Serge Bazanski | c611864 | 2021-01-31 01:17:38 +0100 | [diff] [blame] | 1 | syntax = "proto3"; |
| 2 | package config; |
| 3 | option go_package = "code.hackerspace.pl/hscloud/cluster/admitomatic/config"; |
| 4 | |
| 5 | // Admitomatic configuration, passed as a text proto, for |
| 6 | // example: |
| 7 | // |
| 8 | // $ cat sample.pb.text |
| 9 | // allow_domain { namespace: "example" dns: "*.example.com" } |
| 10 | // allow_domain { |
| 11 | // namespace: "personal-q3k" dns: "foo.q3k.org" |
| 12 | // } |
| 13 | // allow_domain { |
| 14 | // namespace: "personal-q3k" dns: "bar.q3k.org" |
| 15 | // } |
| 16 | // |
| 17 | message Config { |
| 18 | // List of domains that are allowed to be configured as |
| 19 | // ingresses in a given namespace. If a domain does not |
| 20 | // appear in this list, it will be allowed to run in any |
| 21 | // namespace. |
| 22 | repeated AllowDomain allow_domain = 1; |
Serge Bazanski | c1f3725 | 2023-06-19 21:56:29 +0000 | [diff] [blame] | 23 | |
| 24 | // List of namespaces that do not have any domain/annotation checks. |
| 25 | repeated string anything_goes_namespace = 2; |
Serge Bazanski | c611864 | 2021-01-31 01:17:38 +0100 | [diff] [blame] | 26 | } |
| 27 | |
| 28 | message AllowDomain { |
| 29 | // namespace is a kubernetes namespace. An empty string is |
| 30 | // treated as the 'default' namespace. |
| 31 | string namespace = 1; |
| 32 | // dns is a domain name like 'example.com' or a wildcard |
| 33 | // like '*.foo.example.com'. |
| 34 | // Wildcards match domains at any level beneath the root, |
| 35 | // so the example above would match 'bar.foo.example.com' |
| 36 | // and 'baz.bar.foo.example.com'. However, they do not |
| 37 | // catch the root itself, ie. the above would not catch |
| 38 | // 'foo.example.com'. |
| 39 | string dns = 2; |
radex | e36beba | 2023-10-11 00:41:48 +0200 | [diff] [blame] | 40 | // regexp enables `dns` to be treated as a domain name regexp |
| 41 | // and namespace as a template that can use $n regexp match references |
| 42 | // For example, dns: `([^.]+)\.hscloud\.ovh` and template: `personal-$1` |
| 43 | // will allow `hans.hscloud.ovh` ingress only for `personal-hans` namespace |
| 44 | bool regexp = 3; |
Serge Bazanski | c611864 | 2021-01-31 01:17:38 +0100 | [diff] [blame] | 45 | } |