DevFW-CICD/ingress-nginx-helm
6
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Update go dependencies

Browse source
This commit is contained in:
Manuel de Brito Fontes 2018-07-12 13:19:04 -04:00 committed by Manuel Alejandro de Brito Fontes
parent d5cf22c129
commit 063cc68d1c
No known key found for this signature in database
GPG key ID: 786136016A8BA02A
1321 changed files with 52830 additions and 31081 deletions
Download patch file Download diff file Expand all files Collapse all files

17
vendor/k8s.io/api/SECURITY_CONTACTS generated vendored Normal file
View file

@ -0,0 +1,17 @@
# Defined below are the security contacts for this repo.
#
# They are the contact point for the Product Security Team to reach out
# to for triaging and handling of incoming issues.
#
# The below names agree to abide by the
# [Embargo Policy](https://github.com/kubernetes/sig-release/blob/master/security-release-process-documentation/security-release-process.md#embargo-policy)
# and will be removed and replaced if they violate that agreement.
#
# DO NOT REPORT SECURITY VULNERABILITIES DIRECTLY TO THESE NAMES, FOLLOW THE
# INSTRUCTIONS AT https://kubernetes.io/security/
cjcullen
jessfraz
liggitt
philips
tallclair

2
vendor/k8s.io/api/admissionregistration/v1alpha1/generated.pb.go generated vendored
View file

@ -1,5 +1,5 @@
/*
Copyright 2018 The Kubernetes Authors.
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.

2
vendor/k8s.io/api/admissionregistration/v1alpha1/generated.proto generated vendored
View file

@ -1,5 +1,5 @@
/*
Copyright 2018 The Kubernetes Authors.
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.

4
vendor/k8s.io/api/admissionregistration/v1alpha1/types_swagger_doc_generated.go generated vendored
View file

@ -1,5 +1,5 @@
/*
Copyright 2016 The Kubernetes Authors.
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
@ -26,7 +26,7 @@ package v1alpha1
//
// Those methods can be generated by using hack/update-generated-swagger-docs.sh
// AUTO-GENERATED FUNCTIONS START HERE
// AUTO-GENERATED FUNCTIONS START HERE. DO NOT EDIT.
var map_Initializer = map[string]string{
"": "Initializer describes the name and the failure policy of an initializer, and what resources it applies to.",
"name": "Name is the identifier of the initializer. It will be added to the object that needs to be initialized. Name should be fully qualified, e.g., alwayspullimages.kubernetes.io, where \"alwayspullimages\" is the name of the webhook, and kubernetes.io is the name of the organization. Required",

2
vendor/k8s.io/api/admissionregistration/v1alpha1/zz_generated.deepcopy.go generated vendored
View file

@ -1,7 +1,7 @@
// +build !ignore_autogenerated
/*
Copyright 2018 The Kubernetes Authors.
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.

2
vendor/k8s.io/api/admissionregistration/v1beta1/generated.pb.go generated vendored
View file

@ -1,5 +1,5 @@
/*
Copyright 2018 The Kubernetes Authors.
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.

6
vendor/k8s.io/api/admissionregistration/v1beta1/generated.proto generated vendored
View file

@ -1,5 +1,5 @@
/*
Copyright 2018 The Kubernetes Authors.
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
@ -250,9 +250,7 @@ message WebhookClientConfig {
//
// If the webhook is running within the cluster, then you should use `service`.
//
// If there is only one port open for the service, that port will be
// used. If there are multiple ports open, port 443 will be used if it
// is open, otherwise it is an error.
// Port 443 will be used if it is open, otherwise it is an error.
//
// +optional
optional ServiceReference service = 1;

4
vendor/k8s.io/api/admissionregistration/v1beta1/types.go generated vendored
View file

@ -254,9 +254,7 @@ type WebhookClientConfig struct {
//
// If the webhook is running within the cluster, then you should use `service`.
//
// If there is only one port open for the service, that port will be
// used. If there are multiple ports open, port 443 will be used if it
// is open, otherwise it is an error.
// Port 443 will be used if it is open, otherwise it is an error.
//
// +optional
Service *ServiceReference `json:"service" protobuf:"bytes,1,opt,name=service"`

6
vendor/k8s.io/api/admissionregistration/v1beta1/types_swagger_doc_generated.go generated vendored
View file

@ -1,5 +1,5 @@
/*
Copyright 2016 The Kubernetes Authors.
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
@ -26,7 +26,7 @@ package v1beta1
//
// Those methods can be generated by using hack/update-generated-swagger-docs.sh
// AUTO-GENERATED FUNCTIONS START HERE
// AUTO-GENERATED FUNCTIONS START HERE. DO NOT EDIT.
var map_MutatingWebhookConfiguration = map[string]string{
"": "MutatingWebhookConfiguration describes the configuration of and admission webhook that accept or reject and may change the object.",
"metadata": "Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata.",
@ -114,7 +114,7 @@ func (Webhook) SwaggerDoc() map[string]string {
var map_WebhookClientConfig = map[string]string{
"": "WebhookClientConfig contains the information to make a TLS connection with the webhook",
"url": "`url` gives the location of the webhook, in standard URL form (`[scheme://]host:port/path`). Exactly one of `url` or `service` must be specified.\n\nThe `host` should not refer to a service running in the cluster; use the `service` field instead. The host might be resolved via external DNS in some apiservers (e.g., `kube-apiserver` cannot resolve in-cluster DNS as that would be a layering violation). `host` may also be an IP address.\n\nPlease note that using `localhost` or `127.0.0.1` as a `host` is risky unless you take great care to run this webhook on all hosts which run an apiserver which might need to make calls to this webhook. Such installs are likely to be non-portable, i.e., not easy to turn up in a new cluster.\n\nThe scheme must be \"https\"; the URL must begin with \"https://\".\n\nA path is optional, and if present may be any string permissible in a URL. You may use the path to pass an arbitrary string to the webhook, for example, a cluster identifier.\n\nAttempting to use a user or basic auth e.g. \"user:password@\" is not allowed. Fragments (\"#...\") and query parameters (\"?...\") are not allowed, either.",
"service": "`service` is a reference to the service for this webhook. Either `service` or `url` must be specified.\n\nIf the webhook is running within the cluster, then you should use `service`.\n\nIf there is only one port open for the service, that port will be used. If there are multiple ports open, port 443 will be used if it is open, otherwise it is an error.",
"service": "`service` is a reference to the service for this webhook. Either `service` or `url` must be specified.\n\nIf the webhook is running within the cluster, then you should use `service`.\n\nPort 443 will be used if it is open, otherwise it is an error.",
"caBundle": "`caBundle` is a PEM encoded CA bundle which will be used to validate the webhook's server certificate. Required.",
}

2
vendor/k8s.io/api/admissionregistration/v1beta1/zz_generated.deepcopy.go generated vendored
View file

@ -1,7 +1,7 @@
// +build !ignore_autogenerated
/*
Copyright 2018 The Kubernetes Authors.
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.

2
vendor/k8s.io/api/apps/v1/generated.pb.go generated vendored
View file

@ -1,5 +1,5 @@
/*
Copyright 2018 The Kubernetes Authors.
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.

12
vendor/k8s.io/api/apps/v1/generated.proto generated vendored
View file

@ -1,5 +1,5 @@
/*
Copyright 2018 The Kubernetes Authors.
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
@ -501,9 +501,9 @@ message RollingUpdateDeployment {
// Absolute number is calculated from percentage by rounding down.
// This can not be 0 if MaxSurge is 0.
// Defaults to 25%.
// Example: when this is set to 30%, the old RC can be scaled down to 70% of desired pods
// immediately when the rolling update starts. Once new pods are ready, old RC
// can be scaled down further, followed by scaling up the new RC, ensuring
// Example: when this is set to 30%, the old ReplicaSet can be scaled down to 70% of desired pods
// immediately when the rolling update starts. Once new pods are ready, old ReplicaSet
// can be scaled down further, followed by scaling up the new ReplicaSet, ensuring
// that the total number of pods available at all times during the update is at
// least 70% of desired pods.
// +optional
@ -515,10 +515,10 @@ message RollingUpdateDeployment {
// This can not be 0 if MaxUnavailable is 0.
// Absolute number is calculated from percentage by rounding up.
// Defaults to 25%.
// Example: when this is set to 30%, the new RC can be scaled up immediately when
// Example: when this is set to 30%, the new ReplicaSet can be scaled up immediately when
// the rolling update starts, such that the total number of old and new pods do not exceed
// 130% of desired pods. Once old pods have been killed,
// new RC can be scaled up further, ensuring that total number of pods running
// new ReplicaSet can be scaled up further, ensuring that total number of pods running
// at any time during the update is at most 130% of desired pods.
// +optional
optional k8s.io.apimachinery.pkg.util.intstr.IntOrString maxSurge = 2;

16
vendor/k8s.io/api/apps/v1/types.go generated vendored
View file

@ -307,8 +307,8 @@ type DeploymentSpec struct {
const (
// DefaultDeploymentUniqueLabelKey is the default key of the selector that is added
// to existing RCs (and label key that is added to its pods) to prevent the existing RCs
// to select new pods (and old pods being select by new RC).
// to existing ReplicaSets (and label key that is added to its pods) to prevent the existing ReplicaSets
// to select new pods (and old pods being select by new ReplicaSet).
DefaultDeploymentUniqueLabelKey string = "pod-template-hash"
)
@ -333,7 +333,7 @@ const (
// Kill all existing pods before creating new ones.
RecreateDeploymentStrategyType DeploymentStrategyType = "Recreate"
// Replace the old RCs by new one using rolling update i.e gradually scale down the old RCs and scale up the new one.
// Replace the old ReplicaSets by new one using rolling update i.e gradually scale down the old ReplicaSets and scale up the new one.
RollingUpdateDeploymentStrategyType DeploymentStrategyType = "RollingUpdate"
)
@ -344,9 +344,9 @@ type RollingUpdateDeployment struct {
// Absolute number is calculated from percentage by rounding down.
// This can not be 0 if MaxSurge is 0.
// Defaults to 25%.
// Example: when this is set to 30%, the old RC can be scaled down to 70% of desired pods
// immediately when the rolling update starts. Once new pods are ready, old RC
// can be scaled down further, followed by scaling up the new RC, ensuring
// Example: when this is set to 30%, the old ReplicaSet can be scaled down to 70% of desired pods
// immediately when the rolling update starts. Once new pods are ready, old ReplicaSet
// can be scaled down further, followed by scaling up the new ReplicaSet, ensuring
// that the total number of pods available at all times during the update is at
// least 70% of desired pods.
// +optional
@ -358,10 +358,10 @@ type RollingUpdateDeployment struct {
// This can not be 0 if MaxUnavailable is 0.
// Absolute number is calculated from percentage by rounding up.
// Defaults to 25%.
// Example: when this is set to 30%, the new RC can be scaled up immediately when
// Example: when this is set to 30%, the new ReplicaSet can be scaled up immediately when
// the rolling update starts, such that the total number of old and new pods do not exceed
// 130% of desired pods. Once old pods have been killed,
// new RC can be scaled up further, ensuring that total number of pods running
// new ReplicaSet can be scaled up further, ensuring that total number of pods running
// at any time during the update is at most 130% of desired pods.
// +optional
MaxSurge *intstr.IntOrString `json:"maxSurge,omitempty" protobuf:"bytes,2,opt,name=maxSurge"`

8
vendor/k8s.io/api/apps/v1/types_swagger_doc_generated.go generated vendored
View file

@ -1,5 +1,5 @@
/*
Copyright 2016 The Kubernetes Authors.
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
@ -26,7 +26,7 @@ package v1
//
// Those methods can be generated by using hack/update-generated-swagger-docs.sh
// AUTO-GENERATED FUNCTIONS START HERE
// AUTO-GENERATED FUNCTIONS START HERE. DO NOT EDIT.
var map_ControllerRevision = map[string]string{
"": "ControllerRevision implements an immutable snapshot of state data. Clients are responsible for serializing and deserializing the objects that contain their internal state. Once a ControllerRevision has been successfully created, it can not be updated. The API Server will fail validation of all requests that attempt to mutate the Data field. ControllerRevisions may, however, be deleted. Note that, due to its use by both the DaemonSet and StatefulSet controllers for update and rollback, this object is beta. However, it may be subject to name and representation changes in future releases, and clients should not depend on its stability. It is primarily for internal use by controllers.",
"metadata": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata",
@ -271,8 +271,8 @@ func (RollingUpdateDaemonSet) SwaggerDoc() map[string]string {
var map_RollingUpdateDeployment = map[string]string{
"": "Spec to control the desired behavior of rolling update.",
"maxUnavailable": "The maximum number of pods that can be unavailable during the update. Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). Absolute number is calculated from percentage by rounding down. This can not be 0 if MaxSurge is 0. Defaults to 25%. Example: when this is set to 30%, the old RC can be scaled down to 70% of desired pods immediately when the rolling update starts. Once new pods are ready, old RC can be scaled down further, followed by scaling up the new RC, ensuring that the total number of pods available at all times during the update is at least 70% of desired pods.",
"maxSurge": "The maximum number of pods that can be scheduled above the desired number of pods. Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). This can not be 0 if MaxUnavailable is 0. Absolute number is calculated from percentage by rounding up. Defaults to 25%. Example: when this is set to 30%, the new RC can be scaled up immediately when the rolling update starts, such that the total number of old and new pods do not exceed 130% of desired pods. Once old pods have been killed, new RC can be scaled up further, ensuring that total number of pods running at any time during the update is at most 130% of desired pods.",
"maxUnavailable": "The maximum number of pods that can be unavailable during the update. Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). Absolute number is calculated from percentage by rounding down. This can not be 0 if MaxSurge is 0. Defaults to 25%. Example: when this is set to 30%, the old ReplicaSet can be scaled down to 70% of desired pods immediately when the rolling update starts. Once new pods are ready, old ReplicaSet can be scaled down further, followed by scaling up the new ReplicaSet, ensuring that the total number of pods available at all times during the update is at least 70% of desired pods.",
"maxSurge": "The maximum number of pods that can be scheduled above the desired number of pods. Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). This can not be 0 if MaxUnavailable is 0. Absolute number is calculated from percentage by rounding up. Defaults to 25%. Example: when this is set to 30%, the new ReplicaSet can be scaled up immediately when the rolling update starts, such that the total number of old and new pods do not exceed 130% of desired pods. Once old pods have been killed, new ReplicaSet can be scaled up further, ensuring that total number of pods running at any time during the update is at most 130% of desired pods.",
}
func (RollingUpdateDeployment) SwaggerDoc() map[string]string {

2
vendor/k8s.io/api/apps/v1/zz_generated.deepcopy.go generated vendored
View file

@ -1,7 +1,7 @@
// +build !ignore_autogenerated
/*
Copyright 2018 The Kubernetes Authors.
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.

2
vendor/k8s.io/api/apps/v1beta1/generated.pb.go generated vendored
View file

@ -1,5 +1,5 @@
/*
Copyright 2018 The Kubernetes Authors.
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.

12
vendor/k8s.io/api/apps/v1beta1/generated.proto generated vendored
View file

@ -1,5 +1,5 @@
/*
Copyright 2018 The Kubernetes Authors.
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
@ -245,9 +245,9 @@ message RollingUpdateDeployment {
// Absolute number is calculated from percentage by rounding down.
// This can not be 0 if MaxSurge is 0.
// Defaults to 25%.
// Example: when this is set to 30%, the old RC can be scaled down to 70% of desired pods
// immediately when the rolling update starts. Once new pods are ready, old RC
// can be scaled down further, followed by scaling up the new RC, ensuring
// Example: when this is set to 30%, the old ReplicaSet can be scaled down to 70% of desired pods
// immediately when the rolling update starts. Once new pods are ready, old ReplicaSet
// can be scaled down further, followed by scaling up the new ReplicaSet, ensuring
// that the total number of pods available at all times during the update is at
// least 70% of desired pods.
// +optional
@ -259,10 +259,10 @@ message RollingUpdateDeployment {
// This can not be 0 if MaxUnavailable is 0.
// Absolute number is calculated from percentage by rounding up.
// Defaults to 25%.
// Example: when this is set to 30%, the new RC can be scaled up immediately when
// Example: when this is set to 30%, the new ReplicaSet can be scaled up immediately when
// the rolling update starts, such that the total number of old and new pods do not exceed
// 130% of desired pods. Once old pods have been killed,
// new RC can be scaled up further, ensuring that total number of pods running
// new ReplicaSet can be scaled up further, ensuring that total number of pods running
// at any time during the update is atmost 130% of desired pods.
// +optional
optional k8s.io.apimachinery.pkg.util.intstr.IntOrString maxSurge = 2;

16
vendor/k8s.io/api/apps/v1beta1/types.go generated vendored
View file

@ -379,8 +379,8 @@ type RollbackConfig struct {
const (
// DefaultDeploymentUniqueLabelKey is the default key of the selector that is added
// to existing RCs (and label key that is added to its pods) to prevent the existing RCs
// to select new pods (and old pods being select by new RC).
// to existing ReplicaSets (and label key that is added to its pods) to prevent the existing ReplicaSets
// to select new pods (and old pods being select by new ReplicaSet).
DefaultDeploymentUniqueLabelKey string = "pod-template-hash"
)
@ -405,7 +405,7 @@ const (
// Kill all existing pods before creating new ones.
RecreateDeploymentStrategyType DeploymentStrategyType = "Recreate"
// Replace the old RCs by new one using rolling update i.e gradually scale down the old RCs and scale up the new one.
// Replace the old ReplicaSets by new one using rolling update i.e gradually scale down the old ReplicaSets and scale up the new one.
RollingUpdateDeploymentStrategyType DeploymentStrategyType = "RollingUpdate"
)
@ -416,9 +416,9 @@ type RollingUpdateDeployment struct {
// Absolute number is calculated from percentage by rounding down.
// This can not be 0 if MaxSurge is 0.
// Defaults to 25%.
// Example: when this is set to 30%, the old RC can be scaled down to 70% of desired pods
// immediately when the rolling update starts. Once new pods are ready, old RC
// can be scaled down further, followed by scaling up the new RC, ensuring
// Example: when this is set to 30%, the old ReplicaSet can be scaled down to 70% of desired pods
// immediately when the rolling update starts. Once new pods are ready, old ReplicaSet
// can be scaled down further, followed by scaling up the new ReplicaSet, ensuring
// that the total number of pods available at all times during the update is at
// least 70% of desired pods.
// +optional
@ -430,10 +430,10 @@ type RollingUpdateDeployment struct {
// This can not be 0 if MaxUnavailable is 0.
// Absolute number is calculated from percentage by rounding up.
// Defaults to 25%.
// Example: when this is set to 30%, the new RC can be scaled up immediately when
// Example: when this is set to 30%, the new ReplicaSet can be scaled up immediately when
// the rolling update starts, such that the total number of old and new pods do not exceed
// 130% of desired pods. Once old pods have been killed,
// new RC can be scaled up further, ensuring that total number of pods running
// new ReplicaSet can be scaled up further, ensuring that total number of pods running
// at any time during the update is atmost 130% of desired pods.
// +optional
MaxSurge *intstr.IntOrString `json:"maxSurge,omitempty" protobuf:"bytes,2,opt,name=maxSurge"`

8
vendor/k8s.io/api/apps/v1beta1/types_swagger_doc_generated.go generated vendored
View file

@ -1,5 +1,5 @@
/*
Copyright 2016 The Kubernetes Authors.
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
@ -26,7 +26,7 @@ package v1beta1
//
// Those methods can be generated by using hack/update-generated-swagger-docs.sh
// AUTO-GENERATED FUNCTIONS START HERE
// AUTO-GENERATED FUNCTIONS START HERE. DO NOT EDIT.
var map_ControllerRevision = map[string]string{
"": "DEPRECATED - This group version of ControllerRevision is deprecated by apps/v1beta2/ControllerRevision. See the release notes for more information. ControllerRevision implements an immutable snapshot of state data. Clients are responsible for serializing and deserializing the objects that contain their internal state. Once a ControllerRevision has been successfully created, it can not be updated. The API Server will fail validation of all requests that attempt to mutate the Data field. ControllerRevisions may, however, be deleted. Note that, due to its use by both the DaemonSet and StatefulSet controllers for update and rollback, this object is beta. However, it may be subject to name and representation changes in future releases, and clients should not depend on its stability. It is primarily for internal use by controllers.",
"metadata": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata",
@ -148,8 +148,8 @@ func (RollbackConfig) SwaggerDoc() map[string]string {
var map_RollingUpdateDeployment = map[string]string{
"": "Spec to control the desired behavior of rolling update.",
"maxUnavailable": "The maximum number of pods that can be unavailable during the update. Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). Absolute number is calculated from percentage by rounding down. This can not be 0 if MaxSurge is 0. Defaults to 25%. Example: when this is set to 30%, the old RC can be scaled down to 70% of desired pods immediately when the rolling update starts. Once new pods are ready, old RC can be scaled down further, followed by scaling up the new RC, ensuring that the total number of pods available at all times during the update is at least 70% of desired pods.",
"maxSurge": "The maximum number of pods that can be scheduled above the desired number of pods. Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). This can not be 0 if MaxUnavailable is 0. Absolute number is calculated from percentage by rounding up. Defaults to 25%. Example: when this is set to 30%, the new RC can be scaled up immediately when the rolling update starts, such that the total number of old and new pods do not exceed 130% of desired pods. Once old pods have been killed, new RC can be scaled up further, ensuring that total number of pods running at any time during the update is atmost 130% of desired pods.",
"maxUnavailable": "The maximum number of pods that can be unavailable during the update. Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). Absolute number is calculated from percentage by rounding down. This can not be 0 if MaxSurge is 0. Defaults to 25%. Example: when this is set to 30%, the old ReplicaSet can be scaled down to 70% of desired pods immediately when the rolling update starts. Once new pods are ready, old ReplicaSet can be scaled down further, followed by scaling up the new ReplicaSet, ensuring that the total number of pods available at all times during the update is at least 70% of desired pods.",
"maxSurge": "The maximum number of pods that can be scheduled above the desired number of pods. Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). This can not be 0 if MaxUnavailable is 0. Absolute number is calculated from percentage by rounding up. Defaults to 25%. Example: when this is set to 30%, the new ReplicaSet can be scaled up immediately when the rolling update starts, such that the total number of old and new pods do not exceed 130% of desired pods. Once old pods have been killed, new ReplicaSet can be scaled up further, ensuring that total number of pods running at any time during the update is atmost 130% of desired pods.",
}
func (RollingUpdateDeployment) SwaggerDoc() map[string]string {

2
vendor/k8s.io/api/apps/v1beta1/zz_generated.deepcopy.go generated vendored
View file

@ -1,7 +1,7 @@
// +build !ignore_autogenerated
/*
Copyright 2018 The Kubernetes Authors.
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.

2
vendor/k8s.io/api/apps/v1beta2/generated.pb.go generated vendored
View file

@ -1,5 +1,5 @@
/*
Copyright 2018 The Kubernetes Authors.
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.

12
vendor/k8s.io/api/apps/v1beta2/generated.proto generated vendored
View file

@ -1,5 +1,5 @@
/*
Copyright 2018 The Kubernetes Authors.
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
@ -509,9 +509,9 @@ message RollingUpdateDeployment {
// Absolute number is calculated from percentage by rounding down.
// This can not be 0 if MaxSurge is 0.
// Defaults to 25%.
// Example: when this is set to 30%, the old RC can be scaled down to 70% of desired pods
// immediately when the rolling update starts. Once new pods are ready, old RC
// can be scaled down further, followed by scaling up the new RC, ensuring
// Example: when this is set to 30%, the old ReplicaSet can be scaled down to 70% of desired pods
// immediately when the rolling update starts. Once new pods are ready, old ReplicaSet
// can be scaled down further, followed by scaling up the new ReplicaSet, ensuring
// that the total number of pods available at all times during the update is at
// least 70% of desired pods.
// +optional
@ -523,10 +523,10 @@ message RollingUpdateDeployment {
// This can not be 0 if MaxUnavailable is 0.
// Absolute number is calculated from percentage by rounding up.
// Defaults to 25%.
// Example: when this is set to 30%, the new RC can be scaled up immediately when
// Example: when this is set to 30%, the new ReplicaSet can be scaled up immediately when
// the rolling update starts, such that the total number of old and new pods do not exceed
// 130% of desired pods. Once old pods have been killed,
// new RC can be scaled up further, ensuring that total number of pods running
// new ReplicaSet can be scaled up further, ensuring that total number of pods running
// at any time during the update is atmost 130% of desired pods.
// +optional
optional k8s.io.apimachinery.pkg.util.intstr.IntOrString maxSurge = 2;

16
vendor/k8s.io/api/apps/v1beta2/types.go generated vendored
View file

@ -359,8 +359,8 @@ type DeploymentSpec struct {
const (
// DefaultDeploymentUniqueLabelKey is the default key of the selector that is added
// to existing RCs (and label key that is added to its pods) to prevent the existing RCs
// to select new pods (and old pods being select by new RC).
// to existing ReplicaSets (and label key that is added to its pods) to prevent the existing ReplicaSets
// to select new pods (and old pods being select by new ReplicaSet).
DefaultDeploymentUniqueLabelKey string = "pod-template-hash"
)
@ -385,7 +385,7 @@ const (
// Kill all existing pods before creating new ones.
RecreateDeploymentStrategyType DeploymentStrategyType = "Recreate"
// Replace the old RCs by new one using rolling update i.e gradually scale down the old RCs and scale up the new one.
// Replace the old ReplicaSets by new one using rolling update i.e gradually scale down the old ReplicaSets and scale up the new one.
RollingUpdateDeploymentStrategyType DeploymentStrategyType = "RollingUpdate"
)
@ -396,9 +396,9 @@ type RollingUpdateDeployment struct {
// Absolute number is calculated from percentage by rounding down.
// This can not be 0 if MaxSurge is 0.
// Defaults to 25%.
// Example: when this is set to 30%, the old RC can be scaled down to 70% of desired pods
// immediately when the rolling update starts. Once new pods are ready, old RC
// can be scaled down further, followed by scaling up the new RC, ensuring
// Example: when this is set to 30%, the old ReplicaSet can be scaled down to 70% of desired pods
// immediately when the rolling update starts. Once new pods are ready, old ReplicaSet
// can be scaled down further, followed by scaling up the new ReplicaSet, ensuring
// that the total number of pods available at all times during the update is at
// least 70% of desired pods.
// +optional
@ -410,10 +410,10 @@ type RollingUpdateDeployment struct {
// This can not be 0 if MaxUnavailable is 0.
// Absolute number is calculated from percentage by rounding up.
// Defaults to 25%.
// Example: when this is set to 30%, the new RC can be scaled up immediately when
// Example: when this is set to 30%, the new ReplicaSet can be scaled up immediately when
// the rolling update starts, such that the total number of old and new pods do not exceed
// 130% of desired pods. Once old pods have been killed,
// new RC can be scaled up further, ensuring that total number of pods running
// new ReplicaSet can be scaled up further, ensuring that total number of pods running
// at any time during the update is atmost 130% of desired pods.
// +optional
MaxSurge *intstr.IntOrString `json:"maxSurge,omitempty" protobuf:"bytes,2,opt,name=maxSurge"`

8
vendor/k8s.io/api/apps/v1beta2/types_swagger_doc_generated.go generated vendored
View file

@ -1,5 +1,5 @@
/*
Copyright 2016 The Kubernetes Authors.
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
@ -26,7 +26,7 @@ package v1beta2
//
// Those methods can be generated by using hack/update-generated-swagger-docs.sh
// AUTO-GENERATED FUNCTIONS START HERE
// AUTO-GENERATED FUNCTIONS START HERE. DO NOT EDIT.
var map_ControllerRevision = map[string]string{
"": "DEPRECATED - This group version of ControllerRevision is deprecated by apps/v1/ControllerRevision. See the release notes for more information. ControllerRevision implements an immutable snapshot of state data. Clients are responsible for serializing and deserializing the objects that contain their internal state. Once a ControllerRevision has been successfully created, it can not be updated. The API Server will fail validation of all requests that attempt to mutate the Data field. ControllerRevisions may, however, be deleted. Note that, due to its use by both the DaemonSet and StatefulSet controllers for update and rollback, this object is beta. However, it may be subject to name and representation changes in future releases, and clients should not depend on its stability. It is primarily for internal use by controllers.",
"metadata": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata",
@ -271,8 +271,8 @@ func (RollingUpdateDaemonSet) SwaggerDoc() map[string]string {
var map_RollingUpdateDeployment = map[string]string{
"": "Spec to control the desired behavior of rolling update.",
"maxUnavailable": "The maximum number of pods that can be unavailable during the update. Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). Absolute number is calculated from percentage by rounding down. This can not be 0 if MaxSurge is 0. Defaults to 25%. Example: when this is set to 30%, the old RC can be scaled down to 70% of desired pods immediately when the rolling update starts. Once new pods are ready, old RC can be scaled down further, followed by scaling up the new RC, ensuring that the total number of pods available at all times during the update is at least 70% of desired pods.",
"maxSurge": "The maximum number of pods that can be scheduled above the desired number of pods. Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). This can not be 0 if MaxUnavailable is 0. Absolute number is calculated from percentage by rounding up. Defaults to 25%. Example: when this is set to 30%, the new RC can be scaled up immediately when the rolling update starts, such that the total number of old and new pods do not exceed 130% of desired pods. Once old pods have been killed, new RC can be scaled up further, ensuring that total number of pods running at any time during the update is atmost 130% of desired pods.",
"maxUnavailable": "The maximum number of pods that can be unavailable during the update. Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). Absolute number is calculated from percentage by rounding down. This can not be 0 if MaxSurge is 0. Defaults to 25%. Example: when this is set to 30%, the old ReplicaSet can be scaled down to 70% of desired pods immediately when the rolling update starts. Once new pods are ready, old ReplicaSet can be scaled down further, followed by scaling up the new ReplicaSet, ensuring that the total number of pods available at all times during the update is at least 70% of desired pods.",
"maxSurge": "The maximum number of pods that can be scheduled above the desired number of pods. Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). This can not be 0 if MaxUnavailable is 0. Absolute number is calculated from percentage by rounding up. Defaults to 25%. Example: when this is set to 30%, the new ReplicaSet can be scaled up immediately when the rolling update starts, such that the total number of old and new pods do not exceed 130% of desired pods. Once old pods have been killed, new ReplicaSet can be scaled up further, ensuring that total number of pods running at any time during the update is atmost 130% of desired pods.",
}
func (RollingUpdateDeployment) SwaggerDoc() map[string]string {

2
vendor/k8s.io/api/apps/v1beta2/zz_generated.deepcopy.go generated vendored
View file

@ -1,7 +1,7 @@
// +build !ignore_autogenerated
/*
Copyright 2018 The Kubernetes Authors.
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.

2
vendor/k8s.io/api/authentication/v1/generated.pb.go generated vendored
View file

@ -1,5 +1,5 @@
/*
Copyright 2018 The Kubernetes Authors.
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.

2
vendor/k8s.io/api/authentication/v1/generated.proto generated vendored
View file

@ -1,5 +1,5 @@
/*
Copyright 2018 The Kubernetes Authors.
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.

4
vendor/k8s.io/api/authentication/v1/types_swagger_doc_generated.go generated vendored
View file

@ -1,5 +1,5 @@
/*
Copyright 2016 The Kubernetes Authors.
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
@ -26,7 +26,7 @@ package v1
//
// Those methods can be generated by using hack/update-generated-swagger-docs.sh
// AUTO-GENERATED FUNCTIONS START HERE
// AUTO-GENERATED FUNCTIONS START HERE. DO NOT EDIT.
var map_BoundObjectReference = map[string]string{
"": "BoundObjectReference is a reference to an object that a token is bound to.",
"kind": "Kind of the referent. Valid kinds are 'Pod' and 'Secret'.",

2
vendor/k8s.io/api/authentication/v1/zz_generated.deepcopy.go generated vendored
View file

@ -1,7 +1,7 @@
// +build !ignore_autogenerated
/*
Copyright 2018 The Kubernetes Authors.
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.

2
vendor/k8s.io/api/authentication/v1beta1/generated.pb.go generated vendored
View file

@ -1,5 +1,5 @@
/*
Copyright 2018 The Kubernetes Authors.
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.

2
vendor/k8s.io/api/authentication/v1beta1/generated.proto generated vendored
View file

@ -1,5 +1,5 @@
/*
Copyright 2018 The Kubernetes Authors.
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.

4
vendor/k8s.io/api/authentication/v1beta1/types_swagger_doc_generated.go generated vendored
View file

@ -1,5 +1,5 @@
/*
Copyright 2016 The Kubernetes Authors.
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
@ -26,7 +26,7 @@ package v1beta1
//
// Those methods can be generated by using hack/update-generated-swagger-docs.sh
// AUTO-GENERATED FUNCTIONS START HERE
// AUTO-GENERATED FUNCTIONS START HERE. DO NOT EDIT.
var map_TokenReview = map[string]string{
"": "TokenReview attempts to authenticate a token to a known user. Note: TokenReview requests may be cached by the webhook token authenticator plugin in the kube-apiserver.",
"spec": "Spec holds information about the request being evaluated",

2
vendor/k8s.io/api/authentication/v1beta1/zz_generated.deepcopy.go generated vendored
View file

@ -1,7 +1,7 @@
// +build !ignore_autogenerated
/*
Copyright 2018 The Kubernetes Authors.
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.

2
vendor/k8s.io/api/authorization/v1/generated.pb.go generated vendored
View file

@ -1,5 +1,5 @@
/*
Copyright 2018 The Kubernetes Authors.
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.

2
vendor/k8s.io/api/authorization/v1/generated.proto generated vendored
View file

@ -1,5 +1,5 @@
/*
Copyright 2018 The Kubernetes Authors.
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.

4
vendor/k8s.io/api/authorization/v1/types_swagger_doc_generated.go generated vendored
View file

@ -1,5 +1,5 @@
/*
Copyright 2016 The Kubernetes Authors.
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
@ -26,7 +26,7 @@ package v1
//
// Those methods can be generated by using hack/update-generated-swagger-docs.sh
// AUTO-GENERATED FUNCTIONS START HERE
// AUTO-GENERATED FUNCTIONS START HERE. DO NOT EDIT.
var map_LocalSubjectAccessReview = map[string]string{
"": "LocalSubjectAccessReview checks whether or not a user or group can perform an action in a given namespace. Having a namespace scoped resource makes it much easier to grant namespace scoped policy that includes permissions checking.",
"spec": "Spec holds information about the request being evaluated. spec.namespace must be equal to the namespace you made the request against. If empty, it is defaulted.",

2
vendor/k8s.io/api/authorization/v1/zz_generated.deepcopy.go generated vendored
View file

@ -1,7 +1,7 @@
// +build !ignore_autogenerated
/*
Copyright 2018 The Kubernetes Authors.
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.

2
vendor/k8s.io/api/authorization/v1beta1/generated.pb.go generated vendored
View file

@ -1,5 +1,5 @@
/*
Copyright 2018 The Kubernetes Authors.
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.

2
vendor/k8s.io/api/authorization/v1beta1/generated.proto generated vendored
View file

@ -1,5 +1,5 @@
/*
Copyright 2018 The Kubernetes Authors.
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.

4
vendor/k8s.io/api/authorization/v1beta1/types_swagger_doc_generated.go generated vendored
View file

@ -1,5 +1,5 @@
/*
Copyright 2016 The Kubernetes Authors.
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
@ -26,7 +26,7 @@ package v1beta1
//
// Those methods can be generated by using hack/update-generated-swagger-docs.sh
// AUTO-GENERATED FUNCTIONS START HERE
// AUTO-GENERATED FUNCTIONS START HERE. DO NOT EDIT.
var map_LocalSubjectAccessReview = map[string]string{
"": "LocalSubjectAccessReview checks whether or not a user or group can perform an action in a given namespace. Having a namespace scoped resource makes it much easier to grant namespace scoped policy that includes permissions checking.",
"spec": "Spec holds information about the request being evaluated. spec.namespace must be equal to the namespace you made the request against. If empty, it is defaulted.",

2
vendor/k8s.io/api/authorization/v1beta1/zz_generated.deepcopy.go generated vendored
View file

@ -1,7 +1,7 @@
// +build !ignore_autogenerated
/*
Copyright 2018 The Kubernetes Authors.
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.

2
vendor/k8s.io/api/autoscaling/v1/generated.pb.go generated vendored
View file

@ -1,5 +1,5 @@
/*
Copyright 2018 The Kubernetes Authors.
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.

2
vendor/k8s.io/api/autoscaling/v1/generated.proto generated vendored
View file

@ -1,5 +1,5 @@
/*
Copyright 2018 The Kubernetes Authors.
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.

4
vendor/k8s.io/api/autoscaling/v1/types_swagger_doc_generated.go generated vendored
View file

@ -1,5 +1,5 @@
/*
Copyright 2016 The Kubernetes Authors.
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
@ -26,7 +26,7 @@ package v1
//
// Those methods can be generated by using hack/update-generated-swagger-docs.sh
// AUTO-GENERATED FUNCTIONS START HERE
// AUTO-GENERATED FUNCTIONS START HERE. DO NOT EDIT.
var map_CrossVersionObjectReference = map[string]string{
"": "CrossVersionObjectReference contains enough information to let you identify the referred resource.",
"kind": "Kind of the referent; More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds\"",

2
vendor/k8s.io/api/autoscaling/v1/zz_generated.deepcopy.go generated vendored
View file

@ -1,7 +1,7 @@
// +build !ignore_autogenerated
/*
Copyright 2018 The Kubernetes Authors.
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.

3146
vendor/k8s.io/api/autoscaling/v2beta1/generated.pb.go generated vendored
View file

File diff suppressed because it is too large Load diff

164
vendor/k8s.io/api/autoscaling/v2beta1/generated.proto generated vendored
View file

@ -1,5 +1,5 @@
/*
Copyright 2018 The Kubernetes Authors.
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
@ -31,6 +31,29 @@ import "k8s.io/apimachinery/pkg/util/intstr/generated.proto";
// Package-wide variables from generator "generated".
option go_package = "v2beta1";
// ContainerResourcePolicy controls how autoscaler computes the recommended
// resources for a specific container.
message ContainerResourcePolicy {
// Name of the container or DefaultContainerResourcePolicy, in which
// case the policy is used by the containers that don't have their own
// policy specified.
optional string containerName = 1;
// Whether autoscaler is enabled for the container. The default is "Auto".
// +optional
optional string mode = 2;
// Specifies the minimal amount of resources that will be recommended
// for the container. The default is no minimum.
// +optional
map<string, k8s.io.apimachinery.pkg.api.resource.Quantity> minAllowed = 3;
// Specifies the maximum amount of resources that will be recommended
// for the container. The default is no maximum.
// +optional
map<string, k8s.io.apimachinery.pkg.api.resource.Quantity> maxAllowed = 4;
}
// CrossVersionObjectReference contains enough information to let you identify the referred resource.
message CrossVersionObjectReference {
// Kind of the referent; More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds"
@ -289,6 +312,26 @@ message ObjectMetricStatus {
optional k8s.io.apimachinery.pkg.api.resource.Quantity currentValue = 3;
}
// PodResourcePolicy controls how autoscaler computes the recommended resources
// for containers belonging to the pod. There can be at most one entry for every
// named container and optionally a single wildcard entry with `containerName` = '*',
// which handles all containers that don't have individual policies.
message PodResourcePolicy {
// Per-container resource policies.
// +optional
// +patchMergeKey=containerName
// +patchStrategy=merge
repeated ContainerResourcePolicy containerPolicies = 1;
}
// PodUpdatePolicy describes the rules on how changes are applied to the pods.
message PodUpdatePolicy {
// Controls when autoscaler applies changes to the pod resources.
// The default is 'Auto'.
// +optional
optional string updateMode = 1;
}
// PodsMetricSource indicates how to scale on a metric describing each pod in
// the current scale target (for example, transactions-processed-per-second).
// The values will be averaged together before being compared to the target
@ -313,6 +356,39 @@ message PodsMetricStatus {
optional k8s.io.apimachinery.pkg.api.resource.Quantity currentAverageValue = 2;
}
// RecommendedContainerResources is the recommendation of resources computed by
// autoscaler for a specific container. Respects the container resource policy
// if present in the spec. In particular the recommendation is not produced for
// containers with `ContainerScalingMode` set to 'Off'.
message RecommendedContainerResources {
// Name of the container.
optional string containerName = 1;
// Recommended amount of resources.
map<string, k8s.io.apimachinery.pkg.api.resource.Quantity> target = 2;
// Minimum recommended amount of resources.
// This amount is not guaranteed to be sufficient for the application to operate in a stable way, however
// running with less resources is likely to have significant impact on performance/availability.
// +optional
map<string, k8s.io.apimachinery.pkg.api.resource.Quantity> lowerBound = 3;
// Maximum recommended amount of resources.
// Any resources allocated beyond this value are likely wasted. This value may be larger than the maximum
// amount of application is actually capable of consuming.
// +optional
map<string, k8s.io.apimachinery.pkg.api.resource.Quantity> upperBound = 4;
}
// RecommendedPodResources is the recommendation of resources computed by
// autoscaler. It contains a recommendation for each container in the pod
// (except for those with `ContainerScalingMode` set to 'Off').
message RecommendedPodResources {
// Resources recommended by the autoscaler for each container.
// +optional
repeated RecommendedContainerResources containerRecommendations = 1;
}
// ResourceMetricSource indicates how to scale on a resource metric known to
// Kubernetes, as specified in requests and limits, describing each pod in the
// current scale target (e.g. CPU or memory). The values will be averaged
@ -361,3 +437,89 @@ message ResourceMetricStatus {
optional k8s.io.apimachinery.pkg.api.resource.Quantity currentAverageValue = 3;
}
// VerticalPodAutoscaler is the configuration for a vertical pod
// autoscaler, which automatically manages pod resources based on historical and
// real time resource utilization.
message VerticalPodAutoscaler {
// Standard object metadata. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata
// +optional
optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1;
// Specification of the behavior of the autoscaler.
// More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#spec-and-status.
optional VerticalPodAutoscalerSpec spec = 2;
// Current information about the autoscaler.
// +optional
optional VerticalPodAutoscalerStatus status = 3;
}
// VerticalPodAutoscalerCondition describes the state of
// a VerticalPodAutoscaler at a certain point.
message VerticalPodAutoscalerCondition {
// type describes the current condition
optional string type = 1;
// status is the status of the condition (True, False, Unknown)
optional string status = 2;
// lastTransitionTime is the last time the condition transitioned from
// one status to another
// +optional
optional k8s.io.apimachinery.pkg.apis.meta.v1.Time lastTransitionTime = 3;
// reason is the reason for the condition's last transition.
// +optional
optional string reason = 4;
// message is a human-readable explanation containing details about
// the transition
// +optional
optional string message = 5;
}
// VerticalPodAutoscalerList is a list of VerticalPodAutoscaler objects.
message VerticalPodAutoscalerList {
// metadata is the standard list metadata.
// +optional
optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1;
// items is the list of vertical pod autoscaler objects.
repeated VerticalPodAutoscaler items = 2;
}
// VerticalPodAutoscalerSpec is the specification of the behavior of the autoscaler.
message VerticalPodAutoscalerSpec {
// A label query that determines the set of pods controlled by the Autoscaler.
// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors
optional k8s.io.apimachinery.pkg.apis.meta.v1.LabelSelector selector = 1;
// Describes the rules on how changes are applied to the pods.
// If not specified, all fields in the `PodUpdatePolicy` are set to their
// default values.
// +optional
optional PodUpdatePolicy updatePolicy = 2;
// Controls how the autoscaler computes recommended resources.
// The resource policy may be used to set constraints on the recommendations
// for individual containers. If not specified, the autoscaler computes recommended
// resources for all containers in the pod, without additional constraints.
// +optional
optional PodResourcePolicy resourcePolicy = 3;
}
// VerticalPodAutoscalerStatus describes the runtime state of the autoscaler.
message VerticalPodAutoscalerStatus {
// The most recently computed amount of resources recommended by the
// autoscaler for the controlled pods.
// +optional
optional RecommendedPodResources recommendation = 1;
// Conditions is the set of conditions required for this autoscaler to scale its target,
// and indicates whether or not those conditions are met.
// +optional
// +patchMergeKey=type
// +patchStrategy=merge
repeated VerticalPodAutoscalerCondition conditions = 2;
}

211
vendor/k8s.io/api/autoscaling/v2beta1/types.go generated vendored
View file

@ -22,6 +22,8 @@ import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)
// ** Horizontal Pod Autoscaler types start here **
// CrossVersionObjectReference contains enough information to let you identify the referred resource.
type CrossVersionObjectReference struct {
// Kind of the referent; More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds"
@ -370,3 +372,212 @@ type HorizontalPodAutoscalerList struct {
// items is the list of horizontal pod autoscaler objects.
Items []HorizontalPodAutoscaler `json:"items" protobuf:"bytes,2,rep,name=items"`
}
// ** Vertical Pod Autoscaler types start here **
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// VerticalPodAutoscalerList is a list of VerticalPodAutoscaler objects.
type VerticalPodAutoscalerList struct {
metav1.TypeMeta `json:",inline"`
// metadata is the standard list metadata.
// +optional
metav1.ListMeta `json:"metadata" protobuf:"bytes,1,opt,name=metadata"`
// items is the list of vertical pod autoscaler objects.
Items []VerticalPodAutoscaler `json:"items" protobuf:"bytes,2,rep,name=items"`
}
// +genclient
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// VerticalPodAutoscaler is the configuration for a vertical pod
// autoscaler, which automatically manages pod resources based on historical and
// real time resource utilization.
type VerticalPodAutoscaler struct {
metav1.TypeMeta `json:",inline"`
// Standard object metadata. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata
// +optional
metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"`
// Specification of the behavior of the autoscaler.
// More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#spec-and-status.
Spec VerticalPodAutoscalerSpec `json:"spec" protobuf:"bytes,2,name=spec"`
// Current information about the autoscaler.
// +optional
Status VerticalPodAutoscalerStatus `json:"status,omitempty" protobuf:"bytes,3,opt,name=status"`
}
// VerticalPodAutoscalerSpec is the specification of the behavior of the autoscaler.
type VerticalPodAutoscalerSpec struct {
// A label query that determines the set of pods controlled by the Autoscaler.
// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors
Selector *metav1.LabelSelector `json:"selector" protobuf:"bytes,1,name=selector"`
// Describes the rules on how changes are applied to the pods.
// If not specified, all fields in the `PodUpdatePolicy` are set to their
// default values.
// +optional
UpdatePolicy *PodUpdatePolicy `json:"updatePolicy,omitempty" protobuf:"bytes,2,opt,name=updatePolicy"`
// Controls how the autoscaler computes recommended resources.
// The resource policy may be used to set constraints on the recommendations
// for individual containers. If not specified, the autoscaler computes recommended
// resources for all containers in the pod, without additional constraints.
// +optional
ResourcePolicy *PodResourcePolicy `json:"resourcePolicy,omitempty" protobuf:"bytes,3,opt,name=resourcePolicy"`
}
// PodUpdatePolicy describes the rules on how changes are applied to the pods.
type PodUpdatePolicy struct {
// Controls when autoscaler applies changes to the pod resources.
// The default is 'Auto'.
// +optional
UpdateMode *UpdateMode `json:"updateMode,omitempty" protobuf:"bytes,1,opt,name=updateMode"`
}
// UpdateMode controls when autoscaler applies changes to the pod resoures.
type UpdateMode string
const (
// UpdateModeOff means that autoscaler never changes Pod resources.
// The recommender still sets the recommended resources in the
// VerticalPodAutoscaler object. This can be used for a "dry run".
UpdateModeOff UpdateMode = "Off"
// UpdateModeInitial means that autoscaler only assigns resources on pod
// creation and does not change them during the lifetime of the pod.
UpdateModeInitial UpdateMode = "Initial"
// UpdateModeRecreate means that autoscaler assigns resources on pod
// creation and additionally can update them during the lifetime of the
// pod by deleting and recreating the pod.
UpdateModeRecreate UpdateMode = "Recreate"
// UpdateModeAuto means that autoscaler assigns resources on pod creation
// and additionally can update them during the lifetime of the pod,
// using any available update method. Currently this is equivalent to
// Recreate, which is the only available update method.
UpdateModeAuto UpdateMode = "Auto"
)
// PodResourcePolicy controls how autoscaler computes the recommended resources
// for containers belonging to the pod. There can be at most one entry for every
// named container and optionally a single wildcard entry with `containerName` = '*',
// which handles all containers that don't have individual policies.
type PodResourcePolicy struct {
// Per-container resource policies.
// +optional
// +patchMergeKey=containerName
// +patchStrategy=merge
ContainerPolicies []ContainerResourcePolicy `json:"containerPolicies,omitempty" patchStrategy:"merge" patchMergeKey:"containerName" protobuf:"bytes,1,rep,name=containerPolicies"`
}
// ContainerResourcePolicy controls how autoscaler computes the recommended
// resources for a specific container.
type ContainerResourcePolicy struct {
// Name of the container or DefaultContainerResourcePolicy, in which
// case the policy is used by the containers that don't have their own
// policy specified.
ContainerName string `json:"containerName,omitempty" protobuf:"bytes,1,opt,name=containerName"`
// Whether autoscaler is enabled for the container. The default is "Auto".
// +optional
Mode *ContainerScalingMode `json:"mode,omitempty" protobuf:"bytes,2,opt,name=mode"`
// Specifies the minimal amount of resources that will be recommended
// for the container. The default is no minimum.
// +optional
MinAllowed v1.ResourceList `json:"minAllowed,omitempty" protobuf:"bytes,3,rep,name=minAllowed,casttype=ResourceList,castkey=ResourceName"`
// Specifies the maximum amount of resources that will be recommended
// for the container. The default is no maximum.
// +optional
MaxAllowed v1.ResourceList `json:"maxAllowed,omitempty" protobuf:"bytes,4,rep,name=maxAllowed,casttype=ResourceList,castkey=ResourceName"`
}
const (
// DefaultContainerResourcePolicy can be passed as
// ContainerResourcePolicy.ContainerName to specify the default policy.
DefaultContainerResourcePolicy = "*"
)
// ContainerScalingMode controls whether autoscaler is enabled for a specific
// container.
type ContainerScalingMode string
const (
// ContainerScalingModeAuto means autoscaling is enabled for a container.
ContainerScalingModeAuto ContainerScalingMode = "Auto"
// ContainerScalingModeOff means autoscaling is disabled for a container.
ContainerScalingModeOff ContainerScalingMode = "Off"
)
// VerticalPodAutoscalerStatus describes the runtime state of the autoscaler.
type VerticalPodAutoscalerStatus struct {
// The most recently computed amount of resources recommended by the
// autoscaler for the controlled pods.
// +optional
Recommendation *RecommendedPodResources `json:"recommendation,omitempty" protobuf:"bytes,1,opt,name=recommendation"`
// Conditions is the set of conditions required for this autoscaler to scale its target,
// and indicates whether or not those conditions are met.
// +optional
// +patchMergeKey=type
// +patchStrategy=merge
Conditions []VerticalPodAutoscalerCondition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,2,rep,name=conditions"`
}
// RecommendedPodResources is the recommendation of resources computed by
// autoscaler. It contains a recommendation for each container in the pod
// (except for those with `ContainerScalingMode` set to 'Off').
type RecommendedPodResources struct {
// Resources recommended by the autoscaler for each container.
// +optional
ContainerRecommendations []RecommendedContainerResources `json:"containerRecommendations,omitempty" protobuf:"bytes,1,rep,name=containerRecommendations"`
}
// RecommendedContainerResources is the recommendation of resources computed by
// autoscaler for a specific container. Respects the container resource policy
// if present in the spec. In particular the recommendation is not produced for
// containers with `ContainerScalingMode` set to 'Off'.
type RecommendedContainerResources struct {
// Name of the container.
ContainerName string `json:"containerName,omitempty" protobuf:"bytes,1,opt,name=containerName"`
// Recommended amount of resources.
Target v1.ResourceList `json:"target" protobuf:"bytes,2,rep,name=target,casttype=ResourceList,castkey=ResourceName"`
// Minimum recommended amount of resources.
// This amount is not guaranteed to be sufficient for the application to operate in a stable way, however
// running with less resources is likely to have significant impact on performance/availability.
// +optional
LowerBound v1.ResourceList `json:"lowerBound,omitempty" protobuf:"bytes,3,rep,name=lowerBound,casttype=ResourceList,castkey=ResourceName"`
// Maximum recommended amount of resources.
// Any resources allocated beyond this value are likely wasted. This value may be larger than the maximum
// amount of application is actually capable of consuming.
// +optional
UpperBound v1.ResourceList `json:"upperBound,omitempty" protobuf:"bytes,4,rep,name=upperBound,casttype=ResourceList,castkey=ResourceName"`
}
// VerticalPodAutoscalerConditionType are the valid conditions of
// a VerticalPodAutoscaler.
type VerticalPodAutoscalerConditionType string
var (
// RecommendationProvided indicates whether the VPA recommender was able to calculate a recommendation.
RecommendationProvided VerticalPodAutoscalerConditionType = "RecommendationProvided"
)
// VerticalPodAutoscalerCondition describes the state of
// a VerticalPodAutoscaler at a certain point.
type VerticalPodAutoscalerCondition struct {
// type describes the current condition
Type VerticalPodAutoscalerConditionType `json:"type" protobuf:"bytes,1,name=type"`
// status is the status of the condition (True, False, Unknown)
Status v1.ConditionStatus `json:"status" protobuf:"bytes,2,name=status"`
// lastTransitionTime is the last time the condition transitioned from
// one status to another
// +optional
LastTransitionTime metav1.Time `json:"lastTransitionTime,omitempty" protobuf:"bytes,3,opt,name=lastTransitionTime"`
// reason is the reason for the condition's last transition.
// +optional
Reason string `json:"reason,omitempty" protobuf:"bytes,4,opt,name=reason"`
// message is a human-readable explanation containing details about
// the transition
// +optional
Message string `json:"message,omitempty" protobuf:"bytes,5,opt,name=message"`
}

110
vendor/k8s.io/api/autoscaling/v2beta1/types_swagger_doc_generated.go generated vendored
View file

@ -1,5 +1,5 @@
/*
Copyright 2016 The Kubernetes Authors.
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
@ -26,7 +26,19 @@ package v2beta1
//
// Those methods can be generated by using hack/update-generated-swagger-docs.sh
// AUTO-GENERATED FUNCTIONS START HERE
// AUTO-GENERATED FUNCTIONS START HERE. DO NOT EDIT.
var map_ContainerResourcePolicy = map[string]string{
"": "ContainerResourcePolicy controls how autoscaler computes the recommended resources for a specific container.",
"containerName": "Name of the container or DefaultContainerResourcePolicy, in which case the policy is used by the containers that don't have their own policy specified.",
"mode": "Whether autoscaler is enabled for the container. The default is \"Auto\".",
"minAllowed": "Specifies the minimal amount of resources that will be recommended for the container. The default is no minimum.",
"maxAllowed": "Specifies the maximum amount of resources that will be recommended for the container. The default is no maximum.",
}
func (ContainerResourcePolicy) SwaggerDoc() map[string]string {
return map_ContainerResourcePolicy
}
var map_CrossVersionObjectReference = map[string]string{
"": "CrossVersionObjectReference contains enough information to let you identify the referred resource.",
"kind": "Kind of the referent; More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds\"",
@ -170,6 +182,24 @@ func (ObjectMetricStatus) SwaggerDoc() map[string]string {
return map_ObjectMetricStatus
}
var map_PodResourcePolicy = map[string]string{
"": "PodResourcePolicy controls how autoscaler computes the recommended resources for containers belonging to the pod. There can be at most one entry for every named container and optionally a single wildcard entry with `containerName` = '*', which handles all containers that don't have individual policies.",
"containerPolicies": "Per-container resource policies.",
}
func (PodResourcePolicy) SwaggerDoc() map[string]string {
return map_PodResourcePolicy
}
var map_PodUpdatePolicy = map[string]string{
"": "PodUpdatePolicy describes the rules on how changes are applied to the pods.",
"updateMode": "Controls when autoscaler applies changes to the pod resources. The default is 'Auto'.",
}
func (PodUpdatePolicy) SwaggerDoc() map[string]string {
return map_PodUpdatePolicy
}
var map_PodsMetricSource = map[string]string{
"": "PodsMetricSource indicates how to scale on a metric describing each pod in the current scale target (for example, transactions-processed-per-second). The values will be averaged together before being compared to the target value.",
"metricName": "metricName is the name of the metric in question",
@ -190,6 +220,27 @@ func (PodsMetricStatus) SwaggerDoc() map[string]string {
return map_PodsMetricStatus
}
var map_RecommendedContainerResources = map[string]string{
"": "RecommendedContainerResources is the recommendation of resources computed by autoscaler for a specific container. Respects the container resource policy if present in the spec. In particular the recommendation is not produced for containers with `ContainerScalingMode` set to 'Off'.",
"containerName": "Name of the container.",
"target": "Recommended amount of resources.",
"lowerBound": "Minimum recommended amount of resources. This amount is not guaranteed to be sufficient for the application to operate in a stable way, however running with less resources is likely to have significant impact on performance/availability.",
"upperBound": "Maximum recommended amount of resources. Any resources allocated beyond this value are likely wasted. This value may be larger than the maximum amount of application is actually capable of consuming.",
}
func (RecommendedContainerResources) SwaggerDoc() map[string]string {
return map_RecommendedContainerResources
}
var map_RecommendedPodResources = map[string]string{
"": "RecommendedPodResources is the recommendation of resources computed by autoscaler. It contains a recommendation for each container in the pod (except for those with `ContainerScalingMode` set to 'Off').",
"containerRecommendations": "Resources recommended by the autoscaler for each container.",
}
func (RecommendedPodResources) SwaggerDoc() map[string]string {
return map_RecommendedPodResources
}
var map_ResourceMetricSource = map[string]string{
"": "ResourceMetricSource indicates how to scale on a resource metric known to Kubernetes, as specified in requests and limits, describing each pod in the current scale target (e.g. CPU or memory). The values will be averaged together before being compared to the target. Such metrics are built in to Kubernetes, and have special scaling options on top of those available to normal per-pod metrics using the \"pods\" source. Only one \"target\" type should be set.",
"name": "name is the name of the resource in question.",
@ -212,4 +263,59 @@ func (ResourceMetricStatus) SwaggerDoc() map[string]string {
return map_ResourceMetricStatus
}
var map_VerticalPodAutoscaler = map[string]string{
"": "VerticalPodAutoscaler is the configuration for a vertical pod autoscaler, which automatically manages pod resources based on historical and real time resource utilization.",
"metadata": "Standard object metadata. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata",
"spec": "Specification of the behavior of the autoscaler. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#spec-and-status.",
"status": "Current information about the autoscaler.",
}
func (VerticalPodAutoscaler) SwaggerDoc() map[string]string {
return map_VerticalPodAutoscaler
}
var map_VerticalPodAutoscalerCondition = map[string]string{
"": "VerticalPodAutoscalerCondition describes the state of a VerticalPodAutoscaler at a certain point.",
"type": "type describes the current condition",
"status": "status is the status of the condition (True, False, Unknown)",
"lastTransitionTime": "lastTransitionTime is the last time the condition transitioned from one status to another",
"reason": "reason is the reason for the condition's last transition.",
"message": "message is a human-readable explanation containing details about the transition",
}
func (VerticalPodAutoscalerCondition) SwaggerDoc() map[string]string {
return map_VerticalPodAutoscalerCondition
}
var map_VerticalPodAutoscalerList = map[string]string{
"": "VerticalPodAutoscalerList is a list of VerticalPodAutoscaler objects.",
"metadata": "metadata is the standard list metadata.",
"items": "items is the list of vertical pod autoscaler objects.",
}
func (VerticalPodAutoscalerList) SwaggerDoc() map[string]string {
return map_VerticalPodAutoscalerList
}
var map_VerticalPodAutoscalerSpec = map[string]string{
"": "VerticalPodAutoscalerSpec is the specification of the behavior of the autoscaler.",
"selector": "A label query that determines the set of pods controlled by the Autoscaler. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors",
"updatePolicy": "Describes the rules on how changes are applied to the pods. If not specified, all fields in the `PodUpdatePolicy` are set to their default values.",
"resourcePolicy": "Controls how the autoscaler computes recommended resources. The resource policy may be used to set constraints on the recommendations for individual containers. If not specified, the autoscaler computes recommended resources for all containers in the pod, without additional constraints.",
}
func (VerticalPodAutoscalerSpec) SwaggerDoc() map[string]string {
return map_VerticalPodAutoscalerSpec
}
var map_VerticalPodAutoscalerStatus = map[string]string{
"": "VerticalPodAutoscalerStatus describes the runtime state of the autoscaler.",
"recommendation": "The most recently computed amount of resources recommended by the autoscaler for the controlled pods.",
"conditions": "Conditions is the set of conditions required for this autoscaler to scale its target, and indicates whether or not those conditions are met.",
}
func (VerticalPodAutoscalerStatus) SwaggerDoc() map[string]string {
return map_VerticalPodAutoscalerStatus
}
// AUTO-GENERATED FUNCTIONS END HERE

309
vendor/k8s.io/api/autoscaling/v2beta1/zz_generated.deepcopy.go generated vendored
View file

@ -1,7 +1,7 @@
// +build !ignore_autogenerated
/*
Copyright 2018 The Kubernetes Authors.
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
@ -21,10 +21,50 @@ limitations under the License.
package v2beta1
import (
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
v1 "k8s.io/api/core/v1"
meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
runtime "k8s.io/apimachinery/pkg/runtime"
)
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ContainerResourcePolicy) DeepCopyInto(out *ContainerResourcePolicy) {
*out = *in
if in.Mode != nil {
in, out := &in.Mode, &out.Mode
if *in == nil {
*out = nil
} else {
*out = new(ContainerScalingMode)
**out = **in
}
}
if in.MinAllowed != nil {
in, out := &in.MinAllowed, &out.MinAllowed
*out = make(v1.ResourceList, len(*in))
for key, val := range *in {
(*out)[key] = val.DeepCopy()
}
}
if in.MaxAllowed != nil {
in, out := &in.MaxAllowed, &out.MaxAllowed
*out = make(v1.ResourceList, len(*in))
for key, val := range *in {
(*out)[key] = val.DeepCopy()
}
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ContainerResourcePolicy.
func (in *ContainerResourcePolicy) DeepCopy() *ContainerResourcePolicy {
if in == nil {
return nil
}
out := new(ContainerResourcePolicy)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *CrossVersionObjectReference) DeepCopyInto(out *CrossVersionObjectReference) {
*out = *in
@ -49,7 +89,7 @@ func (in *ExternalMetricSource) DeepCopyInto(out *ExternalMetricSource) {
if *in == nil {
*out = nil
} else {
*out = new(v1.LabelSelector)
*out = new(meta_v1.LabelSelector)
(*in).DeepCopyInto(*out)
}
}
@ -92,7 +132,7 @@ func (in *ExternalMetricStatus) DeepCopyInto(out *ExternalMetricStatus) {
if *in == nil {
*out = nil
} else {
*out = new(v1.LabelSelector)
*out = new(meta_v1.LabelSelector)
(*in).DeepCopyInto(*out)
}
}
@ -417,6 +457,54 @@ func (in *ObjectMetricStatus) DeepCopy() *ObjectMetricStatus {
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *PodResourcePolicy) DeepCopyInto(out *PodResourcePolicy) {
*out = *in
if in.ContainerPolicies != nil {
in, out := &in.ContainerPolicies, &out.ContainerPolicies
*out = make([]ContainerResourcePolicy, len(*in))
for i := range *in {
(*in)[i].DeepCopyInto(&(*out)[i])
}
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PodResourcePolicy.
func (in *PodResourcePolicy) DeepCopy() *PodResourcePolicy {
if in == nil {
return nil
}
out := new(PodResourcePolicy)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *PodUpdatePolicy) DeepCopyInto(out *PodUpdatePolicy) {
*out = *in
if in.UpdateMode != nil {
in, out := &in.UpdateMode, &out.UpdateMode
if *in == nil {
*out = nil
} else {
*out = new(UpdateMode)
**out = **in
}
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PodUpdatePolicy.
func (in *PodUpdatePolicy) DeepCopy() *PodUpdatePolicy {
if in == nil {
return nil
}
out := new(PodUpdatePolicy)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *PodsMetricSource) DeepCopyInto(out *PodsMetricSource) {
*out = *in
@ -451,6 +539,66 @@ func (in *PodsMetricStatus) DeepCopy() *PodsMetricStatus {
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *RecommendedContainerResources) DeepCopyInto(out *RecommendedContainerResources) {
*out = *in
if in.Target != nil {
in, out := &in.Target, &out.Target
*out = make(v1.ResourceList, len(*in))
for key, val := range *in {
(*out)[key] = val.DeepCopy()
}
}
if in.LowerBound != nil {
in, out := &in.LowerBound, &out.LowerBound
*out = make(v1.ResourceList, len(*in))
for key, val := range *in {
(*out)[key] = val.DeepCopy()
}
}
if in.UpperBound != nil {
in, out := &in.UpperBound, &out.UpperBound
*out = make(v1.ResourceList, len(*in))
for key, val := range *in {
(*out)[key] = val.DeepCopy()
}
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RecommendedContainerResources.
func (in *RecommendedContainerResources) DeepCopy() *RecommendedContainerResources {
if in == nil {
return nil
}
out := new(RecommendedContainerResources)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *RecommendedPodResources) DeepCopyInto(out *RecommendedPodResources) {
*out = *in
if in.ContainerRecommendations != nil {
in, out := &in.ContainerRecommendations, &out.ContainerRecommendations
*out = make([]RecommendedContainerResources, len(*in))
for i := range *in {
(*in)[i].DeepCopyInto(&(*out)[i])
}
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RecommendedPodResources.
func (in *RecommendedPodResources) DeepCopy() *RecommendedPodResources {
if in == nil {
return nil
}
out := new(RecommendedPodResources)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ResourceMetricSource) DeepCopyInto(out *ResourceMetricSource) {
*out = *in
@ -510,3 +658,156 @@ func (in *ResourceMetricStatus) DeepCopy() *ResourceMetricStatus {
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *VerticalPodAutoscaler) DeepCopyInto(out *VerticalPodAutoscaler) {
*out = *in
out.TypeMeta = in.TypeMeta
in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
in.Spec.DeepCopyInto(&out.Spec)
in.Status.DeepCopyInto(&out.Status)
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VerticalPodAutoscaler.
func (in *VerticalPodAutoscaler) DeepCopy() *VerticalPodAutoscaler {
if in == nil {
return nil
}
out := new(VerticalPodAutoscaler)
in.DeepCopyInto(out)
return out
}
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (in *VerticalPodAutoscaler) DeepCopyObject() runtime.Object {
if c := in.DeepCopy(); c != nil {
return c
}
return nil
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *VerticalPodAutoscalerCondition) DeepCopyInto(out *VerticalPodAutoscalerCondition) {
*out = *in
in.LastTransitionTime.DeepCopyInto(&out.LastTransitionTime)
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VerticalPodAutoscalerCondition.
func (in *VerticalPodAutoscalerCondition) DeepCopy() *VerticalPodAutoscalerCondition {
if in == nil {
return nil
}
out := new(VerticalPodAutoscalerCondition)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *VerticalPodAutoscalerList) DeepCopyInto(out *VerticalPodAutoscalerList) {
*out = *in
out.TypeMeta = in.TypeMeta
out.ListMeta = in.ListMeta
if in.Items != nil {
in, out := &in.Items, &out.Items
*out = make([]VerticalPodAutoscaler, len(*in))
for i := range *in {
(*in)[i].DeepCopyInto(&(*out)[i])
}
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VerticalPodAutoscalerList.
func (in *VerticalPodAutoscalerList) DeepCopy() *VerticalPodAutoscalerList {
if in == nil {
return nil
}
out := new(VerticalPodAutoscalerList)
in.DeepCopyInto(out)
return out
}
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (in *VerticalPodAutoscalerList) DeepCopyObject() runtime.Object {
if c := in.DeepCopy(); c != nil {
return c
}
return nil
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *VerticalPodAutoscalerSpec) DeepCopyInto(out *VerticalPodAutoscalerSpec) {
*out = *in
if in.Selector != nil {
in, out := &in.Selector, &out.Selector
if *in == nil {
*out = nil
} else {
*out = new(meta_v1.LabelSelector)
(*in).DeepCopyInto(*out)
}
}
if in.UpdatePolicy != nil {
in, out := &in.UpdatePolicy, &out.UpdatePolicy
if *in == nil {
*out = nil
} else {
*out = new(PodUpdatePolicy)
(*in).DeepCopyInto(*out)
}
}
if in.ResourcePolicy != nil {
in, out := &in.ResourcePolicy, &out.ResourcePolicy
if *in == nil {
*out = nil
} else {
*out = new(PodResourcePolicy)
(*in).DeepCopyInto(*out)
}
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VerticalPodAutoscalerSpec.
func (in *VerticalPodAutoscalerSpec) DeepCopy() *VerticalPodAutoscalerSpec {
if in == nil {
return nil
}
out := new(VerticalPodAutoscalerSpec)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *VerticalPodAutoscalerStatus) DeepCopyInto(out *VerticalPodAutoscalerStatus) {
*out = *in
if in.Recommendation != nil {
in, out := &in.Recommendation, &out.Recommendation
if *in == nil {
*out = nil
} else {
*out = new(RecommendedPodResources)
(*in).DeepCopyInto(*out)
}
}
if in.Conditions != nil {
in, out := &in.Conditions, &out.Conditions
*out = make([]VerticalPodAutoscalerCondition, len(*in))
for i := range *in {
(*in)[i].DeepCopyInto(&(*out)[i])
}
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VerticalPodAutoscalerStatus.
func (in *VerticalPodAutoscalerStatus) DeepCopy() *VerticalPodAutoscalerStatus {
if in == nil {
return nil
}
out := new(VerticalPodAutoscalerStatus)
in.DeepCopyInto(out)
return out
}

2
vendor/k8s.io/api/batch/v1/generated.pb.go generated vendored
View file

@ -1,5 +1,5 @@
/*
Copyright 2018 The Kubernetes Authors.
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.

2
vendor/k8s.io/api/batch/v1/generated.proto generated vendored
View file

@ -1,5 +1,5 @@
/*
Copyright 2018 The Kubernetes Authors.
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.

4
vendor/k8s.io/api/batch/v1/types_swagger_doc_generated.go generated vendored
View file

@ -1,5 +1,5 @@
/*
Copyright 2016 The Kubernetes Authors.
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
@ -26,7 +26,7 @@ package v1
//
// Those methods can be generated by using hack/update-generated-swagger-docs.sh
// AUTO-GENERATED FUNCTIONS START HERE
// AUTO-GENERATED FUNCTIONS START HERE. DO NOT EDIT.
var map_Job = map[string]string{
"": "Job represents the configuration of a single job.",
"metadata": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata",

2
vendor/k8s.io/api/batch/v1/zz_generated.deepcopy.go generated vendored
View file

@ -1,7 +1,7 @@
// +build !ignore_autogenerated
/*
Copyright 2018 The Kubernetes Authors.
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.

2
vendor/k8s.io/api/batch/v1beta1/generated.pb.go generated vendored
View file

@ -1,5 +1,5 @@
/*
Copyright 2018 The Kubernetes Authors.
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.

2
vendor/k8s.io/api/batch/v1beta1/generated.proto generated vendored
View file

@ -1,5 +1,5 @@
/*
Copyright 2018 The Kubernetes Authors.
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.

4
vendor/k8s.io/api/batch/v1beta1/types_swagger_doc_generated.go generated vendored
View file

@ -1,5 +1,5 @@
/*
Copyright 2016 The Kubernetes Authors.
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
@ -26,7 +26,7 @@ package v1beta1
//
// Those methods can be generated by using hack/update-generated-swagger-docs.sh
// AUTO-GENERATED FUNCTIONS START HERE
// AUTO-GENERATED FUNCTIONS START HERE. DO NOT EDIT.
var map_CronJob = map[string]string{
"": "CronJob represents the configuration of a single cron job.",
"metadata": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata",

2
vendor/k8s.io/api/batch/v1beta1/zz_generated.deepcopy.go generated vendored
View file

@ -1,7 +1,7 @@
// +build !ignore_autogenerated
/*
Copyright 2018 The Kubernetes Authors.
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.

2
vendor/k8s.io/api/batch/v2alpha1/generated.pb.go generated vendored
View file

@ -1,5 +1,5 @@
/*
Copyright 2018 The Kubernetes Authors.
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.

2
vendor/k8s.io/api/batch/v2alpha1/generated.proto generated vendored
View file

@ -1,5 +1,5 @@
/*
Copyright 2018 The Kubernetes Authors.
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.

4
vendor/k8s.io/api/batch/v2alpha1/types_swagger_doc_generated.go generated vendored
View file

@ -1,5 +1,5 @@
/*
Copyright 2016 The Kubernetes Authors.
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
@ -26,7 +26,7 @@ package v2alpha1
//
// Those methods can be generated by using hack/update-generated-swagger-docs.sh
// AUTO-GENERATED FUNCTIONS START HERE
// AUTO-GENERATED FUNCTIONS START HERE. DO NOT EDIT.
var map_CronJob = map[string]string{
"": "CronJob represents the configuration of a single cron job.",
"metadata": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata",

2
vendor/k8s.io/api/batch/v2alpha1/zz_generated.deepcopy.go generated vendored
View file

@ -1,7 +1,7 @@
// +build !ignore_autogenerated
/*
Copyright 2018 The Kubernetes Authors.
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.

2
vendor/k8s.io/api/certificates/v1beta1/generated.pb.go generated vendored
View file

@ -1,5 +1,5 @@
/*
Copyright 2018 The Kubernetes Authors.
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.

2
vendor/k8s.io/api/certificates/v1beta1/generated.proto generated vendored
View file

@ -1,5 +1,5 @@
/*
Copyright 2018 The Kubernetes Authors.
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.

4
vendor/k8s.io/api/certificates/v1beta1/types_swagger_doc_generated.go generated vendored
View file

@ -1,5 +1,5 @@
/*
Copyright 2016 The Kubernetes Authors.
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
@ -26,7 +26,7 @@ package v1beta1
//
// Those methods can be generated by using hack/update-generated-swagger-docs.sh
// AUTO-GENERATED FUNCTIONS START HERE
// AUTO-GENERATED FUNCTIONS START HERE. DO NOT EDIT.
var map_CertificateSigningRequest = map[string]string{
"": "Describes a certificate signing request",
"spec": "The certificate request itself and any additional information.",

2
vendor/k8s.io/api/certificates/v1beta1/zz_generated.deepcopy.go generated vendored
View file

@ -1,7 +1,7 @@
// +build !ignore_autogenerated
/*
Copyright 2018 The Kubernetes Authors.
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.

21
vendor/k8s.io/api/core/v1/annotation_key_constants.go generated vendored
View file

@ -45,24 +45,17 @@ const (
// to one container of a pod.
SeccompContainerAnnotationKeyPrefix string = "container.seccomp.security.alpha.kubernetes.io/"
// SeccompProfileRuntimeDefault represents the default seccomp profile used by container runtime.
SeccompProfileRuntimeDefault string = "runtime/default"
// DeprecatedSeccompProfileDockerDefault represents the default seccomp profile used by docker.
// This is now deprecated and should be replaced by SeccompProfileRuntimeDefault.
DeprecatedSeccompProfileDockerDefault string = "docker/default"
// PreferAvoidPodsAnnotationKey represents the key of preferAvoidPods data (json serialized)
// in the Annotations of a Node.
PreferAvoidPodsAnnotationKey string = "scheduler.alpha.kubernetes.io/preferAvoidPods"
// SysctlsPodAnnotationKey represents the key of sysctls which are set for the infrastructure
// container of a pod. The annotation value is a comma separated list of sysctl_name=value
// key-value pairs. Only a limited set of whitelisted and isolated sysctls is supported by
// the kubelet. Pods with other sysctls will fail to launch.
SysctlsPodAnnotationKey string = "security.alpha.kubernetes.io/sysctls"
// UnsafeSysctlsPodAnnotationKey represents the key of sysctls which are set for the infrastructure
// container of a pod. The annotation value is a comma separated list of sysctl_name=value
// key-value pairs. Unsafe sysctls must be explicitly enabled for a kubelet. They are properly
// namespaced to a pod or a container, but their isolation is usually unclear or weak. Their use
// is at-your-own-risk. Pods that attempt to set an unsafe sysctl that is not enabled for a kubelet
// will fail to launch.
UnsafeSysctlsPodAnnotationKey string = "security.alpha.kubernetes.io/unsafe-sysctls"
// ObjectTTLAnnotations represents a suggestion for kubelet for how long it can cache
// an object (e.g. secret, config map) before fetching it again from apiserver.
// This annotation can be attached to node.

6766
vendor/k8s.io/api/core/v1/generated.pb.go generated vendored
View file

File diff suppressed because it is too large Load diff

525
vendor/k8s.io/api/core/v1/generated.proto generated vendored
View file

@ -1,5 +1,5 @@
/*
Copyright 2018 The Kubernetes Authors.
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
@ -298,6 +298,34 @@ message CephFSVolumeSource {
optional bool readOnly = 6;
}
// Represents a cinder volume resource in Openstack.
// A Cinder volume must exist before mounting to a container.
// The volume must also be in the same region as the kubelet.
// Cinder volumes support ownership management and SELinux relabeling.
message CinderPersistentVolumeSource {
// volume id used to identify the volume in cinder
// More info: https://releases.k8s.io/HEAD/examples/mysql-cinder-pd/README.md
optional string volumeID = 1;
// Filesystem type to mount.
// Must be a filesystem type supported by the host operating system.
// Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
// More info: https://releases.k8s.io/HEAD/examples/mysql-cinder-pd/README.md
// +optional
optional string fsType = 2;
// Optional: Defaults to false (read/write). ReadOnly here will force
// the ReadOnly setting in VolumeMounts.
// More info: https://releases.k8s.io/HEAD/examples/mysql-cinder-pd/README.md
// +optional
optional bool readOnly = 3;
// Optional: points to a secret object containing parameters used to connect
// to OpenStack.
// +optional
optional SecretReference secretRef = 4;
}
// Represents a cinder volume resource in Openstack.
// A Cinder volume must exist before mounting to a container.
// The volume must also be in the same region as the kubelet.
@ -319,6 +347,11 @@ message CinderVolumeSource {
// More info: https://releases.k8s.io/HEAD/examples/mysql-cinder-pd/README.md
// +optional
optional bool readOnly = 3;
// Optional: points to a secret object containing parameters used to connect
// to OpenStack.
// +optional
optional LocalObjectReference secretRef = 4;
}
// ClientIPConfig represents the configurations of Client IP based session affinity.
@ -439,6 +472,31 @@ message ConfigMapList {
repeated ConfigMap items = 2;
}
// ConfigMapNodeConfigSource contains the information to reference a ConfigMap as a config source for the Node.
message ConfigMapNodeConfigSource {
// Namespace is the metadata.namespace of the referenced ConfigMap.
// This field is required in all cases.
optional string namespace = 1;
// Name is the metadata.name of the referenced ConfigMap.
// This field is required in all cases.
optional string name = 2;
// UID is the metadata.UID of the referenced ConfigMap.
// This field is forbidden in Node.Spec, and required in Node.Status.
// +optional
optional string uid = 3;
// ResourceVersion is the metadata.ResourceVersion of the referenced ConfigMap.
// This field is forbidden in Node.Spec, and required in Node.Status.
// +optional
optional string resourceVersion = 4;
// KubeletConfigKey declares which key of the referenced ConfigMap corresponds to the KubeletConfiguration structure
// This field is required in all cases.
optional string kubeletConfigKey = 5;
}
// Adapts a ConfigMap into a projected volume.
//
// The contents of the target ConfigMap's Data field will be presented in a
@ -809,41 +867,6 @@ message DaemonEndpoint {
optional int32 Port = 1;
}
// DeleteOptions may be provided when deleting an API object
// DEPRECATED: This type has been moved to meta/v1 and will be removed soon.
// +k8s:openapi-gen=false
message DeleteOptions {
// The duration in seconds before the object should be deleted. Value must be non-negative integer.
// The value zero indicates delete immediately. If this value is nil, the default grace period for the
// specified type will be used.
// Defaults to a per object value if not specified. zero means delete immediately.
// +optional
optional int64 gracePeriodSeconds = 1;
// Must be fulfilled before a deletion is carried out. If not possible, a 409 Conflict status will be
// returned.
// +optional
optional Preconditions preconditions = 2;
// Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7.
// Should the dependent objects be orphaned. If true/false, the "orphan"
// finalizer will be added to/removed from the object's finalizers list.
// Either this field or PropagationPolicy may be set, but not both.
// +optional
optional bool orphanDependents = 3;
// Whether and how garbage collection will be performed.
// Either this field or OrphanDependents may be set, but not both.
// The default policy is decided by the existing finalizer set in the
// metadata.finalizers and the resource-specific default policy.
// Acceptable values are: 'Orphan' - orphan the dependents; 'Background' -
// allow the garbage collector to delete the dependents in the background;
// 'Foreground' - a cascading policy that deletes all dependents in the
// foreground.
// +optional
optional string propagationPolicy = 4;
}
// Represents downward API info for projecting into a projected volume.
// Note that this is identical to a downwardAPI volume source without the default
// mode.
@ -1328,6 +1351,10 @@ message GCEPersistentDiskVolumeSource {
// Represents a volume that is populated with the contents of a git repository.
// Git repo volumes do not support ownership management.
// Git repo volumes support SELinux relabeling.
//
// DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an
// EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir
// into the Pod's container.
message GitRepoVolumeSource {
// Repository URL
optional string repository = 1;
@ -1662,43 +1689,6 @@ message List {
repeated k8s.io.apimachinery.pkg.runtime.RawExtension items = 2;
}
// ListOptions is the query options to a standard REST list call.
// DEPRECATED: This type has been moved to meta/v1 and will be removed soon.
// +k8s:openapi-gen=false
message ListOptions {
// A selector to restrict the list of returned objects by their labels.
// Defaults to everything.
// +optional
optional string labelSelector = 1;
// A selector to restrict the list of returned objects by their fields.
// Defaults to everything.
// +optional
optional string fieldSelector = 2;
// If true, partially initialized resources are included in the response.
// +optional
optional bool includeUninitialized = 6;
// Watch for changes to the described resources and return them as a stream of
// add, update, and remove notifications. Specify resourceVersion.
// +optional
optional bool watch = 3;
// When specified with a watch call, shows changes that occur after that particular version of a resource.
// Defaults to changes from the beginning of history.
// When specified for list:
// - if unset, then the result is returned from remote storage based on quorum-read flag;
// - if it's 0, then we simply return what we currently have in cache, no guarantee;
// - if set to non zero, then the result is at least as fresh as given rv.
// +optional
optional string resourceVersion = 4;
// Timeout for the list/watch call.
// +optional
optional int64 timeoutSeconds = 5;
}
// LoadBalancerIngress represents the status of a load-balancer ingress point:
// traffic intended for the service should be sent to an ingress point.
message LoadBalancerIngress {
@ -1731,11 +1721,13 @@ message LocalObjectReference {
optional string name = 1;
}
// Local represents directly-attached storage with node affinity
// Local represents directly-attached storage with node affinity (Beta feature)
message LocalVolumeSource {
// The full path to the volume on the node
// For alpha, this path must be a directory
// Once block as a source is supported, then this path can point to a block device
// The full path to the volume on the node.
// It can be either a directory or block device (disk, partition, ...).
// Directories can be represented only by PersistentVolume with VolumeMode=Filesystem.
// Block devices can be represented only by VolumeMode=Block, which also requires the
// BlockVolume alpha feature gate to be enabled.
optional string path = 1;
}
@ -1885,7 +1877,58 @@ message NodeCondition {
// NodeConfigSource specifies a source of node configuration. Exactly one subfield (excluding metadata) must be non-nil.
message NodeConfigSource {
optional ObjectReference configMapRef = 1;
// ConfigMap is a reference to a Node's ConfigMap
optional ConfigMapNodeConfigSource configMap = 2;
}
// NodeConfigStatus describes the status of the config assigned by Node.Spec.ConfigSource.
message NodeConfigStatus {
// Assigned reports the checkpointed config the node will try to use.
// When Node.Spec.ConfigSource is updated, the node checkpoints the associated
// config payload to local disk, along with a record indicating intended
// config. The node refers to this record to choose its config checkpoint, and
// reports this record in Assigned. Assigned only updates in the status after
// the record has been checkpointed to disk. When the Kubelet is restarted,
// it tries to make the Assigned config the Active config by loading and
// validating the checkpointed payload identified by Assigned.
// +optional
optional NodeConfigSource assigned = 1;
// Active reports the checkpointed config the node is actively using.
// Active will represent either the current version of the Assigned config,
// or the current LastKnownGood config, depending on whether attempting to use the
// Assigned config results in an error.
// +optional
optional NodeConfigSource active = 2;
// LastKnownGood reports the checkpointed config the node will fall back to
// when it encounters an error attempting to use the Assigned config.
// The Assigned config becomes the LastKnownGood config when the node determines
// that the Assigned config is stable and correct.
// This is currently implemented as a 10-minute soak period starting when the local
// record of Assigned config is updated. If the Assigned config is Active at the end
// of this period, it becomes the LastKnownGood. Note that if Spec.ConfigSource is
// reset to nil (use local defaults), the LastKnownGood is also immediately reset to nil,
// because the local default config is always assumed good.
// You should not make assumptions about the node's method of determining config stability
// and correctness, as this may change or become configurable in the future.
// +optional
optional NodeConfigSource lastKnownGood = 3;
// Error describes any problems reconciling the Spec.ConfigSource to the Active config.
// Errors may occur, for example, attempting to checkpoint Spec.ConfigSource to the local Assigned
// record, attempting to checkpoint the payload associated with Spec.ConfigSource, attempting
// to load or validate the Assigned config, etc.
// Errors may occur at different points while syncing config. Earlier errors (e.g. download or
// checkpointing errors) will not result in a rollback to LastKnownGood, and may resolve across
// Kubelet retries. Later errors (e.g. loading or validating a checkpointed config) will result in
// a rollback to LastKnownGood. In the latter case, it is usually possible to resolve the error
// by fixing the config assigned in Spec.ConfigSource.
// You can find additional information for debugging by searching the error message in the Kubelet log.
// Error is a human-readable description of the error state; machines can check whether or not Error
// is empty, but should not rely on the stability of the Error text across Kubelet versions.
// +optional
optional string error = 4;
}
// NodeDaemonEndpoints lists ports opened by daemons running on the Node.
@ -1947,10 +1990,17 @@ message NodeSelectorRequirement {
repeated string values = 3;
}
// A null or empty node selector term matches no objects.
// A null or empty node selector term matches no objects. The requirements of
// them are ANDed.
// The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.
message NodeSelectorTerm {
// Required. A list of node selector requirements. The requirements are ANDed.
// A list of node selector requirements by node's labels.
// +optional
repeated NodeSelectorRequirement matchExpressions = 1;
// A list of node selector requirements by node's fields.
// +optional
repeated NodeSelectorRequirement matchFields = 2;
}
// NodeSpec describes the attributes that a node is created with.
@ -1959,11 +2009,6 @@ message NodeSpec {
// +optional
optional string podCIDR = 1;
// External ID of the node assigned by some machine database (e.g. a cloud provider).
// Deprecated.
// +optional
optional string externalID = 2;
// ID of the node assigned by the cloud provider in the format: <ProviderName>://<ProviderSpecificNodeID>
// +optional
optional string providerID = 3;
@ -1981,6 +2026,11 @@ message NodeSpec {
// The DynamicKubeletConfig feature gate must be enabled for the Kubelet to use this field
// +optional
optional NodeConfigSource configSource = 6;
// Deprecated. Not all kubelets will set this field. Remove field after 1.13.
// see: https://issues.k8s.io/61966
// +optional
optional string externalID = 2;
}
// NodeStatus is information about the current status of a node.
@ -2036,6 +2086,10 @@ message NodeStatus {
// List of volumes that are attached to the node.
// +optional
repeated AttachedVolume volumesAttached = 10;
// Status of the config assigned to the node via the dynamic Kubelet config feature.
// +optional
optional NodeConfigStatus config = 11;
}
// NodeSystemInfo is a set of ids/uuids to uniquely identify the node.
@ -2085,170 +2139,6 @@ message ObjectFieldSelector {
optional string fieldPath = 2;
}
// ObjectMeta is metadata that all persisted resources must have, which includes all objects
// users must create.
// DEPRECATED: Use k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta instead - this type will be removed soon.
// +k8s:openapi-gen=false
message ObjectMeta {
// Name must be unique within a namespace. Is required when creating resources, although
// some resources may allow a client to request the generation of an appropriate name
// automatically. Name is primarily intended for creation idempotence and configuration
// definition.
// Cannot be updated.
// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
// +optional
optional string name = 1;
// GenerateName is an optional prefix, used by the server, to generate a unique
// name ONLY IF the Name field has not been provided.
// If this field is used, the name returned to the client will be different
// than the name passed. This value will also be combined with a unique suffix.
// The provided value has the same validation rules as the Name field,
// and may be truncated by the length of the suffix required to make the value
// unique on the server.
//
// If this field is specified and the generated name exists, the server will
// NOT return a 409 - instead, it will either return 201 Created or 500 with Reason
// ServerTimeout indicating a unique name could not be found in the time allotted, and the client
// should retry (optionally after the time indicated in the Retry-After header).
//
// Applied only if Name is not specified.
// More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#idempotency
// +optional
optional string generateName = 2;
// Namespace defines the space within each name must be unique. An empty namespace is
// equivalent to the "default" namespace, but "default" is the canonical representation.
// Not all objects are required to be scoped to a namespace - the value of this field for
// those objects will be empty.
//
// Must be a DNS_LABEL.
// Cannot be updated.
// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
// +optional
optional string namespace = 3;
// SelfLink is a URL representing this object.
// Populated by the system.
// Read-only.
// +optional
optional string selfLink = 4;
// UID is the unique in time and space value for this object. It is typically generated by
// the server on successful creation of a resource and is not allowed to change on PUT
// operations.
//
// Populated by the system.
// Read-only.
// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
// +optional
optional string uid = 5;
// An opaque value that represents the internal version of this object that can
// be used by clients to determine when objects have changed. May be used for optimistic
// concurrency, change detection, and the watch operation on a resource or set of resources.
// Clients must treat these values as opaque and passed unmodified back to the server.
// They may only be valid for a particular resource or set of resources.
//
// Populated by the system.
// Read-only.
// Value must be treated as opaque by clients and .
// More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#concurrency-control-and-consistency
// +optional
optional string resourceVersion = 6;
// A sequence number representing a specific generation of the desired state.
// Populated by the system. Read-only.
// +optional
optional int64 generation = 7;
// CreationTimestamp is a timestamp representing the server time when this object was
// created. It is not guaranteed to be set in happens-before order across separate operations.
// Clients may not set this value. It is represented in RFC3339 form and is in UTC.
//
// Populated by the system.
// Read-only.
// Null for lists.
// More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata
// +optional
optional k8s.io.apimachinery.pkg.apis.meta.v1.Time creationTimestamp = 8;
// DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This
// field is set by the server when a graceful deletion is requested by the user, and is not
// directly settable by a client. The resource is expected to be deleted (no longer visible
// from resource lists, and not reachable by name) after the time in this field. Once set,
// this value may not be unset or be set further into the future, although it may be shortened
// or the resource may be deleted prior to this time. For example, a user may request that
// a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination
// signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard
// termination signal (SIGKILL) to the container and after cleanup, remove the pod from the
// API. In the presence of network partitions, this object may still exist after this
// timestamp, until an administrator or automated process can determine the resource is
// fully terminated.
// If not set, graceful deletion of the object has not been requested.
//
// Populated by the system when a graceful deletion is requested.
// Read-only.
// More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata
// +optional
optional k8s.io.apimachinery.pkg.apis.meta.v1.Time deletionTimestamp = 9;
// Number of seconds allowed for this object to gracefully terminate before
// it will be removed from the system. Only set when deletionTimestamp is also set.
// May only be shortened.
// Read-only.
// +optional
optional int64 deletionGracePeriodSeconds = 10;
// Map of string keys and values that can be used to organize and categorize
// (scope and select) objects. May match selectors of replication controllers
// and services.
// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
// +optional
map<string, string> labels = 11;
// Annotations is an unstructured key value map stored with a resource that may be
// set by external tools to store and retrieve arbitrary metadata. They are not
// queryable and should be preserved when modifying objects.
// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
// +optional
map<string, string> annotations = 12;
// List of objects depended by this object. If ALL objects in the list have
// been deleted, this object will be garbage collected. If this object is managed by a controller,
// then an entry in this list will point to this controller, with the controller field set to true.
// There cannot be more than one managing controller.
// +optional
// +patchMergeKey=uid
// +patchStrategy=merge
repeated k8s.io.apimachinery.pkg.apis.meta.v1.OwnerReference ownerReferences = 13;
// An initializer is a controller which enforces some system invariant at object creation time.
// This field is a list of initializers that have not yet acted on this object. If nil or empty,
// this object has been completely initialized. Otherwise, the object is considered uninitialized
// and is hidden (in list/watch and get calls) from clients that haven't explicitly asked to
// observe uninitialized objects.
//
// When an object is created, the system will populate this list with the current set of initializers.
// Only privileged users may set or modify this list. Once it is empty, it may not be modified further
// by any user.
optional k8s.io.apimachinery.pkg.apis.meta.v1.Initializers initializers = 16;
// Must be empty before the object is deleted from the registry. Each entry
// is an identifier for the responsible component that will remove the entry
// from the list. If the deletionTimestamp of the object is non-nil, entries
// in this list can only be removed.
// +optional
// +patchStrategy=merge
repeated string finalizers = 14;
// The name of the cluster which the object belongs to.
// This is used to distinguish resources with same name and namespace in different clusters.
// This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.
// +optional
optional string clusterName = 15;
}
// ObjectReference contains enough information to let you inspect or modify the referred object.
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
message ObjectReference {
@ -2502,7 +2392,7 @@ message PersistentVolumeSource {
// Cinder represents a cinder volume attached and mounted on kubelets host machine
// More info: https://releases.k8s.io/HEAD/examples/mysql-cinder-pd/README.md
// +optional
optional CinderVolumeSource cinder = 8;
optional CinderPersistentVolumeSource cinder = 8;
// CephFS represents a Ceph FS mount on the host that shares a pod's lifetime
// +optional
@ -2775,7 +2665,6 @@ message PodAttachOptions {
// PodCondition contains details for the current condition of this pod.
message PodCondition {
// Type is the type of the condition.
// Currently only Ready.
// More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-conditions
optional string type = 1;
@ -2944,6 +2833,12 @@ message PodProxyOptions {
optional string path = 1;
}
// PodReadinessGate contains the reference to a pod condition
message PodReadinessGate {
// ConditionType refers to a condition in the pod's condition list with matching type.
optional string conditionType = 1;
}
// PodSecurityContext holds pod-level security attributes and common container settings.
// Some fields are also present in container.securityContext. Field values of
// container.securityContext take precedence over field values of PodSecurityContext.
@ -2998,6 +2893,11 @@ message PodSecurityContext {
// If unset, the Kubelet will not modify the ownership and permissions of any volume.
// +optional
optional int64 fsGroup = 5;
// Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported
// sysctls (by the container runtime) might fail to launch.
// +optional
repeated Sysctl sysctls = 7;
}
// Describes the class of pods that should avoid this node.
@ -3196,12 +3096,36 @@ message PodSpec {
// configuration based on DNSPolicy.
// +optional
optional PodDNSConfig dnsConfig = 26;
// If specified, all readiness gates will be evaluated for pod readiness.
// A pod is ready when all its containers are ready AND
// all conditions specified in the readiness gates have status equal to "True"
// More info: https://github.com/kubernetes/community/blob/master/keps/sig-network/0007-pod-ready%2B%2B.md
// +optional
repeated PodReadinessGate readinessGates = 28;
}
// PodStatus represents information about the status of a pod. Status may trail the actual
// state of a system.
// state of a system, especially if the node that hosts the pod cannot contact the control
// plane.
message PodStatus {
// Current condition of the pod.
// The phase of a Pod is a simple, high-level summary of where the Pod is in its lifecycle.
// The conditions array, the reason and message fields, and the individual container status
// arrays contain more detail about the pod's status.
// There are five possible phase values:
//
// Pending: The pod has been accepted by the Kubernetes system, but one or more of the
// container images has not been created. This includes time before being scheduled as
// well as time spent downloading images over the network, which could take a while.
// Running: The pod has been bound to a node, and all of the containers have been created.
// At least one container is still running, or is in the process of starting or restarting.
// Succeeded: All containers in the pod have terminated in success, and will not be restarted.
// Failed: All containers in the pod have terminated, and at least one container has
// terminated in failure. The container either exited with non-zero status or was terminated
// by the system.
// Unknown: For some reason the state of the pod could not be obtained, typically due to an
// error in communicating with the host of the pod.
//
// More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-phase
// +optional
optional string phase = 1;
@ -3721,7 +3645,7 @@ message ResourceQuotaList {
// ResourceQuotaSpec defines the desired hard limits to enforce for Quota.
message ResourceQuotaSpec {
// Hard is the set of desired hard limits for each named resource.
// hard is the set of desired hard limits for each named resource.
// More info: https://kubernetes.io/docs/concepts/policy/resource-quotas/
// +optional
map<string, k8s.io.apimachinery.pkg.api.resource.Quantity> hard = 1;
@ -3730,6 +3654,12 @@ message ResourceQuotaSpec {
// If not specified, the quota matches all objects.
// +optional
repeated string scopes = 2;
// scopeSelector is also a collection of filters like scopes that must match each object tracked by a quota
// but expressed using ScopeSelectorOperator in combination with possible values.
// For a resource to match, both scopes AND scopeSelector (if specified in spec), must be matched.
// +optional
optional ScopeSelector scopeSelector = 3;
}
// ResourceQuotaStatus defines the enforced hard limits and observed use.
@ -3866,6 +3796,32 @@ message ScaleIOVolumeSource {
optional bool readOnly = 10;
}
// A scope selector represents the AND of the selectors represented
// by the scoped-resource selector requirements.
message ScopeSelector {
// A list of scope selector requirements by scope of the resources.
// +optional
repeated ScopedResourceSelectorRequirement matchExpressions = 1;
}
// A scoped-resource selector requirement is a selector that contains values, a scope name, and an operator
// that relates the scope name and values.
message ScopedResourceSelectorRequirement {
// The name of the scope that the selector applies to.
optional string scopeName = 1;
// Represents a scope's relationship to a set of values.
// Valid operators are In, NotIn, Exists, DoesNotExist.
optional string operator = 2;
// An array of string values. If the operator is In or NotIn,
// the values array must be non-empty. If the operator is Exists or DoesNotExist,
// the values array must be empty.
// This array is replaced during a strategic merge patch.
// +optional
repeated string values = 3;
}
// Secret holds secret data of a certain type. The total bytes of the values in
// the Data field must be less than MaxSecretSize bytes.
message Secret {
@ -4134,6 +4090,32 @@ message ServiceAccountList {
repeated ServiceAccount items = 2;
}
// ServiceAccountTokenProjection represents a projected service account token
// volume. This projection can be used to insert a service account token into
// the pods runtime filesystem for use against APIs (Kubernetes API Server or
// otherwise).
message ServiceAccountTokenProjection {
// Audience is the intended audience of the token. A recipient of a token
// must identify itself with an identifier specified in the audience of the
// token, and otherwise should reject the token. The audience defaults to the
// identifier of the apiserver.
// +optional
optional string audience = 1;
// ExpirationSeconds is the requested duration of validity of the service
// account token. As the token approaches expiration, the kubelet volume
// plugin will proactively rotate the service account token. The kubelet will
// start trying to rotate the token if the token is older than 80 percent of
// its time to live or if the token is older than 24 hours.Defaults to 1 hour
// and must be at least 10 minutes.
// +optional
optional int64 expirationSeconds = 2;
// Path is the path relative to the mount point of the file to project the
// token into.
optional string path = 3;
}
// ServiceList holds a list of services.
message ServiceList {
// Standard list metadata.
@ -4300,9 +4282,6 @@ message ServiceSpec {
// The primary use case for setting this field is to use a StatefulSet's Headless Service
// to propagate SRV records for its Pods without respect to their readiness for purpose
// of peer discovery.
// This field will replace the service.alpha.kubernetes.io/tolerate-unready-endpoints
// when that annotation is deprecated and all clients have been converted to use this
// field.
// +optional
optional bool publishNotReadyAddresses = 13;
@ -4465,6 +4444,28 @@ message Toleration {
optional int64 tolerationSeconds = 5;
}
// A topology selector requirement is a selector that matches given label.
// This is an alpha feature and may change in the future.
message TopologySelectorLabelRequirement {
// The label key that the selector applies to.
optional string key = 1;
// An array of string values. One value must match the label to be selected.
// Each entry in Values is ORed.
repeated string values = 2;
}
// A topology selector term represents the result of label queries.
// A null or empty topology selector term matches no objects.
// The requirements of them are ANDed.
// It provides a subset of functionality as NodeSelectorTerm.
// This is an alpha feature and may change in the future.
message TopologySelectorTerm {
// A list of topology selector requirements by labels.
// +optional
repeated TopologySelectorLabelRequirement matchLabelExpressions = 1;
}
// Volume represents a named volume in a pod that may be accessed by any container in the pod.
message Volume {
// Volume's name.
@ -4523,13 +4524,20 @@ message VolumeNodeAffinity {
// Projection that may be projected along with other supported volume types
message VolumeProjection {
// information about the secret data to project
// +optional
optional SecretProjection secret = 1;
// information about the downwardAPI data to project
// +optional
optional DownwardAPIProjection downwardAPI = 2;
// information about the configMap data to project
// +optional
optional ConfigMapProjection configMap = 3;
// information about the serviceAccountToken data to project
// +optional
optional ServiceAccountTokenProjection serviceAccountToken = 4;
}
// Represents the source of a volume to mount.
@ -4564,6 +4572,9 @@ message VolumeSource {
optional AWSElasticBlockStoreVolumeSource awsElasticBlockStore = 4;
// GitRepo represents a git repository at a particular revision.
// DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an
// EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir
// into the Pod's container.
// +optional
optional GitRepoVolumeSource gitRepo = 5;

108
vendor/k8s.io/api/core/v1/meta.go generated vendored
View file

@ -1,108 +0,0 @@
/*
Copyright 2014 The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package v1
import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/types"
)
func (obj *ObjectMeta) GetObjectMeta() metav1.Object { return obj }
// Namespace implements metav1.Object for any object with an ObjectMeta typed field. Allows
// fast, direct access to metadata fields for API objects.
func (meta *ObjectMeta) GetNamespace() string { return meta.Namespace }
func (meta *ObjectMeta) SetNamespace(namespace string) { meta.Namespace = namespace }
func (meta *ObjectMeta) GetName() string { return meta.Name }
func (meta *ObjectMeta) SetName(name string) { meta.Name = name }
func (meta *ObjectMeta) GetGenerateName() string { return meta.GenerateName }
func (meta *ObjectMeta) SetGenerateName(generateName string) { meta.GenerateName = generateName }
func (meta *ObjectMeta) GetUID() types.UID { return meta.UID }
func (meta *ObjectMeta) SetUID(uid types.UID) { meta.UID = uid }
func (meta *ObjectMeta) GetResourceVersion() string { return meta.ResourceVersion }
func (meta *ObjectMeta) SetResourceVersion(version string) { meta.ResourceVersion = version }
func (meta *ObjectMeta) GetGeneration() int64 { return meta.Generation }
func (meta *ObjectMeta) SetGeneration(generation int64) { meta.Generation = generation }
func (meta *ObjectMeta) GetSelfLink() string { return meta.SelfLink }
func (meta *ObjectMeta) SetSelfLink(selfLink string) { meta.SelfLink = selfLink }
func (meta *ObjectMeta) GetCreationTimestamp() metav1.Time { return meta.CreationTimestamp }
func (meta *ObjectMeta) SetCreationTimestamp(creationTimestamp metav1.Time) {
meta.CreationTimestamp = creationTimestamp
}
func (meta *ObjectMeta) GetDeletionTimestamp() *metav1.Time { return meta.DeletionTimestamp }
func (meta *ObjectMeta) SetDeletionTimestamp(deletionTimestamp *metav1.Time) {
meta.DeletionTimestamp = deletionTimestamp
}
func (meta *ObjectMeta) GetDeletionGracePeriodSeconds() *int64 { return meta.DeletionGracePeriodSeconds }
func (meta *ObjectMeta) SetDeletionGracePeriodSeconds(deletionGracePeriodSeconds *int64) {
meta.DeletionGracePeriodSeconds = deletionGracePeriodSeconds
}
func (meta *ObjectMeta) GetLabels() map[string]string { return meta.Labels }
func (meta *ObjectMeta) SetLabels(labels map[string]string) { meta.Labels = labels }
func (meta *ObjectMeta) GetAnnotations() map[string]string { return meta.Annotations }
func (meta *ObjectMeta) SetAnnotations(annotations map[string]string) { meta.Annotations = annotations }
func (meta *ObjectMeta) GetInitializers() *metav1.Initializers { return meta.Initializers }
func (meta *ObjectMeta) SetInitializers(initializers *metav1.Initializers) {
meta.Initializers = initializers
}
func (meta *ObjectMeta) GetFinalizers() []string { return meta.Finalizers }
func (meta *ObjectMeta) SetFinalizers(finalizers []string) { meta.Finalizers = finalizers }
func (meta *ObjectMeta) GetOwnerReferences() []metav1.OwnerReference {
ret := make([]metav1.OwnerReference, len(meta.OwnerReferences))
for i := 0; i < len(meta.OwnerReferences); i++ {
ret[i].Kind = meta.OwnerReferences[i].Kind
ret[i].Name = meta.OwnerReferences[i].Name
ret[i].UID = meta.OwnerReferences[i].UID
ret[i].APIVersion = meta.OwnerReferences[i].APIVersion
if meta.OwnerReferences[i].Controller != nil {
value := *meta.OwnerReferences[i].Controller
ret[i].Controller = &value
}
if meta.OwnerReferences[i].BlockOwnerDeletion != nil {
value := *meta.OwnerReferences[i].BlockOwnerDeletion
ret[i].BlockOwnerDeletion = &value
}
}
return ret
}
func (meta *ObjectMeta) SetOwnerReferences(references []metav1.OwnerReference) {
newReferences := make([]metav1.OwnerReference, len(references))
for i := 0; i < len(references); i++ {
newReferences[i].Kind = references[i].Kind
newReferences[i].Name = references[i].Name
newReferences[i].UID = references[i].UID
newReferences[i].APIVersion = references[i].APIVersion
if references[i].Controller != nil {
value := *references[i].Controller
newReferences[i].Controller = &value
}
if references[i].BlockOwnerDeletion != nil {
value := *references[i].BlockOwnerDeletion
newReferences[i].BlockOwnerDeletion = &value
}
}
meta.OwnerReferences = newReferences
}
func (meta *ObjectMeta) GetClusterName() string {
return meta.ClusterName
}
func (meta *ObjectMeta) SetClusterName(clusterName string) {
meta.ClusterName = clusterName
}

1
vendor/k8s.io/api/core/v1/register.go generated vendored
View file

@ -57,7 +57,6 @@ func addKnownTypes(scheme *runtime.Scheme) error {
&Endpoints{},
&EndpointsList{},
&Node{},
&NodeConfigSource{},
&NodeList{},
&NodeProxyOptions{},
&Binding{},

7
vendor/k8s.io/api/core/v1/resource.go generated vendored
View file

@ -48,13 +48,6 @@ func (self *ResourceList) Pods() *resource.Quantity {
return &resource.Quantity{}
}
func (self *ResourceList) NvidiaGPU() *resource.Quantity {
if val, ok := (*self)[ResourceNvidiaGPU]; ok {
return &val
}
return &resource.Quantity{}
}
func (self *ResourceList) StorageEphemeral() *resource.Quantity {
if val, ok := (*self)[ResourceEphemeralStorage]; ok {
return &val

608
vendor/k8s.io/api/core/v1/types.go generated vendored
View file

@ -23,209 +23,6 @@ import (
"k8s.io/apimachinery/pkg/util/intstr"
)
// The comments for the structs and fields can be used from go-restful to
// generate Swagger API documentation for its models. Please read this PR for more
// information on the implementation: https://github.com/emicklei/go-restful/pull/215
//
// TODOs are ignored from the parser (e.g. TODO(andronat):... || TODO:...) if and only if
// they are on one line! For multiple line or blocks that you want to ignore use ---.
// Any context after a --- is ignored and not exported to the SwaggerAPI.
//
// The aforementioned methods can be generated by hack/update-generated-swagger-docs.sh
// Common string formats
// ---------------------
// Many fields in this API have formatting requirements. The commonly used
// formats are defined here.
//
// C_IDENTIFIER: This is a string that conforms to the definition of an "identifier"
// in the C language. This is captured by the following regex:
// [A-Za-z_][A-Za-z0-9_]*
// This defines the format, but not the length restriction, which should be
// specified at the definition of any field of this type.
//
// DNS_LABEL: This is a string, no more than 63 characters long, that conforms
// to the definition of a "label" in RFCs 1035 and 1123. This is captured
// by the following regex:
// [a-z0-9]([-a-z0-9]*[a-z0-9])?
//
// DNS_SUBDOMAIN: This is a string, no more than 253 characters long, that conforms
// to the definition of a "subdomain" in RFCs 1035 and 1123. This is captured
// by the following regex:
// [a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*
// or more simply:
// DNS_LABEL(\.DNS_LABEL)*
//
// IANA_SVC_NAME: This is a string, no more than 15 characters long, that
// conforms to the definition of IANA service name in RFC 6335.
// It must contains at least one letter [a-z] and it must contains only [a-z0-9-].
// Hypens ('-') cannot be leading or trailing character of the string
// and cannot be adjacent to other hyphens.
// ObjectMeta is metadata that all persisted resources must have, which includes all objects
// users must create.
// DEPRECATED: Use k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta instead - this type will be removed soon.
// +k8s:openapi-gen=false
type ObjectMeta struct {
// Name must be unique within a namespace. Is required when creating resources, although
// some resources may allow a client to request the generation of an appropriate name
// automatically. Name is primarily intended for creation idempotence and configuration
// definition.
// Cannot be updated.
// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
// +optional
Name string `json:"name,omitempty" protobuf:"bytes,1,opt,name=name"`
// GenerateName is an optional prefix, used by the server, to generate a unique
// name ONLY IF the Name field has not been provided.
// If this field is used, the name returned to the client will be different
// than the name passed. This value will also be combined with a unique suffix.
// The provided value has the same validation rules as the Name field,
// and may be truncated by the length of the suffix required to make the value
// unique on the server.
//
// If this field is specified and the generated name exists, the server will
// NOT return a 409 - instead, it will either return 201 Created or 500 with Reason
// ServerTimeout indicating a unique name could not be found in the time allotted, and the client
// should retry (optionally after the time indicated in the Retry-After header).
//
// Applied only if Name is not specified.
// More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#idempotency
// +optional
GenerateName string `json:"generateName,omitempty" protobuf:"bytes,2,opt,name=generateName"`
// Namespace defines the space within each name must be unique. An empty namespace is
// equivalent to the "default" namespace, but "default" is the canonical representation.
// Not all objects are required to be scoped to a namespace - the value of this field for
// those objects will be empty.
//
// Must be a DNS_LABEL.
// Cannot be updated.
// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
// +optional
Namespace string `json:"namespace,omitempty" protobuf:"bytes,3,opt,name=namespace"`
// SelfLink is a URL representing this object.
// Populated by the system.
// Read-only.
// +optional
SelfLink string `json:"selfLink,omitempty" protobuf:"bytes,4,opt,name=selfLink"`
// UID is the unique in time and space value for this object. It is typically generated by
// the server on successful creation of a resource and is not allowed to change on PUT
// operations.
//
// Populated by the system.
// Read-only.
// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
// +optional
UID types.UID `json:"uid,omitempty" protobuf:"bytes,5,opt,name=uid,casttype=k8s.io/apimachinery/pkg/types.UID"`
// An opaque value that represents the internal version of this object that can
// be used by clients to determine when objects have changed. May be used for optimistic
// concurrency, change detection, and the watch operation on a resource or set of resources.
// Clients must treat these values as opaque and passed unmodified back to the server.
// They may only be valid for a particular resource or set of resources.
//
// Populated by the system.
// Read-only.
// Value must be treated as opaque by clients and .
// More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#concurrency-control-and-consistency
// +optional
ResourceVersion string `json:"resourceVersion,omitempty" protobuf:"bytes,6,opt,name=resourceVersion"`
// A sequence number representing a specific generation of the desired state.
// Populated by the system. Read-only.
// +optional
Generation int64 `json:"generation,omitempty" protobuf:"varint,7,opt,name=generation"`
// CreationTimestamp is a timestamp representing the server time when this object was
// created. It is not guaranteed to be set in happens-before order across separate operations.
// Clients may not set this value. It is represented in RFC3339 form and is in UTC.
//
// Populated by the system.
// Read-only.
// Null for lists.
// More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata
// +optional
CreationTimestamp metav1.Time `json:"creationTimestamp,omitempty" protobuf:"bytes,8,opt,name=creationTimestamp"`
// DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This
// field is set by the server when a graceful deletion is requested by the user, and is not
// directly settable by a client. The resource is expected to be deleted (no longer visible
// from resource lists, and not reachable by name) after the time in this field. Once set,
// this value may not be unset or be set further into the future, although it may be shortened
// or the resource may be deleted prior to this time. For example, a user may request that
// a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination
// signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard
// termination signal (SIGKILL) to the container and after cleanup, remove the pod from the
// API. In the presence of network partitions, this object may still exist after this
// timestamp, until an administrator or automated process can determine the resource is
// fully terminated.
// If not set, graceful deletion of the object has not been requested.
//
// Populated by the system when a graceful deletion is requested.
// Read-only.
// More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata
// +optional
DeletionTimestamp *metav1.Time `json:"deletionTimestamp,omitempty" protobuf:"bytes,9,opt,name=deletionTimestamp"`
// Number of seconds allowed for this object to gracefully terminate before
// it will be removed from the system. Only set when deletionTimestamp is also set.
// May only be shortened.
// Read-only.
// +optional
DeletionGracePeriodSeconds *int64 `json:"deletionGracePeriodSeconds,omitempty" protobuf:"varint,10,opt,name=deletionGracePeriodSeconds"`
// Map of string keys and values that can be used to organize and categorize
// (scope and select) objects. May match selectors of replication controllers
// and services.
// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
// +optional
Labels map[string]string `json:"labels,omitempty" protobuf:"bytes,11,rep,name=labels"`
// Annotations is an unstructured key value map stored with a resource that may be
// set by external tools to store and retrieve arbitrary metadata. They are not
// queryable and should be preserved when modifying objects.
// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
// +optional
Annotations map[string]string `json:"annotations,omitempty" protobuf:"bytes,12,rep,name=annotations"`
// List of objects depended by this object. If ALL objects in the list have
// been deleted, this object will be garbage collected. If this object is managed by a controller,
// then an entry in this list will point to this controller, with the controller field set to true.
// There cannot be more than one managing controller.
// +optional
// +patchMergeKey=uid
// +patchStrategy=merge
OwnerReferences []metav1.OwnerReference `json:"ownerReferences,omitempty" patchStrategy:"merge" patchMergeKey:"uid" protobuf:"bytes,13,rep,name=ownerReferences"`
// An initializer is a controller which enforces some system invariant at object creation time.
// This field is a list of initializers that have not yet acted on this object. If nil or empty,
// this object has been completely initialized. Otherwise, the object is considered uninitialized
// and is hidden (in list/watch and get calls) from clients that haven't explicitly asked to
// observe uninitialized objects.
//
// When an object is created, the system will populate this list with the current set of initializers.
// Only privileged users may set or modify this list. Once it is empty, it may not be modified further
// by any user.
Initializers *metav1.Initializers `json:"initializers,omitempty" patchStrategy:"merge" protobuf:"bytes,16,rep,name=initializers"`
// Must be empty before the object is deleted from the registry. Each entry
// is an identifier for the responsible component that will remove the entry
// from the list. If the deletionTimestamp of the object is non-nil, entries
// in this list can only be removed.
// +optional
// +patchStrategy=merge
Finalizers []string `json:"finalizers,omitempty" patchStrategy:"merge" protobuf:"bytes,14,rep,name=finalizers"`
// The name of the cluster which the object belongs to.
// This is used to distinguish resources with same name and namespace in different clusters.
// This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.
// +optional
ClusterName string `json:"clusterName,omitempty" protobuf:"bytes,15,opt,name=clusterName"`
}
const (
// NamespaceDefault means the object is in the default namespace which is applied when not specified by clients
NamespaceDefault string = "default"
@ -273,6 +70,9 @@ type VolumeSource struct {
// +optional
AWSElasticBlockStore *AWSElasticBlockStoreVolumeSource `json:"awsElasticBlockStore,omitempty" protobuf:"bytes,4,opt,name=awsElasticBlockStore"`
// GitRepo represents a git repository at a particular revision.
// DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an
// EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir
// into the Pod's container.
// +optional
GitRepo *GitRepoVolumeSource `json:"gitRepo,omitempty" protobuf:"bytes,5,opt,name=gitRepo"`
// Secret represents a secret that should populate this volume.
@ -405,7 +205,7 @@ type PersistentVolumeSource struct {
// Cinder represents a cinder volume attached and mounted on kubelets host machine
// More info: https://releases.k8s.io/HEAD/examples/mysql-cinder-pd/README.md
// +optional
Cinder *CinderVolumeSource `json:"cinder,omitempty" protobuf:"bytes,8,opt,name=cinder"`
Cinder *CinderPersistentVolumeSource `json:"cinder,omitempty" protobuf:"bytes,8,opt,name=cinder"`
// CephFS represents a Ceph FS mount on the host that shares a pod's lifetime
// +optional
CephFS *CephFSPersistentVolumeSource `json:"cephfs,omitempty" protobuf:"bytes,9,opt,name=cephfs"`
@ -458,10 +258,6 @@ const (
// MountOptionAnnotation defines mount option annotation used in PVs
MountOptionAnnotation = "volume.beta.kubernetes.io/mount-options"
// AlphaStorageNodeAffinityAnnotation defines node affinity policies for a PersistentVolume.
// Value is a string of the json representation of type NodeAffinity
AlphaStorageNodeAffinityAnnotation = "volume.alpha.kubernetes.io/node-affinity"
)
// +genclient
@ -935,6 +731,35 @@ type CinderVolumeSource struct {
// More info: https://releases.k8s.io/HEAD/examples/mysql-cinder-pd/README.md
// +optional
ReadOnly bool `json:"readOnly,omitempty" protobuf:"varint,3,opt,name=readOnly"`
// Optional: points to a secret object containing parameters used to connect
// to OpenStack.
// +optional
SecretRef *LocalObjectReference `json:"secretRef,omitempty" protobuf:"bytes,4,opt,name=secretRef"`
}
// Represents a cinder volume resource in Openstack.
// A Cinder volume must exist before mounting to a container.
// The volume must also be in the same region as the kubelet.
// Cinder volumes support ownership management and SELinux relabeling.
type CinderPersistentVolumeSource struct {
// volume id used to identify the volume in cinder
// More info: https://releases.k8s.io/HEAD/examples/mysql-cinder-pd/README.md
VolumeID string `json:"volumeID" protobuf:"bytes,1,opt,name=volumeID"`
// Filesystem type to mount.
// Must be a filesystem type supported by the host operating system.
// Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
// More info: https://releases.k8s.io/HEAD/examples/mysql-cinder-pd/README.md
// +optional
FSType string `json:"fsType,omitempty" protobuf:"bytes,2,opt,name=fsType"`
// Optional: Defaults to false (read/write). ReadOnly here will force
// the ReadOnly setting in VolumeMounts.
// More info: https://releases.k8s.io/HEAD/examples/mysql-cinder-pd/README.md
// +optional
ReadOnly bool `json:"readOnly,omitempty" protobuf:"varint,3,opt,name=readOnly"`
// Optional: points to a secret object containing parameters used to connect
// to OpenStack.
// +optional
SecretRef *SecretReference `json:"secretRef,omitempty" protobuf:"bytes,4,opt,name=secretRef"`
}
// Represents a Ceph Filesystem mount that lasts the lifetime of a pod
@ -1179,6 +1004,10 @@ type AWSElasticBlockStoreVolumeSource struct {
// Represents a volume that is populated with the contents of a git repository.
// Git repo volumes do not support ownership management.
// Git repo volumes support SELinux relabeling.
//
// DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an
// EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir
// into the Pod's container.
type GitRepoVolumeSource struct {
// Repository URL
Repository string `json:"repository" protobuf:"bytes,1,opt,name=repository"`
@ -1673,6 +1502,30 @@ type ConfigMapProjection struct {
Optional *bool `json:"optional,omitempty" protobuf:"varint,4,opt,name=optional"`
}
// ServiceAccountTokenProjection represents a projected service account token
// volume. This projection can be used to insert a service account token into
// the pods runtime filesystem for use against APIs (Kubernetes API Server or
// otherwise).
type ServiceAccountTokenProjection struct {
// Audience is the intended audience of the token. A recipient of a token
// must identify itself with an identifier specified in the audience of the
// token, and otherwise should reject the token. The audience defaults to the
// identifier of the apiserver.
//+optional
Audience string `json:"audience,omitempty" protobuf:"bytes,1,rep,name=audience"`
// ExpirationSeconds is the requested duration of validity of the service
// account token. As the token approaches expiration, the kubelet volume
// plugin will proactively rotate the service account token. The kubelet will
// start trying to rotate the token if the token is older than 80 percent of
// its time to live or if the token is older than 24 hours.Defaults to 1 hour
// and must be at least 10 minutes.
//+optional
ExpirationSeconds *int64 `json:"expirationSeconds,omitempty" protobuf:"varint,2,opt,name=expirationSeconds"`
// Path is the path relative to the mount point of the file to project the
// token into.
Path string `json:"path" protobuf:"bytes,3,opt,name=path"`
}
// Represents a projected volume source
type ProjectedVolumeSource struct {
// list of volume projections
@ -1691,11 +1544,17 @@ type VolumeProjection struct {
// all types below are the supported types for projection into the same volume
// information about the secret data to project
// +optional
Secret *SecretProjection `json:"secret,omitempty" protobuf:"bytes,1,opt,name=secret"`
// information about the downwardAPI data to project
// +optional
DownwardAPI *DownwardAPIProjection `json:"downwardAPI,omitempty" protobuf:"bytes,2,opt,name=downwardAPI"`
// information about the configMap data to project
// +optional
ConfigMap *ConfigMapProjection `json:"configMap,omitempty" protobuf:"bytes,3,opt,name=configMap"`
// information about the serviceAccountToken data to project
// +optional
ServiceAccountToken *ServiceAccountTokenProjection `json:"serviceAccountToken,omitempty" protobuf:"bytes,4,opt,name=serviceAccountToken"`
}
const (
@ -1720,11 +1579,13 @@ type KeyToPath struct {
Mode *int32 `json:"mode,omitempty" protobuf:"varint,3,opt,name=mode"`
}
// Local represents directly-attached storage with node affinity
// Local represents directly-attached storage with node affinity (Beta feature)
type LocalVolumeSource struct {
// The full path to the volume on the node
// For alpha, this path must be a directory
// Once block as a source is supported, then this path can point to a block device
// The full path to the volume on the node.
// It can be either a directory or block device (disk, partition, ...).
// Directories can be represented only by PersistentVolume with VolumeMode=Filesystem.
// Block devices can be represented only by VolumeMode=Block, which also requires the
// BlockVolume alpha feature gate to be enabled.
Path string `json:"path" protobuf:"bytes,1,opt,name=path"`
}
@ -2451,12 +2312,13 @@ const (
// PodReasonUnschedulable reason in PodScheduled PodCondition means that the scheduler
// can't schedule the pod right now, for example due to insufficient resources in the cluster.
PodReasonUnschedulable = "Unschedulable"
// ContainersReady indicates whether all containers in the pod are ready.
ContainersReady PodConditionType = "ContainersReady"
)
// PodCondition contains details for the current condition of this pod.
type PodCondition struct {
// Type is the type of the condition.
// Currently only Ready.
// More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-conditions
Type PodConditionType `json:"type" protobuf:"bytes,1,opt,name=type,casttype=PodConditionType"`
// Status is the status of the condition.
@ -2527,10 +2389,16 @@ type NodeSelector struct {
NodeSelectorTerms []NodeSelectorTerm `json:"nodeSelectorTerms" protobuf:"bytes,1,rep,name=nodeSelectorTerms"`
}
// A null or empty node selector term matches no objects.
// A null or empty node selector term matches no objects. The requirements of
// them are ANDed.
// The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.
type NodeSelectorTerm struct {
//Required. A list of node selector requirements. The requirements are ANDed.
MatchExpressions []NodeSelectorRequirement `json:"matchExpressions" protobuf:"bytes,1,rep,name=matchExpressions"`
// A list of node selector requirements by node's labels.
// +optional
MatchExpressions []NodeSelectorRequirement `json:"matchExpressions,omitempty" protobuf:"bytes,1,rep,name=matchExpressions"`
// A list of node selector requirements by node's fields.
// +optional
MatchFields []NodeSelectorRequirement `json:"matchFields,omitempty" protobuf:"bytes,2,rep,name=matchFields"`
}
// A node selector requirement is a selector that contains values, a key, and an operator
@ -2563,6 +2431,27 @@ const (
NodeSelectorOpLt NodeSelectorOperator = "Lt"
)
// A topology selector term represents the result of label queries.
// A null or empty topology selector term matches no objects.
// The requirements of them are ANDed.
// It provides a subset of functionality as NodeSelectorTerm.
// This is an alpha feature and may change in the future.
type TopologySelectorTerm struct {
// A list of topology selector requirements by labels.
// +optional
MatchLabelExpressions []TopologySelectorLabelRequirement `json:"matchLabelExpressions,omitempty" protobuf:"bytes,1,rep,name=matchLabelExpressions"`
}
// A topology selector requirement is a selector that matches given label.
// This is an alpha feature and may change in the future.
type TopologySelectorLabelRequirement struct {
// The label key that the selector applies to.
Key string `json:"key" protobuf:"bytes,1,opt,name=key"`
// An array of string values. One value must match the label to be selected.
// Each entry in Values is ORed.
Values []string `json:"values" protobuf:"bytes,2,rep,name=values"`
}
// Affinity is a group of affinity scheduling rules.
type Affinity struct {
// Describes node affinity scheduling rules for the pod.
@ -2795,6 +2684,12 @@ const (
TolerationOpEqual TolerationOperator = "Equal"
)
// PodReadinessGate contains the reference to a pod condition
type PodReadinessGate struct {
// ConditionType refers to a condition in the pod's condition list with matching type.
ConditionType PodConditionType `json:"conditionType" protobuf:"bytes,1,opt,name=conditionType,casttype=PodConditionType"`
}
// PodSpec is a description of a pod.
type PodSpec struct {
// List of volumes that can be mounted by containers belonging to the pod.
@ -2959,6 +2854,13 @@ type PodSpec struct {
// configuration based on DNSPolicy.
// +optional
DNSConfig *PodDNSConfig `json:"dnsConfig,omitempty" protobuf:"bytes,26,opt,name=dnsConfig"`
// If specified, all readiness gates will be evaluated for pod readiness.
// A pod is ready when all its containers are ready AND
// all conditions specified in the readiness gates have status equal to "True"
// More info: https://github.com/kubernetes/community/blob/master/keps/sig-network/0007-pod-ready%2B%2B.md
// +optional
ReadinessGates []PodReadinessGate `json:"readinessGates,omitempty" protobuf:"bytes,28,opt,name=readinessGates"`
}
// HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the
@ -3019,6 +2921,10 @@ type PodSecurityContext struct {
// If unset, the Kubelet will not modify the ownership and permissions of any volume.
// +optional
FSGroup *int64 `json:"fsGroup,omitempty" protobuf:"varint,5,opt,name=fsGroup"`
// Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported
// sysctls (by the container runtime) might fail to launch.
// +optional
Sysctls []Sysctl `json:"sysctls,omitempty" protobuf:"bytes,7,rep,name=sysctls"`
}
// PodQOSClass defines the supported qos classes of Pods.
@ -3063,9 +2969,26 @@ type PodDNSConfigOption struct {
}
// PodStatus represents information about the status of a pod. Status may trail the actual
// state of a system.
// state of a system, especially if the node that hosts the pod cannot contact the control
// plane.
type PodStatus struct {
// Current condition of the pod.
// The phase of a Pod is a simple, high-level summary of where the Pod is in its lifecycle.
// The conditions array, the reason and message fields, and the individual container status
// arrays contain more detail about the pod's status.
// There are five possible phase values:
//
// Pending: The pod has been accepted by the Kubernetes system, but one or more of the
// container images has not been created. This includes time before being scheduled as
// well as time spent downloading images over the network, which could take a while.
// Running: The pod has been bound to a node, and all of the containers have been created.
// At least one container is still running, or is in the process of starting or restarting.
// Succeeded: All containers in the pod have terminated in success, and will not be restarted.
// Failed: All containers in the pod have terminated, and at least one container has
// terminated in failure. The container either exited with non-zero status or was terminated
// by the system.
// Unknown: For some reason the state of the pod could not be obtained, typically due to an
// error in communicating with the host of the pod.
//
// More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-phase
// +optional
Phase PodPhase `json:"phase,omitempty" protobuf:"bytes,1,opt,name=phase,casttype=PodPhase"`
@ -3562,9 +3485,6 @@ type ServiceSpec struct {
// The primary use case for setting this field is to use a StatefulSet's Headless Service
// to propagate SRV records for its Pods without respect to their readiness for purpose
// of peer discovery.
// This field will replace the service.alpha.kubernetes.io/tolerate-unready-endpoints
// when that annotation is deprecated and all clients have been converted to use this
// field.
// +optional
PublishNotReadyAddresses bool `json:"publishNotReadyAddresses,omitempty" protobuf:"varint,13,opt,name=publishNotReadyAddresses"`
// sessionAffinityConfig contains the configurations of session affinity.
@ -3610,6 +3530,7 @@ type ServicePort struct {
}
// +genclient
// +genclient:skipVerbs=deleteCollection
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// Service is a named abstraction of software service (for example, mysql) consisting of local port
@ -3819,10 +3740,6 @@ type NodeSpec struct {
// PodCIDR represents the pod IP range assigned to the node.
// +optional
PodCIDR string `json:"podCIDR,omitempty" protobuf:"bytes,1,opt,name=podCIDR"`
// External ID of the node assigned by some machine database (e.g. a cloud provider).
// Deprecated.
// +optional
ExternalID string `json:"externalID,omitempty" protobuf:"bytes,2,opt,name=externalID"`
// ID of the node assigned by the cloud provider in the format: <ProviderName>://<ProviderSpecificNodeID>
// +optional
ProviderID string `json:"providerID,omitempty" protobuf:"bytes,3,opt,name=providerID"`
@ -3837,14 +3754,53 @@ type NodeSpec struct {
// The DynamicKubeletConfig feature gate must be enabled for the Kubelet to use this field
// +optional
ConfigSource *NodeConfigSource `json:"configSource,omitempty" protobuf:"bytes,6,opt,name=configSource"`
}
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// Deprecated. Not all kubelets will set this field. Remove field after 1.13.
// see: https://issues.k8s.io/61966
// +optional
DoNotUse_ExternalID string `json:"externalID,omitempty" protobuf:"bytes,2,opt,name=externalID"`
}
// NodeConfigSource specifies a source of node configuration. Exactly one subfield (excluding metadata) must be non-nil.
type NodeConfigSource struct {
metav1.TypeMeta `json:",inline"`
ConfigMapRef *ObjectReference `json:"configMapRef,omitempty" protobuf:"bytes,1,opt,name=configMapRef"`
// For historical context, regarding the below kind, apiVersion, and configMapRef deprecation tags:
// 1. kind/apiVersion were used by the kubelet to persist this struct to disk (they had no protobuf tags)
// 2. configMapRef and proto tag 1 were used by the API to refer to a configmap,
// but used a generic ObjectReference type that didn't really have the fields we needed
// All uses/persistence of the NodeConfigSource struct prior to 1.11 were gated by alpha feature flags,
// so there was no persisted data for these fields that needed to be migrated/handled.
// +k8s:deprecated=kind
// +k8s:deprecated=apiVersion
// +k8s:deprecated=configMapRef,protobuf=1
// ConfigMap is a reference to a Node's ConfigMap
ConfigMap *ConfigMapNodeConfigSource `json:"configMap,omitempty" protobuf:"bytes,2,opt,name=configMap"`
}
// ConfigMapNodeConfigSource contains the information to reference a ConfigMap as a config source for the Node.
type ConfigMapNodeConfigSource struct {
// Namespace is the metadata.namespace of the referenced ConfigMap.
// This field is required in all cases.
Namespace string `json:"namespace" protobuf:"bytes,1,opt,name=namespace"`
// Name is the metadata.name of the referenced ConfigMap.
// This field is required in all cases.
Name string `json:"name" protobuf:"bytes,2,opt,name=name"`
// UID is the metadata.UID of the referenced ConfigMap.
// This field is forbidden in Node.Spec, and required in Node.Status.
// +optional
UID types.UID `json:"uid,omitempty" protobuf:"bytes,3,opt,name=uid"`
// ResourceVersion is the metadata.ResourceVersion of the referenced ConfigMap.
// This field is forbidden in Node.Spec, and required in Node.Status.
// +optional
ResourceVersion string `json:"resourceVersion,omitempty" protobuf:"bytes,4,opt,name=resourceVersion"`
// KubeletConfigKey declares which key of the referenced ConfigMap corresponds to the KubeletConfiguration structure
// This field is required in all cases.
KubeletConfigKey string `json:"kubeletConfigKey" protobuf:"bytes,5,opt,name=kubeletConfigKey"`
}
// DaemonEndpoint contains information about a single Daemon endpoint.
@ -3894,6 +3850,53 @@ type NodeSystemInfo struct {
Architecture string `json:"architecture" protobuf:"bytes,10,opt,name=architecture"`
}
// NodeConfigStatus describes the status of the config assigned by Node.Spec.ConfigSource.
type NodeConfigStatus struct {
// Assigned reports the checkpointed config the node will try to use.
// When Node.Spec.ConfigSource is updated, the node checkpoints the associated
// config payload to local disk, along with a record indicating intended
// config. The node refers to this record to choose its config checkpoint, and
// reports this record in Assigned. Assigned only updates in the status after
// the record has been checkpointed to disk. When the Kubelet is restarted,
// it tries to make the Assigned config the Active config by loading and
// validating the checkpointed payload identified by Assigned.
// +optional
Assigned *NodeConfigSource `json:"assigned,omitempty" protobuf:"bytes,1,opt,name=assigned"`
// Active reports the checkpointed config the node is actively using.
// Active will represent either the current version of the Assigned config,
// or the current LastKnownGood config, depending on whether attempting to use the
// Assigned config results in an error.
// +optional
Active *NodeConfigSource `json:"active,omitempty" protobuf:"bytes,2,opt,name=active"`
// LastKnownGood reports the checkpointed config the node will fall back to
// when it encounters an error attempting to use the Assigned config.
// The Assigned config becomes the LastKnownGood config when the node determines
// that the Assigned config is stable and correct.
// This is currently implemented as a 10-minute soak period starting when the local
// record of Assigned config is updated. If the Assigned config is Active at the end
// of this period, it becomes the LastKnownGood. Note that if Spec.ConfigSource is
// reset to nil (use local defaults), the LastKnownGood is also immediately reset to nil,
// because the local default config is always assumed good.
// You should not make assumptions about the node's method of determining config stability
// and correctness, as this may change or become configurable in the future.
// +optional
LastKnownGood *NodeConfigSource `json:"lastKnownGood,omitempty" protobuf:"bytes,3,opt,name=lastKnownGood"`
// Error describes any problems reconciling the Spec.ConfigSource to the Active config.
// Errors may occur, for example, attempting to checkpoint Spec.ConfigSource to the local Assigned
// record, attempting to checkpoint the payload associated with Spec.ConfigSource, attempting
// to load or validate the Assigned config, etc.
// Errors may occur at different points while syncing config. Earlier errors (e.g. download or
// checkpointing errors) will not result in a rollback to LastKnownGood, and may resolve across
// Kubelet retries. Later errors (e.g. loading or validating a checkpointed config) will result in
// a rollback to LastKnownGood. In the latter case, it is usually possible to resolve the error
// by fixing the config assigned in Spec.ConfigSource.
// You can find additional information for debugging by searching the error message in the Kubelet log.
// Error is a human-readable description of the error state; machines can check whether or not Error
// is empty, but should not rely on the stability of the Error text across Kubelet versions.
// +optional
Error string `json:"error,omitempty" protobuf:"bytes,4,opt,name=error"`
}
// NodeStatus is information about the current status of a node.
type NodeStatus struct {
// Capacity represents the total resources of a node.
@ -3938,6 +3941,9 @@ type NodeStatus struct {
// List of volumes that are attached to the node.
// +optional
VolumesAttached []AttachedVolume `json:"volumesAttached,omitempty" protobuf:"bytes,10,rep,name=volumesAttached"`
// Status of the config assigned to the node via the dynamic Kubelet config feature.
// +optional
Config *NodeConfigStatus `json:"config,omitempty" protobuf:"bytes,11,opt,name=config"`
}
type UniqueVolumeName string
@ -4025,8 +4031,6 @@ const (
NodePIDPressure NodeConditionType = "PIDPressure"
// NodeNetworkUnavailable means that network for the node is not correctly configured.
NodeNetworkUnavailable NodeConditionType = "NetworkUnavailable"
// NodeKubeletConfigOk indicates whether the kubelet is correctly configured
NodeKubeletConfigOk NodeConditionType = "KubeletConfigOk"
)
// NodeCondition contains condition information for a node.
@ -4086,8 +4090,6 @@ const (
// Local ephemeral storage, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024)
// The resource name for ResourceEphemeralStorage is alpha and it can change across releases.
ResourceEphemeralStorage ResourceName = "ephemeral-storage"
// NVIDIA GPU, in devices. Alpha, might change: although fractional and allowing values >1, only one whole device per node is assigned.
ResourceNvidiaGPU ResourceName = "alpha.kubernetes.io/nvidia-gpu"
)
const (
@ -4095,6 +4097,8 @@ const (
ResourceDefaultNamespacePrefix = "kubernetes.io/"
// Name prefix for huge page resources (alpha).
ResourceHugePagesPrefix = "hugepages-"
// Name prefix for storage resource limits
ResourceAttachableVolumesPrefix = "attachable-volumes-"
)
// ResourceList is a set of (resource name, quantity) pairs.
@ -4177,6 +4181,7 @@ const (
// +genclient
// +genclient:nonNamespaced
// +genclient:skipVerbs=deleteCollection
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// Namespace provides a scope for Names.
@ -4237,95 +4242,6 @@ type Preconditions struct {
UID *types.UID `json:"uid,omitempty" protobuf:"bytes,1,opt,name=uid,casttype=k8s.io/apimachinery/pkg/types.UID"`
}
// DeletionPropagation decides if a deletion will propagate to the dependents of the object, and how the garbage collector will handle the propagation.
type DeletionPropagation string
const (
// Orphans the dependents.
DeletePropagationOrphan DeletionPropagation = "Orphan"
// Deletes the object from the key-value store, the garbage collector will delete the dependents in the background.
DeletePropagationBackground DeletionPropagation = "Background"
// The object exists in the key-value store until the garbage collector deletes all the dependents whose ownerReference.blockOwnerDeletion=true from the key-value store.
// API sever will put the "DeletingDependents" finalizer on the object, and sets its deletionTimestamp.
// This policy is cascading, i.e., the dependents will be deleted with Foreground.
DeletePropagationForeground DeletionPropagation = "Foreground"
)
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// DeleteOptions may be provided when deleting an API object
// DEPRECATED: This type has been moved to meta/v1 and will be removed soon.
// +k8s:openapi-gen=false
type DeleteOptions struct {
metav1.TypeMeta `json:",inline"`
// The duration in seconds before the object should be deleted. Value must be non-negative integer.
// The value zero indicates delete immediately. If this value is nil, the default grace period for the
// specified type will be used.
// Defaults to a per object value if not specified. zero means delete immediately.
// +optional
GracePeriodSeconds *int64 `json:"gracePeriodSeconds,omitempty" protobuf:"varint,1,opt,name=gracePeriodSeconds"`
// Must be fulfilled before a deletion is carried out. If not possible, a 409 Conflict status will be
// returned.
// +optional
Preconditions *Preconditions `json:"preconditions,omitempty" protobuf:"bytes,2,opt,name=preconditions"`
// Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7.
// Should the dependent objects be orphaned. If true/false, the "orphan"
// finalizer will be added to/removed from the object's finalizers list.
// Either this field or PropagationPolicy may be set, but not both.
// +optional
OrphanDependents *bool `json:"orphanDependents,omitempty" protobuf:"varint,3,opt,name=orphanDependents"`
// Whether and how garbage collection will be performed.
// Either this field or OrphanDependents may be set, but not both.
// The default policy is decided by the existing finalizer set in the
// metadata.finalizers and the resource-specific default policy.
// Acceptable values are: 'Orphan' - orphan the dependents; 'Background' -
// allow the garbage collector to delete the dependents in the background;
// 'Foreground' - a cascading policy that deletes all dependents in the
// foreground.
// +optional
PropagationPolicy *DeletionPropagation `protobuf:"bytes,4,opt,name=propagationPolicy,casttype=DeletionPropagation"`
}
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// ListOptions is the query options to a standard REST list call.
// DEPRECATED: This type has been moved to meta/v1 and will be removed soon.
// +k8s:openapi-gen=false
type ListOptions struct {
metav1.TypeMeta `json:",inline"`
// A selector to restrict the list of returned objects by their labels.
// Defaults to everything.
// +optional
LabelSelector string `json:"labelSelector,omitempty" protobuf:"bytes,1,opt,name=labelSelector"`
// A selector to restrict the list of returned objects by their fields.
// Defaults to everything.
// +optional
FieldSelector string `json:"fieldSelector,omitempty" protobuf:"bytes,2,opt,name=fieldSelector"`
// If true, partially initialized resources are included in the response.
// +optional
IncludeUninitialized bool `json:"includeUninitialized,omitempty" protobuf:"varint,6,opt,name=includeUninitialized"`
// Watch for changes to the described resources and return them as a stream of
// add, update, and remove notifications. Specify resourceVersion.
// +optional
Watch bool `json:"watch,omitempty" protobuf:"varint,3,opt,name=watch"`
// When specified with a watch call, shows changes that occur after that particular version of a resource.
// Defaults to changes from the beginning of history.
// When specified for list:
// - if unset, then the result is returned from remote storage based on quorum-read flag;
// - if it's 0, then we simply return what we currently have in cache, no guarantee;
// - if set to non zero, then the result is at least as fresh as given rv.
// +optional
ResourceVersion string `json:"resourceVersion,omitempty" protobuf:"bytes,4,opt,name=resourceVersion"`
// Timeout for the list/watch call.
// +optional
TimeoutSeconds *int64 `json:"timeoutSeconds,omitempty" protobuf:"varint,5,opt,name=timeoutSeconds"`
}
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// PodLogOptions is the query options for a Pod's logs REST call.
@ -4810,11 +4726,13 @@ const (
ResourceQuotaScopeBestEffort ResourceQuotaScope = "BestEffort"
// Match all pod objects that do not have best effort quality of service
ResourceQuotaScopeNotBestEffort ResourceQuotaScope = "NotBestEffort"
// Match all pod objects that have priority class mentioned
ResourceQuotaScopePriorityClass ResourceQuotaScope = "PriorityClass"
)
// ResourceQuotaSpec defines the desired hard limits to enforce for Quota.
type ResourceQuotaSpec struct {
// Hard is the set of desired hard limits for each named resource.
// hard is the set of desired hard limits for each named resource.
// More info: https://kubernetes.io/docs/concepts/policy/resource-quotas/
// +optional
Hard ResourceList `json:"hard,omitempty" protobuf:"bytes,1,rep,name=hard,casttype=ResourceList,castkey=ResourceName"`
@ -4822,8 +4740,48 @@ type ResourceQuotaSpec struct {
// If not specified, the quota matches all objects.
// +optional
Scopes []ResourceQuotaScope `json:"scopes,omitempty" protobuf:"bytes,2,rep,name=scopes,casttype=ResourceQuotaScope"`
// scopeSelector is also a collection of filters like scopes that must match each object tracked by a quota
// but expressed using ScopeSelectorOperator in combination with possible values.
// For a resource to match, both scopes AND scopeSelector (if specified in spec), must be matched.
// +optional
ScopeSelector *ScopeSelector `json:"scopeSelector,omitempty" protobuf:"bytes,3,opt,name=scopeSelector"`
}
// A scope selector represents the AND of the selectors represented
// by the scoped-resource selector requirements.
type ScopeSelector struct {
// A list of scope selector requirements by scope of the resources.
// +optional
MatchExpressions []ScopedResourceSelectorRequirement `json:"matchExpressions,omitempty" protobuf:"bytes,1,rep,name=matchExpressions"`
}
// A scoped-resource selector requirement is a selector that contains values, a scope name, and an operator
// that relates the scope name and values.
type ScopedResourceSelectorRequirement struct {
// The name of the scope that the selector applies to.
ScopeName ResourceQuotaScope `json:"scopeName" protobuf:"bytes,1,opt,name=scopeName"`
// Represents a scope's relationship to a set of values.
// Valid operators are In, NotIn, Exists, DoesNotExist.
Operator ScopeSelectorOperator `json:"operator" protobuf:"bytes,2,opt,name=operator,casttype=ScopedResourceSelectorOperator"`
// An array of string values. If the operator is In or NotIn,
// the values array must be non-empty. If the operator is Exists or DoesNotExist,
// the values array must be empty.
// This array is replaced during a strategic merge patch.
// +optional
Values []string `json:"values,omitempty" protobuf:"bytes,3,rep,name=values"`
}
// A scope selector operator is the set of operators that can be used in
// a scope selector requirement.
type ScopeSelectorOperator string
const (
ScopeSelectorOpIn ScopeSelectorOperator = "In"
ScopeSelectorOpNotIn ScopeSelectorOperator = "NotIn"
ScopeSelectorOpExists ScopeSelectorOperator = "Exists"
ScopeSelectorOpDoesNotExist ScopeSelectorOperator = "DoesNotExist"
)
// ResourceQuotaStatus defines the enforced hard limits and observed use.
type ResourceQuotaStatus struct {
// Hard is the set of enforced hard limits for each named resource.
@ -5251,9 +5209,9 @@ const (
// Sysctl defines a kernel parameter to be set
type Sysctl struct {
// Name of a property to set
Name string `protobuf:"bytes,1,opt,name=name"`
Name string `json:"name" protobuf:"bytes,1,opt,name=name"`
// Value of a property to set
Value string `protobuf:"bytes,2,opt,name=value"`
Value string `json:"value" protobuf:"bytes,2,opt,name=value"`
}
// NodeResources is an object for conveying resource information about a node.

208
vendor/k8s.io/api/core/v1/types_swagger_doc_generated.go generated vendored
View file

@ -1,5 +1,5 @@
/*
Copyright 2016 The Kubernetes Authors.
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
@ -26,7 +26,7 @@ package v1
//
// Those methods can be generated by using hack/update-generated-swagger-docs.sh
// AUTO-GENERATED FUNCTIONS START HERE
// AUTO-GENERATED FUNCTIONS START HERE. DO NOT EDIT.
var map_AWSElasticBlockStoreVolumeSource = map[string]string{
"": "Represents a Persistent Disk resource in AWS.\n\nAn AWS EBS disk must exist before mounting to a container. The disk must also be in the same AWS zone as the kubelet. An AWS EBS disk can only be mounted as read/write once. AWS EBS volumes support ownership management and SELinux relabeling.",
"volumeID": "Unique ID of the persistent disk resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore",
@ -170,11 +170,24 @@ func (CephFSVolumeSource) SwaggerDoc() map[string]string {
return map_CephFSVolumeSource
}
var map_CinderPersistentVolumeSource = map[string]string{
"": "Represents a cinder volume resource in Openstack. A Cinder volume must exist before mounting to a container. The volume must also be in the same region as the kubelet. Cinder volumes support ownership management and SELinux relabeling.",
"volumeID": "volume id used to identify the volume in cinder More info: https://releases.k8s.io/HEAD/examples/mysql-cinder-pd/README.md",
"fsType": "Filesystem type to mount. Must be a filesystem type supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://releases.k8s.io/HEAD/examples/mysql-cinder-pd/README.md",
"readOnly": "Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://releases.k8s.io/HEAD/examples/mysql-cinder-pd/README.md",
"secretRef": "Optional: points to a secret object containing parameters used to connect to OpenStack.",
}
func (CinderPersistentVolumeSource) SwaggerDoc() map[string]string {
return map_CinderPersistentVolumeSource
}
var map_CinderVolumeSource = map[string]string{
"": "Represents a cinder volume resource in Openstack. A Cinder volume must exist before mounting to a container. The volume must also be in the same region as the kubelet. Cinder volumes support ownership management and SELinux relabeling.",
"volumeID": "volume id used to identify the volume in cinder More info: https://releases.k8s.io/HEAD/examples/mysql-cinder-pd/README.md",
"fsType": "Filesystem type to mount. Must be a filesystem type supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://releases.k8s.io/HEAD/examples/mysql-cinder-pd/README.md",
"readOnly": "Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://releases.k8s.io/HEAD/examples/mysql-cinder-pd/README.md",
"": "Represents a cinder volume resource in Openstack. A Cinder volume must exist before mounting to a container. The volume must also be in the same region as the kubelet. Cinder volumes support ownership management and SELinux relabeling.",
"volumeID": "volume id used to identify the volume in cinder More info: https://releases.k8s.io/HEAD/examples/mysql-cinder-pd/README.md",
"fsType": "Filesystem type to mount. Must be a filesystem type supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://releases.k8s.io/HEAD/examples/mysql-cinder-pd/README.md",
"readOnly": "Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://releases.k8s.io/HEAD/examples/mysql-cinder-pd/README.md",
"secretRef": "Optional: points to a secret object containing parameters used to connect to OpenStack.",
}
func (CinderVolumeSource) SwaggerDoc() map[string]string {
@ -262,6 +275,19 @@ func (ConfigMapList) SwaggerDoc() map[string]string {
return map_ConfigMapList
}
var map_ConfigMapNodeConfigSource = map[string]string{
"": "ConfigMapNodeConfigSource contains the information to reference a ConfigMap as a config source for the Node.",
"namespace": "Namespace is the metadata.namespace of the referenced ConfigMap. This field is required in all cases.",
"name": "Name is the metadata.name of the referenced ConfigMap. This field is required in all cases.",
"uid": "UID is the metadata.UID of the referenced ConfigMap. This field is forbidden in Node.Spec, and required in Node.Status.",
"resourceVersion": "ResourceVersion is the metadata.ResourceVersion of the referenced ConfigMap. This field is forbidden in Node.Spec, and required in Node.Status.",
"kubeletConfigKey": "KubeletConfigKey declares which key of the referenced ConfigMap corresponds to the KubeletConfiguration structure This field is required in all cases.",
}
func (ConfigMapNodeConfigSource) SwaggerDoc() map[string]string {
return map_ConfigMapNodeConfigSource
}
var map_ConfigMapProjection = map[string]string{
"": "Adapts a ConfigMap into a projected volume.\n\nThe contents of the target ConfigMap's Data field will be presented in a projected volume as files using the keys in the Data field as the file names, unless the items element is populated with specific mappings of keys to paths. Note that this is identical to a configmap volume source without the default mode.",
"items": "If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.",
@ -405,18 +431,6 @@ func (DaemonEndpoint) SwaggerDoc() map[string]string {
return map_DaemonEndpoint
}
var map_DeleteOptions = map[string]string{
"": "DeleteOptions may be provided when deleting an API object DEPRECATED: This type has been moved to meta/v1 and will be removed soon.",
"gracePeriodSeconds": "The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.",
"preconditions": "Must be fulfilled before a deletion is carried out. If not possible, a 409 Conflict status will be returned.",
"orphanDependents": "Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the \"orphan\" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.",
"PropagationPolicy": "Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.",
}
func (DeleteOptions) SwaggerDoc() map[string]string {
return map_DeleteOptions
}
var map_DownwardAPIProjection = map[string]string{
"": "Represents downward API info for projecting into a projected volume. Note that this is identical to a downwardAPI volume source without the default mode.",
"items": "Items is a list of DownwardAPIVolume file",
@ -671,7 +685,7 @@ func (GCEPersistentDiskVolumeSource) SwaggerDoc() map[string]string {
}
var map_GitRepoVolumeSource = map[string]string{
"": "Represents a volume that is populated with the contents of a git repository. Git repo volumes do not support ownership management. Git repo volumes support SELinux relabeling.",
"": "Represents a volume that is populated with the contents of a git repository. Git repo volumes do not support ownership management. Git repo volumes support SELinux relabeling.\n\nDEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container.",
"repository": "Repository URL",
"revision": "Commit hash for the specified revision.",
"directory": "Target directory name. Must not contain or start with '..'. If '.' is supplied, the volume directory will be the git repository. Otherwise, if specified, the volume will contain the git repository in the subdirectory with the given name.",
@ -848,20 +862,6 @@ func (LimitRangeSpec) SwaggerDoc() map[string]string {
return map_LimitRangeSpec
}
var map_ListOptions = map[string]string{
"": "ListOptions is the query options to a standard REST list call. DEPRECATED: This type has been moved to meta/v1 and will be removed soon.",
"labelSelector": "A selector to restrict the list of returned objects by their labels. Defaults to everything.",
"fieldSelector": "A selector to restrict the list of returned objects by their fields. Defaults to everything.",
"includeUninitialized": "If true, partially initialized resources are included in the response.",
"watch": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.",
"resourceVersion": "When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it's 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.",
"timeoutSeconds": "Timeout for the list/watch call.",
}
func (ListOptions) SwaggerDoc() map[string]string {
return map_ListOptions
}
var map_LoadBalancerIngress = map[string]string{
"": "LoadBalancerIngress represents the status of a load-balancer ingress point: traffic intended for the service should be sent to an ingress point.",
"ip": "IP is set for load-balancer ingress points that are IP based (typically GCE or OpenStack load-balancers)",
@ -891,8 +891,8 @@ func (LocalObjectReference) SwaggerDoc() map[string]string {
}
var map_LocalVolumeSource = map[string]string{
"": "Local represents directly-attached storage with node affinity",
"path": "The full path to the volume on the node For alpha, this path must be a directory Once block as a source is supported, then this path can point to a block device",
"": "Local represents directly-attached storage with node affinity (Beta feature)",
"path": "The full path to the volume on the node. It can be either a directory or block device (disk, partition, ...). Directories can be represented only by PersistentVolume with VolumeMode=Filesystem. Block devices can be represented only by VolumeMode=Block, which also requires the BlockVolume alpha feature gate to be enabled.",
}
func (LocalVolumeSource) SwaggerDoc() map[string]string {
@ -995,13 +995,26 @@ func (NodeCondition) SwaggerDoc() map[string]string {
}
var map_NodeConfigSource = map[string]string{
"": "NodeConfigSource specifies a source of node configuration. Exactly one subfield (excluding metadata) must be non-nil.",
"": "NodeConfigSource specifies a source of node configuration. Exactly one subfield (excluding metadata) must be non-nil.",
"configMap": "ConfigMap is a reference to a Node's ConfigMap",
}
func (NodeConfigSource) SwaggerDoc() map[string]string {
return map_NodeConfigSource
}
var map_NodeConfigStatus = map[string]string{
"": "NodeConfigStatus describes the status of the config assigned by Node.Spec.ConfigSource.",
"assigned": "Assigned reports the checkpointed config the node will try to use. When Node.Spec.ConfigSource is updated, the node checkpoints the associated config payload to local disk, along with a record indicating intended config. The node refers to this record to choose its config checkpoint, and reports this record in Assigned. Assigned only updates in the status after the record has been checkpointed to disk. When the Kubelet is restarted, it tries to make the Assigned config the Active config by loading and validating the checkpointed payload identified by Assigned.",
"active": "Active reports the checkpointed config the node is actively using. Active will represent either the current version of the Assigned config, or the current LastKnownGood config, depending on whether attempting to use the Assigned config results in an error.",
"lastKnownGood": "LastKnownGood reports the checkpointed config the node will fall back to when it encounters an error attempting to use the Assigned config. The Assigned config becomes the LastKnownGood config when the node determines that the Assigned config is stable and correct. This is currently implemented as a 10-minute soak period starting when the local record of Assigned config is updated. If the Assigned config is Active at the end of this period, it becomes the LastKnownGood. Note that if Spec.ConfigSource is reset to nil (use local defaults), the LastKnownGood is also immediately reset to nil, because the local default config is always assumed good. You should not make assumptions about the node's method of determining config stability and correctness, as this may change or become configurable in the future.",
"error": "Error describes any problems reconciling the Spec.ConfigSource to the Active config. Errors may occur, for example, attempting to checkpoint Spec.ConfigSource to the local Assigned record, attempting to checkpoint the payload associated with Spec.ConfigSource, attempting to load or validate the Assigned config, etc. Errors may occur at different points while syncing config. Earlier errors (e.g. download or checkpointing errors) will not result in a rollback to LastKnownGood, and may resolve across Kubelet retries. Later errors (e.g. loading or validating a checkpointed config) will result in a rollback to LastKnownGood. In the latter case, it is usually possible to resolve the error by fixing the config assigned in Spec.ConfigSource. You can find additional information for debugging by searching the error message in the Kubelet log. Error is a human-readable description of the error state; machines can check whether or not Error is empty, but should not rely on the stability of the Error text across Kubelet versions.",
}
func (NodeConfigStatus) SwaggerDoc() map[string]string {
return map_NodeConfigStatus
}
var map_NodeDaemonEndpoints = map[string]string{
"": "NodeDaemonEndpoints lists ports opened by daemons running on the Node.",
"kubeletEndpoint": "Endpoint on which Kubelet is listening.",
@ -1060,8 +1073,9 @@ func (NodeSelectorRequirement) SwaggerDoc() map[string]string {
}
var map_NodeSelectorTerm = map[string]string{
"": "A null or empty node selector term matches no objects.",
"matchExpressions": "Required. A list of node selector requirements. The requirements are ANDed.",
"": "A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.",
"matchExpressions": "A list of node selector requirements by node's labels.",
"matchFields": "A list of node selector requirements by node's fields.",
}
func (NodeSelectorTerm) SwaggerDoc() map[string]string {
@ -1071,11 +1085,11 @@ func (NodeSelectorTerm) SwaggerDoc() map[string]string {
var map_NodeSpec = map[string]string{
"": "NodeSpec describes the attributes that a node is created with.",
"podCIDR": "PodCIDR represents the pod IP range assigned to the node.",
"externalID": "External ID of the node assigned by some machine database (e.g. a cloud provider). Deprecated.",
"providerID": "ID of the node assigned by the cloud provider in the format: <ProviderName>://<ProviderSpecificNodeID>",
"unschedulable": "Unschedulable controls node schedulability of new pods. By default, node is schedulable. More info: https://kubernetes.io/docs/concepts/nodes/node/#manual-node-administration",
"taints": "If specified, the node's taints.",
"configSource": "If specified, the source to get node configuration from The DynamicKubeletConfig feature gate must be enabled for the Kubelet to use this field",
"externalID": "Deprecated. Not all kubelets will set this field. Remove field after 1.13. see: https://issues.k8s.io/61966",
}
func (NodeSpec) SwaggerDoc() map[string]string {
@ -1094,6 +1108,7 @@ var map_NodeStatus = map[string]string{
"images": "List of container images on this node",
"volumesInUse": "List of attachable volumes in use (mounted) by the node.",
"volumesAttached": "List of volumes that are attached to the node.",
"config": "Status of the config assigned to the node via the dynamic Kubelet config feature.",
}
func (NodeStatus) SwaggerDoc() map[string]string {
@ -1128,30 +1143,6 @@ func (ObjectFieldSelector) SwaggerDoc() map[string]string {
return map_ObjectFieldSelector
}
var map_ObjectMeta = map[string]string{
"": "ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create. DEPRECATED: Use k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta instead - this type will be removed soon.",
"name": "Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names",
"generateName": "GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\n\nIf this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).\n\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#idempotency",
"namespace": "Namespace defines the space within each name must be unique. An empty namespace is equivalent to the \"default\" namespace, but \"default\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\n\nMust be a DNS_LABEL. Cannot be updated. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/",
"selfLink": "SelfLink is a URL representing this object. Populated by the system. Read-only.",
"uid": "UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\n\nPopulated by the system. Read-only. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids",
"resourceVersion": "An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.\n\nPopulated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#concurrency-control-and-consistency",
"generation": "A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.",
"creationTimestamp": "CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.\n\nPopulated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata",
"deletionTimestamp": "DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field. Once set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.\n\nPopulated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata",
"deletionGracePeriodSeconds": "Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.",
"labels": "Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/",
"annotations": "Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/",
"ownerReferences": "List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.",
"initializers": "An initializer is a controller which enforces some system invariant at object creation time. This field is a list of initializers that have not yet acted on this object. If nil or empty, this object has been completely initialized. Otherwise, the object is considered uninitialized and is hidden (in list/watch and get calls) from clients that haven't explicitly asked to observe uninitialized objects.\n\nWhen an object is created, the system will populate this list with the current set of initializers. Only privileged users may set or modify this list. Once it is empty, it may not be modified further by any user.",
"finalizers": "Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed.",
"clusterName": "The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.",
}
func (ObjectMeta) SwaggerDoc() map[string]string {
return map_ObjectMeta
}
var map_ObjectReference = map[string]string{
"": "ObjectReference contains enough information to let you inspect or modify the referred object.",
"kind": "Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds",
@ -1381,7 +1372,7 @@ func (PodAttachOptions) SwaggerDoc() map[string]string {
var map_PodCondition = map[string]string{
"": "PodCondition contains details for the current condition of this pod.",
"type": "Type is the type of the condition. Currently only Ready. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-conditions",
"type": "Type is the type of the condition. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-conditions",
"status": "Status is the status of the condition. Can be True, False, Unknown. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-conditions",
"lastProbeTime": "Last time we probed the condition.",
"lastTransitionTime": "Last time the condition transitioned from one status to another.",
@ -1471,6 +1462,15 @@ func (PodProxyOptions) SwaggerDoc() map[string]string {
return map_PodProxyOptions
}
var map_PodReadinessGate = map[string]string{
"": "PodReadinessGate contains the reference to a pod condition",
"conditionType": "ConditionType refers to a condition in the pod's condition list with matching type.",
}
func (PodReadinessGate) SwaggerDoc() map[string]string {
return map_PodReadinessGate
}
var map_PodSecurityContext = map[string]string{
"": "PodSecurityContext holds pod-level security attributes and common container settings. Some fields are also present in container.securityContext. Field values of container.securityContext take precedence over field values of PodSecurityContext.",
"seLinuxOptions": "The SELinux context to be applied to all containers. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container.",
@ -1479,6 +1479,7 @@ var map_PodSecurityContext = map[string]string{
"runAsNonRoot": "Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.",
"supplementalGroups": "A list of groups applied to the first process run in each container, in addition to the container's primary GID. If unspecified, no groups will be added to any container.",
"fsGroup": "A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod:\n\n1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw ",
"sysctls": "Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch.",
}
func (PodSecurityContext) SwaggerDoc() map[string]string {
@ -1523,6 +1524,7 @@ var map_PodSpec = map[string]string{
"priorityClassName": "If specified, indicates the pod's priority. \"system-node-critical\" and \"system-cluster-critical\" are two special keywords which indicate the highest priorities with the former being the highest priority. Any other name must be defined by creating a PriorityClass object with that name. If not specified, the pod priority will be default or zero if there is no default.",
"priority": "The priority value. Various system components use this field to find the priority of the pod. When Priority Admission Controller is enabled, it prevents users from setting this field. The admission controller populates this field from PriorityClassName. The higher the value, the higher the priority.",
"dnsConfig": "Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy.",
"readinessGates": "If specified, all readiness gates will be evaluated for pod readiness. A pod is ready when all its containers are ready AND all conditions specified in the readiness gates have status equal to \"True\" More info: https://github.com/kubernetes/community/blob/master/keps/sig-network/0007-pod-ready%2B%2B.md",
}
func (PodSpec) SwaggerDoc() map[string]string {
@ -1530,8 +1532,8 @@ func (PodSpec) SwaggerDoc() map[string]string {
}
var map_PodStatus = map[string]string{
"": "PodStatus represents information about the status of a pod. Status may trail the actual state of a system.",
"phase": "Current condition of the pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-phase",
"": "PodStatus represents information about the status of a pod. Status may trail the actual state of a system, especially if the node that hosts the pod cannot contact the control plane.",
"phase": "The phase of a Pod is a simple, high-level summary of where the Pod is in its lifecycle. The conditions array, the reason and message fields, and the individual container status arrays contain more detail about the pod's status. There are five possible phase values:\n\nPending: The pod has been accepted by the Kubernetes system, but one or more of the container images has not been created. This includes time before being scheduled as well as time spent downloading images over the network, which could take a while. Running: The pod has been bound to a node, and all of the containers have been created. At least one container is still running, or is in the process of starting or restarting. Succeeded: All containers in the pod have terminated in success, and will not be restarted. Failed: All containers in the pod have terminated, and at least one container has terminated in failure. The container either exited with non-zero status or was terminated by the system. Unknown: For some reason the state of the pod could not be obtained, typically due to an error in communicating with the host of the pod.\n\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-phase",
"conditions": "Current service state of pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-conditions",
"message": "A human readable message indicating details about why the pod is in this condition.",
"reason": "A brief CamelCase message indicating details about why the pod is in this state. e.g. 'Evicted'",
@ -1802,9 +1804,10 @@ func (ResourceQuotaList) SwaggerDoc() map[string]string {
}
var map_ResourceQuotaSpec = map[string]string{
"": "ResourceQuotaSpec defines the desired hard limits to enforce for Quota.",
"hard": "Hard is the set of desired hard limits for each named resource. More info: https://kubernetes.io/docs/concepts/policy/resource-quotas/",
"scopes": "A collection of filters that must match each object tracked by a quota. If not specified, the quota matches all objects.",
"": "ResourceQuotaSpec defines the desired hard limits to enforce for Quota.",
"hard": "hard is the set of desired hard limits for each named resource. More info: https://kubernetes.io/docs/concepts/policy/resource-quotas/",
"scopes": "A collection of filters that must match each object tracked by a quota. If not specified, the quota matches all objects.",
"scopeSelector": "scopeSelector is also a collection of filters like scopes that must match each object tracked by a quota but expressed using ScopeSelectorOperator in combination with possible values. For a resource to match, both scopes AND scopeSelector (if specified in spec), must be matched.",
}
func (ResourceQuotaSpec) SwaggerDoc() map[string]string {
@ -1879,6 +1882,26 @@ func (ScaleIOVolumeSource) SwaggerDoc() map[string]string {
return map_ScaleIOVolumeSource
}
var map_ScopeSelector = map[string]string{
"": "A scope selector represents the AND of the selectors represented by the scoped-resource selector requirements.",
"matchExpressions": "A list of scope selector requirements by scope of the resources.",
}
func (ScopeSelector) SwaggerDoc() map[string]string {
return map_ScopeSelector
}
var map_ScopedResourceSelectorRequirement = map[string]string{
"": "A scoped-resource selector requirement is a selector that contains values, a scope name, and an operator that relates the scope name and values.",
"scopeName": "The name of the scope that the selector applies to.",
"operator": "Represents a scope's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist.",
"values": "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.",
}
func (ScopedResourceSelectorRequirement) SwaggerDoc() map[string]string {
return map_ScopedResourceSelectorRequirement
}
var map_Secret = map[string]string{
"": "Secret holds secret data of a certain type. The total bytes of the values in the Data field must be less than MaxSecretSize bytes.",
"metadata": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata",
@ -2010,6 +2033,17 @@ func (ServiceAccountList) SwaggerDoc() map[string]string {
return map_ServiceAccountList
}
var map_ServiceAccountTokenProjection = map[string]string{
"": "ServiceAccountTokenProjection represents a projected service account token volume. This projection can be used to insert a service account token into the pods runtime filesystem for use against APIs (Kubernetes API Server or otherwise).",
"audience": "Audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver.",
"expirationSeconds": "ExpirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes.",
"path": "Path is the path relative to the mount point of the file to project the token into.",
}
func (ServiceAccountTokenProjection) SwaggerDoc() map[string]string {
return map_ServiceAccountTokenProjection
}
var map_ServiceList = map[string]string{
"": "ServiceList holds a list of services.",
"metadata": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds",
@ -2055,7 +2089,7 @@ var map_ServiceSpec = map[string]string{
"externalName": "externalName is the external reference that kubedns or equivalent will return as a CNAME record for this service. No proxying will be involved. Must be a valid RFC-1123 hostname (https://tools.ietf.org/html/rfc1123) and requires Type to be ExternalName.",
"externalTrafficPolicy": "externalTrafficPolicy denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints. \"Local\" preserves the client source IP and avoids a second hop for LoadBalancer and Nodeport type services, but risks potentially imbalanced traffic spreading. \"Cluster\" obscures the client source IP and may cause a second hop to another node, but should have good overall load-spreading.",
"healthCheckNodePort": "healthCheckNodePort specifies the healthcheck nodePort for the service. If not specified, HealthCheckNodePort is created by the service api backend with the allocated nodePort. Will use user-specified nodePort value if specified by the client. Only effects when Type is set to LoadBalancer and ExternalTrafficPolicy is set to Local.",
"publishNotReadyAddresses": "publishNotReadyAddresses, when set to true, indicates that DNS implementations must publish the notReadyAddresses of subsets for the Endpoints associated with the Service. The default value is false. The primary use case for setting this field is to use a StatefulSet's Headless Service to propagate SRV records for its Pods without respect to their readiness for purpose of peer discovery. This field will replace the service.alpha.kubernetes.io/tolerate-unready-endpoints when that annotation is deprecated and all clients have been converted to use this field.",
"publishNotReadyAddresses": "publishNotReadyAddresses, when set to true, indicates that DNS implementations must publish the notReadyAddresses of subsets for the Endpoints associated with the Service. The default value is false. The primary use case for setting this field is to use a StatefulSet's Headless Service to propagate SRV records for its Pods without respect to their readiness for purpose of peer discovery.",
"sessionAffinityConfig": "sessionAffinityConfig contains the configurations of session affinity.",
}
@ -2109,8 +2143,8 @@ func (StorageOSVolumeSource) SwaggerDoc() map[string]string {
var map_Sysctl = map[string]string{
"": "Sysctl defines a kernel parameter to be set",
"Name": "Name of a property to set",
"Value": "Value of a property to set",
"name": "Name of a property to set",
"value": "Value of a property to set",
}
func (Sysctl) SwaggerDoc() map[string]string {
@ -2152,6 +2186,25 @@ func (Toleration) SwaggerDoc() map[string]string {
return map_Toleration
}
var map_TopologySelectorLabelRequirement = map[string]string{
"": "A topology selector requirement is a selector that matches given label. This is an alpha feature and may change in the future.",
"key": "The label key that the selector applies to.",
"values": "An array of string values. One value must match the label to be selected. Each entry in Values is ORed.",
}
func (TopologySelectorLabelRequirement) SwaggerDoc() map[string]string {
return map_TopologySelectorLabelRequirement
}
var map_TopologySelectorTerm = map[string]string{
"": "A topology selector term represents the result of label queries. A null or empty topology selector term matches no objects. The requirements of them are ANDed. It provides a subset of functionality as NodeSelectorTerm. This is an alpha feature and may change in the future.",
"matchLabelExpressions": "A list of topology selector requirements by labels.",
}
func (TopologySelectorTerm) SwaggerDoc() map[string]string {
return map_TopologySelectorTerm
}
var map_Volume = map[string]string{
"": "Volume represents a named volume in a pod that may be accessed by any container in the pod.",
"name": "Volume's name. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names",
@ -2194,10 +2247,11 @@ func (VolumeNodeAffinity) SwaggerDoc() map[string]string {
}
var map_VolumeProjection = map[string]string{
"": "Projection that may be projected along with other supported volume types",
"secret": "information about the secret data to project",
"downwardAPI": "information about the downwardAPI data to project",
"configMap": "information about the configMap data to project",
"": "Projection that may be projected along with other supported volume types",
"secret": "information about the secret data to project",
"downwardAPI": "information about the downwardAPI data to project",
"configMap": "information about the configMap data to project",
"serviceAccountToken": "information about the serviceAccountToken data to project",
}
func (VolumeProjection) SwaggerDoc() map[string]string {
@ -2210,7 +2264,7 @@ var map_VolumeSource = map[string]string{
"emptyDir": "EmptyDir represents a temporary directory that shares a pod's lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir",
"gcePersistentDisk": "GCEPersistentDisk represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk",
"awsElasticBlockStore": "AWSElasticBlockStore represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore",
"gitRepo": "GitRepo represents a git repository at a particular revision.",
"gitRepo": "GitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container.",
"secret": "Secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret",
"nfs": "NFS represents an NFS mount on the host that shares a pod's lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs",
"iscsi": "ISCSI represents an ISCSI Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://releases.k8s.io/HEAD/examples/volumes/iscsi/README.md",

447
vendor/k8s.io/api/core/v1/zz_generated.deepcopy.go generated vendored
View file

@ -1,7 +1,7 @@
// +build !ignore_autogenerated
/*
Copyright 2018 The Kubernetes Authors.
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
@ -380,9 +380,43 @@ func (in *CephFSVolumeSource) DeepCopy() *CephFSVolumeSource {
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *CinderPersistentVolumeSource) DeepCopyInto(out *CinderPersistentVolumeSource) {
*out = *in
if in.SecretRef != nil {
in, out := &in.SecretRef, &out.SecretRef
if *in == nil {
*out = nil
} else {
*out = new(SecretReference)
**out = **in
}
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CinderPersistentVolumeSource.
func (in *CinderPersistentVolumeSource) DeepCopy() *CinderPersistentVolumeSource {
if in == nil {
return nil
}
out := new(CinderPersistentVolumeSource)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *CinderVolumeSource) DeepCopyInto(out *CinderVolumeSource) {
*out = *in
if in.SecretRef != nil {
in, out := &in.SecretRef, &out.SecretRef
if *in == nil {
*out = nil
} else {
*out = new(LocalObjectReference)
**out = **in
}
}
return
}
@ -631,6 +665,22 @@ func (in *ConfigMapList) DeepCopyObject() runtime.Object {
return nil
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ConfigMapNodeConfigSource) DeepCopyInto(out *ConfigMapNodeConfigSource) {
*out = *in
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConfigMapNodeConfigSource.
func (in *ConfigMapNodeConfigSource) DeepCopy() *ConfigMapNodeConfigSource {
if in == nil {
return nil
}
out := new(ConfigMapNodeConfigSource)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ConfigMapProjection) DeepCopyInto(out *ConfigMapProjection) {
*out = *in
@ -965,67 +1015,6 @@ func (in *DaemonEndpoint) DeepCopy() *DaemonEndpoint {
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *DeleteOptions) DeepCopyInto(out *DeleteOptions) {
*out = *in
out.TypeMeta = in.TypeMeta
if in.GracePeriodSeconds != nil {
in, out := &in.GracePeriodSeconds, &out.GracePeriodSeconds
if *in == nil {
*out = nil
} else {
*out = new(int64)
**out = **in
}
}
if in.Preconditions != nil {
in, out := &in.Preconditions, &out.Preconditions
if *in == nil {
*out = nil
} else {
*out = new(Preconditions)
(*in).DeepCopyInto(*out)
}
}
if in.OrphanDependents != nil {
in, out := &in.OrphanDependents, &out.OrphanDependents
if *in == nil {
*out = nil
} else {
*out = new(bool)
**out = **in
}
}
if in.PropagationPolicy != nil {
in, out := &in.PropagationPolicy, &out.PropagationPolicy
if *in == nil {
*out = nil
} else {
*out = new(DeletionPropagation)
**out = **in
}
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DeleteOptions.
func (in *DeleteOptions) DeepCopy() *DeleteOptions {
if in == nil {
return nil
}
out := new(DeleteOptions)
in.DeepCopyInto(out)
return out
}
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (in *DeleteOptions) DeepCopyObject() runtime.Object {
if c := in.DeepCopy(); c != nil {
return c
}
return nil
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *DownwardAPIProjection) DeepCopyInto(out *DownwardAPIProjection) {
*out = *in
@ -2141,40 +2130,6 @@ func (in *List) DeepCopyObject() runtime.Object {
return nil
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ListOptions) DeepCopyInto(out *ListOptions) {
*out = *in
out.TypeMeta = in.TypeMeta
if in.TimeoutSeconds != nil {
in, out := &in.TimeoutSeconds, &out.TimeoutSeconds
if *in == nil {
*out = nil
} else {
*out = new(int64)
**out = **in
}
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ListOptions.
func (in *ListOptions) DeepCopy() *ListOptions {
if in == nil {
return nil
}
out := new(ListOptions)
in.DeepCopyInto(out)
return out
}
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (in *ListOptions) DeepCopyObject() runtime.Object {
if c := in.DeepCopy(); c != nil {
return c
}
return nil
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *LoadBalancerIngress) DeepCopyInto(out *LoadBalancerIngress) {
*out = *in
@ -2455,13 +2410,12 @@ func (in *NodeCondition) DeepCopy() *NodeCondition {
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *NodeConfigSource) DeepCopyInto(out *NodeConfigSource) {
*out = *in
out.TypeMeta = in.TypeMeta
if in.ConfigMapRef != nil {
in, out := &in.ConfigMapRef, &out.ConfigMapRef
if in.ConfigMap != nil {
in, out := &in.ConfigMap, &out.ConfigMap
if *in == nil {
*out = nil
} else {
*out = new(ObjectReference)
*out = new(ConfigMapNodeConfigSource)
**out = **in
}
}
@ -2478,12 +2432,47 @@ func (in *NodeConfigSource) DeepCopy() *NodeConfigSource {
return out
}
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (in *NodeConfigSource) DeepCopyObject() runtime.Object {
if c := in.DeepCopy(); c != nil {
return c
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *NodeConfigStatus) DeepCopyInto(out *NodeConfigStatus) {
*out = *in
if in.Assigned != nil {
in, out := &in.Assigned, &out.Assigned
if *in == nil {
*out = nil
} else {
*out = new(NodeConfigSource)
(*in).DeepCopyInto(*out)
}
}
return nil
if in.Active != nil {
in, out := &in.Active, &out.Active
if *in == nil {
*out = nil
} else {
*out = new(NodeConfigSource)
(*in).DeepCopyInto(*out)
}
}
if in.LastKnownGood != nil {
in, out := &in.LastKnownGood, &out.LastKnownGood
if *in == nil {
*out = nil
} else {
*out = new(NodeConfigSource)
(*in).DeepCopyInto(*out)
}
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NodeConfigStatus.
func (in *NodeConfigStatus) DeepCopy() *NodeConfigStatus {
if in == nil {
return nil
}
out := new(NodeConfigStatus)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
@ -2638,6 +2627,13 @@ func (in *NodeSelectorTerm) DeepCopyInto(out *NodeSelectorTerm) {
(*in)[i].DeepCopyInto(&(*out)[i])
}
}
if in.MatchFields != nil {
in, out := &in.MatchFields, &out.MatchFields
*out = make([]NodeSelectorRequirement, len(*in))
for i := range *in {
(*in)[i].DeepCopyInto(&(*out)[i])
}
}
return
}
@ -2731,6 +2727,15 @@ func (in *NodeStatus) DeepCopyInto(out *NodeStatus) {
*out = make([]AttachedVolume, len(*in))
copy(*out, *in)
}
if in.Config != nil {
in, out := &in.Config, &out.Config
if *in == nil {
*out = nil
} else {
*out = new(NodeConfigStatus)
(*in).DeepCopyInto(*out)
}
}
return
}
@ -2776,75 +2781,6 @@ func (in *ObjectFieldSelector) DeepCopy() *ObjectFieldSelector {
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ObjectMeta) DeepCopyInto(out *ObjectMeta) {
*out = *in
in.CreationTimestamp.DeepCopyInto(&out.CreationTimestamp)
if in.DeletionTimestamp != nil {
in, out := &in.DeletionTimestamp, &out.DeletionTimestamp
if *in == nil {
*out = nil
} else {
*out = (*in).DeepCopy()
}
}
if in.DeletionGracePeriodSeconds != nil {
in, out := &in.DeletionGracePeriodSeconds, &out.DeletionGracePeriodSeconds
if *in == nil {
*out = nil
} else {
*out = new(int64)
**out = **in
}
}
if in.Labels != nil {
in, out := &in.Labels, &out.Labels
*out = make(map[string]string, len(*in))
for key, val := range *in {
(*out)[key] = val
}
}
if in.Annotations != nil {
in, out := &in.Annotations, &out.Annotations
*out = make(map[string]string, len(*in))
for key, val := range *in {
(*out)[key] = val
}
}
if in.OwnerReferences != nil {
in, out := &in.OwnerReferences, &out.OwnerReferences
*out = make([]meta_v1.OwnerReference, len(*in))
for i := range *in {
(*in)[i].DeepCopyInto(&(*out)[i])
}
}
if in.Initializers != nil {
in, out := &in.Initializers, &out.Initializers
if *in == nil {
*out = nil
} else {
*out = new(meta_v1.Initializers)
(*in).DeepCopyInto(*out)
}
}
if in.Finalizers != nil {
in, out := &in.Finalizers, &out.Finalizers
*out = make([]string, len(*in))
copy(*out, *in)
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ObjectMeta.
func (in *ObjectMeta) DeepCopy() *ObjectMeta {
if in == nil {
return nil
}
out := new(ObjectMeta)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ObjectReference) DeepCopyInto(out *ObjectReference) {
*out = *in
@ -3180,8 +3116,8 @@ func (in *PersistentVolumeSource) DeepCopyInto(out *PersistentVolumeSource) {
if *in == nil {
*out = nil
} else {
*out = new(CinderVolumeSource)
**out = **in
*out = new(CinderPersistentVolumeSource)
(*in).DeepCopyInto(*out)
}
}
if in.CephFS != nil {
@ -3813,6 +3749,22 @@ func (in *PodProxyOptions) DeepCopyObject() runtime.Object {
return nil
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *PodReadinessGate) DeepCopyInto(out *PodReadinessGate) {
*out = *in
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PodReadinessGate.
func (in *PodReadinessGate) DeepCopy() *PodReadinessGate {
if in == nil {
return nil
}
out := new(PodReadinessGate)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *PodSecurityContext) DeepCopyInto(out *PodSecurityContext) {
*out = *in
@ -3866,6 +3818,11 @@ func (in *PodSecurityContext) DeepCopyInto(out *PodSecurityContext) {
**out = **in
}
}
if in.Sysctls != nil {
in, out := &in.Sysctls, &out.Sysctls
*out = make([]Sysctl, len(*in))
copy(*out, *in)
}
return
}
@ -4026,6 +3983,11 @@ func (in *PodSpec) DeepCopyInto(out *PodSpec) {
(*in).DeepCopyInto(*out)
}
}
if in.ReadinessGates != nil {
in, out := &in.ReadinessGates, &out.ReadinessGates
*out = make([]PodReadinessGate, len(*in))
copy(*out, *in)
}
return
}
@ -4678,6 +4640,15 @@ func (in *ResourceQuotaSpec) DeepCopyInto(out *ResourceQuotaSpec) {
*out = make([]ResourceQuotaScope, len(*in))
copy(*out, *in)
}
if in.ScopeSelector != nil {
in, out := &in.ScopeSelector, &out.ScopeSelector
if *in == nil {
*out = nil
} else {
*out = new(ScopeSelector)
(*in).DeepCopyInto(*out)
}
}
return
}
@ -4817,6 +4788,50 @@ func (in *ScaleIOVolumeSource) DeepCopy() *ScaleIOVolumeSource {
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ScopeSelector) DeepCopyInto(out *ScopeSelector) {
*out = *in
if in.MatchExpressions != nil {
in, out := &in.MatchExpressions, &out.MatchExpressions
*out = make([]ScopedResourceSelectorRequirement, len(*in))
for i := range *in {
(*in)[i].DeepCopyInto(&(*out)[i])
}
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ScopeSelector.
func (in *ScopeSelector) DeepCopy() *ScopeSelector {
if in == nil {
return nil
}
out := new(ScopeSelector)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ScopedResourceSelectorRequirement) DeepCopyInto(out *ScopedResourceSelectorRequirement) {
*out = *in
if in.Values != nil {
in, out := &in.Values, &out.Values
*out = make([]string, len(*in))
copy(*out, *in)
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ScopedResourceSelectorRequirement.
func (in *ScopedResourceSelectorRequirement) DeepCopy() *ScopedResourceSelectorRequirement {
if in == nil {
return nil
}
out := new(ScopedResourceSelectorRequirement)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *Secret) DeepCopyInto(out *Secret) {
*out = *in
@ -5257,6 +5272,31 @@ func (in *ServiceAccountList) DeepCopyObject() runtime.Object {
return nil
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ServiceAccountTokenProjection) DeepCopyInto(out *ServiceAccountTokenProjection) {
*out = *in
if in.ExpirationSeconds != nil {
in, out := &in.ExpirationSeconds, &out.ExpirationSeconds
if *in == nil {
*out = nil
} else {
*out = new(int64)
**out = **in
}
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceAccountTokenProjection.
func (in *ServiceAccountTokenProjection) DeepCopy() *ServiceAccountTokenProjection {
if in == nil {
return nil
}
out := new(ServiceAccountTokenProjection)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ServiceList) DeepCopyInto(out *ServiceList) {
*out = *in
@ -5553,6 +5593,50 @@ func (in *Toleration) DeepCopy() *Toleration {
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *TopologySelectorLabelRequirement) DeepCopyInto(out *TopologySelectorLabelRequirement) {
*out = *in
if in.Values != nil {
in, out := &in.Values, &out.Values
*out = make([]string, len(*in))
copy(*out, *in)
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TopologySelectorLabelRequirement.
func (in *TopologySelectorLabelRequirement) DeepCopy() *TopologySelectorLabelRequirement {
if in == nil {
return nil
}
out := new(TopologySelectorLabelRequirement)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *TopologySelectorTerm) DeepCopyInto(out *TopologySelectorTerm) {
*out = *in
if in.MatchLabelExpressions != nil {
in, out := &in.MatchLabelExpressions, &out.MatchLabelExpressions
*out = make([]TopologySelectorLabelRequirement, len(*in))
for i := range *in {
(*in)[i].DeepCopyInto(&(*out)[i])
}
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TopologySelectorTerm.
func (in *TopologySelectorTerm) DeepCopy() *TopologySelectorTerm {
if in == nil {
return nil
}
out := new(TopologySelectorTerm)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *Volume) DeepCopyInto(out *Volume) {
*out = *in
@ -5666,6 +5750,15 @@ func (in *VolumeProjection) DeepCopyInto(out *VolumeProjection) {
(*in).DeepCopyInto(*out)
}
}
if in.ServiceAccountToken != nil {
in, out := &in.ServiceAccountToken, &out.ServiceAccountToken
if *in == nil {
*out = nil
} else {
*out = new(ServiceAccountTokenProjection)
(*in).DeepCopyInto(*out)
}
}
return
}
@ -5796,7 +5889,7 @@ func (in *VolumeSource) DeepCopyInto(out *VolumeSource) {
*out = nil
} else {
*out = new(CinderVolumeSource)
**out = **in
(*in).DeepCopyInto(*out)
}
}
if in.CephFS != nil {

2
vendor/k8s.io/api/events/v1beta1/generated.pb.go generated vendored
View file

@ -1,5 +1,5 @@
/*
Copyright 2018 The Kubernetes Authors.
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.

2
vendor/k8s.io/api/events/v1beta1/generated.proto generated vendored
View file

@ -1,5 +1,5 @@
/*
Copyright 2018 The Kubernetes Authors.
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.

4
vendor/k8s.io/api/events/v1beta1/types_swagger_doc_generated.go generated vendored
View file

@ -1,5 +1,5 @@
/*
Copyright 2016 The Kubernetes Authors.
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
@ -26,7 +26,7 @@ package v1beta1
//
// Those methods can be generated by using hack/update-generated-swagger-docs.sh
// AUTO-GENERATED FUNCTIONS START HERE
// AUTO-GENERATED FUNCTIONS START HERE. DO NOT EDIT.
var map_Event = map[string]string{
"": "Event is a report of an event somewhere in the cluster. It generally denotes some state change in the system.",
"eventTime": "Required. Time when this Event was first observed.",

2
vendor/k8s.io/api/events/v1beta1/zz_generated.deepcopy.go generated vendored
View file

@ -1,7 +1,7 @@
// +build !ignore_autogenerated
/*
Copyright 2018 The Kubernetes Authors.
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.

592
vendor/k8s.io/api/extensions/v1beta1/generated.pb.go generated vendored
View file

