mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-28 10:28:36 +00:00
Code Activity

Update wgpolicyk8s.io CRDs (#4355)

Browse source 
* Update policyreport api

Signed-off-by: George Sedky <george@devopzilla.com>

* Run codegen to generate CRDs

Signed-off-by: George Sedky <george@devopzilla.com>

Signed-off-by: George Sedky <george@devopzilla.com>
Co-authored-by: George Sedky <george@devopzilla.com>
Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
Co-authored-by: shuting <shuting@nirmata.com>
This commit is contained in:
George 2022-08-22 09:18:33 +02:00 committed by GitHub
parent 71af968eac
commit 648511383c
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
8 changed files with 266 additions and 216 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

32
api/policyreport/v1alpha2/policyreport_types.go
View file

@ -34,9 +34,11 @@ const (
// Severity specifies priority of a policy result
const (
SeverityHigh = "high"
SeverityMedium = "medium"
SeverityLow = "low"
SeverityCritical = "critical"
SeverityHigh = "high"
SeverityMedium = "medium"
SeverityLow = "low"
SeverityInfo = "info"
)
// PolicyReportSummary provides a status count summary
@ -49,7 +51,7 @@ type PolicyReportSummary struct {
// +optional
Fail int `json:"fail"`
// Warn provides the count of unscored policies whose requirements were not met
// Warn provides the count of non-scored policies whose requirements were not met
// +optional
Warn int `json:"warn"`
@ -80,10 +82,12 @@ func (prs PolicyReportSummary) ToMap() map[string]interface{} {
type PolicyResult string
// PolicySeverity has one of the following values:
// - critical
// - high
// - low
// - medium
// +kubebuilder:validation:Enum=high;low;medium
// - info
// +kubebuilder:validation:Enum=critical;high;low;medium;info
type PolicySeverity string
// PolicyReportResult provides the result for an individual policy
@ -92,31 +96,31 @@ type PolicyReportResult struct {
// +optional
Source string `json:"source"`
// Policy is the name of the policy
// Policy is the name or identifier of the policy
Policy string `json:"policy"`
// Rule is the name of the policy rule
// Rule is the name or identifier of the rule within the policy
// +optional
Rule string `json:"rule,omitempty"`
// Resources is an optional reference to the resource checked by the policy and rule
// Subjects is an optional reference to the checked Kubernetes resources
// +optional
Resources []corev1.ObjectReference `json:"resources,omitempty"`
// ResourceSelector is an optional selector for policy results that apply to multiple resources.
// SubjectSelector is an optional label selector for checked Kubernetes resources.
// For example, a policy result may apply to all pods that match a label.
// Either a Resource or a ResourceSelector can be specified. If neither are provided, the
// result is assumed to be for the policy report scope.
// Either a Subject or a SubjectSelector can be specified.
// If neither are provided, the result is assumed to be for the policy report scope.
// +optional
ResourceSelector *metav1.LabelSelector `json:"resourceSelector,omitempty"`
// Message is a short user friendly description of the policy rule
// Description is a short user friendly message for the policy rule
Message string `json:"message,omitempty"`
// Result indicates the outcome of the policy rule execution
Result PolicyResult `json:"result,omitempty"`
// Scored indicates if this policy rule is scored
// Scored indicates if this result is scored
Scored bool `json:"scored,omitempty"`
// Properties provides additional information for the policy rule
@ -129,7 +133,7 @@ type PolicyReportResult struct {
// +optional
Category string `json:"category,omitempty"`
// Severity indicates policy severity
// Severity indicates policy check result criticality
// +optional
Severity PolicySeverity `json:"severity,omitempty"`
}

72
charts/kyverno/templates/crds.yaml
View file

@ -3184,10 +3184,10 @@ spec:
description: Category indicates policy category
type: string
message:
description: Message is a short user friendly description of the policy rule
description: Description is a short user friendly message for the policy rule
type: string
policy:
description: Policy is the name of the policy
description: Policy is the name or identifier of the policy
type: string
properties:
additionalProperties:
@ -3195,7 +3195,7 @@ spec:
description: Properties provides additional information for the policy rule
type: object
resourceSelector:
description: ResourceSelector is an optional selector for policy results that apply to multiple resources. For example, a policy result may apply to all pods that match a label. Either a Resource or a ResourceSelector can be specified. If neither are provided, the result is assumed to be for the policy report scope.
description: SubjectSelector is an optional label selector for checked Kubernetes resources. For example, a policy result may apply to all pods that match a label. Either a Subject or a SubjectSelector can be specified. If neither are provided, the result is assumed to be for the policy report scope.
properties:
matchExpressions:
description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
@ -3226,7 +3226,7 @@ spec:
type: object
x-kubernetes-map-type: atomic
resources:
description: Resources is an optional reference to the resource checked by the policy and rule
description: Subjects is an optional reference to the checked Kubernetes resources
items:
description: 'ObjectReference contains enough information to let you inspect or modify the referred object. --- New uses of this type are discouraged because of difficulty describing its usage when embedded in APIs. 1. Ignored fields. It includes many fields which are not generally honored. For instance, ResourceVersion and FieldPath are both very rarely valid in actual usage. 2. Invalid usage help. It is impossible to add specific help for individual usage. In most embedded usages, there are particular restrictions like, "must refer only to types A and B" or "UID not honored" or "name must be restricted". Those cannot be well described when embedded. 3. Inconsistent validation. Because the usages are different, the validation rules are different by usage, which makes it hard for users to predict what will happen. 4. The fields are both imprecise and overly precise. Kind is not a precise mapping to a URL. This can produce ambiguity during interpretation and require a REST mapping. In most cases, the dependency is on the group,resource tuple and the version of the actual struct is irrelevant. 5. We cannot easily change it. Because this type is embedded in many locations, updates to this type will affect numerous schemas. Don''t make new APIs embed an underspecified API type they do not control. Instead of using this type, create a locally provided and used type that is well-focused on your reference. For example, ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 .'
properties:
@ -3264,17 +3264,19 @@ spec:
- skip
type: string
rule:
description: Rule is the name of the policy rule
description: Rule is the name or identifier of the rule within the policy
type: string
scored:
description: Scored indicates if this policy rule is scored
description: Scored indicates if this result is scored
type: boolean
severity:
description: Severity indicates policy severity
description: Severity indicates policy check result criticality
enum:
- critical
- high
- low
- medium
- info
type: string
source:
description: Source is an identifier for the policy engine that manages this report
@ -3371,7 +3373,7 @@ spec:
description: Skip indicates the count of policies that were not selected for evaluation
type: integer
warn:
description: Warn provides the count of unscored policies whose requirements were not met
description: Warn provides the count of non-scored policies whose requirements were not met
type: integer
type: object
type: object
@ -3454,10 +3456,10 @@ spec:
description: Category indicates policy category
type: string
message:
description: Message is a short user friendly description of the policy rule
description: Description is a short user friendly message for the policy rule
type: string
policy:
description: Policy is the name of the policy
description: Policy is the name or identifier of the policy
type: string
properties:
additionalProperties:
@ -3465,7 +3467,7 @@ spec:
description: Properties provides additional information for the policy rule
type: object
resourceSelector:
description: ResourceSelector is an optional selector for policy results that apply to multiple resources. For example, a policy result may apply to all pods that match a label. Either a Resource or a ResourceSelector can be specified. If neither are provided, the result is assumed to be for the policy report scope.
description: SubjectSelector is an optional label selector for checked Kubernetes resources. For example, a policy result may apply to all pods that match a label. Either a Subject or a SubjectSelector can be specified. If neither are provided, the result is assumed to be for the policy report scope.
properties:
matchExpressions:
description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
@ -3496,7 +3498,7 @@ spec:
type: object
x-kubernetes-map-type: atomic
resources:
description: Resources is an optional reference to the resource checked by the policy and rule
description: Subjects is an optional reference to the checked Kubernetes resources
items:
description: 'ObjectReference contains enough information to let you inspect or modify the referred object. --- New uses of this type are discouraged because of difficulty describing its usage when embedded in APIs. 1. Ignored fields. It includes many fields which are not generally honored. For instance, ResourceVersion and FieldPath are both very rarely valid in actual usage. 2. Invalid usage help. It is impossible to add specific help for individual usage. In most embedded usages, there are particular restrictions like, "must refer only to types A and B" or "UID not honored" or "name must be restricted". Those cannot be well described when embedded. 3. Inconsistent validation. Because the usages are different, the validation rules are different by usage, which makes it hard for users to predict what will happen. 4. The fields are both imprecise and overly precise. Kind is not a precise mapping to a URL. This can produce ambiguity during interpretation and require a REST mapping. In most cases, the dependency is on the group,resource tuple and the version of the actual struct is irrelevant. 5. We cannot easily change it. Because this type is embedded in many locations, updates to this type will affect numerous schemas. Don''t make new APIs embed an underspecified API type they do not control. Instead of using this type, create a locally provided and used type that is well-focused on your reference. For example, ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 .'
properties:
@ -3534,17 +3536,19 @@ spec:
- skip
type: string
rule:
description: Rule is the name of the policy rule
description: Rule is the name or identifier of the rule within the policy
type: string
scored:
description: Scored indicates if this policy rule is scored
description: Scored indicates if this result is scored
type: boolean
severity:
description: Severity indicates policy severity
description: Severity indicates policy check result criticality
enum:
- critical
- high
- low
- medium
- info
type: string
source:
description: Source is an identifier for the policy engine that manages this report
@ -3641,7 +3645,7 @@ spec:
description: Skip indicates the count of policies that were not selected for evaluation
type: integer
warn:
description: Warn provides the count of unscored policies whose requirements were not met
description: Warn provides the count of non-scored policies whose requirements were not met
type: integer
type: object
type: object
@ -7009,10 +7013,10 @@ spec:
description: Category indicates policy category
type: string
message:
description: Message is a short user friendly description of the policy rule
description: Description is a short user friendly message for the policy rule
type: string
policy:
description: Policy is the name of the policy
description: Policy is the name or identifier of the policy
type: string
properties:
additionalProperties:
@ -7020,7 +7024,7 @@ spec:
description: Properties provides additional information for the policy rule
type: object
resourceSelector:
description: ResourceSelector is an optional selector for policy results that apply to multiple resources. For example, a policy result may apply to all pods that match a label. Either a Resource or a ResourceSelector can be specified. If neither are provided, the result is assumed to be for the policy report scope.
description: SubjectSelector is an optional label selector for checked Kubernetes resources. For example, a policy result may apply to all pods that match a label. Either a Subject or a SubjectSelector can be specified. If neither are provided, the result is assumed to be for the policy report scope.
properties:
matchExpressions:
description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
@ -7051,7 +7055,7 @@ spec:
type: object
x-kubernetes-map-type: atomic
resources:
description: Resources is an optional reference to the resource checked by the policy and rule
description: Subjects is an optional reference to the checked Kubernetes resources
items:
description: 'ObjectReference contains enough information to let you inspect or modify the referred object. --- New uses of this type are discouraged because of difficulty describing its usage when embedded in APIs. 1. Ignored fields. It includes many fields which are not generally honored. For instance, ResourceVersion and FieldPath are both very rarely valid in actual usage. 2. Invalid usage help. It is impossible to add specific help for individual usage. In most embedded usages, there are particular restrictions like, "must refer only to types A and B" or "UID not honored" or "name must be restricted". Those cannot be well described when embedded. 3. Inconsistent validation. Because the usages are different, the validation rules are different by usage, which makes it hard for users to predict what will happen. 4. The fields are both imprecise and overly precise. Kind is not a precise mapping to a URL. This can produce ambiguity during interpretation and require a REST mapping. In most cases, the dependency is on the group,resource tuple and the version of the actual struct is irrelevant. 5. We cannot easily change it. Because this type is embedded in many locations, updates to this type will affect numerous schemas. Don''t make new APIs embed an underspecified API type they do not control. Instead of using this type, create a locally provided and used type that is well-focused on your reference. For example, ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 .'
properties:
@ -7089,17 +7093,19 @@ spec:
- skip
type: string
rule:
description: Rule is the name of the policy rule
description: Rule is the name or identifier of the rule within the policy
type: string
scored:
description: Scored indicates if this policy rule is scored
description: Scored indicates if this result is scored
type: boolean
severity:
description: Severity indicates policy severity
description: Severity indicates policy check result criticality
enum:
- critical
- high
- low
- medium
- info
type: string
source:
description: Source is an identifier for the policy engine that manages this report
@ -7196,7 +7202,7 @@ spec:
description: Skip indicates the count of policies that were not selected for evaluation
type: integer
warn:
description: Warn provides the count of unscored policies whose requirements were not met
description: Warn provides the count of non-scored policies whose requirements were not met
type: integer
type: object
type: object
@ -7279,10 +7285,10 @@ spec:
description: Category indicates policy category
type: string
message:
description: Message is a short user friendly description of the policy rule
description: Description is a short user friendly message for the policy rule
type: string
policy:
description: Policy is the name of the policy
description: Policy is the name or identifier of the policy
type: string
properties:
additionalProperties:
@ -7290,7 +7296,7 @@ spec:
description: Properties provides additional information for the policy rule
type: object
resourceSelector:
description: ResourceSelector is an optional selector for policy results that apply to multiple resources. For example, a policy result may apply to all pods that match a label. Either a Resource or a ResourceSelector can be specified. If neither are provided, the result is assumed to be for the policy report scope.
description: SubjectSelector is an optional label selector for checked Kubernetes resources. For example, a policy result may apply to all pods that match a label. Either a Subject or a SubjectSelector can be specified. If neither are provided, the result is assumed to be for the policy report scope.
properties:
matchExpressions:
description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
@ -7321,7 +7327,7 @@ spec:
type: object
x-kubernetes-map-type: atomic
resources:
description: Resources is an optional reference to the resource checked by the policy and rule
description: Subjects is an optional reference to the checked Kubernetes resources
items:
description: 'ObjectReference contains enough information to let you inspect or modify the referred object. --- New uses of this type are discouraged because of difficulty describing its usage when embedded in APIs. 1. Ignored fields. It includes many fields which are not generally honored. For instance, ResourceVersion and FieldPath are both very rarely valid in actual usage. 2. Invalid usage help. It is impossible to add specific help for individual usage. In most embedded usages, there are particular restrictions like, "must refer only to types A and B" or "UID not honored" or "name must be restricted". Those cannot be well described when embedded. 3. Inconsistent validation. Because the usages are different, the validation rules are different by usage, which makes it hard for users to predict what will happen. 4. The fields are both imprecise and overly precise. Kind is not a precise mapping to a URL. This can produce ambiguity during interpretation and require a REST mapping. In most cases, the dependency is on the group,resource tuple and the version of the actual struct is irrelevant. 5. We cannot easily change it. Because this type is embedded in many locations, updates to this type will affect numerous schemas. Don''t make new APIs embed an underspecified API type they do not control. Instead of using this type, create a locally provided and used type that is well-focused on your reference. For example, ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 .'
properties:
@ -7359,17 +7365,19 @@ spec:
- skip
type: string
rule:
description: Rule is the name of the policy rule
description: Rule is the name or identifier of the rule within the policy
type: string
scored:
description: Scored indicates if this policy rule is scored
description: Scored indicates if this result is scored
type: boolean
severity:
description: Severity indicates policy severity
description: Severity indicates policy check result criticality
enum:
- critical
- high
- low
- medium
- info
type: string
source:
description: Source is an identifier for the policy engine that manages this report
@ -7466,7 +7474,7 @@ spec:
description: Skip indicates the count of policies that were not selected for evaluation
type: integer
warn:
description: Warn provides the count of unscored policies whose requirements were not met
description: Warn provides the count of non-scored policies whose requirements were not met
type: integer
type: object
type: object

