github.com/aclisp/heapster@v0.19.2-0.20160613100040-51756f899a96/Godeps/_workspace/src/k8s.io/kubernetes/pkg/api/v1/generated.proto

/*
Copyright 2016 The Kubernetes Authors All rights reserved.

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

    http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/


// This file was autogenerated by go-to-protobuf. Do not edit it manually!

syntax = 'proto2';

package k8s.io.kubernetes.pkg.api.v1;

import "k8s.io/kubernetes/pkg/api/resource/generated.proto";
import "k8s.io/kubernetes/pkg/api/unversioned/generated.proto";
import "k8s.io/kubernetes/pkg/runtime/generated.proto";
import "k8s.io/kubernetes/pkg/util/intstr/generated.proto";

// Package-wide variables from generator "generated".
option go_package = "v1";

// Represents a Persistent Disk resource in AWS.
// 
// An AWS EBS disk must exist before mounting to a container. The disk
// must also be in the same AWS zone as the kubelet. An AWS EBS disk
// can only be mounted as read/write once. AWS EBS volumes support
// ownership management and SELinux relabeling.
message AWSElasticBlockStoreVolumeSource {
  // Unique ID of the persistent disk resource in AWS (Amazon EBS volume).
  // More info: http://releases.k8s.io/HEAD/docs/user-guide/volumes.md#awselasticblockstore
  optional string volumeID = 1;

  // Filesystem type of the volume that you want to mount.
  // Tip: Ensure that the filesystem type is supported by the host operating system.
  // Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
  // More info: http://releases.k8s.io/HEAD/docs/user-guide/volumes.md#awselasticblockstore
  // TODO: how do we prevent errors in the filesystem from compromising the machine
  optional string fsType = 2;

  // The partition in the volume that you want to mount.
  // If omitted, the default is to mount by volume name.
  // Examples: For volume /dev/sda1, you specify the partition as "1".
  // Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty).
  optional int32 partition = 3;

  // Specify "true" to force and set the ReadOnly property in VolumeMounts to "true".
  // If omitted, the default is "false".
  // More info: http://releases.k8s.io/HEAD/docs/user-guide/volumes.md#awselasticblockstore
  optional bool readOnly = 4;
}

// Affinity is a group of affinity scheduling rules.
message Affinity {
  // Describes node affinity scheduling rules for the pod.
  optional NodeAffinity nodeAffinity = 1;

  // Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).
  optional PodAffinity podAffinity = 2;

  // Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).
  optional PodAntiAffinity podAntiAffinity = 3;
}

// AzureFile represents an Azure File Service mount on the host and bind mount to the pod.
message AzureFileVolumeSource {
  // the name of secret that contains Azure Storage Account Name and Key
  optional string secretName = 1;

  // Share Name
  optional string shareName = 2;

  // Defaults to false (read/write). ReadOnly here will force
  // the ReadOnly setting in VolumeMounts.
  optional bool readOnly = 3;
}

// Binding ties one object to another.
// For example, a pod is bound to a node by a scheduler.
message Binding {
  // Standard object's metadata.
  // More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#metadata
  optional ObjectMeta metadata = 1;

  // The target object that you want to bind to the standard object.
  optional ObjectReference target = 2;
}

// Adds and removes POSIX capabilities from running containers.
message Capabilities {
  // Added capabilities
  repeated string add = 1;

  // Removed capabilities
  repeated string drop = 2;
}

// Represents a Ceph Filesystem mount that lasts the lifetime of a pod
// Cephfs volumes do not support ownership management or SELinux relabeling.
message CephFSVolumeSource {
  // Required: Monitors is a collection of Ceph monitors
  // More info: http://releases.k8s.io/HEAD/examples/cephfs/README.md#how-to-use-it
  repeated string monitors = 1;

  // Optional: Used as the mounted root, rather than the full Ceph tree, default is /
  optional string path = 2;

  // Optional: User is the rados user name, default is admin
  // More info: http://releases.k8s.io/HEAD/examples/cephfs/README.md#how-to-use-it
  optional string user = 3;

  // Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret
  // More info: http://releases.k8s.io/HEAD/examples/cephfs/README.md#how-to-use-it
  optional string secretFile = 4;

  // Optional: SecretRef is reference to the authentication secret for User, default is empty.
  // More info: http://releases.k8s.io/HEAD/examples/cephfs/README.md#how-to-use-it
  optional LocalObjectReference secretRef = 5;

  // Optional: Defaults to false (read/write). ReadOnly here will force
  // the ReadOnly setting in VolumeMounts.
  // More info: http://releases.k8s.io/HEAD/examples/cephfs/README.md#how-to-use-it
  optional bool readOnly = 6;
}

// Represents a cinder volume resource in Openstack.
// A Cinder volume must exist before mounting to a container.
// The volume must also be in the same region as the kubelet.
// Cinder volumes support ownership management and SELinux relabeling.
message CinderVolumeSource {
  // volume id used to identify the volume in cinder
  // More info: http://releases.k8s.io/HEAD/examples/mysql-cinder-pd/README.md
  optional string volumeID = 1;

  // Filesystem type to mount.
  // Must be a filesystem type supported by the host operating system.
  // Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
  // More info: http://releases.k8s.io/HEAD/examples/mysql-cinder-pd/README.md
  optional string fsType = 2;

  // Optional: Defaults to false (read/write). ReadOnly here will force
  // the ReadOnly setting in VolumeMounts.
  // More info: http://releases.k8s.io/HEAD/examples/mysql-cinder-pd/README.md
  optional bool readOnly = 3;
}

// Information about the condition of a component.
message ComponentCondition {
  // Type of condition for a component.
  // Valid value: "Healthy"
  optional string type = 1;

  // Status of the condition for a component.
  // Valid values for "Healthy": "True", "False", or "Unknown".
  optional string status = 2;

  // Message about the condition for a component.
  // For example, information about a health check.
  optional string message = 3;

  // Condition error code for a component.
  // For example, a health check error code.
  optional string error = 4;
}

// ComponentStatus (and ComponentStatusList) holds the cluster validation info.
message ComponentStatus {
  // Standard object's metadata.
  // More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#metadata
  optional ObjectMeta metadata = 1;

  // List of component conditions observed
  repeated ComponentCondition conditions = 2;
}

// Status of all the conditions for the component as a list of ComponentStatus objects.
message ComponentStatusList {
  // Standard list metadata.
  // More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#types-kinds
  optional k8s.io.kubernetes.pkg.api.unversioned.ListMeta metadata = 1;

  // List of ComponentStatus objects.
  repeated ComponentStatus items = 2;
}

// ConfigMap holds configuration data for pods to consume.
message ConfigMap {
  // Standard object's metadata.
  // More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#metadata
  optional ObjectMeta metadata = 1;

  // Data contains the configuration data.
  // Each key must be a valid DNS_SUBDOMAIN with an optional leading dot.
  map<string, string> data = 2;
}

// Selects a key from a ConfigMap.
message ConfigMapKeySelector {
  // The ConfigMap to select from.
  optional LocalObjectReference localObjectReference = 1;

  // The key to select.
  optional string key = 2;
}

// ConfigMapList is a resource containing a list of ConfigMap objects.
message ConfigMapList {
  // More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#metadata
  optional k8s.io.kubernetes.pkg.api.unversioned.ListMeta metadata = 1;

  // Items is the list of ConfigMaps.
  repeated ConfigMap items = 2;
}

// Adapts a ConfigMap into a volume.
// 
// The contents of the target ConfigMap's Data field will be presented in a
// volume as files using the keys in the Data field as the file names, unless
// the items element is populated with specific mappings of keys to paths.
// ConfigMap volumes support ownership management and SELinux relabeling.
message ConfigMapVolumeSource {
  optional LocalObjectReference localObjectReference = 1;

  // If unspecified, each key-value pair in the Data field of the referenced
  // ConfigMap will be projected into the volume as a file whose name is the
  // key and content is the value. If specified, the listed keys will be
  // projected into the specified paths, and unlisted keys will not be
  // present. If a key is specified which is not present in the ConfigMap,
  // the volume setup will error. Paths must be relative and may not contain
  // the '..' path or start with '..'.
  repeated KeyToPath items = 2;
}

// A single application container that you want to run within a pod.
message Container {
  // Name of the container specified as a DNS_LABEL.
  // Each container in a pod must have a unique name (DNS_LABEL).
  // Cannot be updated.
  optional string name = 1;

  // Docker image name.
  // More info: http://releases.k8s.io/HEAD/docs/user-guide/images.md
  optional string image = 2;

  // Entrypoint array. Not executed within a shell.
  // The docker image's ENTRYPOINT is used if this is not provided.
  // Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
  // cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax
  // can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded,
  // regardless of whether the variable exists or not.
  // Cannot be updated.
  // More info: http://releases.k8s.io/HEAD/docs/user-guide/containers.md#containers-and-commands
  repeated string command = 3;

  // Arguments to the entrypoint.
  // The docker image's CMD is used if this is not provided.
  // Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
  // cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax
  // can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded,
  // regardless of whether the variable exists or not.
  // Cannot be updated.
  // More info: http://releases.k8s.io/HEAD/docs/user-guide/containers.md#containers-and-commands
  repeated string args = 4;

  // Container's working directory.
  // If not specified, the container runtime's default will be used, which
  // might be configured in the container image.
  // Cannot be updated.
  optional string workingDir = 5;

  // List of ports to expose from the container. Exposing a port here gives
  // the system additional information about the network connections a
  // container uses, but is primarily informational. Not specifying a port here
  // DOES NOT prevent that port from being exposed. Any port which is
  // listening on the default "0.0.0.0" address inside a container will be
  // accessible from the network.
  // Cannot be updated.
  repeated ContainerPort ports = 6;

  // List of environment variables to set in the container.
  // Cannot be updated.
  repeated EnvVar env = 7;

  // Compute Resources required by this container.
  // Cannot be updated.
  // More info: http://releases.k8s.io/HEAD/docs/user-guide/persistent-volumes.md#resources
  optional ResourceRequirements resources = 8;

  // Pod volumes to mount into the container's filesyste.
  // Cannot be updated.
  repeated VolumeMount volumeMounts = 9;

  // Periodic probe of container liveness.
  // Container will be restarted if the probe fails.
  // Cannot be updated.
  // More info: http://releases.k8s.io/HEAD/docs/user-guide/pod-states.md#container-probes
  optional Probe livenessProbe = 10;

  // Periodic probe of container service readiness.
  // Container will be removed from service endpoints if the probe fails.
  // Cannot be updated.
  // More info: http://releases.k8s.io/HEAD/docs/user-guide/pod-states.md#container-probes
  optional Probe readinessProbe = 11;

  // Actions that the management system should take in response to container lifecycle events.
  // Cannot be updated.
  optional Lifecycle lifecycle = 12;

  // Optional: Path at which the file to which the container's termination message
  // will be written is mounted into the container's filesystem.
  // Message written is intended to be brief final status, such as an assertion failure message.
  // Defaults to /dev/termination-log.
  // Cannot be updated.
  optional string terminationMessagePath = 13;

  // Image pull policy.
  // One of Always, Never, IfNotPresent.
  // Defaults to Always if :latest tag is specified, or IfNotPresent otherwise.
  // Cannot be updated.
  // More info: http://releases.k8s.io/HEAD/docs/user-guide/images.md#updating-images
  optional string imagePullPolicy = 14;

  // Security options the pod should run with.
  // More info: http://releases.k8s.io/HEAD/docs/design/security_context.md
  optional SecurityContext securityContext = 15;

  // Whether this container should allocate a buffer for stdin in the container runtime. If this
  // is not set, reads from stdin in the container will always result in EOF.
  // Default is false.
  optional bool stdin = 16;

  // Whether the container runtime should close the stdin channel after it has been opened by
  // a single attach. When stdin is true the stdin stream will remain open across multiple attach
  // sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the
  // first client attaches to stdin, and then remains open and accepts data until the client disconnects,
  // at which time stdin is closed and remains closed until the container is restarted. If this
  // flag is false, a container processes that reads from stdin will never receive an EOF.
  // Default is false
  optional bool stdinOnce = 17;

  // Whether this container should allocate a TTY for itself, also requires 'stdin' to be true.
  // Default is false.
  optional bool tty = 18;
}

// Describe a container image
message ContainerImage {
  // Names by which this image is known.
  // e.g. ["gcr.io/google_containers/hyperkube:v1.0.7", "dockerhub.io/google_containers/hyperkube:v1.0.7"]
  repeated string names = 1;

  // The size of the image in bytes.
  optional int64 sizeBytes = 2;
}

// ContainerPort represents a network port in a single container.
message ContainerPort {
  // If specified, this must be an IANA_SVC_NAME and unique within the pod. Each
  // named port in a pod must have a unique name. Name for the port that can be
  // referred to by services.
  optional string name = 1;

  // Number of port to expose on the host.
  // If specified, this must be a valid port number, 0 < x < 65536.
  // If HostNetwork is specified, this must match ContainerPort.
  // Most containers do not need this.
  optional int32 hostPort = 2;

  // Number of port to expose on the pod's IP address.
  // This must be a valid port number, 0 < x < 65536.
  optional int32 containerPort = 3;

  // Protocol for port. Must be UDP or TCP.
  // Defaults to "TCP".
  optional string protocol = 4;

  // What host IP to bind the external port to.
  optional string hostIP = 5;
}

// ContainerState holds a possible state of container.
// Only one of its members may be specified.
// If none of them is specified, the default one is ContainerStateWaiting.
message ContainerState {
  // Details about a waiting container
  optional ContainerStateWaiting waiting = 1;

  // Details about a running container
  optional ContainerStateRunning running = 2;

  // Details about a terminated container
  optional ContainerStateTerminated terminated = 3;
}

// ContainerStateRunning is a running state of a container.
message ContainerStateRunning {
  // Time at which the container was last (re-)started
  optional k8s.io.kubernetes.pkg.api.unversioned.Time startedAt = 1;
}

// ContainerStateTerminated is a terminated state of a container.
message ContainerStateTerminated {
  // Exit status from the last termination of the container
  optional int32 exitCode = 1;

  // Signal from the last termination of the container
  optional int32 signal = 2;

  // (brief) reason from the last termination of the container
  optional string reason = 3;

  // Message regarding the last termination of the container
  optional string message = 4;

  // Time at which previous execution of the container started
  optional k8s.io.kubernetes.pkg.api.unversioned.Time startedAt = 5;

  // Time at which the container last terminated
  optional k8s.io.kubernetes.pkg.api.unversioned.Time finishedAt = 6;

  // Container's ID in the format 'docker://<container_id>'
  optional string containerID = 7;
}

// ContainerStateWaiting is a waiting state of a container.
message ContainerStateWaiting {
  // (brief) reason the container is not yet running.
  optional string reason = 1;

  // Message regarding why the container is not yet running.
  optional string message = 2;
}

// ContainerStatus contains details for the current status of this container.
message ContainerStatus {
  // This must be a DNS_LABEL. Each container in a pod must have a unique name.
  // Cannot be updated.
  optional string name = 1;

  // Details about the container's current condition.
  optional ContainerState state = 2;

  // Details about the container's last termination condition.
  optional ContainerState lastState = 3;

  // Specifies whether the container has passed its readiness probe.
  optional bool ready = 4;

  // The number of times the container has been restarted, currently based on
  // the number of dead containers that have not yet been removed.
  // Note that this is calculated from dead containers. But those containers are subject to
  // garbage collection. This value will get capped at 5 by GC.
  optional int32 restartCount = 5;

  // The image the container is running.
  // More info: http://releases.k8s.io/HEAD/docs/user-guide/images.md
  // TODO(dchen1107): Which image the container is running with?
  optional string image = 6;

  // ImageID of the container's image.
  optional string imageID = 7;

  // Container's ID in the format 'docker://<container_id>'.
  // More info: http://releases.k8s.io/HEAD/docs/user-guide/container-environment.md#container-information
  optional string containerID = 8;
}

// DaemonEndpoint contains information about a single Daemon endpoint.
message DaemonEndpoint {
  // Port number of the given endpoint.
  optional int32 Port = 1;
}

// DeleteOptions may be provided when deleting an API object
message DeleteOptions {
  // The duration in seconds before the object should be deleted. Value must be non-negative integer.
  // The value zero indicates delete immediately. If this value is nil, the default grace period for the
  // specified type will be used.
  // Defaults to a per object value if not specified. zero means delete immediately.
  optional int64 gracePeriodSeconds = 1;

  // Must be fulfilled before a deletion is carried out. If not possible, a 409 Conflict status will be
  // returned.
  optional Preconditions preconditions = 2;

  // Should the dependent objects be orphaned. If true/false, the "orphan"
  // finalizer will be added to/removed from the object's finalizers list.
  optional bool orphanDependents = 3;
}

// DownwardAPIVolumeFile represents information to create the file containing the pod field
message DownwardAPIVolumeFile {
  // Required: Path is  the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'
  optional string path = 1;

  // Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.
  optional ObjectFieldSelector fieldRef = 2;
}

// DownwardAPIVolumeSource represents a volume containing downward API info.
// Downward API volumes support ownership management and SELinux relabeling.
message DownwardAPIVolumeSource {
  // Items is a list of downward API volume file
  repeated DownwardAPIVolumeFile items = 1;
}

// Represents an empty directory for a pod.
// Empty directory volumes support ownership management and SELinux relabeling.
message EmptyDirVolumeSource {
  // What type of storage medium should back this directory.
  // The default is "" which means to use the node's default medium.
  // Must be an empty string (default) or Memory.
  // More info: http://releases.k8s.io/HEAD/docs/user-guide/volumes.md#emptydir
  optional string medium = 1;
}

// EndpointAddress is a tuple that describes single IP address.
message EndpointAddress {
  // The IP of this endpoint.
  // May not be loopback (127.0.0.0/8), link-local (169.254.0.0/16),
  // or link-local multicast ((224.0.0.0/24).
  // IPv6 is also accepted but not fully supported on all platforms. Also, certain
  // kubernetes components, like kube-proxy, are not IPv6 ready.
  // TODO: This should allow hostname or IP, See #4447.
  optional string ip = 1;

  // The Hostname of this endpoint
  optional string hostname = 3;

  // Reference to object providing the endpoint.
  optional ObjectReference targetRef = 2;
}

// EndpointPort is a tuple that describes a single port.
message EndpointPort {
  // The name of this port (corresponds to ServicePort.Name).
  // Must be a DNS_LABEL.
  // Optional only if one port is defined.
  optional string name = 1;

  // The port number of the endpoint.
  optional int32 port = 2;

  // The IP protocol for this port.
  // Must be UDP or TCP.
  // Default is TCP.
  optional string protocol = 3;
}

// EndpointSubset is a group of addresses with a common set of ports. The
// expanded set of endpoints is the Cartesian product of Addresses x Ports.
// For example, given:
//   {
//     Addresses: [{"ip": "10.10.1.1"}, {"ip": "10.10.2.2"}],
//     Ports:     [{"name": "a", "port": 8675}, {"name": "b", "port": 309}]
//   }
// The resulting set of endpoints can be viewed as:
//     a: [ 10.10.1.1:8675, 10.10.2.2:8675 ],
//     b: [ 10.10.1.1:309, 10.10.2.2:309 ]
message EndpointSubset {
  // IP addresses which offer the related ports that are marked as ready. These endpoints
  // should be considered safe for load balancers and clients to utilize.
  repeated EndpointAddress addresses = 1;

  // IP addresses which offer the related ports but are not currently marked as ready
  // because they have not yet finished starting, have recently failed a readiness check,
  // or have recently failed a liveness check.
  repeated EndpointAddress notReadyAddresses = 2;

  // Port numbers available on the related IP addresses.
  repeated EndpointPort ports = 3;
}

// Endpoints is a collection of endpoints that implement the actual service. Example:
//   Name: "mysvc",
//   Subsets: [
//     {
//       Addresses: [{"ip": "10.10.1.1"}, {"ip": "10.10.2.2"}],
//       Ports: [{"name": "a", "port": 8675}, {"name": "b", "port": 309}]
//     },
//     {
//       Addresses: [{"ip": "10.10.3.3"}],
//       Ports: [{"name": "a", "port": 93}, {"name": "b", "port": 76}]
//     },
//  ]
message Endpoints {
  // Standard object's metadata.
  // More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#metadata
  optional ObjectMeta metadata = 1;

  // The set of all endpoints is the union of all subsets. Addresses are placed into
  // subsets according to the IPs they share. A single address with multiple ports,
  // some of which are ready and some of which are not (because they come from
  // different containers) will result in the address being displayed in different
  // subsets for the different ports. No address will appear in both Addresses and
  // NotReadyAddresses in the same subset.
  // Sets of addresses and ports that comprise a service.
  repeated EndpointSubset subsets = 2;
}

// EndpointsList is a list of endpoints.
message EndpointsList {
  // Standard list metadata.
  // More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#types-kinds
  optional k8s.io.kubernetes.pkg.api.unversioned.ListMeta metadata = 1;

  // List of endpoints.
  repeated Endpoints items = 2;
}

// EnvVar represents an environment variable present in a Container.
message EnvVar {
  // Name of the environment variable. Must be a C_IDENTIFIER.
  optional string name = 1;

  // Variable references $(VAR_NAME) are expanded
  // using the previous defined environment variables in the container and
  // any service environment variables. If a variable cannot be resolved,
  // the reference in the input string will be unchanged. The $(VAR_NAME)
  // syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped
  // references will never be expanded, regardless of whether the variable
  // exists or not.
  // Defaults to "".
  optional string value = 2;

  // Source for the environment variable's value. Cannot be used if value is not empty.
  optional EnvVarSource valueFrom = 3;
}

// EnvVarSource represents a source for the value of an EnvVar.
message EnvVarSource {
  // Selects a field of the pod; only name and namespace are supported.
  optional ObjectFieldSelector fieldRef = 1;

  // Selects a key of a ConfigMap.
  optional ConfigMapKeySelector configMapKeyRef = 2;

  // Selects a key of a secret in the pod's namespace
  optional SecretKeySelector secretKeyRef = 3;
}

// Event is a report of an event somewhere in the cluster.
// TODO: Decide whether to store these separately or with the object they apply to.
message Event {
  // Standard object's metadata.
  // More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#metadata
  optional ObjectMeta metadata = 1;

  // The object that this event is about.
  optional ObjectReference involvedObject = 2;

  // This should be a short, machine understandable string that gives the reason
  // for the transition into the object's current status.
  // TODO: provide exact specification for format.
  optional string reason = 3;

  // A human-readable description of the status of this operation.
  // TODO: decide on maximum length.
  optional string message = 4;

  // The component reporting this event. Should be a short machine understandable string.
  optional EventSource source = 5;

  // The time at which the event was first recorded. (Time of server receipt is in TypeMeta.)
  optional k8s.io.kubernetes.pkg.api.unversioned.Time firstTimestamp = 6;

  // The time at which the most recent occurrence of this event was recorded.
  optional k8s.io.kubernetes.pkg.api.unversioned.Time lastTimestamp = 7;

  // The number of times this event has occurred.
  optional int32 count = 8;

  // Type of this event (Normal, Warning), new types could be added in the future
  optional string type = 9;
}

// EventList is a list of events.
message EventList {
  // Standard list metadata.
  // More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#types-kinds
  optional k8s.io.kubernetes.pkg.api.unversioned.ListMeta metadata = 1;

  // List of events
  repeated Event items = 2;
}

// EventSource contains information for an event.
message EventSource {
  // Component from which the event is generated.
  optional string component = 1;

  // Host name on which the event is generated.
  optional string host = 2;
}

// ExecAction describes a "run in container" action.
message ExecAction {
  // Command is the command line to execute inside the container, the working directory for the
  // command  is root ('/') in the container's filesystem. The command is simply exec'd, it is
  // not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
  // a shell, you need to explicitly call out to that shell.
  // Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
  repeated string command = 1;
}

// ExportOptions is the query options to the standard REST get call.
message ExportOptions {
  // Should this value be exported.  Export strips fields that a user can not specify.
  optional bool export = 1;

  // Should the export be exact.  Exact export maintains cluster-specific fields like 'Namespace'
  optional bool exact = 2;
}

// Represents a Fibre Channel volume.
// Fibre Channel volumes can only be mounted as read/write once.
// Fibre Channel volumes support ownership management and SELinux relabeling.
message FCVolumeSource {
  // Required: FC target world wide names (WWNs)
  repeated string targetWWNs = 1;

  // Required: FC target lun number
  optional int32 lun = 2;

  // Filesystem type to mount.
  // Must be a filesystem type supported by the host operating system.
  // Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
  // TODO: how do we prevent errors in the filesystem from compromising the machine
  optional string fsType = 3;

  // Optional: Defaults to false (read/write). ReadOnly here will force
  // the ReadOnly setting in VolumeMounts.
  optional bool readOnly = 4;
}

// FlexVolume represents a generic volume resource that is
// provisioned/attached using a exec based plugin. This is an alpha feature and may change in future.
message FlexVolumeSource {
  // Driver is the name of the driver to use for this volume.
  optional string driver = 1;

  // Filesystem type to mount.
  // Must be a filesystem type supported by the host operating system.
  // Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script.
  optional string fsType = 2;

  // Optional: SecretRef is reference to the secret object containing
  // sensitive information to pass to the plugin scripts. This may be
  // empty if no secret object is specified. If the secret object
  // contains more than one secret, all secrets are passed to the plugin
  // scripts.
  optional LocalObjectReference secretRef = 3;

  // Optional: Defaults to false (read/write). ReadOnly here will force
  // the ReadOnly setting in VolumeMounts.
  optional bool readOnly = 4;

  // Optional: Extra command options if any.
  map<string, string> options = 5;
}

// Represents a Flocker volume mounted by the Flocker agent.
// Flocker volumes do not support ownership management or SELinux relabeling.
message FlockerVolumeSource {
  // Required: the volume name. This is going to be store on metadata -> name on the payload for Flocker
  optional string datasetName = 1;
}

// Represents a Persistent Disk resource in Google Compute Engine.
// 
// A GCE PD must exist before mounting to a container. The disk must
// also be in the same GCE project and zone as the kubelet. A GCE PD
// can only be mounted as read/write once or read-only many times. GCE
// PDs support ownership management and SELinux relabeling.
message GCEPersistentDiskVolumeSource {
  // Unique name of the PD resource in GCE. Used to identify the disk in GCE.
  // More info: http://releases.k8s.io/HEAD/docs/user-guide/volumes.md#gcepersistentdisk
  optional string pdName = 1;

