optional bytes raw = 1;
   448}
   449
   450// JSONSchemaProps is a JSON-Schema following Specification Draft 4 (http://json-schema.org/).
   451message JSONSchemaProps {
   452  optional string id = 1;
   453
   454  optional string schema = 2;
   455
   456  optional string ref = 3;
   457
   458  optional string description = 4;
   459
   460  optional string type = 5;
   461
   462  // format is an OpenAPI v3 format string. Unknown formats are ignored. The following formats are validated:
   463  //
   464  // - bsonobjectid: a bson object ID, i.e. a 24 characters hex string
   465  // - uri: an URI as parsed by Golang net/url.ParseRequestURI
   466  // - email: an email address as parsed by Golang net/mail.ParseAddress
   467  // - hostname: a valid representation for an Internet host name, as defined by RFC 1034, section 3.1 [RFC1034].
   468  // - ipv4: an IPv4 IP as parsed by Golang net.ParseIP
   469  // - ipv6: an IPv6 IP as parsed by Golang net.ParseIP
   470  // - cidr: a CIDR as parsed by Golang net.ParseCIDR
   471  // - mac: a MAC address as parsed by Golang net.ParseMAC
   472  // - uuid: an UUID that allows uppercase defined by the regex (?i)^[0-9a-f]{8}-?[0-9a-f]{4}-?[0-9a-f]{4}-?[0-9a-f]{4}-?[0-9a-f]{12}$
   473  // - uuid3: an UUID3 that allows uppercase defined by the regex (?i)^[0-9a-f]{8}-?[0-9a-f]{4}-?3[0-9a-f]{3}-?[0-9a-f]{4}-?[0-9a-f]{12}$
   474  // - uuid4: an UUID4 that allows uppercase defined by the regex (?i)^[0-9a-f]{8}-?[0-9a-f]{4}-?4[0-9a-f]{3}-?[89ab][0-9a-f]{3}-?[0-9a-f]{12}$
   475  // - uuid5: an UUID5 that allows uppercase defined by the regex (?i)^[0-9a-f]{8}-?[0-9a-f]{4}-?5[0-9a-f]{3}-?[89ab][0-9a-f]{3}-?[0-9a-f]{12}$
   476  // - isbn: an ISBN10 or ISBN13 number string like "0321751043" or "978-0321751041"
   477  // - isbn10: an ISBN10 number string like "0321751043"
   478  // - isbn13: an ISBN13 number string like "978-0321751041"
   479  // - creditcard: a credit card number defined by the regex ^(?:4[0-9]{12}(?:[0-9]{3})?|5[1-5][0-9]{14}|6(?:011|5[0-9][0-9])[0-9]{12}|3[47][0-9]{13}|3(?:0[0-5]|[68][0-9])[0-9]{11}|(?:2131|1800|35\\d{3})\\d{11})$ with any non digit characters mixed in
   480  // - ssn: a U.S. social security number following the regex ^\\d{3}[- ]?\\d{2}[- ]?\\d{4}$
   481  // - hexcolor: an hexadecimal color code like "#FFFFFF: following the regex ^#?([0-9a-fA-F]{3}|[0-9a-fA-F]{6})$
   482  // - rgbcolor: an RGB color code like rgb like "rgb(255,255,2559"
   483  // - byte: base64 encoded binary data
   484  // - password: any kind of string
   485  // - date: a date string like "2006-01-02" as defined by full-date in RFC3339
   486  // - duration: a duration string like "22 ns" as parsed by Golang time.ParseDuration or compatible with Scala duration format
   487  // - datetime: a date time string like "2014-12-15T19:30:20.000Z" as defined by date-time in RFC3339.
   488  optional string format = 6;
   489
   490  optional string title = 7;
   491
   492  // default is a default value for undefined object fields.
   493  // Defaulting is a beta feature under the CustomResourceDefaulting feature gate.
   494  // CustomResourceDefinitions with defaults must be created using the v1 (or newer) CustomResourceDefinition API.
   495  optional JSON default = 8;
   496
   497  optional double maximum = 9;
   498
   499  optional bool exclusiveMaximum = 10;
   500
   501  optional double minimum = 11;
   502
   503  optional bool exclusiveMinimum = 12;
   504
   505  optional int64 maxLength = 13;
   506
   507  optional int64 minLength = 14;
   508
   509  optional string pattern = 15;
   510
   511  optional int64 maxItems = 16;
   512
   513  optional int64 minItems = 17;
   514
   515  optional bool uniqueItems = 18;
   516
   517  optional double multipleOf = 19;
   518
   519  // +listType=atomic
   520  repeated JSON enum = 20;
   521
   522  optional int64 maxProperties = 21;
   523
   524  optional int64 minProperties = 22;
   525
   526  // +listType=atomic
   527  repeated string required = 23;
   528
   529  optional JSONSchemaPropsOrArray items = 24;
   530
   531  // +listType=atomic
   532  repeated JSONSchemaProps allOf = 25;
   533
   534  // +listType=atomic
   535  repeated JSONSchemaProps oneOf = 26;
   536
   537  // +listType=atomic
   538  repeated JSONSchemaProps anyOf = 27;
   539
   540  optional JSONSchemaProps not = 28;
   541
   542  map<string, JSONSchemaProps> properties = 29;
   543
   544  optional JSONSchemaPropsOrBool additionalProperties = 30;
   545
   546  map<string, JSONSchemaProps> patternProperties = 31;
   547
   548  map<string, JSONSchemaPropsOrStringArray> dependencies = 32;
   549
   550  optional JSONSchemaPropsOrBool additionalItems = 33;
   551
   552  map<string, JSONSchemaProps> definitions = 34;
   553
   554  optional ExternalDocumentation externalDocs = 35;
   555
   556  optional JSON example = 36;
   557
   558  optional bool nullable = 37;
   559
   560  // x-kubernetes-preserve-unknown-fields stops the API server
   561  // decoding step from pruning fields which are not specified
   562  // in the validation schema. This affects fields recursively,
   563  // but switches back to normal pruning behaviour if nested
   564  // properties or additionalProperties are specified in the schema.
   565  // This can either be true or undefined. False is forbidden.
   566  optional bool xKubernetesPreserveUnknownFields = 38;
   567
   568  // x-kubernetes-embedded-resource defines that the value is an
   569  // embedded Kubernetes runtime.Object, with TypeMeta and
   570  // ObjectMeta. The type must be object. It is allowed to further
   571  // restrict the embedded object. kind, apiVersion and metadata
   572  // are validated automatically. x-kubernetes-preserve-unknown-fields
   573  // is allowed to be true, but does not have to be if the object
   574  // is fully specified (up to kind, apiVersion, metadata).
   575  optional bool xKubernetesEmbeddedResource = 39;
   576
   577  // x-kubernetes-int-or-string specifies that this value is
   578  // either an integer or a string. If this is true, an empty
   579  // type is allowed and type as child of anyOf is permitted
   580  // if following one of the following patterns:
   581  //
   582  // 1) anyOf:
   583  //    - type: integer
   584  //    - type: string
   585  // 2) allOf:
   586  //    - anyOf:
   587  //      - type: integer
   588  //      - type: string
   589  //    - ... zero or more
   590  optional bool xKubernetesIntOrString = 40;
   591
   592  // x-kubernetes-list-map-keys annotates an array with the x-kubernetes-list-type `map` by specifying the keys used
   593  // as the index of the map.
   594  //
   595  // This tag MUST only be used on lists that have the "x-kubernetes-list-type"
   596  // extension set to "map". Also, the values specified for this attribute must
   597  // be a scalar typed field of the child structure (no nesting is supported).
   598  //
   599  // The properties specified must either be required or have a default value,
   600  // to ensure those properties are present for all list items.
   601  //
   602  // +optional
   603  // +listType=atomic
   604  repeated string xKubernetesListMapKeys = 41;
   605
   606  // x-kubernetes-list-type annotates an array to further describe its topology.
   607  // This extension must only be used on lists and may have 3 possible values:
   608  //
   609  // 1) `atomic`: the list is treated as a single entity, like a scalar.
   610  //      Atomic lists will be entirely replaced when updated. This extension
   611  //      may be used on any type of list (struct, scalar, ...).
   612  // 2) `set`:
   613  //      Sets are lists that must not have multiple items with the same value. Each
   614  //      value must be a scalar, an object with x-kubernetes-map-type `atomic` or an
   615  //      array with x-kubernetes-list-type `atomic`.
   616  // 3) `map`:
   617  //      These lists are like maps in that their elements have a non-index key
   618  //      used to identify them. Order is preserved upon merge. The map tag
   619  //      must only be used on a list with elements of type object.
   620  // Defaults to atomic for arrays.
   621  // +optional
   622  optional string xKubernetesListType = 42;
   623
   624  // x-kubernetes-map-type annotates an object to further describe its topology.
   625  // This extension must only be used when type is object and may have 2 possible values:
   626  //
   627  // 1) `granular`:
   628  //      These maps are actual maps (key-value pairs) and each fields are independent
   629  //      from each other (they can each be manipulated by separate actors). This is
   630  //      the default behaviour for all maps.
   631  // 2) `atomic`: the list is treated as a single entity, like a scalar.
   632  //      Atomic maps will be entirely replaced when updated.
   633  // +optional
   634  optional string xKubernetesMapType = 43;
   635
   636  // x-kubernetes-validations describes a list of validation rules written in the CEL expression language.
   637  // This field is an alpha-level. Using this field requires the feature gate `CustomResourceValidationExpressions` to be enabled.
   638  // +patchMergeKey=rule
   639  // +patchStrategy=merge
   640  // +listType=map
   641  // +listMapKey=rule
   642  repeated ValidationRule xKubernetesValidations = 44;
   643}
   644
   645// JSONSchemaPropsOrArray represents a value that can either be a JSONSchemaProps
   646// or an array of JSONSchemaProps. Mainly here for serialization purposes.
   647message JSONSchemaPropsOrArray {
   648  optional JSONSchemaProps schema = 1;
   649
   650  // +listType=atomic
   651  repeated JSONSchemaProps jSONSchemas = 2;
   652}
   653
   654// JSONSchemaPropsOrBool represents JSONSchemaProps or a boolean value.
   655// Defaults to true for the boolean property.
   656message JSONSchemaPropsOrBool {
   657  optional bool allows = 1;
   658
   659  optional JSONSchemaProps schema = 2;
   660}
   661
   662// JSONSchemaPropsOrStringArray represents a JSONSchemaProps or a string array.
   663message JSONSchemaPropsOrStringArray {
   664  optional JSONSchemaProps schema = 1;
   665
   666  // +listType=atomic
   667  repeated string property = 2;
   668}
   669
   670// SelectableField specifies the JSON path of a field that may be used with field selectors.
   671message SelectableField {
   672  // jsonPath is a simple JSON path which is evaluated against each custom resource to produce a
   673  // field selector value.
   674  // Only JSON paths without the array notation are allowed.
   675  // Must point to a field of type string, boolean or integer. Types with enum values
   676  // and strings with formats are allowed.
   677  // If jsonPath refers to absent field in a resource, the jsonPath evaluates to an empty string.
   678  // Must not point to metdata fields.
   679  // Required.
   680  optional string jsonPath = 1;
   681}
   682
   683// ServiceReference holds a reference to Service.legacy.k8s.io
   684message ServiceReference {
   685  // namespace is the namespace of the service.
   686  // Required
   687  optional string namespace = 1;
   688
   689  // name is the name of the service.
   690  // Required
   691  optional string name = 2;
   692
   693  // path is an optional URL path at which the webhook will be contacted.
   694  // +optional
   695  optional string path = 3;
   696
   697  // port is an optional service port at which the webhook will be contacted.
   698  // `port` should be a valid port number (1-65535, inclusive).
   699  // Defaults to 443 for backward compatibility.
   700  // +optional
   701  optional int32 port = 4;
   702}
   703
   704// ValidationRule describes a validation rule written in the CEL expression language.
   705message ValidationRule {
   706  // Rule represents the expression which will be evaluated by CEL.
   707  // ref: https://github.com/google/cel-spec
   708  // The Rule is scoped to the location of the x-kubernetes-validations extension in the schema.
   709  // The `self` variable in the CEL expression is bound to the scoped value.
   710  // Example:
   711  // - Rule scoped to the root of a resource with a status subresource: {"rule": "self.status.actual <= self.spec.maxDesired"}
   712  //
   713  // If the Rule is scoped to an object with properties, the accessible properties of the object are field selectable
   714  // via `self.field` and field presence can be checked via `has(self.field)`. Null valued fields are treated as
   715  // absent fields in CEL expressions.
   716  // If the Rule is scoped to an object with additionalProperties (i.e. a map) the value of the map
   717  // are accessible via `self[mapKey]`, map containment can be checked via `mapKey in self` and all entries of the map
   718  // are accessible via CEL macros and functions such as `self.all(...)`.
   719  // If the Rule is scoped to an array, the elements of the array are accessible via `self[i]` and also by macros and
   720  // functions.
   721  // If the Rule is scoped to a scalar, `self` is bound to the scalar value.
   722  // Examples:
   723  // - Rule scoped to a map of objects: {"rule": "self.components['Widget'].priority < 10"}
   724  // - Rule scoped to a list of integers: {"rule": "self.values.all(value, value >= 0 && value < 100)"}
   725  // - Rule scoped to a string value: {"rule": "self.startsWith('kube')"}
   726  //
   727  // The `apiVersion`, `kind`, `metadata.name` and `metadata.generateName` are always accessible from the root of the
   728  // object and from any x-kubernetes-embedded-resource annotated objects. No other metadata properties are accessible.
   729  //
   730  // Unknown data preserved in custom resources via x-kubernetes-preserve-unknown-fields is not accessible in CEL
   731  // expressions. This includes:
   732  // - Unknown field values that are preserved by object schemas with x-kubernetes-preserve-unknown-fields.
   733  // - Object properties where the property schema is of an "unknown type". An "unknown type" is recursively defined as:
   734  //   - A schema with no type and x-kubernetes-preserve-unknown-fields set to true
   735  //   - An array where the items schema is of an "unknown type"
   736  //   - An object where the additionalProperties schema is of an "unknown type"
   737  //
   738  // Only property names of the form `[a-zA-Z_.-/][a-zA-Z0-9_.-/]*` are accessible.
   739  // Accessible property names are escaped according to the following rules when accessed in the expression:
   740  // - '__' escapes to '__underscores__'
   741  // - '.' escapes to '__dot__'
   742  // - '-' escapes to '__dash__'
   743  // - '/' escapes to '__slash__'
   744  // - Property names that exactly match a CEL RESERVED keyword escape to '__{keyword}__'. The keywords are:
   745  // 	  "true", "false", "null", "in", "as", "break", "const", "continue", "else", "for", "function", "if",
   746  // 	  "import", "let", "loop", "package", "namespace", "return".
   747  // Examples:
   748  //   - Rule accessing a property named "namespace": {"rule": "self.__namespace__ > 0"}
   749  //   - Rule accessing a property named "x-prop": {"rule": "self.x__dash__prop > 0"}
   750  //   - Rule accessing a property named "redact__d": {"rule": "self.redact__underscores__d > 0"}
   751  //
   752  // Equality on arrays with x-kubernetes-list-type of 'set' or 'map' ignores element order, i.e. [1, 2] == [2, 1].
   753  // Concatenation on arrays with x-kubernetes-list-type use the semantics of the list type:
   754  //   - 'set': `X + Y` performs a union where the array positions of all elements in `X` are preserved and
   755  //     non-intersecting elements in `Y` are appended, retaining their partial order.
   756  //   - 'map': `X + Y` performs a merge where the array positions of all keys in `X` are preserved but the values
   757  //     are overwritten by values in `Y` when the key sets of `X` and `Y` intersect. Elements in `Y` with
   758  //     non-intersecting keys are appended, retaining their partial order.
   759  //
   760  // If `rule` makes use of the `oldSelf` variable it is implicitly a
   761  // `transition rule`.
   762  //
   763  // By default, the `oldSelf` variable is the same type as `self`.
   764  // When `optionalOldSelf` is true, the `oldSelf` variable is a CEL optional
   765  //  variable whose value() is the same type as `self`.
   766  // See the documentation for the `optionalOldSelf` field for details.
   767  //
   768  // Transition rules by default are applied only on UPDATE requests and are
   769  // skipped if an old value could not be found. You can opt a transition
   770  // rule into unconditional evaluation by setting `optionalOldSelf` to true.
   771  optional string rule = 1;
   772
   773  // Message represents the message displayed when validation fails. The message is required if the Rule contains
   774  // line breaks. The message must not contain line breaks.
   775  // If unset, the message is "failed rule: {Rule}".
   776  // e.g. "must be a URL with the host matching spec.host"
   777  optional string message = 2;
   778
   779  // MessageExpression declares a CEL expression that evaluates to the validation failure message that is returned when this rule fails.
   780  // Since messageExpression is used as a failure message, it must evaluate to a string.
   781  // If both message and messageExpression are present on a rule, then messageExpression will be used if validation
   782  // fails. If messageExpression results in a runtime error, the runtime error is logged, and the validation failure message is produced
   783  // as if the messageExpression field were unset. If messageExpression evaluates to an empty string, a string with only spaces, or a string
   784  // that contains line breaks, then the validation failure message will also be produced as if the messageExpression field were unset, and
   785  // the fact that messageExpression produced an empty string/string with only spaces/string with line breaks will be logged.
   786  // messageExpression has access to all the same variables as the rule; the only difference is the return type.
   787  // Example:
   788  // "x must be less than max ("+string(self.max)+")"
   789  // +optional
   790  optional string messageExpression = 3;
   791
   792  // reason provides a machine-readable validation failure reason that is returned to the caller when a request fails this validation rule.
   793  // The HTTP status code returned to the caller will match the reason of the reason of the first failed validation rule.
   794  // The currently supported reasons are: "FieldValueInvalid", "FieldValueForbidden", "FieldValueRequired", "FieldValueDuplicate".
   795  // If not set, default to use "FieldValueInvalid".
   796  // All future added reasons must be accepted by clients when reading this value and unknown reasons should be treated as FieldValueInvalid.
   797  // +optional
   798  optional string reason = 4;
   799
   800  // fieldPath represents the field path returned when the validation fails.
   801  // It must be a relative JSON path (i.e. with array notation) scoped to the location of this x-kubernetes-validations extension in the schema and refer to an existing field.
   802  // e.g. when validation checks if a specific attribute `foo` under a map `testMap`, the fieldPath could be set to `.testMap.foo`
   803  // If the validation checks two lists must have unique attributes, the fieldPath could be set to either of the list: e.g. `.testList`
   804  // It does not support list numeric index.
   805  // It supports child operation to refer to an existing field currently. Refer to [JSONPath support in Kubernetes](https://kubernetes.io/docs/reference/kubectl/jsonpath/) for more info.
   806  // Numeric index of array is not supported.
   807  // For field name which contains special characters, use `['specialName']` to refer the field name.
   808  // e.g. for attribute `foo.34$` appears in a list `testList`, the fieldPath could be set to `.testList['foo.34$']`
   809  // +optional
   810  optional string fieldPath = 5;
   811
   812  // optionalOldSelf is used to opt a transition rule into evaluation
   813  // even when the object is first created, or if the old object is
   814  // missing the value.
   815  //
   816  // When enabled `oldSelf` will be a CEL optional whose value will be
   817  // `None` if there is no old value, or when the object is initially created.
   818  //
   819  // You may check for presence of oldSelf using `oldSelf.hasValue()` and
   820  // unwrap it after checking using `oldSelf.value()`. Check the CEL
   821  // documentation for Optional types for more information:
   822  // https://pkg.go.dev/github.com/google/cel-go/cel#OptionalTypes
   823  //
   824  // May not be set unless `oldSelf` is used in `rule`.
   825  //
   826  // +featureGate=CRDValidationRatcheting
   827  // +optional
   828  optional bool optionalOldSelf = 6;
   829}
   830
   831// WebhookClientConfig contains the information to make a TLS connection with the webhook.
   832message WebhookClientConfig {
   833  // url gives the location of the webhook, in standard URL form
   834  // (`scheme://host:port/path`). Exactly one of `url` or `service`
   835  // must be specified.
   836  //
   837  // The `host` should not refer to a service running in the cluster; use
   838  // the `service` field instead. The host might be resolved via external
   839  // DNS in some apiservers (e.g., `kube-apiserver` cannot resolve
   840  // in-cluster DNS as that would be a layering violation). `host` may
   841  // also be an IP address.
   842  //
   843  // Please note that using `localhost` or `127.0.0.1` as a `host` is
   844  // risky unless you take great care to run this webhook on all hosts
   845  // which run an apiserver which might need to make calls to this
   846  // webhook. Such installs are likely to be non-portable, i.e., not easy
   847  // to turn up in a new cluster.
   848  //
   849  // The scheme must be "https"; the URL must begin with "https://".
   850  //
   851  // A path is optional, and if present may be any string permissible in
   852  // a URL. You may use the path to pass an arbitrary string to the
   853  // webhook, for example, a cluster identifier.
   854  //
   855  // Attempting to use a user or basic auth e.g. "user:password@" is not
   856  // allowed. Fragments ("#...") and query parameters ("?...") are not
   857  // allowed, either.
   858  //
   859  // +optional
   860  optional string url = 3;
   861
   862  // service is a reference to the service for this webhook. Either
   863  // service or url must be specified.
   864  //
   865  // If the webhook is running within the cluster, then you should use `service`.
   866  //
   867  // +optional
   868  optional ServiceReference service = 1;
   869
   870  // caBundle is a PEM encoded CA bundle which will be used to validate the webhook's server certificate.
   871  // If unspecified, system trust roots on the apiserver are used.
   872  // +optional
   873  optional bytes caBundle = 2;
   874}
   875

View as plain text