mirror of
https://github.com/kyverno/kyverno.git
synced 2025-03-15 20:20:22 +00:00
feat: add global context crd to codegen (#9595)
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
This commit is contained in:
parent
55587976d0
commit
1e0bac2d6f
16 changed files with 644 additions and 227 deletions
1
Makefile
1
Makefile
|
@ -591,6 +591,7 @@ codegen-helm-crds: codegen-crds-all ## Generate helm CRDs
|
||||||
$(call generate_crd,kyverno.io_clusterbackgroundscanreports.yaml,kyverno,kyverno.io,kyverno,clusterbackgroundscanreports)
|
$(call generate_crd,kyverno.io_clusterbackgroundscanreports.yaml,kyverno,kyverno.io,kyverno,clusterbackgroundscanreports)
|
||||||
$(call generate_crd,kyverno.io_clustercleanuppolicies.yaml,kyverno,kyverno.io,kyverno,clustercleanuppolicies)
|
$(call generate_crd,kyverno.io_clustercleanuppolicies.yaml,kyverno,kyverno.io,kyverno,clustercleanuppolicies)
|
||||||
$(call generate_crd,kyverno.io_clusterpolicies.yaml,kyverno,kyverno.io,kyverno,clusterpolicies)
|
$(call generate_crd,kyverno.io_clusterpolicies.yaml,kyverno,kyverno.io,kyverno,clusterpolicies)
|
||||||
|
$(call generate_crd,kyverno.io_globalcontextentries.yaml,kyverno,kyverno.io,kyverno,globalcontextentries)
|
||||||
$(call generate_crd,kyverno.io_policies.yaml,kyverno,kyverno.io,kyverno,policies)
|
$(call generate_crd,kyverno.io_policies.yaml,kyverno,kyverno.io,kyverno,policies)
|
||||||
$(call generate_crd,kyverno.io_policyexceptions.yaml,kyverno,kyverno.io,kyverno,policyexceptions)
|
$(call generate_crd,kyverno.io_policyexceptions.yaml,kyverno,kyverno.io,kyverno,policyexceptions)
|
||||||
$(call generate_crd,kyverno.io_updaterequests.yaml,kyverno,kyverno.io,kyverno,updaterequests)
|
$(call generate_crd,kyverno.io_updaterequests.yaml,kyverno,kyverno.io,kyverno,updaterequests)
|
||||||
|
|
|
@ -184,52 +184,6 @@ type GlobalContextEntryReference struct {
|
||||||
JMESPath string `json:"jmesPath,omitempty" yaml:"jmesPath,omitempty"`
|
JMESPath string `json:"jmesPath,omitempty" yaml:"jmesPath,omitempty"`
|
||||||
}
|
}
|
||||||
|
|
||||||
// KubernetesResource stores infos about kubernetes resource that should be cached
|
|
||||||
type KubernetesResource struct {
|
|
||||||
// Group defines the group of the resource
|
|
||||||
Group string `json:"group,omitempty" yaml:"group,omitempty"`
|
|
||||||
// Version defines the version of the resource
|
|
||||||
Version string `json:"version,omitempty" yaml:"version,omitempty"`
|
|
||||||
// Resource defines the type of the resource
|
|
||||||
Resource string `json:"resource,omitempty" yaml:"resource,omitempty"`
|
|
||||||
// Namespace defines the namespace of the resource. Leave empty for cluster scoped resources.
|
|
||||||
// +kubebuilder:validation:Optional
|
|
||||||
Namespace string `json:"namespace,omitempty" yaml:"namespace,omitempty"`
|
|
||||||
}
|
|
||||||
|
|
||||||
// Validate implements programmatic validation
|
|
||||||
func (k *KubernetesResource) Validate(path *field.Path) (errs field.ErrorList) {
|
|
||||||
if k.Group == "" {
|
|
||||||
errs = append(errs, field.Required(path.Child("group"), "An Resource entry requires a group"))
|
|
||||||
}
|
|
||||||
if k.Version == "" {
|
|
||||||
errs = append(errs, field.Required(path.Child("version"), "An Resource entry requires a version"))
|
|
||||||
}
|
|
||||||
if k.Resource == "" {
|
|
||||||
errs = append(errs, field.Required(path.Child("resource"), "An Resource entry requires a resource"))
|
|
||||||
}
|
|
||||||
return errs
|
|
||||||
}
|
|
||||||
|
|
||||||
// ExternalAPICall stores infos about API call that should be cached
|
|
||||||
type ExternalAPICall struct {
|
|
||||||
APICall `json:",inline,omitempty" yaml:",inline,omitempty"`
|
|
||||||
// RefreshIntervalSeconds defines the interval at which to poll the APICall
|
|
||||||
// +kubebuilder:default=0
|
|
||||||
RefreshIntervalSeconds int64 `json:"refreshIntervalSeconds,omitempty" yaml:"refreshIntervalSeconds,omitempty"`
|
|
||||||
}
|
|
||||||
|
|
||||||
// Validate implements programmatic validation
|
|
||||||
func (e *ExternalAPICall) Validate(path *field.Path) (errs field.ErrorList) {
|
|
||||||
if e.Service.URL == "" {
|
|
||||||
errs = append(errs, field.Required(path.Child("url"), "An External API Call entry requires a url"))
|
|
||||||
}
|
|
||||||
if e.RefreshIntervalSeconds <= 0 {
|
|
||||||
errs = append(errs, field.Required(path.Child("refreshIntervalSeconds"), "An Resource entry requires a refresh interval greater than 0 seconds"))
|
|
||||||
}
|
|
||||||
return errs
|
|
||||||
}
|
|
||||||
|
|
||||||
type ServiceCall struct {
|
type ServiceCall struct {
|
||||||
// URL is the JSON web service URL. A typical form is
|
// URL is the JSON web service URL. A typical form is
|
||||||
// `https://{service}.{namespace}:{port}/{path}`.
|
// `https://{service}.{namespace}:{port}/{path}`.
|
||||||
|
|
|
@ -516,23 +516,6 @@ func (in *DryRunOption) DeepCopy() *DryRunOption {
|
||||||
return out
|
return out
|
||||||
}
|
}
|
||||||
|
|
||||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
|
||||||
func (in *ExternalAPICall) DeepCopyInto(out *ExternalAPICall) {
|
|
||||||
*out = *in
|
|
||||||
in.APICall.DeepCopyInto(&out.APICall)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalAPICall.
|
|
||||||
func (in *ExternalAPICall) DeepCopy() *ExternalAPICall {
|
|
||||||
if in == nil {
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
out := new(ExternalAPICall)
|
|
||||||
in.DeepCopyInto(out)
|
|
||||||
return out
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
||||||
func (in *ForEachMutation) DeepCopyInto(out *ForEachMutation) {
|
func (in *ForEachMutation) DeepCopyInto(out *ForEachMutation) {
|
||||||
*out = *in
|
*out = *in
|
||||||
|
@ -876,22 +859,6 @@ func (in *KeylessAttestor) DeepCopy() *KeylessAttestor {
|
||||||
return out
|
return out
|
||||||
}
|
}
|
||||||
|
|
||||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
|
||||||
func (in *KubernetesResource) DeepCopyInto(out *KubernetesResource) {
|
|
||||||
*out = *in
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubernetesResource.
|
|
||||||
func (in *KubernetesResource) DeepCopy() *KubernetesResource {
|
|
||||||
if in == nil {
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
out := new(KubernetesResource)
|
|
||||||
in.DeepCopyInto(out)
|
|
||||||
return out
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
||||||
func (in *Manifests) DeepCopyInto(out *Manifests) {
|
func (in *Manifests) DeepCopyInto(out *Manifests) {
|
||||||
*out = *in
|
*out = *in
|
||||||
|
|
|
@ -29,15 +29,15 @@ import (
|
||||||
|
|
||||||
// GlobalContextEntry declares resources to be cached.
|
// GlobalContextEntry declares resources to be cached.
|
||||||
type GlobalContextEntry struct {
|
type GlobalContextEntry struct {
|
||||||
metav1.TypeMeta `json:",inline,omitempty" yaml:",inline,omitempty"`
|
metav1.TypeMeta `json:",inline,omitempty"`
|
||||||
metav1.ObjectMeta `json:"metadata,omitempty" yaml:"metadata,omitempty"`
|
metav1.ObjectMeta `json:"metadata,omitempty"`
|
||||||
|
|
||||||
// Spec declares policy exception behaviors.
|
// Spec declares policy exception behaviors.
|
||||||
Spec GlobalContextEntrySpec `json:"spec" yaml:"spec"`
|
Spec GlobalContextEntrySpec `json:"spec" yaml:"spec"`
|
||||||
|
|
||||||
// Status contains globalcontextentry runtime data.
|
// Status contains globalcontextentry runtime data.
