Matthias Andreas Benkard | 832a54e | 2019-01-29 09:27:38 +0100 | [diff] [blame] | 1 | /* |
| 2 | Copyright 2015 The Kubernetes Authors. |
| 3 | |
| 4 | Licensed under the Apache License, Version 2.0 (the "License"); |
| 5 | you may not use this file except in compliance with the License. |
| 6 | You may obtain a copy of the License at |
| 7 | |
| 8 | http://www.apache.org/licenses/LICENSE-2.0 |
| 9 | |
| 10 | Unless required by applicable law or agreed to in writing, software |
| 11 | distributed under the License is distributed on an "AS IS" BASIS, |
| 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 13 | See the License for the specific language governing permissions and |
| 14 | limitations under the License. |
| 15 | */ |
| 16 | |
| 17 | package v1beta1 |
| 18 | |
| 19 | import ( |
| 20 | appsv1beta1 "k8s.io/api/apps/v1beta1" |
| 21 | "k8s.io/api/core/v1" |
| 22 | "k8s.io/apimachinery/pkg/api/resource" |
| 23 | metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" |
| 24 | "k8s.io/apimachinery/pkg/util/intstr" |
| 25 | ) |
| 26 | |
| 27 | // describes the attributes of a scale subresource |
| 28 | type ScaleSpec struct { |
| 29 | // desired number of instances for the scaled object. |
| 30 | // +optional |
| 31 | Replicas int32 `json:"replicas,omitempty" protobuf:"varint,1,opt,name=replicas"` |
| 32 | } |
| 33 | |
| 34 | // represents the current status of a scale subresource. |
| 35 | type ScaleStatus struct { |
| 36 | // actual number of observed instances of the scaled object. |
| 37 | Replicas int32 `json:"replicas" protobuf:"varint,1,opt,name=replicas"` |
| 38 | |
| 39 | // label query over pods that should match the replicas count. More info: http://kubernetes.io/docs/user-guide/labels#label-selectors |
| 40 | // +optional |
| 41 | Selector map[string]string `json:"selector,omitempty" protobuf:"bytes,2,rep,name=selector"` |
| 42 | |
| 43 | // label selector for pods that should match the replicas count. This is a serializated |
| 44 | // version of both map-based and more expressive set-based selectors. This is done to |
| 45 | // avoid introspection in the clients. The string will be in the same format as the |
| 46 | // query-param syntax. If the target type only supports map-based selectors, both this |
| 47 | // field and map-based selector field are populated. |
| 48 | // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors |
| 49 | // +optional |
| 50 | TargetSelector string `json:"targetSelector,omitempty" protobuf:"bytes,3,opt,name=targetSelector"` |
| 51 | } |
| 52 | |
| 53 | // +genclient |
| 54 | // +genclient:noVerbs |
| 55 | // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object |
| 56 | |
| 57 | // represents a scaling request for a resource. |
| 58 | type Scale struct { |
| 59 | metav1.TypeMeta `json:",inline"` |
| 60 | // Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata. |
| 61 | // +optional |
| 62 | metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` |
| 63 | |
| 64 | // defines the behavior of the scale. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#spec-and-status. |
| 65 | // +optional |
| 66 | Spec ScaleSpec `json:"spec,omitempty" protobuf:"bytes,2,opt,name=spec"` |
| 67 | |
| 68 | // current status of the scale. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#spec-and-status. Read-only. |
| 69 | // +optional |
| 70 | Status ScaleStatus `json:"status,omitempty" protobuf:"bytes,3,opt,name=status"` |
| 71 | } |
| 72 | |
| 73 | // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object |
| 74 | |
| 75 | // Dummy definition |
| 76 | type ReplicationControllerDummy struct { |
| 77 | metav1.TypeMeta `json:",inline"` |
| 78 | } |
| 79 | |
| 80 | // Alpha-level support for Custom Metrics in HPA (as annotations). |
| 81 | type CustomMetricTarget struct { |
| 82 | // Custom Metric name. |
| 83 | Name string `json:"name" protobuf:"bytes,1,opt,name=name"` |
| 84 | // Custom Metric value (average). |
| 85 | TargetValue resource.Quantity `json:"value" protobuf:"bytes,2,opt,name=value"` |
| 86 | } |
| 87 | |
| 88 | type CustomMetricTargetList struct { |
| 89 | Items []CustomMetricTarget `json:"items" protobuf:"bytes,1,rep,name=items"` |
| 90 | } |
| 91 | |
| 92 | type CustomMetricCurrentStatus struct { |
| 93 | // Custom Metric name. |
| 94 | Name string `json:"name" protobuf:"bytes,1,opt,name=name"` |
| 95 | // Custom Metric value (average). |
| 96 | CurrentValue resource.Quantity `json:"value" protobuf:"bytes,2,opt,name=value"` |
| 97 | } |
| 98 | |
| 99 | type CustomMetricCurrentStatusList struct { |
| 100 | Items []CustomMetricCurrentStatus `json:"items" protobuf:"bytes,1,rep,name=items"` |
| 101 | } |
| 102 | |
| 103 | // +genclient |
| 104 | // +genclient:method=GetScale,verb=get,subresource=scale,result=Scale |
| 105 | // +genclient:method=UpdateScale,verb=update,subresource=scale,input=Scale,result=Scale |
| 106 | // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object |
| 107 | |
| 108 | // DEPRECATED - This group version of Deployment is deprecated by apps/v1beta2/Deployment. See the release notes for |
| 109 | // more information. |
| 110 | // Deployment enables declarative updates for Pods and ReplicaSets. |
| 111 | type Deployment struct { |
| 112 | metav1.TypeMeta `json:",inline"` |
| 113 | // Standard object metadata. |
| 114 | // +optional |
| 115 | metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` |
| 116 | |
| 117 | // Specification of the desired behavior of the Deployment. |
| 118 | // +optional |
| 119 | Spec DeploymentSpec `json:"spec,omitempty" protobuf:"bytes,2,opt,name=spec"` |
| 120 | |
| 121 | // Most recently observed status of the Deployment. |
| 122 | // +optional |
| 123 | Status DeploymentStatus `json:"status,omitempty" protobuf:"bytes,3,opt,name=status"` |
| 124 | } |
| 125 | |
| 126 | // DeploymentSpec is the specification of the desired behavior of the Deployment. |
| 127 | type DeploymentSpec struct { |
| 128 | // Number of desired pods. This is a pointer to distinguish between explicit |
| 129 | // zero and not specified. Defaults to 1. |
| 130 | // +optional |
| 131 | Replicas *int32 `json:"replicas,omitempty" protobuf:"varint,1,opt,name=replicas"` |
| 132 | |
| 133 | // Label selector for pods. Existing ReplicaSets whose pods are |
| 134 | // selected by this will be the ones affected by this deployment. |
| 135 | // +optional |
| 136 | Selector *metav1.LabelSelector `json:"selector,omitempty" protobuf:"bytes,2,opt,name=selector"` |
| 137 | |
| 138 | // Template describes the pods that will be created. |
| 139 | Template v1.PodTemplateSpec `json:"template" protobuf:"bytes,3,opt,name=template"` |
| 140 | |
| 141 | // The deployment strategy to use to replace existing pods with new ones. |
| 142 | // +optional |
| 143 | // +patchStrategy=retainKeys |
| 144 | Strategy DeploymentStrategy `json:"strategy,omitempty" patchStrategy:"retainKeys" protobuf:"bytes,4,opt,name=strategy"` |
| 145 | |
| 146 | // Minimum number of seconds for which a newly created pod should be ready |
| 147 | // without any of its container crashing, for it to be considered available. |
| 148 | // Defaults to 0 (pod will be considered available as soon as it is ready) |
| 149 | // +optional |
| 150 | MinReadySeconds int32 `json:"minReadySeconds,omitempty" protobuf:"varint,5,opt,name=minReadySeconds"` |
| 151 | |
| 152 | // The number of old ReplicaSets to retain to allow rollback. |
| 153 | // This is a pointer to distinguish between explicit zero and not specified. |
| 154 | // +optional |
| 155 | RevisionHistoryLimit *int32 `json:"revisionHistoryLimit,omitempty" protobuf:"varint,6,opt,name=revisionHistoryLimit"` |
| 156 | |
| 157 | // Indicates that the deployment is paused and will not be processed by the |
| 158 | // deployment controller. |
| 159 | // +optional |
| 160 | Paused bool `json:"paused,omitempty" protobuf:"varint,7,opt,name=paused"` |
| 161 | |
| 162 | // DEPRECATED. |
| 163 | // The config this deployment is rolling back to. Will be cleared after rollback is done. |
| 164 | // +optional |
| 165 | RollbackTo *RollbackConfig `json:"rollbackTo,omitempty" protobuf:"bytes,8,opt,name=rollbackTo"` |
| 166 | |
| 167 | // The maximum time in seconds for a deployment to make progress before it |
| 168 | // is considered to be failed. The deployment controller will continue to |
| 169 | // process failed deployments and a condition with a ProgressDeadlineExceeded |
| 170 | // reason will be surfaced in the deployment status. Note that progress will |
| 171 | // not be estimated during the time a deployment is paused. This is not set |
| 172 | // by default. |
| 173 | // +optional |
| 174 | ProgressDeadlineSeconds *int32 `json:"progressDeadlineSeconds,omitempty" protobuf:"varint,9,opt,name=progressDeadlineSeconds"` |
| 175 | } |
| 176 | |
| 177 | // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object |
| 178 | |
| 179 | // DEPRECATED. |
| 180 | // DeploymentRollback stores the information required to rollback a deployment. |
| 181 | type DeploymentRollback struct { |
| 182 | metav1.TypeMeta `json:",inline"` |
| 183 | // Required: This must match the Name of a deployment. |
| 184 | Name string `json:"name" protobuf:"bytes,1,opt,name=name"` |
| 185 | // The annotations to be updated to a deployment |
| 186 | // +optional |
| 187 | UpdatedAnnotations map[string]string `json:"updatedAnnotations,omitempty" protobuf:"bytes,2,rep,name=updatedAnnotations"` |
| 188 | // The config of this deployment rollback. |
| 189 | RollbackTo RollbackConfig `json:"rollbackTo" protobuf:"bytes,3,opt,name=rollbackTo"` |
| 190 | } |
| 191 | |
| 192 | // DEPRECATED. |
| 193 | type RollbackConfig struct { |
| 194 | // The revision to rollback to. If set to 0, rollback to the last revision. |
| 195 | // +optional |
| 196 | Revision int64 `json:"revision,omitempty" protobuf:"varint,1,opt,name=revision"` |
| 197 | } |
| 198 | |
| 199 | const ( |
| 200 | // DefaultDeploymentUniqueLabelKey is the default key of the selector that is added |
| 201 | // to existing RCs (and label key that is added to its pods) to prevent the existing RCs |
| 202 | // to select new pods (and old pods being select by new RC). |
| 203 | DefaultDeploymentUniqueLabelKey string = "pod-template-hash" |
| 204 | ) |
| 205 | |
| 206 | // DeploymentStrategy describes how to replace existing pods with new ones. |
| 207 | type DeploymentStrategy struct { |
| 208 | // Type of deployment. Can be "Recreate" or "RollingUpdate". Default is RollingUpdate. |
| 209 | // +optional |
| 210 | Type DeploymentStrategyType `json:"type,omitempty" protobuf:"bytes,1,opt,name=type,casttype=DeploymentStrategyType"` |
| 211 | |
| 212 | // Rolling update config params. Present only if DeploymentStrategyType = |
| 213 | // RollingUpdate. |
| 214 | //--- |
| 215 | // TODO: Update this to follow our convention for oneOf, whatever we decide it |
| 216 | // to be. |
| 217 | // +optional |
| 218 | RollingUpdate *RollingUpdateDeployment `json:"rollingUpdate,omitempty" protobuf:"bytes,2,opt,name=rollingUpdate"` |
| 219 | } |
| 220 | |
| 221 | type DeploymentStrategyType string |
| 222 | |
| 223 | const ( |
| 224 | // Kill all existing pods before creating new ones. |
| 225 | RecreateDeploymentStrategyType DeploymentStrategyType = "Recreate" |
| 226 | |
| 227 | // Replace the old RCs by new one using rolling update i.e gradually scale down the old RCs and scale up the new one. |
| 228 | RollingUpdateDeploymentStrategyType DeploymentStrategyType = "RollingUpdate" |
| 229 | ) |
| 230 | |
| 231 | // Spec to control the desired behavior of rolling update. |
| 232 | type RollingUpdateDeployment struct { |
| 233 | // The maximum number of pods that can be unavailable during the update. |
| 234 | // Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). |
| 235 | // Absolute number is calculated from percentage by rounding down. |
| 236 | // This can not be 0 if MaxSurge is 0. |
| 237 | // By default, a fixed value of 1 is used. |
| 238 | // Example: when this is set to 30%, the old RC can be scaled down to 70% of desired pods |
| 239 | // immediately when the rolling update starts. Once new pods are ready, old RC |
| 240 | // can be scaled down further, followed by scaling up the new RC, ensuring |
| 241 | // that the total number of pods available at all times during the update is at |
| 242 | // least 70% of desired pods. |
| 243 | // +optional |
| 244 | MaxUnavailable *intstr.IntOrString `json:"maxUnavailable,omitempty" protobuf:"bytes,1,opt,name=maxUnavailable"` |
| 245 | |
| 246 | // The maximum number of pods that can be scheduled above the desired number of |
| 247 | // pods. |
| 248 | // Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). |
| 249 | // This can not be 0 if MaxUnavailable is 0. |
| 250 | // Absolute number is calculated from percentage by rounding up. |
| 251 | // By default, a value of 1 is used. |
| 252 | // Example: when this is set to 30%, the new RC can be scaled up immediately when |
| 253 | // the rolling update starts, such that the total number of old and new pods do not exceed |
| 254 | // 130% of desired pods. Once old pods have been killed, |
| 255 | // new RC can be scaled up further, ensuring that total number of pods running |
| 256 | // at any time during the update is atmost 130% of desired pods. |
| 257 | // +optional |
| 258 | MaxSurge *intstr.IntOrString `json:"maxSurge,omitempty" protobuf:"bytes,2,opt,name=maxSurge"` |
| 259 | } |
| 260 | |
| 261 | // DeploymentStatus is the most recently observed status of the Deployment. |
| 262 | type DeploymentStatus struct { |
| 263 | // The generation observed by the deployment controller. |
| 264 | // +optional |
| 265 | ObservedGeneration int64 `json:"observedGeneration,omitempty" protobuf:"varint,1,opt,name=observedGeneration"` |
| 266 | |
| 267 | // Total number of non-terminated pods targeted by this deployment (their labels match the selector). |
| 268 | // +optional |
| 269 | Replicas int32 `json:"replicas,omitempty" protobuf:"varint,2,opt,name=replicas"` |
| 270 | |
| 271 | // Total number of non-terminated pods targeted by this deployment that have the desired template spec. |
| 272 | // +optional |
| 273 | UpdatedReplicas int32 `json:"updatedReplicas,omitempty" protobuf:"varint,3,opt,name=updatedReplicas"` |
| 274 | |
| 275 | // Total number of ready pods targeted by this deployment. |
| 276 | // +optional |
| 277 | ReadyReplicas int32 `json:"readyReplicas,omitempty" protobuf:"varint,7,opt,name=readyReplicas"` |
| 278 | |
| 279 | // Total number of available pods (ready for at least minReadySeconds) targeted by this deployment. |
| 280 | // +optional |
| 281 | AvailableReplicas int32 `json:"availableReplicas,omitempty" protobuf:"varint,4,opt,name=availableReplicas"` |
| 282 | |
| 283 | // Total number of unavailable pods targeted by this deployment. This is the total number of |
| 284 | // pods that are still required for the deployment to have 100% available capacity. They may |
| 285 | // either be pods that are running but not yet available or pods that still have not been created. |
| 286 | // +optional |
| 287 | UnavailableReplicas int32 `json:"unavailableReplicas,omitempty" protobuf:"varint,5,opt,name=unavailableReplicas"` |
| 288 | |
| 289 | // Represents the latest available observations of a deployment's current state. |
| 290 | // +patchMergeKey=type |
| 291 | // +patchStrategy=merge |
| 292 | Conditions []DeploymentCondition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,6,rep,name=conditions"` |
| 293 | |
| 294 | // Count of hash collisions for the Deployment. The Deployment controller uses this |
| 295 | // field as a collision avoidance mechanism when it needs to create the name for the |
| 296 | // newest ReplicaSet. |
| 297 | // +optional |
| 298 | CollisionCount *int32 `json:"collisionCount,omitempty" protobuf:"varint,8,opt,name=collisionCount"` |
| 299 | } |
| 300 | |
| 301 | type DeploymentConditionType string |
| 302 | |
| 303 | // These are valid conditions of a deployment. |
| 304 | const ( |
| 305 | // Available means the deployment is available, ie. at least the minimum available |
| 306 | // replicas required are up and running for at least minReadySeconds. |
| 307 | DeploymentAvailable DeploymentConditionType = "Available" |
| 308 | // Progressing means the deployment is progressing. Progress for a deployment is |
| 309 | // considered when a new replica set is created or adopted, and when new pods scale |
| 310 | // up or old pods scale down. Progress is not estimated for paused deployments or |
| 311 | // when progressDeadlineSeconds is not specified. |
| 312 | DeploymentProgressing DeploymentConditionType = "Progressing" |
| 313 | // ReplicaFailure is added in a deployment when one of its pods fails to be created |
| 314 | // or deleted. |
| 315 | DeploymentReplicaFailure DeploymentConditionType = "ReplicaFailure" |
| 316 | ) |
| 317 | |
| 318 | // DeploymentCondition describes the state of a deployment at a certain point. |
| 319 | type DeploymentCondition struct { |
| 320 | // Type of deployment condition. |
| 321 | Type DeploymentConditionType `json:"type" protobuf:"bytes,1,opt,name=type,casttype=DeploymentConditionType"` |
| 322 | // Status of the condition, one of True, False, Unknown. |
| 323 | Status v1.ConditionStatus `json:"status" protobuf:"bytes,2,opt,name=status,casttype=k8s.io/api/core/v1.ConditionStatus"` |
| 324 | // The last time this condition was updated. |
| 325 | LastUpdateTime metav1.Time `json:"lastUpdateTime,omitempty" protobuf:"bytes,6,opt,name=lastUpdateTime"` |
| 326 | // Last time the condition transitioned from one status to another. |
| 327 | LastTransitionTime metav1.Time `json:"lastTransitionTime,omitempty" protobuf:"bytes,7,opt,name=lastTransitionTime"` |
| 328 | // The reason for the condition's last transition. |
| 329 | Reason string `json:"reason,omitempty" protobuf:"bytes,4,opt,name=reason"` |
| 330 | // A human readable message indicating details about the transition. |
| 331 | Message string `json:"message,omitempty" protobuf:"bytes,5,opt,name=message"` |
| 332 | } |
| 333 | |
| 334 | // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object |
| 335 | |
| 336 | // DeploymentList is a list of Deployments. |
| 337 | type DeploymentList struct { |
| 338 | metav1.TypeMeta `json:",inline"` |
| 339 | // Standard list metadata. |
| 340 | // +optional |
| 341 | metav1.ListMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` |
| 342 | |
| 343 | // Items is the list of Deployments. |
| 344 | Items []Deployment `json:"items" protobuf:"bytes,2,rep,name=items"` |
| 345 | } |
| 346 | |
| 347 | type DaemonSetUpdateStrategy struct { |
| 348 | // Type of daemon set update. Can be "RollingUpdate" or "OnDelete". |
| 349 | // Default is OnDelete. |
| 350 | // +optional |
| 351 | Type DaemonSetUpdateStrategyType `json:"type,omitempty" protobuf:"bytes,1,opt,name=type"` |
| 352 | |
| 353 | // Rolling update config params. Present only if type = "RollingUpdate". |
| 354 | //--- |
| 355 | // TODO: Update this to follow our convention for oneOf, whatever we decide it |
| 356 | // to be. Same as Deployment `strategy.rollingUpdate`. |
| 357 | // See https://github.com/kubernetes/kubernetes/issues/35345 |
| 358 | // +optional |
| 359 | RollingUpdate *RollingUpdateDaemonSet `json:"rollingUpdate,omitempty" protobuf:"bytes,2,opt,name=rollingUpdate"` |
| 360 | } |
| 361 | |
| 362 | type DaemonSetUpdateStrategyType string |
| 363 | |
| 364 | const ( |
| 365 | // Replace the old daemons by new ones using rolling update i.e replace them on each node one after the other. |
| 366 | RollingUpdateDaemonSetStrategyType DaemonSetUpdateStrategyType = "RollingUpdate" |
| 367 | |
| 368 | // Replace the old daemons only when it's killed |
| 369 | OnDeleteDaemonSetStrategyType DaemonSetUpdateStrategyType = "OnDelete" |
| 370 | ) |
| 371 | |
| 372 | // Spec to control the desired behavior of daemon set rolling update. |
| 373 | type RollingUpdateDaemonSet struct { |
| 374 | // The maximum number of DaemonSet pods that can be unavailable during the |
| 375 | // update. Value can be an absolute number (ex: 5) or a percentage of total |
| 376 | // number of DaemonSet pods at the start of the update (ex: 10%). Absolute |
| 377 | // number is calculated from percentage by rounding up. |
| 378 | // This cannot be 0. |
| 379 | // Default value is 1. |
| 380 | // Example: when this is set to 30%, at most 30% of the total number of nodes |
| 381 | // that should be running the daemon pod (i.e. status.desiredNumberScheduled) |
| 382 | // can have their pods stopped for an update at any given |
| 383 | // time. The update starts by stopping at most 30% of those DaemonSet pods |
| 384 | // and then brings up new DaemonSet pods in their place. Once the new pods |
| 385 | // are available, it then proceeds onto other DaemonSet pods, thus ensuring |
| 386 | // that at least 70% of original number of DaemonSet pods are available at |
| 387 | // all times during the update. |
| 388 | // +optional |
| 389 | MaxUnavailable *intstr.IntOrString `json:"maxUnavailable,omitempty" protobuf:"bytes,1,opt,name=maxUnavailable"` |
| 390 | } |
| 391 | |
| 392 | // DaemonSetSpec is the specification of a daemon set. |
| 393 | type DaemonSetSpec struct { |
| 394 | // A label query over pods that are managed by the daemon set. |
| 395 | // Must match in order to be controlled. |
| 396 | // If empty, defaulted to labels on Pod template. |
| 397 | // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors |
| 398 | // +optional |
| 399 | Selector *metav1.LabelSelector `json:"selector,omitempty" protobuf:"bytes,1,opt,name=selector"` |
| 400 | |
| 401 | // An object that describes the pod that will be created. |
| 402 | // The DaemonSet will create exactly one copy of this pod on every node |
| 403 | // that matches the template's node selector (or on every node if no node |
| 404 | // selector is specified). |
| 405 | // More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller#pod-template |
| 406 | Template v1.PodTemplateSpec `json:"template" protobuf:"bytes,2,opt,name=template"` |
| 407 | |
| 408 | // An update strategy to replace existing DaemonSet pods with new pods. |
| 409 | // +optional |
| 410 | UpdateStrategy DaemonSetUpdateStrategy `json:"updateStrategy,omitempty" protobuf:"bytes,3,opt,name=updateStrategy"` |
| 411 | |
| 412 | // The minimum number of seconds for which a newly created DaemonSet pod should |
| 413 | // be ready without any of its container crashing, for it to be considered |
| 414 | // available. Defaults to 0 (pod will be considered available as soon as it |
| 415 | // is ready). |
| 416 | // +optional |
| 417 | MinReadySeconds int32 `json:"minReadySeconds,omitempty" protobuf:"varint,4,opt,name=minReadySeconds"` |
| 418 | |
| 419 | // DEPRECATED. |
| 420 | // A sequence number representing a specific generation of the template. |
| 421 | // Populated by the system. It can be set only during the creation. |
| 422 | // +optional |
| 423 | TemplateGeneration int64 `json:"templateGeneration,omitempty" protobuf:"varint,5,opt,name=templateGeneration"` |
| 424 | |
| 425 | // The number of old history to retain to allow rollback. |
| 426 | // This is a pointer to distinguish between explicit zero and not specified. |
| 427 | // Defaults to 10. |
| 428 | // +optional |
| 429 | RevisionHistoryLimit *int32 `json:"revisionHistoryLimit,omitempty" protobuf:"varint,6,opt,name=revisionHistoryLimit"` |
| 430 | } |
| 431 | |
| 432 | // DaemonSetStatus represents the current status of a daemon set. |
| 433 | type DaemonSetStatus struct { |
| 434 | // The number of nodes that are running at least 1 |
| 435 | // daemon pod and are supposed to run the daemon pod. |
| 436 | // More info: https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/ |
| 437 | CurrentNumberScheduled int32 `json:"currentNumberScheduled" protobuf:"varint,1,opt,name=currentNumberScheduled"` |
| 438 | |
| 439 | // The number of nodes that are running the daemon pod, but are |
| 440 | // not supposed to run the daemon pod. |
| 441 | // More info: https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/ |
| 442 | NumberMisscheduled int32 `json:"numberMisscheduled" protobuf:"varint,2,opt,name=numberMisscheduled"` |
| 443 | |
| 444 | // The total number of nodes that should be running the daemon |
| 445 | // pod (including nodes correctly running the daemon pod). |
| 446 | // More info: https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/ |
| 447 | DesiredNumberScheduled int32 `json:"desiredNumberScheduled" protobuf:"varint,3,opt,name=desiredNumberScheduled"` |
| 448 | |
| 449 | // The number of nodes that should be running the daemon pod and have one |
| 450 | // or more of the daemon pod running and ready. |
| 451 | NumberReady int32 `json:"numberReady" protobuf:"varint,4,opt,name=numberReady"` |
| 452 | |
| 453 | // The most recent generation observed by the daemon set controller. |
| 454 | // +optional |
| 455 | ObservedGeneration int64 `json:"observedGeneration,omitempty" protobuf:"varint,5,opt,name=observedGeneration"` |
| 456 | |
| 457 | // The total number of nodes that are running updated daemon pod |
| 458 | // +optional |
| 459 | UpdatedNumberScheduled int32 `json:"updatedNumberScheduled,omitempty" protobuf:"varint,6,opt,name=updatedNumberScheduled"` |
| 460 | |
| 461 | // The number of nodes that should be running the |
| 462 | // daemon pod and have one or more of the daemon pod running and |
| 463 | // available (ready for at least spec.minReadySeconds) |
| 464 | // +optional |
| 465 | NumberAvailable int32 `json:"numberAvailable,omitempty" protobuf:"varint,7,opt,name=numberAvailable"` |
| 466 | |
| 467 | // The number of nodes that should be running the |
| 468 | // daemon pod and have none of the daemon pod running and available |
| 469 | // (ready for at least spec.minReadySeconds) |
| 470 | // +optional |
| 471 | NumberUnavailable int32 `json:"numberUnavailable,omitempty" protobuf:"varint,8,opt,name=numberUnavailable"` |
| 472 | |
| 473 | // Count of hash collisions for the DaemonSet. The DaemonSet controller |
| 474 | // uses this field as a collision avoidance mechanism when it needs to |
| 475 | // create the name for the newest ControllerRevision. |
| 476 | // +optional |
| 477 | CollisionCount *int32 `json:"collisionCount,omitempty" protobuf:"varint,9,opt,name=collisionCount"` |
| 478 | |
| 479 | // Represents the latest available observations of a DaemonSet's current state. |
| 480 | // +optional |
| 481 | // +patchMergeKey=type |
| 482 | // +patchStrategy=merge |
| 483 | Conditions []DaemonSetCondition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,10,rep,name=conditions"` |
| 484 | } |
| 485 | |
| 486 | type DaemonSetConditionType string |
| 487 | |
| 488 | // TODO: Add valid condition types of a DaemonSet. |
| 489 | |
| 490 | // DaemonSetCondition describes the state of a DaemonSet at a certain point. |
| 491 | type DaemonSetCondition struct { |
| 492 | // Type of DaemonSet condition. |
| 493 | Type DaemonSetConditionType `json:"type" protobuf:"bytes,1,opt,name=type,casttype=DaemonSetConditionType"` |
| 494 | // Status of the condition, one of True, False, Unknown. |
| 495 | Status v1.ConditionStatus `json:"status" protobuf:"bytes,2,opt,name=status,casttype=k8s.io/api/core/v1.ConditionStatus"` |
| 496 | // Last time the condition transitioned from one status to another. |
| 497 | // +optional |
| 498 | LastTransitionTime metav1.Time `json:"lastTransitionTime,omitempty" protobuf:"bytes,3,opt,name=lastTransitionTime"` |
| 499 | // The reason for the condition's last transition. |
| 500 | // +optional |
| 501 | Reason string `json:"reason,omitempty" protobuf:"bytes,4,opt,name=reason"` |
| 502 | // A human readable message indicating details about the transition. |
| 503 | // +optional |
| 504 | Message string `json:"message,omitempty" protobuf:"bytes,5,opt,name=message"` |
| 505 | } |
| 506 | |
| 507 | // +genclient |
| 508 | // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object |
| 509 | |
| 510 | // DEPRECATED - This group version of DaemonSet is deprecated by apps/v1beta2/DaemonSet. See the release notes for |
| 511 | // more information. |
| 512 | // DaemonSet represents the configuration of a daemon set. |
| 513 | type DaemonSet struct { |
| 514 | metav1.TypeMeta `json:",inline"` |
| 515 | // Standard object's metadata. |
| 516 | // More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata |
| 517 | // +optional |
| 518 | metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` |
| 519 | |
| 520 | // The desired behavior of this daemon set. |
| 521 | // More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#spec-and-status |
| 522 | // +optional |
| 523 | Spec DaemonSetSpec `json:"spec,omitempty" protobuf:"bytes,2,opt,name=spec"` |
| 524 | |
| 525 | // The current status of this daemon set. This data may be |
| 526 | // out of date by some window of time. |
| 527 | // Populated by the system. |
| 528 | // Read-only. |
| 529 | // More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#spec-and-status |
| 530 | // +optional |
| 531 | Status DaemonSetStatus `json:"status,omitempty" protobuf:"bytes,3,opt,name=status"` |
| 532 | } |
| 533 | |
| 534 | const ( |
| 535 | // DEPRECATED: DefaultDaemonSetUniqueLabelKey is used instead. |
| 536 | // DaemonSetTemplateGenerationKey is the key of the labels that is added |
| 537 | // to daemon set pods to distinguish between old and new pod templates |
| 538 | // during DaemonSet template update. |
| 539 | DaemonSetTemplateGenerationKey string = "pod-template-generation" |
| 540 | |
| 541 | // DefaultDaemonSetUniqueLabelKey is the default label key that is added |
| 542 | // to existing DaemonSet pods to distinguish between old and new |
| 543 | // DaemonSet pods during DaemonSet template updates. |
| 544 | DefaultDaemonSetUniqueLabelKey = appsv1beta1.ControllerRevisionHashLabelKey |
| 545 | ) |
| 546 | |
| 547 | // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object |
| 548 | |
| 549 | // DaemonSetList is a collection of daemon sets. |
| 550 | type DaemonSetList struct { |
| 551 | metav1.TypeMeta `json:",inline"` |
| 552 | // Standard list metadata. |
| 553 | // More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata |
| 554 | // +optional |
| 555 | metav1.ListMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` |
| 556 | |
| 557 | // A list of daemon sets. |
| 558 | Items []DaemonSet `json:"items" protobuf:"bytes,2,rep,name=items"` |
| 559 | } |
| 560 | |
| 561 | // +genclient |
| 562 | // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object |
| 563 | |
| 564 | // Ingress is a collection of rules that allow inbound connections to reach the |
| 565 | // endpoints defined by a backend. An Ingress can be configured to give services |
| 566 | // externally-reachable urls, load balance traffic, terminate SSL, offer name |
| 567 | // based virtual hosting etc. |
| 568 | type Ingress struct { |
| 569 | metav1.TypeMeta `json:",inline"` |
| 570 | // Standard object's metadata. |
| 571 | // More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata |
| 572 | // +optional |
| 573 | metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` |
| 574 | |
| 575 | // Spec is the desired state of the Ingress. |
| 576 | // More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#spec-and-status |
| 577 | // +optional |
| 578 | Spec IngressSpec `json:"spec,omitempty" protobuf:"bytes,2,opt,name=spec"` |
| 579 | |
| 580 | // Status is the current state of the Ingress. |
| 581 | // More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#spec-and-status |
| 582 | // +optional |
| 583 | Status IngressStatus `json:"status,omitempty" protobuf:"bytes,3,opt,name=status"` |
| 584 | } |
| 585 | |
| 586 | // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object |
| 587 | |
| 588 | // IngressList is a collection of Ingress. |
| 589 | type IngressList struct { |
| 590 | metav1.TypeMeta `json:",inline"` |
| 591 | // Standard object's metadata. |
| 592 | // More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata |
| 593 | // +optional |
| 594 | metav1.ListMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` |
| 595 | |
| 596 | // Items is the list of Ingress. |
| 597 | Items []Ingress `json:"items" protobuf:"bytes,2,rep,name=items"` |
| 598 | } |
| 599 | |
| 600 | // IngressSpec describes the Ingress the user wishes to exist. |
| 601 | type IngressSpec struct { |
| 602 | // A default backend capable of servicing requests that don't match any |
| 603 | // rule. At least one of 'backend' or 'rules' must be specified. This field |
| 604 | // is optional to allow the loadbalancer controller or defaulting logic to |
| 605 | // specify a global default. |
| 606 | // +optional |
| 607 | Backend *IngressBackend `json:"backend,omitempty" protobuf:"bytes,1,opt,name=backend"` |
| 608 | |
| 609 | // TLS configuration. Currently the Ingress only supports a single TLS |
| 610 | // port, 443. If multiple members of this list specify different hosts, they |
| 611 | // will be multiplexed on the same port according to the hostname specified |
| 612 | // through the SNI TLS extension, if the ingress controller fulfilling the |
| 613 | // ingress supports SNI. |
| 614 | // +optional |
| 615 | TLS []IngressTLS `json:"tls,omitempty" protobuf:"bytes,2,rep,name=tls"` |
| 616 | |
| 617 | // A list of host rules used to configure the Ingress. If unspecified, or |
| 618 | // no rule matches, all traffic is sent to the default backend. |
| 619 | // +optional |
| 620 | Rules []IngressRule `json:"rules,omitempty" protobuf:"bytes,3,rep,name=rules"` |
| 621 | // TODO: Add the ability to specify load-balancer IP through claims |
| 622 | } |
| 623 | |
| 624 | // IngressTLS describes the transport layer security associated with an Ingress. |
| 625 | type IngressTLS struct { |
| 626 | // Hosts are a list of hosts included in the TLS certificate. The values in |
| 627 | // this list must match the name/s used in the tlsSecret. Defaults to the |
| 628 | // wildcard host setting for the loadbalancer controller fulfilling this |
| 629 | // Ingress, if left unspecified. |
| 630 | // +optional |
| 631 | Hosts []string `json:"hosts,omitempty" protobuf:"bytes,1,rep,name=hosts"` |
| 632 | // SecretName is the name of the secret used to terminate SSL traffic on 443. |
| 633 | // Field is left optional to allow SSL routing based on SNI hostname alone. |
| 634 | // If the SNI host in a listener conflicts with the "Host" header field used |
| 635 | // by an IngressRule, the SNI host is used for termination and value of the |
| 636 | // Host header is used for routing. |
| 637 | // +optional |
| 638 | SecretName string `json:"secretName,omitempty" protobuf:"bytes,2,opt,name=secretName"` |
| 639 | // TODO: Consider specifying different modes of termination, protocols etc. |
| 640 | } |
| 641 | |
| 642 | // IngressStatus describe the current state of the Ingress. |
| 643 | type IngressStatus struct { |
| 644 | // LoadBalancer contains the current status of the load-balancer. |
| 645 | // +optional |
| 646 | LoadBalancer v1.LoadBalancerStatus `json:"loadBalancer,omitempty" protobuf:"bytes,1,opt,name=loadBalancer"` |
| 647 | } |
| 648 | |
| 649 | // IngressRule represents the rules mapping the paths under a specified host to |
| 650 | // the related backend services. Incoming requests are first evaluated for a host |
| 651 | // match, then routed to the backend associated with the matching IngressRuleValue. |
| 652 | type IngressRule struct { |
| 653 | // Host is the fully qualified domain name of a network host, as defined |
| 654 | // by RFC 3986. Note the following deviations from the "host" part of the |
| 655 | // URI as defined in the RFC: |
| 656 | // 1. IPs are not allowed. Currently an IngressRuleValue can only apply to the |
| 657 | // IP in the Spec of the parent Ingress. |
| 658 | // 2. The `:` delimiter is not respected because ports are not allowed. |
| 659 | // Currently the port of an Ingress is implicitly :80 for http and |
| 660 | // :443 for https. |
| 661 | // Both these may change in the future. |
| 662 | // Incoming requests are matched against the host before the IngressRuleValue. |
| 663 | // If the host is unspecified, the Ingress routes all traffic based on the |
| 664 | // specified IngressRuleValue. |
| 665 | // +optional |
| 666 | Host string `json:"host,omitempty" protobuf:"bytes,1,opt,name=host"` |
| 667 | // IngressRuleValue represents a rule to route requests for this IngressRule. |
| 668 | // If unspecified, the rule defaults to a http catch-all. Whether that sends |
| 669 | // just traffic matching the host to the default backend or all traffic to the |
| 670 | // default backend, is left to the controller fulfilling the Ingress. Http is |
| 671 | // currently the only supported IngressRuleValue. |
| 672 | // +optional |
| 673 | IngressRuleValue `json:",inline,omitempty" protobuf:"bytes,2,opt,name=ingressRuleValue"` |
| 674 | } |
| 675 | |
| 676 | // IngressRuleValue represents a rule to apply against incoming requests. If the |
| 677 | // rule is satisfied, the request is routed to the specified backend. Currently |
| 678 | // mixing different types of rules in a single Ingress is disallowed, so exactly |
| 679 | // one of the following must be set. |
| 680 | type IngressRuleValue struct { |
| 681 | //TODO: |
| 682 | // 1. Consider renaming this resource and the associated rules so they |
| 683 | // aren't tied to Ingress. They can be used to route intra-cluster traffic. |
| 684 | // 2. Consider adding fields for ingress-type specific global options |
| 685 | // usable by a loadbalancer, like http keep-alive. |
| 686 | |
| 687 | // +optional |
| 688 | HTTP *HTTPIngressRuleValue `json:"http,omitempty" protobuf:"bytes,1,opt,name=http"` |
| 689 | } |
| 690 | |
| 691 | // HTTPIngressRuleValue is a list of http selectors pointing to backends. |
| 692 | // In the example: http://<host>/<path>?<searchpart> -> backend where |
| 693 | // where parts of the url correspond to RFC 3986, this resource will be used |
| 694 | // to match against everything after the last '/' and before the first '?' |
| 695 | // or '#'. |
| 696 | type HTTPIngressRuleValue struct { |
| 697 | // A collection of paths that map requests to backends. |
| 698 | Paths []HTTPIngressPath `json:"paths" protobuf:"bytes,1,rep,name=paths"` |
| 699 | // TODO: Consider adding fields for ingress-type specific global |
| 700 | // options usable by a loadbalancer, like http keep-alive. |
| 701 | } |
| 702 | |
| 703 | // HTTPIngressPath associates a path regex with a backend. Incoming urls matching |
| 704 | // the path are forwarded to the backend. |
| 705 | type HTTPIngressPath struct { |
| 706 | // Path is an extended POSIX regex as defined by IEEE Std 1003.1, |
| 707 | // (i.e this follows the egrep/unix syntax, not the perl syntax) |
| 708 | // matched against the path of an incoming request. Currently it can |
| 709 | // contain characters disallowed from the conventional "path" |
| 710 | // part of a URL as defined by RFC 3986. Paths must begin with |
| 711 | // a '/'. If unspecified, the path defaults to a catch all sending |
| 712 | // traffic to the backend. |
| 713 | // +optional |
| 714 | Path string `json:"path,omitempty" protobuf:"bytes,1,opt,name=path"` |
| 715 | |
| 716 | // Backend defines the referenced service endpoint to which the traffic |
| 717 | // will be forwarded to. |
| 718 | Backend IngressBackend `json:"backend" protobuf:"bytes,2,opt,name=backend"` |
| 719 | } |
| 720 | |
| 721 | // IngressBackend describes all endpoints for a given service and port. |
| 722 | type IngressBackend struct { |
| 723 | // Specifies the name of the referenced service. |
| 724 | ServiceName string `json:"serviceName" protobuf:"bytes,1,opt,name=serviceName"` |
| 725 | |
| 726 | // Specifies the port of the referenced service. |
| 727 | ServicePort intstr.IntOrString `json:"servicePort" protobuf:"bytes,2,opt,name=servicePort"` |
| 728 | } |
| 729 | |
| 730 | // +genclient |
| 731 | // +genclient:method=GetScale,verb=get,subresource=scale,result=Scale |
| 732 | // +genclient:method=UpdateScale,verb=update,subresource=scale,input=Scale,result=Scale |
| 733 | // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object |
| 734 | |
| 735 | // DEPRECATED - This group version of ReplicaSet is deprecated by apps/v1beta2/ReplicaSet. See the release notes for |
| 736 | // more information. |
| 737 | // ReplicaSet ensures that a specified number of pod replicas are running at any given time. |
| 738 | type ReplicaSet struct { |
| 739 | metav1.TypeMeta `json:",inline"` |
| 740 | |
| 741 | // If the Labels of a ReplicaSet are empty, they are defaulted to |
| 742 | // be the same as the Pod(s) that the ReplicaSet manages. |
| 743 | // Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata |
| 744 | // +optional |
| 745 | metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` |
| 746 | |
| 747 | // Spec defines the specification of the desired behavior of the ReplicaSet. |
| 748 | // More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#spec-and-status |
| 749 | // +optional |
| 750 | Spec ReplicaSetSpec `json:"spec,omitempty" protobuf:"bytes,2,opt,name=spec"` |
| 751 | |
| 752 | // Status is the most recently observed status of the ReplicaSet. |
| 753 | // This data may be out of date by some window of time. |
| 754 | // Populated by the system. |
| 755 | // Read-only. |
| 756 | // More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#spec-and-status |
| 757 | // +optional |
| 758 | Status ReplicaSetStatus `json:"status,omitempty" protobuf:"bytes,3,opt,name=status"` |
| 759 | } |
| 760 | |
| 761 | // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object |
| 762 | |
| 763 | // ReplicaSetList is a collection of ReplicaSets. |
| 764 | type ReplicaSetList struct { |
| 765 | metav1.TypeMeta `json:",inline"` |
| 766 | // Standard list metadata. |
| 767 | // More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds |
| 768 | // +optional |
| 769 | metav1.ListMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` |
| 770 | |
| 771 | // List of ReplicaSets. |
| 772 | // More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller |
| 773 | Items []ReplicaSet `json:"items" protobuf:"bytes,2,rep,name=items"` |
| 774 | } |
| 775 | |
| 776 | // ReplicaSetSpec is the specification of a ReplicaSet. |
| 777 | type ReplicaSetSpec struct { |
| 778 | // Replicas is the number of desired replicas. |
| 779 | // This is a pointer to distinguish between explicit zero and unspecified. |
| 780 | // Defaults to 1. |
| 781 | // More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller/#what-is-a-replicationcontroller |
| 782 | // +optional |
| 783 | Replicas *int32 `json:"replicas,omitempty" protobuf:"varint,1,opt,name=replicas"` |
| 784 | |
| 785 | // Minimum number of seconds for which a newly created pod should be ready |
| 786 | // without any of its container crashing, for it to be considered available. |
| 787 | // Defaults to 0 (pod will be considered available as soon as it is ready) |
| 788 | // +optional |
| 789 | MinReadySeconds int32 `json:"minReadySeconds,omitempty" protobuf:"varint,4,opt,name=minReadySeconds"` |
| 790 | |
| 791 | // Selector is a label query over pods that should match the replica count. |
| 792 | // If the selector is empty, it is defaulted to the labels present on the pod template. |
| 793 | // Label keys and values that must match in order to be controlled by this replica set. |
| 794 | // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors |
| 795 | // +optional |
| 796 | Selector *metav1.LabelSelector `json:"selector,omitempty" protobuf:"bytes,2,opt,name=selector"` |
| 797 | |
| 798 | // Template is the object that describes the pod that will be created if |
| 799 | // insufficient replicas are detected. |
| 800 | // More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller#pod-template |
| 801 | // +optional |
| 802 | Template v1.PodTemplateSpec `json:"template,omitempty" protobuf:"bytes,3,opt,name=template"` |
| 803 | } |
| 804 | |
| 805 | // ReplicaSetStatus represents the current status of a ReplicaSet. |
| 806 | type ReplicaSetStatus struct { |
| 807 | // Replicas is the most recently oberved number of replicas. |
| 808 | // More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller/#what-is-a-replicationcontroller |
| 809 | Replicas int32 `json:"replicas" protobuf:"varint,1,opt,name=replicas"` |
| 810 | |
| 811 | // The number of pods that have labels matching the labels of the pod template of the replicaset. |
| 812 | // +optional |
| 813 | FullyLabeledReplicas int32 `json:"fullyLabeledReplicas,omitempty" protobuf:"varint,2,opt,name=fullyLabeledReplicas"` |
| 814 | |
| 815 | // The number of ready replicas for this replica set. |
| 816 | // +optional |
| 817 | ReadyReplicas int32 `json:"readyReplicas,omitempty" protobuf:"varint,4,opt,name=readyReplicas"` |
| 818 | |
| 819 | // The number of available replicas (ready for at least minReadySeconds) for this replica set. |
| 820 | // +optional |
| 821 | AvailableReplicas int32 `json:"availableReplicas,omitempty" protobuf:"varint,5,opt,name=availableReplicas"` |
| 822 | |
| 823 | // ObservedGeneration reflects the generation of the most recently observed ReplicaSet. |
| 824 | // +optional |
| 825 | ObservedGeneration int64 `json:"observedGeneration,omitempty" protobuf:"varint,3,opt,name=observedGeneration"` |
| 826 | |
| 827 | // Represents the latest available observations of a replica set's current state. |
| 828 | // +optional |
| 829 | // +patchMergeKey=type |
| 830 | // +patchStrategy=merge |
| 831 | Conditions []ReplicaSetCondition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,6,rep,name=conditions"` |
| 832 | } |
| 833 | |
| 834 | type ReplicaSetConditionType string |
| 835 | |
| 836 | // These are valid conditions of a replica set. |
| 837 | const ( |
| 838 | // ReplicaSetReplicaFailure is added in a replica set when one of its pods fails to be created |
| 839 | // due to insufficient quota, limit ranges, pod security policy, node selectors, etc. or deleted |
| 840 | // due to kubelet being down or finalizers are failing. |
| 841 | ReplicaSetReplicaFailure ReplicaSetConditionType = "ReplicaFailure" |
| 842 | ) |
| 843 | |
| 844 | // ReplicaSetCondition describes the state of a replica set at a certain point. |
| 845 | type ReplicaSetCondition struct { |
| 846 | // Type of replica set condition. |
| 847 | Type ReplicaSetConditionType `json:"type" protobuf:"bytes,1,opt,name=type,casttype=ReplicaSetConditionType"` |
| 848 | // Status of the condition, one of True, False, Unknown. |
| 849 | Status v1.ConditionStatus `json:"status" protobuf:"bytes,2,opt,name=status,casttype=k8s.io/api/core/v1.ConditionStatus"` |
| 850 | // The last time the condition transitioned from one status to another. |
| 851 | // +optional |
| 852 | LastTransitionTime metav1.Time `json:"lastTransitionTime,omitempty" protobuf:"bytes,3,opt,name=lastTransitionTime"` |
| 853 | // The reason for the condition's last transition. |
| 854 | // +optional |
| 855 | Reason string `json:"reason,omitempty" protobuf:"bytes,4,opt,name=reason"` |
| 856 | // A human readable message indicating details about the transition. |
| 857 | // +optional |
| 858 | Message string `json:"message,omitempty" protobuf:"bytes,5,opt,name=message"` |
| 859 | } |
| 860 | |
| 861 | // +genclient |
| 862 | // +genclient:nonNamespaced |
| 863 | // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object |
| 864 | |
| 865 | // PodSecurityPolicy governs the ability to make requests that affect the Security Context |
| 866 | // that will be applied to a pod and container. |
| 867 | // Deprecated: use PodSecurityPolicy from policy API Group instead. |
| 868 | type PodSecurityPolicy struct { |
| 869 | metav1.TypeMeta `json:",inline"` |
| 870 | // Standard object's metadata. |
| 871 | // More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata |
| 872 | // +optional |
| 873 | metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` |
| 874 | |
| 875 | // spec defines the policy enforced. |
| 876 | // +optional |
| 877 | Spec PodSecurityPolicySpec `json:"spec,omitempty" protobuf:"bytes,2,opt,name=spec"` |
| 878 | } |
| 879 | |
| 880 | // PodSecurityPolicySpec defines the policy enforced. |
| 881 | // Deprecated: use PodSecurityPolicySpec from policy API Group instead. |
| 882 | type PodSecurityPolicySpec struct { |
| 883 | // privileged determines if a pod can request to be run as privileged. |
| 884 | // +optional |
| 885 | Privileged bool `json:"privileged,omitempty" protobuf:"varint,1,opt,name=privileged"` |
| 886 | // defaultAddCapabilities is the default set of capabilities that will be added to the container |
| 887 | // unless the pod spec specifically drops the capability. You may not list a capability in both |
| 888 | // defaultAddCapabilities and requiredDropCapabilities. Capabilities added here are implicitly |
| 889 | // allowed, and need not be included in the allowedCapabilities list. |
| 890 | // +optional |
| 891 | DefaultAddCapabilities []v1.Capability `json:"defaultAddCapabilities,omitempty" protobuf:"bytes,2,rep,name=defaultAddCapabilities,casttype=k8s.io/api/core/v1.Capability"` |
| 892 | // requiredDropCapabilities are the capabilities that will be dropped from the container. These |
| 893 | // are required to be dropped and cannot be added. |
| 894 | // +optional |
| 895 | RequiredDropCapabilities []v1.Capability `json:"requiredDropCapabilities,omitempty" protobuf:"bytes,3,rep,name=requiredDropCapabilities,casttype=k8s.io/api/core/v1.Capability"` |
| 896 | // allowedCapabilities is a list of capabilities that can be requested to add to the container. |
| 897 | // Capabilities in this field may be added at the pod author's discretion. |
| 898 | // You must not list a capability in both allowedCapabilities and requiredDropCapabilities. |
| 899 | // +optional |
| 900 | AllowedCapabilities []v1.Capability `json:"allowedCapabilities,omitempty" protobuf:"bytes,4,rep,name=allowedCapabilities,casttype=k8s.io/api/core/v1.Capability"` |
| 901 | // volumes is a white list of allowed volume plugins. Empty indicates that |
| 902 | // no volumes may be used. To allow all volumes you may use '*'. |
| 903 | // +optional |
| 904 | Volumes []FSType `json:"volumes,omitempty" protobuf:"bytes,5,rep,name=volumes,casttype=FSType"` |
| 905 | // hostNetwork determines if the policy allows the use of HostNetwork in the pod spec. |
| 906 | // +optional |
| 907 | HostNetwork bool `json:"hostNetwork,omitempty" protobuf:"varint,6,opt,name=hostNetwork"` |
| 908 | // hostPorts determines which host port ranges are allowed to be exposed. |
| 909 | // +optional |
| 910 | HostPorts []HostPortRange `json:"hostPorts,omitempty" protobuf:"bytes,7,rep,name=hostPorts"` |
| 911 | // hostPID determines if the policy allows the use of HostPID in the pod spec. |
| 912 | // +optional |
| 913 | HostPID bool `json:"hostPID,omitempty" protobuf:"varint,8,opt,name=hostPID"` |
| 914 | // hostIPC determines if the policy allows the use of HostIPC in the pod spec. |
| 915 | // +optional |
| 916 | HostIPC bool `json:"hostIPC,omitempty" protobuf:"varint,9,opt,name=hostIPC"` |
| 917 | // seLinux is the strategy that will dictate the allowable labels that may be set. |
| 918 | SELinux SELinuxStrategyOptions `json:"seLinux" protobuf:"bytes,10,opt,name=seLinux"` |
| 919 | // runAsUser is the strategy that will dictate the allowable RunAsUser values that may be set. |
| 920 | RunAsUser RunAsUserStrategyOptions `json:"runAsUser" protobuf:"bytes,11,opt,name=runAsUser"` |
| 921 | // supplementalGroups is the strategy that will dictate what supplemental groups are used by the SecurityContext. |
| 922 | SupplementalGroups SupplementalGroupsStrategyOptions `json:"supplementalGroups" protobuf:"bytes,12,opt,name=supplementalGroups"` |
| 923 | // fsGroup is the strategy that will dictate what fs group is used by the SecurityContext. |
| 924 | FSGroup FSGroupStrategyOptions `json:"fsGroup" protobuf:"bytes,13,opt,name=fsGroup"` |
| 925 | // readOnlyRootFilesystem when set to true will force containers to run with a read only root file |
| 926 | // system. If the container specifically requests to run with a non-read only root file system |
| 927 | // the PSP should deny the pod. |
| 928 | // If set to false the container may run with a read only root file system if it wishes but it |
| 929 | // will not be forced to. |
| 930 | // +optional |
| 931 | ReadOnlyRootFilesystem bool `json:"readOnlyRootFilesystem,omitempty" protobuf:"varint,14,opt,name=readOnlyRootFilesystem"` |
| 932 | // defaultAllowPrivilegeEscalation controls the default setting for whether a |
| 933 | // process can gain more privileges than its parent process. |
| 934 | // +optional |
| 935 | DefaultAllowPrivilegeEscalation *bool `json:"defaultAllowPrivilegeEscalation,omitempty" protobuf:"varint,15,opt,name=defaultAllowPrivilegeEscalation"` |
| 936 | // allowPrivilegeEscalation determines if a pod can request to allow |
| 937 | // privilege escalation. If unspecified, defaults to true. |
| 938 | // +optional |
| 939 | AllowPrivilegeEscalation *bool `json:"allowPrivilegeEscalation,omitempty" protobuf:"varint,16,opt,name=allowPrivilegeEscalation"` |
| 940 | // allowedHostPaths is a white list of allowed host paths. Empty indicates |
| 941 | // that all host paths may be used. |
| 942 | // +optional |
| 943 | AllowedHostPaths []AllowedHostPath `json:"allowedHostPaths,omitempty" protobuf:"bytes,17,rep,name=allowedHostPaths"` |
| 944 | // allowedFlexVolumes is a whitelist of allowed Flexvolumes. Empty or nil indicates that all |
| 945 | // Flexvolumes may be used. This parameter is effective only when the usage of the Flexvolumes |
| 946 | // is allowed in the "volumes" field. |
| 947 | // +optional |
| 948 | AllowedFlexVolumes []AllowedFlexVolume `json:"allowedFlexVolumes,omitempty" protobuf:"bytes,18,rep,name=allowedFlexVolumes"` |
| 949 | // allowedUnsafeSysctls is a list of explicitly allowed unsafe sysctls, defaults to none. |
| 950 | // Each entry is either a plain sysctl name or ends in "*" in which case it is considered |
| 951 | // as a prefix of allowed sysctls. Single * means all unsafe sysctls are allowed. |
| 952 | // Kubelet has to whitelist all allowed unsafe sysctls explicitly to avoid rejection. |
| 953 | // |
| 954 | // Examples: |
| 955 | // e.g. "foo/*" allows "foo/bar", "foo/baz", etc. |
| 956 | // e.g. "foo.*" allows "foo.bar", "foo.baz", etc. |
| 957 | // +optional |
| 958 | AllowedUnsafeSysctls []string `json:"allowedUnsafeSysctls,omitempty" protobuf:"bytes,19,rep,name=allowedUnsafeSysctls"` |
| 959 | // forbiddenSysctls is a list of explicitly forbidden sysctls, defaults to none. |
| 960 | // Each entry is either a plain sysctl name or ends in "*" in which case it is considered |
| 961 | // as a prefix of forbidden sysctls. Single * means all sysctls are forbidden. |
| 962 | // |
| 963 | // Examples: |
| 964 | // e.g. "foo/*" forbids "foo/bar", "foo/baz", etc. |
| 965 | // e.g. "foo.*" forbids "foo.bar", "foo.baz", etc. |
| 966 | // +optional |
| 967 | ForbiddenSysctls []string `json:"forbiddenSysctls,omitempty" protobuf:"bytes,20,rep,name=forbiddenSysctls"` |
| 968 | } |
| 969 | |
| 970 | // AllowedHostPath defines the host volume conditions that will be enabled by a policy |
| 971 | // for pods to use. It requires the path prefix to be defined. |
| 972 | // Deprecated: use AllowedHostPath from policy API Group instead. |
| 973 | type AllowedHostPath struct { |
| 974 | // pathPrefix is the path prefix that the host volume must match. |
| 975 | // It does not support `*`. |
| 976 | // Trailing slashes are trimmed when validating the path prefix with a host path. |
| 977 | // |
| 978 | // Examples: |
| 979 | // `/foo` would allow `/foo`, `/foo/` and `/foo/bar` |
| 980 | // `/foo` would not allow `/food` or `/etc/foo` |
| 981 | PathPrefix string `json:"pathPrefix,omitempty" protobuf:"bytes,1,rep,name=pathPrefix"` |
| 982 | |
| 983 | // when set to true, will allow host volumes matching the pathPrefix only if all volume mounts are readOnly. |
| 984 | // +optional |
| 985 | ReadOnly bool `json:"readOnly,omitempty" protobuf:"varint,2,opt,name=readOnly"` |
| 986 | } |
| 987 | |
| 988 | // FSType gives strong typing to different file systems that are used by volumes. |
| 989 | // Deprecated: use FSType from policy API Group instead. |
| 990 | type FSType string |
| 991 | |
| 992 | var ( |
| 993 | AzureFile FSType = "azureFile" |
| 994 | Flocker FSType = "flocker" |
| 995 | FlexVolume FSType = "flexVolume" |
| 996 | HostPath FSType = "hostPath" |
| 997 | EmptyDir FSType = "emptyDir" |
| 998 | GCEPersistentDisk FSType = "gcePersistentDisk" |
| 999 | AWSElasticBlockStore FSType = "awsElasticBlockStore" |
| 1000 | GitRepo FSType = "gitRepo" |
| 1001 | Secret FSType = "secret" |
| 1002 | NFS FSType = "nfs" |
| 1003 | ISCSI FSType = "iscsi" |
| 1004 | Glusterfs FSType = "glusterfs" |
| 1005 | PersistentVolumeClaim FSType = "persistentVolumeClaim" |
| 1006 | RBD FSType = "rbd" |
| 1007 | Cinder FSType = "cinder" |
| 1008 | CephFS FSType = "cephFS" |
| 1009 | DownwardAPI FSType = "downwardAPI" |
| 1010 | FC FSType = "fc" |
| 1011 | ConfigMap FSType = "configMap" |
| 1012 | Quobyte FSType = "quobyte" |
| 1013 | AzureDisk FSType = "azureDisk" |
| 1014 | All FSType = "*" |
| 1015 | ) |
| 1016 | |
| 1017 | // AllowedFlexVolume represents a single Flexvolume that is allowed to be used. |
| 1018 | // Deprecated: use AllowedFlexVolume from policy API Group instead. |
| 1019 | type AllowedFlexVolume struct { |
| 1020 | // driver is the name of the Flexvolume driver. |
| 1021 | Driver string `json:"driver" protobuf:"bytes,1,opt,name=driver"` |
| 1022 | } |
| 1023 | |
| 1024 | // HostPortRange defines a range of host ports that will be enabled by a policy |
| 1025 | // for pods to use. It requires both the start and end to be defined. |
| 1026 | // Deprecated: use HostPortRange from policy API Group instead. |
| 1027 | type HostPortRange struct { |
| 1028 | // min is the start of the range, inclusive. |
| 1029 | Min int32 `json:"min" protobuf:"varint,1,opt,name=min"` |
| 1030 | // max is the end of the range, inclusive. |
| 1031 | Max int32 `json:"max" protobuf:"varint,2,opt,name=max"` |
| 1032 | } |
| 1033 | |
| 1034 | // SELinuxStrategyOptions defines the strategy type and any options used to create the strategy. |
| 1035 | // Deprecated: use SELinuxStrategyOptions from policy API Group instead. |
| 1036 | type SELinuxStrategyOptions struct { |
| 1037 | // rule is the strategy that will dictate the allowable labels that may be set. |
| 1038 | Rule SELinuxStrategy `json:"rule" protobuf:"bytes,1,opt,name=rule,casttype=SELinuxStrategy"` |
| 1039 | // seLinuxOptions required to run as; required for MustRunAs |
| 1040 | // More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ |
| 1041 | // +optional |
| 1042 | SELinuxOptions *v1.SELinuxOptions `json:"seLinuxOptions,omitempty" protobuf:"bytes,2,opt,name=seLinuxOptions"` |
| 1043 | } |
| 1044 | |
| 1045 | // SELinuxStrategy denotes strategy types for generating SELinux options for a |
| 1046 | // Security Context. |
| 1047 | // Deprecated: use SELinuxStrategy from policy API Group instead. |
| 1048 | type SELinuxStrategy string |
| 1049 | |
| 1050 | const ( |
| 1051 | // SELinuxStrategyMustRunAs means that container must have SELinux labels of X applied. |
| 1052 | // Deprecated: use SELinuxStrategyMustRunAs from policy API Group instead. |
| 1053 | SELinuxStrategyMustRunAs SELinuxStrategy = "MustRunAs" |
| 1054 | // SELinuxStrategyRunAsAny means that container may make requests for any SELinux context labels. |
| 1055 | // Deprecated: use SELinuxStrategyRunAsAny from policy API Group instead. |
| 1056 | SELinuxStrategyRunAsAny SELinuxStrategy = "RunAsAny" |
| 1057 | ) |
| 1058 | |
| 1059 | // RunAsUserStrategyOptions defines the strategy type and any options used to create the strategy. |
| 1060 | // Deprecated: use RunAsUserStrategyOptions from policy API Group instead. |
| 1061 | type RunAsUserStrategyOptions struct { |
| 1062 | // rule is the strategy that will dictate the allowable RunAsUser values that may be set. |
| 1063 | Rule RunAsUserStrategy `json:"rule" protobuf:"bytes,1,opt,name=rule,casttype=RunAsUserStrategy"` |
| 1064 | // ranges are the allowed ranges of uids that may be used. If you would like to force a single uid |
| 1065 | // then supply a single range with the same start and end. Required for MustRunAs. |
| 1066 | // +optional |
| 1067 | Ranges []IDRange `json:"ranges,omitempty" protobuf:"bytes,2,rep,name=ranges"` |
| 1068 | } |
| 1069 | |
| 1070 | // IDRange provides a min/max of an allowed range of IDs. |
| 1071 | // Deprecated: use IDRange from policy API Group instead. |
| 1072 | type IDRange struct { |
| 1073 | // min is the start of the range, inclusive. |
| 1074 | Min int64 `json:"min" protobuf:"varint,1,opt,name=min"` |
| 1075 | // max is the end of the range, inclusive. |
| 1076 | Max int64 `json:"max" protobuf:"varint,2,opt,name=max"` |
| 1077 | } |
| 1078 | |
| 1079 | // RunAsUserStrategy denotes strategy types for generating RunAsUser values for a |
| 1080 | // Security Context. |
| 1081 | // Deprecated: use RunAsUserStrategy from policy API Group instead. |
| 1082 | type RunAsUserStrategy string |
| 1083 | |
| 1084 | const ( |
| 1085 | // RunAsUserStrategyMustRunAs means that container must run as a particular uid. |
| 1086 | // Deprecated: use RunAsUserStrategyMustRunAs from policy API Group instead. |
| 1087 | RunAsUserStrategyMustRunAs RunAsUserStrategy = "MustRunAs" |
| 1088 | // RunAsUserStrategyMustRunAsNonRoot means that container must run as a non-root uid. |
| 1089 | // Deprecated: use RunAsUserStrategyMustRunAsNonRoot from policy API Group instead. |
| 1090 | RunAsUserStrategyMustRunAsNonRoot RunAsUserStrategy = "MustRunAsNonRoot" |
| 1091 | // RunAsUserStrategyRunAsAny means that container may make requests for any uid. |
| 1092 | // Deprecated: use RunAsUserStrategyRunAsAny from policy API Group instead. |
| 1093 | RunAsUserStrategyRunAsAny RunAsUserStrategy = "RunAsAny" |
| 1094 | ) |
| 1095 | |
| 1096 | // FSGroupStrategyOptions defines the strategy type and options used to create the strategy. |
| 1097 | // Deprecated: use FSGroupStrategyOptions from policy API Group instead. |
| 1098 | type FSGroupStrategyOptions struct { |
| 1099 | // rule is the strategy that will dictate what FSGroup is used in the SecurityContext. |
| 1100 | // +optional |
| 1101 | Rule FSGroupStrategyType `json:"rule,omitempty" protobuf:"bytes,1,opt,name=rule,casttype=FSGroupStrategyType"` |
| 1102 | // ranges are the allowed ranges of fs groups. If you would like to force a single |
| 1103 | // fs group then supply a single range with the same start and end. Required for MustRunAs. |
| 1104 | // +optional |
| 1105 | Ranges []IDRange `json:"ranges,omitempty" protobuf:"bytes,2,rep,name=ranges"` |
| 1106 | } |
| 1107 | |
| 1108 | // FSGroupStrategyType denotes strategy types for generating FSGroup values for a |
| 1109 | // SecurityContext |
| 1110 | // Deprecated: use FSGroupStrategyType from policy API Group instead. |
| 1111 | type FSGroupStrategyType string |
| 1112 | |
| 1113 | const ( |
| 1114 | // FSGroupStrategyMustRunAs meant that container must have FSGroup of X applied. |
| 1115 | // Deprecated: use FSGroupStrategyMustRunAs from policy API Group instead. |
| 1116 | FSGroupStrategyMustRunAs FSGroupStrategyType = "MustRunAs" |
| 1117 | // FSGroupStrategyRunAsAny means that container may make requests for any FSGroup labels. |
| 1118 | // Deprecated: use FSGroupStrategyRunAsAny from policy API Group instead. |
| 1119 | FSGroupStrategyRunAsAny FSGroupStrategyType = "RunAsAny" |
| 1120 | ) |
| 1121 | |
| 1122 | // SupplementalGroupsStrategyOptions defines the strategy type and options used to create the strategy. |
| 1123 | // Deprecated: use SupplementalGroupsStrategyOptions from policy API Group instead. |
| 1124 | type SupplementalGroupsStrategyOptions struct { |
| 1125 | // rule is the strategy that will dictate what supplemental groups is used in the SecurityContext. |
| 1126 | // +optional |
| 1127 | Rule SupplementalGroupsStrategyType `json:"rule,omitempty" protobuf:"bytes,1,opt,name=rule,casttype=SupplementalGroupsStrategyType"` |
| 1128 | // ranges are the allowed ranges of supplemental groups. If you would like to force a single |
| 1129 | // supplemental group then supply a single range with the same start and end. Required for MustRunAs. |
| 1130 | // +optional |
| 1131 | Ranges []IDRange `json:"ranges,omitempty" protobuf:"bytes,2,rep,name=ranges"` |
| 1132 | } |
| 1133 | |
| 1134 | // SupplementalGroupsStrategyType denotes strategy types for determining valid supplemental |
| 1135 | // groups for a SecurityContext. |
| 1136 | // Deprecated: use SupplementalGroupsStrategyType from policy API Group instead. |
| 1137 | type SupplementalGroupsStrategyType string |
| 1138 | |
| 1139 | const ( |
| 1140 | // SupplementalGroupsStrategyMustRunAs means that container must run as a particular gid. |
| 1141 | // Deprecated: use SupplementalGroupsStrategyMustRunAs from policy API Group instead. |
| 1142 | SupplementalGroupsStrategyMustRunAs SupplementalGroupsStrategyType = "MustRunAs" |
| 1143 | // SupplementalGroupsStrategyRunAsAny means that container may make requests for any gid. |
| 1144 | // Deprecated: use SupplementalGroupsStrategyRunAsAny from policy API Group instead. |
| 1145 | SupplementalGroupsStrategyRunAsAny SupplementalGroupsStrategyType = "RunAsAny" |
| 1146 | ) |
| 1147 | |
| 1148 | // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object |
| 1149 | |
| 1150 | // PodSecurityPolicyList is a list of PodSecurityPolicy objects. |
| 1151 | // Deprecated: use PodSecurityPolicyList from policy API Group instead. |
| 1152 | type PodSecurityPolicyList struct { |
| 1153 | metav1.TypeMeta `json:",inline"` |
| 1154 | // Standard list metadata. |
| 1155 | // More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata |
| 1156 | // +optional |
| 1157 | metav1.ListMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` |
| 1158 | |
| 1159 | // items is a list of schema objects. |
| 1160 | Items []PodSecurityPolicy `json:"items" protobuf:"bytes,2,rep,name=items"` |
| 1161 | } |
| 1162 | |
| 1163 | // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object |
| 1164 | |
| 1165 | // DEPRECATED 1.9 - This group version of NetworkPolicy is deprecated by networking/v1/NetworkPolicy. |
| 1166 | // NetworkPolicy describes what network traffic is allowed for a set of Pods |
| 1167 | type NetworkPolicy struct { |
| 1168 | metav1.TypeMeta `json:",inline"` |
| 1169 | // Standard object's metadata. |
| 1170 | // More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata |
| 1171 | // +optional |
| 1172 | metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` |
| 1173 | |
| 1174 | // Specification of the desired behavior for this NetworkPolicy. |
| 1175 | // +optional |
| 1176 | Spec NetworkPolicySpec `json:"spec,omitempty" protobuf:"bytes,2,opt,name=spec"` |
| 1177 | } |
| 1178 | |
| 1179 | // DEPRECATED 1.9 - This group version of PolicyType is deprecated by networking/v1/PolicyType. |
| 1180 | // Policy Type string describes the NetworkPolicy type |
| 1181 | // This type is beta-level in 1.8 |
| 1182 | type PolicyType string |
| 1183 | |
| 1184 | const ( |
| 1185 | // PolicyTypeIngress is a NetworkPolicy that affects ingress traffic on selected pods |
| 1186 | PolicyTypeIngress PolicyType = "Ingress" |
| 1187 | // PolicyTypeEgress is a NetworkPolicy that affects egress traffic on selected pods |
| 1188 | PolicyTypeEgress PolicyType = "Egress" |
| 1189 | ) |
| 1190 | |
| 1191 | // DEPRECATED 1.9 - This group version of NetworkPolicySpec is deprecated by networking/v1/NetworkPolicySpec. |
| 1192 | type NetworkPolicySpec struct { |
| 1193 | // Selects the pods to which this NetworkPolicy object applies. The array of ingress rules |
| 1194 | // is applied to any pods selected by this field. Multiple network policies can select the |
| 1195 | // same set of pods. In this case, the ingress rules for each are combined additively. |
| 1196 | // This field is NOT optional and follows standard label selector semantics. |
| 1197 | // An empty podSelector matches all pods in this namespace. |
| 1198 | PodSelector metav1.LabelSelector `json:"podSelector" protobuf:"bytes,1,opt,name=podSelector"` |
| 1199 | |
| 1200 | // List of ingress rules to be applied to the selected pods. |
| 1201 | // Traffic is allowed to a pod if there are no NetworkPolicies selecting the pod |
| 1202 | // OR if the traffic source is the pod's local node, |
| 1203 | // OR if the traffic matches at least one ingress rule across all of the NetworkPolicy |
| 1204 | // objects whose podSelector matches the pod. |
| 1205 | // If this field is empty then this NetworkPolicy does not allow any traffic |
| 1206 | // (and serves solely to ensure that the pods it selects are isolated by default). |
| 1207 | // +optional |
| 1208 | Ingress []NetworkPolicyIngressRule `json:"ingress,omitempty" protobuf:"bytes,2,rep,name=ingress"` |
| 1209 | |
| 1210 | // List of egress rules to be applied to the selected pods. Outgoing traffic is |
| 1211 | // allowed if there are no NetworkPolicies selecting the pod (and cluster policy |
| 1212 | // otherwise allows the traffic), OR if the traffic matches at least one egress rule |
| 1213 | // across all of the NetworkPolicy objects whose podSelector matches the pod. If |
| 1214 | // this field is empty then this NetworkPolicy limits all outgoing traffic (and serves |
| 1215 | // solely to ensure that the pods it selects are isolated by default). |
| 1216 | // This field is beta-level in 1.8 |
| 1217 | // +optional |
| 1218 | Egress []NetworkPolicyEgressRule `json:"egress,omitempty" protobuf:"bytes,3,rep,name=egress"` |
| 1219 | |
| 1220 | // List of rule types that the NetworkPolicy relates to. |
| 1221 | // Valid options are Ingress, Egress, or Ingress,Egress. |
| 1222 | // If this field is not specified, it will default based on the existence of Ingress or Egress rules; |
| 1223 | // policies that contain an Egress section are assumed to affect Egress, and all policies |
| 1224 | // (whether or not they contain an Ingress section) are assumed to affect Ingress. |
| 1225 | // If you want to write an egress-only policy, you must explicitly specify policyTypes [ "Egress" ]. |
| 1226 | // Likewise, if you want to write a policy that specifies that no egress is allowed, |
| 1227 | // you must specify a policyTypes value that include "Egress" (since such a policy would not include |
| 1228 | // an Egress section and would otherwise default to just [ "Ingress" ]). |
| 1229 | // This field is beta-level in 1.8 |
| 1230 | // +optional |
| 1231 | PolicyTypes []PolicyType `json:"policyTypes,omitempty" protobuf:"bytes,4,rep,name=policyTypes,casttype=PolicyType"` |
| 1232 | } |
| 1233 | |
| 1234 | // DEPRECATED 1.9 - This group version of NetworkPolicyIngressRule is deprecated by networking/v1/NetworkPolicyIngressRule. |
| 1235 | // This NetworkPolicyIngressRule matches traffic if and only if the traffic matches both ports AND from. |
| 1236 | type NetworkPolicyIngressRule struct { |
| 1237 | // List of ports which should be made accessible on the pods selected for this rule. |
| 1238 | // Each item in this list is combined using a logical OR. |
| 1239 | // If this field is empty or missing, this rule matches all ports (traffic not restricted by port). |
| 1240 | // If this field is present and contains at least one item, then this rule allows traffic |
| 1241 | // only if the traffic matches at least one port in the list. |
| 1242 | // +optional |
| 1243 | Ports []NetworkPolicyPort `json:"ports,omitempty" protobuf:"bytes,1,rep,name=ports"` |
| 1244 | |
| 1245 | // List of sources which should be able to access the pods selected for this rule. |
| 1246 | // Items in this list are combined using a logical OR operation. |
| 1247 | // If this field is empty or missing, this rule matches all sources (traffic not restricted by source). |
| 1248 | // If this field is present and contains at least on item, this rule allows traffic only if the |
| 1249 | // traffic matches at least one item in the from list. |
| 1250 | // +optional |
| 1251 | From []NetworkPolicyPeer `json:"from,omitempty" protobuf:"bytes,2,rep,name=from"` |
| 1252 | } |
| 1253 | |
| 1254 | // DEPRECATED 1.9 - This group version of NetworkPolicyEgressRule is deprecated by networking/v1/NetworkPolicyEgressRule. |
| 1255 | // NetworkPolicyEgressRule describes a particular set of traffic that is allowed out of pods |
| 1256 | // matched by a NetworkPolicySpec's podSelector. The traffic must match both ports and to. |
| 1257 | // This type is beta-level in 1.8 |
| 1258 | type NetworkPolicyEgressRule struct { |
| 1259 | // List of destination ports for outgoing traffic. |
| 1260 | // Each item in this list is combined using a logical OR. If this field is |
| 1261 | // empty or missing, this rule matches all ports (traffic not restricted by port). |
| 1262 | // If this field is present and contains at least one item, then this rule allows |
| 1263 | // traffic only if the traffic matches at least one port in the list. |
| 1264 | // +optional |
| 1265 | Ports []NetworkPolicyPort `json:"ports,omitempty" protobuf:"bytes,1,rep,name=ports"` |
| 1266 | |
| 1267 | // List of destinations for outgoing traffic of pods selected for this rule. |
| 1268 | // Items in this list are combined using a logical OR operation. If this field is |
| 1269 | // empty or missing, this rule matches all destinations (traffic not restricted by |
| 1270 | // destination). If this field is present and contains at least one item, this rule |
| 1271 | // allows traffic only if the traffic matches at least one item in the to list. |
| 1272 | // +optional |
| 1273 | To []NetworkPolicyPeer `json:"to,omitempty" protobuf:"bytes,2,rep,name=to"` |
| 1274 | } |
| 1275 | |
| 1276 | // DEPRECATED 1.9 - This group version of NetworkPolicyPort is deprecated by networking/v1/NetworkPolicyPort. |
| 1277 | type NetworkPolicyPort struct { |
| 1278 | // Optional. The protocol (TCP or UDP) which traffic must match. |
| 1279 | // If not specified, this field defaults to TCP. |
| 1280 | // +optional |
| 1281 | Protocol *v1.Protocol `json:"protocol,omitempty" protobuf:"bytes,1,opt,name=protocol,casttype=k8s.io/api/core/v1.Protocol"` |
| 1282 | |
| 1283 | // If specified, the port on the given protocol. This can |
| 1284 | // either be a numerical or named port on a pod. If this field is not provided, |
| 1285 | // this matches all port names and numbers. |
| 1286 | // If present, only traffic on the specified protocol AND port |
| 1287 | // will be matched. |
| 1288 | // +optional |
| 1289 | Port *intstr.IntOrString `json:"port,omitempty" protobuf:"bytes,2,opt,name=port"` |
| 1290 | } |
| 1291 | |
| 1292 | // DEPRECATED 1.9 - This group version of IPBlock is deprecated by networking/v1/IPBlock. |
| 1293 | // IPBlock describes a particular CIDR (Ex. "192.168.1.1/24") that is allowed to the pods |
| 1294 | // matched by a NetworkPolicySpec's podSelector. The except entry describes CIDRs that should |
| 1295 | // not be included within this rule. |
| 1296 | type IPBlock struct { |
| 1297 | // CIDR is a string representing the IP Block |
| 1298 | // Valid examples are "192.168.1.1/24" |
| 1299 | CIDR string `json:"cidr" protobuf:"bytes,1,name=cidr"` |
| 1300 | // Except is a slice of CIDRs that should not be included within an IP Block |
| 1301 | // Valid examples are "192.168.1.1/24" |
| 1302 | // Except values will be rejected if they are outside the CIDR range |
| 1303 | // +optional |
| 1304 | Except []string `json:"except,omitempty" protobuf:"bytes,2,rep,name=except"` |
| 1305 | } |
| 1306 | |
| 1307 | // DEPRECATED 1.9 - This group version of NetworkPolicyPeer is deprecated by networking/v1/NetworkPolicyPeer. |
| 1308 | type NetworkPolicyPeer struct { |
| 1309 | // This is a label selector which selects Pods. This field follows standard label |
| 1310 | // selector semantics; if present but empty, it selects all pods. |
| 1311 | // |
| 1312 | // If NamespaceSelector is also set, then the NetworkPolicyPeer as a whole selects |
| 1313 | // the Pods matching PodSelector in the Namespaces selected by NamespaceSelector. |
| 1314 | // Otherwise it selects the Pods matching PodSelector in the policy's own Namespace. |
| 1315 | // +optional |
| 1316 | PodSelector *metav1.LabelSelector `json:"podSelector,omitempty" protobuf:"bytes,1,opt,name=podSelector"` |
| 1317 | |
| 1318 | // Selects Namespaces using cluster-scoped labels. This field follows standard label |
| 1319 | // selector semantics; if present but empty, it selects all namespaces. |
| 1320 | // |
| 1321 | // If PodSelector is also set, then the NetworkPolicyPeer as a whole selects |
| 1322 | // the Pods matching PodSelector in the Namespaces selected by NamespaceSelector. |
| 1323 | // Otherwise it selects all Pods in the Namespaces selected by NamespaceSelector. |
| 1324 | // +optional |
| 1325 | NamespaceSelector *metav1.LabelSelector `json:"namespaceSelector,omitempty" protobuf:"bytes,2,opt,name=namespaceSelector"` |
| 1326 | |
| 1327 | // IPBlock defines policy on a particular IPBlock. If this field is set then |
| 1328 | // neither of the other fields can be. |
| 1329 | // +optional |
| 1330 | IPBlock *IPBlock `json:"ipBlock,omitempty" protobuf:"bytes,3,rep,name=ipBlock"` |
| 1331 | } |
| 1332 | |
| 1333 | // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object |
| 1334 | |
| 1335 | // DEPRECATED 1.9 - This group version of NetworkPolicyList is deprecated by networking/v1/NetworkPolicyList. |
| 1336 | // Network Policy List is a list of NetworkPolicy objects. |
| 1337 | type NetworkPolicyList struct { |
| 1338 | metav1.TypeMeta `json:",inline"` |
| 1339 | // Standard list metadata. |
| 1340 | // More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata |
| 1341 | // +optional |
| 1342 | metav1.ListMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` |
| 1343 | |
| 1344 | // Items is a list of schema objects. |
| 1345 | Items []NetworkPolicy `json:"items" protobuf:"bytes,2,rep,name=items"` |
| 1346 | } |