31
config/crds/kyverno.io_clusterreportchangerequests.yaml
View file

@ -72,11 +72,11 @@ spec:
description: Category indicates policy category
type: string
message:
description: Message is a short user friendly description of the
description: Description is a short user friendly message for the
policy rule
type: string
policy:
description: Policy is the name of the policy
description: Policy is the name or identifier of the policy
type: string
properties:
additionalProperties:
@ -85,11 +85,11 @@ spec:
policy rule
type: object
resourceSelector:
description: ResourceSelector is an optional selector for policy
results that apply to multiple resources. For example, a policy
result may apply to all pods that match a label. Either a Resource
or a ResourceSelector can be specified. If neither are provided,
the result is assumed to be for the policy report scope.
description: SubjectSelector is an optional label selector for checked
Kubernetes resources. For example, a policy result may apply to
all pods that match a label. Either a Subject or a SubjectSelector
can be specified. If neither are provided, the result is assumed
to be for the policy report scope.
properties:
matchExpressions:
description: matchExpressions is a list of label selector requirements.
@ -134,8 +134,8 @@ spec:
type: object
x-kubernetes-map-type: atomic
resources:
description: Resources is an optional reference to the resource
checked by the policy and rule
description: Subjects is an optional reference to the checked Kubernetes
resources
items:
description: 'ObjectReference contains enough information to let
you inspect or modify the referred object. --- New uses of this
@ -208,17 +208,20 @@ spec:
- skip
type: string
rule:
description: Rule is the name of the policy rule
description: Rule is the name or identifier of the rule within the
policy
type: string
scored:
description: Scored indicates if this policy rule is scored
description: Scored indicates if this result is scored
type: boolean
severity:
description: Severity indicates policy severity
description: Severity indicates policy check result criticality
enum:
- critical
- high
- low
- medium
- info
type: string
source:
description: Source is an identifier for the policy engine that
@ -350,8 +353,8 @@ spec:
for evaluation
type: integer
warn:
description: Warn provides the count of unscored policies whose requirements
were not met
description: Warn provides the count of non-scored policies whose
requirements were not met
type: integer
type: object
type: object

31
config/crds/kyverno.io_reportchangerequests.yaml
View file

@ -72,11 +72,11 @@ spec:
description: Category indicates policy category
type: string
message:
description: Message is a short user friendly description of the
description: Description is a short user friendly message for the
policy rule
type: string
policy:
description: Policy is the name of the policy
description: Policy is the name or identifier of the policy
type: string
properties:
additionalProperties:
@ -85,11 +85,11 @@ spec:
policy rule
type: object
resourceSelector:
description: ResourceSelector is an optional selector for policy
results that apply to multiple resources. For example, a policy
result may apply to all pods that match a label. Either a Resource
or a ResourceSelector can be specified. If neither are provided,
the result is assumed to be for the policy report scope.
description: SubjectSelector is an optional label selector for checked
Kubernetes resources. For example, a policy result may apply to
all pods that match a label. Either a Subject or a SubjectSelector
can be specified. If neither are provided, the result is assumed
to be for the policy report scope.
properties:
matchExpressions:
description: matchExpressions is a list of label selector requirements.
@ -134,8 +134,8 @@ spec:
type: object
x-kubernetes-map-type: atomic
resources:
description: Resources is an optional reference to the resource
checked by the policy and rule
description: Subjects is an optional reference to the checked Kubernetes
resources
items:
description: 'ObjectReference contains enough information to let
you inspect or modify the referred object. --- New uses of this
@ -208,17 +208,20 @@ spec:
- skip
type: string
rule:
description: Rule is the name of the policy rule
description: Rule is the name or identifier of the rule within the
policy
type: string
scored:
description: Scored indicates if this policy rule is scored
description: Scored indicates if this result is scored
type: boolean
severity:
description: Severity indicates policy severity
description: Severity indicates policy check result criticality
enum:
- critical
- high
- low
- medium
- info
type: string
source:
description: Source is an identifier for the policy engine that
@ -350,8 +353,8 @@ spec:
for evaluation
type: integer
warn:
description: Warn provides the count of unscored policies whose requirements
were not met
description: Warn provides the count of non-scored policies whose
requirements were not met
type: integer
type: object
type: object

31
config/crds/wgpolicyk8s.io_clusterpolicyreports.yaml
View file

@ -72,11 +72,11 @@ spec:
description: Category indicates policy category
type: string
message:
description: Message is a short user friendly description of the
description: Description is a short user friendly message for the
policy rule
type: string
policy:
description: Policy is the name of the policy
description: Policy is the name or identifier of the policy
type: string
properties:
additionalProperties:
@ -85,11 +85,11 @@ spec:
policy rule
type: object
resourceSelector:
description: ResourceSelector is an optional selector for policy
results that apply to multiple resources. For example, a policy
result may apply to all pods that match a label. Either a Resource
or a ResourceSelector can be specified. If neither are provided,
the result is assumed to be for the policy report scope.
description: SubjectSelector is an optional label selector for checked
Kubernetes resources. For example, a policy result may apply to
all pods that match a label. Either a Subject or a SubjectSelector
can be specified. If neither are provided, the result is assumed
to be for the policy report scope.
properties:
matchExpressions:
description: matchExpressions is a list of label selector requirements.
@ -134,8 +134,8 @@ spec:
type: object
x-kubernetes-map-type: atomic
resources:
description: Resources is an optional reference to the resource
checked by the policy and rule
description: Subjects is an optional reference to the checked Kubernetes
resources
items:
description: 'ObjectReference contains enough information to let
you inspect or modify the referred object. --- New uses of this
@ -208,17 +208,20 @@ spec:
- skip
type: string
rule:
description: Rule is the name of the policy rule
description: Rule is the name or identifier of the rule within the
policy
type: string
scored:
description: Scored indicates if this policy rule is scored
description: Scored indicates if this result is scored
type: boolean
severity:
description: Severity indicates policy severity
description: Severity indicates policy check result criticality
enum:
- critical
- high
- low
- medium
- info
type: string
source:
description: Source is an identifier for the policy engine that
@ -350,8 +353,8 @@ spec:
for evaluation
type: integer
warn:
description: Warn provides the count of unscored policies whose requirements
were not met
description: Warn provides the count of non-scored policies whose
requirements were not met
type: integer
type: object
type: object

31
config/crds/wgpolicyk8s.io_policyreports.yaml
View file

@ -71,11 +71,11 @@ spec:
description: Category indicates policy category
type: string
message:
description: Message is a short user friendly description of the
description: Description is a short user friendly message for the
policy rule
type: string
policy:
description: Policy is the name of the policy
description: Policy is the name or identifier of the policy
type: string
properties:
additionalProperties:
@ -84,11 +84,11 @@ spec:
policy rule
type: object
resourceSelector:
description: ResourceSelector is an optional selector for policy
results that apply to multiple resources. For example, a policy
result may apply to all pods that match a label. Either a Resource
or a ResourceSelector can be specified. If neither are provided,
the result is assumed to be for the policy report scope.
description: SubjectSelector is an optional label selector for checked
Kubernetes resources. For example, a policy result may apply to
all pods that match a label. Either a Subject or a SubjectSelector
can be specified. If neither are provided, the result is assumed
to be for the policy report scope.
properties:
matchExpressions:
description: matchExpressions is a list of label selector requirements.
@ -133,8 +133,8 @@ spec:
type: object
x-kubernetes-map-type: atomic
resources:
description: Resources is an optional reference to the resource
checked by the policy and rule
description: Subjects is an optional reference to the checked Kubernetes
resources
items:
description: 'ObjectReference contains enough information to let
you inspect or modify the referred object. --- New uses of this
@ -207,17 +207,20 @@ spec:
- skip
type: string
rule:
description: Rule is the name of the policy rule
description: Rule is the name or identifier of the rule within the
policy
type: string
scored:
description: Scored indicates if this policy rule is scored
description: Scored indicates if this result is scored
type: boolean
severity:
description: Severity indicates policy severity
description: Severity indicates policy check result criticality
enum:
- critical
- high
- low
- medium
- info
type: string
source:
description: Source is an identifier for the policy engine that
@ -349,8 +352,8 @@ spec:
for evaluation
type: integer
warn:
description: Warn provides the count of unscored policies whose requirements
were not met
description: Warn provides the count of non-scored policies whose
requirements were not met
type: integer
type: object
type: object

127
config/install.yaml
View file

@ -5158,11 +5158,11 @@ spec:
description: Category indicates policy category
type: string
message:
description: Message is a short user friendly description of the
description: Description is a short user friendly message for the
policy rule
type: string
policy:
description: Policy is the name of the policy
description: Policy is the name or identifier of the policy
type: string
properties:
additionalProperties:
@ -5171,11 +5171,11 @@ spec:
policy rule
type: object
resourceSelector:
description: ResourceSelector is an optional selector for policy
results that apply to multiple resources. For example, a policy
result may apply to all pods that match a label. Either a Resource
or a ResourceSelector can be specified. If neither are provided,
the result is assumed to be for the policy report scope.
description: SubjectSelector is an optional label selector for checked
Kubernetes resources. For example, a policy result may apply to
all pods that match a label. Either a Subject or a SubjectSelector
can be specified. If neither are provided, the result is assumed
to be for the policy report scope.
properties:
matchExpressions:
description: matchExpressions is a list of label selector requirements.
@ -5220,8 +5220,8 @@ spec:
type: object
x-kubernetes-map-type: atomic
resources:
description: Resources is an optional reference to the resource
checked by the policy and rule
description: Subjects is an optional reference to the checked Kubernetes
resources
items:
description: 'ObjectReference contains enough information to let
you inspect or modify the referred object. --- New uses of this
@ -5294,17 +5294,20 @@ spec:
- skip
type: string
rule:
description: Rule is the name of the policy rule
description: Rule is the name or identifier of the rule within the
policy
type: string
scored:
description: Scored indicates if this policy rule is scored
description: Scored indicates if this result is scored
type: boolean
severity:
description: Severity indicates policy severity
description: Severity indicates policy check result criticality
enum:
- critical
- high
- low
- medium
- info
type: string
source:
description: Source is an identifier for the policy engine that
@ -5436,8 +5439,8 @@ spec:
for evaluation
type: integer
warn:
description: Warn provides the count of unscored policies whose requirements
were not met
description: Warn provides the count of non-scored policies whose
requirements were not met
type: integer
type: object
type: object
@ -5524,11 +5527,11 @@ spec:
description: Category indicates policy category
type: string
message:
description: Message is a short user friendly description of the
description: Description is a short user friendly message for the
policy rule
type: string
policy:
description: Policy is the name of the policy
description: Policy is the name or identifier of the policy
type: string
properties:
additionalProperties:
@ -5537,11 +5540,11 @@ spec:
policy rule
type: object
resourceSelector:
description: ResourceSelector is an optional selector for policy
results that apply to multiple resources. For example, a policy
result may apply to all pods that match a label. Either a Resource
or a ResourceSelector can be specified. If neither are provided,
the result is assumed to be for the policy report scope.
description: SubjectSelector is an optional label selector for checked
Kubernetes resources. For example, a policy result may apply to
all pods that match a label. Either a Subject or a SubjectSelector
can be specified. If neither are provided, the result is assumed
to be for the policy report scope.
properties:
matchExpressions:
description: matchExpressions is a list of label selector requirements.
@ -5586,8 +5589,8 @@ spec:
type: object
x-kubernetes-map-type: atomic
resources:
description: Resources is an optional reference to the resource
checked by the policy and rule
description: Subjects is an optional reference to the checked Kubernetes
resources
items:
description: 'ObjectReference contains enough information to let
you inspect or modify the referred object. --- New uses of this
@ -5660,17 +5663,20 @@ spec:
- skip
type: string
rule:
description: Rule is the name of the policy rule
description: Rule is the name or identifier of the rule within the
policy
type: string
scored:
description: Scored indicates if this policy rule is scored
description: Scored indicates if this result is scored
type: boolean
severity:
description: Severity indicates policy severity
description: Severity indicates policy check result criticality
enum:
- critical
- high
- low
- medium
- info
type: string
source:
description: Source is an identifier for the policy engine that
@ -5802,8 +5808,8 @@ spec:
for evaluation
type: integer
warn:
description: Warn provides the count of unscored policies whose requirements
were not met
description: Warn provides the count of non-scored policies whose
requirements were not met
type: integer
type: object
type: object
@ -11150,11 +11156,11 @@ spec:
description: Category indicates policy category
type: string
message:
description: Message is a short user friendly description of the
description: Description is a short user friendly message for the
policy rule
type: string
policy:
description: Policy is the name of the policy
description: Policy is the name or identifier of the policy
type: string
properties:
additionalProperties:
@ -11163,11 +11169,11 @@ spec:
policy rule
type: object
resourceSelector:
description: ResourceSelector is an optional selector for policy
results that apply to multiple resources. For example, a policy
result may apply to all pods that match a label. Either a Resource
or a ResourceSelector can be specified. If neither are provided,
the result is assumed to be for the policy report scope.
description: SubjectSelector is an optional label selector for checked
Kubernetes resources. For example, a policy result may apply to
all pods that match a label. Either a Subject or a SubjectSelector
can be specified. If neither are provided, the result is assumed
to be for the policy report scope.
properties:
matchExpressions:
description: matchExpressions is a list of label selector requirements.
@ -11212,8 +11218,8 @@ spec:
type: object
x-kubernetes-map-type: atomic
resources:
description: Resources is an optional reference to the resource
checked by the policy and rule
description: Subjects is an optional reference to the checked Kubernetes
resources
items:
description: 'ObjectReference contains enough information to let
you inspect or modify the referred object. --- New uses of this
@ -11286,17 +11292,20 @@ spec:
- skip
type: string
rule:
description: Rule is the name of the policy rule
description: Rule is the name or identifier of the rule within the
policy
type: string
scored:
description: Scored indicates if this policy rule is scored
description: Scored indicates if this result is scored
type: boolean
severity:
description: Severity indicates policy severity
description: Severity indicates policy check result criticality
enum:
- critical
- high
- low
- medium
- info
type: string
source:
description: Source is an identifier for the policy engine that
@ -11428,8 +11437,8 @@ spec:
for evaluation
type: integer
warn:
description: Warn provides the count of unscored policies whose requirements
were not met
description: Warn provides the count of non-scored policies whose
requirements were not met
type: integer
type: object
type: object
@ -11516,11 +11525,11 @@ spec:
description: Category indicates policy category
type: string
message:
description: Message is a short user friendly description of the
description: Description is a short user friendly message for the
policy rule
type: string
policy:
description: Policy is the name of the policy
description: Policy is the name or identifier of the policy
type: string
properties:
additionalProperties:
@ -11529,11 +11538,11 @@ spec:
policy rule
type: object
resourceSelector:
description: ResourceSelector is an optional selector for policy
results that apply to multiple resources. For example, a policy
result may apply to all pods that match a label. Either a Resource
or a ResourceSelector can be specified. If neither are provided,
the result is assumed to be for the policy report scope.
description: SubjectSelector is an optional label selector for checked
Kubernetes resources. For example, a policy result may apply to
all pods that match a label. Either a Subject or a SubjectSelector
can be specified. If neither are provided, the result is assumed
to be for the policy report scope.
properties:
matchExpressions:
description: matchExpressions is a list of label selector requirements.
@ -11578,8 +11587,8 @@ spec:
type: object
x-kubernetes-map-type: atomic
resources:
description: Resources is an optional reference to the resource
checked by the policy and rule
description: Subjects is an optional reference to the checked Kubernetes
resources
items:
description: 'ObjectReference contains enough information to let
you inspect or modify the referred object. --- New uses of this
@ -11652,17 +11661,20 @@ spec:
- skip
type: string
rule:
description: Rule is the name of the policy rule
description: Rule is the name or identifier of the rule within the
policy
type: string
scored:
description: Scored indicates if this policy rule is scored
description: Scored indicates if this result is scored
type: boolean
severity:
description: Severity indicates policy severity
description: Severity indicates policy check result criticality
enum:
- critical
- high
- low
- medium
- info
type: string
source:
description: Source is an identifier for the policy engine that
@ -11794,8 +11806,8 @@ spec:
for evaluation
type: integer
warn:
description: Warn provides the count of unscored policies whose requirements
were not met
description: Warn provides the count of non-scored policies whose
requirements were not met
type: integer
type: object
type: object
@ -12378,7 +12390,8 @@ metadata:
name: kyverno:events
rules:
- apiGroups:
- '*'
- ""
- events.k8s.io
resources:
- events
verbs:

127
config/install_debug.yaml
View file

@ -5155,11 +5155,11 @@ spec:
description: Category indicates policy category
type: string
message:
description: Message is a short user friendly description of the
description: Description is a short user friendly message for the
policy rule
type: string
policy:
description: Policy is the name of the policy
description: Policy is the name or identifier of the policy
type: string
properties:
additionalProperties:
@ -5168,11 +5168,11 @@ spec:
policy rule
type: object
resourceSelector:
description: ResourceSelector is an optional selector for policy
results that apply to multiple resources. For example, a policy
result may apply to all pods that match a label. Either a Resource
or a ResourceSelector can be specified. If neither are provided,
the result is assumed to be for the policy report scope.
description: SubjectSelector is an optional label selector for checked
Kubernetes resources. For example, a policy result may apply to
all pods that match a label. Either a Subject or a SubjectSelector
can be specified. If neither are provided, the result is assumed
to be for the policy report scope.
properties:
matchExpressions:
description: matchExpressions is a list of label selector requirements.
@ -5217,8 +5217,8 @@ spec:
type: object
x-kubernetes-map-type: atomic
resources:
description: Resources is an optional reference to the resource
checked by the policy and rule
description: Subjects is an optional reference to the checked Kubernetes
resources
items:
description: 'ObjectReference contains enough information to let
you inspect or modify the referred object. --- New uses of this
@ -5291,17 +5291,20 @@ spec:
- skip
type: string
rule:
description: Rule is the name of the policy rule
description: Rule is the name or identifier of the rule within the
policy
type: string
scored:
description: Scored indicates if this policy rule is scored
description: Scored indicates if this result is scored
type: boolean
severity:
description: Severity indicates policy severity
description: Severity indicates policy check result criticality
enum:
- critical
- high
- low
- medium
- info
type: string
source:
description: Source is an identifier for the policy engine that
@ -5433,8 +5436,8 @@ spec:
for evaluation
type: integer
warn:
description: Warn provides the count of unscored policies whose requirements
were not met
description: Warn provides the count of non-scored policies whose
requirements were not met
type: integer
type: object
type: object
@ -5520,11 +5523,11 @@ spec:
description: Category indicates policy category
type: string
message:
description: Message is a short user friendly description of the
description: Description is a short user friendly message for the
policy rule
type: string
policy:
description: Policy is the name of the policy
description: Policy is the name or identifier of the policy
type: string
properties:
additionalProperties:
@ -5533,11 +5536,11 @@ spec:
policy rule
type: object
resourceSelector:
description: ResourceSelector is an optional selector for policy
results that apply to multiple resources. For example, a policy
result may apply to all pods that match a label. Either a Resource
or a ResourceSelector can be specified. If neither are provided,
the result is assumed to be for the policy report scope.
description: SubjectSelector is an optional label selector for checked
Kubernetes resources. For example, a policy result may apply to
all pods that match a label. Either a Subject or a SubjectSelector
can be specified. If neither are provided, the result is assumed
to be for the policy report scope.
properties:
matchExpressions:
description: matchExpressions is a list of label selector requirements.
@ -5582,8 +5585,8 @@ spec:
type: object
x-kubernetes-map-type: atomic
resources:
description: Resources is an optional reference to the resource
checked by the policy and rule
description: Subjects is an optional reference to the checked Kubernetes
resources
items:
description: 'ObjectReference contains enough information to let
you inspect or modify the referred object. --- New uses of this
@ -5656,17 +5659,20 @@ spec:
- skip
type: string
rule:
description: Rule is the name of the policy rule
description: Rule is the name or identifier of the rule within the
policy
type: string
scored:
description: Scored indicates if this policy rule is scored
description: Scored indicates if this result is scored
type: boolean
severity:
description: Severity indicates policy severity
description: Severity indicates policy check result criticality
enum:
- critical
- high
- low
- medium
- info
type: string
source:
description: Source is an identifier for the policy engine that
@ -5798,8 +5804,8 @@ spec:
for evaluation
type: integer
warn:
description: Warn provides the count of unscored policies whose requirements
were not met
description: Warn provides the count of non-scored policies whose
requirements were not met
type: integer
type: object
type: object
@ -11143,11 +11149,11 @@ spec:
