//
  // Custom signerNames can also be specified. The signer defines:
  //  1. Trust distribution: how trust (CA bundles) are distributed.
  //  2. Permitted subjects: and behavior when a disallowed subject is requested.
  //  3. Required, permitted, or forbidden x509 extensions in the request (including whether subjectAltNames are allowed, which types, restrictions on allowed values) and behavior when a disallowed extension is requested.

// the Data field. ControllerRevisions may, however, be deleted. Note that, due to its use by both
// the DaemonSet and StatefulSet controllers for update and rollback, this object is beta. However,
// it may be subject to name and representation changes in future releases, and clients should not
// depend on its stability. It is primarily for internal use by controllers.
message ControllerRevision {
  // Standard object's metadata.

  // `type` indicates whether this priority level is subject to
  // limitation on request execution.  A value of `"Exempt"` means
  // that requests of this priority level are not subject to a limit
  // (and thus are never queued) and do not detract from the
  // capacity made available to other priority levels.  A value of
  // `"Limited"` means that (a) requests of this priority level
  // _are_ subject to limits and (b) some of the server's limited

  // `type` indicates whether this priority level is subject to
  // limitation on request execution.  A value of `"Exempt"` means
  // that requests of this priority level are not subject to a limit
  // (and thus are never queued) and do not detract from the
  // capacity made available to other priority levels.  A value of
  // `"Limited"` means that (a) requests of this priority level
  // _are_ subject to limits and (b) some of the server's limited

  // when set to true, will allow host volumes matching the pathPrefix only if all volume mounts are readOnly.
  // +optional
  optional bool readOnly = 2;
}

// Eviction evicts a pod from its node subject to certain policies and safety constraints.
// This is a subresource of Pod.  A request to cause such an eviction is
// created by POSTing to .../pods/<pod name>/evictions.
message Eviction {

// the Data field. ControllerRevisions may, however, be deleted. Note that, due to its use by both
// the DaemonSet and StatefulSet controllers for update and rollback, this object is beta. However,
// it may be subject to name and representation changes in future releases, and clients should not
// depend on its stability. It is primarily for internal use by controllers.
message ControllerRevision {
  // Standard object's metadata.

// Because authorization rules are additive, if a rule appears in a list it's safe to assume the subject has that permission,
// even if that list is incomplete.
message SubjectRulesReviewStatus {
  // ResourceRules is the list of actions the subject is allowed to perform on resources.
  // The list ordering isn't significant, may contain duplicates, and possibly be incomplete.

// the Data field. ControllerRevisions may, however, be deleted. Note that, due to its use by both
// the DaemonSet and StatefulSet controllers for update and rollback, this object is beta. However,
// it may be subject to name and representation changes in future releases, and clients should not
// depend on its stability. It is primarily for internal use by controllers.
message ControllerRevision {
  // Standard object's metadata.

// and adds who information via Subject.
message ClusterRoleBinding {
  // Standard object's metadata.
  // +optional
  optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1;

  // Subjects holds references to the objects the role applies to.
  // +optional
  repeated Subject subjects = 2;

  // RoleRef can only reference a ClusterRole in the global namespace.

// Because authorization rules are additive, if a rule appears in a list it's safe to assume the subject has that permission,
// even if that list is incomplete.
message SubjectRulesReviewStatus {
  // ResourceRules is the list of actions the subject is allowed to perform on resources.
  // The list ordering isn't significant, may contain duplicates, and possibly be incomplete.