diff --git a/api/kyverno/v2beta1/spec_types.go b/api/kyverno/v2beta1/spec_types.go
index 049dcaec2f..d5b6b39308 100644
--- a/api/kyverno/v2beta1/spec_types.go
+++ b/api/kyverno/v2beta1/spec_types.go
@@ -34,6 +34,12 @@ type Spec struct {
// Deprecated, use validationFailureActionOverrides under the validate rule instead.
ValidationFailureActionOverrides []kyvernov1.ValidationFailureActionOverride `json:"validationFailureActionOverrides,omitempty"`
+ // EmitWarning enables API response warnings for mutate policy rules or validate policy rules with validationFailureAction set to Audit.
+ // Enabling this option will extend admission request processing times. The default value is "false".
+ // +optional
+ // +kubebuilder:default=false
+ EmitWarning *bool `json:"emitWarning,omitempty"`
+
// Admission controls if rules are applied during admission.
// Optional. Default value is "true".
// +optional
diff --git a/api/kyverno/v2beta1/zz_generated.deepcopy.go b/api/kyverno/v2beta1/zz_generated.deepcopy.go
index 6887ae9fa3..31caa55619 100755
--- a/api/kyverno/v2beta1/zz_generated.deepcopy.go
+++ b/api/kyverno/v2beta1/zz_generated.deepcopy.go
@@ -814,6 +814,11 @@ func (in *Spec) DeepCopyInto(out *Spec) {
(*in)[i].DeepCopyInto(&(*out)[i])
}
}
+ if in.EmitWarning != nil {
+ in, out := &in.EmitWarning, &out.EmitWarning
+ *out = new(bool)
+ **out = **in
+ }
if in.Admission != nil {
in, out := &in.Admission, &out.Admission
*out = new(bool)
diff --git a/charts/kyverno/Chart.yaml b/charts/kyverno/Chart.yaml
index 57a4b819ee..0d48b96770 100644
--- a/charts/kyverno/Chart.yaml
+++ b/charts/kyverno/Chart.yaml
@@ -33,16 +33,8 @@ annotations:
url: https://kyverno.io/docs
# valid kinds are: added, changed, deprecated, removed, fixed and security
artifacthub.io/changes: |
- - kind: added
- description: Add a key to preserve configmap settings during upgrade
- - kind: added
- description: Make admission reports breaker threshold configurable
- - kind: added
- description: ImagePullSecrets made globally configurable
- - kind: removed
- description: Deprecated configuration `features.reports.chunkSize` was removed
- - kind: added
- description: ImagePullSecrets made configurable for tests
+ - kind: fixed
+ description: Add spec.emitWarning to v2beta1 policy
dependencies:
- name: grafana
version: v0.0.0
diff --git a/charts/kyverno/charts/crds/templates/kyverno.io/kyverno.io_clusterpolicies.yaml b/charts/kyverno/charts/crds/templates/kyverno.io/kyverno.io_clusterpolicies.yaml
index 62277aae2d..87bb894d76 100644
--- a/charts/kyverno/charts/crds/templates/kyverno.io/kyverno.io_clusterpolicies.yaml
+++ b/charts/kyverno/charts/crds/templates/kyverno.io/kyverno.io_clusterpolicies.yaml
@@ -10381,6 +10381,12 @@ spec:
Optional. Default value is "true". The value must be set to "false" if the policy rule
uses variables that are only available in the admission review request (e.g. user name).
type: boolean
+ emitWarning:
+ default: false
+ description: |-
+ EmitWarning enables API response warnings for mutate policy rules or validate policy rules with validationFailureAction set to Audit.
+ Enabling this option will extend admission request processing times. The default value is "false".
+ type: boolean
failurePolicy:
description: Deprecated, use failurePolicy under the webhookConfiguration
instead.
diff --git a/charts/kyverno/charts/crds/templates/kyverno.io/kyverno.io_policies.yaml b/charts/kyverno/charts/crds/templates/kyverno.io/kyverno.io_policies.yaml
index 0cec4c97b5..04a9225b4a 100644
--- a/charts/kyverno/charts/crds/templates/kyverno.io/kyverno.io_policies.yaml
+++ b/charts/kyverno/charts/crds/templates/kyverno.io/kyverno.io_policies.yaml
@@ -10384,6 +10384,12 @@ spec:
Optional. Default value is "true". The value must be set to "false" if the policy rule
uses variables that are only available in the admission review request (e.g. user name).
type: boolean
+ emitWarning:
+ default: false
+ description: |-
+ EmitWarning enables API response warnings for mutate policy rules or validate policy rules with validationFailureAction set to Audit.
+ Enabling this option will extend admission request processing times. The default value is "false".
+ type: boolean
failurePolicy:
description: Deprecated, use failurePolicy under the webhookConfiguration
instead.
diff --git a/cmd/cli/kubectl-kyverno/data/crds/kyverno.io_clusterpolicies.yaml b/cmd/cli/kubectl-kyverno/data/crds/kyverno.io_clusterpolicies.yaml
index c4c2fda998..085d003bb1 100644
--- a/cmd/cli/kubectl-kyverno/data/crds/kyverno.io_clusterpolicies.yaml
+++ b/cmd/cli/kubectl-kyverno/data/crds/kyverno.io_clusterpolicies.yaml
@@ -10375,6 +10375,12 @@ spec:
Optional. Default value is "true". The value must be set to "false" if the policy rule
uses variables that are only available in the admission review request (e.g. user name).
type: boolean
+ emitWarning:
+ default: false
+ description: |-
+ EmitWarning enables API response warnings for mutate policy rules or validate policy rules with validationFailureAction set to Audit.
+ Enabling this option will extend admission request processing times. The default value is "false".
+ type: boolean
failurePolicy:
description: Deprecated, use failurePolicy under the webhookConfiguration
instead.
diff --git a/cmd/cli/kubectl-kyverno/data/crds/kyverno.io_policies.yaml b/cmd/cli/kubectl-kyverno/data/crds/kyverno.io_policies.yaml
index 008f0bc6da..ed5fd81464 100644
--- a/cmd/cli/kubectl-kyverno/data/crds/kyverno.io_policies.yaml
+++ b/cmd/cli/kubectl-kyverno/data/crds/kyverno.io_policies.yaml
@@ -10378,6 +10378,12 @@ spec:
Optional. Default value is "true". The value must be set to "false" if the policy rule
uses variables that are only available in the admission review request (e.g. user name).
type: boolean
+ emitWarning:
+ default: false
+ description: |-
+ EmitWarning enables API response warnings for mutate policy rules or validate policy rules with validationFailureAction set to Audit.
+ Enabling this option will extend admission request processing times. The default value is "false".
+ type: boolean
failurePolicy:
description: Deprecated, use failurePolicy under the webhookConfiguration
instead.
diff --git a/config/crds/kyverno/kyverno.io_clusterpolicies.yaml b/config/crds/kyverno/kyverno.io_clusterpolicies.yaml
index c4c2fda998..085d003bb1 100644
--- a/config/crds/kyverno/kyverno.io_clusterpolicies.yaml
+++ b/config/crds/kyverno/kyverno.io_clusterpolicies.yaml
@@ -10375,6 +10375,12 @@ spec:
Optional. Default value is "true". The value must be set to "false" if the policy rule
uses variables that are only available in the admission review request (e.g. user name).
type: boolean
+ emitWarning:
+ default: false
+ description: |-
+ EmitWarning enables API response warnings for mutate policy rules or validate policy rules with validationFailureAction set to Audit.
+ Enabling this option will extend admission request processing times. The default value is "false".
+ type: boolean
failurePolicy:
description: Deprecated, use failurePolicy under the webhookConfiguration
instead.
diff --git a/config/crds/kyverno/kyverno.io_policies.yaml b/config/crds/kyverno/kyverno.io_policies.yaml
index 008f0bc6da..ed5fd81464 100644
--- a/config/crds/kyverno/kyverno.io_policies.yaml
+++ b/config/crds/kyverno/kyverno.io_policies.yaml
@@ -10378,6 +10378,12 @@ spec:
Optional. Default value is "true". The value must be set to "false" if the policy rule
uses variables that are only available in the admission review request (e.g. user name).
type: boolean
+ emitWarning:
+ default: false
+ description: |-
+ EmitWarning enables API response warnings for mutate policy rules or validate policy rules with validationFailureAction set to Audit.
+ Enabling this option will extend admission request processing times. The default value is "false".
+ type: boolean
failurePolicy:
description: Deprecated, use failurePolicy under the webhookConfiguration
instead.
diff --git a/config/install-latest-testing.yaml b/config/install-latest-testing.yaml
index 7337e1d414..eabf7c0b45 100644
--- a/config/install-latest-testing.yaml
+++ b/config/install-latest-testing.yaml
@@ -15800,6 +15800,12 @@ spec:
Optional. Default value is "true". The value must be set to "false" if the policy rule
uses variables that are only available in the admission review request (e.g. user name).
type: boolean
+ emitWarning:
+ default: false
+ description: |-
+ EmitWarning enables API response warnings for mutate policy rules or validate policy rules with validationFailureAction set to Audit.
+ Enabling this option will extend admission request processing times. The default value is "false".
+ type: boolean
failurePolicy:
description: Deprecated, use failurePolicy under the webhookConfiguration
instead.
@@ -36355,6 +36361,12 @@ spec:
Optional. Default value is "true". The value must be set to "false" if the policy rule
uses variables that are only available in the admission review request (e.g. user name).
type: boolean
+ emitWarning:
+ default: false
+ description: |-
+ EmitWarning enables API response warnings for mutate policy rules or validate policy rules with validationFailureAction set to Audit.
+ Enabling this option will extend admission request processing times. The default value is "false".
+ type: boolean
failurePolicy:
description: Deprecated, use failurePolicy under the webhookConfiguration
instead.
diff --git a/docs/user/crd/index.html b/docs/user/crd/index.html
index c976faf580..5b38a319c4 100644
--- a/docs/user/crd/index.html
+++ b/docs/user/crd/index.html
@@ -8077,6 +8077,19 @@ ValidationFailureAction
+emitWarning
+
+bool
+
+ |
+
+(Optional)
+ EmitWarning enables API response warnings for mutate policy rules or validate policy rules with validationFailureAction set to Audit.
+Enabling this option will extend admission request processing times. The default value is “false”.
+ |
+
+
+
admission
bool
@@ -8338,6 +8351,19 @@ ValidationFailureAction
|
+emitWarning
+
+bool
+
+ |
+
+(Optional)
+ EmitWarning enables API response warnings for mutate policy rules or validate policy rules with validationFailureAction set to Audit.
+Enabling this option will extend admission request processing times. The default value is “false”.
+ |
+
+
+
admission
bool
@@ -9751,6 +9777,19 @@ ValidationFailureAction
|
+emitWarning
+
+bool
+
+ |
+
+(Optional)
+ EmitWarning enables API response warnings for mutate policy rules or validate policy rules with validationFailureAction set to Audit.
+Enabling this option will extend admission request processing times. The default value is “false”.
+ |
+
+
+
admission
bool
diff --git a/docs/user/crd/kyverno.v2beta1.html b/docs/user/crd/kyverno.v2beta1.html
index df1ae00ae2..a5db808bd8 100644
--- a/docs/user/crd/kyverno.v2beta1.html
+++ b/docs/user/crd/kyverno.v2beta1.html
@@ -948,6 +948,34 @@ set to All all rules in the policy are processed. The default is
+ emitWarning
+
+
+
+
+
+
+ bool
+
+
+ |
+
+
+
+ EmitWarning enables API response warnings for mutate policy rules or validate policy rules with validationFailureAction set to Audit.
+Enabling this option will extend admission request processing times. The default value is "false".
+
+
+
+
+
+ |
+ |
+
+
+
+
admission
@@ -1507,6 +1535,34 @@ set to All all rules in the policy are processed. The default is
+ emitWarning
+
+
+
+
+
+
+ bool
+
+
+ |
+
+
+
+ EmitWarning enables API response warnings for mutate policy rules or validate policy rules with validationFailureAction set to Audit.
+Enabling this option will extend admission request processing times. The default value is "false".
+
+
+
+
+
+ |
+ |
+
+
+
+
admission
@@ -4370,6 +4426,34 @@ set to All all rules in the policy are processed. The default is
+ emitWarning
+
+
+
+
+
+
+ bool
+
+
+ |
+
+
+
+ EmitWarning enables API response warnings for mutate policy rules or validate policy rules with validationFailureAction set to Audit.
+Enabling this option will extend admission request processing times. The default value is "false".
+
+
+
+
+
+ |
+ |
+
+
+
+
admission
diff --git a/pkg/client/applyconfigurations/kyverno/v2beta1/spec.go b/pkg/client/applyconfigurations/kyverno/v2beta1/spec.go
index 558f8ea4ed..0ab6db087d 100644
--- a/pkg/client/applyconfigurations/kyverno/v2beta1/spec.go
+++ b/pkg/client/applyconfigurations/kyverno/v2beta1/spec.go
@@ -31,6 +31,7 @@ type SpecApplyConfiguration struct {
FailurePolicy *v1.FailurePolicyType `json:"failurePolicy,omitempty"`
ValidationFailureAction *v1.ValidationFailureAction `json:"validationFailureAction,omitempty"`
ValidationFailureActionOverrides []kyvernov1.ValidationFailureActionOverrideApplyConfiguration `json:"validationFailureActionOverrides,omitempty"`
+ EmitWarning *bool `json:"emitWarning,omitempty"`
Admission *bool `json:"admission,omitempty"`
Background *bool `json:"background,omitempty"`
SchemaValidation *bool `json:"schemaValidation,omitempty"`
@@ -98,6 +99,14 @@ func (b *SpecApplyConfiguration) WithValidationFailureActionOverrides(values ...
return b
}
+// WithEmitWarning sets the EmitWarning field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the EmitWarning field is set to the value of the last call.
+func (b *SpecApplyConfiguration) WithEmitWarning(value bool) *SpecApplyConfiguration {
+ b.EmitWarning = &value
+ return b
+}
+
// WithAdmission sets the Admission field in the declarative configuration to the given value
// and returns the receiver, so that objects can be built by chaining "With" function invocations.
// If called multiple times, the Admission field is set to the value of the last call.
|