mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-31 03:45:17 +00:00
Code Activity

update crd manifests

Browse source
This commit is contained in:
Shuting Zhao 2020-11-15 22:47:55 -08:00
parent 46b1b7a0a0
commit 1e00ef27d0
6 changed files with 1312 additions and 830 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

536
charts/kyverno/crds/crds.yaml
View file

File diff suppressed because it is too large Load diff

252
definitions/crds/kyverno.io_clusterpolicies.yaml
View file

@ -48,20 +48,26 @@ spec:
background:
default: true
description: Background controls if rules are applied to existing
resources during a background scan. Default value is "true".
resources during a background scan. Optional. Default value is "true".
The value must be set to "false" if the policy rule uses variables
that are only available in the admission review request (e.g. user
name).
type: boolean
rules:
description: Rules contains the list of rules to be applied to resources.
description: Rules is a list of Rule instances
items:
description: Rule contains a mutation, validation, or generation
action for the single resource description.
description: Rule defines a validation, mutation, or generation
control for matching resources.
properties:
context:
description: Defines variables that can be used during rule
execution.
description: Context defines data sources and variables that
can be used during rule execution.
items:
description: ContextEntry adds variables and data sources
to a rule Context
properties:
configMap:
description: ConfigMapReference refers to a ConfigMap
properties:
name:
type: string
@ -73,37 +79,46 @@ spec:
type: object
type: array
exclude:
description: Selects resources for which the policy rule should
not be applied.
description: ExcludeResources selects resources to which the
policy rule should not be applied.
properties:
clusterRoles:
description: Specifies list of cluster wide role names.
description: ClusterRoles is the list of cluster-wide role
names for the user.
items:
type: string
type: array
resources:
description: Specifies resources to which rule is excluded.
description: ResourceDescription contains information about
the resource being created or modified.
properties:
annotations:
additionalProperties:
type: string
description: Specifies map of annotations.
description: Annotations is a map of annotations (string
key-value pairs). Annotation values supports wildcard
characters "*" (matches zero or many characters) and
"?" (at least one character).
type: object
kinds:
description: Specifies list of resource kind.
description: Kinds is a list of resource kinds.
items:
type: string
type: array
name:
description: Specifies name of the resource.
description: Name is the name of the resource. The name
supports wildcard characters "*" (matches zero or
many characters) and "?" (at least one character).
type: string
namespaces:
description: Specifies list of namespaces.
description: Namespaces is a list of namespaces names.
Each name supports wildcard characters "*" (matches
zero or many characters) and "?" (at least one character).
items:
type: string
type: array
selector:
description: Specifies the set of selectors.
description: Selector is a label selector.
properties:
matchExpressions:
description: matchExpressions is a list of label
@ -150,13 +165,14 @@ spec:
type: object
type: object
roles:
description: Specifies list of namespaced role names.
description: Roles is the list of namespaced role names
for the user.
items:
type: string
type: array
subjects:
description: Specifies list of subject names like users,
user groups, and service accounts.
description: Subjects is the list of subject names like
users, user groups, and service accounts.
items:
description: Subject contains a reference to the object
or user identities a role binding applies to. This
@ -192,73 +208,85 @@ spec:
type: array
type: object
generate:
description: Generates new resources.
description: Generation creates new resources.
properties:
apiVersion:
description: Specifies resource apiVersion.
description: APIVersion specifies resource apiVersion.
type: string
clone:
description: To clone resource from other resource.
description: Clone specified the source resource used to
populate each generated resource. Exactly one of Data
or Clone must be specified.
properties:
name:
description: Specifies name of the resource.
description: Name specifies name of the resource.
type: string
namespace:
description: Specifies resource namespace.
description: Namespace specifies source resource namespace.
type: string
type: object
data:
description: Data specifies the resource manifest to be
generated.
description: Data provides the resource manifest to used
to populate each generated resource. Exactly one of Data
or Clone must be specified.
x-kubernetes-preserve-unknown-fields: true
kind:
description: Specifies resource kind.
description: Kind specifies resource kind.
type: string
name:
description: Specifies resource name.
description: Name specifies the resource name.
type: string
namespace:
description: Specifies resource namespace.
description: Namespace specifies resource namespace.
type: string
synchronize:
default: false
description: To keep resources synchronized with source
resource.
description: Synchronize controls if generated resources
should be kept in-sync with their source resource. Optional.
Defaults to "false" if not specified.
