akillibulut
/
kilo
miroir de https://github.com/squat/kilo


			
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158
							/*
Copyright The Kubernetes Authors.

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

    http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/


// This file was autogenerated by go-to-protobuf. Do not edit it manually!

syntax = 'proto2';

package k8s.io.api.auditregistration.v1alpha1;

import "k8s.io/apimachinery/pkg/apis/meta/v1/generated.proto";
import "k8s.io/apimachinery/pkg/runtime/generated.proto";
import "k8s.io/apimachinery/pkg/runtime/schema/generated.proto";

// Package-wide variables from generator "generated".
option go_package = "v1alpha1";

// AuditSink represents a cluster level audit sink
message AuditSink {
  // +optional
  optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1;

  // Spec defines the audit configuration spec
  optional AuditSinkSpec spec = 2;
}

// AuditSinkList is a list of AuditSink items.
message AuditSinkList {
  // +optional
  optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1;

  // List of audit configurations.
  repeated AuditSink items = 2;
}

// AuditSinkSpec holds the spec for the audit sink
message AuditSinkSpec {
  // Policy defines the policy for selecting which events should be sent to the webhook
  // required
  optional Policy policy = 1;

  // Webhook to send events
  // required
  optional Webhook webhook = 2;
}

// Policy defines the configuration of how audit events are logged
message Policy {
  // The Level that all requests are recorded at.
  // available options: None, Metadata, Request, RequestResponse
  // required
  optional string level = 1;

  // Stages is a list of stages for which events are created.
  // +optional
  repeated string stages = 2;
}

// ServiceReference holds a reference to Service.legacy.k8s.io
message ServiceReference {
  // `namespace` is the namespace of the service.
  // Required
  optional string namespace = 1;

  // `name` is the name of the service.
  // Required
  optional string name = 2;

  // `path` is an optional URL path which will be sent in any request to
  // this service.
  // +optional
  optional string path = 3;
}

// Webhook holds the configuration of the webhook
message Webhook {
  // Throttle holds the options for throttling the webhook
  // +optional
  optional WebhookThrottleConfig throttle = 1;

  // ClientConfig holds the connection parameters for the webhook
  // required
  optional WebhookClientConfig clientConfig = 2;
}

// WebhookClientConfig contains the information to make a connection with the webhook
message WebhookClientConfig {
  // `url` gives the location of the webhook, in standard URL form
  // (`scheme://host:port/path`). Exactly one of `url` or `service`
  // must be specified.
  //
  // The `host` should not refer to a service running in the cluster; use
  // the `service` field instead. The host might be resolved via external
  // DNS in some apiservers (e.g., `kube-apiserver` cannot resolve
  // in-cluster DNS as that would be a layering violation). `host` may
  // also be an IP address.
  //
  // Please note that using `localhost` or `127.0.0.1` as a `host` is
  // risky unless you take great care to run this webhook on all hosts
  // which run an apiserver which might need to make calls to this
  // webhook. Such installs are likely to be non-portable, i.e., not easy
  // to turn up in a new cluster.
  //
  // The scheme must be "https"; the URL must begin with "https://".
  //
  // A path is optional, and if present may be any string permissible in
  // a URL. You may use the path to pass an arbitrary string to the
  // webhook, for example, a cluster identifier.
  //
  // Attempting to use a user or basic auth e.g. "user:password@" is not
  // allowed. Fragments ("#...") and query parameters ("?...") are not
  // allowed, either.
  //
  // +optional
  optional string url = 1;

  // `service` is a reference to the service for this webhook. Either
  // `service` or `url` must be specified.
  //
  // If the webhook is running within the cluster, then you should use `service`.
  //
  // Port 443 will be used if it is open, otherwise it is an error.
  //
  // +optional
  optional ServiceReference service = 2;

  // `caBundle` is a PEM encoded CA bundle which will be used to validate the webhook's server certificate.
  // If unspecified, system trust roots on the apiserver are used.
  // +optional
  optional bytes caBundle = 3;
}

// WebhookThrottleConfig holds the configuration for throttling events
message WebhookThrottleConfig {
  // ThrottleQPS maximum number of batches per second
  // default 10 QPS
  // +optional
  optional int64 qps = 1;

  // ThrottleBurst is the maximum number of events sent at the same moment
  // default 15 QPS
  // +optional
  optional int64 burst = 2;
}