// associated with "runlevel" of "0" or "1";  you will set the selector as
  // follows:
  // "namespaceSelector": {
  //   "matchExpressions": [
  //     {
  //       "key": "runlevel",
  //       "operator": "NotIn",
  //       "values": [
  //         "0",
  //         "1"
  //       ]
  //     }
  //   ]
  // }
  //

}

// A label selector requirement is a selector that contains values, a key, and an operator that
// relates the key and values.
message LabelSelectorRequirement {
  // key is the label key that the selector applies to.
  // +patchMergeKey=key
  // +patchStrategy=merge
  optional string key = 1;

  // operator represents a key's relationship to a set of values.
  // Valid operators are In, NotIn, Exists and DoesNotExist.

  // +optional
  optional string patchType = 5;

  // AuditAnnotations is an unstructured key value map set by remote admission controller (e.g. error=image-blacklisted).
  // MutatingAdmissionWebhook and ValidatingAdmissionWebhook admission controller will prefix the keys with
  // admission webhook name (e.g. imagepolicy.example.com/error=image-blacklisted). AuditAnnotations will be provided by

  //
  // +optional
  optional int32 expirationSeconds = 8;

  // usages specifies a set of key usages requested in the issued certificate.
  //
  // Requests for TLS client certificates typically request: "digital signature", "key encipherment", "client auth".
  //
  // Requests for TLS serving certificates typically request: "key encipherment", "digital signature", "server auth".
  //
  // Valid values are:

// When using impersonation, users will receive the user info of the user being impersonated.  If impersonation or
// request header authentication is used, any extra keys will have their case ignored and returned as lowercase.
message SelfSubjectReview {
  // Standard object's metadata.
  // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

  // Defaults to 0 (pod will be considered available as soon as it is ready)
  // +optional
  optional int32 minReadySeconds = 4;

  // Selector is a label query over pods that should match the replica count.
  // Label keys and values that must match in order to be controlled by this replica set.
  // It must match the pod template's labels.
  // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors

  optional int32 minReadySeconds = 4;

  // Selector is a label query over pods that should match the replica count.
  // If the selector is empty, it is defaulted to the labels present on the pod template.
  // Label keys and values that must match in order to be controlled by this replica set.
  // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors
  // +optional

  // +optional
  optional string patchType = 5;

  // AuditAnnotations is an unstructured key value map set by remote admission controller (e.g. error=image-blacklisted).
  // MutatingAdmissionWebhook and ValidatingAdmissionWebhook admission controller will prefix the keys with
  // admission webhook name (e.g. imagepolicy.example.com/error=image-blacklisted). AuditAnnotations will be provided by

  // allowedUsages specifies a set of usage contexts the key will be
  // valid for.
  // See:
  // 	https://tools.ietf.org/html/rfc5280#section-4.2.1.3
  // 	https://tools.ietf.org/html/rfc5280#section-4.2.1.12
  //
  // Valid values are:
  //  "signing",
  //  "digital signature",
  //  "content commitment",
  //  "key encipherment",
  //  "key agreement",
  //  "data encipherment",
  //  "cert sign",

// When using impersonation, users will receive the user info of the user being impersonated.  If impersonation or
// request header authentication is used, any extra keys will have their case ignored and returned as lowercase.
message SelfSubjectReview {
  // Standard object's metadata.
  // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata