mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-28 10:28:36 +00:00
Code Activity

feat: remove description from deprecated fields (#8186)

Browse source 
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
This commit is contained in:
Vishal Choudhary 2023-09-01 03:53:44 +05:30 committed by GitHub
parent 327a21e4ce
commit 478d324007
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
11 changed files with 256 additions and 618 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
CHANGELOG.md
View file

@ -4,6 +4,7 @@
### Note
- Remove description from deprecated fields in CRDs
- Remove CLI `kyverno test manifest ...` commands (replaced by `kyverno create ...`).
- Added `--caSecretName` and `--tlsSecretName` flags to control names of certificate related secrets.
- Added match conditions support in kyverno config map.

11
api/kyverno/v1/image_verification_types.go
View file

@ -37,8 +37,6 @@ type ImageVerification struct {
// +kubebuilder:validation:Optional
Type ImageVerificationType `json:"type,omitempty" yaml:"type,omitempty"`
// Image is the image name consisting of the registry address, repository, image, and tag.
// Wildcards ('*' and '?') are allowed. See: https://kubernetes.io/docs/concepts/containers/images.
// Deprecated. Use ImageReferences instead.
// +kubebuilder:validation:Optional
Image string `json:"image,omitempty" yaml:"image,omitempty"`
@ -50,23 +48,18 @@ type ImageVerification struct {
// +kubebuilder:validation:Optional
ImageReferences []string `json:"imageReferences,omitempty" yaml:"imageReferences,omitempty"`
// Key is the PEM encoded public key that the image or attestation is signed with.
// Deprecated. Use StaticKeyAttestor instead.
Key string `json:"key,omitempty" yaml:"key,omitempty"`
// Roots is the PEM encoded Root certificate chain used for keyless signing
// Deprecated. Use KeylessAttestor instead.
Roots string `json:"roots,omitempty" yaml:"roots,omitempty"`
// Subject is the identity used for keyless signing, for example an email address
// Deprecated. Use KeylessAttestor instead.
Subject string `json:"subject,omitempty" yaml:"subject,omitempty"`
// Issuer is the certificate issuer used for keyless signing.
// Deprecated. Use KeylessAttestor instead.
Issuer string `json:"issuer,omitempty" yaml:"issuer,omitempty"`
// AdditionalExtensions are certificate-extensions used for keyless signing.
// Deprecated.
AdditionalExtensions map[string]string `json:"additionalExtensions,omitempty" yaml:"additionalExtensions,omitempty"`
@ -79,9 +72,6 @@ type ImageVerification struct {
// OCI registry and decodes them into a list of Statement declarations.
Attestations []Attestation `json:"attestations,omitempty" yaml:"attestations,omitempty"`
// Annotations are used for image verification.
// Every specified key-value pair must exist and match in the verified payload.
// The payload may contain other key-value pairs.
// Deprecated. Use annotations per Attestor instead.
Annotations map[string]string `json:"annotations,omitempty" yaml:"annotations,omitempty"`
@ -285,7 +275,6 @@ type CTLog struct {
// See https://github.com/in-toto/attestation. Kyverno fetches signed attestations from the
// OCI registry and decodes them into a list of Statements.
type Attestation struct {
// PredicateType defines the type of Predicate contained within the Statement.
// Deprecated in favour of 'Type', to be removed soon
// +kubebuilder:validation:Optional
PredicateType string `json:"predicateType" yaml:"predicateType"`

5
api/kyverno/v1/policy_status.go
View file

@ -17,20 +17,15 @@ const (
PolicyReasonFailed = "Failed"
)
// PolicyStatus mostly contains runtime information related to policy execution.
// Deprecated. Policy metrics are now available via the "/metrics" endpoint.
// See: https://kyverno.io/docs/monitoring-kyverno-with-prometheus-metrics/
type PolicyStatus struct {
// Ready indicates if the policy is ready to serve the admission request.
// Deprecated in favor of Conditions
Ready bool `json:"ready" yaml:"ready"`
// Conditions is a list of conditions that apply to the policy
// +optional
Conditions []metav1.Condition `json:"conditions,omitempty"`
// Autogen contains autogen status information
// +optional
Autogen AutogenStatus `json:"autogen" yaml:"autogen"`
// RuleCount describes total number of rules in a policy
// +optional
RuleCount RuleCountStatus `json:"rulecount" yaml:"rulecount"`
// ValidatingAdmissionPolicy contains status information

1
api/kyverno/v1/policy_types.go
View file

@ -36,7 +36,6 @@ type Policy struct {
// Spec defines policy behaviors and contains one or more rules.
Spec Spec `json:"spec" yaml:"spec"`
// Status contains policy runtime information.
// +optional
// Deprecated. Policy metrics are available via the metrics endpoint
Status PolicyStatus `json:"status,omitempty" yaml:"status,omitempty"`

1
api/kyverno/v1beta1/updaterequest_types.go
View file

@ -25,7 +25,6 @@ import (
// UpdateRequestStatus defines the observed state of UpdateRequest
type UpdateRequestStatus struct {
// Handler represents the instance ID that handles the UR
// Deprecated
Handler string `json:"handler,omitempty" yaml:"handler,omitempty"`

271
charts/kyverno/templates/crds/crds.yaml
View file

@ -7305,16 +7305,12 @@ spec:
additionalExtensions:
additionalProperties:
type: string
description: AdditionalExtensions are certificate-extensions
used for keyless signing. Deprecated.
description: Deprecated.
type: object
annotations:
additionalProperties:
type: string
description: Annotations are used for image verification.
Every specified key-value pair must exist and match
in the verified payload. The payload may contain other
key-value pairs. Deprecated. Use annotations per Attestor
description: Deprecated. Use annotations per Attestor
instead.
type: object
attestations:
@ -7737,9 +7733,8 @@ spec:
type: object
type: array
predicateType:
description: PredicateType defines the type of Predicate
contained within the Statement. Deprecated in
favour of 'Type', to be removed soon
description: Deprecated in favour of 'Type', to
be removed soon
type: string
type:
description: Type defines the type of attestation
@ -8016,10 +8011,7 @@ spec:
type: object
type: array
image:
description: 'Image is the image name consisting of the
registry address, repository, image, and tag. Wildcards
(''*'' and ''?'') are allowed. See: https://kubernetes.io/docs/concepts/containers/images.
Deprecated. Use ImageReferences instead.'
description: Deprecated. Use ImageReferences instead.
type: string
imageReferences:
description: 'ImageReferences is a list of matching image
@ -8065,13 +8057,10 @@ spec:
type: array
type: object
issuer:
description: Issuer is the certificate issuer used for
keyless signing. Deprecated. Use KeylessAttestor instead.
description: Deprecated. Use KeylessAttestor instead.
type: string
key:
description: Key is the PEM encoded public key that the
image or attestation is signed with. Deprecated. Use
StaticKeyAttestor instead.
description: Deprecated. Use StaticKeyAttestor instead.
type: string
mutateDigest:
default: true
@ -8093,14 +8082,10 @@ spec:
check.
type: boolean
roots:
description: Roots is the PEM encoded Root certificate
chain used for keyless signing Deprecated. Use KeylessAttestor
instead.
description: Deprecated. Use KeylessAttestor instead.
type: string
subject:
description: Subject is the identity used for keyless
signing, for example an email address Deprecated. Use
KeylessAttestor instead.
description: Deprecated. Use KeylessAttestor instead.
type: string
type:
description: Type specifies the method of signature validation.
@ -8232,7 +8217,7 @@ spec:
description: Status contains policy runtime data.
properties:
autogen:
description: Autogen contains autogen status information
description: AutogenStatus contains autogen status information.
properties:
rules:
description: Rules is a list of Rule instances. It contains auto
@ -11752,17 +11737,13 @@ spec:
additionalExtensions:
additionalProperties:
type: string
description: AdditionalExtensions are certificate-extensions
used for keyless signing. Deprecated.
description: Deprecated.
type: object
annotations:
additionalProperties:
type: string
description: Annotations are used for image verification.
Every specified key-value pair must exist and match
in the verified payload. The payload may contain
other key-value pairs. Deprecated. Use annotations
per Attestor instead.
description: Deprecated. Use annotations per Attestor
instead.
type: object
attestations:
description: Attestations are optional checks for
@ -12211,10 +12192,8 @@ spec:
type: object
type: array
predicateType:
description: PredicateType defines the type
of Predicate contained within the Statement.
Deprecated in favour of 'Type', to be removed
soon
description: Deprecated in favour of 'Type',
to be removed soon
type: string
type:
description: Type defines the type of attestation
@ -12501,10 +12480,7 @@ spec:
type: object
type: array
image:
description: 'Image is the image name consisting of
the registry address, repository, image, and tag.
Wildcards (''*'' and ''?'') are allowed. See: https://kubernetes.io/docs/concepts/containers/images.
Deprecated. Use ImageReferences instead.'
description: Deprecated. Use ImageReferences instead.
type: string
imageReferences:
description: 'ImageReferences is a list of matching
@ -12551,14 +12527,10 @@ spec:
type: array
type: object
issuer:
description: Issuer is the certificate issuer used
for keyless signing. Deprecated. Use KeylessAttestor
instead.
description: Deprecated. Use KeylessAttestor instead.
type: string
key:
description: Key is the PEM encoded public key that
the image or attestation is signed with. Deprecated.
Use StaticKeyAttestor instead.
description: Deprecated. Use StaticKeyAttestor instead.
type: string
mutateDigest:
default: true
@ -12580,14 +12552,10 @@ spec:
check.
type: boolean
roots:
description: Roots is the PEM encoded Root certificate
chain used for keyless signing Deprecated. Use KeylessAttestor
instead.
description: Deprecated. Use KeylessAttestor instead.
type: string
subject:
description: Subject is the identity used for keyless
signing, for example an email address Deprecated.
Use KeylessAttestor instead.
description: Deprecated. Use KeylessAttestor instead.
type: string
type:
description: Type specifies the method of signature
@ -12615,8 +12583,6 @@ spec:
type: array
type: object
conditions:
description: Conditions is a list of conditions that apply to the
policy
items:
description: "Condition contains details for one aspect of the current
state of this API Resource. --- This struct is intended for direct
@ -12685,11 +12651,11 @@ spec:
type: object
type: array
ready:
description: Ready indicates if the policy is ready to serve the admission
request. Deprecated in favor of Conditions
description: Deprecated in favor of Conditions
type: boolean
rulecount:
description: RuleCount describes total number of rules in a policy
description: RuleCountStatus contains four variables which describes
counts for validate, generate, mutate and verify images rules
properties:
generate:
description: Count for generate rules in policy
@ -16375,9 +16341,8 @@ spec:
type: object
type: array
predicateType:
description: PredicateType defines the type of Predicate
contained within the Statement. Deprecated in
favour of 'Type', to be removed soon
description: Deprecated in favour of 'Type', to
be removed soon
type: string
type:
description: Type defines the type of attestation
@ -16845,7 +16810,7 @@ spec:
description: Status contains policy runtime data.
properties:
autogen:
description: Autogen contains autogen status information
description: AutogenStatus contains autogen status information.
properties:
rules:
description: Rules is a list of Rule instances. It contains auto
@ -20365,17 +20330,13 @@ spec:
additionalExtensions:
additionalProperties:
type: string
description: AdditionalExtensions are certificate-extensions
used for keyless signing. Deprecated.
description: Deprecated.
type: object
annotations:
additionalProperties:
type: string
description: Annotations are used for image verification.
Every specified key-value pair must exist and match
in the verified payload. The payload may contain
other key-value pairs. Deprecated. Use annotations
per Attestor instead.
description: Deprecated. Use annotations per Attestor
instead.
type: object
attestations:
description: Attestations are optional checks for
@ -20824,10 +20785,8 @@ spec:
type: object
type: array
predicateType:
description: PredicateType defines the type
of Predicate contained within the Statement.
Deprecated in favour of 'Type', to be removed
soon
description: Deprecated in favour of 'Type',
to be removed soon
type: string
type:
description: Type defines the type of attestation
@ -21114,10 +21073,7 @@ spec:
type: object
type: array
image:
description: 'Image is the image name consisting of
the registry address, repository, image, and tag.
Wildcards (''*'' and ''?'') are allowed. See: https://kubernetes.io/docs/concepts/containers/images.
Deprecated. Use ImageReferences instead.'
description: Deprecated. Use ImageReferences instead.
type: string
imageReferences:
description: 'ImageReferences is a list of matching
@ -21164,14 +21120,10 @@ spec:
type: array
type: object
issuer:
description: Issuer is the certificate issuer used
for keyless signing. Deprecated. Use KeylessAttestor
instead.
description: Deprecated. Use KeylessAttestor instead.
type: string
key:
description: Key is the PEM encoded public key that
the image or attestation is signed with. Deprecated.
Use StaticKeyAttestor instead.
description: Deprecated. Use StaticKeyAttestor instead.
type: string
mutateDigest:
default: true
@ -21193,14 +21145,10 @@ spec:
check.
type: boolean
roots:
description: Roots is the PEM encoded Root certificate
chain used for keyless signing Deprecated. Use KeylessAttestor
instead.
description: Deprecated. Use KeylessAttestor instead.
type: string
subject:
description: Subject is the identity used for keyless
signing, for example an email address Deprecated.
Use KeylessAttestor instead.
description: Deprecated. Use KeylessAttestor instead.
type: string
type:
description: Type specifies the method of signature
@ -21228,8 +21176,6 @@ spec:
type: array
type: object
conditions:
description: Conditions is a list of conditions that apply to the
policy
items:
description: "Condition contains details for one aspect of the current
state of this API Resource. --- This struct is intended for direct
@ -21298,11 +21244,11 @@ spec:
type: object
type: array
ready:
description: Ready indicates if the policy is ready to serve the admission
request. Deprecated in favor of Conditions
description: Deprecated in favor of Conditions
type: boolean
rulecount:
description: RuleCount describes total number of rules in a policy
description: RuleCountStatus contains four variables which describes
counts for validate, generate, mutate and verify images rules
properties:
generate:
description: Count for generate rules in policy
@ -24845,16 +24791,12 @@ spec:
additionalExtensions:
additionalProperties:
type: string
description: AdditionalExtensions are certificate-extensions
used for keyless signing. Deprecated.
