From 1e0bac2d6fa5ffb17b87ebb7624f9bc86e00756e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Charles-Edouard=20Br=C3=A9t=C3=A9ch=C3=A9?=
 <charles.edouard@nirmata.com>
Date: Thu, 1 Feb 2024 13:32:13 +0100
Subject: [PATCH] feat: add global context crd to codegen (#9595)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
---
 Makefile                                      |   1 +
 api/kyverno/v1/common_types.go                |  46 ----
 api/kyverno/v1/zz_generated.deepcopy.go       |  33 ---
 .../v2alpha1/global_context_entry_types.go    |  62 ++++-
 api/kyverno/v2alpha1/zz_generated.deepcopy.go |  42 +++-
 charts/kyverno/README.md                      |   2 +-
 charts/kyverno/charts/crds/README.md          |   2 +-
 .../kyverno.io_globalcontextentries.yaml      | 209 ++++++++++++++++
 charts/kyverno/charts/crds/values.yaml        |   1 +
 charts/kyverno/values.yaml                    |   1 +
 config/install-latest-testing.yaml            | 209 ++++++++++++++++
 docs/user/crd/index.html                      | 230 +++++++++---------
 .../{v1 => v2alpha1}/externalapicall.go       |  11 +-
 .../v2alpha1/globalcontextentryspec.go        |  12 +-
 .../{v1 => v2alpha1}/kubernetesresource.go    |   2 +-
 pkg/client/applyconfigurations/utils.go       |   8 +-
 16 files changed, 644 insertions(+), 227 deletions(-)
 create mode 100644 charts/kyverno/charts/crds/templates/kyverno.io/kyverno.io_globalcontextentries.yaml
 rename pkg/client/applyconfigurations/kyverno/{v1 => v2alpha1}/externalapicall.go (89%)
 rename pkg/client/applyconfigurations/kyverno/{v1 => v2alpha1}/kubernetesresource.go (99%)

diff --git a/Makefile b/Makefile
index c55f231324..8a0b2b38f4 100644
--- a/Makefile
+++ b/Makefile
@@ -591,6 +591,7 @@ codegen-helm-crds: codegen-crds-all ## Generate helm CRDs
 	$(call generate_crd,kyverno.io_clusterbackgroundscanreports.yaml,kyverno,kyverno.io,kyverno,clusterbackgroundscanreports)
 	$(call generate_crd,kyverno.io_clustercleanuppolicies.yaml,kyverno,kyverno.io,kyverno,clustercleanuppolicies)
 	$(call generate_crd,kyverno.io_clusterpolicies.yaml,kyverno,kyverno.io,kyverno,clusterpolicies)
+	$(call generate_crd,kyverno.io_globalcontextentries.yaml,kyverno,kyverno.io,kyverno,globalcontextentries)
 	$(call generate_crd,kyverno.io_policies.yaml,kyverno,kyverno.io,kyverno,policies)
 	$(call generate_crd,kyverno.io_policyexceptions.yaml,kyverno,kyverno.io,kyverno,policyexceptions)
 	$(call generate_crd,kyverno.io_updaterequests.yaml,kyverno,kyverno.io,kyverno,updaterequests)
diff --git a/api/kyverno/v1/common_types.go b/api/kyverno/v1/common_types.go
index 862322dc62..ac32f29ce3 100644
--- a/api/kyverno/v1/common_types.go
+++ b/api/kyverno/v1/common_types.go
@@ -184,52 +184,6 @@ type GlobalContextEntryReference struct {
 	JMESPath string `json:"jmesPath,omitempty" yaml:"jmesPath,omitempty"`
 }
 
-// KubernetesResource stores infos about kubernetes resource that should be cached
-type KubernetesResource struct {
-	// Group defines the group of the resource
-	Group string `json:"group,omitempty" yaml:"group,omitempty"`
-	// Version defines the version of the resource
-	Version string `json:"version,omitempty" yaml:"version,omitempty"`
-	// Resource defines the type of the resource
-	Resource string `json:"resource,omitempty" yaml:"resource,omitempty"`
-	// Namespace defines the namespace of the resource. Leave empty for cluster scoped resources.
-	// +kubebuilder:validation:Optional
-	Namespace string `json:"namespace,omitempty" yaml:"namespace,omitempty"`
-}
-
-// Validate implements programmatic validation
-func (k *KubernetesResource) Validate(path *field.Path) (errs field.ErrorList) {
-	if k.Group == "" {
-		errs = append(errs, field.Required(path.Child("group"), "An Resource entry requires a group"))
-	}
-	if k.Version == "" {
-		errs = append(errs, field.Required(path.Child("version"), "An Resource entry requires a version"))
-	}
-	if k.Resource == "" {
-		errs = append(errs, field.Required(path.Child("resource"), "An Resource entry requires a resource"))
-	}
-	return errs
-}
-
-// ExternalAPICall stores infos about API call that should be cached
-type ExternalAPICall struct {
-	APICall `json:",inline,omitempty" yaml:",inline,omitempty"`
-	// RefreshIntervalSeconds defines the interval at which to poll the APICall
-	// +kubebuilder:default=0
-	RefreshIntervalSeconds int64 `json:"refreshIntervalSeconds,omitempty" yaml:"refreshIntervalSeconds,omitempty"`
-}
-
-// Validate implements programmatic validation
-func (e *ExternalAPICall) Validate(path *field.Path) (errs field.ErrorList) {
-	if e.Service.URL == "" {
-		errs = append(errs, field.Required(path.Child("url"), "An External API Call entry requires a url"))
-	}
-	if e.RefreshIntervalSeconds <= 0 {
-		errs = append(errs, field.Required(path.Child("refreshIntervalSeconds"), "An Resource entry requires a refresh interval greater than 0 seconds"))
-	}
-	return errs
-}
-
 type ServiceCall struct {
 	// URL is the JSON web service URL. A typical form is
 	// `https://{service}.{namespace}:{port}/{path}`.
diff --git a/api/kyverno/v1/zz_generated.deepcopy.go b/api/kyverno/v1/zz_generated.deepcopy.go
index c1f0e3bd27..939eb5d592 100755
--- a/api/kyverno/v1/zz_generated.deepcopy.go
+++ b/api/kyverno/v1/zz_generated.deepcopy.go
@@ -516,23 +516,6 @@ func (in *DryRunOption) DeepCopy() *DryRunOption {
 	return out
 }
 
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *ExternalAPICall) DeepCopyInto(out *ExternalAPICall) {
-	*out = *in
-	in.APICall.DeepCopyInto(&out.APICall)
-	return
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalAPICall.
-func (in *ExternalAPICall) DeepCopy() *ExternalAPICall {
-	if in == nil {
-		return nil
-	}
-	out := new(ExternalAPICall)
-	in.DeepCopyInto(out)
-	return out
-}
-
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *ForEachMutation) DeepCopyInto(out *ForEachMutation) {
 	*out = *in
@@ -876,22 +859,6 @@ func (in *KeylessAttestor) DeepCopy() *KeylessAttestor {
 	return out
 }
 
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *KubernetesResource) DeepCopyInto(out *KubernetesResource) {
-	*out = *in
-	return
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubernetesResource.
-func (in *KubernetesResource) DeepCopy() *KubernetesResource {
-	if in == nil {
-		return nil
-	}
-	out := new(KubernetesResource)
-	in.DeepCopyInto(out)
-	return out
-}
-
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *Manifests) DeepCopyInto(out *Manifests) {
 	*out = *in
diff --git a/api/kyverno/v2alpha1/global_context_entry_types.go b/api/kyverno/v2alpha1/global_context_entry_types.go
index 4d58369fae..e7b5d76d8c 100644
--- a/api/kyverno/v2alpha1/global_context_entry_types.go
+++ b/api/kyverno/v2alpha1/global_context_entry_types.go
@@ -29,15 +29,15 @@ import (
 
 // GlobalContextEntry declares resources to be cached.
 type GlobalContextEntry struct {
-	metav1.TypeMeta   `json:",inline,omitempty" yaml:",inline,omitempty"`
-	metav1.ObjectMeta `json:"metadata,omitempty" yaml:"metadata,omitempty"`
+	metav1.TypeMeta   `json:",inline,omitempty"`
+	metav1.ObjectMeta `json:"metadata,omitempty"`
 
 	// Spec declares policy exception behaviors.
 	Spec GlobalContextEntrySpec `json:"spec" yaml:"spec"`
 
 	// Status contains globalcontextentry runtime data.
 	// +optional
-	Status GlobalContextEntryStatus `json:"status,omitempty" yaml:"status,omitempty"`
+	Status GlobalContextEntryStatus `json:"status,omitempty"`
 }
 
 // GetStatus returns the globalcontextentry status
@@ -60,11 +60,11 @@ func (c *GlobalContextEntry) IsNamespaced() bool {
 type GlobalContextEntrySpec struct {
 	// KubernetesResource stores infos about kubernetes resource that should be cached
 	// +kubebuilder:validation:Optional
-	KubernetesResource *kyvernov1.KubernetesResource `json:"kubernetesResource,omitempty" yaml:"kubernetesResource,omitempty"`
+	KubernetesResource *KubernetesResource `json:"kubernetesResource,omitempty"`
 
 	// APICall stores infos about API call that should be cached
 	// +kubebuilder:validation:Optional
-	APICall *kyvernov1.ExternalAPICall `json:"apiCall,omitempty" yaml:"apiCall,omitempty"`
+	APICall *ExternalAPICall `json:"apiCall,omitempty"`
 }
 
 func (c *GlobalContextEntrySpec) IsAPICall() bool {
@@ -94,7 +94,53 @@ func (c *GlobalContextEntrySpec) Validate(path *field.Path) (errs field.ErrorLis
 
 // GlobalContextEntryList is a list of Cached Context Entries
 type GlobalContextEntryList struct {
-	metav1.TypeMeta `json:",inline" yaml:",inline"`
-	metav1.ListMeta `json:"metadata" yaml:"metadata"`
-	Items           []GlobalContextEntry `json:"items" yaml:"items"`
+	metav1.TypeMeta `json:",inline"`
+	metav1.ListMeta `json:"metadata"`
+	Items           []GlobalContextEntry `json:"items"`
+}
+
+// KubernetesResource stores infos about kubernetes resource that should be cached
+type KubernetesResource struct {
+	// Group defines the group of the resource
+	Group string `json:"group,omitempty"`
+	// Version defines the version of the resource
+	Version string `json:"version,omitempty"`
+	// Resource defines the type of the resource
+	Resource string `json:"resource,omitempty"`
+	// Namespace defines the namespace of the resource. Leave empty for cluster scoped resources.
+	// +kubebuilder:validation:Optional
+	Namespace string `json:"namespace,omitempty"`
+}
+
+// Validate implements programmatic validation
+func (k *KubernetesResource) Validate(path *field.Path) (errs field.ErrorList) {
+	if k.Group == "" {
+		errs = append(errs, field.Required(path.Child("group"), "An Resource entry requires a group"))
+	}
+	if k.Version == "" {
+		errs = append(errs, field.Required(path.Child("version"), "An Resource entry requires a version"))
+	}
+	if k.Resource == "" {
+		errs = append(errs, field.Required(path.Child("resource"), "An Resource entry requires a resource"))
+	}
+	return errs
+}
+
+// ExternalAPICall stores infos about API call that should be cached
+type ExternalAPICall struct {
+	kyvernov1.APICall `json:",inline,omitempty"`
+	// RefreshIntervalSeconds defines the interval at which to poll the APICall
+	// +kubebuilder:default=0
+	RefreshIntervalSeconds int64 `json:"refreshIntervalSeconds,omitempty"`
+}
+
+// Validate implements programmatic validation
+func (e *ExternalAPICall) Validate(path *field.Path) (errs field.ErrorList) {
+	if e.Service.URL == "" {
+		errs = append(errs, field.Required(path.Child("url"), "An External API Call entry requires a url"))
+	}
+	if e.RefreshIntervalSeconds <= 0 {
+		errs = append(errs, field.Required(path.Child("refreshIntervalSeconds"), "An Resource entry requires a refresh interval greater than 0 seconds"))
+	}
+	return errs
 }
diff --git a/api/kyverno/v2alpha1/zz_generated.deepcopy.go b/api/kyverno/v2alpha1/zz_generated.deepcopy.go
index 41a91746fa..1739785a14 100644
--- a/api/kyverno/v2alpha1/zz_generated.deepcopy.go
+++ b/api/kyverno/v2alpha1/zz_generated.deepcopy.go
@@ -22,9 +22,8 @@ limitations under the License.
 package v2alpha1
 
 import (
-	v1 "github.com/kyverno/kyverno/api/kyverno/v1"
 	v2beta1 "github.com/kyverno/kyverno/api/kyverno/v2beta1"
-	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	runtime "k8s.io/apimachinery/pkg/runtime"
 )
 
@@ -150,6 +149,23 @@ func (in *ClusterCleanupPolicyList) DeepCopyObject() runtime.Object {
 	return nil
 }
 
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ExternalAPICall) DeepCopyInto(out *ExternalAPICall) {
+	*out = *in
+	in.APICall.DeepCopyInto(&out.APICall)
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalAPICall.
+func (in *ExternalAPICall) DeepCopy() *ExternalAPICall {
+	if in == nil {
+		return nil
+	}
+	out := new(ExternalAPICall)
+	in.DeepCopyInto(out)
+	return out
+}
+
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *GlobalContextEntry) DeepCopyInto(out *GlobalContextEntry) {
 	*out = *in
@@ -216,12 +232,12 @@ func (in *GlobalContextEntrySpec) DeepCopyInto(out *GlobalContextEntrySpec) {
 	*out = *in
 	if in.KubernetesResource != nil {
 		in, out := &in.KubernetesResource, &out.KubernetesResource
-		*out = new(v1.KubernetesResource)
+		*out = new(KubernetesResource)
 		**out = **in
 	}
 	if in.APICall != nil {
 		in, out := &in.APICall, &out.APICall
-		*out = new(v1.ExternalAPICall)
+		*out = new(ExternalAPICall)
 		(*in).DeepCopyInto(*out)
 	}
 	return
@@ -242,7 +258,7 @@ func (in *GlobalContextEntryStatus) DeepCopyInto(out *GlobalContextEntryStatus)
 	*out = *in
 	if in.Conditions != nil {
 		in, out := &in.Conditions, &out.Conditions
-		*out = make([]metav1.Condition, len(*in))
+		*out = make([]v1.Condition, len(*in))
 		for i := range *in {
 			(*in)[i].DeepCopyInto(&(*out)[i])
 		}
@@ -260,6 +276,22 @@ func (in *GlobalContextEntryStatus) DeepCopy() *GlobalContextEntryStatus {
 	return out
 }
 
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *KubernetesResource) DeepCopyInto(out *KubernetesResource) {
+	*out = *in
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubernetesResource.
+func (in *KubernetesResource) DeepCopy() *KubernetesResource {
+	if in == nil {
+		return nil
+	}
+	out := new(KubernetesResource)
+	in.DeepCopyInto(out)
+	return out
+}
+
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *PolicyException) DeepCopyInto(out *PolicyException) {
 	*out = *in
diff --git a/charts/kyverno/README.md b/charts/kyverno/README.md
index 96b04793ef..0e9bc76988 100644
--- a/charts/kyverno/README.md
+++ b/charts/kyverno/README.md
@@ -257,7 +257,7 @@ The chart values are organised per component.
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
 | crds.install | bool | `true` | Whether to have Helm install the Kyverno CRDs, if the CRDs are not installed by Helm, they must be added before policies can be created |
-| crds.groups.kyverno | object | `{"admissionreports":true,"backgroundscanreports":true,"cleanuppolicies":true,"clusteradmissionreports":true,"clusterbackgroundscanreports":true,"clustercleanuppolicies":true,"clusterpolicies":true,"policies":true,"policyexceptions":true,"updaterequests":true}` | Install CRDs in group `kyverno.io` |
+| crds.groups.kyverno | object | `{"admissionreports":true,"backgroundscanreports":true,"cleanuppolicies":true,"clusteradmissionreports":true,"clusterbackgroundscanreports":true,"clustercleanuppolicies":true,"clusterpolicies":true,"globalcontextentries":true,"policies":true,"policyexceptions":true,"updaterequests":true}` | Install CRDs in group `kyverno.io` |
 | crds.groups.reports | object | `{"clusterephemeralreports":true,"ephemeralreports":true}` | Install CRDs in group `reports.kyverno.io` |
 | crds.groups.wgpolicyk8s | object | `{"clusterpolicyreports":true,"policyreports":true}` | Install CRDs in group `wgpolicyk8s.io` |
 | crds.annotations | object | `{}` | Additional CRDs annotations |
diff --git a/charts/kyverno/charts/crds/README.md b/charts/kyverno/charts/crds/README.md
index 97cdc943df..75ec9d7393 100644
--- a/charts/kyverno/charts/crds/README.md
+++ b/charts/kyverno/charts/crds/README.md
@@ -6,7 +6,7 @@
 
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
-| groups.kyverno | object | `{"admissionreports":true,"backgroundscanreports":true,"cleanuppolicies":true,"clusteradmissionreports":true,"clusterbackgroundscanreports":true,"clustercleanuppolicies":true,"clusterpolicies":true,"policies":true,"policyexceptions":true,"updaterequests":true}` | This field can be overwritten by setting crds.labels in the parent chart |
+| groups.kyverno | object | `{"admissionreports":true,"backgroundscanreports":true,"cleanuppolicies":true,"clusteradmissionreports":true,"clusterbackgroundscanreports":true,"clustercleanuppolicies":true,"clusterpolicies":true,"globalcontextentries":true,"policies":true,"policyexceptions":true,"updaterequests":true}` | This field can be overwritten by setting crds.labels in the parent chart |
 | groups.reports | object | `{"clusterephemeralreports":true,"ephemeralreports":true}` | This field can be overwritten by setting crds.labels in the parent chart |
 | groups.wgpolicyk8s | object | `{"clusterpolicyreports":true,"policyreports":true}` | This field can be overwritten by setting crds.labels in the parent chart |
 | annotations | object | `{}` | This field can be overwritten by setting crds.annotations in the parent chart |
diff --git a/charts/kyverno/charts/crds/templates/kyverno.io/kyverno.io_globalcontextentries.yaml b/charts/kyverno/charts/crds/templates/kyverno.io/kyverno.io_globalcontextentries.yaml
new file mode 100644
index 0000000000..0c0baf012d
--- /dev/null
+++ b/charts/kyverno/charts/crds/templates/kyverno.io/kyverno.io_globalcontextentries.yaml
@@ -0,0 +1,209 @@
+{{- if .Values.groups.kyverno.globalcontextentries }}
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  labels:
+    {{- include "kyverno.crds.labels" . | nindent 4 }}
+  annotations:
+    {{- with .Values.annotations }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+    controller-gen.kubebuilder.io/version: v0.12.0
+  name: globalcontextentries.kyverno.io
+spec:
+  group: kyverno.io
+  names:
+    categories:
+    - kyverno
+    kind: GlobalContextEntry
+    listKind: GlobalContextEntryList
+    plural: globalcontextentries
+    shortNames:
+    - gctxentry
+    singular: globalcontextentry
+  scope: Cluster
+  versions:
+  - name: v2alpha1
+    schema:
+      openAPIV3Schema:
+        description: GlobalContextEntry declares resources to be cached.
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: Spec declares policy exception behaviors.
+            properties:
+              apiCall:
+                description: APICall stores infos about API call that should be cached
+                properties:
+                  data:
+                    description: Data specifies the POST data sent to the server.
+                    items:
+                      description: RequestData contains the HTTP POST data
+                      properties:
+                        key:
+                          description: Key is a unique identifier for the data value
+                          type: string
+                        value:
+                          description: Value is the data value
+                          x-kubernetes-preserve-unknown-fields: true
+                      required:
+                      - key
+                      - value
+                      type: object
+                    type: array
+                  jmesPath:
+                    description: JMESPath is an optional JSON Match Expression that
+                      can be used to transform the JSON response returned from the
+                      server. For example a JMESPath of "items | length(@)" applied
+                      to the API server response for the URLPath "/apis/apps/v1/deployments"
+                      will return the total count of deployments across all namespaces.
+                    type: string
+                  method:
+                    default: GET
+                    description: Method is the HTTP request type (GET or POST).
+                    enum:
+                    - GET
+                    - POST
+                    type: string
+                  refreshIntervalSeconds:
+                    default: 0
+                    description: RefreshIntervalSeconds defines the interval at which
+                      to poll the APICall
+                    format: int64
+                    type: integer
+                  service:
+                    description: Service is an API call to a JSON web service
+                    properties:
+                      caBundle:
+                        description: CABundle is a PEM encoded CA bundle which will
+                          be used to validate the server certificate.
+                        type: string
+                      url:
+                        description: URL is the JSON web service URL. A typical form
+                          is `https://{service}.{namespace}:{port}/{path}`.
+                        type: string
+                    required:
+                    - url
+                    type: object
+                  urlPath:
+                    description: URLPath is the URL path to be used in the HTTP GET
+                      or POST request to the Kubernetes API server (e.g. "/api/v1/namespaces"
+                      or  "/apis/apps/v1/deployments"). The format required is the
+                      same format used by the `kubectl get --raw` command. See https://kyverno.io/docs/writing-policies/external-data-sources/#variables-from-kubernetes-api-server-calls
+                      for details.
+                    type: string
+                type: object
+              kubernetesResource:
+                description: KubernetesResource stores infos about kubernetes resource
+                  that should be cached
+                properties:
+                  group:
+                    description: Group defines the group of the resource
+                    type: string
+                  namespace:
+                    description: Namespace defines the namespace of the resource.
+                      Leave empty for cluster scoped resources.
+                    type: string
+                  resource:
+                    description: Resource defines the type of the resource
+                    type: string
+                  version:
+                    description: Version defines the version of the resource
+                    type: string
+                type: object
+            type: object
+          status:
+            description: Status contains globalcontextentry runtime data.
+            properties:
+              conditions:
+                items:
+                  description: "Condition contains details for one aspect of the current
+                    state of this API Resource. --- This struct is intended for direct
+                    use as an array at the field path .status.conditions.  For example,
+                    \n type FooStatus struct{ // Represents the observations of a
+                    foo's current state. // Known .status.conditions.type are: \"Available\",
+                    \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
+                    // +listType=map // +listMapKey=type Conditions []metav1.Condition
+                    `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
+                    protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
+                  properties:
+                    lastTransitionTime:
+                      description: lastTransitionTime is the last time the condition
+                        transitioned from one status to another. This should be when
+                        the underlying condition changed.  If that is not known, then
+                        using the time when the API field changed is acceptable.
+                      format: date-time
+                      type: string
+                    message:
+                      description: message is a human readable message indicating
+                        details about the transition. This may be an empty string.
+                      maxLength: 32768
+                      type: string
+                    observedGeneration:
+                      description: observedGeneration represents the .metadata.generation
+                        that the condition was set based upon. For instance, if .metadata.generation
+                        is currently 12, but the .status.conditions[x].observedGeneration
+                        is 9, the condition is out of date with respect to the current
+                        state of the instance.
+                      format: int64
+                      minimum: 0
+                      type: integer
+                    reason:
+                      description: reason contains a programmatic identifier indicating
+                        the reason for the condition's last transition. Producers
+                        of specific condition types may define expected values and
+                        meanings for this field, and whether the values are considered
+                        a guaranteed API. The value should be a CamelCase string.
+                        This field may not be empty.
+                      maxLength: 1024
+                      minLength: 1
+                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
+                      type: string
+                    status:
+                      description: status of the condition, one of True, False, Unknown.
+                      enum:
+                      - "True"
+                      - "False"
+                      - Unknown
+                      type: string
+                    type:
+                      description: type of condition in CamelCase or in foo.example.com/CamelCase.
+                        --- Many .condition.type values are consistent across resources
+                        like Available, but because arbitrary conditions can be useful
+                        (see .node.status.conditions), the ability to deconflict is
+                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
+                      maxLength: 316
+                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
+                      type: string
+                  required:
+                  - lastTransitionTime
+                  - message
+                  - reason
+                  - status
+                  - type
+                  type: object
+                type: array
+              ready:
+                description: Deprecated in favor of Conditions
+                type: boolean
+            required:
+            - ready
+            type: object
+        required:
+        - spec
+        type: object
+    served: true
+    storage: true
+{{- end }}
diff --git a/charts/kyverno/charts/crds/values.yaml b/charts/kyverno/charts/crds/values.yaml
index cdfe7fafcb..6969f5f797 100644
--- a/charts/kyverno/charts/crds/values.yaml
+++ b/charts/kyverno/charts/crds/values.yaml
@@ -17,6 +17,7 @@ groups:
     clusterbackgroundscanreports: true
     clustercleanuppolicies: true
     clusterpolicies: true
+    globalcontextentries: true
     policies: true
     policyexceptions: true
     updaterequests: true
diff --git a/charts/kyverno/values.yaml b/charts/kyverno/values.yaml
index da9b68bee5..5466822a6c 100644
--- a/charts/kyverno/values.yaml
+++ b/charts/kyverno/values.yaml
@@ -73,6 +73,7 @@ crds:
       clusterbackgroundscanreports: true
       clustercleanuppolicies: true
       clusterpolicies: true
+      globalcontextentries: true
       policies: true
       policyexceptions: true
       updaterequests: true
diff --git a/config/install-latest-testing.yaml b/config/install-latest-testing.yaml
index 27609b5c3e..fe32e8d8ad 100644
--- a/config/install-latest-testing.yaml
+++ b/config/install-latest-testing.yaml
@@ -28141,6 +28141,215 @@ spec:
 ---
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
+metadata:
+  labels:
+    app.kubernetes.io/component: crds
+    app.kubernetes.io/instance: kyverno
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/part-of: kyverno-crds
+    app.kubernetes.io/version: v0.0.0
+    helm.sh/chart: crds-v0.0.0
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.12.0
+  name: globalcontextentries.kyverno.io
+spec:
+  group: kyverno.io
+  names:
+    categories:
+    - kyverno
+    kind: GlobalContextEntry
+    listKind: GlobalContextEntryList
+    plural: globalcontextentries
+    shortNames:
+    - gctxentry
+    singular: globalcontextentry
+  scope: Cluster
+  versions:
+  - name: v2alpha1
+    schema:
+      openAPIV3Schema:
+        description: GlobalContextEntry declares resources to be cached.
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: Spec declares policy exception behaviors.
+            properties:
+              apiCall:
+                description: APICall stores infos about API call that should be cached
+                properties:
+                  data:
+                    description: Data specifies the POST data sent to the server.
+                    items:
+                      description: RequestData contains the HTTP POST data
+                      properties:
+                        key:
+                          description: Key is a unique identifier for the data value
+                          type: string
+                        value:
+                          description: Value is the data value
+                          x-kubernetes-preserve-unknown-fields: true
+                      required:
+                      - key
+                      - value
+                      type: object
+                    type: array
+                  jmesPath:
+                    description: JMESPath is an optional JSON Match Expression that
+                      can be used to transform the JSON response returned from the
+                      server. For example a JMESPath of "items | length(@)" applied
+                      to the API server response for the URLPath "/apis/apps/v1/deployments"
+                      will return the total count of deployments across all namespaces.
+                    type: string
+                  method:
+                    default: GET
+                    description: Method is the HTTP request type (GET or POST).
+                    enum:
+                    - GET
+                    - POST
+                    type: string
+                  refreshIntervalSeconds:
+                    default: 0
+                    description: RefreshIntervalSeconds defines the interval at which
+                      to poll the APICall
+                    format: int64
+                    type: integer
+                  service:
+                    description: Service is an API call to a JSON web service
+                    properties:
+                      caBundle:
+                        description: CABundle is a PEM encoded CA bundle which will
+                          be used to validate the server certificate.
+                        type: string
+                      url:
+                        description: URL is the JSON web service URL. A typical form
+                          is `https://{service}.{namespace}:{port}/{path}`.
+                        type: string
+                    required:
+                    - url
+                    type: object
+                  urlPath:
+                    description: URLPath is the URL path to be used in the HTTP GET
+                      or POST request to the Kubernetes API server (e.g. "/api/v1/namespaces"
+                      or  "/apis/apps/v1/deployments"). The format required is the
+                      same format used by the `kubectl get --raw` command. See https://kyverno.io/docs/writing-policies/external-data-sources/#variables-from-kubernetes-api-server-calls
+                      for details.
+                    type: string
+                type: object
+              kubernetesResource:
+                description: KubernetesResource stores infos about kubernetes resource
+                  that should be cached
+                properties:
+                  group:
+                    description: Group defines the group of the resource
+                    type: string
+                  namespace:
+                    description: Namespace defines the namespace of the resource.
+                      Leave empty for cluster scoped resources.
+                    type: string
+                  resource:
+                    description: Resource defines the type of the resource
+                    type: string
+                  version:
+                    description: Version defines the version of the resource
+                    type: string
+                type: object
+            type: object
+          status:
+            description: Status contains globalcontextentry runtime data.
+            properties:
+              conditions:
+                items:
+                  description: "Condition contains details for one aspect of the current
+                    state of this API Resource. --- This struct is intended for direct
+                    use as an array at the field path .status.conditions.  For example,
+                    \n type FooStatus struct{ // Represents the observations of a
+                    foo's current state. // Known .status.conditions.type are: \"Available\",
+                    \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
+                    // +listType=map // +listMapKey=type Conditions []metav1.Condition
+                    `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
+                    protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
+                  properties:
+                    lastTransitionTime:
+                      description: lastTransitionTime is the last time the condition
+                        transitioned from one status to another. This should be when
+                        the underlying condition changed.  If that is not known, then
+                        using the time when the API field changed is acceptable.
+                      format: date-time
+                      type: string
+                    message:
+                      description: message is a human readable message indicating
+                        details about the transition. This may be an empty string.
+                      maxLength: 32768
+                      type: string
+                    observedGeneration:
+                      description: observedGeneration represents the .metadata.generation
+                        that the condition was set based upon. For instance, if .metadata.generation
+                        is currently 12, but the .status.conditions[x].observedGeneration
+                        is 9, the condition is out of date with respect to the current
+                        state of the instance.
+                      format: int64
+                      minimum: 0
+                      type: integer
+                    reason:
+                      description: reason contains a programmatic identifier indicating
+                        the reason for the condition's last transition. Producers
+                        of specific condition types may define expected values and
+                        meanings for this field, and whether the values are considered
+                        a guaranteed API. The value should be a CamelCase string.
+                        This field may not be empty.
+                      maxLength: 1024
+                      minLength: 1
+                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
+                      type: string
+                    status:
+                      description: status of the condition, one of True, False, Unknown.
+                      enum:
+                      - "True"
+                      - "False"
+                      - Unknown
+                      type: string
+                    type:
+                      description: type of condition in CamelCase or in foo.example.com/CamelCase.
+                        --- Many .condition.type values are consistent across resources
+                        like Available, but because arbitrary conditions can be useful
+                        (see .node.status.conditions), the ability to deconflict is
+                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
+                      maxLength: 316
+                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
+                      type: string
+                  required:
+                  - lastTransitionTime
+                  - message
+                  - reason
+                  - status
+                  - type
+                  type: object
+                type: array
+              ready:
+                description: Deprecated in favor of Conditions
+                type: boolean
+            required:
+            - ready
+            type: object
+        required:
+        - spec
+        type: object
+    served: true
+    storage: true
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
 metadata:
   labels:
     app.kubernetes.io/component: crds
diff --git a/docs/user/crd/index.html b/docs/user/crd/index.html
index aa4cc7be9e..431d63bff6 100644
--- a/docs/user/crd/index.html
+++ b/docs/user/crd/index.html
@@ -611,7 +611,7 @@ PolicyStatus
 <p>
 (<em>Appears on:</em>
 <a href="#kyverno.io/v1.ContextEntry">ContextEntry</a>, 
-<a href="#kyverno.io/v1.ExternalAPICall">ExternalAPICall</a>)
+<a href="#kyverno.io/v2alpha1.ExternalAPICall">ExternalAPICall</a>)
 </p>
 <p>
 </p>
@@ -1571,52 +1571,6 @@ string
 </tbody>
 </table>
 <hr />
-<h3 id="kyverno.io/v1.ExternalAPICall">ExternalAPICall
-</h3>
-<p>
-(<em>Appears on:</em>
-<a href="#kyverno.io/v2alpha1.GlobalContextEntrySpec">GlobalContextEntrySpec</a>)
-</p>
-<p>
-<p>ExternalAPICall stores infos about API call that should be cached</p>
-</p>
-<table class="table table-striped">
-<thead class="thead-dark">
-<tr>
-<th>Field</th>
-<th>Description</th>
-</tr>
-</thead>
-<tbody>
-<tr>
-<td>
-<code>APICall</code><br/>
-<em>
-<a href="#kyverno.io/v1.APICall">
-APICall
-</a>
-</em>
-</td>
-<td>
-<p>
-(Members of <code>APICall</code> are embedded into this type.)
-</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>refreshIntervalSeconds</code><br/>
-<em>
-int64
-</em>
-</td>
-<td>
-<p>RefreshIntervalSeconds defines the interval at which to poll the APICall</p>
-</td>
-</tr>
-</tbody>
-</table>
-<hr />
 <h3 id="kyverno.io/v1.FailurePolicyType">FailurePolicyType
 (<code>string</code> alias)</p></h3>
 <p>
@@ -2605,70 +2559,6 @@ map[string]string
 </tbody>
 </table>
 <hr />
-<h3 id="kyverno.io/v1.KubernetesResource">KubernetesResource
-</h3>
-<p>
-(<em>Appears on:</em>
-<a href="#kyverno.io/v2alpha1.GlobalContextEntrySpec">GlobalContextEntrySpec</a>)
-</p>
-<p>
-<p>KubernetesResource stores infos about kubernetes resource that should be cached</p>
-</p>
-<table class="table table-striped">
-<thead class="thead-dark">
-<tr>
-<th>Field</th>
-<th>Description</th>
-</tr>
-</thead>
-<tbody>
-<tr>
-<td>
-<code>group</code><br/>
-<em>
-string
-</em>
-</td>
-<td>
-<p>Group defines the group of the resource</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>version</code><br/>
-<em>
-string
-</em>
-</td>
-<td>
-<p>Version defines the version of the resource</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>resource</code><br/>
-<em>
-string
-</em>
-</td>
-<td>
-<p>Resource defines the type of the resource</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>namespace</code><br/>
-<em>
-string
-</em>
-</td>
-<td>
-<p>Namespace defines the namespace of the resource. Leave empty for cluster scoped resources.</p>
-</td>
-</tr>
-</tbody>
-</table>
-<hr />
 <h3 id="kyverno.io/v1.Manifests">Manifests
 </h3>
 <p>
@@ -7907,7 +7797,7 @@ GlobalContextEntrySpec
 <td>
 <code>kubernetesResource</code><br/>
 <em>
-<a href="#kyverno.io/v1.KubernetesResource">
+<a href="#kyverno.io/v2alpha1.KubernetesResource">
 KubernetesResource
 </a>
 </em>
@@ -7920,7 +7810,7 @@ KubernetesResource
 <td>
 <code>apiCall</code><br/>
 <em>
-<a href="#kyverno.io/v1.ExternalAPICall">
+<a href="#kyverno.io/v2alpha1.ExternalAPICall">
 ExternalAPICall
 </a>
 </em>
@@ -8087,6 +7977,52 @@ Applicable only to policies that have validate.podSecurity subrule.</p>
 <p>
 <p>CleanupPolicyInterface abstracts the concrete policy type (CleanupPolicy vs ClusterCleanupPolicy)</p>
 </p>
+<h3 id="kyverno.io/v2alpha1.ExternalAPICall">ExternalAPICall
+</h3>
+<p>
+(<em>Appears on:</em>
+<a href="#kyverno.io/v2alpha1.GlobalContextEntrySpec">GlobalContextEntrySpec</a>)
+</p>
+<p>
+<p>ExternalAPICall stores infos about API call that should be cached</p>
+</p>
+<table class="table table-striped">
+<thead class="thead-dark">
+<tr>
+<th>Field</th>
+<th>Description</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td>
+<code>APICall</code><br/>
+<em>
+<a href="#kyverno.io/v1.APICall">
+APICall
+</a>
+</em>
+</td>
+<td>
+<p>
+(Members of <code>APICall</code> are embedded into this type.)
+</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>refreshIntervalSeconds</code><br/>
+<em>
+int64
+</em>
+</td>
+<td>
+<p>RefreshIntervalSeconds defines the interval at which to poll the APICall</p>
+</td>
+</tr>
+</tbody>
+</table>
+<hr />
 <h3 id="kyverno.io/v2alpha1.GlobalContextEntrySpec">GlobalContextEntrySpec
 </h3>
 <p>
@@ -8108,7 +8044,7 @@ Applicable only to policies that have validate.podSecurity subrule.</p>
 <td>
 <code>kubernetesResource</code><br/>
 <em>
-<a href="#kyverno.io/v1.KubernetesResource">
+<a href="#kyverno.io/v2alpha1.KubernetesResource">
 KubernetesResource
 </a>
 </em>
@@ -8121,7 +8057,7 @@ KubernetesResource
 <td>
 <code>apiCall</code><br/>
 <em>
-<a href="#kyverno.io/v1.ExternalAPICall">
+<a href="#kyverno.io/v2alpha1.ExternalAPICall">
 ExternalAPICall
 </a>
 </em>
@@ -8176,6 +8112,70 @@ bool
 </tbody>
 </table>
 <hr />
+<h3 id="kyverno.io/v2alpha1.KubernetesResource">KubernetesResource
+</h3>
+<p>
+(<em>Appears on:</em>
+<a href="#kyverno.io/v2alpha1.GlobalContextEntrySpec">GlobalContextEntrySpec</a>)
+</p>
+<p>
+<p>KubernetesResource stores infos about kubernetes resource that should be cached</p>
+</p>
+<table class="table table-striped">
+<thead class="thead-dark">
+<tr>
+<th>Field</th>
+<th>Description</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td>
+<code>group</code><br/>
+<em>
+string
+</em>
+</td>
+<td>
+<p>Group defines the group of the resource</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>version</code><br/>
+<em>
+string
+</em>
+</td>
+<td>
+<p>Version defines the version of the resource</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>resource</code><br/>
+<em>
+string
+</em>
+</td>
+<td>
+<p>Resource defines the type of the resource</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>namespace</code><br/>
+<em>
+string
+</em>
+</td>
+<td>
+<p>Namespace defines the namespace of the resource. Leave empty for cluster scoped resources.</p>
+</td>
+</tr>
+</tbody>
+</table>
+<hr />
 <h2 id="kyverno.io/v2beta1">kyverno.io/v2beta1</h2>
 Resource Types:
 <ul><li>
diff --git a/pkg/client/applyconfigurations/kyverno/v1/externalapicall.go b/pkg/client/applyconfigurations/kyverno/v2alpha1/externalapicall.go
similarity index 89%
rename from pkg/client/applyconfigurations/kyverno/v1/externalapicall.go
rename to pkg/client/applyconfigurations/kyverno/v2alpha1/externalapicall.go
index 58b3138e94..5f641a47cc 100644
--- a/pkg/client/applyconfigurations/kyverno/v1/externalapicall.go
+++ b/pkg/client/applyconfigurations/kyverno/v2alpha1/externalapicall.go
@@ -16,17 +16,18 @@ limitations under the License.
 
