diff --git a/Makefile b/Makefile index be6fbfc168..d494d2bbf8 100644 --- a/Makefile +++ b/Makefile @@ -402,7 +402,7 @@ image-build-all: $(BUILD_WITH)-build-all GOPATH_SHIM := ${PWD}/.gopath PACKAGE_SHIM := $(GOPATH_SHIM)/src/$(PACKAGE) OUT_PACKAGE := $(PACKAGE)/pkg/client -INPUT_DIRS := $(PACKAGE)/api/kyverno/v1,$(PACKAGE)/api/kyverno/v1alpha2,$(PACKAGE)/api/kyverno/v1beta1,$(PACKAGE)/api/kyverno/v2,$(PACKAGE)/api/kyverno/v2beta1,$(PACKAGE)/api/kyverno/v2alpha1,$(PACKAGE)/api/reports/v1,$(PACKAGE)/api/policyreport/v1alpha2 +INPUT_DIRS := $(PACKAGE)/api/kyverno/v1,$(PACKAGE)/api/kyverno/v1beta1,$(PACKAGE)/api/kyverno/v2,$(PACKAGE)/api/kyverno/v2beta1,$(PACKAGE)/api/kyverno/v2alpha1,$(PACKAGE)/api/reports/v1,$(PACKAGE)/api/policyreport/v1alpha2 CLIENTSET_PACKAGE := $(OUT_PACKAGE)/clientset LISTERS_PACKAGE := $(OUT_PACKAGE)/listers INFORMERS_PACKAGE := $(OUT_PACKAGE)/informers diff --git a/api/kyverno/v1alpha2/admission_report_types.go b/api/kyverno/v1alpha2/admission_report_types.go deleted file mode 100644 index 555bd8323f..0000000000 --- a/api/kyverno/v1alpha2/admission_report_types.go +++ /dev/null @@ -1,95 +0,0 @@ -/* -Copyright 2020 The Kubernetes authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1alpha2 - -import ( - kyvernov2 "github.com/kyverno/kyverno/api/kyverno/v2" - policyreportv1alpha2 "github.com/kyverno/kyverno/api/policyreport/v1alpha2" -) - -// +genclient -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object -// +kubebuilder:object:root=true -// +kubebuilder:storageversion -// +kubebuilder:resource:shortName=admr,categories=kyverno -// +kubebuilder:printcolumn:name="AGE",type="date",JSONPath=".metadata.creationTimestamp" -// +kubebuilder:printcolumn:name="PASS",type=integer,JSONPath=".spec.summary.pass" -// +kubebuilder:printcolumn:name="FAIL",type=integer,JSONPath=".spec.summary.fail" -// +kubebuilder:printcolumn:name="WARN",type=integer,JSONPath=".spec.summary.warn" -// +kubebuilder:printcolumn:name="ERROR",type=integer,JSONPath=".spec.summary.error" -// +kubebuilder:printcolumn:name="SKIP",type=integer,JSONPath=".spec.summary.skip" -// +kubebuilder:printcolumn:name="GVR",type=string,JSONPath=".metadata.labels['audit\\.kyverno\\.io/resource\\.gvr']" -// +kubebuilder:printcolumn:name="REF",type=string,JSONPath=".metadata.labels['audit\\.kyverno\\.io/resource\\.name']" -// +kubebuilder:printcolumn:name="AGGREGATE",type=string,JSONPath=".metadata.labels['audit\\.kyverno\\.io/report\\.aggregate']",priority=1 - -// AdmissionReport is the Schema for the AdmissionReports API -type AdmissionReport kyvernov2.AdmissionReport - -func (r *AdmissionReport) GetResults() []policyreportv1alpha2.PolicyReportResult { - return r.Spec.Results -} - -func (r *AdmissionReport) SetResults(results []policyreportv1alpha2.PolicyReportResult) { - r.Spec.Results = results -} - -func (r *AdmissionReport) SetSummary(summary policyreportv1alpha2.PolicyReportSummary) { - r.Spec.Summary = summary -} - -// +genclient -// +genclient:nonNamespaced -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object -// +kubebuilder:object:root=true -// +kubebuilder:storageversion -// +kubebuilder:resource:scope=Cluster,shortName=cadmr,categories=kyverno -// +kubebuilder:printcolumn:name="AGE",type="date",JSONPath=".metadata.creationTimestamp" -// +kubebuilder:printcolumn:name="PASS",type=integer,JSONPath=".spec.summary.pass" -// +kubebuilder:printcolumn:name="FAIL",type=integer,JSONPath=".spec.summary.fail" -// +kubebuilder:printcolumn:name="WARN",type=integer,JSONPath=".spec.summary.warn" -// +kubebuilder:printcolumn:name="ERROR",type=integer,JSONPath=".spec.summary.error" -// +kubebuilder:printcolumn:name="SKIP",type=integer,JSONPath=".spec.summary.skip" -// +kubebuilder:printcolumn:name="GVR",type=string,JSONPath=".metadata.labels['audit\\.kyverno\\.io/resource\\.gvr']" -// +kubebuilder:printcolumn:name="REF",type=string,JSONPath=".metadata.labels['audit\\.kyverno\\.io/resource\\.name']" -// +kubebuilder:printcolumn:name="AGGREGATE",type=string,JSONPath=".metadata.labels['audit\\.kyverno\\.io/report\\.aggregate']",priority=1 - -// ClusterAdmissionReport is the Schema for the ClusterAdmissionReports API -type ClusterAdmissionReport kyvernov2.ClusterAdmissionReport - -func (r *ClusterAdmissionReport) GetResults() []policyreportv1alpha2.PolicyReportResult { - return r.Spec.Results -} - -func (r *ClusterAdmissionReport) SetResults(results []policyreportv1alpha2.PolicyReportResult) { - r.Spec.Results = results -} - -func (r *ClusterAdmissionReport) SetSummary(summary policyreportv1alpha2.PolicyReportSummary) { - r.Spec.Summary = summary -} - -// +kubebuilder:object:root=true -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// AdmissionReportList contains a list of AdmissionReport -type AdmissionReportList kyvernov2.AdmissionReportList - -// +kubebuilder:object:root=true -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// ClusterAdmissionReportList contains a list of ClusterAdmissionReport -type ClusterAdmissionReportList kyvernov2.ClusterAdmissionReportList diff --git a/api/kyverno/v1alpha2/background_scan_report_types.go b/api/kyverno/v1alpha2/background_scan_report_types.go deleted file mode 100644 index a90bc1d886..0000000000 --- a/api/kyverno/v1alpha2/background_scan_report_types.go +++ /dev/null @@ -1,97 +0,0 @@ -/* -Copyright 2020 The Kubernetes authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1alpha2 - -import ( - kyvernov2 "github.com/kyverno/kyverno/api/kyverno/v2" - policyreportv1alpha2 "github.com/kyverno/kyverno/api/policyreport/v1alpha2" -) - -// +genclient -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object -// +kubebuilder:object:root=true -// +kubebuilder:storageversion -// +kubebuilder:resource:shortName=bgscanr,categories=kyverno -// +kubebuilder:printcolumn:name="ApiVersion",type=string,JSONPath=".metadata.ownerReferences[0].apiVersion" -// +kubebuilder:printcolumn:name="Kind",type=string,JSONPath=".metadata.ownerReferences[0].kind" -// +kubebuilder:printcolumn:name="Subject",type=string,JSONPath=".metadata.ownerReferences[0].name" -// +kubebuilder:printcolumn:name="Pass",type=integer,JSONPath=".spec.summary.pass" -// +kubebuilder:printcolumn:name="Fail",type=integer,JSONPath=".spec.summary.fail" -// +kubebuilder:printcolumn:name="Warn",type=integer,JSONPath=".spec.summary.warn" -// +kubebuilder:printcolumn:name="Error",type=integer,JSONPath=".spec.summary.error" -// +kubebuilder:printcolumn:name="Skip",type=integer,JSONPath=".spec.summary.skip" -// +kubebuilder:printcolumn:name="Age",type="date",JSONPath=".metadata.creationTimestamp" -// +kubebuilder:printcolumn:name="Hash",type=string,JSONPath=".metadata.labels['audit\\.kyverno\\.io/resource\\.hash']",priority=1 - -// BackgroundScanReport is the Schema for the BackgroundScanReports API -type BackgroundScanReport kyvernov2.BackgroundScanReport - -func (r *BackgroundScanReport) GetResults() []policyreportv1alpha2.PolicyReportResult { - return r.Spec.Results -} - -func (r *BackgroundScanReport) SetResults(results []policyreportv1alpha2.PolicyReportResult) { - r.Spec.Results = results -} - -func (r *BackgroundScanReport) SetSummary(summary policyreportv1alpha2.PolicyReportSummary) { - r.Spec.Summary = summary -} - -// +genclient -// +genclient:nonNamespaced -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object -// +kubebuilder:object:root=true -// +kubebuilder:storageversion -// +kubebuilder:resource:scope=Cluster,shortName=cbgscanr,categories=kyverno -// +kubebuilder:printcolumn:name="ApiVersion",type=string,JSONPath=".metadata.ownerReferences[0].apiVersion" -// +kubebuilder:printcolumn:name="Kind",type=string,JSONPath=".metadata.ownerReferences[0].kind" -// +kubebuilder:printcolumn:name="Subject",type=string,JSONPath=".metadata.ownerReferences[0].name" -// +kubebuilder:printcolumn:name="Pass",type=integer,JSONPath=".spec.summary.pass" -// +kubebuilder:printcolumn:name="Fail",type=integer,JSONPath=".spec.summary.fail" -// +kubebuilder:printcolumn:name="Warn",type=integer,JSONPath=".spec.summary.warn" -// +kubebuilder:printcolumn:name="Error",type=integer,JSONPath=".spec.summary.error" -// +kubebuilder:printcolumn:name="Skip",type=integer,JSONPath=".spec.summary.skip" -// +kubebuilder:printcolumn:name="Age",type="date",JSONPath=".metadata.creationTimestamp" -// +kubebuilder:printcolumn:name="Hash",type=string,JSONPath=".metadata.labels['audit\\.kyverno\\.io/resource\\.hash']",priority=1 - -// ClusterBackgroundScanReport is the Schema for the ClusterBackgroundScanReports API -type ClusterBackgroundScanReport kyvernov2.ClusterBackgroundScanReport - -func (r *ClusterBackgroundScanReport) GetResults() []policyreportv1alpha2.PolicyReportResult { - return r.Spec.Results -} - -func (r *ClusterBackgroundScanReport) SetResults(results []policyreportv1alpha2.PolicyReportResult) { - r.Spec.Results = results -} - -func (r *ClusterBackgroundScanReport) SetSummary(summary policyreportv1alpha2.PolicyReportSummary) { - r.Spec.Summary = summary -} - -// +kubebuilder:object:root=true -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// BackgroundScanReportList contains a list of BackgroundScanReport -type BackgroundScanReportList kyvernov2.BackgroundScanReportList - -// +kubebuilder:object:root=true -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// ClusterBackgroundScanReportList contains a list of ClusterBackgroundScanReport -type ClusterBackgroundScanReportList kyvernov2.ClusterBackgroundScanReportList diff --git a/api/kyverno/v1alpha2/doc.go b/api/kyverno/v1alpha2/doc.go deleted file mode 100644 index 598479fc95..0000000000 --- a/api/kyverno/v1alpha2/doc.go +++ /dev/null @@ -1,21 +0,0 @@ -/* -Copyright 2020 The Kubernetes authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package v1alpha2 contains API Schema definitions for the policy v1alpha2 API group -// +k8s:deepcopy-gen=package -// +kubebuilder:object:generate=true -// +groupName=kyverno.io -package v1alpha2 diff --git a/api/kyverno/v1alpha2/zz_generated.deepcopy.go b/api/kyverno/v1alpha2/zz_generated.deepcopy.go deleted file mode 100644 index c33c012a64..0000000000 --- a/api/kyverno/v1alpha2/zz_generated.deepcopy.go +++ /dev/null @@ -1,267 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by deepcopy-gen. DO NOT EDIT. - -package v1alpha2 - -import ( - v2 "github.com/kyverno/kyverno/api/kyverno/v2" - runtime "k8s.io/apimachinery/pkg/runtime" -) - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *AdmissionReport) DeepCopyInto(out *AdmissionReport) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - in.Spec.DeepCopyInto(&out.Spec) - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AdmissionReport. -func (in *AdmissionReport) DeepCopy() *AdmissionReport { - if in == nil { - return nil - } - out := new(AdmissionReport) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *AdmissionReport) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *AdmissionReportList) DeepCopyInto(out *AdmissionReportList) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ListMeta.DeepCopyInto(&out.ListMeta) - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]v2.AdmissionReport, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AdmissionReportList. -func (in *AdmissionReportList) DeepCopy() *AdmissionReportList { - if in == nil { - return nil - } - out := new(AdmissionReportList) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *AdmissionReportList) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *BackgroundScanReport) DeepCopyInto(out *BackgroundScanReport) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - in.Spec.DeepCopyInto(&out.Spec) - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BackgroundScanReport. -func (in *BackgroundScanReport) DeepCopy() *BackgroundScanReport { - if in == nil { - return nil - } - out := new(BackgroundScanReport) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *BackgroundScanReport) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *BackgroundScanReportList) DeepCopyInto(out *BackgroundScanReportList) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ListMeta.DeepCopyInto(&out.ListMeta) - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]v2.BackgroundScanReport, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BackgroundScanReportList. -func (in *BackgroundScanReportList) DeepCopy() *BackgroundScanReportList { - if in == nil { - return nil - } - out := new(BackgroundScanReportList) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *BackgroundScanReportList) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ClusterAdmissionReport) DeepCopyInto(out *ClusterAdmissionReport) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - in.Spec.DeepCopyInto(&out.Spec) - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterAdmissionReport. -func (in *ClusterAdmissionReport) DeepCopy() *ClusterAdmissionReport { - if in == nil { - return nil - } - out := new(ClusterAdmissionReport) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *ClusterAdmissionReport) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ClusterAdmissionReportList) DeepCopyInto(out *ClusterAdmissionReportList) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ListMeta.DeepCopyInto(&out.ListMeta) - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]v2.ClusterAdmissionReport, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterAdmissionReportList. -func (in *ClusterAdmissionReportList) DeepCopy() *ClusterAdmissionReportList { - if in == nil { - return nil - } - out := new(ClusterAdmissionReportList) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *ClusterAdmissionReportList) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ClusterBackgroundScanReport) DeepCopyInto(out *ClusterBackgroundScanReport) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - in.Spec.DeepCopyInto(&out.Spec) - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterBackgroundScanReport. -func (in *ClusterBackgroundScanReport) DeepCopy() *ClusterBackgroundScanReport { - if in == nil { - return nil - } - out := new(ClusterBackgroundScanReport) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *ClusterBackgroundScanReport) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ClusterBackgroundScanReportList) DeepCopyInto(out *ClusterBackgroundScanReportList) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ListMeta.DeepCopyInto(&out.ListMeta) - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]v2.ClusterBackgroundScanReport, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterBackgroundScanReportList. -func (in *ClusterBackgroundScanReportList) DeepCopy() *ClusterBackgroundScanReportList { - if in == nil { - return nil - } - out := new(ClusterBackgroundScanReportList) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *ClusterBackgroundScanReportList) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} diff --git a/api/kyverno/v1alpha2/zz_generated.defaults.go b/api/kyverno/v1alpha2/zz_generated.defaults.go deleted file mode 100644 index 7e0a05edc9..0000000000 --- a/api/kyverno/v1alpha2/zz_generated.defaults.go +++ /dev/null @@ -1,33 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by defaulter-gen. DO NOT EDIT. - -package v1alpha2 - -import ( - runtime "k8s.io/apimachinery/pkg/runtime" -) - -// RegisterDefaults adds defaulters functions to the given scheme. -// Public to allow building arbitrary schemes. -// All generated defaulters are covering - they call all nested defaulters. -func RegisterDefaults(scheme *runtime.Scheme) error { - return nil -} diff --git a/api/kyverno/v1alpha2/zz_generated.register.go b/api/kyverno/v1alpha2/zz_generated.register.go deleted file mode 100644 index 951f596e2f..0000000000 --- a/api/kyverno/v1alpha2/zz_generated.register.go +++ /dev/null @@ -1,73 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by register-gen. DO NOT EDIT. - -package v1alpha2 - -import ( - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" -) - -// GroupName specifies the group name used to register the objects. -const GroupName = "kyverno.io" - -// GroupVersion specifies the group and the version used to register the objects. -var GroupVersion = v1.GroupVersion{Group: GroupName, Version: "v1alpha2"} - -// SchemeGroupVersion is group version used to register these objects -// Deprecated: use GroupVersion instead. -var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1alpha2"} - -// Resource takes an unqualified resource and returns a Group qualified GroupResource -func Resource(resource string) schema.GroupResource { - return SchemeGroupVersion.WithResource(resource).GroupResource() -} - -var ( - // localSchemeBuilder and AddToScheme will stay in k8s.io/kubernetes. - SchemeBuilder runtime.SchemeBuilder - localSchemeBuilder = &SchemeBuilder - // Depreciated: use Install instead - AddToScheme = localSchemeBuilder.AddToScheme - Install = localSchemeBuilder.AddToScheme -) - -func init() { - // We only register manually written functions here. The registration of the - // generated functions takes place in the generated files. The separation - // makes the code compile even when the generated files are missing. - localSchemeBuilder.Register(addKnownTypes) -} - -// Adds the list of known types to Scheme. -func addKnownTypes(scheme *runtime.Scheme) error { - scheme.AddKnownTypes(SchemeGroupVersion, - &AdmissionReport{}, - &AdmissionReportList{}, - &BackgroundScanReport{}, - &BackgroundScanReportList{}, - &ClusterAdmissionReport{}, - &ClusterAdmissionReportList{}, - &ClusterBackgroundScanReport{}, - &ClusterBackgroundScanReportList{}, - ) - // AddToGroupVersion allows the serialization of client types like ListOptions. - v1.AddToGroupVersion(scheme, SchemeGroupVersion) - return nil -} diff --git a/api/kyverno/v1alpha2/interface.go b/api/reports/v1/interface.go similarity index 98% rename from api/kyverno/v1alpha2/interface.go rename to api/reports/v1/interface.go index 772b217972..b9b33e8f20 100644 --- a/api/kyverno/v1alpha2/interface.go +++ b/api/reports/v1/interface.go @@ -14,7 +14,7 @@ See the License for the specific language governing permissions and limitations under the License. */ -package v1alpha2 +package v1 import ( policyreportv1alpha2 "github.com/kyverno/kyverno/api/policyreport/v1alpha2" diff --git a/charts/kyverno/charts/crds/templates/kyverno.io/kyverno.io_admissionreports.yaml b/charts/kyverno/charts/crds/templates/kyverno.io/kyverno.io_admissionreports.yaml index 58e097bbdd..8686ebdd18 100644 --- a/charts/kyverno/charts/crds/templates/kyverno.io/kyverno.io_admissionreports.yaml +++ b/charts/kyverno/charts/crds/templates/kyverno.io/kyverno.io_admissionreports.yaml @@ -24,328 +24,6 @@ spec: singular: admissionreport scope: Namespaced versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: AGE - type: date - - jsonPath: .spec.summary.pass - name: PASS - type: integer - - jsonPath: .spec.summary.fail - name: FAIL - type: integer - - jsonPath: .spec.summary.warn - name: WARN - type: integer - - jsonPath: .spec.summary.error - name: ERROR - type: integer - - jsonPath: .spec.summary.skip - name: SKIP - type: integer - - jsonPath: .metadata.labels['audit\.kyverno\.io/resource\.gvr'] - name: GVR - type: string - - jsonPath: .metadata.labels['audit\.kyverno\.io/resource\.name'] - name: REF - type: string - - jsonPath: .metadata.labels['audit\.kyverno\.io/report\.aggregate'] - name: AGGREGATE - priority: 1 - type: string - name: v1alpha2 - schema: - openAPIV3Schema: - description: AdmissionReport is the Schema for the AdmissionReports API - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - properties: - owner: - description: Owner is a reference to the report owner (e.g. a Deployment, - Namespace, or Node) - properties: - apiVersion: - description: API version of the referent. - type: string - blockOwnerDeletion: - description: |- - If true, AND if the owner has the "foregroundDeletion" finalizer, then - the owner cannot be deleted from the key-value store until this - reference is removed. - See https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion - for how the garbage collector interacts with this field and enforces the foreground deletion. - Defaults to false. - To set this field, a user needs "delete" permission of the owner, - otherwise 422 (Unprocessable Entity) will be returned. - type: boolean - controller: - description: If true, this reference points to the managing controller. - type: boolean - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids - type: string - required: - - apiVersion - - kind - - name - - uid - type: object - x-kubernetes-map-type: atomic - results: - description: PolicyReportResult provides result details - items: - description: PolicyReportResult provides the result for an individual - policy - properties: - category: - description: Category indicates policy category - type: string - message: - description: Description is a short user friendly message for - the policy rule - type: string - policy: - description: Policy is the name or identifier of the policy - type: string - properties: - additionalProperties: - type: string - description: Properties provides additional information for - the policy rule - type: object - resourceSelector: - description: |- - SubjectSelector is an optional label selector for checked Kubernetes resources. - For example, a policy result may apply to all pods that match a label. - Either a Subject or a SubjectSelector can be specified. - If neither are provided, the result is assumed to be for the policy report scope. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - resources: - description: Subjects is an optional reference to the checked - Kubernetes resources - items: - description: |- - ObjectReference contains enough information to let you inspect or modify the referred object. - --- - New uses of this type are discouraged because of difficulty describing its usage when embedded in APIs. - 1. Ignored fields. It includes many fields which are not generally honored. For instance, ResourceVersion and FieldPath are both very rarely valid in actual usage. - 2. Invalid usage help. It is impossible to add specific help for individual usage. In most embedded usages, there are particular - restrictions like, "must refer only to types A and B" or "UID not honored" or "name must be restricted". - Those cannot be well described when embedded. - 3. Inconsistent validation. Because the usages are different, the validation rules are different by usage, which makes it hard for users to predict what will happen. - 4. The fields are both imprecise and overly precise. Kind is not a precise mapping to a URL. This can produce ambiguity - during interpretation and require a REST mapping. In most cases, the dependency is on the group,resource tuple - and the version of the actual struct is irrelevant. - 5. We cannot easily change it. Because this type is embedded in many locations, updates to this type - will affect numerous schemas. Don't make new APIs embed an underspecified API type they do not control. - - - Instead of using this type, create a locally provided and used type that is well-focused on your reference. - For example, ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 . - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - type: array - result: - description: Result indicates the outcome of the policy rule - execution - enum: - - pass - - fail - - warn - - error - - skip - type: string - rule: - description: Rule is the name or identifier of the rule within - the policy - type: string - scored: - description: Scored indicates if this result is scored - type: boolean - severity: - description: Severity indicates policy check result criticality - enum: - - critical - - high - - low - - medium - - info - type: string - source: - description: Source is an identifier for the policy engine that - manages this report - type: string - timestamp: - description: Timestamp indicates the time the result was found - properties: - nanos: - description: |- - Non-negative fractions of a second at nanosecond resolution. Negative - second values with fractions must still have non-negative nanos values - that count forward in time. Must be from 0 to 999,999,999 - inclusive. This field may be limited in precision depending on context. - format: int32 - type: integer - seconds: - description: |- - Represents seconds of UTC time since Unix epoch - 1970-01-01T00:00:00Z. Must be from 0001-01-01T00:00:00Z to - 9999-12-31T23:59:59Z inclusive. - format: int64 - type: integer - required: - - nanos - - seconds - type: object - required: - - policy - type: object - type: array - summary: - description: PolicyReportSummary provides a summary of results - properties: - error: - description: Error provides the count of policies that could not - be evaluated - type: integer - fail: - description: Fail provides the count of policies whose requirements - were not met - type: integer - pass: - description: Pass provides the count of policies whose requirements - were met - type: integer - skip: - description: Skip indicates the count of policies that were not - selected for evaluation - type: integer - warn: - description: Warn provides the count of non-scored policies whose - requirements were not met - type: integer - type: object - required: - - owner - type: object - required: - - spec - type: object - served: true - storage: true - subresources: {} - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: AGE @@ -666,6 +344,6 @@ spec: - spec type: object served: true - storage: false + storage: true subresources: {} {{- end }} diff --git a/charts/kyverno/charts/crds/templates/kyverno.io/kyverno.io_backgroundscanreports.yaml b/charts/kyverno/charts/crds/templates/kyverno.io/kyverno.io_backgroundscanreports.yaml index 13e75a97ba..375ce0711a 100644 --- a/charts/kyverno/charts/crds/templates/kyverno.io/kyverno.io_backgroundscanreports.yaml +++ b/charts/kyverno/charts/crds/templates/kyverno.io/kyverno.io_backgroundscanreports.yaml @@ -24,287 +24,6 @@ spec: singular: backgroundscanreport scope: Namespaced versions: - - additionalPrinterColumns: - - jsonPath: .metadata.ownerReferences[0].apiVersion - name: ApiVersion - type: string - - jsonPath: .metadata.ownerReferences[0].kind - name: Kind - type: string - - jsonPath: .metadata.ownerReferences[0].name - name: Subject - type: string - - jsonPath: .spec.summary.pass - name: Pass - type: integer - - jsonPath: .spec.summary.fail - name: Fail - type: integer - - jsonPath: .spec.summary.warn - name: Warn - type: integer - - jsonPath: .spec.summary.error - name: Error - type: integer - - jsonPath: .spec.summary.skip - name: Skip - type: integer - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - jsonPath: .metadata.labels['audit\.kyverno\.io/resource\.hash'] - name: Hash - priority: 1 - type: string - name: v1alpha2 - schema: - openAPIV3Schema: - description: BackgroundScanReport is the Schema for the BackgroundScanReports - API - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - properties: - results: - description: PolicyReportResult provides result details - items: - description: PolicyReportResult provides the result for an individual - policy - properties: - category: - description: Category indicates policy category - type: string - message: - description: Description is a short user friendly message for - the policy rule - type: string - policy: - description: Policy is the name or identifier of the policy - type: string - properties: - additionalProperties: - type: string - description: Properties provides additional information for - the policy rule - type: object - resourceSelector: - description: |- - SubjectSelector is an optional label selector for checked Kubernetes resources. - For example, a policy result may apply to all pods that match a label. - Either a Subject or a SubjectSelector can be specified. - If neither are provided, the result is assumed to be for the policy report scope. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - resources: - description: Subjects is an optional reference to the checked - Kubernetes resources - items: - description: |- - ObjectReference contains enough information to let you inspect or modify the referred object. - --- - New uses of this type are discouraged because of difficulty describing its usage when embedded in APIs. - 1. Ignored fields. It includes many fields which are not generally honored. For instance, ResourceVersion and FieldPath are both very rarely valid in actual usage. - 2. Invalid usage help. It is impossible to add specific help for individual usage. In most embedded usages, there are particular - restrictions like, "must refer only to types A and B" or "UID not honored" or "name must be restricted". - Those cannot be well described when embedded. - 3. Inconsistent validation. Because the usages are different, the validation rules are different by usage, which makes it hard for users to predict what will happen. - 4. The fields are both imprecise and overly precise. Kind is not a precise mapping to a URL. This can produce ambiguity - during interpretation and require a REST mapping. In most cases, the dependency is on the group,resource tuple - and the version of the actual struct is irrelevant. - 5. We cannot easily change it. Because this type is embedded in many locations, updates to this type - will affect numerous schemas. Don't make new APIs embed an underspecified API type they do not control. - - - Instead of using this type, create a locally provided and used type that is well-focused on your reference. - For example, ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 . - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - type: array - result: - description: Result indicates the outcome of the policy rule - execution - enum: - - pass - - fail - - warn - - error - - skip - type: string - rule: - description: Rule is the name or identifier of the rule within - the policy - type: string - scored: - description: Scored indicates if this result is scored - type: boolean - severity: - description: Severity indicates policy check result criticality - enum: - - critical - - high - - low - - medium - - info - type: string - source: - description: Source is an identifier for the policy engine that - manages this report - type: string - timestamp: - description: Timestamp indicates the time the result was found - properties: - nanos: - description: |- - Non-negative fractions of a second at nanosecond resolution. Negative - second values with fractions must still have non-negative nanos values - that count forward in time. Must be from 0 to 999,999,999 - inclusive. This field may be limited in precision depending on context. - format: int32 - type: integer - seconds: - description: |- - Represents seconds of UTC time since Unix epoch - 1970-01-01T00:00:00Z. Must be from 0001-01-01T00:00:00Z to - 9999-12-31T23:59:59Z inclusive. - format: int64 - type: integer - required: - - nanos - - seconds - type: object - required: - - policy - type: object - type: array - summary: - description: PolicyReportSummary provides a summary of results - properties: - error: - description: Error provides the count of policies that could not - be evaluated - type: integer - fail: - description: Fail provides the count of policies whose requirements - were not met - type: integer - pass: - description: Pass provides the count of policies whose requirements - were met - type: integer - skip: - description: Skip indicates the count of policies that were not - selected for evaluation - type: integer - warn: - description: Warn provides the count of non-scored policies whose - requirements were not met - type: integer - type: object - type: object - required: - - spec - type: object - served: true - storage: true - subresources: {} - additionalPrinterColumns: - jsonPath: .metadata.ownerReferences[0].apiVersion name: ApiVersion @@ -584,6 +303,6 @@ spec: - spec type: object served: true - storage: false + storage: true subresources: {} {{- end }} diff --git a/charts/kyverno/charts/crds/templates/kyverno.io/kyverno.io_clusteradmissionreports.yaml b/charts/kyverno/charts/crds/templates/kyverno.io/kyverno.io_clusteradmissionreports.yaml index f8dd1c5558..bc96a978d4 100644 --- a/charts/kyverno/charts/crds/templates/kyverno.io/kyverno.io_clusteradmissionreports.yaml +++ b/charts/kyverno/charts/crds/templates/kyverno.io/kyverno.io_clusteradmissionreports.yaml @@ -24,329 +24,6 @@ spec: singular: clusteradmissionreport scope: Cluster versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: AGE - type: date - - jsonPath: .spec.summary.pass - name: PASS - type: integer - - jsonPath: .spec.summary.fail - name: FAIL - type: integer - - jsonPath: .spec.summary.warn - name: WARN - type: integer - - jsonPath: .spec.summary.error - name: ERROR - type: integer - - jsonPath: .spec.summary.skip - name: SKIP - type: integer - - jsonPath: .metadata.labels['audit\.kyverno\.io/resource\.gvr'] - name: GVR - type: string - - jsonPath: .metadata.labels['audit\.kyverno\.io/resource\.name'] - name: REF - type: string - - jsonPath: .metadata.labels['audit\.kyverno\.io/report\.aggregate'] - name: AGGREGATE - priority: 1 - type: string - name: v1alpha2 - schema: - openAPIV3Schema: - description: ClusterAdmissionReport is the Schema for the ClusterAdmissionReports - API - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - properties: - owner: - description: Owner is a reference to the report owner (e.g. a Deployment, - Namespace, or Node) - properties: - apiVersion: - description: API version of the referent. - type: string - blockOwnerDeletion: - description: |- - If true, AND if the owner has the "foregroundDeletion" finalizer, then - the owner cannot be deleted from the key-value store until this - reference is removed. - See https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion - for how the garbage collector interacts with this field and enforces the foreground deletion. - Defaults to false. - To set this field, a user needs "delete" permission of the owner, - otherwise 422 (Unprocessable Entity) will be returned. - type: boolean - controller: - description: If true, this reference points to the managing controller. - type: boolean - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids - type: string - required: - - apiVersion - - kind - - name - - uid - type: object - x-kubernetes-map-type: atomic - results: - description: PolicyReportResult provides result details - items: - description: PolicyReportResult provides the result for an individual - policy - properties: - category: - description: Category indicates policy category - type: string - message: - description: Description is a short user friendly message for - the policy rule - type: string - policy: - description: Policy is the name or identifier of the policy - type: string - properties: - additionalProperties: - type: string - description: Properties provides additional information for - the policy rule - type: object - resourceSelector: - description: |- - SubjectSelector is an optional label selector for checked Kubernetes resources. - For example, a policy result may apply to all pods that match a label. - Either a Subject or a SubjectSelector can be specified. - If neither are provided, the result is assumed to be for the policy report scope. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - resources: - description: Subjects is an optional reference to the checked - Kubernetes resources - items: - description: |- - ObjectReference contains enough information to let you inspect or modify the referred object. - --- - New uses of this type are discouraged because of difficulty describing its usage when embedded in APIs. - 1. Ignored fields. It includes many fields which are not generally honored. For instance, ResourceVersion and FieldPath are both very rarely valid in actual usage. - 2. Invalid usage help. It is impossible to add specific help for individual usage. In most embedded usages, there are particular - restrictions like, "must refer only to types A and B" or "UID not honored" or "name must be restricted". - Those cannot be well described when embedded. - 3. Inconsistent validation. Because the usages are different, the validation rules are different by usage, which makes it hard for users to predict what will happen. - 4. The fields are both imprecise and overly precise. Kind is not a precise mapping to a URL. This can produce ambiguity - during interpretation and require a REST mapping. In most cases, the dependency is on the group,resource tuple - and the version of the actual struct is irrelevant. - 5. We cannot easily change it. Because this type is embedded in many locations, updates to this type - will affect numerous schemas. Don't make new APIs embed an underspecified API type they do not control. - - - Instead of using this type, create a locally provided and used type that is well-focused on your reference. - For example, ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 . - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - type: array - result: - description: Result indicates the outcome of the policy rule - execution - enum: - - pass - - fail - - warn - - error - - skip - type: string - rule: - description: Rule is the name or identifier of the rule within - the policy - type: string - scored: - description: Scored indicates if this result is scored - type: boolean - severity: - description: Severity indicates policy check result criticality - enum: - - critical - - high - - low - - medium - - info - type: string - source: - description: Source is an identifier for the policy engine that - manages this report - type: string - timestamp: - description: Timestamp indicates the time the result was found - properties: - nanos: - description: |- - Non-negative fractions of a second at nanosecond resolution. Negative - second values with fractions must still have non-negative nanos values - that count forward in time. Must be from 0 to 999,999,999 - inclusive. This field may be limited in precision depending on context. - format: int32 - type: integer - seconds: - description: |- - Represents seconds of UTC time since Unix epoch - 1970-01-01T00:00:00Z. Must be from 0001-01-01T00:00:00Z to - 9999-12-31T23:59:59Z inclusive. - format: int64 - type: integer - required: - - nanos - - seconds - type: object - required: - - policy - type: object - type: array - summary: - description: PolicyReportSummary provides a summary of results - properties: - error: - description: Error provides the count of policies that could not - be evaluated - type: integer - fail: - description: Fail provides the count of policies whose requirements - were not met - type: integer - pass: - description: Pass provides the count of policies whose requirements - were met - type: integer - skip: - description: Skip indicates the count of policies that were not - selected for evaluation - type: integer - warn: - description: Warn provides the count of non-scored policies whose - requirements were not met - type: integer - type: object - required: - - owner - type: object - required: - - spec - type: object - served: true - storage: true - subresources: {} - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: AGE @@ -668,6 +345,6 @@ spec: - spec type: object served: true - storage: false + storage: true subresources: {} {{- end }} diff --git a/charts/kyverno/charts/crds/templates/kyverno.io/kyverno.io_clusterbackgroundscanreports.yaml b/charts/kyverno/charts/crds/templates/kyverno.io/kyverno.io_clusterbackgroundscanreports.yaml index 8398a474cf..aead870373 100644 --- a/charts/kyverno/charts/crds/templates/kyverno.io/kyverno.io_clusterbackgroundscanreports.yaml +++ b/charts/kyverno/charts/crds/templates/kyverno.io/kyverno.io_clusterbackgroundscanreports.yaml @@ -24,287 +24,6 @@ spec: singular: clusterbackgroundscanreport scope: Cluster versions: - - additionalPrinterColumns: - - jsonPath: .metadata.ownerReferences[0].apiVersion - name: ApiVersion - type: string - - jsonPath: .metadata.ownerReferences[0].kind - name: Kind - type: string - - jsonPath: .metadata.ownerReferences[0].name - name: Subject - type: string - - jsonPath: .spec.summary.pass - name: Pass - type: integer - - jsonPath: .spec.summary.fail - name: Fail - type: integer - - jsonPath: .spec.summary.warn - name: Warn - type: integer - - jsonPath: .spec.summary.error - name: Error - type: integer - - jsonPath: .spec.summary.skip - name: Skip - type: integer - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - jsonPath: .metadata.labels['audit\.kyverno\.io/resource\.hash'] - name: Hash - priority: 1 - type: string - name: v1alpha2 - schema: - openAPIV3Schema: - description: ClusterBackgroundScanReport is the Schema for the ClusterBackgroundScanReports - API - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - properties: - results: - description: PolicyReportResult provides result details - items: - description: PolicyReportResult provides the result for an individual - policy - properties: - category: - description: Category indicates policy category - type: string - message: - description: Description is a short user friendly message for - the policy rule - type: string - policy: - description: Policy is the name or identifier of the policy - type: string - properties: - additionalProperties: - type: string - description: Properties provides additional information for - the policy rule - type: object - resourceSelector: - description: |- - SubjectSelector is an optional label selector for checked Kubernetes resources. - For example, a policy result may apply to all pods that match a label. - Either a Subject or a SubjectSelector can be specified. - If neither are provided, the result is assumed to be for the policy report scope. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - resources: - description: Subjects is an optional reference to the checked - Kubernetes resources - items: - description: |- - ObjectReference contains enough information to let you inspect or modify the referred object. - --- - New uses of this type are discouraged because of difficulty describing its usage when embedded in APIs. - 1. Ignored fields. It includes many fields which are not generally honored. For instance, ResourceVersion and FieldPath are both very rarely valid in actual usage. - 2. Invalid usage help. It is impossible to add specific help for individual usage. In most embedded usages, there are particular - restrictions like, "must refer only to types A and B" or "UID not honored" or "name must be restricted". - Those cannot be well described when embedded. - 3. Inconsistent validation. Because the usages are different, the validation rules are different by usage, which makes it hard for users to predict what will happen. - 4. The fields are both imprecise and overly precise. Kind is not a precise mapping to a URL. This can produce ambiguity - during interpretation and require a REST mapping. In most cases, the dependency is on the group,resource tuple - and the version of the actual struct is irrelevant. - 5. We cannot easily change it. Because this type is embedded in many locations, updates to this type - will affect numerous schemas. Don't make new APIs embed an underspecified API type they do not control. - - - Instead of using this type, create a locally provided and used type that is well-focused on your reference. - For example, ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 . - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - type: array - result: - description: Result indicates the outcome of the policy rule - execution - enum: - - pass - - fail - - warn - - error - - skip - type: string - rule: - description: Rule is the name or identifier of the rule within - the policy - type: string - scored: - description: Scored indicates if this result is scored - type: boolean - severity: - description: Severity indicates policy check result criticality - enum: - - critical - - high - - low - - medium - - info - type: string - source: - description: Source is an identifier for the policy engine that - manages this report - type: string - timestamp: - description: Timestamp indicates the time the result was found - properties: - nanos: - description: |- - Non-negative fractions of a second at nanosecond resolution. Negative - second values with fractions must still have non-negative nanos values - that count forward in time. Must be from 0 to 999,999,999 - inclusive. This field may be limited in precision depending on context. - format: int32 - type: integer - seconds: - description: |- - Represents seconds of UTC time since Unix epoch - 1970-01-01T00:00:00Z. Must be from 0001-01-01T00:00:00Z to - 9999-12-31T23:59:59Z inclusive. - format: int64 - type: integer - required: - - nanos - - seconds - type: object - required: - - policy - type: object - type: array - summary: - description: PolicyReportSummary provides a summary of results - properties: - error: - description: Error provides the count of policies that could not - be evaluated - type: integer - fail: - description: Fail provides the count of policies whose requirements - were not met - type: integer - pass: - description: Pass provides the count of policies whose requirements - were met - type: integer - skip: - description: Skip indicates the count of policies that were not - selected for evaluation - type: integer - warn: - description: Warn provides the count of non-scored policies whose - requirements were not met - type: integer - type: object - type: object - required: - - spec - type: object - served: true - storage: true - subresources: {} - additionalPrinterColumns: - jsonPath: .metadata.ownerReferences[0].apiVersion name: ApiVersion @@ -584,6 +303,6 @@ spec: - spec type: object served: true - storage: false + storage: true subresources: {} {{- end }} diff --git a/config/crds/kyverno/kyverno.io_admissionreports.yaml b/config/crds/kyverno/kyverno.io_admissionreports.yaml index 05b83e2a03..90446780f9 100644 --- a/config/crds/kyverno/kyverno.io_admissionreports.yaml +++ b/config/crds/kyverno/kyverno.io_admissionreports.yaml @@ -18,328 +18,6 @@ spec: singular: admissionreport scope: Namespaced versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: AGE - type: date - - jsonPath: .spec.summary.pass - name: PASS - type: integer - - jsonPath: .spec.summary.fail - name: FAIL - type: integer - - jsonPath: .spec.summary.warn - name: WARN - type: integer - - jsonPath: .spec.summary.error - name: ERROR - type: integer - - jsonPath: .spec.summary.skip - name: SKIP - type: integer - - jsonPath: .metadata.labels['audit\.kyverno\.io/resource\.gvr'] - name: GVR - type: string - - jsonPath: .metadata.labels['audit\.kyverno\.io/resource\.name'] - name: REF - type: string - - jsonPath: .metadata.labels['audit\.kyverno\.io/report\.aggregate'] - name: AGGREGATE - priority: 1 - type: string - name: v1alpha2 - schema: - openAPIV3Schema: - description: AdmissionReport is the Schema for the AdmissionReports API - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - properties: - owner: - description: Owner is a reference to the report owner (e.g. a Deployment, - Namespace, or Node) - properties: - apiVersion: - description: API version of the referent. - type: string - blockOwnerDeletion: - description: |- - If true, AND if the owner has the "foregroundDeletion" finalizer, then - the owner cannot be deleted from the key-value store until this - reference is removed. - See https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion - for how the garbage collector interacts with this field and enforces the foreground deletion. - Defaults to false. - To set this field, a user needs "delete" permission of the owner, - otherwise 422 (Unprocessable Entity) will be returned. - type: boolean - controller: - description: If true, this reference points to the managing controller. - type: boolean - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids - type: string - required: - - apiVersion - - kind - - name - - uid - type: object - x-kubernetes-map-type: atomic - results: - description: PolicyReportResult provides result details - items: - description: PolicyReportResult provides the result for an individual - policy - properties: - category: - description: Category indicates policy category - type: string - message: - description: Description is a short user friendly message for - the policy rule - type: string - policy: - description: Policy is the name or identifier of the policy - type: string - properties: - additionalProperties: - type: string - description: Properties provides additional information for - the policy rule - type: object - resourceSelector: - description: |- - SubjectSelector is an optional label selector for checked Kubernetes resources. - For example, a policy result may apply to all pods that match a label. - Either a Subject or a SubjectSelector can be specified. - If neither are provided, the result is assumed to be for the policy report scope. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - resources: - description: Subjects is an optional reference to the checked - Kubernetes resources - items: - description: |- - ObjectReference contains enough information to let you inspect or modify the referred object. - --- - New uses of this type are discouraged because of difficulty describing its usage when embedded in APIs. - 1. Ignored fields. It includes many fields which are not generally honored. For instance, ResourceVersion and FieldPath are both very rarely valid in actual usage. - 2. Invalid usage help. It is impossible to add specific help for individual usage. In most embedded usages, there are particular - restrictions like, "must refer only to types A and B" or "UID not honored" or "name must be restricted". - Those cannot be well described when embedded. - 3. Inconsistent validation. Because the usages are different, the validation rules are different by usage, which makes it hard for users to predict what will happen. - 4. The fields are both imprecise and overly precise. Kind is not a precise mapping to a URL. This can produce ambiguity - during interpretation and require a REST mapping. In most cases, the dependency is on the group,resource tuple - and the version of the actual struct is irrelevant. - 5. We cannot easily change it. Because this type is embedded in many locations, updates to this type - will affect numerous schemas. Don't make new APIs embed an underspecified API type they do not control. - - - Instead of using this type, create a locally provided and used type that is well-focused on your reference. - For example, ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 . - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - type: array - result: - description: Result indicates the outcome of the policy rule - execution - enum: - - pass - - fail - - warn - - error - - skip - type: string - rule: - description: Rule is the name or identifier of the rule within - the policy - type: string - scored: - description: Scored indicates if this result is scored - type: boolean - severity: - description: Severity indicates policy check result criticality - enum: - - critical - - high - - low - - medium - - info - type: string - source: - description: Source is an identifier for the policy engine that - manages this report - type: string - timestamp: - description: Timestamp indicates the time the result was found - properties: - nanos: - description: |- - Non-negative fractions of a second at nanosecond resolution. Negative - second values with fractions must still have non-negative nanos values - that count forward in time. Must be from 0 to 999,999,999 - inclusive. This field may be limited in precision depending on context. - format: int32 - type: integer - seconds: - description: |- - Represents seconds of UTC time since Unix epoch - 1970-01-01T00:00:00Z. Must be from 0001-01-01T00:00:00Z to - 9999-12-31T23:59:59Z inclusive. - format: int64 - type: integer - required: - - nanos - - seconds - type: object - required: - - policy - type: object - type: array - summary: - description: PolicyReportSummary provides a summary of results - properties: - error: - description: Error provides the count of policies that could not - be evaluated - type: integer - fail: - description: Fail provides the count of policies whose requirements - were not met - type: integer - pass: - description: Pass provides the count of policies whose requirements - were met - type: integer - skip: - description: Skip indicates the count of policies that were not - selected for evaluation - type: integer - warn: - description: Warn provides the count of non-scored policies whose - requirements were not met - type: integer - type: object - required: - - owner - type: object - required: - - spec - type: object - served: true - storage: true - subresources: {} - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: AGE @@ -660,5 +338,5 @@ spec: - spec type: object served: true - storage: false + storage: true subresources: {} diff --git a/config/crds/kyverno/kyverno.io_backgroundscanreports.yaml b/config/crds/kyverno/kyverno.io_backgroundscanreports.yaml index 059b294a99..d47ad3fe72 100644 --- a/config/crds/kyverno/kyverno.io_backgroundscanreports.yaml +++ b/config/crds/kyverno/kyverno.io_backgroundscanreports.yaml @@ -18,287 +18,6 @@ spec: singular: backgroundscanreport scope: Namespaced versions: - - additionalPrinterColumns: - - jsonPath: .metadata.ownerReferences[0].apiVersion - name: ApiVersion - type: string - - jsonPath: .metadata.ownerReferences[0].kind - name: Kind - type: string - - jsonPath: .metadata.ownerReferences[0].name - name: Subject - type: string - - jsonPath: .spec.summary.pass - name: Pass - type: integer - - jsonPath: .spec.summary.fail - name: Fail - type: integer - - jsonPath: .spec.summary.warn - name: Warn - type: integer - - jsonPath: .spec.summary.error - name: Error - type: integer - - jsonPath: .spec.summary.skip - name: Skip - type: integer - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - jsonPath: .metadata.labels['audit\.kyverno\.io/resource\.hash'] - name: Hash - priority: 1 - type: string - name: v1alpha2 - schema: - openAPIV3Schema: - description: BackgroundScanReport is the Schema for the BackgroundScanReports - API - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - properties: - results: - description: PolicyReportResult provides result details - items: - description: PolicyReportResult provides the result for an individual - policy - properties: - category: - description: Category indicates policy category - type: string - message: - description: Description is a short user friendly message for - the policy rule - type: string - policy: - description: Policy is the name or identifier of the policy - type: string - properties: - additionalProperties: - type: string - description: Properties provides additional information for - the policy rule - type: object - resourceSelector: - description: |- - SubjectSelector is an optional label selector for checked Kubernetes resources. - For example, a policy result may apply to all pods that match a label. - Either a Subject or a SubjectSelector can be specified. - If neither are provided, the result is assumed to be for the policy report scope. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - resources: - description: Subjects is an optional reference to the checked - Kubernetes resources - items: - description: |- - ObjectReference contains enough information to let you inspect or modify the referred object. - --- - New uses of this type are discouraged because of difficulty describing its usage when embedded in APIs. - 1. Ignored fields. It includes many fields which are not generally honored. For instance, ResourceVersion and FieldPath are both very rarely valid in actual usage. - 2. Invalid usage help. It is impossible to add specific help for individual usage. In most embedded usages, there are particular - restrictions like, "must refer only to types A and B" or "UID not honored" or "name must be restricted". - Those cannot be well described when embedded. - 3. Inconsistent validation. Because the usages are different, the validation rules are different by usage, which makes it hard for users to predict what will happen. - 4. The fields are both imprecise and overly precise. Kind is not a precise mapping to a URL. This can produce ambiguity - during interpretation and require a REST mapping. In most cases, the dependency is on the group,resource tuple - and the version of the actual struct is irrelevant. - 5. We cannot easily change it. Because this type is embedded in many locations, updates to this type - will affect numerous schemas. Don't make new APIs embed an underspecified API type they do not control. - - - Instead of using this type, create a locally provided and used type that is well-focused on your reference. - For example, ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 . - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - type: array - result: - description: Result indicates the outcome of the policy rule - execution - enum: - - pass - - fail - - warn - - error - - skip - type: string - rule: - description: Rule is the name or identifier of the rule within - the policy - type: string - scored: - description: Scored indicates if this result is scored - type: boolean - severity: - description: Severity indicates policy check result criticality - enum: - - critical - - high - - low - - medium - - info - type: string - source: - description: Source is an identifier for the policy engine that - manages this report - type: string - timestamp: - description: Timestamp indicates the time the result was found - properties: - nanos: - description: |- - Non-negative fractions of a second at nanosecond resolution. Negative - second values with fractions must still have non-negative nanos values - that count forward in time. Must be from 0 to 999,999,999 - inclusive. This field may be limited in precision depending on context. - format: int32 - type: integer - seconds: - description: |- - Represents seconds of UTC time since Unix epoch - 1970-01-01T00:00:00Z. Must be from 0001-01-01T00:00:00Z to - 9999-12-31T23:59:59Z inclusive. - format: int64 - type: integer - required: - - nanos - - seconds - type: object - required: - - policy - type: object - type: array - summary: - description: PolicyReportSummary provides a summary of results - properties: - error: - description: Error provides the count of policies that could not - be evaluated - type: integer - fail: - description: Fail provides the count of policies whose requirements - were not met - type: integer - pass: - description: Pass provides the count of policies whose requirements - were met - type: integer - skip: - description: Skip indicates the count of policies that were not - selected for evaluation - type: integer - warn: - description: Warn provides the count of non-scored policies whose - requirements were not met - type: integer - type: object - type: object - required: - - spec - type: object - served: true - storage: true - subresources: {} - additionalPrinterColumns: - jsonPath: .metadata.ownerReferences[0].apiVersion name: ApiVersion @@ -578,5 +297,5 @@ spec: - spec type: object served: true - storage: false + storage: true subresources: {} diff --git a/config/crds/kyverno/kyverno.io_clusteradmissionreports.yaml b/config/crds/kyverno/kyverno.io_clusteradmissionreports.yaml index 6b102f54dc..227dc4545e 100644 --- a/config/crds/kyverno/kyverno.io_clusteradmissionreports.yaml +++ b/config/crds/kyverno/kyverno.io_clusteradmissionreports.yaml @@ -18,329 +18,6 @@ spec: singular: clusteradmissionreport scope: Cluster versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: AGE - type: date - - jsonPath: .spec.summary.pass - name: PASS - type: integer - - jsonPath: .spec.summary.fail - name: FAIL - type: integer - - jsonPath: .spec.summary.warn - name: WARN - type: integer - - jsonPath: .spec.summary.error - name: ERROR - type: integer - - jsonPath: .spec.summary.skip - name: SKIP - type: integer - - jsonPath: .metadata.labels['audit\.kyverno\.io/resource\.gvr'] - name: GVR - type: string - - jsonPath: .metadata.labels['audit\.kyverno\.io/resource\.name'] - name: REF - type: string - - jsonPath: .metadata.labels['audit\.kyverno\.io/report\.aggregate'] - name: AGGREGATE - priority: 1 - type: string - name: v1alpha2 - schema: - openAPIV3Schema: - description: ClusterAdmissionReport is the Schema for the ClusterAdmissionReports - API - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - properties: - owner: - description: Owner is a reference to the report owner (e.g. a Deployment, - Namespace, or Node) - properties: - apiVersion: - description: API version of the referent. - type: string - blockOwnerDeletion: - description: |- - If true, AND if the owner has the "foregroundDeletion" finalizer, then - the owner cannot be deleted from the key-value store until this - reference is removed. - See https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion - for how the garbage collector interacts with this field and enforces the foreground deletion. - Defaults to false. - To set this field, a user needs "delete" permission of the owner, - otherwise 422 (Unprocessable Entity) will be returned. - type: boolean - controller: - description: If true, this reference points to the managing controller. - type: boolean - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids - type: string - required: - - apiVersion - - kind - - name - - uid - type: object - x-kubernetes-map-type: atomic - results: - description: PolicyReportResult provides result details - items: - description: PolicyReportResult provides the result for an individual - policy - properties: - category: - description: Category indicates policy category - type: string - message: - description: Description is a short user friendly message for - the policy rule - type: string - policy: - description: Policy is the name or identifier of the policy - type: string - properties: - additionalProperties: - type: string - description: Properties provides additional information for - the policy rule - type: object - resourceSelector: - description: |- - SubjectSelector is an optional label selector for checked Kubernetes resources. - For example, a policy result may apply to all pods that match a label. - Either a Subject or a SubjectSelector can be specified. - If neither are provided, the result is assumed to be for the policy report scope. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - resources: - description: Subjects is an optional reference to the checked - Kubernetes resources - items: - description: |- - ObjectReference contains enough information to let you inspect or modify the referred object. - --- - New uses of this type are discouraged because of difficulty describing its usage when embedded in APIs. - 1. Ignored fields. It includes many fields which are not generally honored. For instance, ResourceVersion and FieldPath are both very rarely valid in actual usage. - 2. Invalid usage help. It is impossible to add specific help for individual usage. In most embedded usages, there are particular - restrictions like, "must refer only to types A and B" or "UID not honored" or "name must be restricted". - Those cannot be well described when embedded. - 3. Inconsistent validation. Because the usages are different, the validation rules are different by usage, which makes it hard for users to predict what will happen. - 4. The fields are both imprecise and overly precise. Kind is not a precise mapping to a URL. This can produce ambiguity - during interpretation and require a REST mapping. In most cases, the dependency is on the group,resource tuple - and the version of the actual struct is irrelevant. - 5. We cannot easily change it. Because this type is embedded in many locations, updates to this type - will affect numerous schemas. Don't make new APIs embed an underspecified API type they do not control. - - - Instead of using this type, create a locally provided and used type that is well-focused on your reference. - For example, ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 . - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - type: array - result: - description: Result indicates the outcome of the policy rule - execution - enum: - - pass - - fail - - warn - - error - - skip - type: string - rule: - description: Rule is the name or identifier of the rule within - the policy - type: string - scored: - description: Scored indicates if this result is scored - type: boolean - severity: - description: Severity indicates policy check result criticality - enum: - - critical - - high - - low - - medium - - info - type: string - source: - description: Source is an identifier for the policy engine that - manages this report - type: string - timestamp: - description: Timestamp indicates the time the result was found - properties: - nanos: - description: |- - Non-negative fractions of a second at nanosecond resolution. Negative - second values with fractions must still have non-negative nanos values - that count forward in time. Must be from 0 to 999,999,999 - inclusive. This field may be limited in precision depending on context. - format: int32 - type: integer - seconds: - description: |- - Represents seconds of UTC time since Unix epoch - 1970-01-01T00:00:00Z. Must be from 0001-01-01T00:00:00Z to - 9999-12-31T23:59:59Z inclusive. - format: int64 - type: integer - required: - - nanos - - seconds - type: object - required: - - policy - type: object - type: array - summary: - description: PolicyReportSummary provides a summary of results - properties: - error: - description: Error provides the count of policies that could not - be evaluated - type: integer - fail: - description: Fail provides the count of policies whose requirements - were not met - type: integer - pass: - description: Pass provides the count of policies whose requirements - were met - type: integer - skip: - description: Skip indicates the count of policies that were not - selected for evaluation - type: integer - warn: - description: Warn provides the count of non-scored policies whose - requirements were not met - type: integer - type: object - required: - - owner - type: object - required: - - spec - type: object - served: true - storage: true - subresources: {} - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: AGE @@ -662,5 +339,5 @@ spec: - spec type: object served: true - storage: false + storage: true subresources: {} diff --git a/config/crds/kyverno/kyverno.io_clusterbackgroundscanreports.yaml b/config/crds/kyverno/kyverno.io_clusterbackgroundscanreports.yaml index cc00b53923..ec8814352b 100644 --- a/config/crds/kyverno/kyverno.io_clusterbackgroundscanreports.yaml +++ b/config/crds/kyverno/kyverno.io_clusterbackgroundscanreports.yaml @@ -18,287 +18,6 @@ spec: singular: clusterbackgroundscanreport scope: Cluster versions: - - additionalPrinterColumns: - - jsonPath: .metadata.ownerReferences[0].apiVersion - name: ApiVersion - type: string - - jsonPath: .metadata.ownerReferences[0].kind - name: Kind - type: string - - jsonPath: .metadata.ownerReferences[0].name - name: Subject - type: string - - jsonPath: .spec.summary.pass - name: Pass - type: integer - - jsonPath: .spec.summary.fail - name: Fail - type: integer - - jsonPath: .spec.summary.warn - name: Warn - type: integer - - jsonPath: .spec.summary.error - name: Error - type: integer - - jsonPath: .spec.summary.skip - name: Skip - type: integer - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - jsonPath: .metadata.labels['audit\.kyverno\.io/resource\.hash'] - name: Hash - priority: 1 - type: string - name: v1alpha2 - schema: - openAPIV3Schema: - description: ClusterBackgroundScanReport is the Schema for the ClusterBackgroundScanReports - API - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - properties: - results: - description: PolicyReportResult provides result details - items: - description: PolicyReportResult provides the result for an individual - policy - properties: - category: - description: Category indicates policy category - type: string - message: - description: Description is a short user friendly message for - the policy rule - type: string - policy: - description: Policy is the name or identifier of the policy - type: string - properties: - additionalProperties: - type: string - description: Properties provides additional information for - the policy rule - type: object - resourceSelector: - description: |- - SubjectSelector is an optional label selector for checked Kubernetes resources. - For example, a policy result may apply to all pods that match a label. - Either a Subject or a SubjectSelector can be specified. - If neither are provided, the result is assumed to be for the policy report scope. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - resources: - description: Subjects is an optional reference to the checked - Kubernetes resources - items: - description: |- - ObjectReference contains enough information to let you inspect or modify the referred object. - --- - New uses of this type are discouraged because of difficulty describing its usage when embedded in APIs. - 1. Ignored fields. It includes many fields which are not generally honored. For instance, ResourceVersion and FieldPath are both very rarely valid in actual usage. - 2. Invalid usage help. It is impossible to add specific help for individual usage. In most embedded usages, there are particular - restrictions like, "must refer only to types A and B" or "UID not honored" or "name must be restricted". - Those cannot be well described when embedded. - 3. Inconsistent validation. Because the usages are different, the validation rules are different by usage, which makes it hard for users to predict what will happen. - 4. The fields are both imprecise and overly precise. Kind is not a precise mapping to a URL. This can produce ambiguity - during interpretation and require a REST mapping. In most cases, the dependency is on the group,resource tuple - and the version of the actual struct is irrelevant. - 5. We cannot easily change it. Because this type is embedded in many locations, updates to this type - will affect numerous schemas. Don't make new APIs embed an underspecified API type they do not control. - - - Instead of using this type, create a locally provided and used type that is well-focused on your reference. - For example, ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 . - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - type: array - result: - description: Result indicates the outcome of the policy rule - execution - enum: - - pass - - fail - - warn - - error - - skip - type: string - rule: - description: Rule is the name or identifier of the rule within - the policy - type: string - scored: - description: Scored indicates if this result is scored - type: boolean - severity: - description: Severity indicates policy check result criticality - enum: - - critical - - high - - low - - medium - - info - type: string - source: - description: Source is an identifier for the policy engine that - manages this report - type: string - timestamp: - description: Timestamp indicates the time the result was found - properties: - nanos: - description: |- - Non-negative fractions of a second at nanosecond resolution. Negative - second values with fractions must still have non-negative nanos values - that count forward in time. Must be from 0 to 999,999,999 - inclusive. This field may be limited in precision depending on context. - format: int32 - type: integer - seconds: - description: |- - Represents seconds of UTC time since Unix epoch - 1970-01-01T00:00:00Z. Must be from 0001-01-01T00:00:00Z to - 9999-12-31T23:59:59Z inclusive. - format: int64 - type: integer - required: - - nanos - - seconds - type: object - required: - - policy - type: object - type: array - summary: - description: PolicyReportSummary provides a summary of results - properties: - error: - description: Error provides the count of policies that could not - be evaluated - type: integer - fail: - description: Fail provides the count of policies whose requirements - were not met - type: integer - pass: - description: Pass provides the count of policies whose requirements - were met - type: integer - skip: - description: Skip indicates the count of policies that were not - selected for evaluation - type: integer - warn: - description: Warn provides the count of non-scored policies whose - requirements were not met - type: integer - type: object - type: object - required: - - spec - type: object - served: true - storage: true - subresources: {} - additionalPrinterColumns: - jsonPath: .metadata.ownerReferences[0].apiVersion name: ApiVersion @@ -578,5 +297,5 @@ spec: - spec type: object served: true - storage: false + storage: true subresources: {} diff --git a/config/install-latest-testing.yaml b/config/install-latest-testing.yaml index 246c5dfe95..61013f5840 100644 --- a/config/install-latest-testing.yaml +++ b/config/install-latest-testing.yaml @@ -233,328 +233,6 @@ spec: singular: admissionreport scope: Namespaced versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: AGE - type: date - - jsonPath: .spec.summary.pass - name: PASS - type: integer - - jsonPath: .spec.summary.fail - name: FAIL - type: integer - - jsonPath: .spec.summary.warn - name: WARN - type: integer - - jsonPath: .spec.summary.error - name: ERROR - type: integer - - jsonPath: .spec.summary.skip - name: SKIP - type: integer - - jsonPath: .metadata.labels['audit\.kyverno\.io/resource\.gvr'] - name: GVR - type: string - - jsonPath: .metadata.labels['audit\.kyverno\.io/resource\.name'] - name: REF - type: string - - jsonPath: .metadata.labels['audit\.kyverno\.io/report\.aggregate'] - name: AGGREGATE - priority: 1 - type: string - name: v1alpha2 - schema: - openAPIV3Schema: - description: AdmissionReport is the Schema for the AdmissionReports API - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - properties: - owner: - description: Owner is a reference to the report owner (e.g. a Deployment, - Namespace, or Node) - properties: - apiVersion: - description: API version of the referent. - type: string - blockOwnerDeletion: - description: |- - If true, AND if the owner has the "foregroundDeletion" finalizer, then - the owner cannot be deleted from the key-value store until this - reference is removed. - See https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion - for how the garbage collector interacts with this field and enforces the foreground deletion. - Defaults to false. - To set this field, a user needs "delete" permission of the owner, - otherwise 422 (Unprocessable Entity) will be returned. - type: boolean - controller: - description: If true, this reference points to the managing controller. - type: boolean - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids - type: string - required: - - apiVersion - - kind - - name - - uid - type: object - x-kubernetes-map-type: atomic - results: - description: PolicyReportResult provides result details - items: - description: PolicyReportResult provides the result for an individual - policy - properties: - category: - description: Category indicates policy category - type: string - message: - description: Description is a short user friendly message for - the policy rule - type: string - policy: - description: Policy is the name or identifier of the policy - type: string - properties: - additionalProperties: - type: string - description: Properties provides additional information for - the policy rule - type: object - resourceSelector: - description: |- - SubjectSelector is an optional label selector for checked Kubernetes resources. - For example, a policy result may apply to all pods that match a label. - Either a Subject or a SubjectSelector can be specified. - If neither are provided, the result is assumed to be for the policy report scope. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - resources: - description: Subjects is an optional reference to the checked - Kubernetes resources - items: - description: |- - ObjectReference contains enough information to let you inspect or modify the referred object. - --- - New uses of this type are discouraged because of difficulty describing its usage when embedded in APIs. - 1. Ignored fields. It includes many fields which are not generally honored. For instance, ResourceVersion and FieldPath are both very rarely valid in actual usage. - 2. Invalid usage help. It is impossible to add specific help for individual usage. In most embedded usages, there are particular - restrictions like, "must refer only to types A and B" or "UID not honored" or "name must be restricted". - Those cannot be well described when embedded. - 3. Inconsistent validation. Because the usages are different, the validation rules are different by usage, which makes it hard for users to predict what will happen. - 4. The fields are both imprecise and overly precise. Kind is not a precise mapping to a URL. This can produce ambiguity - during interpretation and require a REST mapping. In most cases, the dependency is on the group,resource tuple - and the version of the actual struct is irrelevant. - 5. We cannot easily change it. Because this type is embedded in many locations, updates to this type - will affect numerous schemas. Don't make new APIs embed an underspecified API type they do not control. - - - Instead of using this type, create a locally provided and used type that is well-focused on your reference. - For example, ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 . - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - type: array - result: - description: Result indicates the outcome of the policy rule - execution - enum: - - pass - - fail - - warn - - error - - skip - type: string - rule: - description: Rule is the name or identifier of the rule within - the policy - type: string - scored: - description: Scored indicates if this result is scored - type: boolean - severity: - description: Severity indicates policy check result criticality - enum: - - critical - - high - - low - - medium - - info - type: string - source: - description: Source is an identifier for the policy engine that - manages this report - type: string - timestamp: - description: Timestamp indicates the time the result was found - properties: - nanos: - description: |- - Non-negative fractions of a second at nanosecond resolution. Negative - second values with fractions must still have non-negative nanos values - that count forward in time. Must be from 0 to 999,999,999 - inclusive. This field may be limited in precision depending on context. - format: int32 - type: integer - seconds: - description: |- - Represents seconds of UTC time since Unix epoch - 1970-01-01T00:00:00Z. Must be from 0001-01-01T00:00:00Z to - 9999-12-31T23:59:59Z inclusive. - format: int64 - type: integer - required: - - nanos - - seconds - type: object - required: - - policy - type: object - type: array - summary: - description: PolicyReportSummary provides a summary of results - properties: - error: - description: Error provides the count of policies that could not - be evaluated - type: integer - fail: - description: Fail provides the count of policies whose requirements - were not met - type: integer - pass: - description: Pass provides the count of policies whose requirements - were met - type: integer - skip: - description: Skip indicates the count of policies that were not - selected for evaluation - type: integer - warn: - description: Warn provides the count of non-scored policies whose - requirements were not met - type: integer - type: object - required: - - owner - type: object - required: - - spec - type: object - served: true - storage: true - subresources: {} - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: AGE @@ -875,7 +553,7 @@ spec: - spec type: object served: true - storage: false + storage: true subresources: {} --- apiVersion: apiextensions.k8s.io/v1 @@ -904,287 +582,6 @@ spec: singular: backgroundscanreport scope: Namespaced versions: - - additionalPrinterColumns: - - jsonPath: .metadata.ownerReferences[0].apiVersion - name: ApiVersion - type: string - - jsonPath: .metadata.ownerReferences[0].kind - name: Kind - type: string - - jsonPath: .metadata.ownerReferences[0].name - name: Subject - type: string - - jsonPath: .spec.summary.pass - name: Pass - type: integer - - jsonPath: .spec.summary.fail - name: Fail - type: integer - - jsonPath: .spec.summary.warn - name: Warn - type: integer - - jsonPath: .spec.summary.error - name: Error - type: integer - - jsonPath: .spec.summary.skip - name: Skip - type: integer - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - jsonPath: .metadata.labels['audit\.kyverno\.io/resource\.hash'] - name: Hash - priority: 1 - type: string - name: v1alpha2 - schema: - openAPIV3Schema: - description: BackgroundScanReport is the Schema for the BackgroundScanReports - API - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - properties: - results: - description: PolicyReportResult provides result details - items: - description: PolicyReportResult provides the result for an individual - policy - properties: - category: - description: Category indicates policy category - type: string - message: - description: Description is a short user friendly message for - the policy rule - type: string - policy: - description: Policy is the name or identifier of the policy - type: string - properties: - additionalProperties: - type: string - description: Properties provides additional information for - the policy rule - type: object - resourceSelector: - description: |- - SubjectSelector is an optional label selector for checked Kubernetes resources. - For example, a policy result may apply to all pods that match a label. - Either a Subject or a SubjectSelector can be specified. - If neither are provided, the result is assumed to be for the policy report scope. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - resources: - description: Subjects is an optional reference to the checked - Kubernetes resources - items: - description: |- - ObjectReference contains enough information to let you inspect or modify the referred object. - --- - New uses of this type are discouraged because of difficulty describing its usage when embedded in APIs. - 1. Ignored fields. It includes many fields which are not generally honored. For instance, ResourceVersion and FieldPath are both very rarely valid in actual usage. - 2. Invalid usage help. It is impossible to add specific help for individual usage. In most embedded usages, there are particular - restrictions like, "must refer only to types A and B" or "UID not honored" or "name must be restricted". - Those cannot be well described when embedded. - 3. Inconsistent validation. Because the usages are different, the validation rules are different by usage, which makes it hard for users to predict what will happen. - 4. The fields are both imprecise and overly precise. Kind is not a precise mapping to a URL. This can produce ambiguity - during interpretation and require a REST mapping. In most cases, the dependency is on the group,resource tuple - and the version of the actual struct is irrelevant. - 5. We cannot easily change it. Because this type is embedded in many locations, updates to this type - will affect numerous schemas. Don't make new APIs embed an underspecified API type they do not control. - - - Instead of using this type, create a locally provided and used type that is well-focused on your reference. - For example, ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 . - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - type: array - result: - description: Result indicates the outcome of the policy rule - execution - enum: - - pass - - fail - - warn - - error - - skip - type: string - rule: - description: Rule is the name or identifier of the rule within - the policy - type: string - scored: - description: Scored indicates if this result is scored - type: boolean - severity: - description: Severity indicates policy check result criticality - enum: - - critical - - high - - low - - medium - - info - type: string - source: - description: Source is an identifier for the policy engine that - manages this report - type: string - timestamp: - description: Timestamp indicates the time the result was found - properties: - nanos: - description: |- - Non-negative fractions of a second at nanosecond resolution. Negative - second values with fractions must still have non-negative nanos values - that count forward in time. Must be from 0 to 999,999,999 - inclusive. This field may be limited in precision depending on context. - format: int32 - type: integer - seconds: - description: |- - Represents seconds of UTC time since Unix epoch - 1970-01-01T00:00:00Z. Must be from 0001-01-01T00:00:00Z to - 9999-12-31T23:59:59Z inclusive. - format: int64 - type: integer - required: - - nanos - - seconds - type: object - required: - - policy - type: object - type: array - summary: - description: PolicyReportSummary provides a summary of results - properties: - error: - description: Error provides the count of policies that could not - be evaluated - type: integer - fail: - description: Fail provides the count of policies whose requirements - were not met - type: integer - pass: - description: Pass provides the count of policies whose requirements - were met - type: integer - skip: - description: Skip indicates the count of policies that were not - selected for evaluation - type: integer - warn: - description: Warn provides the count of non-scored policies whose - requirements were not met - type: integer - type: object - type: object - required: - - spec - type: object - served: true - storage: true - subresources: {} - additionalPrinterColumns: - jsonPath: .metadata.ownerReferences[0].apiVersion name: ApiVersion @@ -1464,7 +861,7 @@ spec: - spec type: object served: true - storage: false + storage: true subresources: {} --- apiVersion: apiextensions.k8s.io/v1 @@ -3993,329 +3390,6 @@ spec: singular: clusteradmissionreport scope: Cluster versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: AGE - type: date - - jsonPath: .spec.summary.pass - name: PASS - type: integer - - jsonPath: .spec.summary.fail - name: FAIL - type: integer - - jsonPath: .spec.summary.warn - name: WARN - type: integer - - jsonPath: .spec.summary.error - name: ERROR - type: integer - - jsonPath: .spec.summary.skip - name: SKIP - type: integer - - jsonPath: .metadata.labels['audit\.kyverno\.io/resource\.gvr'] - name: GVR - type: string - - jsonPath: .metadata.labels['audit\.kyverno\.io/resource\.name'] - name: REF - type: string - - jsonPath: .metadata.labels['audit\.kyverno\.io/report\.aggregate'] - name: AGGREGATE - priority: 1 - type: string - name: v1alpha2 - schema: - openAPIV3Schema: - description: ClusterAdmissionReport is the Schema for the ClusterAdmissionReports - API - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - properties: - owner: - description: Owner is a reference to the report owner (e.g. a Deployment, - Namespace, or Node) - properties: - apiVersion: - description: API version of the referent. - type: string - blockOwnerDeletion: - description: |- - If true, AND if the owner has the "foregroundDeletion" finalizer, then - the owner cannot be deleted from the key-value store until this - reference is removed. - See https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion - for how the garbage collector interacts with this field and enforces the foreground deletion. - Defaults to false. - To set this field, a user needs "delete" permission of the owner, - otherwise 422 (Unprocessable Entity) will be returned. - type: boolean - controller: - description: If true, this reference points to the managing controller. - type: boolean - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids - type: string - required: - - apiVersion - - kind - - name - - uid - type: object - x-kubernetes-map-type: atomic - results: - description: PolicyReportResult provides result details - items: - description: PolicyReportResult provides the result for an individual - policy - properties: - category: - description: Category indicates policy category - type: string - message: - description: Description is a short user friendly message for - the policy rule - type: string - policy: - description: Policy is the name or identifier of the policy - type: string - properties: - additionalProperties: - type: string - description: Properties provides additional information for - the policy rule - type: object - resourceSelector: - description: |- - SubjectSelector is an optional label selector for checked Kubernetes resources. - For example, a policy result may apply to all pods that match a label. - Either a Subject or a SubjectSelector can be specified. - If neither are provided, the result is assumed to be for the policy report scope. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - resources: - description: Subjects is an optional reference to the checked - Kubernetes resources - items: - description: |- - ObjectReference contains enough information to let you inspect or modify the referred object. - --- - New uses of this type are discouraged because of difficulty describing its usage when embedded in APIs. - 1. Ignored fields. It includes many fields which are not generally honored. For instance, ResourceVersion and FieldPath are both very rarely valid in actual usage. - 2. Invalid usage help. It is impossible to add specific help for individual usage. In most embedded usages, there are particular - restrictions like, "must refer only to types A and B" or "UID not honored" or "name must be restricted". - Those cannot be well described when embedded. - 3. Inconsistent validation. Because the usages are different, the validation rules are different by usage, which makes it hard for users to predict what will happen. - 4. The fields are both imprecise and overly precise. Kind is not a precise mapping to a URL. This can produce ambiguity - during interpretation and require a REST mapping. In most cases, the dependency is on the group,resource tuple - and the version of the actual struct is irrelevant. - 5. We cannot easily change it. Because this type is embedded in many locations, updates to this type - will affect numerous schemas. Don't make new APIs embed an underspecified API type they do not control. - - - Instead of using this type, create a locally provided and used type that is well-focused on your reference. - For example, ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 . - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - type: array - result: - description: Result indicates the outcome of the policy rule - execution - enum: - - pass - - fail - - warn - - error - - skip - type: string - rule: - description: Rule is the name or identifier of the rule within - the policy - type: string - scored: - description: Scored indicates if this result is scored - type: boolean - severity: - description: Severity indicates policy check result criticality - enum: - - critical - - high - - low - - medium - - info - type: string - source: - description: Source is an identifier for the policy engine that - manages this report - type: string - timestamp: - description: Timestamp indicates the time the result was found - properties: - nanos: - description: |- - Non-negative fractions of a second at nanosecond resolution. Negative - second values with fractions must still have non-negative nanos values - that count forward in time. Must be from 0 to 999,999,999 - inclusive. This field may be limited in precision depending on context. - format: int32 - type: integer - seconds: - description: |- - Represents seconds of UTC time since Unix epoch - 1970-01-01T00:00:00Z. Must be from 0001-01-01T00:00:00Z to - 9999-12-31T23:59:59Z inclusive. - format: int64 - type: integer - required: - - nanos - - seconds - type: object - required: - - policy - type: object - type: array - summary: - description: PolicyReportSummary provides a summary of results - properties: - error: - description: Error provides the count of policies that could not - be evaluated - type: integer - fail: - description: Fail provides the count of policies whose requirements - were not met - type: integer - pass: - description: Pass provides the count of policies whose requirements - were met - type: integer - skip: - description: Skip indicates the count of policies that were not - selected for evaluation - type: integer - warn: - description: Warn provides the count of non-scored policies whose - requirements were not met - type: integer - type: object - required: - - owner - type: object - required: - - spec - type: object - served: true - storage: true - subresources: {} - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: AGE @@ -4637,7 +3711,7 @@ spec: - spec type: object served: true - storage: false + storage: true subresources: {} --- apiVersion: apiextensions.k8s.io/v1 @@ -4666,287 +3740,6 @@ spec: singular: clusterbackgroundscanreport scope: Cluster versions: - - additionalPrinterColumns: - - jsonPath: .metadata.ownerReferences[0].apiVersion - name: ApiVersion - type: string - - jsonPath: .metadata.ownerReferences[0].kind - name: Kind - type: string - - jsonPath: .metadata.ownerReferences[0].name - name: Subject - type: string - - jsonPath: .spec.summary.pass - name: Pass - type: integer - - jsonPath: .spec.summary.fail - name: Fail - type: integer - - jsonPath: .spec.summary.warn - name: Warn - type: integer - - jsonPath: .spec.summary.error - name: Error - type: integer - - jsonPath: .spec.summary.skip - name: Skip - type: integer - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - jsonPath: .metadata.labels['audit\.kyverno\.io/resource\.hash'] - name: Hash - priority: 1 - type: string - name: v1alpha2 - schema: - openAPIV3Schema: - description: ClusterBackgroundScanReport is the Schema for the ClusterBackgroundScanReports - API - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - properties: - results: - description: PolicyReportResult provides result details - items: - description: PolicyReportResult provides the result for an individual - policy - properties: - category: - description: Category indicates policy category - type: string - message: - description: Description is a short user friendly message for - the policy rule - type: string - policy: - description: Policy is the name or identifier of the policy - type: string - properties: - additionalProperties: - type: string - description: Properties provides additional information for - the policy rule - type: object - resourceSelector: - description: |- - SubjectSelector is an optional label selector for checked Kubernetes resources. - For example, a policy result may apply to all pods that match a label. - Either a Subject or a SubjectSelector can be specified. - If neither are provided, the result is assumed to be for the policy report scope. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - resources: - description: Subjects is an optional reference to the checked - Kubernetes resources - items: - description: |- - ObjectReference contains enough information to let you inspect or modify the referred object. - --- - New uses of this type are discouraged because of difficulty describing its usage when embedded in APIs. - 1. Ignored fields. It includes many fields which are not generally honored. For instance, ResourceVersion and FieldPath are both very rarely valid in actual usage. - 2. Invalid usage help. It is impossible to add specific help for individual usage. In most embedded usages, there are particular - restrictions like, "must refer only to types A and B" or "UID not honored" or "name must be restricted". - Those cannot be well described when embedded. - 3. Inconsistent validation. Because the usages are different, the validation rules are different by usage, which makes it hard for users to predict what will happen. - 4. The fields are both imprecise and overly precise. Kind is not a precise mapping to a URL. This can produce ambiguity - during interpretation and require a REST mapping. In most cases, the dependency is on the group,resource tuple - and the version of the actual struct is irrelevant. - 5. We cannot easily change it. Because this type is embedded in many locations, updates to this type - will affect numerous schemas. Don't make new APIs embed an underspecified API type they do not control. - - - Instead of using this type, create a locally provided and used type that is well-focused on your reference. - For example, ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 . - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - type: array - result: - description: Result indicates the outcome of the policy rule - execution - enum: - - pass - - fail - - warn - - error - - skip - type: string - rule: - description: Rule is the name or identifier of the rule within - the policy - type: string - scored: - description: Scored indicates if this result is scored - type: boolean - severity: - description: Severity indicates policy check result criticality - enum: - - critical - - high - - low - - medium - - info - type: string - source: - description: Source is an identifier for the policy engine that - manages this report - type: string - timestamp: - description: Timestamp indicates the time the result was found - properties: - nanos: - description: |- - Non-negative fractions of a second at nanosecond resolution. Negative - second values with fractions must still have non-negative nanos values - that count forward in time. Must be from 0 to 999,999,999 - inclusive. This field may be limited in precision depending on context. - format: int32 - type: integer - seconds: - description: |- - Represents seconds of UTC time since Unix epoch - 1970-01-01T00:00:00Z. Must be from 0001-01-01T00:00:00Z to - 9999-12-31T23:59:59Z inclusive. - format: int64 - type: integer - required: - - nanos - - seconds - type: object - required: - - policy - type: object - type: array - summary: - description: PolicyReportSummary provides a summary of results - properties: - error: - description: Error provides the count of policies that could not - be evaluated - type: integer - fail: - description: Fail provides the count of policies whose requirements - were not met - type: integer - pass: - description: Pass provides the count of policies whose requirements - were met - type: integer - skip: - description: Skip indicates the count of policies that were not - selected for evaluation - type: integer - warn: - description: Warn provides the count of non-scored policies whose - requirements were not met - type: integer - type: object - type: object - required: - - spec - type: object - served: true - storage: true - subresources: {} - additionalPrinterColumns: - jsonPath: .metadata.ownerReferences[0].apiVersion name: ApiVersion @@ -5226,7 +4019,7 @@ spec: - spec type: object served: true - storage: false + storage: true subresources: {} --- apiVersion: apiextensions.k8s.io/v1 diff --git a/docs/user/crd/index.html b/docs/user/crd/index.html index 384284679d..504ca6b973 100644 --- a/docs/user/crd/index.html +++ b/docs/user/crd/index.html @@ -21,9 +21,6 @@ background-color: #1589dd; kyverno.io/v1
  • -kyverno.io/v1alpha2 -
    • -
  • kyverno.io/v1beta1
  • @@ -4665,416 +4662,6 @@ expression evaluates to nil

    -

    kyverno.io/v1alpha2

    -

    -

    Package v1alpha2 contains API Schema definitions for the policy v1alpha2 API group

    -

    -Resource Types: - -
    -

    AdmissionReport -

    -

    -

    AdmissionReport is the Schema for the AdmissionReports API

    -

    - - - - - - - - - - - - - - - - - - - - - - - - - -
    FieldDescription
    -apiVersion
    -string    		 - -kyverno.io/v1alpha2 - -
    -kind
    -string -    		AdmissionReport
    -metadata
    - - -Kubernetes meta/v1.ObjectMeta - - -    		 -Refer to the Kubernetes API documentation for the fields of the -metadata field. -
    -spec
    - - -AdmissionReportSpec - - -    		 -
    -
    - - - - - - - - - - - - - -
    -owner
    - - -Kubernetes meta/v1.OwnerReference - - -    		 -

    Owner is a reference to the report owner (e.g. a Deployment, Namespace, or Node)

    -
    -summary
    - - -PolicyReportSummary - - -    		 -(Optional) -

    PolicyReportSummary provides a summary of results

    -
    -results
    - - -[]PolicyReportResult - - -    		 -(Optional) -

    PolicyReportResult provides result details

    -
    -
    -
    -

    BackgroundScanReport -

    -

    -

    BackgroundScanReport is the Schema for the BackgroundScanReports API

    -

    - - - - - - - - - - - - - - - - - - - - - - - - - -
    FieldDescription
    -apiVersion
    -string    		 - -kyverno.io/v1alpha2 - -
    -kind
    -string -    		BackgroundScanReport
    -metadata
    - - -Kubernetes meta/v1.ObjectMeta - - -    		 -Refer to the Kubernetes API documentation for the fields of the -metadata field. -
    -spec
    - - -BackgroundScanReportSpec - - -    		 -
    -
    - - - - - - - - - -
    -summary
    - - -PolicyReportSummary - - -    		 -(Optional) -

    PolicyReportSummary provides a summary of results

    -
    -results
    - - -[]PolicyReportResult - - -    		 -(Optional) -

    PolicyReportResult provides result details

    -
    -
    -
    -

    ClusterAdmissionReport -

    -

    -

    ClusterAdmissionReport is the Schema for the ClusterAdmissionReports API

    -

    - - - - - - - - - - - - - - - - - - - - - - - - - -
    FieldDescription
    -apiVersion
    -string    		 - -kyverno.io/v1alpha2 - -
    -kind
    -string -    		ClusterAdmissionReport
    -metadata
    - - -Kubernetes meta/v1.ObjectMeta - - -    		 -Refer to the Kubernetes API documentation for the fields of the -metadata field. -
    -spec
    - - -AdmissionReportSpec - - -    		 -
    -
    - - - - - - - - - - - - - -
    -owner
    - - -Kubernetes meta/v1.OwnerReference - - -    		 -

    Owner is a reference to the report owner (e.g. a Deployment, Namespace, or Node)

    -
    -summary
    - - -PolicyReportSummary - - -    		 -(Optional) -

    PolicyReportSummary provides a summary of results

    -
    -results
    - - -[]PolicyReportResult - - -    		 -(Optional) -

    PolicyReportResult provides result details

    -
    -
    -
    -

    ClusterBackgroundScanReport -

    -

    -

    ClusterBackgroundScanReport is the Schema for the ClusterBackgroundScanReports API

    -

    - - - - - - - - - - - - - - - - - - - - - - - - - -
    FieldDescription
    -apiVersion
    -string    		 - -kyverno.io/v1alpha2 - -
    -kind
    -string -    		ClusterBackgroundScanReport
    -metadata
    - - -Kubernetes meta/v1.ObjectMeta - - -    		 -Refer to the Kubernetes API documentation for the fields of the -metadata field. -
    -spec
    - - -BackgroundScanReportSpec - - -    		 -
    -
    - - - - - - - - - -
    -summary
    - - -PolicyReportSummary - - -    		 -(Optional) -

    PolicyReportSummary provides a summary of results

    -
    -results
    - - -[]PolicyReportResult - - -    		 -(Optional) -

    PolicyReportResult provides result details

    -
    -
    -
    -

    ReportInterface -

    -

    -

    ReportInterface abstracts the concrete report change request type

    -

    kyverno.io/v1beta1

    Package v1beta1 contains API Schema definitions for the policy v1beta1 API group

    @@ -6606,8 +6193,6 @@ UpdateRequestStatus

    (Appears on: -AdmissionReport, -ClusterAdmissionReport, AdmissionReport, ClusterAdmissionReport)

    @@ -6768,8 +6353,6 @@ Here, all of the conditions need to pass.

    (Appears on: -BackgroundScanReport, -ClusterBackgroundScanReport, BackgroundScanReport, ClusterBackgroundScanReport)

    @@ -10535,6 +10118,11 @@ PolicyReportSummary
    +

    ReportInterface +

    +

    +

    ReportInterface abstracts the concrete report change request type

    +

    wgpolicyk8s.io/v1alpha2

    Resource Types: