+
v1beta1.AllowedHostPath
+
+
defines the host volume conditions that will be enabled by a policy for pods to use. It requires the path prefix to be defined.
+
+
+
+
+
+
+
+
+
+
+
+| Name |
+Description |
+Required |
+Schema |
+Default |
+
+
+
+
+pathPrefix |
+is the path prefix that the host volume must match. It does not support *. Trailing slashes are trimmed when validating the path prefix with a host path.
+
+Examples: /foo would allow /foo, /foo/ and /foo/bar /foo would not allow /food or /etc/foo |
+false |
+string |
+ |
+
+
+
+
+
+
v1beta1.PodDisruptionBudget
PodDisruptionBudget is an object to define the max disruption that can be caused to a collection of pods
@@ -498,81 +540,6 @@ span.icon > [class^="icon-"], span.icon > [class*=" icon-"] { cursor: default; }
-
-
-
v1.Patch
-
-
Patch is provided to give a concrete name and type to the Kubernetes PATCH request body.
-
-
-
-
v1.DeleteOptions
-
-
DeleteOptions may be provided when deleting an API object.
-
-
-
-
-
-
-
-
-
-
-
-| Name |
-Description |
-Required |
-Schema |
-Default |
-
-
-
-
-kind |
-Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds |
-false |
-string |
- |
-
-
-apiVersion |
-APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources |
-false |
-string |
- |
-
-
-gracePeriodSeconds |
-The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately. |
-false |
-integer (int64) |
- |
-
-
-preconditions |
-Must be fulfilled before a deletion is carried out. If not possible, a 409 Conflict status will be returned. |
-false |
-v1.Preconditions |
- |
-
-
-orphanDependents |
-Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object’s finalizers list. Either this field or PropagationPolicy may be set, but not both. |
-false |
-boolean |
-false |
-
-
-propagationPolicy |
-Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: Orphan - orphan the dependents; Background - allow the garbage collector to delete the dependents in the background; Foreground - a cascading policy that deletes all dependents in the foreground. |
-false |
-v1.DeletionPropagation |
- |
-
-
-
-
@@ -623,9 +590,13 @@ span.icon > [class^="icon-"], span.icon > [class*=" icon-"] { cursor: default; }
-
v1.StatusDetails
+v1beta1.FSType
+
+
+
+
v1beta1.SELinuxStrategyOptions
-
StatusDetails is a set of additional properties that MAY be set by the server to provide additional information about a response. The Reason field of a Status object defines what attributes will be set. Clients must ignore fields that do not match the defined type of each attribute, and should assume that any attribute may be empty, invalid, or under defined.
+
SELinux Strategy Options defines the strategy type and any options used to create the strategy.
@@ -646,45 +617,17 @@ span.icon > [class^="icon-"], span.icon > [class*=" icon-"] { cursor: default; }
-name |
-The name attribute of the resource associated with the status StatusReason (when there is a single name which can be described). |
-false |
+rule |
+type is the strategy that will dictate the allowable labels that may be set. |
+true |
string |
|
-group |
-The group attribute of the resource associated with the status StatusReason. |
+seLinuxOptions |
+seLinuxOptions required to run as; required for MustRunAs More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ |
false |
-string |
- |
-
-
-kind |
-The kind attribute of the resource associated with the status StatusReason. On some operations may differ from the requested resource Kind. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds |
-false |
-string |
- |
-
-
-uid |
-UID of the resource. (when there is a single resource which can be described). More info: http://kubernetes.io/docs/user-guide/identifiers#uids |
-false |
-string |
- |
-
-
-causes |
-The Causes array includes more details associated with the StatusReason failure. Not all StatusReasons may provide detailed causes. |
-false |
-v1.StatusCause array |
- |
-
-
-retryAfterSeconds |
-If specified, the time in seconds before the operation should be retried. Some errors may indicate the client must take an alternate action - for those errors this field may indicate how long to wait before taking the alternate action. |
-false |
-integer (int32) |
+v1.SELinuxOptions |
|
@@ -692,9 +635,9 @@ span.icon > [class^="icon-"], span.icon > [class*=" icon-"] { cursor: default; }
-
v1.Preconditions
+
v1beta1.HostPortRange
-
Preconditions must be fulfilled before an operation (update, delete, etc.) is carried out.
+
Host Port Range defines a range of host ports that will be enabled by a policy for pods to use. It requires both the start and end to be defined.
@@ -715,10 +658,17 @@ span.icon > [class^="icon-"], span.icon > [class*=" icon-"] { cursor: default; }
-uid |
-Specifies the target UID. |
-false |
-types.UID |
+min |
+min is the start of the range, inclusive. |
+true |
+integer (int32) |
+ |
+
+
+max |
+max is the end of the range, inclusive. |
+true |
+integer (int32) |
|
@@ -767,9 +717,9 @@ span.icon > [class^="icon-"], span.icon > [class*=" icon-"] { cursor: default; }
-
v1.Initializer
+
v1.Preconditions
-
Initializer is information about an initializer that has not yet completed.
+
Preconditions must be fulfilled before an operation (update, delete, etc.) is carried out.
@@ -790,9 +740,64 @@ span.icon > [class^="icon-"], span.icon > [class*=" icon-"] { cursor: default; }
-name |
-name of the process that is responsible for initializing this object. |
-true |
+uid |
+Specifies the target UID. |
+false |
+types.UID |
+ |
+
+
+
+
+
+
v1.SELinuxOptions
+
+
SELinuxOptions are the labels to be applied to the container
+
+
+
+
+
+
+
+
+
+
+
+| Name |
+Description |
+Required |
+Schema |
+Default |
+
+
+
+
+user |
+User is a SELinux user label that applies to the container. |
+false |
+string |
+ |
+
+
+role |
+Role is a SELinux role label that applies to the container. |
+false |
+string |
+ |
+
+
+type |
+Type is a SELinux type label that applies to the container. |
+false |
+string |
+ |
+
+
+level |
+Level is SELinux level label that applies to the container. |
+false |
string |
|
@@ -882,75 +887,6 @@ span.icon > [class^="icon-"], span.icon > [class*=" icon-"] { cursor: default; }
-
-
v1beta1.PodDisruptionBudgetStatus
-
-
PodDisruptionBudgetStatus represents information about the status of a PodDisruptionBudget. Status may trail the actual state of a system.
-
-
-
-
-
-
-
-
-
-
-
-| Name |
-Description |
-Required |
-Schema |
-Default |
-
-
-
-
-observedGeneration |
-Most recent generation observed when updating this PDB status. PodDisruptionsAllowed and other status informatio is valid only if observedGeneration equals to PDB’s object generation. |
-false |
-integer (int64) |
- |
-
-
-disruptedPods |
-DisruptedPods contains information about pods whose eviction was processed by the API server eviction subresource handler but has not yet been observed by the PodDisruptionBudget controller. A pod will be in this map from the time when the API server processed the eviction request to the time when the pod is seen by PDB controller as having been marked for deletion (or after a timeout). The key in the map is the name of the pod and the value is the time when the API server processed the eviction request. If the deletion didn’t occur and a pod is still there it will be removed from the list automatically by PodDisruptionBudget controller after some time. If everything goes smooth this map should be empty for the most of the time. Large number of entries in the map may indicate problems with pod deletions. |
-true |
-object |
- |
-
-
-disruptionsAllowed |
-Number of pod disruptions that are currently allowed. |
-true |
-integer (int32) |
- |
-
-
-currentHealthy |
-current number of healthy pods |
-true |
-integer (int32) |
- |
-
-
-desiredHealthy |
-minimum desired number of healthy pods |
-true |
-integer (int32) |
- |
-
-
-expectedPods |
-total number of pods counted by this disruption budget |
-true |
-integer (int32) |
- |
-
-
-
-
v1beta1.PodDisruptionBudgetList
@@ -1006,6 +942,47 @@ span.icon > [class^="icon-"], span.icon > [class*=" icon-"] { cursor: default; }
+
+
v1beta1.RunAsUserStrategyOptions
+
+
Run A sUser Strategy Options defines the strategy type and any options used to create the strategy.
+
+
+
+
+
+
+
+
+
+
+
+| Name |
+Description |
+Required |
+Schema |
+Default |
+
+
+
+
+rule |
+Rule is the strategy that will dictate the allowable RunAsUser values that may be set. |
+true |
+string |
+ |
+
+
+ranges |
+Ranges are the allowed ranges of uids that may be used. |
+false |
+v1beta1.IDRange array |
+ |
+
+
+
+
v1.WatchEvent
@@ -1085,6 +1062,764 @@ span.icon > [class^="icon-"], span.icon > [class*=" icon-"] { cursor: default; }
+
+
+
v1.LabelSelectorRequirement
+
+
A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+
+
+
+
+
+
+
+
+
+
+
+| Name |
+Description |
+Required |
+Schema |
+Default |
+
+
+
+
+key |
+key is the label key that the selector applies to. |
+true |
+string |
+ |
+
+
+operator |
+operator represents a key’s relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. |
+true |
+string |
+ |
+
+
+values |
+values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. |
+false |
+string array |
+ |
+
+
+
+
+
+
+
v1.DeletionPropagation
+
+
+
+
v1beta1.SupplementalGroupsStrategyOptions
+
+
SupplementalGroupsStrategyOptions defines the strategy type and options used to create the strategy.
+
+
+
+
+
+
+
+
+
+
+
+| Name |
+Description |
+Required |
+Schema |
+Default |
+
+
+
+
+rule |
+Rule is the strategy that will dictate what supplemental groups is used in the SecurityContext. |
+false |
+string |
+ |
+
+
+ranges |
+Ranges are the allowed ranges of supplemental groups. If you would like to force a single supplemental group then supply a single range with the same start and end. |
+false |
+v1beta1.IDRange array |
+ |
+
+
+
+
+
+
+
v1beta1.PodSecurityPolicyList
+
+
Pod Security Policy List is a list of PodSecurityPolicy objects.
+
+
+
+
+
+
v1beta1.FSGroupStrategyOptions
+
+
FSGroupStrategyOptions defines the strategy type and options used to create the strategy.
+
+
+
+
+
+
+
+
+
+
+
+| Name |
+Description |
+Required |
+Schema |
+Default |
+
+
+
+
+rule |
+Rule is the strategy that will dictate what FSGroup is used in the SecurityContext. |
+false |
+string |
+ |
+
+
+ranges |
+Ranges are the allowed ranges of fs groups. If you would like to force a single fs group then supply a single range with the same start and end. |
+false |
+v1beta1.IDRange array |
+ |
+
+
+
+
+
+
+
v1.Patch
+
+
Patch is provided to give a concrete name and type to the Kubernetes PATCH request body.
+
+
+
+
v1.DeleteOptions
+
+
DeleteOptions may be provided when deleting an API object.
+
+
+
+
+
+
+
+
+
+
+
+| Name |
+Description |
+Required |
+Schema |
+Default |
+
+
+
+
+kind |
+Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds |
+false |
+string |
+ |
+
+
+apiVersion |
+APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources |
+false |
+string |
+ |
+
+
+gracePeriodSeconds |
+The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately. |
+false |
+integer (int64) |
+ |
+
+
+preconditions |
+Must be fulfilled before a deletion is carried out. If not possible, a 409 Conflict status will be returned. |
+false |
+v1.Preconditions |
+ |
+
+
+orphanDependents |
+Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object’s finalizers list. Either this field or PropagationPolicy may be set, but not both. |
+false |
+boolean |
+false |
+
+
+propagationPolicy |
+Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: Orphan - orphan the dependents; Background - allow the garbage collector to delete the dependents in the background; Foreground - a cascading policy that deletes all dependents in the foreground. |
+false |
+v1.DeletionPropagation |
+ |
+
+
+
+
+
+
+
v1beta1.PodSecurityPolicySpec
+
+
Pod Security Policy Spec defines the policy enforced.
+
+
+
+
+
+
+
+
+
+
+
+| Name |
+Description |
+Required |
+Schema |
+Default |
+
+
+
+
+privileged |
+privileged determines if a pod can request to be run as privileged. |
+false |
+boolean |
+false |
+
+
+defaultAddCapabilities |
+DefaultAddCapabilities is the default set of capabilities that will be added to the container unless the pod spec specifically drops the capability. You may not list a capability in both DefaultAddCapabilities and RequiredDropCapabilities. Capabilities added here are implicitly allowed, and need not be included in the AllowedCapabilities list. |
+false |
+v1.Capability array |
+ |
+
+
+requiredDropCapabilities |
+RequiredDropCapabilities are the capabilities that will be dropped from the container. These are required to be dropped and cannot be added. |
+false |
+v1.Capability array |
+ |
+
+
+allowedCapabilities |
+AllowedCapabilities is a list of capabilities that can be requested to add to the container. Capabilities in this field may be added at the pod author’s discretion. You must not list a capability in both AllowedCapabilities and RequiredDropCapabilities. |
+false |
+v1.Capability array |
+ |
+
+
+volumes |
+volumes is a white list of allowed volume plugins. Empty indicates that all plugins may be used. |
+false |
+v1beta1.FSType array |
+ |
+
+
+hostNetwork |
+hostNetwork determines if the policy allows the use of HostNetwork in the pod spec. |
+false |
+boolean |
+false |
+
+
+hostPorts |
+hostPorts determines which host port ranges are allowed to be exposed. |
+false |
+v1beta1.HostPortRange array |
+ |
+
+
+hostPID |
+hostPID determines if the policy allows the use of HostPID in the pod spec. |
+false |
+boolean |
+false |
+
+
+hostIPC |
+hostIPC determines if the policy allows the use of HostIPC in the pod spec. |
+false |
+boolean |
+false |
+
+
+seLinux |
+seLinux is the strategy that will dictate the allowable labels that may be set. |
+true |
+v1beta1.SELinuxStrategyOptions |
+ |
+
+
+runAsUser |
+runAsUser is the strategy that will dictate the allowable RunAsUser values that may be set. |
+true |
+v1beta1.RunAsUserStrategyOptions |
+ |
+
+
+supplementalGroups |
+SupplementalGroups is the strategy that will dictate what supplemental groups are used by the SecurityContext. |
+true |
+v1beta1.SupplementalGroupsStrategyOptions |
+ |
+
+
+fsGroup |
+FSGroup is the strategy that will dictate what fs group is used by the SecurityContext. |
+true |
+v1beta1.FSGroupStrategyOptions |
+ |
+
+
+readOnlyRootFilesystem |
+ReadOnlyRootFilesystem when set to true will force containers to run with a read only root file system. If the container specifically requests to run with a non-read only root file system the PSP should deny the pod. If set to false the container may run with a read only root file system if it wishes but it will not be forced to. |
+false |
+boolean |
+false |
+
+
+defaultAllowPrivilegeEscalation |
+DefaultAllowPrivilegeEscalation controls the default setting for whether a process can gain more privileges than its parent process. |
+false |
+boolean |
+false |
+
+
+allowPrivilegeEscalation |
+AllowPrivilegeEscalation determines if a pod can request to allow privilege escalation. If unspecified, defaults to true. |
+false |
+boolean |
+false |
+
+
+allowedHostPaths |
+is a white list of allowed host paths. Empty indicates that all host paths may be used. |
+false |
+v1beta1.AllowedHostPath array |
+ |
+
+
+allowedFlexVolumes |
+AllowedFlexVolumes is a whitelist of allowed Flexvolumes. Empty or nil indicates that all Flexvolumes may be used. This parameter is effective only when the usage of the Flexvolumes is allowed in the "Volumes" field. |
+false |
+v1beta1.AllowedFlexVolume array |
+ |
+
+
+
+
+
+
+
v1.StatusDetails
+
+
StatusDetails is a set of additional properties that MAY be set by the server to provide additional information about a response. The Reason field of a Status object defines what attributes will be set. Clients must ignore fields that do not match the defined type of each attribute, and should assume that any attribute may be empty, invalid, or under defined.
+
+
+
+
+
+
+
+
+
+
+
+| Name |
+Description |
+Required |
+Schema |
+Default |
+
+
+
+
+name |
+The name attribute of the resource associated with the status StatusReason (when there is a single name which can be described). |
+false |
+string |
+ |
+
+
+group |
+The group attribute of the resource associated with the status StatusReason. |
+false |
+string |
+ |
+
+
+kind |
+The kind attribute of the resource associated with the status StatusReason. On some operations may differ from the requested resource Kind. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds |
+false |
+string |
+ |
+
+
+uid |
+UID of the resource. (when there is a single resource which can be described). More info: http://kubernetes.io/docs/user-guide/identifiers#uids |
+false |
+string |
+ |
+
+
+causes |
+The Causes array includes more details associated with the StatusReason failure. Not all StatusReasons may provide detailed causes. |
+false |
+v1.StatusCause array |
+ |
+
+
+retryAfterSeconds |
+If specified, the time in seconds before the operation should be retried. Some errors may indicate the client must take an alternate action - for those errors this field may indicate how long to wait before taking the alternate action. |
+false |
+integer (int32) |
+ |
+
+
+
+
+
+
+
v1.Initializer
+
+
Initializer is information about an initializer that has not yet completed.
+
+
+
+
+
+
+
+
+
+
+
+| Name |
+Description |
+Required |
+Schema |
+Default |
+
+
+
+
+name |
+name of the process that is responsible for initializing this object. |
+true |
+string |
+ |
+
+
+
+
+
+
+
v1beta1.PodDisruptionBudgetStatus
+
+
PodDisruptionBudgetStatus represents information about the status of a PodDisruptionBudget. Status may trail the actual state of a system.
+
+
+
+
+
+
+
+
+
+
+
+| Name |
+Description |
+Required |
+Schema |
+Default |
+
+
+
+
+observedGeneration |
+Most recent generation observed when updating this PDB status. PodDisruptionsAllowed and other status informatio is valid only if observedGeneration equals to PDB’s object generation. |
+false |
+integer (int64) |
+ |
+
+
+disruptedPods |
+DisruptedPods contains information about pods whose eviction was processed by the API server eviction subresource handler but has not yet been observed by the PodDisruptionBudget controller. A pod will be in this map from the time when the API server processed the eviction request to the time when the pod is seen by PDB controller as having been marked for deletion (or after a timeout). The key in the map is the name of the pod and the value is the time when the API server processed the eviction request. If the deletion didn’t occur and a pod is still there it will be removed from the list automatically by PodDisruptionBudget controller after some time. If everything goes smooth this map should be empty for the most of the time. Large number of entries in the map may indicate problems with pod deletions. |
+true |
+object |
+ |
+
+
+disruptionsAllowed |
+Number of pod disruptions that are currently allowed. |
+true |
+integer (int32) |
+ |
+
+
+currentHealthy |
+current number of healthy pods |
+true |
+integer (int32) |
+ |
+
+
+desiredHealthy |
+minimum desired number of healthy pods |
+true |
+integer (int32) |
+ |
+
+
+expectedPods |
+total number of pods counted by this disruption budget |
+true |
+integer (int32) |
+ |
+
+
+
+
+
+
+
v1beta1.PodSecurityPolicy
+
+
Pod Security Policy governs the ability to make requests that affect the Security Context that will be applied to a pod and container.
+
+
+
+
+
+
v1.Capability
+
+
+
+
v1beta1.IDRange
+
+
ID Range provides a min/max of an allowed range of IDs.
+
+
+
+
+
+
+
+
+
+
+
+| Name |
+Description |
+Required |
+Schema |
+Default |
+
+
+
+
+min |
+Min is the start of the range, inclusive. |
+true |
+integer (int64) |
+ |
+
+
+max |
+Max is the end of the range, inclusive. |
+true |
+integer (int64) |
+ |
+
+
+
+
+
+
+
v1.OwnerReference
+
+
OwnerReference contains enough information to let you identify an owning object. Currently, an owning object must be in the same namespace, so there is no namespace field.
+
+
+
+
+
+
+
+
+
+
+
+| Name |
+Description |
+Required |
+Schema |
+Default |
+
+
+
+
+apiVersion |
+API version of the referent. |
+true |
+string |
+ |
+
+
+kind |
+Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds |
+true |
+string |
+ |
+
+
+name |
+Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names |
+true |
+string |
+ |
+
+
+uid |
+UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids |
+true |
+string |
+ |
+
+
+controller |
+If true, this reference points to the managing controller. |
+false |
+boolean |
+false |
+
+
+blockOwnerDeletion |
+If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned. |
+false |
+boolean |
+false |
+
+
+
+
@@ -1242,9 +1977,9 @@ When an object is created, the system will populate this list with the current s
-
v1.OwnerReference
+
v1beta1.AllowedFlexVolume
-
OwnerReference contains enough information to let you identify an owning object. Currently, an owning object must be in the same namespace, so there is no namespace field.
+
AllowedFlexVolume represents a single Flexvolume that is allowed to be used.
@@ -1265,95 +2000,12 @@ When an object is created, the system will populate this list with the current s
-apiVersion |
-API version of the referent. |
+driver |
+Driver is the name of the Flexvolume driver. |
true |
string |
|
-
-kind |
-Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds |
-true |
-string |
- |
-
-
-name |
-Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names |
-true |
-string |
- |
-
-
-uid |
-UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids |
-true |
-string |
- |
-
-
-controller |
-If true, this reference points to the managing controller. |
-false |
-boolean |
-false |
-
-
-blockOwnerDeletion |
-If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned. |
-false |
-boolean |
-false |
-
-
-
-
-
-
-
v1.LabelSelectorRequirement
-
-
A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
-
-
-
-
-
-
-
-
-
-
-
-| Name |
-Description |
-Required |
-Schema |
-Default |
-
-
-
-
-key |
-key is the label key that the selector applies to. |
-true |
-string |
- |
-
-
-operator |
-operator represents a key’s relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. |
-true |
-string |
- |
-
-
-values |
-values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. |
-false |
-string array |
- |
-
@@ -1503,10 +2155,6 @@ Examples:
-
-
-
v1.DeletionPropagation
-
v1beta1.PodDisruptionBudgetSpec
diff --git a/docs/api-reference/policy/v1beta1/operations.html b/docs/api-reference/policy/v1beta1/operations.html
index e5331a600a0..a6c114907e6 100755
--- a/docs/api-reference/policy/v1beta1/operations.html
+++ b/docs/api-reference/policy/v1beta1/operations.html
@@ -2039,6 +2039,988 @@ span.icon > [class^="icon-"], span.icon > [class*=" icon-"] { cursor: default; }
+
list or watch objects of kind PodSecurityPolicy
+
+
+
GET /apis/policy/v1beta1/podsecuritypolicies
+
+
+
+
Parameters
+
+
+
+
+
+
+
+
+
+
+
+| Type |
+Name |
+Description |
+Required |
+Schema |
+Default |
+
+
+
+
+QueryParameter |
+pretty |
+If true, then the output is pretty printed. |
+false |
+string |
+ |
+
+
+QueryParameter |
+labelSelector |
+A selector to restrict the list of returned objects by their labels. Defaults to everything. |
+false |
+string |
+ |
+
+
+QueryParameter |
+fieldSelector |
+A selector to restrict the list of returned objects by their fields. Defaults to everything. |
+false |
+string |
+ |
+
+
+QueryParameter |
+includeUninitialized |
+If true, partially initialized resources are included in the response. |
+false |
+boolean |
+ |
+
+
+QueryParameter |
+watch |
+Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion. |
+false |
+boolean |
+ |
+
+
+QueryParameter |
+resourceVersion |
+When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv. |
+false |
+string |
+ |
+
+
+QueryParameter |
+timeoutSeconds |
+Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity. |
+false |
+integer (int32) |
+ |
+
+
+QueryParameter |
+limit |
+limit is a maximum number of responses to return for a list call. If more items exist, the server will set the continue field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+ The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned. |
+false |
+integer (int32) |
+ |
+
+
+QueryParameter |
+continue |
+The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server the server will respond with a 410 ResourceExpired error indicating the client must restart their list without the continue field. This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications. |
+false |
+string |
+ |
+
+
+
+
+
+
+
+
+
Produces
+
+
+-
+
application/json
+
+-
+
application/yaml
+
+-
+
application/vnd.kubernetes.protobuf
+
+-
+
application/json;stream=watch
+
+-
+
application/vnd.kubernetes.protobuf;stream=watch
+
+
+
+
+
+
+
+
delete collection of PodSecurityPolicy
+
+
+
DELETE /apis/policy/v1beta1/podsecuritypolicies
+
+
+
+
Parameters
+
+
+
+
+
+
+
+
+
+
+
+| Type |
+Name |
+Description |
+Required |
+Schema |
+Default |
+
+
+
+
+QueryParameter |
+pretty |
+If true, then the output is pretty printed. |
+false |
+string |
+ |
+
+
+QueryParameter |
+labelSelector |
+A selector to restrict the list of returned objects by their labels. Defaults to everything. |
+false |
+string |
+ |
+
+
+QueryParameter |
+fieldSelector |
+A selector to restrict the list of returned objects by their fields. Defaults to everything. |
+false |
+string |
+ |
+
+
+QueryParameter |
+includeUninitialized |
+If true, partially initialized resources are included in the response. |
+false |
+boolean |
+ |
+
+
+QueryParameter |
+watch |
+Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion. |
+false |
+boolean |
+ |
+
+
+QueryParameter |
+resourceVersion |
+When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv. |
+false |
+string |
+ |
+
+
+QueryParameter |
+timeoutSeconds |
+Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity. |
+false |
+integer (int32) |
+ |
+
+
+QueryParameter |
+limit |
+limit is a maximum number of responses to return for a list call. If more items exist, the server will set the continue field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+ The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned. |
+false |
+integer (int32) |
+ |
+
+
+QueryParameter |
+continue |
+The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server the server will respond with a 410 ResourceExpired error indicating the client must restart their list without the continue field. This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications. |
+false |
+string |
+ |
+
+
+
+
+
+
+
Responses
+
+
+
+
+
+
+
+
+| HTTP Code |
+Description |
+Schema |
+
+
+
+
+200 |
+success |
+v1.Status |
+
+
+
+
+
+
+
+
+
+
+
create a PodSecurityPolicy
+
+
+
POST /apis/policy/v1beta1/podsecuritypolicies
+
+
+
+
Parameters
+
+
+
+
+
+
+
+
+
+
+
+| Type |
+Name |
+Description |
+Required |
+Schema |
+Default |
+
+
+
+
+QueryParameter |
+pretty |
+If true, then the output is pretty printed. |
+false |
+string |
+ |
+
+
+BodyParameter |
+body |
+ |
+true |
+v1beta1.PodSecurityPolicy |
+ |
+
+
+
+
+
+
+
+
+
+
+
+
read the specified PodSecurityPolicy
+
+
+
GET /apis/policy/v1beta1/podsecuritypolicies/{name}
+
+
+
+
Parameters
+
+
+
+
+
+
+
+
+
+
+
+| Type |
+Name |
+Description |
+Required |
+Schema |
+Default |
+
+
+
+
+QueryParameter |
+pretty |
+If true, then the output is pretty printed. |
+false |
+string |
+ |
+
+
+QueryParameter |
+export |
+Should this value be exported. Export strips fields that a user can not specify. |
+false |
+boolean |
+ |
+
+
+QueryParameter |
+exact |
+Should the export be exact. Exact export maintains cluster-specific fields like Namespace. |
+false |
+boolean |
+ |
+
+
+PathParameter |
+name |
+name of the PodSecurityPolicy |
+true |
+string |
+ |
+
+
+
+
+
+
+
+
+
+
+
+
replace the specified PodSecurityPolicy
+
+
+
PUT /apis/policy/v1beta1/podsecuritypolicies/{name}
+
+
+
+
Parameters
+
+
+
+
+
+
+
+
+
+
+
+| Type |
+Name |
+Description |
+Required |
+Schema |
+Default |
+
+
+
+
+QueryParameter |
+pretty |
+If true, then the output is pretty printed. |
+false |
+string |
+ |
+
+
+BodyParameter |
+body |
+ |
+true |
+v1beta1.PodSecurityPolicy |
+ |
+
+
+PathParameter |
+name |
+name of the PodSecurityPolicy |
+true |
+string |
+ |
+
+
+
+
+
+
+
+
+
+
+
+
delete a PodSecurityPolicy
+
+
+
DELETE /apis/policy/v1beta1/podsecuritypolicies/{name}
+
+
+
+
Parameters
+
+
+
+
+
+
+
+
+
+
+
+| Type |
+Name |
+Description |
+Required |
+Schema |
+Default |
+
+
+
+
+QueryParameter |
+pretty |
+If true, then the output is pretty printed. |
+false |
+string |
+ |
+
+
+BodyParameter |
+body |
+ |
+true |
+v1.DeleteOptions |
+ |
+
+
+QueryParameter |
+gracePeriodSeconds |
+The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately. |
+false |
+integer (int32) |
+ |
+
+
+QueryParameter |
+orphanDependents |
+Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object’s finalizers list. Either this field or PropagationPolicy may be set, but not both. |
+false |
+boolean |
+ |
+
+
+QueryParameter |
+propagationPolicy |
+Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: Orphan - orphan the dependents; Background - allow the garbage collector to delete the dependents in the background; Foreground - a cascading policy that deletes all dependents in the foreground. |
+false |
+string |
+ |
+
+
+PathParameter |
+name |
+name of the PodSecurityPolicy |
+true |
+string |
+ |
+
+
+
+
+
+
+
Responses
+
+
+
+
+
+
+
+
+| HTTP Code |
+Description |
+Schema |
+
+
+
+
+200 |
+success |
+v1.Status |
+
+
+
+
+
+
+
+
+
+
+
partially update the specified PodSecurityPolicy
+
+
+
PATCH /apis/policy/v1beta1/podsecuritypolicies/{name}
+
+
+
+
Parameters
+
+
+
+
+
+
+
+
+
+
+
+| Type |
+Name |
+Description |
+Required |
+Schema |
+Default |
+
+
+
+
+QueryParameter |
+pretty |
+If true, then the output is pretty printed. |
+false |
+string |
+ |
+
+
+BodyParameter |
+body |
+ |
+true |
+v1.Patch |
+ |
+
+
+PathParameter |
+name |
+name of the PodSecurityPolicy |
+true |
+string |
+ |
+
+
+
+
+
+
+
+
Consumes
+
+
+-
+
application/json-patch+json
+
+-
+
application/merge-patch+json
+
+-
+
application/strategic-merge-patch+json
+
+
+
+
+
+
+
+
watch individual changes to a list of PodDisruptionBudget
@@ -2046,7 +3028,7 @@ span.icon > [class^="icon-"], span.icon > [class*=" icon-"] { cursor: default; }
-
Parameters
+
Parameters
@@ -2153,7 +3135,7 @@ span.icon > [class^="icon-"], span.icon > [class*=" icon-"] { cursor: default; }
-
Responses
+
Responses
@@ -2178,7 +3160,7 @@ span.icon > [class^="icon-"], span.icon > [class*=" icon-"] { cursor: default; }
-
Consumes
+
Consumes
-
@@ -2188,7 +3170,7 @@ span.icon > [class^="icon-"], span.icon > [class*=" icon-"] { cursor: default; }
-
Produces
+
Produces
-
@@ -2210,7 +3192,7 @@ span.icon > [class^="icon-"], span.icon > [class*=" icon-"] { cursor: default; }
-
+
-
@@ -2228,7 +3210,7 @@ span.icon > [class^="icon-"], span.icon > [class*=" icon-"] { cursor: default; }
-
Parameters
+
Parameters
@@ -2343,7 +3325,7 @@ span.icon > [class^="icon-"], span.icon > [class*=" icon-"] { cursor: default; }
-
Responses
+
Responses
@@ -2368,7 +3350,7 @@ span.icon > [class^="icon-"], span.icon > [class*=" icon-"] { cursor: default; }
-
Consumes
+
Consumes
-
@@ -2378,7 +3360,7 @@ span.icon > [class^="icon-"], span.icon > [class*=" icon-"] { cursor: default; }
-
Produces
+
Produces
-
@@ -2400,7 +3382,7 @@ span.icon > [class^="icon-"], span.icon > [class*=" icon-"] { cursor: default; }
-
+
-
@@ -2418,7 +3400,7 @@ span.icon > [class^="icon-"], span.icon > [class*=" icon-"] { cursor: default; }
-
Parameters
+
Parameters
@@ -2517,7 +3499,7 @@ span.icon > [class^="icon-"], span.icon > [class*=" icon-"] { cursor: default; }
-
Responses
+
Responses
@@ -2542,7 +3524,7 @@ span.icon > [class^="icon-"], span.icon > [class*=" icon-"] { cursor: default; }
-
Consumes
+
Consumes
-
@@ -2552,7 +3534,7 @@ span.icon > [class^="icon-"], span.icon > [class*=" icon-"] { cursor: default; }
-
Produces
+
Produces
-
@@ -2574,7 +3556,363 @@ span.icon > [class^="icon-"], span.icon > [class*=" icon-"] { cursor: default; }
+
watch individual changes to a list of PodSecurityPolicy
+
+
+
GET /apis/policy/v1beta1/watch/podsecuritypolicies
+
+
+
+
Parameters
+
+
+
+
+
+
+
+
+
+
+
+| Type |
+Name |
+Description |
+Required |
+Schema |
+Default |
+
+
+
+
+QueryParameter |
+pretty |
+If true, then the output is pretty printed. |
+false |
+string |
+ |
+
+
+QueryParameter |
+labelSelector |
+A selector to restrict the list of returned objects by their labels. Defaults to everything. |
+false |
+string |
+ |
+
+
+QueryParameter |
+fieldSelector |
+A selector to restrict the list of returned objects by their fields. Defaults to everything. |
+false |
+string |
+ |
+
+
+QueryParameter |
+includeUninitialized |
+If true, partially initialized resources are included in the response. |
+false |
+boolean |
+ |
+
+
+QueryParameter |
+watch |
+Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion. |
+false |
+boolean |
+ |
+
+
+QueryParameter |
+resourceVersion |
+When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv. |
+false |
+string |
+ |
+
+
+QueryParameter |
+timeoutSeconds |
+Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity. |
+false |
+integer (int32) |
+ |
+
+
+QueryParameter |
+limit |
+limit is a maximum number of responses to return for a list call. If more items exist, the server will set the continue field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+ The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned. |
+false |
+integer (int32) |
+ |
+
+
+QueryParameter |
+continue |
+The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server the server will respond with a 410 ResourceExpired error indicating the client must restart their list without the continue field. This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications. |
+false |
+string |
+ |
+
+
+
+
+
+
+
Responses
+
+
+
+
+
+
+
+
+| HTTP Code |
+Description |
+Schema |
+
+
+
+
+200 |
+success |
+v1.WatchEvent |
+
+
+
+
+
+
+
+
Produces
+
+
+-
+
application/json
+
+-
+
application/yaml
+
+-
+
application/vnd.kubernetes.protobuf
+
+-
+
application/json;stream=watch
+
+-
+
application/vnd.kubernetes.protobuf;stream=watch
+
+
+
+
+
+
+
watch changes to an object of kind PodSecurityPolicy
+
+
+
GET /apis/policy/v1beta1/watch/podsecuritypolicies/{name}
+
+
+
+
Parameters
+
+
+
+
+
+
+
+
+
+
+
+| Type |
+Name |
+Description |
+Required |
+Schema |
+Default |
+
+
+
+
+QueryParameter |
+pretty |
+If true, then the output is pretty printed. |
+false |
+string |
+ |
+
+
+QueryParameter |
+labelSelector |
+A selector to restrict the list of returned objects by their labels. Defaults to everything. |
+false |
+string |
+ |
+
+
+QueryParameter |
+fieldSelector |
+A selector to restrict the list of returned objects by their fields. Defaults to everything. |
+false |
+string |
+ |
+
+
+QueryParameter |
+includeUninitialized |
+If true, partially initialized resources are included in the response. |
+false |
+boolean |
+ |
+
+
+QueryParameter |
+watch |
+Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion. |
+false |
+boolean |
+ |
+
+
+QueryParameter |
+resourceVersion |
+When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv. |
+false |
+string |
+ |
+
+
+QueryParameter |
+timeoutSeconds |
+Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity. |
+false |
+integer (int32) |
+ |
+
+
+QueryParameter |
+limit |
+limit is a maximum number of responses to return for a list call. If more items exist, the server will set the continue field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+ The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned. |
+false |
+integer (int32) |
+ |
+
+
+QueryParameter |
+continue |
+The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server the server will respond with a 410 ResourceExpired error indicating the client must restart their list without the continue field. This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications. |
+false |
+string |
+ |
+
+
+PathParameter |
+name |
+name of the PodSecurityPolicy |
+true |
+string |
+ |
+
+
+
+
+
+
+
Responses
+
+
+
+
+
+
+
+
+| HTTP Code |
+Description |
+Schema |
+
+
+
+
+200 |
+success |
+v1.WatchEvent |
+
+
+
+
+
+
+
+
Produces
+
+
+-
+
application/json
+
+-
+
application/yaml
+
+-
+
application/vnd.kubernetes.protobuf
+
+-
+
application/json;stream=watch
+
+-
+
application/vnd.kubernetes.protobuf;stream=watch
+
+
+
+
+
+
-
diff --git a/pkg/apis/policy/BUILD b/pkg/apis/policy/BUILD
index 86f104cff8d..7bc57e36fad 100644
--- a/pkg/apis/policy/BUILD
+++ b/pkg/apis/policy/BUILD
@@ -15,6 +15,7 @@ go_library(
],
importpath = "k8s.io/kubernetes/pkg/apis/policy",
deps = [
+ "//pkg/apis/extensions:go_default_library",
"//vendor/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library",
"//vendor/k8s.io/apimachinery/pkg/runtime:go_default_library",
"//vendor/k8s.io/apimachinery/pkg/runtime/schema:go_default_library",
diff --git a/pkg/apis/policy/install/BUILD b/pkg/apis/policy/install/BUILD
index 6cecb39790c..c42408b00fb 100644
--- a/pkg/apis/policy/install/BUILD
+++ b/pkg/apis/policy/install/BUILD
@@ -16,6 +16,7 @@ go_library(
"//vendor/k8s.io/apimachinery/pkg/apimachinery/announced:go_default_library",
"//vendor/k8s.io/apimachinery/pkg/apimachinery/registered:go_default_library",
"//vendor/k8s.io/apimachinery/pkg/runtime:go_default_library",
+ "//vendor/k8s.io/apimachinery/pkg/util/sets:go_default_library",
],
)
diff --git a/pkg/apis/policy/v1beta1/BUILD b/pkg/apis/policy/v1beta1/BUILD
index 91f28a02267..3cf454b6177 100644
--- a/pkg/apis/policy/v1beta1/BUILD
+++ b/pkg/apis/policy/v1beta1/BUILD
@@ -8,6 +8,7 @@ load(
go_library(
name = "go_default_library",
srcs = [
+ "defaults.go",
"doc.go",
"register.go",
"zz_generated.conversion.go",
@@ -15,7 +16,10 @@ go_library(
],
importpath = "k8s.io/kubernetes/pkg/apis/policy/v1beta1",
deps = [
+ "//pkg/apis/core:go_default_library",
+ "//pkg/apis/extensions:go_default_library",
"//pkg/apis/policy:go_default_library",
+ "//vendor/k8s.io/api/core/v1:go_default_library",
"//vendor/k8s.io/api/policy/v1beta1:go_default_library",
"//vendor/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library",
"//vendor/k8s.io/apimachinery/pkg/conversion:go_default_library",
diff --git a/pkg/apis/policy/v1beta1/zz_generated.conversion.go b/pkg/apis/policy/v1beta1/zz_generated.conversion.go
index 7c897efb1b6..381487f1388 100644
--- a/pkg/apis/policy/v1beta1/zz_generated.conversion.go
+++ b/pkg/apis/policy/v1beta1/zz_generated.conversion.go
@@ -23,11 +23,14 @@ package v1beta1
import (
unsafe "unsafe"
+ core_v1 "k8s.io/api/core/v1"
v1beta1 "k8s.io/api/policy/v1beta1"
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
conversion "k8s.io/apimachinery/pkg/conversion"
runtime "k8s.io/apimachinery/pkg/runtime"
intstr "k8s.io/apimachinery/pkg/util/intstr"
+ core "k8s.io/kubernetes/pkg/apis/core"
+ extensions "k8s.io/kubernetes/pkg/apis/extensions"
policy "k8s.io/kubernetes/pkg/apis/policy"
)
@@ -39,8 +42,16 @@ func init() {
// Public to allow building arbitrary schemes.
func RegisterConversions(scheme *runtime.Scheme) error {
return scheme.AddGeneratedConversionFuncs(
+ Convert_v1beta1_AllowedFlexVolume_To_extensions_AllowedFlexVolume,
+ Convert_extensions_AllowedFlexVolume_To_v1beta1_AllowedFlexVolume,
+ Convert_v1beta1_AllowedHostPath_To_extensions_AllowedHostPath,
+ Convert_extensions_AllowedHostPath_To_v1beta1_AllowedHostPath,
Convert_v1beta1_Eviction_To_policy_Eviction,
Convert_policy_Eviction_To_v1beta1_Eviction,
+ Convert_v1beta1_FSGroupStrategyOptions_To_extensions_FSGroupStrategyOptions,
+ Convert_extensions_FSGroupStrategyOptions_To_v1beta1_FSGroupStrategyOptions,
+ Convert_v1beta1_HostPortRange_To_extensions_HostPortRange,
+ Convert_extensions_HostPortRange_To_v1beta1_HostPortRange,
Convert_v1beta1_PodDisruptionBudget_To_policy_PodDisruptionBudget,
Convert_policy_PodDisruptionBudget_To_v1beta1_PodDisruptionBudget,
Convert_v1beta1_PodDisruptionBudgetList_To_policy_PodDisruptionBudgetList,
@@ -49,9 +60,61 @@ func RegisterConversions(scheme *runtime.Scheme) error {
Convert_policy_PodDisruptionBudgetSpec_To_v1beta1_PodDisruptionBudgetSpec,
Convert_v1beta1_PodDisruptionBudgetStatus_To_policy_PodDisruptionBudgetStatus,
Convert_policy_PodDisruptionBudgetStatus_To_v1beta1_PodDisruptionBudgetStatus,
+ Convert_v1beta1_PodSecurityPolicy_To_extensions_PodSecurityPolicy,
+ Convert_extensions_PodSecurityPolicy_To_v1beta1_PodSecurityPolicy,
+ Convert_v1beta1_PodSecurityPolicyList_To_extensions_PodSecurityPolicyList,
+ Convert_extensions_PodSecurityPolicyList_To_v1beta1_PodSecurityPolicyList,
+ Convert_v1beta1_PodSecurityPolicySpec_To_extensions_PodSecurityPolicySpec,
+ Convert_extensions_PodSecurityPolicySpec_To_v1beta1_PodSecurityPolicySpec,
+ Convert_v1beta1_RunAsUserStrategyOptions_To_extensions_RunAsUserStrategyOptions,
+ Convert_extensions_RunAsUserStrategyOptions_To_v1beta1_RunAsUserStrategyOptions,
+ Convert_v1beta1_SELinuxStrategyOptions_To_extensions_SELinuxStrategyOptions,
+ Convert_extensions_SELinuxStrategyOptions_To_v1beta1_SELinuxStrategyOptions,
+ Convert_v1beta1_SupplementalGroupsStrategyOptions_To_extensions_SupplementalGroupsStrategyOptions,
+ Convert_extensions_SupplementalGroupsStrategyOptions_To_v1beta1_SupplementalGroupsStrategyOptions,
)
}
+func autoConvert_v1beta1_AllowedFlexVolume_To_extensions_AllowedFlexVolume(in *v1beta1.AllowedFlexVolume, out *extensions.AllowedFlexVolume, s conversion.Scope) error {
+ out.Driver = in.Driver
+ return nil
+}
+
+// Convert_v1beta1_AllowedFlexVolume_To_extensions_AllowedFlexVolume is an autogenerated conversion function.
+func Convert_v1beta1_AllowedFlexVolume_To_extensions_AllowedFlexVolume(in *v1beta1.AllowedFlexVolume, out *extensions.AllowedFlexVolume, s conversion.Scope) error {
+ return autoConvert_v1beta1_AllowedFlexVolume_To_extensions_AllowedFlexVolume(in, out, s)
+}
+
+func autoConvert_extensions_AllowedFlexVolume_To_v1beta1_AllowedFlexVolume(in *extensions.AllowedFlexVolume, out *v1beta1.AllowedFlexVolume, s conversion.Scope) error {
+ out.Driver = in.Driver
+ return nil
+}
+
+// Convert_extensions_AllowedFlexVolume_To_v1beta1_AllowedFlexVolume is an autogenerated conversion function.
+func Convert_extensions_AllowedFlexVolume_To_v1beta1_AllowedFlexVolume(in *extensions.AllowedFlexVolume, out *v1beta1.AllowedFlexVolume, s conversion.Scope) error {
+ return autoConvert_extensions_AllowedFlexVolume_To_v1beta1_AllowedFlexVolume(in, out, s)
+}
+
+func autoConvert_v1beta1_AllowedHostPath_To_extensions_AllowedHostPath(in *v1beta1.AllowedHostPath, out *extensions.AllowedHostPath, s conversion.Scope) error {
+ out.PathPrefix = in.PathPrefix
+ return nil
+}
+
+// Convert_v1beta1_AllowedHostPath_To_extensions_AllowedHostPath is an autogenerated conversion function.
+func Convert_v1beta1_AllowedHostPath_To_extensions_AllowedHostPath(in *v1beta1.AllowedHostPath, out *extensions.AllowedHostPath, s conversion.Scope) error {
+ return autoConvert_v1beta1_AllowedHostPath_To_extensions_AllowedHostPath(in, out, s)
+}
+
+func autoConvert_extensions_AllowedHostPath_To_v1beta1_AllowedHostPath(in *extensions.AllowedHostPath, out *v1beta1.AllowedHostPath, s conversion.Scope) error {
+ out.PathPrefix = in.PathPrefix
+ return nil
+}
+
+// Convert_extensions_AllowedHostPath_To_v1beta1_AllowedHostPath is an autogenerated conversion function.
+func Convert_extensions_AllowedHostPath_To_v1beta1_AllowedHostPath(in *extensions.AllowedHostPath, out *v1beta1.AllowedHostPath, s conversion.Scope) error {
+ return autoConvert_extensions_AllowedHostPath_To_v1beta1_AllowedHostPath(in, out, s)
+}
+
func autoConvert_v1beta1_Eviction_To_policy_Eviction(in *v1beta1.Eviction, out *policy.Eviction, s conversion.Scope) error {
out.ObjectMeta = in.ObjectMeta
out.DeleteOptions = (*v1.DeleteOptions)(unsafe.Pointer(in.DeleteOptions))
@@ -74,6 +137,50 @@ func Convert_policy_Eviction_To_v1beta1_Eviction(in *policy.Eviction, out *v1bet
return autoConvert_policy_Eviction_To_v1beta1_Eviction(in, out, s)
}
+func autoConvert_v1beta1_FSGroupStrategyOptions_To_extensions_FSGroupStrategyOptions(in *v1beta1.FSGroupStrategyOptions, out *extensions.FSGroupStrategyOptions, s conversion.Scope) error {
+ out.Rule = extensions.FSGroupStrategyType(in.Rule)
+ out.Ranges = *(*[]extensions.GroupIDRange)(unsafe.Pointer(&in.Ranges))
+ return nil
+}
+
+// Convert_v1beta1_FSGroupStrategyOptions_To_extensions_FSGroupStrategyOptions is an autogenerated conversion function.
+func Convert_v1beta1_FSGroupStrategyOptions_To_extensions_FSGroupStrategyOptions(in *v1beta1.FSGroupStrategyOptions, out *extensions.FSGroupStrategyOptions, s conversion.Scope) error {
+ return autoConvert_v1beta1_FSGroupStrategyOptions_To_extensions_FSGroupStrategyOptions(in, out, s)
+}
+
+func autoConvert_extensions_FSGroupStrategyOptions_To_v1beta1_FSGroupStrategyOptions(in *extensions.FSGroupStrategyOptions, out *v1beta1.FSGroupStrategyOptions, s conversion.Scope) error {
+ out.Rule = v1beta1.FSGroupStrategyType(in.Rule)
+ out.Ranges = *(*[]v1beta1.IDRange)(unsafe.Pointer(&in.Ranges))
+ return nil
+}
+
+// Convert_extensions_FSGroupStrategyOptions_To_v1beta1_FSGroupStrategyOptions is an autogenerated conversion function.
+func Convert_extensions_FSGroupStrategyOptions_To_v1beta1_FSGroupStrategyOptions(in *extensions.FSGroupStrategyOptions, out *v1beta1.FSGroupStrategyOptions, s conversion.Scope) error {
+ return autoConvert_extensions_FSGroupStrategyOptions_To_v1beta1_FSGroupStrategyOptions(in, out, s)
+}
+
+func autoConvert_v1beta1_HostPortRange_To_extensions_HostPortRange(in *v1beta1.HostPortRange, out *extensions.HostPortRange, s conversion.Scope) error {
+ out.Min = in.Min
+ out.Max = in.Max
+ return nil
+}
+
+// Convert_v1beta1_HostPortRange_To_extensions_HostPortRange is an autogenerated conversion function.
+func Convert_v1beta1_HostPortRange_To_extensions_HostPortRange(in *v1beta1.HostPortRange, out *extensions.HostPortRange, s conversion.Scope) error {
+ return autoConvert_v1beta1_HostPortRange_To_extensions_HostPortRange(in, out, s)
+}
+
+func autoConvert_extensions_HostPortRange_To_v1beta1_HostPortRange(in *extensions.HostPortRange, out *v1beta1.HostPortRange, s conversion.Scope) error {
+ out.Min = in.Min
+ out.Max = in.Max
+ return nil
+}
+
+// Convert_extensions_HostPortRange_To_v1beta1_HostPortRange is an autogenerated conversion function.
+func Convert_extensions_HostPortRange_To_v1beta1_HostPortRange(in *extensions.HostPortRange, out *v1beta1.HostPortRange, s conversion.Scope) error {
+ return autoConvert_extensions_HostPortRange_To_v1beta1_HostPortRange(in, out, s)
+}
+
func autoConvert_v1beta1_PodDisruptionBudget_To_policy_PodDisruptionBudget(in *v1beta1.PodDisruptionBudget, out *policy.PodDisruptionBudget, s conversion.Scope) error {
out.ObjectMeta = in.ObjectMeta
if err := Convert_v1beta1_PodDisruptionBudgetSpec_To_policy_PodDisruptionBudgetSpec(&in.Spec, &out.Spec, s); err != nil {
@@ -181,3 +288,211 @@ func autoConvert_policy_PodDisruptionBudgetStatus_To_v1beta1_PodDisruptionBudget
func Convert_policy_PodDisruptionBudgetStatus_To_v1beta1_PodDisruptionBudgetStatus(in *policy.PodDisruptionBudgetStatus, out *v1beta1.PodDisruptionBudgetStatus, s conversion.Scope) error {
return autoConvert_policy_PodDisruptionBudgetStatus_To_v1beta1_PodDisruptionBudgetStatus(in, out, s)
}
+
+func autoConvert_v1beta1_PodSecurityPolicy_To_extensions_PodSecurityPolicy(in *v1beta1.PodSecurityPolicy, out *extensions.PodSecurityPolicy, s conversion.Scope) error {
+ out.ObjectMeta = in.ObjectMeta
+ if err := Convert_v1beta1_PodSecurityPolicySpec_To_extensions_PodSecurityPolicySpec(&in.Spec, &out.Spec, s); err != nil {
+ return err
+ }
+ return nil
+}
+
+// Convert_v1beta1_PodSecurityPolicy_To_extensions_PodSecurityPolicy is an autogenerated conversion function.
+func Convert_v1beta1_PodSecurityPolicy_To_extensions_PodSecurityPolicy(in *v1beta1.PodSecurityPolicy, out *extensions.PodSecurityPolicy, s conversion.Scope) error {
+ return autoConvert_v1beta1_PodSecurityPolicy_To_extensions_PodSecurityPolicy(in, out, s)
+}
+
+func autoConvert_extensions_PodSecurityPolicy_To_v1beta1_PodSecurityPolicy(in *extensions.PodSecurityPolicy, out *v1beta1.PodSecurityPolicy, s conversion.Scope) error {
+ out.ObjectMeta = in.ObjectMeta
+ if err := Convert_extensions_PodSecurityPolicySpec_To_v1beta1_PodSecurityPolicySpec(&in.Spec, &out.Spec, s); err != nil {
+ return err
+ }
+ return nil
+}
+
+// Convert_extensions_PodSecurityPolicy_To_v1beta1_PodSecurityPolicy is an autogenerated conversion function.
+func Convert_extensions_PodSecurityPolicy_To_v1beta1_PodSecurityPolicy(in *extensions.PodSecurityPolicy, out *v1beta1.PodSecurityPolicy, s conversion.Scope) error {
+ return autoConvert_extensions_PodSecurityPolicy_To_v1beta1_PodSecurityPolicy(in, out, s)
+}
+
+func autoConvert_v1beta1_PodSecurityPolicyList_To_extensions_PodSecurityPolicyList(in *v1beta1.PodSecurityPolicyList, out *extensions.PodSecurityPolicyList, s conversion.Scope) error {
+ out.ListMeta = in.ListMeta
+ if in.Items != nil {
+ in, out := &in.Items, &out.Items
+ *out = make([]extensions.PodSecurityPolicy, len(*in))
+ for i := range *in {
+ if err := Convert_v1beta1_PodSecurityPolicy_To_extensions_PodSecurityPolicy(&(*in)[i], &(*out)[i], s); err != nil {
+ return err
+ }
+ }
+ } else {
+ out.Items = nil
+ }
+ return nil
+}
+
+// Convert_v1beta1_PodSecurityPolicyList_To_extensions_PodSecurityPolicyList is an autogenerated conversion function.
+func Convert_v1beta1_PodSecurityPolicyList_To_extensions_PodSecurityPolicyList(in *v1beta1.PodSecurityPolicyList, out *extensions.PodSecurityPolicyList, s conversion.Scope) error {
+ return autoConvert_v1beta1_PodSecurityPolicyList_To_extensions_PodSecurityPolicyList(in, out, s)
+}
+
+func autoConvert_extensions_PodSecurityPolicyList_To_v1beta1_PodSecurityPolicyList(in *extensions.PodSecurityPolicyList, out *v1beta1.PodSecurityPolicyList, s conversion.Scope) error {
+ out.ListMeta = in.ListMeta
+ if in.Items != nil {
+ in, out := &in.Items, &out.Items
+ *out = make([]v1beta1.PodSecurityPolicy, len(*in))
+ for i := range *in {
+ if err := Convert_extensions_PodSecurityPolicy_To_v1beta1_PodSecurityPolicy(&(*in)[i], &(*out)[i], s); err != nil {
+ return err
+ }
+ }
+ } else {
+ out.Items = nil
+ }
+ return nil
+}
+
+// Convert_extensions_PodSecurityPolicyList_To_v1beta1_PodSecurityPolicyList is an autogenerated conversion function.
+func Convert_extensions_PodSecurityPolicyList_To_v1beta1_PodSecurityPolicyList(in *extensions.PodSecurityPolicyList, out *v1beta1.PodSecurityPolicyList, s conversion.Scope) error {
+ return autoConvert_extensions_PodSecurityPolicyList_To_v1beta1_PodSecurityPolicyList(in, out, s)
+}
+
+func autoConvert_v1beta1_PodSecurityPolicySpec_To_extensions_PodSecurityPolicySpec(in *v1beta1.PodSecurityPolicySpec, out *extensions.PodSecurityPolicySpec, s conversion.Scope) error {
+ out.Privileged = in.Privileged
+ out.DefaultAddCapabilities = *(*[]core.Capability)(unsafe.Pointer(&in.DefaultAddCapabilities))
+ out.RequiredDropCapabilities = *(*[]core.Capability)(unsafe.Pointer(&in.RequiredDropCapabilities))
+ out.AllowedCapabilities = *(*[]core.Capability)(unsafe.Pointer(&in.AllowedCapabilities))
+ out.Volumes = *(*[]extensions.FSType)(unsafe.Pointer(&in.Volumes))
+ out.HostNetwork = in.HostNetwork
+ out.HostPorts = *(*[]extensions.HostPortRange)(unsafe.Pointer(&in.HostPorts))
+ out.HostPID = in.HostPID
+ out.HostIPC = in.HostIPC
+ if err := Convert_v1beta1_SELinuxStrategyOptions_To_extensions_SELinuxStrategyOptions(&in.SELinux, &out.SELinux, s); err != nil {
+ return err
+ }
+ if err := Convert_v1beta1_RunAsUserStrategyOptions_To_extensions_RunAsUserStrategyOptions(&in.RunAsUser, &out.RunAsUser, s); err != nil {
+ return err
+ }
+ if err := Convert_v1beta1_SupplementalGroupsStrategyOptions_To_extensions_SupplementalGroupsStrategyOptions(&in.SupplementalGroups, &out.SupplementalGroups, s); err != nil {
+ return err
+ }
+ if err := Convert_v1beta1_FSGroupStrategyOptions_To_extensions_FSGroupStrategyOptions(&in.FSGroup, &out.FSGroup, s); err != nil {
+ return err
+ }
+ out.ReadOnlyRootFilesystem = in.ReadOnlyRootFilesystem
+ out.DefaultAllowPrivilegeEscalation = (*bool)(unsafe.Pointer(in.DefaultAllowPrivilegeEscalation))
+ if err := v1.Convert_Pointer_bool_To_bool(&in.AllowPrivilegeEscalation, &out.AllowPrivilegeEscalation, s); err != nil {
+ return err
+ }
+ out.AllowedHostPaths = *(*[]extensions.AllowedHostPath)(unsafe.Pointer(&in.AllowedHostPaths))
+ out.AllowedFlexVolumes = *(*[]extensions.AllowedFlexVolume)(unsafe.Pointer(&in.AllowedFlexVolumes))
+ return nil
+}
+
+// Convert_v1beta1_PodSecurityPolicySpec_To_extensions_PodSecurityPolicySpec is an autogenerated conversion function.
+func Convert_v1beta1_PodSecurityPolicySpec_To_extensions_PodSecurityPolicySpec(in *v1beta1.PodSecurityPolicySpec, out *extensions.PodSecurityPolicySpec, s conversion.Scope) error {
+ return autoConvert_v1beta1_PodSecurityPolicySpec_To_extensions_PodSecurityPolicySpec(in, out, s)
+}
+
+func autoConvert_extensions_PodSecurityPolicySpec_To_v1beta1_PodSecurityPolicySpec(in *extensions.PodSecurityPolicySpec, out *v1beta1.PodSecurityPolicySpec, s conversion.Scope) error {
+ out.Privileged = in.Privileged
+ out.DefaultAddCapabilities = *(*[]core_v1.Capability)(unsafe.Pointer(&in.DefaultAddCapabilities))
+ out.RequiredDropCapabilities = *(*[]core_v1.Capability)(unsafe.Pointer(&in.RequiredDropCapabilities))
+ out.AllowedCapabilities = *(*[]core_v1.Capability)(unsafe.Pointer(&in.AllowedCapabilities))
+ out.Volumes = *(*[]v1beta1.FSType)(unsafe.Pointer(&in.Volumes))
+ out.HostNetwork = in.HostNetwork
+ out.HostPorts = *(*[]v1beta1.HostPortRange)(unsafe.Pointer(&in.HostPorts))
+ out.HostPID = in.HostPID
+ out.HostIPC = in.HostIPC
+ if err := Convert_extensions_SELinuxStrategyOptions_To_v1beta1_SELinuxStrategyOptions(&in.SELinux, &out.SELinux, s); err != nil {
+ return err
+ }
+ if err := Convert_extensions_RunAsUserStrategyOptions_To_v1beta1_RunAsUserStrategyOptions(&in.RunAsUser, &out.RunAsUser, s); err != nil {
+ return err
+ }
+ if err := Convert_extensions_SupplementalGroupsStrategyOptions_To_v1beta1_SupplementalGroupsStrategyOptions(&in.SupplementalGroups, &out.SupplementalGroups, s); err != nil {
+ return err
+ }
+ if err := Convert_extensions_FSGroupStrategyOptions_To_v1beta1_FSGroupStrategyOptions(&in.FSGroup, &out.FSGroup, s); err != nil {
+ return err
+ }
+ out.ReadOnlyRootFilesystem = in.ReadOnlyRootFilesystem
+ out.DefaultAllowPrivilegeEscalation = (*bool)(unsafe.Pointer(in.DefaultAllowPrivilegeEscalation))
+ if err := v1.Convert_bool_To_Pointer_bool(&in.AllowPrivilegeEscalation, &out.AllowPrivilegeEscalation, s); err != nil {
+ return err
+ }
+ out.AllowedHostPaths = *(*[]v1beta1.AllowedHostPath)(unsafe.Pointer(&in.AllowedHostPaths))
+ out.AllowedFlexVolumes = *(*[]v1beta1.AllowedFlexVolume)(unsafe.Pointer(&in.AllowedFlexVolumes))
+ return nil
+}
+
+// Convert_extensions_PodSecurityPolicySpec_To_v1beta1_PodSecurityPolicySpec is an autogenerated conversion function.
+func Convert_extensions_PodSecurityPolicySpec_To_v1beta1_PodSecurityPolicySpec(in *extensions.PodSecurityPolicySpec, out *v1beta1.PodSecurityPolicySpec, s conversion.Scope) error {
+ return autoConvert_extensions_PodSecurityPolicySpec_To_v1beta1_PodSecurityPolicySpec(in, out, s)
+}
+
+func autoConvert_v1beta1_RunAsUserStrategyOptions_To_extensions_RunAsUserStrategyOptions(in *v1beta1.RunAsUserStrategyOptions, out *extensions.RunAsUserStrategyOptions, s conversion.Scope) error {
+ out.Rule = extensions.RunAsUserStrategy(in.Rule)
+ out.Ranges = *(*[]extensions.UserIDRange)(unsafe.Pointer(&in.Ranges))
+ return nil
+}
+
+// Convert_v1beta1_RunAsUserStrategyOptions_To_extensions_RunAsUserStrategyOptions is an autogenerated conversion function.
+func Convert_v1beta1_RunAsUserStrategyOptions_To_extensions_RunAsUserStrategyOptions(in *v1beta1.RunAsUserStrategyOptions, out *extensions.RunAsUserStrategyOptions, s conversion.Scope) error {
+ return autoConvert_v1beta1_RunAsUserStrategyOptions_To_extensions_RunAsUserStrategyOptions(in, out, s)
+}
+
+func autoConvert_extensions_RunAsUserStrategyOptions_To_v1beta1_RunAsUserStrategyOptions(in *extensions.RunAsUserStrategyOptions, out *v1beta1.RunAsUserStrategyOptions, s conversion.Scope) error {
+ out.Rule = v1beta1.RunAsUserStrategy(in.Rule)
+ out.Ranges = *(*[]v1beta1.IDRange)(unsafe.Pointer(&in.Ranges))
+ return nil
+}
+
+// Convert_extensions_RunAsUserStrategyOptions_To_v1beta1_RunAsUserStrategyOptions is an autogenerated conversion function.
+func Convert_extensions_RunAsUserStrategyOptions_To_v1beta1_RunAsUserStrategyOptions(in *extensions.RunAsUserStrategyOptions, out *v1beta1.RunAsUserStrategyOptions, s conversion.Scope) error {
+ return autoConvert_extensions_RunAsUserStrategyOptions_To_v1beta1_RunAsUserStrategyOptions(in, out, s)
+}
+
+func autoConvert_v1beta1_SELinuxStrategyOptions_To_extensions_SELinuxStrategyOptions(in *v1beta1.SELinuxStrategyOptions, out *extensions.SELinuxStrategyOptions, s conversion.Scope) error {
+ out.Rule = extensions.SELinuxStrategy(in.Rule)
+ out.SELinuxOptions = (*core.SELinuxOptions)(unsafe.Pointer(in.SELinuxOptions))
+ return nil
+}
+
+// Convert_v1beta1_SELinuxStrategyOptions_To_extensions_SELinuxStrategyOptions is an autogenerated conversion function.
+func Convert_v1beta1_SELinuxStrategyOptions_To_extensions_SELinuxStrategyOptions(in *v1beta1.SELinuxStrategyOptions, out *extensions.SELinuxStrategyOptions, s conversion.Scope) error {
+ return autoConvert_v1beta1_SELinuxStrategyOptions_To_extensions_SELinuxStrategyOptions(in, out, s)
+}
+
+func autoConvert_extensions_SELinuxStrategyOptions_To_v1beta1_SELinuxStrategyOptions(in *extensions.SELinuxStrategyOptions, out *v1beta1.SELinuxStrategyOptions, s conversion.Scope) error {
+ out.Rule = v1beta1.SELinuxStrategy(in.Rule)
+ out.SELinuxOptions = (*core_v1.SELinuxOptions)(unsafe.Pointer(in.SELinuxOptions))
+ return nil
+}
+
+// Convert_extensions_SELinuxStrategyOptions_To_v1beta1_SELinuxStrategyOptions is an autogenerated conversion function.
+func Convert_extensions_SELinuxStrategyOptions_To_v1beta1_SELinuxStrategyOptions(in *extensions.SELinuxStrategyOptions, out *v1beta1.SELinuxStrategyOptions, s conversion.Scope) error {
+ return autoConvert_extensions_SELinuxStrategyOptions_To_v1beta1_SELinuxStrategyOptions(in, out, s)
+}
+
+func autoConvert_v1beta1_SupplementalGroupsStrategyOptions_To_extensions_SupplementalGroupsStrategyOptions(in *v1beta1.SupplementalGroupsStrategyOptions, out *extensions.SupplementalGroupsStrategyOptions, s conversion.Scope) error {
+ out.Rule = extensions.SupplementalGroupsStrategyType(in.Rule)
+ out.Ranges = *(*[]extensions.GroupIDRange)(unsafe.Pointer(&in.Ranges))
+ return nil
+}
+
+// Convert_v1beta1_SupplementalGroupsStrategyOptions_To_extensions_SupplementalGroupsStrategyOptions is an autogenerated conversion function.
+func Convert_v1beta1_SupplementalGroupsStrategyOptions_To_extensions_SupplementalGroupsStrategyOptions(in *v1beta1.SupplementalGroupsStrategyOptions, out *extensions.SupplementalGroupsStrategyOptions, s conversion.Scope) error {
+ return autoConvert_v1beta1_SupplementalGroupsStrategyOptions_To_extensions_SupplementalGroupsStrategyOptions(in, out, s)
+}
+
+func autoConvert_extensions_SupplementalGroupsStrategyOptions_To_v1beta1_SupplementalGroupsStrategyOptions(in *extensions.SupplementalGroupsStrategyOptions, out *v1beta1.SupplementalGroupsStrategyOptions, s conversion.Scope) error {
+ out.Rule = v1beta1.SupplementalGroupsStrategyType(in.Rule)
+ out.Ranges = *(*[]v1beta1.IDRange)(unsafe.Pointer(&in.Ranges))
+ return nil
+}
+
+// Convert_extensions_SupplementalGroupsStrategyOptions_To_v1beta1_SupplementalGroupsStrategyOptions is an autogenerated conversion function.
+func Convert_extensions_SupplementalGroupsStrategyOptions_To_v1beta1_SupplementalGroupsStrategyOptions(in *extensions.SupplementalGroupsStrategyOptions, out *v1beta1.SupplementalGroupsStrategyOptions, s conversion.Scope) error {
+ return autoConvert_extensions_SupplementalGroupsStrategyOptions_To_v1beta1_SupplementalGroupsStrategyOptions(in, out, s)
+}
diff --git a/pkg/apis/policy/v1beta1/zz_generated.defaults.go b/pkg/apis/policy/v1beta1/zz_generated.defaults.go
index b61dda74c23..a10691c34b4 100644
--- a/pkg/apis/policy/v1beta1/zz_generated.defaults.go
+++ b/pkg/apis/policy/v1beta1/zz_generated.defaults.go
@@ -21,6 +21,7 @@ limitations under the License.
package v1beta1
import (
+ v1beta1 "k8s.io/api/policy/v1beta1"
runtime "k8s.io/apimachinery/pkg/runtime"
)
@@ -28,5 +29,18 @@ import (
// Public to allow building arbitrary schemes.
// All generated defaulters are covering - they call all nested defaulters.
func RegisterDefaults(scheme *runtime.Scheme) error {
+ scheme.AddTypeDefaultingFunc(&v1beta1.PodSecurityPolicy{}, func(obj interface{}) { SetObjectDefaults_PodSecurityPolicy(obj.(*v1beta1.PodSecurityPolicy)) })
+ scheme.AddTypeDefaultingFunc(&v1beta1.PodSecurityPolicyList{}, func(obj interface{}) { SetObjectDefaults_PodSecurityPolicyList(obj.(*v1beta1.PodSecurityPolicyList)) })
return nil
}
+
+func SetObjectDefaults_PodSecurityPolicy(in *v1beta1.PodSecurityPolicy) {
+ SetDefaults_PodSecurityPolicySpec(&in.Spec)
+}
+
+func SetObjectDefaults_PodSecurityPolicyList(in *v1beta1.PodSecurityPolicyList) {
+ for i := range in.Items {
+ a := &in.Items[i]
+ SetObjectDefaults_PodSecurityPolicy(a)
+ }
+}
diff --git a/pkg/registry/policy/rest/BUILD b/pkg/registry/policy/rest/BUILD
index 95f5a480143..904fd2078d8 100644
--- a/pkg/registry/policy/rest/BUILD
+++ b/pkg/registry/policy/rest/BUILD
@@ -12,6 +12,7 @@ go_library(
deps = [
"//pkg/api/legacyscheme:go_default_library",
"//pkg/apis/policy:go_default_library",
+ "//pkg/registry/extensions/podsecuritypolicy/storage:go_default_library",
"//pkg/registry/policy/poddisruptionbudget/storage:go_default_library",
"//vendor/k8s.io/api/policy/v1beta1:go_default_library",
"//vendor/k8s.io/apiserver/pkg/registry/generic:go_default_library",
diff --git a/staging/src/k8s.io/api/policy/v1beta1/BUILD b/staging/src/k8s.io/api/policy/v1beta1/BUILD
index 6e4a07deb67..d55d68e5d76 100644
--- a/staging/src/k8s.io/api/policy/v1beta1/BUILD
+++ b/staging/src/k8s.io/api/policy/v1beta1/BUILD
@@ -19,6 +19,7 @@ go_library(
deps = [
"//vendor/github.com/gogo/protobuf/proto:go_default_library",
"//vendor/github.com/gogo/protobuf/sortkeys:go_default_library",
+ "//vendor/k8s.io/api/core/v1:go_default_library",
"//vendor/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library",
"//vendor/k8s.io/apimachinery/pkg/runtime:go_default_library",
"//vendor/k8s.io/apimachinery/pkg/runtime/schema:go_default_library",
diff --git a/staging/src/k8s.io/api/policy/v1beta1/generated.pb.go b/staging/src/k8s.io/api/policy/v1beta1/generated.pb.go
index 4ed4d29ca6b..24bbe8975e6 100644
--- a/staging/src/k8s.io/api/policy/v1beta1/generated.pb.go
+++ b/staging/src/k8s.io/api/policy/v1beta1/generated.pb.go
@@ -25,11 +25,22 @@ limitations under the License.
k8s.io/kubernetes/vendor/k8s.io/api/policy/v1beta1/generated.proto
It has these top-level messages:
+ AllowedFlexVolume
+ AllowedHostPath
Eviction
+ FSGroupStrategyOptions
+ HostPortRange
+ IDRange
PodDisruptionBudget
PodDisruptionBudgetList
PodDisruptionBudgetSpec
PodDisruptionBudgetStatus
+ PodSecurityPolicy
+ PodSecurityPolicyList
+ PodSecurityPolicySpec
+ RunAsUserStrategyOptions
+ SELinuxStrategyOptions
+ SupplementalGroupsStrategyOptions
*/
package v1beta1
@@ -37,6 +48,7 @@ import proto "github.com/gogo/protobuf/proto"
import fmt "fmt"
import math "math"
+import k8s_io_api_core_v1 "k8s.io/api/core/v1"
import k8s_io_apimachinery_pkg_apis_meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
import k8s_io_apimachinery_pkg_util_intstr "k8s.io/apimachinery/pkg/util/intstr"
@@ -59,35 +71,138 @@ var _ = math.Inf
// proto package needs to be updated.
const _ = proto.GoGoProtoPackageIsVersion2 // please upgrade the proto package
+func (m *AllowedFlexVolume) Reset() { *m = AllowedFlexVolume{} }
+func (*AllowedFlexVolume) ProtoMessage() {}
+func (*AllowedFlexVolume) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{0} }
+
+func (m *AllowedHostPath) Reset() { *m = AllowedHostPath{} }
+func (*AllowedHostPath) ProtoMessage() {}
+func (*AllowedHostPath) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{1} }
+
func (m *Eviction) Reset() { *m = Eviction{} }
func (*Eviction) ProtoMessage() {}
-func (*Eviction) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{0} }
+func (*Eviction) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{2} }
+
+func (m *FSGroupStrategyOptions) Reset() { *m = FSGroupStrategyOptions{} }
+func (*FSGroupStrategyOptions) ProtoMessage() {}
+func (*FSGroupStrategyOptions) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{3} }
+
+func (m *HostPortRange) Reset() { *m = HostPortRange{} }
+func (*HostPortRange) ProtoMessage() {}
+func (*HostPortRange) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{4} }
+
+func (m *IDRange) Reset() { *m = IDRange{} }
+func (*IDRange) ProtoMessage() {}
+func (*IDRange) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{5} }
func (m *PodDisruptionBudget) Reset() { *m = PodDisruptionBudget{} }
func (*PodDisruptionBudget) ProtoMessage() {}
-func (*PodDisruptionBudget) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{1} }
+func (*PodDisruptionBudget) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{6} }
func (m *PodDisruptionBudgetList) Reset() { *m = PodDisruptionBudgetList{} }
func (*PodDisruptionBudgetList) ProtoMessage() {}
-func (*PodDisruptionBudgetList) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{2} }
+func (*PodDisruptionBudgetList) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{7} }
func (m *PodDisruptionBudgetSpec) Reset() { *m = PodDisruptionBudgetSpec{} }
func (*PodDisruptionBudgetSpec) ProtoMessage() {}
-func (*PodDisruptionBudgetSpec) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{3} }
+func (*PodDisruptionBudgetSpec) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{8} }
func (m *PodDisruptionBudgetStatus) Reset() { *m = PodDisruptionBudgetStatus{} }
func (*PodDisruptionBudgetStatus) ProtoMessage() {}
func (*PodDisruptionBudgetStatus) Descriptor() ([]byte, []int) {
- return fileDescriptorGenerated, []int{4}
+ return fileDescriptorGenerated, []int{9}
+}
+
+func (m *PodSecurityPolicy) Reset() { *m = PodSecurityPolicy{} }
+func (*PodSecurityPolicy) ProtoMessage() {}
+func (*PodSecurityPolicy) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{10} }
+
+func (m *PodSecurityPolicyList) Reset() { *m = PodSecurityPolicyList{} }
+func (*PodSecurityPolicyList) ProtoMessage() {}
+func (*PodSecurityPolicyList) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{11} }
+
+func (m *PodSecurityPolicySpec) Reset() { *m = PodSecurityPolicySpec{} }
+func (*PodSecurityPolicySpec) ProtoMessage() {}
+func (*PodSecurityPolicySpec) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{12} }
+
+func (m *RunAsUserStrategyOptions) Reset() { *m = RunAsUserStrategyOptions{} }
+func (*RunAsUserStrategyOptions) ProtoMessage() {}
+func (*RunAsUserStrategyOptions) Descriptor() ([]byte, []int) {
+ return fileDescriptorGenerated, []int{13}
+}
+
+func (m *SELinuxStrategyOptions) Reset() { *m = SELinuxStrategyOptions{} }
+func (*SELinuxStrategyOptions) ProtoMessage() {}
+func (*SELinuxStrategyOptions) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{14} }
+
+func (m *SupplementalGroupsStrategyOptions) Reset() { *m = SupplementalGroupsStrategyOptions{} }
+func (*SupplementalGroupsStrategyOptions) ProtoMessage() {}
+func (*SupplementalGroupsStrategyOptions) Descriptor() ([]byte, []int) {
+ return fileDescriptorGenerated, []int{15}
}
func init() {
+ proto.RegisterType((*AllowedFlexVolume)(nil), "k8s.io.api.policy.v1beta1.AllowedFlexVolume")
+ proto.RegisterType((*AllowedHostPath)(nil), "k8s.io.api.policy.v1beta1.AllowedHostPath")
proto.RegisterType((*Eviction)(nil), "k8s.io.api.policy.v1beta1.Eviction")
+ proto.RegisterType((*FSGroupStrategyOptions)(nil), "k8s.io.api.policy.v1beta1.FSGroupStrategyOptions")
+ proto.RegisterType((*HostPortRange)(nil), "k8s.io.api.policy.v1beta1.HostPortRange")
+ proto.RegisterType((*IDRange)(nil), "k8s.io.api.policy.v1beta1.IDRange")
proto.RegisterType((*PodDisruptionBudget)(nil), "k8s.io.api.policy.v1beta1.PodDisruptionBudget")
proto.RegisterType((*PodDisruptionBudgetList)(nil), "k8s.io.api.policy.v1beta1.PodDisruptionBudgetList")
proto.RegisterType((*PodDisruptionBudgetSpec)(nil), "k8s.io.api.policy.v1beta1.PodDisruptionBudgetSpec")
proto.RegisterType((*PodDisruptionBudgetStatus)(nil), "k8s.io.api.policy.v1beta1.PodDisruptionBudgetStatus")
+ proto.RegisterType((*PodSecurityPolicy)(nil), "k8s.io.api.policy.v1beta1.PodSecurityPolicy")
+ proto.RegisterType((*PodSecurityPolicyList)(nil), "k8s.io.api.policy.v1beta1.PodSecurityPolicyList")
+ proto.RegisterType((*PodSecurityPolicySpec)(nil), "k8s.io.api.policy.v1beta1.PodSecurityPolicySpec")
+ proto.RegisterType((*RunAsUserStrategyOptions)(nil), "k8s.io.api.policy.v1beta1.RunAsUserStrategyOptions")
+ proto.RegisterType((*SELinuxStrategyOptions)(nil), "k8s.io.api.policy.v1beta1.SELinuxStrategyOptions")
+ proto.RegisterType((*SupplementalGroupsStrategyOptions)(nil), "k8s.io.api.policy.v1beta1.SupplementalGroupsStrategyOptions")
}
+func (m *AllowedFlexVolume) Marshal() (dAtA []byte, err error) {
+ size := m.Size()
+ dAtA = make([]byte, size)
+ n, err := m.MarshalTo(dAtA)
+ if err != nil {
+ return nil, err
+ }
+ return dAtA[:n], nil
+}
+
+func (m *AllowedFlexVolume) MarshalTo(dAtA []byte) (int, error) {
+ var i int
+ _ = i
+ var l int
+ _ = l
+ dAtA[i] = 0xa
+ i++
+ i = encodeVarintGenerated(dAtA, i, uint64(len(m.Driver)))
+ i += copy(dAtA[i:], m.Driver)
+ return i, nil
+}
+
+func (m *AllowedHostPath) Marshal() (dAtA []byte, err error) {
+ size := m.Size()
+ dAtA = make([]byte, size)
+ n, err := m.MarshalTo(dAtA)
+ if err != nil {
+ return nil, err
+ }
+ return dAtA[:n], nil
+}
+
+func (m *AllowedHostPath) MarshalTo(dAtA []byte) (int, error) {
+ var i int
+ _ = i
+ var l int
+ _ = l
+ dAtA[i] = 0xa
+ i++
+ i = encodeVarintGenerated(dAtA, i, uint64(len(m.PathPrefix)))
+ i += copy(dAtA[i:], m.PathPrefix)
+ return i, nil
+}
+
func (m *Eviction) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
@@ -124,6 +239,88 @@ func (m *Eviction) MarshalTo(dAtA []byte) (int, error) {
return i, nil
}
+func (m *FSGroupStrategyOptions) Marshal() (dAtA []byte, err error) {
+ size := m.Size()
+ dAtA = make([]byte, size)
+ n, err := m.MarshalTo(dAtA)
+ if err != nil {
+ return nil, err
+ }
+ return dAtA[:n], nil
+}
+
+func (m *FSGroupStrategyOptions) MarshalTo(dAtA []byte) (int, error) {
+ var i int
+ _ = i
+ var l int
+ _ = l
+ dAtA[i] = 0xa
+ i++
+ i = encodeVarintGenerated(dAtA, i, uint64(len(m.Rule)))
+ i += copy(dAtA[i:], m.Rule)
+ if len(m.Ranges) > 0 {
+ for _, msg := range m.Ranges {
+ dAtA[i] = 0x12
+ i++
+ i = encodeVarintGenerated(dAtA, i, uint64(msg.Size()))
+ n, err := msg.MarshalTo(dAtA[i:])
+ if err != nil {
+ return 0, err
+ }
+ i += n
+ }
+ }
+ return i, nil
+}
+
+func (m *HostPortRange) Marshal() (dAtA []byte, err error) {
+ size := m.Size()
+ dAtA = make([]byte, size)
+ n, err := m.MarshalTo(dAtA)
+ if err != nil {
+ return nil, err
+ }
+ return dAtA[:n], nil
+}
+
+func (m *HostPortRange) MarshalTo(dAtA []byte) (int, error) {
+ var i int
+ _ = i
+ var l int
+ _ = l
+ dAtA[i] = 0x8
+ i++
+ i = encodeVarintGenerated(dAtA, i, uint64(m.Min))
+ dAtA[i] = 0x10
+ i++
+ i = encodeVarintGenerated(dAtA, i, uint64(m.Max))
+ return i, nil
+}
+
+func (m *IDRange) Marshal() (dAtA []byte, err error) {
+ size := m.Size()
+ dAtA = make([]byte, size)
+ n, err := m.MarshalTo(dAtA)
+ if err != nil {
+ return nil, err
+ }
+ return dAtA[:n], nil
+}
+
+func (m *IDRange) MarshalTo(dAtA []byte) (int, error) {
+ var i int
+ _ = i
+ var l int
+ _ = l
+ dAtA[i] = 0x8
+ i++
+ i = encodeVarintGenerated(dAtA, i, uint64(m.Min))
+ dAtA[i] = 0x10
+ i++
+ i = encodeVarintGenerated(dAtA, i, uint64(m.Max))
+ return i, nil
+}
+
func (m *PodDisruptionBudget) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
@@ -316,6 +513,390 @@ func (m *PodDisruptionBudgetStatus) MarshalTo(dAtA []byte) (int, error) {
return i, nil
}
+func (m *PodSecurityPolicy) Marshal() (dAtA []byte, err error) {
+ size := m.Size()
+ dAtA = make([]byte, size)
+ n, err := m.MarshalTo(dAtA)
+ if err != nil {
+ return nil, err
+ }
+ return dAtA[:n], nil
+}
+
+func (m *PodSecurityPolicy) MarshalTo(dAtA []byte) (int, error) {
+ var i int
+ _ = i
+ var l int
+ _ = l
+ dAtA[i] = 0xa
+ i++
+ i = encodeVarintGenerated(dAtA, i, uint64(m.ObjectMeta.Size()))
+ n11, err := m.ObjectMeta.MarshalTo(dAtA[i:])
+ if err != nil {
+ return 0, err
+ }
+ i += n11
+ dAtA[i] = 0x12
+ i++
+ i = encodeVarintGenerated(dAtA, i, uint64(m.Spec.Size()))
+ n12, err := m.Spec.MarshalTo(dAtA[i:])
+ if err != nil {
+ return 0, err
+ }
+ i += n12
+ return i, nil
+}
+
+func (m *PodSecurityPolicyList) Marshal() (dAtA []byte, err error) {
+ size := m.Size()
+ dAtA = make([]byte, size)
+ n, err := m.MarshalTo(dAtA)
+ if err != nil {
+ return nil, err
+ }
+ return dAtA[:n], nil
+}
+
+func (m *PodSecurityPolicyList) MarshalTo(dAtA []byte) (int, error) {
+ var i int
+ _ = i
+ var l int
+ _ = l
+ dAtA[i] = 0xa
+ i++
+ i = encodeVarintGenerated(dAtA, i, uint64(m.ListMeta.Size()))
+ n13, err := m.ListMeta.MarshalTo(dAtA[i:])
+ if err != nil {
+ return 0, err
+ }
+ i += n13
+ if len(m.Items) > 0 {
+ for _, msg := range m.Items {
+ dAtA[i] = 0x12
+ i++
+ i = encodeVarintGenerated(dAtA, i, uint64(msg.Size()))
+ n, err := msg.MarshalTo(dAtA[i:])
+ if err != nil {
+ return 0, err
+ }
+ i += n
+ }
+ }
+ return i, nil
+}
+
+func (m *PodSecurityPolicySpec) Marshal() (dAtA []byte, err error) {
+ size := m.Size()
+ dAtA = make([]byte, size)
+ n, err := m.MarshalTo(dAtA)
+ if err != nil {
+ return nil, err
+ }
+ return dAtA[:n], nil
+}
+
+func (m *PodSecurityPolicySpec) MarshalTo(dAtA []byte) (int, error) {
+ var i int
+ _ = i
+ var l int
+ _ = l
+ dAtA[i] = 0x8
+ i++
+ if m.Privileged {
+ dAtA[i] = 1
+ } else {
+ dAtA[i] = 0
+ }
+ i++
+ if len(m.DefaultAddCapabilities) > 0 {
+ for _, s := range m.DefaultAddCapabilities {
+ dAtA[i] = 0x12
+ i++
+ l = len(s)
+ for l >= 1<<7 {
+ dAtA[i] = uint8(uint64(l)&0x7f | 0x80)
+ l >>= 7
+ i++
+ }
+ dAtA[i] = uint8(l)
+ i++
+ i += copy(dAtA[i:], s)
+ }
+ }
+ if len(m.RequiredDropCapabilities) > 0 {
+ for _, s := range m.RequiredDropCapabilities {
+ dAtA[i] = 0x1a
+ i++
+ l = len(s)
+ for l >= 1<<7 {
+ dAtA[i] = uint8(uint64(l)&0x7f | 0x80)
+ l >>= 7
+ i++
+ }
+ dAtA[i] = uint8(l)
+ i++
+ i += copy(dAtA[i:], s)
+ }
+ }
+ if len(m.AllowedCapabilities) > 0 {
+ for _, s := range m.AllowedCapabilities {
+ dAtA[i] = 0x22
+ i++
+ l = len(s)
+ for l >= 1<<7 {
+ dAtA[i] = uint8(uint64(l)&0x7f | 0x80)
+ l >>= 7
+ i++
+ }
+ dAtA[i] = uint8(l)
+ i++
+ i += copy(dAtA[i:], s)
+ }
+ }
+ if len(m.Volumes) > 0 {
+ for _, s := range m.Volumes {
+ dAtA[i] = 0x2a
+ i++
+ l = len(s)
+ for l >= 1<<7 {
+ dAtA[i] = uint8(uint64(l)&0x7f | 0x80)
+ l >>= 7
+ i++
+ }
+ dAtA[i] = uint8(l)
+ i++
+ i += copy(dAtA[i:], s)
+ }
+ }
+ dAtA[i] = 0x30
+ i++
+ if m.HostNetwork {
+ dAtA[i] = 1
+ } else {
+ dAtA[i] = 0
+ }
+ i++
+ if len(m.HostPorts) > 0 {
+ for _, msg := range m.HostPorts {
+ dAtA[i] = 0x3a
+ i++
+ i = encodeVarintGenerated(dAtA, i, uint64(msg.Size()))
+ n, err := msg.MarshalTo(dAtA[i:])
+ if err != nil {
+ return 0, err
+ }
+ i += n
+ }
+ }
+ dAtA[i] = 0x40
+ i++
+ if m.HostPID {
+ dAtA[i] = 1
+ } else {
+ dAtA[i] = 0
+ }
+ i++
+ dAtA[i] = 0x48
+ i++
+ if m.HostIPC {
+ dAtA[i] = 1
+ } else {
+ dAtA[i] = 0
+ }
+ i++
+ dAtA[i] = 0x52
+ i++
+ i = encodeVarintGenerated(dAtA, i, uint64(m.SELinux.Size()))
+ n14, err := m.SELinux.MarshalTo(dAtA[i:])
+ if err != nil {
+ return 0, err
+ }
+ i += n14
+ dAtA[i] = 0x5a
+ i++
+ i = encodeVarintGenerated(dAtA, i, uint64(m.RunAsUser.Size()))
+ n15, err := m.RunAsUser.MarshalTo(dAtA[i:])
+ if err != nil {
+ return 0, err
+ }
+ i += n15
+ dAtA[i] = 0x62
+ i++
+ i = encodeVarintGenerated(dAtA, i, uint64(m.SupplementalGroups.Size()))
+ n16, err := m.SupplementalGroups.MarshalTo(dAtA[i:])
+ if err != nil {
+ return 0, err
+ }
+ i += n16
+ dAtA[i] = 0x6a
+ i++
+ i = encodeVarintGenerated(dAtA, i, uint64(m.FSGroup.Size()))
+ n17, err := m.FSGroup.MarshalTo(dAtA[i:])
+ if err != nil {
+ return 0, err
+ }
+ i += n17
+ dAtA[i] = 0x70
+ i++
+ if m.ReadOnlyRootFilesystem {
+ dAtA[i] = 1
+ } else {
+ dAtA[i] = 0
+ }
+ i++
+ if m.DefaultAllowPrivilegeEscalation != nil {
+ dAtA[i] = 0x78
+ i++
+ if *m.DefaultAllowPrivilegeEscalation {
+ dAtA[i] = 1
+ } else {
+ dAtA[i] = 0
+ }
+ i++
+ }
+ if m.AllowPrivilegeEscalation != nil {
+ dAtA[i] = 0x80
+ i++
+ dAtA[i] = 0x1
+ i++
+ if *m.AllowPrivilegeEscalation {
+ dAtA[i] = 1
+ } else {
+ dAtA[i] = 0
+ }
+ i++
+ }
+ if len(m.AllowedHostPaths) > 0 {
+ for _, msg := range m.AllowedHostPaths {
+ dAtA[i] = 0x8a
+ i++
+ dAtA[i] = 0x1
+ i++
+ i = encodeVarintGenerated(dAtA, i, uint64(msg.Size()))
+ n, err := msg.MarshalTo(dAtA[i:])
+ if err != nil {
+ return 0, err
+ }
+ i += n
+ }
+ }
+ if len(m.AllowedFlexVolumes) > 0 {
+ for _, msg := range m.AllowedFlexVolumes {
+ dAtA[i] = 0x92
+ i++
+ dAtA[i] = 0x1
+ i++
+ i = encodeVarintGenerated(dAtA, i, uint64(msg.Size()))
+ n, err := msg.MarshalTo(dAtA[i:])
+ if err != nil {
+ return 0, err
+ }
+ i += n
+ }
+ }
+ return i, nil
+}
+
+func (m *RunAsUserStrategyOptions) Marshal() (dAtA []byte, err error) {
+ size := m.Size()
+ dAtA = make([]byte, size)
+ n, err := m.MarshalTo(dAtA)
+ if err != nil {
+ return nil, err
+ }
+ return dAtA[:n], nil
+}
+
+func (m *RunAsUserStrategyOptions) MarshalTo(dAtA []byte) (int, error) {
+ var i int
+ _ = i
+ var l int
+ _ = l
+ dAtA[i] = 0xa
+ i++
+ i = encodeVarintGenerated(dAtA, i, uint64(len(m.Rule)))
+ i += copy(dAtA[i:], m.Rule)
+ if len(m.Ranges) > 0 {
+ for _, msg := range m.Ranges {
+ dAtA[i] = 0x12
+ i++
+ i = encodeVarintGenerated(dAtA, i, uint64(msg.Size()))
+ n, err := msg.MarshalTo(dAtA[i:])
+ if err != nil {
+ return 0, err
+ }
+ i += n
+ }
+ }
+ return i, nil
+}
+
+func (m *SELinuxStrategyOptions) Marshal() (dAtA []byte, err error) {
+ size := m.Size()
+ dAtA = make([]byte, size)
+ n, err := m.MarshalTo(dAtA)
+ if err != nil {
+ return nil, err
+ }
+ return dAtA[:n], nil
+}
+
+func (m *SELinuxStrategyOptions) MarshalTo(dAtA []byte) (int, error) {
+ var i int
+ _ = i
+ var l int
+ _ = l
+ dAtA[i] = 0xa
+ i++
+ i = encodeVarintGenerated(dAtA, i, uint64(len(m.Rule)))
+ i += copy(dAtA[i:], m.Rule)
+ if m.SELinuxOptions != nil {
+ dAtA[i] = 0x12
+ i++
+ i = encodeVarintGenerated(dAtA, i, uint64(m.SELinuxOptions.Size()))
+ n18, err := m.SELinuxOptions.MarshalTo(dAtA[i:])
+ if err != nil {
+ return 0, err
+ }
+ i += n18
+ }
+ return i, nil
+}
+
+func (m *SupplementalGroupsStrategyOptions) Marshal() (dAtA []byte, err error) {
+ size := m.Size()
+ dAtA = make([]byte, size)
+ n, err := m.MarshalTo(dAtA)
+ if err != nil {
+ return nil, err
+ }
+ return dAtA[:n], nil
+}
+
+func (m *SupplementalGroupsStrategyOptions) MarshalTo(dAtA []byte) (int, error) {
+ var i int
+ _ = i
+ var l int
+ _ = l
+ dAtA[i] = 0xa
+ i++
+ i = encodeVarintGenerated(dAtA, i, uint64(len(m.Rule)))
+ i += copy(dAtA[i:], m.Rule)
+ if len(m.Ranges) > 0 {
+ for _, msg := range m.Ranges {
+ dAtA[i] = 0x12
+ i++
+ i = encodeVarintGenerated(dAtA, i, uint64(msg.Size()))
+ n, err := msg.MarshalTo(dAtA[i:])
+ if err != nil {
+ return 0, err
+ }
+ i += n
+ }
+ }
+ return i, nil
+}
+
func encodeFixed64Generated(dAtA []byte, offset int, v uint64) int {
dAtA[offset] = uint8(v)
dAtA[offset+1] = uint8(v >> 8)
@@ -343,6 +924,22 @@ func encodeVarintGenerated(dAtA []byte, offset int, v uint64) int {
dAtA[offset] = uint8(v)
return offset + 1
}
+func (m *AllowedFlexVolume) Size() (n int) {
+ var l int
+ _ = l
+ l = len(m.Driver)
+ n += 1 + l + sovGenerated(uint64(l))
+ return n
+}
+
+func (m *AllowedHostPath) Size() (n int) {
+ var l int
+ _ = l
+ l = len(m.PathPrefix)
+ n += 1 + l + sovGenerated(uint64(l))
+ return n
+}
+
func (m *Eviction) Size() (n int) {
var l int
_ = l
@@ -355,6 +952,36 @@ func (m *Eviction) Size() (n int) {
return n
}
+func (m *FSGroupStrategyOptions) Size() (n int) {
+ var l int
+ _ = l
+ l = len(m.Rule)
+ n += 1 + l + sovGenerated(uint64(l))
+ if len(m.Ranges) > 0 {
+ for _, e := range m.Ranges {
+ l = e.Size()
+ n += 1 + l + sovGenerated(uint64(l))
+ }
+ }
+ return n
+}
+
+func (m *HostPortRange) Size() (n int) {
+ var l int
+ _ = l
+ n += 1 + sovGenerated(uint64(m.Min))
+ n += 1 + sovGenerated(uint64(m.Max))
+ return n
+}
+
+func (m *IDRange) Size() (n int) {
+ var l int
+ _ = l
+ n += 1 + sovGenerated(uint64(m.Min))
+ n += 1 + sovGenerated(uint64(m.Max))
+ return n
+}
+
func (m *PodDisruptionBudget) Size() (n int) {
var l int
_ = l
@@ -419,6 +1046,137 @@ func (m *PodDisruptionBudgetStatus) Size() (n int) {
return n
}
+func (m *PodSecurityPolicy) Size() (n int) {
+ var l int
+ _ = l
+ l = m.ObjectMeta.Size()
+ n += 1 + l + sovGenerated(uint64(l))
+ l = m.Spec.Size()
+ n += 1 + l + sovGenerated(uint64(l))
+ return n
+}
+
+func (m *PodSecurityPolicyList) Size() (n int) {
+ var l int
+ _ = l
+ l = m.ListMeta.Size()
+ n += 1 + l + sovGenerated(uint64(l))
+ if len(m.Items) > 0 {
+ for _, e := range m.Items {
+ l = e.Size()
+ n += 1 + l + sovGenerated(uint64(l))
+ }
+ }
+ return n
+}
+
+func (m *PodSecurityPolicySpec) Size() (n int) {
+ var l int
+ _ = l
+ n += 2
+ if len(m.DefaultAddCapabilities) > 0 {
+ for _, s := range m.DefaultAddCapabilities {
+ l = len(s)
+ n += 1 + l + sovGenerated(uint64(l))
+ }
+ }
+ if len(m.RequiredDropCapabilities) > 0 {
+ for _, s := range m.RequiredDropCapabilities {
+ l = len(s)
+ n += 1 + l + sovGenerated(uint64(l))
+ }
+ }
+ if len(m.AllowedCapabilities) > 0 {
+ for _, s := range m.AllowedCapabilities {
+ l = len(s)
+ n += 1 + l + sovGenerated(uint64(l))
+ }
+ }
+ if len(m.Volumes) > 0 {
+ for _, s := range m.Volumes {
+ l = len(s)
+ n += 1 + l + sovGenerated(uint64(l))
+ }
+ }
+ n += 2
+ if len(m.HostPorts) > 0 {
+ for _, e := range m.HostPorts {
+ l = e.Size()
+ n += 1 + l + sovGenerated(uint64(l))
+ }
+ }
+ n += 2
+ n += 2
+ l = m.SELinux.Size()
+ n += 1 + l + sovGenerated(uint64(l))
+ l = m.RunAsUser.Size()
+ n += 1 + l + sovGenerated(uint64(l))
+ l = m.SupplementalGroups.Size()
+ n += 1 + l + sovGenerated(uint64(l))
+ l = m.FSGroup.Size()
+ n += 1 + l + sovGenerated(uint64(l))
+ n += 2
+ if m.DefaultAllowPrivilegeEscalation != nil {
+ n += 2
+ }
+ if m.AllowPrivilegeEscalation != nil {
+ n += 3
+ }
+ if len(m.AllowedHostPaths) > 0 {
+ for _, e := range m.AllowedHostPaths {
+ l = e.Size()
+ n += 2 + l + sovGenerated(uint64(l))
+ }
+ }
+ if len(m.AllowedFlexVolumes) > 0 {
+ for _, e := range m.AllowedFlexVolumes {
+ l = e.Size()
+ n += 2 + l + sovGenerated(uint64(l))
+ }
+ }
+ return n
+}
+
+func (m *RunAsUserStrategyOptions) Size() (n int) {
+ var l int
+ _ = l
+ l = len(m.Rule)
+ n += 1 + l + sovGenerated(uint64(l))
+ if len(m.Ranges) > 0 {
+ for _, e := range m.Ranges {
+ l = e.Size()
+ n += 1 + l + sovGenerated(uint64(l))
+ }
+ }
+ return n
+}
+
+func (m *SELinuxStrategyOptions) Size() (n int) {
+ var l int
+ _ = l
+ l = len(m.Rule)
+ n += 1 + l + sovGenerated(uint64(l))
+ if m.SELinuxOptions != nil {
+ l = m.SELinuxOptions.Size()
+ n += 1 + l + sovGenerated(uint64(l))
+ }
+ return n
+}
+
+func (m *SupplementalGroupsStrategyOptions) Size() (n int) {
+ var l int
+ _ = l
+ l = len(m.Rule)
+ n += 1 + l + sovGenerated(uint64(l))
+ if len(m.Ranges) > 0 {
+ for _, e := range m.Ranges {
+ l = e.Size()
+ n += 1 + l + sovGenerated(uint64(l))
+ }
+ }
+ return n
+}
+
func sovGenerated(x uint64) (n int) {
for {
n++
@@ -432,6 +1190,26 @@ func sovGenerated(x uint64) (n int) {
func sozGenerated(x uint64) (n int) {
return sovGenerated(uint64((x << 1) ^ uint64((int64(x) >> 63))))
}
+func (this *AllowedFlexVolume) String() string {
+ if this == nil {
+ return "nil"
+ }
+ s := strings.Join([]string{`&AllowedFlexVolume{`,
+ `Driver:` + fmt.Sprintf("%v", this.Driver) + `,`,
+ `}`,
+ }, "")
+ return s
+}
+func (this *AllowedHostPath) String() string {
+ if this == nil {
+ return "nil"
+ }
+ s := strings.Join([]string{`&AllowedHostPath{`,
+ `PathPrefix:` + fmt.Sprintf("%v", this.PathPrefix) + `,`,
+ `}`,
+ }, "")
+ return s
+}
func (this *Eviction) String() string {
if this == nil {
return "nil"
@@ -443,6 +1221,39 @@ func (this *Eviction) String() string {
}, "")
return s
}
+func (this *FSGroupStrategyOptions) String() string {
+ if this == nil {
+ return "nil"
+ }
+ s := strings.Join([]string{`&FSGroupStrategyOptions{`,
+ `Rule:` + fmt.Sprintf("%v", this.Rule) + `,`,
+ `Ranges:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.Ranges), "IDRange", "IDRange", 1), `&`, ``, 1) + `,`,
+ `}`,
+ }, "")
+ return s
+}
+func (this *HostPortRange) String() string {
+ if this == nil {
+ return "nil"
+ }
+ s := strings.Join([]string{`&HostPortRange{`,
+ `Min:` + fmt.Sprintf("%v", this.Min) + `,`,
+ `Max:` + fmt.Sprintf("%v", this.Max) + `,`,
+ `}`,
+ }, "")
+ return s
+}
+func (this *IDRange) String() string {
+ if this == nil {
+ return "nil"
+ }
+ s := strings.Join([]string{`&IDRange{`,
+ `Min:` + fmt.Sprintf("%v", this.Min) + `,`,
+ `Max:` + fmt.Sprintf("%v", this.Max) + `,`,
+ `}`,
+ }, "")
+ return s
+}
func (this *PodDisruptionBudget) String() string {
if this == nil {
return "nil"
@@ -503,6 +1314,88 @@ func (this *PodDisruptionBudgetStatus) String() string {
}, "")
return s
}
+func (this *PodSecurityPolicy) String() string {
+ if this == nil {
+ return "nil"
+ }
+ s := strings.Join([]string{`&PodSecurityPolicy{`,
+ `ObjectMeta:` + strings.Replace(strings.Replace(this.ObjectMeta.String(), "ObjectMeta", "k8s_io_apimachinery_pkg_apis_meta_v1.ObjectMeta", 1), `&`, ``, 1) + `,`,
+ `Spec:` + strings.Replace(strings.Replace(this.Spec.String(), "PodSecurityPolicySpec", "PodSecurityPolicySpec", 1), `&`, ``, 1) + `,`,
+ `}`,
+ }, "")
+ return s
+}
+func (this *PodSecurityPolicyList) String() string {
+ if this == nil {
+ return "nil"
+ }
+ s := strings.Join([]string{`&PodSecurityPolicyList{`,
+ `ListMeta:` + strings.Replace(strings.Replace(this.ListMeta.String(), "ListMeta", "k8s_io_apimachinery_pkg_apis_meta_v1.ListMeta", 1), `&`, ``, 1) + `,`,
+ `Items:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.Items), "PodSecurityPolicy", "PodSecurityPolicy", 1), `&`, ``, 1) + `,`,
+ `}`,
+ }, "")
+ return s
+}
+func (this *PodSecurityPolicySpec) String() string {
+ if this == nil {
+ return "nil"
+ }
+ s := strings.Join([]string{`&PodSecurityPolicySpec{`,
+ `Privileged:` + fmt.Sprintf("%v", this.Privileged) + `,`,
+ `DefaultAddCapabilities:` + fmt.Sprintf("%v", this.DefaultAddCapabilities) + `,`,
+ `RequiredDropCapabilities:` + fmt.Sprintf("%v", this.RequiredDropCapabilities) + `,`,
+ `AllowedCapabilities:` + fmt.Sprintf("%v", this.AllowedCapabilities) + `,`,
+ `Volumes:` + fmt.Sprintf("%v", this.Volumes) + `,`,
+ `HostNetwork:` + fmt.Sprintf("%v", this.HostNetwork) + `,`,
+ `HostPorts:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.HostPorts), "HostPortRange", "HostPortRange", 1), `&`, ``, 1) + `,`,
+ `HostPID:` + fmt.Sprintf("%v", this.HostPID) + `,`,
+ `HostIPC:` + fmt.Sprintf("%v", this.HostIPC) + `,`,
+ `SELinux:` + strings.Replace(strings.Replace(this.SELinux.String(), "SELinuxStrategyOptions", "SELinuxStrategyOptions", 1), `&`, ``, 1) + `,`,
+ `RunAsUser:` + strings.Replace(strings.Replace(this.RunAsUser.String(), "RunAsUserStrategyOptions", "RunAsUserStrategyOptions", 1), `&`, ``, 1) + `,`,
+ `SupplementalGroups:` + strings.Replace(strings.Replace(this.SupplementalGroups.String(), "SupplementalGroupsStrategyOptions", "SupplementalGroupsStrategyOptions", 1), `&`, ``, 1) + `,`,
+ `FSGroup:` + strings.Replace(strings.Replace(this.FSGroup.String(), "FSGroupStrategyOptions", "FSGroupStrategyOptions", 1), `&`, ``, 1) + `,`,
+ `ReadOnlyRootFilesystem:` + fmt.Sprintf("%v", this.ReadOnlyRootFilesystem) + `,`,
+ `DefaultAllowPrivilegeEscalation:` + valueToStringGenerated(this.DefaultAllowPrivilegeEscalation) + `,`,
+ `AllowPrivilegeEscalation:` + valueToStringGenerated(this.AllowPrivilegeEscalation) + `,`,
+ `AllowedHostPaths:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.AllowedHostPaths), "AllowedHostPath", "AllowedHostPath", 1), `&`, ``, 1) + `,`,
+ `AllowedFlexVolumes:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.AllowedFlexVolumes), "AllowedFlexVolume", "AllowedFlexVolume", 1), `&`, ``, 1) + `,`,
+ `}`,
+ }, "")
+ return s
+}
+func (this *RunAsUserStrategyOptions) String() string {
+ if this == nil {
+ return "nil"
+ }
+ s := strings.Join([]string{`&RunAsUserStrategyOptions{`,
+ `Rule:` + fmt.Sprintf("%v", this.Rule) + `,`,
+ `Ranges:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.Ranges), "IDRange", "IDRange", 1), `&`, ``, 1) + `,`,
+ `}`,
+ }, "")
+ return s
+}
+func (this *SELinuxStrategyOptions) String() string {
+ if this == nil {
+ return "nil"
+ }
+ s := strings.Join([]string{`&SELinuxStrategyOptions{`,
+ `Rule:` + fmt.Sprintf("%v", this.Rule) + `,`,
+ `SELinuxOptions:` + strings.Replace(fmt.Sprintf("%v", this.SELinuxOptions), "SELinuxOptions", "k8s_io_api_core_v1.SELinuxOptions", 1) + `,`,
+ `}`,
+ }, "")
+ return s
+}
+func (this *SupplementalGroupsStrategyOptions) String() string {
+ if this == nil {
+ return "nil"
+ }
+ s := strings.Join([]string{`&SupplementalGroupsStrategyOptions{`,
+ `Rule:` + fmt.Sprintf("%v", this.Rule) + `,`,
+ `Ranges:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.Ranges), "IDRange", "IDRange", 1), `&`, ``, 1) + `,`,
+ `}`,
+ }, "")
+ return s
+}
func valueToStringGenerated(v interface{}) string {
rv := reflect.ValueOf(v)
if rv.IsNil() {
@@ -511,6 +1404,164 @@ func valueToStringGenerated(v interface{}) string {
pv := reflect.Indirect(rv).Interface()
return fmt.Sprintf("*%v", pv)
}
+func (m *AllowedFlexVolume) Unmarshal(dAtA []byte) error {
+ l := len(dAtA)
+ iNdEx := 0
+ for iNdEx < l {
+ preIndex := iNdEx
+ var wire uint64
+ for shift := uint(0); ; shift += 7 {
+ if shift >= 64 {
+ return ErrIntOverflowGenerated
+ }
+ if iNdEx >= l {
+ return io.ErrUnexpectedEOF
+ }
+ b := dAtA[iNdEx]
+ iNdEx++
+ wire |= (uint64(b) & 0x7F) << shift
+ if b < 0x80 {
+ break
+ }
+ }
+ fieldNum := int32(wire >> 3)
+ wireType := int(wire & 0x7)
+ if wireType == 4 {
+ return fmt.Errorf("proto: AllowedFlexVolume: wiretype end group for non-group")
+ }
+ if fieldNum <= 0 {
+ return fmt.Errorf("proto: AllowedFlexVolume: illegal tag %d (wire type %d)", fieldNum, wire)
+ }
+ switch fieldNum {
+ case 1:
+ if wireType != 2 {
+ return fmt.Errorf("proto: wrong wireType = %d for field Driver", wireType)
+ }
+ var stringLen uint64
+ for shift := uint(0); ; shift += 7 {
+ if shift >= 64 {
+ return ErrIntOverflowGenerated
+ }
+ if iNdEx >= l {
+ return io.ErrUnexpectedEOF
+ }
+ b := dAtA[iNdEx]
+ iNdEx++
+ stringLen |= (uint64(b) & 0x7F) << shift
+ if b < 0x80 {
+ break
+ }
+ }
+ intStringLen := int(stringLen)
+ if intStringLen < 0 {
+ return ErrInvalidLengthGenerated
+ }
+ postIndex := iNdEx + intStringLen
+ if postIndex > l {
+ return io.ErrUnexpectedEOF
+ }
+ m.Driver = string(dAtA[iNdEx:postIndex])
+ iNdEx = postIndex
+ default:
+ iNdEx = preIndex
+ skippy, err := skipGenerated(dAtA[iNdEx:])
+ if err != nil {
+ return err
+ }
+ if skippy < 0 {
+ return ErrInvalidLengthGenerated
+ }
+ if (iNdEx + skippy) > l {
+ return io.ErrUnexpectedEOF
+ }
+ iNdEx += skippy
+ }
+ }
+
+ if iNdEx > l {
+ return io.ErrUnexpectedEOF
+ }
+ return nil
+}
+func (m *AllowedHostPath) Unmarshal(dAtA []byte) error {
+ l := len(dAtA)
+ iNdEx := 0
+ for iNdEx < l {
+ preIndex := iNdEx
+ var wire uint64
+ for shift := uint(0); ; shift += 7 {
+ if shift >= 64 {
+ return ErrIntOverflowGenerated
+ }
+ if iNdEx >= l {
+ return io.ErrUnexpectedEOF
+ }
+ b := dAtA[iNdEx]
+ iNdEx++
+ wire |= (uint64(b) & 0x7F) << shift
+ if b < 0x80 {
+ break
+ }
+ }
+ fieldNum := int32(wire >> 3)
+ wireType := int(wire & 0x7)
+ if wireType == 4 {
+ return fmt.Errorf("proto: AllowedHostPath: wiretype end group for non-group")
+ }
+ if fieldNum <= 0 {
+ return fmt.Errorf("proto: AllowedHostPath: illegal tag %d (wire type %d)", fieldNum, wire)
+ }
+ switch fieldNum {
+ case 1:
+ if wireType != 2 {
+ return fmt.Errorf("proto: wrong wireType = %d for field PathPrefix", wireType)
+ }
+ var stringLen uint64
+ for shift := uint(0); ; shift += 7 {
+ if shift >= 64 {
+ return ErrIntOverflowGenerated
+ }
+ if iNdEx >= l {
+ return io.ErrUnexpectedEOF
+ }
+ b := dAtA[iNdEx]
+ iNdEx++
+ stringLen |= (uint64(b) & 0x7F) << shift
+ if b < 0x80 {
+ break
+ }
+ }
+ intStringLen := int(stringLen)
+ if intStringLen < 0 {
+ return ErrInvalidLengthGenerated
+ }
+ postIndex := iNdEx + intStringLen
+ if postIndex > l {
+ return io.ErrUnexpectedEOF
+ }
+ m.PathPrefix = string(dAtA[iNdEx:postIndex])
+ iNdEx = postIndex
+ default:
+ iNdEx = preIndex
+ skippy, err := skipGenerated(dAtA[iNdEx:])
+ if err != nil {
+ return err
+ }
+ if skippy < 0 {
+ return ErrInvalidLengthGenerated
+ }
+ if (iNdEx + skippy) > l {
+ return io.ErrUnexpectedEOF
+ }
+ iNdEx += skippy
+ }
+ }
+
+ if iNdEx > l {
+ return io.ErrUnexpectedEOF
+ }
+ return nil
+}
func (m *Eviction) Unmarshal(dAtA []byte) error {
l := len(dAtA)
iNdEx := 0
@@ -624,6 +1675,292 @@ func (m *Eviction) Unmarshal(dAtA []byte) error {
}
return nil
}
+func (m *FSGroupStrategyOptions) Unmarshal(dAtA []byte) error {
+ l := len(dAtA)
+ iNdEx := 0
+ for iNdEx < l {
+ preIndex := iNdEx
+ var wire uint64
+ for shift := uint(0); ; shift += 7 {
+ if shift >= 64 {
+ return ErrIntOverflowGenerated
+ }
+ if iNdEx >= l {
+ return io.ErrUnexpectedEOF
+ }
+ b := dAtA[iNdEx]
+ iNdEx++
+ wire |= (uint64(b) & 0x7F) << shift
+ if b < 0x80 {
+ break
+ }
+ }
+ fieldNum := int32(wire >> 3)
+ wireType := int(wire & 0x7)
+ if wireType == 4 {
+ return fmt.Errorf("proto: FSGroupStrategyOptions: wiretype end group for non-group")
+ }
+ if fieldNum <= 0 {
+ return fmt.Errorf("proto: FSGroupStrategyOptions: illegal tag %d (wire type %d)", fieldNum, wire)
+ }
+ switch fieldNum {
+ case 1:
+ if wireType != 2 {
+ return fmt.Errorf("proto: wrong wireType = %d for field Rule", wireType)
+ }
+ var stringLen uint64
+ for shift := uint(0); ; shift += 7 {
+ if shift >= 64 {
+ return ErrIntOverflowGenerated
+ }
+ if iNdEx >= l {
+ return io.ErrUnexpectedEOF
+ }
+ b := dAtA[iNdEx]
+ iNdEx++
+ stringLen |= (uint64(b) & 0x7F) << shift
+ if b < 0x80 {
+ break
+ }
+ }
+ intStringLen := int(stringLen)
+ if intStringLen < 0 {
+ return ErrInvalidLengthGenerated
+ }
+ postIndex := iNdEx + intStringLen
+ if postIndex > l {
+ return io.ErrUnexpectedEOF
+ }
+ m.Rule = FSGroupStrategyType(dAtA[iNdEx:postIndex])
+ iNdEx = postIndex
+ case 2:
+ if wireType != 2 {
+ return fmt.Errorf("proto: wrong wireType = %d for field Ranges", wireType)
+ }
+ var msglen int
+ for shift := uint(0); ; shift += 7 {
+ if shift >= 64 {
+ return ErrIntOverflowGenerated
+ }
+ if iNdEx >= l {
+ return io.ErrUnexpectedEOF
+ }
+ b := dAtA[iNdEx]
+ iNdEx++
+ msglen |= (int(b) & 0x7F) << shift
+ if b < 0x80 {
+ break
+ }
+ }
+ if msglen < 0 {
+ return ErrInvalidLengthGenerated
+ }
+ postIndex := iNdEx + msglen
+ if postIndex > l {
+ return io.ErrUnexpectedEOF
+ }
+ m.Ranges = append(m.Ranges, IDRange{})
+ if err := m.Ranges[len(m.Ranges)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+ return err
+ }
+ iNdEx = postIndex
+ default:
+ iNdEx = preIndex
+ skippy, err := skipGenerated(dAtA[iNdEx:])
+ if err != nil {
+ return err
+ }
+ if skippy < 0 {
+ return ErrInvalidLengthGenerated
+ }
+ if (iNdEx + skippy) > l {
+ return io.ErrUnexpectedEOF
+ }
+ iNdEx += skippy
+ }
+ }
+
+ if iNdEx > l {
+ return io.ErrUnexpectedEOF
+ }
+ return nil
+}
+func (m *HostPortRange) Unmarshal(dAtA []byte) error {
+ l := len(dAtA)
+ iNdEx := 0
+ for iNdEx < l {
+ preIndex := iNdEx
+ var wire uint64
+ for shift := uint(0); ; shift += 7 {
+ if shift >= 64 {
+ return ErrIntOverflowGenerated
+ }
+ if iNdEx >= l {
+ return io.ErrUnexpectedEOF
+ }
+ b := dAtA[iNdEx]
+ iNdEx++
+ wire |= (uint64(b) & 0x7F) << shift
+ if b < 0x80 {
+ break
+ }
+ }
+ fieldNum := int32(wire >> 3)
+ wireType := int(wire & 0x7)
+ if wireType == 4 {
+ return fmt.Errorf("proto: HostPortRange: wiretype end group for non-group")
+ }
+ if fieldNum <= 0 {
+ return fmt.Errorf("proto: HostPortRange: illegal tag %d (wire type %d)", fieldNum, wire)
+ }
+ switch fieldNum {
+ case 1:
+ if wireType != 0 {
+ return fmt.Errorf("proto: wrong wireType = %d for field Min", wireType)
+ }
+ m.Min = 0
+ for shift := uint(0); ; shift += 7 {
+ if shift >= 64 {
+ return ErrIntOverflowGenerated
+ }
+ if iNdEx >= l {
+ return io.ErrUnexpectedEOF
+ }
+ b := dAtA[iNdEx]
+ iNdEx++
+ m.Min |= (int32(b) & 0x7F) << shift
+ if b < 0x80 {
+ break
+ }
+ }
+ case 2:
+ if wireType != 0 {
+ return fmt.Errorf("proto: wrong wireType = %d for field Max", wireType)
+ }
+ m.Max = 0
+ for shift := uint(0); ; shift += 7 {
+ if shift >= 64 {
+ return ErrIntOverflowGenerated
+ }
+ if iNdEx >= l {
+ return io.ErrUnexpectedEOF
+ }
+ b := dAtA[iNdEx]
+ iNdEx++
+ m.Max |= (int32(b) & 0x7F) << shift
+ if b < 0x80 {
+ break
+ }
+ }
+ default:
+ iNdEx = preIndex
+ skippy, err := skipGenerated(dAtA[iNdEx:])
+ if err != nil {
+ return err
+ }
+ if skippy < 0 {
+ return ErrInvalidLengthGenerated
+ }
+ if (iNdEx + skippy) > l {
+ return io.ErrUnexpectedEOF
+ }
+ iNdEx += skippy
+ }
+ }
+
+ if iNdEx > l {
+ return io.ErrUnexpectedEOF
+ }
+ return nil
+}
+func (m *IDRange) Unmarshal(dAtA []byte) error {
+ l := len(dAtA)
+ iNdEx := 0
+ for iNdEx < l {
+ preIndex := iNdEx
+ var wire uint64
+ for shift := uint(0); ; shift += 7 {
+ if shift >= 64 {
+ return ErrIntOverflowGenerated
+ }
+ if iNdEx >= l {
+ return io.ErrUnexpectedEOF
+ }
+ b := dAtA[iNdEx]
+ iNdEx++
+ wire |= (uint64(b) & 0x7F) << shift
+ if b < 0x80 {
+ break
+ }
+ }
+ fieldNum := int32(wire >> 3)
+ wireType := int(wire & 0x7)
+ if wireType == 4 {
+ return fmt.Errorf("proto: IDRange: wiretype end group for non-group")
+ }
+ if fieldNum <= 0 {
+ return fmt.Errorf("proto: IDRange: illegal tag %d (wire type %d)", fieldNum, wire)
+ }
+ switch fieldNum {
+ case 1:
+ if wireType != 0 {
+ return fmt.Errorf("proto: wrong wireType = %d for field Min", wireType)
+ }
+ m.Min = 0
+ for shift := uint(0); ; shift += 7 {
+ if shift >= 64 {
+ return ErrIntOverflowGenerated
+ }
+ if iNdEx >= l {
+ return io.ErrUnexpectedEOF
+ }
+ b := dAtA[iNdEx]
+ iNdEx++
+ m.Min |= (int64(b) & 0x7F) << shift
+ if b < 0x80 {
+ break
+ }
+ }
+ case 2:
+ if wireType != 0 {
+ return fmt.Errorf("proto: wrong wireType = %d for field Max", wireType)
+ }
+ m.Max = 0
+ for shift := uint(0); ; shift += 7 {
+ if shift >= 64 {
+ return ErrIntOverflowGenerated
+ }
+ if iNdEx >= l {
+ return io.ErrUnexpectedEOF
+ }
+ b := dAtA[iNdEx]
+ iNdEx++
+ m.Max |= (int64(b) & 0x7F) << shift
+ if b < 0x80 {
+ break
+ }
+ }
+ default:
+ iNdEx = preIndex
+ skippy, err := skipGenerated(dAtA[iNdEx:])
+ if err != nil {
+ return err
+ }
+ if skippy < 0 {
+ return ErrInvalidLengthGenerated
+ }
+ if (iNdEx + skippy) > l {
+ return io.ErrUnexpectedEOF
+ }
+ iNdEx += skippy
+ }
+ }
+
+ if iNdEx > l {
+ return io.ErrUnexpectedEOF
+ }
+ return nil
+}
func (m *PodDisruptionBudget) Unmarshal(dAtA []byte) error {
l := len(dAtA)
iNdEx := 0
@@ -1290,6 +2627,1080 @@ func (m *PodDisruptionBudgetStatus) Unmarshal(dAtA []byte) error {
}
return nil
}
+func (m *PodSecurityPolicy) Unmarshal(dAtA []byte) error {
+ l := len(dAtA)
+ iNdEx := 0
+ for iNdEx < l {
+ preIndex := iNdEx
+ var wire uint64
+ for shift := uint(0); ; shift += 7 {
+ if shift >= 64 {
+ return ErrIntOverflowGenerated
+ }
+ if iNdEx >= l {
+ return io.ErrUnexpectedEOF
+ }
+ b := dAtA[iNdEx]
+ iNdEx++
+ wire |= (uint64(b) & 0x7F) << shift
+ if b < 0x80 {
+ break
+ }
+ }
+ fieldNum := int32(wire >> 3)
+ wireType := int(wire & 0x7)
+ if wireType == 4 {
+ return fmt.Errorf("proto: PodSecurityPolicy: wiretype end group for non-group")
+ }
+ if fieldNum <= 0 {
+ return fmt.Errorf("proto: PodSecurityPolicy: illegal tag %d (wire type %d)", fieldNum, wire)
+ }
+ switch fieldNum {
+ case 1:
+ if wireType != 2 {
+ return fmt.Errorf("proto: wrong wireType = %d for field ObjectMeta", wireType)
+ }
+ var msglen int
+ for shift := uint(0); ; shift += 7 {
+ if shift >= 64 {
+ return ErrIntOverflowGenerated
+ }
+ if iNdEx >= l {
+ return io.ErrUnexpectedEOF
+ }
+ b := dAtA[iNdEx]
+ iNdEx++
+ msglen |= (int(b) & 0x7F) << shift
+ if b < 0x80 {
+ break
+ }
+ }
+ if msglen < 0 {
+ return ErrInvalidLengthGenerated
+ }
+ postIndex := iNdEx + msglen
+ if postIndex > l {
+ return io.ErrUnexpectedEOF
+ }
+ if err := m.ObjectMeta.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+ return err
+ }
+ iNdEx = postIndex
+ case 2:
+ if wireType != 2 {
+ return fmt.Errorf("proto: wrong wireType = %d for field Spec", wireType)
+ }
+ var msglen int
+ for shift := uint(0); ; shift += 7 {
+ if shift >= 64 {
+ return ErrIntOverflowGenerated
+ }
+ if iNdEx >= l {
+ return io.ErrUnexpectedEOF
+ }
+ b := dAtA[iNdEx]
+ iNdEx++
+ msglen |= (int(b) & 0x7F) << shift
+ if b < 0x80 {
+ break
+ }
+ }
+ if msglen < 0 {
+ return ErrInvalidLengthGenerated
+ }
+ postIndex := iNdEx + msglen
+ if postIndex > l {
+ return io.ErrUnexpectedEOF
+ }
+ if err := m.Spec.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+ return err
+ }
+ iNdEx = postIndex
+ default:
+ iNdEx = preIndex
+ skippy, err := skipGenerated(dAtA[iNdEx:])
+ if err != nil {
+ return err
+ }
+ if skippy < 0 {
+ return ErrInvalidLengthGenerated
+ }
+ if (iNdEx + skippy) > l {
+ return io.ErrUnexpectedEOF
+ }
+ iNdEx += skippy
+ }
+ }
+
+ if iNdEx > l {
+ return io.ErrUnexpectedEOF
+ }
+ return nil
+}
+func (m *PodSecurityPolicyList) Unmarshal(dAtA []byte) error {
+ l := len(dAtA)
+ iNdEx := 0
+ for iNdEx < l {
+ preIndex := iNdEx
+ var wire uint64
+ for shift := uint(0); ; shift += 7 {
+ if shift >= 64 {
+ return ErrIntOverflowGenerated
+ }
+ if iNdEx >= l {
+ return io.ErrUnexpectedEOF
+ }
+ b := dAtA[iNdEx]
+ iNdEx++
+ wire |= (uint64(b) & 0x7F) << shift
+ if b < 0x80 {
+ break
+ }
+ }
+ fieldNum := int32(wire >> 3)
+ wireType := int(wire & 0x7)
+ if wireType == 4 {
+ return fmt.Errorf("proto: PodSecurityPolicyList: wiretype end group for non-group")
+ }
+ if fieldNum <= 0 {
+ return fmt.Errorf("proto: PodSecurityPolicyList: illegal tag %d (wire type %d)", fieldNum, wire)
+ }
+ switch fieldNum {
+ case 1:
+ if wireType != 2 {
+ return fmt.Errorf("proto: wrong wireType = %d for field ListMeta", wireType)
+ }
+ var msglen int
+ for shift := uint(0); ; shift += 7 {
+ if shift >= 64 {
+ return ErrIntOverflowGenerated
+ }
+ if iNdEx >= l {
+ return io.ErrUnexpectedEOF
+ }
+ b := dAtA[iNdEx]
+ iNdEx++
+ msglen |= (int(b) & 0x7F) << shift
+ if b < 0x80 {
+ break
+ }
+ }
+ if msglen < 0 {
+ return ErrInvalidLengthGenerated
+ }
+ postIndex := iNdEx + msglen
+ if postIndex > l {
+ return io.ErrUnexpectedEOF
+ }
+ if err := m.ListMeta.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+ return err
+ }
+ iNdEx = postIndex
+ case 2:
+ if wireType != 2 {
+ return fmt.Errorf("proto: wrong wireType = %d for field Items", wireType)
+ }
+ var msglen int
+ for shift := uint(0); ; shift += 7 {
+ if shift >= 64 {
+ return ErrIntOverflowGenerated
+ }
+ if iNdEx >= l {
+ return io.ErrUnexpectedEOF
+ }
+ b := dAtA[iNdEx]
+ iNdEx++
+ msglen |= (int(b) & 0x7F) << shift
+ if b < 0x80 {
+ break
+ }
+ }
+ if msglen < 0 {
+ return ErrInvalidLengthGenerated
+ }
+ postIndex := iNdEx + msglen
+ if postIndex > l {
+ return io.ErrUnexpectedEOF
+ }
+ m.Items = append(m.Items, PodSecurityPolicy{})
+ if err := m.Items[len(m.Items)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+ return err
+ }
+ iNdEx = postIndex
+ default:
+ iNdEx = preIndex
+ skippy, err := skipGenerated(dAtA[iNdEx:])
+ if err != nil {
+ return err
+ }
+ if skippy < 0 {
+ return ErrInvalidLengthGenerated
+ }
+ if (iNdEx + skippy) > l {
+ return io.ErrUnexpectedEOF
+ }
+ iNdEx += skippy
+ }
+ }
+
+ if iNdEx > l {
+ return io.ErrUnexpectedEOF
+ }
+ return nil
+}
+func (m *PodSecurityPolicySpec) Unmarshal(dAtA []byte) error {
+ l := len(dAtA)
+ iNdEx := 0
+ for iNdEx < l {
+ preIndex := iNdEx
+ var wire uint64
+ for shift := uint(0); ; shift += 7 {
+ if shift >= 64 {
+ return ErrIntOverflowGenerated
+ }
+ if iNdEx >= l {
+ return io.ErrUnexpectedEOF
+ }
+ b := dAtA[iNdEx]
+ iNdEx++
+ wire |= (uint64(b) & 0x7F) << shift
+ if b < 0x80 {
+ break
+ }
+ }
+ fieldNum := int32(wire >> 3)
+ wireType := int(wire & 0x7)
+ if wireType == 4 {
+ return fmt.Errorf("proto: PodSecurityPolicySpec: wiretype end group for non-group")
+ }
+ if fieldNum <= 0 {
+ return fmt.Errorf("proto: PodSecurityPolicySpec: illegal tag %d (wire type %d)", fieldNum, wire)
+ }
+ switch fieldNum {
+ case 1:
+ if wireType != 0 {
+ return fmt.Errorf("proto: wrong wireType = %d for field Privileged", wireType)
+ }
+ var v int
+ for shift := uint(0); ; shift += 7 {
+ if shift >= 64 {
+ return ErrIntOverflowGenerated
+ }
+ if iNdEx >= l {
+ return io.ErrUnexpectedEOF
+ }
+ b := dAtA[iNdEx]
+ iNdEx++
+ v |= (int(b) & 0x7F) << shift
+ if b < 0x80 {
+ break
+ }
+ }
+ m.Privileged = bool(v != 0)
+ case 2:
+ if wireType != 2 {
+ return fmt.Errorf("proto: wrong wireType = %d for field DefaultAddCapabilities", wireType)
+ }
+ var stringLen uint64
+ for shift := uint(0); ; shift += 7 {
+ if shift >= 64 {
+ return ErrIntOverflowGenerated
+ }
+ if iNdEx >= l {
+ return io.ErrUnexpectedEOF
+ }
+ b := dAtA[iNdEx]
+ iNdEx++
+ stringLen |= (uint64(b) & 0x7F) << shift
+ if b < 0x80 {
+ break
+ }
+ }
+ intStringLen := int(stringLen)
+ if intStringLen < 0 {
+ return ErrInvalidLengthGenerated
+ }
+ postIndex := iNdEx + intStringLen
+ if postIndex > l {
+ return io.ErrUnexpectedEOF
+ }
+ m.DefaultAddCapabilities = append(m.DefaultAddCapabilities, k8s_io_api_core_v1.Capability(dAtA[iNdEx:postIndex]))
+ iNdEx = postIndex
+ case 3:
+ if wireType != 2 {
+ return fmt.Errorf("proto: wrong wireType = %d for field RequiredDropCapabilities", wireType)
+ }
+ var stringLen uint64
+ for shift := uint(0); ; shift += 7 {
+ if shift >= 64 {
+ return ErrIntOverflowGenerated
+ }
+ if iNdEx >= l {
+ return io.ErrUnexpectedEOF
+ }
+ b := dAtA[iNdEx]
+ iNdEx++
+ stringLen |= (uint64(b) & 0x7F) << shift
+ if b < 0x80 {
+ break
+ }
+ }
+ intStringLen := int(stringLen)
+ if intStringLen < 0 {
+ return ErrInvalidLengthGenerated
+ }
+ postIndex := iNdEx + intStringLen
+ if postIndex > l {
+ return io.ErrUnexpectedEOF
+ }
+ m.RequiredDropCapabilities = append(m.RequiredDropCapabilities, k8s_io_api_core_v1.Capability(dAtA[iNdEx:postIndex]))
+ iNdEx = postIndex
+ case 4:
+ if wireType != 2 {
+ return fmt.Errorf("proto: wrong wireType = %d for field AllowedCapabilities", wireType)
+ }
+ var stringLen uint64
+ for shift := uint(0); ; shift += 7 {
+ if shift >= 64 {
+ return ErrIntOverflowGenerated
+ }
+ if iNdEx >= l {
+ return io.ErrUnexpectedEOF
+ }
+ b := dAtA[iNdEx]
+ iNdEx++
+ stringLen |= (uint64(b) & 0x7F) << shift
+ if b < 0x80 {
+ break
+ }
+ }
+ intStringLen := int(stringLen)
+ if intStringLen < 0 {
+ return ErrInvalidLengthGenerated
+ }
+ postIndex := iNdEx + intStringLen
+ if postIndex > l {
+ return io.ErrUnexpectedEOF
+ }
+ m.AllowedCapabilities = append(m.AllowedCapabilities, k8s_io_api_core_v1.Capability(dAtA[iNdEx:postIndex]))
+ iNdEx = postIndex
+ case 5:
+ if wireType != 2 {
+ return fmt.Errorf("proto: wrong wireType = %d for field Volumes", wireType)
+ }
+ var stringLen uint64
+ for shift := uint(0); ; shift += 7 {
+ if shift >= 64 {
+ return ErrIntOverflowGenerated
+ }
+ if iNdEx >= l {
+ return io.ErrUnexpectedEOF
+ }
+ b := dAtA[iNdEx]
+ iNdEx++
+ stringLen |= (uint64(b) & 0x7F) << shift
+ if b < 0x80 {
+ break
+ }
+ }
+ intStringLen := int(stringLen)
+ if intStringLen < 0 {
+ return ErrInvalidLengthGenerated
+ }
+ postIndex := iNdEx + intStringLen
+ if postIndex > l {
+ return io.ErrUnexpectedEOF
+ }
+ m.Volumes = append(m.Volumes, FSType(dAtA[iNdEx:postIndex]))
+ iNdEx = postIndex
+ case 6:
+ if wireType != 0 {
+ return fmt.Errorf("proto: wrong wireType = %d for field HostNetwork", wireType)
+ }
+ var v int
+ for shift := uint(0); ; shift += 7 {
+ if shift >= 64 {
+ return ErrIntOverflowGenerated
+ }
+ if iNdEx >= l {
+ return io.ErrUnexpectedEOF
+ }
+ b := dAtA[iNdEx]
+ iNdEx++
+ v |= (int(b) & 0x7F) << shift
+ if b < 0x80 {
+ break
+ }
+ }
+ m.HostNetwork = bool(v != 0)
+ case 7:
+ if wireType != 2 {
+ return fmt.Errorf("proto: wrong wireType = %d for field HostPorts", wireType)
+ }
+ var msglen int
+ for shift := uint(0); ; shift += 7 {
+ if shift >= 64 {
+ return ErrIntOverflowGenerated
+ }
+ if iNdEx >= l {
+ return io.ErrUnexpectedEOF
+ }
+ b := dAtA[iNdEx]
+ iNdEx++
+ msglen |= (int(b) & 0x7F) << shift
+ if b < 0x80 {
+ break
+ }
+ }
+ if msglen < 0 {
+ return ErrInvalidLengthGenerated
+ }
+ postIndex := iNdEx + msglen
+ if postIndex > l {
+ return io.ErrUnexpectedEOF
+ }
+ m.HostPorts = append(m.HostPorts, HostPortRange{})
+ if err := m.HostPorts[len(m.HostPorts)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+ return err
+ }
+ iNdEx = postIndex
+ case 8:
+ if wireType != 0 {
+ return fmt.Errorf("proto: wrong wireType = %d for field HostPID", wireType)
+ }
+ var v int
+ for shift := uint(0); ; shift += 7 {
+ if shift >= 64 {
+ return ErrIntOverflowGenerated
+ }
+ if iNdEx >= l {
+ return io.ErrUnexpectedEOF
+ }
+ b := dAtA[iNdEx]
+ iNdEx++
+ v |= (int(b) & 0x7F) << shift
+ if b < 0x80 {
+ break
+ }
+ }
+ m.HostPID = bool(v != 0)
+ case 9:
+ if wireType != 0 {
+ return fmt.Errorf("proto: wrong wireType = %d for field HostIPC", wireType)
+ }
+ var v int
+ for shift := uint(0); ; shift += 7 {
+ if shift >= 64 {
+ return ErrIntOverflowGenerated
+ }
+ if iNdEx >= l {
+ return io.ErrUnexpectedEOF
+ }
+ b := dAtA[iNdEx]
+ iNdEx++
+ v |= (int(b) & 0x7F) << shift
+ if b < 0x80 {
+ break
+ }
+ }
+ m.HostIPC = bool(v != 0)
+ case 10:
+ if wireType != 2 {
+ return fmt.Errorf("proto: wrong wireType = %d for field SELinux", wireType)
+ }
+ var msglen int
+ for shift := uint(0); ; shift += 7 {
+ if shift >= 64 {
+ return ErrIntOverflowGenerated
+ }
+ if iNdEx >= l {
+ return io.ErrUnexpectedEOF
+ }
+ b := dAtA[iNdEx]
+ iNdEx++
+ msglen |= (int(b) & 0x7F) << shift
+ if b < 0x80 {
+ break
+ }
+ }
+ if msglen < 0 {
+ return ErrInvalidLengthGenerated
+ }
+ postIndex := iNdEx + msglen
+ if postIndex > l {
+ return io.ErrUnexpectedEOF
+ }
+ if err := m.SELinux.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+ return err
+ }
+ iNdEx = postIndex
+ case 11:
+ if wireType != 2 {
+ return fmt.Errorf("proto: wrong wireType = %d for field RunAsUser", wireType)
+ }
+ var msglen int
+ for shift := uint(0); ; shift += 7 {
+ if shift >= 64 {
+ return ErrIntOverflowGenerated
+ }
+ if iNdEx >= l {
+ return io.ErrUnexpectedEOF
+ }
+ b := dAtA[iNdEx]
+ iNdEx++
+ msglen |= (int(b) & 0x7F) << shift
+ if b < 0x80 {
+ break
+ }
+ }
+ if msglen < 0 {
+ return ErrInvalidLengthGenerated
+ }
+ postIndex := iNdEx + msglen
+ if postIndex > l {
+ return io.ErrUnexpectedEOF
+ }
+ if err := m.RunAsUser.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+ return err
+ }
+ iNdEx = postIndex
+ case 12:
+ if wireType != 2 {
+ return fmt.Errorf("proto: wrong wireType = %d for field SupplementalGroups", wireType)
+ }
+ var msglen int
+ for shift := uint(0); ; shift += 7 {
+ if shift >= 64 {
+ return ErrIntOverflowGenerated
+ }
+ if iNdEx >= l {
+ return io.ErrUnexpectedEOF
+ }
+ b := dAtA[iNdEx]
+ iNdEx++
+ msglen |= (int(b) & 0x7F) << shift
+ if b < 0x80 {
+ break
+ }
+ }
+ if msglen < 0 {
+ return ErrInvalidLengthGenerated
+ }
+ postIndex := iNdEx + msglen
+ if postIndex > l {
+ return io.ErrUnexpectedEOF
+ }
+ if err := m.SupplementalGroups.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+ return err
+ }
+ iNdEx = postIndex
+ case 13:
+ if wireType != 2 {
+ return fmt.Errorf("proto: wrong wireType = %d for field FSGroup", wireType)
+ }
+ var msglen int
+ for shift := uint(0); ; shift += 7 {
+ if shift >= 64 {
+ return ErrIntOverflowGenerated
+ }
+ if iNdEx >= l {
+ return io.ErrUnexpectedEOF
+ }
+ b := dAtA[iNdEx]
+ iNdEx++
+ msglen |= (int(b) & 0x7F) << shift
+ if b < 0x80 {
+ break
+ }
+ }
+ if msglen < 0 {
+ return ErrInvalidLengthGenerated
+ }
+ postIndex := iNdEx + msglen
+ if postIndex > l {
+ return io.ErrUnexpectedEOF
+ }
+ if err := m.FSGroup.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+ return err
+ }
+ iNdEx = postIndex
+ case 14:
+ if wireType != 0 {
+ return fmt.Errorf("proto: wrong wireType = %d for field ReadOnlyRootFilesystem", wireType)
+ }
+ var v int
+ for shift := uint(0); ; shift += 7 {
+ if shift >= 64 {
+ return ErrIntOverflowGenerated
+ }
+ if iNdEx >= l {
+ return io.ErrUnexpectedEOF
+ }
+ b := dAtA[iNdEx]
+ iNdEx++
+ v |= (int(b) & 0x7F) << shift
+ if b < 0x80 {
+ break
+ }
+ }
+ m.ReadOnlyRootFilesystem = bool(v != 0)
+ case 15:
+ if wireType != 0 {
+ return fmt.Errorf("proto: wrong wireType = %d for field DefaultAllowPrivilegeEscalation", wireType)
+ }
+ var v int
+ for shift := uint(0); ; shift += 7 {
+ if shift >= 64 {
+ return ErrIntOverflowGenerated
+ }
+ if iNdEx >= l {
+ return io.ErrUnexpectedEOF
+ }
+ b := dAtA[iNdEx]
+ iNdEx++
+ v |= (int(b) & 0x7F) << shift
+ if b < 0x80 {
+ break
+ }
+ }
+ b := bool(v != 0)
+ m.DefaultAllowPrivilegeEscalation = &b
+ case 16:
+ if wireType != 0 {
+ return fmt.Errorf("proto: wrong wireType = %d for field AllowPrivilegeEscalation", wireType)
+ }
+ var v int
+ for shift := uint(0); ; shift += 7 {
+ if shift >= 64 {
+ return ErrIntOverflowGenerated
+ }
+ if iNdEx >= l {
+ return io.ErrUnexpectedEOF
+ }
+ b := dAtA[iNdEx]
+ iNdEx++
+ v |= (int(b) & 0x7F) << shift
+ if b < 0x80 {
+ break
+ }
+ }
+ b := bool(v != 0)
+ m.AllowPrivilegeEscalation = &b
+ case 17:
+ if wireType != 2 {
+ return fmt.Errorf("proto: wrong wireType = %d for field AllowedHostPaths", wireType)
+ }
+ var msglen int
+ for shift := uint(0); ; shift += 7 {
+ if shift >= 64 {
+ return ErrIntOverflowGenerated
+ }
+ if iNdEx >= l {
+ return io.ErrUnexpectedEOF
+ }
+ b := dAtA[iNdEx]
+ iNdEx++
+ msglen |= (int(b) & 0x7F) << shift
+ if b < 0x80 {
+ break
+ }
+ }
+ if msglen < 0 {
+ return ErrInvalidLengthGenerated
+ }
+ postIndex := iNdEx + msglen
+ if postIndex > l {
+ return io.ErrUnexpectedEOF
+ }
+ m.AllowedHostPaths = append(m.AllowedHostPaths, AllowedHostPath{})
+ if err := m.AllowedHostPaths[len(m.AllowedHostPaths)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+ return err
+ }
+ iNdEx = postIndex
+ case 18:
+ if wireType != 2 {
+ return fmt.Errorf("proto: wrong wireType = %d for field AllowedFlexVolumes", wireType)
+ }
+ var msglen int
+ for shift := uint(0); ; shift += 7 {
+ if shift >= 64 {
+ return ErrIntOverflowGenerated
+ }
+ if iNdEx >= l {
+ return io.ErrUnexpectedEOF
+ }
+ b := dAtA[iNdEx]
+ iNdEx++
+ msglen |= (int(b) & 0x7F) << shift
+ if b < 0x80 {
+ break
+ }
+ }
+ if msglen < 0 {
+ return ErrInvalidLengthGenerated
+ }
+ postIndex := iNdEx + msglen
+ if postIndex > l {
+ return io.ErrUnexpectedEOF
+ }
+ m.AllowedFlexVolumes = append(m.AllowedFlexVolumes, AllowedFlexVolume{})
+ if err := m.AllowedFlexVolumes[len(m.AllowedFlexVolumes)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+ return err
+ }
+ iNdEx = postIndex
+ default:
+ iNdEx = preIndex
+ skippy, err := skipGenerated(dAtA[iNdEx:])
+ if err != nil {
+ return err
+ }
+ if skippy < 0 {
+ return ErrInvalidLengthGenerated
+ }
+ if (iNdEx + skippy) > l {
+ return io.ErrUnexpectedEOF
+ }
+ iNdEx += skippy
+ }
+ }
+
+ if iNdEx > l {
+ return io.ErrUnexpectedEOF
+ }
+ return nil
+}
+func (m *RunAsUserStrategyOptions) Unmarshal(dAtA []byte) error {
+ l := len(dAtA)
+ iNdEx := 0
+ for iNdEx < l {
+ preIndex := iNdEx
+ var wire uint64
+ for shift := uint(0); ; shift += 7 {
+ if shift >= 64 {
+ return ErrIntOverflowGenerated
+ }
+ if iNdEx >= l {
+ return io.ErrUnexpectedEOF
+ }
+ b := dAtA[iNdEx]
+ iNdEx++
+ wire |= (uint64(b) & 0x7F) << shift
+ if b < 0x80 {
+ break
+ }
+ }
+ fieldNum := int32(wire >> 3)
+ wireType := int(wire & 0x7)
+ if wireType == 4 {
+ return fmt.Errorf("proto: RunAsUserStrategyOptions: wiretype end group for non-group")
+ }
+ if fieldNum <= 0 {
+ return fmt.Errorf("proto: RunAsUserStrategyOptions: illegal tag %d (wire type %d)", fieldNum, wire)
+ }
+ switch fieldNum {
+ case 1:
+ if wireType != 2 {
+ return fmt.Errorf("proto: wrong wireType = %d for field Rule", wireType)
+ }
+ var stringLen uint64
+ for shift := uint(0); ; shift += 7 {
+ if shift >= 64 {
+ return ErrIntOverflowGenerated
+ }
+ if iNdEx >= l {
+ return io.ErrUnexpectedEOF
+ }
+ b := dAtA[iNdEx]
+ iNdEx++
+ stringLen |= (uint64(b) & 0x7F) << shift
+ if b < 0x80 {
+ break
+ }
+ }
+ intStringLen := int(stringLen)
+ if intStringLen < 0 {
+ return ErrInvalidLengthGenerated
+ }
+ postIndex := iNdEx + intStringLen
+ if postIndex > l {
+ return io.ErrUnexpectedEOF
+ }
+ m.Rule = RunAsUserStrategy(dAtA[iNdEx:postIndex])
+ iNdEx = postIndex
+ case 2:
+ if wireType != 2 {
+ return fmt.Errorf("proto: wrong wireType = %d for field Ranges", wireType)
+ }
+ var msglen int
+ for shift := uint(0); ; shift += 7 {
+ if shift >= 64 {
+ return ErrIntOverflowGenerated
+ }
+ if iNdEx >= l {
+ return io.ErrUnexpectedEOF
+ }
+ b := dAtA[iNdEx]
+ iNdEx++
+ msglen |= (int(b) & 0x7F) << shift
+ if b < 0x80 {
+ break
+ }
+ }
+ if msglen < 0 {
+ return ErrInvalidLengthGenerated
+ }
+ postIndex := iNdEx + msglen
+ if postIndex > l {
+ return io.ErrUnexpectedEOF
+ }
+ m.Ranges = append(m.Ranges, IDRange{})
+ if err := m.Ranges[len(m.Ranges)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+ return err
+ }
+ iNdEx = postIndex
+ default:
+ iNdEx = preIndex
+ skippy, err := skipGenerated(dAtA[iNdEx:])
+ if err != nil {
+ return err
+ }
+ if skippy < 0 {
+ return ErrInvalidLengthGenerated
+ }
+ if (iNdEx + skippy) > l {
+ return io.ErrUnexpectedEOF
+ }
+ iNdEx += skippy
+ }
+ }
+
+ if iNdEx > l {
+ return io.ErrUnexpectedEOF
+ }
+ return nil
+}
+func (m *SELinuxStrategyOptions) Unmarshal(dAtA []byte) error {
+ l := len(dAtA)
+ iNdEx := 0
+ for iNdEx < l {
+ preIndex := iNdEx
+ var wire uint64
+ for shift := uint(0); ; shift += 7 {
+ if shift >= 64 {
+ return ErrIntOverflowGenerated
+ }
+ if iNdEx >= l {
+ return io.ErrUnexpectedEOF
+ }
+ b := dAtA[iNdEx]
+ iNdEx++
+ wire |= (uint64(b) & 0x7F) << shift
+ if b < 0x80 {
+ break
+ }
+ }
+ fieldNum := int32(wire >> 3)
+ wireType := int(wire & 0x7)
+ if wireType == 4 {
+ return fmt.Errorf("proto: SELinuxStrategyOptions: wiretype end group for non-group")
+ }
+ if fieldNum <= 0 {
+ return fmt.Errorf("proto: SELinuxStrategyOptions: illegal tag %d (wire type %d)", fieldNum, wire)
+ }
+ switch fieldNum {
+ case 1:
+ if wireType != 2 {
+ return fmt.Errorf("proto: wrong wireType = %d for field Rule", wireType)
+ }
+ var stringLen uint64
+ for shift := uint(0); ; shift += 7 {
+ if shift >= 64 {
+ return ErrIntOverflowGenerated
+ }
+ if iNdEx >= l {
+ return io.ErrUnexpectedEOF
+ }
+ b := dAtA[iNdEx]
+ iNdEx++
+ stringLen |= (uint64(b) & 0x7F) << shift
+ if b < 0x80 {
+ break
+ }
+ }
+ intStringLen := int(stringLen)
+ if intStringLen < 0 {
+ return ErrInvalidLengthGenerated
+ }
+ postIndex := iNdEx + intStringLen
+ if postIndex > l {
+ return io.ErrUnexpectedEOF
+ }
+ m.Rule = SELinuxStrategy(dAtA[iNdEx:postIndex])
+ iNdEx = postIndex
+ case 2:
+ if wireType != 2 {
+ return fmt.Errorf("proto: wrong wireType = %d for field SELinuxOptions", wireType)
+ }
+ var msglen int
+ for shift := uint(0); ; shift += 7 {
+ if shift >= 64 {
+ return ErrIntOverflowGenerated
+ }
+ if iNdEx >= l {
+ return io.ErrUnexpectedEOF
+ }
+ b := dAtA[iNdEx]
+ iNdEx++
+ msglen |= (int(b) & 0x7F) << shift
+ if b < 0x80 {
+ break
+ }
+ }
+ if msglen < 0 {
+ return ErrInvalidLengthGenerated
+ }
+ postIndex := iNdEx + msglen
+ if postIndex > l {
+ return io.ErrUnexpectedEOF
+ }
+ if m.SELinuxOptions == nil {
+ m.SELinuxOptions = &k8s_io_api_core_v1.SELinuxOptions{}
+ }
+ if err := m.SELinuxOptions.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+ return err
+ }
+ iNdEx = postIndex
+ default:
+ iNdEx = preIndex
+ skippy, err := skipGenerated(dAtA[iNdEx:])
+ if err != nil {
+ return err
+ }
+ if skippy < 0 {
+ return ErrInvalidLengthGenerated
+ }
+ if (iNdEx + skippy) > l {
+ return io.ErrUnexpectedEOF
+ }
+ iNdEx += skippy
+ }
+ }
+
+ if iNdEx > l {
+ return io.ErrUnexpectedEOF
+ }
+ return nil
+}
+func (m *SupplementalGroupsStrategyOptions) Unmarshal(dAtA []byte) error {
+ l := len(dAtA)
+ iNdEx := 0
+ for iNdEx < l {
+ preIndex := iNdEx
+ var wire uint64
+ for shift := uint(0); ; shift += 7 {
+ if shift >= 64 {
+ return ErrIntOverflowGenerated
+ }
+ if iNdEx >= l {
+ return io.ErrUnexpectedEOF
+ }
+ b := dAtA[iNdEx]
+ iNdEx++
+ wire |= (uint64(b) & 0x7F) << shift
+ if b < 0x80 {
+ break
+ }
+ }
+ fieldNum := int32(wire >> 3)
+ wireType := int(wire & 0x7)
+ if wireType == 4 {
+ return fmt.Errorf("proto: SupplementalGroupsStrategyOptions: wiretype end group for non-group")
+ }
+ if fieldNum <= 0 {
+ return fmt.Errorf("proto: SupplementalGroupsStrategyOptions: illegal tag %d (wire type %d)", fieldNum, wire)
+ }
+ switch fieldNum {
+ case 1:
+ if wireType != 2 {
+ return fmt.Errorf("proto: wrong wireType = %d for field Rule", wireType)
+ }
+ var stringLen uint64
+ for shift := uint(0); ; shift += 7 {
+ if shift >= 64 {
+ return ErrIntOverflowGenerated
+ }
+ if iNdEx >= l {
+ return io.ErrUnexpectedEOF
+ }
+ b := dAtA[iNdEx]
+ iNdEx++
+ stringLen |= (uint64(b) & 0x7F) << shift
+ if b < 0x80 {
+ break
+ }
+ }
+ intStringLen := int(stringLen)
+ if intStringLen < 0 {
+ return ErrInvalidLengthGenerated
+ }
+ postIndex := iNdEx + intStringLen
+ if postIndex > l {
+ return io.ErrUnexpectedEOF
+ }
+ m.Rule = SupplementalGroupsStrategyType(dAtA[iNdEx:postIndex])
+ iNdEx = postIndex
+ case 2:
+ if wireType != 2 {
+ return fmt.Errorf("proto: wrong wireType = %d for field Ranges", wireType)
+ }
+ var msglen int
+ for shift := uint(0); ; shift += 7 {
+ if shift >= 64 {
+ return ErrIntOverflowGenerated
+ }
+ if iNdEx >= l {
+ return io.ErrUnexpectedEOF
+ }
+ b := dAtA[iNdEx]
+ iNdEx++
+ msglen |= (int(b) & 0x7F) << shift
+ if b < 0x80 {
+ break
+ }
+ }
+ if msglen < 0 {
+ return ErrInvalidLengthGenerated
+ }
+ postIndex := iNdEx + msglen
+ if postIndex > l {
+ return io.ErrUnexpectedEOF
+ }
+ m.Ranges = append(m.Ranges, IDRange{})
+ if err := m.Ranges[len(m.Ranges)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+ return err
+ }
+ iNdEx = postIndex
+ default:
+ iNdEx = preIndex
+ skippy, err := skipGenerated(dAtA[iNdEx:])
+ if err != nil {
+ return err
+ }
+ if skippy < 0 {
+ return ErrInvalidLengthGenerated
+ }
+ if (iNdEx + skippy) > l {
+ return io.ErrUnexpectedEOF
+ }
+ iNdEx += skippy
+ }
+ }
+
+ if iNdEx > l {
+ return io.ErrUnexpectedEOF
+ }
+ return nil
+}
func skipGenerated(dAtA []byte) (n int, err error) {
l := len(dAtA)
iNdEx := 0
@@ -1400,55 +3811,106 @@ func init() {
}
var fileDescriptorGenerated = []byte{
- // 795 bytes of a gzipped FileDescriptorProto
- 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xbc, 0x94, 0x41, 0x6f, 0xdc, 0x44,
- 0x14, 0xc7, 0xd7, 0xd9, 0x6c, 0x08, 0xc3, 0xee, 0x2a, 0x0c, 0x14, 0xd2, 0x95, 0xf0, 0xa2, 0x3d,
- 0x21, 0xa4, 0x8e, 0x49, 0x5b, 0xa1, 0x88, 0x03, 0xa2, 0x26, 0x51, 0x29, 0x6a, 0x94, 0x6a, 0x52,
- 0x2e, 0xa8, 0x48, 0x8c, 0xed, 0x57, 0x67, 0x58, 0xdb, 0x63, 0xcd, 0x8c, 0x4d, 0xf7, 0xc6, 0x81,
- 0x0f, 0xc0, 0xf7, 0xe0, 0x8b, 0xe4, 0x80, 0x50, 0x8f, 0x15, 0x87, 0x15, 0x31, 0xe2, 0x7b, 0x20,
- 0xdb, 0xb3, 0x9b, 0xf5, 0xee, 0x46, 0xdd, 0xe6, 0xc0, 0xcd, 0xf3, 0xde, 0xfb, 0xff, 0x9e, 0xdf,
- 0x7f, 0x9e, 0x8d, 0xdc, 0xf1, 0xa1, 0x22, 0x5c, 0x38, 0xe3, 0xcc, 0x03, 0x99, 0x80, 0x06, 0xe5,
- 0xe4, 0x90, 0x04, 0x42, 0x3a, 0x26, 0xc1, 0x52, 0xee, 0xa4, 0x22, 0xe2, 0xfe, 0xc4, 0xc9, 0x0f,
- 0x3c, 0xd0, 0xec, 0xc0, 0x09, 0x21, 0x01, 0xc9, 0x34, 0x04, 0x24, 0x95, 0x42, 0x0b, 0x7c, 0xbb,
- 0x2e, 0x25, 0x2c, 0xe5, 0xa4, 0x2e, 0x25, 0xa6, 0x74, 0x70, 0x27, 0xe4, 0xfa, 0x3c, 0xf3, 0x88,
- 0x2f, 0x62, 0x27, 0x14, 0xa1, 0x70, 0x2a, 0x85, 0x97, 0x3d, 0xaf, 0x4e, 0xd5, 0xa1, 0x7a, 0xaa,
- 0x49, 0x83, 0xd1, 0x42, 0x53, 0x5f, 0x48, 0x70, 0xf2, 0x95, 0x6e, 0x83, 0xfb, 0x57, 0x35, 0x31,
- 0xf3, 0xcf, 0x79, 0x02, 0x72, 0xe2, 0xa4, 0xe3, 0xb0, 0x0c, 0x28, 0x27, 0x06, 0xcd, 0xd6, 0xa9,
- 0x9c, 0xeb, 0x54, 0x32, 0x4b, 0x34, 0x8f, 0x61, 0x45, 0xf0, 0xf9, 0xeb, 0x04, 0xca, 0x3f, 0x87,
- 0x98, 0xad, 0xe8, 0xee, 0x5d, 0xa7, 0xcb, 0x34, 0x8f, 0x1c, 0x9e, 0x68, 0xa5, 0xe5, 0xb2, 0x68,
- 0xf4, 0x97, 0x85, 0x76, 0x8f, 0x73, 0xee, 0x6b, 0x2e, 0x12, 0xfc, 0x23, 0xda, 0x2d, 0xa7, 0x08,
- 0x98, 0x66, 0xfb, 0xd6, 0xc7, 0xd6, 0x27, 0xef, 0xdc, 0xfd, 0x8c, 0x5c, 0x39, 0x3c, 0x87, 0x92,
- 0x74, 0x1c, 0x96, 0x01, 0x45, 0xca, 0x6a, 0x92, 0x1f, 0x90, 0x53, 0xef, 0x27, 0xf0, 0xf5, 0x09,
- 0x68, 0xe6, 0xe2, 0x8b, 0xe9, 0xb0, 0x55, 0x4c, 0x87, 0xe8, 0x2a, 0x46, 0xe7, 0x54, 0x1c, 0xa1,
- 0x5e, 0x00, 0x11, 0x68, 0x38, 0x4d, 0xcb, 0x8e, 0x6a, 0x7f, 0xab, 0x6a, 0x73, 0x6f, 0xb3, 0x36,
- 0x47, 0x8b, 0x52, 0xf7, 0xdd, 0x62, 0x3a, 0xec, 0x35, 0x42, 0xb4, 0x09, 0x1f, 0xfd, 0xbe, 0x85,
- 0xde, 0x7b, 0x22, 0x82, 0x23, 0xae, 0x64, 0x56, 0x85, 0xdc, 0x2c, 0x08, 0x41, 0xff, 0x0f, 0x73,
- 0x3e, 0x45, 0xdb, 0x2a, 0x05, 0xdf, 0x8c, 0x77, 0x97, 0x5c, 0xbb, 0xa7, 0x64, 0xcd, 0xfb, 0x9d,
- 0xa5, 0xe0, 0xbb, 0x5d, 0xc3, 0xdf, 0x2e, 0x4f, 0xb4, 0xa2, 0xe1, 0x67, 0x68, 0x47, 0x69, 0xa6,
- 0x33, 0xb5, 0xdf, 0xae, 0xb8, 0xf7, 0xdf, 0x90, 0x5b, 0x69, 0xdd, 0xbe, 0x21, 0xef, 0xd4, 0x67,
- 0x6a, 0x98, 0xa3, 0x3f, 0x2c, 0xf4, 0xe1, 0x1a, 0xd5, 0x63, 0xae, 0x34, 0x7e, 0xb6, 0xe2, 0x18,
- 0xd9, 0xcc, 0xb1, 0x52, 0x5d, 0xf9, 0xb5, 0x67, 0xba, 0xee, 0xce, 0x22, 0x0b, 0x6e, 0x9d, 0xa1,
- 0x0e, 0xd7, 0x10, 0x97, 0xdb, 0xd0, 0x5e, 0x42, 0x6f, 0x30, 0x96, 0xdb, 0x33, 0xe8, 0xce, 0xa3,
- 0x12, 0x42, 0x6b, 0xd6, 0xe8, 0xcf, 0xad, 0xb5, 0xe3, 0x94, 0x76, 0xe2, 0xe7, 0xa8, 0x1b, 0xf3,
- 0xe4, 0x41, 0xce, 0x78, 0xc4, 0xbc, 0x08, 0x5e, 0xbb, 0x04, 0xe5, 0x17, 0x44, 0xea, 0x2f, 0x88,
- 0x3c, 0x4a, 0xf4, 0xa9, 0x3c, 0xd3, 0x92, 0x27, 0xa1, 0xbb, 0x57, 0x4c, 0x87, 0xdd, 0x93, 0x05,
- 0x12, 0x6d, 0x70, 0xf1, 0x0f, 0x68, 0x57, 0x41, 0x04, 0xbe, 0x16, 0xf2, 0xcd, 0x36, 0xfd, 0x31,
- 0xf3, 0x20, 0x3a, 0x33, 0x52, 0xb7, 0x5b, 0xfa, 0x36, 0x3b, 0xd1, 0x39, 0x12, 0x47, 0xa8, 0x1f,
- 0xb3, 0x17, 0xdf, 0x25, 0x6c, 0x3e, 0x48, 0xfb, 0x86, 0x83, 0xe0, 0x62, 0x3a, 0xec, 0x9f, 0x34,
- 0x58, 0x74, 0x89, 0x3d, 0xfa, 0x77, 0x1b, 0xdd, 0xbe, 0x76, 0xab, 0xf0, 0xb7, 0x08, 0x0b, 0x4f,
- 0x81, 0xcc, 0x21, 0x78, 0x58, 0xff, 0x63, 0xb8, 0x48, 0x2a, 0x63, 0xdb, 0xee, 0xc0, 0x5c, 0x10,
- 0x3e, 0x5d, 0xa9, 0xa0, 0x6b, 0x54, 0xf8, 0x57, 0x0b, 0xf5, 0x82, 0xba, 0x0d, 0x04, 0x4f, 0x44,
- 0x30, 0x5b, 0x8c, 0x87, 0x37, 0xd9, 0x77, 0x72, 0xb4, 0x48, 0x3a, 0x4e, 0xb4, 0x9c, 0xb8, 0xb7,
- 0xcc, 0x0b, 0xf5, 0x1a, 0x39, 0xda, 0x6c, 0x8a, 0x4f, 0x10, 0x0e, 0xe6, 0x48, 0xf5, 0x20, 0x8a,
- 0xc4, 0xcf, 0x10, 0x54, 0x16, 0x77, 0xdc, 0x8f, 0x0c, 0xe1, 0x56, 0xa3, 0xef, 0xac, 0x88, 0xae,
- 0x11, 0xe2, 0x2f, 0x51, 0xdf, 0xcf, 0xa4, 0x84, 0x44, 0x7f, 0x03, 0x2c, 0xd2, 0xe7, 0x93, 0xfd,
- 0xed, 0x0a, 0xf5, 0x81, 0x41, 0xf5, 0xbf, 0x6e, 0x64, 0xe9, 0x52, 0x75, 0xa9, 0x0f, 0x40, 0x71,
- 0x09, 0xc1, 0x4c, 0xdf, 0x69, 0xea, 0x8f, 0x1a, 0x59, 0xba, 0x54, 0x8d, 0x0f, 0x51, 0x17, 0x5e,
- 0xa4, 0xe0, 0xcf, 0x3c, 0xdd, 0xa9, 0xd4, 0xef, 0x1b, 0x75, 0xf7, 0x78, 0x21, 0x47, 0x1b, 0x95,
- 0x83, 0x08, 0xe1, 0x55, 0x13, 0xf1, 0x1e, 0x6a, 0x8f, 0x61, 0x52, 0x5d, 0xf1, 0xdb, 0xb4, 0x7c,
- 0xc4, 0x5f, 0xa1, 0x4e, 0xce, 0xa2, 0x0c, 0xcc, 0xae, 0x7f, 0xba, 0xd9, 0xae, 0x3f, 0xe5, 0x31,
- 0xd0, 0x5a, 0xf8, 0xc5, 0xd6, 0xa1, 0xe5, 0xde, 0xb9, 0xb8, 0xb4, 0x5b, 0x2f, 0x2f, 0xed, 0xd6,
- 0xab, 0x4b, 0xbb, 0xf5, 0x4b, 0x61, 0x5b, 0x17, 0x85, 0x6d, 0xbd, 0x2c, 0x6c, 0xeb, 0x55, 0x61,
- 0x5b, 0x7f, 0x17, 0xb6, 0xf5, 0xdb, 0x3f, 0x76, 0xeb, 0xfb, 0xb7, 0xcc, 0xc5, 0xff, 0x17, 0x00,
- 0x00, 0xff, 0xff, 0x00, 0xc0, 0xac, 0xb5, 0x48, 0x08, 0x00, 0x00,
+ // 1605 bytes of a gzipped FileDescriptorProto
+ 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xbc, 0x58, 0x4f, 0x6f, 0x1b, 0xb9,
+ 0x15, 0xf7, 0x58, 0xb6, 0x65, 0xd3, 0xf2, 0x3f, 0xba, 0x76, 0x27, 0x46, 0x23, 0x35, 0x0a, 0x50,
+ 0xa4, 0x41, 0x33, 0x8a, 0x9d, 0xa4, 0x35, 0x9a, 0xb6, 0xa8, 0xc7, 0xf2, 0xbf, 0x20, 0xae, 0x55,
+ 0x2a, 0x09, 0xda, 0x22, 0x2d, 0x4a, 0x69, 0x68, 0x89, 0xf1, 0x68, 0x66, 0x4a, 0x72, 0x14, 0xe9,
+ 0xd6, 0x43, 0x0f, 0x3d, 0xf6, 0x0b, 0xf4, 0x13, 0x14, 0x3d, 0xed, 0x97, 0xf0, 0x02, 0x8b, 0x45,
+ 0x8e, 0xc1, 0x1e, 0x84, 0x8d, 0x16, 0xfb, 0x25, 0x72, 0x5a, 0x0c, 0xc5, 0x91, 0x34, 0x33, 0x92,
+ 0x1c, 0x07, 0x48, 0x6e, 0x1a, 0xbe, 0xdf, 0xef, 0xf7, 0x1e, 0x1f, 0xc9, 0xc7, 0x47, 0x01, 0xf3,
+ 0x62, 0x97, 0x1b, 0xd4, 0x2d, 0x5c, 0xf8, 0x15, 0xc2, 0x1c, 0x22, 0x08, 0x2f, 0x34, 0x89, 0x63,
+ 0xb9, 0xac, 0xa0, 0x0c, 0xd8, 0xa3, 0x05, 0xcf, 0xb5, 0x69, 0xb5, 0x5d, 0x68, 0x6e, 0x57, 0x88,
+ 0xc0, 0xdb, 0x85, 0x1a, 0x71, 0x08, 0xc3, 0x82, 0x58, 0x86, 0xc7, 0x5c, 0xe1, 0xc2, 0x1b, 0x3d,
+ 0xa8, 0x81, 0x3d, 0x6a, 0xf4, 0xa0, 0x86, 0x82, 0x6e, 0xdd, 0xab, 0x51, 0x51, 0xf7, 0x2b, 0x46,
+ 0xd5, 0x6d, 0x14, 0x6a, 0x6e, 0xcd, 0x2d, 0x48, 0x46, 0xc5, 0x3f, 0x97, 0x5f, 0xf2, 0x43, 0xfe,
+ 0xea, 0x29, 0x6d, 0xe5, 0x87, 0x9c, 0x56, 0x5d, 0x46, 0x0a, 0xcd, 0x84, 0xb7, 0xad, 0x87, 0x03,
+ 0x4c, 0x03, 0x57, 0xeb, 0xd4, 0x21, 0xac, 0x5d, 0xf0, 0x2e, 0x6a, 0xc1, 0x00, 0x2f, 0x34, 0x88,
+ 0xc0, 0xa3, 0x58, 0x85, 0x71, 0x2c, 0xe6, 0x3b, 0x82, 0x36, 0x48, 0x82, 0xf0, 0xcb, 0xab, 0x08,
+ 0xbc, 0x5a, 0x27, 0x0d, 0x9c, 0xe0, 0x3d, 0x18, 0xc7, 0xf3, 0x05, 0xb5, 0x0b, 0xd4, 0x11, 0x5c,
+ 0xb0, 0x38, 0x29, 0xff, 0x18, 0xac, 0xed, 0xd9, 0xb6, 0xfb, 0x9a, 0x58, 0x87, 0x36, 0x69, 0xbd,
+ 0x70, 0x6d, 0xbf, 0x41, 0xe0, 0xcf, 0xc0, 0x9c, 0xc5, 0x68, 0x93, 0x30, 0x5d, 0xfb, 0xa9, 0x76,
+ 0x67, 0xc1, 0x5c, 0xbe, 0xec, 0xe4, 0xa6, 0xba, 0x9d, 0xdc, 0x5c, 0x51, 0x8e, 0x22, 0x65, 0xcd,
+ 0x1f, 0x80, 0x15, 0x45, 0x3e, 0x76, 0xb9, 0x28, 0x61, 0x51, 0x87, 0x3b, 0x00, 0x78, 0x58, 0xd4,
+ 0x4b, 0x8c, 0x9c, 0xd3, 0x96, 0xa2, 0x43, 0x45, 0x07, 0xa5, 0xbe, 0x05, 0x0d, 0xa1, 0xf2, 0xdf,
+ 0x68, 0x60, 0xfe, 0xa0, 0x49, 0xab, 0x82, 0xba, 0x0e, 0xfc, 0x3b, 0x98, 0x0f, 0x32, 0x69, 0x61,
+ 0x81, 0x25, 0x7d, 0x71, 0xe7, 0xbe, 0x31, 0x58, 0xe5, 0xfe, 0xc4, 0x0c, 0xef, 0xa2, 0x16, 0x0c,
+ 0x70, 0x23, 0x40, 0x1b, 0xcd, 0x6d, 0xe3, 0xac, 0xf2, 0x8a, 0x54, 0xc5, 0x29, 0x11, 0x78, 0xe0,
+ 0x70, 0x30, 0x86, 0xfa, 0xaa, 0xd0, 0x06, 0x4b, 0x16, 0xb1, 0x89, 0x20, 0x67, 0x5e, 0xe0, 0x91,
+ 0xeb, 0xd3, 0xd2, 0xcd, 0x83, 0x0f, 0x73, 0x53, 0x1c, 0xa6, 0x9a, 0x6b, 0xdd, 0x4e, 0x6e, 0x29,
+ 0x32, 0x84, 0xa2, 0xe2, 0xf9, 0xff, 0x6a, 0x60, 0xf3, 0xb0, 0x7c, 0xc4, 0x5c, 0xdf, 0x2b, 0x8b,
+ 0x20, 0xf3, 0xb5, 0xb6, 0x32, 0xc1, 0x5f, 0x81, 0x19, 0xe6, 0xdb, 0x44, 0x65, 0xe9, 0xb6, 0x0a,
+ 0x7a, 0x06, 0xf9, 0x36, 0x79, 0xdf, 0xc9, 0xad, 0xc7, 0x58, 0xcf, 0xda, 0x1e, 0x41, 0x92, 0x00,
+ 0x9f, 0x80, 0x39, 0x86, 0x9d, 0x1a, 0x09, 0x42, 0x4f, 0xdd, 0x59, 0xdc, 0xc9, 0x1b, 0x63, 0xcf,
+ 0x81, 0x71, 0x52, 0x44, 0x01, 0x74, 0xb0, 0x86, 0xf2, 0x93, 0x23, 0xa5, 0x90, 0x3f, 0x05, 0x4b,
+ 0x72, 0xf1, 0x5c, 0x26, 0xa4, 0x05, 0xde, 0x04, 0xa9, 0x06, 0x75, 0x64, 0x50, 0xb3, 0xe6, 0xa2,
+ 0x62, 0xa5, 0x4e, 0xa9, 0x83, 0x82, 0x71, 0x69, 0xc6, 0x2d, 0x99, 0xb3, 0x61, 0x33, 0x6e, 0xa1,
+ 0x60, 0x3c, 0x7f, 0x04, 0xd2, 0xca, 0xe3, 0xb0, 0x50, 0x6a, 0xb2, 0x50, 0x6a, 0x84, 0xd0, 0xff,
+ 0xa6, 0xc1, 0x7a, 0xc9, 0xb5, 0x8a, 0x94, 0x33, 0x5f, 0xe6, 0xcb, 0xf4, 0xad, 0x1a, 0x11, 0x9f,
+ 0x61, 0x7f, 0x3c, 0x03, 0x33, 0xdc, 0x23, 0x55, 0xb5, 0x2d, 0x76, 0x26, 0xe4, 0x76, 0x44, 0x7c,
+ 0x65, 0x8f, 0x54, 0xcd, 0x4c, 0xb8, 0x94, 0xc1, 0x17, 0x92, 0x6a, 0xf0, 0x25, 0x98, 0xe3, 0x02,
+ 0x0b, 0x9f, 0xeb, 0x29, 0xa9, 0xfb, 0xf0, 0x9a, 0xba, 0x92, 0x3b, 0x58, 0xc5, 0xde, 0x37, 0x52,
+ 0x9a, 0xf9, 0xaf, 0x34, 0xf0, 0xe3, 0x11, 0xac, 0xa7, 0x94, 0x0b, 0xf8, 0x32, 0x91, 0x31, 0xe3,
+ 0xc3, 0x32, 0x16, 0xb0, 0x65, 0xbe, 0x56, 0x95, 0xd7, 0xf9, 0x70, 0x64, 0x28, 0x5b, 0x65, 0x30,
+ 0x4b, 0x05, 0x69, 0x84, 0x5b, 0xd1, 0xb8, 0xde, 0xb4, 0xcc, 0x25, 0x25, 0x3d, 0x7b, 0x12, 0x88,
+ 0xa0, 0x9e, 0x56, 0xfe, 0xeb, 0xe9, 0x91, 0xd3, 0x09, 0xd2, 0x09, 0xcf, 0x41, 0xa6, 0x41, 0x9d,
+ 0xbd, 0x26, 0xa6, 0x36, 0xae, 0xa8, 0xd3, 0x33, 0x69, 0x13, 0x04, 0xd5, 0xcf, 0xe8, 0x55, 0x3f,
+ 0xe3, 0xc4, 0x11, 0x67, 0xac, 0x2c, 0x18, 0x75, 0x6a, 0xe6, 0x6a, 0xb7, 0x93, 0xcb, 0x9c, 0x0e,
+ 0x29, 0xa1, 0x88, 0x2e, 0xfc, 0x2b, 0x98, 0xe7, 0xc4, 0x26, 0x55, 0xe1, 0xb2, 0xeb, 0x55, 0x88,
+ 0xa7, 0xb8, 0x42, 0xec, 0xb2, 0xa2, 0x9a, 0x99, 0x20, 0x6f, 0xe1, 0x17, 0xea, 0x4b, 0x42, 0x1b,
+ 0x2c, 0x37, 0x70, 0xeb, 0xb9, 0x83, 0xfb, 0x13, 0x49, 0x7d, 0xe4, 0x44, 0x60, 0xb7, 0x93, 0x5b,
+ 0x3e, 0x8d, 0x68, 0xa1, 0x98, 0x76, 0xfe, 0xfb, 0x19, 0x70, 0x63, 0xec, 0xae, 0x82, 0x4f, 0x00,
+ 0x74, 0x2b, 0x9c, 0xb0, 0x26, 0xb1, 0x8e, 0x7a, 0xf7, 0x03, 0x75, 0xc3, 0x83, 0xbb, 0xa5, 0x16,
+ 0x08, 0x9e, 0x25, 0x10, 0x68, 0x04, 0x0b, 0xfe, 0x4b, 0x03, 0x4b, 0x56, 0xcf, 0x0d, 0xb1, 0x4a,
+ 0xae, 0x15, 0x6e, 0x8c, 0xa3, 0x8f, 0xd9, 0xef, 0x46, 0x71, 0x58, 0xe9, 0xc0, 0x11, 0xac, 0x6d,
+ 0x6e, 0xa8, 0x80, 0x96, 0x22, 0x36, 0x14, 0x75, 0x0a, 0x4f, 0x01, 0xb4, 0xfa, 0x92, 0x5c, 0xdd,
+ 0x52, 0x32, 0xc5, 0xb3, 0xe6, 0x4d, 0xa5, 0xb0, 0x11, 0xf1, 0x1b, 0x82, 0xd0, 0x08, 0x22, 0xfc,
+ 0x1d, 0x58, 0xae, 0xfa, 0x8c, 0x11, 0x47, 0x1c, 0x13, 0x6c, 0x8b, 0x7a, 0x5b, 0x9f, 0x91, 0x52,
+ 0x9b, 0x4a, 0x6a, 0x79, 0x3f, 0x62, 0x45, 0x31, 0x74, 0xc0, 0xb7, 0x08, 0xa7, 0x8c, 0x58, 0x21,
+ 0x7f, 0x36, 0xca, 0x2f, 0x46, 0xac, 0x28, 0x86, 0x86, 0xbb, 0x20, 0x43, 0x5a, 0x1e, 0xa9, 0x86,
+ 0x39, 0x9d, 0x93, 0xec, 0x1f, 0x29, 0x76, 0xe6, 0x60, 0xc8, 0x86, 0x22, 0xc8, 0x2d, 0x1b, 0xc0,
+ 0x64, 0x12, 0xe1, 0x2a, 0x48, 0x5d, 0x90, 0x76, 0xef, 0xe6, 0x41, 0xc1, 0x4f, 0xf8, 0x7b, 0x30,
+ 0xdb, 0xc4, 0xb6, 0x4f, 0xd4, 0x5e, 0xbf, 0xfb, 0x61, 0x7b, 0xfd, 0x19, 0x6d, 0x10, 0xd4, 0x23,
+ 0xfe, 0x7a, 0x7a, 0x57, 0xcb, 0x7f, 0xa9, 0x81, 0xb5, 0x92, 0x6b, 0x95, 0x49, 0xd5, 0x67, 0x54,
+ 0xb4, 0x4b, 0x72, 0x9d, 0x3f, 0x43, 0xcd, 0x46, 0x91, 0x9a, 0x7d, 0x7f, 0xf2, 0x5e, 0x8b, 0x46,
+ 0x37, 0xae, 0x62, 0xe7, 0x2f, 0x35, 0xb0, 0x91, 0x40, 0x7f, 0x86, 0x8a, 0xfa, 0xc7, 0x68, 0x45,
+ 0xfd, 0xc5, 0x75, 0x26, 0x33, 0xa6, 0x9e, 0xbe, 0xcf, 0x8c, 0x98, 0x8a, 0xac, 0xa6, 0x41, 0xbf,
+ 0xc6, 0x68, 0x93, 0xda, 0xa4, 0x46, 0x2c, 0x39, 0x99, 0xf9, 0xa1, 0x7e, 0xad, 0x6f, 0x41, 0x43,
+ 0x28, 0xc8, 0xc1, 0xa6, 0x45, 0xce, 0xb1, 0x6f, 0x8b, 0x3d, 0xcb, 0xda, 0xc7, 0x1e, 0xae, 0x50,
+ 0x9b, 0x0a, 0xaa, 0xda, 0x91, 0x05, 0xf3, 0x71, 0xb7, 0x93, 0xdb, 0x2c, 0x8e, 0x44, 0xbc, 0xef,
+ 0xe4, 0x6e, 0x26, 0x3b, 0x6d, 0xa3, 0x0f, 0x69, 0xa3, 0x31, 0xd2, 0xb0, 0x0d, 0x74, 0x46, 0xfe,
+ 0xe1, 0x07, 0x87, 0xa2, 0xc8, 0x5c, 0x2f, 0xe2, 0x36, 0x25, 0xdd, 0xfe, 0xb6, 0xdb, 0xc9, 0xe9,
+ 0x68, 0x0c, 0xe6, 0x6a, 0xc7, 0x63, 0xe5, 0xe1, 0x2b, 0xb0, 0x8e, 0x7b, 0x75, 0x20, 0xe2, 0x75,
+ 0x46, 0x7a, 0xdd, 0xed, 0x76, 0x72, 0xeb, 0x7b, 0x49, 0xf3, 0xd5, 0x0e, 0x47, 0x89, 0xc2, 0x02,
+ 0x48, 0x37, 0x65, 0x13, 0xce, 0xf5, 0x59, 0xa9, 0xbf, 0xd1, 0xed, 0xe4, 0xd2, 0xbd, 0xbe, 0x3c,
+ 0xd0, 0x9c, 0x3b, 0x2c, 0xcb, 0x46, 0x30, 0x44, 0xc1, 0x47, 0x60, 0xb1, 0xee, 0x72, 0xf1, 0x07,
+ 0x22, 0x5e, 0xbb, 0xec, 0x42, 0x16, 0x86, 0x79, 0x73, 0x5d, 0xad, 0xe0, 0xe2, 0xf1, 0xc0, 0x84,
+ 0x86, 0x71, 0xf0, 0xcf, 0x60, 0xa1, 0xae, 0xda, 0x3e, 0xae, 0xa7, 0xe5, 0x46, 0xbb, 0x33, 0x61,
+ 0xa3, 0x45, 0x5a, 0x44, 0x73, 0x4d, 0xc9, 0x2f, 0x84, 0xc3, 0x1c, 0x0d, 0xd4, 0xe0, 0xcf, 0x41,
+ 0x5a, 0x7e, 0x9c, 0x14, 0xf5, 0x79, 0x19, 0xcd, 0x8a, 0x82, 0xa7, 0x8f, 0x7b, 0xc3, 0x28, 0xb4,
+ 0x87, 0xd0, 0x93, 0xd2, 0xbe, 0xbe, 0x90, 0x84, 0x9e, 0x94, 0xf6, 0x51, 0x68, 0x87, 0x2f, 0x41,
+ 0x9a, 0x93, 0xa7, 0xd4, 0xf1, 0x5b, 0x3a, 0x90, 0x47, 0x6e, 0x7b, 0x42, 0xb8, 0xe5, 0x03, 0x89,
+ 0x8c, 0x35, 0xdc, 0x03, 0x75, 0x65, 0x47, 0xa1, 0x24, 0xb4, 0xc0, 0x02, 0xf3, 0x9d, 0x3d, 0xfe,
+ 0x9c, 0x13, 0xa6, 0x2f, 0x26, 0x6e, 0xfb, 0xb8, 0x3e, 0x0a, 0xb1, 0x71, 0x0f, 0xfd, 0xcc, 0xf4,
+ 0x11, 0x68, 0x20, 0x0c, 0xff, 0xad, 0x01, 0xc8, 0x7d, 0xcf, 0xb3, 0x49, 0x83, 0x38, 0x02, 0xdb,
+ 0xb2, 0xbf, 0xe7, 0x7a, 0x46, 0xfa, 0xfb, 0xcd, 0xa4, 0xf9, 0x24, 0x48, 0x71, 0xc7, 0xfd, 0x6b,
+ 0x3a, 0x09, 0x45, 0x23, 0x7c, 0x06, 0xe9, 0x3c, 0xe7, 0xf2, 0xb7, 0xbe, 0x74, 0x65, 0x3a, 0x47,
+ 0xbf, 0x5f, 0x06, 0xe9, 0x54, 0x76, 0x14, 0x4a, 0xc2, 0x17, 0x60, 0x93, 0x11, 0x6c, 0x9d, 0x39,
+ 0x76, 0x1b, 0xb9, 0xae, 0x38, 0xa4, 0x36, 0xe1, 0x6d, 0x2e, 0x48, 0x43, 0x5f, 0x96, 0xcb, 0x9c,
+ 0x55, 0xcc, 0x4d, 0x34, 0x12, 0x85, 0xc6, 0xb0, 0x61, 0x03, 0xe4, 0xc2, 0xf2, 0x10, 0x9c, 0x9d,
+ 0x7e, 0x7d, 0x3a, 0xe0, 0x55, 0x6c, 0xf7, 0xba, 0x96, 0x15, 0xe9, 0xe0, 0x76, 0xb7, 0x93, 0xcb,
+ 0x15, 0x27, 0x43, 0xd1, 0x55, 0x5a, 0xf0, 0x4f, 0x40, 0xc7, 0xe3, 0xfc, 0xac, 0x4a, 0x3f, 0x3f,
+ 0x09, 0x6a, 0xce, 0x58, 0x07, 0x63, 0xd9, 0xd0, 0x03, 0xab, 0x38, 0xfa, 0x72, 0xe6, 0xfa, 0x9a,
+ 0x3c, 0x85, 0x77, 0x27, 0xac, 0x43, 0xec, 0xb1, 0x6d, 0xea, 0x2a, 0x8d, 0xab, 0x31, 0x03, 0x47,
+ 0x09, 0x75, 0xd8, 0x02, 0x10, 0xc7, 0x1f, 0xfa, 0x5c, 0x87, 0x57, 0x5e, 0x31, 0x89, 0x7f, 0x07,
+ 0x06, 0x5b, 0x2d, 0x61, 0xe2, 0x68, 0x84, 0x8f, 0xe0, 0x05, 0xac, 0x8f, 0x3b, 0x30, 0xf0, 0x51,
+ 0xe4, 0x0d, 0x7c, 0x2b, 0xf6, 0x06, 0x5e, 0x4b, 0xf0, 0x3e, 0xc1, 0x0b, 0xf8, 0xff, 0x1a, 0xd8,
+ 0x1c, 0x5d, 0x30, 0xe0, 0x83, 0x48, 0x74, 0xb9, 0x58, 0x74, 0x2b, 0x31, 0x96, 0x8a, 0xed, 0x6f,
+ 0x60, 0x59, 0x95, 0x95, 0xe8, 0x1f, 0x0c, 0x91, 0x18, 0x83, 0xfb, 0x20, 0xe8, 0x08, 0x94, 0x44,
+ 0x78, 0xa4, 0x64, 0x2f, 0x1f, 0x1d, 0x43, 0x31, 0xb5, 0xfc, 0x17, 0x1a, 0xb8, 0x75, 0x65, 0x41,
+ 0x80, 0x66, 0x24, 0x74, 0x23, 0x16, 0x7a, 0x76, 0xbc, 0xc0, 0xa7, 0xf9, 0x9f, 0xc1, 0xbc, 0x77,
+ 0xf9, 0x2e, 0x3b, 0xf5, 0xe6, 0x5d, 0x76, 0xea, 0xed, 0xbb, 0xec, 0xd4, 0x3f, 0xbb, 0x59, 0xed,
+ 0xb2, 0x9b, 0xd5, 0xde, 0x74, 0xb3, 0xda, 0xdb, 0x6e, 0x56, 0xfb, 0xb6, 0x9b, 0xd5, 0xfe, 0xf3,
+ 0x5d, 0x76, 0xea, 0x2f, 0x69, 0x25, 0xf7, 0x43, 0x00, 0x00, 0x00, 0xff, 0xff, 0xc3, 0x7d, 0x0b,
+ 0x1d, 0x1e, 0x14, 0x00, 0x00,
}
diff --git a/staging/src/k8s.io/api/policy/v1beta1/generated.proto b/staging/src/k8s.io/api/policy/v1beta1/generated.proto
index 2e01cf3d9b6..514868a9f85 100644
--- a/staging/src/k8s.io/api/policy/v1beta1/generated.proto
+++ b/staging/src/k8s.io/api/policy/v1beta1/generated.proto
@@ -30,6 +30,25 @@ import "k8s.io/apimachinery/pkg/util/intstr/generated.proto";
// Package-wide variables from generator "generated".
