From 0b85bc41b7b3ab714f9b8329344a1efe84c5994e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Charles-Edouard=20Br=C3=A9t=C3=A9ch=C3=A9?=
 <charles.edouard@nirmata.com>
Date: Thu, 1 Feb 2024 11:58:31 +0100
Subject: [PATCH] feat: add global context crd (#9591)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* feat: add global context crd

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* merge main

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

---------

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
---
 api/kyverno/v1/common_types.go                |  59 +++
 api/kyverno/v1/zz_generated.deepcopy.go       |  49 +++
 .../v2alpha1/global_context_entry_status.go   |  47 +++
 .../v2alpha1/global_context_entry_types.go    | 100 +++++
 api/kyverno/v2alpha1/zz_generated.deepcopy.go | 112 ++++++
 api/kyverno/v2alpha1/zz_generated.register.go |   2 +
 .../kyverno.io_globalcontextentries.yaml      | 202 ++++++++++
 docs/user/crd/index.html                      | 349 +++++++++++++++-
 .../kyverno/v1/externalapicall.go             |  89 +++++
 .../kyverno/v1/kubernetesresource.go          |  66 ++++
 .../kyverno/v2alpha1/globalcontextentry.go    | 218 ++++++++++
 .../v2alpha1/globalcontextentryspec.go        |  52 +++
 .../v2alpha1/globalcontextentrystatus.go      |  54 +++
 pkg/client/applyconfigurations/utils.go       |  10 +
 .../v2alpha1/fake/fake_globalcontextentry.go  | 132 +++++++
 .../v2alpha1/fake/fake_kyverno_client.go      |   4 +
 .../kyverno/v2alpha1/generated_expansion.go   |   2 +
 .../kyverno/v2alpha1/globalcontextentry.go    | 184 +++++++++
 .../typed/kyverno/v2alpha1/kyverno_client.go  |   5 +
 .../informers/externalversions/generic.go     |   2 +
 .../kyverno/v2alpha1/globalcontextentry.go    |  89 +++++
 .../kyverno/v2alpha1/interface.go             |   7 +
 .../kyverno/v2alpha1/expansion_generated.go   |   4 +
 .../kyverno/v2alpha1/globalcontextentry.go    |  68 ++++
 .../kyvernov2alpha1/client.generated.go       |  11 +
 .../resource.generated.go                     | 373 ++++++++++++++++++
 26 files changed, 2289 insertions(+), 1 deletion(-)
 create mode 100644 api/kyverno/v2alpha1/global_context_entry_status.go
 create mode 100644 api/kyverno/v2alpha1/global_context_entry_types.go
 create mode 100644 config/crds/kyverno/kyverno.io_globalcontextentries.yaml
 create mode 100644 pkg/client/applyconfigurations/kyverno/v1/externalapicall.go
 create mode 100644 pkg/client/applyconfigurations/kyverno/v1/kubernetesresource.go
 create mode 100644 pkg/client/applyconfigurations/kyverno/v2alpha1/globalcontextentry.go
 create mode 100644 pkg/client/applyconfigurations/kyverno/v2alpha1/globalcontextentryspec.go
 create mode 100644 pkg/client/applyconfigurations/kyverno/v2alpha1/globalcontextentrystatus.go
 create mode 100644 pkg/client/clientset/versioned/typed/kyverno/v2alpha1/fake/fake_globalcontextentry.go
 create mode 100644 pkg/client/clientset/versioned/typed/kyverno/v2alpha1/globalcontextentry.go
 create mode 100644 pkg/client/informers/externalversions/kyverno/v2alpha1/globalcontextentry.go
 create mode 100644 pkg/client/listers/kyverno/v2alpha1/globalcontextentry.go
 create mode 100644 pkg/clients/kyverno/kyvernov2alpha1/globalcontextentries/resource.generated.go

diff --git a/api/kyverno/v1/common_types.go b/api/kyverno/v1/common_types.go
index 7af2396a21..862322dc62 100644
--- a/api/kyverno/v1/common_types.go
+++ b/api/kyverno/v1/common_types.go
@@ -171,6 +171,65 @@ type APICall struct {
 	JMESPath string `json:"jmesPath,omitempty" yaml:"jmesPath,omitempty"`
 }
 
+type GlobalContextEntryReference struct {
+	// Name of the global context entry
+	Name string `json:"name,omitempty" yaml:"name,omitempty"`
+
+	// JMESPath is an optional JSON Match Expression that can be used to
+	// transform the JSON response returned from the server. For example
+	// a JMESPath of "items | length(@)" applied to the API server response
+	// for the URLPath "/apis/apps/v1/deployments" will return the total count
+	// of deployments across all namespaces.
+	// +kubebuilder:validation:Optional
+	JMESPath string `json:"jmesPath,omitempty" yaml:"jmesPath,omitempty"`
+}
+
+// KubernetesResource stores infos about kubernetes resource that should be cached
+type KubernetesResource struct {
+	// Group defines the group of the resource
+	Group string `json:"group,omitempty" yaml:"group,omitempty"`
+	// Version defines the version of the resource
+	Version string `json:"version,omitempty" yaml:"version,omitempty"`
+	// Resource defines the type of the resource
+	Resource string `json:"resource,omitempty" yaml:"resource,omitempty"`
+	// Namespace defines the namespace of the resource. Leave empty for cluster scoped resources.
+	// +kubebuilder:validation:Optional
+	Namespace string `json:"namespace,omitempty" yaml:"namespace,omitempty"`
+}
+
+// Validate implements programmatic validation
+func (k *KubernetesResource) Validate(path *field.Path) (errs field.ErrorList) {
+	if k.Group == "" {
+		errs = append(errs, field.Required(path.Child("group"), "An Resource entry requires a group"))
+	}
+	if k.Version == "" {
+		errs = append(errs, field.Required(path.Child("version"), "An Resource entry requires a version"))
+	}
+	if k.Resource == "" {
+		errs = append(errs, field.Required(path.Child("resource"), "An Resource entry requires a resource"))
+	}
+	return errs
+}
+
+// ExternalAPICall stores infos about API call that should be cached
+type ExternalAPICall struct {
+	APICall `json:",inline,omitempty" yaml:",inline,omitempty"`
+	// RefreshIntervalSeconds defines the interval at which to poll the APICall
+	// +kubebuilder:default=0
+	RefreshIntervalSeconds int64 `json:"refreshIntervalSeconds,omitempty" yaml:"refreshIntervalSeconds,omitempty"`
+}
+
+// Validate implements programmatic validation
+func (e *ExternalAPICall) Validate(path *field.Path) (errs field.ErrorList) {
+	if e.Service.URL == "" {
+		errs = append(errs, field.Required(path.Child("url"), "An External API Call entry requires a url"))
+	}
+	if e.RefreshIntervalSeconds <= 0 {
+		errs = append(errs, field.Required(path.Child("refreshIntervalSeconds"), "An Resource entry requires a refresh interval greater than 0 seconds"))
+	}
+	return errs
+}
+
 type ServiceCall struct {
 	// URL is the JSON web service URL. A typical form is
 	// `https://{service}.{namespace}:{port}/{path}`.
diff --git a/api/kyverno/v1/zz_generated.deepcopy.go b/api/kyverno/v1/zz_generated.deepcopy.go
index 0fee540f54..c1f0e3bd27 100755
--- a/api/kyverno/v1/zz_generated.deepcopy.go
+++ b/api/kyverno/v1/zz_generated.deepcopy.go
@@ -516,6 +516,23 @@ func (in *DryRunOption) DeepCopy() *DryRunOption {
 	return out
 }
 
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ExternalAPICall) DeepCopyInto(out *ExternalAPICall) {
+	*out = *in
+	in.APICall.DeepCopyInto(&out.APICall)
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalAPICall.
+func (in *ExternalAPICall) DeepCopy() *ExternalAPICall {
+	if in == nil {
+		return nil
+	}
+	out := new(ExternalAPICall)
+	in.DeepCopyInto(out)
+	return out
+}
+
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *ForEachMutation) DeepCopyInto(out *ForEachMutation) {
 	*out = *in
@@ -636,6 +653,22 @@ func (in *Generation) DeepCopy() *Generation {
 	return out
 }
 
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *GlobalContextEntryReference) DeepCopyInto(out *GlobalContextEntryReference) {
+	*out = *in
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GlobalContextEntryReference.
+func (in *GlobalContextEntryReference) DeepCopy() *GlobalContextEntryReference {
+	if in == nil {
+		return nil
+	}
+	out := new(GlobalContextEntryReference)
+	in.DeepCopyInto(out)
+	return out
+}
+
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in IgnoreFieldList) DeepCopyInto(out *IgnoreFieldList) {
 	{
@@ -843,6 +876,22 @@ func (in *KeylessAttestor) DeepCopy() *KeylessAttestor {
 	return out
 }
 
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *KubernetesResource) DeepCopyInto(out *KubernetesResource) {
+	*out = *in
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubernetesResource.
+func (in *KubernetesResource) DeepCopy() *KubernetesResource {
+	if in == nil {
+		return nil
+	}
+	out := new(KubernetesResource)
+	in.DeepCopyInto(out)
+	return out
+}
+
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *Manifests) DeepCopyInto(out *Manifests) {
 	*out = *in
diff --git a/api/kyverno/v2alpha1/global_context_entry_status.go b/api/kyverno/v2alpha1/global_context_entry_status.go
new file mode 100644
index 0000000000..f5cef516e9
--- /dev/null
+++ b/api/kyverno/v2alpha1/global_context_entry_status.go
@@ -0,0 +1,47 @@
+package v2alpha1
+
+import (
+	"k8s.io/apimachinery/pkg/api/meta"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+const (
+	// PolicyConditionReady means that the globalcontextentry is ready
+	GlobalContextEntryConditionReady = "Ready"
+)
+
+const (
+	// GlobalContextEntryReasonSucceeded is the reason set when the globalcontextentry is ready
+	GlobalContextEntryReasonSucceeded = "Succeeded"
+	// GlobalContextEntryReasonFailed is the reason set when the globalcontextentry is not ready
+	GlobalContextEntryReasonFailed = "Failed"
+)
+
+type GlobalContextEntryStatus struct {
+	// Deprecated in favor of Conditions
+	Ready bool `json:"ready" yaml:"ready"`
+	// +optional
+	Conditions []metav1.Condition `json:"conditions,omitempty"`
+}
+
+func (status *GlobalContextEntryStatus) SetReady(ready bool, message string) {
+	condition := metav1.Condition{
+		Type:    GlobalContextEntryConditionReady,
+		Message: message,
+	}
+	if ready {
+		condition.Status = metav1.ConditionTrue
+		condition.Reason = GlobalContextEntryReasonSucceeded
+	} else {
+		condition.Status = metav1.ConditionFalse
+		condition.Reason = GlobalContextEntryReasonFailed
+	}
+	status.Ready = ready
+	meta.SetStatusCondition(&status.Conditions, condition)
+}
+
+// IsReady indicates if the globalcontextentry has loaded
+func (status *GlobalContextEntryStatus) IsReady() bool {
+	condition := meta.FindStatusCondition(status.Conditions, GlobalContextEntryConditionReady)
+	return condition != nil && condition.Status == metav1.ConditionTrue
+}
diff --git a/api/kyverno/v2alpha1/global_context_entry_types.go b/api/kyverno/v2alpha1/global_context_entry_types.go
new file mode 100644
index 0000000000..4d58369fae
--- /dev/null
+++ b/api/kyverno/v2alpha1/global_context_entry_types.go
@@ -0,0 +1,100 @@
+/*
+Copyright 2022 The Kubernetes authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+	http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+package v2alpha1
+
+import (
+	kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/util/validation/field"
+)
+
+// +genclient
+// +genclient:nonNamespaced
+// +kubebuilder:object:root=true
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+// +kubebuilder:resource:shortName=gctxentry,categories=kyverno,scope="Cluster"
+
+// GlobalContextEntry declares resources to be cached.
+type GlobalContextEntry struct {
+	metav1.TypeMeta   `json:",inline,omitempty" yaml:",inline,omitempty"`
+	metav1.ObjectMeta `json:"metadata,omitempty" yaml:"metadata,omitempty"`
+
+	// Spec declares policy exception behaviors.
+	Spec GlobalContextEntrySpec `json:"spec" yaml:"spec"`
+
+	// Status contains globalcontextentry runtime data.
+	// +optional
+	Status GlobalContextEntryStatus `json:"status,omitempty" yaml:"status,omitempty"`
+}
+
+// GetStatus returns the globalcontextentry status
+func (p *GlobalContextEntry) GetStatus() *GlobalContextEntryStatus {
+	return &p.Status
+}
+
+// Validate implements programmatic validation
+func (c *GlobalContextEntry) Validate() (errs field.ErrorList) {
+	errs = append(errs, c.Spec.Validate(field.NewPath("spec"))...)
+	return errs
+}
+
+// IsNamespaced indicates if the policy is namespace scoped
+func (c *GlobalContextEntry) IsNamespaced() bool {
+	return false
+}
+
+// GlobalContextEntrySpec stores policy exception spec
+type GlobalContextEntrySpec struct {
+	// KubernetesResource stores infos about kubernetes resource that should be cached
+	// +kubebuilder:validation:Optional
+	KubernetesResource *kyvernov1.KubernetesResource `json:"kubernetesResource,omitempty" yaml:"kubernetesResource,omitempty"`
+
+	// APICall stores infos about API call that should be cached
+	// +kubebuilder:validation:Optional
+	APICall *kyvernov1.ExternalAPICall `json:"apiCall,omitempty" yaml:"apiCall,omitempty"`
+}
+
+func (c *GlobalContextEntrySpec) IsAPICall() bool {
+	return c.APICall != nil
+}
+
+func (c *GlobalContextEntrySpec) IsResource() bool {
+	return c.KubernetesResource != nil
+}
+
+// Validate implements programmatic validation
+func (c *GlobalContextEntrySpec) Validate(path *field.Path) (errs field.ErrorList) {
+	if c.IsResource() && c.IsAPICall() {
+		errs = append(errs, field.Forbidden(path.Child("resource"), "An External API Call entry requires a url"))
+	}
+	if c.IsResource() {
+		errs = append(errs, c.KubernetesResource.Validate(path.Child("resource"))...)
+	}
+	if c.IsAPICall() {
+		errs = append(errs, c.APICall.Validate(path.Child("apiCall"))...)
+	}
+	return errs
+}
+
+// +kubebuilder:object:root=true
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+
+// GlobalContextEntryList is a list of Cached Context Entries
+type GlobalContextEntryList struct {
+	metav1.TypeMeta `json:",inline" yaml:",inline"`
+	metav1.ListMeta `json:"metadata" yaml:"metadata"`
+	Items           []GlobalContextEntry `json:"items" yaml:"items"`
+}
diff --git a/api/kyverno/v2alpha1/zz_generated.deepcopy.go b/api/kyverno/v2alpha1/zz_generated.deepcopy.go
index 9d0fd69b41..41a91746fa 100644
--- a/api/kyverno/v2alpha1/zz_generated.deepcopy.go
+++ b/api/kyverno/v2alpha1/zz_generated.deepcopy.go
@@ -22,7 +22,9 @@ limitations under the License.
 package v2alpha1
 
 import (
+	v1 "github.com/kyverno/kyverno/api/kyverno/v1"
 	v2beta1 "github.com/kyverno/kyverno/api/kyverno/v2beta1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	runtime "k8s.io/apimachinery/pkg/runtime"
 )
 
@@ -148,6 +150,116 @@ func (in *ClusterCleanupPolicyList) DeepCopyObject() runtime.Object {
 	return nil
 }
 
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *GlobalContextEntry) DeepCopyInto(out *GlobalContextEntry) {
+	*out = *in
+	out.TypeMeta = in.TypeMeta
+	in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
+	in.Spec.DeepCopyInto(&out.Spec)
+	in.Status.DeepCopyInto(&out.Status)
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GlobalContextEntry.
+func (in *GlobalContextEntry) DeepCopy() *GlobalContextEntry {
+	if in == nil {
+		return nil
+	}
+	out := new(GlobalContextEntry)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *GlobalContextEntry) DeepCopyObject() runtime.Object {
+	if c := in.DeepCopy(); c != nil {
+		return c
+	}
+	return nil
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *GlobalContextEntryList) DeepCopyInto(out *GlobalContextEntryList) {
+	*out = *in
+	out.TypeMeta = in.TypeMeta
+	in.ListMeta.DeepCopyInto(&out.ListMeta)
+	if in.Items != nil {
+		in, out := &in.Items, &out.Items
+		*out = make([]GlobalContextEntry, len(*in))
+		for i := range *in {
+			(*in)[i].DeepCopyInto(&(*out)[i])
+		}
+	}
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GlobalContextEntryList.
+func (in *GlobalContextEntryList) DeepCopy() *GlobalContextEntryList {
+	if in == nil {
+		return nil
+	}
+	out := new(GlobalContextEntryList)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *GlobalContextEntryList) DeepCopyObject() runtime.Object {
+	if c := in.DeepCopy(); c != nil {
+		return c
+	}
+	return nil
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *GlobalContextEntrySpec) DeepCopyInto(out *GlobalContextEntrySpec) {
+	*out = *in
+	if in.KubernetesResource != nil {
+		in, out := &in.KubernetesResource, &out.KubernetesResource
+		*out = new(v1.KubernetesResource)
+		**out = **in
+	}
+	if in.APICall != nil {
+		in, out := &in.APICall, &out.APICall
+		*out = new(v1.ExternalAPICall)
+		(*in).DeepCopyInto(*out)
+	}
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GlobalContextEntrySpec.
+func (in *GlobalContextEntrySpec) DeepCopy() *GlobalContextEntrySpec {
+	if in == nil {
+		return nil
+	}
+	out := new(GlobalContextEntrySpec)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *GlobalContextEntryStatus) DeepCopyInto(out *GlobalContextEntryStatus) {
+	*out = *in
+	if in.Conditions != nil {
+		in, out := &in.Conditions, &out.Conditions
+		*out = make([]metav1.Condition, len(*in))
+		for i := range *in {
+			(*in)[i].DeepCopyInto(&(*out)[i])
+		}
+	}
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GlobalContextEntryStatus.
+func (in *GlobalContextEntryStatus) DeepCopy() *GlobalContextEntryStatus {
+	if in == nil {
+		return nil
+	}
+	out := new(GlobalContextEntryStatus)
+	in.DeepCopyInto(out)
+	return out
+}
+
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *PolicyException) DeepCopyInto(out *PolicyException) {
 	*out = *in
diff --git a/api/kyverno/v2alpha1/zz_generated.register.go b/api/kyverno/v2alpha1/zz_generated.register.go
index c4395f826a..a6b2e1dc2b 100644
--- a/api/kyverno/v2alpha1/zz_generated.register.go
+++ b/api/kyverno/v2alpha1/zz_generated.register.go
@@ -62,6 +62,8 @@ func addKnownTypes(scheme *runtime.Scheme) error {
 		&CleanupPolicyList{},
 		&ClusterCleanupPolicy{},
 		&ClusterCleanupPolicyList{},
+		&GlobalContextEntry{},
+		&GlobalContextEntryList{},
 		&PolicyException{},
 		&PolicyExceptionList{},
 	)
diff --git a/config/crds/kyverno/kyverno.io_globalcontextentries.yaml b/config/crds/kyverno/kyverno.io_globalcontextentries.yaml
new file mode 100644
index 0000000000..7680cc4ebe
--- /dev/null
+++ b/config/crds/kyverno/kyverno.io_globalcontextentries.yaml
@@ -0,0 +1,202 @@
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.12.0
+  name: globalcontextentries.kyverno.io
+spec:
+  group: kyverno.io
+  names:
+    categories:
+    - kyverno
+    kind: GlobalContextEntry
+    listKind: GlobalContextEntryList
+    plural: globalcontextentries
+    shortNames:
+    - gctxentry
+    singular: globalcontextentry
+  scope: Cluster
+  versions:
+  - name: v2alpha1
+    schema:
+      openAPIV3Schema:
+        description: GlobalContextEntry declares resources to be cached.
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: Spec declares policy exception behaviors.
+            properties:
+              apiCall:
+                description: APICall stores infos about API call that should be cached
+                properties:
+                  data:
+                    description: Data specifies the POST data sent to the server.
+                    items:
+                      description: RequestData contains the HTTP POST data
+                      properties:
+                        key:
+                          description: Key is a unique identifier for the data value
+                          type: string
+                        value:
+                          description: Value is the data value
+                          x-kubernetes-preserve-unknown-fields: true
+                      required:
+                      - key
+                      - value
+                      type: object
+                    type: array
+                  jmesPath:
+                    description: JMESPath is an optional JSON Match Expression that
+                      can be used to transform the JSON response returned from the
+                      server. For example a JMESPath of "items | length(@)" applied
+                      to the API server response for the URLPath "/apis/apps/v1/deployments"
+                      will return the total count of deployments across all namespaces.
+                    type: string
+                  method:
+                    default: GET
+                    description: Method is the HTTP request type (GET or POST).
+                    enum:
+                    - GET
+                    - POST
+                    type: string
+                  refreshIntervalSeconds:
+                    default: 0
+                    description: RefreshIntervalSeconds defines the interval at which
+                      to poll the APICall
+                    format: int64
+                    type: integer
+                  service:
+                    description: Service is an API call to a JSON web service
+                    properties:
+                      caBundle:
+                        description: CABundle is a PEM encoded CA bundle which will
+                          be used to validate the server certificate.
+                        type: string
+                      url:
+                        description: URL is the JSON web service URL. A typical form
+                          is `https://{service}.{namespace}:{port}/{path}`.
+                        type: string
+                    required:
+                    - url
+                    type: object
+                  urlPath:
+                    description: URLPath is the URL path to be used in the HTTP GET
+                      or POST request to the Kubernetes API server (e.g. "/api/v1/namespaces"
+                      or  "/apis/apps/v1/deployments"). The format required is the
+                      same format used by the `kubectl get --raw` command. See https://kyverno.io/docs/writing-policies/external-data-sources/#variables-from-kubernetes-api-server-calls
+                      for details.
+                    type: string
+                type: object
+              kubernetesResource:
+                description: KubernetesResource stores infos about kubernetes resource
+                  that should be cached
+                properties:
+                  group:
+                    description: Group defines the group of the resource
+                    type: string
+                  namespace:
+                    description: Namespace defines the namespace of the resource.
+                      Leave empty for cluster scoped resources.
+                    type: string
+                  resource:
+                    description: Resource defines the type of the resource
+                    type: string
+                  version:
+                    description: Version defines the version of the resource
+                    type: string
+                type: object
+            type: object
+          status:
+            description: Status contains globalcontextentry runtime data.
+            properties:
+              conditions:
+                items:
+                  description: "Condition contains details for one aspect of the current
+                    state of this API Resource. --- This struct is intended for direct
+                    use as an array at the field path .status.conditions.  For example,
+                    \n type FooStatus struct{ // Represents the observations of a
+                    foo's current state. // Known .status.conditions.type are: \"Available\",
+                    \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
+                    // +listType=map // +listMapKey=type Conditions []metav1.Condition
+                    `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
+                    protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
+                  properties:
+                    lastTransitionTime:
+                      description: lastTransitionTime is the last time the condition
+                        transitioned from one status to another. This should be when
+                        the underlying condition changed.  If that is not known, then
+                        using the time when the API field changed is acceptable.
+                      format: date-time
+                      type: string
+                    message:
+                      description: message is a human readable message indicating
+                        details about the transition. This may be an empty string.
+                      maxLength: 32768
+                      type: string
+                    observedGeneration:
+                      description: observedGeneration represents the .metadata.generation
+                        that the condition was set based upon. For instance, if .metadata.generation
+                        is currently 12, but the .status.conditions[x].observedGeneration
+                        is 9, the condition is out of date with respect to the current
+                        state of the instance.
+                      format: int64
+                      minimum: 0
+                      type: integer
+                    reason:
+                      description: reason contains a programmatic identifier indicating
+                        the reason for the condition's last transition. Producers
+                        of specific condition types may define expected values and
+                        meanings for this field, and whether the values are considered
+                        a guaranteed API. The value should be a CamelCase string.
+                        This field may not be empty.
+                      maxLength: 1024
+                      minLength: 1
+                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
+                      type: string
+                    status:
+                      description: status of the condition, one of True, False, Unknown.
+                      enum:
+                      - "True"
+                      - "False"
+                      - Unknown
+                      type: string
+                    type:
+                      description: type of condition in CamelCase or in foo.example.com/CamelCase.
+                        --- Many .condition.type values are consistent across resources
+                        like Available, but because arbitrary conditions can be useful
+                        (see .node.status.conditions), the ability to deconflict is
+                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
+                      maxLength: 316
+                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
+                      type: string
+                  required:
+                  - lastTransitionTime
+                  - message
+                  - reason
+                  - status
+                  - type
+                  type: object
+                type: array
+              ready:
+                description: Deprecated in favor of Conditions
+                type: boolean
+            required:
+            - ready
+            type: object
+        required:
+        - spec
+        type: object
+    served: true
+    storage: true
diff --git a/docs/user/crd/index.html b/docs/user/crd/index.html
index b2f0dc2fa4..aa4cc7be9e 100644
--- a/docs/user/crd/index.html
+++ b/docs/user/crd/index.html
@@ -610,7 +610,8 @@ PolicyStatus
 </h3>
 <p>
 (<em>Appears on:</em>
-<a href="#kyverno.io/v1.ContextEntry">ContextEntry</a>)
+<a href="#kyverno.io/v1.ContextEntry">ContextEntry</a>, 
+<a href="#kyverno.io/v1.ExternalAPICall">ExternalAPICall</a>)
 </p>
 <p>
 </p>
@@ -1570,6 +1571,52 @@ string
 </tbody>
 </table>
 <hr />
+<h3 id="kyverno.io/v1.ExternalAPICall">ExternalAPICall
+</h3>
+<p>
+(<em>Appears on:</em>
+<a href="#kyverno.io/v2alpha1.GlobalContextEntrySpec">GlobalContextEntrySpec</a>)
+</p>
+<p>
+<p>ExternalAPICall stores infos about API call that should be cached</p>
+</p>
+<table class="table table-striped">
