k8s.io/kubernetes@v1.31.0-alpha.0.0.20240520171757-56147500dadc/pkg/apis/core/annotation_key_constants.go (about) 1 /* 2 Copyright 2017 The Kubernetes Authors. 3 4 Licensed under the Apache License, Version 2.0 (the "License"); 5 you may not use this file except in compliance with the License. 6 You may obtain a copy of the License at 7 8 http://www.apache.org/licenses/LICENSE-2.0 9 10 Unless required by applicable law or agreed to in writing, software 11 distributed under the License is distributed on an "AS IS" BASIS, 12 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 See the License for the specific language governing permissions and 14 limitations under the License. 15 */ 16 17 // This file should be consistent with pkg/api/v1/annotation_key_constants.go. 18 19 package core 20 21 const ( 22 // ImagePolicyFailedOpenKey is added to pods created by failing open when the image policy 23 // webhook backend fails. 24 ImagePolicyFailedOpenKey string = "alpha.image-policy.k8s.io/failed-open" 25 26 // MirrorPodAnnotationKey represents the annotation key set by kubelets when creating mirror pods 27 MirrorPodAnnotationKey string = "kubernetes.io/config.mirror" 28 29 // TolerationsAnnotationKey represents the key of tolerations data (json serialized) 30 // in the Annotations of a Pod. 31 TolerationsAnnotationKey string = "scheduler.alpha.kubernetes.io/tolerations" 32 33 // TaintsAnnotationKey represents the key of taints data (json serialized) 34 // in the Annotations of a Node. 35 TaintsAnnotationKey string = "scheduler.alpha.kubernetes.io/taints" 36 37 // SeccompPodAnnotationKey represents the key of a seccomp profile applied 38 // to all containers of a pod. 39 // Deprecated: set a pod security context `seccompProfile` field. 40 SeccompPodAnnotationKey string = "seccomp.security.alpha.kubernetes.io/pod" 41 42 // SeccompContainerAnnotationKeyPrefix represents the key of a seccomp profile applied 43 // to one container of a pod. 44 // Deprecated: set a container security context `seccompProfile` field. 45 SeccompContainerAnnotationKeyPrefix string = "container.seccomp.security.alpha.kubernetes.io/" 46 47 // SeccompProfileRuntimeDefault represents the default seccomp profile used by container runtime. 48 // Deprecated: set a pod or container security context `seccompProfile` of type "RuntimeDefault" instead. 49 SeccompProfileRuntimeDefault string = "runtime/default" 50 51 // DeprecatedSeccompProfileDockerDefault represents the default seccomp profile used by docker. 52 // Deprecated: set a pod or container security context `seccompProfile` of type "RuntimeDefault" instead. 53 DeprecatedSeccompProfileDockerDefault string = "docker/default" 54 55 // DeprecatedAppArmorAnnotationKeyPrefix is the prefix to an annotation key specifying a container's apparmor profile. 56 // Deprecated: use a pod or container security context `appArmorProfile` field instead. 57 DeprecatedAppArmorAnnotationKeyPrefix = "container.apparmor.security.beta.kubernetes.io/" 58 59 // DeprecatedAppArmorAnnotationValueRuntimeDefault is the profile specifying the runtime default. 60 DeprecatedAppArmorAnnotationValueRuntimeDefault = "runtime/default" 61 62 // DeprecatedAppArmorAnnotationValueLocalhostPrefix is the prefix for specifying profiles loaded on the node. 63 DeprecatedAppArmorAnnotationValueLocalhostPrefix = "localhost/" 64 65 // DeprecatedAppArmorAnnotationValueUnconfined is the Unconfined AppArmor profile 66 DeprecatedAppArmorAnnotationValueUnconfined = "unconfined" 67 68 // PreferAvoidPodsAnnotationKey represents the key of preferAvoidPods data (json serialized) 69 // in the Annotations of a Node. 70 PreferAvoidPodsAnnotationKey string = "scheduler.alpha.kubernetes.io/preferAvoidPods" 71 72 // ObjectTTLAnnotationKey represents a suggestion for kubelet for how long it can cache 73 // an object (e.g. secret, config map) before fetching it again from apiserver. 74 // This annotation can be attached to node. 75 ObjectTTLAnnotationKey string = "node.alpha.kubernetes.io/ttl" 76 77 // NonConvertibleAnnotationPrefix annotation key prefix used to identify non-convertible json paths. 78 NonConvertibleAnnotationPrefix = "non-convertible.kubernetes.io" 79 80 kubectlPrefix = "kubectl.kubernetes.io/" 81 82 // LastAppliedConfigAnnotation is the annotation used to store the previous 83 // configuration of a resource for use in a three way diff by UpdateApplyAnnotation. 84 LastAppliedConfigAnnotation = kubectlPrefix + "last-applied-configuration" 85 86 // AnnotationLoadBalancerSourceRangesKey is the key of the annotation on a service to set allowed ingress ranges on their LoadBalancers 87 // 88 // It should be a comma-separated list of CIDRs, e.g. `0.0.0.0/0` to 89 // allow full access (the default) or `18.0.0.0/8,56.0.0.0/8` to allow 90 // access only from the CIDRs currently allocated to MIT & the USPS. 91 // 92 // Not all cloud providers support this annotation, though AWS & GCE do. 93 AnnotationLoadBalancerSourceRangesKey = "service.beta.kubernetes.io/load-balancer-source-ranges" 94 95 // EndpointsLastChangeTriggerTime is the annotation key, set for endpoints objects, that 96 // represents the timestamp (stored as RFC 3339 date-time string, e.g. '2018-10-22T19:32:52.1Z') 97 // of the last change, of some Pod or Service object, that triggered the endpoints object change. 98 // In other words, if a Pod / Service changed at time T0, that change was observed by endpoints 99 // controller at T1, and the Endpoints object was changed at T2, the 100 // EndpointsLastChangeTriggerTime would be set to T0. 101 // 102 // The "endpoints change trigger" here means any Pod or Service change that resulted in the 103 // Endpoints object change. 104 // 105 // Given the definition of the "endpoints change trigger", please note that this annotation will 106 // be set ONLY for endpoints object changes triggered by either Pod or Service change. If the 107 // Endpoints object changes due to other reasons, this annotation won't be set (or updated if it's 108 // already set). 109 // 110 // This annotation will be used to compute the in-cluster network programming latency SLI, see 111 // https://github.com/kubernetes/community/blob/master/sig-scalability/slos/network_programming_latency.md 112 EndpointsLastChangeTriggerTime = "endpoints.kubernetes.io/last-change-trigger-time" 113 114 // EndpointsOverCapacity will be set on an Endpoints resource when it 115 // exceeds the maximum capacity of 1000 addresses. Initially the Endpoints 116 // controller will set this annotation with a value of "warning". In a 117 // future release, the controller may set this annotation with a value of 118 // "truncated" to indicate that any addresses exceeding the limit of 1000 119 // have been truncated from the Endpoints resource. 120 EndpointsOverCapacity = "endpoints.kubernetes.io/over-capacity" 121 122 // MigratedPluginsAnnotationKey is the annotation key, set for CSINode objects, that is a comma-separated 123 // list of in-tree plugins that will be serviced by the CSI backend on the Node represented by CSINode. 124 // This annotation is used by the Attach Detach Controller to determine whether to use the in-tree or 125 // CSI Backend for a volume plugin on a specific node. 126 MigratedPluginsAnnotationKey = "storage.alpha.kubernetes.io/migrated-plugins" 127 128 // PodDeletionCost can be used to set to an int32 that represent the cost of deleting 129 // a pod compared to other pods belonging to the same ReplicaSet. Pods with lower 130 // deletion cost are preferred to be deleted before pods with higher deletion cost. 131 // Note that this is honored on a best-effort basis, and so it does not offer guarantees on 132 // pod deletion order. 133 // The implicit deletion cost for pods that don't set the annotation is 0, negative values are permitted. 134 // 135 // This annotation is beta-level and is only honored when PodDeletionCost feature is enabled. 136 PodDeletionCost = "controller.kubernetes.io/pod-deletion-cost" 137 138 // DeprecatedAnnotationTopologyAwareHints can be used to enable or disable 139 // Topology Aware Hints for a Service. This may be set to "Auto" or 140 // "Disabled". Any other value is treated as "Disabled". This annotation has 141 // been deprecated in favor of the `service.kubernetes.io/topology-mode` 142 // annotation which also allows "Auto" and "Disabled", but is not limited to 143 // those (it's open ended to provide room for experimentation while we 144 // pursue configuration for topology via specification). When both 145 // `service.kubernetes.io/topology-aware-hints` and 146 // `service.kubernetes.io/topology-mode` annotations are set, the value of 147 // `service.kubernetes.io/topology-aware-hints` has precedence. 148 DeprecatedAnnotationTopologyAwareHints = "service.kubernetes.io/topology-aware-hints" 149 150 // AnnotationTopologyMode can be used to enable or disable Topology Aware 151 // Routing for a Service. Well known values are "Auto" and "Disabled". 152 // Implementations may choose to develop new topology approaches, exposing 153 // them with domain-prefixed values. For example, "example.com/lowest-rtt" 154 // could be a valid implementation-specific value for this annotation. These 155 // heuristics will often populate topology hints on EndpointSlices, but that 156 // is not a requirement. 157 AnnotationTopologyMode = "service.kubernetes.io/topology-mode" 158 )