option go_package = "v1beta1";
+// AllowedFlexVolume represents a single Flexvolume that is allowed to be used.
+message AllowedFlexVolume {
+ // Driver is the name of the Flexvolume driver.
+ optional string driver = 1;
+}
+
+// defines the host volume conditions that will be enabled by a policy
+// for pods to use. It requires the path prefix to be defined.
+message AllowedHostPath {
+ // is the path prefix that the host volume must match.
+ // It does not support `*`.
+ // Trailing slashes are trimmed when validating the path prefix with a host path.
+ //
+ // Examples:
+ // `/foo` would allow `/foo`, `/foo/` and `/foo/bar`
+ // `/foo` would not allow `/food` or `/etc/foo`
+ optional string pathPrefix = 1;
+}
+
// Eviction evicts a pod from its node subject to certain policies and safety constraints.
// This is a subresource of Pod. A request to cause such an eviction is
// created by POSTing to .../pods//evictions.
@@ -41,6 +60,37 @@ message Eviction {
optional k8s.io.apimachinery.pkg.apis.meta.v1.DeleteOptions deleteOptions = 2;
}
+// FSGroupStrategyOptions defines the strategy type and options used to create the strategy.
+message FSGroupStrategyOptions {
+ // Rule is the strategy that will dictate what FSGroup is used in the SecurityContext.
+ // +optional
+ optional string rule = 1;
+
+ // Ranges are the allowed ranges of fs groups. If you would like to force a single
+ // fs group then supply a single range with the same start and end.
+ // +optional
+ repeated IDRange ranges = 2;
+}
+
+// Host Port Range defines a range of host ports that will be enabled by a policy
+// for pods to use. It requires both the start and end to be defined.
+message HostPortRange {
+ // min is the start of the range, inclusive.
+ optional int32 min = 1;
+
+ // max is the end of the range, inclusive.
+ optional int32 max = 2;
+}
+
+// ID Range provides a min/max of an allowed range of IDs.
+message IDRange {
+ // Min is the start of the range, inclusive.
+ optional int64 min = 1;
+
+ // Max is the end of the range, inclusive.
+ optional int64 max = 2;
+}
+
// PodDisruptionBudget is an object to define the max disruption that can be caused to a collection of pods
message PodDisruptionBudget {
optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1;
@@ -112,3 +162,146 @@ message PodDisruptionBudgetStatus {
optional int32 expectedPods = 6;
}
+// Pod Security Policy governs the ability to make requests that affect the Security Context
+// that will be applied to a pod and container.
+message PodSecurityPolicy {
+ // Standard object's metadata.
+ // More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata
+ // +optional
+ optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1;
+
+ // spec defines the policy enforced.
+ // +optional
+ optional PodSecurityPolicySpec spec = 2;
+}
+
+// Pod Security Policy List is a list of PodSecurityPolicy objects.
+message PodSecurityPolicyList {
+ // Standard list metadata.
+ // More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata
+ // +optional
+ optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1;
+
+ // Items is a list of schema objects.
+ repeated PodSecurityPolicy items = 2;
+}
+
+// Pod Security Policy Spec defines the policy enforced.
+message PodSecurityPolicySpec {
+ // privileged determines if a pod can request to be run as privileged.
+ // +optional
+ optional bool privileged = 1;
+
+ // DefaultAddCapabilities is the default set of capabilities that will be added to the container
+ // unless the pod spec specifically drops the capability. You may not list a capability in both
+ // DefaultAddCapabilities and RequiredDropCapabilities. Capabilities added here are implicitly
+ // allowed, and need not be included in the AllowedCapabilities list.
+ // +optional
+ repeated string defaultAddCapabilities = 2;
+
+ // RequiredDropCapabilities are the capabilities that will be dropped from the container. These
+ // are required to be dropped and cannot be added.
+ // +optional
+ repeated string requiredDropCapabilities = 3;
+
+ // AllowedCapabilities is a list of capabilities that can be requested to add to the container.
+ // Capabilities in this field may be added at the pod author's discretion.
+ // You must not list a capability in both AllowedCapabilities and RequiredDropCapabilities.
+ // +optional
+ repeated string allowedCapabilities = 4;
+
+ // volumes is a white list of allowed volume plugins. Empty indicates that all plugins
+ // may be used.
+ // +optional
+ repeated string volumes = 5;
+
+ // hostNetwork determines if the policy allows the use of HostNetwork in the pod spec.
+ // +optional
+ optional bool hostNetwork = 6;
+
+ // hostPorts determines which host port ranges are allowed to be exposed.
+ // +optional
+ repeated HostPortRange hostPorts = 7;
+
+ // hostPID determines if the policy allows the use of HostPID in the pod spec.
+ // +optional
+ optional bool hostPID = 8;
+
+ // hostIPC determines if the policy allows the use of HostIPC in the pod spec.
+ // +optional
+ optional bool hostIPC = 9;
+
+ // seLinux is the strategy that will dictate the allowable labels that may be set.
+ optional SELinuxStrategyOptions seLinux = 10;
+
+ // runAsUser is the strategy that will dictate the allowable RunAsUser values that may be set.
+ optional RunAsUserStrategyOptions runAsUser = 11;
+
+ // SupplementalGroups is the strategy that will dictate what supplemental groups are used by the SecurityContext.
+ optional SupplementalGroupsStrategyOptions supplementalGroups = 12;
+
+ // FSGroup is the strategy that will dictate what fs group is used by the SecurityContext.
+ optional FSGroupStrategyOptions fsGroup = 13;
+
+ // ReadOnlyRootFilesystem when set to true will force containers to run with a read only root file
+ // system. If the container specifically requests to run with a non-read only root file system
+ // the PSP should deny the pod.
+ // If set to false the container may run with a read only root file system if it wishes but it
+ // will not be forced to.
+ // +optional
+ optional bool readOnlyRootFilesystem = 14;
+
+ // DefaultAllowPrivilegeEscalation controls the default setting for whether a
+ // process can gain more privileges than its parent process.
+ // +optional
+ optional bool defaultAllowPrivilegeEscalation = 15;
+
+ // AllowPrivilegeEscalation determines if a pod can request to allow
+ // privilege escalation. If unspecified, defaults to true.
+ // +optional
+ optional bool allowPrivilegeEscalation = 16;
+
+ // is a white list of allowed host paths. Empty indicates that all host paths may be used.
+ // +optional
+ repeated AllowedHostPath allowedHostPaths = 17;
+
+ // AllowedFlexVolumes is a whitelist of allowed Flexvolumes. Empty or nil indicates that all
+ // Flexvolumes may be used. This parameter is effective only when the usage of the Flexvolumes
+ // is allowed in the "Volumes" field.
+ // +optional
+ repeated AllowedFlexVolume allowedFlexVolumes = 18;
+}
+
+// Run A sUser Strategy Options defines the strategy type and any options used to create the strategy.
+message RunAsUserStrategyOptions {
+ // Rule is the strategy that will dictate the allowable RunAsUser values that may be set.
+ optional string rule = 1;
+
+ // Ranges are the allowed ranges of uids that may be used.
+ // +optional
+ repeated IDRange ranges = 2;
+}
+
+// SELinux Strategy Options defines the strategy type and any options used to create the strategy.
+message SELinuxStrategyOptions {
+ // type is the strategy that will dictate the allowable labels that may be set.
+ optional string rule = 1;
+
+ // seLinuxOptions required to run as; required for MustRunAs
+ // More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
+ // +optional
+ optional k8s.io.api.core.v1.SELinuxOptions seLinuxOptions = 2;
+}
+
+// SupplementalGroupsStrategyOptions defines the strategy type and options used to create the strategy.
+message SupplementalGroupsStrategyOptions {
+ // Rule is the strategy that will dictate what supplemental groups is used in the SecurityContext.
+ // +optional
+ optional string rule = 1;
+
+ // Ranges are the allowed ranges of supplemental groups. If you would like to force a single
+ // supplemental group then supply a single range with the same start and end.
+ // +optional
+ repeated IDRange ranges = 2;
+}
+
diff --git a/staging/src/k8s.io/api/policy/v1beta1/types_swagger_doc_generated.go b/staging/src/k8s.io/api/policy/v1beta1/types_swagger_doc_generated.go
index 29432506df9..8c51518d4a7 100644
--- a/staging/src/k8s.io/api/policy/v1beta1/types_swagger_doc_generated.go
+++ b/staging/src/k8s.io/api/policy/v1beta1/types_swagger_doc_generated.go
@@ -27,6 +27,24 @@ package v1beta1
// Those methods can be generated by using hack/update-generated-swagger-docs.sh
// AUTO-GENERATED FUNCTIONS START HERE
+var map_AllowedFlexVolume = map[string]string{
+ "": "AllowedFlexVolume represents a single Flexvolume that is allowed to be used.",
+ "driver": "Driver is the name of the Flexvolume driver.",
+}
+
+func (AllowedFlexVolume) SwaggerDoc() map[string]string {
+ return map_AllowedFlexVolume
+}
+
+var map_AllowedHostPath = map[string]string{
+ "": "defines the host volume conditions that will be enabled by a policy for pods to use. It requires the path prefix to be defined.",
+ "pathPrefix": "is the path prefix that the host volume must match. It does not support `*`. Trailing slashes are trimmed when validating the path prefix with a host path.\n\nExamples: `/foo` would allow `/foo`, `/foo/` and `/foo/bar` `/foo` would not allow `/food` or `/etc/foo`",
+}
+
+func (AllowedHostPath) SwaggerDoc() map[string]string {
+ return map_AllowedHostPath
+}
+
var map_Eviction = map[string]string{
"": "Eviction evicts a pod from its node subject to certain policies and safety constraints. This is a subresource of Pod. A request to cause such an eviction is created by POSTing to .../pods//evictions.",
"metadata": "ObjectMeta describes the pod that is being evicted.",
@@ -37,6 +55,36 @@ func (Eviction) SwaggerDoc() map[string]string {
return map_Eviction
}
+var map_FSGroupStrategyOptions = map[string]string{
+ "": "FSGroupStrategyOptions defines the strategy type and options used to create the strategy.",
+ "rule": "Rule is the strategy that will dictate what FSGroup is used in the SecurityContext.",
+ "ranges": "Ranges are the allowed ranges of fs groups. If you would like to force a single fs group then supply a single range with the same start and end.",
+}
+
+func (FSGroupStrategyOptions) SwaggerDoc() map[string]string {
+ return map_FSGroupStrategyOptions
+}
+
+var map_HostPortRange = map[string]string{
+ "": "Host Port Range defines a range of host ports that will be enabled by a policy for pods to use. It requires both the start and end to be defined.",
+ "min": "min is the start of the range, inclusive.",
+ "max": "max is the end of the range, inclusive.",
+}
+
+func (HostPortRange) SwaggerDoc() map[string]string {
+ return map_HostPortRange
+}
+
+var map_IDRange = map[string]string{
+ "": "ID Range provides a min/max of an allowed range of IDs.",
+ "min": "Min is the start of the range, inclusive.",
+ "max": "Max is the end of the range, inclusive.",
+}
+
+func (IDRange) SwaggerDoc() map[string]string {
+ return map_IDRange
+}
+
var map_PodDisruptionBudget = map[string]string{
"": "PodDisruptionBudget is an object to define the max disruption that can be caused to a collection of pods",
"spec": "Specification of the desired behavior of the PodDisruptionBudget.",
@@ -80,4 +128,80 @@ func (PodDisruptionBudgetStatus) SwaggerDoc() map[string]string {
return map_PodDisruptionBudgetStatus
}
+var map_PodSecurityPolicy = map[string]string{
+ "": "Pod Security Policy governs the ability to make requests that affect the Security Context that will be applied to a pod and container.",
+ "metadata": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata",
+ "spec": "spec defines the policy enforced.",
+}
+
+func (PodSecurityPolicy) SwaggerDoc() map[string]string {
+ return map_PodSecurityPolicy
+}
+
+var map_PodSecurityPolicyList = map[string]string{
+ "": "Pod Security Policy List is a list of PodSecurityPolicy objects.",
+ "metadata": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata",
+ "items": "Items is a list of schema objects.",
+}
+
+func (PodSecurityPolicyList) SwaggerDoc() map[string]string {
+ return map_PodSecurityPolicyList
+}
+
+var map_PodSecurityPolicySpec = map[string]string{
+ "": "Pod Security Policy Spec defines the policy enforced.",
+ "privileged": "privileged determines if a pod can request to be run as privileged.",
+ "defaultAddCapabilities": "DefaultAddCapabilities is the default set of capabilities that will be added to the container unless the pod spec specifically drops the capability. You may not list a capability in both DefaultAddCapabilities and RequiredDropCapabilities. Capabilities added here are implicitly allowed, and need not be included in the AllowedCapabilities list.",
+ "requiredDropCapabilities": "RequiredDropCapabilities are the capabilities that will be dropped from the container. These are required to be dropped and cannot be added.",
+ "allowedCapabilities": "AllowedCapabilities is a list of capabilities that can be requested to add to the container. Capabilities in this field may be added at the pod author's discretion. You must not list a capability in both AllowedCapabilities and RequiredDropCapabilities.",
+ "volumes": "volumes is a white list of allowed volume plugins. Empty indicates that all plugins may be used.",
+ "hostNetwork": "hostNetwork determines if the policy allows the use of HostNetwork in the pod spec.",
+ "hostPorts": "hostPorts determines which host port ranges are allowed to be exposed.",
+ "hostPID": "hostPID determines if the policy allows the use of HostPID in the pod spec.",
+ "hostIPC": "hostIPC determines if the policy allows the use of HostIPC in the pod spec.",
+ "seLinux": "seLinux is the strategy that will dictate the allowable labels that may be set.",
+ "runAsUser": "runAsUser is the strategy that will dictate the allowable RunAsUser values that may be set.",
+ "supplementalGroups": "SupplementalGroups is the strategy that will dictate what supplemental groups are used by the SecurityContext.",
+ "fsGroup": "FSGroup is the strategy that will dictate what fs group is used by the SecurityContext.",
+ "readOnlyRootFilesystem": "ReadOnlyRootFilesystem when set to true will force containers to run with a read only root file system. If the container specifically requests to run with a non-read only root file system the PSP should deny the pod. If set to false the container may run with a read only root file system if it wishes but it will not be forced to.",
+ "defaultAllowPrivilegeEscalation": "DefaultAllowPrivilegeEscalation controls the default setting for whether a process can gain more privileges than its parent process.",
+ "allowPrivilegeEscalation": "AllowPrivilegeEscalation determines if a pod can request to allow privilege escalation. If unspecified, defaults to true.",
+ "allowedHostPaths": "is a white list of allowed host paths. Empty indicates that all host paths may be used.",
+ "allowedFlexVolumes": "AllowedFlexVolumes is a whitelist of allowed Flexvolumes. Empty or nil indicates that all Flexvolumes may be used. This parameter is effective only when the usage of the Flexvolumes is allowed in the \"Volumes\" field.",
+}
+
+func (PodSecurityPolicySpec) SwaggerDoc() map[string]string {
+ return map_PodSecurityPolicySpec
+}
+
+var map_RunAsUserStrategyOptions = map[string]string{
+ "": "Run A sUser Strategy Options defines the strategy type and any options used to create the strategy.",
+ "rule": "Rule is the strategy that will dictate the allowable RunAsUser values that may be set.",
+ "ranges": "Ranges are the allowed ranges of uids that may be used.",
+}
+
+func (RunAsUserStrategyOptions) SwaggerDoc() map[string]string {
+ return map_RunAsUserStrategyOptions
+}
+
+var map_SELinuxStrategyOptions = map[string]string{
+ "": "SELinux Strategy Options defines the strategy type and any options used to create the strategy.",
+ "rule": "type is the strategy that will dictate the allowable labels that may be set.",
+ "seLinuxOptions": "seLinuxOptions required to run as; required for MustRunAs More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/",
+}
+
+func (SELinuxStrategyOptions) SwaggerDoc() map[string]string {
+ return map_SELinuxStrategyOptions
+}
+
+var map_SupplementalGroupsStrategyOptions = map[string]string{
+ "": "SupplementalGroupsStrategyOptions defines the strategy type and options used to create the strategy.",
+ "rule": "Rule is the strategy that will dictate what supplemental groups is used in the SecurityContext.",
+ "ranges": "Ranges are the allowed ranges of supplemental groups. If you would like to force a single supplemental group then supply a single range with the same start and end.",
+}
+
+func (SupplementalGroupsStrategyOptions) SwaggerDoc() map[string]string {
+ return map_SupplementalGroupsStrategyOptions
+}
+
// AUTO-GENERATED FUNCTIONS END HERE
diff --git a/staging/src/k8s.io/api/policy/v1beta1/zz_generated.deepcopy.go b/staging/src/k8s.io/api/policy/v1beta1/zz_generated.deepcopy.go
index 78a597b5b9b..6250f308b50 100644
--- a/staging/src/k8s.io/api/policy/v1beta1/zz_generated.deepcopy.go
+++ b/staging/src/k8s.io/api/policy/v1beta1/zz_generated.deepcopy.go
@@ -21,11 +21,44 @@ limitations under the License.
package v1beta1
import (
+ core_v1 "k8s.io/api/core/v1"
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
runtime "k8s.io/apimachinery/pkg/runtime"
intstr "k8s.io/apimachinery/pkg/util/intstr"
)
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *AllowedFlexVolume) DeepCopyInto(out *AllowedFlexVolume) {
+ *out = *in
+ return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AllowedFlexVolume.
+func (in *AllowedFlexVolume) DeepCopy() *AllowedFlexVolume {
+ if in == nil {
+ return nil
+ }
+ out := new(AllowedFlexVolume)
+ in.DeepCopyInto(out)
+ return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *AllowedHostPath) DeepCopyInto(out *AllowedHostPath) {
+ *out = *in
+ return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AllowedHostPath.
+func (in *AllowedHostPath) DeepCopy() *AllowedHostPath {
+ if in == nil {
+ return nil
+ }
+ out := new(AllowedHostPath)
+ in.DeepCopyInto(out)
+ return out
+}
+
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *Eviction) DeepCopyInto(out *Eviction) {
*out = *in
@@ -62,6 +95,59 @@ func (in *Eviction) DeepCopyObject() runtime.Object {
}
}
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *FSGroupStrategyOptions) DeepCopyInto(out *FSGroupStrategyOptions) {
+ *out = *in
+ if in.Ranges != nil {
+ in, out := &in.Ranges, &out.Ranges
+ *out = make([]IDRange, len(*in))
+ copy(*out, *in)
+ }
+ return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FSGroupStrategyOptions.
+func (in *FSGroupStrategyOptions) DeepCopy() *FSGroupStrategyOptions {
+ if in == nil {
+ return nil
+ }
+ out := new(FSGroupStrategyOptions)
+ in.DeepCopyInto(out)
+ return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *HostPortRange) DeepCopyInto(out *HostPortRange) {
+ *out = *in
+ return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HostPortRange.
+func (in *HostPortRange) DeepCopy() *HostPortRange {
+ if in == nil {
+ return nil
+ }
+ out := new(HostPortRange)
+ in.DeepCopyInto(out)
+ return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *IDRange) DeepCopyInto(out *IDRange) {
+ *out = *in
+ return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IDRange.
+func (in *IDRange) DeepCopy() *IDRange {
+ if in == nil {
+ return nil
+ }
+ out := new(IDRange)
+ in.DeepCopyInto(out)
+ return out
+}
+
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *PodDisruptionBudget) DeepCopyInto(out *PodDisruptionBudget) {
*out = *in
@@ -190,3 +276,205 @@ func (in *PodDisruptionBudgetStatus) DeepCopy() *PodDisruptionBudgetStatus {
in.DeepCopyInto(out)
return out
}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *PodSecurityPolicy) DeepCopyInto(out *PodSecurityPolicy) {
+ *out = *in
+ out.TypeMeta = in.TypeMeta
+ in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
+ in.Spec.DeepCopyInto(&out.Spec)
+ return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PodSecurityPolicy.
+func (in *PodSecurityPolicy) DeepCopy() *PodSecurityPolicy {
+ if in == nil {
+ return nil
+ }
+ out := new(PodSecurityPolicy)
+ in.DeepCopyInto(out)
+ return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *PodSecurityPolicy) DeepCopyObject() runtime.Object {
+ if c := in.DeepCopy(); c != nil {
+ return c
+ } else {
+ return nil
+ }
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *PodSecurityPolicyList) DeepCopyInto(out *PodSecurityPolicyList) {
+ *out = *in
+ out.TypeMeta = in.TypeMeta
+ out.ListMeta = in.ListMeta
+ if in.Items != nil {
+ in, out := &in.Items, &out.Items
+ *out = make([]PodSecurityPolicy, len(*in))
+ for i := range *in {
+ (*in)[i].DeepCopyInto(&(*out)[i])
+ }
+ }
+ return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PodSecurityPolicyList.
+func (in *PodSecurityPolicyList) DeepCopy() *PodSecurityPolicyList {
+ if in == nil {
+ return nil
+ }
+ out := new(PodSecurityPolicyList)
+ in.DeepCopyInto(out)
+ return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *PodSecurityPolicyList) DeepCopyObject() runtime.Object {
+ if c := in.DeepCopy(); c != nil {
+ return c
+ } else {
+ return nil
+ }
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *PodSecurityPolicySpec) DeepCopyInto(out *PodSecurityPolicySpec) {
+ *out = *in
+ if in.DefaultAddCapabilities != nil {
+ in, out := &in.DefaultAddCapabilities, &out.DefaultAddCapabilities
+ *out = make([]core_v1.Capability, len(*in))
+ copy(*out, *in)
+ }
+ if in.RequiredDropCapabilities != nil {
+ in, out := &in.RequiredDropCapabilities, &out.RequiredDropCapabilities
+ *out = make([]core_v1.Capability, len(*in))
+ copy(*out, *in)
+ }
+ if in.AllowedCapabilities != nil {
+ in, out := &in.AllowedCapabilities, &out.AllowedCapabilities
+ *out = make([]core_v1.Capability, len(*in))
+ copy(*out, *in)
+ }
+ if in.Volumes != nil {
+ in, out := &in.Volumes, &out.Volumes
+ *out = make([]FSType, len(*in))
+ copy(*out, *in)
+ }
+ if in.HostPorts != nil {
+ in, out := &in.HostPorts, &out.HostPorts
+ *out = make([]HostPortRange, len(*in))
+ copy(*out, *in)
+ }
+ in.SELinux.DeepCopyInto(&out.SELinux)
+ in.RunAsUser.DeepCopyInto(&out.RunAsUser)
+ in.SupplementalGroups.DeepCopyInto(&out.SupplementalGroups)
+ in.FSGroup.DeepCopyInto(&out.FSGroup)
+ if in.DefaultAllowPrivilegeEscalation != nil {
+ in, out := &in.DefaultAllowPrivilegeEscalation, &out.DefaultAllowPrivilegeEscalation
+ if *in == nil {
+ *out = nil
+ } else {
+ *out = new(bool)
+ **out = **in
+ }
+ }
+ if in.AllowPrivilegeEscalation != nil {
+ in, out := &in.AllowPrivilegeEscalation, &out.AllowPrivilegeEscalation
+ if *in == nil {
+ *out = nil
+ } else {
+ *out = new(bool)
+ **out = **in
+ }
+ }
+ if in.AllowedHostPaths != nil {
+ in, out := &in.AllowedHostPaths, &out.AllowedHostPaths
+ *out = make([]AllowedHostPath, len(*in))
+ copy(*out, *in)
+ }
+ if in.AllowedFlexVolumes != nil {
+ in, out := &in.AllowedFlexVolumes, &out.AllowedFlexVolumes
+ *out = make([]AllowedFlexVolume, len(*in))
+ copy(*out, *in)
+ }
+ return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PodSecurityPolicySpec.