+<thead class="thead-dark">
+<tr>
+<th>Field</th>
+<th>Description</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td>
+<code>APICall</code><br/>
+<em>
+<a href="#kyverno.io/v1.APICall">
+APICall
+</a>
+</em>
+</td>
+<td>
+<p>
+(Members of <code>APICall</code> are embedded into this type.)
+</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>refreshIntervalSeconds</code><br/>
+<em>
+int64
+</em>
+</td>
+<td>
+<p>RefreshIntervalSeconds defines the interval at which to poll the APICall</p>
+</td>
+</tr>
+</tbody>
+</table>
+<hr />
 <h3 id="kyverno.io/v1.FailurePolicyType">FailurePolicyType
 (<code>string</code> alias)</p></h3>
 <p>
@@ -1957,6 +2004,47 @@ CloneList
 </tbody>
 </table>
 <hr />
+<h3 id="kyverno.io/v1.GlobalContextEntryReference">GlobalContextEntryReference
+</h3>
+<p>
+</p>
+<table class="table table-striped">
+<thead class="thead-dark">
+<tr>
+<th>Field</th>
+<th>Description</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td>
+<code>name</code><br/>
+<em>
+string
+</em>
+</td>
+<td>
+<p>Name of the global context entry</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>jmesPath</code><br/>
+<em>
+string
+</em>
+</td>
+<td>
+<p>JMESPath is an optional JSON Match Expression that can be used to
+transform the JSON response returned from the server. For example
+a JMESPath of &ldquo;items | length(@)&rdquo; applied to the API server response
+for the URLPath &ldquo;/apis/apps/v1/deployments&rdquo; will return the total count
+of deployments across all namespaces.</p>
+</td>
+</tr>
+</tbody>
+</table>
+<hr />
 <h3 id="kyverno.io/v1.ImageExtractorConfig">ImageExtractorConfig
 </h3>
 <p>
@@ -2517,6 +2605,70 @@ map[string]string
 </tbody>
 </table>
 <hr />
+<h3 id="kyverno.io/v1.KubernetesResource">KubernetesResource
+</h3>
+<p>
+(<em>Appears on:</em>
+<a href="#kyverno.io/v2alpha1.GlobalContextEntrySpec">GlobalContextEntrySpec</a>)
+</p>
+<p>
+<p>KubernetesResource stores infos about kubernetes resource that should be cached</p>
+</p>
+<table class="table table-striped">
+<thead class="thead-dark">
+<tr>
+<th>Field</th>
+<th>Description</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td>
+<code>group</code><br/>
+<em>
+string
+</em>
+</td>
+<td>
+<p>Group defines the group of the resource</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>version</code><br/>
+<em>
+string
+</em>
+</td>
+<td>
+<p>Version defines the version of the resource</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>resource</code><br/>
+<em>
+string
+</em>
+</td>
+<td>
+<p>Resource defines the type of the resource</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>namespace</code><br/>
+<em>
+string
+</em>
+</td>
+<td>
+<p>Namespace defines the namespace of the resource. Leave empty for cluster scoped resources.</p>
+</td>
+</tr>
+</tbody>
+</table>
+<hr />
 <h3 id="kyverno.io/v1.Manifests">Manifests
 </h3>
 <p>
@@ -7390,6 +7542,8 @@ Resource Types:
 </li><li>
 <a href="#kyverno.io/v2alpha1.ClusterCleanupPolicy">ClusterCleanupPolicy</a>
 </li><li>
+<a href="#kyverno.io/v2alpha1.GlobalContextEntry">GlobalContextEntry</a>
+</li><li>
 <a href="#kyverno.io/v2alpha1.PolicyException">PolicyException</a>
 </li></ul>
 <hr />
@@ -7691,6 +7845,110 @@ CleanupPolicyStatus
 </tbody>
 </table>
 <hr />
+<h3 id="kyverno.io/v2alpha1.GlobalContextEntry">GlobalContextEntry
+</h3>
+<p>
+<p>GlobalContextEntry declares resources to be cached.</p>
+</p>
+<table class="table table-striped">
+<thead class="thead-dark">
+<tr>
+<th>Field</th>
+<th>Description</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td>
+<code>apiVersion</code><br/>
+string</td>
+<td>
+<code>
+kyverno.io/v2alpha1
+</code>
+</td>
+</tr>
+<tr>
+<td>
+<code>kind</code><br/>
+string
+</td>
+<td><code>GlobalContextEntry</code></td>
+</tr>
+<tr>
+<td>
+<code>metadata</code><br/>
+<em>
+<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#objectmeta-v1-meta">
+Kubernetes meta/v1.ObjectMeta
+</a>
+</em>
+</td>
+<td>
+Refer to the Kubernetes API documentation for the fields of the
+<code>metadata</code> field.
+</td>
+</tr>
+<tr>
+<td>
+<code>spec</code><br/>
+<em>
+<a href="#kyverno.io/v2alpha1.GlobalContextEntrySpec">
+GlobalContextEntrySpec
+</a>
+</em>
+</td>
+<td>
+<p>Spec declares policy exception behaviors.</p>
+<br/>
+<br/>
+<table class="table table-striped">
+<tr>
+<td>
+<code>kubernetesResource</code><br/>
+<em>
+<a href="#kyverno.io/v1.KubernetesResource">
+KubernetesResource
+</a>
+</em>
+</td>
+<td>
+<p>KubernetesResource stores infos about kubernetes resource that should be cached</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>apiCall</code><br/>
+<em>
+<a href="#kyverno.io/v1.ExternalAPICall">
+ExternalAPICall
+</a>
+</em>
+</td>
+<td>
+<p>APICall stores infos about API call that should be cached</p>
+</td>
+</tr>
+</table>
+</td>
+</tr>
+<tr>
+<td>
+<code>status</code><br/>
+<em>
+<a href="#kyverno.io/v2alpha1.GlobalContextEntryStatus">
+GlobalContextEntryStatus
+</a>
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>Status contains globalcontextentry runtime data.</p>
+</td>
+</tr>
+</tbody>
+</table>
+<hr />
 <h3 id="kyverno.io/v2alpha1.PolicyException">PolicyException
 </h3>
 <p>
@@ -7829,6 +8087,95 @@ Applicable only to policies that have validate.podSecurity subrule.</p>
 <p>
 <p>CleanupPolicyInterface abstracts the concrete policy type (CleanupPolicy vs ClusterCleanupPolicy)</p>
 </p>
+<h3 id="kyverno.io/v2alpha1.GlobalContextEntrySpec">GlobalContextEntrySpec
+</h3>
+<p>
+(<em>Appears on:</em>
+<a href="#kyverno.io/v2alpha1.GlobalContextEntry">GlobalContextEntry</a>)
+</p>
+<p>
+<p>GlobalContextEntrySpec stores policy exception spec</p>
+</p>
+<table class="table table-striped">
+<thead class="thead-dark">
+<tr>
+<th>Field</th>
+<th>Description</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td>
+<code>kubernetesResource</code><br/>
+<em>
+<a href="#kyverno.io/v1.KubernetesResource">
+KubernetesResource
+</a>
+</em>
+</td>
+<td>
+<p>KubernetesResource stores infos about kubernetes resource that should be cached</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>apiCall</code><br/>
+<em>
+<a href="#kyverno.io/v1.ExternalAPICall">
+ExternalAPICall
+</a>
+</em>
+</td>
+<td>
+<p>APICall stores infos about API call that should be cached</p>
+</td>
+</tr>
+</tbody>
+</table>
+<hr />
+<h3 id="kyverno.io/v2alpha1.GlobalContextEntryStatus">GlobalContextEntryStatus
+</h3>
+<p>
+(<em>Appears on:</em>
+<a href="#kyverno.io/v2alpha1.GlobalContextEntry">GlobalContextEntry</a>)
+</p>
+<p>
+</p>
+<table class="table table-striped">
+<thead class="thead-dark">
+<tr>
+<th>Field</th>
+<th>Description</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td>
+<code>ready</code><br/>
+<em>
+bool
+</em>
+</td>
+<td>
+<p>Deprecated in favor of Conditions</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>conditions</code><br/>
+<em>
+<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#condition-v1-meta">
+[]Kubernetes meta/v1.Condition
+</a>
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+</td>
+</tr>
+</tbody>
+</table>
+<hr />
 <h2 id="kyverno.io/v2beta1">kyverno.io/v2beta1</h2>
 Resource Types:
 <ul><li>
diff --git a/pkg/client/applyconfigurations/kyverno/v1/externalapicall.go b/pkg/client/applyconfigurations/kyverno/v1/externalapicall.go
new file mode 100644
index 0000000000..58b3138e94
--- /dev/null
+++ b/pkg/client/applyconfigurations/kyverno/v1/externalapicall.go
@@ -0,0 +1,89 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by applyconfiguration-gen. DO NOT EDIT.
+
+package v1
+
+import (
+	kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
+)
+
+// ExternalAPICallApplyConfiguration represents an declarative configuration of the ExternalAPICall type for use
+// with apply.
+type ExternalAPICallApplyConfiguration struct {
+	APICallApplyConfiguration `json:",omitempty,inline"`
+	RefreshIntervalSeconds    *int64 `json:"refreshIntervalSeconds,omitempty"`
+}
+
+// ExternalAPICallApplyConfiguration constructs an declarative configuration of the ExternalAPICall type for use with
+// apply.
+func ExternalAPICall() *ExternalAPICallApplyConfiguration {
+	return &ExternalAPICallApplyConfiguration{}
+}
+
+// WithURLPath sets the URLPath field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the URLPath field is set to the value of the last call.
+func (b *ExternalAPICallApplyConfiguration) WithURLPath(value string) *ExternalAPICallApplyConfiguration {
+	b.URLPath = &value
+	return b
+}
+
+// WithMethod sets the Method field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Method field is set to the value of the last call.
+func (b *ExternalAPICallApplyConfiguration) WithMethod(value kyvernov1.Method) *ExternalAPICallApplyConfiguration {
+	b.Method = &value
+	return b
+}
+
+// WithData adds the given value to the Data field in the declarative configuration
+// and returns the receiver, so that objects can be build by chaining "With" function invocations.
+// If called multiple times, values provided by each call will be appended to the Data field.
+func (b *ExternalAPICallApplyConfiguration) WithData(values ...*RequestDataApplyConfiguration) *ExternalAPICallApplyConfiguration {
+	for i := range values {
+		if values[i] == nil {
+			panic("nil value passed to WithData")
+		}
+		b.Data = append(b.Data, *values[i])
+	}
+	return b
+}
+
+// WithService sets the Service field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Service field is set to the value of the last call.
+func (b *ExternalAPICallApplyConfiguration) WithService(value *ServiceCallApplyConfiguration) *ExternalAPICallApplyConfiguration {
+	b.Service = value
+	return b
+}
+
+// WithJMESPath sets the JMESPath field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the JMESPath field is set to the value of the last call.
+func (b *ExternalAPICallApplyConfiguration) WithJMESPath(value string) *ExternalAPICallApplyConfiguration {
+	b.JMESPath = &value
+	return b
+}
+
+// WithRefreshIntervalSeconds sets the RefreshIntervalSeconds field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the RefreshIntervalSeconds field is set to the value of the last call.
+func (b *ExternalAPICallApplyConfiguration) WithRefreshIntervalSeconds(value int64) *ExternalAPICallApplyConfiguration {
+	b.RefreshIntervalSeconds = &value
+	return b
+}
diff --git a/pkg/client/applyconfigurations/kyverno/v1/kubernetesresource.go b/pkg/client/applyconfigurations/kyverno/v1/kubernetesresource.go
new file mode 100644
index 0000000000..933cc92aa7
--- /dev/null
+++ b/pkg/client/applyconfigurations/kyverno/v1/kubernetesresource.go
@@ -0,0 +1,66 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by applyconfiguration-gen. DO NOT EDIT.
+
+package v1
+
+// KubernetesResourceApplyConfiguration represents an declarative configuration of the KubernetesResource type for use
+// with apply.
+type KubernetesResourceApplyConfiguration struct {
+	Group     *string `json:"group,omitempty"`
+	Version   *string `json:"version,omitempty"`
+	Resource  *string `json:"resource,omitempty"`
+	Namespace *string `json:"namespace,omitempty"`
+}
+
+// KubernetesResourceApplyConfiguration constructs an declarative configuration of the KubernetesResource type for use with
+// apply.
+func KubernetesResource() *KubernetesResourceApplyConfiguration {
+	return &KubernetesResourceApplyConfiguration{}
+}
+
+// WithGroup sets the Group field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Group field is set to the value of the last call.
+func (b *KubernetesResourceApplyConfiguration) WithGroup(value string) *KubernetesResourceApplyConfiguration {
+	b.Group = &value
+	return b
+}
+
+// WithVersion sets the Version field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Version field is set to the value of the last call.
+func (b *KubernetesResourceApplyConfiguration) WithVersion(value string) *KubernetesResourceApplyConfiguration {
+	b.Version = &value
+	return b
+}
+
+// WithResource sets the Resource field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Resource field is set to the value of the last call.
+func (b *KubernetesResourceApplyConfiguration) WithResource(value string) *KubernetesResourceApplyConfiguration {
+	b.Resource = &value
+	return b
+}
+
+// WithNamespace sets the Namespace field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Namespace field is set to the value of the last call.
+func (b *KubernetesResourceApplyConfiguration) WithNamespace(value string) *KubernetesResourceApplyConfiguration {
+	b.Namespace = &value
+	return b
+}
diff --git a/pkg/client/applyconfigurations/kyverno/v2alpha1/globalcontextentry.go b/pkg/client/applyconfigurations/kyverno/v2alpha1/globalcontextentry.go
new file mode 100644
index 0000000000..ba2a9da9bc
--- /dev/null
+++ b/pkg/client/applyconfigurations/kyverno/v2alpha1/globalcontextentry.go
@@ -0,0 +1,218 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by applyconfiguration-gen. DO NOT EDIT.
+
+package v2alpha1
+
+import (
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	types "k8s.io/apimachinery/pkg/types"
+	v1 "k8s.io/client-go/applyconfigurations/meta/v1"
+)
+
+// GlobalContextEntryApplyConfiguration represents an declarative configuration of the GlobalContextEntry type for use
+// with apply.
+type GlobalContextEntryApplyConfiguration struct {
+	v1.TypeMetaApplyConfiguration    `json:",omitempty,inline"`
+	*v1.ObjectMetaApplyConfiguration `json:"metadata,omitempty"`
+	Spec                             *GlobalContextEntrySpecApplyConfiguration   `json:"spec,omitempty"`
+	Status                           *GlobalContextEntryStatusApplyConfiguration `json:"status,omitempty"`
+}
+
+// GlobalContextEntry constructs an declarative configuration of the GlobalContextEntry type for use with
+// apply.
+func GlobalContextEntry(name string) *GlobalContextEntryApplyConfiguration {
+	b := &GlobalContextEntryApplyConfiguration{}
+	b.WithName(name)
+	b.WithKind("GlobalContextEntry")
+	b.WithAPIVersion("kyverno.io/v2alpha1")
+	return b
+}
+
+// WithKind sets the Kind field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Kind field is set to the value of the last call.
+func (b *GlobalContextEntryApplyConfiguration) WithKind(value string) *GlobalContextEntryApplyConfiguration {
+	b.Kind = &value
+	return b
+}
+
+// WithAPIVersion sets the APIVersion field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the APIVersion field is set to the value of the last call.
+func (b *GlobalContextEntryApplyConfiguration) WithAPIVersion(value string) *GlobalContextEntryApplyConfiguration {
+	b.APIVersion = &value
+	return b
+}
+
+// WithName sets the Name field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Name field is set to the value of the last call.
+func (b *GlobalContextEntryApplyConfiguration) WithName(value string) *GlobalContextEntryApplyConfiguration {
+	b.ensureObjectMetaApplyConfigurationExists()
+	b.Name = &value
+	return b
+}
+
+// WithGenerateName sets the GenerateName field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the GenerateName field is set to the value of the last call.
+func (b *GlobalContextEntryApplyConfiguration) WithGenerateName(value string) *GlobalContextEntryApplyConfiguration {
+	b.ensureObjectMetaApplyConfigurationExists()
+	b.GenerateName = &value
+	return b
+}
+
+// WithNamespace sets the Namespace field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Namespace field is set to the value of the last call.
+func (b *GlobalContextEntryApplyConfiguration) WithNamespace(value string) *GlobalContextEntryApplyConfiguration {
+	b.ensureObjectMetaApplyConfigurationExists()
+	b.Namespace = &value
+	return b
+}
+
+// WithUID sets the UID field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the UID field is set to the value of the last call.
+func (b *GlobalContextEntryApplyConfiguration) WithUID(value types.UID) *GlobalContextEntryApplyConfiguration {
+	b.ensureObjectMetaApplyConfigurationExists()
+	b.UID = &value
+	return b
+}
+
+// WithResourceVersion sets the ResourceVersion field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the ResourceVersion field is set to the value of the last call.
+func (b *GlobalContextEntryApplyConfiguration) WithResourceVersion(value string) *GlobalContextEntryApplyConfiguration {
+	b.ensureObjectMetaApplyConfigurationExists()
+	b.ResourceVersion = &value
+	return b
+}
+
+// WithGeneration sets the Generation field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Generation field is set to the value of the last call.
+func (b *GlobalContextEntryApplyConfiguration) WithGeneration(value int64) *GlobalContextEntryApplyConfiguration {
+	b.ensureObjectMetaApplyConfigurationExists()
+	b.Generation = &value
+	return b
+}
+
+// WithCreationTimestamp sets the CreationTimestamp field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the CreationTimestamp field is set to the value of the last call.
+func (b *GlobalContextEntryApplyConfiguration) WithCreationTimestamp(value metav1.Time) *GlobalContextEntryApplyConfiguration {
+	b.ensureObjectMetaApplyConfigurationExists()
+	b.CreationTimestamp = &value
+	return b
+}
+
+// WithDeletionTimestamp sets the DeletionTimestamp field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the DeletionTimestamp field is set to the value of the last call.
+func (b *GlobalContextEntryApplyConfiguration) WithDeletionTimestamp(value metav1.Time) *GlobalContextEntryApplyConfiguration {
+	b.ensureObjectMetaApplyConfigurationExists()
+	b.DeletionTimestamp = &value
+	return b
+}
+
+// WithDeletionGracePeriodSeconds sets the DeletionGracePeriodSeconds field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the DeletionGracePeriodSeconds field is set to the value of the last call.
+func (b *GlobalContextEntryApplyConfiguration) WithDeletionGracePeriodSeconds(value int64) *GlobalContextEntryApplyConfiguration {
+	b.ensureObjectMetaApplyConfigurationExists()
+	b.DeletionGracePeriodSeconds = &value
+	return b
+}
+
+// WithLabels puts the entries into the Labels field in the declarative configuration
+// and returns the receiver, so that objects can be build by chaining "With" function invocations.
+// If called multiple times, the entries provided by each call will be put on the Labels field,
+// overwriting an existing map entries in Labels field with the same key.
+func (b *GlobalContextEntryApplyConfiguration) WithLabels(entries map[string]string) *GlobalContextEntryApplyConfiguration {
+	b.ensureObjectMetaApplyConfigurationExists()
+	if b.Labels == nil && len(entries) > 0 {
+		b.Labels = make(map[string]string, len(entries))
+	}
+	for k, v := range entries {
+		b.Labels[k] = v
+	}
+	return b
+}
+
+// WithAnnotations puts the entries into the Annotations field in the declarative configuration
+// and returns the receiver, so that objects can be build by chaining "With" function invocations.
+// If called multiple times, the entries provided by each call will be put on the Annotations field,
+// overwriting an existing map entries in Annotations field with the same key.
+func (b *GlobalContextEntryApplyConfiguration) WithAnnotations(entries map[string]string) *GlobalContextEntryApplyConfiguration {
+	b.ensureObjectMetaApplyConfigurationExists()
+	if b.Annotations == nil && len(entries) > 0 {
+		b.Annotations = make(map[string]string, len(entries))
+	}
+	for k, v := range entries {
+		b.Annotations[k] = v
+	}
+	return b
+}
+
+// WithOwnerReferences adds the given value to the OwnerReferences field in the declarative configuration
+// and returns the receiver, so that objects can be build by chaining "With" function invocations.
+// If called multiple times, values provided by each call will be appended to the OwnerReferences field.
+func (b *GlobalContextEntryApplyConfiguration) WithOwnerReferences(values ...*v1.OwnerReferenceApplyConfiguration) *GlobalContextEntryApplyConfiguration {
+	b.ensureObjectMetaApplyConfigurationExists()
+	for i := range values {
+		if values[i] == nil {
+			panic("nil value passed to WithOwnerReferences")
+		}
+		b.OwnerReferences = append(b.OwnerReferences, *values[i])
+	}
+	return b
+}
+
+// WithFinalizers adds the given value to the Finalizers field in the declarative configuration
+// and returns the receiver, so that objects can be build by chaining "With" function invocations.
+// If called multiple times, values provided by each call will be appended to the Finalizers field.
+func (b *GlobalContextEntryApplyConfiguration) WithFinalizers(values ...string) *GlobalContextEntryApplyConfiguration {
+	b.ensureObjectMetaApplyConfigurationExists()
+	for i := range values {
+		b.Finalizers = append(b.Finalizers, values[i])
+	}
+	return b
+}
+
+func (b *GlobalContextEntryApplyConfiguration) ensureObjectMetaApplyConfigurationExists() {
+	if b.ObjectMetaApplyConfiguration == nil {
+		b.ObjectMetaApplyConfiguration = &v1.ObjectMetaApplyConfiguration{}
+	}
+}
+
+// WithSpec sets the Spec field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Spec field is set to the value of the last call.
+func (b *GlobalContextEntryApplyConfiguration) WithSpec(value *GlobalContextEntrySpecApplyConfiguration) *GlobalContextEntryApplyConfiguration {
+	b.Spec = value
+	return b
+}
+
+// WithStatus sets the Status field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Status field is set to the value of the last call.
+func (b *GlobalContextEntryApplyConfiguration) WithStatus(value *GlobalContextEntryStatusApplyConfiguration) *GlobalContextEntryApplyConfiguration {
+	b.Status = value
+	return b
+}
diff --git a/pkg/client/applyconfigurations/kyverno/v2alpha1/globalcontextentryspec.go b/pkg/client/applyconfigurations/kyverno/v2alpha1/globalcontextentryspec.go
new file mode 100644
index 0000000000..33853a72a2
--- /dev/null
+++ b/pkg/client/applyconfigurations/kyverno/v2alpha1/globalcontextentryspec.go
@@ -0,0 +1,52 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by applyconfiguration-gen. DO NOT EDIT.
+
+package v2alpha1
+
+import (
+	v1 "github.com/kyverno/kyverno/pkg/client/applyconfigurations/kyverno/v1"
+)
+
+// GlobalContextEntrySpecApplyConfiguration represents an declarative configuration of the GlobalContextEntrySpec type for use
+// with apply.
+type GlobalContextEntrySpecApplyConfiguration struct {
+	KubernetesResource *v1.KubernetesResourceApplyConfiguration `json:"kubernetesResource,omitempty"`
+	APICall            *v1.ExternalAPICallApplyConfiguration    `json:"apiCall,omitempty"`
+}
+
+// GlobalContextEntrySpecApplyConfiguration constructs an declarative configuration of the GlobalContextEntrySpec type for use with
+// apply.
+func GlobalContextEntrySpec() *GlobalContextEntrySpecApplyConfiguration {
+	return &GlobalContextEntrySpecApplyConfiguration{}
+}
+
+// WithKubernetesResource sets the KubernetesResource field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the KubernetesResource field is set to the value of the last call.
+func (b *GlobalContextEntrySpecApplyConfiguration) WithKubernetesResource(value *v1.KubernetesResourceApplyConfiguration) *GlobalContextEntrySpecApplyConfiguration {
+	b.KubernetesResource = value
+	return b
+}
+
+// WithAPICall sets the APICall field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the APICall field is set to the value of the last call.
+func (b *GlobalContextEntrySpecApplyConfiguration) WithAPICall(value *v1.ExternalAPICallApplyConfiguration) *GlobalContextEntrySpecApplyConfiguration {
+	b.APICall = value
+	return b
+}
diff --git a/pkg/client/applyconfigurations/kyverno/v2alpha1/globalcontextentrystatus.go b/pkg/client/applyconfigurations/kyverno/v2alpha1/globalcontextentrystatus.go
new file mode 100644
index 0000000000..6a57c2335c
--- /dev/null
+++ b/pkg/client/applyconfigurations/kyverno/v2alpha1/globalcontextentrystatus.go
@@ -0,0 +1,54 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by applyconfiguration-gen. DO NOT EDIT.
+
+package v2alpha1
+
+import (
+	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+// GlobalContextEntryStatusApplyConfiguration represents an declarative configuration of the GlobalContextEntryStatus type for use
+// with apply.
+type GlobalContextEntryStatusApplyConfiguration struct {
+	Ready      *bool          `json:"ready,omitempty"`
+	Conditions []v1.Condition `json:"conditions,omitempty"`
+}
+
+// GlobalContextEntryStatusApplyConfiguration constructs an declarative configuration of the GlobalContextEntryStatus type for use with
+// apply.
+func GlobalContextEntryStatus() *GlobalContextEntryStatusApplyConfiguration {
+	return &GlobalContextEntryStatusApplyConfiguration{}
+}
+
+// WithReady sets the Ready field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Ready field is set to the value of the last call.
+func (b *GlobalContextEntryStatusApplyConfiguration) WithReady(value bool) *GlobalContextEntryStatusApplyConfiguration {
+	b.Ready = &value
+	return b
+}
+
+// WithConditions adds the given value to the Conditions field in the declarative configuration
+// and returns the receiver, so that objects can be build by chaining "With" function invocations.
+// If called multiple times, values provided by each call will be appended to the Conditions field.
+func (b *GlobalContextEntryStatusApplyConfiguration) WithConditions(values ...v1.Condition) *GlobalContextEntryStatusApplyConfiguration {
+	for i := range values {
+		b.Conditions = append(b.Conditions, values[i])
+	}
+	return b
+}
diff --git a/pkg/client/applyconfigurations/utils.go b/pkg/client/applyconfigurations/utils.go
index f7cafbbfa8..d0a6f55a69 100644
--- a/pkg/client/applyconfigurations/utils.go
+++ b/pkg/client/applyconfigurations/utils.go
@@ -77,6 +77,8 @@ func ForKind(kind schema.GroupVersionKind) interface{} {
 		return &kyvernov1.DenyApplyConfiguration{}
 	case v1.SchemeGroupVersion.WithKind("DryRunOption"):
 		return &kyvernov1.DryRunOptionApplyConfiguration{}
+	case v1.SchemeGroupVersion.WithKind("ExternalAPICall"):
+		return &kyvernov1.ExternalAPICallApplyConfiguration{}
 	case v1.SchemeGroupVersion.WithKind("ForEachMutation"):
 		return &kyvernov1.ForEachMutationApplyConfiguration{}
 	case v1.SchemeGroupVersion.WithKind("ForEachValidation"):
@@ -93,6 +95,8 @@ func ForKind(kind schema.GroupVersionKind) interface{} {
 		return &kyvernov1.ImageVerificationApplyConfiguration{}
 	case v1.SchemeGroupVersion.WithKind("KeylessAttestor"):
 		return &kyvernov1.KeylessAttestorApplyConfiguration{}
+	case v1.SchemeGroupVersion.WithKind("KubernetesResource"):
+		return &kyvernov1.KubernetesResourceApplyConfiguration{}
 	case v1.SchemeGroupVersion.WithKind("Manifests"):
 		return &kyvernov1.ManifestsApplyConfiguration{}
 	case v1.SchemeGroupVersion.WithKind("MatchResources"):
@@ -221,6 +225,12 @@ func ForKind(kind schema.GroupVersionKind) interface{} {
 		return &kyvernov2alpha1.CleanupPolicyApplyConfiguration{}
 	case v2alpha1.SchemeGroupVersion.WithKind("ClusterCleanupPolicy"):
 		return &kyvernov2alpha1.ClusterCleanupPolicyApplyConfiguration{}
+	case v2alpha1.SchemeGroupVersion.WithKind("GlobalContextEntry"):
+		return &kyvernov2alpha1.GlobalContextEntryApplyConfiguration{}
+	case v2alpha1.SchemeGroupVersion.WithKind("GlobalContextEntrySpec"):
+		return &kyvernov2alpha1.GlobalContextEntrySpecApplyConfiguration{}
+	case v2alpha1.SchemeGroupVersion.WithKind("GlobalContextEntryStatus"):
+		return &kyvernov2alpha1.GlobalContextEntryStatusApplyConfiguration{}
 	case v2alpha1.SchemeGroupVersion.WithKind("PolicyException"):
 		return &kyvernov2alpha1.PolicyExceptionApplyConfiguration{}
 
