kyverno/definitions/install_debug.yaml

apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
  name: clusterpolicies.kyverno.io
spec:
  group: kyverno.io
  versions:
    - name: v1alpha1
      served: true
      storage: true
  scope: Cluster
  names:
    kind: ClusterPolicy
    plural: clusterpolicies
    singular: clusterpolicy
  subresources:
    status: {}
  validation:
    openAPIV3Schema:
      properties:
        spec:
          required:
          - rules
          properties:
          # default values to be handled by user
            validationFailureAction:
              type: string
              enum: 
              - enforce # blocks the resorce api-reques if a rule fails.
              - audit # allows resource creation and reports the failed validation rules as violations. Default
            rules:
              type: array
              items:
                type: object
                required:
                - name
                - match
                properties:
                  name:
                    type: string
                  match:
                    type: object
                    required:
                    - resources
                    properties:
                      resources:
                        type: object
                        required:
                        - kinds
                        properties:
                          kinds:
                            type: array
                            items:
                              type: string
                          name:
                            type: string
                          namespaces:
                            type: array
                            items:
                              type: string
                          selector:
                            properties:
                              matchLabels:
                                type: object
                                additionalProperties:
                                  type: string
                              matchExpressions:
                                type: array
                                items:
                                  type: object
                                  required:
                                  - key
                                  - operator
                                  properties:
                                    key:
                                      type: string
                                    operator:
                                      type: string
                                    values:
                                      type: array
                                      items:
                                        type: string
                  exclude:
                    type: object
                    required:
                    - resources
                    properties:
                      resources:
                        type: object
                        properties:
                          kinds:
                            type: array
                            items:
                              type: string
                          name:
                            type: string
                          namespaces:
                            type: array
                            items:
                              type: string
                          selector:
                            properties:
                              matchLabels:
                                type: object
                                additionalProperties:
                                  type: string
                              matchExpressions:
                                type: array
                                items:
                                  type: object
                                  required:
                                  - key
                                  - operator
                                  properties:
                                    key:
                                      type: string
                                    operator:
                                      type: string
                                    values:
                                      type: array
                                      items:
                                        type: string
                  mutate:
                    type: object
                    properties:
                      overlay:
                        AnyValue: {}
                      patches:
                        type: array
                        items:
                          type: object
                          required:
                          - path
                          - op
                          properties:
                            path:
                              type: string
                            op:
                              type: string
                              enum:
                              - add
                              - replace
                              - remove
                            value:
                              AnyValue: {}
                  validate:
                    type: object
                    properties:
                      message:
                        type: string
                      pattern:
                        AnyValue: {}
                      anyPattern:
                        AnyValue: {}
                  generate:
                    type: object
                    required:
                    - kind
                    - name
                    properties:
                      kind:
                        type: string
                      name:
                        type: string
                      clone: 
                        type: object
                        required:
                        - namespace
                        - name
                        properties:
                          namespace:
                            type: string
                          name:
                            type: string
                      data:
                        AnyValue: {}
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
  name: clusterpolicyviolations.kyverno.io
spec:
  group: kyverno.io
  versions:
    - name: v1alpha1
      served: true
      storage: true
  scope: Cluster
  names:
    kind: ClusterPolicyViolation
    plural: clusterpolicyviolations
    singular: clusterpolicyviolation
  subresources:
    status: {}
  validation:
    openAPIV3Schema:
      properties:
        spec:
          required:
          - policy
          - resource
          - rules
          properties:
            policy:
              type: string
            resource:
              type: object
              required:
              - kind
              - name
              properties:
                kind:
                  type: string
                name:
                  type: string
                namespace:
                  type: string
            rules:
              type: array
              items:
                type: object
                required:
                - name
                - type
                - message
                properties:
                  name:
                    type: string
                  type:
                    type: string
                  message:
                    type: string
                  managedResource:
                    type: object
                    properties:
                      kind:
                        type: string
                      namespace:
                        type: string
                      creationBlocked:
                        type: boolean
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
  name: namespacedpolicyviolations.kyverno.io
spec:
  group: kyverno.io
  versions:
    - name: v1alpha1
      served: true
      storage: true
  scope: Namespaced
  names:
    kind: NamespacedPolicyViolation
    plural: namespacedpolicyviolations
    singular: namespacedpolicyviolation
  subresources:
    status: {}
  validation:
    openAPIV3Schema:
      properties:
        spec:
          required:
          - policy
          - resource
          - rules
          properties:
            policy:
              type: string
            resource:
              type: object
              required:
              - kind
              - name
              properties:
                kind:
                  type: string
                name:
                  type: string
                namespace:
                  type: string
            rules:
              type: array
              items:
                type: object
                required:
                - name
                - type
                - message
                properties:
                  name:
                    type: string
                  type:
                    type: string
                  message:
                    type: string
                  managedResource:
                    type: object
                    properties:
                      kind:
                        type: string
                      namespace:
                        type: string
                      creationBlocked:
                        type: boolean
---
apiVersion: v1
kind: ConfigMap
metadata:
  name: init-config
  namespace: kyverno
data:
  # resource types to be skipped by kyverno policy engine
  resourceFilters: "[Event,*,*][*,kube-system,*][*,kube-public,*][*,kube-node-lease,*][Node,*,*][APIService,*,*][TokenReview,*,*][SubjectAccessReview,*,*][*,kyverno,*]"
Allow user to run Kyverno in debug mode 2019-06-10 18:10:51 -07:00			`apiVersion: apiextensions.k8s.io/v1beta1`
			`kind: CustomResourceDefinition`
			`metadata:`
change CRD Name to ClusterPolicy & ClusterPolicyViolations 2019-09-03 14:51:51 -07:00			`name: clusterpolicies.kyverno.io`
Allow user to run Kyverno in debug mode 2019-06-10 18:10:51 -07:00			`spec:`
			`group: kyverno.io`
			`versions:`
			`- name: v1alpha1`
			`served: true`
			`storage: true`
			`scope: Cluster`
			`names:`
change CRD Name to ClusterPolicy & ClusterPolicyViolations 2019-09-03 14:51:51 -07:00			`kind: ClusterPolicy`
			`plural: clusterpolicies`
			`singular: clusterpolicy`
Allow user to run Kyverno in debug mode 2019-06-10 18:10:51 -07:00			`subresources:`
			`status: {}`
			`validation:`
			`openAPIV3Schema:`
			`properties:`
			`spec:`
			`required:`
			`- rules`
			`properties:`
clean up + fix bugs 2019-07-19 20:30:55 -07:00			`# default values to be handled by user`
			`validationFailureAction:`
add mode(blockChanges,reportViolation) CRD spec 2019-07-15 15:30:28 -07:00			`type: string`
			`enum:`
set default ValidationFailureAction to 'audit' 2019-09-06 10:18:45 -07:00			`- enforce # blocks the resorce api-reques if a rule fails.`
clean up definitions folder 2019-10-25 13:53:16 -07:00			`- audit # allows resource creation and reports the failed validation rules as violations. Default`
Allow user to run Kyverno in debug mode 2019-06-10 18:10:51 -07:00			`rules:`
			`type: array`
			`items:`
			`type: object`
			`required:`
			`- name`
update CRD 2019-07-25 14:38:38 -04:00			`- match`
Allow user to run Kyverno in debug mode 2019-06-10 18:10:51 -07:00			`properties:`
			`name:`
			`type: string`
update CRD 2019-07-25 14:38:38 -04:00			`match:`
Allow user to run Kyverno in debug mode 2019-06-10 18:10:51 -07:00			`type: object`
			`required:`
update CRD 2019-07-25 14:38:38 -04:00			`- resources`
Allow user to run Kyverno in debug mode 2019-06-10 18:10:51 -07:00			`properties:`
update CRD 2019-07-25 14:38:38 -04:00			`resources:`
			`type: object`
			`required:`
			`- kinds`
Allow user to run Kyverno in debug mode 2019-06-10 18:10:51 -07:00			`properties:`
update CRD 2019-07-25 14:38:38 -04:00			`kinds:`
Allow user to run Kyverno in debug mode 2019-06-10 18:10:51 -07:00			`type: array`
			`items:`
update CRD 2019-07-25 14:38:38 -04:00			`type: string`
			`name:`
			`type: string`
update openapi spec 2019-08-17 09:59:13 -07:00			`namespaces:`
			`type: array`
			`items:`
			`type: string`
update CRD 2019-07-25 14:38:38 -04:00			`selector:`
			`properties:`
			`matchLabels:`
			`type: object`
			`additionalProperties:`
Allow user to run Kyverno in debug mode 2019-06-10 18:10:51 -07:00			`type: string`
update CRD 2019-07-25 14:38:38 -04:00			`matchExpressions:`
			`type: array`
			`items:`
			`type: object`
			`required:`
			`- key`
			`- operator`
			`properties:`
			`key:`
			`type: string`
			`operator:`
			`type: string`
			`values:`
			`type: array`
			`items:`
			`type: string`
			`exclude:`
			`type: object`
			`required:`
			`- resources`
			`properties:`
			`resources:`
			`type: object`
			`properties:`
			`kinds:`
			`type: array`
			`items:`
			`type: string`
			`name:`
			`type: string`
update crd 2019-08-19 11:54:25 -07:00			`namespaces:`
			`type: array`
			`items:`
			`type: string`
update CRD 2019-07-25 14:38:38 -04:00			`selector:`
			`properties:`
			`matchLabels:`
			`type: object`
			`additionalProperties:`
Allow user to run Kyverno in debug mode 2019-06-10 18:10:51 -07:00			`type: string`
update CRD 2019-07-25 14:38:38 -04:00			`matchExpressions:`
			`type: array`
			`items:`
			`type: object`
			`required:`
			`- key`
			`- operator`
			`properties:`
			`key:`
			`type: string`
			`operator:`
			`type: string`
			`values:`
			`type: array`
			`items:`
			`type: string`
Allow user to run Kyverno in debug mode 2019-06-10 18:10:51 -07:00			`mutate:`
			`type: object`
			`properties:`
			`overlay:`
			`AnyValue: {}`
			`patches:`