  // Filesystem type of the volume that you want to mount.
  // Tip: Ensure that the filesystem type is supported by the host operating system.
  // Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
  // More info: http://releases.k8s.io/HEAD/docs/user-guide/volumes.md#gcepersistentdisk
  // TODO: how do we prevent errors in the filesystem from compromising the machine
  optional string fsType = 2;

  // The partition in the volume that you want to mount.
  // If omitted, the default is to mount by volume name.
  // Examples: For volume /dev/sda1, you specify the partition as "1".
  // Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty).
  // More info: http://releases.k8s.io/HEAD/docs/user-guide/volumes.md#gcepersistentdisk
  optional int32 partition = 3;

  // ReadOnly here will force the ReadOnly setting in VolumeMounts.
  // Defaults to false.
  // More info: http://releases.k8s.io/HEAD/docs/user-guide/volumes.md#gcepersistentdisk
  optional bool readOnly = 4;
}

// Represents a volume that is populated with the contents of a git repository.
// Git repo volumes do not support ownership management.
// Git repo volumes support SELinux relabeling.
message GitRepoVolumeSource {
  // Repository URL
  optional string repository = 1;

  // Commit hash for the specified revision.
  optional string revision = 2;

  // Target directory name.
  // Must not contain or start with '..'.  If '.' is supplied, the volume directory will be the
  // git repository.  Otherwise, if specified, the volume will contain the git repository in
  // the subdirectory with the given name.
  optional string directory = 3;
}

// Represents a Glusterfs mount that lasts the lifetime of a pod.
// Glusterfs volumes do not support ownership management or SELinux relabeling.
message GlusterfsVolumeSource {
  // EndpointsName is the endpoint name that details Glusterfs topology.
  // More info: http://releases.k8s.io/HEAD/examples/glusterfs/README.md#create-a-pod
  optional string endpoints = 1;

  // Path is the Glusterfs volume path.
  // More info: http://releases.k8s.io/HEAD/examples/glusterfs/README.md#create-a-pod
  optional string path = 2;

  // ReadOnly here will force the Glusterfs volume to be mounted with read-only permissions.
  // Defaults to false.
  // More info: http://releases.k8s.io/HEAD/examples/glusterfs/README.md#create-a-pod
  optional bool readOnly = 3;
}

// HTTPGetAction describes an action based on HTTP Get requests.
message HTTPGetAction {
  // Path to access on the HTTP server.
  optional string path = 1;

  // Name or number of the port to access on the container.
  // Number must be in the range 1 to 65535.
  // Name must be an IANA_SVC_NAME.
  optional k8s.io.kubernetes.pkg.util.intstr.IntOrString port = 2;

  // Host name to connect to, defaults to the pod IP. You probably want to set
  // "Host" in httpHeaders instead.
  optional string host = 3;

  // Scheme to use for connecting to the host.
  // Defaults to HTTP.
  optional string scheme = 4;

  // Custom headers to set in the request. HTTP allows repeated headers.
  repeated HTTPHeader httpHeaders = 5;
}

// HTTPHeader describes a custom header to be used in HTTP probes
message HTTPHeader {
  // The header field name
  optional string name = 1;

  // The header field value
  optional string value = 2;
}

// Handler defines a specific action that should be taken
// TODO: pass structured data to these actions, and document that data here.
message Handler {
  // One and only one of the following should be specified.
  // Exec specifies the action to take.
  optional ExecAction exec = 1;

  // HTTPGet specifies the http request to perform.
  optional HTTPGetAction httpGet = 2;

  // TCPSocket specifies an action involving a TCP port.
  // TCP hooks not yet supported
  // TODO: implement a realistic TCP lifecycle hook
  optional TCPSocketAction tcpSocket = 3;
}

// Represents a host path mapped into a pod.
// Host path volumes do not support ownership management or SELinux relabeling.
message HostPathVolumeSource {
  // Path of the directory on the host.
  // More info: http://releases.k8s.io/HEAD/docs/user-guide/volumes.md#hostpath
  optional string path = 1;
}

// Represents an ISCSI disk.
// ISCSI volumes can only be mounted as read/write once.
// ISCSI volumes support ownership management and SELinux relabeling.
message ISCSIVolumeSource {
  // iSCSI target portal. The portal is either an IP or ip_addr:port if the port
  // is other than default (typically TCP ports 860 and 3260).
  optional string targetPortal = 1;

  // Target iSCSI Qualified Name.
  optional string iqn = 2;

  // iSCSI target lun number.
  optional int32 lun = 3;

  // Optional: Defaults to 'default' (tcp). iSCSI interface name that uses an iSCSI transport.
  optional string iscsiInterface = 4;

  // Filesystem type of the volume that you want to mount.
  // Tip: Ensure that the filesystem type is supported by the host operating system.
  // Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
  // More info: http://releases.k8s.io/HEAD/docs/user-guide/volumes.md#iscsi
  // TODO: how do we prevent errors in the filesystem from compromising the machine
  optional string fsType = 5;

  // ReadOnly here will force the ReadOnly setting in VolumeMounts.
  // Defaults to false.
  optional bool readOnly = 6;
}

// Maps a string key to a path within a volume.
message KeyToPath {
  // The key to project.
  optional string key = 1;

  // The relative path of the file to map the key to.
  // May not be an absolute path.
  // May not contain the path element '..'.
  // May not start with the string '..'.
  optional string path = 2;
}

// Lifecycle describes actions that the management system should take in response to container lifecycle
// events. For the PostStart and PreStop lifecycle handlers, management of the container blocks
// until the action is complete, unless the container process fails, in which case the handler is aborted.
message Lifecycle {
  // PostStart is called immediately after a container is created. If the handler fails,
  // the container is terminated and restarted according to its restart policy.
  // Other management of the container blocks until the hook completes.
  // More info: http://releases.k8s.io/HEAD/docs/user-guide/container-environment.md#hook-details
  optional Handler postStart = 1;

  // PreStop is called immediately before a container is terminated.
  // The container is terminated after the handler completes.
  // The reason for termination is passed to the handler.
  // Regardless of the outcome of the handler, the container is eventually terminated.
  // Other management of the container blocks until the hook completes.
  // More info: http://releases.k8s.io/HEAD/docs/user-guide/container-environment.md#hook-details
  optional Handler preStop = 2;
}

// LimitRange sets resource usage limits for each kind of resource in a Namespace.
message LimitRange {
  // Standard object's metadata.
  // More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#metadata
  optional ObjectMeta metadata = 1;

  // Spec defines the limits enforced.
  // More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#spec-and-status
  optional LimitRangeSpec spec = 2;
}

// LimitRangeItem defines a min/max usage limit for any resource that matches on kind.
message LimitRangeItem {
  // Type of resource that this limit applies to.
  optional string type = 1;

  // Max usage constraints on this kind by resource name.
  map<string, k8s.io.kubernetes.pkg.api.resource.Quantity> max = 2;

  // Min usage constraints on this kind by resource name.
  map<string, k8s.io.kubernetes.pkg.api.resource.Quantity> min = 3;

  // Default resource requirement limit value by resource name if resource limit is omitted.
  map<string, k8s.io.kubernetes.pkg.api.resource.Quantity> default = 4;

  // DefaultRequest is the default resource requirement request value by resource name if resource request is omitted.
  map<string, k8s.io.kubernetes.pkg.api.resource.Quantity> defaultRequest = 5;

  // MaxLimitRequestRatio if specified, the named resource must have a request and limit that are both non-zero where limit divided by request is less than or equal to the enumerated value; this represents the max burst for the named resource.
  map<string, k8s.io.kubernetes.pkg.api.resource.Quantity> maxLimitRequestRatio = 6;
}

// LimitRangeList is a list of LimitRange items.
message LimitRangeList {
  // Standard list metadata.
  // More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#types-kinds
  optional k8s.io.kubernetes.pkg.api.unversioned.ListMeta metadata = 1;

  // Items is a list of LimitRange objects.
  // More info: http://releases.k8s.io/HEAD/docs/design/admission_control_limit_range.md
  repeated LimitRange items = 2;
}

// LimitRangeSpec defines a min/max usage limit for resources that match on kind.
message LimitRangeSpec {
  // Limits is the list of LimitRangeItem objects that are enforced.
  repeated LimitRangeItem limits = 1;
}

// List holds a list of objects, which may not be known by the server.
message List {
  // Standard list metadata.
  // More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#types-kinds
  optional k8s.io.kubernetes.pkg.api.unversioned.ListMeta metadata = 1;

  // List of objects
  repeated k8s.io.kubernetes.pkg.runtime.RawExtension items = 2;
}

// ListOptions is the query options to a standard REST list call.
message ListOptions {
  // A selector to restrict the list of returned objects by their labels.
  // Defaults to everything.
  optional string labelSelector = 1;

  // A selector to restrict the list of returned objects by their fields.
  // Defaults to everything.
  optional string fieldSelector = 2;

  // Watch for changes to the described resources and return them as a stream of
  // add, update, and remove notifications. Specify resourceVersion.
  optional bool watch = 3;

  // When specified with a watch call, shows changes that occur after that particular version of a resource.
  // Defaults to changes from the beginning of history.
  optional string resourceVersion = 4;

  // Timeout for the list/watch call.
  optional int64 timeoutSeconds = 5;
}

// LoadBalancerIngress represents the status of a load-balancer ingress point:
// traffic intended for the service should be sent to an ingress point.
message LoadBalancerIngress {
  // IP is set for load-balancer ingress points that are IP based
  // (typically GCE or OpenStack load-balancers)
  optional string ip = 1;

  // Hostname is set for load-balancer ingress points that are DNS based
  // (typically AWS load-balancers)
  optional string hostname = 2;
}

// LoadBalancerStatus represents the status of a load-balancer.
message LoadBalancerStatus {
  // Ingress is a list containing ingress points for the load-balancer.
  // Traffic intended for the service should be sent to these ingress points.
  repeated LoadBalancerIngress ingress = 1;
}

// LocalObjectReference contains enough information to let you locate the
// referenced object inside the same namespace.
message LocalObjectReference {
  // Name of the referent.
  // More info: http://releases.k8s.io/HEAD/docs/user-guide/identifiers.md#names
  // TODO: Add other useful fields. apiVersion, kind, uid?
  optional string name = 1;
}

// Represents an NFS mount that lasts the lifetime of a pod.
// NFS volumes do not support ownership management or SELinux relabeling.
message NFSVolumeSource {
  // Server is the hostname or IP address of the NFS server.
  // More info: http://releases.k8s.io/HEAD/docs/user-guide/volumes.md#nfs
  optional string server = 1;

  // Path that is exported by the NFS server.
  // More info: http://releases.k8s.io/HEAD/docs/user-guide/volumes.md#nfs
  optional string path = 2;

  // ReadOnly here will force
  // the NFS export to be mounted with read-only permissions.
  // Defaults to false.
  // More info: http://releases.k8s.io/HEAD/docs/user-guide/volumes.md#nfs
  optional bool readOnly = 3;
}

// Namespace provides a scope for Names.
// Use of multiple namespaces is optional.
message Namespace {
  // Standard object's metadata.
  // More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#metadata
  optional ObjectMeta metadata = 1;

  // Spec defines the behavior of the Namespace.
  // More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#spec-and-status
  optional NamespaceSpec spec = 2;

  // Status describes the current status of a Namespace.
  // More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#spec-and-status
  optional NamespaceStatus status = 3;
}

// NamespaceList is a list of Namespaces.
message NamespaceList {
  // Standard list metadata.
  // More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#types-kinds
  optional k8s.io.kubernetes.pkg.api.unversioned.ListMeta metadata = 1;

  // Items is the list of Namespace objects in the list.
  // More info: http://releases.k8s.io/HEAD/docs/user-guide/namespaces.md
  repeated Namespace items = 2;
}

// NamespaceSpec describes the attributes on a Namespace.
message NamespaceSpec {
  // Finalizers is an opaque list of values that must be empty to permanently remove object from storage.
  // More info: http://releases.k8s.io/HEAD/docs/design/namespaces.md#finalizers
  repeated string finalizers = 1;
}

// NamespaceStatus is information about the current status of a Namespace.
message NamespaceStatus {
  // Phase is the current lifecycle phase of the namespace.
  // More info: http://releases.k8s.io/HEAD/docs/design/namespaces.md#phases
  optional string phase = 1;
}

// Node is a worker node in Kubernetes, formerly known as minion.
// Each node will have a unique identifier in the cache (i.e. in etcd).
message Node {
  // Standard object's metadata.
  // More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#metadata
  optional ObjectMeta metadata = 1;

  // Spec defines the behavior of a node.
  // http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#spec-and-status
  optional NodeSpec spec = 2;

  // Most recently observed status of the node.
  // Populated by the system.
  // Read-only.
  // More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#spec-and-status
  optional NodeStatus status = 3;
}

// NodeAddress contains information for the node's address.
message NodeAddress {
  // Node address type, one of Hostname, ExternalIP or InternalIP.
  optional string type = 1;

  // The node address.
  optional string address = 2;
}

// Node affinity is a group of node affinity scheduling rules.
message NodeAffinity {
  // If the affinity requirements specified by this field are not met at
  // scheduling time, the pod will not be scheduled onto the node.
  // If the affinity requirements specified by this field cease to be met
  // at some point during pod execution (e.g. due to an update), the system
  // may or may not try to eventually evict the pod from its node.
  optional NodeSelector requiredDuringSchedulingIgnoredDuringExecution = 1;

  // The scheduler will prefer to schedule pods to nodes that satisfy
  // the affinity expressions specified by this field, but it may choose
  // a node that violates one or more of the expressions. The node that is
  // most preferred is the one with the greatest sum of weights, i.e.
  // for each node that meets all of the scheduling requirements (resource
  // request, requiredDuringScheduling affinity expressions, etc.),
  // compute a sum by iterating through the elements of this field and adding
  // "weight" to the sum if the node matches the corresponding matchExpressions; the
  // node(s) with the highest sum are the most preferred.
  repeated PreferredSchedulingTerm preferredDuringSchedulingIgnoredDuringExecution = 2;
}

// NodeCondition contains condition infromation for a node.
message NodeCondition {
  // Type of node condition.
  optional string type = 1;

  // Status of the condition, one of True, False, Unknown.
  optional string status = 2;

  // Last time we got an update on a given condition.
  optional k8s.io.kubernetes.pkg.api.unversioned.Time lastHeartbeatTime = 3;

  // Last time the condition transit from one status to another.
  optional k8s.io.kubernetes.pkg.api.unversioned.Time lastTransitionTime = 4;

  // (brief) reason for the condition's last transition.
  optional string reason = 5;

  // Human readable message indicating details about last transition.
  optional string message = 6;
}

// NodeDaemonEndpoints lists ports opened by daemons running on the Node.
message NodeDaemonEndpoints {
  // Endpoint on which Kubelet is listening.
  optional DaemonEndpoint kubeletEndpoint = 1;
}

// NodeList is the whole list of all Nodes which have been registered with master.
message NodeList {
  // Standard list metadata.
  // More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#types-kinds
  optional k8s.io.kubernetes.pkg.api.unversioned.ListMeta metadata = 1;

  // List of nodes
  repeated Node items = 2;
}

// NodeProxyOptions is the query options to a Node's proxy call.
message NodeProxyOptions {
  // Path is the URL path to use for the current proxy request to node.
  optional string path = 1;
}

// A node selector represents the union of the results of one or more label queries
// over a set of nodes; that is, it represents the OR of the selectors represented
// by the node selector terms.
message NodeSelector {
  // Required. A list of node selector terms. The terms are ORed.
  repeated NodeSelectorTerm nodeSelectorTerms = 1;
}

// A node selector requirement is a selector that contains values, a key, and an operator
// that relates the key and values.
message NodeSelectorRequirement {
  // The label key that the selector applies to.
  optional string key = 1;

  // Represents a key's relationship to a set of values.
  // Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
  optional string operator = 2;

  // An array of string values. If the operator is In or NotIn,
  // the values array must be non-empty. If the operator is Exists or DoesNotExist,
  // the values array must be empty. If the operator is Gt or Lt, the values
  // array must have a single element, which will be interpreted as an integer.
  // This array is replaced during a strategic merge patch.
  repeated string values = 3;
}

// A null or empty node selector term matches no objects.
message NodeSelectorTerm {
  // Required. A list of node selector requirements. The requirements are ANDed.
  repeated NodeSelectorRequirement matchExpressions = 1;
}

// NodeSpec describes the attributes that a node is created with.
message NodeSpec {
  // PodCIDR represents the pod IP range assigned to the node.
  optional string podCIDR = 1;

  // External ID of the node assigned by some machine database (e.g. a cloud provider).
  // Deprecated.
  optional string externalID = 2;

  // ID of the node assigned by the cloud provider in the format: <ProviderName>://<ProviderSpecificNodeID>
  optional string providerID = 3;

  // Unschedulable controls node schedulability of new pods. By default, node is schedulable.
  // More info: http://releases.k8s.io/HEAD/docs/admin/node.md#manual-node-administration"`
  optional bool unschedulable = 4;
}

// NodeStatus is information about the current status of a node.
message NodeStatus {
  // Capacity represents the total resources of a node.
  // More info: http://releases.k8s.io/HEAD/docs/user-guide/persistent-volumes.md#capacity for more details.
  map<string, k8s.io.kubernetes.pkg.api.resource.Quantity> capacity = 1;

  // Allocatable represents the resources of a node that are available for scheduling.
  // Defaults to Capacity.
  map<string, k8s.io.kubernetes.pkg.api.resource.Quantity> allocatable = 2;

  // NodePhase is the recently observed lifecycle phase of the node.
  // More info: http://releases.k8s.io/HEAD/docs/admin/node.md#node-phase
  optional string phase = 3;

  // Conditions is an array of current observed node conditions.
  // More info: http://releases.k8s.io/HEAD/docs/admin/node.md#node-condition
  repeated NodeCondition conditions = 4;

  // List of addresses reachable to the node.
  // Queried from cloud provider, if available.
  // More info: http://releases.k8s.io/HEAD/docs/admin/node.md#node-addresses
  repeated NodeAddress addresses = 5;

  // Endpoints of daemons running on the Node.
  optional NodeDaemonEndpoints daemonEndpoints = 6;

  // Set of ids/uuids to uniquely identify the node.
  // More info: http://releases.k8s.io/HEAD/docs/admin/node.md#node-info
  optional NodeSystemInfo nodeInfo = 7;

  // List of container images on this node
  repeated ContainerImage images = 8;
}

// NodeSystemInfo is a set of ids/uuids to uniquely identify the node.
message NodeSystemInfo {
  // Machine ID reported by the node.
  optional string machineID = 1;

  // System UUID reported by the node.
  optional string systemUUID = 2;

  // Boot ID reported by the node.
  optional string bootID = 3;

  // Kernel Version reported by the node from 'uname -r' (e.g. 3.16.0-0.bpo.4-amd64).
  optional string kernelVersion = 4;

  // OS Image reported by the node from /etc/os-release (e.g. Debian GNU/Linux 7 (wheezy)).
  optional string osImage = 5;

  // ContainerRuntime Version reported by the node through runtime remote API (e.g. docker://1.5.0).
  optional string containerRuntimeVersion = 6;

  // Kubelet Version reported by the node.
  optional string kubeletVersion = 7;

  // KubeProxy Version reported by the node.
  optional string kubeProxyVersion = 8;
}

// ObjectFieldSelector selects an APIVersioned field of an object.
message ObjectFieldSelector {
  // Version of the schema the FieldPath is written in terms of, defaults to "v1".
  optional string apiVersion = 1;

  // Path of the field to select in the specified API version.
  optional string fieldPath = 2;
}

// ObjectMeta is metadata that all persisted resources must have, which includes all objects
// users must create.
message ObjectMeta {
  // Name must be unique within a namespace. Is required when creating resources, although
  // some resources may allow a client to request the generation of an appropriate name
  // automatically. Name is primarily intended for creation idempotence and configuration
  // definition.
  // Cannot be updated.
  // More info: http://releases.k8s.io/HEAD/docs/user-guide/identifiers.md#names
  optional string name = 1;

  // GenerateName is an optional prefix, used by the server, to generate a unique
  // name ONLY IF the Name field has not been provided.
  // If this field is used, the name returned to the client will be different
  // than the name passed. This value will also be combined with a unique suffix.
  // The provided value has the same validation rules as the Name field,
  // and may be truncated by the length of the suffix required to make the value
  // unique on the server.
  // 
  // If this field is specified and the generated name exists, the server will
  // NOT return a 409 - instead, it will either return 201 Created or 500 with Reason
  // ServerTimeout indicating a unique name could not be found in the time allotted, and the client
  // should retry (optionally after the time indicated in the Retry-After header).
  // 
  // Applied only if Name is not specified.
  // More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#idempotency
  optional string generateName = 2;

  // Namespace defines the space within each name must be unique. An empty namespace is
  // equivalent to the "default" namespace, but "default" is the canonical representation.
  // Not all objects are required to be scoped to a namespace - the value of this field for
  // those objects will be empty.
  // 
  // Must be a DNS_LABEL.
  // Cannot be updated.
  // More info: http://releases.k8s.io/HEAD/docs/user-guide/namespaces.md
  optional string namespace = 3;

  // SelfLink is a URL representing this object.
  // Populated by the system.
  // Read-only.
  optional string selfLink = 4;

  // UID is the unique in time and space value for this object. It is typically generated by
  // the server on successful creation of a resource and is not allowed to change on PUT
  // operations.
  // 
  // Populated by the system.
  // Read-only.
  // More info: http://releases.k8s.io/HEAD/docs/user-guide/identifiers.md#uids
  optional string uid = 5;

  // An opaque value that represents the internal version of this object that can
  // be used by clients to determine when objects have changed. May be used for optimistic
  // concurrency, change detection, and the watch operation on a resource or set of resources.
  // Clients must treat these values as opaque and passed unmodified back to the server.
  // They may only be valid for a particular resource or set of resources.
  // 
  // Populated by the system.
  // Read-only.
  // Value must be treated as opaque by clients and .
  // More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#concurrency-control-and-consistency
  optional string resourceVersion = 6;

  // A sequence number representing a specific generation of the desired state.
  // Populated by the system. Read-only.
  optional int64 generation = 7;

  // CreationTimestamp is a timestamp representing the server time when this object was
  // created. It is not guaranteed to be set in happens-before order across separate operations.
  // Clients may not set this value. It is represented in RFC3339 form and is in UTC.
  // 
  // Populated by the system.
  // Read-only.
  // Null for lists.
  // More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#metadata
  optional k8s.io.kubernetes.pkg.api.unversioned.Time creationTimestamp = 8;

  // DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This
  // field is set by the server when a graceful deletion is requested by the user, and is not
  // directly settable by a client. The resource will be deleted (no longer visible from
  // resource lists, and not reachable by name) after the time in this field. Once set, this
  // value may not be unset or be set further into the future, although it may be shortened
  // or the resource may be deleted prior to this time. For example, a user may request that
  // a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination
  // signal to the containers in the pod. Once the resource is deleted in the API, the Kubelet
  // will send a hard termination signal to the container.
  // If not set, graceful deletion of the object has not been requested.
  // 
  // Populated by the system when a graceful deletion is requested.
  // Read-only.
  // More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#metadata
  optional k8s.io.kubernetes.pkg.api.unversioned.Time deletionTimestamp = 9;

  // Number of seconds allowed for this object to gracefully terminate before
  // it will be removed from the system. Only set when deletionTimestamp is also set.
  // May only be shortened.
  // Read-only.
  optional int64 deletionGracePeriodSeconds = 10;

  // Map of string keys and values that can be used to organize and categorize
  // (scope and select) objects. May match selectors of replication controllers
  // and services.
  // More info: http://releases.k8s.io/HEAD/docs/user-guide/labels.md
  // TODO: replace map[string]string with labels.LabelSet type
  map<string, string> labels = 11;

  // Annotations is an unstructured key value map stored with a resource that may be
  // set by external tools to store and retrieve arbitrary metadata. They are not
  // queryable and should be preserved when modifying objects.
  // More info: http://releases.k8s.io/HEAD/docs/user-guide/annotations.md
  map<string, string> annotations = 12;

  // List of objects depended by this object. If ALL objects in the list have
  // been deleted, this object will be garbage collected.
  repeated OwnerReference ownerReferences = 13;

  // Must be empty before the object is deleted from the registry. Each entry
  // is an identifier for the responsible component that will remove the entry
  // from the list. If the deletionTimestamp of the object is non-nil, entries
  // in this list can only be removed.
  repeated string finalizers = 14;
}

// ObjectReference contains enough information to let you inspect or modify the referred object.
message ObjectReference {
  // Kind of the referent.
  // More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#types-kinds
  optional string kind = 1;

  // Namespace of the referent.
  // More info: http://releases.k8s.io/HEAD/docs/user-guide/namespaces.md
  optional string namespace = 2;

  // Name of the referent.
  // More info: http://releases.k8s.io/HEAD/docs/user-guide/identifiers.md#names
  optional string name = 3;

  // UID of the referent.
  // More info: http://releases.k8s.io/HEAD/docs/user-guide/identifiers.md#uids
  optional string uid = 4;

  // API version of the referent.
  optional string apiVersion = 5;

  // Specific resourceVersion to which this reference is made, if any.
  // More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#concurrency-control-and-consistency
  optional string resourceVersion = 6;

  // If referring to a piece of an object instead of an entire object, this string
  // should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
  // For example, if the object reference is to a container within a pod, this would take on a value like:
  // "spec.containers{name}" (where "name" refers to the name of the container that triggered
  // the event) or if no container name is specified "spec.containers[2]" (container with
  // index 2 in this pod). This syntax is chosen only to have some well-defined way of
  // referencing a part of an object.
  // TODO: this design is not final and this field is subject to change in the future.
  optional string fieldPath = 7;
}

// OwnerReference contains enough information to let you identify an owning
// object. Currently, an owning object must be in the same namespace, so there
// is no namespace field.
message OwnerReference {
  // API version of the referent.
  optional string apiVersion = 5;

  // Kind of the referent.
  // More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#types-kinds
  optional string kind = 1;

  // Name of the referent.
  // More info: http://releases.k8s.io/HEAD/docs/user-guide/identifiers.md#names
  optional string name = 3;