type: boolean
type: object
match:
description: Selects resources for which the policy rule should
be applied. If it's defined, "kinds" inside MatchResources
block is required.
description: MatchResources selects resources to which the policy
rule should be applied. At least one kind is required.
properties:
clusterRoles:
description: Specifies list of cluster wide role names.
description: ClusterRoles is the list of cluster-wide role
names for the user.
items:
type: string
type: array
resources:
description: Specifies resources to which rule is applied.
description: ResourceDescription contains information about
the resource being created or modified.
properties:
annotations:
additionalProperties:
type: string
description: Specifies map of annotations.
description: Annotations is a map of annotations (string
key-value pairs). Annotation values supports wildcard
characters "*" (matches zero or many characters) and
"?" (at least one character).
type: object
kinds:
description: Specifies list of resource kind.
description: Kinds is a list of resource kinds.
items:
type: string
type: array
name:
description: Specifies name of the resource.
description: Name is the name of the resource. The name
supports wildcard characters "*" (matches zero or
many characters) and "?" (at least one character).
type: string
namespaces:
description: Specifies list of namespaces.
description: Namespaces is a list of namespaces names.
Each name supports wildcard characters "*" (matches
zero or many characters) and "?" (at least one character).
items:
type: string
type: array
selector:
description: Specifies the set of selectors.
description: Selector is a label selector.
properties:
matchExpressions:
description: matchExpressions is a list of label
@ -305,13 +333,14 @@ spec:
type: object
type: object
roles:
description: Specifies list of namespaced role names.
description: Roles is the list of namespaced role names
for the user.
items:
type: string
type: array
subjects:
description: Specifies list of subject names like users,
user groups, and service accounts.
description: Subjects is the list of subject names like
users, user groups, and service accounts.
items:
description: Subject contains a reference to the object
or user identities a role binding applies to. This
@ -347,161 +376,192 @@ spec:
type: array
type: object
mutate:
description: Modifies matching resources.
description: Mutation modifies matching resources.
properties:
overlay:
description: Specifies overlay patterns. Overlay is preserved
for backwards compatibility and will be removed in Kyverno
1.5+.
description: Overlay specifies an overlay pattern to modify
resources. DEPRECATED. Use PatchStrategicMerge instead.
Scheduled for removal in release 1.5+.
x-kubernetes-preserve-unknown-fields: true
patchStrategicMerge:
description: PatchStrategicMerge is a strategic merge patch
used to modify resources. See https://kubernetes.io/docs/tasks/manage-kubernetes-objects/update-api-object-kubectl-patch/
and https://kubectl.docs.kubernetes.io/references/kustomize/patchesstrategicmerge/.
x-kubernetes-preserve-unknown-fields: true
patches:
description: Specifies JSON Patch. Patches is preserved
for backwards compatibility and will be removed in Kyverno
1.5+.
description: Patches specifies a RFC 6902 JSON Patch to
modify resources. DEPRECATED. Use PatchesJSON6902 instead.
Scheduled for removal in release 1.5+.
items:
description: Patch declares patch operation for created
object according to RFC 6902.
description: 'Patch is a RFC 6902 JSON Patch. See: https://tools.ietf.org/html/rfc6902'
properties:
op:
description: Specifies operations supported by JSON
Patch. i.e:- add, replace and delete.
description: Operation specifies operations supported
by JSON Patch. i.e:- add, replace and delete.
type: string
path:
description: Specifies path of the resource.
description: Path specifies path of the resource.
type: string
value:
description: Specifies the value to be applied.
description: Value specifies the value to be applied.
x-kubernetes-preserve-unknown-fields: true
type: object
type: array
x-kubernetes-preserve-unknown-fields: true
patchesJson6902:
description: PatchesJSON6902 is a list of RFC 6902 JSON
Patch declarations used to modify resources. See https://tools.ietf.org/html/rfc6902
and https://kubectl.docs.kubernetes.io/references/kustomize/patchesjson6902/.
type: string
type: object
name:
description: A unique label for the rule.
description: Name is a label to identify the rule, Must be unique
within the policy.
type: string
preconditions:
description: Allows condition-based control of the policy rule
description: Conditions enabled variable-based conditional rule
execution.
items:
description: Condition defines the evaluation condition.
description: Condition defines variable-based conditional
criteria for rule execution.
properties:
key:
description: Key contains key to compare.
description: Key is the context entry (using JMESPath)
for conditional rule evaluation.
x-kubernetes-preserve-unknown-fields: true
operator:
description: Operator to compare against value.
description: Operator is the operation to perform.
type: string
value:
description: Value to be compared.
description: Value is the conditional value, or set of
values. The values can be fixed set or can be variables
declared using using JMESPath.
x-kubernetes-preserve-unknown-fields: true
type: object