diff --git a/pkg/client/clientset/versioned/typed/kyverno/v2alpha1/fake/fake_globalcontextentry.go b/pkg/client/clientset/versioned/typed/kyverno/v2alpha1/fake/fake_globalcontextentry.go
new file mode 100644
index 0000000000..95efa3a51e
--- /dev/null
+++ b/pkg/client/clientset/versioned/typed/kyverno/v2alpha1/fake/fake_globalcontextentry.go
@@ -0,0 +1,132 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by client-gen. DO NOT EDIT.
+
+package fake
+
+import (
+	"context"
+
+	v2alpha1 "github.com/kyverno/kyverno/api/kyverno/v2alpha1"
+	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	labels "k8s.io/apimachinery/pkg/labels"
+	types "k8s.io/apimachinery/pkg/types"
+	watch "k8s.io/apimachinery/pkg/watch"
+	testing "k8s.io/client-go/testing"
+)
+
+// FakeGlobalContextEntries implements GlobalContextEntryInterface
+type FakeGlobalContextEntries struct {
+	Fake *FakeKyvernoV2alpha1
+}
+
+var globalcontextentriesResource = v2alpha1.SchemeGroupVersion.WithResource("globalcontextentries")
+
+var globalcontextentriesKind = v2alpha1.SchemeGroupVersion.WithKind("GlobalContextEntry")
+
+// Get takes name of the globalContextEntry, and returns the corresponding globalContextEntry object, and an error if there is any.
+func (c *FakeGlobalContextEntries) Get(ctx context.Context, name string, options v1.GetOptions) (result *v2alpha1.GlobalContextEntry, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewRootGetAction(globalcontextentriesResource, name), &v2alpha1.GlobalContextEntry{})
+	if obj == nil {
+		return nil, err
+	}
+	return obj.(*v2alpha1.GlobalContextEntry), err
+}
+
+// List takes label and field selectors, and returns the list of GlobalContextEntries that match those selectors.
+func (c *FakeGlobalContextEntries) List(ctx context.Context, opts v1.ListOptions) (result *v2alpha1.GlobalContextEntryList, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewRootListAction(globalcontextentriesResource, globalcontextentriesKind, opts), &v2alpha1.GlobalContextEntryList{})
+	if obj == nil {
+		return nil, err
+	}
+
+	label, _, _ := testing.ExtractFromListOptions(opts)
+	if label == nil {
+		label = labels.Everything()
+	}
+	list := &v2alpha1.GlobalContextEntryList{ListMeta: obj.(*v2alpha1.GlobalContextEntryList).ListMeta}
+	for _, item := range obj.(*v2alpha1.GlobalContextEntryList).Items {
+		if label.Matches(labels.Set(item.Labels)) {
+			list.Items = append(list.Items, item)
+		}
+	}
+	return list, err
+}
+
+// Watch returns a watch.Interface that watches the requested globalContextEntries.
+func (c *FakeGlobalContextEntries) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) {
+	return c.Fake.
+		InvokesWatch(testing.NewRootWatchAction(globalcontextentriesResource, opts))
+}
+
+// Create takes the representation of a globalContextEntry and creates it.  Returns the server's representation of the globalContextEntry, and an error, if there is any.
+func (c *FakeGlobalContextEntries) Create(ctx context.Context, globalContextEntry *v2alpha1.GlobalContextEntry, opts v1.CreateOptions) (result *v2alpha1.GlobalContextEntry, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewRootCreateAction(globalcontextentriesResource, globalContextEntry), &v2alpha1.GlobalContextEntry{})
+	if obj == nil {
+		return nil, err
+	}
+	return obj.(*v2alpha1.GlobalContextEntry), err
+}
+
+// Update takes the representation of a globalContextEntry and updates it. Returns the server's representation of the globalContextEntry, and an error, if there is any.
+func (c *FakeGlobalContextEntries) Update(ctx context.Context, globalContextEntry *v2alpha1.GlobalContextEntry, opts v1.UpdateOptions) (result *v2alpha1.GlobalContextEntry, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewRootUpdateAction(globalcontextentriesResource, globalContextEntry), &v2alpha1.GlobalContextEntry{})
+	if obj == nil {
+		return nil, err
+	}
+	return obj.(*v2alpha1.GlobalContextEntry), err
+}
+
+// UpdateStatus was generated because the type contains a Status member.
+// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus().
+func (c *FakeGlobalContextEntries) UpdateStatus(ctx context.Context, globalContextEntry *v2alpha1.GlobalContextEntry, opts v1.UpdateOptions) (*v2alpha1.GlobalContextEntry, error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewRootUpdateSubresourceAction(globalcontextentriesResource, "status", globalContextEntry), &v2alpha1.GlobalContextEntry{})
+	if obj == nil {
+		return nil, err
+	}
+	return obj.(*v2alpha1.GlobalContextEntry), err
+}
+
+// Delete takes name of the globalContextEntry and deletes it. Returns an error if one occurs.
+func (c *FakeGlobalContextEntries) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error {
+	_, err := c.Fake.
+		Invokes(testing.NewRootDeleteActionWithOptions(globalcontextentriesResource, name, opts), &v2alpha1.GlobalContextEntry{})
+	return err
+}
+
+// DeleteCollection deletes a collection of objects.
+func (c *FakeGlobalContextEntries) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error {
+	action := testing.NewRootDeleteCollectionAction(globalcontextentriesResource, listOpts)
+
+	_, err := c.Fake.Invokes(action, &v2alpha1.GlobalContextEntryList{})
+	return err
+}
+
+// Patch applies the patch and returns the patched globalContextEntry.
+func (c *FakeGlobalContextEntries) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v2alpha1.GlobalContextEntry, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewRootPatchSubresourceAction(globalcontextentriesResource, name, pt, data, subresources...), &v2alpha1.GlobalContextEntry{})
+	if obj == nil {
+		return nil, err
+	}
+	return obj.(*v2alpha1.GlobalContextEntry), err
+}
diff --git a/pkg/client/clientset/versioned/typed/kyverno/v2alpha1/fake/fake_kyverno_client.go b/pkg/client/clientset/versioned/typed/kyverno/v2alpha1/fake/fake_kyverno_client.go
index a476a09342..9f0cc853c5 100644
--- a/pkg/client/clientset/versioned/typed/kyverno/v2alpha1/fake/fake_kyverno_client.go
+++ b/pkg/client/clientset/versioned/typed/kyverno/v2alpha1/fake/fake_kyverno_client.go
@@ -36,6 +36,10 @@ func (c *FakeKyvernoV2alpha1) ClusterCleanupPolicies() v2alpha1.ClusterCleanupPo
 	return &FakeClusterCleanupPolicies{c}
 }
 
+func (c *FakeKyvernoV2alpha1) GlobalContextEntries() v2alpha1.GlobalContextEntryInterface {
+	return &FakeGlobalContextEntries{c}
+}
+
 func (c *FakeKyvernoV2alpha1) PolicyExceptions(namespace string) v2alpha1.PolicyExceptionInterface {
 	return &FakePolicyExceptions{c, namespace}
 }
diff --git a/pkg/client/clientset/versioned/typed/kyverno/v2alpha1/generated_expansion.go b/pkg/client/clientset/versioned/typed/kyverno/v2alpha1/generated_expansion.go
index 22b56fcb7d..2fc6ba8622 100644
--- a/pkg/client/clientset/versioned/typed/kyverno/v2alpha1/generated_expansion.go
+++ b/pkg/client/clientset/versioned/typed/kyverno/v2alpha1/generated_expansion.go
@@ -22,4 +22,6 @@ type CleanupPolicyExpansion interface{}
 
 type ClusterCleanupPolicyExpansion interface{}
 
+type GlobalContextEntryExpansion interface{}
+
 type PolicyExceptionExpansion interface{}
diff --git a/pkg/client/clientset/versioned/typed/kyverno/v2alpha1/globalcontextentry.go b/pkg/client/clientset/versioned/typed/kyverno/v2alpha1/globalcontextentry.go
new file mode 100644
index 0000000000..ee99525fae
--- /dev/null
+++ b/pkg/client/clientset/versioned/typed/kyverno/v2alpha1/globalcontextentry.go
@@ -0,0 +1,184 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by client-gen. DO NOT EDIT.
+
+package v2alpha1
+
+import (
+	"context"
+	"time"
+
+	v2alpha1 "github.com/kyverno/kyverno/api/kyverno/v2alpha1"
+	scheme "github.com/kyverno/kyverno/pkg/client/clientset/versioned/scheme"
+	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	types "k8s.io/apimachinery/pkg/types"
+	watch "k8s.io/apimachinery/pkg/watch"
+	rest "k8s.io/client-go/rest"
+)
+
+// GlobalContextEntriesGetter has a method to return a GlobalContextEntryInterface.
+// A group's client should implement this interface.
+type GlobalContextEntriesGetter interface {
+	GlobalContextEntries() GlobalContextEntryInterface
+}
+
+// GlobalContextEntryInterface has methods to work with GlobalContextEntry resources.
+type GlobalContextEntryInterface interface {
+	Create(ctx context.Context, globalContextEntry *v2alpha1.GlobalContextEntry, opts v1.CreateOptions) (*v2alpha1.GlobalContextEntry, error)
+	Update(ctx context.Context, globalContextEntry *v2alpha1.GlobalContextEntry, opts v1.UpdateOptions) (*v2alpha1.GlobalContextEntry, error)
+	UpdateStatus(ctx context.Context, globalContextEntry *v2alpha1.GlobalContextEntry, opts v1.UpdateOptions) (*v2alpha1.GlobalContextEntry, error)
+	Delete(ctx context.Context, name string, opts v1.DeleteOptions) error
+	DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error
+	Get(ctx context.Context, name string, opts v1.GetOptions) (*v2alpha1.GlobalContextEntry, error)
+	List(ctx context.Context, opts v1.ListOptions) (*v2alpha1.GlobalContextEntryList, error)
+	Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error)
+	Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v2alpha1.GlobalContextEntry, err error)
+	GlobalContextEntryExpansion
+}
+
+// globalContextEntries implements GlobalContextEntryInterface
+type globalContextEntries struct {
+	client rest.Interface
+}
+
+// newGlobalContextEntries returns a GlobalContextEntries
+func newGlobalContextEntries(c *KyvernoV2alpha1Client) *globalContextEntries {
+	return &globalContextEntries{
+		client: c.RESTClient(),
+	}
+}
+
+// Get takes name of the globalContextEntry, and returns the corresponding globalContextEntry object, and an error if there is any.
+func (c *globalContextEntries) Get(ctx context.Context, name string, options v1.GetOptions) (result *v2alpha1.GlobalContextEntry, err error) {
+	result = &v2alpha1.GlobalContextEntry{}
+	err = c.client.Get().
+		Resource("globalcontextentries").
+		Name(name).
+		VersionedParams(&options, scheme.ParameterCodec).
+		Do(ctx).
+		Into(result)
+	return
+}
+
+// List takes label and field selectors, and returns the list of GlobalContextEntries that match those selectors.
+func (c *globalContextEntries) List(ctx context.Context, opts v1.ListOptions) (result *v2alpha1.GlobalContextEntryList, err error) {
+	var timeout time.Duration
+	if opts.TimeoutSeconds != nil {
+		timeout = time.Duration(*opts.TimeoutSeconds) * time.Second
+	}
+	result = &v2alpha1.GlobalContextEntryList{}
+	err = c.client.Get().
+		Resource("globalcontextentries").
+		VersionedParams(&opts, scheme.ParameterCodec).
+		Timeout(timeout).
+		Do(ctx).
+		Into(result)
+	return
+}
+
+// Watch returns a watch.Interface that watches the requested globalContextEntries.
+func (c *globalContextEntries) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) {
+	var timeout time.Duration
+	if opts.TimeoutSeconds != nil {
+		timeout = time.Duration(*opts.TimeoutSeconds) * time.Second
+	}
+	opts.Watch = true
+	return c.client.Get().
+		Resource("globalcontextentries").
+		VersionedParams(&opts, scheme.ParameterCodec).
+		Timeout(timeout).
+		Watch(ctx)
+}
+
+// Create takes the representation of a globalContextEntry and creates it.  Returns the server's representation of the globalContextEntry, and an error, if there is any.
+func (c *globalContextEntries) Create(ctx context.Context, globalContextEntry *v2alpha1.GlobalContextEntry, opts v1.CreateOptions) (result *v2alpha1.GlobalContextEntry, err error) {
+	result = &v2alpha1.GlobalContextEntry{}
+	err = c.client.Post().
+		Resource("globalcontextentries").
+		VersionedParams(&opts, scheme.ParameterCodec).
+		Body(globalContextEntry).
+		Do(ctx).
+		Into(result)
+	return
+}
+
+// Update takes the representation of a globalContextEntry and updates it. Returns the server's representation of the globalContextEntry, and an error, if there is any.
+func (c *globalContextEntries) Update(ctx context.Context, globalContextEntry *v2alpha1.GlobalContextEntry, opts v1.UpdateOptions) (result *v2alpha1.GlobalContextEntry, err error) {
+	result = &v2alpha1.GlobalContextEntry{}
+	err = c.client.Put().
+		Resource("globalcontextentries").
+		Name(globalContextEntry.Name).
+		VersionedParams(&opts, scheme.ParameterCodec).
+		Body(globalContextEntry).
+		Do(ctx).
+		Into(result)
+	return
+}
+
+// UpdateStatus was generated because the type contains a Status member.
+// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus().
+func (c *globalContextEntries) UpdateStatus(ctx context.Context, globalContextEntry *v2alpha1.GlobalContextEntry, opts v1.UpdateOptions) (result *v2alpha1.GlobalContextEntry, err error) {
+	result = &v2alpha1.GlobalContextEntry{}
+	err = c.client.Put().
+		Resource("globalcontextentries").
+		Name(globalContextEntry.Name).
+		SubResource("status").
+		VersionedParams(&opts, scheme.ParameterCodec).
+		Body(globalContextEntry).
+		Do(ctx).
+		Into(result)
+	return
+}
+
+// Delete takes name of the globalContextEntry and deletes it. Returns an error if one occurs.
+func (c *globalContextEntries) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error {
+	return c.client.Delete().
+		Resource("globalcontextentries").
+		Name(name).
+		Body(&opts).
+		Do(ctx).
+		Error()
+}
+
+// DeleteCollection deletes a collection of objects.
+func (c *globalContextEntries) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error {
+	var timeout time.Duration
+	if listOpts.TimeoutSeconds != nil {
+		timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second
+	}
+	return c.client.Delete().
+		Resource("globalcontextentries").
+		VersionedParams(&listOpts, scheme.ParameterCodec).
+		Timeout(timeout).
+		Body(&opts).
+		Do(ctx).
+		Error()
+}
+
+// Patch applies the patch and returns the patched globalContextEntry.
+func (c *globalContextEntries) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v2alpha1.GlobalContextEntry, err error) {
+	result = &v2alpha1.GlobalContextEntry{}
+	err = c.client.Patch(pt).
+		Resource("globalcontextentries").
+		Name(name).
+		SubResource(subresources...).
+		VersionedParams(&opts, scheme.ParameterCodec).
+		Body(data).
+		Do(ctx).
+		Into(result)
+	return
+}
diff --git a/pkg/client/clientset/versioned/typed/kyverno/v2alpha1/kyverno_client.go b/pkg/client/clientset/versioned/typed/kyverno/v2alpha1/kyverno_client.go
index ab305eec2d..75cb096816 100644
--- a/pkg/client/clientset/versioned/typed/kyverno/v2alpha1/kyverno_client.go
+++ b/pkg/client/clientset/versioned/typed/kyverno/v2alpha1/kyverno_client.go
@@ -30,6 +30,7 @@ type KyvernoV2alpha1Interface interface {
 	RESTClient() rest.Interface
 	CleanupPoliciesGetter
 	ClusterCleanupPoliciesGetter
+	GlobalContextEntriesGetter
 	PolicyExceptionsGetter
 }
 
@@ -46,6 +47,10 @@ func (c *KyvernoV2alpha1Client) ClusterCleanupPolicies() ClusterCleanupPolicyInt
 	return newClusterCleanupPolicies(c)
 }
 
+func (c *KyvernoV2alpha1Client) GlobalContextEntries() GlobalContextEntryInterface {
+	return newGlobalContextEntries(c)
+}
+
 func (c *KyvernoV2alpha1Client) PolicyExceptions(namespace string) PolicyExceptionInterface {
 	return newPolicyExceptions(c, namespace)
 }
diff --git a/pkg/client/informers/externalversions/generic.go b/pkg/client/informers/externalversions/generic.go
index 52d5c7799f..b4e83dcb7f 100644
--- a/pkg/client/informers/externalversions/generic.go
+++ b/pkg/client/informers/externalversions/generic.go
@@ -102,6 +102,8 @@ func (f *sharedInformerFactory) ForResource(resource schema.GroupVersionResource
 		return &genericInformer{resource: resource.GroupResource(), informer: f.Kyverno().V2alpha1().CleanupPolicies().Informer()}, nil
 	case v2alpha1.SchemeGroupVersion.WithResource("clustercleanuppolicies"):
 		return &genericInformer{resource: resource.GroupResource(), informer: f.Kyverno().V2alpha1().ClusterCleanupPolicies().Informer()}, nil
+	case v2alpha1.SchemeGroupVersion.WithResource("globalcontextentries"):
+		return &genericInformer{resource: resource.GroupResource(), informer: f.Kyverno().V2alpha1().GlobalContextEntries().Informer()}, nil
 	case v2alpha1.SchemeGroupVersion.WithResource("policyexceptions"):
 		return &genericInformer{resource: resource.GroupResource(), informer: f.Kyverno().V2alpha1().PolicyExceptions().Informer()}, nil
 
diff --git a/pkg/client/informers/externalversions/kyverno/v2alpha1/globalcontextentry.go b/pkg/client/informers/externalversions/kyverno/v2alpha1/globalcontextentry.go
new file mode 100644
index 0000000000..817a2fd8b2
--- /dev/null
+++ b/pkg/client/informers/externalversions/kyverno/v2alpha1/globalcontextentry.go
@@ -0,0 +1,89 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by informer-gen. DO NOT EDIT.
+
+package v2alpha1
+
+import (
+	"context"
+	time "time"
+
+	kyvernov2alpha1 "github.com/kyverno/kyverno/api/kyverno/v2alpha1"
+	versioned "github.com/kyverno/kyverno/pkg/client/clientset/versioned"
+	internalinterfaces "github.com/kyverno/kyverno/pkg/client/informers/externalversions/internalinterfaces"
+	v2alpha1 "github.com/kyverno/kyverno/pkg/client/listers/kyverno/v2alpha1"
+	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	runtime "k8s.io/apimachinery/pkg/runtime"
+	watch "k8s.io/apimachinery/pkg/watch"
+	cache "k8s.io/client-go/tools/cache"
+)
+
+// GlobalContextEntryInformer provides access to a shared informer and lister for
+// GlobalContextEntries.
+type GlobalContextEntryInformer interface {
+	Informer() cache.SharedIndexInformer
+	Lister() v2alpha1.GlobalContextEntryLister
+}
+
+type globalContextEntryInformer struct {
+	factory          internalinterfaces.SharedInformerFactory
+	tweakListOptions internalinterfaces.TweakListOptionsFunc
+}
+
+// NewGlobalContextEntryInformer constructs a new informer for GlobalContextEntry type.
+// Always prefer using an informer factory to get a shared informer instead of getting an independent
+// one. This reduces memory footprint and number of connections to the server.
+func NewGlobalContextEntryInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer {
+	return NewFilteredGlobalContextEntryInformer(client, resyncPeriod, indexers, nil)
+}
+
+// NewFilteredGlobalContextEntryInformer constructs a new informer for GlobalContextEntry type.
+// Always prefer using an informer factory to get a shared informer instead of getting an independent
+// one. This reduces memory footprint and number of connections to the server.
+func NewFilteredGlobalContextEntryInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer {
+	return cache.NewSharedIndexInformer(
+		&cache.ListWatch{
+			ListFunc: func(options v1.ListOptions) (runtime.Object, error) {
+				if tweakListOptions != nil {
+					tweakListOptions(&options)
+				}
+				return client.KyvernoV2alpha1().GlobalContextEntries().List(context.TODO(), options)
+			},
+			WatchFunc: func(options v1.ListOptions) (watch.Interface, error) {
+				if tweakListOptions != nil {
+					tweakListOptions(&options)
+				}
+				return client.KyvernoV2alpha1().GlobalContextEntries().Watch(context.TODO(), options)
+			},
+		},
+		&kyvernov2alpha1.GlobalContextEntry{},
+		resyncPeriod,
+		indexers,
+	)
+}
+
+func (f *globalContextEntryInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer {
+	return NewFilteredGlobalContextEntryInformer(client, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions)
+}
+
+func (f *globalContextEntryInformer) Informer() cache.SharedIndexInformer {
+	return f.factory.InformerFor(&kyvernov2alpha1.GlobalContextEntry{}, f.defaultInformer)
+}
+
+func (f *globalContextEntryInformer) Lister() v2alpha1.GlobalContextEntryLister {
+	return v2alpha1.NewGlobalContextEntryLister(f.Informer().GetIndexer())
+}
diff --git a/pkg/client/informers/externalversions/kyverno/v2alpha1/interface.go b/pkg/client/informers/externalversions/kyverno/v2alpha1/interface.go
index 039139f326..516af0c7fa 100644
--- a/pkg/client/informers/externalversions/kyverno/v2alpha1/interface.go
+++ b/pkg/client/informers/externalversions/kyverno/v2alpha1/interface.go
@@ -28,6 +28,8 @@ type Interface interface {
 	CleanupPolicies() CleanupPolicyInformer
 	// ClusterCleanupPolicies returns a ClusterCleanupPolicyInformer.
 	ClusterCleanupPolicies() ClusterCleanupPolicyInformer
+	// GlobalContextEntries returns a GlobalContextEntryInformer.
+	GlobalContextEntries() GlobalContextEntryInformer
 	// PolicyExceptions returns a PolicyExceptionInformer.
 	PolicyExceptions() PolicyExceptionInformer
 }
@@ -53,6 +55,11 @@ func (v *version) ClusterCleanupPolicies() ClusterCleanupPolicyInformer {
 	return &clusterCleanupPolicyInformer{factory: v.factory, tweakListOptions: v.tweakListOptions}
 }
 
+// GlobalContextEntries returns a GlobalContextEntryInformer.
+func (v *version) GlobalContextEntries() GlobalContextEntryInformer {
+	return &globalContextEntryInformer{factory: v.factory, tweakListOptions: v.tweakListOptions}
+}
+
 // PolicyExceptions returns a PolicyExceptionInformer.
 func (v *version) PolicyExceptions() PolicyExceptionInformer {
 	return &policyExceptionInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions}
diff --git a/pkg/client/listers/kyverno/v2alpha1/expansion_generated.go b/pkg/client/listers/kyverno/v2alpha1/expansion_generated.go
index 2dc0588a8a..fe8a7b2368 100644
--- a/pkg/client/listers/kyverno/v2alpha1/expansion_generated.go
+++ b/pkg/client/listers/kyverno/v2alpha1/expansion_generated.go
@@ -30,6 +30,10 @@ type CleanupPolicyNamespaceListerExpansion interface{}
 // ClusterCleanupPolicyLister.
 type ClusterCleanupPolicyListerExpansion interface{}
 