  // UID of the referent.
  // More info: http://releases.k8s.io/HEAD/docs/user-guide/identifiers.md#uids
  optional string uid = 4;
}

// PersistentVolume (PV) is a storage resource provisioned by an administrator.
// It is analogous to a node.
// More info: http://releases.k8s.io/HEAD/docs/user-guide/persistent-volumes.md
message PersistentVolume {
  // Standard object's metadata.
  // More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#metadata
  optional ObjectMeta metadata = 1;

  // Spec defines a specification of a persistent volume owned by the cluster.
  // Provisioned by an administrator.
  // More info: http://releases.k8s.io/HEAD/docs/user-guide/persistent-volumes.md#persistent-volumes
  optional PersistentVolumeSpec spec = 2;

  // Status represents the current information/status for the persistent volume.
  // Populated by the system.
  // Read-only.
  // More info: http://releases.k8s.io/HEAD/docs/user-guide/persistent-volumes.md#persistent-volumes
  optional PersistentVolumeStatus status = 3;
}

// PersistentVolumeClaim is a user's request for and claim to a persistent volume
message PersistentVolumeClaim {
  // Standard object's metadata.
  // More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#metadata
  optional ObjectMeta metadata = 1;

  // Spec defines the desired characteristics of a volume requested by a pod author.
  // More info: http://releases.k8s.io/HEAD/docs/user-guide/persistent-volumes.md#persistentvolumeclaims
  optional PersistentVolumeClaimSpec spec = 2;

  // Status represents the current information/status of a persistent volume claim.
  // Read-only.
  // More info: http://releases.k8s.io/HEAD/docs/user-guide/persistent-volumes.md#persistentvolumeclaims
  optional PersistentVolumeClaimStatus status = 3;
}

// PersistentVolumeClaimList is a list of PersistentVolumeClaim items.
message PersistentVolumeClaimList {
  // Standard list metadata.
  // More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#types-kinds
  optional k8s.io.kubernetes.pkg.api.unversioned.ListMeta metadata = 1;

  // A list of persistent volume claims.
  // More info: http://releases.k8s.io/HEAD/docs/user-guide/persistent-volumes.md#persistentvolumeclaims
  repeated PersistentVolumeClaim items = 2;
}

// PersistentVolumeClaimSpec describes the common attributes of storage devices
// and allows a Source for provider-specific attributes
message PersistentVolumeClaimSpec {
  // AccessModes contains the desired access modes the volume should have.
  // More info: http://releases.k8s.io/HEAD/docs/user-guide/persistent-volumes.md#access-modes-1
  repeated string accessModes = 1;

  // Resources represents the minimum resources the volume should have.
  // More info: http://releases.k8s.io/HEAD/docs/user-guide/persistent-volumes.md#resources
  optional ResourceRequirements resources = 2;

  // VolumeName is the binding reference to the PersistentVolume backing this claim.
  optional string volumeName = 3;
}

// PersistentVolumeClaimStatus is the current status of a persistent volume claim.
message PersistentVolumeClaimStatus {
  // Phase represents the current phase of PersistentVolumeClaim.
  optional string phase = 1;

  // AccessModes contains the actual access modes the volume backing the PVC has.
  // More info: http://releases.k8s.io/HEAD/docs/user-guide/persistent-volumes.md#access-modes-1
  repeated string accessModes = 2;

  // Represents the actual resources of the underlying volume.
  map<string, k8s.io.kubernetes.pkg.api.resource.Quantity> capacity = 3;
}

// PersistentVolumeClaimVolumeSource references the user's PVC in the same namespace.
// This volume finds the bound PV and mounts that volume for the pod. A
// PersistentVolumeClaimVolumeSource is, essentially, a wrapper around another
// type of volume that is owned by someone else (the system).
message PersistentVolumeClaimVolumeSource {
  // ClaimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume.
  // More info: http://releases.k8s.io/HEAD/docs/user-guide/persistent-volumes.md#persistentvolumeclaims
  optional string claimName = 1;

  // Will force the ReadOnly setting in VolumeMounts.
  // Default false.
  optional bool readOnly = 2;
}

// PersistentVolumeList is a list of PersistentVolume items.
message PersistentVolumeList {
  // Standard list metadata.
  // More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#types-kinds
  optional k8s.io.kubernetes.pkg.api.unversioned.ListMeta metadata = 1;

  // List of persistent volumes.
  // More info: http://releases.k8s.io/HEAD/docs/user-guide/persistent-volumes.md
  repeated PersistentVolume items = 2;
}

// PersistentVolumeSource is similar to VolumeSource but meant for the
// administrator who creates PVs. Exactly one of its members must be set.
message PersistentVolumeSource {
  // GCEPersistentDisk represents a GCE Disk resource that is attached to a
  // kubelet's host machine and then exposed to the pod. Provisioned by an admin.
  // More info: http://releases.k8s.io/HEAD/docs/user-guide/volumes.md#gcepersistentdisk
  optional GCEPersistentDiskVolumeSource gcePersistentDisk = 1;

  // AWSElasticBlockStore represents an AWS Disk resource that is attached to a
  // kubelet's host machine and then exposed to the pod.
  // More info: http://releases.k8s.io/HEAD/docs/user-guide/volumes.md#awselasticblockstore
  optional AWSElasticBlockStoreVolumeSource awsElasticBlockStore = 2;

  // HostPath represents a directory on the host.
  // Provisioned by a developer or tester.
  // This is useful for single-node development and testing only!
  // On-host storage is not supported in any way and WILL NOT WORK in a multi-node cluster.
  // More info: http://releases.k8s.io/HEAD/docs/user-guide/volumes.md#hostpath
  optional HostPathVolumeSource hostPath = 3;

  // Glusterfs represents a Glusterfs volume that is attached to a host and
  // exposed to the pod. Provisioned by an admin.
  // More info: http://releases.k8s.io/HEAD/examples/glusterfs/README.md
  optional GlusterfsVolumeSource glusterfs = 4;

  // NFS represents an NFS mount on the host. Provisioned by an admin.
  // More info: http://releases.k8s.io/HEAD/docs/user-guide/volumes.md#nfs
  optional NFSVolumeSource nfs = 5;

  // RBD represents a Rados Block Device mount on the host that shares a pod's lifetime.
  // More info: http://releases.k8s.io/HEAD/examples/rbd/README.md
  optional RBDVolumeSource rbd = 6;

  // ISCSI represents an ISCSI Disk resource that is attached to a
  // kubelet's host machine and then exposed to the pod. Provisioned by an admin.
  optional ISCSIVolumeSource iscsi = 7;

  // Cinder represents a cinder volume attached and mounted on kubelets host machine
  // More info: http://releases.k8s.io/HEAD/examples/mysql-cinder-pd/README.md
  optional CinderVolumeSource cinder = 8;

  // CephFS represents a Ceph FS mount on the host that shares a pod's lifetime
  optional CephFSVolumeSource cephfs = 9;

  // FC represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod.
  optional FCVolumeSource fc = 10;

  // Flocker represents a Flocker volume attached to a kubelet's host machine and exposed to the pod for its usage. This depends on the Flocker control service being running
  optional FlockerVolumeSource flocker = 11;

  // FlexVolume represents a generic volume resource that is
  // provisioned/attached using a exec based plugin. This is an
  // alpha feature and may change in future.
  optional FlexVolumeSource flexVolume = 12;

  // AzureFile represents an Azure File Service mount on the host and bind mount to the pod.
  optional AzureFileVolumeSource azureFile = 13;
}

// PersistentVolumeSpec is the specification of a persistent volume.
message PersistentVolumeSpec {
  // A description of the persistent volume's resources and capacity.
  // More info: http://releases.k8s.io/HEAD/docs/user-guide/persistent-volumes.md#capacity
  map<string, k8s.io.kubernetes.pkg.api.resource.Quantity> capacity = 1;

  // The actual volume backing the persistent volume.
  optional PersistentVolumeSource persistentVolumeSource = 2;

  // AccessModes contains all ways the volume can be mounted.
  // More info: http://releases.k8s.io/HEAD/docs/user-guide/persistent-volumes.md#access-modes
  repeated string accessModes = 3;

  // ClaimRef is part of a bi-directional binding between PersistentVolume and PersistentVolumeClaim.
  // Expected to be non-nil when bound.
  // claim.VolumeName is the authoritative bind between PV and PVC.
  // More info: http://releases.k8s.io/HEAD/docs/user-guide/persistent-volumes.md#binding
  optional ObjectReference claimRef = 4;

  // What happens to a persistent volume when released from its claim.
  // Valid options are Retain (default) and Recycle.
  // Recyling must be supported by the volume plugin underlying this persistent volume.
  // More info: http://releases.k8s.io/HEAD/docs/user-guide/persistent-volumes.md#recycling-policy
  optional string persistentVolumeReclaimPolicy = 5;
}

// PersistentVolumeStatus is the current status of a persistent volume.
message PersistentVolumeStatus {
  // Phase indicates if a volume is available, bound to a claim, or released by a claim.
  // More info: http://releases.k8s.io/HEAD/docs/user-guide/persistent-volumes.md#phase
  optional string phase = 1;

  // A human-readable message indicating details about why the volume is in this state.
  optional string message = 2;

  // Reason is a brief CamelCase string that describes any failure and is meant
  // for machine parsing and tidy display in the CLI.
  optional string reason = 3;
}

// Pod is a collection of containers that can run on a host. This resource is created
// by clients and scheduled onto hosts.
message Pod {
  // Standard object's metadata.
  // More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#metadata
  optional ObjectMeta metadata = 1;

  // Specification of the desired behavior of the pod.
  // More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#spec-and-status
  optional PodSpec spec = 2;

  // Most recently observed status of the pod.
  // This data may not be up to date.
  // Populated by the system.
  // Read-only.
  // More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#spec-and-status
  optional PodStatus status = 3;
}

// Pod affinity is a group of inter pod affinity scheduling rules.
message PodAffinity {
  // NOT YET IMPLEMENTED. TODO: Uncomment field once it is implemented.
  // If the affinity requirements specified by this field are not met at
  // scheduling time, the pod will not be scheduled onto the node.
  // If the affinity requirements specified by this field cease to be met
  // at some point during pod execution (e.g. due to a pod label update), the
  // system will try to eventually evict the pod from its node.
  // When there are multiple elements, the lists of nodes corresponding to each
  // podAffinityTerm are intersected, i.e. all terms must be satisfied.
  // RequiredDuringSchedulingRequiredDuringExecution []PodAffinityTerm  `json:"requiredDuringSchedulingRequiredDuringExecution,omitempty"`
  // If the affinity requirements specified by this field are not met at
  // scheduling time, the pod will not be scheduled onto the node.
  // If the affinity requirements specified by this field cease to be met
  // at some point during pod execution (e.g. due to a pod label update), the
  // system may or may not try to eventually evict the pod from its node.
  // When there are multiple elements, the lists of nodes corresponding to each
  // podAffinityTerm are intersected, i.e. all terms must be satisfied.
  repeated PodAffinityTerm requiredDuringSchedulingIgnoredDuringExecution = 1;

  // The scheduler will prefer to schedule pods to nodes that satisfy
  // the affinity expressions specified by this field, but it may choose
  // a node that violates one or more of the expressions. The node that is
  // most preferred is the one with the greatest sum of weights, i.e.
  // for each node that meets all of the scheduling requirements (resource
  // request, requiredDuringScheduling affinity expressions, etc.),
  // compute a sum by iterating through the elements of this field and adding
  // "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the
  // node(s) with the highest sum are the most preferred.
  repeated WeightedPodAffinityTerm preferredDuringSchedulingIgnoredDuringExecution = 2;
}

// Defines a set of pods (namely those matching the labelSelector
// relative to the given namespace(s)) that this pod should be
// co-located (affinity) or not co-located (anti-affinity) with,
// where co-located is defined as running on a node whose value of
// the label with key <topologyKey> tches that of any node on which
// a pod of the set of pods is running
message PodAffinityTerm {
  // A label query over a set of resources, in this case pods.
  optional k8s.io.kubernetes.pkg.api.unversioned.LabelSelector labelSelector = 1;

  // namespaces specifies which namespaces the labelSelector applies to (matches against);
  // nil list means "this pod's namespace," empty list means "all namespaces"
  // The json tag here is not "omitempty" since we need to distinguish nil and empty.
  // See https://golang.org/pkg/encoding/json/#Marshal for more details.
  repeated string namespaces = 2;

  // This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
  // the labelSelector in the specified namespaces, where co-located is defined as running on a node
  // whose value of the label with key topologyKey matches that of any node on which any of the
  // selected pods is running.
  // For PreferredDuringScheduling pod anti-affinity, empty topologyKey is interpreted as "all topologies"
  // ("all topologies" here means all the topologyKeys indicated by scheduler command-line argument --failure-domains);
  // for affinity and for RequiredDuringScheduling pod anti-affinity, empty topologyKey is not allowed.
  optional string topologyKey = 3;
}

// Pod anti affinity is a group of inter pod anti affinity scheduling rules.
message PodAntiAffinity {
  // NOT YET IMPLEMENTED. TODO: Uncomment field once it is implemented.
  // If the anti-affinity requirements specified by this field are not met at
  // scheduling time, the pod will not be scheduled onto the node.
  // If the anti-affinity requirements specified by this field cease to be met
  // at some point during pod execution (e.g. due to a pod label update), the
  // system will try to eventually evict the pod from its node.
  // When there are multiple elements, the lists of nodes corresponding to each
  // podAffinityTerm are intersected, i.e. all terms must be satisfied.
  // RequiredDuringSchedulingRequiredDuringExecution []PodAffinityTerm  `json:"requiredDuringSchedulingRequiredDuringExecution,omitempty"`
  // If the anti-affinity requirements specified by this field are not met at
  // scheduling time, the pod will not be scheduled onto the node.
  // If the anti-affinity requirements specified by this field cease to be met
  // at some point during pod execution (e.g. due to a pod label update), the
  // system may or may not try to eventually evict the pod from its node.
  // When there are multiple elements, the lists of nodes corresponding to each
  // podAffinityTerm are intersected, i.e. all terms must be satisfied.
  repeated PodAffinityTerm requiredDuringSchedulingIgnoredDuringExecution = 1;

  // The scheduler will prefer to schedule pods to nodes that satisfy
  // the anti-affinity expressions specified by this field, but it may choose
  // a node that violates one or more of the expressions. The node that is
  // most preferred is the one with the greatest sum of weights, i.e.
  // for each node that meets all of the scheduling requirements (resource
  // request, requiredDuringScheduling anti-affinity expressions, etc.),
  // compute a sum by iterating through the elements of this field and adding
  // "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the
  // node(s) with the highest sum are the most preferred.
  repeated WeightedPodAffinityTerm preferredDuringSchedulingIgnoredDuringExecution = 2;
}

// PodAttachOptions is the query options to a Pod's remote attach call.
// ---
// TODO: merge w/ PodExecOptions below for stdin, stdout, etc
// and also when we cut V2, we should export a "StreamOptions" or somesuch that contains Stdin, Stdout, Stder and TTY
message PodAttachOptions {
  // Stdin if true, redirects the standard input stream of the pod for this call.
  // Defaults to false.
  optional bool stdin = 1;

  // Stdout if true indicates that stdout is to be redirected for the attach call.
  // Defaults to true.
  optional bool stdout = 2;

  // Stderr if true indicates that stderr is to be redirected for the attach call.
  // Defaults to true.
  optional bool stderr = 3;

  // TTY if true indicates that a tty will be allocated for the attach call.
  // This is passed through the container runtime so the tty
  // is allocated on the worker node by the container runtime.
  // Defaults to false.
  optional bool tty = 4;

  // The container in which to execute the command.
  // Defaults to only container if there is only one container in the pod.
  optional string container = 5;
}

// PodCondition contains details for the current condition of this pod.
message PodCondition {
  // Type is the type of the condition.
  // Currently only Ready.
  // More info: http://releases.k8s.io/HEAD/docs/user-guide/pod-states.md#pod-conditions
  optional string type = 1;

  // Status is the status of the condition.
  // Can be True, False, Unknown.
  // More info: http://releases.k8s.io/HEAD/docs/user-guide/pod-states.md#pod-conditions
  optional string status = 2;

  // Last time we probed the condition.
  optional k8s.io.kubernetes.pkg.api.unversioned.Time lastProbeTime = 3;

  // Last time the condition transitioned from one status to another.
  optional k8s.io.kubernetes.pkg.api.unversioned.Time lastTransitionTime = 4;

  // Unique, one-word, CamelCase reason for the condition's last transition.
  optional string reason = 5;

  // Human-readable message indicating details about last transition.
  optional string message = 6;
}

// PodExecOptions is the query options to a Pod's remote exec call.
// ---
// TODO: This is largely identical to PodAttachOptions above, make sure they stay in sync and see about merging
// and also when we cut V2, we should export a "StreamOptions" or somesuch that contains Stdin, Stdout, Stder and TTY
message PodExecOptions {
  // Redirect the standard input stream of the pod for this call.
  // Defaults to false.
  optional bool stdin = 1;

  // Redirect the standard output stream of the pod for this call.
  // Defaults to true.
  optional bool stdout = 2;

  // Redirect the standard error stream of the pod for this call.
  // Defaults to true.
  optional bool stderr = 3;

  // TTY if true indicates that a tty will be allocated for the exec call.
  // Defaults to false.
  optional bool tty = 4;

  // Container in which to execute the command.
  // Defaults to only container if there is only one container in the pod.
  optional string container = 5;

  // Command is the remote command to execute. argv array. Not executed within a shell.
  repeated string command = 6;
}

// PodList is a list of Pods.
message PodList {
  // Standard list metadata.
  // More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#types-kinds
  optional k8s.io.kubernetes.pkg.api.unversioned.ListMeta metadata = 1;

  // List of pods.
  // More info: http://releases.k8s.io/HEAD/docs/user-guide/pods.md
  repeated Pod items = 2;
}

// PodLogOptions is the query options for a Pod's logs REST call.
message PodLogOptions {
  // The container for which to stream logs. Defaults to only container if there is one container in the pod.
  optional string container = 1;

  // Follow the log stream of the pod. Defaults to false.
  optional bool follow = 2;

  // Return previous terminated container logs. Defaults to false.
  optional bool previous = 3;

  // A relative time in seconds before the current time from which to show logs. If this value
  // precedes the time a pod was started, only logs since the pod start will be returned.
  // If this value is in the future, no logs will be returned.
  // Only one of sinceSeconds or sinceTime may be specified.
  optional int64 sinceSeconds = 4;

  // An RFC3339 timestamp from which to show logs. If this value
  // precedes the time a pod was started, only logs since the pod start will be returned.
  // If this value is in the future, no logs will be returned.
  // Only one of sinceSeconds or sinceTime may be specified.
  optional k8s.io.kubernetes.pkg.api.unversioned.Time sinceTime = 5;

  // If true, add an RFC3339 or RFC3339Nano timestamp at the beginning of every line
  // of log output. Defaults to false.
  optional bool timestamps = 6;

  // If set, the number of lines from the end of the logs to show. If not specified,
  // logs are shown from the creation of the container or sinceSeconds or sinceTime
  optional int64 tailLines = 7;

  // If set, the number of bytes to read from the server before terminating the
  // log output. This may not display a complete final line of logging, and may return
  // slightly more or slightly less than the specified limit.
  optional int64 limitBytes = 8;
}

// PodProxyOptions is the query options to a Pod's proxy call.
message PodProxyOptions {
  // Path is the URL path to use for the current proxy request to pod.
  optional string path = 1;
}

// PodSecurityContext holds pod-level security attributes and common container settings.
// Some fields are also present in container.securityContext.  Field values of
// container.securityContext take precedence over field values of PodSecurityContext.
message PodSecurityContext {
  // The SELinux context to be applied to all containers.
  // If unspecified, the container runtime will allocate a random SELinux context for each
  // container.  May also be set in SecurityContext.  If set in
  // both SecurityContext and PodSecurityContext, the value specified in SecurityContext
  // takes precedence for that container.
  optional SELinuxOptions seLinuxOptions = 1;

  // The UID to run the entrypoint of the container process.
  // Defaults to user specified in image metadata if unspecified.
  // May also be set in SecurityContext.  If set in both SecurityContext and
  // PodSecurityContext, the value specified in SecurityContext takes precedence
  // for that container.
  optional int64 runAsUser = 2;

  // Indicates that the container must run as a non-root user.
  // If true, the Kubelet will validate the image at runtime to ensure that it
  // does not run as UID 0 (root) and fail to start the container if it does.
  // If unset or false, no such validation will be performed.
  // May also be set in SecurityContext.  If set in both SecurityContext and
  // PodSecurityContext, the value specified in SecurityContext takes precedence.
  optional bool runAsNonRoot = 3;

  // A list of groups applied to the first process run in each container, in addition
  // to the container's primary GID.  If unspecified, no groups will be added to
  // any container.
  repeated int64 supplementalGroups = 4;

  // A special supplemental group that applies to all containers in a pod.
  // Some volume types allow the Kubelet to change the ownership of that volume
  // to be owned by the pod:
  // 
  // 1. The owning GID will be the FSGroup
  // 2. The setgid bit is set (new files created in the volume will be owned by FSGroup)
  // 3. The permission bits are OR'd with rw-rw----
  // 
  // If unset, the Kubelet will not modify the ownership and permissions of any volume.
  optional int64 fsGroup = 5;
}

// PodSpec is a description of a pod.
message PodSpec {
  // List of volumes that can be mounted by containers belonging to the pod.
  // More info: http://releases.k8s.io/HEAD/docs/user-guide/volumes.md
  repeated Volume volumes = 1;

  // List of containers belonging to the pod.
  // Containers cannot currently be added or removed.
  // There must be at least one container in a Pod.
  // Cannot be updated.
  // More info: http://releases.k8s.io/HEAD/docs/user-guide/containers.md
  repeated Container containers = 2;

  // Restart policy for all containers within the pod.
  // One of Always, OnFailure, Never.
  // Default to Always.
  // More info: http://releases.k8s.io/HEAD/docs/user-guide/pod-states.md#restartpolicy
  optional string restartPolicy = 3;

  // Optional duration in seconds the pod needs to terminate gracefully. May be decreased in delete request.
  // Value must be non-negative integer. The value zero indicates delete immediately.
  // If this value is nil, the default grace period will be used instead.
  // The grace period is the duration in seconds after the processes running in the pod are sent
  // a termination signal and the time when the processes are forcibly halted with a kill signal.
  // Set this value longer than the expected cleanup time for your process.
  // Defaults to 30 seconds.
  optional int64 terminationGracePeriodSeconds = 4;

  // Optional duration in seconds the pod may be active on the node relative to
  // StartTime before the system will actively try to mark it failed and kill associated containers.
  // Value must be a positive integer.
  optional int64 activeDeadlineSeconds = 5;

  // Set DNS policy for containers within the pod.
  // One of 'ClusterFirst' or 'Default'.
  // Defaults to "ClusterFirst".
  optional string dnsPolicy = 6;

  // NodeSelector is a selector which must be true for the pod to fit on a node.
  // Selector which must match a node's labels for the pod to be scheduled on that node.
  // More info: http://releases.k8s.io/HEAD/docs/user-guide/node-selection/README.md
  map<string, string> nodeSelector = 7;

  // ServiceAccountName is the name of the ServiceAccount to use to run this pod.
  // More info: http://releases.k8s.io/HEAD/docs/design/service_accounts.md
  optional string serviceAccountName = 8;

  // DeprecatedServiceAccount is a depreciated alias for ServiceAccountName.
  // Deprecated: Use serviceAccountName instead.
  optional string serviceAccount = 9;

  // NodeName is a request to schedule this pod onto a specific node. If it is non-empty,
  // the scheduler simply schedules this pod onto that node, assuming that it fits resource
  // requirements.
  optional string nodeName = 10;

  // Host networking requested for this pod. Use the host's network namespace.
  // If this option is set, the ports that will be used must be specified.
  // Default to false.
  optional bool hostNetwork = 11;

  // Use the host's pid namespace.
  // Optional: Default to false.
  optional bool hostPID = 12;

  // Use the host's ipc namespace.
  // Optional: Default to false.
  optional bool hostIPC = 13;

  // SecurityContext holds pod-level security attributes and common container settings.
  // Optional: Defaults to empty.  See type description for default values of each field.
  optional PodSecurityContext securityContext = 14;

  // ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec.
  // If specified, these secrets will be passed to individual puller implementations for them to use. For example,
  // in the case of docker, only DockerConfig type secrets are honored.
  // More info: http://releases.k8s.io/HEAD/docs/user-guide/images.md#specifying-imagepullsecrets-on-a-pod
  repeated LocalObjectReference imagePullSecrets = 15;

  // Specifies the hostname of the Pod
  // If not specified, the pod's hostname will be set to a system-defined value.
  optional string hostname = 16;

  // If specified, the fully qualified Pod hostname will be "<hostname>.<subdomain>.<pod namespace>.svc.<cluster domain>".
  // If not specified, the pod will not have a domainname at all.
  optional string subdomain = 17;
}

// PodStatus represents information about the status of a pod. Status may trail the actual
// state of a system.
message PodStatus {
  // Current condition of the pod.
  // More info: http://releases.k8s.io/HEAD/docs/user-guide/pod-states.md#pod-phase
  optional string phase = 1;

  // Current service state of pod.
  // More info: http://releases.k8s.io/HEAD/docs/user-guide/pod-states.md#pod-conditions
  repeated PodCondition conditions = 2;

  // A human readable message indicating details about why the pod is in this condition.
  optional string message = 3;

  // A brief CamelCase message indicating details about why the pod is in this state.
  // e.g. 'OutOfDisk'
  optional string reason = 4;

  // IP address of the host to which the pod is assigned. Empty if not yet scheduled.
  optional string hostIP = 5;

  // IP address allocated to the pod. Routable at least within the cluster.
  // Empty if not yet allocated.
  optional string podIP = 6;

  // RFC 3339 date and time at which the object was acknowledged by the Kubelet.
  // This is before the Kubelet pulled the container image(s) for the pod.
  optional k8s.io.kubernetes.pkg.api.unversioned.Time startTime = 7;

  // The list has one entry per container in the manifest. Each entry is currently the output
  // of `docker inspect`.
  // More info: http://releases.k8s.io/HEAD/docs/user-guide/pod-states.md#container-statuses
  repeated ContainerStatus containerStatuses = 8;
}