description: Deprecated.
type: object
annotations:
additionalProperties:
type: string
description: Annotations are used for image verification.
Every specified key-value pair must exist and match
in the verified payload. The payload may contain other
key-value pairs. Deprecated. Use annotations per Attestor
description: Deprecated. Use annotations per Attestor
instead.
type: object
attestations:
@ -25277,9 +25219,8 @@ spec:
type: object
type: array
predicateType:
description: PredicateType defines the type of Predicate
contained within the Statement. Deprecated in
favour of 'Type', to be removed soon
description: Deprecated in favour of 'Type', to
be removed soon
type: string
type:
description: Type defines the type of attestation
@ -25556,10 +25497,7 @@ spec:
type: object
type: array
image:
description: 'Image is the image name consisting of the
registry address, repository, image, and tag. Wildcards
(''*'' and ''?'') are allowed. See: https://kubernetes.io/docs/concepts/containers/images.
Deprecated. Use ImageReferences instead.'
description: Deprecated. Use ImageReferences instead.
type: string
imageReferences:
description: 'ImageReferences is a list of matching image
@ -25605,13 +25543,10 @@ spec:
type: array
type: object
issuer:
description: Issuer is the certificate issuer used for
keyless signing. Deprecated. Use KeylessAttestor instead.
description: Deprecated. Use KeylessAttestor instead.
type: string
key:
description: Key is the PEM encoded public key that the
image or attestation is signed with. Deprecated. Use
StaticKeyAttestor instead.
description: Deprecated. Use StaticKeyAttestor instead.
type: string
mutateDigest:
default: true
@ -25633,14 +25568,10 @@ spec:
check.
type: boolean
roots:
description: Roots is the PEM encoded Root certificate
chain used for keyless signing Deprecated. Use KeylessAttestor
instead.
description: Deprecated. Use KeylessAttestor instead.
type: string
subject:
description: Subject is the identity used for keyless
signing, for example an email address Deprecated. Use
KeylessAttestor instead.
description: Deprecated. Use KeylessAttestor instead.
type: string
type:
description: Type specifies the method of signature validation.
@ -25769,11 +25700,11 @@ spec:
type: integer
type: object
status:
description: Status contains policy runtime information. Deprecated. Policy
metrics are available via the metrics endpoint
description: Deprecated. Policy metrics are available via the metrics
endpoint
properties:
autogen:
description: Autogen contains autogen status information
description: AutogenStatus contains autogen status information.
properties:
rules:
description: Rules is a list of Rule instances. It contains auto
@ -29293,17 +29224,13 @@ spec:
additionalExtensions:
additionalProperties:
type: string
description: AdditionalExtensions are certificate-extensions
used for keyless signing. Deprecated.
description: Deprecated.
type: object
annotations:
additionalProperties:
type: string
description: Annotations are used for image verification.
Every specified key-value pair must exist and match
in the verified payload. The payload may contain
other key-value pairs. Deprecated. Use annotations
per Attestor instead.
description: Deprecated. Use annotations per Attestor
instead.
type: object
attestations:
description: Attestations are optional checks for
@ -29752,10 +29679,8 @@ spec:
type: object
type: array
predicateType:
description: PredicateType defines the type
of Predicate contained within the Statement.
Deprecated in favour of 'Type', to be removed
soon
description: Deprecated in favour of 'Type',
to be removed soon
type: string
type:
description: Type defines the type of attestation
@ -30042,10 +29967,7 @@ spec:
type: object
type: array
image:
description: 'Image is the image name consisting of
the registry address, repository, image, and tag.
Wildcards (''*'' and ''?'') are allowed. See: https://kubernetes.io/docs/concepts/containers/images.
Deprecated. Use ImageReferences instead.'
description: Deprecated. Use ImageReferences instead.
type: string
imageReferences:
description: 'ImageReferences is a list of matching
@ -30092,14 +30014,10 @@ spec:
type: array
type: object
issuer:
description: Issuer is the certificate issuer used
for keyless signing. Deprecated. Use KeylessAttestor
instead.
description: Deprecated. Use KeylessAttestor instead.
type: string
key:
description: Key is the PEM encoded public key that
the image or attestation is signed with. Deprecated.
Use StaticKeyAttestor instead.
description: Deprecated. Use StaticKeyAttestor instead.
type: string
mutateDigest:
default: true
@ -30121,14 +30039,10 @@ spec:
check.
type: boolean
roots:
description: Roots is the PEM encoded Root certificate
chain used for keyless signing Deprecated. Use KeylessAttestor
instead.
description: Deprecated. Use KeylessAttestor instead.
type: string
subject:
description: Subject is the identity used for keyless
signing, for example an email address Deprecated.
Use KeylessAttestor instead.
description: Deprecated. Use KeylessAttestor instead.
type: string
type:
description: Type specifies the method of signature
@ -30156,8 +30070,6 @@ spec:
type: array
type: object
conditions:
description: Conditions is a list of conditions that apply to the
policy
items:
description: "Condition contains details for one aspect of the current
state of this API Resource. --- This struct is intended for direct
@ -30226,11 +30138,11 @@ spec:
type: object
type: array
ready:
description: Ready indicates if the policy is ready to serve the admission
request. Deprecated in favor of Conditions
description: Deprecated in favor of Conditions
type: boolean
rulecount:
description: RuleCount describes total number of rules in a policy
description: RuleCountStatus contains four variables which describes
counts for validate, generate, mutate and verify images rules
properties:
generate:
description: Count for generate rules in policy
@ -33917,9 +33829,8 @@ spec:
type: object
type: array
predicateType:
description: PredicateType defines the type of Predicate
contained within the Statement. Deprecated in
favour of 'Type', to be removed soon
description: Deprecated in favour of 'Type', to
be removed soon
type: string
type:
description: Type defines the type of attestation
@ -34387,7 +34298,7 @@ spec:
description: Status contains policy runtime data.
properties:
autogen:
description: Autogen contains autogen status information
description: AutogenStatus contains autogen status information.
properties:
rules:
description: Rules is a list of Rule instances. It contains auto
@ -37907,17 +37818,13 @@ spec:
additionalExtensions:
additionalProperties:
type: string
description: AdditionalExtensions are certificate-extensions
used for keyless signing. Deprecated.
description: Deprecated.
type: object
annotations:
additionalProperties:
type: string
description: Annotations are used for image verification.
Every specified key-value pair must exist and match
in the verified payload. The payload may contain
other key-value pairs. Deprecated. Use annotations
per Attestor instead.
description: Deprecated. Use annotations per Attestor
instead.
type: object
attestations:
description: Attestations are optional checks for
@ -38366,10 +38273,8 @@ spec:
type: object
type: array
predicateType:
description: PredicateType defines the type
of Predicate contained within the Statement.
Deprecated in favour of 'Type', to be removed
soon
description: Deprecated in favour of 'Type',
to be removed soon
type: string
type:
description: Type defines the type of attestation
@ -38656,10 +38561,7 @@ spec:
type: object
type: array
image:
description: 'Image is the image name consisting of
the registry address, repository, image, and tag.
Wildcards (''*'' and ''?'') are allowed. See: https://kubernetes.io/docs/concepts/containers/images.
Deprecated. Use ImageReferences instead.'
description: Deprecated. Use ImageReferences instead.
type: string
imageReferences:
description: 'ImageReferences is a list of matching
@ -38706,14 +38608,10 @@ spec:
type: array
type: object
issuer:
description: Issuer is the certificate issuer used
for keyless signing. Deprecated. Use KeylessAttestor
instead.
description: Deprecated. Use KeylessAttestor instead.
type: string
key:
description: Key is the PEM encoded public key that
the image or attestation is signed with. Deprecated.
Use StaticKeyAttestor instead.
description: Deprecated. Use StaticKeyAttestor instead.
type: string
mutateDigest:
default: true
@ -38735,14 +38633,10 @@ spec:
check.
type: boolean
roots:
description: Roots is the PEM encoded Root certificate
chain used for keyless signing Deprecated. Use KeylessAttestor
instead.
description: Deprecated. Use KeylessAttestor instead.
type: string
subject:
description: Subject is the identity used for keyless
signing, for example an email address Deprecated.
Use KeylessAttestor instead.
description: Deprecated. Use KeylessAttestor instead.
type: string
type:
description: Type specifies the method of signature
@ -38770,8 +38664,6 @@ spec:
type: array
type: object
conditions:
description: Conditions is a list of conditions that apply to the
policy
items:
description: "Condition contains details for one aspect of the current
state of this API Resource. --- This struct is intended for direct
@ -38840,11 +38732,11 @@ spec:
type: object
type: array
ready:
description: Ready indicates if the policy is ready to serve the admission
request. Deprecated in favor of Conditions
description: Deprecated in favor of Conditions
type: boolean
rulecount:
description: RuleCount describes total number of rules in a policy
description: RuleCountStatus contains four variables which describes
counts for validate, generate, mutate and verify images rules
properties:
generate:
description: Count for generate rules in policy
@ -39803,8 +39695,7 @@ spec:
type: object
type: array
handler:
description: Handler represents the instance ID that handles the UR
Deprecated
description: Deprecated
type: string
message:
description: Specifies request status message.

132
config/crds/kyverno.io_clusterpolicies.yaml
View file

@ -3488,16 +3488,12 @@ spec:
additionalExtensions:
additionalProperties:
type: string
description: AdditionalExtensions are certificate-extensions
used for keyless signing. Deprecated.
description: Deprecated.
type: object
annotations:
additionalProperties:
type: string
description: Annotations are used for image verification.
Every specified key-value pair must exist and match
in the verified payload. The payload may contain other
key-value pairs. Deprecated. Use annotations per Attestor
description: Deprecated. Use annotations per Attestor
instead.
type: object
attestations:
@ -3920,9 +3916,8 @@ spec:
type: object
type: array
predicateType:
description: PredicateType defines the type of Predicate
contained within the Statement. Deprecated in
favour of 'Type', to be removed soon
description: Deprecated in favour of 'Type', to
be removed soon
type: string
type:
description: Type defines the type of attestation
@ -4199,10 +4194,7 @@ spec:
type: object
type: array
image:
description: 'Image is the image name consisting of the
registry address, repository, image, and tag. Wildcards
(''*'' and ''?'') are allowed. See: https://kubernetes.io/docs/concepts/containers/images.
Deprecated. Use ImageReferences instead.'
description: Deprecated. Use ImageReferences instead.
type: string
imageReferences:
description: 'ImageReferences is a list of matching image
@ -4248,13 +4240,10 @@ spec:
type: array
type: object
issuer:
description: Issuer is the certificate issuer used for
keyless signing. Deprecated. Use KeylessAttestor instead.
description: Deprecated. Use KeylessAttestor instead.
type: string
key:
description: Key is the PEM encoded public key that the
image or attestation is signed with. Deprecated. Use
StaticKeyAttestor instead.
description: Deprecated. Use StaticKeyAttestor instead.
type: string
mutateDigest:
default: true
@ -4276,14 +4265,10 @@ spec:
check.
type: boolean
roots:
description: Roots is the PEM encoded Root certificate
chain used for keyless signing Deprecated. Use KeylessAttestor
instead.
description: Deprecated. Use KeylessAttestor instead.
type: string
subject:
description: Subject is the identity used for keyless
signing, for example an email address Deprecated. Use
KeylessAttestor instead.
description: Deprecated. Use KeylessAttestor instead.
type: string
type:
description: Type specifies the method of signature validation.
@ -4415,7 +4400,7 @@ spec:
description: Status contains policy runtime data.
properties:
autogen:
description: Autogen contains autogen status information
description: AutogenStatus contains autogen status information.
properties:
rules:
description: Rules is a list of Rule instances. It contains auto
@ -7935,17 +7920,13 @@ spec:
additionalExtensions:
additionalProperties:
type: string
description: AdditionalExtensions are certificate-extensions
used for keyless signing. Deprecated.
description: Deprecated.
type: object
annotations:
additionalProperties:
type: string
description: Annotations are used for image verification.
Every specified key-value pair must exist and match
in the verified payload. The payload may contain
other key-value pairs. Deprecated. Use annotations
per Attestor instead.
description: Deprecated. Use annotations per Attestor
instead.
type: object
attestations:
description: Attestations are optional checks for
@ -8394,10 +8375,8 @@ spec:
type: object
type: array
predicateType:
description: PredicateType defines the type
of Predicate contained within the Statement.
Deprecated in favour of 'Type', to be removed
soon
description: Deprecated in favour of 'Type',
to be removed soon
type: string
type:
description: Type defines the type of attestation
@ -8684,10 +8663,7 @@ spec:
type: object
type: array
image:
description: 'Image is the image name consisting of
the registry address, repository, image, and tag.
Wildcards (''*'' and ''?'') are allowed. See: https://kubernetes.io/docs/concepts/containers/images.
Deprecated. Use ImageReferences instead.'
description: Deprecated. Use ImageReferences instead.
type: string
imageReferences:
description: 'ImageReferences is a list of matching
@ -8734,14 +8710,10 @@ spec:
type: array
type: object
issuer:
description: Issuer is the certificate issuer used
for keyless signing. Deprecated. Use KeylessAttestor
instead.
description: Deprecated. Use KeylessAttestor instead.
type: string
key:
description: Key is the PEM encoded public key that
the image or attestation is signed with. Deprecated.
Use StaticKeyAttestor instead.
description: Deprecated. Use StaticKeyAttestor instead.
type: string
mutateDigest:
default: true
@ -8763,14 +8735,10 @@ spec:
check.
type: boolean
roots:
description: Roots is the PEM encoded Root certificate
chain used for keyless signing Deprecated. Use KeylessAttestor
instead.
description: Deprecated. Use KeylessAttestor instead.
type: string
subject:
description: Subject is the identity used for keyless
signing, for example an email address Deprecated.
Use KeylessAttestor instead.
description: Deprecated. Use KeylessAttestor instead.
type: string
type:
description: Type specifies the method of signature
@ -8798,8 +8766,6 @@ spec:
type: array
type: object
conditions:
description: Conditions is a list of conditions that apply to the
policy
items:
description: "Condition contains details for one aspect of the current
state of this API Resource. --- This struct is intended for direct
@ -8868,11 +8834,11 @@ spec:
type: object
type: array
ready:
description: Ready indicates if the policy is ready to serve the admission
request. Deprecated in favor of Conditions
description: Deprecated in favor of Conditions
type: boolean
rulecount:
description: RuleCount describes total number of rules in a policy
description: RuleCountStatus contains four variables which describes
counts for validate, generate, mutate and verify images rules
properties:
generate:
description: Count for generate rules in policy
@ -12558,9 +12524,8 @@ spec:
type: object
type: array
predicateType:
description: PredicateType defines the type of Predicate
contained within the Statement. Deprecated in
favour of 'Type', to be removed soon
description: Deprecated in favour of 'Type', to
be removed soon
type: string
type:
description: Type defines the type of attestation
@ -13028,7 +12993,7 @@ spec:
description: Status contains policy runtime data.
properties:
autogen:
description: Autogen contains autogen status information
description: AutogenStatus contains autogen status information.
properties:
rules:
description: Rules is a list of Rule instances. It contains auto
@ -16548,17 +16513,13 @@ spec:
additionalExtensions:
additionalProperties:
type: string
description: AdditionalExtensions are certificate-extensions
used for keyless signing. Deprecated.
description: Deprecated.
type: object
annotations:
additionalProperties:
type: string
description: Annotations are used for image verification.
Every specified key-value pair must exist and match
in the verified payload. The payload may contain
other key-value pairs. Deprecated. Use annotations
per Attestor instead.
description: Deprecated. Use annotations per Attestor
instead.
type: object
attestations:
description: Attestations are optional checks for
@ -17007,10 +16968,8 @@ spec:
type: object
type: array
predicateType:
description: PredicateType defines the type
of Predicate contained within the Statement.
Deprecated in favour of 'Type', to be removed
soon
description: Deprecated in favour of 'Type',
to be removed soon
type: string
type:
description: Type defines the type of attestation
@ -17297,10 +17256,7 @@ spec:
type: object
type: array
image:
description: 'Image is the image name consisting of
the registry address, repository, image, and tag.
Wildcards (''*'' and ''?'') are allowed. See: https://kubernetes.io/docs/concepts/containers/images.
Deprecated. Use ImageReferences instead.'
description: Deprecated. Use ImageReferences instead.
type: string
imageReferences:
description: 'ImageReferences is a list of matching
@ -17347,14 +17303,10 @@ spec:
type: array
type: object
issuer:
description: Issuer is the certificate issuer used
for keyless signing. Deprecated. Use KeylessAttestor
instead.
description: Deprecated. Use KeylessAttestor instead.
type: string
key:
description: Key is the PEM encoded public key that
the image or attestation is signed with. Deprecated.
Use StaticKeyAttestor instead.
description: Deprecated. Use StaticKeyAttestor instead.
type: string
mutateDigest:
default: true
@ -17376,14 +17328,10 @@ spec:
check.
type: boolean
roots:
description: Roots is the PEM encoded Root certificate
chain used for keyless signing Deprecated. Use KeylessAttestor
instead.
description: Deprecated. Use KeylessAttestor instead.
type: string
subject:
description: Subject is the identity used for keyless
signing, for example an email address Deprecated.
Use KeylessAttestor instead.
description: Deprecated. Use KeylessAttestor instead.
type: string
type:
description: Type specifies the method of signature
@ -17411,8 +17359,6 @@ spec:
type: array
type: object
conditions:
description: Conditions is a list of conditions that apply to the
policy
items:
description: "Condition contains details for one aspect of the current
state of this API Resource. --- This struct is intended for direct
@ -17481,11 +17427,11 @@ spec:
type: object
type: array
ready:
description: Ready indicates if the policy is ready to serve the admission
request. Deprecated in favor of Conditions
description: Deprecated in favor of Conditions
type: boolean
rulecount:
description: RuleCount describes total number of rules in a policy
description: RuleCountStatus contains four variables which describes
counts for validate, generate, mutate and verify images rules
properties:
generate:
description: Count for generate rules in policy

136
config/crds/kyverno.io_policies.yaml
View file

@ -3489,16 +3489,12 @@ spec:
additionalExtensions:
additionalProperties:
type: string
description: AdditionalExtensions are certificate-extensions
used for keyless signing. Deprecated.
description: Deprecated.
type: object
annotations:
additionalProperties:
type: string
description: Annotations are used for image verification.
Every specified key-value pair must exist and match
in the verified payload. The payload may contain other
key-value pairs. Deprecated. Use annotations per Attestor
description: Deprecated. Use annotations per Attestor
instead.
type: object
attestations:
@ -3921,9 +3917,8 @@ spec:
type: object
type: array
predicateType:
description: PredicateType defines the type of Predicate
contained within the Statement. Deprecated in
favour of 'Type', to be removed soon
description: Deprecated in favour of 'Type', to
be removed soon
type: string
type:
description: Type defines the type of attestation
@ -4200,10 +4195,7 @@ spec:
type: object
type: array
image:
description: 'Image is the image name consisting of the
registry address, repository, image, and tag. Wildcards
(''*'' and ''?'') are allowed. See: https://kubernetes.io/docs/concepts/containers/images.
Deprecated. Use ImageReferences instead.'
description: Deprecated. Use ImageReferences instead.
type: string
imageReferences:
description: 'ImageReferences is a list of matching image
@ -4249,13 +4241,10 @@ spec:
type: array
type: object
issuer:
description: Issuer is the certificate issuer used for
keyless signing. Deprecated. Use KeylessAttestor instead.
description: Deprecated. Use KeylessAttestor instead.
type: string
key:
description: Key is the PEM encoded public key that the
image or attestation is signed with. Deprecated. Use
StaticKeyAttestor instead.
description: Deprecated. Use StaticKeyAttestor instead.
type: string
mutateDigest:
default: true
@ -4277,14 +4266,10 @@ spec:
check.
type: boolean
roots:
description: Roots is the PEM encoded Root certificate
chain used for keyless signing Deprecated. Use KeylessAttestor
instead.
description: Deprecated. Use KeylessAttestor instead.
type: string
subject:
description: Subject is the identity used for keyless
signing, for example an email address Deprecated. Use
KeylessAttestor instead.
description: Deprecated. Use KeylessAttestor instead.
type: string
type:
description: Type specifies the method of signature validation.
@ -4413,11 +4398,11 @@ spec:
type: integer
type: object
status:
description: Status contains policy runtime information. Deprecated. Policy
metrics are available via the metrics endpoint
description: Deprecated. Policy metrics are available via the metrics
endpoint
properties:
autogen:
description: Autogen contains autogen status information
description: AutogenStatus contains autogen status information.
properties:
rules:
description: Rules is a list of Rule instances. It contains auto
@ -7937,17 +7922,13 @@ spec:
additionalExtensions:
additionalProperties:
type: string
description: AdditionalExtensions are certificate-extensions
used for keyless signing. Deprecated.
description: Deprecated.
type: object
annotations:
additionalProperties:
type: string
description: Annotations are used for image verification.
Every specified key-value pair must exist and match
in the verified payload. The payload may contain
other key-value pairs. Deprecated. Use annotations
per Attestor instead.
description: Deprecated. Use annotations per Attestor
instead.
type: object
attestations:
description: Attestations are optional checks for
@ -8396,10 +8377,8 @@ spec:
type: object
type: array
predicateType:
description: PredicateType defines the type
of Predicate contained within the Statement.
Deprecated in favour of 'Type', to be removed
soon
description: Deprecated in favour of 'Type',
to be removed soon
type: string
type:
description: Type defines the type of attestation
@ -8686,10 +8665,7 @@ spec:
type: object
type: array
image:
description: 'Image is the image name consisting of
the registry address, repository, image, and tag.
Wildcards (''*'' and ''?'') are allowed. See: https://kubernetes.io/docs/concepts/containers/images.
Deprecated. Use ImageReferences instead.'
description: Deprecated. Use ImageReferences instead.
type: string
imageReferences:
description: 'ImageReferences is a list of matching
@ -8736,14 +8712,10 @@ spec:
type: array
type: object
issuer:
description: Issuer is the certificate issuer used
for keyless signing. Deprecated. Use KeylessAttestor
instead.
description: Deprecated. Use KeylessAttestor instead.
type: string
key:
description: Key is the PEM encoded public key that
the image or attestation is signed with. Deprecated.
Use StaticKeyAttestor instead.
description: Deprecated. Use StaticKeyAttestor instead.
type: string
mutateDigest:
default: true
@ -8765,14 +8737,10 @@ spec:
check.
type: boolean
roots:
description: Roots is the PEM encoded Root certificate
chain used for keyless signing Deprecated. Use KeylessAttestor
instead.
description: Deprecated. Use KeylessAttestor instead.
type: string
subject:
description: Subject is the identity used for keyless
signing, for example an email address Deprecated.
Use KeylessAttestor instead.
description: Deprecated. Use KeylessAttestor instead.
type: string
type:
description: Type specifies the method of signature
@ -8800,8 +8768,6 @@ spec:
type: array
type: object
conditions:
description: Conditions is a list of conditions that apply to the
policy
items:
description: "Condition contains details for one aspect of the current
state of this API Resource. --- This struct is intended for direct
@ -8870,11 +8836,11 @@ spec:
type: object
type: array
ready:
description: Ready indicates if the policy is ready to serve the admission
request. Deprecated in favor of Conditions
description: Deprecated in favor of Conditions
type: boolean
rulecount:
description: RuleCount describes total number of rules in a policy
description: RuleCountStatus contains four variables which describes
counts for validate, generate, mutate and verify images rules
properties:
generate:
description: Count for generate rules in policy
@ -12561,9 +12527,8 @@ spec:
type: object
type: array
predicateType:
description: PredicateType defines the type of Predicate
contained within the Statement. Deprecated in
favour of 'Type', to be removed soon
description: Deprecated in favour of 'Type', to
be removed soon
type: string
type:
description: Type defines the type of attestation
@ -13031,7 +12996,7 @@ spec:
description: Status contains policy runtime data.
properties:
autogen:
description: Autogen contains autogen status information
description: AutogenStatus contains autogen status information.
properties:
rules:
description: Rules is a list of Rule instances. It contains auto
@ -16551,17 +16516,13 @@ spec:
additionalExtensions:
additionalProperties:
type: string
description: AdditionalExtensions are certificate-extensions
used for keyless signing. Deprecated.
description: Deprecated.
type: object
annotations:
additionalProperties:
type: string
description: Annotations are used for image verification.
Every specified key-value pair must exist and match
in the verified payload. The payload may contain
other key-value pairs. Deprecated. Use annotations
per Attestor instead.
description: Deprecated. Use annotations per Attestor
instead.
type: object
attestations:
description: Attestations are optional checks for
@ -17010,10 +16971,8 @@ spec:
type: object
type: array
predicateType:
description: PredicateType defines the type
of Predicate contained within the Statement.
Deprecated in favour of 'Type', to be removed
soon
description: Deprecated in favour of 'Type',
to be removed soon
type: string
type:
description: Type defines the type of attestation
@ -17300,10 +17259,7 @@ spec:
type: object
type: array
image:
description: 'Image is the image name consisting of
the registry address, repository, image, and tag.
Wildcards (''*'' and ''?'') are allowed. See: https://kubernetes.io/docs/concepts/containers/images.
Deprecated. Use ImageReferences instead.'
description: Deprecated. Use ImageReferences instead.
type: string
imageReferences:
description: 'ImageReferences is a list of matching
@ -17350,14 +17306,10 @@ spec:
type: array
type: object
issuer:
description: Issuer is the certificate issuer used
for keyless signing. Deprecated. Use KeylessAttestor
instead.
description: Deprecated. Use KeylessAttestor instead.
type: string
key:
description: Key is the PEM encoded public key that
the image or attestation is signed with. Deprecated.
Use StaticKeyAttestor instead.
description: Deprecated. Use StaticKeyAttestor instead.
type: string
mutateDigest:
default: true
@ -17379,14 +17331,10 @@ spec:
check.
type: boolean
roots:
description: Roots is the PEM encoded Root certificate
chain used for keyless signing Deprecated. Use KeylessAttestor
instead.
description: Deprecated. Use KeylessAttestor instead.
type: string
subject:
description: Subject is the identity used for keyless
signing, for example an email address Deprecated.
Use KeylessAttestor instead.
description: Deprecated. Use KeylessAttestor instead.
type: string
type:
description: Type specifies the method of signature
@ -17414,8 +17362,6 @@ spec:
type: array
type: object
conditions:
description: Conditions is a list of conditions that apply to the
policy
items:
description: "Condition contains details for one aspect of the current
state of this API Resource. --- This struct is intended for direct
@ -17484,11 +17430,11 @@ spec:
type: object
type: array
ready:
description: Ready indicates if the policy is ready to serve the admission
request. Deprecated in favor of Conditions
description: Deprecated in favor of Conditions
type: boolean
rulecount:
description: RuleCount describes total number of rules in a policy
description: RuleCountStatus contains four variables which describes
counts for validate, generate, mutate and verify images rules
properties:
generate:
description: Count for generate rules in policy

3
config/crds/kyverno.io_updaterequests.yaml
View file

@ -381,8 +381,7 @@ spec:
type: object
type: array
handler:
description: Handler represents the instance ID that handles the UR
Deprecated
description: Deprecated
type: string
message:
description: Specifies request status message.