			`type: array`
			`items:`
			`type: object`
			`required:`
			`- path`
			`- op`
			`properties:`
			`path:`
			`type: string`
			`op:`
			`type: string`
			`enum:`
			`- add`
			`- replace`
			`- remove`
			`value:`
			`AnyValue: {}`
			`validate:`
			`type: object`
			`properties:`
			`message:`
			`type: string`
			`pattern:`
			`AnyValue: {}`
add anyPattern in crd definition 2019-08-20 17:56:02 -07:00			`anyPattern:`
			`AnyValue: {}`
Allow user to run Kyverno in debug mode 2019-06-10 18:10:51 -07:00			`generate:`
			`type: object`
			`required:`
			`- kind`
			`- name`
			`properties:`
			`kind:`
			`type: string`
			`name:`
			`type: string`
			`clone:`
			`type: object`
			`required:`
			`- namespace`
			`- name`
			`properties:`
			`namespace:`
			`type: string`
			`name:`
			`type: string`
			`data:`
policyviolation, policy controller reconciliation 2019-08-07 16:14:33 -07:00			`AnyValue: {}`
			`---`
			`apiVersion: apiextensions.k8s.io/v1beta1`
			`kind: CustomResourceDefinition`
			`metadata:`
change CRD Name to ClusterPolicy & ClusterPolicyViolations 2019-09-03 14:51:51 -07:00			`name: clusterpolicyviolations.kyverno.io`
policyviolation, policy controller reconciliation 2019-08-07 16:14:33 -07:00			`spec:`
			`group: kyverno.io`
			`versions:`
			`- name: v1alpha1`
			`served: true`
			`storage: true`
			`scope: Cluster`
			`names:`
change CRD Name to ClusterPolicy & ClusterPolicyViolations 2019-09-03 14:51:51 -07:00			`kind: ClusterPolicyViolation`
			`plural: clusterpolicyviolations`
			`singular: clusterpolicyviolation`
policyviolation, policy controller reconciliation 2019-08-07 16:14:33 -07:00			`subresources:`
			`status: {}`
update crd 2019-11-12 13:32:50 -08:00			`validation:`
			`openAPIV3Schema:`
			`properties:`
			`spec:`
			`required:`
			`- policy`
			`- resource`
			`- rules`
			`properties:`
			`policy:`
			`type: string`
			`resource:`
			`type: object`
			`required:`
			`- kind`
			`- name`
			`properties:`
			`kind:`
			`type: string`
			`name:`
			`type: string`
			`namespace:`
			`type: string`
			`rules:`
			`type: array`
			`items:`
			`type: object`
			`required:`
			`- name`
			`- type`
			`- message`
			`properties:`
			`name:`
			`type: string`
			`type:`
			`type: string`
			`message:`
			`type: string`
			`managedResource:`
			`type: object`
			`properties:`
			`kind:`
			`type: string`
			`namespace:`
			`type: string`
			`creationBlocked:`
			`type: boolean`
			`---`
			`apiVersion: apiextensions.k8s.io/v1beta1`
			`kind: CustomResourceDefinition`
			`metadata:`
			`name: namespacedpolicyviolations.kyverno.io`
			`spec:`
			`group: kyverno.io`
			`versions:`
			`- name: v1alpha1`
			`served: true`
			`storage: true`
			`scope: Namespaced`
			`names:`
			`kind: NamespacedPolicyViolation`
			`plural: namespacedpolicyviolations`
			`singular: namespacedpolicyviolation`
			`subresources:`
			`status: {}`
policyviolation, policy controller reconciliation 2019-08-07 16:14:33 -07:00			`validation:`
			`openAPIV3Schema:`
			`properties:`
			`spec:`
			`required:`
update crd 2019-08-08 02:39:38 -07:00			`- policy`
policyviolation, policy controller reconciliation 2019-08-07 16:14:33 -07:00			`- resource`
			`- rules`
			`properties:`
update crd 2019-08-08 02:39:38 -07:00			`policy:`
policyviolation, policy controller reconciliation 2019-08-07 16:14:33 -07:00			`type: string`
			`resource:`
			`type: object`
			`required:`
clean up definitions folder 2019-10-25 13:53:16 -07:00			`- kind`
			`- name`
policyviolation, policy controller reconciliation 2019-08-07 16:14:33 -07:00			`properties:`
			`kind:`
			`type: string`
			`name:`
			`type: string`
			`namespace:`
			`type: string`
			`rules:`
			`type: array`
			`items:`
			`type: object`
			`required:`
clean up definitions folder 2019-10-25 13:53:16 -07:00			`- name`
			`- type`
			`- message`
			`properties:`
			`name:`
			`type: string`
			`type:`
			`type: string`
			`message:`
			`type: string`
			`managedResource:`
			`type: object`
			`properties:`
			`kind:`
			`type: string`
			`namespace:`
			`type: string`
			`creationBlocked:`
Merge branch 'master' into 261_dynamic_config 2019-10-28 15:06:37 -05:00			`type: boolean`
			`---`
add configMap to install.yaml 2019-10-28 15:00:20 -05:00			`apiVersion: v1`
			`kind: ConfigMap`
			`metadata:`
			`name: init-config`
			`namespace: kyverno`
			`data:`
			`# resource types to be skipped by kyverno policy engine`
			`resourceFilters: "[Event,,][,kube-system,][,kube-public,][,kube-node-lease,][Node,,][APIService,,][TokenReview,,][SubjectAccessReview,,][,kyverno,]"`