+// GlobalContextEntryListerExpansion allows custom methods to be added to
+// GlobalContextEntryLister.
+type GlobalContextEntryListerExpansion interface{}
+
 // PolicyExceptionListerExpansion allows custom methods to be added to
 // PolicyExceptionLister.
 type PolicyExceptionListerExpansion interface{}
diff --git a/pkg/client/listers/kyverno/v2alpha1/globalcontextentry.go b/pkg/client/listers/kyverno/v2alpha1/globalcontextentry.go
new file mode 100644
index 0000000000..1ec64d543b
--- /dev/null
+++ b/pkg/client/listers/kyverno/v2alpha1/globalcontextentry.go
@@ -0,0 +1,68 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by lister-gen. DO NOT EDIT.
+
+package v2alpha1
+
+import (
+	v2alpha1 "github.com/kyverno/kyverno/api/kyverno/v2alpha1"
+	"k8s.io/apimachinery/pkg/api/errors"
+	"k8s.io/apimachinery/pkg/labels"
+	"k8s.io/client-go/tools/cache"
+)
+
+// GlobalContextEntryLister helps list GlobalContextEntries.
+// All objects returned here must be treated as read-only.
+type GlobalContextEntryLister interface {
+	// List lists all GlobalContextEntries in the indexer.
+	// Objects returned here must be treated as read-only.
+	List(selector labels.Selector) (ret []*v2alpha1.GlobalContextEntry, err error)
+	// Get retrieves the GlobalContextEntry from the index for a given name.
+	// Objects returned here must be treated as read-only.
+	Get(name string) (*v2alpha1.GlobalContextEntry, error)
+	GlobalContextEntryListerExpansion
+}
+
+// globalContextEntryLister implements the GlobalContextEntryLister interface.
+type globalContextEntryLister struct {
+	indexer cache.Indexer
+}
+
+// NewGlobalContextEntryLister returns a new GlobalContextEntryLister.
+func NewGlobalContextEntryLister(indexer cache.Indexer) GlobalContextEntryLister {
+	return &globalContextEntryLister{indexer: indexer}
+}
+
+// List lists all GlobalContextEntries in the indexer.
+func (s *globalContextEntryLister) List(selector labels.Selector) (ret []*v2alpha1.GlobalContextEntry, err error) {
+	err = cache.ListAll(s.indexer, selector, func(m interface{}) {
+		ret = append(ret, m.(*v2alpha1.GlobalContextEntry))
+	})
+	return ret, err
+}
+
+// Get retrieves the GlobalContextEntry from the index for a given name.
+func (s *globalContextEntryLister) Get(name string) (*v2alpha1.GlobalContextEntry, error) {
+	obj, exists, err := s.indexer.GetByKey(name)
+	if err != nil {
+		return nil, err
+	}
+	if !exists {
+		return nil, errors.NewNotFound(v2alpha1.Resource("globalcontextentry"), name)
+	}
+	return obj.(*v2alpha1.GlobalContextEntry), nil
+}
diff --git a/pkg/clients/kyverno/kyvernov2alpha1/client.generated.go b/pkg/clients/kyverno/kyvernov2alpha1/client.generated.go
index 5c223d8212..b17da9abdf 100644
--- a/pkg/clients/kyverno/kyvernov2alpha1/client.generated.go
+++ b/pkg/clients/kyverno/kyvernov2alpha1/client.generated.go
@@ -5,6 +5,7 @@ import (
 	github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_kyverno_v2alpha1 "github.com/kyverno/kyverno/pkg/client/clientset/versioned/typed/kyverno/v2alpha1"
 	cleanuppolicies "github.com/kyverno/kyverno/pkg/clients/kyverno/kyvernov2alpha1/cleanuppolicies"
 	clustercleanuppolicies "github.com/kyverno/kyverno/pkg/clients/kyverno/kyvernov2alpha1/clustercleanuppolicies"
+	globalcontextentries "github.com/kyverno/kyverno/pkg/clients/kyverno/kyvernov2alpha1/globalcontextentries"
 	policyexceptions "github.com/kyverno/kyverno/pkg/clients/kyverno/kyvernov2alpha1/policyexceptions"
 	"github.com/kyverno/kyverno/pkg/metrics"
 	"k8s.io/client-go/rest"
@@ -39,6 +40,10 @@ func (c *withMetrics) ClusterCleanupPolicies() github_com_kyverno_kyverno_pkg_cl
 	recorder := metrics.ClusteredClientQueryRecorder(c.metrics, "ClusterCleanupPolicy", c.clientType)
 	return clustercleanuppolicies.WithMetrics(c.inner.ClusterCleanupPolicies(), recorder)
 }
+func (c *withMetrics) GlobalContextEntries() github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_kyverno_v2alpha1.GlobalContextEntryInterface {
+	recorder := metrics.ClusteredClientQueryRecorder(c.metrics, "GlobalContextEntry", c.clientType)
+	return globalcontextentries.WithMetrics(c.inner.GlobalContextEntries(), recorder)
+}
 func (c *withMetrics) PolicyExceptions(namespace string) github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_kyverno_v2alpha1.PolicyExceptionInterface {
 	recorder := metrics.NamespacedClientQueryRecorder(c.metrics, namespace, "PolicyException", c.clientType)
 	return policyexceptions.WithMetrics(c.inner.PolicyExceptions(namespace), recorder)
@@ -58,6 +63,9 @@ func (c *withTracing) CleanupPolicies(namespace string) github_com_kyverno_kyver
 func (c *withTracing) ClusterCleanupPolicies() github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_kyverno_v2alpha1.ClusterCleanupPolicyInterface {
 	return clustercleanuppolicies.WithTracing(c.inner.ClusterCleanupPolicies(), c.client, "ClusterCleanupPolicy")
 }
+func (c *withTracing) GlobalContextEntries() github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_kyverno_v2alpha1.GlobalContextEntryInterface {
+	return globalcontextentries.WithTracing(c.inner.GlobalContextEntries(), c.client, "GlobalContextEntry")
+}
 func (c *withTracing) PolicyExceptions(namespace string) github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_kyverno_v2alpha1.PolicyExceptionInterface {
 	return policyexceptions.WithTracing(c.inner.PolicyExceptions(namespace), c.client, "PolicyException")
 }
@@ -76,6 +84,9 @@ func (c *withLogging) CleanupPolicies(namespace string) github_com_kyverno_kyver
 func (c *withLogging) ClusterCleanupPolicies() github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_kyverno_v2alpha1.ClusterCleanupPolicyInterface {
 	return clustercleanuppolicies.WithLogging(c.inner.ClusterCleanupPolicies(), c.logger.WithValues("resource", "ClusterCleanupPolicies"))
 }
+func (c *withLogging) GlobalContextEntries() github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_kyverno_v2alpha1.GlobalContextEntryInterface {
+	return globalcontextentries.WithLogging(c.inner.GlobalContextEntries(), c.logger.WithValues("resource", "GlobalContextEntries"))
+}
 func (c *withLogging) PolicyExceptions(namespace string) github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_kyverno_v2alpha1.PolicyExceptionInterface {
 	return policyexceptions.WithLogging(c.inner.PolicyExceptions(namespace), c.logger.WithValues("resource", "PolicyExceptions").WithValues("namespace", namespace))
 }
diff --git a/pkg/clients/kyverno/kyvernov2alpha1/globalcontextentries/resource.generated.go b/pkg/clients/kyverno/kyvernov2alpha1/globalcontextentries/resource.generated.go
new file mode 100644
index 0000000000..9ffc9ac057
--- /dev/null
+++ b/pkg/clients/kyverno/kyvernov2alpha1/globalcontextentries/resource.generated.go
@@ -0,0 +1,373 @@
+package resource
+
+import (
+	context "context"
+	"fmt"
+	"time"
+
+	"github.com/go-logr/logr"
+	github_com_kyverno_kyverno_api_kyverno_v2alpha1 "github.com/kyverno/kyverno/api/kyverno/v2alpha1"
+	github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_kyverno_v2alpha1 "github.com/kyverno/kyverno/pkg/client/clientset/versioned/typed/kyverno/v2alpha1"
+	"github.com/kyverno/kyverno/pkg/metrics"
+	"github.com/kyverno/kyverno/pkg/tracing"
+	"go.opentelemetry.io/otel/trace"
+	"go.uber.org/multierr"
+	k8s_io_apimachinery_pkg_apis_meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	k8s_io_apimachinery_pkg_types "k8s.io/apimachinery/pkg/types"
+	k8s_io_apimachinery_pkg_watch "k8s.io/apimachinery/pkg/watch"
+)
+
+func WithLogging(inner github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_kyverno_v2alpha1.GlobalContextEntryInterface, logger logr.Logger) github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_kyverno_v2alpha1.GlobalContextEntryInterface {
+	return &withLogging{inner, logger}
+}
+
+func WithMetrics(inner github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_kyverno_v2alpha1.GlobalContextEntryInterface, recorder metrics.Recorder) github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_kyverno_v2alpha1.GlobalContextEntryInterface {
+	return &withMetrics{inner, recorder}
+}
+
+func WithTracing(inner github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_kyverno_v2alpha1.GlobalContextEntryInterface, client, kind string) github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_kyverno_v2alpha1.GlobalContextEntryInterface {
+	return &withTracing{inner, client, kind}
+}
+
+type withLogging struct {
+	inner  github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_kyverno_v2alpha1.GlobalContextEntryInterface
+	logger logr.Logger
+}
+
+func (c *withLogging) Create(arg0 context.Context, arg1 *github_com_kyverno_kyverno_api_kyverno_v2alpha1.GlobalContextEntry, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.CreateOptions) (*github_com_kyverno_kyverno_api_kyverno_v2alpha1.GlobalContextEntry, error) {
+	start := time.Now()
+	logger := c.logger.WithValues("operation", "Create")
+	ret0, ret1 := c.inner.Create(arg0, arg1, arg2)
+	if err := multierr.Combine(ret1); err != nil {
+		logger.Error(err, "Create failed", "duration", time.Since(start))
+	} else {
+		logger.Info("Create done", "duration", time.Since(start))
+	}
+	return ret0, ret1
+}
+func (c *withLogging) Delete(arg0 context.Context, arg1 string, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.DeleteOptions) error {
+	start := time.Now()
+	logger := c.logger.WithValues("operation", "Delete")
+	ret0 := c.inner.Delete(arg0, arg1, arg2)
+	if err := multierr.Combine(ret0); err != nil {
+		logger.Error(err, "Delete failed", "duration", time.Since(start))
+	} else {
+		logger.Info("Delete done", "duration", time.Since(start))
+	}
+	return ret0
+}
+func (c *withLogging) DeleteCollection(arg0 context.Context, arg1 k8s_io_apimachinery_pkg_apis_meta_v1.DeleteOptions, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.ListOptions) error {
+	start := time.Now()
+	logger := c.logger.WithValues("operation", "DeleteCollection")
+	ret0 := c.inner.DeleteCollection(arg0, arg1, arg2)
+	if err := multierr.Combine(ret0); err != nil {
+		logger.Error(err, "DeleteCollection failed", "duration", time.Since(start))
+	} else {
+		logger.Info("DeleteCollection done", "duration", time.Since(start))
+	}
+	return ret0
+}
+func (c *withLogging) Get(arg0 context.Context, arg1 string, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.GetOptions) (*github_com_kyverno_kyverno_api_kyverno_v2alpha1.GlobalContextEntry, error) {
+	start := time.Now()
+	logger := c.logger.WithValues("operation", "Get")
+	ret0, ret1 := c.inner.Get(arg0, arg1, arg2)
+	if err := multierr.Combine(ret1); err != nil {
+		logger.Error(err, "Get failed", "duration", time.Since(start))
+	} else {
+		logger.Info("Get done", "duration", time.Since(start))
+	}
+	return ret0, ret1
+}
+func (c *withLogging) List(arg0 context.Context, arg1 k8s_io_apimachinery_pkg_apis_meta_v1.ListOptions) (*github_com_kyverno_kyverno_api_kyverno_v2alpha1.GlobalContextEntryList, error) {
+	start := time.Now()
+	logger := c.logger.WithValues("operation", "List")
+	ret0, ret1 := c.inner.List(arg0, arg1)
+	if err := multierr.Combine(ret1); err != nil {
+		logger.Error(err, "List failed", "duration", time.Since(start))
+	} else {
+		logger.Info("List done", "duration", time.Since(start))
+	}
+	return ret0, ret1
+}
+func (c *withLogging) Patch(arg0 context.Context, arg1 string, arg2 k8s_io_apimachinery_pkg_types.PatchType, arg3 []uint8, arg4 k8s_io_apimachinery_pkg_apis_meta_v1.PatchOptions, arg5 ...string) (*github_com_kyverno_kyverno_api_kyverno_v2alpha1.GlobalContextEntry, error) {
+	start := time.Now()
+	logger := c.logger.WithValues("operation", "Patch")
+	ret0, ret1 := c.inner.Patch(arg0, arg1, arg2, arg3, arg4, arg5...)
+	if err := multierr.Combine(ret1); err != nil {
+		logger.Error(err, "Patch failed", "duration", time.Since(start))
+	} else {
+		logger.Info("Patch done", "duration", time.Since(start))
+	}
+	return ret0, ret1
+}
+func (c *withLogging) Update(arg0 context.Context, arg1 *github_com_kyverno_kyverno_api_kyverno_v2alpha1.GlobalContextEntry, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.UpdateOptions) (*github_com_kyverno_kyverno_api_kyverno_v2alpha1.GlobalContextEntry, error) {
+	start := time.Now()
+	logger := c.logger.WithValues("operation", "Update")
+	ret0, ret1 := c.inner.Update(arg0, arg1, arg2)
+	if err := multierr.Combine(ret1); err != nil {
+		logger.Error(err, "Update failed", "duration", time.Since(start))
+	} else {
+		logger.Info("Update done", "duration", time.Since(start))
+	}
+	return ret0, ret1
+}
+func (c *withLogging) UpdateStatus(arg0 context.Context, arg1 *github_com_kyverno_kyverno_api_kyverno_v2alpha1.GlobalContextEntry, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.UpdateOptions) (*github_com_kyverno_kyverno_api_kyverno_v2alpha1.GlobalContextEntry, error) {
+	start := time.Now()
+	logger := c.logger.WithValues("operation", "UpdateStatus")
+	ret0, ret1 := c.inner.UpdateStatus(arg0, arg1, arg2)
+	if err := multierr.Combine(ret1); err != nil {
+		logger.Error(err, "UpdateStatus failed", "duration", time.Since(start))
+	} else {
+		logger.Info("UpdateStatus done", "duration", time.Since(start))
+	}
+	return ret0, ret1
+}
+func (c *withLogging) Watch(arg0 context.Context, arg1 k8s_io_apimachinery_pkg_apis_meta_v1.ListOptions) (k8s_io_apimachinery_pkg_watch.Interface, error) {
+	start := time.Now()
+	logger := c.logger.WithValues("operation", "Watch")
+	ret0, ret1 := c.inner.Watch(arg0, arg1)
+	if err := multierr.Combine(ret1); err != nil {
+		logger.Error(err, "Watch failed", "duration", time.Since(start))
+	} else {
+		logger.Info("Watch done", "duration", time.Since(start))
+	}
+	return ret0, ret1
+}
+
+type withMetrics struct {
+	inner    github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_kyverno_v2alpha1.GlobalContextEntryInterface
+	recorder metrics.Recorder
+}
+
+func (c *withMetrics) Create(arg0 context.Context, arg1 *github_com_kyverno_kyverno_api_kyverno_v2alpha1.GlobalContextEntry, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.CreateOptions) (*github_com_kyverno_kyverno_api_kyverno_v2alpha1.GlobalContextEntry, error) {
+	defer c.recorder.RecordWithContext(arg0, "create")
+	return c.inner.Create(arg0, arg1, arg2)
+}
+func (c *withMetrics) Delete(arg0 context.Context, arg1 string, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.DeleteOptions) error {
+	defer c.recorder.RecordWithContext(arg0, "delete")
+	return c.inner.Delete(arg0, arg1, arg2)
+}
+func (c *withMetrics) DeleteCollection(arg0 context.Context, arg1 k8s_io_apimachinery_pkg_apis_meta_v1.DeleteOptions, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.ListOptions) error {
+	defer c.recorder.RecordWithContext(arg0, "delete_collection")
+	return c.inner.DeleteCollection(arg0, arg1, arg2)
+}
+func (c *withMetrics) Get(arg0 context.Context, arg1 string, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.GetOptions) (*github_com_kyverno_kyverno_api_kyverno_v2alpha1.GlobalContextEntry, error) {
+	defer c.recorder.RecordWithContext(arg0, "get")
+	return c.inner.Get(arg0, arg1, arg2)
+}
+func (c *withMetrics) List(arg0 context.Context, arg1 k8s_io_apimachinery_pkg_apis_meta_v1.ListOptions) (*github_com_kyverno_kyverno_api_kyverno_v2alpha1.GlobalContextEntryList, error) {
+	defer c.recorder.RecordWithContext(arg0, "list")
+	return c.inner.List(arg0, arg1)
+}
+func (c *withMetrics) Patch(arg0 context.Context, arg1 string, arg2 k8s_io_apimachinery_pkg_types.PatchType, arg3 []uint8, arg4 k8s_io_apimachinery_pkg_apis_meta_v1.PatchOptions, arg5 ...string) (*github_com_kyverno_kyverno_api_kyverno_v2alpha1.GlobalContextEntry, error) {
+	defer c.recorder.RecordWithContext(arg0, "patch")
+	return c.inner.Patch(arg0, arg1, arg2, arg3, arg4, arg5...)
+}
+func (c *withMetrics) Update(arg0 context.Context, arg1 *github_com_kyverno_kyverno_api_kyverno_v2alpha1.GlobalContextEntry, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.UpdateOptions) (*github_com_kyverno_kyverno_api_kyverno_v2alpha1.GlobalContextEntry, error) {
+	defer c.recorder.RecordWithContext(arg0, "update")
+	return c.inner.Update(arg0, arg1, arg2)
+}
+func (c *withMetrics) UpdateStatus(arg0 context.Context, arg1 *github_com_kyverno_kyverno_api_kyverno_v2alpha1.GlobalContextEntry, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.UpdateOptions) (*github_com_kyverno_kyverno_api_kyverno_v2alpha1.GlobalContextEntry, error) {
+	defer c.recorder.RecordWithContext(arg0, "update_status")
+	return c.inner.UpdateStatus(arg0, arg1, arg2)
+}
+func (c *withMetrics) Watch(arg0 context.Context, arg1 k8s_io_apimachinery_pkg_apis_meta_v1.ListOptions) (k8s_io_apimachinery_pkg_watch.Interface, error) {
+	defer c.recorder.RecordWithContext(arg0, "watch")
+	return c.inner.Watch(arg0, arg1)
+}
+
+type withTracing struct {
+	inner  github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_kyverno_v2alpha1.GlobalContextEntryInterface
+	client string
+	kind   string
+}
+
+func (c *withTracing) Create(arg0 context.Context, arg1 *github_com_kyverno_kyverno_api_kyverno_v2alpha1.GlobalContextEntry, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.CreateOptions) (*github_com_kyverno_kyverno_api_kyverno_v2alpha1.GlobalContextEntry, error) {
+	var span trace.Span
+	if tracing.IsInSpan(arg0) {
+		arg0, span = tracing.StartChildSpan(
+			arg0,
+			"",
+			fmt.Sprintf("KUBE %s/%s/%s", c.client, c.kind, "Create"),
+			trace.WithAttributes(
+				tracing.KubeClientGroupKey.String(c.client),
+				tracing.KubeClientKindKey.String(c.kind),
+				tracing.KubeClientOperationKey.String("Create"),
+			),
+		)
+		defer span.End()
+	}
+	ret0, ret1 := c.inner.Create(arg0, arg1, arg2)
+	if span != nil {
+		tracing.SetSpanStatus(span, ret1)
+	}
+	return ret0, ret1
+}
+func (c *withTracing) Delete(arg0 context.Context, arg1 string, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.DeleteOptions) error {
+	var span trace.Span
+	if tracing.IsInSpan(arg0) {
+		arg0, span = tracing.StartChildSpan(
+			arg0,
+			"",
+			fmt.Sprintf("KUBE %s/%s/%s", c.client, c.kind, "Delete"),
+			trace.WithAttributes(
+				tracing.KubeClientGroupKey.String(c.client),
+				tracing.KubeClientKindKey.String(c.kind),
+				tracing.KubeClientOperationKey.String("Delete"),
+			),
+		)
+		defer span.End()
+	}
+	ret0 := c.inner.Delete(arg0, arg1, arg2)
+	if span != nil {
+		tracing.SetSpanStatus(span, ret0)
+	}
+	return ret0
+}
+func (c *withTracing) DeleteCollection(arg0 context.Context, arg1 k8s_io_apimachinery_pkg_apis_meta_v1.DeleteOptions, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.ListOptions) error {
+	var span trace.Span
+	if tracing.IsInSpan(arg0) {
+		arg0, span = tracing.StartChildSpan(
+			arg0,
+			"",
+			fmt.Sprintf("KUBE %s/%s/%s", c.client, c.kind, "DeleteCollection"),
+			trace.WithAttributes(
+				tracing.KubeClientGroupKey.String(c.client),
+				tracing.KubeClientKindKey.String(c.kind),
+				tracing.KubeClientOperationKey.String("DeleteCollection"),
+			),
+		)
+		defer span.End()
+	}
+	ret0 := c.inner.DeleteCollection(arg0, arg1, arg2)
+	if span != nil {
+		tracing.SetSpanStatus(span, ret0)
+	}
+	return ret0
+}
+func (c *withTracing) Get(arg0 context.Context, arg1 string, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.GetOptions) (*github_com_kyverno_kyverno_api_kyverno_v2alpha1.GlobalContextEntry, error) {
+	var span trace.Span
+	if tracing.IsInSpan(arg0) {
+		arg0, span = tracing.StartChildSpan(
+			arg0,
+			"",
+			fmt.Sprintf("KUBE %s/%s/%s", c.client, c.kind, "Get"),
+			trace.WithAttributes(
+				tracing.KubeClientGroupKey.String(c.client),
+				tracing.KubeClientKindKey.String(c.kind),
+				tracing.KubeClientOperationKey.String("Get"),
+			),
+		)
+		defer span.End()
+	}
+	ret0, ret1 := c.inner.Get(arg0, arg1, arg2)
+	if span != nil {
+		tracing.SetSpanStatus(span, ret1)
+	}
+	return ret0, ret1
+}
+func (c *withTracing) List(arg0 context.Context, arg1 k8s_io_apimachinery_pkg_apis_meta_v1.ListOptions) (*github_com_kyverno_kyverno_api_kyverno_v2alpha1.GlobalContextEntryList, error) {
+	var span trace.Span
+	if tracing.IsInSpan(arg0) {
+		arg0, span = tracing.StartChildSpan(
+			arg0,
+			"",
+			fmt.Sprintf("KUBE %s/%s/%s", c.client, c.kind, "List"),
+			trace.WithAttributes(
+				tracing.KubeClientGroupKey.String(c.client),
+				tracing.KubeClientKindKey.String(c.kind),
+				tracing.KubeClientOperationKey.String("List"),
+			),
+		)
+		defer span.End()
+	}
+	ret0, ret1 := c.inner.List(arg0, arg1)
+	if span != nil {
+		tracing.SetSpanStatus(span, ret1)
+	}
+	return ret0, ret1
+}
+func (c *withTracing) Patch(arg0 context.Context, arg1 string, arg2 k8s_io_apimachinery_pkg_types.PatchType, arg3 []uint8, arg4 k8s_io_apimachinery_pkg_apis_meta_v1.PatchOptions, arg5 ...string) (*github_com_kyverno_kyverno_api_kyverno_v2alpha1.GlobalContextEntry, error) {
+	var span trace.Span
+	if tracing.IsInSpan(arg0) {
+		arg0, span = tracing.StartChildSpan(
+			arg0,
+			"",
+			fmt.Sprintf("KUBE %s/%s/%s", c.client, c.kind, "Patch"),
+			trace.WithAttributes(
+				tracing.KubeClientGroupKey.String(c.client),
+				tracing.KubeClientKindKey.String(c.kind),
+				tracing.KubeClientOperationKey.String("Patch"),
+			),
+		)
+		defer span.End()
+	}
+	ret0, ret1 := c.inner.Patch(arg0, arg1, arg2, arg3, arg4, arg5...)
+	if span != nil {
+		tracing.SetSpanStatus(span, ret1)
+	}
+	return ret0, ret1
+}
+func (c *withTracing) Update(arg0 context.Context, arg1 *github_com_kyverno_kyverno_api_kyverno_v2alpha1.GlobalContextEntry, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.UpdateOptions) (*github_com_kyverno_kyverno_api_kyverno_v2alpha1.GlobalContextEntry, error) {
+	var span trace.Span
+	if tracing.IsInSpan(arg0) {
+		arg0, span = tracing.StartChildSpan(
+			arg0,
+			"",
+			fmt.Sprintf("KUBE %s/%s/%s", c.client, c.kind, "Update"),
+			trace.WithAttributes(
+				tracing.KubeClientGroupKey.String(c.client),
+				tracing.KubeClientKindKey.String(c.kind),
+				tracing.KubeClientOperationKey.String("Update"),
+			),
+		)
+		defer span.End()
+	}
+	ret0, ret1 := c.inner.Update(arg0, arg1, arg2)
+	if span != nil {
+		tracing.SetSpanStatus(span, ret1)
+	}
+	return ret0, ret1
+}
+func (c *withTracing) UpdateStatus(arg0 context.Context, arg1 *github_com_kyverno_kyverno_api_kyverno_v2alpha1.GlobalContextEntry, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.UpdateOptions) (*github_com_kyverno_kyverno_api_kyverno_v2alpha1.GlobalContextEntry, error) {
+	var span trace.Span
+	if tracing.IsInSpan(arg0) {
+		arg0, span = tracing.StartChildSpan(
+			arg0,
+			"",
+			fmt.Sprintf("KUBE %s/%s/%s", c.client, c.kind, "UpdateStatus"),
+			trace.WithAttributes(
+				tracing.KubeClientGroupKey.String(c.client),
+				tracing.KubeClientKindKey.String(c.kind),
+				tracing.KubeClientOperationKey.String("UpdateStatus"),
+			),
+		)
+		defer span.End()
+	}
+	ret0, ret1 := c.inner.UpdateStatus(arg0, arg1, arg2)
+	if span != nil {
+		tracing.SetSpanStatus(span, ret1)
+	}
+	return ret0, ret1
+}
+func (c *withTracing) Watch(arg0 context.Context, arg1 k8s_io_apimachinery_pkg_apis_meta_v1.ListOptions) (k8s_io_apimachinery_pkg_watch.Interface, error) {
+	var span trace.Span
+	if tracing.IsInSpan(arg0) {
+		arg0, span = tracing.StartChildSpan(
+			arg0,
+			"",
+			fmt.Sprintf("KUBE %s/%s/%s", c.client, c.kind, "Watch"),
+			trace.WithAttributes(
+				tracing.KubeClientGroupKey.String(c.client),
+				tracing.KubeClientKindKey.String(c.kind),
+				tracing.KubeClientOperationKey.String("Watch"),
+			),
+		)
+		defer span.End()
+	}
+	ret0, ret1 := c.inner.Watch(arg0, arg1)
+	if span != nil {
+		tracing.SetSpanStatus(span, ret1)
+	}
+	return ret0, ret1
+}