description: Category indicates policy category
type: string
message:
description: Message is a short user friendly description of the
description: Description is a short user friendly message for the
policy rule
type: string
policy:
description: Policy is the name of the policy
description: Policy is the name or identifier of the policy
type: string
properties:
additionalProperties:
@ -11156,11 +11162,11 @@ spec:
policy rule
type: object
resourceSelector:
description: ResourceSelector is an optional selector for policy
results that apply to multiple resources. For example, a policy
result may apply to all pods that match a label. Either a Resource
or a ResourceSelector can be specified. If neither are provided,
the result is assumed to be for the policy report scope.
description: SubjectSelector is an optional label selector for checked
Kubernetes resources. For example, a policy result may apply to
all pods that match a label. Either a Subject or a SubjectSelector
can be specified. If neither are provided, the result is assumed
to be for the policy report scope.
properties:
matchExpressions:
description: matchExpressions is a list of label selector requirements.
@ -11205,8 +11211,8 @@ spec:
type: object
x-kubernetes-map-type: atomic
resources:
description: Resources is an optional reference to the resource
checked by the policy and rule
description: Subjects is an optional reference to the checked Kubernetes
resources
items:
description: 'ObjectReference contains enough information to let
you inspect or modify the referred object. --- New uses of this
@ -11279,17 +11285,20 @@ spec:
- skip
type: string
rule:
description: Rule is the name of the policy rule
description: Rule is the name or identifier of the rule within the
policy
type: string
scored:
description: Scored indicates if this policy rule is scored
description: Scored indicates if this result is scored
type: boolean
severity:
description: Severity indicates policy severity
description: Severity indicates policy check result criticality
enum:
- critical
- high
- low
- medium
- info
type: string
source:
description: Source is an identifier for the policy engine that
@ -11421,8 +11430,8 @@ spec:
for evaluation
type: integer
warn:
description: Warn provides the count of unscored policies whose requirements
were not met
description: Warn provides the count of non-scored policies whose
requirements were not met
type: integer
type: object
type: object
@ -11508,11 +11517,11 @@ spec:
description: Category indicates policy category
type: string
message:
description: Message is a short user friendly description of the
description: Description is a short user friendly message for the
policy rule
type: string
policy:
description: Policy is the name of the policy
description: Policy is the name or identifier of the policy
type: string
properties:
additionalProperties:
@ -11521,11 +11530,11 @@ spec:
policy rule
type: object
resourceSelector:
description: ResourceSelector is an optional selector for policy
results that apply to multiple resources. For example, a policy
result may apply to all pods that match a label. Either a Resource
or a ResourceSelector can be specified. If neither are provided,
the result is assumed to be for the policy report scope.
description: SubjectSelector is an optional label selector for checked
Kubernetes resources. For example, a policy result may apply to
all pods that match a label. Either a Subject or a SubjectSelector
can be specified. If neither are provided, the result is assumed
to be for the policy report scope.
properties:
matchExpressions:
description: matchExpressions is a list of label selector requirements.
@ -11570,8 +11579,8 @@ spec:
type: object
x-kubernetes-map-type: atomic
resources:
description: Resources is an optional reference to the resource
checked by the policy and rule
description: Subjects is an optional reference to the checked Kubernetes
resources
items:
description: 'ObjectReference contains enough information to let
you inspect or modify the referred object. --- New uses of this
@ -11644,17 +11653,20 @@ spec:
- skip
type: string
rule:
description: Rule is the name of the policy rule
description: Rule is the name or identifier of the rule within the
policy
type: string
scored:
description: Scored indicates if this policy rule is scored
description: Scored indicates if this result is scored
type: boolean
severity:
description: Severity indicates policy severity
description: Severity indicates policy check result criticality
enum:
- critical
- high
- low
- medium
- info
type: string
source:
description: Source is an identifier for the policy engine that
@ -11786,8 +11798,8 @@ spec:
for evaluation
type: integer
warn:
description: Warn provides the count of unscored policies whose requirements
were not met
description: Warn provides the count of non-scored policies whose
requirements were not met
type: integer
type: object
type: object
@ -12361,7 +12373,8 @@ metadata:
name: kyverno:events
rules:
- apiGroups:
- '*'
- ""
- events.k8s.io
resources:
- events
verbs: