forked from hswaw/hscloud
Serge Bazanski
c6118649ab
This turns admitomatic into a self-standing service that can be used as an admission controller. I've tested this E2E on a local k3s server, and have some early test code for that - but that'll land up in a follow up CR, as it first needs to be cleaned up. Change-Id: I46da0fc49f9d1a3a1a96700a36deb82e5057249b
37 lines
1.2 KiB
Protocol Buffer
37 lines
1.2 KiB
Protocol Buffer
syntax = "proto3";
|
|
package config;
|
|
option go_package = "code.hackerspace.pl/hscloud/cluster/admitomatic/config";
|
|
|
|
// Admitomatic configuration, passed as a text proto, for
|
|
// example:
|
|
//
|
|
// $ cat sample.pb.text
|
|
// allow_domain { namespace: "example" dns: "*.example.com" }
|
|
// allow_domain {
|
|
// namespace: "personal-q3k" dns: "foo.q3k.org"
|
|
// }
|
|
// allow_domain {
|
|
// namespace: "personal-q3k" dns: "bar.q3k.org"
|
|
// }
|
|
//
|
|
message Config {
|
|
// List of domains that are allowed to be configured as
|
|
// ingresses in a given namespace. If a domain does not
|
|
// appear in this list, it will be allowed to run in any
|
|
// namespace.
|
|
repeated AllowDomain allow_domain = 1;
|
|
}
|
|
|
|
message AllowDomain {
|
|
// namespace is a kubernetes namespace. An empty string is
|
|
// treated as the 'default' namespace.
|
|
string namespace = 1;
|
|
// dns is a domain name like 'example.com' or a wildcard
|
|
// like '*.foo.example.com'.
|
|
// Wildcards match domains at any level beneath the root,
|
|
// so the example above would match 'bar.foo.example.com'
|
|
// and 'baz.bar.foo.example.com'. However, they do not
|
|
// catch the root itself, ie. the above would not catch
|
|
// 'foo.example.com'.
|
|
string dns = 2;
|
|
}
|