 // Code generated by applyconfiguration-gen. DO NOT EDIT.
 
-package v1
+package v2alpha1
 
 import (
 	kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
+	v1 "github.com/kyverno/kyverno/pkg/client/applyconfigurations/kyverno/v1"
 )
 
 // ExternalAPICallApplyConfiguration represents an declarative configuration of the ExternalAPICall type for use
 // with apply.
 type ExternalAPICallApplyConfiguration struct {
-	APICallApplyConfiguration `json:",omitempty,inline"`
-	RefreshIntervalSeconds    *int64 `json:"refreshIntervalSeconds,omitempty"`
+	v1.APICallApplyConfiguration `json:",omitempty,inline"`
+	RefreshIntervalSeconds       *int64 `json:"refreshIntervalSeconds,omitempty"`
 }
 
 // ExternalAPICallApplyConfiguration constructs an declarative configuration of the ExternalAPICall type for use with
@@ -54,7 +55,7 @@ func (b *ExternalAPICallApplyConfiguration) WithMethod(value kyvernov1.Method) *
 // WithData adds the given value to the Data field in the declarative configuration
 // and returns the receiver, so that objects can be build by chaining "With" function invocations.
 // If called multiple times, values provided by each call will be appended to the Data field.
-func (b *ExternalAPICallApplyConfiguration) WithData(values ...*RequestDataApplyConfiguration) *ExternalAPICallApplyConfiguration {
+func (b *ExternalAPICallApplyConfiguration) WithData(values ...*v1.RequestDataApplyConfiguration) *ExternalAPICallApplyConfiguration {
 	for i := range values {
 		if values[i] == nil {
 			panic("nil value passed to WithData")
@@ -67,7 +68,7 @@ func (b *ExternalAPICallApplyConfiguration) WithData(values ...*RequestDataApply
 // WithService sets the Service field in the declarative configuration to the given value
 // and returns the receiver, so that objects can be built by chaining "With" function invocations.
 // If called multiple times, the Service field is set to the value of the last call.
-func (b *ExternalAPICallApplyConfiguration) WithService(value *ServiceCallApplyConfiguration) *ExternalAPICallApplyConfiguration {
+func (b *ExternalAPICallApplyConfiguration) WithService(value *v1.ServiceCallApplyConfiguration) *ExternalAPICallApplyConfiguration {
 	b.Service = value
 	return b
 }
diff --git a/pkg/client/applyconfigurations/kyverno/v2alpha1/globalcontextentryspec.go b/pkg/client/applyconfigurations/kyverno/v2alpha1/globalcontextentryspec.go
index 33853a72a2..339a0b9335 100644
--- a/pkg/client/applyconfigurations/kyverno/v2alpha1/globalcontextentryspec.go
+++ b/pkg/client/applyconfigurations/kyverno/v2alpha1/globalcontextentryspec.go
@@ -18,15 +18,11 @@ limitations under the License.
 