// PodStatusResult is a wrapper for PodStatus returned by kubelet that can be encode/decoded
message PodStatusResult {
  // Standard object's metadata.
  // More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#metadata
  optional ObjectMeta metadata = 1;

  // Most recently observed status of the pod.
  // This data may not be up to date.
  // Populated by the system.
  // Read-only.
  // More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#spec-and-status
  optional PodStatus status = 2;
}

// PodTemplate describes a template for creating copies of a predefined pod.
message PodTemplate {
  // Standard object's metadata.
  // More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#metadata
  optional ObjectMeta metadata = 1;

  // Template defines the pods that will be created from this pod template.
  // http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#spec-and-status
  optional PodTemplateSpec template = 2;
}

// PodTemplateList is a list of PodTemplates.
message PodTemplateList {
  // Standard list metadata.
  // More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#types-kinds
  optional k8s.io.kubernetes.pkg.api.unversioned.ListMeta metadata = 1;

  // List of pod templates
  repeated PodTemplate items = 2;
}

// PodTemplateSpec describes the data a pod should have when created from a template
message PodTemplateSpec {
  // Standard object's metadata.
  // More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#metadata
  optional ObjectMeta metadata = 1;

  // Specification of the desired behavior of the pod.
  // More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#spec-and-status
  optional PodSpec spec = 2;
}

// Preconditions must be fulfilled before an operation (update, delete, etc.) is carried out.
message Preconditions {
  // Specifies the target UID.
  optional string uid = 1;
}

// An empty preferred scheduling term matches all objects with implicit weight 0
// (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).
message PreferredSchedulingTerm {
  // Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.
  optional int32 weight = 1;

  // A node selector term, associated with the corresponding weight.
  optional NodeSelectorTerm preference = 2;
}

// Probe describes a health check to be performed against a container to determine whether it is
// alive or ready to receive traffic.
message Probe {
  // The action taken to determine the health of a container
  optional Handler handler = 1;

  // Number of seconds after the container has started before liveness probes are initiated.
  // More info: http://releases.k8s.io/HEAD/docs/user-guide/pod-states.md#container-probes
  optional int32 initialDelaySeconds = 2;

  // Number of seconds after which the probe times out.
  // Defaults to 1 second. Minimum value is 1.
  // More info: http://releases.k8s.io/HEAD/docs/user-guide/pod-states.md#container-probes
  optional int32 timeoutSeconds = 3;

  // How often (in seconds) to perform the probe.
  // Default to 10 seconds. Minimum value is 1.
  optional int32 periodSeconds = 4;

  // Minimum consecutive successes for the probe to be considered successful after having failed.
  // Defaults to 1. Must be 1 for liveness. Minimum value is 1.
  optional int32 successThreshold = 5;

  // Minimum consecutive failures for the probe to be considered failed after having succeeded.
  // Defaults to 3. Minimum value is 1.
  optional int32 failureThreshold = 6;
}

// Represents a Rados Block Device mount that lasts the lifetime of a pod.
// RBD volumes support ownership management and SELinux relabeling.
message RBDVolumeSource {
  // A collection of Ceph monitors.
  // More info: http://releases.k8s.io/HEAD/examples/rbd/README.md#how-to-use-it
  repeated string monitors = 1;

  // The rados image name.
  // More info: http://releases.k8s.io/HEAD/examples/rbd/README.md#how-to-use-it
  optional string image = 2;

  // Filesystem type of the volume that you want to mount.
  // Tip: Ensure that the filesystem type is supported by the host operating system.
  // Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
  // More info: http://releases.k8s.io/HEAD/docs/user-guide/volumes.md#rbd
  // TODO: how do we prevent errors in the filesystem from compromising the machine
  optional string fsType = 3;

  // The rados pool name.
  // Default is rbd.
  // More info: http://releases.k8s.io/HEAD/examples/rbd/README.md#how-to-use-it.
  optional string pool = 4;

  // The rados user name.
  // Default is admin.
  // More info: http://releases.k8s.io/HEAD/examples/rbd/README.md#how-to-use-it
  optional string user = 5;

  // Keyring is the path to key ring for RBDUser.
  // Default is /etc/ceph/keyring.
  // More info: http://releases.k8s.io/HEAD/examples/rbd/README.md#how-to-use-it
  optional string keyring = 6;

  // SecretRef is name of the authentication secret for RBDUser. If provided
  // overrides keyring.
  // Default is empty.
  // More info: http://releases.k8s.io/HEAD/examples/rbd/README.md#how-to-use-it
  optional LocalObjectReference secretRef = 7;

  // ReadOnly here will force the ReadOnly setting in VolumeMounts.
  // Defaults to false.
  // More info: http://releases.k8s.io/HEAD/examples/rbd/README.md#how-to-use-it
  optional bool readOnly = 8;
}

// RangeAllocation is not a public type.
message RangeAllocation {
  // Standard object's metadata.
  // More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#metadata
  optional ObjectMeta metadata = 1;

  // Range is string that identifies the range represented by 'data'.
  optional string range = 2;

  // Data is a bit array containing all allocated addresses in the previous segment.
  optional bytes data = 3;
}

// ReplicationController represents the configuration of a replication controller.
message ReplicationController {
  // If the Labels of a ReplicationController are empty, they are defaulted to
  // be the same as the Pod(s) that the replication controller manages.
  // Standard object's metadata. More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#metadata
  optional ObjectMeta metadata = 1;

  // Spec defines the specification of the desired behavior of the replication controller.
  // More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#spec-and-status
  optional ReplicationControllerSpec spec = 2;

  // Status is the most recently observed status of the replication controller.
  // This data may be out of date by some window of time.
  // Populated by the system.
  // Read-only.
  // More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#spec-and-status
  optional ReplicationControllerStatus status = 3;
}

// ReplicationControllerList is a collection of replication controllers.
message ReplicationControllerList {
  // Standard list metadata.
  // More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#types-kinds
  optional k8s.io.kubernetes.pkg.api.unversioned.ListMeta metadata = 1;

  // List of replication controllers.
  // More info: http://releases.k8s.io/HEAD/docs/user-guide/replication-controller.md
  repeated ReplicationController items = 2;
}

// ReplicationControllerSpec is the specification of a replication controller.
message ReplicationControllerSpec {
  // Replicas is the number of desired replicas.
  // This is a pointer to distinguish between explicit zero and unspecified.
  // Defaults to 1.
  // More info: http://releases.k8s.io/HEAD/docs/user-guide/replication-controller.md#what-is-a-replication-controller
  optional int32 replicas = 1;

  // Selector is a label query over pods that should match the Replicas count.
  // If Selector is empty, it is defaulted to the labels present on the Pod template.
  // Label keys and values that must match in order to be controlled by this replication
  // controller, if empty defaulted to labels on Pod template.
  // More info: http://releases.k8s.io/HEAD/docs/user-guide/labels.md#label-selectors
  map<string, string> selector = 2;

  // Template is the object that describes the pod that will be created if
  // insufficient replicas are detected. This takes precedence over a TemplateRef.
  // More info: http://releases.k8s.io/HEAD/docs/user-guide/replication-controller.md#pod-template
  optional PodTemplateSpec template = 3;
}

// ReplicationControllerStatus represents the current status of a replication
// controller.
message ReplicationControllerStatus {
  // Replicas is the most recently oberved number of replicas.
  // More info: http://releases.k8s.io/HEAD/docs/user-guide/replication-controller.md#what-is-a-replication-controller
  optional int32 replicas = 1;

  // The number of pods that have labels matching the labels of the pod template of the replication controller.
  optional int32 fullyLabeledReplicas = 2;

  // ObservedGeneration reflects the generation of the most recently observed replication controller.
  optional int64 observedGeneration = 3;
}

// ResourceQuota sets aggregate quota restrictions enforced per namespace
message ResourceQuota {
  // Standard object's metadata.
  // More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#metadata
  optional ObjectMeta metadata = 1;

  // Spec defines the desired quota.
  // http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#spec-and-status
  optional ResourceQuotaSpec spec = 2;

  // Status defines the actual enforced quota and its current usage.
  // http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#spec-and-status
  optional ResourceQuotaStatus status = 3;
}

// ResourceQuotaList is a list of ResourceQuota items.
message ResourceQuotaList {
  // Standard list metadata.
  // More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#types-kinds
  optional k8s.io.kubernetes.pkg.api.unversioned.ListMeta metadata = 1;

  // Items is a list of ResourceQuota objects.
  // More info: http://releases.k8s.io/HEAD/docs/design/admission_control_resource_quota.md#admissioncontrol-plugin-resourcequota
  repeated ResourceQuota items = 2;
}

// ResourceQuotaSpec defines the desired hard limits to enforce for Quota.
message ResourceQuotaSpec {
  // Hard is the set of desired hard limits for each named resource.
  // More info: http://releases.k8s.io/HEAD/docs/design/admission_control_resource_quota.md#admissioncontrol-plugin-resourcequota
  map<string, k8s.io.kubernetes.pkg.api.resource.Quantity> hard = 1;

  // A collection of filters that must match each object tracked by a quota.
  // If not specified, the quota matches all objects.
  repeated string scopes = 2;
}

// ResourceQuotaStatus defines the enforced hard limits and observed use.
message ResourceQuotaStatus {
  // Hard is the set of enforced hard limits for each named resource.
  // More info: http://releases.k8s.io/HEAD/docs/design/admission_control_resource_quota.md#admissioncontrol-plugin-resourcequota
  map<string, k8s.io.kubernetes.pkg.api.resource.Quantity> hard = 1;

  // Used is the current observed total usage of the resource in the namespace.
  map<string, k8s.io.kubernetes.pkg.api.resource.Quantity> used = 2;
}

// ResourceRequirements describes the compute resource requirements.
message ResourceRequirements {
  // Limits describes the maximum amount of compute resources allowed.
  // More info: http://releases.k8s.io/HEAD/docs/design/resources.md#resource-specifications
  map<string, k8s.io.kubernetes.pkg.api.resource.Quantity> limits = 1;

  // Requests describes the minimum amount of compute resources required.
  // If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
  // otherwise to an implementation-defined value.
  // More info: http://releases.k8s.io/HEAD/docs/design/resources.md#resource-specifications
  map<string, k8s.io.kubernetes.pkg.api.resource.Quantity> requests = 2;
}

// SELinuxOptions are the labels to be applied to the container
message SELinuxOptions {
  // User is a SELinux user label that applies to the container.
  optional string user = 1;

  // Role is a SELinux role label that applies to the container.
  optional string role = 2;

  // Type is a SELinux type label that applies to the container.
  optional string type = 3;

  // Level is SELinux level label that applies to the container.
  optional string level = 4;
}

// Secret holds secret data of a certain type. The total bytes of the values in
// the Data field must be less than MaxSecretSize bytes.
message Secret {
  // Standard object's metadata.
  // More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#metadata
  optional ObjectMeta metadata = 1;

  // Data contains the secret data. Each key must be a valid DNS_SUBDOMAIN
  // or leading dot followed by valid DNS_SUBDOMAIN.
  // The serialized form of the secret data is a base64 encoded string,
  // representing the arbitrary (possibly non-string) data value here.
  // Described in https://tools.ietf.org/html/rfc4648#section-4
  map<string, bytes> data = 2;

  // Used to facilitate programmatic handling of secret data.
  optional string type = 3;
}

// SecretKeySelector selects a key of a Secret.
message SecretKeySelector {
  // The name of the secret in the pod's namespace to select from.
  optional LocalObjectReference localObjectReference = 1;

  // The key of the secret to select from.  Must be a valid secret key.
  optional string key = 2;
}

// SecretList is a list of Secret.
message SecretList {
  // Standard list metadata.
  // More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#types-kinds
  optional k8s.io.kubernetes.pkg.api.unversioned.ListMeta metadata = 1;

  // Items is a list of secret objects.
  // More info: http://releases.k8s.io/HEAD/docs/user-guide/secrets.md
  repeated Secret items = 2;
}

// Adapts a Secret into a volume.
// 
// The contents of the target Secret's Data field will be presented in a volume
// as files using the keys in the Data field as the file names.
// Secret volumes support ownership management and SELinux relabeling.
message SecretVolumeSource {
  // Name of the secret in the pod's namespace to use.
  // More info: http://releases.k8s.io/HEAD/docs/user-guide/volumes.md#secrets
  optional string secretName = 1;
}

// SecurityContext holds security configuration that will be applied to a container.
// Some fields are present in both SecurityContext and PodSecurityContext.  When both
// are set, the values in SecurityContext take precedence.
message SecurityContext {
  // The capabilities to add/drop when running containers.
  // Defaults to the default set of capabilities granted by the container runtime.
  optional Capabilities capabilities = 1;

  // Run container in privileged mode.
  // Processes in privileged containers are essentially equivalent to root on the host.
  // Defaults to false.
  optional bool privileged = 2;

  // The SELinux context to be applied to the container.
  // If unspecified, the container runtime will allocate a random SELinux context for each
  // container.  May also be set in PodSecurityContext.  If set in both SecurityContext and
  // PodSecurityContext, the value specified in SecurityContext takes precedence.
  optional SELinuxOptions seLinuxOptions = 3;

  // The UID to run the entrypoint of the container process.
  // Defaults to user specified in image metadata if unspecified.
  // May also be set in PodSecurityContext.  If set in both SecurityContext and
  // PodSecurityContext, the value specified in SecurityContext takes precedence.
  optional int64 runAsUser = 4;

  // Indicates that the container must run as a non-root user.
  // If true, the Kubelet will validate the image at runtime to ensure that it
  // does not run as UID 0 (root) and fail to start the container if it does.
  // If unset or false, no such validation will be performed.
  // May also be set in PodSecurityContext.  If set in both SecurityContext and
  // PodSecurityContext, the value specified in SecurityContext takes precedence.
  optional bool runAsNonRoot = 5;

  // Whether this container has a read-only root filesystem.
  // Default is false.
  optional bool readOnlyRootFilesystem = 6;
}

// SerializedReference is a reference to serialized object.
message SerializedReference {
  // The reference to an object in the system.
  optional ObjectReference reference = 1;
}

// Service is a named abstraction of software service (for example, mysql) consisting of local port
// (for example 3306) that the proxy listens on, and the selector that determines which pods
// will answer requests sent through the proxy.
message Service {
  // Standard object's metadata.
  // More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#metadata
  optional ObjectMeta metadata = 1;

  // Spec defines the behavior of a service.
  // http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#spec-and-status
  optional ServiceSpec spec = 2;

  // Most recently observed status of the service.
  // Populated by the system.
  // Read-only.
  // More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#spec-and-status
  optional ServiceStatus status = 3;
}

// ServiceAccount binds together:
// * a name, understood by users, and perhaps by peripheral systems, for an identity
// * a principal that can be authenticated and authorized
// * a set of secrets
message ServiceAccount {
  // Standard object's metadata.
  // More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#metadata
  optional ObjectMeta metadata = 1;

  // Secrets is the list of secrets allowed to be used by pods running using this ServiceAccount.
  // More info: http://releases.k8s.io/HEAD/docs/user-guide/secrets.md
  repeated ObjectReference secrets = 2;

  // ImagePullSecrets is a list of references to secrets in the same namespace to use for pulling any images
  // in pods that reference this ServiceAccount. ImagePullSecrets are distinct from Secrets because Secrets
  // can be mounted in the pod, but ImagePullSecrets are only accessed by the kubelet.
  // More info: http://releases.k8s.io/HEAD/docs/user-guide/secrets.md#manually-specifying-an-imagepullsecret
  repeated LocalObjectReference imagePullSecrets = 3;
}

// ServiceAccountList is a list of ServiceAccount objects
message ServiceAccountList {
  // Standard list metadata.
  // More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#types-kinds
  optional k8s.io.kubernetes.pkg.api.unversioned.ListMeta metadata = 1;

  // List of ServiceAccounts.
  // More info: http://releases.k8s.io/HEAD/docs/design/service_accounts.md#service-accounts
  repeated ServiceAccount items = 2;
}

// ServiceList holds a list of services.
message ServiceList {
  // Standard list metadata.
  // More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#types-kinds
  optional k8s.io.kubernetes.pkg.api.unversioned.ListMeta metadata = 1;

  // List of services
  repeated Service items = 2;
}

// ServicePort contains information on service's port.
message ServicePort {
  // The name of this port within the service. This must be a DNS_LABEL.
  // All ports within a ServiceSpec must have unique names. This maps to
  // the 'Name' field in EndpointPort objects.
  // Optional if only one ServicePort is defined on this service.
  optional string name = 1;

  // The IP protocol for this port. Supports "TCP" and "UDP".
  // Default is TCP.
  optional string protocol = 2;

  // The port that will be exposed by this service.
  optional int32 port = 3;

  // Number or name of the port to access on the pods targeted by the service.
  // Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
  // If this is a string, it will be looked up as a named port in the
  // target Pod's container ports. If this is not specified, the value
  // of the 'port' field is used (an identity map).
  // This field is ignored for services with clusterIP=None, and should be
  // omitted or set equal to the 'port' field.
  // More info: http://releases.k8s.io/HEAD/docs/user-guide/services.md#defining-a-service
  optional k8s.io.kubernetes.pkg.util.intstr.IntOrString targetPort = 4;

  // The port on each node on which this service is exposed when type=NodePort or LoadBalancer.
  // Usually assigned by the system. If specified, it will be allocated to the service
  // if unused or else creation of the service will fail.
  // Default is to auto-allocate a port if the ServiceType of this Service requires one.
  // More info: http://releases.k8s.io/HEAD/docs/user-guide/services.md#type--nodeport
  optional int32 nodePort = 5;
}

// ServiceProxyOptions is the query options to a Service's proxy call.
message ServiceProxyOptions {
  // Path is the part of URLs that include service endpoints, suffixes,
  // and parameters to use for the current proxy request to service.
  // For example, the whole request URL is
  // http://localhost/api/v1/namespaces/kube-system/services/elasticsearch-logging/_search?q=user:kimchy.
  // Path is _search?q=user:kimchy.
  optional string path = 1;
}

// ServiceSpec describes the attributes that a user creates on a service.
message ServiceSpec {
  // The list of ports that are exposed by this service.
  // More info: http://releases.k8s.io/HEAD/docs/user-guide/services.md#virtual-ips-and-service-proxies
  repeated ServicePort ports = 1;

  // This service will route traffic to pods having labels matching this selector.
  // Label keys and values that must match in order to receive traffic for this service.
  // If empty, all pods are selected, if not specified, endpoints must be manually specified.
  // More info: http://releases.k8s.io/HEAD/docs/user-guide/services.md#overview
  map<string, string> selector = 2;

  // ClusterIP is usually assigned by the master and is the IP address of the service.
  // If specified, it will be allocated to the service if it is unused
  // or else creation of the service will fail.
  // Valid values are None, empty string (""), or a valid IP address.
  // 'None' can be specified for a headless service when proxying is not required.
  // Cannot be updated.
  // More info: http://releases.k8s.io/HEAD/docs/user-guide/services.md#virtual-ips-and-service-proxies
  optional string clusterIP = 3;

  // Type of exposed service. Must be ClusterIP, NodePort, or LoadBalancer.
  // Defaults to ClusterIP.
  // More info: http://releases.k8s.io/HEAD/docs/user-guide/services.md#external-services
  optional string type = 4;

  // externalIPs is a list of IP addresses for which nodes in the cluster
  // will also accept traffic for this service.  These IPs are not managed by
  // Kubernetes.  The user is responsible for ensuring that traffic arrives
  // at a node with this IP.  A common example is external load-balancers
  // that are not part of the Kubernetes system.  A previous form of this
  // functionality exists as the deprecatedPublicIPs field.  When using this
  // field, callers should also clear the deprecatedPublicIPs field.
  repeated string externalIPs = 5;

  // deprecatedPublicIPs is deprecated and replaced by the externalIPs field
  // with almost the exact same semantics.  This field is retained in the v1
  // API for compatibility until at least 8/20/2016.  It will be removed from
  // any new API revisions.  If both deprecatedPublicIPs *and* externalIPs are
  // set, deprecatedPublicIPs is used.
  // +genconversion=false
  repeated string deprecatedPublicIPs = 6;

  // Supports "ClientIP" and "None". Used to maintain session affinity.
  // Enable client IP based session affinity.
  // Must be ClientIP or None.
  // Defaults to None.
  // More info: http://releases.k8s.io/HEAD/docs/user-guide/services.md#virtual-ips-and-service-proxies
  optional string sessionAffinity = 7;

  // Only applies to Service Type: LoadBalancer
  // LoadBalancer will get created with the IP specified in this field.
  // This feature depends on whether the underlying cloud-provider supports specifying
  // the loadBalancerIP when a load balancer is created.
  // This field will be ignored if the cloud-provider does not support the feature.
  optional string loadBalancerIP = 8;
}

// ServiceStatus represents the current status of a service.
message ServiceStatus {
  // LoadBalancer contains the current status of the load-balancer,
  // if one is present.
  optional LoadBalancerStatus loadBalancer = 1;
}

// TCPSocketAction describes an action based on opening a socket
message TCPSocketAction {
  // Number or name of the port to access on the container.
  // Number must be in the range 1 to 65535.
  // Name must be an IANA_SVC_NAME.
  optional k8s.io.kubernetes.pkg.util.intstr.IntOrString port = 1;
}

// Volume represents a named volume in a pod that may be accessed by any container in the pod.
message Volume {
  // Volume's name.
  // Must be a DNS_LABEL and unique within the pod.
  // More info: http://releases.k8s.io/HEAD/docs/user-guide/identifiers.md#names
  optional string name = 1;

  // VolumeSource represents the location and type of the mounted volume.
  // If not specified, the Volume is implied to be an EmptyDir.
  // This implied behavior is deprecated and will be removed in a future version.
  optional VolumeSource volumeSource = 2;
}

// VolumeMount describes a mounting of a Volume within a container.
message VolumeMount {
  // This must match the Name of a Volume.
  optional string name = 1;

  // Mounted read-only if true, read-write otherwise (false or unspecified).
  // Defaults to false.
  optional bool readOnly = 2;

  // Path within the container at which the volume should be mounted.  Must
  // not contain ':'.
  optional string mountPath = 3;

  // Path within the volume from which the container's volume should be mounted.
  // Defaults to "" (volume's root).
  optional string subPath = 4;
}

// Represents the source of a volume to mount.
// Only one of its members may be specified.
message VolumeSource {
  // HostPath represents a pre-existing file or directory on the host
  // machine that is directly exposed to the container. This is generally
  // used for system agents or other privileged things that are allowed
  // to see the host machine. Most containers will NOT need this.
  // More info: http://releases.k8s.io/HEAD/docs/user-guide/volumes.md#hostpath
  // ---
  // TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not
  // mount host directories as read/write.
  optional HostPathVolumeSource hostPath = 1;

  // EmptyDir represents a temporary directory that shares a pod's lifetime.
  // More info: http://releases.k8s.io/HEAD/docs/user-guide/volumes.md#emptydir
  optional EmptyDirVolumeSource emptyDir = 2;

  // GCEPersistentDisk represents a GCE Disk resource that is attached to a
  // kubelet's host machine and then exposed to the pod.
  // More info: http://releases.k8s.io/HEAD/docs/user-guide/volumes.md#gcepersistentdisk
  optional GCEPersistentDiskVolumeSource gcePersistentDisk = 3;

  // AWSElasticBlockStore represents an AWS Disk resource that is attached to a
  // kubelet's host machine and then exposed to the pod.
  // More info: http://releases.k8s.io/HEAD/docs/user-guide/volumes.md#awselasticblockstore
  optional AWSElasticBlockStoreVolumeSource awsElasticBlockStore = 4;

  // GitRepo represents a git repository at a particular revision.
  optional GitRepoVolumeSource gitRepo = 5;

  // Secret represents a secret that should populate this volume.
  // More info: http://releases.k8s.io/HEAD/docs/user-guide/volumes.md#secrets
  optional SecretVolumeSource secret = 6;

  // NFS represents an NFS mount on the host that shares a pod's lifetime
  // More info: http://releases.k8s.io/HEAD/docs/user-guide/volumes.md#nfs
  optional NFSVolumeSource nfs = 7;

  // ISCSI represents an ISCSI Disk resource that is attached to a
  // kubelet's host machine and then exposed to the pod.
  // More info: http://releases.k8s.io/HEAD/examples/iscsi/README.md
  optional ISCSIVolumeSource iscsi = 8;

  // Glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime.
  // More info: http://releases.k8s.io/HEAD/examples/glusterfs/README.md
  optional GlusterfsVolumeSource glusterfs = 9;

  // PersistentVolumeClaimVolumeSource represents a reference to a
  // PersistentVolumeClaim in the same namespace.
  // More info: http://releases.k8s.io/HEAD/docs/user-guide/persistent-volumes.md#persistentvolumeclaims
  optional PersistentVolumeClaimVolumeSource persistentVolumeClaim = 10;

  // RBD represents a Rados Block Device mount on the host that shares a pod's lifetime.
  // More info: http://releases.k8s.io/HEAD/examples/rbd/README.md
  optional RBDVolumeSource rbd = 11;

  // FlexVolume represents a generic volume resource that is
  // provisioned/attached using a exec based plugin. This is an
  // alpha feature and may change in future.
  optional FlexVolumeSource flexVolume = 12;

  // Cinder represents a cinder volume attached and mounted on kubelets host machine
  // More info: http://releases.k8s.io/HEAD/examples/mysql-cinder-pd/README.md
  optional CinderVolumeSource cinder = 13;

  // CephFS represents a Ceph FS mount on the host that shares a pod's lifetime
  optional CephFSVolumeSource cephfs = 14;

  // Flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running
  optional FlockerVolumeSource flocker = 15;

  // DownwardAPI represents downward API about the pod that should populate this volume
  optional DownwardAPIVolumeSource downwardAPI = 16;

  // FC represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod.
  optional FCVolumeSource fc = 17;

  // AzureFile represents an Azure File Service mount on the host and bind mount to the pod.
  optional AzureFileVolumeSource azureFile = 18;

  // ConfigMap represents a configMap that should populate this volume
  optional ConfigMapVolumeSource configMap = 19;
}

// The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)
message WeightedPodAffinityTerm {
  // weight associated with matching the corresponding podAffinityTerm,
  // in the range 1-100.
  optional int32 weight = 1;

  // Required. A pod affinity term, associated with the corresponding weight.
  optional PodAffinityTerm podAffinityTerm = 2;
}