271
config/install-latest-testing.yaml
View file

@ -7508,16 +7508,12 @@ spec:
additionalExtensions:
additionalProperties:
type: string
description: AdditionalExtensions are certificate-extensions
used for keyless signing. Deprecated.
description: Deprecated.
type: object
annotations:
additionalProperties:
type: string
description: Annotations are used for image verification.
Every specified key-value pair must exist and match
in the verified payload. The payload may contain other
key-value pairs. Deprecated. Use annotations per Attestor
description: Deprecated. Use annotations per Attestor
instead.
type: object
attestations:
@ -7940,9 +7936,8 @@ spec:
type: object
type: array
predicateType:
description: PredicateType defines the type of Predicate
contained within the Statement. Deprecated in
favour of 'Type', to be removed soon
description: Deprecated in favour of 'Type', to
be removed soon
type: string
type:
description: Type defines the type of attestation
@ -8219,10 +8214,7 @@ spec:
type: object
type: array
image:
description: 'Image is the image name consisting of the
registry address, repository, image, and tag. Wildcards
(''*'' and ''?'') are allowed. See: https://kubernetes.io/docs/concepts/containers/images.
Deprecated. Use ImageReferences instead.'
description: Deprecated. Use ImageReferences instead.
type: string
imageReferences:
description: 'ImageReferences is a list of matching image
@ -8268,13 +8260,10 @@ spec:
type: array
type: object
issuer:
description: Issuer is the certificate issuer used for
keyless signing. Deprecated. Use KeylessAttestor instead.
description: Deprecated. Use KeylessAttestor instead.
type: string
key:
description: Key is the PEM encoded public key that the
image or attestation is signed with. Deprecated. Use
StaticKeyAttestor instead.
description: Deprecated. Use StaticKeyAttestor instead.
type: string
mutateDigest:
default: true
@ -8296,14 +8285,10 @@ spec:
check.
type: boolean
roots:
description: Roots is the PEM encoded Root certificate
chain used for keyless signing Deprecated. Use KeylessAttestor
instead.
description: Deprecated. Use KeylessAttestor instead.
type: string
subject:
description: Subject is the identity used for keyless
signing, for example an email address Deprecated. Use
KeylessAttestor instead.
description: Deprecated. Use KeylessAttestor instead.
type: string
type:
description: Type specifies the method of signature validation.
@ -8435,7 +8420,7 @@ spec:
description: Status contains policy runtime data.
properties:
autogen:
description: Autogen contains autogen status information
description: AutogenStatus contains autogen status information.
properties:
rules:
description: Rules is a list of Rule instances. It contains auto
@ -11955,17 +11940,13 @@ spec:
additionalExtensions:
additionalProperties:
type: string
description: AdditionalExtensions are certificate-extensions
used for keyless signing. Deprecated.
description: Deprecated.
type: object
annotations:
additionalProperties:
type: string
description: Annotations are used for image verification.
Every specified key-value pair must exist and match
in the verified payload. The payload may contain
other key-value pairs. Deprecated. Use annotations
per Attestor instead.
description: Deprecated. Use annotations per Attestor
instead.
type: object
attestations:
description: Attestations are optional checks for
@ -12414,10 +12395,8 @@ spec:
type: object
type: array
predicateType:
description: PredicateType defines the type
of Predicate contained within the Statement.
Deprecated in favour of 'Type', to be removed
soon
description: Deprecated in favour of 'Type',
to be removed soon
type: string
type:
description: Type defines the type of attestation
@ -12704,10 +12683,7 @@ spec:
type: object
type: array
image:
description: 'Image is the image name consisting of
the registry address, repository, image, and tag.
Wildcards (''*'' and ''?'') are allowed. See: https://kubernetes.io/docs/concepts/containers/images.
Deprecated. Use ImageReferences instead.'
description: Deprecated. Use ImageReferences instead.
type: string
imageReferences:
description: 'ImageReferences is a list of matching
@ -12754,14 +12730,10 @@ spec:
type: array
type: object
issuer:
description: Issuer is the certificate issuer used
for keyless signing. Deprecated. Use KeylessAttestor
instead.
description: Deprecated. Use KeylessAttestor instead.
type: string
key:
description: Key is the PEM encoded public key that
the image or attestation is signed with. Deprecated.
Use StaticKeyAttestor instead.
description: Deprecated. Use StaticKeyAttestor instead.
type: string
mutateDigest:
default: true
@ -12783,14 +12755,10 @@ spec:
check.
type: boolean
roots:
description: Roots is the PEM encoded Root certificate
chain used for keyless signing Deprecated. Use KeylessAttestor
instead.
description: Deprecated. Use KeylessAttestor instead.
type: string
subject:
description: Subject is the identity used for keyless
signing, for example an email address Deprecated.
Use KeylessAttestor instead.
description: Deprecated. Use KeylessAttestor instead.
type: string
type:
description: Type specifies the method of signature
@ -12818,8 +12786,6 @@ spec:
type: array
type: object
conditions:
description: Conditions is a list of conditions that apply to the
policy
items:
description: "Condition contains details for one aspect of the current
state of this API Resource. --- This struct is intended for direct
@ -12888,11 +12854,11 @@ spec:
type: object
type: array
ready:
description: Ready indicates if the policy is ready to serve the admission
request. Deprecated in favor of Conditions
description: Deprecated in favor of Conditions
type: boolean
rulecount:
description: RuleCount describes total number of rules in a policy
description: RuleCountStatus contains four variables which describes
counts for validate, generate, mutate and verify images rules
properties:
generate:
description: Count for generate rules in policy
@ -16578,9 +16544,8 @@ spec:
type: object
type: array
predicateType:
description: PredicateType defines the type of Predicate
contained within the Statement. Deprecated in
favour of 'Type', to be removed soon
description: Deprecated in favour of 'Type', to
be removed soon
type: string
type:
description: Type defines the type of attestation
@ -17048,7 +17013,7 @@ spec:
description: Status contains policy runtime data.
properties:
autogen:
description: Autogen contains autogen status information
description: AutogenStatus contains autogen status information.
properties:
rules:
description: Rules is a list of Rule instances. It contains auto
@ -20568,17 +20533,13 @@ spec:
additionalExtensions:
additionalProperties:
type: string
description: AdditionalExtensions are certificate-extensions
used for keyless signing. Deprecated.
description: Deprecated.
type: object
annotations:
additionalProperties:
type: string
description: Annotations are used for image verification.
Every specified key-value pair must exist and match
in the verified payload. The payload may contain
other key-value pairs. Deprecated. Use annotations
per Attestor instead.
description: Deprecated. Use annotations per Attestor
instead.
type: object
attestations:
description: Attestations are optional checks for
@ -21027,10 +20988,8 @@ spec:
type: object
type: array
predicateType:
description: PredicateType defines the type
of Predicate contained within the Statement.
Deprecated in favour of 'Type', to be removed
soon
description: Deprecated in favour of 'Type',
to be removed soon
type: string
type:
description: Type defines the type of attestation
@ -21317,10 +21276,7 @@ spec:
type: object
type: array
image:
description: 'Image is the image name consisting of
the registry address, repository, image, and tag.
Wildcards (''*'' and ''?'') are allowed. See: https://kubernetes.io/docs/concepts/containers/images.
Deprecated. Use ImageReferences instead.'
description: Deprecated. Use ImageReferences instead.
type: string
imageReferences:
description: 'ImageReferences is a list of matching
@ -21367,14 +21323,10 @@ spec:
type: array
type: object
issuer:
description: Issuer is the certificate issuer used
for keyless signing. Deprecated. Use KeylessAttestor
instead.
description: Deprecated. Use KeylessAttestor instead.
type: string
key:
description: Key is the PEM encoded public key that
the image or attestation is signed with. Deprecated.
Use StaticKeyAttestor instead.
description: Deprecated. Use StaticKeyAttestor instead.
type: string
mutateDigest:
default: true
@ -21396,14 +21348,10 @@ spec:
check.
type: boolean
roots:
description: Roots is the PEM encoded Root certificate
chain used for keyless signing Deprecated. Use KeylessAttestor
instead.
description: Deprecated. Use KeylessAttestor instead.
type: string
subject:
description: Subject is the identity used for keyless
signing, for example an email address Deprecated.
Use KeylessAttestor instead.
description: Deprecated. Use KeylessAttestor instead.
type: string
type:
description: Type specifies the method of signature
@ -21431,8 +21379,6 @@ spec:
type: array
type: object
conditions:
description: Conditions is a list of conditions that apply to the
policy
items:
description: "Condition contains details for one aspect of the current
state of this API Resource. --- This struct is intended for direct
@ -21501,11 +21447,11 @@ spec:
type: object
type: array
ready:
description: Ready indicates if the policy is ready to serve the admission
request. Deprecated in favor of Conditions
description: Deprecated in favor of Conditions
type: boolean
rulecount:
description: RuleCount describes total number of rules in a policy
description: RuleCountStatus contains four variables which describes
counts for validate, generate, mutate and verify images rules
properties:
generate:
description: Count for generate rules in policy
@ -25048,16 +24994,12 @@ spec:
additionalExtensions:
additionalProperties:
type: string
description: AdditionalExtensions are certificate-extensions
used for keyless signing. Deprecated.
description: Deprecated.
type: object
annotations:
additionalProperties:
type: string
description: Annotations are used for image verification.
Every specified key-value pair must exist and match
in the verified payload. The payload may contain other
key-value pairs. Deprecated. Use annotations per Attestor
description: Deprecated. Use annotations per Attestor
instead.
type: object
attestations:
@ -25480,9 +25422,8 @@ spec:
type: object
type: array
predicateType:
description: PredicateType defines the type of Predicate
contained within the Statement. Deprecated in
favour of 'Type', to be removed soon
description: Deprecated in favour of 'Type', to
be removed soon
type: string
type:
description: Type defines the type of attestation
@ -25759,10 +25700,7 @@ spec:
type: object
type: array
image:
description: 'Image is the image name consisting of the
registry address, repository, image, and tag. Wildcards
(''*'' and ''?'') are allowed. See: https://kubernetes.io/docs/concepts/containers/images.
Deprecated. Use ImageReferences instead.'
description: Deprecated. Use ImageReferences instead.
type: string
imageReferences:
description: 'ImageReferences is a list of matching image
@ -25808,13 +25746,10 @@ spec:
type: array
type: object
issuer:
description: Issuer is the certificate issuer used for
keyless signing. Deprecated. Use KeylessAttestor instead.
description: Deprecated. Use KeylessAttestor instead.
type: string
key:
description: Key is the PEM encoded public key that the
image or attestation is signed with. Deprecated. Use
StaticKeyAttestor instead.
description: Deprecated. Use StaticKeyAttestor instead.
type: string
mutateDigest:
default: true
@ -25836,14 +25771,10 @@ spec:
check.
type: boolean
roots:
description: Roots is the PEM encoded Root certificate
chain used for keyless signing Deprecated. Use KeylessAttestor
instead.
description: Deprecated. Use KeylessAttestor instead.
type: string
subject:
description: Subject is the identity used for keyless
signing, for example an email address Deprecated. Use
KeylessAttestor instead.
description: Deprecated. Use KeylessAttestor instead.
type: string
type:
description: Type specifies the method of signature validation.
@ -25972,11 +25903,11 @@ spec:
type: integer
type: object
status:
description: Status contains policy runtime information. Deprecated. Policy
metrics are available via the metrics endpoint
description: Deprecated. Policy metrics are available via the metrics
endpoint
properties:
autogen:
description: Autogen contains autogen status information
description: AutogenStatus contains autogen status information.
properties:
rules:
description: Rules is a list of Rule instances. It contains auto
@ -29496,17 +29427,13 @@ spec:
additionalExtensions:
additionalProperties:
type: string
description: AdditionalExtensions are certificate-extensions
used for keyless signing. Deprecated.
description: Deprecated.
type: object
annotations:
additionalProperties:
type: string
description: Annotations are used for image verification.
Every specified key-value pair must exist and match
in the verified payload. The payload may contain
other key-value pairs. Deprecated. Use annotations
per Attestor instead.
description: Deprecated. Use annotations per Attestor
instead.
type: object
attestations:
description: Attestations are optional checks for
@ -29955,10 +29882,8 @@ spec:
type: object
type: array
predicateType:
description: PredicateType defines the type
of Predicate contained within the Statement.
Deprecated in favour of 'Type', to be removed
soon
description: Deprecated in favour of 'Type',
to be removed soon
type: string
type:
description: Type defines the type of attestation
@ -30245,10 +30170,7 @@ spec:
type: object
type: array
image:
description: 'Image is the image name consisting of
the registry address, repository, image, and tag.
Wildcards (''*'' and ''?'') are allowed. See: https://kubernetes.io/docs/concepts/containers/images.
Deprecated. Use ImageReferences instead.'
description: Deprecated. Use ImageReferences instead.
type: string
imageReferences:
description: 'ImageReferences is a list of matching
@ -30295,14 +30217,10 @@ spec:
type: array
type: object
issuer:
description: Issuer is the certificate issuer used
for keyless signing. Deprecated. Use KeylessAttestor
instead.
description: Deprecated. Use KeylessAttestor instead.
type: string
key:
description: Key is the PEM encoded public key that
the image or attestation is signed with. Deprecated.
Use StaticKeyAttestor instead.
description: Deprecated. Use StaticKeyAttestor instead.
type: string
mutateDigest:
default: true
@ -30324,14 +30242,10 @@ spec:
check.
type: boolean
roots:
description: Roots is the PEM encoded Root certificate
chain used for keyless signing Deprecated. Use KeylessAttestor
instead.
description: Deprecated. Use KeylessAttestor instead.
type: string
subject:
description: Subject is the identity used for keyless
signing, for example an email address Deprecated.
Use KeylessAttestor instead.
description: Deprecated. Use KeylessAttestor instead.
type: string
type:
description: Type specifies the method of signature
@ -30359,8 +30273,6 @@ spec:
type: array
type: object
conditions:
description: Conditions is a list of conditions that apply to the
policy
items:
description: "Condition contains details for one aspect of the current
state of this API Resource. --- This struct is intended for direct
@ -30429,11 +30341,11 @@ spec:
type: object
type: array
ready:
description: Ready indicates if the policy is ready to serve the admission
request. Deprecated in favor of Conditions
description: Deprecated in favor of Conditions
type: boolean
rulecount:
description: RuleCount describes total number of rules in a policy
description: RuleCountStatus contains four variables which describes
counts for validate, generate, mutate and verify images rules
properties:
generate:
description: Count for generate rules in policy
@ -34120,9 +34032,8 @@ spec:
type: object
type: array
predicateType:
description: PredicateType defines the type of Predicate
contained within the Statement. Deprecated in
favour of 'Type', to be removed soon
description: Deprecated in favour of 'Type', to
be removed soon
type: string
type:
description: Type defines the type of attestation
@ -34590,7 +34501,7 @@ spec:
description: Status contains policy runtime data.
properties:
autogen:
description: Autogen contains autogen status information
description: AutogenStatus contains autogen status information.
properties:
rules:
description: Rules is a list of Rule instances. It contains auto
@ -38110,17 +38021,13 @@ spec:
additionalExtensions:
additionalProperties:
type: string
description: AdditionalExtensions are certificate-extensions
used for keyless signing. Deprecated.
description: Deprecated.
type: object
annotations:
additionalProperties:
type: string
description: Annotations are used for image verification.
Every specified key-value pair must exist and match
in the verified payload. The payload may contain
other key-value pairs. Deprecated. Use annotations
per Attestor instead.
description: Deprecated. Use annotations per Attestor
instead.
type: object
attestations:
description: Attestations are optional checks for
@ -38569,10 +38476,8 @@ spec:
type: object
type: array
predicateType:
description: PredicateType defines the type
of Predicate contained within the Statement.
Deprecated in favour of 'Type', to be removed
soon
description: Deprecated in favour of 'Type',
to be removed soon
type: string
type:
description: Type defines the type of attestation
@ -38859,10 +38764,7 @@ spec:
type: object
type: array
image:
description: 'Image is the image name consisting of
the registry address, repository, image, and tag.
Wildcards (''*'' and ''?'') are allowed. See: https://kubernetes.io/docs/concepts/containers/images.
Deprecated. Use ImageReferences instead.'
description: Deprecated. Use ImageReferences instead.
type: string
imageReferences:
description: 'ImageReferences is a list of matching
@ -38909,14 +38811,10 @@ spec:
type: array
type: object
issuer:
description: Issuer is the certificate issuer used
for keyless signing. Deprecated. Use KeylessAttestor
instead.
description: Deprecated. Use KeylessAttestor instead.
type: string
key:
description: Key is the PEM encoded public key that
the image or attestation is signed with. Deprecated.
Use StaticKeyAttestor instead.
description: Deprecated. Use StaticKeyAttestor instead.
type: string
mutateDigest:
default: true
@ -38938,14 +38836,10 @@ spec:
check.
type: boolean
roots:
description: Roots is the PEM encoded Root certificate
chain used for keyless signing Deprecated. Use KeylessAttestor
instead.
description: Deprecated. Use KeylessAttestor instead.
type: string
subject:
description: Subject is the identity used for keyless
signing, for example an email address Deprecated.
Use KeylessAttestor instead.
description: Deprecated. Use KeylessAttestor instead.
type: string
type:
description: Type specifies the method of signature
@ -38973,8 +38867,6 @@ spec:
type: array
type: object
conditions:
description: Conditions is a list of conditions that apply to the
policy
items:
description: "Condition contains details for one aspect of the current
state of this API Resource. --- This struct is intended for direct
@ -39043,11 +38935,11 @@ spec:
type: object
type: array
ready:
description: Ready indicates if the policy is ready to serve the admission
request. Deprecated in favor of Conditions
description: Deprecated in favor of Conditions
type: boolean
rulecount:
description: RuleCount describes total number of rules in a policy
description: RuleCountStatus contains four variables which describes
counts for validate, generate, mutate and verify images rules
properties:
generate:
description: Count for generate rules in policy
@ -40006,8 +39898,7 @@ spec:
type: object
type: array
handler:
description: Handler represents the instance ID that handles the UR
Deprecated
description: Deprecated
type: string
message:
description: Specifies request status message.

42
docs/user/crd/index.html
View file

@ -568,8 +568,7 @@ PolicyStatus
</td>
<td>
<em>(Optional)</em>
<p>Status contains policy runtime information.
Deprecated. Policy metrics are available via the metrics endpoint</p>
<p>Deprecated. Policy metrics are available via the metrics endpoint</p>
</td>
</tr>
</tbody>
@ -769,8 +768,7 @@ string
</em>
</td>
<td>
<p>PredicateType defines the type of Predicate contained within the Statement.
Deprecated in favour of &lsquo;Type&rsquo;, to be removed soon</p>
<p>Deprecated in favour of &lsquo;Type&rsquo;, to be removed soon</p>
</td>
</tr>
<tr>
@ -2169,9 +2167,7 @@ string
</em>
</td>
<td>
<p>Image is the image name consisting of the registry address, repository, image, and tag.
Wildcards (&lsquo;*&rsquo; and &lsquo;?&rsquo;) are allowed. See: <a href="https://kubernetes.io/docs/concepts/containers/images">https://kubernetes.io/docs/concepts/containers/images</a>.
Deprecated. Use ImageReferences instead.</p>
<p>Deprecated. Use ImageReferences instead.</p>
</td>
</tr>
<tr>
@ -2196,8 +2192,7 @@ string
</em>
</td>
<td>
<p>Key is the PEM encoded public key that the image or attestation is signed with.
Deprecated. Use StaticKeyAttestor instead.</p>
<p>Deprecated. Use StaticKeyAttestor instead.</p>
</td>
</tr>
<tr>
@ -2208,8 +2203,7 @@ string
</em>
</td>
<td>
<p>Roots is the PEM encoded Root certificate chain used for keyless signing
Deprecated. Use KeylessAttestor instead.</p>
<p>Deprecated. Use KeylessAttestor instead.</p>
</td>
</tr>
<tr>
@ -2220,8 +2214,7 @@ string
</em>
</td>
<td>
<p>Subject is the identity used for keyless signing, for example an email address
Deprecated. Use KeylessAttestor instead.</p>
<p>Deprecated. Use KeylessAttestor instead.</p>
</td>
</tr>
<tr>
@ -2232,8 +2225,7 @@ string
</em>
</td>
<td>
<p>Issuer is the certificate issuer used for keyless signing.
Deprecated. Use KeylessAttestor instead.</p>
<p>Deprecated. Use KeylessAttestor instead.</p>
</td>
</tr>
<tr>
@ -2244,8 +2236,7 @@ map[string]string
</em>
</td>
<td>
<p>AdditionalExtensions are certificate-extensions used for keyless signing.
Deprecated.</p>
<p>Deprecated.</p>
</td>
</tr>
<tr>
@ -2284,10 +2275,7 @@ map[string]string
</em>
</td>
<td>
<p>Annotations are used for image verification.
Every specified key-value pair must exist and match in the verified payload.
The payload may contain other key-value pairs.
Deprecated. Use annotations per Attestor instead.</p>
<p>Deprecated. Use annotations per Attestor instead.</p>
</td>
</tr>
<tr>
@ -2877,8 +2865,7 @@ Wildcards (&lsquo;*&rsquo; and &lsquo;?&rsquo;) are allowed. See: <a href="https
<a href="#kyverno.io/v2beta1.Policy">Policy</a>)
</p>
<p>
<p>PolicyStatus mostly contains runtime information related to policy execution.
Deprecated. Policy metrics are now available via the &ldquo;/metrics&rdquo; endpoint.
<p>Deprecated. Policy metrics are now available via the &ldquo;/metrics&rdquo; endpoint.
See: <a href="https://kyverno.io/docs/monitoring-kyverno-with-prometheus-metrics/">https://kyverno.io/docs/monitoring-kyverno-with-prometheus-metrics/</a></p>
</p>
<table class="table table-striped">
@ -2897,8 +2884,7 @@ bool
</em>
</td>
<td>
<p>Ready indicates if the policy is ready to serve the admission request.
Deprecated in favor of Conditions</p>
<p>Deprecated in favor of Conditions</p>
</td>
</tr>
<tr>
@ -2912,7 +2898,6 @@ Deprecated in favor of Conditions</p>
</td>
<td>
<em>(Optional)</em>
<p>Conditions is a list of conditions that apply to the policy</p>
</td>
</tr>
<tr>
@ -2926,7 +2911,6 @@ AutogenStatus
</td>
<td>
<em>(Optional)</em>
<p>Autogen contains autogen status information</p>
</td>
</tr>
<tr>
@ -2940,7 +2924,6 @@ RuleCountStatus
</td>
<td>
<em>(Optional)</em>
<p>RuleCount describes total number of rules in a policy</p>
</td>
</tr>
<tr>
@ -5371,8 +5354,7 @@ string
</em>
</td>
<td>
<p>Handler represents the instance ID that handles the UR
Deprecated</p>
<p>Deprecated</p>
</td>
</tr>
<tr>