+func (in *PodSecurityPolicySpec) DeepCopy() *PodSecurityPolicySpec {
+ if in == nil {
+ return nil
+ }
+ out := new(PodSecurityPolicySpec)
+ in.DeepCopyInto(out)
+ return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *RunAsUserStrategyOptions) DeepCopyInto(out *RunAsUserStrategyOptions) {
+ *out = *in
+ if in.Ranges != nil {
+ in, out := &in.Ranges, &out.Ranges
+ *out = make([]IDRange, len(*in))
+ copy(*out, *in)
+ }
+ return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RunAsUserStrategyOptions.
+func (in *RunAsUserStrategyOptions) DeepCopy() *RunAsUserStrategyOptions {
+ if in == nil {
+ return nil
+ }
+ out := new(RunAsUserStrategyOptions)
+ in.DeepCopyInto(out)
+ return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *SELinuxStrategyOptions) DeepCopyInto(out *SELinuxStrategyOptions) {
+ *out = *in
+ if in.SELinuxOptions != nil {
+ in, out := &in.SELinuxOptions, &out.SELinuxOptions
+ if *in == nil {
+ *out = nil
+ } else {
+ *out = new(core_v1.SELinuxOptions)
+ **out = **in
+ }
+ }
+ return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SELinuxStrategyOptions.
+func (in *SELinuxStrategyOptions) DeepCopy() *SELinuxStrategyOptions {
+ if in == nil {
+ return nil
+ }
+ out := new(SELinuxStrategyOptions)
+ in.DeepCopyInto(out)
+ return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *SupplementalGroupsStrategyOptions) DeepCopyInto(out *SupplementalGroupsStrategyOptions) {
+ *out = *in
+ if in.Ranges != nil {
+ in, out := &in.Ranges, &out.Ranges
+ *out = make([]IDRange, len(*in))
+ copy(*out, *in)
+ }
+ return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SupplementalGroupsStrategyOptions.
+func (in *SupplementalGroupsStrategyOptions) DeepCopy() *SupplementalGroupsStrategyOptions {
+ if in == nil {
+ return nil
+ }
+ out := new(SupplementalGroupsStrategyOptions)
+ in.DeepCopyInto(out)
+ return out
+}
diff --git a/staging/src/k8s.io/client-go/informers/generic.go b/staging/src/k8s.io/client-go/informers/generic.go
index c19f137cffc..43fd7a1ca29 100644
--- a/staging/src/k8s.io/client-go/informers/generic.go
+++ b/staging/src/k8s.io/client-go/informers/generic.go
@@ -198,6 +198,8 @@ func (f *sharedInformerFactory) ForResource(resource schema.GroupVersionResource
// Group=policy, Version=v1beta1
case policy_v1beta1.SchemeGroupVersion.WithResource("poddisruptionbudgets"):
return &genericInformer{resource: resource.GroupResource(), informer: f.Policy().V1beta1().PodDisruptionBudgets().Informer()}, nil
+ case policy_v1beta1.SchemeGroupVersion.WithResource("podsecuritypolicies"):
+ return &genericInformer{resource: resource.GroupResource(), informer: f.Policy().V1beta1().PodSecurityPolicies().Informer()}, nil
// Group=rbac.authorization.k8s.io, Version=v1
case rbac_v1.SchemeGroupVersion.WithResource("clusterroles"):
diff --git a/staging/src/k8s.io/client-go/informers/policy/v1beta1/BUILD b/staging/src/k8s.io/client-go/informers/policy/v1beta1/BUILD
index 39a7a9d34d9..547a0a397c3 100644
--- a/staging/src/k8s.io/client-go/informers/policy/v1beta1/BUILD
+++ b/staging/src/k8s.io/client-go/informers/policy/v1beta1/BUILD
@@ -10,6 +10,7 @@ go_library(
srcs = [
"interface.go",
"poddisruptionbudget.go",
+ "podsecuritypolicy.go",
],
importpath = "k8s.io/client-go/informers/policy/v1beta1",
deps = [
diff --git a/staging/src/k8s.io/client-go/informers/policy/v1beta1/interface.go b/staging/src/k8s.io/client-go/informers/policy/v1beta1/interface.go
index e59a4aa9cd0..ba331c462bd 100644
--- a/staging/src/k8s.io/client-go/informers/policy/v1beta1/interface.go
+++ b/staging/src/k8s.io/client-go/informers/policy/v1beta1/interface.go
@@ -26,6 +26,8 @@ import (
type Interface interface {
// PodDisruptionBudgets returns a PodDisruptionBudgetInformer.
PodDisruptionBudgets() PodDisruptionBudgetInformer
+ // PodSecurityPolicies returns a PodSecurityPolicyInformer.
+ PodSecurityPolicies() PodSecurityPolicyInformer
}
type version struct {
@@ -43,3 +45,8 @@ func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakList
func (v *version) PodDisruptionBudgets() PodDisruptionBudgetInformer {
return &podDisruptionBudgetInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions}
}
+
+// PodSecurityPolicies returns a PodSecurityPolicyInformer.
+func (v *version) PodSecurityPolicies() PodSecurityPolicyInformer {
+ return &podSecurityPolicyInformer{factory: v.factory, tweakListOptions: v.tweakListOptions}
+}
diff --git a/staging/src/k8s.io/client-go/informers/policy/v1beta1/podsecuritypolicy.go b/staging/src/k8s.io/client-go/informers/policy/v1beta1/podsecuritypolicy.go
new file mode 100644
index 00000000000..96e210c415f
--- /dev/null
+++ b/staging/src/k8s.io/client-go/informers/policy/v1beta1/podsecuritypolicy.go
@@ -0,0 +1,88 @@
+/*
+Copyright 2018 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// This file was automatically generated by informer-gen
+
+package v1beta1
+
+import (
+ time "time"
+
+ policy_v1beta1 "k8s.io/api/policy/v1beta1"
+ v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+ runtime "k8s.io/apimachinery/pkg/runtime"
+ watch "k8s.io/apimachinery/pkg/watch"
+ internalinterfaces "k8s.io/client-go/informers/internalinterfaces"
+ kubernetes "k8s.io/client-go/kubernetes"
+ v1beta1 "k8s.io/client-go/listers/policy/v1beta1"
+ cache "k8s.io/client-go/tools/cache"
+)
+
+// PodSecurityPolicyInformer provides access to a shared informer and lister for
+// PodSecurityPolicies.
+type PodSecurityPolicyInformer interface {
+ Informer() cache.SharedIndexInformer
+ Lister() v1beta1.PodSecurityPolicyLister
+}
+
+type podSecurityPolicyInformer struct {
+ factory internalinterfaces.SharedInformerFactory
+ tweakListOptions internalinterfaces.TweakListOptionsFunc
+}
+
+// NewPodSecurityPolicyInformer constructs a new informer for PodSecurityPolicy type.
+// Always prefer using an informer factory to get a shared informer instead of getting an independent
+// one. This reduces memory footprint and number of connections to the server.
+func NewPodSecurityPolicyInformer(client kubernetes.Interface, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer {
+ return NewFilteredPodSecurityPolicyInformer(client, resyncPeriod, indexers, nil)
+}
+
+// NewFilteredPodSecurityPolicyInformer constructs a new informer for PodSecurityPolicy type.
+// Always prefer using an informer factory to get a shared informer instead of getting an independent
+// one. This reduces memory footprint and number of connections to the server.
+func NewFilteredPodSecurityPolicyInformer(client kubernetes.Interface, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer {
+ return cache.NewSharedIndexInformer(
+ &cache.ListWatch{
+ ListFunc: func(options v1.ListOptions) (runtime.Object, error) {
+ if tweakListOptions != nil {
+ tweakListOptions(&options)
+ }
+ return client.PolicyV1beta1().PodSecurityPolicies().List(options)
+ },
+ WatchFunc: func(options v1.ListOptions) (watch.Interface, error) {
+ if tweakListOptions != nil {
+ tweakListOptions(&options)
+ }
+ return client.PolicyV1beta1().PodSecurityPolicies().Watch(options)
+ },
+ },
+ &policy_v1beta1.PodSecurityPolicy{},
+ resyncPeriod,
+ indexers,
+ )
+}
+
+func (f *podSecurityPolicyInformer) defaultInformer(client kubernetes.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer {
+ return NewFilteredPodSecurityPolicyInformer(client, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions)
+}
+
+func (f *podSecurityPolicyInformer) Informer() cache.SharedIndexInformer {
+ return f.factory.InformerFor(&policy_v1beta1.PodSecurityPolicy{}, f.defaultInformer)
+}
+
+func (f *podSecurityPolicyInformer) Lister() v1beta1.PodSecurityPolicyLister {
+ return v1beta1.NewPodSecurityPolicyLister(f.Informer().GetIndexer())
+}
diff --git a/staging/src/k8s.io/client-go/kubernetes/typed/policy/v1beta1/BUILD b/staging/src/k8s.io/client-go/kubernetes/typed/policy/v1beta1/BUILD
index 2abeb549d21..92606b3c459 100644
--- a/staging/src/k8s.io/client-go/kubernetes/typed/policy/v1beta1/BUILD
+++ b/staging/src/k8s.io/client-go/kubernetes/typed/policy/v1beta1/BUILD
@@ -13,6 +13,7 @@ go_library(
"eviction_expansion.go",
"generated_expansion.go",
"poddisruptionbudget.go",
+ "podsecuritypolicy.go",
"policy_client.go",
],
importpath = "k8s.io/client-go/kubernetes/typed/policy/v1beta1",
diff --git a/staging/src/k8s.io/client-go/kubernetes/typed/policy/v1beta1/fake/BUILD b/staging/src/k8s.io/client-go/kubernetes/typed/policy/v1beta1/fake/BUILD
index 5fc7afdc9f8..9b6941ce9a2 100644
--- a/staging/src/k8s.io/client-go/kubernetes/typed/policy/v1beta1/fake/BUILD
+++ b/staging/src/k8s.io/client-go/kubernetes/typed/policy/v1beta1/fake/BUILD
@@ -12,6 +12,7 @@ go_library(
"fake_eviction.go",
"fake_eviction_expansion.go",
"fake_poddisruptionbudget.go",
+ "fake_podsecuritypolicy.go",
"fake_policy_client.go",
],
importpath = "k8s.io/client-go/kubernetes/typed/policy/v1beta1/fake",
diff --git a/staging/src/k8s.io/client-go/kubernetes/typed/policy/v1beta1/fake/fake_podsecuritypolicy.go b/staging/src/k8s.io/client-go/kubernetes/typed/policy/v1beta1/fake/fake_podsecuritypolicy.go
new file mode 100644
index 00000000000..fb630c15cfe
--- /dev/null
+++ b/staging/src/k8s.io/client-go/kubernetes/typed/policy/v1beta1/fake/fake_podsecuritypolicy.go
@@ -0,0 +1,118 @@
+/*
+Copyright 2018 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package fake
+
+import (
+ v1beta1 "k8s.io/api/policy/v1beta1"
+ v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+ labels "k8s.io/apimachinery/pkg/labels"
+ schema "k8s.io/apimachinery/pkg/runtime/schema"
+ types "k8s.io/apimachinery/pkg/types"
+ watch "k8s.io/apimachinery/pkg/watch"
+ testing "k8s.io/client-go/testing"
+)
+
+// FakePodSecurityPolicies implements PodSecurityPolicyInterface
+type FakePodSecurityPolicies struct {
+ Fake *FakePolicyV1beta1
+}
+
+var podsecuritypoliciesResource = schema.GroupVersionResource{Group: "policy", Version: "v1beta1", Resource: "podsecuritypolicies"}
+
+var podsecuritypoliciesKind = schema.GroupVersionKind{Group: "policy", Version: "v1beta1", Kind: "PodSecurityPolicy"}
+
+// Get takes name of the podSecurityPolicy, and returns the corresponding podSecurityPolicy object, and an error if there is any.
+func (c *FakePodSecurityPolicies) Get(name string, options v1.GetOptions) (result *v1beta1.PodSecurityPolicy, err error) {
+ obj, err := c.Fake.
+ Invokes(testing.NewRootGetAction(podsecuritypoliciesResource, name), &v1beta1.PodSecurityPolicy{})
+ if obj == nil {
+ return nil, err
+ }
+ return obj.(*v1beta1.PodSecurityPolicy), err
+}
+
+// List takes label and field selectors, and returns the list of PodSecurityPolicies that match those selectors.
+func (c *FakePodSecurityPolicies) List(opts v1.ListOptions) (result *v1beta1.PodSecurityPolicyList, err error) {
+ obj, err := c.Fake.
+ Invokes(testing.NewRootListAction(podsecuritypoliciesResource, podsecuritypoliciesKind, opts), &v1beta1.PodSecurityPolicyList{})
+ if obj == nil {
+ return nil, err
+ }
+
+ label, _, _ := testing.ExtractFromListOptions(opts)
+ if label == nil {
+ label = labels.Everything()
+ }
+ list := &v1beta1.PodSecurityPolicyList{}
+ for _, item := range obj.(*v1beta1.PodSecurityPolicyList).Items {
+ if label.Matches(labels.Set(item.Labels)) {
+ list.Items = append(list.Items, item)
+ }
+ }
+ return list, err
+}
+
+// Watch returns a watch.Interface that watches the requested podSecurityPolicies.
+func (c *FakePodSecurityPolicies) Watch(opts v1.ListOptions) (watch.Interface, error) {
+ return c.Fake.
+ InvokesWatch(testing.NewRootWatchAction(podsecuritypoliciesResource, opts))
+}
+
+// Create takes the representation of a podSecurityPolicy and creates it. Returns the server's representation of the podSecurityPolicy, and an error, if there is any.
+func (c *FakePodSecurityPolicies) Create(podSecurityPolicy *v1beta1.PodSecurityPolicy) (result *v1beta1.PodSecurityPolicy, err error) {
+ obj, err := c.Fake.
+ Invokes(testing.NewRootCreateAction(podsecuritypoliciesResource, podSecurityPolicy), &v1beta1.PodSecurityPolicy{})
+ if obj == nil {
+ return nil, err
+ }
+ return obj.(*v1beta1.PodSecurityPolicy), err
+}
+
+// Update takes the representation of a podSecurityPolicy and updates it. Returns the server's representation of the podSecurityPolicy, and an error, if there is any.
+func (c *FakePodSecurityPolicies) Update(podSecurityPolicy *v1beta1.PodSecurityPolicy) (result *v1beta1.PodSecurityPolicy, err error) {
+ obj, err := c.Fake.
+ Invokes(testing.NewRootUpdateAction(podsecuritypoliciesResource, podSecurityPolicy), &v1beta1.PodSecurityPolicy{})
+ if obj == nil {
+ return nil, err
+ }
+ return obj.(*v1beta1.PodSecurityPolicy), err
+}
+
+// Delete takes name of the podSecurityPolicy and deletes it. Returns an error if one occurs.
+func (c *FakePodSecurityPolicies) Delete(name string, options *v1.DeleteOptions) error {
+ _, err := c.Fake.
+ Invokes(testing.NewRootDeleteAction(podsecuritypoliciesResource, name), &v1beta1.PodSecurityPolicy{})
+ return err
+}
+
+// DeleteCollection deletes a collection of objects.
+func (c *FakePodSecurityPolicies) DeleteCollection(options *v1.DeleteOptions, listOptions v1.ListOptions) error {
+ action := testing.NewRootDeleteCollectionAction(podsecuritypoliciesResource, listOptions)
+
+ _, err := c.Fake.Invokes(action, &v1beta1.PodSecurityPolicyList{})
+ return err
+}
+
+// Patch applies the patch and returns the patched podSecurityPolicy.
+func (c *FakePodSecurityPolicies) Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *v1beta1.PodSecurityPolicy, err error) {
+ obj, err := c.Fake.
+ Invokes(testing.NewRootPatchSubresourceAction(podsecuritypoliciesResource, name, data, subresources...), &v1beta1.PodSecurityPolicy{})
+ if obj == nil {
+ return nil, err
+ }
+ return obj.(*v1beta1.PodSecurityPolicy), err
+}
diff --git a/staging/src/k8s.io/client-go/kubernetes/typed/policy/v1beta1/fake/fake_policy_client.go b/staging/src/k8s.io/client-go/kubernetes/typed/policy/v1beta1/fake/fake_policy_client.go
index f0f1c6a1fd5..ba3082c73f3 100644
--- a/staging/src/k8s.io/client-go/kubernetes/typed/policy/v1beta1/fake/fake_policy_client.go
+++ b/staging/src/k8s.io/client-go/kubernetes/typed/policy/v1beta1/fake/fake_policy_client.go
@@ -34,6 +34,10 @@ func (c *FakePolicyV1beta1) PodDisruptionBudgets(namespace string) v1beta1.PodDi
return &FakePodDisruptionBudgets{c, namespace}
}
+func (c *FakePolicyV1beta1) PodSecurityPolicies() v1beta1.PodSecurityPolicyInterface {
+ return &FakePodSecurityPolicies{c}
+}
+
// RESTClient returns a RESTClient that is used to communicate
// with API server by this client implementation.
func (c *FakePolicyV1beta1) RESTClient() rest.Interface {
diff --git a/staging/src/k8s.io/client-go/kubernetes/typed/policy/v1beta1/generated_expansion.go b/staging/src/k8s.io/client-go/kubernetes/typed/policy/v1beta1/generated_expansion.go
index a119239ca9c..113ebd32c47 100644
--- a/staging/src/k8s.io/client-go/kubernetes/typed/policy/v1beta1/generated_expansion.go
+++ b/staging/src/k8s.io/client-go/kubernetes/typed/policy/v1beta1/generated_expansion.go
@@ -17,3 +17,5 @@ limitations under the License.
package v1beta1
type PodDisruptionBudgetExpansion interface{}
+
+type PodSecurityPolicyExpansion interface{}
diff --git a/staging/src/k8s.io/client-go/kubernetes/typed/policy/v1beta1/podsecuritypolicy.go b/staging/src/k8s.io/client-go/kubernetes/typed/policy/v1beta1/podsecuritypolicy.go
new file mode 100644
index 00000000000..03396a65623
--- /dev/null
+++ b/staging/src/k8s.io/client-go/kubernetes/typed/policy/v1beta1/podsecuritypolicy.go
@@ -0,0 +1,145 @@
+/*
+Copyright 2018 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1beta1
+
+import (
+ v1beta1 "k8s.io/api/policy/v1beta1"
+ v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+ types "k8s.io/apimachinery/pkg/types"
+ watch "k8s.io/apimachinery/pkg/watch"
+ scheme "k8s.io/client-go/kubernetes/scheme"
+ rest "k8s.io/client-go/rest"
+)
+
+// PodSecurityPoliciesGetter has a method to return a PodSecurityPolicyInterface.
+// A group's client should implement this interface.
+type PodSecurityPoliciesGetter interface {
+ PodSecurityPolicies() PodSecurityPolicyInterface
+}
+
+// PodSecurityPolicyInterface has methods to work with PodSecurityPolicy resources.
+type PodSecurityPolicyInterface interface {
+ Create(*v1beta1.PodSecurityPolicy) (*v1beta1.PodSecurityPolicy, error)
+ Update(*v1beta1.PodSecurityPolicy) (*v1beta1.PodSecurityPolicy, error)
+ Delete(name string, options *v1.DeleteOptions) error
+ DeleteCollection(options *v1.DeleteOptions, listOptions v1.ListOptions) error
+ Get(name string, options v1.GetOptions) (*v1beta1.PodSecurityPolicy, error)
+ List(opts v1.ListOptions) (*v1beta1.PodSecurityPolicyList, error)
+ Watch(opts v1.ListOptions) (watch.Interface, error)
+ Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *v1beta1.PodSecurityPolicy, err error)
+ PodSecurityPolicyExpansion
+}
+
+// podSecurityPolicies implements PodSecurityPolicyInterface
+type podSecurityPolicies struct {
+ client rest.Interface
+}
+
+// newPodSecurityPolicies returns a PodSecurityPolicies
+func newPodSecurityPolicies(c *PolicyV1beta1Client) *podSecurityPolicies {
+ return &podSecurityPolicies{
+ client: c.RESTClient(),
+ }
+}
+
+// Get takes name of the podSecurityPolicy, and returns the corresponding podSecurityPolicy object, and an error if there is any.
+func (c *podSecurityPolicies) Get(name string, options v1.GetOptions) (result *v1beta1.PodSecurityPolicy, err error) {
+ result = &v1beta1.PodSecurityPolicy{}
+ err = c.client.Get().
+ Resource("podsecuritypolicies").
+ Name(name).
+ VersionedParams(&options, scheme.ParameterCodec).
+ Do().
+ Into(result)
+ return
+}
+
+// List takes label and field selectors, and returns the list of PodSecurityPolicies that match those selectors.
+func (c *podSecurityPolicies) List(opts v1.ListOptions) (result *v1beta1.PodSecurityPolicyList, err error) {
+ result = &v1beta1.PodSecurityPolicyList{}
+ err = c.client.Get().
+ Resource("podsecuritypolicies").
+ VersionedParams(&opts, scheme.ParameterCodec).
+ Do().
+ Into(result)
+ return
+}
+
+// Watch returns a watch.Interface that watches the requested podSecurityPolicies.
+func (c *podSecurityPolicies) Watch(opts v1.ListOptions) (watch.Interface, error) {
+ opts.Watch = true
+ return c.client.Get().
+ Resource("podsecuritypolicies").
+ VersionedParams(&opts, scheme.ParameterCodec).
+ Watch()
+}
+
+// Create takes the representation of a podSecurityPolicy and creates it. Returns the server's representation of the podSecurityPolicy, and an error, if there is any.
+func (c *podSecurityPolicies) Create(podSecurityPolicy *v1beta1.PodSecurityPolicy) (result *v1beta1.PodSecurityPolicy, err error) {
+ result = &v1beta1.PodSecurityPolicy{}
+ err = c.client.Post().
+ Resource("podsecuritypolicies").
+ Body(podSecurityPolicy).
+ Do().
+ Into(result)
+ return
+}
+
+// Update takes the representation of a podSecurityPolicy and updates it. Returns the server's representation of the podSecurityPolicy, and an error, if there is any.
+func (c *podSecurityPolicies) Update(podSecurityPolicy *v1beta1.PodSecurityPolicy) (result *v1beta1.PodSecurityPolicy, err error) {
+ result = &v1beta1.PodSecurityPolicy{}
+ err = c.client.Put().
+ Resource("podsecuritypolicies").
+ Name(podSecurityPolicy.Name).
+ Body(podSecurityPolicy).
+ Do().
+ Into(result)
+ return
+}
+
+// Delete takes name of the podSecurityPolicy and deletes it. Returns an error if one occurs.
+func (c *podSecurityPolicies) Delete(name string, options *v1.DeleteOptions) error {
+ return c.client.Delete().
+ Resource("podsecuritypolicies").
+ Name(name).
+ Body(options).
+ Do().
+ Error()
+}
+
+// DeleteCollection deletes a collection of objects.
+func (c *podSecurityPolicies) DeleteCollection(options *v1.DeleteOptions, listOptions v1.ListOptions) error {
+ return c.client.Delete().
+ Resource("podsecuritypolicies").
+ VersionedParams(&listOptions, scheme.ParameterCodec).
+ Body(options).
+ Do().
+ Error()
+}
+
+// Patch applies the patch and returns the patched podSecurityPolicy.
+func (c *podSecurityPolicies) Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *v1beta1.PodSecurityPolicy, err error) {
+ result = &v1beta1.PodSecurityPolicy{}
+ err = c.client.Patch(pt).
+ Resource("podsecuritypolicies").
+ SubResource(subresources...).
+ Name(name).
+ Body(data).
+ Do().
+ Into(result)
+ return
+}
diff --git a/staging/src/k8s.io/client-go/kubernetes/typed/policy/v1beta1/policy_client.go b/staging/src/k8s.io/client-go/kubernetes/typed/policy/v1beta1/policy_client.go
index f9020d0b734..6d1986f9873 100644
--- a/staging/src/k8s.io/client-go/kubernetes/typed/policy/v1beta1/policy_client.go
+++ b/staging/src/k8s.io/client-go/kubernetes/typed/policy/v1beta1/policy_client.go
@@ -27,6 +27,7 @@ type PolicyV1beta1Interface interface {
RESTClient() rest.Interface
EvictionsGetter
PodDisruptionBudgetsGetter
+ PodSecurityPoliciesGetter
}
// PolicyV1beta1Client is used to interact with features provided by the policy group.
@@ -42,6 +43,10 @@ func (c *PolicyV1beta1Client) PodDisruptionBudgets(namespace string) PodDisrupti
return newPodDisruptionBudgets(c, namespace)
}
+func (c *PolicyV1beta1Client) PodSecurityPolicies() PodSecurityPolicyInterface {
+ return newPodSecurityPolicies(c)
+}
+
// NewForConfig creates a new PolicyV1beta1Client for the given config.
func NewForConfig(c *rest.Config) (*PolicyV1beta1Client, error) {
config := *c
diff --git a/staging/src/k8s.io/client-go/listers/policy/v1beta1/BUILD b/staging/src/k8s.io/client-go/listers/policy/v1beta1/BUILD
index c678177ae40..2c5f33df468 100644
--- a/staging/src/k8s.io/client-go/listers/policy/v1beta1/BUILD
+++ b/staging/src/k8s.io/client-go/listers/policy/v1beta1/BUILD
@@ -12,6 +12,7 @@ go_library(
"expansion_generated.go",
"poddisruptionbudget.go",
"poddisruptionbudget_expansion.go",
+ "podsecuritypolicy.go",
],
importpath = "k8s.io/client-go/listers/policy/v1beta1",
deps = [
diff --git a/staging/src/k8s.io/client-go/listers/policy/v1beta1/expansion_generated.go b/staging/src/k8s.io/client-go/listers/policy/v1beta1/expansion_generated.go
index 090199adeb2..37070a6c80f 100644
--- a/staging/src/k8s.io/client-go/listers/policy/v1beta1/expansion_generated.go
+++ b/staging/src/k8s.io/client-go/listers/policy/v1beta1/expansion_generated.go
@@ -25,3 +25,7 @@ type EvictionListerExpansion interface{}
// EvictionNamespaceListerExpansion allows custom methods to be added to
// EvictionNamespaceLister.
type EvictionNamespaceListerExpansion interface{}
+
+// PodSecurityPolicyListerExpansion allows custom methods to be added to
+// PodSecurityPolicyLister.
+type PodSecurityPolicyListerExpansion interface{}
diff --git a/staging/src/k8s.io/client-go/listers/policy/v1beta1/podsecuritypolicy.go b/staging/src/k8s.io/client-go/listers/policy/v1beta1/podsecuritypolicy.go
new file mode 100644
index 00000000000..3ba4a439cd2
--- /dev/null
+++ b/staging/src/k8s.io/client-go/listers/policy/v1beta1/podsecuritypolicy.go
@@ -0,0 +1,65 @@
+/*
+Copyright 2018 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// This file was automatically generated by lister-gen
+
+package v1beta1
+
+import (
+ v1beta1 "k8s.io/api/policy/v1beta1"
+ "k8s.io/apimachinery/pkg/api/errors"
+ "k8s.io/apimachinery/pkg/labels"
+ "k8s.io/client-go/tools/cache"
+)
+
+// PodSecurityPolicyLister helps list PodSecurityPolicies.
+type PodSecurityPolicyLister interface {
+ // List lists all PodSecurityPolicies in the indexer.
+ List(selector labels.Selector) (ret []*v1beta1.PodSecurityPolicy, err error)
+ // Get retrieves the PodSecurityPolicy from the index for a given name.
+ Get(name string) (*v1beta1.PodSecurityPolicy, error)
+ PodSecurityPolicyListerExpansion
+}
+
+// podSecurityPolicyLister implements the PodSecurityPolicyLister interface.
+type podSecurityPolicyLister struct {
+ indexer cache.Indexer
+}
+
+// NewPodSecurityPolicyLister returns a new PodSecurityPolicyLister.
+func NewPodSecurityPolicyLister(indexer cache.Indexer) PodSecurityPolicyLister {
+ return &podSecurityPolicyLister{indexer: indexer}
+}
+
+// List lists all PodSecurityPolicies in the indexer.
+func (s *podSecurityPolicyLister) List(selector labels.Selector) (ret []*v1beta1.PodSecurityPolicy, err error) {
+ err = cache.ListAll(s.indexer, selector, func(m interface{}) {
+ ret = append(ret, m.(*v1beta1.PodSecurityPolicy))
+ })
+ return ret, err
+}
+
+// Get retrieves the PodSecurityPolicy from the index for a given name.
+func (s *podSecurityPolicyLister) Get(name string) (*v1beta1.PodSecurityPolicy, error) {
+ obj, exists, err := s.indexer.GetByKey(name)
+ if err != nil {
+ return nil, err
+ }
+ if !exists {
+ return nil, errors.NewNotFound(v1beta1.Resource("podsecuritypolicy"), name)
+ }
+ return obj.(*v1beta1.PodSecurityPolicy), nil
+}