diff --git a/api/policies.kyverno.io/v1alpha1/validating_spec_types.go b/api/policies.kyverno.io/v1alpha1/validating_spec_types.go
index 3a36808500..d59eb082ac 100644
--- a/api/policies.kyverno.io/v1alpha1/validating_spec_types.go
+++ b/api/policies.kyverno.io/v1alpha1/validating_spec_types.go
@@ -91,7 +91,7 @@ type ValidatingPolicySpec struct {
// EvaluationConfiguration defines the configuration for the policy evaluation.
// +optional
- EvaluationConfiguration *EvaluationConfiguration `json:"evaluationConfiguration,omitempty"`
+ EvaluationConfiguration *EvaluationConfiguration `json:"evaluation,omitempty"`
}
// AdmissionEnabled checks if admission is set to true
@@ -110,6 +110,14 @@ func (s ValidatingPolicySpec) BackgroundEnabled() bool {
return *s.EvaluationConfiguration.Background.Enabled
}
+// EvaluationMode returns the evaluation mode of the policy.
+func (s ValidatingPolicySpec) EvaluationMode() EvaluationMode {
+ if s.EvaluationConfiguration == nil || s.EvaluationConfiguration.Mode == "" {
+ return EvaluationModeKubernetes
+ }
+ return s.EvaluationConfiguration.Mode
+}
+
type WebhookConfiguration struct {
// TimeoutSeconds specifies the maximum time in seconds allowed to apply this policy.
// After the configured time expires, the admission request may fail, or may simply ignore the policy results,
@@ -118,6 +126,12 @@ type WebhookConfiguration struct {
}
type EvaluationConfiguration struct {
+ // Mode is the mode of policy evaluation.
+ // Allowed values are "Kubernetes" or "JSON".
+ // Optional. Default value is "Kubernetes".
+ // +optional
+ Mode EvaluationMode `json:"mode,omitempty"`
+
// Admission controls policy evaluation during admission.
// +optional
Admission *AdmissionConfiguration `json:"admission,omitempty"`
@@ -143,3 +157,10 @@ type BackgroundConfiguration struct {
// +kubebuilder:default=true
Enabled *bool `json:"enabled,omitempty"`
}
+
+type EvaluationMode string
+
+const (
+ EvaluationModeKubernetes EvaluationMode = "Kubernetes"
+ EvaluationModeJSON EvaluationMode = "JSON"
+)
diff --git a/charts/kyverno/charts/crds/templates/policies.kyverno.io/policies.kyverno.io_validatingpolicies.yaml b/charts/kyverno/charts/crds/templates/policies.kyverno.io/policies.kyverno.io_validatingpolicies.yaml
index a5ba9e817e..c09be166b8 100644
--- a/charts/kyverno/charts/crds/templates/policies.kyverno.io/policies.kyverno.io_validatingpolicies.yaml
+++ b/charts/kyverno/charts/crds/templates/policies.kyverno.io/policies.kyverno.io_validatingpolicies.yaml
@@ -108,7 +108,7 @@ spec:
type: object
type: array
x-kubernetes-list-type: atomic
- evaluationConfiguration:
+ evaluation:
description: EvaluationConfiguration defines the configuration for
the policy evaluation.
properties:
@@ -134,6 +134,12 @@ spec:
uses variables that are only available in the admission review request (e.g. user name).
type: boolean
type: object
+ mode:
+ description: |-
+ Mode is the mode of policy evaluation.
+ Allowed values are "Kubernetes" or "JSON".
+ Optional. Default value is "Kubernetes".