type: array
validate:
description: Checks matching resources.
description: Validation checks matching resources.
properties:
anyPattern:
description: Specifies list of validation patterns.
description: AnyPattern specifies list of validation patterns.
At least one of the patterns must be satisfied for the
validation rule to succeed.
x-kubernetes-preserve-unknown-fields: true
deny:
description: Specifies conditions to deny validation.
description: Deny defines conditions to fail the validation
rule.
properties:
conditions:
description: Specifies set of condition to deny.
items:
description: Condition defines the evaluation condition.
description: Condition defines variable-based conditional
criteria for rule execution.
properties:
key:
description: Key contains key to compare.
description: Key is the context entry (using JMESPath)
for conditional rule evaluation.
x-kubernetes-preserve-unknown-fields: true
operator:
description: Operator to compare against value.
description: Operator is the operation to perform.
type: string
value:
description: Value to be compared.
description: Value is the conditional value, or
set of values. The values can be fixed set or
can be variables declared using using JMESPath.
x-kubernetes-preserve-unknown-fields: true
type: object
type: array
type: object
message:
description: Specifies message to be displayed on validation
policy violation.
description: Message specifies a custom message to be displayed
on failure.
type: string
pattern:
description: Specifies validation pattern.
description: Pattern specifies an overlay-style pattern
used to check resources.
x-kubernetes-preserve-unknown-fields: true
type: object
type: object
type: array
validationFailureAction:
default: audit
description: ValidationFailureAction controls if a policy failure
should not disallow an admission review request (enforce), or allow
(audit) and report an error. Default value is "audit".
description: ValidationFailureAction controls if a validation policy
rule failure should disallow the admission review request (enforce),
or allow (audit) the admission review request and report an error
in a policy report. Optional. The default value is "audit".
type: string
type: object
status:
description: Status contains statistics related to policy
properties:
averageExecutionTime:
description: Average time required to process the policy rules on
a resource.
description: AvgExecutionTime is the average time taken to process
the policy rules on a resource.
type: string
resourcesBlockedCount:
description: Count of resources that were blocked for failing a validate,
across all rules.
description: ResourcesBlockedCount is the total count of admission
review requests that were blocked by this policy.
type: integer
resourcesGeneratedCount:
description: Count of resources that were successfully generated,
across all rules.
description: ResourcesGeneratedCount is the total count of resources
that were generated by this policy.
type: integer
resourcesMutatedCount:
description: Count of resources that were successfully mutated, across
all rules.
description: ResourcesMutatedCount is the total count of resources
that were mutated by this policy.
type: integer
ruleStatus:
description: Rules provides per rule statistics
items:
description: RuleStats provides status per rule.
description: RuleStats provides statistics for an individual rule
within a policy.
properties:
appliedCount:
description: Count of rules that were applied.
description: AppliedCount is the total number of times this
rule was applied.
type: integer
averageExecutionTime:
description: Average time require to process the rule.
description: ExecutionTime is the average time taken to execute
this rule.
type: string
failedCount:
description: Count of rules that failed.
description: FailedCount is the total count of policy error
results for this rule.
type: integer
resourcesBlockedCount:
description: Count of resources for whom update/create api requests
were blocked as the resource did not satisfy the policy rules.
description: ResourcesBlockedCount is the total count of admission
review requests that were blocked by this rule.
type: integer
resourcesGeneratedCount:
description: Count of resources that were successfully generated.
description: ResourcesGeneratedCount is the total count of resources
that were generated by this rule.
type: integer
resourcesMutatedCount:
description: Count of resources that were successfully mutated.
description: ResourcesMutatedCount is the total count of resources
that were mutated by this rule.
type: integer
ruleName:
description: Rule name.
description: Name is the rule name.
type: string
violationCount:
description: Number of violations created by this rule.
description: ViolationCount is the total count of policy failure
results for this rule.
type: integer
required:
- ruleName
type: object
type: array
rulesAppliedCount:
description: Count of rules that were applied.
description: RulesAppliedCount is the total number of times this policy
was applied.
type: integer
rulesFailedCount:
description: Count of rules that failed.
description: RulesFailedCount is the total count of policy execution
errors for this policy.
type: integer
violationCount:
description: Number of violations created by this policy.
description: ViolationCount is the total count of policy failure results
for this policy.
type: integer
type: object
required:

18
definitions/crds/kyverno.io_generaterequests.yaml
View file

@ -96,16 +96,16 @@ spec:
request
properties:
apiVersion:
description: Specifies resource apiVersion.
description: APIVersion specifies resource apiVersion.
type: string
kind:
description: Specifies resource kind.
description: Kind specifies resource kind.
type: string
name:
description: Specifies resource name.
description: Name specifies the resource name.
type: string
namespace:
description: Specifies resource namespace.
description: Namespace specifies resource namespace.
type: string
type: object
required:
@ -120,19 +120,19 @@ spec:
description: This will track the resources that are generated by the
generate Policy Will be used during clean up resources
items:
description: ResourceSpec information to identify the resource.
description: ResourceSpec contains information to identify a resource.
properties:
apiVersion:
description: Specifies resource apiVersion.
description: APIVersion specifies resource apiVersion.
type: string
kind:
description: Specifies resource kind.
description: Kind specifies resource kind.
type: string
name:
description: Specifies resource name.
description: Name specifies the resource name.
type: string
namespace:
description: Specifies resource namespace.
description: Namespace specifies resource namespace.
type: string
type: object
type: array

260
definitions/crds/kyverno.io_policies.yaml
View file

@ -28,7 +28,9 @@ spec:
name: v1
schema:
openAPIV3Schema:
description: Policy contains rules to be applied to created resources.
description: 'Policy declares validation, mutation, and generation behaviors
for matching resources. See: https://kyverno.io/docs/writing-policies/ for
more information.'
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
@ -43,25 +45,31 @@ spec:
metadata:
type: object
spec:
description: Spec is the information to identify the policy.
description: Spec declares policy behaviors.
properties:
background:
default: true
description: Background controls if rules are applied to existing
resources during a background scan. Default value is "true".
resources during a background scan. Optional. Default value is "true".
The value must be set to "false" if the policy rule uses variables
that are only available in the admission review request (e.g. user
name).
type: boolean
rules:
description: Rules contains the list of rules to be applied to resources.
description: Rules is a list of Rule instances
items:
description: Rule contains a mutation, validation, or generation
action for the single resource description.
description: Rule defines a validation, mutation, or generation
control for matching resources.
properties:
context:
description: Defines variables that can be used during rule
execution.
description: Context defines data sources and variables that
can be used during rule execution.
items:
description: ContextEntry adds variables and data sources
to a rule Context
properties:
configMap:
description: ConfigMapReference refers to a ConfigMap
properties:
name:
type: string
@ -73,37 +81,46 @@ spec:
type: object
type: array
exclude:
description: Selects resources for which the policy rule should
not be applied.
description: ExcludeResources selects resources to which the
policy rule should not be applied.
properties:
clusterRoles:
description: Specifies list of cluster wide role names.
description: ClusterRoles is the list of cluster-wide role
names for the user.
items:
type: string
type: array
resources:
description: Specifies resources to which rule is excluded.
description: ResourceDescription contains information about
the resource being created or modified.
properties:
annotations:
additionalProperties:
type: string
description: Specifies map of annotations.
description: Annotations is a map of annotations (string
key-value pairs). Annotation values supports wildcard
characters "*" (matches zero or many characters) and
"?" (at least one character).
type: object
kinds:
description: Specifies list of resource kind.
description: Kinds is a list of resource kinds.
items:
type: string
type: array
name:
description: Specifies name of the resource.
description: Name is the name of the resource. The name
supports wildcard characters "*" (matches zero or
many characters) and "?" (at least one character).
type: string
namespaces:
description: Specifies list of namespaces.
description: Namespaces is a list of namespaces names.
Each name supports wildcard characters "*" (matches
zero or many characters) and "?" (at least one character).
items:
type: string
type: array
selector:
description: Specifies the set of selectors.
description: Selector is a label selector.
properties:
matchExpressions:
description: matchExpressions is a list of label
@ -150,13 +167,14 @@ spec:
type: object
type: object
roles:
description: Specifies list of namespaced role names.
description: Roles is the list of namespaced role names
for the user.
items:
type: string
type: array
subjects:
description: Specifies list of subject names like users,
user groups, and service accounts.
description: Subjects is the list of subject names like
users, user groups, and service accounts.
items:
description: Subject contains a reference to the object
or user identities a role binding applies to. This
@ -192,73 +210,85 @@ spec:
type: array
type: object
generate:
description: Generates new resources.
description: Generation creates new resources.
properties:
apiVersion:
description: Specifies resource apiVersion.
description: APIVersion specifies resource apiVersion.
type: string
clone:
description: To clone resource from other resource.
description: Clone specified the source resource used to
populate each generated resource. Exactly one of Data
or Clone must be specified.
properties:
name:
description: Specifies name of the resource.
description: Name specifies name of the resource.
type: string
namespace:
description: Specifies resource namespace.
description: Namespace specifies source resource namespace.
type: string
type: object
data:
description: Data specifies the resource manifest to be
generated.
description: Data provides the resource manifest to used
to populate each generated resource. Exactly one of Data
or Clone must be specified.
x-kubernetes-preserve-unknown-fields: true
kind:
description: Specifies resource kind.
description: Kind specifies resource kind.
type: string
name:
description: Specifies resource name.
description: Name specifies the resource name.
type: string
namespace:
description: Specifies resource namespace.
description: Namespace specifies resource namespace.
type: string
synchronize:
default: false
description: To keep resources synchronized with source
resource.
description: Synchronize controls if generated resources
should be kept in-sync with their source resource. Optional.
Defaults to "false" if not specified.
type: boolean
type: object
match:
description: Selects resources for which the policy rule should
be applied. If it's defined, "kinds" inside MatchResources
block is required.
description: MatchResources selects resources to which the policy
rule should be applied. At least one kind is required.
properties:
clusterRoles:
description: Specifies list of cluster wide role names.
description: ClusterRoles is the list of cluster-wide role
names for the user.
items:
type: string
type: array
resources:
description: Specifies resources to which rule is applied.
description: ResourceDescription contains information about
the resource being created or modified.
properties:
annotations:
additionalProperties:
type: string
description: Specifies map of annotations.
description: Annotations is a map of annotations (string
key-value pairs). Annotation values supports wildcard
characters "*" (matches zero or many characters) and
"?" (at least one character).
type: object
kinds:
description: Specifies list of resource kind.
description: Kinds is a list of resource kinds.
items:
type: string
type: array
name:
description: Specifies name of the resource.
description: Name is the name of the resource. The name
supports wildcard characters "*" (matches zero or
many characters) and "?" (at least one character).
type: string
namespaces:
description: Specifies list of namespaces.
description: Namespaces is a list of namespaces names.
Each name supports wildcard characters "*" (matches
zero or many characters) and "?" (at least one character).
items:
type: string
type: array
selector:
description: Specifies the set of selectors.
description: Selector is a label selector.
properties:
matchExpressions:
description: matchExpressions is a list of label
@ -305,13 +335,14 @@ spec:
type: object
type: object
roles:
description: Specifies list of namespaced role names.
description: Roles is the list of namespaced role names
for the user.
items:
type: string
type: array
subjects:
description: Specifies list of subject names like users,
user groups, and service accounts.
description: Subjects is the list of subject names like
users, user groups, and service accounts.
items:
description: Subject contains a reference to the object
or user identities a role binding applies to. This
@ -347,161 +378,192 @@ spec:
type: array
type: object
mutate:
description: Modifies matching resources.
description: Mutation modifies matching resources.
properties:
overlay:
description: Specifies overlay patterns. Overlay is preserved
for backwards compatibility and will be removed in Kyverno
1.5+.
description: Overlay specifies an overlay pattern to modify
resources. DEPRECATED. Use PatchStrategicMerge instead.
Scheduled for removal in release 1.5+.
x-kubernetes-preserve-unknown-fields: true
patchStrategicMerge:
description: PatchStrategicMerge is a strategic merge patch
used to modify resources. See https://kubernetes.io/docs/tasks/manage-kubernetes-objects/update-api-object-kubectl-patch/
and https://kubectl.docs.kubernetes.io/references/kustomize/patchesstrategicmerge/.
x-kubernetes-preserve-unknown-fields: true
patches:
description: Specifies JSON Patch. Patches is preserved
for backwards compatibility and will be removed in Kyverno
1.5+.
description: Patches specifies a RFC 6902 JSON Patch to
modify resources. DEPRECATED. Use PatchesJSON6902 instead.
Scheduled for removal in release 1.5+.
items:
description: Patch declares patch operation for created
object according to RFC 6902.
description: 'Patch is a RFC 6902 JSON Patch. See: https://tools.ietf.org/html/rfc6902'
properties:
op:
description: Specifies operations supported by JSON
Patch. i.e:- add, replace and delete.
description: Operation specifies operations supported
by JSON Patch. i.e:- add, replace and delete.
type: string
path:
description: Specifies path of the resource.
description: Path specifies path of the resource.
type: string
value:
description: Specifies the value to be applied.
description: Value specifies the value to be applied.
x-kubernetes-preserve-unknown-fields: true
type: object
type: array
x-kubernetes-preserve-unknown-fields: true
patchesJson6902:
description: PatchesJSON6902 is a list of RFC 6902 JSON
Patch declarations used to modify resources. See https://tools.ietf.org/html/rfc6902
and https://kubectl.docs.kubernetes.io/references/kustomize/patchesjson6902/.
type: string
type: object
name:
description: A unique label for the rule.
description: Name is a label to identify the rule, Must be unique
within the policy.
type: string
preconditions:
description: Allows condition-based control of the policy rule
description: Conditions enabled variable-based conditional rule
execution.
items:
description: Condition defines the evaluation condition.
description: Condition defines variable-based conditional
criteria for rule execution.
properties:
key:
description: Key contains key to compare.
description: Key is the context entry (using JMESPath)
for conditional rule evaluation.
x-kubernetes-preserve-unknown-fields: true
operator:
description: Operator to compare against value.
description: Operator is the operation to perform.
type: string
value:
description: Value to be compared.
description: Value is the conditional value, or set of
values. The values can be fixed set or can be variables
declared using using JMESPath.
x-kubernetes-preserve-unknown-fields: true
type: object
type: array
validate:
description: Checks matching resources.
description: Validation checks matching resources.
properties:
anyPattern:
description: Specifies list of validation patterns.
description: AnyPattern specifies list of validation patterns.
At least one of the patterns must be satisfied for the
validation rule to succeed.
x-kubernetes-preserve-unknown-fields: true
deny:
description: Specifies conditions to deny validation.
description: Deny defines conditions to fail the validation
rule.
properties:
conditions:
description: Specifies set of condition to deny.
items:
description: Condition defines the evaluation condition.
description: Condition defines variable-based conditional
criteria for rule execution.
properties:
key:
description: Key contains key to compare.
description: Key is the context entry (using JMESPath)
for conditional rule evaluation.
x-kubernetes-preserve-unknown-fields: true
operator:
description: Operator to compare against value.
description: Operator is the operation to perform.
type: string
value:
description: Value to be compared.
description: Value is the conditional value, or
set of values. The values can be fixed set or