 package v2alpha1
 
-import (
-	v1 "github.com/kyverno/kyverno/pkg/client/applyconfigurations/kyverno/v1"
-)
-
 // GlobalContextEntrySpecApplyConfiguration represents an declarative configuration of the GlobalContextEntrySpec type for use
 // with apply.
 type GlobalContextEntrySpecApplyConfiguration struct {
-	KubernetesResource *v1.KubernetesResourceApplyConfiguration `json:"kubernetesResource,omitempty"`
-	APICall            *v1.ExternalAPICallApplyConfiguration    `json:"apiCall,omitempty"`
+	KubernetesResource *KubernetesResourceApplyConfiguration `json:"kubernetesResource,omitempty"`
+	APICall            *ExternalAPICallApplyConfiguration    `json:"apiCall,omitempty"`
 }
 
 // GlobalContextEntrySpecApplyConfiguration constructs an declarative configuration of the GlobalContextEntrySpec type for use with
@@ -38,7 +34,7 @@ func GlobalContextEntrySpec() *GlobalContextEntrySpecApplyConfiguration {
 // WithKubernetesResource sets the KubernetesResource field in the declarative configuration to the given value
 // and returns the receiver, so that objects can be built by chaining "With" function invocations.
 // If called multiple times, the KubernetesResource field is set to the value of the last call.
-func (b *GlobalContextEntrySpecApplyConfiguration) WithKubernetesResource(value *v1.KubernetesResourceApplyConfiguration) *GlobalContextEntrySpecApplyConfiguration {
+func (b *GlobalContextEntrySpecApplyConfiguration) WithKubernetesResource(value *KubernetesResourceApplyConfiguration) *GlobalContextEntrySpecApplyConfiguration {
 	b.KubernetesResource = value
 	return b
 }
@@ -46,7 +42,7 @@ func (b *GlobalContextEntrySpecApplyConfiguration) WithKubernetesResource(value
 // WithAPICall sets the APICall field in the declarative configuration to the given value
 // and returns the receiver, so that objects can be built by chaining "With" function invocations.
 // If called multiple times, the APICall field is set to the value of the last call.
-func (b *GlobalContextEntrySpecApplyConfiguration) WithAPICall(value *v1.ExternalAPICallApplyConfiguration) *GlobalContextEntrySpecApplyConfiguration {
+func (b *GlobalContextEntrySpecApplyConfiguration) WithAPICall(value *ExternalAPICallApplyConfiguration) *GlobalContextEntrySpecApplyConfiguration {
 	b.APICall = value
 	return b
 }
diff --git a/pkg/client/applyconfigurations/kyverno/v1/kubernetesresource.go b/pkg/client/applyconfigurations/kyverno/v2alpha1/kubernetesresource.go
similarity index 99%
rename from pkg/client/applyconfigurations/kyverno/v1/kubernetesresource.go
rename to pkg/client/applyconfigurations/kyverno/v2alpha1/kubernetesresource.go
index 933cc92aa7..cff6c9220d 100644
--- a/pkg/client/applyconfigurations/kyverno/v1/kubernetesresource.go
+++ b/pkg/client/applyconfigurations/kyverno/v2alpha1/kubernetesresource.go
@@ -16,7 +16,7 @@ limitations under the License.
 
 // Code generated by applyconfiguration-gen. DO NOT EDIT.
 
-package v1
+package v2alpha1
 
 // KubernetesResourceApplyConfiguration represents an declarative configuration of the KubernetesResource type for use
 // with apply.
diff --git a/pkg/client/applyconfigurations/utils.go b/pkg/client/applyconfigurations/utils.go
index d0a6f55a69..c3eb9e835c 100644
--- a/pkg/client/applyconfigurations/utils.go
+++ b/pkg/client/applyconfigurations/utils.go
@@ -77,8 +77,6 @@ func ForKind(kind schema.GroupVersionKind) interface{} {
 		return &kyvernov1.DenyApplyConfiguration{}
 	case v1.SchemeGroupVersion.WithKind("DryRunOption"):
 		return &kyvernov1.DryRunOptionApplyConfiguration{}
-	case v1.SchemeGroupVersion.WithKind("ExternalAPICall"):
-		return &kyvernov1.ExternalAPICallApplyConfiguration{}
 	case v1.SchemeGroupVersion.WithKind("ForEachMutation"):
 		return &kyvernov1.ForEachMutationApplyConfiguration{}
 	case v1.SchemeGroupVersion.WithKind("ForEachValidation"):
@@ -95,8 +93,6 @@ func ForKind(kind schema.GroupVersionKind) interface{} {
 		return &kyvernov1.ImageVerificationApplyConfiguration{}
 	case v1.SchemeGroupVersion.WithKind("KeylessAttestor"):
 		return &kyvernov1.KeylessAttestorApplyConfiguration{}
-	case v1.SchemeGroupVersion.WithKind("KubernetesResource"):
-		return &kyvernov1.KubernetesResourceApplyConfiguration{}
 	case v1.SchemeGroupVersion.WithKind("Manifests"):
 		return &kyvernov1.ManifestsApplyConfiguration{}
 	case v1.SchemeGroupVersion.WithKind("MatchResources"):
@@ -225,12 +221,16 @@ func ForKind(kind schema.GroupVersionKind) interface{} {
 		return &kyvernov2alpha1.CleanupPolicyApplyConfiguration{}
 	case v2alpha1.SchemeGroupVersion.WithKind("ClusterCleanupPolicy"):
 		return &kyvernov2alpha1.ClusterCleanupPolicyApplyConfiguration{}
+	case v2alpha1.SchemeGroupVersion.WithKind("ExternalAPICall"):
+		return &kyvernov2alpha1.ExternalAPICallApplyConfiguration{}
 	case v2alpha1.SchemeGroupVersion.WithKind("GlobalContextEntry"):
 		return &kyvernov2alpha1.GlobalContextEntryApplyConfiguration{}
 	case v2alpha1.SchemeGroupVersion.WithKind("GlobalContextEntrySpec"):
 		return &kyvernov2alpha1.GlobalContextEntrySpecApplyConfiguration{}
 	case v2alpha1.SchemeGroupVersion.WithKind("GlobalContextEntryStatus"):
 		return &kyvernov2alpha1.GlobalContextEntryStatusApplyConfiguration{}
+	case v2alpha1.SchemeGroupVersion.WithKind("KubernetesResource"):
+		return &kyvernov2alpha1.KubernetesResourceApplyConfiguration{}
 	case v2alpha1.SchemeGroupVersion.WithKind("PolicyException"):
 		return &kyvernov2alpha1.PolicyExceptionApplyConfiguration{}