+ type: string
type: object
failurePolicy:
description: |-
diff --git a/cmd/cli/kubectl-kyverno/data/crds/policies.kyverno.io_validatingpolicies.yaml b/cmd/cli/kubectl-kyverno/data/crds/policies.kyverno.io_validatingpolicies.yaml
index 2459190255..2a796e0c3a 100644
--- a/cmd/cli/kubectl-kyverno/data/crds/policies.kyverno.io_validatingpolicies.yaml
+++ b/cmd/cli/kubectl-kyverno/data/crds/policies.kyverno.io_validatingpolicies.yaml
@@ -102,7 +102,7 @@ spec:
type: object
type: array
x-kubernetes-list-type: atomic
- evaluationConfiguration:
+ evaluation:
description: EvaluationConfiguration defines the configuration for
the policy evaluation.
properties:
@@ -128,6 +128,12 @@ spec:
uses variables that are only available in the admission review request (e.g. user name).
type: boolean
type: object
+ mode:
+ description: |-
+ Mode is the mode of policy evaluation.
+ Allowed values are "Kubernetes" or "JSON".
+ Optional. Default value is "Kubernetes".
+ type: string
type: object
failurePolicy:
description: |-
diff --git a/config/crds/policies.kyverno.io/policies.kyverno.io_validatingpolicies.yaml b/config/crds/policies.kyverno.io/policies.kyverno.io_validatingpolicies.yaml
index 2459190255..2a796e0c3a 100644
--- a/config/crds/policies.kyverno.io/policies.kyverno.io_validatingpolicies.yaml
+++ b/config/crds/policies.kyverno.io/policies.kyverno.io_validatingpolicies.yaml
@@ -102,7 +102,7 @@ spec:
type: object
type: array
x-kubernetes-list-type: atomic
- evaluationConfiguration:
+ evaluation:
description: EvaluationConfiguration defines the configuration for
the policy evaluation.
properties:
@@ -128,6 +128,12 @@ spec:
uses variables that are only available in the admission review request (e.g. user name).
type: boolean
type: object
+ mode:
+ description: |-
+ Mode is the mode of policy evaluation.
+ Allowed values are "Kubernetes" or "JSON".
+ Optional. Default value is "Kubernetes".
+ type: string
type: object
failurePolicy:
description: |-
diff --git a/config/install-latest-testing.yaml b/config/install-latest-testing.yaml
index 7ef8eb3d73..e3244c6700 100644
--- a/config/install-latest-testing.yaml
+++ b/config/install-latest-testing.yaml
@@ -48650,7 +48650,7 @@ spec:
type: object
type: array
x-kubernetes-list-type: atomic
- evaluationConfiguration:
+ evaluation:
description: EvaluationConfiguration defines the configuration for
the policy evaluation.
properties:
@@ -48676,6 +48676,12 @@ spec:
uses variables that are only available in the admission review request (e.g. user name).
type: boolean
type: object
+ mode:
+ description: |-
+ Mode is the mode of policy evaluation.
+ Allowed values are "Kubernetes" or "JSON".
+ Optional. Default value is "Kubernetes".
+ type: string
type: object
failurePolicy:
description: |-
diff --git a/docs/user/crd/index.html b/docs/user/crd/index.html
index e88612399c..30fed92422 100644
--- a/docs/user/crd/index.html
+++ b/docs/user/crd/index.html
@@ -10840,7 +10840,7 @@ WebhookConfiguration
-evaluationConfiguration
+evaluation
EvaluationConfiguration
@@ -11560,6 +11560,22 @@ Secrets must live in the Kyverno namespace.
+mode
+
+
+EvaluationMode
+
+
+ |
+
+(Optional)
+ Mode is the mode of policy evaluation.
+Allowed values are “Kubernetes” or “JSON”.
+Optional. Default value is “Kubernetes”.
+ |
+
+
+
admission
@@ -11589,6 +11605,14 @@ BackgroundConfiguration
|
+EvaluationMode
+(string alias)
+
+(Appears on:
+EvaluationConfiguration)
+
+
+
GenericPolicy
@@ -12706,7 +12730,7 @@ WebhookConfiguration
|
-evaluationConfiguration
+evaluation
EvaluationConfiguration
|