mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2024-12-14 11:57:48 +00:00
Code Activity

Update PSa images dsecription (#4840)

Browse source 
Signed-off-by: ShutingZhao <shuting@nirmata.com>

Signed-off-by: ShutingZhao <shuting@nirmata.com>
This commit is contained in:
shuting 2022-10-07 16:09:31 +08:00 committed by GitHub
parent 7849fbbc8a
commit 4d90b7b561
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
7 changed files with 339 additions and 285 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
api/kyverno/v1/common_types.go
View file

@ -350,6 +350,7 @@ type PodSecurityStandard struct {
// Images selects matching containers and applies the container level PSS.
// Each image is the image name consisting of the registry address, repository, image, and tag.
// Empty list matches no containers, PSS checks are applied at the pod level only.
// Wildcards ('*' and '?') are allowed. See: https://kubernetes.io/docs/concepts/containers/images.
// +optional
Images []string `json:"images,omitempty" yaml:"images,omitempty"`
}

16
charts/kyverno/templates/crds.yaml
View file

@ -2478,7 +2478,7 @@ spec:
- Running as Non-root user
type: string
images:
description: Images selects matching containers and applies the container level PSS. Each image is the image name consisting of the registry address, repository, image, and tag. Empty list matches no containers, PSS checks are applied at the pod level only.
description: 'Images selects matching containers and applies the container level PSS. Each image is the image name consisting of the registry address, repository, image, and tag. Empty list matches no containers, PSS checks are applied at the pod level only. Wildcards (''*'' and ''?'') are allowed. See: https://kubernetes.io/docs/concepts/containers/images.'
items:
type: string
type: array
@ -4215,7 +4215,7 @@ spec:
- Running as Non-root user
type: string
images:
description: Images selects matching containers and applies the container level PSS. Each image is the image name consisting of the registry address, repository, image, and tag. Empty list matches no containers, PSS checks are applied at the pod level only.
description: 'Images selects matching containers and applies the container level PSS. Each image is the image name consisting of the registry address, repository, image, and tag. Empty list matches no containers, PSS checks are applied at the pod level only. Wildcards (''*'' and ''?'') are allowed. See: https://kubernetes.io/docs/concepts/containers/images.'
items:
type: string
type: array
@ -5903,7 +5903,7 @@ spec:
- Running as Non-root user
type: string
images:
description: Images selects matching containers and applies the container level PSS. Each image is the image name consisting of the registry address, repository, image, and tag. Empty list matches no containers, PSS checks are applied at the pod level only.
description: 'Images selects matching containers and applies the container level PSS. Each image is the image name consisting of the registry address, repository, image, and tag. Empty list matches no containers, PSS checks are applied at the pod level only. Wildcards (''*'' and ''?'') are allowed. See: https://kubernetes.io/docs/concepts/containers/images.'
items:
type: string
type: array
@ -7615,7 +7615,7 @@ spec:
- Running as Non-root user
type: string
images:
description: Images selects matching containers and applies the container level PSS. Each image is the image name consisting of the registry address, repository, image, and tag. Empty list matches no containers, PSS checks are applied at the pod level only.
description: 'Images selects matching containers and applies the container level PSS. Each image is the image name consisting of the registry address, repository, image, and tag. Empty list matches no containers, PSS checks are applied at the pod level only. Wildcards (''*'' and ''?'') are allowed. See: https://kubernetes.io/docs/concepts/containers/images.'
items:
type: string
type: array
@ -9899,7 +9899,7 @@ spec:
- Running as Non-root user
type: string
images:
description: Images selects matching containers and applies the container level PSS. Each image is the image name consisting of the registry address, repository, image, and tag. Empty list matches no containers, PSS checks are applied at the pod level only.
description: 'Images selects matching containers and applies the container level PSS. Each image is the image name consisting of the registry address, repository, image, and tag. Empty list matches no containers, PSS checks are applied at the pod level only. Wildcards (''*'' and ''?'') are allowed. See: https://kubernetes.io/docs/concepts/containers/images.'
items:
type: string
type: array
@ -11636,7 +11636,7 @@ spec:
- Running as Non-root user
type: string
images:
description: Images selects matching containers and applies the container level PSS. Each image is the image name consisting of the registry address, repository, image, and tag. Empty list matches no containers, PSS checks are applied at the pod level only.
description: 'Images selects matching containers and applies the container level PSS. Each image is the image name consisting of the registry address, repository, image, and tag. Empty list matches no containers, PSS checks are applied at the pod level only. Wildcards (''*'' and ''?'') are allowed. See: https://kubernetes.io/docs/concepts/containers/images.'
items:
type: string
type: array
@ -13324,7 +13324,7 @@ spec:
- Running as Non-root user
type: string
images:
description: Images selects matching containers and applies the container level PSS. Each image is the image name consisting of the registry address, repository, image, and tag. Empty list matches no containers, PSS checks are applied at the pod level only.
description: 'Images selects matching containers and applies the container level PSS. Each image is the image name consisting of the registry address, repository, image, and tag. Empty list matches no containers, PSS checks are applied at the pod level only. Wildcards (''*'' and ''?'') are allowed. See: https://kubernetes.io/docs/concepts/containers/images.'
items:
type: string
type: array
@ -15036,7 +15036,7 @@ spec:
- Running as Non-root user
type: string
images:
description: Images selects matching containers and applies the container level PSS. Each image is the image name consisting of the registry address, repository, image, and tag. Empty list matches no containers, PSS checks are applied at the pod level only.
description: 'Images selects matching containers and applies the container level PSS. Each image is the image name consisting of the registry address, repository, image, and tag. Empty list matches no containers, PSS checks are applied at the pod level only. Wildcards (''*'' and ''?'') are allowed. See: https://kubernetes.io/docs/concepts/containers/images.'
items:
type: string
type: array

18
config/crds/kyverno.io_clusterpolicies.yaml
View file

@ -2385,12 +2385,13 @@ spec:
- Running as Non-root user
type: string
images:
description: Images selects matching containers
description: 'Images selects matching containers
and applies the container level PSS. Each image
is the image name consisting of the registry
address, repository, image, and tag. Empty list
matches no containers, PSS checks are applied
at the pod level only.
at the pod level only. Wildcards (''*'' and
''?'') are allowed. See: https://kubernetes.io/docs/concepts/containers/images.'
items:
type: string
type: array
@ -5243,12 +5244,14 @@ spec:
- Running as Non-root user
type: string
images:
description: Images selects matching containers
description: 'Images selects matching containers
and applies the container level PSS. Each
image is the image name consisting of the
registry address, repository, image, and
tag. Empty list matches no containers, PSS
checks are applied at the pod level only.
Wildcards (''*'' and ''?'') are allowed.
See: https://kubernetes.io/docs/concepts/containers/images.'
items:
type: string
type: array
@ -7895,12 +7898,13 @@ spec:
- Running as Non-root user
type: string
images:
description: Images selects matching containers
description: 'Images selects matching containers
and applies the container level PSS. Each image
is the image name consisting of the registry
address, repository, image, and tag. Empty list
matches no containers, PSS checks are applied
at the pod level only.
at the pod level only. Wildcards (''*'' and
''?'') are allowed. See: https://kubernetes.io/docs/concepts/containers/images.'
items:
type: string
type: array
@ -10713,12 +10717,14 @@ spec:
- Running as Non-root user
type: string
images:
description: Images selects matching containers
description: 'Images selects matching containers
and applies the container level PSS. Each
image is the image name consisting of the
registry address, repository, image, and
tag. Empty list matches no containers, PSS
checks are applied at the pod level only.
Wildcards (''*'' and ''?'') are allowed.
See: https://kubernetes.io/docs/concepts/containers/images.'
items:
type: string
type: array

18
config/crds/kyverno.io_policies.yaml
View file

@ -2386,12 +2386,13 @@ spec:
- Running as Non-root user
type: string
images:
description: Images selects matching containers
description: 'Images selects matching containers
and applies the container level PSS. Each image
is the image name consisting of the registry
address, repository, image, and tag. Empty list
matches no containers, PSS checks are applied
at the pod level only.
at the pod level only. Wildcards (''*'' and
''?'') are allowed. See: https://kubernetes.io/docs/concepts/containers/images.'
items:
type: string
type: array
@ -5245,12 +5246,14 @@ spec:
- Running as Non-root user
type: string
images:
description: Images selects matching containers
description: 'Images selects matching containers
and applies the container level PSS. Each
image is the image name consisting of the
registry address, repository, image, and
tag. Empty list matches no containers, PSS
checks are applied at the pod level only.
Wildcards (''*'' and ''?'') are allowed.
See: https://kubernetes.io/docs/concepts/containers/images.'
items:
type: string
type: array
@ -7898,12 +7901,13 @@ spec:
- Running as Non-root user
type: string
images:
description: Images selects matching containers
description: 'Images selects matching containers
and applies the container level PSS. Each image
is the image name consisting of the registry
address, repository, image, and tag. Empty list
matches no containers, PSS checks are applied
at the pod level only.
at the pod level only. Wildcards (''*'' and
''?'') are allowed. See: https://kubernetes.io/docs/concepts/containers/images.'
items:
type: string
type: array
@ -10716,12 +10720,14 @@ spec:
- Running as Non-root user
type: string
images:
description: Images selects matching containers
description: 'Images selects matching containers
and applies the container level PSS. Each
image is the image name consisting of the
registry address, repository, image, and
tag. Empty list matches no containers, PSS
checks are applied at the pod level only.
Wildcards (''*'' and ''?'') are allowed.
See: https://kubernetes.io/docs/concepts/containers/images.'
items:
type: string
type: array

284
config/install.yaml
View file

@ -94,9 +94,11 @@ spec:
blockOwnerDeletion:
description: If true, AND if the owner has the "foregroundDeletion"
finalizer, then the owner cannot be deleted from the key-value
store until this reference is removed. Defaults to false. To
set this field, a user needs "delete" permission of the owner,
otherwise 422 (Unprocessable Entity) will be returned.
store until this reference is removed. See https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion
for how the garbage collector interacts with this field and
enforces the foreground deletion. Defaults to false. To set
this field, a user needs "delete" permission of the owner, otherwise
422 (Unprocessable Entity) will be returned.
type: boolean
controller:
description: If true, this reference points to the managing controller.
@ -192,32 +194,33 @@ spec:
description: Subjects is an optional reference to the checked
Kubernetes resources
items:
description: 'ObjectReference contains enough information
description: "ObjectReference contains enough information
to let you inspect or modify the referred object. --- New
uses of this type are discouraged because of difficulty
describing its usage when embedded in APIs. 1. Ignored fields. It
includes many fields which are not generally honored. For
instance, ResourceVersion and FieldPath are both very rarely
valid in actual usage. 2. Invalid usage help. It is impossible
to add specific help for individual usage. In most embedded
usages, there are particular restrictions like, "must refer
only to types A and B" or "UID not honored" or "name must
be restricted". Those cannot be well described when embedded.
3. Inconsistent validation. Because the usages are different,
the validation rules are different by usage, which makes
it hard for users to predict what will happen. 4. The fields
are both imprecise and overly precise. Kind is not a precise
mapping to a URL. This can produce ambiguity during interpretation
and require a REST mapping. In most cases, the dependency
is on the group,resource tuple and the version of the actual
describing its usage when embedded in APIs. 1. Ignored fields.
\ It includes many fields which are not generally honored.
\ For instance, ResourceVersion and FieldPath are both very
rarely valid in actual usage. 2. Invalid usage help. It
is impossible to add specific help for individual usage.
\ In most embedded usages, there are particular restrictions
like, \"must refer only to types A and B\" or \"UID not
honored\" or \"name must be restricted\". Those cannot be
well described when embedded. 3. Inconsistent validation.
\ Because the usages are different, the validation rules
are different by usage, which makes it hard for users to
predict what will happen. 4. The fields are both imprecise
and overly precise. Kind is not a precise mapping to a
URL. This can produce ambiguity during interpretation and
require a REST mapping. In most cases, the dependency is
on the group,resource tuple and the version of the actual
struct is irrelevant. 5. We cannot easily change it. Because
this type is embedded in many locations, updates to this
type will affect numerous schemas. Don''t make new APIs
embed an underspecified API type they do not control. Instead
of using this type, create a locally provided and used type
that is well-focused on your reference. For example, ServiceReferences
for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
.'
type will affect numerous schemas. Don't make new APIs
embed an underspecified API type they do not control. \n
Instead of using this type, create a locally provided and
used type that is well-focused on your reference. For example,
ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
."
properties:
apiVersion:
description: API version of the referent.
@ -494,32 +497,33 @@ spec:
description: Subjects is an optional reference to the checked
Kubernetes resources
items:
description: 'ObjectReference contains enough information
description: "ObjectReference contains enough information
to let you inspect or modify the referred object. --- New
uses of this type are discouraged because of difficulty
describing its usage when embedded in APIs. 1. Ignored fields. It
includes many fields which are not generally honored. For
instance, ResourceVersion and FieldPath are both very rarely
valid in actual usage. 2. Invalid usage help. It is impossible
to add specific help for individual usage. In most embedded
usages, there are particular restrictions like, "must refer
only to types A and B" or "UID not honored" or "name must
be restricted". Those cannot be well described when embedded.
3. Inconsistent validation. Because the usages are different,
the validation rules are different by usage, which makes
it hard for users to predict what will happen. 4. The fields
are both imprecise and overly precise. Kind is not a precise
mapping to a URL. This can produce ambiguity during interpretation
and require a REST mapping. In most cases, the dependency
is on the group,resource tuple and the version of the actual
describing its usage when embedded in APIs. 1. Ignored fields.
\ It includes many fields which are not generally honored.
\ For instance, ResourceVersion and FieldPath are both very
rarely valid in actual usage. 2. Invalid usage help. It
is impossible to add specific help for individual usage.
\ In most embedded usages, there are particular restrictions
like, \"must refer only to types A and B\" or \"UID not
honored\" or \"name must be restricted\". Those cannot be
well described when embedded. 3. Inconsistent validation.
\ Because the usages are different, the validation rules
are different by usage, which makes it hard for users to
predict what will happen. 4. The fields are both imprecise
and overly precise. Kind is not a precise mapping to a
URL. This can produce ambiguity during interpretation and
require a REST mapping. In most cases, the dependency is
on the group,resource tuple and the version of the actual
struct is irrelevant. 5. We cannot easily change it. Because
this type is embedded in many locations, updates to this
type will affect numerous schemas. Don''t make new APIs
embed an underspecified API type they do not control. Instead
of using this type, create a locally provided and used type
that is well-focused on your reference. For example, ServiceReferences
for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
.'
type will affect numerous schemas. Don't make new APIs
embed an underspecified API type they do not control. \n
Instead of using this type, create a locally provided and
used type that is well-focused on your reference. For example,
ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
."
properties:
apiVersion:
description: API version of the referent.
@ -729,9 +733,11 @@ spec:
blockOwnerDeletion:
description: If true, AND if the owner has the "foregroundDeletion"
finalizer, then the owner cannot be deleted from the key-value
store until this reference is removed. Defaults to false. To
set this field, a user needs "delete" permission of the owner,
otherwise 422 (Unprocessable Entity) will be returned.
store until this reference is removed. See https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion
for how the garbage collector interacts with this field and
enforces the foreground deletion. Defaults to false. To set
this field, a user needs "delete" permission of the owner, otherwise
422 (Unprocessable Entity) will be returned.
type: boolean
controller:
description: If true, this reference points to the managing controller.
@ -827,32 +833,33 @@ spec:
description: Subjects is an optional reference to the checked
Kubernetes resources
items:
description: 'ObjectReference contains enough information
description: "ObjectReference contains enough information
to let you inspect or modify the referred object. --- New
uses of this type are discouraged because of difficulty
describing its usage when embedded in APIs. 1. Ignored fields. It
includes many fields which are not generally honored. For
instance, ResourceVersion and FieldPath are both very rarely
valid in actual usage. 2. Invalid usage help. It is impossible
to add specific help for individual usage. In most embedded
usages, there are particular restrictions like, "must refer
only to types A and B" or "UID not honored" or "name must
be restricted". Those cannot be well described when embedded.
3. Inconsistent validation. Because the usages are different,
the validation rules are different by usage, which makes
it hard for users to predict what will happen. 4. The fields
are both imprecise and overly precise. Kind is not a precise
mapping to a URL. This can produce ambiguity during interpretation
and require a REST mapping. In most cases, the dependency
is on the group,resource tuple and the version of the actual
describing its usage when embedded in APIs. 1. Ignored fields.
\ It includes many fields which are not generally honored.
\ For instance, ResourceVersion and FieldPath are both very
rarely valid in actual usage. 2. Invalid usage help. It
is impossible to add specific help for individual usage.
\ In most embedded usages, there are particular restrictions
like, \"must refer only to types A and B\" or \"UID not
honored\" or \"name must be restricted\". Those cannot be
well described when embedded. 3. Inconsistent validation.
\ Because the usages are different, the validation rules
are different by usage, which makes it hard for users to
predict what will happen. 4. The fields are both imprecise
and overly precise. Kind is not a precise mapping to a
URL. This can produce ambiguity during interpretation and
require a REST mapping. In most cases, the dependency is
on the group,resource tuple and the version of the actual
struct is irrelevant. 5. We cannot easily change it. Because
this type is embedded in many locations, updates to this
type will affect numerous schemas. Don''t make new APIs
embed an underspecified API type they do not control. Instead
of using this type, create a locally provided and used type
that is well-focused on your reference. For example, ServiceReferences
for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
.'
type will affect numerous schemas. Don't make new APIs
embed an underspecified API type they do not control. \n
Instead of using this type, create a locally provided and
used type that is well-focused on your reference. For example,
ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
."
properties:
apiVersion:
description: API version of the referent.
@ -1129,32 +1136,33 @@ spec:
description: Subjects is an optional reference to the checked
Kubernetes resources
items:
description: 'ObjectReference contains enough information
description: "ObjectReference contains enough information
to let you inspect or modify the referred object. --- New
uses of this type are discouraged because of difficulty
describing its usage when embedded in APIs. 1. Ignored fields. It
includes many fields which are not generally honored. For
instance, ResourceVersion and FieldPath are both very rarely
valid in actual usage. 2. Invalid usage help. It is impossible
to add specific help for individual usage. In most embedded
usages, there are particular restrictions like, "must refer
only to types A and B" or "UID not honored" or "name must
be restricted". Those cannot be well described when embedded.
3. Inconsistent validation. Because the usages are different,
the validation rules are different by usage, which makes
it hard for users to predict what will happen. 4. The fields
are both imprecise and overly precise. Kind is not a precise
mapping to a URL. This can produce ambiguity during interpretation
and require a REST mapping. In most cases, the dependency
is on the group,resource tuple and the version of the actual
describing its usage when embedded in APIs. 1. Ignored fields.
\ It includes many fields which are not generally honored.
\ For instance, ResourceVersion and FieldPath are both very
rarely valid in actual usage. 2. Invalid usage help. It
is impossible to add specific help for individual usage.
\ In most embedded usages, there are particular restrictions
like, \"must refer only to types A and B\" or \"UID not
honored\" or \"name must be restricted\". Those cannot be
well described when embedded. 3. Inconsistent validation.
\ Because the usages are different, the validation rules
are different by usage, which makes it hard for users to
predict what will happen. 4. The fields are both imprecise
and overly precise. Kind is not a precise mapping to a
URL. This can produce ambiguity during interpretation and
require a REST mapping. In most cases, the dependency is
on the group,resource tuple and the version of the actual
struct is irrelevant. 5. We cannot easily change it. Because
this type is embedded in many locations, updates to this
type will affect numerous schemas. Don''t make new APIs
embed an underspecified API type they do not control. Instead
of using this type, create a locally provided and used type
that is well-focused on your reference. For example, ServiceReferences
for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
.'
type will affect numerous schemas. Don't make new APIs
embed an underspecified API type they do not control. \n
Instead of using this type, create a locally provided and
used type that is well-focused on your reference. For example,
ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
."
properties:
apiVersion:
description: API version of the referent.
@ -3671,12 +3679,13 @@ spec:
- Running as Non-root user
type: string
images:
description: Images selects matching containers
description: 'Images selects matching containers
and applies the container level PSS. Each image
is the image name consisting of the registry
address, repository, image, and tag. Empty list
matches no containers, PSS checks are applied
at the pod level only.
at the pod level only. Wildcards (''*'' and
''?'') are allowed. See: https://kubernetes.io/docs/concepts/containers/images.'
items:
type: string
type: array
@ -6529,12 +6538,14 @@ spec:
- Running as Non-root user
type: string
images:
description: Images selects matching containers
description: 'Images selects matching containers
and applies the container level PSS. Each
image is the image name consisting of the
registry address, repository, image, and
tag. Empty list matches no containers, PSS
checks are applied at the pod level only.
Wildcards (''*'' and ''?'') are allowed.
See: https://kubernetes.io/docs/concepts/containers/images.'
items:
type: string
type: array
@ -6964,8 +6975,8 @@ spec:
description: "Condition contains details for one aspect of the current
state of this API Resource. --- This struct is intended for direct
use as an array at the field path .status.conditions. For example,
type FooStatus struct{ // Represents the observations of a foo's
current state. // Known .status.conditions.type are: \"Available\",
\n type FooStatus struct{ // Represents the observations of a
foo's current state. // Known .status.conditions.type are: \"Available\",
\"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
// +listType=map // +listMapKey=type Conditions []metav1.Condition
`json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
@ -9181,12 +9192,13 @@ spec:
- Running as Non-root user
type: string
images:
description: Images selects matching containers
description: 'Images selects matching containers
and applies the container level PSS. Each image
is the image name consisting of the registry
address, repository, image, and tag. Empty list
matches no containers, PSS checks are applied
at the pod level only.
at the pod level only. Wildcards (''*'' and
''?'') are allowed. See: https://kubernetes.io/docs/concepts/containers/images.'
items:
type: string
type: array
@ -11999,12 +12011,14 @@ spec:
- Running as Non-root user
type: string
images:
description: Images selects matching containers
description: 'Images selects matching containers
and applies the container level PSS. Each
image is the image name consisting of the
registry address, repository, image, and
tag. Empty list matches no containers, PSS
checks are applied at the pod level only.
Wildcards (''*'' and ''?'') are allowed.
See: https://kubernetes.io/docs/concepts/containers/images.'
items:
type: string
type: array
@ -12434,8 +12448,8 @@ spec:
description: "Condition contains details for one aspect of the current
state of this API Resource. --- This struct is intended for direct
use as an array at the field path .status.conditions. For example,
type FooStatus struct{ // Represents the observations of a foo's
current state. // Known .status.conditions.type are: \"Available\",
\n type FooStatus struct{ // Represents the observations of a
foo's current state. // Known .status.conditions.type are: \"Available\",
\"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
// +listType=map // +listMapKey=type Conditions []metav1.Condition
`json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
@ -12656,7 +12670,7 @@ spec:
description: Subjects is an optional reference to the checked Kubernetes
resources
items:
description: 'ObjectReference contains enough information to let
description: "ObjectReference contains enough information to let
you inspect or modify the referred object. --- New uses of this
type are discouraged because of difficulty describing its usage
when embedded in APIs. 1. Ignored fields. It includes many
@ -12664,23 +12678,23 @@ spec:
and FieldPath are both very rarely valid in actual usage. 2.
Invalid usage help. It is impossible to add specific help for
individual usage. In most embedded usages, there are particular
restrictions like, "must refer only to types A and B" or "UID
not honored" or "name must be restricted". Those cannot be well
described when embedded. 3. Inconsistent validation. Because
restrictions like, \"must refer only to types A and B\" or \"UID
not honored\" or \"name must be restricted\". Those cannot be
well described when embedded. 3. Inconsistent validation. Because
the usages are different, the validation rules are different
by usage, which makes it hard for users to predict what will
happen. 4. The fields are both imprecise and overly precise. Kind
is not a precise mapping to a URL. This can produce ambiguity
happen. 4. The fields are both imprecise and overly precise.
\ Kind is not a precise mapping to a URL. This can produce ambiguity
during interpretation and require a REST mapping. In most cases,
the dependency is on the group,resource tuple and the version
of the actual struct is irrelevant. 5. We cannot easily change
it. Because this type is embedded in many locations, updates
to this type will affect numerous schemas. Don''t make new
APIs embed an underspecified API type they do not control. Instead
to this type will affect numerous schemas. Don't make new APIs
embed an underspecified API type they do not control. \n Instead
of using this type, create a locally provided and used type
that is well-focused on your reference. For example, ServiceReferences
for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
.'
."
properties:
apiVersion:
description: API version of the referent.
@ -15464,12 +15478,13 @@ spec:
- Running as Non-root user
type: string
images:
description: Images selects matching containers
description: 'Images selects matching containers
and applies the container level PSS. Each image
is the image name consisting of the registry
address, repository, image, and tag. Empty list
matches no containers, PSS checks are applied
at the pod level only.
at the pod level only. Wildcards (''*'' and
''?'') are allowed. See: https://kubernetes.io/docs/concepts/containers/images.'
items:
type: string
type: array
@ -18323,12 +18338,14 @@ spec:
- Running as Non-root user
type: string
images:
description: Images selects matching containers
description: 'Images selects matching containers
and applies the container level PSS. Each
image is the image name consisting of the
registry address, repository, image, and
tag. Empty list matches no containers, PSS
checks are applied at the pod level only.
Wildcards (''*'' and ''?'') are allowed.
See: https://kubernetes.io/docs/concepts/containers/images.'
items:
type: string
type: array
@ -18758,8 +18775,8 @@ spec:
description: "Condition contains details for one aspect of the current
state of this API Resource. --- This struct is intended for direct
use as an array at the field path .status.conditions. For example,
type FooStatus struct{ // Represents the observations of a foo's
current state. // Known .status.conditions.type are: \"Available\",
\n type FooStatus struct{ // Represents the observations of a
foo's current state. // Known .status.conditions.type are: \"Available\",
\"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
// +listType=map // +listMapKey=type Conditions []metav1.Condition
`json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
@ -20976,12 +20993,13 @@ spec:
- Running as Non-root user
type: string
images:
description: Images selects matching containers
description: 'Images selects matching containers
and applies the container level PSS. Each image
is the image name consisting of the registry
address, repository, image, and tag. Empty list
matches no containers, PSS checks are applied
at the pod level only.
at the pod level only. Wildcards (''*'' and
''?'') are allowed. See: https://kubernetes.io/docs/concepts/containers/images.'
items:
type: string
type: array
@ -23794,12 +23812,14 @@ spec:
- Running as Non-root user
type: string
images:
description: Images selects matching containers
description: 'Images selects matching containers
and applies the container level PSS. Each
image is the image name consisting of the
registry address, repository, image, and
tag. Empty list matches no containers, PSS
checks are applied at the pod level only.
Wildcards (''*'' and ''?'') are allowed.
See: https://kubernetes.io/docs/concepts/containers/images.'
items:
type: string
type: array
@ -24229,8 +24249,8 @@ spec:
description: "Condition contains details for one aspect of the current
state of this API Resource. --- This struct is intended for direct
use as an array at the field path .status.conditions. For example,
type FooStatus struct{ // Represents the observations of a foo's
current state. // Known .status.conditions.type are: \"Available\",
\n type FooStatus struct{ // Represents the observations of a
foo's current state. // Known .status.conditions.type are: \"Available\",
\"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
// +listType=map // +listMapKey=type Conditions []metav1.Condition
`json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
@ -24450,7 +24470,7 @@ spec:
description: Subjects is an optional reference to the checked Kubernetes
resources
items:
description: 'ObjectReference contains enough information to let
description: "ObjectReference contains enough information to let
you inspect or modify the referred object. --- New uses of this
type are discouraged because of difficulty describing its usage
when embedded in APIs. 1. Ignored fields. It includes many
@ -24458,23 +24478,23 @@ spec:
and FieldPath are both very rarely valid in actual usage. 2.
Invalid usage help. It is impossible to add specific help for
individual usage. In most embedded usages, there are particular
restrictions like, "must refer only to types A and B" or "UID
not honored" or "name must be restricted". Those cannot be well
described when embedded. 3. Inconsistent validation. Because
restrictions like, \"must refer only to types A and B\" or \"UID
not honored\" or \"name must be restricted\". Those cannot be
well described when embedded. 3. Inconsistent validation. Because
the usages are different, the validation rules are different
by usage, which makes it hard for users to predict what will
happen. 4. The fields are both imprecise and overly precise. Kind
is not a precise mapping to a URL. This can produce ambiguity
happen. 4. The fields are both imprecise and overly precise.
\ Kind is not a precise mapping to a URL. This can produce ambiguity
during interpretation and require a REST mapping. In most cases,
the dependency is on the group,resource tuple and the version
of the actual struct is irrelevant. 5. We cannot easily change
it. Because this type is embedded in many locations, updates
to this type will affect numerous schemas. Don''t make new
APIs embed an underspecified API type they do not control. Instead
to this type will affect numerous schemas. Don't make new APIs
embed an underspecified API type they do not control. \n Instead
of using this type, create a locally provided and used type
that is well-focused on your reference. For example, ServiceReferences
for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
.'
."
properties:
apiVersion:
description: API version of the referent.

284
config/install_debug.yaml
View file

@ -92,9 +92,11 @@ spec:
blockOwnerDeletion:
description: If true, AND if the owner has the "foregroundDeletion"
finalizer, then the owner cannot be deleted from the key-value
store until this reference is removed. Defaults to false. To
set this field, a user needs "delete" permission of the owner,
otherwise 422 (Unprocessable Entity) will be returned.
store until this reference is removed. See https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion
for how the garbage collector interacts with this field and
enforces the foreground deletion. Defaults to false. To set
this field, a user needs "delete" permission of the owner, otherwise
422 (Unprocessable Entity) will be returned.
type: boolean
controller:
description: If true, this reference points to the managing controller.
@ -190,32 +192,33 @@ spec:
description: Subjects is an optional reference to the checked
Kubernetes resources
items:
description: 'ObjectReference contains enough information
description: "ObjectReference contains enough information
to let you inspect or modify the referred object. --- New
uses of this type are discouraged because of difficulty
describing its usage when embedded in APIs. 1. Ignored fields. It
includes many fields which are not generally honored. For
instance, ResourceVersion and FieldPath are both very rarely
valid in actual usage. 2. Invalid usage help. It is impossible
to add specific help for individual usage. In most embedded
usages, there are particular restrictions like, "must refer
only to types A and B" or "UID not honored" or "name must
be restricted". Those cannot be well described when embedded.
3. Inconsistent validation. Because the usages are different,
the validation rules are different by usage, which makes
it hard for users to predict what will happen. 4. The fields
are both imprecise and overly precise. Kind is not a precise
mapping to a URL. This can produce ambiguity during interpretation
and require a REST mapping. In most cases, the dependency
is on the group,resource tuple and the version of the actual
describing its usage when embedded in APIs. 1. Ignored fields.
\ It includes many fields which are not generally honored.
\ For instance, ResourceVersion and FieldPath are both very
rarely valid in actual usage. 2. Invalid usage help. It
is impossible to add specific help for individual usage.
\ In most embedded usages, there are particular restrictions
like, \"must refer only to types A and B\" or \"UID not
honored\" or \"name must be restricted\". Those cannot be
well described when embedded. 3. Inconsistent validation.
\ Because the usages are different, the validation rules
are different by usage, which makes it hard for users to
predict what will happen. 4. The fields are both imprecise
and overly precise. Kind is not a precise mapping to a
URL. This can produce ambiguity during interpretation and
require a REST mapping. In most cases, the dependency is
on the group,resource tuple and the version of the actual
struct is irrelevant. 5. We cannot easily change it. Because
this type is embedded in many locations, updates to this
type will affect numerous schemas. Don''t make new APIs
embed an underspecified API type they do not control. Instead
of using this type, create a locally provided and used type
that is well-focused on your reference. For example, ServiceReferences
for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
.'
type will affect numerous schemas. Don't make new APIs
embed an underspecified API type they do not control. \n
Instead of using this type, create a locally provided and
used type that is well-focused on your reference. For example,
ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
."
properties:
apiVersion:
description: API version of the referent.
@ -491,32 +494,33 @@ spec:
description: Subjects is an optional reference to the checked
Kubernetes resources
items:
description: 'ObjectReference contains enough information
description: "ObjectReference contains enough information
to let you inspect or modify the referred object. --- New
uses of this type are discouraged because of difficulty
describing its usage when embedded in APIs. 1. Ignored fields. It
includes many fields which are not generally honored. For
instance, ResourceVersion and FieldPath are both very rarely
valid in actual usage. 2. Invalid usage help. It is impossible
to add specific help for individual usage. In most embedded
usages, there are particular restrictions like, "must refer
only to types A and B" or "UID not honored" or "name must
be restricted". Those cannot be well described when embedded.
3. Inconsistent validation. Because the usages are different,
the validation rules are different by usage, which makes
it hard for users to predict what will happen. 4. The fields
are both imprecise and overly precise. Kind is not a precise
mapping to a URL. This can produce ambiguity during interpretation
and require a REST mapping. In most cases, the dependency
is on the group,resource tuple and the version of the actual
describing its usage when embedded in APIs. 1. Ignored fields.
\ It includes many fields which are not generally honored.
\ For instance, ResourceVersion and FieldPath are both very
rarely valid in actual usage. 2. Invalid usage help. It
is impossible to add specific help for individual usage.
\ In most embedded usages, there are particular restrictions
like, \"must refer only to types A and B\" or \"UID not
honored\" or \"name must be restricted\". Those cannot be
well described when embedded. 3. Inconsistent validation.
\ Because the usages are different, the validation rules
are different by usage, which makes it hard for users to
predict what will happen. 4. The fields are both imprecise
and overly precise. Kind is not a precise mapping to a
URL. This can produce ambiguity during interpretation and
require a REST mapping. In most cases, the dependency is
on the group,resource tuple and the version of the actual
struct is irrelevant. 5. We cannot easily change it. Because
this type is embedded in many locations, updates to this
type will affect numerous schemas. Don''t make new APIs
embed an underspecified API type they do not control. Instead
of using this type, create a locally provided and used type
that is well-focused on your reference. For example, ServiceReferences
for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
.'
type will affect numerous schemas. Don't make new APIs
embed an underspecified API type they do not control. \n
Instead of using this type, create a locally provided and
used type that is well-focused on your reference. For example,
ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
."
properties:
apiVersion:
description: API version of the referent.
@ -725,9 +729,11 @@ spec:
blockOwnerDeletion:
description: If true, AND if the owner has the "foregroundDeletion"
finalizer, then the owner cannot be deleted from the key-value
store until this reference is removed. Defaults to false. To
set this field, a user needs "delete" permission of the owner,
otherwise 422 (Unprocessable Entity) will be returned.
store until this reference is removed. See https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion
for how the garbage collector interacts with this field and
enforces the foreground deletion. Defaults to false. To set
this field, a user needs "delete" permission of the owner, otherwise
422 (Unprocessable Entity) will be returned.
type: boolean
controller:
description: If true, this reference points to the managing controller.
@ -823,32 +829,33 @@ spec:
description: Subjects is an optional reference to the checked
Kubernetes resources
items:
description: 'ObjectReference contains enough information
description: "ObjectReference contains enough information
to let you inspect or modify the referred object. --- New
uses of this type are discouraged because of difficulty
describing its usage when embedded in APIs. 1. Ignored fields. It
includes many fields which are not generally honored. For
instance, ResourceVersion and FieldPath are both very rarely
valid in actual usage. 2. Invalid usage help. It is impossible
to add specific help for individual usage. In most embedded
usages, there are particular restrictions like, "must refer
only to types A and B" or "UID not honored" or "name must
be restricted". Those cannot be well described when embedded.
3. Inconsistent validation. Because the usages are different,
the validation rules are different by usage, which makes
it hard for users to predict what will happen. 4. The fields
are both imprecise and overly precise. Kind is not a precise
mapping to a URL. This can produce ambiguity during interpretation
and require a REST mapping. In most cases, the dependency
is on the group,resource tuple and the version of the actual
describing its usage when embedded in APIs. 1. Ignored fields.
\ It includes many fields which are not generally honored.
\ For instance, ResourceVersion and FieldPath are both very
rarely valid in actual usage. 2. Invalid usage help. It
is impossible to add specific help for individual usage.
\ In most embedded usages, there are particular restrictions
like, \"must refer only to types A and B\" or \"UID not
honored\" or \"name must be restricted\". Those cannot be
well described when embedded. 3. Inconsistent validation.
\ Because the usages are different, the validation rules
are different by usage, which makes it hard for users to
predict what will happen. 4. The fields are both imprecise
and overly precise. Kind is not a precise mapping to a
URL. This can produce ambiguity during interpretation and
require a REST mapping. In most cases, the dependency is
on the group,resource tuple and the version of the actual
struct is irrelevant. 5. We cannot easily change it. Because
this type is embedded in many locations, updates to this
type will affect numerous schemas. Don''t make new APIs
embed an underspecified API type they do not control. Instead
of using this type, create a locally provided and used type
that is well-focused on your reference. For example, ServiceReferences
for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
.'
type will affect numerous schemas. Don't make new APIs
embed an underspecified API type they do not control. \n
Instead of using this type, create a locally provided and
used type that is well-focused on your reference. For example,
ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
."
properties:
apiVersion:
description: API version of the referent.
@ -1124,32 +1131,33 @@ spec:
description: Subjects is an optional reference to the checked
Kubernetes resources
items:
description: 'ObjectReference contains enough information
description: "ObjectReference contains enough information
to let you inspect or modify the referred object. --- New
uses of this type are discouraged because of difficulty
describing its usage when embedded in APIs. 1. Ignored fields. It
includes many fields which are not generally honored. For
instance, ResourceVersion and FieldPath are both very rarely
valid in actual usage. 2. Invalid usage help. It is impossible
to add specific help for individual usage. In most embedded
usages, there are particular restrictions like, "must refer
only to types A and B" or "UID not honored" or "name must
be restricted". Those cannot be well described when embedded.
3. Inconsistent validation. Because the usages are different,
the validation rules are different by usage, which makes
it hard for users to predict what will happen. 4. The fields
are both imprecise and overly precise. Kind is not a precise
mapping to a URL. This can produce ambiguity during interpretation
and require a REST mapping. In most cases, the dependency
is on the group,resource tuple and the version of the actual
describing its usage when embedded in APIs. 1. Ignored fields.
\ It includes many fields which are not generally honored.
\ For instance, ResourceVersion and FieldPath are both very
rarely valid in actual usage. 2. Invalid usage help. It
is impossible to add specific help for individual usage.
\ In most embedded usages, there are particular restrictions
like, \"must refer only to types A and B\" or \"UID not
honored\" or \"name must be restricted\". Those cannot be
well described when embedded. 3. Inconsistent validation.
\ Because the usages are different, the validation rules
are different by usage, which makes it hard for users to
predict what will happen. 4. The fields are both imprecise
and overly precise. Kind is not a precise mapping to a
URL. This can produce ambiguity during interpretation and
require a REST mapping. In most cases, the dependency is
on the group,resource tuple and the version of the actual
struct is irrelevant. 5. We cannot easily change it. Because
this type is embedded in many locations, updates to this
type will affect numerous schemas. Don''t make new APIs
embed an underspecified API type they do not control. Instead
of using this type, create a locally provided and used type
that is well-focused on your reference. For example, ServiceReferences
for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
.'
type will affect numerous schemas. Don't make new APIs
embed an underspecified API type they do not control. \n
Instead of using this type, create a locally provided and
used type that is well-focused on your reference. For example,
ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
."
properties:
apiVersion:
description: API version of the referent.
@ -3665,12 +3673,13 @@ spec:
- Running as Non-root user
type: string
images:
description: Images selects matching containers
description: 'Images selects matching containers
and applies the container level PSS. Each image
is the image name consisting of the registry
address, repository, image, and tag. Empty list
matches no containers, PSS checks are applied
at the pod level only.
at the pod level only. Wildcards (''*'' and
''?'') are allowed. See: https://kubernetes.io/docs/concepts/containers/images.'
items:
type: string
type: array
@ -6523,12 +6532,14 @@ spec:
- Running as Non-root user
type: string
images:
description: Images selects matching containers
description: 'Images selects matching containers
and applies the container level PSS. Each
image is the image name consisting of the
registry address, repository, image, and
tag. Empty list matches no containers, PSS
checks are applied at the pod level only.
Wildcards (''*'' and ''?'') are allowed.
See: https://kubernetes.io/docs/concepts/containers/images.'
items:
type: string
type: array
@ -6958,8 +6969,8 @@ spec:
description: "Condition contains details for one aspect of the current
state of this API Resource. --- This struct is intended for direct
use as an array at the field path .status.conditions. For example,
type FooStatus struct{ // Represents the observations of a foo's
current state. // Known .status.conditions.type are: \"Available\",
\n type FooStatus struct{ // Represents the observations of a
foo's current state. // Known .status.conditions.type are: \"Available\",
\"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
// +listType=map // +listMapKey=type Conditions []metav1.Condition
`json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
@ -9175,12 +9186,13 @@ spec:
- Running as Non-root user
type: string
images:
description: Images selects matching containers
description: 'Images selects matching containers
and applies the container level PSS. Each image
is the image name consisting of the registry
address, repository, image, and tag. Empty list
matches no containers, PSS checks are applied
at the pod level only.
at the pod level only. Wildcards (''*'' and
''?'') are allowed. See: https://kubernetes.io/docs/concepts/containers/images.'
items:
type: string
type: array
@ -11993,12 +12005,14 @@ spec:
- Running as Non-root user
type: string
images:
description: Images selects matching containers
description: 'Images selects matching containers
and applies the container level PSS. Each
image is the image name consisting of the
registry address, repository, image, and
tag. Empty list matches no containers, PSS
checks are applied at the pod level only.
Wildcards (''*'' and ''?'') are allowed.
See: https://kubernetes.io/docs/concepts/containers/images.'
items:
type: string
type: array
@ -12428,8 +12442,8 @@ spec:
description: "Condition contains details for one aspect of the current
state of this API Resource. --- This struct is intended for direct
use as an array at the field path .status.conditions. For example,
type FooStatus struct{ // Represents the observations of a foo's
current state. // Known .status.conditions.type are: \"Available\",
\n type FooStatus struct{ // Represents the observations of a
foo's current state. // Known .status.conditions.type are: \"Available\",
\"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
// +listType=map // +listMapKey=type Conditions []metav1.Condition
`json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
@ -12649,7 +12663,7 @@ spec:
description: Subjects is an optional reference to the checked Kubernetes
resources
items:
description: 'ObjectReference contains enough information to let
description: "ObjectReference contains enough information to let
you inspect or modify the referred object. --- New uses of this
type are discouraged because of difficulty describing its usage
when embedded in APIs. 1. Ignored fields. It includes many
@ -12657,23 +12671,23 @@ spec:
and FieldPath are both very rarely valid in actual usage. 2.
Invalid usage help. It is impossible to add specific help for
individual usage. In most embedded usages, there are particular
restrictions like, "must refer only to types A and B" or "UID
not honored" or "name must be restricted". Those cannot be well
described when embedded. 3. Inconsistent validation. Because
restrictions like, \"must refer only to types A and B\" or \"UID
not honored\" or \"name must be restricted\". Those cannot be
well described when embedded. 3. Inconsistent validation. Because
the usages are different, the validation rules are different
by usage, which makes it hard for users to predict what will
happen. 4. The fields are both imprecise and overly precise. Kind
is not a precise mapping to a URL. This can produce ambiguity
happen. 4. The fields are both imprecise and overly precise.
\ Kind is not a precise mapping to a URL. This can produce ambiguity
during interpretation and require a REST mapping. In most cases,
the dependency is on the group,resource tuple and the version
of the actual struct is irrelevant. 5. We cannot easily change
it. Because this type is embedded in many locations, updates
to this type will affect numerous schemas. Don''t make new
APIs embed an underspecified API type they do not control. Instead
to this type will affect numerous schemas. Don't make new APIs
embed an underspecified API type they do not control. \n Instead
of using this type, create a locally provided and used type
that is well-focused on your reference. For example, ServiceReferences
for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
.'
."
properties:
apiVersion:
description: API version of the referent.
@ -15455,12 +15469,13 @@ spec:
- Running as Non-root user
type: string
images:
description: Images selects matching containers
description: 'Images selects matching containers
and applies the container level PSS. Each image
is the image name consisting of the registry
address, repository, image, and tag. Empty list
matches no containers, PSS checks are applied
at the pod level only.
at the pod level only. Wildcards (''*'' and
''?'') are allowed. See: https://kubernetes.io/docs/concepts/containers/images.'
items:
type: string
type: array
@ -18314,12 +18329,14 @@ spec:
- Running as Non-root user
type: string
images:
description: Images selects matching containers
description: 'Images selects matching containers
and applies the container level PSS. Each
image is the image name consisting of the
registry address, repository, image, and
tag. Empty list matches no containers, PSS
checks are applied at the pod level only.
Wildcards (''*'' and ''?'') are allowed.
See: https://kubernetes.io/docs/concepts/containers/images.'
items:
type: string
type: array
@ -18749,8 +18766,8 @@ spec:
description: "Condition contains details for one aspect of the current
state of this API Resource. --- This struct is intended for direct
use as an array at the field path .status.conditions. For example,
type FooStatus struct{ // Represents the observations of a foo's
current state. // Known .status.conditions.type are: \"Available\",
\n type FooStatus struct{ // Represents the observations of a
foo's current state. // Known .status.conditions.type are: \"Available\",
\"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
// +listType=map // +listMapKey=type Conditions []metav1.Condition
`json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
@ -20967,12 +20984,13 @@ spec:
- Running as Non-root user
type: string
images:
description: Images selects matching containers
description: 'Images selects matching containers
and applies the container level PSS. Each image
is the image name consisting of the registry
address, repository, image, and tag. Empty list
matches no containers, PSS checks are applied
at the pod level only.
at the pod level only. Wildcards (''*'' and
''?'') are allowed. See: https://kubernetes.io/docs/concepts/containers/images.'
items:
type: string
type: array
@ -23785,12 +23803,14 @@ spec:
- Running as Non-root user
type: string
images:
description: Images selects matching containers
description: 'Images selects matching containers
and applies the container level PSS. Each
image is the image name consisting of the
registry address, repository, image, and
tag. Empty list matches no containers, PSS
checks are applied at the pod level only.
Wildcards (''*'' and ''?'') are allowed.
See: https://kubernetes.io/docs/concepts/containers/images.'
items:
type: string
type: array
@ -24220,8 +24240,8 @@ spec:
description: "Condition contains details for one aspect of the current
state of this API Resource. --- This struct is intended for direct
use as an array at the field path .status.conditions. For example,
type FooStatus struct{ // Represents the observations of a foo's
current state. // Known .status.conditions.type are: \"Available\",
\n type FooStatus struct{ // Represents the observations of a
foo's current state. // Known .status.conditions.type are: \"Available\",
\"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
// +listType=map // +listMapKey=type Conditions []metav1.Condition
`json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
@ -24440,7 +24460,7 @@ spec:
description: Subjects is an optional reference to the checked Kubernetes
resources
items:
description: 'ObjectReference contains enough information to let
description: "ObjectReference contains enough information to let
you inspect or modify the referred object. --- New uses of this
type are discouraged because of difficulty describing its usage
when embedded in APIs. 1. Ignored fields. It includes many
@ -24448,23 +24468,23 @@ spec:
and FieldPath are both very rarely valid in actual usage. 2.
Invalid usage help. It is impossible to add specific help for
individual usage. In most embedded usages, there are particular
restrictions like, "must refer only to types A and B" or "UID
not honored" or "name must be restricted". Those cannot be well
described when embedded. 3. Inconsistent validation. Because
restrictions like, \"must refer only to types A and B\" or \"UID
not honored\" or \"name must be restricted\". Those cannot be
well described when embedded. 3. Inconsistent validation. Because
the usages are different, the validation rules are different
by usage, which makes it hard for users to predict what will
happen. 4. The fields are both imprecise and overly precise. Kind
is not a precise mapping to a URL. This can produce ambiguity
happen. 4. The fields are both imprecise and overly precise.
\ Kind is not a precise mapping to a URL. This can produce ambiguity
during interpretation and require a REST mapping. In most cases,
the dependency is on the group,resource tuple and the version
of the actual struct is irrelevant. 5. We cannot easily change
it. Because this type is embedded in many locations, updates
to this type will affect numerous schemas. Don''t make new
APIs embed an underspecified API type they do not control. Instead
to this type will affect numerous schemas. Don't make new APIs
embed an underspecified API type they do not control. \n Instead
of using this type, create a locally provided and used type
that is well-focused on your reference. For example, ServiceReferences
for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
.'
."
properties:
apiVersion:
description: API version of the referent.

3
docs/crd/v1/index.html
View file

@ -2660,7 +2660,8 @@ See: <a href="https://kubernetes.io/docs/concepts/security/pod-security-standard
<em>(Optional)</em>
<p>Images selects matching containers and applies the container level PSS.
Each image is the image name consisting of the registry address, repository, image, and tag.
Empty list matches no containers, PSS checks are applied at the pod level only.</p>
Empty list matches no containers, PSS checks are applied at the pod level only.
Wildcards (&lsquo;*&rsquo; and &lsquo;?&rsquo;) are allowed. See: <a href="https://kubernetes.io/docs/concepts/containers/images">https://kubernetes.io/docs/concepts/containers/images</a>.</p>
</td>
</tr>
</tbody>