ziggi/mstore
1
0
Fork 0
Code Pull Requests Actions Packages Projects Releases Wiki Activity

updated vendor

Browse Source
This commit is contained in:
Олег Бородин
2026-06-16 08:02:19 +02:00
parent 2f7f99d3f0
commit 77299d0c64
1283 changed files with 67302 additions and 208958 deletions
Download Patch File Download Diff File Expand all files Collapse all files
vendor/k8s.io/api/admissionregistration/v1beta1/generated.proto
Generated Vendored
+80 -75
View File
@@ -113,12 +113,12 @@ message AuditAnnotation {
// ExpressionWarning is a warning information that targets a specific expression.
message ExpressionWarning {
// The path to the field that refers the expression.
// fieldRef is the path to the field that refers to the expression.
// For example, the reference to the expression of the first item of
// validations is "spec.validations[0].expression"
optional string fieldRef = 2;
// The content of type checking information in a human-readable form.
// warning contains the content of type checking information in a human-readable form.
// Each line of the warning contains the type that the expression is checked
// against, followed by the type check error from the compiler.
optional string warning = 3;
@@ -195,7 +195,7 @@ message JSONPatch {
// MatchCondition represents a condition which must be fulfilled for a request to be sent to a webhook.
message MatchCondition {
// Name is an identifier for this match condition, used for strategic merging of MatchConditions,
// name is an identifier for this match condition, used for strategic merging of MatchConditions,
// as well as providing an identifier for logging purposes. A good name should be descriptive of
// the associated expression.
// Name must be a qualified name consisting of alphanumeric characters, '-', '_' or '.', and
@@ -206,7 +206,7 @@ message MatchCondition {
// Required.
optional string name = 1;
// Expression represents the expression which will be evaluated by CEL. Must evaluate to bool.
// expression represents the expression which will be evaluated by CEL. Must evaluate to bool.
// CEL expressions have access to the contents of the AdmissionRequest and Authorizer, organized into CEL variables:
//
// 'object' - The object from the incoming request. The value is null for DELETE requests.
@@ -227,7 +227,7 @@ message MatchCondition {
// The exclude rules take precedence over include rules (if a resource matches both, it is excluded)
// +structType=atomic
message MatchResources {
// NamespaceSelector decides whether to run the admission control policy on an object based
// namespaceSelector decides whether to run the admission control policy on an object based
// on whether the namespace for that object matches the selector. If the
// object itself is a namespace, the matching is performed on
// object.metadata.labels. If the object is another cluster scoped resource,
@@ -273,7 +273,7 @@ message MatchResources {
// +optional
optional .k8s.io.apimachinery.pkg.apis.meta.v1.LabelSelector namespaceSelector = 1;
// ObjectSelector decides whether to run the validation based on if the
// objectSelector decides whether to run the validation based on if the
// object has matching labels. objectSelector is evaluated against both
// the oldObject and newObject that would be sent to the cel validation, and
// is considered to match if either object matches the selector. A null
@@ -287,13 +287,13 @@ message MatchResources {
// +optional
optional .k8s.io.apimachinery.pkg.apis.meta.v1.LabelSelector objectSelector = 2;
// ResourceRules describes what operations on what resources/subresources the ValidatingAdmissionPolicy matches.
// resourceRules describes what operations on what resources/subresources the ValidatingAdmissionPolicy matches.
// The policy cares about an operation if it matches _any_ Rule.
// +listType=atomic
// +optional
repeated NamedRuleWithOperations resourceRules = 3;
// ExcludeResourceRules describes what operations on what resources/subresources the ValidatingAdmissionPolicy should not care about.
// excludeResourceRules describes what operations on what resources/subresources the ValidatingAdmissionPolicy should not care about.
// The exclude rules take precedence over include rules (if a resource matches both, it is excluded)
// +listType=atomic
// +optional
@@ -319,11 +319,11 @@ message MatchResources {
// MutatingAdmissionPolicy describes the definition of an admission mutation policy that mutates the object coming into admission chain.
message MutatingAdmissionPolicy {
// Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.
// metadata is the standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.
// +optional
optional .k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1;
// Specification of the desired behavior of the MutatingAdmissionPolicy.
// spec defines the desired behavior of the MutatingAdmissionPolicy.
optional MutatingAdmissionPolicySpec spec = 2;
}
@@ -339,17 +339,17 @@ message MutatingAdmissionPolicy {
// Adding/removing policies, bindings, or params can not affect whether a
// given (policy, binding, param) combination is within its own CEL budget.
message MutatingAdmissionPolicyBinding {
// Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.
// metadata is the standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.
// +optional
optional .k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1;
// Specification of the desired behavior of the MutatingAdmissionPolicyBinding.
// spec defines the desired behavior of the MutatingAdmissionPolicyBinding.
optional MutatingAdmissionPolicyBindingSpec spec = 2;
}
// MutatingAdmissionPolicyBindingList is a list of MutatingAdmissionPolicyBinding.
message MutatingAdmissionPolicyBindingList {
// Standard list metadata.
// metadata is the standard list metadata.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
// +optional
optional .k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1;
@@ -387,7 +387,7 @@ message MutatingAdmissionPolicyBindingSpec {
// MutatingAdmissionPolicyList is a list of MutatingAdmissionPolicy.
message MutatingAdmissionPolicyList {
// Standard list metadata.
// metadata is the standard list metadata.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
// +optional
optional .k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1;
@@ -486,18 +486,18 @@ message MutatingAdmissionPolicySpec {
// MutatingWebhook describes an admission webhook and the resources and operations it applies to.
message MutatingWebhook {
// The name of the admission webhook.
// name is the name of the admission webhook.
// Name should be fully qualified, e.g., imagepolicy.kubernetes.io, where
// "imagepolicy" is the name of the webhook, and kubernetes.io is the name
// of the organization.
// Required.
optional string name = 1;
// ClientConfig defines how to communicate with the hook.
// clientConfig defines how to communicate with the hook.
// Required
optional WebhookClientConfig clientConfig = 2;
// Rules describes what operations on what resources/subresources the webhook cares about.
// rules describes what operations on what resources/subresources the webhook cares about.
// The webhook cares about an operation if it matches _any_ Rule.
// However, in order to prevent ValidatingAdmissionWebhooks and MutatingAdmissionWebhooks
// from putting the cluster in a state which cannot be recovered from without completely
@@ -506,7 +506,7 @@ message MutatingWebhook {
// +listType=atomic
repeated .k8s.io.api.admissionregistration.v1.RuleWithOperations rules = 3;
// FailurePolicy defines how unrecognized errors from the admission endpoint are handled -
// failurePolicy defines how unrecognized errors from the admission endpoint are handled -
// allowed values are Ignore or Fail. Defaults to Ignore.
// +optional
optional string failurePolicy = 4;
@@ -528,7 +528,7 @@ message MutatingWebhook {
// +optional
optional string matchPolicy = 9;
// NamespaceSelector decides whether to run the webhook on an object based
// namespaceSelector decides whether to run the webhook on an object based
// on whether the namespace for that object matches the selector. If the
// object itself is a namespace, the matching is performed on
// object.metadata.labels. If the object is another cluster scoped resource,
@@ -574,7 +574,7 @@ message MutatingWebhook {
// +optional
optional .k8s.io.apimachinery.pkg.apis.meta.v1.LabelSelector namespaceSelector = 5;
// ObjectSelector decides whether to run the webhook based on if the
// objectSelector decides whether to run the webhook based on if the
// object has matching labels. objectSelector is evaluated against both
// the oldObject and newObject that would be sent to the webhook, and
// is considered to match if either object matches the selector. A null
@@ -588,7 +588,7 @@ message MutatingWebhook {
// +optional
optional .k8s.io.apimachinery.pkg.apis.meta.v1.LabelSelector objectSelector = 11;
// SideEffects states whether this webhook has side effects.
// sideEffects states whether this webhook has side effects.
// Acceptable values are: Unknown, None, Some, NoneOnDryRun
// Webhooks with side effects MUST implement a reconciliation system, since a request may be
// rejected by a future step in the admission chain and the side effects therefore need to be undone.
@@ -597,7 +597,7 @@ message MutatingWebhook {
// +optional
optional string sideEffects = 6;
// TimeoutSeconds specifies the timeout for this webhook. After the timeout passes,
// timeoutSeconds specifies the timeout for this webhook. After the timeout passes,
// the webhook call will be ignored or the API call will fail based on the
// failure policy.
// The timeout value must be between 1 and 30 seconds.
@@ -605,7 +605,7 @@ message MutatingWebhook {
// +optional
optional int32 timeoutSeconds = 7;
// AdmissionReviewVersions is an ordered list of preferred `AdmissionReview`
// admissionReviewVersions is an ordered list of preferred `AdmissionReview`
// versions the Webhook expects. API server will try to use first version in
// the list which it supports. If none of the versions specified in this list
// supported by API server, validation will fail for this object.
@@ -635,7 +635,7 @@ message MutatingWebhook {
// +optional
optional string reinvocationPolicy = 10;
// MatchConditions is a list of conditions that must be met for a request to be sent to this
// matchConditions is a list of conditions that must be met for a request to be sent to this
// webhook. Match conditions filter requests that have already been matched by the rules,
// namespaceSelector, and objectSelector. An empty list of matchConditions matches all requests.
// There are a maximum of 64 match conditions allowed.
@@ -658,11 +658,11 @@ message MutatingWebhook {
// MutatingWebhookConfiguration describes the configuration of and admission webhook that accept or reject and may change the object.
// Deprecated in v1.16, planned for removal in v1.19. Use admissionregistration.k8s.io/v1 MutatingWebhookConfiguration instead.
message MutatingWebhookConfiguration {
// Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.
// metadata is the standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.
// +optional
optional .k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1;
// Webhooks is a list of webhooks and the affected resources and operations.
// webhooks is a list of webhooks and the affected resources and operations.
// +optional
// +patchMergeKey=name
// +patchStrategy=merge
@@ -673,7 +673,7 @@ message MutatingWebhookConfiguration {
// MutatingWebhookConfigurationList is a list of MutatingWebhookConfiguration.
message MutatingWebhookConfigurationList {
// Standard list metadata.
// metadata is the standard list metadata.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
// +optional
optional .k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1;
@@ -705,7 +705,7 @@ message Mutation {
// NamedRuleWithOperations is a tuple of Operations and Resources with ResourceNames.
// +structType=atomic
message NamedRuleWithOperations {
// ResourceNames is an optional white list of names that the rule applies to. An empty set means that everything is allowed.
// resourceNames is an optional white list of names that the rule applies to. An empty set means that everything is allowed.
// +listType=atomic
// +optional
repeated string resourceNames = 1;
@@ -717,12 +717,12 @@ message NamedRuleWithOperations {
// ParamKind is a tuple of Group Kind and Version.
// +structType=atomic
message ParamKind {
// APIVersion is the API group version the resources belong to.
// apiVersion is the API group version the resources belong to.
// In format of "group/version".
// Required.
optional string apiVersion = 1;
// Kind is the API kind the resources belong to.
// kind is the API kind the resources belong to.
// Required.
optional string kind = 2;
}
@@ -771,7 +771,7 @@ message ParamRef {
// +optional
optional .k8s.io.apimachinery.pkg.apis.meta.v1.LabelSelector selector = 3;
// `parameterNotFoundAction` controls the behavior of the binding when the resource
// parameterNotFoundAction controls the behavior of the binding when the resource
// exists, and name or selector is valid, but there are no parameters
// matched by the binding. If the value is set to `Allow`, then no
// matched parameters will be treated as successful validation by the binding.
@@ -786,22 +786,22 @@ message ParamRef {
// ServiceReference holds a reference to Service.legacy.k8s.io
message ServiceReference {
// `namespace` is the namespace of the service.
// namespace is the namespace of the service.
// Required
optional string namespace = 1;
// `name` is the name of the service.
// name is the name of the service.
// Required
optional string name = 2;
// `path` is an optional URL path which will be sent in any request to
// path is an optional URL path which will be sent in any request to
// this service.
// +optional
optional string path = 3;
// If specified, the port on the service that hosting webhook.
// port is the port on the service that hosts the webhook.
// Default to 443 for backward compatibility.
// `port` should be a valid port number (1-65535, inclusive).
// port should be a valid port number (1-65535, inclusive).
// +optional
optional int32 port = 4;
}
@@ -809,7 +809,7 @@ message ServiceReference {
// TypeChecking contains results of type checking the expressions in the
// ValidatingAdmissionPolicy
message TypeChecking {
// The type checking warnings for each expression.
// expressionWarnings contains the type checking warnings for each expression.
// +optional
// +listType=atomic
repeated ExpressionWarning expressionWarnings = 1;
@@ -821,14 +821,14 @@ message TypeChecking {
// +k8s:prerelease-lifecycle-gen:introduced=1.28
// ValidatingAdmissionPolicy describes the definition of an admission validation policy that accepts or rejects an object without changing it.
message ValidatingAdmissionPolicy {
// Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.
// metadata is the standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.
// +optional
optional .k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1;
// Specification of the desired behavior of the ValidatingAdmissionPolicy.
// spec defines the desired behavior of the ValidatingAdmissionPolicy.
optional ValidatingAdmissionPolicySpec spec = 2;
// The status of the ValidatingAdmissionPolicy, including warnings that are useful to determine if the policy
// status represents the current status of the ValidatingAdmissionPolicy, including warnings that are useful to determine if the policy
// behaves in the expected way.
// Populated by the system.
// Read-only.
@@ -848,17 +848,18 @@ message ValidatingAdmissionPolicy {
// Adding/removing policies, bindings, or params can not affect whether a
// given (policy, binding, param) combination is within its own CEL budget.
message ValidatingAdmissionPolicyBinding {
// Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.
// metadata is the standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.
// +optional
optional .k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1;
// Specification of the desired behavior of the ValidatingAdmissionPolicyBinding.
// spec defines the desired behavior of the ValidatingAdmissionPolicyBinding.
// +required
optional ValidatingAdmissionPolicyBindingSpec spec = 2;
}
// ValidatingAdmissionPolicyBindingList is a list of ValidatingAdmissionPolicyBinding.
message ValidatingAdmissionPolicyBindingList {
// Standard list metadata.
// metadata is the standard list metadata.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
// +optional
optional .k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1;
@@ -869,9 +870,11 @@ message ValidatingAdmissionPolicyBindingList {
// ValidatingAdmissionPolicyBindingSpec is the specification of the ValidatingAdmissionPolicyBinding.
message ValidatingAdmissionPolicyBindingSpec {
// PolicyName references a ValidatingAdmissionPolicy name which the ValidatingAdmissionPolicyBinding binds to.
// policyName references a ValidatingAdmissionPolicy name which the ValidatingAdmissionPolicyBinding binds to.
// If the referenced resource does not exist, this binding is considered invalid and will be ignored
// Required.
// +required
// +k8s:alpha(since: "1.36")=+k8s:required
optional string policyName = 1;
// paramRef specifies the parameter resource used to configure the admission control policy.
@@ -881,7 +884,7 @@ message ValidatingAdmissionPolicyBindingSpec {
// +optional
optional ParamRef paramRef = 2;
// MatchResources declares what resources match this binding and will be validated by it.
// matchResources declares what resources match this binding and will be validated by it.
// Note that this is intersected with the policy's matchConstraints, so only requests that are matched by the policy can be selected by this.
// If this is unset, all resources matched by the policy are validated by this binding
// When resourceRules is unset, it does not constrain resource matching. If a resource is matched by the other fields of this object, it will be validated.
@@ -929,6 +932,8 @@ message ValidatingAdmissionPolicyBindingSpec {
//
// Required.
// +listType=set
// +required
// +k8s:alpha(since: "1.36")=+k8s:required
repeated string validationActions = 4;
}
@@ -936,7 +941,7 @@ message ValidatingAdmissionPolicyBindingSpec {
// +k8s:prerelease-lifecycle-gen:introduced=1.28
// ValidatingAdmissionPolicyList is a list of ValidatingAdmissionPolicy.
message ValidatingAdmissionPolicyList {
// Standard list metadata.
// metadata is the standard list metadata.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
// +optional
optional .k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1;
@@ -947,21 +952,21 @@ message ValidatingAdmissionPolicyList {
// ValidatingAdmissionPolicySpec is the specification of the desired behavior of the AdmissionPolicy.
message ValidatingAdmissionPolicySpec {
// ParamKind specifies the kind of resources used to parameterize this policy.
// paramKind specifies the kind of resources used to parameterize this policy.
// If absent, there are no parameters for this policy and the param CEL variable will not be provided to validation expressions.
// If ParamKind refers to a non-existent kind, this policy definition is mis-configured and the FailurePolicy is applied.
// If paramKind is specified but paramRef is unset in ValidatingAdmissionPolicyBinding, the params variable will be null.
// +optional
optional ParamKind paramKind = 1;
// MatchConstraints specifies what resources this policy is designed to validate.
// matchConstraints specifies what resources this policy is designed to validate.
// The AdmissionPolicy cares about a request if it matches _all_ Constraints.
// However, in order to prevent clusters from being put into an unstable state that cannot be recovered from via the API
// ValidatingAdmissionPolicy cannot match ValidatingAdmissionPolicy and ValidatingAdmissionPolicyBinding.
// Required.
optional MatchResources matchConstraints = 2;
// Validations contain CEL expressions which is used to apply the validation.
// validations contain CEL expressions which is used to apply the validation.
// Validations and AuditAnnotations may not both be empty; a minimum of one Validations or AuditAnnotations is
// required.
// +listType=atomic
@@ -992,7 +997,7 @@ message ValidatingAdmissionPolicySpec {
// +optional
repeated AuditAnnotation auditAnnotations = 5;
// MatchConditions is a list of conditions that must be met for a request to be validated.
// matchConditions is a list of conditions that must be met for a request to be validated.
// Match conditions filter requests that have already been matched by the rules,
// namespaceSelector, and objectSelector. An empty list of matchConditions matches all requests.
// There are a maximum of 64 match conditions allowed.
@@ -1014,7 +1019,7 @@ message ValidatingAdmissionPolicySpec {
// +optional
repeated MatchCondition matchConditions = 6;
// Variables contain definitions of variables that can be used in composition of other expressions.
// variables contain definitions of variables that can be used in composition of other expressions.
// Each variable is defined as a named CEL expression.
// The variables defined here will be available under `variables` in other expressions of the policy
// except MatchConditions because MatchConditions are evaluated before the rest of the policy.
@@ -1031,16 +1036,16 @@ message ValidatingAdmissionPolicySpec {
// ValidatingAdmissionPolicyStatus represents the status of an admission validation policy.
message ValidatingAdmissionPolicyStatus {
// The generation observed by the controller.
// observedGeneration is the generation observed by the controller.
// +optional
optional int64 observedGeneration = 1;
// The results of type checking for each expression.
// typeChecking contains the results of type checking for each expression.
// Presence of this field indicates the completion of the type checking.
// +optional
optional TypeChecking typeChecking = 2;
// The conditions represent the latest available observations of a policy's current state.
// conditions represent the latest available observations of a policy's current state.
// +optional
// +listType=map
// +listMapKey=type
@@ -1049,18 +1054,18 @@ message ValidatingAdmissionPolicyStatus {
// ValidatingWebhook describes an admission webhook and the resources and operations it applies to.
message ValidatingWebhook {
// The name of the admission webhook.
// name is the name of the admission webhook.
// Name should be fully qualified, e.g., imagepolicy.kubernetes.io, where
// "imagepolicy" is the name of the webhook, and kubernetes.io is the name
// of the organization.
// Required.
optional string name = 1;
// ClientConfig defines how to communicate with the hook.
// clientConfig defines how to communicate with the hook.
// Required
optional WebhookClientConfig clientConfig = 2;
// Rules describes what operations on what resources/subresources the webhook cares about.
// rules describes what operations on what resources/subresources the webhook cares about.
// The webhook cares about an operation if it matches _any_ Rule.
// However, in order to prevent ValidatingAdmissionWebhooks and MutatingAdmissionWebhooks
// from putting the cluster in a state which cannot be recovered from without completely
@@ -1069,7 +1074,7 @@ message ValidatingWebhook {
// +listType=atomic
repeated .k8s.io.api.admissionregistration.v1.RuleWithOperations rules = 3;
// FailurePolicy defines how unrecognized errors from the admission endpoint are handled -
// failurePolicy defines how unrecognized errors from the admission endpoint are handled -
// allowed values are Ignore or Fail. Defaults to Ignore.
// +optional
optional string failurePolicy = 4;
@@ -1091,7 +1096,7 @@ message ValidatingWebhook {
// +optional
optional string matchPolicy = 9;
// NamespaceSelector decides whether to run the webhook on an object based
// namespaceSelector decides whether to run the webhook on an object based
// on whether the namespace for that object matches the selector. If the
// object itself is a namespace, the matching is performed on
// object.metadata.labels. If the object is another cluster scoped resource,
@@ -1137,7 +1142,7 @@ message ValidatingWebhook {
// +optional
optional .k8s.io.apimachinery.pkg.apis.meta.v1.LabelSelector namespaceSelector = 5;
// ObjectSelector decides whether to run the webhook based on if the
// objectSelector decides whether to run the webhook based on if the
// object has matching labels. objectSelector is evaluated against both
// the oldObject and newObject that would be sent to the webhook, and
// is considered to match if either object matches the selector. A null
@@ -1151,7 +1156,7 @@ message ValidatingWebhook {
// +optional
optional .k8s.io.apimachinery.pkg.apis.meta.v1.LabelSelector objectSelector = 10;
// SideEffects states whether this webhook has side effects.
// sideEffects states whether this webhook has side effects.
// Acceptable values are: Unknown, None, Some, NoneOnDryRun
// Webhooks with side effects MUST implement a reconciliation system, since a request may be
// rejected by a future step in the admission chain and the side effects therefore need to be undone.
@@ -1161,7 +1166,7 @@ message ValidatingWebhook {
// +listType=atomic
optional string sideEffects = 6;
// TimeoutSeconds specifies the timeout for this webhook. After the timeout passes,
// timeoutSeconds specifies the timeout for this webhook. After the timeout passes,
// the webhook call will be ignored or the API call will fail based on the
// failure policy.
// The timeout value must be between 1 and 30 seconds.
@@ -1169,7 +1174,7 @@ message ValidatingWebhook {
// +optional
optional int32 timeoutSeconds = 7;
// AdmissionReviewVersions is an ordered list of preferred `AdmissionReview`
// admissionReviewVersions is an ordered list of preferred `AdmissionReview`
// versions the Webhook expects. API server will try to use first version in
// the list which it supports. If none of the versions specified in this list
// supported by API server, validation will fail for this object.
@@ -1181,7 +1186,7 @@ message ValidatingWebhook {
// +listType=atomic
repeated string admissionReviewVersions = 8;
// MatchConditions is a list of conditions that must be met for a request to be sent to this
// matchConditions is a list of conditions that must be met for a request to be sent to this
// webhook. Match conditions filter requests that have already been matched by the rules,
// namespaceSelector, and objectSelector. An empty list of matchConditions matches all requests.
// There are a maximum of 64 match conditions allowed.
@@ -1204,11 +1209,11 @@ message ValidatingWebhook {
// ValidatingWebhookConfiguration describes the configuration of and admission webhook that accept or reject and object without changing it.
// Deprecated in v1.16, planned for removal in v1.19. Use admissionregistration.k8s.io/v1 ValidatingWebhookConfiguration instead.
message ValidatingWebhookConfiguration {
// Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.
// metadata is the standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.
// +optional
optional .k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1;
// Webhooks is a list of webhooks and the affected resources and operations.
// webhooks is a list of webhooks and the affected resources and operations.
// +optional
// +patchMergeKey=name
// +patchStrategy=merge
@@ -1219,7 +1224,7 @@ message ValidatingWebhookConfiguration {
// ValidatingWebhookConfigurationList is a list of ValidatingWebhookConfiguration.
message ValidatingWebhookConfigurationList {
// Standard list metadata.
// metadata is the standard list metadata.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
// +optional
optional .k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1;
@@ -1230,7 +1235,7 @@ message ValidatingWebhookConfigurationList {
// Validation specifies the CEL expression which is used to apply the validation.
message Validation {
// Expression represents the expression which will be evaluated by CEL.
// expression represents the expression which will be evaluated by CEL.
// ref: https://github.com/google/cel-spec
// CEL expressions have access to the contents of the API request/response, organized into CEL variables as well as some other useful variables:
//
@@ -1273,7 +1278,7 @@ message Validation {
// Required.
optional string Expression = 1;
// Message represents the message displayed when validation fails. The message is required if the Expression contains
// message represents the message displayed when validation fails. The message is required if the Expression contains
// line breaks. The message must not contain line breaks.
// If unset, the message is "failed rule: {Rule}".
// e.g. "must be a URL with the host matching spec.host"
@@ -1283,7 +1288,7 @@ message Validation {
// +optional
optional string message = 2;
// Reason represents a machine-readable description of why this validation failed.
// reason represents a machine-readable description of why this validation failed.
// If this is the first validation in the list to fail, this reason, as well as the
// corresponding HTTP response code, are used in the
// HTTP response to the client.
@@ -1309,12 +1314,12 @@ message Validation {
// Variable is the definition of a variable that is used for composition. A variable is defined as a named expression.
// +structType=atomic
message Variable {
// Name is the name of the variable. The name must be a valid CEL identifier and unique among all variables.
// name is the name of the variable. The name must be a valid CEL identifier and unique among all variables.
// The variable can be accessed in other expressions through `variables`
// For example, if name is "foo", the variable will be available as `variables.foo`
optional string Name = 1;
// Expression is the expression that will be evaluated as the value of the variable.
// expression is the expression that will be evaluated as the value of the variable.
// The CEL expression has access to the same identifiers as the CEL expressions in Validation.
optional string Expression = 2;
}
@@ -1322,7 +1327,7 @@ message Variable {
// WebhookClientConfig contains the information to make a TLS
// connection with the webhook
message WebhookClientConfig {
// `url` gives the location of the webhook, in standard URL form
// url gives the location of the webhook, in standard URL form
// (`scheme://host:port/path`). Exactly one of `url` or `service`
// must be specified.
//
@@ -1351,7 +1356,7 @@ message WebhookClientConfig {
// +optional
optional string url = 3;
// `service` is a reference to the service for this webhook. Either
// service is a reference to the service for this webhook. Either
// `service` or `url` must be specified.
//
// If the webhook is running within the cluster, then you should use `service`.
@@ -1359,7 +1364,7 @@ message WebhookClientConfig {
// +optional
optional ServiceReference service = 1;
// `caBundle` is a PEM encoded CA bundle which will be used to validate the webhook's server certificate.
// caBundle is a PEM encoded CA bundle which will be used to validate the webhook's server certificate.
// If unspecified, system trust roots on the apiserver are used.
// +optional
optional bytes caBundle = 2;