can be variables declared using using JMESPath.
x-kubernetes-preserve-unknown-fields: true
type: object
type: array
type: object
message:
description: Specifies message to be displayed on validation
policy violation.
description: Message specifies a custom message to be displayed
on failure.
type: string
pattern:
description: Specifies validation pattern.
description: Pattern specifies an overlay-style pattern
used to check resources.
x-kubernetes-preserve-unknown-fields: true
type: object
type: object
type: array
validationFailureAction:
default: audit
description: ValidationFailureAction controls if a policy failure
should not disallow an admission review request (enforce), or allow
(audit) and report an error. Default value is "audit".
description: ValidationFailureAction controls if a validation policy
rule failure should disallow the admission review request (enforce),
or allow (audit) the admission review request and report an error
in a policy report. Optional. The default value is "audit".
type: string
type: object
status:
description: Status contains statistics related to policy.
description: Status contains policy runtime data.
properties:
averageExecutionTime:
description: Average time required to process the policy rules on
a resource.
description: AvgExecutionTime is the average time taken to process
the policy rules on a resource.
type: string
resourcesBlockedCount:
description: Count of resources that were blocked for failing a validate,
across all rules.
description: ResourcesBlockedCount is the total count of admission
review requests that were blocked by this policy.
type: integer
resourcesGeneratedCount:
description: Count of resources that were successfully generated,
across all rules.
description: ResourcesGeneratedCount is the total count of resources
that were generated by this policy.
type: integer
resourcesMutatedCount:
description: Count of resources that were successfully mutated, across
all rules.
description: ResourcesMutatedCount is the total count of resources
that were mutated by this policy.
type: integer
ruleStatus:
description: Rules provides per rule statistics
items:
description: RuleStats provides status per rule.
description: RuleStats provides statistics for an individual rule
within a policy.
properties:
appliedCount:
description: Count of rules that were applied.
description: AppliedCount is the total number of times this
rule was applied.
type: integer
averageExecutionTime:
description: Average time require to process the rule.
description: ExecutionTime is the average time taken to execute
this rule.
type: string
failedCount:
description: Count of rules that failed.
description: FailedCount is the total count of policy error
results for this rule.
type: integer
resourcesBlockedCount:
description: Count of resources for whom update/create api requests
were blocked as the resource did not satisfy the policy rules.
description: ResourcesBlockedCount is the total count of admission
review requests that were blocked by this rule.
type: integer
resourcesGeneratedCount:
description: Count of resources that were successfully generated.
description: ResourcesGeneratedCount is the total count of resources
that were generated by this rule.
type: integer
resourcesMutatedCount:
description: Count of resources that were successfully mutated.
description: ResourcesMutatedCount is the total count of resources
that were mutated by this rule.
type: integer
ruleName:
description: Rule name.
description: Name is the rule name.
type: string
violationCount:
description: Number of violations created by this rule.
description: ViolationCount is the total count of policy failure
results for this rule.
type: integer
required:
- ruleName
type: object
type: array
rulesAppliedCount:
description: Count of rules that were applied.
description: RulesAppliedCount is the total number of times this policy
was applied.
type: integer
rulesFailedCount:
description: Count of rules that failed.
description: RulesFailedCount is the total count of policy execution
errors for this policy.
type: integer
violationCount:
description: Number of violations created by this policy.
description: ViolationCount is the total count of policy failure results
for this policy.
type: integer
type: object
required:

540
definitions/install.yaml
View file

File diff suppressed because it is too large Load diff

536
definitions/install_debug.yaml
View file

File diff suppressed because it is too large Load diff