163 lines
		
	
	
		
			5.2 KiB
		
	
	
	
		
			Protocol Buffer
		
	
	
	
	
	
			
		
		
	
	
			163 lines
		
	
	
		
			5.2 KiB
		
	
	
	
		
			Protocol Buffer
		
	
	
	
	
	
| /*
 | |
| Copyright The Kubernetes Authors.
 | |
| 
 | |
| Licensed under the Apache License, Version 2.0 (the "License");
 | |
| you may not use this file except in compliance with the License.
 | |
| You may obtain a copy of the License at
 | |
| 
 | |
|     http://www.apache.org/licenses/LICENSE-2.0
 | |
| 
 | |
| Unless required by applicable law or agreed to in writing, software
 | |
| distributed under the License is distributed on an "AS IS" BASIS,
 | |
| WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 | |
| See the License for the specific language governing permissions and
 | |
| limitations under the License.
 | |
| */
 | |
| 
 | |
| 
 | |
| // This file was autogenerated by go-to-protobuf. Do not edit it manually!
 | |
| 
 | |
| syntax = 'proto2';
 | |
| 
 | |
| package k8s.io.api.auditregistration.v1alpha1;
 | |
| 
 | |
| import "k8s.io/apimachinery/pkg/apis/meta/v1/generated.proto";
 | |
| import "k8s.io/apimachinery/pkg/runtime/generated.proto";
 | |
| import "k8s.io/apimachinery/pkg/runtime/schema/generated.proto";
 | |
| 
 | |
| // Package-wide variables from generator "generated".
 | |
| option go_package = "v1alpha1";
 | |
| 
 | |
| // AuditSink represents a cluster level audit sink
 | |
| message AuditSink {
 | |
|   // +optional
 | |
|   optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1;
 | |
| 
 | |
|   // Spec defines the audit configuration spec
 | |
|   optional AuditSinkSpec spec = 2;
 | |
| }
 | |
| 
 | |
| // AuditSinkList is a list of AuditSink items.
 | |
| message AuditSinkList {
 | |
|   // +optional
 | |
|   optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1;
 | |
| 
 | |
|   // List of audit configurations.
 | |
|   repeated AuditSink items = 2;
 | |
| }
 | |
| 
 | |
| // AuditSinkSpec holds the spec for the audit sink
 | |
| message AuditSinkSpec {
 | |
|   // Policy defines the policy for selecting which events should be sent to the webhook
 | |
|   // required
 | |
|   optional Policy policy = 1;
 | |
| 
 | |
|   // Webhook to send events
 | |
|   // required
 | |
|   optional Webhook webhook = 2;
 | |
| }
 | |
| 
 | |
| // Policy defines the configuration of how audit events are logged
 | |
| message Policy {
 | |
|   // The Level that all requests are recorded at.
 | |
|   // available options: None, Metadata, Request, RequestResponse
 | |
|   // required
 | |
|   optional string level = 1;
 | |
| 
 | |
|   // Stages is a list of stages for which events are created.
 | |
|   // +optional
 | |
|   repeated string stages = 2;
 | |
| }
 | |
| 
 | |
| // ServiceReference holds a reference to Service.legacy.k8s.io
 | |
| message ServiceReference {
 | |
|   // `namespace` is the namespace of the service.
 | |
|   // Required
 | |
|   optional string namespace = 1;
 | |
| 
 | |
|   // `name` is the name of the service.
 | |
|   // Required
 | |
|   optional string name = 2;
 | |
| 
 | |
|   // `path` is an optional URL path which will be sent in any request to
 | |
|   // this service.
 | |
|   // +optional
 | |
|   optional string path = 3;
 | |
| 
 | |
|   // If specified, the port on the service that hosting webhook.
 | |
|   // Default to 443 for backward compatibility.
 | |
|   // `port` should be a valid port number (1-65535, inclusive).
 | |
|   // +optional
 | |
|   optional int32 port = 4;
 | |
| }
 | |
| 
 | |
| // Webhook holds the configuration of the webhook
 | |
| message Webhook {
 | |
|   // Throttle holds the options for throttling the webhook
 | |
|   // +optional
 | |
|   optional WebhookThrottleConfig throttle = 1;
 | |
| 
 | |
|   // ClientConfig holds the connection parameters for the webhook
 | |
|   // required
 | |
|   optional WebhookClientConfig clientConfig = 2;
 | |
| }
 | |
| 
 | |
| // WebhookClientConfig contains the information to make a connection with the webhook
 | |
| message WebhookClientConfig {
 | |
|   // `url` gives the location of the webhook, in standard URL form
 | |
|   // (`scheme://host:port/path`). Exactly one of `url` or `service`
 | |
|   // must be specified.
 | |
|   //
 | |
|   // The `host` should not refer to a service running in the cluster; use
 | |
|   // the `service` field instead. The host might be resolved via external
 | |
|   // DNS in some apiservers (e.g., `kube-apiserver` cannot resolve
 | |
|   // in-cluster DNS as that would be a layering violation). `host` may
 | |
|   // also be an IP address.
 | |
|   //
 | |
|   // Please note that using `localhost` or `127.0.0.1` as a `host` is
 | |
|   // risky unless you take great care to run this webhook on all hosts
 | |
|   // which run an apiserver which might need to make calls to this
 | |
|   // webhook. Such installs are likely to be non-portable, i.e., not easy
 | |
|   // to turn up in a new cluster.
 | |
|   //
 | |
|   // The scheme must be "https"; the URL must begin with "https://".
 | |
|   //
 | |
|   // A path is optional, and if present may be any string permissible in
 | |
|   // a URL. You may use the path to pass an arbitrary string to the
 | |
|   // webhook, for example, a cluster identifier.
 | |
|   //
 | |
|   // Attempting to use a user or basic auth e.g. "user:password@" is not
 | |
|   // allowed. Fragments ("#...") and query parameters ("?...") are not
 | |
|   // allowed, either.
 | |
|   //
 | |
|   // +optional
 | |
|   optional string url = 1;
 | |
| 
 | |
|   // `service` is a reference to the service for this webhook. Either
 | |
|   // `service` or `url` must be specified.
 | |
|   //
 | |
|   // If the webhook is running within the cluster, then you should use `service`.
 | |
|   //
 | |
|   // +optional
 | |
|   optional ServiceReference service = 2;
 | |
| 
 | |
|   // `caBundle` is a PEM encoded CA bundle which will be used to validate the webhook's server certificate.
 | |
|   // If unspecified, system trust roots on the apiserver are used.
 | |
|   // +optional
 | |
|   optional bytes caBundle = 3;
 | |
| }
 | |
| 
 | |
| // WebhookThrottleConfig holds the configuration for throttling events
 | |
| message WebhookThrottleConfig {
 | |
|   // ThrottleQPS maximum number of batches per second
 | |
|   // default 10 QPS
 | |
|   // +optional
 | |
|   optional int64 qps = 1;
 | |
| 
 | |
|   // ThrottleBurst is the maximum number of events sent at the same moment
 | |
|   // default 15 QPS
 | |
|   // +optional
 | |
|   optional int64 burst = 2;
 | |
| }
 | |
| 
 |