@ -1,5 +1,5 @@
/*
Copyright 2018 The Kubernetes Authors.
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
@ -465,6 +465,14 @@ func (m *AllowedHostPath) MarshalTo(dAtA []byte) (int, error) {
i++
i = encodeVarintGenerated(dAtA, i, uint64(len(m.PathPrefix)))
i += copy(dAtA[i:], m.PathPrefix)
dAtA[i] = 0x10
i++
if m.ReadOnly {
dAtA[i] = 1
} else {
dAtA[i] = 0
}
i++
return i, nil
}
@ -2249,6 +2257,40 @@ func (m *PodSecurityPolicySpec) MarshalTo(dAtA []byte) (int, error) {
i += n
}
}
if len(m.AllowedUnsafeSysctls) > 0 {
for _, s := range m.AllowedUnsafeSysctls {
dAtA[i] = 0x9a
i++
dAtA[i] = 0x1
i++
l = len(s)
for l >= 1<<7 {
dAtA[i] = uint8(uint64(l)&0x7f | 0x80)
l >>= 7
i++
}
dAtA[i] = uint8(l)
i++
i += copy(dAtA[i:], s)
}
}
if len(m.ForbiddenSysctls) > 0 {
for _, s := range m.ForbiddenSysctls {
dAtA[i] = 0xa2
i++
dAtA[i] = 0x1
i++
l = len(s)
for l >= 1<<7 {
dAtA[i] = uint8(uint64(l)&0x7f | 0x80)
l >>= 7
i++
}
dAtA[i] = uint8(l)
i++
i += copy(dAtA[i:], s)
}
}
return i, nil
}
@ -2818,6 +2860,7 @@ func (m *AllowedHostPath) Size() (n int) {
_ = l
l = len(m.PathPrefix)
n += 1 + l + sovGenerated(uint64(l))
n += 2
return n
}
@ -3457,6 +3500,18 @@ func (m *PodSecurityPolicySpec) Size() (n int) {
n += 2 + l + sovGenerated(uint64(l))
}
}
if len(m.AllowedUnsafeSysctls) > 0 {
for _, s := range m.AllowedUnsafeSysctls {
l = len(s)
n += 2 + l + sovGenerated(uint64(l))
}
}
if len(m.ForbiddenSysctls) > 0 {
for _, s := range m.ForbiddenSysctls {
l = len(s)
n += 2 + l + sovGenerated(uint64(l))
}
}
return n
}
@ -3677,6 +3732,7 @@ func (this *AllowedHostPath) String() string {
}
s := strings.Join([]string{`&AllowedHostPath{`,
`PathPrefix:` + fmt.Sprintf("%v", this.PathPrefix) + `,`,
`ReadOnly:` + fmt.Sprintf("%v", this.ReadOnly) + `,`,
`}`,
}, "")
return s
@ -4189,6 +4245,8 @@ func (this *PodSecurityPolicySpec) String() string {
`AllowPrivilegeEscalation:` + valueToStringGenerated(this.AllowPrivilegeEscalation) + `,`,
`AllowedHostPaths:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.AllowedHostPaths), "AllowedHostPath", "AllowedHostPath", 1), `&`, ``, 1) + `,`,
`AllowedFlexVolumes:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.AllowedFlexVolumes), "AllowedFlexVolume", "AllowedFlexVolume", 1), `&`, ``, 1) + `,`,
`AllowedUnsafeSysctls:` + fmt.Sprintf("%v", this.AllowedUnsafeSysctls) + `,`,
`ForbiddenSysctls:` + fmt.Sprintf("%v", this.ForbiddenSysctls) + `,`,
`}`,
}, "")
return s
@ -4520,6 +4578,26 @@ func (m *AllowedHostPath) Unmarshal(dAtA []byte) error {
}
m.PathPrefix = string(dAtA[iNdEx:postIndex])
iNdEx = postIndex
case 2:
if wireType != 0 {
return fmt.Errorf("proto: wrong wireType = %d for field ReadOnly", wireType)
}
var v int
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowGenerated
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
v |= (int(b) & 0x7F) << shift
if b < 0x80 {
break
}
}
m.ReadOnly = bool(v != 0)
default:
iNdEx = preIndex
skippy, err := skipGenerated(dAtA[iNdEx:])
@ -10306,6 +10384,64 @@ func (m *PodSecurityPolicySpec) Unmarshal(dAtA []byte) error {
return err
}
iNdEx = postIndex
case 19:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field AllowedUnsafeSysctls", wireType)
}
var stringLen uint64
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowGenerated
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
stringLen |= (uint64(b) & 0x7F) << shift
if b < 0x80 {
break
}
}
intStringLen := int(stringLen)
if intStringLen < 0 {
return ErrInvalidLengthGenerated
}
postIndex := iNdEx + intStringLen
if postIndex > l {
return io.ErrUnexpectedEOF
}
m.AllowedUnsafeSysctls = append(m.AllowedUnsafeSysctls, string(dAtA[iNdEx:postIndex]))
iNdEx = postIndex
case 20:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field ForbiddenSysctls", wireType)
}
var stringLen uint64
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowGenerated
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
stringLen |= (uint64(b) & 0x7F) << shift
if b < 0x80 {
break
}
}
intStringLen := int(stringLen)
if intStringLen < 0 {
return ErrInvalidLengthGenerated
}
postIndex := iNdEx + intStringLen
if postIndex > l {
return io.ErrUnexpectedEOF
}
m.ForbiddenSysctls = append(m.ForbiddenSysctls, string(dAtA[iNdEx:postIndex]))
iNdEx = postIndex
default:
iNdEx = preIndex
skippy, err := skipGenerated(dAtA[iNdEx:])
@ -12285,229 +12421,233 @@ func init() {
}
var fileDescriptorGenerated = []byte{
// 3571 bytes of a gzipped FileDescriptorProto
0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xec, 0x5b, 0xcd, 0x6f, 0x1c, 0x47,
0x76, 0x57, 0xcf, 0x0c, 0x39, 0xc3, 0x47, 0xf1, 0xab, 0x28, 0x93, 0x63, 0xca, 0xe2, 0xc8, 0x6d,
0x40, 0x91, 0x1c, 0x69, 0xc6, 0x92, 0x2d, 0x59, 0xb1, 0x10, 0x3b, 0x1c, 0x52, 0x1f, 0x74, 0xf8,
0xa5, 0x1a, 0x52, 0x71, 0x8c, 0xc8, 0x71, 0x73, 0xa6, 0x38, 0x6c, 0xb1, 0xa7, 0xbb, 0xdd, 0x5d,
0x4d, 0x73, 0x80, 0x20, 0xc8, 0x21, 0x08, 0x10, 0x20, 0x41, 0x92, 0x83, 0xf3, 0x71, 0x8b, 0x2f,
0x39, 0x25, 0x48, 0x6e, 0xc9, 0xc1, 0x30, 0x10, 0xc0, 0x0b, 0x08, 0x0b, 0x2f, 0xe0, 0xdb, 0xfa,
0x44, 0xac, 0xe9, 0xd3, 0x62, 0xff, 0x81, 0x85, 0x0e, 0x8b, 0x45, 0x55, 0x57, 0x7f, 0x77, 0x73,
0x66, 0x68, 0x89, 0x58, 0x2c, 0xf6, 0xc6, 0xa9, 0xf7, 0xde, 0xef, 0xbd, 0x7a, 0xf5, 0xea, 0xbd,
0xd7, 0x55, 0x45, 0xb8, 0xb7, 0x77, 0xdb, 0xae, 0xaa, 0x46, 0x6d, 0xcf, 0xd9, 0x26, 0x96, 0x4e,
0x28, 0xb1, 0x6b, 0xfb, 0x44, 0x6f, 0x19, 0x56, 0x4d, 0x10, 0x14, 0x53, 0xad, 0x91, 0x03, 0x4a,
0x74, 0x5b, 0x35, 0x74, 0xbb, 0xb6, 0x7f, 0x7d, 0x9b, 0x50, 0xe5, 0x7a, 0xad, 0x4d, 0x74, 0x62,
0x29, 0x94, 0xb4, 0xaa, 0xa6, 0x65, 0x50, 0x03, 0x5d, 0x70, 0xd9, 0xab, 0x8a, 0xa9, 0x56, 0x03,
0xf6, 0xaa, 0x60, 0x9f, 0xbb, 0xd6, 0x56, 0xe9, 0xae, 0xb3, 0x5d, 0x6d, 0x1a, 0x9d, 0x5a, 0xdb,
0x68, 0x1b, 0x35, 0x2e, 0xb5, 0xed, 0xec, 0xf0, 0x5f, 0xfc, 0x07, 0xff, 0xcb, 0x45, 0x9b, 0x93,
0x43, 0xca, 0x9b, 0x86, 0x45, 0x6a, 0xfb, 0x09, 0x8d, 0x73, 0x57, 0x42, 0x3c, 0xa6, 0xa1, 0xa9,
0xcd, 0x6e, 0x96, 0x71, 0x73, 0x6f, 0x05, 0xac, 0x1d, 0xa5, 0xb9, 0xab, 0xea, 0xc4, 0xea, 0xd6,
0xcc, 0xbd, 0x36, 0x97, 0xb5, 0x88, 0x6d, 0x38, 0x56, 0x93, 0x0c, 0x24, 0x65, 0xd7, 0x3a, 0x84,
0x2a, 0x69, 0x66, 0xd5, 0xb2, 0xa4, 0x2c, 0x47, 0xa7, 0x6a, 0x27, 0xa9, 0xe6, 0x56, 0x2f, 0x01,
0xbb, 0xb9, 0x4b, 0x3a, 0x4a, 0x42, 0xee, 0xcd, 0x2c, 0x39, 0x87, 0xaa, 0x5a, 0x4d, 0xd5, 0xa9,
0x4d, 0xad, 0xb8, 0x90, 0x7c, 0x07, 0xa6, 0x16, 0x34, 0xcd, 0xf8, 0x94, 0xb4, 0xee, 0x69, 0xe4,
0xe0, 0x91, 0xa1, 0x39, 0x1d, 0x82, 0x2e, 0xc1, 0x70, 0xcb, 0x52, 0xf7, 0x89, 0x55, 0x96, 0x2e,
0x4a, 0x97, 0x47, 0xea, 0xe3, 0x4f, 0x0f, 0x2b, 0x67, 0x8e, 0x0e, 0x2b, 0xc3, 0x4b, 0x7c, 0x14,
0x0b, 0xaa, 0x7c, 0x17, 0x26, 0x84, 0xf0, 0x03, 0xc3, 0xa6, 0x1b, 0x0a, 0xdd, 0x45, 0x37, 0x00,
0x4c, 0x85, 0xee, 0x6e, 0x58, 0x64, 0x47, 0x3d, 0x10, 0xe2, 0x48, 0x88, 0xc3, 0x86, 0x4f, 0xc1,
0x21, 0x2e, 0xf9, 0xdf, 0x24, 0x78, 0x79, 0xd1, 0xb1, 0xa9, 0xd1, 0x59, 0x25, 0xd4, 0x52, 0x9b,
0x8b, 0x8e, 0x65, 0x11, 0x9d, 0x36, 0xa8, 0x42, 0x1d, 0x1b, 0x5d, 0x84, 0x82, 0xae, 0x74, 0x88,
0xc0, 0x3a, 0x2b, 0xb0, 0x0a, 0x6b, 0x4a, 0x87, 0x60, 0x4e, 0x41, 0x1f, 0xc2, 0xd0, 0xbe, 0xa2,
0x39, 0xa4, 0x9c, 0xbb, 0x28, 0x5d, 0x1e, 0xbd, 0x51, 0xad, 0x06, 0xa1, 0xe7, 0x3b, 0xa2, 0x6a,
0xee, 0xb5, 0x79, 0x2c, 0x7a, 0xab, 0x5b, 0x7d, 0xe8, 0x28, 0x3a, 0x55, 0x69, 0xb7, 0x7e, 0x4e,
0x40, 0x9e, 0x15, 0x7a, 0x1f, 0x31, 0x2c, 0xec, 0x42, 0xca, 0x7f, 0x09, 0x17, 0x32, 0x4d, 0x5b,
0x51, 0x6d, 0x8a, 0x1e, 0xc3, 0x90, 0x4a, 0x49, 0xc7, 0x2e, 0x4b, 0x17, 0xf3, 0x97, 0x47, 0x6f,
0xdc, 0xae, 0x1e, 0x1b, 0xf7, 0xd5, 0x4c, 0xb0, 0xfa, 0x98, 0x30, 0x63, 0x68, 0x99, 0xc1, 0x61,
0x17, 0x55, 0xfe, 0x27, 0x09, 0x50, 0x58, 0x66, 0x53, 0xb1, 0xda, 0x84, 0xf6, 0xe1, 0x94, 0x3f,
0xfd, 0x61, 0x4e, 0x99, 0x16, 0x90, 0xa3, 0xae, 0xc2, 0x88, 0x4f, 0x4c, 0x98, 0x49, 0x9a, 0xc4,
0x9d, 0xf1, 0x28, 0xea, 0x8c, 0xeb, 0x03, 0x38, 0xc3, 0x45, 0xc9, 0xf0, 0xc2, 0x67, 0x39, 0x18,
0x59, 0x52, 0x48, 0xc7, 0xd0, 0x1b, 0x84, 0xa2, 0x8f, 0xa1, 0xc4, 0x36, 0x5b, 0x4b, 0xa1, 0x0a,
0x77, 0xc0, 0xe8, 0x8d, 0x37, 0x8e, 0x9b, 0x9d, 0x5d, 0x65, 0xdc, 0xd5, 0xfd, 0xeb, 0xd5, 0xf5,
0xed, 0x27, 0xa4, 0x49, 0x57, 0x09, 0x55, 0x82, 0x98, 0x0c, 0xc6, 0xb0, 0x8f, 0x8a, 0xd6, 0xa0,
0x60, 0x9b, 0xa4, 0x29, 0x7c, 0x77, 0xb5, 0xc7, 0x34, 0x7c, 0xcb, 0x1a, 0x26, 0x69, 0x06, 0x8b,
0xc1, 0x7e, 0x61, 0x8e, 0x83, 0x1e, 0xc1, 0xb0, 0xcd, 0x57, 0xb9, 0x9c, 0x4f, 0xac, 0xc6, 0xf1,
0x88, 0x6e, 0x6c, 0xf8, 0x1b, 0xd0, 0xfd, 0x8d, 0x05, 0x9a, 0xfc, 0xf3, 0x1c, 0x20, 0x9f, 0x77,
0xd1, 0xd0, 0x5b, 0x2a, 0x55, 0x0d, 0x1d, 0xbd, 0x03, 0x05, 0xda, 0x35, 0xbd, 0xe8, 0xb8, 0xe4,
0x19, 0xb4, 0xd9, 0x35, 0xc9, 0xb3, 0xc3, 0xca, 0x4c, 0x52, 0x82, 0x51, 0x30, 0x97, 0x41, 0x2b,
0xbe, 0xa9, 0x39, 0x2e, 0xfd, 0x56, 0x54, 0xf5, 0xb3, 0xc3, 0x4a, 0x4a, 0x2e, 0xae, 0xfa, 0x48,
0x51, 0x03, 0xd1, 0x3e, 0x20, 0x4d, 0xb1, 0xe9, 0xa6, 0xa5, 0xe8, 0xb6, 0xab, 0x49, 0xed, 0x10,
0xe1, 0x84, 0xd7, 0xfb, 0x5b, 0x34, 0x26, 0x51, 0x9f, 0x13, 0x56, 0xa0, 0x95, 0x04, 0x1a, 0x4e,
0xd1, 0xc0, 0x32, 0x98, 0x45, 0x14, 0xdb, 0xd0, 0xcb, 0x85, 0x68, 0x06, 0xc3, 0x7c, 0x14, 0x0b,
0x2a, 0xba, 0x02, 0xc5, 0x0e, 0xb1, 0x6d, 0xa5, 0x4d, 0xca, 0x43, 0x9c, 0x71, 0x42, 0x30, 0x16,
0x57, 0xdd, 0x61, 0xec, 0xd1, 0xe5, 0x2f, 0x24, 0x18, 0xf3, 0x3d, 0xc7, 0xa3, 0xfd, 0xcf, 0x12,
0x71, 0x58, 0xed, 0x6f, 0x4a, 0x4c, 0x9a, 0x47, 0xe1, 0xa4, 0xd0, 0x56, 0xf2, 0x46, 0x42, 0x31,
0xb8, 0xea, 0xed, 0xa5, 0x1c, 0xdf, 0x4b, 0x97, 0xfb, 0x0d, 0x99, 0x8c, 0x2d, 0xf4, 0xcf, 0x85,
0x90, 0xf9, 0x2c, 0x34, 0xd1, 0x63, 0x28, 0xd9, 0x44, 0x23, 0x4d, 0x6a, 0x58, 0xc2, 0xfc, 0x37,
0xfb, 0x34, 0x5f, 0xd9, 0x26, 0x5a, 0x43, 0x88, 0xd6, 0xcf, 0x32, 0xfb, 0xbd, 0x5f, 0xd8, 0x87,
0x44, 0x0f, 0xa1, 0x44, 0x49, 0xc7, 0xd4, 0x14, 0xea, 0xe5, 0xa0, 0xd7, 0xc2, 0x53, 0x60, 0x91,
0xc3, 0xc0, 0x36, 0x8c, 0xd6, 0xa6, 0x60, 0xe3, 0xdb, 0xc7, 0x77, 0x89, 0x37, 0x8a, 0x7d, 0x18,
0xb4, 0x0f, 0xe3, 0x8e, 0xd9, 0x62, 0x9c, 0x94, 0xd5, 0xb0, 0x76, 0x57, 0x44, 0xd2, 0xad, 0x7e,
0x7d, 0xb3, 0x15, 0x91, 0xae, 0xcf, 0x08, 0x5d, 0xe3, 0xd1, 0x71, 0x1c, 0xd3, 0x82, 0x16, 0x60,
0xa2, 0xa3, 0xea, 0x98, 0x28, 0xad, 0x6e, 0x83, 0x34, 0x0d, 0xbd, 0x65, 0xf3, 0xb0, 0x1a, 0xaa,
0xcf, 0x0a, 0x80, 0x89, 0xd5, 0x28, 0x19, 0xc7, 0xf9, 0xd1, 0xfb, 0x80, 0xbc, 0x69, 0xdc, 0x77,
0x4b, 0xb0, 0x6a, 0xe8, 0x3c, 0xe6, 0xf2, 0x41, 0x70, 0x6f, 0x26, 0x38, 0x70, 0x8a, 0x14, 0x5a,
0x81, 0x73, 0x16, 0xd9, 0x57, 0xd9, 0x1c, 0x1f, 0xa8, 0x36, 0x35, 0xac, 0xee, 0x8a, 0xda, 0x51,
0x69, 0x79, 0x98, 0xdb, 0x54, 0x3e, 0x3a, 0xac, 0x9c, 0xc3, 0x29, 0x74, 0x9c, 0x2a, 0x25, 0xff,
0xcb, 0x30, 0x4c, 0xc4, 0xf2, 0x0d, 0x7a, 0x04, 0x33, 0x4d, 0xb7, 0x38, 0xad, 0x39, 0x9d, 0x6d,
0x62, 0x35, 0x9a, 0xbb, 0xa4, 0xe5, 0x68, 0xa4, 0xc5, 0x03, 0x65, 0xa8, 0x3e, 0x2f, 0x2c, 0x9e,
0x59, 0x4c, 0xe5, 0xc2, 0x19, 0xd2, 0xcc, 0x0b, 0x3a, 0x1f, 0x5a, 0x55, 0x6d, 0xdb, 0xc7, 0xcc,
0x71, 0x4c, 0xdf, 0x0b, 0x6b, 0x09, 0x0e, 0x9c, 0x22, 0xc5, 0x6c, 0x6c, 0x11, 0x5b, 0xb5, 0x48,
0x2b, 0x6e, 0x63, 0x3e, 0x6a, 0xe3, 0x52, 0x2a, 0x17, 0xce, 0x90, 0x46, 0x37, 0x61, 0xd4, 0xd5,
0xc6, 0xd7, 0x4f, 0x2c, 0xb4, 0x5f, 0x0e, 0xd7, 0x02, 0x12, 0x0e, 0xf3, 0xb1, 0xa9, 0x19, 0xdb,
0x36, 0xb1, 0xf6, 0x49, 0x2b, 0x7b, 0x81, 0xd7, 0x13, 0x1c, 0x38, 0x45, 0x8a, 0x4d, 0xcd, 0x8d,
0xc0, 0xc4, 0xd4, 0x86, 0xa3, 0x53, 0xdb, 0x4a, 0xe5, 0xc2, 0x19, 0xd2, 0x2c, 0x8e, 0x5d, 0x93,
0x17, 0xf6, 0x15, 0x55, 0x53, 0xb6, 0x35, 0x52, 0x2e, 0x46, 0xe3, 0x78, 0x2d, 0x4a, 0xc6, 0x71,
0x7e, 0x74, 0x1f, 0xa6, 0xdc, 0xa1, 0x2d, 0x5d, 0xf1, 0x41, 0x4a, 0x1c, 0xe4, 0x65, 0x01, 0x32,
0xb5, 0x16, 0x67, 0xc0, 0x49, 0x19, 0xf4, 0x0e, 0x8c, 0x37, 0x0d, 0x4d, 0xe3, 0xf1, 0xb8, 0x68,
0x38, 0x3a, 0x2d, 0x8f, 0x70, 0x14, 0xc4, 0xf6, 0xe3, 0x62, 0x84, 0x82, 0x63, 0x9c, 0x88, 0x00,
0x34, 0xbd, 0x82, 0x63, 0x97, 0xa1, 0xaf, 0x5e, 0x23, 0x59, 0xf4, 0x82, 0x1e, 0xc0, 0x1f, 0xb2,
0x71, 0x08, 0x58, 0xfe, 0xb1, 0x04, 0xb3, 0x19, 0xa9, 0x03, 0xbd, 0x17, 0x29, 0xb1, 0xbf, 0x1f,
0x2b, 0xb1, 0xe7, 0x33, 0xc4, 0x42, 0x75, 0x56, 0x87, 0x31, 0x8b, 0xcd, 0x4a, 0x6f, 0xbb, 0x2c,
0x22, 0x47, 0xde, 0xec, 0x31, 0x0d, 0x1c, 0x96, 0x09, 0x72, 0xfe, 0xd4, 0xd1, 0x61, 0x65, 0x2c,
0x42, 0xc3, 0x51, 0x78, 0xf9, 0x5f, 0x73, 0x00, 0x4b, 0xc4, 0xd4, 0x8c, 0x6e, 0x87, 0xe8, 0xa7,
0xd1, 0x43, 0xad, 0x47, 0x7a, 0xa8, 0x6b, 0xbd, 0x96, 0xc7, 0x37, 0x2d, 0xb3, 0x89, 0xfa, 0x93,
0x58, 0x13, 0x55, 0xeb, 0x1f, 0xf2, 0xf8, 0x2e, 0xea, 0xa7, 0x79, 0x98, 0x0e, 0x98, 0x83, 0x36,
0xea, 0x4e, 0x64, 0x8d, 0x7f, 0x2f, 0xb6, 0xc6, 0xb3, 0x29, 0x22, 0x2f, 0xac, 0x8f, 0x7a, 0xfe,
0xfd, 0x0c, 0x7a, 0x02, 0xe3, 0xac, 0x71, 0x72, 0xc3, 0x83, 0xb7, 0x65, 0xc3, 0x03, 0xb7, 0x65,
0x7e, 0x01, 0x5d, 0x89, 0x20, 0xe1, 0x18, 0x72, 0x46, 0x1b, 0x58, 0x7c, 0xd1, 0x6d, 0xa0, 0xfc,
0xa5, 0x04, 0xe3, 0xc1, 0x32, 0x9d, 0x42, 0xd3, 0xb6, 0x16, 0x6d, 0xda, 0xae, 0xf4, 0x1d, 0xa2,
0x19, 0x5d, 0xdb, 0x2f, 0x59, 0x83, 0xef, 0x33, 0xb1, 0x0d, 0xbe, 0xad, 0x34, 0xf7, 0xfa, 0xf8,
0xfc, 0xfb, 0x4c, 0x02, 0x24, 0xaa, 0xc0, 0x82, 0xae, 0x1b, 0x54, 0x71, 0x73, 0xa5, 0x6b, 0xd6,
0x72, 0xdf, 0x66, 0x79, 0x1a, 0xab, 0x5b, 0x09, 0xac, 0xbb, 0x3a, 0xb5, 0xba, 0xc1, 0x8a, 0x24,
0x19, 0x70, 0x8a, 0x01, 0x48, 0x01, 0xb0, 0x04, 0xe6, 0xa6, 0x21, 0x36, 0xf2, 0xb5, 0x3e, 0x72,
0x1e, 0x13, 0x58, 0x34, 0xf4, 0x1d, 0xb5, 0x1d, 0xa4, 0x1d, 0xec, 0x03, 0xe1, 0x10, 0xe8, 0xdc,
0x5d, 0x98, 0xcd, 0xb0, 0x16, 0x4d, 0x42, 0x7e, 0x8f, 0x74, 0x5d, 0xb7, 0x61, 0xf6, 0x27, 0x3a,
0x17, 0xfe, 0x4c, 0x1e, 0x11, 0x5f, 0xb8, 0xef, 0xe4, 0x6e, 0x4b, 0xf2, 0x17, 0x43, 0xe1, 0xd8,
0xe1, 0x1d, 0xf3, 0x65, 0x28, 0x59, 0xc4, 0xd4, 0xd4, 0xa6, 0x62, 0x8b, 0x46, 0x88, 0x37, 0xbf,
0x58, 0x8c, 0x61, 0x9f, 0x1a, 0xe9, 0xad, 0x73, 0x2f, 0xb6, 0xb7, 0xce, 0x3f, 0x9f, 0xde, 0xfa,
0xcf, 0xa1, 0x64, 0x7b, 0x5d, 0x75, 0x81, 0x43, 0x5e, 0x1f, 0x20, 0xbf, 0x8a, 0x86, 0xda, 0x57,
0xe0, 0xb7, 0xd2, 0x3e, 0x68, 0x5a, 0x13, 0x3d, 0x34, 0x60, 0x13, 0xfd, 0x5c, 0x1b, 0x5f, 0x96,
0x53, 0x4d, 0xc5, 0xb1, 0x49, 0x8b, 0x27, 0xa2, 0x52, 0x90, 0x53, 0x37, 0xf8, 0x28, 0x16, 0x54,
0xf4, 0x38, 0x12, 0xb2, 0xa5, 0x93, 0x84, 0xec, 0x78, 0x76, 0xb8, 0xa2, 0x2d, 0x98, 0x35, 0x2d,
0xa3, 0x6d, 0x11, 0xdb, 0x5e, 0x22, 0x4a, 0x4b, 0x53, 0x75, 0xe2, 0xf9, 0xc7, 0xed, 0x88, 0xce,
0x1f, 0x1d, 0x56, 0x66, 0x37, 0xd2, 0x59, 0x70, 0x96, 0xac, 0xfc, 0xb4, 0x00, 0x93, 0xf1, 0x0a,
0x98, 0xd1, 0xa4, 0x4a, 0x27, 0x6a, 0x52, 0xaf, 0x86, 0x36, 0x83, 0xdb, 0xc1, 0xfb, 0xab, 0x9f,
0xb2, 0x21, 0x16, 0x60, 0x42, 0x64, 0x03, 0x8f, 0x28, 0xda, 0x74, 0x7f, 0xf5, 0xb7, 0xa2, 0x64,
0x1c, 0xe7, 0x67, 0xad, 0x67, 0xd0, 0x51, 0x7a, 0x20, 0x85, 0x68, 0xeb, 0xb9, 0x10, 0x67, 0xc0,
0x49, 0x19, 0xb4, 0x0a, 0xd3, 0x8e, 0x9e, 0x84, 0x72, 0xa3, 0xf1, 0xbc, 0x80, 0x9a, 0xde, 0x4a,
0xb2, 0xe0, 0x34, 0x39, 0xb4, 0x13, 0xe9, 0x46, 0x87, 0x79, 0x86, 0xbd, 0xd1, 0xf7, 0xde, 0xe9,
0xbb, 0x1d, 0x45, 0x77, 0x60, 0xcc, 0xe2, 0xdf, 0x1d, 0x9e, 0xc1, 0x6e, 0xef, 0xfe, 0x92, 0x10,
0x1b, 0xc3, 0x61, 0x22, 0x8e, 0xf2, 0xa6, 0xb4, 0xdb, 0xa5, 0x7e, 0xdb, 0x6d, 0xf9, 0xff, 0xa5,
0x70, 0x11, 0xf2, 0x5b, 0xe0, 0x5e, 0xa7, 0x4c, 0x09, 0x89, 0x50, 0x77, 0x64, 0xa4, 0x77, 0xbf,
0xb7, 0x06, 0xea, 0x7e, 0x83, 0xe2, 0xd9, 0xbb, 0xfd, 0xfd, 0x5c, 0x82, 0x99, 0x7b, 0x8d, 0xfb,
0x96, 0xe1, 0x98, 0x9e, 0x39, 0xeb, 0xa6, 0xeb, 0xd7, 0xb7, 0xa1, 0x60, 0x39, 0x9a, 0x37, 0x8f,
0xd7, 0xbc, 0x79, 0x60, 0x47, 0x63, 0xf3, 0x98, 0x8e, 0x49, 0xb9, 0x93, 0x60, 0x02, 0x68, 0x0d,
0x86, 0x2d, 0x45, 0x6f, 0x13, 0xaf, 0xac, 0x5e, 0xea, 0x61, 0xfd, 0xf2, 0x12, 0x66, 0xec, 0xa1,
0xe6, 0x8d, 0x4b, 0x63, 0x81, 0x22, 0xff, 0xbd, 0x04, 0x13, 0x0f, 0x36, 0x37, 0x37, 0x96, 0x75,
0xbe, 0xa3, 0xf9, 0x79, 0xfa, 0x45, 0x28, 0x98, 0x0a, 0xdd, 0x8d, 0x57, 0x7a, 0x46, 0xc3, 0x9c,
0x82, 0x3e, 0x80, 0x22, 0xcb, 0x24, 0x44, 0x6f, 0xf5, 0xd9, 0x6a, 0x0b, 0xf8, 0xba, 0x2b, 0x14,
0x74, 0x88, 0x62, 0x00, 0x7b, 0x70, 0xf2, 0x1e, 0x9c, 0x0b, 0x99, 0xc3, 0xfc, 0xc1, 0x8f, 0x81,
0x51, 0x03, 0x86, 0x98, 0x66, 0xef, 0x94, 0xb7, 0xd7, 0x61, 0x66, 0x6c, 0x4a, 0x41, 0xa7, 0xc3,
0x7e, 0xd9, 0xd8, 0xc5, 0x92, 0x57, 0x61, 0x8c, 0x5f, 0x22, 0x18, 0x16, 0xe5, 0x6e, 0x41, 0x17,
0x20, 0xdf, 0x51, 0x75, 0x51, 0x67, 0x47, 0x85, 0x4c, 0x9e, 0xd5, 0x08, 0x36, 0xce, 0xc9, 0xca,
0x81, 0xc8, 0x3c, 0x01, 0x59, 0x39, 0xc0, 0x6c, 0x5c, 0xbe, 0x0f, 0x45, 0xe1, 0xee, 0x30, 0x50,
0xfe, 0x78, 0xa0, 0x7c, 0x0a, 0xd0, 0x3a, 0x14, 0x97, 0x37, 0xea, 0x9a, 0xe1, 0x76, 0x5d, 0x4d,
0xb5, 0x65, 0xc5, 0xd7, 0x62, 0x71, 0x79, 0x09, 0x63, 0x4e, 0x41, 0x32, 0x0c, 0x93, 0x83, 0x26,
0x31, 0x29, 0x8f, 0x88, 0x91, 0x3a, 0xb0, 0x55, 0xbe, 0xcb, 0x47, 0xb0, 0xa0, 0xc8, 0xff, 0x90,
0x83, 0xa2, 0x70, 0xc7, 0x29, 0x7c, 0x85, 0xad, 0x44, 0xbe, 0xc2, 0x5e, 0xef, 0x2f, 0x34, 0x32,
0x3f, 0xc1, 0x36, 0x63, 0x9f, 0x60, 0x57, 0xfb, 0xc4, 0x3b, 0xfe, 0xfb, 0xeb, 0x7f, 0x24, 0x18,
0x8f, 0x06, 0x25, 0xba, 0x09, 0xa3, 0xac, 0xe0, 0xa8, 0x4d, 0xb2, 0x16, 0xf4, 0xb9, 0xfe, 0x21,
0x4c, 0x23, 0x20, 0xe1, 0x30, 0x1f, 0x6a, 0xfb, 0x62, 0x2c, 0x8e, 0xc4, 0xa4, 0xb3, 0x5d, 0xea,
0x50, 0x55, 0xab, 0xba, 0x17, 0x63, 0xd5, 0x65, 0x9d, 0xae, 0x5b, 0x0d, 0x6a, 0xa9, 0x7a, 0x3b,
0xa1, 0x88, 0x07, 0x65, 0x18, 0x59, 0xfe, 0x3f, 0x09, 0x46, 0x85, 0xc9, 0xa7, 0xf0, 0x55, 0xf1,
0xc7, 0xd1, 0xaf, 0x8a, 0x4b, 0x7d, 0x6e, 0xf0, 0xf4, 0x4f, 0x8a, 0xff, 0x08, 0x4c, 0x67, 0x5b,
0x9a, 0x45, 0xf5, 0xae, 0x61, 0xd3, 0x78, 0x54, 0xb3, 0xcd, 0x88, 0x39, 0x05, 0x39, 0x30, 0xa9,
0xc6, 0x72, 0x80, 0x70, 0x6d, 0xad, 0x3f, 0x4b, 0x7c, 0xb1, 0x7a, 0x59, 0xc0, 0x4f, 0xc6, 0x29,
0x38, 0xa1, 0x42, 0x26, 0x90, 0xe0, 0x42, 0x0f, 0xa1, 0xb0, 0x4b, 0xa9, 0x99, 0x72, 0x5e, 0xdd,
0x23, 0xf3, 0x04, 0x26, 0x94, 0xf8, 0xec, 0x36, 0x37, 0x37, 0x30, 0x87, 0x92, 0x7f, 0x15, 0xf8,
0xa3, 0xe1, 0xc6, 0xb8, 0x9f, 0x4f, 0xa5, 0x93, 0xe4, 0xd3, 0xd1, 0xb4, 0x5c, 0x8a, 0x1e, 0x40,
0x9e, 0x6a, 0xfd, 0x7e, 0x16, 0x0a, 0xc4, 0xcd, 0x95, 0x46, 0x90, 0x90, 0x36, 0x57, 0x1a, 0x98,
0x41, 0xa0, 0x75, 0x18, 0x62, 0xd5, 0x87, 0x6d, 0xc1, 0x7c, 0xff, 0x5b, 0x9a, 0xcd, 0x3f, 0x08,
0x08, 0xf6, 0xcb, 0xc6, 0x2e, 0x8e, 0xfc, 0x09, 0x8c, 0x45, 0xf6, 0x29, 0xfa, 0x18, 0xce, 0x6a,
0x86, 0xd2, 0xaa, 0x2b, 0x9a, 0xa2, 0x37, 0x89, 0x77, 0x39, 0x70, 0x29, 0xed, 0x0b, 0x63, 0x25,
0xc4, 0x27, 0x76, 0xb9, 0x7f, 0x9d, 0x1a, 0xa6, 0xe1, 0x08, 0xa2, 0xac, 0x00, 0x04, 0x73, 0x44,
0x15, 0x18, 0x62, 0x71, 0xe6, 0xd6, 0x93, 0x91, 0xfa, 0x08, 0xb3, 0x90, 0x85, 0x9f, 0x8d, 0xdd,
0x71, 0x74, 0x03, 0xc0, 0x26, 0x4d, 0x8b, 0x50, 0x9e, 0x0c, 0x72, 0xd1, 0x4b, 0xe5, 0x86, 0x4f,
0xc1, 0x21, 0x2e, 0xf9, 0x47, 0x12, 0x8c, 0xad, 0x11, 0xfa, 0xa9, 0x61, 0xed, 0x6d, 0xf0, 0xc7,
0x00, 0xa7, 0x90, 0x6c, 0x71, 0x24, 0xd9, 0xbe, 0xd1, 0x63, 0x65, 0x22, 0xd6, 0x65, 0xa5, 0x5c,
0xf9, 0x4b, 0x09, 0x66, 0x23, 0x9c, 0x77, 0x83, 0xad, 0xbb, 0x05, 0x43, 0xa6, 0x61, 0x51, 0xaf,
0x10, 0x0f, 0xa4, 0x90, 0xa5, 0xb1, 0x50, 0x29, 0x66, 0x30, 0xd8, 0x45, 0x43, 0x2b, 0x90, 0xa3,
0x86, 0x08, 0xd5, 0xc1, 0x30, 0x09, 0xb1, 0xea, 0x20, 0x30, 0x73, 0x9b, 0x06, 0xce, 0x51, 0x83,
0x2d, 0x44, 0x39, 0xc2, 0x15, 0x4e, 0x3e, 0x2f, 0x68, 0x06, 0x18, 0x0a, 0x3b, 0x96, 0xd1, 0x39,
0xf1, 0x1c, 0xfc, 0x85, 0xb8, 0x67, 0x19, 0x1d, 0xcc, 0xb1, 0xe4, 0xaf, 0x24, 0x98, 0x8a, 0x70,
0x9e, 0x42, 0xe2, 0x7f, 0x18, 0x4d, 0xfc, 0x57, 0x07, 0x99, 0x48, 0x46, 0xfa, 0xff, 0x2a, 0x17,
0x9b, 0x06, 0x9b, 0x30, 0xda, 0x81, 0x51, 0xd3, 0x68, 0x35, 0x9e, 0xc3, 0x75, 0xe0, 0x04, 0xab,
0x9b, 0x1b, 0x01, 0x16, 0x0e, 0x03, 0xa3, 0x03, 0x98, 0xd2, 0x95, 0x0e, 0xb1, 0x4d, 0xa5, 0x49,
0x1a, 0xcf, 0xe1, 0x80, 0xe4, 0x25, 0x7e, 0xdf, 0x10, 0x47, 0xc4, 0x49, 0x25, 0x68, 0x15, 0x8a,
0xaa, 0xc9, 0xfb, 0x38, 0xd1, 0xbb, 0xf4, 0xac, 0xa2, 0x6e, 0xd7, 0xe7, 0xe6, 0x73, 0xf1, 0x03,
0x7b, 0x18, 0xf2, 0x7f, 0xc6, 0xa3, 0x81, 0xc5, 0x1f, 0xba, 0x0f, 0x25, 0xfe, 0xac, 0xa6, 0x69,
0x68, 0xde, 0xcd, 0x00, 0x5b, 0xd9, 0x0d, 0x31, 0xf6, 0xec, 0xb0, 0x72, 0x3e, 0xe5, 0xd0, 0xd7,
0x23, 0x63, 0x5f, 0x18, 0xad, 0x41, 0xc1, 0xfc, 0x21, 0x1d, 0x0c, 0x2f, 0x72, 0xbc, 0x6d, 0xe1,
0x38, 0xf2, 0x5f, 0xe7, 0x63, 0xe6, 0xf2, 0x52, 0xf7, 0xe4, 0xb9, 0xad, 0xba, 0xdf, 0x31, 0x65,
0xae, 0xfc, 0x36, 0x14, 0x45, 0x85, 0x17, 0xc1, 0xfc, 0xf6, 0x20, 0xc1, 0x1c, 0xae, 0x62, 0xfe,
0x07, 0x8b, 0x37, 0xe8, 0x01, 0xa3, 0x8f, 0x60, 0x98, 0xb8, 0x2a, 0xdc, 0xda, 0x78, 0x6b, 0x10,
0x15, 0x41, 0x5e, 0x0d, 0x1a, 0x55, 0x31, 0x26, 0x50, 0xd1, 0x7b, 0xcc, 0x5f, 0x8c, 0x97, 0x7d,
0x04, 0xda, 0xe5, 0x02, 0x2f, 0x57, 0x17, 0xdc, 0x69, 0xfb, 0xc3, 0xcf, 0x0e, 0x2b, 0x10, 0xfc,
0xc4, 0x61, 0x09, 0xf9, 0x27, 0x12, 0x4c, 0x71, 0x0f, 0x35, 0x1d, 0x4b, 0xa5, 0xdd, 0x53, 0x2b,
0x4c, 0x8f, 0x22, 0x85, 0xe9, 0xad, 0x1e, 0x6e, 0x49, 0x58, 0x98, 0x59, 0x9c, 0xbe, 0x96, 0xe0,
0xa5, 0x04, 0xf7, 0x29, 0xe4, 0xc5, 0xad, 0x68, 0x5e, 0x7c, 0x63, 0xd0, 0x09, 0x65, 0xbd, 0x91,
0x18, 0x4b, 0x99, 0x0e, 0xdf, 0x29, 0x37, 0x00, 0x4c, 0x4b, 0xdd, 0x57, 0x35, 0xd2, 0x16, 0x97,
0xe0, 0xa5, 0xd0, 0xb3, 0x36, 0x9f, 0x82, 0x43, 0x5c, 0xc8, 0x86, 0x99, 0x16, 0xd9, 0x51, 0x1c,
0x8d, 0x2e, 0xb4, 0x5a, 0x8b, 0x8a, 0xa9, 0x6c, 0xab, 0x9a, 0x4a, 0x55, 0x71, 0x5c, 0x30, 0x52,
0xbf, 0xe3, 0x5e, 0x4e, 0xa7, 0x71, 0x3c, 0x3b, 0xac, 0x5c, 0x48, 0xbb, 0x1d, 0xf2, 0x58, 0xba,
0x38, 0x03, 0x1a, 0x75, 0xa1, 0x6c, 0x91, 0x4f, 0x1c, 0xd5, 0x22, 0xad, 0x25, 0xcb, 0x30, 0x23,
0x6a, 0xf3, 0x5c, 0xed, 0x1f, 0x1e, 0x1d, 0x56, 0xca, 0x38, 0x83, 0xa7, 0xb7, 0xe2, 0x4c, 0x78,
0xf4, 0x04, 0xa6, 0x15, 0xf7, 0x35, 0x60, 0x44, 0xab, 0xbb, 0x4b, 0x6e, 0x1f, 0x1d, 0x56, 0xa6,
0x17, 0x92, 0xe4, 0xde, 0x0a, 0xd3, 0x40, 0x51, 0x0d, 0x8a, 0xfb, 0xfc, 0xad, 0xa2, 0x5d, 0x1e,
0xe2, 0xf8, 0xac, 0x10, 0x14, 0xdd, 0xe7, 0x8b, 0x0c, 0x73, 0xf8, 0x5e, 0x83, 0xef, 0x3e, 0x8f,
0x8b, 0x7d, 0x50, 0xb2, 0x5e, 0x52, 0xec, 0x78, 0x7e, 0x62, 0x5c, 0x0a, 0xb2, 0xd6, 0x83, 0x80,
0x84, 0xc3, 0x7c, 0xe8, 0x31, 0x8c, 0xec, 0x8a, 0x53, 0x09, 0xbb, 0x5c, 0xec, 0xab, 0x08, 0x47,
0x4e, 0x31, 0xea, 0x53, 0x42, 0xc5, 0x88, 0x37, 0x6c, 0xe3, 0x00, 0x11, 0x5d, 0x81, 0x22, 0xff,
0xb1, 0xbc, 0xc4, 0x8f, 0xe3, 0x4a, 0x41, 0x6e, 0x7b, 0xe0, 0x0e, 0x63, 0x8f, 0xee, 0xb1, 0x2e,
0x6f, 0x2c, 0xf2, 0x63, 0xe1, 0x18, 0xeb, 0xf2, 0xc6, 0x22, 0xf6, 0xe8, 0xe8, 0x63, 0x28, 0xda,
0x64, 0x45, 0xd5, 0x9d, 0x83, 0x32, 0xf4, 0x75, 0xa9, 0xdc, 0xb8, 0xcb, 0xb9, 0x63, 0x07, 0x63,
0x81, 0x06, 0x41, 0xc7, 0x1e, 0x2c, 0xda, 0x85, 0x11, 0xcb, 0xd1, 0x17, 0xec, 0x2d, 0x9b, 0x58,
0xe5, 0x51, 0xae, 0xa3, 0x57, 0x3a, 0xc7, 0x1e, 0x7f, 0x5c, 0x8b, 0xef, 0x21, 0x9f, 0x03, 0x07,
0xe0, 0xe8, 0xef, 0x24, 0x40, 0xb6, 0x63, 0x9a, 0x1a, 0xe9, 0x10, 0x9d, 0x2a, 0x1a, 0x3f, 0x8b,
0xb3, 0xcb, 0x67, 0xb9, 0xce, 0x3f, 0xea, 0x35, 0xaf, 0x84, 0x60, 0x5c, 0xb9, 0x7f, 0xe8, 0x9d,
0x64, 0xc5, 0x29, 0x7a, 0x99, 0x6b, 0x77, 0x6c, 0xfe, 0x77, 0x79, 0xac, 0x2f, 0xd7, 0xa6, 0x9f,
0x39, 0x06, 0xae, 0x15, 0x74, 0xec, 0xc1, 0xa2, 0x47, 0x30, 0x63, 0x11, 0xa5, 0xb5, 0xae, 0x6b,
0x5d, 0x6c, 0x18, 0xf4, 0x9e, 0xaa, 0x11, 0xbb, 0x6b, 0x53, 0xd2, 0x29, 0x8f, 0xf3, 0x65, 0xf7,
0xdf, 0x7e, 0xe0, 0x54, 0x2e, 0x9c, 0x21, 0x8d, 0x3a, 0x50, 0xf1, 0x52, 0x06, 0xdb, 0x4f, 0x7e,
0xce, 0xba, 0x6b, 0x37, 0x15, 0xcd, 0xbd, 0x07, 0x98, 0xe0, 0x0a, 0x5e, 0x3b, 0x3a, 0xac, 0x54,
0x96, 0x8e, 0x67, 0xc5, 0xbd, 0xb0, 0xd0, 0x07, 0x50, 0x56, 0xb2, 0xf4, 0x4c, 0x72, 0x3d, 0xaf,
0xb0, 0x3c, 0x94, 0xa9, 0x20, 0x53, 0x1a, 0x51, 0x98, 0x54, 0xa2, 0x8f, 0x8e, 0xed, 0xf2, 0x54,
0x5f, 0x07, 0x91, 0xb1, 0xb7, 0xca, 0xc1, 0x61, 0x44, 0x8c, 0x60, 0xe3, 0x84, 0x06, 0xf4, 0x17,
0x80, 0x94, 0xf8, 0x3b, 0x69, 0xbb, 0x8c, 0xfa, 0x2a, 0x3f, 0x89, 0x07, 0xd6, 0x41, 0xd8, 0x25,
0x48, 0x36, 0x4e, 0xd1, 0xc3, 0x1f, 0x6f, 0x88, 0xa3, 0xfc, 0xd3, 0x79, 0x00, 0x3b, 0xd8, 0xe3,
0x8d, 0xc0, 0xb4, 0xe7, 0xf6, 0x78, 0x23, 0x04, 0x79, 0xfc, 0xe1, 0xe1, 0x2f, 0x72, 0x30, 0x1d,
0x30, 0xf7, 0xfd, 0x78, 0x23, 0x45, 0xe4, 0x77, 0x8f, 0x60, 0x7b, 0x3f, 0x82, 0xfd, 0x52, 0x82,
0xf1, 0xc0, 0x75, 0xbf, 0x79, 0x0f, 0x2a, 0x02, 0xdb, 0x32, 0x5a, 0xbc, 0xff, 0xce, 0x85, 0x27,
0xf0, 0x5b, 0x7f, 0xab, 0xff, 0xc3, 0x5f, 0xae, 0xca, 0x5f, 0xe7, 0x61, 0x32, 0xbe, 0x1b, 0x23,
0x97, 0xbf, 0x52, 0xcf, 0xcb, 0xdf, 0x0d, 0x38, 0xb7, 0xe3, 0x68, 0x5a, 0x97, 0xbb, 0x21, 0x74,
0x03, 0xec, 0x5e, 0xde, 0xbc, 0x22, 0x24, 0xcf, 0xdd, 0x4b, 0xe1, 0xc1, 0xa9, 0x92, 0x19, 0x17,
0xd9, 0xf9, 0x13, 0x5d, 0x64, 0x27, 0xee, 0x55, 0x0b, 0x03, 0xdc, 0xab, 0xa6, 0x5e, 0x4a, 0x0f,
0x9d, 0xe0, 0x52, 0xfa, 0x24, 0xb7, 0xc8, 0x29, 0x49, 0xac, 0xe7, 0xa3, 0xc6, 0x57, 0x60, 0x4e,
0x88, 0x51, 0x7e, 0xc1, 0xab, 0x53, 0xcb, 0xd0, 0x34, 0x62, 0x2d, 0x39, 0x9d, 0x4e, 0x57, 0x7e,
0x17, 0xc6, 0xa3, 0x4f, 0x17, 0xdc, 0x95, 0x76, 0x5f, 0x4f, 0x88, 0x2b, 0xb4, 0xd0, 0x4a, 0xbb,
0xe3, 0xd8, 0xe7, 0x90, 0xff, 0x46, 0x82, 0x99, 0xf4, 0x27, 0x8a, 0x48, 0x83, 0xf1, 0x8e, 0x72,
0x10, 0x7e, 0x36, 0x2a, 0x9d, 0xf0, 0x70, 0x83, 0xdf, 0x59, 0xaf, 0x46, 0xb0, 0x70, 0x0c, 0x5b,
0xfe, 0x5e, 0x82, 0xd9, 0x8c, 0xdb, 0xe2, 0xd3, 0xb5, 0x04, 0x7d, 0x08, 0xa5, 0x8e, 0x72, 0xd0,
0x70, 0xac, 0x36, 0x39, 0xf1, 0x71, 0x0e, 0xcf, 0x18, 0xab, 0x02, 0x05, 0xfb, 0x78, 0xf2, 0xe7,
0x12, 0x94, 0xb3, 0x1a, 0x6b, 0x74, 0x33, 0x72, 0xaf, 0xfd, 0x6a, 0xec, 0x5e, 0x7b, 0x2a, 0x21,
0xf7, 0x82, 0x6e, 0xb5, 0xff, 0x4b, 0x82, 0x99, 0xf4, 0x0f, 0x0c, 0xf4, 0x66, 0xc4, 0xc2, 0x4a,
0xcc, 0xc2, 0x89, 0x98, 0x94, 0xb0, 0xef, 0x23, 0x18, 0x17, 0x9f, 0x21, 0x02, 0x46, 0x78, 0x55,
0x4e, 0xcb, 0x95, 0x02, 0xc2, 0x6b, 0xbb, 0xf9, 0x7a, 0x45, 0xc7, 0x70, 0x0c, 0x4d, 0xfe, 0xdb,
0x1c, 0x0c, 0x35, 0x9a, 0x8a, 0x46, 0x4e, 0xa1, 0xcd, 0x7a, 0x3f, 0xd2, 0x66, 0xf5, 0xfa, 0x17,
0x0f, 0x6e, 0x55, 0x66, 0x87, 0x85, 0x63, 0x1d, 0xd6, 0xeb, 0x7d, 0xa1, 0x1d, 0xdf, 0x5c, 0xfd,
0x01, 0x8c, 0xf8, 0x4a, 0x07, 0xcb, 0xf9, 0xf2, 0xbf, 0xe7, 0x60, 0x34, 0xa4, 0x62, 0xc0, 0x8a,
0xb1, 0x13, 0xa9, 0xb4, 0xfd, 0xfc, 0x63, 0x5d, 0x48, 0x57, 0xd5, 0xab, 0xad, 0xee, 0x13, 0xc5,
0xe0, 0x51, 0x5a, 0xb2, 0xe4, 0xbe, 0x0b, 0xe3, 0x94, 0xff, 0xe3, 0x99, 0x7f, 0x08, 0x9a, 0xe7,
0xb1, 0xe8, 0x3f, 0x6c, 0xdd, 0x8c, 0x50, 0x71, 0x8c, 0x7b, 0xee, 0x0e, 0x8c, 0x45, 0x94, 0x0d,
0xf4, 0xc2, 0xf0, 0x7f, 0x25, 0x78, 0xb5, 0xe7, 0x27, 0x2a, 0xaa, 0x47, 0x36, 0x49, 0x35, 0xb6,
0x49, 0xe6, 0xb3, 0x01, 0x5e, 0xdc, 0x4b, 0x95, 0xfa, 0xb5, 0xa7, 0xdf, 0xcd, 0x9f, 0xf9, 0xe6,
0xbb, 0xf9, 0x33, 0xdf, 0x7e, 0x37, 0x7f, 0xe6, 0xaf, 0x8e, 0xe6, 0xa5, 0xa7, 0x47, 0xf3, 0xd2,
0x37, 0x47, 0xf3, 0xd2, 0xb7, 0x47, 0xf3, 0xd2, 0xcf, 0x8e, 0xe6, 0xa5, 0x7f, 0xfc, 0x7e, 0xfe,
0xcc, 0x87, 0x45, 0x01, 0xf7, 0xeb, 0x00, 0x00, 0x00, 0xff, 0xff, 0xb1, 0xb3, 0xc8, 0xe2, 0x54,
0x3c, 0x00, 0x00,
// 3637 bytes of a gzipped FileDescriptorProto
0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xec, 0x5b, 0xcb, 0x6f, 0x1c, 0x47,
0x73, 0xd7, 0xec, 0x2e, 0xb9, 0xcb, 0xa2, 0xf8, 0x6a, 0xd2, 0xe4, 0x7e, 0x94, 0xc5, 0xd5, 0x37,
0x06, 0x14, 0xc9, 0x91, 0x76, 0x2d, 0xd9, 0xd2, 0xa7, 0x58, 0x88, 0x6d, 0x2e, 0x29, 0x4a, 0x74,
0xf8, 0x52, 0x2f, 0xa9, 0x38, 0x46, 0xe4, 0x78, 0xb8, 0xdb, 0x5c, 0x8e, 0x38, 0x3b, 0x33, 0x9e,
0xe9, 0xa1, 0xb9, 0x40, 0x10, 0xe4, 0x10, 0x04, 0x08, 0x90, 0x20, 0xc9, 0xc1, 0x79, 0xdc, 0xe2,
0x4b, 0x4e, 0x09, 0x92, 0x5b, 0x72, 0x30, 0x0c, 0x04, 0x70, 0x00, 0x21, 0x70, 0x00, 0xdf, 0xe2,
0x13, 0x11, 0xd3, 0xa7, 0x20, 0xff, 0x40, 0xa0, 0x43, 0x10, 0x74, 0x4f, 0xcf, 0x7b, 0x86, 0xbb,
0x4b, 0x4b, 0x44, 0x10, 0xe4, 0xc6, 0xed, 0xaa, 0xfa, 0x55, 0x75, 0x75, 0x75, 0x55, 0x4d, 0x77,
0x13, 0x56, 0x0e, 0xee, 0xd9, 0x55, 0xd5, 0xa8, 0x1d, 0x38, 0xbb, 0xc4, 0xd2, 0x09, 0x25, 0x76,
0xed, 0x90, 0xe8, 0x2d, 0xc3, 0xaa, 0x09, 0x82, 0x62, 0xaa, 0x35, 0x72, 0x44, 0x89, 0x6e, 0xab,
0x86, 0x6e, 0xd7, 0x0e, 0x6f, 0xed, 0x12, 0xaa, 0xdc, 0xaa, 0xb5, 0x89, 0x4e, 0x2c, 0x85, 0x92,
0x56, 0xd5, 0xb4, 0x0c, 0x6a, 0xa0, 0xcb, 0x2e, 0x7b, 0x55, 0x31, 0xd5, 0x6a, 0xc0, 0x5e, 0x15,
0xec, 0xf3, 0x37, 0xdb, 0x2a, 0xdd, 0x77, 0x76, 0xab, 0x4d, 0xa3, 0x53, 0x6b, 0x1b, 0x6d, 0xa3,
0xc6, 0xa5, 0x76, 0x9d, 0x3d, 0xfe, 0x8b, 0xff, 0xe0, 0x7f, 0xb9, 0x68, 0xf3, 0x72, 0x48, 0x79,
0xd3, 0xb0, 0x48, 0xed, 0x30, 0xa1, 0x71, 0xfe, 0x7a, 0x88, 0xc7, 0x34, 0x34, 0xb5, 0xd9, 0xcd,
0x32, 0x6e, 0xfe, 0x9d, 0x80, 0xb5, 0xa3, 0x34, 0xf7, 0x55, 0x9d, 0x58, 0xdd, 0x9a, 0x79, 0xd0,
0xe6, 0xb2, 0x16, 0xb1, 0x0d, 0xc7, 0x6a, 0x92, 0x81, 0xa4, 0xec, 0x5a, 0x87, 0x50, 0x25, 0xcd,
0xac, 0x5a, 0x96, 0x94, 0xe5, 0xe8, 0x54, 0xed, 0x24, 0xd5, 0xdc, 0xed, 0x25, 0x60, 0x37, 0xf7,
0x49, 0x47, 0x49, 0xc8, 0xbd, 0x9d, 0x25, 0xe7, 0x50, 0x55, 0xab, 0xa9, 0x3a, 0xb5, 0xa9, 0x15,
0x17, 0x92, 0xef, 0xc3, 0xd4, 0xa2, 0xa6, 0x19, 0x9f, 0x93, 0xd6, 0x8a, 0x46, 0x8e, 0x9e, 0x18,
0x9a, 0xd3, 0x21, 0xe8, 0x2a, 0x0c, 0xb7, 0x2c, 0xf5, 0x90, 0x58, 0x65, 0xe9, 0x8a, 0x74, 0x6d,
0xa4, 0x3e, 0xfe, 0xfc, 0xb8, 0x72, 0xe1, 0xe4, 0xb8, 0x32, 0xbc, 0xcc, 0x47, 0xb1, 0xa0, 0xca,
0x36, 0x4c, 0x08, 0xe1, 0x47, 0x86, 0x4d, 0xb7, 0x14, 0xba, 0x8f, 0x6e, 0x03, 0x98, 0x0a, 0xdd,
0xdf, 0xb2, 0xc8, 0x9e, 0x7a, 0x24, 0xc4, 0x91, 0x10, 0x87, 0x2d, 0x9f, 0x82, 0x43, 0x5c, 0xe8,
0x06, 0x94, 0x2c, 0xa2, 0xb4, 0x36, 0x75, 0xad, 0x5b, 0xce, 0x5d, 0x91, 0xae, 0x95, 0xea, 0x93,
0x42, 0xa2, 0x84, 0xc5, 0x38, 0xf6, 0x39, 0xe4, 0xbf, 0x94, 0xe0, 0x67, 0x4b, 0x8e, 0x4d, 0x8d,
0xce, 0x3a, 0xa1, 0x96, 0xda, 0x5c, 0x72, 0x2c, 0x8b, 0xe8, 0xb4, 0x41, 0x15, 0xea, 0xd8, 0xe8,
0x0a, 0x14, 0x74, 0xa5, 0x43, 0x84, 0xe6, 0x8b, 0x02, 0xa7, 0xb0, 0xa1, 0x74, 0x08, 0xe6, 0x14,
0xf4, 0x31, 0x0c, 0x1d, 0x2a, 0x9a, 0x43, 0xb8, 0xaa, 0xd1, 0xdb, 0xd5, 0x6a, 0x10, 0xa8, 0xbe,
0xdb, 0xaa, 0xe6, 0x41, 0x9b, 0x47, 0xae, 0x17, 0x0b, 0xd5, 0xc7, 0x8e, 0xa2, 0x53, 0x95, 0x76,
0xeb, 0x33, 0x02, 0xf2, 0xa2, 0xd0, 0xfb, 0x84, 0x61, 0x61, 0x17, 0x52, 0xfe, 0x1d, 0xb8, 0x9c,
0x69, 0xda, 0x9a, 0x6a, 0x53, 0xf4, 0x14, 0x86, 0x54, 0x4a, 0x3a, 0x76, 0x59, 0xba, 0x92, 0xbf,
0x36, 0x7a, 0xfb, 0x5e, 0xf5, 0xd4, 0x5d, 0x52, 0xcd, 0x04, 0xab, 0x8f, 0x09, 0x33, 0x86, 0x56,
0x19, 0x1c, 0x76, 0x51, 0xe5, 0x3f, 0x95, 0x00, 0x85, 0x65, 0xb6, 0x15, 0xab, 0x4d, 0x68, 0x1f,
0x4e, 0xf9, 0x8d, 0x9f, 0xe6, 0x94, 0x69, 0x01, 0x39, 0xea, 0x2a, 0x8c, 0xf8, 0xc4, 0x84, 0xd9,
0xa4, 0x49, 0xdc, 0x19, 0x4f, 0xa2, 0xce, 0xb8, 0x35, 0x80, 0x33, 0x5c, 0x94, 0x0c, 0x2f, 0x7c,
0x91, 0x83, 0x91, 0x65, 0x85, 0x74, 0x0c, 0xbd, 0x41, 0x28, 0xfa, 0x14, 0x4a, 0x6c, 0x6b, 0xb6,
0x14, 0xaa, 0x70, 0x07, 0x8c, 0xde, 0x7e, 0xeb, 0xb4, 0xd9, 0xd9, 0x55, 0xc6, 0x5d, 0x3d, 0xbc,
0x55, 0xdd, 0xdc, 0x7d, 0x46, 0x9a, 0x74, 0x9d, 0x50, 0x25, 0x88, 0xe0, 0x60, 0x0c, 0xfb, 0xa8,
0x68, 0x03, 0x0a, 0xb6, 0x49, 0x9a, 0xc2, 0x77, 0x37, 0x7a, 0x4c, 0xc3, 0xb7, 0xac, 0x61, 0x92,
0x66, 0xb0, 0x18, 0xec, 0x17, 0xe6, 0x38, 0xe8, 0x09, 0x0c, 0xdb, 0x7c, 0x95, 0xcb, 0xf9, 0xc4,
0x6a, 0x9c, 0x8e, 0xe8, 0xc6, 0x86, 0xbf, 0x5d, 0xdd, 0xdf, 0x58, 0xa0, 0xc9, 0xff, 0x91, 0x03,
0xe4, 0xf3, 0x2e, 0x19, 0x7a, 0x4b, 0xa5, 0xaa, 0xa1, 0xa3, 0x77, 0xa1, 0x40, 0xbb, 0xa6, 0x17,
0x1d, 0x57, 0x3d, 0x83, 0xb6, 0xbb, 0x26, 0x79, 0x71, 0x5c, 0x99, 0x4d, 0x4a, 0x30, 0x0a, 0xe6,
0x32, 0x68, 0xcd, 0x37, 0x35, 0xc7, 0xa5, 0xdf, 0x89, 0xaa, 0x7e, 0x71, 0x5c, 0x49, 0xc9, 0xdc,
0x55, 0x1f, 0x29, 0x6a, 0x20, 0x3a, 0x04, 0xa4, 0x29, 0x36, 0xdd, 0xb6, 0x14, 0xdd, 0x76, 0x35,
0xa9, 0x1d, 0x22, 0x9c, 0xf0, 0x66, 0x7f, 0x8b, 0xc6, 0x24, 0xea, 0xf3, 0xc2, 0x0a, 0xb4, 0x96,
0x40, 0xc3, 0x29, 0x1a, 0x58, 0xbe, 0xb3, 0x88, 0x62, 0x1b, 0x7a, 0xb9, 0x10, 0xcd, 0x77, 0x98,
0x8f, 0x62, 0x41, 0x45, 0xd7, 0xa1, 0xd8, 0x21, 0xb6, 0xad, 0xb4, 0x49, 0x79, 0x88, 0x33, 0x4e,
0x08, 0xc6, 0xe2, 0xba, 0x3b, 0x8c, 0x3d, 0xba, 0xfc, 0x95, 0x04, 0x63, 0xbe, 0xe7, 0x78, 0xb4,
0xff, 0x66, 0x22, 0x0e, 0xab, 0xfd, 0x4d, 0x89, 0x49, 0xf3, 0x28, 0xf4, 0xb3, 0xa2, 0x37, 0x12,
0x8a, 0xc1, 0x75, 0x6f, 0x2f, 0xe5, 0xf8, 0x5e, 0xba, 0xd6, 0x6f, 0xc8, 0x64, 0x6c, 0xa1, 0x3f,
0x2b, 0x84, 0xcc, 0x67, 0xa1, 0x89, 0x9e, 0x42, 0xc9, 0x26, 0x1a, 0x69, 0x52, 0xc3, 0x12, 0xe6,
0xbf, 0xdd, 0xa7, 0xf9, 0xca, 0x2e, 0xd1, 0x1a, 0x42, 0xb4, 0x7e, 0x91, 0xd9, 0xef, 0xfd, 0xc2,
0x3e, 0x24, 0x7a, 0x0c, 0x25, 0x4a, 0x3a, 0xa6, 0xa6, 0x50, 0x2f, 0x07, 0xbd, 0x11, 0x9e, 0x02,
0x8b, 0x1c, 0x06, 0xb6, 0x65, 0xb4, 0xb6, 0x05, 0x1b, 0xdf, 0x3e, 0xbe, 0x4b, 0xbc, 0x51, 0xec,
0xc3, 0xa0, 0x43, 0x18, 0x77, 0xcc, 0x16, 0xe3, 0xa4, 0xac, 0xe2, 0xb5, 0xbb, 0x22, 0x92, 0xee,
0xf6, 0xeb, 0x9b, 0x9d, 0x88, 0x74, 0x7d, 0x56, 0xe8, 0x1a, 0x8f, 0x8e, 0xe3, 0x98, 0x16, 0xb4,
0x08, 0x13, 0x1d, 0x55, 0x67, 0x95, 0xab, 0xdb, 0x20, 0x4d, 0x43, 0x6f, 0xd9, 0x3c, 0xac, 0x86,
0xea, 0x73, 0x02, 0x60, 0x62, 0x3d, 0x4a, 0xc6, 0x71, 0x7e, 0xf4, 0x21, 0x20, 0x6f, 0x1a, 0x0f,
0xdd, 0x82, 0xad, 0x1a, 0x3a, 0x8f, 0xb9, 0x7c, 0x10, 0xdc, 0xdb, 0x09, 0x0e, 0x9c, 0x22, 0x85,
0xd6, 0x60, 0xc6, 0x22, 0x87, 0x2a, 0x9b, 0xe3, 0x23, 0xd5, 0xa6, 0x86, 0xd5, 0x5d, 0x53, 0x3b,
0x2a, 0x2d, 0x0f, 0x73, 0x9b, 0xca, 0x27, 0xc7, 0x95, 0x19, 0x9c, 0x42, 0xc7, 0xa9, 0x52, 0xf2,
0x9f, 0x0f, 0xc3, 0x44, 0x2c, 0xdf, 0xa0, 0x27, 0x30, 0xdb, 0x74, 0x8b, 0xd3, 0x86, 0xd3, 0xd9,
0x25, 0x56, 0xa3, 0xb9, 0x4f, 0x5a, 0x8e, 0x46, 0x5a, 0x3c, 0x50, 0x86, 0xea, 0x0b, 0xc2, 0xe2,
0xd9, 0xa5, 0x54, 0x2e, 0x9c, 0x21, 0xcd, 0xbc, 0xa0, 0xf3, 0xa1, 0x75, 0xd5, 0xb6, 0x7d, 0xcc,
0x1c, 0xc7, 0xf4, 0xbd, 0xb0, 0x91, 0xe0, 0xc0, 0x29, 0x52, 0xcc, 0xc6, 0x16, 0xb1, 0x55, 0x8b,
0xb4, 0xe2, 0x36, 0xe6, 0xa3, 0x36, 0x2e, 0xa7, 0x72, 0xe1, 0x0c, 0x69, 0x74, 0x07, 0x46, 0x5d,
0x6d, 0x7c, 0xfd, 0xc4, 0x42, 0xfb, 0xe5, 0x70, 0x23, 0x20, 0xe1, 0x30, 0x1f, 0x9b, 0x9a, 0xb1,
0x6b, 0x13, 0xeb, 0x90, 0xb4, 0xb2, 0x17, 0x78, 0x33, 0xc1, 0x81, 0x53, 0xa4, 0xd8, 0xd4, 0xdc,
0x08, 0x4c, 0x4c, 0x6d, 0x38, 0x3a, 0xb5, 0x9d, 0x54, 0x2e, 0x9c, 0x21, 0xcd, 0xe2, 0xd8, 0x35,
0x79, 0xf1, 0x50, 0x51, 0x35, 0x65, 0x57, 0x23, 0xe5, 0x62, 0x34, 0x8e, 0x37, 0xa2, 0x64, 0x1c,
0xe7, 0x47, 0x0f, 0x61, 0xca, 0x1d, 0xda, 0xd1, 0x15, 0x1f, 0xa4, 0xc4, 0x41, 0x7e, 0x26, 0x40,
0xa6, 0x36, 0xe2, 0x0c, 0x38, 0x29, 0x83, 0xde, 0x85, 0xf1, 0xa6, 0xa1, 0x69, 0x3c, 0x1e, 0x97,
0x0c, 0x47, 0xa7, 0xe5, 0x11, 0x8e, 0x82, 0xd8, 0x7e, 0x5c, 0x8a, 0x50, 0x70, 0x8c, 0x13, 0x11,
0x80, 0xa6, 0x57, 0x70, 0xec, 0x32, 0xf4, 0xd5, 0x6b, 0x24, 0x8b, 0x5e, 0xd0, 0x03, 0xf8, 0x43,
0x36, 0x0e, 0x01, 0xcb, 0xff, 0x22, 0xc1, 0x5c, 0x46, 0xea, 0x40, 0xef, 0x47, 0x4a, 0xec, 0x2f,
0xc7, 0x4a, 0xec, 0xa5, 0x0c, 0xb1, 0x50, 0x9d, 0xd5, 0x61, 0xcc, 0x62, 0xb3, 0xd2, 0xdb, 0x2e,
0x8b, 0xc8, 0x91, 0x77, 0x7a, 0x4c, 0x03, 0x87, 0x65, 0x82, 0x9c, 0x3f, 0x75, 0x72, 0x5c, 0x19,
0x8b, 0xd0, 0x70, 0x14, 0x5e, 0xfe, 0x8b, 0x1c, 0xc0, 0x32, 0x31, 0x35, 0xa3, 0xdb, 0x21, 0xfa,
0x79, 0xf4, 0x50, 0x9b, 0x91, 0x1e, 0xea, 0x66, 0xaf, 0xe5, 0xf1, 0x4d, 0xcb, 0x6c, 0xa2, 0x7e,
0x3d, 0xd6, 0x44, 0xd5, 0xfa, 0x87, 0x3c, 0xbd, 0x8b, 0xfa, 0xb7, 0x3c, 0x4c, 0x07, 0xcc, 0x41,
0x1b, 0x75, 0x3f, 0xb2, 0xc6, 0xbf, 0x14, 0x5b, 0xe3, 0xb9, 0x14, 0x91, 0x57, 0xd6, 0x47, 0xbd,
0xfc, 0x7e, 0x06, 0x3d, 0x83, 0x71, 0xd6, 0x38, 0xb9, 0xe1, 0xc1, 0xdb, 0xb2, 0xe1, 0x81, 0xdb,
0x32, 0xbf, 0x80, 0xae, 0x45, 0x90, 0x70, 0x0c, 0x39, 0xa3, 0x0d, 0x2c, 0xbe, 0xea, 0x36, 0x50,
0xfe, 0x5a, 0x82, 0xf1, 0x60, 0x99, 0xce, 0xa1, 0x69, 0xdb, 0x88, 0x36, 0x6d, 0xd7, 0xfb, 0x0e,
0xd1, 0x8c, 0xae, 0xed, 0xbf, 0x58, 0x83, 0xef, 0x33, 0xb1, 0x0d, 0xbe, 0xab, 0x34, 0x0f, 0xfa,
0xf8, 0xfc, 0xfb, 0x42, 0x02, 0x24, 0xaa, 0xc0, 0xa2, 0xae, 0x1b, 0x54, 0x71, 0x73, 0xa5, 0x6b,
0xd6, 0x6a, 0xdf, 0x66, 0x79, 0x1a, 0xab, 0x3b, 0x09, 0xac, 0x07, 0x3a, 0xb5, 0xba, 0xc1, 0x8a,
0x24, 0x19, 0x70, 0x8a, 0x01, 0x48, 0x01, 0xb0, 0x04, 0xe6, 0xb6, 0x21, 0x36, 0xf2, 0xcd, 0x3e,
0x72, 0x1e, 0x13, 0x58, 0x32, 0xf4, 0x3d, 0xb5, 0x1d, 0xa4, 0x1d, 0xec, 0x03, 0xe1, 0x10, 0xe8,
0xfc, 0x03, 0x98, 0xcb, 0xb0, 0x16, 0x4d, 0x42, 0xfe, 0x80, 0x74, 0x5d, 0xb7, 0x61, 0xf6, 0x27,
0x9a, 0x09, 0x7f, 0x26, 0x8f, 0x88, 0x2f, 0xdc, 0x77, 0x73, 0xf7, 0x24, 0xf9, 0xab, 0xa1, 0x70,
0xec, 0xf0, 0x8e, 0xf9, 0x1a, 0x94, 0x2c, 0x62, 0x6a, 0x6a, 0x53, 0xb1, 0x45, 0x23, 0x74, 0xd1,
0x3d, 0xd2, 0x70, 0xc7, 0xb0, 0x4f, 0x8d, 0xf4, 0xd6, 0xb9, 0x57, 0xdb, 0x5b, 0xe7, 0x5f, 0x4e,
0x6f, 0xfd, 0x5b, 0x50, 0xb2, 0xbd, 0xae, 0xba, 0xc0, 0x21, 0x6f, 0x0d, 0x90, 0x5f, 0x45, 0x43,
0xed, 0x2b, 0xf0, 0x5b, 0x69, 0x1f, 0x34, 0xad, 0x89, 0x1e, 0x1a, 0xb0, 0x89, 0x7e, 0xa9, 0x8d,
0x2f, 0xcb, 0xa9, 0xa6, 0xe2, 0xd8, 0xa4, 0xc5, 0x13, 0x51, 0x29, 0xc8, 0xa9, 0x5b, 0x7c, 0x14,
0x0b, 0x2a, 0x7a, 0x1a, 0x09, 0xd9, 0xd2, 0x59, 0x42, 0x76, 0x3c, 0x3b, 0x5c, 0xd1, 0x0e, 0xcc,
0x99, 0x96, 0xd1, 0xb6, 0x88, 0x6d, 0x2f, 0x13, 0xa5, 0xa5, 0xa9, 0x3a, 0xf1, 0xfc, 0xe3, 0x76,
0x44, 0x97, 0x4e, 0x8e, 0x2b, 0x73, 0x5b, 0xe9, 0x2c, 0x38, 0x4b, 0x56, 0x7e, 0x5e, 0x80, 0xc9,
0x78, 0x05, 0xcc, 0x68, 0x52, 0xa5, 0x33, 0x35, 0xa9, 0x37, 0x42, 0x9b, 0xc1, 0xed, 0xe0, 0x43,
0x67, 0x7c, 0x89, 0x0d, 0xb1, 0x08, 0x13, 0x22, 0x1b, 0x78, 0x44, 0xd1, 0xa6, 0xfb, 0xab, 0xbf,
0x13, 0x25, 0xe3, 0x38, 0x3f, 0x6b, 0x3d, 0x83, 0x8e, 0xd2, 0x03, 0x29, 0x44, 0x5b, 0xcf, 0xc5,
0x38, 0x03, 0x4e, 0xca, 0xa0, 0x75, 0x98, 0x76, 0xf4, 0x24, 0x94, 0x1b, 0x8d, 0x97, 0x04, 0xd4,
0xf4, 0x4e, 0x92, 0x05, 0xa7, 0xc9, 0xa1, 0xbd, 0x48, 0x37, 0x3a, 0xcc, 0x33, 0xec, 0xed, 0xbe,
0xf7, 0x4e, 0xdf, 0xed, 0x28, 0xba, 0x0f, 0x63, 0x16, 0xff, 0xee, 0xf0, 0x0c, 0x76, 0x7b, 0xf7,
0xd7, 0x84, 0xd8, 0x18, 0x0e, 0x13, 0x71, 0x94, 0x37, 0xa5, 0xdd, 0x2e, 0xf5, 0xdb, 0x6e, 0xcb,
0xff, 0x24, 0x85, 0x8b, 0x90, 0xdf, 0x02, 0xf7, 0x3a, 0x65, 0x4a, 0x48, 0x84, 0xba, 0x23, 0x23,
0xbd, 0xfb, 0xbd, 0x3b, 0x50, 0xf7, 0x1b, 0x14, 0xcf, 0xde, 0xed, 0xef, 0x97, 0x12, 0xcc, 0xae,
0x34, 0x1e, 0x5a, 0x86, 0x63, 0x7a, 0xe6, 0x6c, 0x9a, 0xae, 0x5f, 0x7f, 0x01, 0x05, 0xcb, 0xd1,
0xbc, 0x79, 0xbc, 0xe1, 0xcd, 0x03, 0x3b, 0x1a, 0x9b, 0xc7, 0x74, 0x4c, 0xca, 0x9d, 0x04, 0x13,
0x40, 0x1b, 0x30, 0x6c, 0x29, 0x7a, 0x9b, 0x78, 0x65, 0xf5, 0x6a, 0x0f, 0xeb, 0x57, 0x97, 0x31,
0x63, 0x0f, 0x35, 0x6f, 0x5c, 0x1a, 0x0b, 0x14, 0xf9, 0x8f, 0x24, 0x98, 0x78, 0xb4, 0xbd, 0xbd,
0xb5, 0xaa, 0xf3, 0x1d, 0xcd, 0x4f, 0xdf, 0xaf, 0x40, 0xc1, 0x54, 0xe8, 0x7e, 0xbc, 0xd2, 0x33,
0x1a, 0xe6, 0x14, 0xf4, 0x11, 0x14, 0x59, 0x26, 0x21, 0x7a, 0xab, 0xcf, 0x56, 0x5b, 0xc0, 0xd7,
0x5d, 0xa1, 0xa0, 0x43, 0x14, 0x03, 0xd8, 0x83, 0x93, 0x0f, 0x60, 0x26, 0x64, 0x0e, 0xf3, 0x07,
0x3f, 0x06, 0x46, 0x0d, 0x18, 0x62, 0x9a, 0xbd, 0x53, 0xde, 0x5e, 0x87, 0x99, 0xb1, 0x29, 0x05,
0x9d, 0x0e, 0xfb, 0x65, 0x63, 0x17, 0x4b, 0x5e, 0x87, 0x31, 0x7e, 0xe5, 0x60, 0x58, 0x94, 0xbb,
0x05, 0x5d, 0x86, 0x7c, 0x47, 0xd5, 0x45, 0x9d, 0x1d, 0x15, 0x32, 0x79, 0x56, 0x23, 0xd8, 0x38,
0x27, 0x2b, 0x47, 0x22, 0xf3, 0x04, 0x64, 0xe5, 0x08, 0xb3, 0x71, 0xf9, 0x21, 0x14, 0x85, 0xbb,
0xc3, 0x40, 0xf9, 0xd3, 0x81, 0xf2, 0x29, 0x40, 0x9b, 0x50, 0x5c, 0xdd, 0xaa, 0x6b, 0x86, 0xdb,
0x75, 0x35, 0xd5, 0x96, 0x15, 0x5f, 0x8b, 0xa5, 0xd5, 0x65, 0x8c, 0x39, 0x05, 0xc9, 0x30, 0x4c,
0x8e, 0x9a, 0xc4, 0xa4, 0x3c, 0x22, 0x46, 0xea, 0xc0, 0x56, 0xf9, 0x01, 0x1f, 0xc1, 0x82, 0x22,
0xff, 0x71, 0x0e, 0x8a, 0xc2, 0x1d, 0xe7, 0xf0, 0x15, 0xb6, 0x16, 0xf9, 0x0a, 0x7b, 0xb3, 0xbf,
0xd0, 0xc8, 0xfc, 0x04, 0xdb, 0x8e, 0x7d, 0x82, 0xdd, 0xe8, 0x13, 0xef, 0xf4, 0xef, 0xaf, 0xbf,
0x97, 0x60, 0x3c, 0x1a, 0x94, 0xe8, 0x0e, 0x8c, 0xb2, 0x82, 0xa3, 0x36, 0xc9, 0x46, 0xd0, 0xe7,
0xfa, 0x87, 0x30, 0x8d, 0x80, 0x84, 0xc3, 0x7c, 0xa8, 0xed, 0x8b, 0xb1, 0x38, 0x12, 0x93, 0xce,
0x76, 0xa9, 0x43, 0x55, 0xad, 0xea, 0x5e, 0xa3, 0x55, 0x57, 0x75, 0xba, 0x69, 0x35, 0xa8, 0xa5,
0xea, 0xed, 0x84, 0x22, 0x1e, 0x94, 0x61, 0x64, 0xf9, 0x1f, 0x25, 0x18, 0x15, 0x26, 0x9f, 0xc3,
0x57, 0xc5, 0xaf, 0x45, 0xbf, 0x2a, 0xae, 0xf6, 0xb9, 0xc1, 0xd3, 0x3f, 0x29, 0xfe, 0x3a, 0x30,
0x9d, 0x6d, 0x69, 0x16, 0xd5, 0xfb, 0x86, 0x4d, 0xe3, 0x51, 0xcd, 0x36, 0x23, 0xe6, 0x14, 0xe4,
0xc0, 0xa4, 0x1a, 0xcb, 0x01, 0xc2, 0xb5, 0xb5, 0xfe, 0x2c, 0xf1, 0xc5, 0xea, 0x65, 0x01, 0x3f,
0x19, 0xa7, 0xe0, 0x84, 0x0a, 0x99, 0x40, 0x82, 0x0b, 0x3d, 0x86, 0xc2, 0x3e, 0xa5, 0x66, 0xca,
0x79, 0x75, 0x8f, 0xcc, 0x13, 0x98, 0x50, 0xe2, 0xb3, 0xdb, 0xde, 0xde, 0xc2, 0x1c, 0x4a, 0xfe,
0xef, 0xc0, 0x1f, 0x0d, 0x37, 0xc6, 0xfd, 0x7c, 0x2a, 0x9d, 0x25, 0x9f, 0x8e, 0xa6, 0xe5, 0x52,
0xf4, 0x08, 0xf2, 0x54, 0xeb, 0xf7, 0xb3, 0x50, 0x20, 0x6e, 0xaf, 0x35, 0x82, 0x84, 0xb4, 0xbd,
0xd6, 0xc0, 0x0c, 0x02, 0x6d, 0xc2, 0x10, 0xab, 0x3e, 0x6c, 0x0b, 0xe6, 0xfb, 0xdf, 0xd2, 0x6c,
0xfe, 0x41, 0x40, 0xb0, 0x5f, 0x36, 0x76, 0x71, 0xe4, 0xcf, 0x60, 0x2c, 0xb2, 0x4f, 0xd1, 0xa7,
0x70, 0x51, 0x33, 0x94, 0x56, 0x5d, 0xd1, 0x14, 0xbd, 0x49, 0xbc, 0xcb, 0x81, 0xab, 0x69, 0x5f,
0x18, 0x6b, 0x21, 0x3e, 0xb1, 0xcb, 0xfd, 0xeb, 0xd4, 0x30, 0x0d, 0x47, 0x10, 0x65, 0x05, 0x20,
0x98, 0x23, 0xaa, 0xc0, 0x10, 0x8b, 0x33, 0xb7, 0x9e, 0x8c, 0xd4, 0x47, 0x98, 0x85, 0x2c, 0xfc,
0x6c, 0xec, 0x8e, 0xa3, 0xdb, 0x00, 0x36, 0x69, 0x5a, 0x84, 0xf2, 0x64, 0x90, 0x8b, 0x5e, 0x41,
0x37, 0x7c, 0x0a, 0x0e, 0x71, 0xc9, 0xff, 0x2c, 0xc1, 0xd8, 0x06, 0xa1, 0x9f, 0x1b, 0xd6, 0xc1,
0x16, 0x7f, 0x3a, 0x70, 0x0e, 0xc9, 0x16, 0x47, 0x92, 0xed, 0x5b, 0x3d, 0x56, 0x26, 0x62, 0x5d,
0x56, 0xca, 0x95, 0xbf, 0x96, 0x60, 0x2e, 0xc2, 0xf9, 0x20, 0xd8, 0xba, 0x3b, 0x30, 0x64, 0x1a,
0x16, 0xf5, 0x0a, 0xf1, 0x40, 0x0a, 0x59, 0x1a, 0x0b, 0x95, 0x62, 0x06, 0x83, 0x5d, 0x34, 0xb4,
0x06, 0x39, 0x6a, 0x88, 0x50, 0x1d, 0x0c, 0x93, 0x10, 0xab, 0x0e, 0x02, 0x33, 0xb7, 0x6d, 0xe0,
0x1c, 0x35, 0xd8, 0x42, 0x94, 0x23, 0x5c, 0xe1, 0xe4, 0xf3, 0x8a, 0x66, 0x80, 0xa1, 0xb0, 0x67,
0x19, 0x9d, 0x33, 0xcf, 0xc1, 0x5f, 0x88, 0x15, 0xcb, 0xe8, 0x60, 0x8e, 0x25, 0x7f, 0x23, 0xc1,
0x54, 0x84, 0xf3, 0x1c, 0x12, 0xff, 0xe3, 0x68, 0xe2, 0xbf, 0x31, 0xc8, 0x44, 0x32, 0xd2, 0xff,
0x37, 0xb9, 0xd8, 0x34, 0xd8, 0x84, 0xd1, 0x1e, 0x8c, 0x9a, 0x46, 0xab, 0xf1, 0x12, 0xae, 0x03,
0x27, 0x58, 0xdd, 0xdc, 0x0a, 0xb0, 0x70, 0x18, 0x18, 0x1d, 0xc1, 0x94, 0xae, 0x74, 0x88, 0x6d,
0x2a, 0x4d, 0xd2, 0x78, 0x09, 0x07, 0x24, 0xaf, 0xf1, 0xfb, 0x86, 0x38, 0x22, 0x4e, 0x2a, 0x41,
0xeb, 0x50, 0x54, 0x4d, 0xde, 0xc7, 0x89, 0xde, 0xa5, 0x67, 0x15, 0x75, 0xbb, 0x3e, 0x37, 0x9f,
0x8b, 0x1f, 0xd8, 0xc3, 0x90, 0xff, 0x26, 0x1e, 0x0d, 0x2c, 0xfe, 0xd0, 0x43, 0x28, 0xf1, 0x47,
0x38, 0x4d, 0x43, 0xf3, 0x6e, 0x06, 0xd8, 0xca, 0x6e, 0x89, 0xb1, 0x17, 0xc7, 0x95, 0x4b, 0x29,
0x87, 0xbe, 0x1e, 0x19, 0xfb, 0xc2, 0x68, 0x03, 0x0a, 0xe6, 0x4f, 0xe9, 0x60, 0x78, 0x91, 0xe3,
0x6d, 0x0b, 0xc7, 0x91, 0x7f, 0x2f, 0x1f, 0x33, 0x97, 0x97, 0xba, 0x67, 0x2f, 0x6d, 0xd5, 0xfd,
0x8e, 0x29, 0x73, 0xe5, 0x77, 0xa1, 0x28, 0x2a, 0xbc, 0x08, 0xe6, 0x5f, 0x0c, 0x12, 0xcc, 0xe1,
0x2a, 0xe6, 0x7f, 0xb0, 0x78, 0x83, 0x1e, 0x30, 0xfa, 0x04, 0x86, 0x89, 0xab, 0xc2, 0xad, 0x8d,
0x77, 0x07, 0x51, 0x11, 0xe4, 0xd5, 0xa0, 0x51, 0x15, 0x63, 0x02, 0x15, 0xbd, 0xcf, 0xfc, 0xc5,
0x78, 0xd9, 0x47, 0xa0, 0x5d, 0x2e, 0xf0, 0x72, 0x75, 0xd9, 0x9d, 0xb6, 0x3f, 0xfc, 0xe2, 0xb8,
0x02, 0xc1, 0x4f, 0x1c, 0x96, 0x90, 0xff, 0x55, 0x82, 0x29, 0xee, 0xa1, 0xa6, 0x63, 0xa9, 0xb4,
0x7b, 0x6e, 0x85, 0xe9, 0x49, 0xa4, 0x30, 0xbd, 0xd3, 0xc3, 0x2d, 0x09, 0x0b, 0x33, 0x8b, 0xd3,
0xb7, 0x12, 0xbc, 0x96, 0xe0, 0x3e, 0x87, 0xbc, 0xb8, 0x13, 0xcd, 0x8b, 0x6f, 0x0d, 0x3a, 0xa1,
0xac, 0xd6, 0x78, 0x3c, 0x65, 0x3a, 0x7c, 0xa7, 0xdc, 0x06, 0x30, 0x2d, 0xf5, 0x50, 0xd5, 0x48,
0x5b, 0x5c, 0x82, 0x97, 0x42, 0x8f, 0xe0, 0x7c, 0x0a, 0x0e, 0x71, 0x21, 0x1b, 0x66, 0x5b, 0x64,
0x4f, 0x71, 0x34, 0xba, 0xd8, 0x6a, 0x2d, 0x29, 0xa6, 0xb2, 0xab, 0x6a, 0x2a, 0x55, 0xc5, 0x71,
0xc1, 0x48, 0xfd, 0xbe, 0x7b, 0x39, 0x9d, 0xc6, 0xf1, 0xe2, 0xb8, 0x72, 0x39, 0xed, 0x76, 0xc8,
0x63, 0xe9, 0xe2, 0x0c, 0x68, 0xd4, 0x85, 0xb2, 0x45, 0x3e, 0x73, 0x54, 0x8b, 0xb4, 0x96, 0x2d,
0xc3, 0x8c, 0xa8, 0xcd, 0x73, 0xb5, 0xbf, 0x7a, 0x72, 0x5c, 0x29, 0xe3, 0x0c, 0x9e, 0xde, 0x8a,
0x33, 0xe1, 0xd1, 0x33, 0x98, 0x56, 0xdc, 0xb7, 0x83, 0x11, 0xad, 0xee, 0x2e, 0xb9, 0x77, 0x72,
0x5c, 0x99, 0x5e, 0x4c, 0x92, 0x7b, 0x2b, 0x4c, 0x03, 0x45, 0x35, 0x28, 0x1e, 0xf2, 0x97, 0x8d,
0x76, 0x79, 0x88, 0xe3, 0xb3, 0x42, 0x50, 0x74, 0x1f, 0x3b, 0x32, 0xcc, 0xe1, 0x95, 0x06, 0xdf,
0x7d, 0x1e, 0x17, 0xfb, 0xa0, 0x64, 0xbd, 0xa4, 0xd8, 0xf1, 0xfc, 0xc4, 0xb8, 0x14, 0x64, 0xad,
0x47, 0x01, 0x09, 0x87, 0xf9, 0xd0, 0x53, 0x18, 0xd9, 0x17, 0xa7, 0x12, 0x76, 0xb9, 0xd8, 0x57,
0x11, 0x8e, 0x9c, 0x62, 0xd4, 0xa7, 0x84, 0x8a, 0x11, 0x6f, 0xd8, 0xc6, 0x01, 0x22, 0xba, 0x0e,
0x45, 0xfe, 0x63, 0x75, 0x99, 0x1f, 0xc7, 0x95, 0x82, 0xdc, 0xf6, 0xc8, 0x1d, 0xc6, 0x1e, 0xdd,
0x63, 0x5d, 0xdd, 0x5a, 0xe2, 0xc7, 0xc2, 0x31, 0xd6, 0xd5, 0xad, 0x25, 0xec, 0xd1, 0xd1, 0xa7,
0x50, 0xb4, 0xc9, 0x9a, 0xaa, 0x3b, 0x47, 0x65, 0xe8, 0xeb, 0x52, 0xb9, 0xf1, 0x80, 0x73, 0xc7,
0x0e, 0xc6, 0x02, 0x0d, 0x82, 0x8e, 0x3d, 0x58, 0xb4, 0x0f, 0x23, 0x96, 0xa3, 0x2f, 0xda, 0x3b,
0x36, 0xb1, 0xca, 0xa3, 0x5c, 0x47, 0xaf, 0x74, 0x8e, 0x3d, 0xfe, 0xb8, 0x16, 0xdf, 0x43, 0x3e,
0x07, 0x0e, 0xc0, 0xd1, 0x1f, 0x4a, 0x80, 0x6c, 0xc7, 0x34, 0x35, 0xd2, 0x21, 0x3a, 0x55, 0x34,
0x7e, 0x16, 0x67, 0x97, 0x2f, 0x72, 0x9d, 0x1f, 0xf4, 0x9a, 0x57, 0x42, 0x30, 0xae, 0xdc, 0x3f,
0xf4, 0x4e, 0xb2, 0xe2, 0x14, 0xbd, 0xcc, 0xb5, 0x7b, 0x36, 0xff, 0xbb, 0x3c, 0xd6, 0x97, 0x6b,
0xd3, 0xcf, 0x1c, 0x03, 0xd7, 0x0a, 0x3a, 0xf6, 0x60, 0xd1, 0x13, 0x98, 0xf5, 0x1e, 0xc6, 0x62,
0xc3, 0xa0, 0x2b, 0xaa, 0x46, 0xec, 0xae, 0x4d, 0x49, 0xa7, 0x3c, 0xce, 0x97, 0xdd, 0x7f, 0xfb,
0x81, 0x53, 0xb9, 0x70, 0x86, 0x34, 0xea, 0x40, 0xc5, 0x4b, 0x19, 0x6c, 0x3f, 0xf9, 0x39, 0xeb,
0x81, 0xdd, 0x54, 0x34, 0xf7, 0x1e, 0x60, 0x82, 0x2b, 0x78, 0xe3, 0xe4, 0xb8, 0x52, 0x59, 0x3e,
0x9d, 0x15, 0xf7, 0xc2, 0x42, 0x1f, 0x41, 0x59, 0xc9, 0xd2, 0x33, 0xc9, 0xf5, 0xbc, 0xce, 0xf2,
0x50, 0xa6, 0x82, 0x4c, 0x69, 0x44, 0x61, 0x52, 0x89, 0x3e, 0x51, 0xb6, 0xcb, 0x53, 0x7d, 0x1d,
0x44, 0xc6, 0x5e, 0x36, 0x07, 0x87, 0x11, 0x31, 0x82, 0x8d, 0x13, 0x1a, 0xd0, 0x6f, 0x03, 0x52,
0xe2, 0xaf, 0xaa, 0xed, 0x32, 0xea, 0xab, 0xfc, 0x24, 0x9e, 0x63, 0x07, 0x61, 0x97, 0x20, 0xd9,
0x38, 0x45, 0x0f, 0x5a, 0x83, 0x19, 0x31, 0xba, 0xa3, 0xdb, 0xca, 0x1e, 0x69, 0x74, 0xed, 0x26,
0xd5, 0xec, 0xf2, 0x34, 0xcf, 0x7d, 0xfc, 0xe2, 0x6b, 0x31, 0x85, 0x8e, 0x53, 0xa5, 0xd0, 0x07,
0x30, 0xb9, 0x67, 0x58, 0xbb, 0x6a, 0xab, 0x45, 0x74, 0x0f, 0x69, 0x86, 0x23, 0xcd, 0x30, 0x6f,
0xac, 0xc4, 0x68, 0x38, 0xc1, 0xcd, 0x1f, 0x93, 0x88, 0xab, 0x85, 0xf3, 0x79, 0x90, 0x3b, 0xd8,
0x63, 0x92, 0xc0, 0xb4, 0x97, 0xf6, 0x98, 0x24, 0x04, 0x79, 0xfa, 0x61, 0xe6, 0x7f, 0xe6, 0x60,
0x3a, 0x60, 0xee, 0xfb, 0x31, 0x49, 0x8a, 0xc8, 0xff, 0x3f, 0xca, 0xed, 0xfd, 0x28, 0xf7, 0x6b,
0x09, 0xc6, 0x03, 0xd7, 0xfd, 0xef, 0x7b, 0xe0, 0x11, 0xd8, 0x96, 0xd1, 0x72, 0xfe, 0x5d, 0x2e,
0x3c, 0x81, 0xff, 0xf3, 0xaf, 0x0c, 0x7e, 0xfa, 0x4b, 0x5a, 0xf9, 0xdb, 0x3c, 0x4c, 0xc6, 0x77,
0x63, 0xe4, 0x32, 0x5a, 0xea, 0x79, 0x19, 0xbd, 0x05, 0x33, 0x7b, 0x8e, 0xa6, 0x75, 0xb9, 0x1b,
0x42, 0x37, 0xd2, 0xee, 0x65, 0xd2, 0xeb, 0x42, 0x72, 0x66, 0x25, 0x85, 0x07, 0xa7, 0x4a, 0x66,
0x5c, 0xac, 0xe7, 0xcf, 0x74, 0xb1, 0x9e, 0xb8, 0xe7, 0x2d, 0x0c, 0x70, 0xcf, 0x9b, 0x7a, 0x49,
0x3e, 0x74, 0x86, 0x4b, 0xf2, 0xb3, 0xdc, 0x6a, 0xa7, 0x24, 0xb1, 0x9e, 0x8f, 0x2c, 0x5f, 0x87,
0x79, 0x21, 0x46, 0xf9, 0x85, 0xb3, 0x4e, 0x2d, 0x43, 0xd3, 0x88, 0xb5, 0xec, 0x74, 0x3a, 0x5d,
0xf9, 0x3d, 0x18, 0x8f, 0x3e, 0xa5, 0x70, 0x57, 0xda, 0x7d, 0xcd, 0x21, 0xae, 0xf4, 0x42, 0x2b,
0xed, 0x8e, 0x63, 0x9f, 0x43, 0xfe, 0x7d, 0x09, 0x66, 0xd3, 0x9f, 0x4c, 0x22, 0x0d, 0xc6, 0x3b,
0xca, 0x51, 0xf8, 0x19, 0xab, 0x74, 0xc6, 0xc3, 0x16, 0x7e, 0x87, 0xbe, 0x1e, 0xc1, 0xc2, 0x31,
0x6c, 0xf9, 0x47, 0x09, 0xe6, 0x32, 0x6e, 0xaf, 0xcf, 0xd7, 0x12, 0xf4, 0x31, 0x94, 0x3a, 0xca,
0x51, 0xc3, 0xb1, 0xda, 0xe4, 0xcc, 0xc7, 0x4b, 0x3c, 0x63, 0xac, 0x0b, 0x14, 0xec, 0xe3, 0xc9,
0x5f, 0x4a, 0x50, 0xce, 0x6a, 0xf4, 0xd1, 0x9d, 0xc8, 0x3d, 0xfb, 0xcf, 0x63, 0xf7, 0xec, 0x53,
0x09, 0xb9, 0x57, 0x74, 0xcb, 0xfe, 0xb7, 0x12, 0xcc, 0xa6, 0x7f, 0xf0, 0xa0, 0xb7, 0x23, 0x16,
0x56, 0x62, 0x16, 0x4e, 0xc4, 0xa4, 0x84, 0x7d, 0x9f, 0xc0, 0xb8, 0xf8, 0x2c, 0x12, 0x30, 0xc2,
0xab, 0x72, 0x5a, 0xae, 0x14, 0x10, 0xde, 0x67, 0x00, 0x5f, 0xaf, 0xe8, 0x18, 0x8e, 0xa1, 0xc9,
0x7f, 0x90, 0x83, 0xa1, 0x46, 0x53, 0xd1, 0xc8, 0x39, 0xb4, 0x59, 0x1f, 0x46, 0xda, 0xac, 0x5e,
0xff, 0x72, 0xc2, 0xad, 0xca, 0xec, 0xb0, 0x70, 0xac, 0xc3, 0x7a, 0xb3, 0x2f, 0xb4, 0xd3, 0x9b,
0xab, 0x5f, 0x81, 0x11, 0x5f, 0xe9, 0x60, 0x39, 0x5f, 0xfe, 0xab, 0x1c, 0x8c, 0x86, 0x54, 0x0c,
0x58, 0x31, 0xf6, 0x22, 0x95, 0xb6, 0x9f, 0x7f, 0xf4, 0x0b, 0xe9, 0xaa, 0x7a, 0xb5, 0xd5, 0x7d,
0x32, 0x19, 0x3c, 0x92, 0x4b, 0x96, 0xdc, 0xf7, 0x60, 0x9c, 0xf2, 0x7f, 0x84, 0xf3, 0x0f, 0x65,
0xf3, 0x3c, 0x16, 0xfd, 0x87, 0xb6, 0xdb, 0x11, 0x2a, 0x8e, 0x71, 0xcf, 0xdf, 0x87, 0xb1, 0x88,
0xb2, 0x81, 0x5e, 0x3c, 0xfe, 0x83, 0x04, 0x3f, 0xef, 0xf9, 0xc9, 0x8c, 0xea, 0x91, 0x4d, 0x52,
0x8d, 0x6d, 0x92, 0x85, 0x6c, 0x80, 0x57, 0xf7, 0x72, 0xa6, 0x7e, 0xf3, 0xf9, 0x0f, 0x0b, 0x17,
0xbe, 0xfb, 0x61, 0xe1, 0xc2, 0xf7, 0x3f, 0x2c, 0x5c, 0xf8, 0xdd, 0x93, 0x05, 0xe9, 0xf9, 0xc9,
0x82, 0xf4, 0xdd, 0xc9, 0x82, 0xf4, 0xfd, 0xc9, 0x82, 0xf4, 0xef, 0x27, 0x0b, 0xd2, 0x9f, 0xfc,
0xb8, 0x70, 0xe1, 0xe3, 0xa2, 0x80, 0xfb, 0x9f, 0x00, 0x00, 0x00, 0xff, 0xff, 0x7b, 0xc2, 0x4a,
0x40, 0x12, 0x3d, 0x00, 0x00,
}

138
vendor/k8s.io/api/extensions/v1beta1/generated.proto generated vendored
View file

@ -1,5 +1,5 @@
/*
Copyright 2018 The Kubernetes Authors.
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
@ -33,15 +33,17 @@ import "k8s.io/apimachinery/pkg/util/intstr/generated.proto";
option go_package = "v1beta1";
// AllowedFlexVolume represents a single Flexvolume that is allowed to be used.
// Deprecated: use AllowedFlexVolume from policy API Group instead.
message AllowedFlexVolume {
// Driver is the name of the Flexvolume driver.
// driver is the name of the Flexvolume driver.
optional string driver = 1;
}
// defines the host volume conditions that will be enabled by a policy
// AllowedHostPath defines the host volume conditions that will be enabled by a policy
// for pods to use. It requires the path prefix to be defined.
// Deprecated: use AllowedHostPath from policy API Group instead.
message AllowedHostPath {
// is the path prefix that the host volume must match.
// pathPrefix is the path prefix that the host volume must match.
// It does not support `*`.
// Trailing slashes are trimmed when validating the path prefix with a host path.
//
@ -49,6 +51,10 @@ message AllowedHostPath {
// `/foo` would allow `/foo`, `/foo/` and `/foo/bar`
// `/foo` would not allow `/food` or `/etc/foo`
optional string pathPrefix = 1;
// when set to true, will allow host volumes matching the pathPrefix only if all volume mounts are readOnly.
// +optional
optional bool readOnly = 2;
}
message CustomMetricCurrentStatus {
@ -409,13 +415,14 @@ message DeploymentStrategy {
}
// FSGroupStrategyOptions defines the strategy type and options used to create the strategy.
// Deprecated: use FSGroupStrategyOptions from policy API Group instead.
message FSGroupStrategyOptions {
// Rule is the strategy that will dictate what FSGroup is used in the SecurityContext.
// rule is the strategy that will dictate what FSGroup is used in the SecurityContext.
// +optional
optional string rule = 1;
// Ranges are the allowed ranges of fs groups. If you would like to force a single
// fs group then supply a single range with the same start and end.
// ranges are the allowed ranges of fs groups. If you would like to force a single
// fs group then supply a single range with the same start and end. Required for MustRunAs.
// +optional
repeated IDRange ranges = 2;
}
@ -448,8 +455,9 @@ message HTTPIngressRuleValue {
repeated HTTPIngressPath paths = 1;
}
// Host Port Range defines a range of host ports that will be enabled by a policy
// HostPortRange defines a range of host ports that will be enabled by a policy
// for pods to use. It requires both the start and end to be defined.
// Deprecated: use HostPortRange from policy API Group instead.
message HostPortRange {
// min is the start of the range, inclusive.
optional int32 min = 1;
@ -458,12 +466,13 @@ message HostPortRange {
optional int32 max = 2;
}
// ID Range provides a min/max of an allowed range of IDs.
// IDRange provides a min/max of an allowed range of IDs.
// Deprecated: use IDRange from policy API Group instead.
message IDRange {
// Min is the start of the range, inclusive.
// min is the start of the range, inclusive.
optional int64 min = 1;
// Max is the end of the range, inclusive.
// max is the end of the range, inclusive.
optional int64 max = 2;
}
@ -678,20 +687,26 @@ message NetworkPolicyList {
// DEPRECATED 1.9 - This group version of NetworkPolicyPeer is deprecated by networking/v1/NetworkPolicyPeer.
message NetworkPolicyPeer {
// This is a label selector which selects Pods in this namespace.
// This field follows standard label selector semantics.
// If present but empty, this selector selects all pods in this namespace.
// This is a label selector which selects Pods. This field follows standard label
// selector semantics; if present but empty, it selects all pods.
//
// If NamespaceSelector is also set, then the NetworkPolicyPeer as a whole selects
// the Pods matching PodSelector in the Namespaces selected by NamespaceSelector.
// Otherwise it selects the Pods matching PodSelector in the policy's own Namespace.
// +optional
optional k8s.io.apimachinery.pkg.apis.meta.v1.LabelSelector podSelector = 1;
// Selects Namespaces using cluster scoped-labels. This
// matches all pods in all namespaces selected by this label selector.
// This field follows standard label selector semantics.
// If present but empty, this selector selects all namespaces.
// Selects Namespaces using cluster-scoped labels. This field follows standard label
// selector semantics; if present but empty, it selects all namespaces.
//
// If PodSelector is also set, then the NetworkPolicyPeer as a whole selects
// the Pods matching PodSelector in the Namespaces selected by NamespaceSelector.
// Otherwise it selects all Pods in the Namespaces selected by NamespaceSelector.
// +optional
optional k8s.io.apimachinery.pkg.apis.meta.v1.LabelSelector namespaceSelector = 2;
// IPBlock defines policy on a particular IPBlock
// IPBlock defines policy on a particular IPBlock. If this field is set then
// neither of the other fields can be.
// +optional
optional IPBlock ipBlock = 3;
}
@ -755,8 +770,9 @@ message NetworkPolicySpec {
repeated string policyTypes = 4;
}
// Pod Security Policy governs the ability to make requests that affect the Security Context
// PodSecurityPolicy governs the ability to make requests that affect the Security Context
// that will be applied to a pod and container.
// Deprecated: use PodSecurityPolicy from policy API Group instead.
message PodSecurityPolicy {
// Standard object's metadata.
// More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata
@ -768,43 +784,45 @@ message PodSecurityPolicy {
optional PodSecurityPolicySpec spec = 2;
}
// Pod Security Policy List is a list of PodSecurityPolicy objects.
// PodSecurityPolicyList is a list of PodSecurityPolicy objects.
// Deprecated: use PodSecurityPolicyList from policy API Group instead.
message PodSecurityPolicyList {
// Standard list metadata.
// More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata
// +optional
optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1;
// Items is a list of schema objects.
// items is a list of schema objects.
repeated PodSecurityPolicy items = 2;
}
// Pod Security Policy Spec defines the policy enforced.
// PodSecurityPolicySpec defines the policy enforced.
// Deprecated: use PodSecurityPolicySpec from policy API Group instead.
message PodSecurityPolicySpec {
// privileged determines if a pod can request to be run as privileged.
// +optional
optional bool privileged = 1;
// DefaultAddCapabilities is the default set of capabilities that will be added to the container
// defaultAddCapabilities is the default set of capabilities that will be added to the container
// unless the pod spec specifically drops the capability. You may not list a capability in both
// DefaultAddCapabilities and RequiredDropCapabilities. Capabilities added here are implicitly
// allowed, and need not be included in the AllowedCapabilities list.
// defaultAddCapabilities and requiredDropCapabilities. Capabilities added here are implicitly
// allowed, and need not be included in the allowedCapabilities list.
// +optional
repeated string defaultAddCapabilities = 2;
// RequiredDropCapabilities are the capabilities that will be dropped from the container. These
// requiredDropCapabilities are the capabilities that will be dropped from the container. These
// are required to be dropped and cannot be added.
// +optional
repeated string requiredDropCapabilities = 3;
// AllowedCapabilities is a list of capabilities that can be requested to add to the container.
// allowedCapabilities is a list of capabilities that can be requested to add to the container.
// Capabilities in this field may be added at the pod author's discretion.
// You must not list a capability in both AllowedCapabilities and RequiredDropCapabilities.
// You must not list a capability in both allowedCapabilities and requiredDropCapabilities.
// +optional
repeated string allowedCapabilities = 4;
// volumes is a white list of allowed volume plugins. Empty indicates that all plugins
// may be used.
// volumes is a white list of allowed volume plugins. Empty indicates that
// no volumes may be used. To allow all volumes you may use '*'.
// +optional
repeated string volumes = 5;
@ -830,13 +848,13 @@ message PodSecurityPolicySpec {
// runAsUser is the strategy that will dictate the allowable RunAsUser values that may be set.
optional RunAsUserStrategyOptions runAsUser = 11;
// SupplementalGroups is the strategy that will dictate what supplemental groups are used by the SecurityContext.
// supplementalGroups is the strategy that will dictate what supplemental groups are used by the SecurityContext.
optional SupplementalGroupsStrategyOptions supplementalGroups = 12;
// FSGroup is the strategy that will dictate what fs group is used by the SecurityContext.
// fsGroup is the strategy that will dictate what fs group is used by the SecurityContext.
optional FSGroupStrategyOptions fsGroup = 13;
// ReadOnlyRootFilesystem when set to true will force containers to run with a read only root file
// readOnlyRootFilesystem when set to true will force containers to run with a read only root file
// system. If the container specifically requests to run with a non-read only root file system
// the PSP should deny the pod.
// If set to false the container may run with a read only root file system if it wishes but it
@ -844,25 +862,47 @@ message PodSecurityPolicySpec {
// +optional
optional bool readOnlyRootFilesystem = 14;
// DefaultAllowPrivilegeEscalation controls the default setting for whether a
// defaultAllowPrivilegeEscalation controls the default setting for whether a
// process can gain more privileges than its parent process.
// +optional
optional bool defaultAllowPrivilegeEscalation = 15;
// AllowPrivilegeEscalation determines if a pod can request to allow
// allowPrivilegeEscalation determines if a pod can request to allow
// privilege escalation. If unspecified, defaults to true.
// +optional
optional bool allowPrivilegeEscalation = 16;
// is a white list of allowed host paths. Empty indicates that all host paths may be used.
// allowedHostPaths is a white list of allowed host paths. Empty indicates
// that all host paths may be used.
// +optional
repeated AllowedHostPath allowedHostPaths = 17;
// AllowedFlexVolumes is a whitelist of allowed Flexvolumes. Empty or nil indicates that all
// allowedFlexVolumes is a whitelist of allowed Flexvolumes. Empty or nil indicates that all
// Flexvolumes may be used. This parameter is effective only when the usage of the Flexvolumes
// is allowed in the "Volumes" field.
// is allowed in the "volumes" field.
// +optional
repeated AllowedFlexVolume allowedFlexVolumes = 18;
// allowedUnsafeSysctls is a list of explicitly allowed unsafe sysctls, defaults to none.
// Each entry is either a plain sysctl name or ends in "*" in which case it is considered
// as a prefix of allowed sysctls. Single * means all unsafe sysctls are allowed.
// Kubelet has to whitelist all allowed unsafe sysctls explicitly to avoid rejection.
//
// Examples:
// e.g. "foo/*" allows "foo/bar", "foo/baz", etc.
// e.g. "foo.*" allows "foo.bar", "foo.baz", etc.
// +optional
repeated string allowedUnsafeSysctls = 19;
// forbiddenSysctls is a list of explicitly forbidden sysctls, defaults to none.
// Each entry is either a plain sysctl name or ends in "*" in which case it is considered
// as a prefix of forbidden sysctls. Single * means all sysctls are forbidden.
//
// Examples:
// e.g. "foo/*" forbids "foo/bar", "foo/baz", etc.
// e.g. "foo.*" forbids "foo.bar", "foo.baz", etc.
// +optional
repeated string forbiddenSysctls = 20;
}
// DEPRECATED - This group version of ReplicaSet is deprecated by apps/v1beta2/ReplicaSet. See the release notes for
@ -1041,19 +1081,22 @@ message RollingUpdateDeployment {
optional k8s.io.apimachinery.pkg.util.intstr.IntOrString maxSurge = 2;
}
// Run A sUser Strategy Options defines the strategy type and any options used to create the strategy.
// RunAsUserStrategyOptions defines the strategy type and any options used to create the strategy.
// Deprecated: use RunAsUserStrategyOptions from policy API Group instead.
message RunAsUserStrategyOptions {
// Rule is the strategy that will dictate the allowable RunAsUser values that may be set.
// rule is the strategy that will dictate the allowable RunAsUser values that may be set.
optional string rule = 1;
// Ranges are the allowed ranges of uids that may be used.
// ranges are the allowed ranges of uids that may be used. If you would like to force a single uid
// then supply a single range with the same start and end. Required for MustRunAs.
// +optional
repeated IDRange ranges = 2;
}
// SELinux Strategy Options defines the strategy type and any options used to create the strategy.
// SELinuxStrategyOptions defines the strategy type and any options used to create the strategy.
// Deprecated: use SELinuxStrategyOptions from policy API Group instead.
message SELinuxStrategyOptions {
// type is the strategy that will dictate the allowable labels that may be set.
// rule is the strategy that will dictate the allowable labels that may be set.
optional string rule = 1;
// seLinuxOptions required to run as; required for MustRunAs
@ -1104,13 +1147,14 @@ message ScaleStatus {
}
// SupplementalGroupsStrategyOptions defines the strategy type and options used to create the strategy.
// Deprecated: use SupplementalGroupsStrategyOptions from policy API Group instead.
message SupplementalGroupsStrategyOptions {
// Rule is the strategy that will dictate what supplemental groups is used in the SecurityContext.
// rule is the strategy that will dictate what supplemental groups is used in the SecurityContext.
// +optional
optional string rule = 1;
// Ranges are the allowed ranges of supplemental groups. If you would like to force a single
// supplemental group then supply a single range with the same start and end.
// ranges are the allowed ranges of supplemental groups. If you would like to force a single
// supplemental group then supply a single range with the same start and end. Required for MustRunAs.
// +optional
repeated IDRange ranges = 2;
}

170
vendor/k8s.io/api/extensions/v1beta1/types.go generated vendored
View file

@ -862,8 +862,9 @@ type ReplicaSetCondition struct {
// +genclient:nonNamespaced
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// Pod Security Policy governs the ability to make requests that affect the Security Context
// PodSecurityPolicy governs the ability to make requests that affect the Security Context
// that will be applied to a pod and container.
// Deprecated: use PodSecurityPolicy from policy API Group instead.
type PodSecurityPolicy struct {
metav1.TypeMeta `json:",inline"`
// Standard object's metadata.
@ -876,28 +877,29 @@ type PodSecurityPolicy struct {
Spec PodSecurityPolicySpec `json:"spec,omitempty" protobuf:"bytes,2,opt,name=spec"`
}
// Pod Security Policy Spec defines the policy enforced.
// PodSecurityPolicySpec defines the policy enforced.
// Deprecated: use PodSecurityPolicySpec from policy API Group instead.
type PodSecurityPolicySpec struct {
// privileged determines if a pod can request to be run as privileged.
// +optional
Privileged bool `json:"privileged,omitempty" protobuf:"varint,1,opt,name=privileged"`
// DefaultAddCapabilities is the default set of capabilities that will be added to the container
// defaultAddCapabilities is the default set of capabilities that will be added to the container
// unless the pod spec specifically drops the capability. You may not list a capability in both
// DefaultAddCapabilities and RequiredDropCapabilities. Capabilities added here are implicitly
// allowed, and need not be included in the AllowedCapabilities list.
// defaultAddCapabilities and requiredDropCapabilities. Capabilities added here are implicitly
// allowed, and need not be included in the allowedCapabilities list.
// +optional
DefaultAddCapabilities []v1.Capability `json:"defaultAddCapabilities,omitempty" protobuf:"bytes,2,rep,name=defaultAddCapabilities,casttype=k8s.io/api/core/v1.Capability"`
// RequiredDropCapabilities are the capabilities that will be dropped from the container. These
// requiredDropCapabilities are the capabilities that will be dropped from the container. These
// are required to be dropped and cannot be added.
// +optional
RequiredDropCapabilities []v1.Capability `json:"requiredDropCapabilities,omitempty" protobuf:"bytes,3,rep,name=requiredDropCapabilities,casttype=k8s.io/api/core/v1.Capability"`
// AllowedCapabilities is a list of capabilities that can be requested to add to the container.
// allowedCapabilities is a list of capabilities that can be requested to add to the container.
// Capabilities in this field may be added at the pod author's discretion.
// You must not list a capability in both AllowedCapabilities and RequiredDropCapabilities.
// You must not list a capability in both allowedCapabilities and requiredDropCapabilities.
// +optional
AllowedCapabilities []v1.Capability `json:"allowedCapabilities,omitempty" protobuf:"bytes,4,rep,name=allowedCapabilities,casttype=k8s.io/api/core/v1.Capability"`
// volumes is a white list of allowed volume plugins. Empty indicates that all plugins
// may be used.
// volumes is a white list of allowed volume plugins. Empty indicates that
// no volumes may be used. To allow all volumes you may use '*'.
// +optional
Volumes []FSType `json:"volumes,omitempty" protobuf:"bytes,5,rep,name=volumes,casttype=FSType"`
// hostNetwork determines if the policy allows the use of HostNetwork in the pod spec.
@ -916,39 +918,60 @@ type PodSecurityPolicySpec struct {
SELinux SELinuxStrategyOptions `json:"seLinux" protobuf:"bytes,10,opt,name=seLinux"`
// runAsUser is the strategy that will dictate the allowable RunAsUser values that may be set.
RunAsUser RunAsUserStrategyOptions `json:"runAsUser" protobuf:"bytes,11,opt,name=runAsUser"`
// SupplementalGroups is the strategy that will dictate what supplemental groups are used by the SecurityContext.
// supplementalGroups is the strategy that will dictate what supplemental groups are used by the SecurityContext.
SupplementalGroups SupplementalGroupsStrategyOptions `json:"supplementalGroups" protobuf:"bytes,12,opt,name=supplementalGroups"`
// FSGroup is the strategy that will dictate what fs group is used by the SecurityContext.
// fsGroup is the strategy that will dictate what fs group is used by the SecurityContext.
FSGroup FSGroupStrategyOptions `json:"fsGroup" protobuf:"bytes,13,opt,name=fsGroup"`
// ReadOnlyRootFilesystem when set to true will force containers to run with a read only root file
// readOnlyRootFilesystem when set to true will force containers to run with a read only root file
// system. If the container specifically requests to run with a non-read only root file system
// the PSP should deny the pod.
// If set to false the container may run with a read only root file system if it wishes but it
// will not be forced to.
// +optional
ReadOnlyRootFilesystem bool `json:"readOnlyRootFilesystem,omitempty" protobuf:"varint,14,opt,name=readOnlyRootFilesystem"`
// DefaultAllowPrivilegeEscalation controls the default setting for whether a
// defaultAllowPrivilegeEscalation controls the default setting for whether a
// process can gain more privileges than its parent process.
// +optional
DefaultAllowPrivilegeEscalation *bool `json:"defaultAllowPrivilegeEscalation,omitempty" protobuf:"varint,15,opt,name=defaultAllowPrivilegeEscalation"`
// AllowPrivilegeEscalation determines if a pod can request to allow
// allowPrivilegeEscalation determines if a pod can request to allow
// privilege escalation. If unspecified, defaults to true.
// +optional
AllowPrivilegeEscalation *bool `json:"allowPrivilegeEscalation,omitempty" protobuf:"varint,16,opt,name=allowPrivilegeEscalation"`
// is a white list of allowed host paths. Empty indicates that all host paths may be used.
// allowedHostPaths is a white list of allowed host paths. Empty indicates
// that all host paths may be used.
// +optional
AllowedHostPaths []AllowedHostPath `json:"allowedHostPaths,omitempty" protobuf:"bytes,17,rep,name=allowedHostPaths"`
// AllowedFlexVolumes is a whitelist of allowed Flexvolumes. Empty or nil indicates that all
// allowedFlexVolumes is a whitelist of allowed Flexvolumes. Empty or nil indicates that all
// Flexvolumes may be used. This parameter is effective only when the usage of the Flexvolumes
// is allowed in the "Volumes" field.
// is allowed in the "volumes" field.
// +optional
AllowedFlexVolumes []AllowedFlexVolume `json:"allowedFlexVolumes,omitempty" protobuf:"bytes,18,rep,name=allowedFlexVolumes"`
// allowedUnsafeSysctls is a list of explicitly allowed unsafe sysctls, defaults to none.
// Each entry is either a plain sysctl name or ends in "*" in which case it is considered
// as a prefix of allowed sysctls. Single * means all unsafe sysctls are allowed.
// Kubelet has to whitelist all allowed unsafe sysctls explicitly to avoid rejection.
//
// Examples:
// e.g. "foo/*" allows "foo/bar", "foo/baz", etc.
// e.g. "foo.*" allows "foo.bar", "foo.baz", etc.
// +optional
AllowedUnsafeSysctls []string `json:"allowedUnsafeSysctls,omitempty" protobuf:"bytes,19,rep,name=allowedUnsafeSysctls"`
// forbiddenSysctls is a list of explicitly forbidden sysctls, defaults to none.
// Each entry is either a plain sysctl name or ends in "*" in which case it is considered
// as a prefix of forbidden sysctls. Single * means all sysctls are forbidden.
//
// Examples:
// e.g. "foo/*" forbids "foo/bar", "foo/baz", etc.
// e.g. "foo.*" forbids "foo.bar", "foo.baz", etc.
// +optional
ForbiddenSysctls []string `json:"forbiddenSysctls,omitempty" protobuf:"bytes,20,rep,name=forbiddenSysctls"`
}
// defines the host volume conditions that will be enabled by a policy
// AllowedHostPath defines the host volume conditions that will be enabled by a policy
// for pods to use. It requires the path prefix to be defined.
// Deprecated: use AllowedHostPath from policy API Group instead.
type AllowedHostPath struct {
// is the path prefix that the host volume must match.
// pathPrefix is the path prefix that the host volume must match.
// It does not support `*`.
// Trailing slashes are trimmed when validating the path prefix with a host path.
//
@ -956,9 +979,14 @@ type AllowedHostPath struct {
// `/foo` would allow `/foo`, `/foo/` and `/foo/bar`
// `/foo` would not allow `/food` or `/etc/foo`
PathPrefix string `json:"pathPrefix,omitempty" protobuf:"bytes,1,rep,name=pathPrefix"`
// when set to true, will allow host volumes matching the pathPrefix only if all volume mounts are readOnly.
// +optional
ReadOnly bool `json:"readOnly,omitempty" protobuf:"varint,2,opt,name=readOnly"`
}
// FS Type gives strong typing to different file systems that are used by volumes.
// FSType gives strong typing to different file systems that are used by volumes.
// Deprecated: use FSType from policy API Group instead.
type FSType string
var (
@ -987,13 +1015,15 @@ var (
)
// AllowedFlexVolume represents a single Flexvolume that is allowed to be used.
// Deprecated: use AllowedFlexVolume from policy API Group instead.
type AllowedFlexVolume struct {
// Driver is the name of the Flexvolume driver.
// driver is the name of the Flexvolume driver.
Driver string `json:"driver" protobuf:"bytes,1,opt,name=driver"`
}
// Host Port Range defines a range of host ports that will be enabled by a policy
// HostPortRange defines a range of host ports that will be enabled by a policy
// for pods to use. It requires both the start and end to be defined.
// Deprecated: use HostPortRange from policy API Group instead.
type HostPortRange struct {
// min is the start of the range, inclusive.
Min int32 `json:"min" protobuf:"varint,1,opt,name=min"`
@ -1001,9 +1031,10 @@ type HostPortRange struct {
Max int32 `json:"max" protobuf:"varint,2,opt,name=max"`
}
// SELinux Strategy Options defines the strategy type and any options used to create the strategy.
// SELinuxStrategyOptions defines the strategy type and any options used to create the strategy.
// Deprecated: use SELinuxStrategyOptions from policy API Group instead.
type SELinuxStrategyOptions struct {
// type is the strategy that will dictate the allowable labels that may be set.
// rule is the strategy that will dictate the allowable labels that may be set.
Rule SELinuxStrategy `json:"rule" protobuf:"bytes,1,opt,name=rule,casttype=SELinuxStrategy"`
// seLinuxOptions required to run as; required for MustRunAs
// More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
@ -1013,92 +1044,111 @@ type SELinuxStrategyOptions struct {
// SELinuxStrategy denotes strategy types for generating SELinux options for a
// Security Context.
// Deprecated: use SELinuxStrategy from policy API Group instead.
type SELinuxStrategy string
const (
// container must have SELinux labels of X applied.
// SELinuxStrategyMustRunAs means that container must have SELinux labels of X applied.
// Deprecated: use SELinuxStrategyMustRunAs from policy API Group instead.
SELinuxStrategyMustRunAs SELinuxStrategy = "MustRunAs"
// container may make requests for any SELinux context labels.
// SELinuxStrategyRunAsAny means that container may make requests for any SELinux context labels.
// Deprecated: use SELinuxStrategyRunAsAny from policy API Group instead.
SELinuxStrategyRunAsAny SELinuxStrategy = "RunAsAny"
)
// Run A sUser Strategy Options defines the strategy type and any options used to create the strategy.
// RunAsUserStrategyOptions defines the strategy type and any options used to create the strategy.
// Deprecated: use RunAsUserStrategyOptions from policy API Group instead.
type RunAsUserStrategyOptions struct {
// Rule is the strategy that will dictate the allowable RunAsUser values that may be set.
// rule is the strategy that will dictate the allowable RunAsUser values that may be set.
Rule RunAsUserStrategy `json:"rule" protobuf:"bytes,1,opt,name=rule,casttype=RunAsUserStrategy"`
// Ranges are the allowed ranges of uids that may be used.
// ranges are the allowed ranges of uids that may be used. If you would like to force a single uid
// then supply a single range with the same start and end. Required for MustRunAs.
// +optional
Ranges []IDRange `json:"ranges,omitempty" protobuf:"bytes,2,rep,name=ranges"`
}
// ID Range provides a min/max of an allowed range of IDs.
// IDRange provides a min/max of an allowed range of IDs.
// Deprecated: use IDRange from policy API Group instead.
type IDRange struct {
// Min is the start of the range, inclusive.
// min is the start of the range, inclusive.
Min int64 `json:"min" protobuf:"varint,1,opt,name=min"`
// Max is the end of the range, inclusive.
// max is the end of the range, inclusive.
Max int64 `json:"max" protobuf:"varint,2,opt,name=max"`
}
// RunAsUserStrategy denotes strategy types for generating RunAsUser values for a
// Security Context.
// Deprecated: use RunAsUserStrategy from policy API Group instead.
type RunAsUserStrategy string
const (
// container must run as a particular uid.
// RunAsUserStrategyMustRunAs means that container must run as a particular uid.
// Deprecated: use RunAsUserStrategyMustRunAs from policy API Group instead.
RunAsUserStrategyMustRunAs RunAsUserStrategy = "MustRunAs"
// container must run as a non-root uid
// RunAsUserStrategyMustRunAsNonRoot means that container must run as a non-root uid.
// Deprecated: use RunAsUserStrategyMustRunAsNonRoot from policy API Group instead.
RunAsUserStrategyMustRunAsNonRoot RunAsUserStrategy = "MustRunAsNonRoot"
// container may make requests for any uid.
// RunAsUserStrategyRunAsAny means that container may make requests for any uid.
// Deprecated: use RunAsUserStrategyRunAsAny from policy API Group instead.
RunAsUserStrategyRunAsAny RunAsUserStrategy = "RunAsAny"
)
// FSGroupStrategyOptions defines the strategy type and options used to create the strategy.
// Deprecated: use FSGroupStrategyOptions from policy API Group instead.
type FSGroupStrategyOptions struct {
// Rule is the strategy that will dictate what FSGroup is used in the SecurityContext.
// rule is the strategy that will dictate what FSGroup is used in the SecurityContext.
// +optional
Rule FSGroupStrategyType `json:"rule,omitempty" protobuf:"bytes,1,opt,name=rule,casttype=FSGroupStrategyType"`
// Ranges are the allowed ranges of fs groups. If you would like to force a single
// fs group then supply a single range with the same start and end.
// ranges are the allowed ranges of fs groups. If you would like to force a single
// fs group then supply a single range with the same start and end. Required for MustRunAs.
// +optional
Ranges []IDRange `json:"ranges,omitempty" protobuf:"bytes,2,rep,name=ranges"`
}
// FSGroupStrategyType denotes strategy types for generating FSGroup values for a
// SecurityContext
// Deprecated: use FSGroupStrategyType from policy API Group instead.
type FSGroupStrategyType string
const (
// container must have FSGroup of X applied.
// FSGroupStrategyMustRunAs meant that container must have FSGroup of X applied.
// Deprecated: use FSGroupStrategyMustRunAs from policy API Group instead.
FSGroupStrategyMustRunAs FSGroupStrategyType = "MustRunAs"
// container may make requests for any FSGroup labels.
// FSGroupStrategyRunAsAny means that container may make requests for any FSGroup labels.
// Deprecated: use FSGroupStrategyRunAsAny from policy API Group instead.
FSGroupStrategyRunAsAny FSGroupStrategyType = "RunAsAny"
)
// SupplementalGroupsStrategyOptions defines the strategy type and options used to create the strategy.
// Deprecated: use SupplementalGroupsStrategyOptions from policy API Group instead.
type SupplementalGroupsStrategyOptions struct {
// Rule is the strategy that will dictate what supplemental groups is used in the SecurityContext.
// rule is the strategy that will dictate what supplemental groups is used in the SecurityContext.
// +optional
Rule SupplementalGroupsStrategyType `json:"rule,omitempty" protobuf:"bytes,1,opt,name=rule,casttype=SupplementalGroupsStrategyType"`
// Ranges are the allowed ranges of supplemental groups. If you would like to force a single
// supplemental group then supply a single range with the same start and end.
// ranges are the allowed ranges of supplemental groups. If you would like to force a single
// supplemental group then supply a single range with the same start and end. Required for MustRunAs.
// +optional
Ranges []IDRange `json:"ranges,omitempty" protobuf:"bytes,2,rep,name=ranges"`
}
// SupplementalGroupsStrategyType denotes strategy types for determining valid supplemental
// groups for a SecurityContext.
// Deprecated: use SupplementalGroupsStrategyType from policy API Group instead.
type SupplementalGroupsStrategyType string
const (
// container must run as a particular gid.
// SupplementalGroupsStrategyMustRunAs means that container must run as a particular gid.
// Deprecated: use SupplementalGroupsStrategyMustRunAs from policy API Group instead.
SupplementalGroupsStrategyMustRunAs SupplementalGroupsStrategyType = "MustRunAs"
// container may make requests for any gid.
// SupplementalGroupsStrategyRunAsAny means that container may make requests for any gid.
// Deprecated: use SupplementalGroupsStrategyRunAsAny from policy API Group instead.
SupplementalGroupsStrategyRunAsAny SupplementalGroupsStrategyType = "RunAsAny"
)
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// Pod Security Policy List is a list of PodSecurityPolicy objects.
// PodSecurityPolicyList is a list of PodSecurityPolicy objects.
// Deprecated: use PodSecurityPolicyList from policy API Group instead.
type PodSecurityPolicyList struct {
metav1.TypeMeta `json:",inline"`
// Standard list metadata.
@ -1106,7 +1156,7 @@ type PodSecurityPolicyList struct {
// +optional
metav1.ListMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"`
// Items is a list of schema objects.
// items is a list of schema objects.
Items []PodSecurityPolicy `json:"items" protobuf:"bytes,2,rep,name=items"`
}
@ -1256,22 +1306,26 @@ type IPBlock struct {
// DEPRECATED 1.9 - This group version of NetworkPolicyPeer is deprecated by networking/v1/NetworkPolicyPeer.
type NetworkPolicyPeer struct {
// Exactly one of the following must be specified.
// This is a label selector which selects Pods in this namespace.
// This field follows standard label selector semantics.
// If present but empty, this selector selects all pods in this namespace.
// This is a label selector which selects Pods. This field follows standard label
// selector semantics; if present but empty, it selects all pods.
//
// If NamespaceSelector is also set, then the NetworkPolicyPeer as a whole selects
// the Pods matching PodSelector in the Namespaces selected by NamespaceSelector.
// Otherwise it selects the Pods matching PodSelector in the policy's own Namespace.
// +optional
PodSelector *metav1.LabelSelector `json:"podSelector,omitempty" protobuf:"bytes,1,opt,name=podSelector"`
// Selects Namespaces using cluster scoped-labels. This
// matches all pods in all namespaces selected by this label selector.
// This field follows standard label selector semantics.
// If present but empty, this selector selects all namespaces.
// Selects Namespaces using cluster-scoped labels. This field follows standard label
// selector semantics; if present but empty, it selects all namespaces.
//
// If PodSelector is also set, then the NetworkPolicyPeer as a whole selects
// the Pods matching PodSelector in the Namespaces selected by NamespaceSelector.
// Otherwise it selects all Pods in the Namespaces selected by NamespaceSelector.
// +optional
NamespaceSelector *metav1.LabelSelector `json:"namespaceSelector,omitempty" protobuf:"bytes,2,opt,name=namespaceSelector"`
// IPBlock defines policy on a particular IPBlock
// IPBlock defines policy on a particular IPBlock. If this field is set then
// neither of the other fields can be.
// +optional
IPBlock *IPBlock `json:"ipBlock,omitempty" protobuf:"bytes,3,rep,name=ipBlock"`
}

81
vendor/k8s.io/api/extensions/v1beta1/types_swagger_doc_generated.go generated vendored
View file

@ -1,5 +1,5 @@
/*
Copyright 2016 The Kubernetes Authors.
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
@ -26,10 +26,10 @@ package v1beta1
//
// Those methods can be generated by using hack/update-generated-swagger-docs.sh
// AUTO-GENERATED FUNCTIONS START HERE
// AUTO-GENERATED FUNCTIONS START HERE. DO NOT EDIT.
var map_AllowedFlexVolume = map[string]string{
"": "AllowedFlexVolume represents a single Flexvolume that is allowed to be used.",
"driver": "Driver is the name of the Flexvolume driver.",
"": "AllowedFlexVolume represents a single Flexvolume that is allowed to be used. Deprecated: use AllowedFlexVolume from policy API Group instead.",
"driver": "driver is the name of the Flexvolume driver.",
}
func (AllowedFlexVolume) SwaggerDoc() map[string]string {
@ -37,8 +37,9 @@ func (AllowedFlexVolume) SwaggerDoc() map[string]string {
}
var map_AllowedHostPath = map[string]string{
"": "defines the host volume conditions that will be enabled by a policy for pods to use. It requires the path prefix to be defined.",
"pathPrefix": "is the path prefix that the host volume must match. It does not support `*`. Trailing slashes are trimmed when validating the path prefix with a host path.\n\nExamples: `/foo` would allow `/foo`, `/foo/` and `/foo/bar` `/foo` would not allow `/food` or `/etc/foo`",
"": "AllowedHostPath defines the host volume conditions that will be enabled by a policy for pods to use. It requires the path prefix to be defined. Deprecated: use AllowedHostPath from policy API Group instead.",
"pathPrefix": "pathPrefix is the path prefix that the host volume must match. It does not support `*`. Trailing slashes are trimmed when validating the path prefix with a host path.\n\nExamples: `/foo` would allow `/foo`, `/foo/` and `/foo/bar` `/foo` would not allow `/food` or `/etc/foo`",
"readOnly": "when set to true, will allow host volumes matching the pathPrefix only if all volume mounts are readOnly.",
}
func (AllowedHostPath) SwaggerDoc() map[string]string {
@ -229,9 +230,9 @@ func (DeploymentStrategy) SwaggerDoc() map[string]string {
}
var map_FSGroupStrategyOptions = map[string]string{
"": "FSGroupStrategyOptions defines the strategy type and options used to create the strategy.",
"rule": "Rule is the strategy that will dictate what FSGroup is used in the SecurityContext.",
"ranges": "Ranges are the allowed ranges of fs groups. If you would like to force a single fs group then supply a single range with the same start and end.",
"": "FSGroupStrategyOptions defines the strategy type and options used to create the strategy. Deprecated: use FSGroupStrategyOptions from policy API Group instead.",
"rule": "rule is the strategy that will dictate what FSGroup is used in the SecurityContext.",
"ranges": "ranges are the allowed ranges of fs groups. If you would like to force a single fs group then supply a single range with the same start and end. Required for MustRunAs.",
}
func (FSGroupStrategyOptions) SwaggerDoc() map[string]string {
@ -258,7 +259,7 @@ func (HTTPIngressRuleValue) SwaggerDoc() map[string]string {
}
var map_HostPortRange = map[string]string{
"": "Host Port Range defines a range of host ports that will be enabled by a policy for pods to use. It requires both the start and end to be defined.",
"": "HostPortRange defines a range of host ports that will be enabled by a policy for pods to use. It requires both the start and end to be defined. Deprecated: use HostPortRange from policy API Group instead.",
"min": "min is the start of the range, inclusive.",
"max": "max is the end of the range, inclusive.",
}
@ -268,9 +269,9 @@ func (HostPortRange) SwaggerDoc() map[string]string {
}
var map_IDRange = map[string]string{
"": "ID Range provides a min/max of an allowed range of IDs.",
"min": "Min is the start of the range, inclusive.",
"max": "Max is the end of the range, inclusive.",
"": "IDRange provides a min/max of an allowed range of IDs. Deprecated: use IDRange from policy API Group instead.",
"min": "min is the start of the range, inclusive.",
"max": "max is the end of the range, inclusive.",
}
func (IDRange) SwaggerDoc() map[string]string {
@ -407,9 +408,9 @@ func (NetworkPolicyList) SwaggerDoc() map[string]string {
var map_NetworkPolicyPeer = map[string]string{
"": "DEPRECATED 1.9 - This group version of NetworkPolicyPeer is deprecated by networking/v1/NetworkPolicyPeer.",
"podSelector": "This is a label selector which selects Pods in this namespace. This field follows standard label selector semantics. If present but empty, this selector selects all pods in this namespace.",
"namespaceSelector": "Selects Namespaces using cluster scoped-labels. This matches all pods in all namespaces selected by this label selector. This field follows standard label selector semantics. If present but empty, this selector selects all namespaces.",
"ipBlock": "IPBlock defines policy on a particular IPBlock",
"podSelector": "This is a label selector which selects Pods. This field follows standard label selector semantics; if present but empty, it selects all pods.\n\nIf NamespaceSelector is also set, then the NetworkPolicyPeer as a whole selects the Pods matching PodSelector in the Namespaces selected by NamespaceSelector. Otherwise it selects the Pods matching PodSelector in the policy's own Namespace.",
"namespaceSelector": "Selects Namespaces using cluster-scoped labels. This field follows standard label selector semantics; if present but empty, it selects all namespaces.\n\nIf PodSelector is also set, then the NetworkPolicyPeer as a whole selects the Pods matching PodSelector in the Namespaces selected by NamespaceSelector. Otherwise it selects all Pods in the Namespaces selected by NamespaceSelector.",
"ipBlock": "IPBlock defines policy on a particular IPBlock. If this field is set then neither of the other fields can be.",
}
func (NetworkPolicyPeer) SwaggerDoc() map[string]string {
@ -439,7 +440,7 @@ func (NetworkPolicySpec) SwaggerDoc() map[string]string {
}
var map_PodSecurityPolicy = map[string]string{
"": "Pod Security Policy governs the ability to make requests that affect the Security Context that will be applied to a pod and container.",
"": "PodSecurityPolicy governs the ability to make requests that affect the Security Context that will be applied to a pod and container. Deprecated: use PodSecurityPolicy from policy API Group instead.",
"metadata": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata",
"spec": "spec defines the policy enforced.",
}
@ -449,9 +450,9 @@ func (PodSecurityPolicy) SwaggerDoc() map[string]string {
}
var map_PodSecurityPolicyList = map[string]string{
"": "Pod Security Policy List is a list of PodSecurityPolicy objects.",
"": "PodSecurityPolicyList is a list of PodSecurityPolicy objects. Deprecated: use PodSecurityPolicyList from policy API Group instead.",
"metadata": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata",
"items": "Items is a list of schema objects.",
"items": "items is a list of schema objects.",
}
func (PodSecurityPolicyList) SwaggerDoc() map[string]string {
@ -459,25 +460,27 @@ func (PodSecurityPolicyList) SwaggerDoc() map[string]string {
}
var map_PodSecurityPolicySpec = map[string]string{
"": "Pod Security Policy Spec defines the policy enforced.",
"": "PodSecurityPolicySpec defines the policy enforced. Deprecated: use PodSecurityPolicySpec from policy API Group instead.",
"privileged": "privileged determines if a pod can request to be run as privileged.",
"defaultAddCapabilities": "DefaultAddCapabilities is the default set of capabilities that will be added to the container unless the pod spec specifically drops the capability. You may not list a capability in both DefaultAddCapabilities and RequiredDropCapabilities. Capabilities added here are implicitly allowed, and need not be included in the AllowedCapabilities list.",
"requiredDropCapabilities": "RequiredDropCapabilities are the capabilities that will be dropped from the container. These are required to be dropped and cannot be added.",
"allowedCapabilities": "AllowedCapabilities is a list of capabilities that can be requested to add to the container. Capabilities in this field may be added at the pod author's discretion. You must not list a capability in both AllowedCapabilities and RequiredDropCapabilities.",
"volumes": "volumes is a white list of allowed volume plugins. Empty indicates that all plugins may be used.",
"defaultAddCapabilities": "defaultAddCapabilities is the default set of capabilities that will be added to the container unless the pod spec specifically drops the capability. You may not list a capability in both defaultAddCapabilities and requiredDropCapabilities. Capabilities added here are implicitly allowed, and need not be included in the allowedCapabilities list.",
"requiredDropCapabilities": "requiredDropCapabilities are the capabilities that will be dropped from the container. These are required to be dropped and cannot be added.",
"allowedCapabilities": "allowedCapabilities is a list of capabilities that can be requested to add to the container. Capabilities in this field may be added at the pod author's discretion. You must not list a capability in both allowedCapabilities and requiredDropCapabilities.",
"volumes": "volumes is a white list of allowed volume plugins. Empty indicates that no volumes may be used. To allow all volumes you may use '*'.",
"hostNetwork": "hostNetwork determines if the policy allows the use of HostNetwork in the pod spec.",
"hostPorts": "hostPorts determines which host port ranges are allowed to be exposed.",
"hostPID": "hostPID determines if the policy allows the use of HostPID in the pod spec.",
"hostIPC": "hostIPC determines if the policy allows the use of HostIPC in the pod spec.",
"seLinux": "seLinux is the strategy that will dictate the allowable labels that may be set.",
"runAsUser": "runAsUser is the strategy that will dictate the allowable RunAsUser values that may be set.",
"supplementalGroups": "SupplementalGroups is the strategy that will dictate what supplemental groups are used by the SecurityContext.",
"fsGroup": "FSGroup is the strategy that will dictate what fs group is used by the SecurityContext.",
"readOnlyRootFilesystem": "ReadOnlyRootFilesystem when set to true will force containers to run with a read only root file system. If the container specifically requests to run with a non-read only root file system the PSP should deny the pod. If set to false the container may run with a read only root file system if it wishes but it will not be forced to.",
"defaultAllowPrivilegeEscalation": "DefaultAllowPrivilegeEscalation controls the default setting for whether a process can gain more privileges than its parent process.",
"allowPrivilegeEscalation": "AllowPrivilegeEscalation determines if a pod can request to allow privilege escalation. If unspecified, defaults to true.",
"allowedHostPaths": "is a white list of allowed host paths. Empty indicates that all host paths may be used.",
"allowedFlexVolumes": "AllowedFlexVolumes is a whitelist of allowed Flexvolumes. Empty or nil indicates that all Flexvolumes may be used. This parameter is effective only when the usage of the Flexvolumes is allowed in the \"Volumes\" field.",
"supplementalGroups": "supplementalGroups is the strategy that will dictate what supplemental groups are used by the SecurityContext.",
"fsGroup": "fsGroup is the strategy that will dictate what fs group is used by the SecurityContext.",
"readOnlyRootFilesystem": "readOnlyRootFilesystem when set to true will force containers to run with a read only root file system. If the container specifically requests to run with a non-read only root file system the PSP should deny the pod. If set to false the container may run with a read only root file system if it wishes but it will not be forced to.",
"defaultAllowPrivilegeEscalation": "defaultAllowPrivilegeEscalation controls the default setting for whether a process can gain more privileges than its parent process.",
"allowPrivilegeEscalation": "allowPrivilegeEscalation determines if a pod can request to allow privilege escalation. If unspecified, defaults to true.",
"allowedHostPaths": "allowedHostPaths is a white list of allowed host paths. Empty indicates that all host paths may be used.",
"allowedFlexVolumes": "allowedFlexVolumes is a whitelist of allowed Flexvolumes. Empty or nil indicates that all Flexvolumes may be used. This parameter is effective only when the usage of the Flexvolumes is allowed in the \"volumes\" field.",
"allowedUnsafeSysctls": "allowedUnsafeSysctls is a list of explicitly allowed unsafe sysctls, defaults to none. Each entry is either a plain sysctl name or ends in \"*\" in which case it is considered as a prefix of allowed sysctls. Single * means all unsafe sysctls are allowed. Kubelet has to whitelist all allowed unsafe sysctls explicitly to avoid rejection.\n\nExamples: e.g. \"foo/*\" allows \"foo/bar\", \"foo/baz\", etc. e.g. \"foo.*\" allows \"foo.bar\", \"foo.baz\", etc.",
"forbiddenSysctls": "forbiddenSysctls is a list of explicitly forbidden sysctls, defaults to none. Each entry is either a plain sysctl name or ends in \"*\" in which case it is considered as a prefix of forbidden sysctls. Single * means all sysctls are forbidden.\n\nExamples: e.g. \"foo/*\" forbids \"foo/bar\", \"foo/baz\", etc. e.g. \"foo.*\" forbids \"foo.bar\", \"foo.baz\", etc.",
}
func (PodSecurityPolicySpec) SwaggerDoc() map[string]string {
@ -581,9 +584,9 @@ func (RollingUpdateDeployment) SwaggerDoc() map[string]string {
}
var map_RunAsUserStrategyOptions = map[string]string{
"": "Run A sUser Strategy Options defines the strategy type and any options used to create the strategy.",
"rule": "Rule is the strategy that will dictate the allowable RunAsUser values that may be set.",
"ranges": "Ranges are the allowed ranges of uids that may be used.",
"": "RunAsUserStrategyOptions defines the strategy type and any options used to create the strategy. Deprecated: use RunAsUserStrategyOptions from policy API Group instead.",
"rule": "rule is the strategy that will dictate the allowable RunAsUser values that may be set.",
"ranges": "ranges are the allowed ranges of uids that may be used. If you would like to force a single uid then supply a single range with the same start and end. Required for MustRunAs.",
}
func (RunAsUserStrategyOptions) SwaggerDoc() map[string]string {
@ -591,8 +594,8 @@ func (RunAsUserStrategyOptions) SwaggerDoc() map[string]string {
}
var map_SELinuxStrategyOptions = map[string]string{
"": "SELinux Strategy Options defines the strategy type and any options used to create the strategy.",
"rule": "type is the strategy that will dictate the allowable labels that may be set.",
"": "SELinuxStrategyOptions defines the strategy type and any options used to create the strategy. Deprecated: use SELinuxStrategyOptions from policy API Group instead.",
"rule": "rule is the strategy that will dictate the allowable labels that may be set.",
"seLinuxOptions": "seLinuxOptions required to run as; required for MustRunAs More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/",
}
@ -632,9 +635,9 @@ func (ScaleStatus) SwaggerDoc() map[string]string {
}
var map_SupplementalGroupsStrategyOptions = map[string]string{
"": "SupplementalGroupsStrategyOptions defines the strategy type and options used to create the strategy.",
"rule": "Rule is the strategy that will dictate what supplemental groups is used in the SecurityContext.",
"ranges": "Ranges are the allowed ranges of supplemental groups. If you would like to force a single supplemental group then supply a single range with the same start and end.",
"": "SupplementalGroupsStrategyOptions defines the strategy type and options used to create the strategy. Deprecated: use SupplementalGroupsStrategyOptions from policy API Group instead.",
"rule": "rule is the strategy that will dictate what supplemental groups is used in the SecurityContext.",
"ranges": "ranges are the allowed ranges of supplemental groups. If you would like to force a single supplemental group then supply a single range with the same start and end. Required for MustRunAs.",
}
func (SupplementalGroupsStrategyOptions) SwaggerDoc() map[string]string {

12
vendor/k8s.io/api/extensions/v1beta1/zz_generated.deepcopy.go generated vendored
View file

@ -1,7 +1,7 @@
// +build !ignore_autogenerated
/*
Copyright 2018 The Kubernetes Authors.
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
@ -1204,6 +1204,16 @@ func (in *PodSecurityPolicySpec) DeepCopyInto(out *PodSecurityPolicySpec) {
*out = make([]AllowedFlexVolume, len(*in))
copy(*out, *in)
}
if in.AllowedUnsafeSysctls != nil {
in, out := &in.AllowedUnsafeSysctls, &out.AllowedUnsafeSysctls
*out = make([]string, len(*in))
copy(*out, *in)
}
if in.ForbiddenSysctls != nil {
in, out := &in.ForbiddenSysctls, &out.ForbiddenSysctls
*out = make([]string, len(*in))
copy(*out, *in)
}
return
}

2
vendor/k8s.io/api/networking/v1/generated.pb.go generated vendored
View file

@ -1,5 +1,5 @@
/*
Copyright 2018 The Kubernetes Authors.
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.

27
vendor/k8s.io/api/networking/v1/generated.proto generated vendored
View file

@ -1,5 +1,5 @@
/*
Copyright 2018 The Kubernetes Authors.
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
@ -111,22 +111,29 @@ message NetworkPolicyList {
repeated NetworkPolicy items = 2;
}
// NetworkPolicyPeer describes a peer to allow traffic from. Exactly one of its fields
// must be specified.
// NetworkPolicyPeer describes a peer to allow traffic from. Only certain combinations of
// fields are allowed
message NetworkPolicyPeer {
// This is a label selector which selects Pods in this namespace. This field
// follows standard label selector semantics. If present but empty, this selector
// selects all pods in this namespace.
// This is a label selector which selects Pods. This field follows standard label
// selector semantics; if present but empty, it selects all pods.
//
// If NamespaceSelector is also set, then the NetworkPolicyPeer as a whole selects
// the Pods matching PodSelector in the Namespaces selected by NamespaceSelector.
// Otherwise it selects the Pods matching PodSelector in the policy's own Namespace.
// +optional
optional k8s.io.apimachinery.pkg.apis.meta.v1.LabelSelector podSelector = 1;
// Selects Namespaces using cluster scoped-labels. This matches all pods in all
// namespaces selected by this label selector. This field follows standard label
// selector semantics. If present but empty, this selector selects all namespaces.
// Selects Namespaces using cluster-scoped labels. This field follows standard label
// selector semantics; if present but empty, it selects all namespaces.
//
// If PodSelector is also set, then the NetworkPolicyPeer as a whole selects
// the Pods matching PodSelector in the Namespaces selected by NamespaceSelector.
// Otherwise it selects all Pods in the Namespaces selected by NamespaceSelector.
// +optional
optional k8s.io.apimachinery.pkg.apis.meta.v1.LabelSelector namespaceSelector = 2;
// IPBlock defines policy on a particular IPBlock
// IPBlock defines policy on a particular IPBlock. If this field is set then
// neither of the other fields can be.
// +optional
optional IPBlock ipBlock = 3;
}

25
vendor/k8s.io/api/networking/v1/types.go generated vendored
View file

@ -161,22 +161,29 @@ type IPBlock struct {
Except []string `json:"except,omitempty" protobuf:"bytes,2,rep,name=except"`
}
// NetworkPolicyPeer describes a peer to allow traffic from. Exactly one of its fields
// must be specified.
// NetworkPolicyPeer describes a peer to allow traffic from. Only certain combinations of
// fields are allowed
type NetworkPolicyPeer struct {
// This is a label selector which selects Pods in this namespace. This field
// follows standard label selector semantics. If present but empty, this selector
// selects all pods in this namespace.
// This is a label selector which selects Pods. This field follows standard label
// selector semantics; if present but empty, it selects all pods.
//
// If NamespaceSelector is also set, then the NetworkPolicyPeer as a whole selects
// the Pods matching PodSelector in the Namespaces selected by NamespaceSelector.
// Otherwise it selects the Pods matching PodSelector in the policy's own Namespace.
// +optional
PodSelector *metav1.LabelSelector `json:"podSelector,omitempty" protobuf:"bytes,1,opt,name=podSelector"`
// Selects Namespaces using cluster scoped-labels. This matches all pods in all
// namespaces selected by this label selector. This field follows standard label
// selector semantics. If present but empty, this selector selects all namespaces.
// Selects Namespaces using cluster-scoped labels. This field follows standard label
// selector semantics; if present but empty, it selects all namespaces.
//
// If PodSelector is also set, then the NetworkPolicyPeer as a whole selects
// the Pods matching PodSelector in the Namespaces selected by NamespaceSelector.
// Otherwise it selects all Pods in the Namespaces selected by NamespaceSelector.
// +optional
NamespaceSelector *metav1.LabelSelector `json:"namespaceSelector,omitempty" protobuf:"bytes,2,opt,name=namespaceSelector"`
// IPBlock defines policy on a particular IPBlock
// IPBlock defines policy on a particular IPBlock. If this field is set then
// neither of the other fields can be.
// +optional
IPBlock *IPBlock `json:"ipBlock,omitempty" protobuf:"bytes,3,rep,name=ipBlock"`
}

12
vendor/k8s.io/api/networking/v1/types_swagger_doc_generated.go generated vendored
View file

@ -1,5 +1,5 @@
/*
Copyright 2016 The Kubernetes Authors.
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
@ -26,7 +26,7 @@ package v1
//
// Those methods can be generated by using hack/update-generated-swagger-docs.sh
// AUTO-GENERATED FUNCTIONS START HERE
// AUTO-GENERATED FUNCTIONS START HERE. DO NOT EDIT.
var map_IPBlock = map[string]string{
"": "IPBlock describes a particular CIDR (Ex. \"192.168.1.1/24\") that is allowed to the pods matched by a NetworkPolicySpec's podSelector. The except entry describes CIDRs that should not be included within this rule.",
"cidr": "CIDR is a string representing the IP Block Valid examples are \"192.168.1.1/24\"",
@ -78,10 +78,10 @@ func (NetworkPolicyList) SwaggerDoc() map[string]string {
}
var map_NetworkPolicyPeer = map[string]string{
"": "NetworkPolicyPeer describes a peer to allow traffic from. Exactly one of its fields must be specified.",
"podSelector": "This is a label selector which selects Pods in this namespace. This field follows standard label selector semantics. If present but empty, this selector selects all pods in this namespace.",
"namespaceSelector": "Selects Namespaces using cluster scoped-labels. This matches all pods in all namespaces selected by this label selector. This field follows standard label selector semantics. If present but empty, this selector selects all namespaces.",
"ipBlock": "IPBlock defines policy on a particular IPBlock",
"": "NetworkPolicyPeer describes a peer to allow traffic from. Only certain combinations of fields are allowed",
"podSelector": "This is a label selector which selects Pods. This field follows standard label selector semantics; if present but empty, it selects all pods.\n\nIf NamespaceSelector is also set, then the NetworkPolicyPeer as a whole selects the Pods matching PodSelector in the Namespaces selected by NamespaceSelector. Otherwise it selects the Pods matching PodSelector in the policy's own Namespace.",
"namespaceSelector": "Selects Namespaces using cluster-scoped labels. This field follows standard label selector semantics; if present but empty, it selects all namespaces.\n\nIf PodSelector is also set, then the NetworkPolicyPeer as a whole selects the Pods matching PodSelector in the Namespaces selected by NamespaceSelector. Otherwise it selects all Pods in the Namespaces selected by NamespaceSelector.",
"ipBlock": "IPBlock defines policy on a particular IPBlock. If this field is set then neither of the other fields can be.",
}
func (NetworkPolicyPeer) SwaggerDoc() map[string]string {

2
vendor/k8s.io/api/networking/v1/zz_generated.deepcopy.go generated vendored
View file

@ -1,7 +1,7 @@
// +build !ignore_autogenerated
/*
Copyright 2018 The Kubernetes Authors.
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.

346
vendor/k8s.io/api/policy/v1beta1/generated.pb.go generated vendored
View file

@ -1,5 +1,5 @@
/*
Copyright 2018 The Kubernetes Authors.
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
@ -200,6 +200,14 @@ func (m *AllowedHostPath) MarshalTo(dAtA []byte) (int, error) {
i++
i = encodeVarintGenerated(dAtA, i, uint64(len(m.PathPrefix)))
i += copy(dAtA[i:], m.PathPrefix)
dAtA[i] = 0x10
i++
if m.ReadOnly {
dAtA[i] = 1
} else {
dAtA[i] = 0
}
i++
return i, nil
}
@ -794,6 +802,40 @@ func (m *PodSecurityPolicySpec) MarshalTo(dAtA []byte) (int, error) {
i += n
}
}
if len(m.AllowedUnsafeSysctls) > 0 {
for _, s := range m.AllowedUnsafeSysctls {
dAtA[i] = 0x9a
i++
dAtA[i] = 0x1
i++
l = len(s)
for l >= 1<<7 {
dAtA[i] = uint8(uint64(l)&0x7f | 0x80)
l >>= 7
i++
}
dAtA[i] = uint8(l)
i++
i += copy(dAtA[i:], s)
}
}
if len(m.ForbiddenSysctls) > 0 {
for _, s := range m.ForbiddenSysctls {
dAtA[i] = 0xa2
i++
dAtA[i] = 0x1
i++
l = len(s)
for l >= 1<<7 {
dAtA[i] = uint8(uint64(l)&0x7f | 0x80)
l >>= 7
i++
}
dAtA[i] = uint8(l)
i++
i += copy(dAtA[i:], s)
}
}
return i, nil
}
@ -937,6 +979,7 @@ func (m *AllowedHostPath) Size() (n int) {
_ = l
l = len(m.PathPrefix)
n += 1 + l + sovGenerated(uint64(l))
n += 2
return n
}
@ -1134,6 +1177,18 @@ func (m *PodSecurityPolicySpec) Size() (n int) {
n += 2 + l + sovGenerated(uint64(l))
}
}
if len(m.AllowedUnsafeSysctls) > 0 {
for _, s := range m.AllowedUnsafeSysctls {
l = len(s)
n += 2 + l + sovGenerated(uint64(l))
}
}
if len(m.ForbiddenSysctls) > 0 {
for _, s := range m.ForbiddenSysctls {
l = len(s)
n += 2 + l + sovGenerated(uint64(l))
}
}
return n
}
@ -1206,6 +1261,7 @@ func (this *AllowedHostPath) String() string {
}
s := strings.Join([]string{`&AllowedHostPath{`,
`PathPrefix:` + fmt.Sprintf("%v", this.PathPrefix) + `,`,
`ReadOnly:` + fmt.Sprintf("%v", this.ReadOnly) + `,`,
`}`,
}, "")
return s
@ -1359,6 +1415,8 @@ func (this *PodSecurityPolicySpec) String() string {
`AllowPrivilegeEscalation:` + valueToStringGenerated(this.AllowPrivilegeEscalation) + `,`,
`AllowedHostPaths:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.AllowedHostPaths), "AllowedHostPath", "AllowedHostPath", 1), `&`, ``, 1) + `,`,
`AllowedFlexVolumes:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.AllowedFlexVolumes), "AllowedFlexVolume", "AllowedFlexVolume", 1), `&`, ``, 1) + `,`,
`AllowedUnsafeSysctls:` + fmt.Sprintf("%v", this.AllowedUnsafeSysctls) + `,`,
`ForbiddenSysctls:` + fmt.Sprintf("%v", this.ForbiddenSysctls) + `,`,
`}`,
}, "")
return s
@ -1541,6 +1599,26 @@ func (m *AllowedHostPath) Unmarshal(dAtA []byte) error {
}
m.PathPrefix = string(dAtA[iNdEx:postIndex])
iNdEx = postIndex
case 2:
if wireType != 0 {
return fmt.Errorf("proto: wrong wireType = %d for field ReadOnly", wireType)
}
var v int
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowGenerated
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
v |= (int(b) & 0x7F) << shift
if b < 0x80 {
break
}
}
m.ReadOnly = bool(v != 0)
default:
iNdEx = preIndex
skippy, err := skipGenerated(dAtA[iNdEx:])
@ -3348,6 +3426,64 @@ func (m *PodSecurityPolicySpec) Unmarshal(dAtA []byte) error {
return err
}
iNdEx = postIndex
case 19:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field AllowedUnsafeSysctls", wireType)
}
var stringLen uint64
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowGenerated
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
stringLen |= (uint64(b) & 0x7F) << shift
if b < 0x80 {
break
}
}
intStringLen := int(stringLen)
if intStringLen < 0 {
return ErrInvalidLengthGenerated
}
postIndex := iNdEx + intStringLen
if postIndex > l {
return io.ErrUnexpectedEOF
}
m.AllowedUnsafeSysctls = append(m.AllowedUnsafeSysctls, string(dAtA[iNdEx:postIndex]))
iNdEx = postIndex
case 20:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field ForbiddenSysctls", wireType)
}
var stringLen uint64
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowGenerated
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
stringLen |= (uint64(b) & 0x7F) << shift
if b < 0x80 {
break
}
}
intStringLen := int(stringLen)
if intStringLen < 0 {
return ErrInvalidLengthGenerated
}
postIndex := iNdEx + intStringLen
if postIndex > l {
return io.ErrUnexpectedEOF
}
m.ForbiddenSysctls = append(m.ForbiddenSysctls, string(dAtA[iNdEx:postIndex]))
iNdEx = postIndex
default:
iNdEx = preIndex
skippy, err := skipGenerated(dAtA[iNdEx:])
@ -3811,106 +3947,110 @@ func init() {
}
var fileDescriptorGenerated = []byte{
// 1605 bytes of a gzipped FileDescriptorProto
0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xbc, 0x58, 0x4f, 0x6f, 0x1b, 0xb9,
0x15, 0xf7, 0x58, 0xb6, 0x65, 0xd3, 0xf2, 0x3f, 0xba, 0x76, 0x27, 0x46, 0x23, 0x35, 0x0a, 0x50,
0xa4, 0x41, 0x33, 0x8a, 0x9d, 0xa4, 0x35, 0x9a, 0xb6, 0xa8, 0xc7, 0xf2, 0xbf, 0x20, 0xae, 0x55,
0x2a, 0x09, 0xda, 0x22, 0x2d, 0x4a, 0x69, 0x68, 0x89, 0xf1, 0x68, 0x66, 0x4a, 0x72, 0x14, 0xe9,
0xd6, 0x43, 0x0f, 0x3d, 0xf6, 0x0b, 0xf4, 0x13, 0x14, 0x3d, 0xed, 0x97, 0xf0, 0x02, 0x8b, 0x45,
0x8e, 0xc1, 0x1e, 0x84, 0x8d, 0x16, 0xfb, 0x25, 0x72, 0x5a, 0x0c, 0xc5, 0x91, 0x34, 0x33, 0x92,
0x1c, 0x07, 0x48, 0x6e, 0x1a, 0xbe, 0xdf, 0xef, 0xf7, 0x1e, 0x1f, 0xc9, 0xc7, 0x47, 0x01, 0xf3,
0x62, 0x97, 0x1b, 0xd4, 0x2d, 0x5c, 0xf8, 0x15, 0xc2, 0x1c, 0x22, 0x08, 0x2f, 0x34, 0x89, 0x63,
0xb9, 0xac, 0xa0, 0x0c, 0xd8, 0xa3, 0x05, 0xcf, 0xb5, 0x69, 0xb5, 0x5d, 0x68, 0x6e, 0x57, 0x88,
0xc0, 0xdb, 0x85, 0x1a, 0x71, 0x08, 0xc3, 0x82, 0x58, 0x86, 0xc7, 0x5c, 0xe1, 0xc2, 0x1b, 0x3d,
0xa8, 0x81, 0x3d, 0x6a, 0xf4, 0xa0, 0x86, 0x82, 0x6e, 0xdd, 0xab, 0x51, 0x51, 0xf7, 0x2b, 0x46,
0xd5, 0x6d, 0x14, 0x6a, 0x6e, 0xcd, 0x2d, 0x48, 0x46, 0xc5, 0x3f, 0x97, 0x5f, 0xf2, 0x43, 0xfe,
0xea, 0x29, 0x6d, 0xe5, 0x87, 0x9c, 0x56, 0x5d, 0x46, 0x0a, 0xcd, 0x84, 0xb7, 0xad, 0x87, 0x03,
0x4c, 0x03, 0x57, 0xeb, 0xd4, 0x21, 0xac, 0x5d, 0xf0, 0x2e, 0x6a, 0xc1, 0x00, 0x2f, 0x34, 0x88,
0xc0, 0xa3, 0x58, 0x85, 0x71, 0x2c, 0xe6, 0x3b, 0x82, 0x36, 0x48, 0x82, 0xf0, 0xcb, 0xab, 0x08,
0xbc, 0x5a, 0x27, 0x0d, 0x9c, 0xe0, 0x3d, 0x18, 0xc7, 0xf3, 0x05, 0xb5, 0x0b, 0xd4, 0x11, 0x5c,
0xb0, 0x38, 0x29, 0xff, 0x18, 0xac, 0xed, 0xd9, 0xb6, 0xfb, 0x9a, 0x58, 0x87, 0x36, 0x69, 0xbd,
0x70, 0x6d, 0xbf, 0x41, 0xe0, 0xcf, 0xc0, 0x9c, 0xc5, 0x68, 0x93, 0x30, 0x5d, 0xfb, 0xa9, 0x76,
0x67, 0xc1, 0x5c, 0xbe, 0xec, 0xe4, 0xa6, 0xba, 0x9d, 0xdc, 0x5c, 0x51, 0x8e, 0x22, 0x65, 0xcd,
0x1f, 0x80, 0x15, 0x45, 0x3e, 0x76, 0xb9, 0x28, 0x61, 0x51, 0x87, 0x3b, 0x00, 0x78, 0x58, 0xd4,
0x4b, 0x8c, 0x9c, 0xd3, 0x96, 0xa2, 0x43, 0x45, 0x07, 0xa5, 0xbe, 0x05, 0x0d, 0xa1, 0xf2, 0xdf,
0x68, 0x60, 0xfe, 0xa0, 0x49, 0xab, 0x82, 0xba, 0x0e, 0xfc, 0x3b, 0x98, 0x0f, 0x32, 0x69, 0x61,
0x81, 0x25, 0x7d, 0x71, 0xe7, 0xbe, 0x31, 0x58, 0xe5, 0xfe, 0xc4, 0x0c, 0xef, 0xa2, 0x16, 0x0c,
0x70, 0x23, 0x40, 0x1b, 0xcd, 0x6d, 0xe3, 0xac, 0xf2, 0x8a, 0x54, 0xc5, 0x29, 0x11, 0x78, 0xe0,
0x70, 0x30, 0x86, 0xfa, 0xaa, 0xd0, 0x06, 0x4b, 0x16, 0xb1, 0x89, 0x20, 0x67, 0x5e, 0xe0, 0x91,
0xeb, 0xd3, 0xd2, 0xcd, 0x83, 0x0f, 0x73, 0x53, 0x1c, 0xa6, 0x9a, 0x6b, 0xdd, 0x4e, 0x6e, 0x29,
0x32, 0x84, 0xa2, 0xe2, 0xf9, 0xff, 0x6a, 0x60, 0xf3, 0xb0, 0x7c, 0xc4, 0x5c, 0xdf, 0x2b, 0x8b,
0x20, 0xf3, 0xb5, 0xb6, 0x32, 0xc1, 0x5f, 0x81, 0x19, 0xe6, 0xdb, 0x44, 0x65, 0xe9, 0xb6, 0x0a,
0x7a, 0x06, 0xf9, 0x36, 0x79, 0xdf, 0xc9, 0xad, 0xc7, 0x58, 0xcf, 0xda, 0x1e, 0x41, 0x92, 0x00,
0x9f, 0x80, 0x39, 0x86, 0x9d, 0x1a, 0x09, 0x42, 0x4f, 0xdd, 0x59, 0xdc, 0xc9, 0x1b, 0x63, 0xcf,
0x81, 0x71, 0x52, 0x44, 0x01, 0x74, 0xb0, 0x86, 0xf2, 0x93, 0x23, 0xa5, 0x90, 0x3f, 0x05, 0x4b,
0x72, 0xf1, 0x5c, 0x26, 0xa4, 0x05, 0xde, 0x04, 0xa9, 0x06, 0x75, 0x64, 0x50, 0xb3, 0xe6, 0xa2,
0x62, 0xa5, 0x4e, 0xa9, 0x83, 0x82, 0x71, 0x69, 0xc6, 0x2d, 0x99, 0xb3, 0x61, 0x33, 0x6e, 0xa1,
0x60, 0x3c, 0x7f, 0x04, 0xd2, 0xca, 0xe3, 0xb0, 0x50, 0x6a, 0xb2, 0x50, 0x6a, 0x84, 0xd0, 0xff,
0xa6, 0xc1, 0x7a, 0xc9, 0xb5, 0x8a, 0x94, 0x33, 0x5f, 0xe6, 0xcb, 0xf4, 0xad, 0x1a, 0x11, 0x9f,
0x61, 0x7f, 0x3c, 0x03, 0x33, 0xdc, 0x23, 0x55, 0xb5, 0x2d, 0x76, 0x26, 0xe4, 0x76, 0x44, 0x7c,
0x65, 0x8f, 0x54, 0xcd, 0x4c, 0xb8, 0x94, 0xc1, 0x17, 0x92, 0x6a, 0xf0, 0x25, 0x98, 0xe3, 0x02,
0x0b, 0x9f, 0xeb, 0x29, 0xa9, 0xfb, 0xf0, 0x9a, 0xba, 0x92, 0x3b, 0x58, 0xc5, 0xde, 0x37, 0x52,
0x9a, 0xf9, 0xaf, 0x34, 0xf0, 0xe3, 0x11, 0xac, 0xa7, 0x94, 0x0b, 0xf8, 0x32, 0x91, 0x31, 0xe3,
0xc3, 0x32, 0x16, 0xb0, 0x65, 0xbe, 0x56, 0x95, 0xd7, 0xf9, 0x70, 0x64, 0x28, 0x5b, 0x65, 0x30,
0x4b, 0x05, 0x69, 0x84, 0x5b, 0xd1, 0xb8, 0xde, 0xb4, 0xcc, 0x25, 0x25, 0x3d, 0x7b, 0x12, 0x88,
0xa0, 0x9e, 0x56, 0xfe, 0xeb, 0xe9, 0x91, 0xd3, 0x09, 0xd2, 0x09, 0xcf, 0x41, 0xa6, 0x41, 0x9d,
0xbd, 0x26, 0xa6, 0x36, 0xae, 0xa8, 0xd3, 0x33, 0x69, 0x13, 0x04, 0xd5, 0xcf, 0xe8, 0x55, 0x3f,
0xe3, 0xc4, 0x11, 0x67, 0xac, 0x2c, 0x18, 0x75, 0x6a, 0xe6, 0x6a, 0xb7, 0x93, 0xcb, 0x9c, 0x0e,
0x29, 0xa1, 0x88, 0x2e, 0xfc, 0x2b, 0x98, 0xe7, 0xc4, 0x26, 0x55, 0xe1, 0xb2, 0xeb, 0x55, 0x88,
0xa7, 0xb8, 0x42, 0xec, 0xb2, 0xa2, 0x9a, 0x99, 0x20, 0x6f, 0xe1, 0x17, 0xea, 0x4b, 0x42, 0x1b,
0x2c, 0x37, 0x70, 0xeb, 0xb9, 0x83, 0xfb, 0x13, 0x49, 0x7d, 0xe4, 0x44, 0x60, 0xb7, 0x93, 0x5b,
0x3e, 0x8d, 0x68, 0xa1, 0x98, 0x76, 0xfe, 0xfb, 0x19, 0x70, 0x63, 0xec, 0xae, 0x82, 0x4f, 0x00,
0x74, 0x2b, 0x9c, 0xb0, 0x26, 0xb1, 0x8e, 0x7a, 0xf7, 0x03, 0x75, 0xc3, 0x83, 0xbb, 0xa5, 0x16,
0x08, 0x9e, 0x25, 0x10, 0x68, 0x04, 0x0b, 0xfe, 0x4b, 0x03, 0x4b, 0x56, 0xcf, 0x0d, 0xb1, 0x4a,
0xae, 0x15, 0x6e, 0x8c, 0xa3, 0x8f, 0xd9, 0xef, 0x46, 0x71, 0x58, 0xe9, 0xc0, 0x11, 0xac, 0x6d,
0x6e, 0xa8, 0x80, 0x96, 0x22, 0x36, 0x14, 0x75, 0x0a, 0x4f, 0x01, 0xb4, 0xfa, 0x92, 0x5c, 0xdd,
0x52, 0x32, 0xc5, 0xb3, 0xe6, 0x4d, 0xa5, 0xb0, 0x11, 0xf1, 0x1b, 0x82, 0xd0, 0x08, 0x22, 0xfc,
0x1d, 0x58, 0xae, 0xfa, 0x8c, 0x11, 0x47, 0x1c, 0x13, 0x6c, 0x8b, 0x7a, 0x5b, 0x9f, 0x91, 0x52,
0x9b, 0x4a, 0x6a, 0x79, 0x3f, 0x62, 0x45, 0x31, 0x74, 0xc0, 0xb7, 0x08, 0xa7, 0x8c, 0x58, 0x21,
0x7f, 0x36, 0xca, 0x2f, 0x46, 0xac, 0x28, 0x86, 0x86, 0xbb, 0x20, 0x43, 0x5a, 0x1e, 0xa9, 0x86,
0x39, 0x9d, 0x93, 0xec, 0x1f, 0x29, 0x76, 0xe6, 0x60, 0xc8, 0x86, 0x22, 0xc8, 0x2d, 0x1b, 0xc0,
0x64, 0x12, 0xe1, 0x2a, 0x48, 0x5d, 0x90, 0x76, 0xef, 0xe6, 0x41, 0xc1, 0x4f, 0xf8, 0x7b, 0x30,
0xdb, 0xc4, 0xb6, 0x4f, 0xd4, 0x5e, 0xbf, 0xfb, 0x61, 0x7b, 0xfd, 0x19, 0x6d, 0x10, 0xd4, 0x23,
0xfe, 0x7a, 0x7a, 0x57, 0xcb, 0x7f, 0xa9, 0x81, 0xb5, 0x92, 0x6b, 0x95, 0x49, 0xd5, 0x67, 0x54,
0xb4, 0x4b, 0x72, 0x9d, 0x3f, 0x43, 0xcd, 0x46, 0x91, 0x9a, 0x7d, 0x7f, 0xf2, 0x5e, 0x8b, 0x46,
0x37, 0xae, 0x62, 0xe7, 0x2f, 0x35, 0xb0, 0x91, 0x40, 0x7f, 0x86, 0x8a, 0xfa, 0xc7, 0x68, 0x45,
0xfd, 0xc5, 0x75, 0x26, 0x33, 0xa6, 0x9e, 0xbe, 0xcf, 0x8c, 0x98, 0x8a, 0xac, 0xa6, 0x41, 0xbf,
0xc6, 0x68, 0x93, 0xda, 0xa4, 0x46, 0x2c, 0x39, 0x99, 0xf9, 0xa1, 0x7e, 0xad, 0x6f, 0x41, 0x43,
0x28, 0xc8, 0xc1, 0xa6, 0x45, 0xce, 0xb1, 0x6f, 0x8b, 0x3d, 0xcb, 0xda, 0xc7, 0x1e, 0xae, 0x50,
0x9b, 0x0a, 0xaa, 0xda, 0x91, 0x05, 0xf3, 0x71, 0xb7, 0x93, 0xdb, 0x2c, 0x8e, 0x44, 0xbc, 0xef,
0xe4, 0x6e, 0x26, 0x3b, 0x6d, 0xa3, 0x0f, 0x69, 0xa3, 0x31, 0xd2, 0xb0, 0x0d, 0x74, 0x46, 0xfe,
0xe1, 0x07, 0x87, 0xa2, 0xc8, 0x5c, 0x2f, 0xe2, 0x36, 0x25, 0xdd, 0xfe, 0xb6, 0xdb, 0xc9, 0xe9,
0x68, 0x0c, 0xe6, 0x6a, 0xc7, 0x63, 0xe5, 0xe1, 0x2b, 0xb0, 0x8e, 0x7b, 0x75, 0x20, 0xe2, 0x75,
0x46, 0x7a, 0xdd, 0xed, 0x76, 0x72, 0xeb, 0x7b, 0x49, 0xf3, 0xd5, 0x0e, 0x47, 0x89, 0xc2, 0x02,
0x48, 0x37, 0x65, 0x13, 0xce, 0xf5, 0x59, 0xa9, 0xbf, 0xd1, 0xed, 0xe4, 0xd2, 0xbd, 0xbe, 0x3c,
0xd0, 0x9c, 0x3b, 0x2c, 0xcb, 0x46, 0x30, 0x44, 0xc1, 0x47, 0x60, 0xb1, 0xee, 0x72, 0xf1, 0x07,
0x22, 0x5e, 0xbb, 0xec, 0x42, 0x16, 0x86, 0x79, 0x73, 0x5d, 0xad, 0xe0, 0xe2, 0xf1, 0xc0, 0x84,
0x86, 0x71, 0xf0, 0xcf, 0x60, 0xa1, 0xae, 0xda, 0x3e, 0xae, 0xa7, 0xe5, 0x46, 0xbb, 0x33, 0x61,
0xa3, 0x45, 0x5a, 0x44, 0x73, 0x4d, 0xc9, 0x2f, 0x84, 0xc3, 0x1c, 0x0d, 0xd4, 0xe0, 0xcf, 0x41,
0x5a, 0x7e, 0x9c, 0x14, 0xf5, 0x79, 0x19, 0xcd, 0x8a, 0x82, 0xa7, 0x8f, 0x7b, 0xc3, 0x28, 0xb4,
0x87, 0xd0, 0x93, 0xd2, 0xbe, 0xbe, 0x90, 0x84, 0x9e, 0x94, 0xf6, 0x51, 0x68, 0x87, 0x2f, 0x41,
0x9a, 0x93, 0xa7, 0xd4, 0xf1, 0x5b, 0x3a, 0x90, 0x47, 0x6e, 0x7b, 0x42, 0xb8, 0xe5, 0x03, 0x89,
0x8c, 0x35, 0xdc, 0x03, 0x75, 0x65, 0x47, 0xa1, 0x24, 0xb4, 0xc0, 0x02, 0xf3, 0x9d, 0x3d, 0xfe,
0x9c, 0x13, 0xa6, 0x2f, 0x26, 0x6e, 0xfb, 0xb8, 0x3e, 0x0a, 0xb1, 0x71, 0x0f, 0xfd, 0xcc, 0xf4,
0x11, 0x68, 0x20, 0x0c, 0xff, 0xad, 0x01, 0xc8, 0x7d, 0xcf, 0xb3, 0x49, 0x83, 0x38, 0x02, 0xdb,
0xb2, 0xbf, 0xe7, 0x7a, 0x46, 0xfa, 0xfb, 0xcd, 0xa4, 0xf9, 0x24, 0x48, 0x71, 0xc7, 0xfd, 0x6b,
0x3a, 0x09, 0x45, 0x23, 0x7c, 0x06, 0xe9, 0x3c, 0xe7, 0xf2, 0xb7, 0xbe, 0x74, 0x65, 0x3a, 0x47,
0xbf, 0x5f, 0x06, 0xe9, 0x54, 0x76, 0x14, 0x4a, 0xc2, 0x17, 0x60, 0x93, 0x11, 0x6c, 0x9d, 0x39,
0x76, 0x1b, 0xb9, 0xae, 0x38, 0xa4, 0x36, 0xe1, 0x6d, 0x2e, 0x48, 0x43, 0x5f, 0x96, 0xcb, 0x9c,
0x55, 0xcc, 0x4d, 0x34, 0x12, 0x85, 0xc6, 0xb0, 0x61, 0x03, 0xe4, 0xc2, 0xf2, 0x10, 0x9c, 0x9d,
0x7e, 0x7d, 0x3a, 0xe0, 0x55, 0x6c, 0xf7, 0xba, 0x96, 0x15, 0xe9, 0xe0, 0x76, 0xb7, 0x93, 0xcb,
0x15, 0x27, 0x43, 0xd1, 0x55, 0x5a, 0xf0, 0x4f, 0x40, 0xc7, 0xe3, 0xfc, 0xac, 0x4a, 0x3f, 0x3f,
0x09, 0x6a, 0xce, 0x58, 0x07, 0x63, 0xd9, 0xd0, 0x03, 0xab, 0x38, 0xfa, 0x72, 0xe6, 0xfa, 0x9a,
0x3c, 0x85, 0x77, 0x27, 0xac, 0x43, 0xec, 0xb1, 0x6d, 0xea, 0x2a, 0x8d, 0xab, 0x31, 0x03, 0x47,
0x09, 0x75, 0xd8, 0x02, 0x10, 0xc7, 0x1f, 0xfa, 0x5c, 0x87, 0x57, 0x5e, 0x31, 0x89, 0x7f, 0x07,
0x06, 0x5b, 0x2d, 0x61, 0xe2, 0x68, 0x84, 0x8f, 0xe0, 0x05, 0xac, 0x8f, 0x3b, 0x30, 0xf0, 0x51,
0xe4, 0x0d, 0x7c, 0x2b, 0xf6, 0x06, 0x5e, 0x4b, 0xf0, 0x3e, 0xc1, 0x0b, 0xf8, 0xff, 0x1a, 0xd8,
0x1c, 0x5d, 0x30, 0xe0, 0x83, 0x48, 0x74, 0xb9, 0x58, 0x74, 0x2b, 0x31, 0x96, 0x8a, 0xed, 0x6f,
0x60, 0x59, 0x95, 0x95, 0xe8, 0x1f, 0x0c, 0x91, 0x18, 0x83, 0xfb, 0x20, 0xe8, 0x08, 0x94, 0x44,
0x78, 0xa4, 0x64, 0x2f, 0x1f, 0x1d, 0x43, 0x31, 0xb5, 0xfc, 0x17, 0x1a, 0xb8, 0x75, 0x65, 0x41,
0x80, 0x66, 0x24, 0x74, 0x23, 0x16, 0x7a, 0x76, 0xbc, 0xc0, 0xa7, 0xf9, 0x9f, 0xc1, 0xbc, 0x77,
0xf9, 0x2e, 0x3b, 0xf5, 0xe6, 0x5d, 0x76, 0xea, 0xed, 0xbb, 0xec, 0xd4, 0x3f, 0xbb, 0x59, 0xed,
0xb2, 0x9b, 0xd5, 0xde, 0x74, 0xb3, 0xda, 0xdb, 0x6e, 0x56, 0xfb, 0xb6, 0x9b, 0xd5, 0xfe, 0xf3,
0x5d, 0x76, 0xea, 0x2f, 0x69, 0x25, 0xf7, 0x43, 0x00, 0x00, 0x00, 0xff, 0xff, 0xc3, 0x7d, 0x0b,
0x1d, 0x1e, 0x14, 0x00, 0x00,
// 1679 bytes of a gzipped FileDescriptorProto
0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xbc, 0x58, 0x4f, 0x6f, 0x23, 0xb7,
0x15, 0xf7, 0xac, 0x6c, 0x4b, 0xa6, 0x6d, 0xad, 0x4d, 0x7b, 0xdd, 0x89, 0xd1, 0xd5, 0x24, 0x0a,
0x50, 0x6c, 0x83, 0x64, 0x14, 0x7b, 0x93, 0xd6, 0x68, 0xda, 0x22, 0x1e, 0xcb, 0xff, 0x02, 0xbb,
0x56, 0xa9, 0xdd, 0xa0, 0x2d, 0xb6, 0x45, 0x29, 0x0d, 0x2d, 0x31, 0x1e, 0xcd, 0x4c, 0x49, 0x8e,
0x22, 0xdd, 0x7a, 0xe8, 0xa1, 0xe8, 0xa9, 0x5f, 0xa0, 0x9f, 0xa0, 0xe8, 0xa9, 0x5f, 0xc2, 0x05,
0x8a, 0x22, 0xc7, 0xa0, 0x07, 0xa1, 0xab, 0xa2, 0x5f, 0x22, 0xa7, 0x62, 0x28, 0x8e, 0xa4, 0xf9,
0x23, 0x79, 0x1d, 0x60, 0xf7, 0xa6, 0xe1, 0xfb, 0xfd, 0x7e, 0xef, 0xf1, 0xf1, 0xf1, 0x91, 0x14,
0xb0, 0x6e, 0x0e, 0xb8, 0x49, 0xbd, 0xca, 0x4d, 0xd0, 0x20, 0xcc, 0x25, 0x82, 0xf0, 0x4a, 0x97,
0xb8, 0xb6, 0xc7, 0x2a, 0xca, 0x80, 0x7d, 0x5a, 0xf1, 0x3d, 0x87, 0x36, 0xfb, 0x95, 0xee, 0x5e,
0x83, 0x08, 0xbc, 0x57, 0x69, 0x11, 0x97, 0x30, 0x2c, 0x88, 0x6d, 0xfa, 0xcc, 0x13, 0x1e, 0x7c,
0x6b, 0x04, 0x35, 0xb1, 0x4f, 0xcd, 0x11, 0xd4, 0x54, 0xd0, 0xdd, 0x0f, 0x5a, 0x54, 0xb4, 0x83,
0x86, 0xd9, 0xf4, 0x3a, 0x95, 0x96, 0xd7, 0xf2, 0x2a, 0x92, 0xd1, 0x08, 0xae, 0xe5, 0x97, 0xfc,
0x90, 0xbf, 0x46, 0x4a, 0xbb, 0xe5, 0x29, 0xa7, 0x4d, 0x8f, 0x91, 0x4a, 0x37, 0xe5, 0x6d, 0xf7,
0xa3, 0x09, 0xa6, 0x83, 0x9b, 0x6d, 0xea, 0x12, 0xd6, 0xaf, 0xf8, 0x37, 0xad, 0x70, 0x80, 0x57,
0x3a, 0x44, 0xe0, 0x2c, 0x56, 0x65, 0x16, 0x8b, 0x05, 0xae, 0xa0, 0x1d, 0x92, 0x22, 0xfc, 0xe0,
0x2e, 0x02, 0x6f, 0xb6, 0x49, 0x07, 0xa7, 0x78, 0x4f, 0x67, 0xf1, 0x02, 0x41, 0x9d, 0x0a, 0x75,
0x05, 0x17, 0x2c, 0x49, 0x2a, 0x7f, 0x02, 0x36, 0x0f, 0x1d, 0xc7, 0xfb, 0x92, 0xd8, 0x27, 0x0e,
0xe9, 0x7d, 0xee, 0x39, 0x41, 0x87, 0xc0, 0xef, 0x81, 0x65, 0x9b, 0xd1, 0x2e, 0x61, 0xba, 0xf6,
0xb6, 0xf6, 0x64, 0xc5, 0x2a, 0xde, 0x0e, 0x8c, 0x85, 0xe1, 0xc0, 0x58, 0xae, 0xca, 0x51, 0xa4,
0xac, 0x65, 0x0e, 0x1e, 0x2a, 0xf2, 0x99, 0xc7, 0x45, 0x0d, 0x8b, 0x36, 0xdc, 0x07, 0xc0, 0xc7,
0xa2, 0x5d, 0x63, 0xe4, 0x9a, 0xf6, 0x14, 0x1d, 0x2a, 0x3a, 0xa8, 0x8d, 0x2d, 0x68, 0x0a, 0x05,
0xdf, 0x07, 0x05, 0x46, 0xb0, 0x7d, 0xe5, 0x3a, 0x7d, 0xfd, 0xc1, 0xdb, 0xda, 0x93, 0x82, 0xb5,
0xa1, 0x18, 0x05, 0xa4, 0xc6, 0xd1, 0x18, 0x51, 0xfe, 0xb7, 0x06, 0x0a, 0xc7, 0x5d, 0xda, 0x14,
0xd4, 0x73, 0xe1, 0x6f, 0x41, 0x21, 0xcc, 0xbb, 0x8d, 0x05, 0x96, 0xce, 0x56, 0xf7, 0x3f, 0x34,
0x27, 0x35, 0x31, 0x4e, 0x83, 0xe9, 0xdf, 0xb4, 0xc2, 0x01, 0x6e, 0x86, 0x68, 0xb3, 0xbb, 0x67,
0x5e, 0x35, 0xbe, 0x20, 0x4d, 0x71, 0x49, 0x04, 0x9e, 0x84, 0x37, 0x19, 0x43, 0x63, 0x55, 0xe8,
0x80, 0x75, 0x9b, 0x38, 0x44, 0x90, 0x2b, 0x3f, 0xf4, 0xc8, 0x65, 0x84, 0xab, 0xfb, 0x4f, 0x5f,
0xcd, 0x4d, 0x75, 0x9a, 0x6a, 0x6d, 0x0e, 0x07, 0xc6, 0x7a, 0x6c, 0x08, 0xc5, 0xc5, 0xcb, 0x7f,
0xd1, 0xc0, 0xce, 0x49, 0xfd, 0x94, 0x79, 0x81, 0x5f, 0x17, 0xe1, 0x3a, 0xb5, 0xfa, 0xca, 0x04,
0x7f, 0x08, 0x16, 0x59, 0xe0, 0x10, 0x95, 0xd3, 0x77, 0x55, 0xd0, 0x8b, 0x28, 0x70, 0xc8, 0x37,
0x03, 0x63, 0x2b, 0xc1, 0x7a, 0xd6, 0xf7, 0x09, 0x92, 0x04, 0xf8, 0x19, 0x58, 0x66, 0xd8, 0x6d,
0x91, 0x30, 0xf4, 0xdc, 0x93, 0xd5, 0xfd, 0xb2, 0x39, 0x73, 0xd7, 0x98, 0xe7, 0x55, 0x14, 0x42,
0x27, 0x2b, 0x2e, 0x3f, 0x39, 0x52, 0x0a, 0xe5, 0x4b, 0xb0, 0x2e, 0x97, 0xda, 0x63, 0x42, 0x5a,
0xe0, 0x63, 0x90, 0xeb, 0x50, 0x57, 0x06, 0xb5, 0x64, 0xad, 0x2a, 0x56, 0xee, 0x92, 0xba, 0x28,
0x1c, 0x97, 0x66, 0xdc, 0x93, 0x39, 0x9b, 0x36, 0xe3, 0x1e, 0x0a, 0xc7, 0xcb, 0xa7, 0x20, 0xaf,
0x3c, 0x4e, 0x0b, 0xe5, 0xe6, 0x0b, 0xe5, 0x32, 0x84, 0xfe, 0xfa, 0x00, 0x6c, 0xd5, 0x3c, 0xbb,
0x4a, 0x39, 0x0b, 0x64, 0xbe, 0xac, 0xc0, 0x6e, 0x11, 0xf1, 0x06, 0xea, 0xe3, 0x19, 0x58, 0xe4,
0x3e, 0x69, 0xaa, 0xb2, 0xd8, 0x9f, 0x93, 0xdb, 0x8c, 0xf8, 0xea, 0x3e, 0x69, 0x5a, 0x6b, 0xd1,
0x52, 0x86, 0x5f, 0x48, 0xaa, 0xc1, 0x17, 0x60, 0x99, 0x0b, 0x2c, 0x02, 0xae, 0xe7, 0xa4, 0xee,
0x47, 0xf7, 0xd4, 0x95, 0xdc, 0xc9, 0x2a, 0x8e, 0xbe, 0x91, 0xd2, 0x2c, 0xff, 0x53, 0x03, 0xdf,
0xc9, 0x60, 0x5d, 0x50, 0x2e, 0xe0, 0x8b, 0x54, 0xc6, 0xcc, 0x57, 0xcb, 0x58, 0xc8, 0x96, 0xf9,
0x1a, 0x6f, 0xde, 0x68, 0x64, 0x2a, 0x5b, 0x75, 0xb0, 0x44, 0x05, 0xe9, 0x44, 0xa5, 0x68, 0xde,
0x6f, 0x5a, 0xd6, 0xba, 0x92, 0x5e, 0x3a, 0x0f, 0x45, 0xd0, 0x48, 0xab, 0xfc, 0xaf, 0x07, 0x99,
0xd3, 0x09, 0xd3, 0x09, 0xaf, 0xc1, 0x5a, 0x87, 0xba, 0x87, 0x5d, 0x4c, 0x1d, 0xdc, 0x50, 0xbb,
0x67, 0x5e, 0x11, 0x84, 0xbd, 0xd2, 0x1c, 0xf5, 0x4a, 0xf3, 0xdc, 0x15, 0x57, 0xac, 0x2e, 0x18,
0x75, 0x5b, 0xd6, 0xc6, 0x70, 0x60, 0xac, 0x5d, 0x4e, 0x29, 0xa1, 0x98, 0x2e, 0xfc, 0x35, 0x28,
0x70, 0xe2, 0x90, 0xa6, 0xf0, 0xd8, 0xfd, 0x3a, 0xc4, 0x05, 0x6e, 0x10, 0xa7, 0xae, 0xa8, 0xd6,
0x5a, 0x98, 0xb7, 0xe8, 0x0b, 0x8d, 0x25, 0xa1, 0x03, 0x8a, 0x1d, 0xdc, 0x7b, 0xee, 0xe2, 0xf1,
0x44, 0x72, 0xdf, 0x72, 0x22, 0x70, 0x38, 0x30, 0x8a, 0x97, 0x31, 0x2d, 0x94, 0xd0, 0x2e, 0xff,
0x6f, 0x11, 0xbc, 0x35, 0xb3, 0xaa, 0xe0, 0x67, 0x00, 0x7a, 0x0d, 0x4e, 0x58, 0x97, 0xd8, 0xa7,
0xa3, 0xd3, 0x84, 0x7a, 0xd1, 0xc6, 0xdd, 0x55, 0x0b, 0x04, 0xaf, 0x52, 0x08, 0x94, 0xc1, 0x82,
0x7f, 0xd0, 0xc0, 0xba, 0x3d, 0x72, 0x43, 0xec, 0x9a, 0x67, 0x47, 0x85, 0x71, 0xfa, 0x6d, 0xea,
0xdd, 0xac, 0x4e, 0x2b, 0x1d, 0xbb, 0x82, 0xf5, 0xad, 0x47, 0x2a, 0xa0, 0xf5, 0x98, 0x0d, 0xc5,
0x9d, 0xc2, 0x4b, 0x00, 0xed, 0xb1, 0x24, 0x57, 0x67, 0x9a, 0x4c, 0xf1, 0x92, 0xf5, 0x58, 0x29,
0x3c, 0x8a, 0xf9, 0x8d, 0x40, 0x28, 0x83, 0x08, 0x7f, 0x0a, 0x8a, 0xcd, 0x80, 0x31, 0xe2, 0x8a,
0x33, 0x82, 0x1d, 0xd1, 0xee, 0xeb, 0x8b, 0x52, 0x6a, 0x47, 0x49, 0x15, 0x8f, 0x62, 0x56, 0x94,
0x40, 0x87, 0x7c, 0x9b, 0x70, 0xca, 0x88, 0x1d, 0xf1, 0x97, 0xe2, 0xfc, 0x6a, 0xcc, 0x8a, 0x12,
0x68, 0x78, 0x00, 0xd6, 0x48, 0xcf, 0x27, 0xcd, 0x28, 0xa7, 0xcb, 0x92, 0xbd, 0xad, 0xd8, 0x6b,
0xc7, 0x53, 0x36, 0x14, 0x43, 0xee, 0x3a, 0x00, 0xa6, 0x93, 0x08, 0x37, 0x40, 0xee, 0x86, 0xf4,
0x47, 0x27, 0x0f, 0x0a, 0x7f, 0xc2, 0x4f, 0xc1, 0x52, 0x17, 0x3b, 0x01, 0x51, 0xb5, 0xfe, 0xde,
0xab, 0xd5, 0xfa, 0x33, 0xda, 0x21, 0x68, 0x44, 0xfc, 0xd1, 0x83, 0x03, 0xad, 0xfc, 0x0f, 0x0d,
0x6c, 0xd6, 0x3c, 0xbb, 0x4e, 0x9a, 0x01, 0xa3, 0xa2, 0x5f, 0x93, 0xeb, 0xfc, 0x06, 0x7a, 0x36,
0x8a, 0xf5, 0xec, 0x0f, 0xe7, 0xd7, 0x5a, 0x3c, 0xba, 0x59, 0x1d, 0xbb, 0x7c, 0xab, 0x81, 0x47,
0x29, 0xf4, 0x1b, 0xe8, 0xa8, 0x3f, 0x8f, 0x77, 0xd4, 0xf7, 0xef, 0x33, 0x99, 0x19, 0xfd, 0xf4,
0x4f, 0xc5, 0x8c, 0xa9, 0xc8, 0x6e, 0x1a, 0xde, 0xee, 0x18, 0xed, 0x52, 0x87, 0xb4, 0x88, 0x2d,
0x27, 0x53, 0x98, 0xba, 0xdd, 0x8d, 0x2d, 0x68, 0x0a, 0x05, 0x39, 0xd8, 0xb1, 0xc9, 0x35, 0x0e,
0x1c, 0x71, 0x68, 0xdb, 0x47, 0xd8, 0xc7, 0x0d, 0xea, 0x50, 0x41, 0xd5, 0x75, 0x64, 0xc5, 0xfa,
0x64, 0x38, 0x30, 0x76, 0xaa, 0x99, 0x88, 0x6f, 0x06, 0xc6, 0xe3, 0xf4, 0xbd, 0xdc, 0x1c, 0x43,
0xfa, 0x68, 0x86, 0x34, 0xec, 0x03, 0x9d, 0x91, 0xdf, 0x05, 0xe1, 0xa6, 0xa8, 0x32, 0xcf, 0x8f,
0xb9, 0xcd, 0x49, 0xb7, 0x3f, 0x19, 0x0e, 0x0c, 0x1d, 0xcd, 0xc0, 0xdc, 0xed, 0x78, 0xa6, 0x3c,
0xfc, 0x02, 0x6c, 0xe1, 0x51, 0x1f, 0x88, 0x79, 0x5d, 0x94, 0x5e, 0x0f, 0x86, 0x03, 0x63, 0xeb,
0x30, 0x6d, 0xbe, 0xdb, 0x61, 0x96, 0x28, 0xac, 0x80, 0x7c, 0x57, 0x5e, 0xd9, 0xb9, 0xbe, 0x24,
0xf5, 0x1f, 0x0d, 0x07, 0x46, 0x7e, 0x74, 0x8b, 0x0f, 0x35, 0x97, 0x4f, 0xea, 0xf2, 0x22, 0x18,
0xa1, 0xe0, 0xc7, 0x60, 0xb5, 0xed, 0x71, 0xf1, 0x33, 0x22, 0xbe, 0xf4, 0xd8, 0x8d, 0x6c, 0x0c,
0x05, 0x6b, 0x4b, 0xad, 0xe0, 0xea, 0xd9, 0xc4, 0x84, 0xa6, 0x71, 0xf0, 0x97, 0x60, 0xa5, 0xad,
0xae, 0x7d, 0x5c, 0xcf, 0xcb, 0x42, 0x7b, 0x32, 0xa7, 0xd0, 0x62, 0x57, 0x44, 0x6b, 0x53, 0xc9,
0xaf, 0x44, 0xc3, 0x1c, 0x4d, 0xd4, 0xe0, 0xf7, 0x41, 0x5e, 0x7e, 0x9c, 0x57, 0xf5, 0x82, 0x8c,
0xe6, 0xa1, 0x82, 0xe7, 0xcf, 0x46, 0xc3, 0x28, 0xb2, 0x47, 0xd0, 0xf3, 0xda, 0x91, 0xbe, 0x92,
0x86, 0x9e, 0xd7, 0x8e, 0x50, 0x64, 0x87, 0x2f, 0x40, 0x9e, 0x93, 0x0b, 0xea, 0x06, 0x3d, 0x1d,
0xc8, 0x2d, 0xb7, 0x37, 0x27, 0xdc, 0xfa, 0xb1, 0x44, 0x26, 0x2e, 0xdc, 0x13, 0x75, 0x65, 0x47,
0x91, 0x24, 0xb4, 0xc1, 0x0a, 0x0b, 0xdc, 0x43, 0xfe, 0x9c, 0x13, 0xa6, 0xaf, 0xa6, 0x4e, 0xfb,
0xa4, 0x3e, 0x8a, 0xb0, 0x49, 0x0f, 0xe3, 0xcc, 0x8c, 0x11, 0x68, 0x22, 0x0c, 0xff, 0xa8, 0x01,
0xc8, 0x03, 0xdf, 0x77, 0x48, 0x87, 0xb8, 0x02, 0x3b, 0xf2, 0x7e, 0xcf, 0xf5, 0x35, 0xe9, 0xef,
0xc7, 0xf3, 0xe6, 0x93, 0x22, 0x25, 0x1d, 0x8f, 0x8f, 0xe9, 0x34, 0x14, 0x65, 0xf8, 0x0c, 0xd3,
0x79, 0xcd, 0xe5, 0x6f, 0x7d, 0xfd, 0xce, 0x74, 0x66, 0xbf, 0x5f, 0x26, 0xe9, 0x54, 0x76, 0x14,
0x49, 0xc2, 0xcf, 0xc1, 0x4e, 0xf4, 0xba, 0x43, 0x9e, 0x27, 0x4e, 0xa8, 0x43, 0x78, 0x9f, 0x0b,
0xd2, 0xd1, 0x8b, 0x72, 0x99, 0x4b, 0x8a, 0xb9, 0x83, 0x32, 0x51, 0x68, 0x06, 0x1b, 0x76, 0x80,
0x11, 0xb5, 0x87, 0x70, 0xef, 0x8c, 0xfb, 0xd3, 0x31, 0x6f, 0x62, 0x67, 0x74, 0x6b, 0x79, 0x28,
0x1d, 0xbc, 0x3b, 0x1c, 0x18, 0x46, 0x75, 0x3e, 0x14, 0xdd, 0xa5, 0x05, 0x7f, 0x01, 0x74, 0x3c,
0xcb, 0xcf, 0x86, 0xf4, 0xf3, 0xdd, 0xb0, 0xe7, 0xcc, 0x74, 0x30, 0x93, 0x0d, 0x7d, 0xb0, 0x81,
0xe3, 0xef, 0x6c, 0xae, 0x6f, 0xca, 0x5d, 0xf8, 0xde, 0x9c, 0x75, 0x48, 0x3c, 0xcd, 0x2d, 0x5d,
0xa5, 0x71, 0x23, 0x61, 0xe0, 0x28, 0xa5, 0x0e, 0x7b, 0x00, 0xe2, 0xe4, 0xdf, 0x02, 0x5c, 0x87,
0x77, 0x1e, 0x31, 0xa9, 0xff, 0x12, 0x26, 0xa5, 0x96, 0x32, 0x71, 0x94, 0xe1, 0x03, 0x5e, 0x80,
0x6d, 0x35, 0xfa, 0xdc, 0xe5, 0xf8, 0x9a, 0xd4, 0xfb, 0xbc, 0x29, 0x1c, 0xae, 0x6f, 0xc9, 0xfe,
0xa6, 0x0f, 0x07, 0xc6, 0xf6, 0x61, 0x86, 0x1d, 0x65, 0xb2, 0xe0, 0xa7, 0x60, 0xe3, 0xda, 0x63,
0x0d, 0x6a, 0xdb, 0xc4, 0x8d, 0x94, 0xb6, 0xa5, 0xd2, 0x76, 0x98, 0x89, 0x93, 0x84, 0x0d, 0xa5,
0xd0, 0xe1, 0x8b, 0x5c, 0x9f, 0xb5, 0x81, 0xe1, 0xc7, 0xb1, 0x37, 0xf9, 0x3b, 0x89, 0x37, 0xf9,
0x66, 0x8a, 0xf7, 0x1a, 0x5e, 0xe4, 0x7f, 0xd3, 0xc0, 0x4e, 0x76, 0x03, 0x83, 0x4f, 0x63, 0xd1,
0x19, 0x89, 0xe8, 0x1e, 0x26, 0x58, 0x2a, 0xb6, 0xdf, 0x80, 0xa2, 0x6a, 0x73, 0xf1, 0x3f, 0x3c,
0x62, 0x31, 0x86, 0xe7, 0x53, 0x78, 0x43, 0x51, 0x12, 0xd1, 0x16, 0x97, 0x6f, 0x8b, 0xf8, 0x18,
0x4a, 0xa8, 0x95, 0xff, 0xae, 0x81, 0x77, 0xee, 0x6c, 0x50, 0xd0, 0x8a, 0x85, 0x6e, 0x26, 0x42,
0x2f, 0xcd, 0x16, 0x78, 0x3d, 0xff, 0x7b, 0x58, 0x1f, 0xdc, 0xbe, 0x2c, 0x2d, 0x7c, 0xf5, 0xb2,
0xb4, 0xf0, 0xf5, 0xcb, 0xd2, 0xc2, 0xef, 0x87, 0x25, 0xed, 0x76, 0x58, 0xd2, 0xbe, 0x1a, 0x96,
0xb4, 0xaf, 0x87, 0x25, 0xed, 0x3f, 0xc3, 0x92, 0xf6, 0xe7, 0xff, 0x96, 0x16, 0x7e, 0x95, 0x57,
0x72, 0xff, 0x0f, 0x00, 0x00, 0xff, 0xff, 0xfc, 0x91, 0xe5, 0x7f, 0xdc, 0x14, 0x00, 0x00,
}

105
vendor/k8s.io/api/policy/v1beta1/generated.proto generated vendored
View file

@ -1,5 +1,5 @@
/*
Copyright 2018 The Kubernetes Authors.
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
@ -32,14 +32,14 @@ option go_package = "v1beta1";
// AllowedFlexVolume represents a single Flexvolume that is allowed to be used.
message AllowedFlexVolume {
// Driver is the name of the Flexvolume driver.
// driver is the name of the Flexvolume driver.
optional string driver = 1;
}
// defines the host volume conditions that will be enabled by a policy
// AllowedHostPath defines the host volume conditions that will be enabled by a policy
// for pods to use. It requires the path prefix to be defined.
message AllowedHostPath {
// is the path prefix that the host volume must match.
// pathPrefix is the path prefix that the host volume must match.
// It does not support `*`.
// Trailing slashes are trimmed when validating the path prefix with a host path.
//
@ -47,6 +47,10 @@ message AllowedHostPath {
// `/foo` would allow `/foo`, `/foo/` and `/foo/bar`
// `/foo` would not allow `/food` or `/etc/foo`
optional string pathPrefix = 1;
// when set to true, will allow host volumes matching the pathPrefix only if all volume mounts are readOnly.
// +optional
optional bool readOnly = 2;
}
// Eviction evicts a pod from its node subject to certain policies and safety constraints.
@ -62,17 +66,17 @@ message Eviction {
// FSGroupStrategyOptions defines the strategy type and options used to create the strategy.
message FSGroupStrategyOptions {
// Rule is the strategy that will dictate what FSGroup is used in the SecurityContext.
// rule is the strategy that will dictate what FSGroup is used in the SecurityContext.
// +optional
optional string rule = 1;
// Ranges are the allowed ranges of fs groups. If you would like to force a single
// fs group then supply a single range with the same start and end.
// ranges are the allowed ranges of fs groups. If you would like to force a single
// fs group then supply a single range with the same start and end. Required for MustRunAs.
// +optional
repeated IDRange ranges = 2;
}
// Host Port Range defines a range of host ports that will be enabled by a policy
// HostPortRange defines a range of host ports that will be enabled by a policy
// for pods to use. It requires both the start and end to be defined.
message HostPortRange {
// min is the start of the range, inclusive.
@ -82,12 +86,12 @@ message HostPortRange {
optional int32 max = 2;
}
// ID Range provides a min/max of an allowed range of IDs.
// IDRange provides a min/max of an allowed range of IDs.
message IDRange {
// Min is the start of the range, inclusive.
// min is the start of the range, inclusive.
optional int64 min = 1;
// Max is the end of the range, inclusive.
// max is the end of the range, inclusive.
optional int64 max = 2;
}
@ -162,7 +166,7 @@ message PodDisruptionBudgetStatus {
optional int32 expectedPods = 6;
}
// Pod Security Policy governs the ability to make requests that affect the Security Context
// PodSecurityPolicy governs the ability to make requests that affect the Security Context
// that will be applied to a pod and container.
message PodSecurityPolicy {
// Standard object's metadata.
@ -175,43 +179,43 @@ message PodSecurityPolicy {
optional PodSecurityPolicySpec spec = 2;
}
// Pod Security Policy List is a list of PodSecurityPolicy objects.
// PodSecurityPolicyList is a list of PodSecurityPolicy objects.
message PodSecurityPolicyList {
// Standard list metadata.
// More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata
// +optional
optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1;
// Items is a list of schema objects.
// items is a list of schema objects.
repeated PodSecurityPolicy items = 2;
}
// Pod Security Policy Spec defines the policy enforced.
// PodSecurityPolicySpec defines the policy enforced.
message PodSecurityPolicySpec {
// privileged determines if a pod can request to be run as privileged.
// +optional
optional bool privileged = 1;
// DefaultAddCapabilities is the default set of capabilities that will be added to the container
// defaultAddCapabilities is the default set of capabilities that will be added to the container
// unless the pod spec specifically drops the capability. You may not list a capability in both
// DefaultAddCapabilities and RequiredDropCapabilities. Capabilities added here are implicitly
// allowed, and need not be included in the AllowedCapabilities list.
// defaultAddCapabilities and requiredDropCapabilities. Capabilities added here are implicitly
// allowed, and need not be included in the allowedCapabilities list.
// +optional
repeated string defaultAddCapabilities = 2;
// RequiredDropCapabilities are the capabilities that will be dropped from the container. These
// requiredDropCapabilities are the capabilities that will be dropped from the container. These
// are required to be dropped and cannot be added.
// +optional
repeated string requiredDropCapabilities = 3;
// AllowedCapabilities is a list of capabilities that can be requested to add to the container.
// allowedCapabilities is a list of capabilities that can be requested to add to the container.
// Capabilities in this field may be added at the pod author's discretion.
// You must not list a capability in both AllowedCapabilities and RequiredDropCapabilities.
// You must not list a capability in both allowedCapabilities and requiredDropCapabilities.
// +optional
repeated string allowedCapabilities = 4;
// volumes is a white list of allowed volume plugins. Empty indicates that all plugins
// may be used.
// volumes is a white list of allowed volume plugins. Empty indicates that
// no volumes may be used. To allow all volumes you may use '*'.
// +optional
repeated string volumes = 5;
@ -237,13 +241,13 @@ message PodSecurityPolicySpec {
// runAsUser is the strategy that will dictate the allowable RunAsUser values that may be set.
optional RunAsUserStrategyOptions runAsUser = 11;
// SupplementalGroups is the strategy that will dictate what supplemental groups are used by the SecurityContext.
// supplementalGroups is the strategy that will dictate what supplemental groups are used by the SecurityContext.
optional SupplementalGroupsStrategyOptions supplementalGroups = 12;
// FSGroup is the strategy that will dictate what fs group is used by the SecurityContext.
// fsGroup is the strategy that will dictate what fs group is used by the SecurityContext.
optional FSGroupStrategyOptions fsGroup = 13;
// ReadOnlyRootFilesystem when set to true will force containers to run with a read only root file
// readOnlyRootFilesystem when set to true will force containers to run with a read only root file
// system. If the container specifically requests to run with a non-read only root file system
// the PSP should deny the pod.
// If set to false the container may run with a read only root file system if it wishes but it
@ -251,40 +255,63 @@ message PodSecurityPolicySpec {
// +optional
optional bool readOnlyRootFilesystem = 14;
// DefaultAllowPrivilegeEscalation controls the default setting for whether a
// defaultAllowPrivilegeEscalation controls the default setting for whether a
// process can gain more privileges than its parent process.
// +optional
optional bool defaultAllowPrivilegeEscalation = 15;
// AllowPrivilegeEscalation determines if a pod can request to allow
// allowPrivilegeEscalation determines if a pod can request to allow
// privilege escalation. If unspecified, defaults to true.
// +optional
optional bool allowPrivilegeEscalation = 16;
// is a white list of allowed host paths. Empty indicates that all host paths may be used.
// allowedHostPaths is a white list of allowed host paths. Empty indicates
// that all host paths may be used.
// +optional
repeated AllowedHostPath allowedHostPaths = 17;
// AllowedFlexVolumes is a whitelist of allowed Flexvolumes. Empty or nil indicates that all
// allowedFlexVolumes is a whitelist of allowed Flexvolumes. Empty or nil indicates that all
// Flexvolumes may be used. This parameter is effective only when the usage of the Flexvolumes
// is allowed in the "Volumes" field.
// is allowed in the "volumes" field.
// +optional
repeated AllowedFlexVolume allowedFlexVolumes = 18;
// allowedUnsafeSysctls is a list of explicitly allowed unsafe sysctls, defaults to none.
// Each entry is either a plain sysctl name or ends in "*" in which case it is considered
// as a prefix of allowed sysctls. Single * means all unsafe sysctls are allowed.
// Kubelet has to whitelist all allowed unsafe sysctls explicitly to avoid rejection.
//
// Examples:
// e.g. "foo/*" allows "foo/bar", "foo/baz", etc.
// e.g. "foo.*" allows "foo.bar", "foo.baz", etc.
// +optional
repeated string allowedUnsafeSysctls = 19;
// forbiddenSysctls is a list of explicitly forbidden sysctls, defaults to none.
// Each entry is either a plain sysctl name or ends in "*" in which case it is considered
// as a prefix of forbidden sysctls. Single * means all sysctls are forbidden.
//
// Examples:
// e.g. "foo/*" forbids "foo/bar", "foo/baz", etc.
// e.g. "foo.*" forbids "foo.bar", "foo.baz", etc.
// +optional
repeated string forbiddenSysctls = 20;
}
// Run A sUser Strategy Options defines the strategy type and any options used to create the strategy.
// RunAsUserStrategyOptions defines the strategy type and any options used to create the strategy.
message RunAsUserStrategyOptions {
// Rule is the strategy that will dictate the allowable RunAsUser values that may be set.
// rule is the strategy that will dictate the allowable RunAsUser values that may be set.
optional string rule = 1;
// Ranges are the allowed ranges of uids that may be used.
// ranges are the allowed ranges of uids that may be used. If you would like to force a single uid
// then supply a single range with the same start and end. Required for MustRunAs.
// +optional
repeated IDRange ranges = 2;
}
// SELinux Strategy Options defines the strategy type and any options used to create the strategy.
// SELinuxStrategyOptions defines the strategy type and any options used to create the strategy.
message SELinuxStrategyOptions {
// type is the strategy that will dictate the allowable labels that may be set.
// rule is the strategy that will dictate the allowable labels that may be set.
optional string rule = 1;
// seLinuxOptions required to run as; required for MustRunAs
@ -295,12 +322,12 @@ message SELinuxStrategyOptions {
// SupplementalGroupsStrategyOptions defines the strategy type and options used to create the strategy.
message SupplementalGroupsStrategyOptions {
// Rule is the strategy that will dictate what supplemental groups is used in the SecurityContext.
// rule is the strategy that will dictate what supplemental groups is used in the SecurityContext.
// +optional
optional string rule = 1;
// Ranges are the allowed ranges of supplemental groups. If you would like to force a single
// supplemental group then supply a single range with the same start and end.
// ranges are the allowed ranges of supplemental groups. If you would like to force a single
// supplemental group then supply a single range with the same start and end. Required for MustRunAs.
// +optional
repeated IDRange ranges = 2;
}

121
vendor/k8s.io/api/policy/v1beta1/types.go generated vendored
View file

@ -119,7 +119,7 @@ type Eviction struct {
// +genclient:nonNamespaced
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// Pod Security Policy governs the ability to make requests that affect the Security Context
// PodSecurityPolicy governs the ability to make requests that affect the Security Context
// that will be applied to a pod and container.
type PodSecurityPolicy struct {
metav1.TypeMeta `json:",inline"`
@ -133,28 +133,28 @@ type PodSecurityPolicy struct {
Spec PodSecurityPolicySpec `json:"spec,omitempty" protobuf:"bytes,2,opt,name=spec"`
}
// Pod Security Policy Spec defines the policy enforced.
// PodSecurityPolicySpec defines the policy enforced.
type PodSecurityPolicySpec struct {
// privileged determines if a pod can request to be run as privileged.
// +optional
Privileged bool `json:"privileged,omitempty" protobuf:"varint,1,opt,name=privileged"`
// DefaultAddCapabilities is the default set of capabilities that will be added to the container
// defaultAddCapabilities is the default set of capabilities that will be added to the container
// unless the pod spec specifically drops the capability. You may not list a capability in both
// DefaultAddCapabilities and RequiredDropCapabilities. Capabilities added here are implicitly
// allowed, and need not be included in the AllowedCapabilities list.
// defaultAddCapabilities and requiredDropCapabilities. Capabilities added here are implicitly
// allowed, and need not be included in the allowedCapabilities list.
// +optional
DefaultAddCapabilities []v1.Capability `json:"defaultAddCapabilities,omitempty" protobuf:"bytes,2,rep,name=defaultAddCapabilities,casttype=k8s.io/api/core/v1.Capability"`
// RequiredDropCapabilities are the capabilities that will be dropped from the container. These
// requiredDropCapabilities are the capabilities that will be dropped from the container. These
// are required to be dropped and cannot be added.
// +optional
RequiredDropCapabilities []v1.Capability `json:"requiredDropCapabilities,omitempty" protobuf:"bytes,3,rep,name=requiredDropCapabilities,casttype=k8s.io/api/core/v1.Capability"`
// AllowedCapabilities is a list of capabilities that can be requested to add to the container.
// allowedCapabilities is a list of capabilities that can be requested to add to the container.
// Capabilities in this field may be added at the pod author's discretion.
// You must not list a capability in both AllowedCapabilities and RequiredDropCapabilities.
// You must not list a capability in both allowedCapabilities and requiredDropCapabilities.
// +optional
AllowedCapabilities []v1.Capability `json:"allowedCapabilities,omitempty" protobuf:"bytes,4,rep,name=allowedCapabilities,casttype=k8s.io/api/core/v1.Capability"`
// volumes is a white list of allowed volume plugins. Empty indicates that all plugins
// may be used.
// volumes is a white list of allowed volume plugins. Empty indicates that
// no volumes may be used. To allow all volumes you may use '*'.
// +optional
Volumes []FSType `json:"volumes,omitempty" protobuf:"bytes,5,rep,name=volumes,casttype=FSType"`
// hostNetwork determines if the policy allows the use of HostNetwork in the pod spec.
@ -173,39 +173,59 @@ type PodSecurityPolicySpec struct {
SELinux SELinuxStrategyOptions `json:"seLinux" protobuf:"bytes,10,opt,name=seLinux"`
// runAsUser is the strategy that will dictate the allowable RunAsUser values that may be set.
RunAsUser RunAsUserStrategyOptions `json:"runAsUser" protobuf:"bytes,11,opt,name=runAsUser"`
// SupplementalGroups is the strategy that will dictate what supplemental groups are used by the SecurityContext.
// supplementalGroups is the strategy that will dictate what supplemental groups are used by the SecurityContext.
SupplementalGroups SupplementalGroupsStrategyOptions `json:"supplementalGroups" protobuf:"bytes,12,opt,name=supplementalGroups"`
// FSGroup is the strategy that will dictate what fs group is used by the SecurityContext.
// fsGroup is the strategy that will dictate what fs group is used by the SecurityContext.
FSGroup FSGroupStrategyOptions `json:"fsGroup" protobuf:"bytes,13,opt,name=fsGroup"`
// ReadOnlyRootFilesystem when set to true will force containers to run with a read only root file
// readOnlyRootFilesystem when set to true will force containers to run with a read only root file
// system. If the container specifically requests to run with a non-read only root file system
// the PSP should deny the pod.
// If set to false the container may run with a read only root file system if it wishes but it
// will not be forced to.
// +optional
ReadOnlyRootFilesystem bool `json:"readOnlyRootFilesystem,omitempty" protobuf:"varint,14,opt,name=readOnlyRootFilesystem"`
// DefaultAllowPrivilegeEscalation controls the default setting for whether a
// defaultAllowPrivilegeEscalation controls the default setting for whether a
// process can gain more privileges than its parent process.
// +optional
DefaultAllowPrivilegeEscalation *bool `json:"defaultAllowPrivilegeEscalation,omitempty" protobuf:"varint,15,opt,name=defaultAllowPrivilegeEscalation"`
// AllowPrivilegeEscalation determines if a pod can request to allow
// allowPrivilegeEscalation determines if a pod can request to allow
// privilege escalation. If unspecified, defaults to true.
// +optional
AllowPrivilegeEscalation *bool `json:"allowPrivilegeEscalation,omitempty" protobuf:"varint,16,opt,name=allowPrivilegeEscalation"`
// is a white list of allowed host paths. Empty indicates that all host paths may be used.
// allowedHostPaths is a white list of allowed host paths. Empty indicates
// that all host paths may be used.
// +optional
AllowedHostPaths []AllowedHostPath `json:"allowedHostPaths,omitempty" protobuf:"bytes,17,rep,name=allowedHostPaths"`
// AllowedFlexVolumes is a whitelist of allowed Flexvolumes. Empty or nil indicates that all
// allowedFlexVolumes is a whitelist of allowed Flexvolumes. Empty or nil indicates that all
// Flexvolumes may be used. This parameter is effective only when the usage of the Flexvolumes
// is allowed in the "Volumes" field.
// is allowed in the "volumes" field.
// +optional
AllowedFlexVolumes []AllowedFlexVolume `json:"allowedFlexVolumes,omitempty" protobuf:"bytes,18,rep,name=allowedFlexVolumes"`
// allowedUnsafeSysctls is a list of explicitly allowed unsafe sysctls, defaults to none.
// Each entry is either a plain sysctl name or ends in "*" in which case it is considered
// as a prefix of allowed sysctls. Single * means all unsafe sysctls are allowed.
// Kubelet has to whitelist all allowed unsafe sysctls explicitly to avoid rejection.
//
// Examples:
// e.g. "foo/*" allows "foo/bar", "foo/baz", etc.
// e.g. "foo.*" allows "foo.bar", "foo.baz", etc.
// +optional
AllowedUnsafeSysctls []string `json:"allowedUnsafeSysctls,omitempty" protobuf:"bytes,19,rep,name=allowedUnsafeSysctls"`
// forbiddenSysctls is a list of explicitly forbidden sysctls, defaults to none.
// Each entry is either a plain sysctl name or ends in "*" in which case it is considered
// as a prefix of forbidden sysctls. Single * means all sysctls are forbidden.
//
// Examples:
// e.g. "foo/*" forbids "foo/bar", "foo/baz", etc.
// e.g. "foo.*" forbids "foo.bar", "foo.baz", etc.
// +optional
ForbiddenSysctls []string `json:"forbiddenSysctls,omitempty" protobuf:"bytes,20,rep,name=forbiddenSysctls"`
}
// defines the host volume conditions that will be enabled by a policy
// AllowedHostPath defines the host volume conditions that will be enabled by a policy
// for pods to use. It requires the path prefix to be defined.
type AllowedHostPath struct {
// is the path prefix that the host volume must match.
// pathPrefix is the path prefix that the host volume must match.
// It does not support `*`.
// Trailing slashes are trimmed when validating the path prefix with a host path.
//
@ -213,9 +233,13 @@ type AllowedHostPath struct {
// `/foo` would allow `/foo`, `/foo/` and `/foo/bar`
// `/foo` would not allow `/food` or `/etc/foo`
PathPrefix string `json:"pathPrefix,omitempty" protobuf:"bytes,1,rep,name=pathPrefix"`
// when set to true, will allow host volumes matching the pathPrefix only if all volume mounts are readOnly.
// +optional
ReadOnly bool `json:"readOnly,omitempty" protobuf:"varint,2,opt,name=readOnly"`
}
// FS Type gives strong typing to different file systems that are used by volumes.
// FSType gives strong typing to different file systems that are used by volumes.
type FSType string
var (
@ -245,11 +269,11 @@ var (
// AllowedFlexVolume represents a single Flexvolume that is allowed to be used.
type AllowedFlexVolume struct {
// Driver is the name of the Flexvolume driver.
// driver is the name of the Flexvolume driver.
Driver string `json:"driver" protobuf:"bytes,1,opt,name=driver"`
}
// Host Port Range defines a range of host ports that will be enabled by a policy
// HostPortRange defines a range of host ports that will be enabled by a policy
// for pods to use. It requires both the start and end to be defined.
type HostPortRange struct {
// min is the start of the range, inclusive.
@ -258,9 +282,9 @@ type HostPortRange struct {
Max int32 `json:"max" protobuf:"varint,2,opt,name=max"`
}
// SELinux Strategy Options defines the strategy type and any options used to create the strategy.
// SELinuxStrategyOptions defines the strategy type and any options used to create the strategy.
type SELinuxStrategyOptions struct {
// type is the strategy that will dictate the allowable labels that may be set.
// rule is the strategy that will dictate the allowable labels that may be set.
Rule SELinuxStrategy `json:"rule" protobuf:"bytes,1,opt,name=rule,casttype=SELinuxStrategy"`
// seLinuxOptions required to run as; required for MustRunAs
// More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
@ -273,26 +297,27 @@ type SELinuxStrategyOptions struct {
type SELinuxStrategy string
const (
// container must have SELinux labels of X applied.
// SELinuxStrategyMustRunAs means that container must have SELinux labels of X applied.
SELinuxStrategyMustRunAs SELinuxStrategy = "MustRunAs"
// container may make requests for any SELinux context labels.
// SELinuxStrategyRunAsAny means that container may make requests for any SELinux context labels.
SELinuxStrategyRunAsAny SELinuxStrategy = "RunAsAny"
)
// Run A sUser Strategy Options defines the strategy type and any options used to create the strategy.
// RunAsUserStrategyOptions defines the strategy type and any options used to create the strategy.
type RunAsUserStrategyOptions struct {
// Rule is the strategy that will dictate the allowable RunAsUser values that may be set.
// rule is the strategy that will dictate the allowable RunAsUser values that may be set.
Rule RunAsUserStrategy `json:"rule" protobuf:"bytes,1,opt,name=rule,casttype=RunAsUserStrategy"`
// Ranges are the allowed ranges of uids that may be used.
// ranges are the allowed ranges of uids that may be used. If you would like to force a single uid
// then supply a single range with the same start and end. Required for MustRunAs.
// +optional
Ranges []IDRange `json:"ranges,omitempty" protobuf:"bytes,2,rep,name=ranges"`
}
// ID Range provides a min/max of an allowed range of IDs.
// IDRange provides a min/max of an allowed range of IDs.
type IDRange struct {
// Min is the start of the range, inclusive.
// min is the start of the range, inclusive.
Min int64 `json:"min" protobuf:"varint,1,opt,name=min"`
// Max is the end of the range, inclusive.
// max is the end of the range, inclusive.
Max int64 `json:"max" protobuf:"varint,2,opt,name=max"`
}
@ -301,21 +326,21 @@ type IDRange struct {
type RunAsUserStrategy string
const (
// container must run as a particular uid.
// RunAsUserStrategyMustRunAs means that container must run as a particular uid.
RunAsUserStrategyMustRunAs RunAsUserStrategy = "MustRunAs"
// container must run as a non-root uid
// RunAsUserStrategyMustRunAsNonRoot means that container must run as a non-root uid.
RunAsUserStrategyMustRunAsNonRoot RunAsUserStrategy = "MustRunAsNonRoot"
// container may make requests for any uid.
// RunAsUserStrategyRunAsAny means that container may make requests for any uid.
RunAsUserStrategyRunAsAny RunAsUserStrategy = "RunAsAny"
)
// FSGroupStrategyOptions defines the strategy type and options used to create the strategy.
type FSGroupStrategyOptions struct {
// Rule is the strategy that will dictate what FSGroup is used in the SecurityContext.
// rule is the strategy that will dictate what FSGroup is used in the SecurityContext.
// +optional
Rule FSGroupStrategyType `json:"rule,omitempty" protobuf:"bytes,1,opt,name=rule,casttype=FSGroupStrategyType"`
// Ranges are the allowed ranges of fs groups. If you would like to force a single
// fs group then supply a single range with the same start and end.
// ranges are the allowed ranges of fs groups. If you would like to force a single
// fs group then supply a single range with the same start and end. Required for MustRunAs.
// +optional
Ranges []IDRange `json:"ranges,omitempty" protobuf:"bytes,2,rep,name=ranges"`
}
@ -325,19 +350,19 @@ type FSGroupStrategyOptions struct {
type FSGroupStrategyType string
const (
// container must have FSGroup of X applied.
// FSGroupStrategyMustRunAs meant that container must have FSGroup of X applied.
FSGroupStrategyMustRunAs FSGroupStrategyType = "MustRunAs"
// container may make requests for any FSGroup labels.
// FSGroupStrategyRunAsAny means that container may make requests for any FSGroup labels.
FSGroupStrategyRunAsAny FSGroupStrategyType = "RunAsAny"
)
// SupplementalGroupsStrategyOptions defines the strategy type and options used to create the strategy.
type SupplementalGroupsStrategyOptions struct {
// Rule is the strategy that will dictate what supplemental groups is used in the SecurityContext.
// rule is the strategy that will dictate what supplemental groups is used in the SecurityContext.
// +optional
Rule SupplementalGroupsStrategyType `json:"rule,omitempty" protobuf:"bytes,1,opt,name=rule,casttype=SupplementalGroupsStrategyType"`
// Ranges are the allowed ranges of supplemental groups. If you would like to force a single
// supplemental group then supply a single range with the same start and end.
// ranges are the allowed ranges of supplemental groups. If you would like to force a single
// supplemental group then supply a single range with the same start and end. Required for MustRunAs.
// +optional
Ranges []IDRange `json:"ranges,omitempty" protobuf:"bytes,2,rep,name=ranges"`
}
@ -347,15 +372,15 @@ type SupplementalGroupsStrategyOptions struct {
type SupplementalGroupsStrategyType string
const (
// container must run as a particular gid.
// SupplementalGroupsStrategyMustRunAs means that container must run as a particular gid.
SupplementalGroupsStrategyMustRunAs SupplementalGroupsStrategyType = "MustRunAs"
// container may make requests for any gid.
// SupplementalGroupsStrategyRunAsAny means that container may make requests for any gid.
SupplementalGroupsStrategyRunAsAny SupplementalGroupsStrategyType = "RunAsAny"
)
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// Pod Security Policy List is a list of PodSecurityPolicy objects.
// PodSecurityPolicyList is a list of PodSecurityPolicy objects.
type PodSecurityPolicyList struct {
metav1.TypeMeta `json:",inline"`
// Standard list metadata.
@ -363,6 +388,6 @@ type PodSecurityPolicyList struct {
// +optional
metav1.ListMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"`
// Items is a list of schema objects.
// items is a list of schema objects.
Items []PodSecurityPolicy `json:"items" protobuf:"bytes,2,rep,name=items"`
}

69
vendor/k8s.io/api/policy/v1beta1/types_swagger_doc_generated.go generated vendored
View file

@ -1,5 +1,5 @@
/*
Copyright 2016 The Kubernetes Authors.
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
@ -26,10 +26,10 @@ package v1beta1
//
// Those methods can be generated by using hack/update-generated-swagger-docs.sh
// AUTO-GENERATED FUNCTIONS START HERE
// AUTO-GENERATED FUNCTIONS START HERE. DO NOT EDIT.
var map_AllowedFlexVolume = map[string]string{
"": "AllowedFlexVolume represents a single Flexvolume that is allowed to be used.",
"driver": "Driver is the name of the Flexvolume driver.",
"driver": "driver is the name of the Flexvolume driver.",
}
func (AllowedFlexVolume) SwaggerDoc() map[string]string {
@ -37,8 +37,9 @@ func (AllowedFlexVolume) SwaggerDoc() map[string]string {
}
var map_AllowedHostPath = map[string]string{
"": "defines the host volume conditions that will be enabled by a policy for pods to use. It requires the path prefix to be defined.",
"pathPrefix": "is the path prefix that the host volume must match. It does not support `*`. Trailing slashes are trimmed when validating the path prefix with a host path.\n\nExamples: `/foo` would allow `/foo`, `/foo/` and `/foo/bar` `/foo` would not allow `/food` or `/etc/foo`",
"": "AllowedHostPath defines the host volume conditions that will be enabled by a policy for pods to use. It requires the path prefix to be defined.",
"pathPrefix": "pathPrefix is the path prefix that the host volume must match. It does not support `*`. Trailing slashes are trimmed when validating the path prefix with a host path.\n\nExamples: `/foo` would allow `/foo`, `/foo/` and `/foo/bar` `/foo` would not allow `/food` or `/etc/foo`",
"readOnly": "when set to true, will allow host volumes matching the pathPrefix only if all volume mounts are readOnly.",
}
func (AllowedHostPath) SwaggerDoc() map[string]string {
@ -57,8 +58,8 @@ func (Eviction) SwaggerDoc() map[string]string {
var map_FSGroupStrategyOptions = map[string]string{
"": "FSGroupStrategyOptions defines the strategy type and options used to create the strategy.",
"rule": "Rule is the strategy that will dictate what FSGroup is used in the SecurityContext.",
"ranges": "Ranges are the allowed ranges of fs groups. If you would like to force a single fs group then supply a single range with the same start and end.",
"rule": "rule is the strategy that will dictate what FSGroup is used in the SecurityContext.",
"ranges": "ranges are the allowed ranges of fs groups. If you would like to force a single fs group then supply a single range with the same start and end. Required for MustRunAs.",
}
func (FSGroupStrategyOptions) SwaggerDoc() map[string]string {
@ -66,7 +67,7 @@ func (FSGroupStrategyOptions) SwaggerDoc() map[string]string {
}
var map_HostPortRange = map[string]string{
"": "Host Port Range defines a range of host ports that will be enabled by a policy for pods to use. It requires both the start and end to be defined.",
"": "HostPortRange defines a range of host ports that will be enabled by a policy for pods to use. It requires both the start and end to be defined.",
"min": "min is the start of the range, inclusive.",
"max": "max is the end of the range, inclusive.",
}
@ -76,9 +77,9 @@ func (HostPortRange) SwaggerDoc() map[string]string {
}
var map_IDRange = map[string]string{
"": "ID Range provides a min/max of an allowed range of IDs.",
"min": "Min is the start of the range, inclusive.",
"max": "Max is the end of the range, inclusive.",
"": "IDRange provides a min/max of an allowed range of IDs.",
"min": "min is the start of the range, inclusive.",
"max": "max is the end of the range, inclusive.",
}
func (IDRange) SwaggerDoc() map[string]string {
@ -129,7 +130,7 @@ func (PodDisruptionBudgetStatus) SwaggerDoc() map[string]string {
}
var map_PodSecurityPolicy = map[string]string{
"": "Pod Security Policy governs the ability to make requests that affect the Security Context that will be applied to a pod and container.",
"": "PodSecurityPolicy governs the ability to make requests that affect the Security Context that will be applied to a pod and container.",
"metadata": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata",
"spec": "spec defines the policy enforced.",
}
@ -139,9 +140,9 @@ func (PodSecurityPolicy) SwaggerDoc() map[string]string {
}
var map_PodSecurityPolicyList = map[string]string{
"": "Pod Security Policy List is a list of PodSecurityPolicy objects.",
"": "PodSecurityPolicyList is a list of PodSecurityPolicy objects.",
"metadata": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata",
"items": "Items is a list of schema objects.",
"items": "items is a list of schema objects.",
}
func (PodSecurityPolicyList) SwaggerDoc() map[string]string {
@ -149,25 +150,27 @@ func (PodSecurityPolicyList) SwaggerDoc() map[string]string {
}
var map_PodSecurityPolicySpec = map[string]string{
"": "Pod Security Policy Spec defines the policy enforced.",
"": "PodSecurityPolicySpec defines the policy enforced.",
"privileged": "privileged determines if a pod can request to be run as privileged.",
"defaultAddCapabilities": "DefaultAddCapabilities is the default set of capabilities that will be added to the container unless the pod spec specifically drops the capability. You may not list a capability in both DefaultAddCapabilities and RequiredDropCapabilities. Capabilities added here are implicitly allowed, and need not be included in the AllowedCapabilities list.",
"requiredDropCapabilities": "RequiredDropCapabilities are the capabilities that will be dropped from the container. These are required to be dropped and cannot be added.",
"allowedCapabilities": "AllowedCapabilities is a list of capabilities that can be requested to add to the container. Capabilities in this field may be added at the pod author's discretion. You must not list a capability in both AllowedCapabilities and RequiredDropCapabilities.",
"volumes": "volumes is a white list of allowed volume plugins. Empty indicates that all plugins may be used.",
"defaultAddCapabilities": "defaultAddCapabilities is the default set of capabilities that will be added to the container unless the pod spec specifically drops the capability. You may not list a capability in both defaultAddCapabilities and requiredDropCapabilities. Capabilities added here are implicitly allowed, and need not be included in the allowedCapabilities list.",
"requiredDropCapabilities": "requiredDropCapabilities are the capabilities that will be dropped from the container. These are required to be dropped and cannot be added.",
"allowedCapabilities": "allowedCapabilities is a list of capabilities that can be requested to add to the container. Capabilities in this field may be added at the pod author's discretion. You must not list a capability in both allowedCapabilities and requiredDropCapabilities.",
"volumes": "volumes is a white list of allowed volume plugins. Empty indicates that no volumes may be used. To allow all volumes you may use '*'.",
"hostNetwork": "hostNetwork determines if the policy allows the use of HostNetwork in the pod spec.",
"hostPorts": "hostPorts determines which host port ranges are allowed to be exposed.",
"hostPID": "hostPID determines if the policy allows the use of HostPID in the pod spec.",
"hostIPC": "hostIPC determines if the policy allows the use of HostIPC in the pod spec.",
"seLinux": "seLinux is the strategy that will dictate the allowable labels that may be set.",
"runAsUser": "runAsUser is the strategy that will dictate the allowable RunAsUser values that may be set.",
"supplementalGroups": "SupplementalGroups is the strategy that will dictate what supplemental groups are used by the SecurityContext.",
"fsGroup": "FSGroup is the strategy that will dictate what fs group is used by the SecurityContext.",
"readOnlyRootFilesystem": "ReadOnlyRootFilesystem when set to true will force containers to run with a read only root file system. If the container specifically requests to run with a non-read only root file system the PSP should deny the pod. If set to false the container may run with a read only root file system if it wishes but it will not be forced to.",
"defaultAllowPrivilegeEscalation": "DefaultAllowPrivilegeEscalation controls the default setting for whether a process can gain more privileges than its parent process.",
"allowPrivilegeEscalation": "AllowPrivilegeEscalation determines if a pod can request to allow privilege escalation. If unspecified, defaults to true.",
"allowedHostPaths": "is a white list of allowed host paths. Empty indicates that all host paths may be used.",
"allowedFlexVolumes": "AllowedFlexVolumes is a whitelist of allowed Flexvolumes. Empty or nil indicates that all Flexvolumes may be used. This parameter is effective only when the usage of the Flexvolumes is allowed in the \"Volumes\" field.",
"supplementalGroups": "supplementalGroups is the strategy that will dictate what supplemental groups are used by the SecurityContext.",
"fsGroup": "fsGroup is the strategy that will dictate what fs group is used by the SecurityContext.",
"readOnlyRootFilesystem": "readOnlyRootFilesystem when set to true will force containers to run with a read only root file system. If the container specifically requests to run with a non-read only root file system the PSP should deny the pod. If set to false the container may run with a read only root file system if it wishes but it will not be forced to.",
"defaultAllowPrivilegeEscalation": "defaultAllowPrivilegeEscalation controls the default setting for whether a process can gain more privileges than its parent process.",
"allowPrivilegeEscalation": "allowPrivilegeEscalation determines if a pod can request to allow privilege escalation. If unspecified, defaults to true.",
"allowedHostPaths": "allowedHostPaths is a white list of allowed host paths. Empty indicates that all host paths may be used.",
"allowedFlexVolumes": "allowedFlexVolumes is a whitelist of allowed Flexvolumes. Empty or nil indicates that all Flexvolumes may be used. This parameter is effective only when the usage of the Flexvolumes is allowed in the \"volumes\" field.",
"allowedUnsafeSysctls": "allowedUnsafeSysctls is a list of explicitly allowed unsafe sysctls, defaults to none. Each entry is either a plain sysctl name or ends in \"*\" in which case it is considered as a prefix of allowed sysctls. Single * means all unsafe sysctls are allowed. Kubelet has to whitelist all allowed unsafe sysctls explicitly to avoid rejection.\n\nExamples: e.g. \"foo/*\" allows \"foo/bar\", \"foo/baz\", etc. e.g. \"foo.*\" allows \"foo.bar\", \"foo.baz\", etc.",
"forbiddenSysctls": "forbiddenSysctls is a list of explicitly forbidden sysctls, defaults to none. Each entry is either a plain sysctl name or ends in \"*\" in which case it is considered as a prefix of forbidden sysctls. Single * means all sysctls are forbidden.\n\nExamples: e.g. \"foo/*\" forbids \"foo/bar\", \"foo/baz\", etc. e.g. \"foo.*\" forbids \"foo.bar\", \"foo.baz\", etc.",
}
func (PodSecurityPolicySpec) SwaggerDoc() map[string]string {
@ -175,9 +178,9 @@ func (PodSecurityPolicySpec) SwaggerDoc() map[string]string {
}
var map_RunAsUserStrategyOptions = map[string]string{
"": "Run A sUser Strategy Options defines the strategy type and any options used to create the strategy.",
"rule": "Rule is the strategy that will dictate the allowable RunAsUser values that may be set.",
"ranges": "Ranges are the allowed ranges of uids that may be used.",
"": "RunAsUserStrategyOptions defines the strategy type and any options used to create the strategy.",
"rule": "rule is the strategy that will dictate the allowable RunAsUser values that may be set.",
"ranges": "ranges are the allowed ranges of uids that may be used. If you would like to force a single uid then supply a single range with the same start and end. Required for MustRunAs.",
}
func (RunAsUserStrategyOptions) SwaggerDoc() map[string]string {
@ -185,8 +188,8 @@ func (RunAsUserStrategyOptions) SwaggerDoc() map[string]string {
}
var map_SELinuxStrategyOptions = map[string]string{
"": "SELinux Strategy Options defines the strategy type and any options used to create the strategy.",
"rule": "type is the strategy that will dictate the allowable labels that may be set.",
"": "SELinuxStrategyOptions defines the strategy type and any options used to create the strategy.",
"rule": "rule is the strategy that will dictate the allowable labels that may be set.",
"seLinuxOptions": "seLinuxOptions required to run as; required for MustRunAs More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/",
}
@ -196,8 +199,8 @@ func (SELinuxStrategyOptions) SwaggerDoc() map[string]string {
var map_SupplementalGroupsStrategyOptions = map[string]string{
"": "SupplementalGroupsStrategyOptions defines the strategy type and options used to create the strategy.",
"rule": "Rule is the strategy that will dictate what supplemental groups is used in the SecurityContext.",
"ranges": "Ranges are the allowed ranges of supplemental groups. If you would like to force a single supplemental group then supply a single range with the same start and end.",
"rule": "rule is the strategy that will dictate what supplemental groups is used in the SecurityContext.",
"ranges": "ranges are the allowed ranges of supplemental groups. If you would like to force a single supplemental group then supply a single range with the same start and end. Required for MustRunAs.",
}
func (SupplementalGroupsStrategyOptions) SwaggerDoc() map[string]string {

12
vendor/k8s.io/api/policy/v1beta1/zz_generated.deepcopy.go generated vendored
View file

@ -1,7 +1,7 @@
// +build !ignore_autogenerated
/*
Copyright 2018 The Kubernetes Authors.
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
@ -394,6 +394,16 @@ func (in *PodSecurityPolicySpec) DeepCopyInto(out *PodSecurityPolicySpec) {
*out = make([]AllowedFlexVolume, len(*in))
copy(*out, *in)
}
if in.AllowedUnsafeSysctls != nil {
in, out := &in.AllowedUnsafeSysctls, &out.AllowedUnsafeSysctls
*out = make([]string, len(*in))
copy(*out, *in)
}
if in.ForbiddenSysctls != nil {
in, out := &in.ForbiddenSysctls, &out.ForbiddenSysctls
*out = make([]string, len(*in))
copy(*out, *in)
}
return
}

2
vendor/k8s.io/api/rbac/v1/generated.pb.go generated vendored
View file

@ -1,5 +1,5 @@
/*
Copyright 2018 The Kubernetes Authors.
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.

4
vendor/k8s.io/api/rbac/v1/generated.proto generated vendored
View file

@ -1,5 +1,5 @@
/*
Copyright 2018 The Kubernetes Authors.
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
@ -62,6 +62,7 @@ message ClusterRoleBinding {
optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1;
// Subjects holds references to the objects the role applies to.
// +optional
repeated Subject subjects = 2;
// RoleRef can only reference a ClusterRole in the global namespace.
@ -134,6 +135,7 @@ message RoleBinding {
optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1;
// Subjects holds references to the objects the role applies to.
// +optional
repeated Subject subjects = 2;
// RoleRef can reference a Role in the current namespace or a ClusterRole in the global namespace.

6
vendor/k8s.io/api/rbac/v1/types.go generated vendored
View file

@ -124,7 +124,8 @@ type RoleBinding struct {
metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"`
// Subjects holds references to the objects the role applies to.
Subjects []Subject `json:"subjects" protobuf:"bytes,2,rep,name=subjects"`
// +optional
Subjects []Subject `json:"subjects,omitempty" protobuf:"bytes,2,rep,name=subjects"`
// RoleRef can reference a Role in the current namespace or a ClusterRole in the global namespace.
// If the RoleRef cannot be resolved, the Authorizer must return an error.
@ -199,7 +200,8 @@ type ClusterRoleBinding struct {
metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"`
// Subjects holds references to the objects the role applies to.
Subjects []Subject `json:"subjects" protobuf:"bytes,2,rep,name=subjects"`
// +optional
Subjects []Subject `json:"subjects,omitempty" protobuf:"bytes,2,rep,name=subjects"`
// RoleRef can only reference a ClusterRole in the global namespace.
// If the RoleRef cannot be resolved, the Authorizer must return an error.

4
vendor/k8s.io/api/rbac/v1/types_swagger_doc_generated.go generated vendored
View file

@ -1,5 +1,5 @@
/*
Copyright 2016 The Kubernetes Authors.
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
@ -26,7 +26,7 @@ package v1
//
// Those methods can be generated by using hack/update-generated-swagger-docs.sh
// AUTO-GENERATED FUNCTIONS START HERE
// AUTO-GENERATED FUNCTIONS START HERE. DO NOT EDIT.
var map_AggregationRule = map[string]string{
"": "AggregationRule describes how to locate ClusterRoles to aggregate into the ClusterRole",
"clusterRoleSelectors": "ClusterRoleSelectors holds a list of selectors which will be used to find ClusterRoles and create the rules. If any of the selectors match, then the ClusterRole's permissions will be added",

2
vendor/k8s.io/api/rbac/v1/zz_generated.deepcopy.go generated vendored
View file

@ -1,7 +1,7 @@
// +build !ignore_autogenerated
/*
Copyright 2018 The Kubernetes Authors.
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.

2
vendor/k8s.io/api/rbac/v1alpha1/generated.pb.go generated vendored
View file

@ -1,5 +1,5 @@
/*
Copyright 2018 The Kubernetes Authors.
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.

Some files were not shown because too many files have changed in this diff Show more