|
||||||
// +optional
|
// +optional
|
||||||
Status GlobalContextEntryStatus `json:"status,omitempty" yaml:"status,omitempty"`
|
Status GlobalContextEntryStatus `json:"status,omitempty"`
|
||||||
}
|
}
|
||||||
|
|
||||||
// GetStatus returns the globalcontextentry status
|
// GetStatus returns the globalcontextentry status
|
||||||
|
@ -60,11 +60,11 @@ func (c *GlobalContextEntry) IsNamespaced() bool {
|
||||||
type GlobalContextEntrySpec struct {
|
type GlobalContextEntrySpec struct {
|
||||||
// KubernetesResource stores infos about kubernetes resource that should be cached
|
// KubernetesResource stores infos about kubernetes resource that should be cached
|
||||||
// +kubebuilder:validation:Optional
|
// +kubebuilder:validation:Optional
|
||||||
KubernetesResource *kyvernov1.KubernetesResource `json:"kubernetesResource,omitempty" yaml:"kubernetesResource,omitempty"`
|
KubernetesResource *KubernetesResource `json:"kubernetesResource,omitempty"`
|
||||||
|
|
||||||
// APICall stores infos about API call that should be cached
|
// APICall stores infos about API call that should be cached
|
||||||
// +kubebuilder:validation:Optional
|
// +kubebuilder:validation:Optional
|
||||||
APICall *kyvernov1.ExternalAPICall `json:"apiCall,omitempty" yaml:"apiCall,omitempty"`
|
APICall *ExternalAPICall `json:"apiCall,omitempty"`
|
||||||
}
|
}
|
||||||
|
|
||||||
func (c *GlobalContextEntrySpec) IsAPICall() bool {
|
func (c *GlobalContextEntrySpec) IsAPICall() bool {
|
||||||
|
@ -94,7 +94,53 @@ func (c *GlobalContextEntrySpec) Validate(path *field.Path) (errs field.ErrorLis
|
||||||
|
|
||||||
// GlobalContextEntryList is a list of Cached Context Entries
|
// GlobalContextEntryList is a list of Cached Context Entries
|
||||||
type GlobalContextEntryList struct {
|
type GlobalContextEntryList struct {
|
||||||
metav1.TypeMeta `json:",inline" yaml:",inline"`
|
metav1.TypeMeta `json:",inline"`
|
||||||
metav1.ListMeta `json:"metadata" yaml:"metadata"`
|
metav1.ListMeta `json:"metadata"`
|
||||||
Items []GlobalContextEntry `json:"items" yaml:"items"`
|
Items []GlobalContextEntry `json:"items"`
|
||||||
|
}
|
||||||
|
|
||||||
|
// KubernetesResource stores infos about kubernetes resource that should be cached
|
||||||
|
type KubernetesResource struct {
|
||||||
|
// Group defines the group of the resource
|
||||||
|
Group string `json:"group,omitempty"`
|
||||||
|
// Version defines the version of the resource
|
||||||
|
Version string `json:"version,omitempty"`
|
||||||
|
// Resource defines the type of the resource
|
||||||
|
Resource string `json:"resource,omitempty"`
|
||||||
|
// Namespace defines the namespace of the resource. Leave empty for cluster scoped resources.
|
||||||
|
// +kubebuilder:validation:Optional
|
||||||
|
Namespace string `json:"namespace,omitempty"`
|
||||||
|
}
|
||||||
|
|
||||||
|
// Validate implements programmatic validation
|
||||||
|
func (k *KubernetesResource) Validate(path *field.Path) (errs field.ErrorList) {
|
||||||
|
if k.Group == "" {
|
||||||
|
errs = append(errs, field.Required(path.Child("group"), "An Resource entry requires a group"))
|
||||||
|
}
|
||||||
|
if k.Version == "" {
|
||||||
|
errs = append(errs, field.Required(path.Child("version"), "An Resource entry requires a version"))
|
||||||
|
}
|
||||||
|
if k.Resource == "" {
|
||||||
|
errs = append(errs, field.Required(path.Child("resource"), "An Resource entry requires a resource"))
|
||||||
|
}
|
||||||
|
return errs
|
||||||
|
}
|
||||||
|
|
||||||
|
// ExternalAPICall stores infos about API call that should be cached
|
||||||
|
type ExternalAPICall struct {
|
||||||
|
kyvernov1.APICall `json:",inline,omitempty"`
|
||||||
|
// RefreshIntervalSeconds defines the interval at which to poll the APICall
|
||||||
|
// +kubebuilder:default=0
|
||||||
|
RefreshIntervalSeconds int64 `json:"refreshIntervalSeconds,omitempty"`
|
||||||
|
}
|
||||||
|
|
||||||
|
// Validate implements programmatic validation
|
||||||
|
func (e *ExternalAPICall) Validate(path *field.Path) (errs field.ErrorList) {
|
||||||
|
if e.Service.URL == "" {
|
||||||
|
errs = append(errs, field.Required(path.Child("url"), "An External API Call entry requires a url"))
|
||||||
|
}
|
||||||
|
if e.RefreshIntervalSeconds <= 0 {
|
||||||
|
errs = append(errs, field.Required(path.Child("refreshIntervalSeconds"), "An Resource entry requires a refresh interval greater than 0 seconds"))
|
||||||
|
}
|
||||||
|
return errs
|
||||||
}
|
}
|
||||||
|
|
|
@ -22,9 +22,8 @@ limitations under the License.
|
||||||
package v2alpha1
|
package v2alpha1
|
||||||
|
|
||||||
import (
|
import (
|
||||||
v1 "github.com/kyverno/kyverno/api/kyverno/v1"
|
|
||||||
v2beta1 "github.com/kyverno/kyverno/api/kyverno/v2beta1"
|
v2beta1 "github.com/kyverno/kyverno/api/kyverno/v2beta1"
|
||||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||||
runtime "k8s.io/apimachinery/pkg/runtime"
|
runtime "k8s.io/apimachinery/pkg/runtime"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
@ -150,6 +149,23 @@ func (in *ClusterCleanupPolicyList) DeepCopyObject() runtime.Object {
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
||||||
|
func (in *ExternalAPICall) DeepCopyInto(out *ExternalAPICall) {
|
||||||
|
*out = *in
|
||||||
|
in.APICall.DeepCopyInto(&out.APICall)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalAPICall.
|
||||||
|
func (in *ExternalAPICall) DeepCopy() *ExternalAPICall {
|
||||||
|
if in == nil {
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
out := new(ExternalAPICall)
|
||||||
|
in.DeepCopyInto(out)
|
||||||
|
return out
|
||||||
|
}
|
||||||
|
|
||||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
||||||
func (in *GlobalContextEntry) DeepCopyInto(out *GlobalContextEntry) {
|
func (in *GlobalContextEntry) DeepCopyInto(out *GlobalContextEntry) {
|
||||||
*out = *in
|
*out = *in
|
||||||
|
@ -216,12 +232,12 @@ func (in *GlobalContextEntrySpec) DeepCopyInto(out *GlobalContextEntrySpec) {
|
||||||
*out = *in
|
*out = *in
|
||||||
if in.KubernetesResource != nil {
|
if in.KubernetesResource != nil {
|
||||||
in, out := &in.KubernetesResource, &out.KubernetesResource
|
in, out := &in.KubernetesResource, &out.KubernetesResource
|
||||||
*out = new(v1.KubernetesResource)
|
*out = new(KubernetesResource)
|
||||||
**out = **in
|
**out = **in
|
||||||
}
|
}
|
||||||
if in.APICall != nil {
|
if in.APICall != nil {
|
||||||
in, out := &in.APICall, &out.APICall
|
in, out := &in.APICall, &out.APICall
|
||||||
*out = new(v1.ExternalAPICall)
|
*out = new(ExternalAPICall)
|
||||||
(*in).DeepCopyInto(*out)
|
(*in).DeepCopyInto(*out)
|
||||||
}
|
}
|
||||||
return
|
return
|
||||||
|
@ -242,7 +258,7 @@ func (in *GlobalContextEntryStatus) DeepCopyInto(out *GlobalContextEntryStatus)
|
||||||
*out = *in
|
*out = *in
|
||||||
if in.Conditions != nil {
|
if in.Conditions != nil {
|
||||||
in, out := &in.Conditions, &out.Conditions
|
in, out := &in.Conditions, &out.Conditions
|
||||||
*out = make([]metav1.Condition, len(*in))
|
*out = make([]v1.Condition, len(*in))
|
||||||
for i := range *in {
|
for i := range *in {
|
||||||
(*in)[i].DeepCopyInto(&(*out)[i])
|
(*in)[i].DeepCopyInto(&(*out)[i])
|
||||||
}
|
}
|
||||||
|
@ -260,6 +276,22 @@ func (in *GlobalContextEntryStatus) DeepCopy() *GlobalContextEntryStatus {
|
||||||
return out
|
return out
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
||||||
|
func (in *KubernetesResource) DeepCopyInto(out *KubernetesResource) {
|
||||||
|
*out = *in
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubernetesResource.
|
||||||
|
func (in *KubernetesResource) DeepCopy() *KubernetesResource {
|
||||||
|
if in == nil {
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
out := new(KubernetesResource)
|
||||||
|
in.DeepCopyInto(out)
|
||||||
|
return out
|
||||||
|
}
|
||||||
|
|
||||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
||||||
func (in *PolicyException) DeepCopyInto(out *PolicyException) {
|
func (in *PolicyException) DeepCopyInto(out *PolicyException) {
|
||||||
*out = *in
|
*out = *in
|
||||||
|
|
|
@ -257,7 +257,7 @@ The chart values are organised per component.
|
||||||
| Key | Type | Default | Description |
|
| Key | Type | Default | Description |
|
||||||
|-----|------|---------|-------------|
|
|-----|------|---------|-------------|
|
||||||
| crds.install | bool | `true` | Whether to have Helm install the Kyverno CRDs, if the CRDs are not installed by Helm, they must be added before policies can be created |
|
| crds.install | bool | `true` | Whether to have Helm install the Kyverno CRDs, if the CRDs are not installed by Helm, they must be added before policies can be created |
|
||||||
| crds.groups.kyverno | object | `{"admissionreports":true,"backgroundscanreports":true,"cleanuppolicies":true,"clusteradmissionreports":true,"clusterbackgroundscanreports":true,"clustercleanuppolicies":true,"clusterpolicies":true,"policies":true,"policyexceptions":true,"updaterequests":true}` | Install CRDs in group `kyverno.io` |
|
| crds.groups.kyverno | object | `{"admissionreports":true,"backgroundscanreports":true,"cleanuppolicies":true,"clusteradmissionreports":true,"clusterbackgroundscanreports":true,"clustercleanuppolicies":true,"clusterpolicies":true,"globalcontextentries":true,"policies":true,"policyexceptions":true,"updaterequests":true}` | Install CRDs in group `kyverno.io` |
|
||||||
| crds.groups.reports | object | `{"clusterephemeralreports":true,"ephemeralreports":true}` | Install CRDs in group `reports.kyverno.io` |
|
| crds.groups.reports | object | `{"clusterephemeralreports":true,"ephemeralreports":true}` | Install CRDs in group `reports.kyverno.io` |
|
||||||
| crds.groups.wgpolicyk8s | object | `{"clusterpolicyreports":true,"policyreports":true}` | Install CRDs in group `wgpolicyk8s.io` |
|
| crds.groups.wgpolicyk8s | object | `{"clusterpolicyreports":true,"policyreports":true}` | Install CRDs in group `wgpolicyk8s.io` |
|
||||||
| crds.annotations | object | `{}` | Additional CRDs annotations |
|
| crds.annotations | object | `{}` | Additional CRDs annotations |
|
||||||
|
|
|
@ -6,7 +6,7 @@
|
||||||
|
|
||||||
| Key | Type | Default | Description |
|
| Key | Type | Default | Description |
|
||||||
|-----|------|---------|-------------|
|
|-----|------|---------|-------------|
|
||||||
| groups.kyverno | object | `{"admissionreports":true,"backgroundscanreports":true,"cleanuppolicies":true,"clusteradmissionreports":true,"clusterbackgroundscanreports":true,"clustercleanuppolicies":true,"clusterpolicies":true,"policies":true,"policyexceptions":true,"updaterequests":true}` | This field can be overwritten by setting crds.labels in the parent chart |
|
| groups.kyverno | object | `{"admissionreports":true,"backgroundscanreports":true,"cleanuppolicies":true,"clusteradmissionreports":true,"clusterbackgroundscanreports":true,"clustercleanuppolicies":true,"clusterpolicies":true,"globalcontextentries":true,"policies":true,"policyexceptions":true,"updaterequests":true}` | This field can be overwritten by setting crds.labels in the parent chart |
|
||||||
| groups.reports | object | `{"clusterephemeralreports":true,"ephemeralreports":true}` | This field can be overwritten by setting crds.labels in the parent chart |
|
| groups.reports | object | `{"clusterephemeralreports":true,"ephemeralreports":true}` | This field can be overwritten by setting crds.labels in the parent chart |
|
||||||
| groups.wgpolicyk8s | object | `{"clusterpolicyreports":true,"policyreports":true}` | This field can be overwritten by setting crds.labels in the parent chart |
|
| groups.wgpolicyk8s | object | `{"clusterpolicyreports":true,"policyreports":true}` | This field can be overwritten by setting crds.labels in the parent chart |
|
||||||
| annotations | object | `{}` | This field can be overwritten by setting crds.annotations in the parent chart |
|
| annotations | object | `{}` | This field can be overwritten by setting crds.annotations in the parent chart |
|
||||||
|
|
|
@ -0,0 +1,209 @@
|
||||||
|
{{- if .Values.groups.kyverno.globalcontextentries }}
|
||||||
|
---
|
||||||
|
apiVersion: apiextensions.k8s.io/v1
|
||||||
|
kind: CustomResourceDefinition
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
{{- include "kyverno.crds.labels" . | nindent 4 }}
|
||||||
|
annotations:
|
||||||
|
{{- with .Values.annotations }}
|
||||||
|
{{- toYaml . | nindent 4 }}
|
||||||
|
{{- end }}
|
||||||
|
controller-gen.kubebuilder.io/version: v0.12.0
|
||||||
|
name: globalcontextentries.kyverno.io
|
||||||
|
spec:
|
||||||
|
group: kyverno.io
|
||||||
|
names:
|
||||||
|
categories:
|
||||||
|
- kyverno
|
||||||
|
kind: GlobalContextEntry
|
||||||
|
listKind: GlobalContextEntryList
|
||||||
|
plural: globalcontextentries
|
||||||
|
shortNames:
|
||||||
|
- gctxentry
|
||||||
|
singular: globalcontextentry
|
||||||
|
scope: Cluster
|
||||||
|
versions:
|
||||||
|
- name: v2alpha1
|
||||||
|
schema:
|
||||||
|
openAPIV3Schema:
|
||||||
|
description: GlobalContextEntry declares resources to be cached.
|
||||||
|
properties:
|
||||||
|
apiVersion:
|
||||||
|
description: 'APIVersion defines the versioned schema of this representation
|
||||||
|
of an object. Servers should convert recognized schemas to the latest
|
||||||
|
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
||||||
|
type: string
|
||||||
|
kind:
|
||||||
|
description: 'Kind is a string value representing the REST resource this
|
||||||
|
object represents. Servers may infer this from the endpoint the client
|
||||||
|
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
||||||
|
type: string
|
||||||
|
metadata:
|
||||||
|
type: object
|
||||||
|
spec:
|
||||||
|
description: Spec declares policy exception behaviors.
|
||||||
|
properties:
|
||||||
|
apiCall:
|
||||||
|
description: APICall stores infos about API call that should be cached
|
||||||
|
properties:
|
||||||
|
data:
|
||||||
|
description: Data specifies the POST data sent to the server.
|
||||||
|
items:
|
||||||
|
description: RequestData contains the HTTP POST data
|
||||||
|
properties:
|
||||||
|
key:
|
||||||
|
description: Key is a unique identifier for the data value
|
||||||
|
type: string
|
||||||
|
value:
|
||||||
|
description: Value is the data value
|
||||||
|
x-kubernetes-preserve-unknown-fields: true
|
||||||
|
required:
|
||||||
|
- key
|
||||||
|
- value
|
||||||
|
type: object
|
||||||
|
type: array
|
||||||
|
jmesPath:
|
||||||
|
description: JMESPath is an optional JSON Match Expression that
|
||||||
|
can be used to transform the JSON response returned from the
|
||||||
|
server. For example a JMESPath of "items | length(@)" applied
|
||||||
|
to the API server response for the URLPath "/apis/apps/v1/deployments"
|
||||||
|
will return the total count of deployments across all namespaces.
|
||||||
|
type: string
|
||||||
|
method:
|
||||||
|
default: GET
|
||||||
|
description: Method is the HTTP request type (GET or POST).
|
||||||
|
enum:
|
||||||
|
- GET
|
||||||
|
- POST
|
||||||
|
type: string
|
||||||
|
refreshIntervalSeconds:
|
||||||
|
default: 0
|
||||||
|
description: RefreshIntervalSeconds defines the interval at which
|
||||||
|
to poll the APICall
|
||||||
|
format: int64
|
||||||
|
type: integer
|
||||||
|
service:
|
||||||
|
description: Service is an API call to a JSON web service
|
||||||
|
properties:
|
||||||
|
caBundle:
|
||||||
|
description: CABundle is a PEM encoded CA bundle which will
|
||||||
|
be used to validate the server certificate.
|
||||||
|
type: string
|
||||||
|
url:
|
||||||
|
description: URL is the JSON web service URL. A typical form
|
||||||
|
is `https://{service}.{namespace}:{port}/{path}`.
|
||||||
|
type: string
|
||||||
|
required:
|
||||||
|
- url
|
||||||
|
type: object
|
||||||
|
urlPath:
|
||||||
|
description: URLPath is the URL path to be used in the HTTP GET
|
||||||
|
or POST request to the Kubernetes API server (e.g. "/api/v1/namespaces"
|
||||||
|
or "/apis/apps/v1/deployments"). The format required is the
|
||||||
|
same format used by the `kubectl get --raw` command. See https://kyverno.io/docs/writing-policies/external-data-sources/#variables-from-kubernetes-api-server-calls
|
||||||
|
for details.
|
||||||
|
type: string
|
||||||
|
type: object
|
||||||
|
kubernetesResource:
|
||||||
|
description: KubernetesResource stores infos about kubernetes resource
|
||||||
|
that should be cached
|
||||||
|
properties:
|
||||||
|
group:
|
||||||
|
description: Group defines the group of the resource
|
||||||
|
type: string
|
||||||
|
namespace:
|
||||||
|
description: Namespace defines the namespace of the resource.
|
||||||
|
Leave empty for cluster scoped resources.
|
||||||
|
type: string
|
||||||
|
resource:
|
||||||
|
description: Resource defines the type of the resource
|
||||||
|
type: string
|
||||||
|
version:
|
||||||
|
description: Version defines the version of the resource
|
||||||
|
type: string
|
||||||
|
type: object
|
||||||
|
type: object
|
||||||
|
status:
|
||||||
|
description: Status contains globalcontextentry runtime data.
|
||||||
|
properties:
|
||||||
|
conditions:
|
||||||
|
items:
|
||||||
|
description: "Condition contains details for one aspect of the current
|
||||||
|
state of this API Resource. --- This struct is intended for direct
|
||||||
|
use as an array at the field path .status.conditions. For example,
|
||||||
|
\n type FooStatus struct{ // Represents the observations of a
|
||||||
|
foo's current state. // Known .status.conditions.type are: \"Available\",
|
||||||
|
\"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
|
||||||
|
// +listType=map // +listMapKey=type Conditions []metav1.Condition
|
||||||
|
`json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
|
||||||
|
protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
|
||||||
|
properties:
|
||||||
|
lastTransitionTime:
|
||||||
|
description: lastTransitionTime is the last time the condition
|
||||||
|
transitioned from one status to another. This should be when
|
||||||
|
the underlying condition changed. If that is not known, then
|
||||||
|
using the time when the API field changed is acceptable.
|
||||||
|
format: date-time
|
||||||
|
type: string
|
||||||
|
message:
|
||||||
|
description: message is a human readable message indicating
|
||||||
|
details about the transition. This may be an empty string.
|
||||||
|
maxLength: 32768
|
||||||
|
type: string
|
||||||
|
observedGeneration:
|
||||||
|
description: observedGeneration represents the .metadata.generation
|
||||||
|
that the condition was set based upon. For instance, if .metadata.generation
|
||||||
|
is currently 12, but the .status.conditions[x].observedGeneration
|
||||||
|
is 9, the condition is out of date with respect to the current
|
||||||
|
state of the instance.
|
||||||
|
format: int64
|
||||||
|
minimum: 0
|
||||||
|
type: integer
|
||||||
|
reason:
|
||||||
|
description: reason contains a programmatic identifier indicating
|
||||||
|
the reason for the condition's last transition. Producers
|
||||||
|
of specific condition types may define expected values and
|
||||||
|
meanings for this field, and whether the values are considered
|
||||||
|
a guaranteed API. The value should be a CamelCase string.
|
||||||
|
This field may not be empty.
|
||||||
|
maxLength: 1024
|
||||||
|
minLength: 1
|
||||||
|
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
|
||||||
|
type: string
|
||||||
|
status:
|
||||||
|
description: status of the condition, one of True, False, Unknown.
|
||||||
|
enum:
|
||||||
|
- "True"
|
||||||
|
- "False"
|
||||||
|
- Unknown
|
||||||
|
type: string
|
||||||
|
type:
|
||||||
|
description: type of condition in CamelCase or in foo.example.com/CamelCase.
|
||||||
|
--- Many .condition.type values are consistent across resources
|
||||||
|
like Available, but because arbitrary conditions can be useful
|
||||||
|
(see .node.status.conditions), the ability to deconflict is
|
||||||
|
important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
|
||||||
|
maxLength: 316
|
||||||
|
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
|
||||||
|
type: string
|
||||||
|
required:
|
||||||
|
- lastTransitionTime
|
||||||
|
- message
|
||||||
|
- reason
|
||||||
|
- status
|
||||||
|
- type
|
||||||
|
type: object
|
||||||
|
type: array
|
||||||
|
ready:
|
||||||
|
description: Deprecated in favor of Conditions
|
||||||
|
type: boolean
|
||||||
|
required:
|
||||||
|
- ready
|
||||||
|
type: object
|
||||||
|
required:
|
||||||
|
- spec
|
||||||
|
type: object
|
||||||
|
served: true
|
||||||
|
storage: true
|
||||||
|
{{- end }}
|
|
@ -17,6 +17,7 @@ groups:
|
||||||
clusterbackgroundscanreports: true
|
clusterbackgroundscanreports: true
|
||||||
clustercleanuppolicies: true
|
clustercleanuppolicies: true
|
||||||
clusterpolicies: true
|
clusterpolicies: true
|
||||||
|
globalcontextentries: true
|
||||||
policies: true
|
policies: true
|
||||||
policyexceptions: true
|
policyexceptions: true
|
||||||
updaterequests: true
|
updaterequests: true
|
||||||
|
|
|
@ -73,6 +73,7 @@ crds:
|
||||||
clusterbackgroundscanreports: true
|
clusterbackgroundscanreports: true
|
||||||
clustercleanuppolicies: true
|
clustercleanuppolicies: true
|
||||||
clusterpolicies: true
|
clusterpolicies: true
|
||||||
|
globalcontextentries: true
|
||||||
policies: true
|
policies: true
|
||||||
policyexceptions: true
|
policyexceptions: true
|
||||||
updaterequests: true
|
updaterequests: true
|
||||||
|
|
|
@ -28141,6 +28141,215 @@ spec:
|
||||||
---
|
---
|
||||||
apiVersion: apiextensions.k8s.io/v1
|
apiVersion: apiextensions.k8s.io/v1
|
||||||
kind: CustomResourceDefinition
|
kind: CustomResourceDefinition
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
app.kubernetes.io/component: crds
|
||||||
|
app.kubernetes.io/instance: kyverno
|
||||||
|
app.kubernetes.io/managed-by: Helm
|
||||||
|
app.kubernetes.io/part-of: kyverno-crds
|
||||||
|
app.kubernetes.io/version: v0.0.0
|
||||||
|
helm.sh/chart: crds-v0.0.0
|
||||||
|
annotations:
|
||||||
|
controller-gen.kubebuilder.io/version: v0.12.0
|
||||||
|
name: globalcontextentries.kyverno.io
|
||||||
|
spec:
|
||||||
|
group: kyverno.io
|
||||||
|
names:
|
||||||
|
categories:
|
||||||
|
- kyverno
|
||||||
|
kind: GlobalContextEntry
|
||||||
|
listKind: GlobalContextEntryList
|
||||||
|
plural: globalcontextentries
|
||||||
|
shortNames:
|
||||||
|
- gctxentry
|
||||||
|
singular: globalcontextentry
|
||||||
|
scope: Cluster
|
||||||
|
versions:
|
||||||
|
- name: v2alpha1
|
||||||
|
schema:
|
||||||
|
openAPIV3Schema:
|
||||||
|
description: GlobalContextEntry declares resources to be cached.
|
||||||
|
properties:
|
||||||
|
apiVersion:
|
||||||
|
description: 'APIVersion defines the versioned schema of this representation
|
||||||
|
of an object. Servers should convert recognized schemas to the latest
|
||||||
|
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
||||||
|
type: string
|
||||||
|
kind:
|
||||||
|
description: 'Kind is a string value representing the REST resource this
|
||||||
|
object represents. Servers may infer this from the endpoint the client
|
||||||
|
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
||||||
|
type: string
|
||||||
|
metadata:
|
||||||
|
type: object
|
||||||
|
spec:
|
||||||
|
description: Spec declares policy exception behaviors.
|
||||||
|
properties:
|
||||||
|
apiCall:
|
||||||
|
description: APICall stores infos about API call that should be cached
|
||||||
|
properties:
|
||||||
|
data:
|
||||||
|
description: Data specifies the POST data sent to the server.
|
||||||
|
items:
|
||||||
|
description: RequestData contains the HTTP POST data
|
||||||
|
properties:
|
||||||
|
key:
|
||||||
|
description: Key is a unique identifier for the data value
|
||||||
|
type: string
|
||||||
|
value:
|
||||||
|
description: Value is the data value
|
||||||
|
x-kubernetes-preserve-unknown-fields: true
|
||||||
|
required:
|
||||||
|
- key
|
||||||
|
- value
|
||||||
|
type: object
|
||||||
|
type: array
|
||||||
|
jmesPath:
|
||||||
|
description: JMESPath is an optional JSON Match Expression that
|
||||||
|
can be used to transform the JSON response returned from the
|
||||||
|
server. For example a JMESPath of "items | length(@)" applied
|
||||||
|
to the API server response for the URLPath "/apis/apps/v1/deployments"
|
||||||
|
will return the total count of deployments across all namespaces.
|
||||||
|
type: string
|
||||||
|
method:
|
||||||
|
default: GET
|
||||||
|
description: Method is the HTTP request type (GET or POST).
|
||||||
|
enum:
|
||||||
|
- GET
|
||||||
|
- POST
|
||||||
|
type: string
|
||||||
|
refreshIntervalSeconds:
|
||||||
|
default: 0
|
||||||
|
description: RefreshIntervalSeconds defines the interval at which
|
||||||
|
to poll the APICall
|
||||||
|
format: int64
|
||||||
|
type: integer
|
||||||
|
service:
|
||||||
|
description: Service is an API call to a JSON web service
|
||||||
|
properties:
|
||||||
|
caBundle:
|
||||||
|
description: CABundle is a PEM encoded CA bundle which will
|
||||||
|
be used to validate the server certificate.
|
||||||
|
type: string
|
||||||
|
url:
|
||||||
|
description: URL is the JSON web service URL. A typical form
|
||||||
|
is `https://{service}.{namespace}:{port}/{path}`.
|
||||||
|
type: string
|
||||||
|
required:
|
||||||
|
- url
|
||||||
|
type: object
|
||||||
|
urlPath:
|
||||||
|
description: URLPath is the URL path to be used in the HTTP GET
|
||||||
|
or POST request to the Kubernetes API server (e.g. "/api/v1/namespaces"
|
||||||
|
or "/apis/apps/v1/deployments"). The format required is the
|
||||||
|
same format used by the `kubectl get --raw` command. See https://kyverno.io/docs/writing-policies/external-data-sources/#variables-from-kubernetes-api-server-calls
|
||||||
|
for details.
|
||||||
|
type: string
|
||||||
|
type: object
|
||||||
|
kubernetesResource:
|
||||||
|
description: KubernetesResource stores infos about kubernetes resource
|
||||||
|
that should be cached
|
||||||
|
properties:
|
||||||
|
group:
|
||||||
|
description: Group defines the group of the resource
|
||||||
|
type: string
|
||||||
|
namespace:
|
||||||
|
description: Namespace defines the namespace of the resource.
|
||||||
|
Leave empty for cluster scoped resources.
|
||||||
|
type: string
|
||||||
|
resource:
|
||||||
|
description: Resource defines the type of the resource
|
||||||
|
type: string
|
||||||
|
version:
|
||||||
|
description: Version defines the version of the resource
|
||||||
|
type: string
|
||||||
|
type: object
|
||||||
|
type: object
|
||||||
|
status:
|
||||||
|
description: Status contains globalcontextentry runtime data.
|
||||||
|
properties:
|
||||||
|
conditions:
|
||||||
|
items:
|
||||||
|
description: "Condition contains details for one aspect of the current
|
||||||
|
state of this API Resource. --- This struct is intended for direct
|
||||||
|
use as an array at the field path .status.conditions. For example,
|
||||||
|
\n type FooStatus struct{ // Represents the observations of a
|
||||||
|
foo's current state. // Known .status.conditions.type are: \"Available\",
|
||||||
|
\"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
|
||||||
|
// +listType=map // +listMapKey=type Conditions []metav1.Condition
|
||||||
|
`json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
|
||||||
|
protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
|
||||||
|
properties:
|
||||||
|
lastTransitionTime:
|
||||||
|
description: lastTransitionTime is the last time the condition
|
||||||
|
transitioned from one status to another. This should be when
|
||||||
|
the underlying condition changed. If that is not known, then
|
||||||
|
using the time when the API field changed is acceptable.
|
||||||
|
format: date-time
|
||||||
|
type: string
|
||||||
|
message:
|
||||||
|
description: message is a human readable message indicating
|
||||||
|
details about the transition. This may be an empty string.
|
||||||
|
maxLength: 32768
|
||||||
|
type: string
|
||||||
|
observedGeneration:
|
||||||
|
description: observedGeneration represents the .metadata.generation
|
||||||
|
that the condition was set based upon. For instance, if .metadata.generation
|
||||||
|
is currently 12, but the .status.conditions[x].observedGeneration
|
||||||
|
is 9, the condition is out of date with respect to the current
|
||||||
|
state of the instance.
|
||||||
|
format: int64
|
||||||
|
minimum: 0
|
||||||
|
type: integer
|
||||||
|
reason:
|
||||||
|
description: reason contains a programmatic identifier indicating
|
||||||
|
the reason for the condition's last transition. Producers
|
||||||
|
of specific condition types may define expected values and
|
||||||
|
meanings for this field, and whether the values are considered
|
||||||
|
a guaranteed API. The value should be a CamelCase string.
|
||||||
|
This field may not be empty.
|
||||||
|
maxLength: 1024
|
||||||
|
minLength: 1
|
||||||
|
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
|
||||||
|
type: string
|
||||||
|
status:
|
||||||
|
description: status of the condition, one of True, False, Unknown.
|
||||||
|
enum:
|
||||||
|
- "True"
|
||||||
|
- "False"
|
||||||
|
- Unknown
|
||||||
|
type: string
|
||||||
|
type:
|
||||||
|
description: type of condition in CamelCase or in foo.example.com/CamelCase.
|
||||||
|
--- Many .condition.type values are consistent across resources
|
||||||
|
like Available, but because arbitrary conditions can be useful
|
||||||
|
(see .node.status.conditions), the ability to deconflict is
|
||||||
|
important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
|
||||||
|
maxLength: 316
|
||||||
|
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
|
||||||
|
type: string
|
||||||
|
required:
|
||||||
|
- lastTransitionTime
|
||||||
|
- message
|
||||||
|
- reason
|
||||||
|
- status
|
||||||
|
- type
|
||||||
|
type: object
|
||||||
|
type: array
|
||||||
|
ready:
|
||||||
|
description: Deprecated in favor of Conditions
|
||||||
|
type: boolean
|
||||||
|
required:
|
||||||
|
- ready
|
||||||
|
type: object
|
||||||
|
required:
|
||||||
|
- spec
|
||||||
|
type: object
|
||||||
|
served: true
|
||||||
|
storage: true
|
||||||
|
---
|
||||||
|
apiVersion: apiextensions.k8s.io/v1
|
||||||
|
kind: CustomResourceDefinition
|
||||||
metadata:
|
metadata:
|
||||||
labels:
|
labels:
|
||||||
app.kubernetes.io/component: crds
|
app.kubernetes.io/component: crds
|
||||||
|
|
|
@ -611,7 +611,7 @@ PolicyStatus
|
||||||
<p>
|
<p>
|
||||||
(<em>Appears on:</em>
|
(<em>Appears on:</em>
|
||||||
<a href="#kyverno.io/v1.ContextEntry">ContextEntry</a>,
|
<a href="#kyverno.io/v1.ContextEntry">ContextEntry</a>,
|
||||||
<a href="#kyverno.io/v1.ExternalAPICall">ExternalAPICall</a>)
|
<a href="#kyverno.io/v2alpha1.ExternalAPICall">ExternalAPICall</a>)
|
||||||
</p>
|
</p>
|
||||||
<p>
|
<p>
|
||||||
</p>
|
</p>
|
||||||
|
@ -1571,52 +1571,6 @@ string
|
||||||
</tbody>
|
</tbody>
|
||||||
</table>
|
</table>
|
||||||
<hr />
|
<hr />
|
||||||
<h3 id="kyverno.io/v1.ExternalAPICall">ExternalAPICall
|
|
||||||
</h3>
|
|
||||||
<p>
|
|
||||||
(<em>Appears on:</em>
|
|
||||||
<a href="#kyverno.io/v2alpha1.GlobalContextEntrySpec">GlobalContextEntrySpec</a>)
|
|
||||||
</p>
|
|
||||||
<p>
|
|
||||||
<p>ExternalAPICall stores infos about API call that should be cached</p>
|
|
||||||
</p>
|
|
||||||
<table class="table table-striped">
|
|
||||||
<thead class="thead-dark">
|
|
||||||
<tr>
|
|
||||||
<th>Field</th>
|
|
||||||
<th>Description</th>
|
|
||||||
</tr>
|
|
||||||
</thead>
|
|
||||||
<tbody>
|
|
||||||
<tr>
|
|
||||||
<td>
|
|
||||||
<code>APICall</code><br/>
|
|
||||||
<em>
|
|
||||||
<a href="#kyverno.io/v1.APICall">
|
|
||||||
APICall
|
|
||||||
</a>
|
|
||||||
</em>
|
|
||||||
</td>
|
|
||||||
<td>
|
|
||||||
<p>
|
|
||||||
(Members of <code>APICall</code> are embedded into this type.)
|
|
||||||
</p>
|
|
||||||
</td>
|
|
||||||
</tr>
|
|
||||||
<tr>
|
|
||||||
<td>
|
|
||||||
<code>refreshIntervalSeconds</code><br/>
|
|
||||||
<em>
|
|
||||||
int64
|
|
||||||
</em>
|
|
||||||
</td>
|
|
||||||
<td>
|
|
||||||
<p>RefreshIntervalSeconds defines the interval at which to poll the APICall</p>
|
|
||||||
</td>
|
|
||||||
</tr>
|
|
||||||
</tbody>
|
|
||||||
</table>
|
|
||||||
<hr />
|
|
||||||
<h3 id="kyverno.io/v1.FailurePolicyType">FailurePolicyType
|
<h3 id="kyverno.io/v1.FailurePolicyType">FailurePolicyType
|
||||||
(<code>string</code> alias)</p></h3>
|
(<code>string</code> alias)</p></h3>
|
||||||
<p>
|
<p>
|
||||||
|
@ -2605,70 +2559,6 @@ map[string]string
|
||||||
</tbody>
|
</tbody>
|
||||||
</table>
|
</table>
|
||||||
<hr />
|
<hr />
|
||||||
<h3 id="kyverno.io/v1.KubernetesResource">KubernetesResource
|
|
||||||
</h3>
|
|
||||||
<p>
|
|
||||||
(<em>Appears on:</em>
|
|
||||||
<a href="#kyverno.io/v2alpha1.GlobalContextEntrySpec">GlobalContextEntrySpec</a>)
|
|
||||||
</p>
|
|
||||||
<p>
|
|
||||||
<p>KubernetesResource stores infos about kubernetes resource that should be cached</p>
|
|
||||||
</p>
|
|
||||||
<table class="table table-striped">
|
|
||||||
<thead class="thead-dark">
|
|
||||||
<tr>
|
|
||||||
<th>Field</th>
|
|
||||||
<th>Description</th>
|
|
||||||
</tr>
|
|
||||||
</thead>
|
|
||||||
<tbody>
|
|
||||||
<tr>
|
|
||||||
<td>
|
|
||||||
<code>group</code><br/>
|
|
||||||
<em>
|
|
||||||
string
|
|
||||||
</em>
|
|
||||||
</td>
|
|
||||||
<td>
|
|
||||||
<p>Group defines the group of the resource</p>
|
|
||||||
</td>
|
|
||||||
</tr>
|
|
||||||
<tr>
|
|
||||||
<td>
|
|
||||||
<code>version</code><br/>
|
|
||||||
<em>
|
|
||||||
string
|
|
||||||
</em>
|
|
||||||
</td>
|
|
||||||
<td>
|
|
||||||
<p>Version defines the version of the resource</p>
|
|
||||||
</td>
|
|
||||||
</tr>
|
|
||||||
<tr>
|
|
||||||
<td>
|
|
||||||
<code>resource</code><br/>
|
|
||||||
<em>
|
|
||||||
string
|
|
||||||
</em>
|
|
||||||
</td>
|
|
||||||
<td>
|
|
||||||
<p>Resource defines the type of the resource</p>
|
|
||||||
</td>
|
|
||||||
</tr>
|
|
||||||
<tr>
|
|
||||||
<td>
|
|
||||||
<code>namespace</code><br/>
|
|
||||||
<em>
|
|
||||||
string
|
|
||||||
</em>
|
|
||||||
</td>
|
|
||||||
<td>
|
|
||||||
<p>Namespace defines the namespace of the resource. Leave empty for cluster scoped resources.</p>
|
|
||||||
</td>
|
|
||||||
</tr>
|
|
||||||
</tbody>
|
|
||||||
</table>
|
|
||||||
<hr />
|
|
||||||
<h3 id="kyverno.io/v1.Manifests">Manifests
|
<h3 id="kyverno.io/v1.Manifests">Manifests
|
||||||
</h3>
|
</h3>
|
||||||
<p>
|
<p>
|
||||||
|
@ -7907,7 +7797,7 @@ GlobalContextEntrySpec
|
||||||
<td>
|
<td>
|
||||||
<code>kubernetesResource</code><br/>
|
<code>kubernetesResource</code><br/>
|
||||||
<em>
|
<em>
|
||||||
<a href="#kyverno.io/v1.KubernetesResource">
|
<a href="#kyverno.io/v2alpha1.KubernetesResource">
|
||||||
KubernetesResource
|
KubernetesResource
|
||||||
</a>
|
</a>
|
||||||
</em>
|
</em>
|
||||||
|
@ -7920,7 +7810,7 @@ KubernetesResource
|
||||||
<td>
|
<td>
|
||||||
<code>apiCall</code><br/>
|
<code>apiCall</code><br/>
|
||||||
<em>
|
<em>
|
||||||
<a href="#kyverno.io/v1.ExternalAPICall">
|
<a href="#kyverno.io/v2alpha1.ExternalAPICall">
|
||||||
ExternalAPICall
|
ExternalAPICall
|
||||||
</a>
|
</a>
|
||||||
</em>
|
</em>
|
||||||
|
@ -8087,6 +7977,52 @@ Applicable only to policies that have validate.podSecurity subrule.</p>
|
||||||
<p>
|
<p>
|
||||||
<p>CleanupPolicyInterface abstracts the concrete policy type (CleanupPolicy vs ClusterCleanupPolicy)</p>
|
<p>CleanupPolicyInterface abstracts the concrete policy type (CleanupPolicy vs ClusterCleanupPolicy)</p>
|
||||||
</p>
|
</p>
|
||||||
|
<h3 id="kyverno.io/v2alpha1.ExternalAPICall">ExternalAPICall
|
||||||
|
</h3>
|
||||||
|
<p>
|
||||||
|
(<em>Appears on:</em>
|
||||||
|
<a href="#kyverno.io/v2alpha1.GlobalContextEntrySpec">GlobalContextEntrySpec</a>)
|
||||||
|
</p>
|
||||||
|
<p>
|
||||||
|
<p>ExternalAPICall stores infos about API call that should be cached</p>
|
||||||
|
</p>
|
||||||
|
<table class="table table-striped">
|
||||||
|
<thead class="thead-dark">
|
||||||
|
<tr>
|
||||||
|
<th>Field</th>
|
||||||
|
<th>Description</th>
|
||||||
|
</tr>
|
||||||
|
</thead>
|
||||||
|
<tbody>
|
||||||
|
<tr>
|
||||||
|
<td>
|
||||||
|
<code>APICall</code><br/>
|
||||||
|
<em>
|
||||||
|
<a href="#kyverno.io/v1.APICall">
|
||||||
|
APICall
|
||||||
|
</a>
|
||||||
|
</em>
|
||||||
|
</td>
|
||||||
|
<td>
|
||||||
|
<p>
|
||||||
|
(Members of <code>APICall</code> are embedded into this type.)
|
||||||
|
</p>
|
||||||
|
</td>
|
||||||
|
</tr>
|
||||||
|
<tr>
|
||||||
|
<td>
|
||||||
|
<code>refreshIntervalSeconds</code><br/>
|
||||||
|
<em>
|
||||||
|
int64
|
||||||
|
</em>
|
||||||
|
</td>
|
||||||
|
<td>
|
||||||
|
<p>RefreshIntervalSeconds defines the interval at which to poll the APICall</p>
|
||||||
|
</td>
|
||||||
|
</tr>
|
||||||
|
</tbody>
|
||||||
|
</table>
|
||||||
|
<hr />
|
||||||
<h3 id="kyverno.io/v2alpha1.GlobalContextEntrySpec">GlobalContextEntrySpec
|
<h3 id="kyverno.io/v2alpha1.GlobalContextEntrySpec">GlobalContextEntrySpec
|
||||||
</h3>
|
</h3>
|
||||||
<p>
|
<p>
|
||||||
|
@ -8108,7 +8044,7 @@ Applicable only to policies that have validate.podSecurity subrule.</p>
|
||||||
<td>
|
<td>
|
||||||
<code>kubernetesResource</code><br/>
|
<code>kubernetesResource</code><br/>
|
||||||
<em>
|
<em>
|
||||||
<a href="#kyverno.io/v1.KubernetesResource">
|
<a href="#kyverno.io/v2alpha1.KubernetesResource">
|
||||||
KubernetesResource
|
KubernetesResource
|
||||||
</a>
|
</a>
|
||||||
</em>
|
</em>
|
||||||
|
@ -8121,7 +8057,7 @@ KubernetesResource
|
||||||
<td>
|
<td>
|
||||||
<code>apiCall</code><br/>
|
<code>apiCall</code><br/>
|
||||||
<em>
|
<em>
|
||||||
<a href="#kyverno.io/v1.ExternalAPICall">
|
<a href="#kyverno.io/v2alpha1.ExternalAPICall">
|
||||||
ExternalAPICall
|
ExternalAPICall
|
||||||
</a>
|
</a>
|
||||||
</em>
|
</em>
|
||||||
|
@ -8176,6 +8112,70 @@ bool
|
||||||
</tbody>
|
</tbody>
|
||||||
</table>
|
</table>
|
||||||
<hr />
|
<hr />
|
||||||
|
<h3 id="kyverno.io/v2alpha1.KubernetesResource">KubernetesResource
|
||||||
|
</h3>
|
||||||
|
<p>
|
||||||
|
(<em>Appears on:</em>
|
||||||
|
<a href="#kyverno.io/v2alpha1.GlobalContextEntrySpec">GlobalContextEntrySpec</a>)
|
||||||
|
</p>
|
||||||
|
<p>
|
||||||
|
<p>KubernetesResource stores infos about kubernetes resource that should be cached</p>
|
||||||
|
</p>
|
||||||
|
<table class="table table-striped">
|
||||||
|
<thead class="thead-dark">
|
||||||
|
<tr>
|
||||||
|
<th>Field</th>
|
||||||
|
<th>Description</th>
|
||||||
|
</tr>
|
||||||
|
</thead>
|
||||||
|
<tbody>
|
||||||
|
<tr>
|
||||||
|
<td>
|
||||||
|
<code>group</code><br/>
|
||||||
|
<em>
|
||||||
|
string
|
||||||
|
</em>
|
||||||
|
</td>
|
||||||
|
<td>
|
||||||
|
<p>Group defines the group of the resource</p>
|
||||||
|
</td>
|
||||||
|
</tr>
|
||||||
|
<tr>
|
||||||
|
<td>
|
||||||
|
<code>version</code><br/>
|
||||||
|
<em>
|
||||||
|
string
|
||||||
|
</em>
|
||||||
|
</td>
|
||||||
|
<td>
|
||||||
|
<p>Version defines the version of the resource</p>
|
||||||
|
</td>
|
||||||
|
</tr>
|
||||||
|
<tr>
|
||||||
|
<td>
|
||||||
|
<code>resource</code><br/>
|
||||||
|
<em>
|
||||||
|
string
|
||||||
|
</em>
|
||||||
|
</td>
|
||||||
|
<td>
|
||||||
|
<p>Resource defines the type of the resource</p>
|
||||||
|
</td>
|
||||||
|
</tr>
|
||||||
|
<tr>
|
||||||
|
<td>
|
||||||
|
<code>namespace</code><br/>
|
||||||
|
<em>
|
||||||
|
string
|
||||||
|
</em>
|
||||||
|
</td>
|
||||||
|
<td>
|
||||||
|
<p>Namespace defines the namespace of the resource. Leave empty for cluster scoped resources.</p>
|
||||||
|
</td>
|
||||||
|
</tr>
|
||||||
|
</tbody>
|
||||||
|
</table>
|
||||||
|
<hr />
|
||||||
<h2 id="kyverno.io/v2beta1">kyverno.io/v2beta1</h2>
|
<h2 id="kyverno.io/v2beta1">kyverno.io/v2beta1</h2>
|
||||||
Resource Types:
|
Resource Types:
|
||||||
<ul><li>
|
<ul><li>
|
||||||
|
|
|
@ -16,17 +16,18 @@ limitations under the License.
|
||||||
|
|
||||||
// Code generated by applyconfiguration-gen. DO NOT EDIT.
|
// Code generated by applyconfiguration-gen. DO NOT EDIT.
|
||||||
|
|
||||||
package v1
|
package v2alpha1
|
||||||
|
|
||||||
import (
|
import (
|
||||||
kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
|
kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
|
||||||
|
v1 "github.com/kyverno/kyverno/pkg/client/applyconfigurations/kyverno/v1"
|
||||||
)
|
)
|
||||||
|
|
||||||
// ExternalAPICallApplyConfiguration represents an declarative configuration of the ExternalAPICall type for use
|
// ExternalAPICallApplyConfiguration represents an declarative configuration of the ExternalAPICall type for use
|
||||||
// with apply.
|
// with apply.
|
||||||
type ExternalAPICallApplyConfiguration struct {
|
type ExternalAPICallApplyConfiguration struct {
|
||||||
APICallApplyConfiguration `json:",omitempty,inline"`
|
v1.APICallApplyConfiguration `json:",omitempty,inline"`
|
||||||
RefreshIntervalSeconds *int64 `json:"refreshIntervalSeconds,omitempty"`
|
RefreshIntervalSeconds *int64 `json:"refreshIntervalSeconds,omitempty"`
|
||||||
}
|
}
|
||||||
|
|
||||||
// ExternalAPICallApplyConfiguration constructs an declarative configuration of the ExternalAPICall type for use with
|
// ExternalAPICallApplyConfiguration constructs an declarative configuration of the ExternalAPICall type for use with
|
||||||
|
@ -54,7 +55,7 @@ func (b *ExternalAPICallApplyConfiguration) WithMethod(value kyvernov1.Method) *
|
||||||
// WithData adds the given value to the Data field in the declarative configuration
|
// WithData adds the given value to the Data field in the declarative configuration
|
||||||
// and returns the receiver, so that objects can be build by chaining "With" function invocations.
|
// and returns the receiver, so that objects can be build by chaining "With" function invocations.
|
||||||
// If called multiple times, values provided by each call will be appended to the Data field.
|
// If called multiple times, values provided by each call will be appended to the Data field.
|
||||||
func (b *ExternalAPICallApplyConfiguration) WithData(values ...*RequestDataApplyConfiguration) *ExternalAPICallApplyConfiguration {
|
func (b *ExternalAPICallApplyConfiguration) WithData(values ...*v1.RequestDataApplyConfiguration) *ExternalAPICallApplyConfiguration {
|
||||||
for i := range values {
|
for i := range values {
|
||||||
if values[i] == nil {
|
if values[i] == nil {
|
||||||
panic("nil value passed to WithData")
|
panic("nil value passed to WithData")
|
||||||
|
@ -67,7 +68,7 @@ func (b *ExternalAPICallApplyConfiguration) WithData(values ...*RequestDataApply
|
||||||
// WithService sets the Service field in the declarative configuration to the given value
|
// WithService sets the Service field in the declarative configuration to the given value
|
||||||
// and returns the receiver, so that objects can be built by chaining "With" function invocations.
|
// and returns the receiver, so that objects can be built by chaining "With" function invocations.
|
||||||
// If called multiple times, the Service field is set to the value of the last call.
|
// If called multiple times, the Service field is set to the value of the last call.
|
||||||
func (b *ExternalAPICallApplyConfiguration) WithService(value *ServiceCallApplyConfiguration) *ExternalAPICallApplyConfiguration {
|
func (b *ExternalAPICallApplyConfiguration) WithService(value *v1.ServiceCallApplyConfiguration) *ExternalAPICallApplyConfiguration {
|
||||||
b.Service = value
|
b.Service = value
|
||||||
return b
|
return b
|
||||||
}
|
}
|
|
@ -18,15 +18,11 @@ limitations under the License.
|
||||||
|
|
||||||
package v2alpha1
|
package v2alpha1
|
||||||
|
|
||||||
import (
|
|
||||||
v1 "github.com/kyverno/kyverno/pkg/client/applyconfigurations/kyverno/v1"
|
|
||||||
)
|
|
||||||
|
|
||||||
// GlobalContextEntrySpecApplyConfiguration represents an declarative configuration of the GlobalContextEntrySpec type for use
|
// GlobalContextEntrySpecApplyConfiguration represents an declarative configuration of the GlobalContextEntrySpec type for use
|
||||||
// with apply.
|
// with apply.
