mirror of
https://github.com/ceph/ceph-csi.git
synced 2024-10-18 21:29:50 +00:00
84 lines
3.5 KiB
Go
84 lines
3.5 KiB
Go
|
/*
|
||
|
Copyright 2016 The Kubernetes Authors.
|
||
|
|
||
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||
|
you may not use this file except in compliance with the License.
|
||
|
You may obtain a copy of the License at
|
||
|
|
||
|
http://www.apache.org/licenses/LICENSE-2.0
|
||
|
|
||
|
Unless required by applicable law or agreed to in writing, software
|
||
|
distributed under the License is distributed on an "AS IS" BASIS,
|
||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||
|
See the License for the specific language governing permissions and
|
||
|
limitations under the License.
|
||
|
*/
|
||
|
|
||
|
package v1alpha1
|
||
|
|
||
|
import (
|
||
|
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||
|
)
|
||
|
|
||
|
// +genclient
|
||
|
// +genclient:nonNamespaced
|
||
|
// +genclient:noVerbs
|
||
|
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
||
|
|
||
|
// ImageReview checks if the set of images in a pod are allowed.
|
||
|
type ImageReview struct {
|
||
|
metav1.TypeMeta `json:",inline"`
|
||
|
// Standard object's metadata.
|
||
|
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
|
||
|
// +optional
|
||
|
metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"`
|
||
|
|
||
|
// Spec holds information about the pod being evaluated
|
||
|
Spec ImageReviewSpec `json:"spec" protobuf:"bytes,2,opt,name=spec"`
|
||
|
|
||
|
// Status is filled in by the backend and indicates whether the pod should be allowed.
|
||
|
// +optional
|
||
|
Status ImageReviewStatus `json:"status,omitempty" protobuf:"bytes,3,opt,name=status"`
|
||
|
}
|
||
|
|
||
|
// ImageReviewSpec is a description of the pod creation request.
|
||
|
type ImageReviewSpec struct {
|
||
|
// Containers is a list of a subset of the information in each container of the Pod being created.
|
||
|
// +optional
|
||
|
// +listType=atomic
|
||
|
Containers []ImageReviewContainerSpec `json:"containers,omitempty" protobuf:"bytes,1,rep,name=containers"`
|
||
|
// Annotations is a list of key-value pairs extracted from the Pod's annotations.
|
||
|
// It only includes keys which match the pattern `*.image-policy.k8s.io/*`.
|
||
|
// It is up to each webhook backend to determine how to interpret these annotations, if at all.
|
||
|
// +optional
|
||
|
Annotations map[string]string `json:"annotations,omitempty" protobuf:"bytes,2,rep,name=annotations"`
|
||
|
// Namespace is the namespace the pod is being created in.
|
||
|
// +optional
|
||
|
Namespace string `json:"namespace,omitempty" protobuf:"bytes,3,opt,name=namespace"`
|
||
|
}
|
||
|
|
||
|
// ImageReviewContainerSpec is a description of a container within the pod creation request.
|
||
|
type ImageReviewContainerSpec struct {
|
||
|
// This can be in the form image:tag or image@SHA:012345679abcdef.
|
||
|
// +optional
|
||
|
Image string `json:"image,omitempty" protobuf:"bytes,1,opt,name=image"`
|
||
|
// In future, we may add command line overrides, exec health check command lines, and so on.
|
||
|
}
|
||
|
|
||
|
// ImageReviewStatus is the result of the review for the pod creation request.
|
||
|
type ImageReviewStatus struct {
|
||
|
// Allowed indicates that all images were allowed to be run.
|
||
|
Allowed bool `json:"allowed" protobuf:"varint,1,opt,name=allowed"`
|
||
|
// Reason should be empty unless Allowed is false in which case it
|
||
|
// may contain a short description of what is wrong. Kubernetes
|
||
|
// may truncate excessively long errors when displaying to the user.
|
||
|
// +optional
|
||
|
Reason string `json:"reason,omitempty" protobuf:"bytes,2,opt,name=reason"`
|
||
|
// AuditAnnotations will be added to the attributes object of the
|
||
|
// admission controller request using 'AddAnnotation'. The keys should
|
||
|
// be prefix-less (i.e., the admission controller will add an
|
||
|
// appropriate prefix).
|
||
|
// +optional
|
||
|
AuditAnnotations map[string]string `json:"auditAnnotations,omitempty" protobuf:"bytes,3,rep,name=auditAnnotations"`
|
||
|
}
|