|
||||||
type GlobalContextEntrySpecApplyConfiguration struct {
|
type GlobalContextEntrySpecApplyConfiguration struct {
|
||||||
KubernetesResource *v1.KubernetesResourceApplyConfiguration `json:"kubernetesResource,omitempty"`
|
KubernetesResource *KubernetesResourceApplyConfiguration `json:"kubernetesResource,omitempty"`
|
||||||
APICall *v1.ExternalAPICallApplyConfiguration `json:"apiCall,omitempty"`
|
APICall *ExternalAPICallApplyConfiguration `json:"apiCall,omitempty"`
|
||||||
}
|
}
|
||||||
|
|
||||||
// GlobalContextEntrySpecApplyConfiguration constructs an declarative configuration of the GlobalContextEntrySpec type for use with
|
// GlobalContextEntrySpecApplyConfiguration constructs an declarative configuration of the GlobalContextEntrySpec type for use with
|
||||||
|
@ -38,7 +34,7 @@ func GlobalContextEntrySpec() *GlobalContextEntrySpecApplyConfiguration {
|
||||||
// WithKubernetesResource sets the KubernetesResource field in the declarative configuration to the given value
|
// WithKubernetesResource sets the KubernetesResource field in the declarative configuration to the given value
|
||||||
// and returns the receiver, so that objects can be built by chaining "With" function invocations.
|
// and returns the receiver, so that objects can be built by chaining "With" function invocations.
|
||||||
// If called multiple times, the KubernetesResource field is set to the value of the last call.
|
// If called multiple times, the KubernetesResource field is set to the value of the last call.
|
||||||
func (b *GlobalContextEntrySpecApplyConfiguration) WithKubernetesResource(value *v1.KubernetesResourceApplyConfiguration) *GlobalContextEntrySpecApplyConfiguration {
|
func (b *GlobalContextEntrySpecApplyConfiguration) WithKubernetesResource(value *KubernetesResourceApplyConfiguration) *GlobalContextEntrySpecApplyConfiguration {
|
||||||
b.KubernetesResource = value
|
b.KubernetesResource = value
|
||||||
return b
|
return b
|
||||||
}
|
}
|
||||||
|
@ -46,7 +42,7 @@ func (b *GlobalContextEntrySpecApplyConfiguration) WithKubernetesResource(value
|
||||||
// WithAPICall sets the APICall field in the declarative configuration to the given value
|
// WithAPICall sets the APICall field in the declarative configuration to the given value
|
||||||
// and returns the receiver, so that objects can be built by chaining "With" function invocations.
|
// and returns the receiver, so that objects can be built by chaining "With" function invocations.
|
||||||
// If called multiple times, the APICall field is set to the value of the last call.
|
// If called multiple times, the APICall field is set to the value of the last call.
|
||||||
func (b *GlobalContextEntrySpecApplyConfiguration) WithAPICall(value *v1.ExternalAPICallApplyConfiguration) *GlobalContextEntrySpecApplyConfiguration {
|
func (b *GlobalContextEntrySpecApplyConfiguration) WithAPICall(value *ExternalAPICallApplyConfiguration) *GlobalContextEntrySpecApplyConfiguration {
|
||||||
b.APICall = value
|
b.APICall = value
|
||||||
return b
|
return b
|
||||||
}
|
}
|
||||||
|
|
|
@ -16,7 +16,7 @@ limitations under the License.
|
||||||
|
|
||||||
// Code generated by applyconfiguration-gen. DO NOT EDIT.
|
// Code generated by applyconfiguration-gen. DO NOT EDIT.
|
||||||
|
|
||||||
package v1
|
package v2alpha1
|
||||||
|
|
||||||
// KubernetesResourceApplyConfiguration represents an declarative configuration of the KubernetesResource type for use
|
// KubernetesResourceApplyConfiguration represents an declarative configuration of the KubernetesResource type for use
|
||||||
// with apply.
|
// with apply.
|
|
@ -77,8 +77,6 @@ func ForKind(kind schema.GroupVersionKind) interface{} {
|
||||||
return &kyvernov1.DenyApplyConfiguration{}
|
return &kyvernov1.DenyApplyConfiguration{}
|
||||||
case v1.SchemeGroupVersion.WithKind("DryRunOption"):
|
case v1.SchemeGroupVersion.WithKind("DryRunOption"):
|
||||||
return &kyvernov1.DryRunOptionApplyConfiguration{}
|
return &kyvernov1.DryRunOptionApplyConfiguration{}
|
||||||
case v1.SchemeGroupVersion.WithKind("ExternalAPICall"):
|
|
||||||
return &kyvernov1.ExternalAPICallApplyConfiguration{}
|
|
||||||
case v1.SchemeGroupVersion.WithKind("ForEachMutation"):
|
case v1.SchemeGroupVersion.WithKind("ForEachMutation"):
|
||||||
return &kyvernov1.ForEachMutationApplyConfiguration{}
|
return &kyvernov1.ForEachMutationApplyConfiguration{}
|
||||||
case v1.SchemeGroupVersion.WithKind("ForEachValidation"):
|
case v1.SchemeGroupVersion.WithKind("ForEachValidation"):
|
||||||
|
@ -95,8 +93,6 @@ func ForKind(kind schema.GroupVersionKind) interface{} {
|
||||||
return &kyvernov1.ImageVerificationApplyConfiguration{}
|
return &kyvernov1.ImageVerificationApplyConfiguration{}
|
||||||
case v1.SchemeGroupVersion.WithKind("KeylessAttestor"):
|
case v1.SchemeGroupVersion.WithKind("KeylessAttestor"):
|
||||||
return &kyvernov1.KeylessAttestorApplyConfiguration{}
|
return &kyvernov1.KeylessAttestorApplyConfiguration{}
|
||||||
case v1.SchemeGroupVersion.WithKind("KubernetesResource"):
|
|
||||||
return &kyvernov1.KubernetesResourceApplyConfiguration{}
|
|
||||||
case v1.SchemeGroupVersion.WithKind("Manifests"):
|
case v1.SchemeGroupVersion.WithKind("Manifests"):
|
||||||
return &kyvernov1.ManifestsApplyConfiguration{}
|
return &kyvernov1.ManifestsApplyConfiguration{}
|
||||||
case v1.SchemeGroupVersion.WithKind("MatchResources"):
|
case v1.SchemeGroupVersion.WithKind("MatchResources"):
|
||||||
|
@ -225,12 +221,16 @@ func ForKind(kind schema.GroupVersionKind) interface{} {
|
||||||
return &kyvernov2alpha1.CleanupPolicyApplyConfiguration{}
|
return &kyvernov2alpha1.CleanupPolicyApplyConfiguration{}
|
||||||
case v2alpha1.SchemeGroupVersion.WithKind("ClusterCleanupPolicy"):
|
case v2alpha1.SchemeGroupVersion.WithKind("ClusterCleanupPolicy"):
|
||||||
return &kyvernov2alpha1.ClusterCleanupPolicyApplyConfiguration{}
|
return &kyvernov2alpha1.ClusterCleanupPolicyApplyConfiguration{}
|
||||||
|
case v2alpha1.SchemeGroupVersion.WithKind("ExternalAPICall"):
|
||||||
|
return &kyvernov2alpha1.ExternalAPICallApplyConfiguration{}
|
||||||
case v2alpha1.SchemeGroupVersion.WithKind("GlobalContextEntry"):
|
case v2alpha1.SchemeGroupVersion.WithKind("GlobalContextEntry"):
|
||||||
return &kyvernov2alpha1.GlobalContextEntryApplyConfiguration{}
|
return &kyvernov2alpha1.GlobalContextEntryApplyConfiguration{}
|
||||||
case v2alpha1.SchemeGroupVersion.WithKind("GlobalContextEntrySpec"):
|
case v2alpha1.SchemeGroupVersion.WithKind("GlobalContextEntrySpec"):
|
||||||
return &kyvernov2alpha1.GlobalContextEntrySpecApplyConfiguration{}
|
return &kyvernov2alpha1.GlobalContextEntrySpecApplyConfiguration{}
|
||||||
case v2alpha1.SchemeGroupVersion.WithKind("GlobalContextEntryStatus"):
|
case v2alpha1.SchemeGroupVersion.WithKind("GlobalContextEntryStatus"):
|
||||||
return &kyvernov2alpha1.GlobalContextEntryStatusApplyConfiguration{}
|
return &kyvernov2alpha1.GlobalContextEntryStatusApplyConfiguration{}
|
||||||
|
case v2alpha1.SchemeGroupVersion.WithKind("KubernetesResource"):
|
||||||
|
return &kyvernov2alpha1.KubernetesResourceApplyConfiguration{}
|
||||||
case v2alpha1.SchemeGroupVersion.WithKind("PolicyException"):
|
case v2alpha1.SchemeGroupVersion.WithKind("PolicyException"):
|
||||||
return &kyvernov2alpha1.PolicyExceptionApplyConfiguration{}
|
return &kyvernov2alpha1.PolicyExceptionApplyConfiguration{}
|
||||||
|
|
||||||
|
|
Loading…
Add table
Reference in a new issue