mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2024-12-14 11:57:48 +00:00
Code Activity

release 1.5.0-rc2

Browse source
This commit is contained in:
ShutingZhao 2021-10-15 10:14:04 -07:00
parent 3de1b7b69f
commit 857842b79d
8 changed files with 1203 additions and 1142 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
CHANGELOG.md
View file

@ -1,3 +1,20 @@
## v1.5.0-rc2
### Features
- Support `*` (wildcard all) to match all kinds without impacting performance #1954
- Implement a `base64decode` custom JMESPath function #2533
### Enhancements
- Change `validate.foreach` and `mutate.foreach` to lists #2505
### Bug Fixes
- Fix mutate foreach auto-gen rules #2507
- e2e test cases fails intermittently #2208
- Allow `element` variable introduce for foreach without requiring `background: true` #2510
- Fix webhook update for sub-resources #2545, #2546
Thanks to all our contributors! 😊
## v1.5.0-rc1
### Note
- The Helm CRDs was switched back to kyverno chart. To upgrade using Helm, please refer to https://github.com/kyverno/website/pull/304.

4
charts/kyverno-policies/Chart.yaml
View file

@ -1,7 +1,7 @@
apiVersion: v1
name: kyverno-policies
version: v2.1.0
appVersion: v1.5.0-rc1
version: v2.1.1-rc2
appVersion: v1.5.0-rc2
icon: https://github.com/kyverno/kyverno/raw/main/img/logo.png
description: Kubernetes Native Policy Management Policies
keywords:

4
charts/kyverno/Chart.yaml
View file

@ -1,7 +1,7 @@
apiVersion: v1
name: kyverno
version: v2.1.0
appVersion: v1.5.0-rc1
version: v2.1.1-rc2
appVersion: v1.5.0-rc2
icon: https://github.com/kyverno/kyverno/raw/main/img/logo.png
description: Kubernetes Native Policy Management
keywords:

894
charts/kyverno/templates/crds.yaml
View file

@ -11,7 +11,7 @@ metadata:
app.kubernetes.io/managed-by: Kustomize
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: v1.5.0-rc1
app.kubernetes.io/version: v1.5.0-rc2
name: clusterpolicies.kyverno.io
spec:
group: kyverno.io
@ -889,111 +889,114 @@ spec:
properties:
foreach:
description: ForEach applies policy rule changes to nested elements.
properties:
context:
description: Context defines variables and data sources that can be used during rule execution.
items:
description: ContextEntry adds variables and data sources to a rule Context. Either a ConfigMap reference or a APILookup must be provided.
items:
description: ForEach applies policy rule changes to nested elements.
properties:
context:
description: Context defines variables and data sources that can be used during rule execution.
items:
description: ContextEntry adds variables and data sources to a rule Context. Either a ConfigMap reference or a APILookup must be provided.
properties:
apiCall:
description: APICall defines an HTTP request to the Kubernetes API server. The JSON data retrieved is stored in the context.
properties:
jmesPath:
description: JMESPath is an optional JSON Match Expression that can be used to transform the JSON response returned from the API server. For example a JMESPath of "items | length(@)" applied to the API server response to the URLPath "/apis/apps/v1/deployments" will return the total count of deployments across all namespaces.
type: string
urlPath:
description: URLPath is the URL path to be used in the HTTP GET request to the Kubernetes API server (e.g. "/api/v1/namespaces" or "/apis/apps/v1/deployments"). The format required is the same format used by the `kubectl get --raw` command.
type: string
required:
- urlPath
type: object
configMap:
description: ConfigMap is the ConfigMap reference.
properties:
name:
description: Name is the ConfigMap name.
type: string
namespace:
description: Namespace is the ConfigMap namespace.
type: string
required:
- name
type: object
name:
description: Name is the variable name.
type: string
type: object
type: array
list:
description: List specifies a JMESPath expression that results in one or more elements to which the validation logic is applied.
type: string
patchStrategicMerge:
description: PatchStrategicMerge is a strategic merge patch used to modify resources. See https://kubernetes.io/docs/tasks/manage-kubernetes-objects/update-api-object-kubectl-patch/ and https://kubectl.docs.kubernetes.io/references/kustomize/patchesstrategicmerge/.
x-kubernetes-preserve-unknown-fields: true
preconditions:
description: 'Preconditions are used to determine if a policy rule should be applied by evaluating a set of conditions. The declaration can contain nested `any` or `all` statements. See: https://kyverno.io/docs/writing-policies/preconditions/'
properties:
apiCall:
description: APICall defines an HTTP request to the Kubernetes API server. The JSON data retrieved is stored in the context.
properties:
jmesPath:
description: JMESPath is an optional JSON Match Expression that can be used to transform the JSON response returned from the API server. For example a JMESPath of "items | length(@)" applied to the API server response to the URLPath "/apis/apps/v1/deployments" will return the total count of deployments across all namespaces.
type: string
urlPath:
description: URLPath is the URL path to be used in the HTTP GET request to the Kubernetes API server (e.g. "/api/v1/namespaces" or "/apis/apps/v1/deployments"). The format required is the same format used by the `kubectl get --raw` command.
type: string
required:
- urlPath
type: object
configMap:
description: ConfigMap is the ConfigMap reference.
properties:
name:
description: Name is the ConfigMap name.
type: string
namespace:
description: Namespace is the ConfigMap namespace.
type: string
required:
- name
type: object
name:
description: Name is the variable name.
type: string
all:
description: AllConditions enable variable-based conditional rule execution. This is useful for finer control of when an rule is applied. A condition can reference object data using JMESPath notation. Here, all of the conditions need to pass
items:
description: Condition defines variable-based conditional criteria for rule execution.
properties:
key:
description: Key is the context entry (using JMESPath) for conditional rule evaluation.
x-kubernetes-preserve-unknown-fields: true
operator:
description: Operator is the operation to perform. Valid operators are Equals, NotEquals, In and NotIn.
enum:
- Equals
- NotEquals
- In
- NotIn
- GreaterThanOrEquals
- GreaterThan
- LessThanOrEquals
- LessThan
- DurationGreaterThanOrEquals
- DurationGreaterThan
- DurationLessThanOrEquals
- DurationLessThan
type: string
value:
description: Value is the conditional value, or set of values. The values can be fixed set or can be variables declared using using JMESPath.
x-kubernetes-preserve-unknown-fields: true
type: object
type: array
any:
description: AnyConditions enable variable-based conditional rule execution. This is useful for finer control of when an rule is applied. A condition can reference object data using JMESPath notation. Here, at least one of the conditions need to pass
items:
description: Condition defines variable-based conditional criteria for rule execution.
properties:
key:
description: Key is the context entry (using JMESPath) for conditional rule evaluation.
x-kubernetes-preserve-unknown-fields: true
operator:
description: Operator is the operation to perform. Valid operators are Equals, NotEquals, In and NotIn.
enum:
- Equals
- NotEquals
- In
- NotIn
- GreaterThanOrEquals
- GreaterThan
- LessThanOrEquals
- LessThan
- DurationGreaterThanOrEquals
- DurationGreaterThan
- DurationLessThanOrEquals
- DurationLessThan
type: string
value:
description: Value is the conditional value, or set of values. The values can be fixed set or can be variables declared using using JMESPath.
x-kubernetes-preserve-unknown-fields: true
type: object
type: array
type: object
type: array
list:
description: List specifies a JMESPath expression that results in one or more elements to which the validation logic is applied.
type: string
patchStrategicMerge:
description: PatchStrategicMerge is a strategic merge patch used to modify resources. See https://kubernetes.io/docs/tasks/manage-kubernetes-objects/update-api-object-kubectl-patch/ and https://kubectl.docs.kubernetes.io/references/kustomize/patchesstrategicmerge/.
x-kubernetes-preserve-unknown-fields: true
preconditions:
description: 'Preconditions are used to determine if a policy rule should be applied by evaluating a set of conditions. The declaration can contain nested `any` or `all` statements. See: https://kyverno.io/docs/writing-policies/preconditions/'
properties:
all:
description: AllConditions enable variable-based conditional rule execution. This is useful for finer control of when an rule is applied. A condition can reference object data using JMESPath notation. Here, all of the conditions need to pass
items:
description: Condition defines variable-based conditional criteria for rule execution.
properties:
key:
description: Key is the context entry (using JMESPath) for conditional rule evaluation.
x-kubernetes-preserve-unknown-fields: true
operator:
description: Operator is the operation to perform. Valid operators are Equals, NotEquals, In and NotIn.
enum:
- Equals
- NotEquals
- In
- NotIn
- GreaterThanOrEquals
- GreaterThan
- LessThanOrEquals
- LessThan
- DurationGreaterThanOrEquals
- DurationGreaterThan
- DurationLessThanOrEquals
- DurationLessThan
type: string
value:
description: Value is the conditional value, or set of values. The values can be fixed set or can be variables declared using using JMESPath.
x-kubernetes-preserve-unknown-fields: true
type: object
type: array
any:
description: AnyConditions enable variable-based conditional rule execution. This is useful for finer control of when an rule is applied. A condition can reference object data using JMESPath notation. Here, at least one of the conditions need to pass
items:
description: Condition defines variable-based conditional criteria for rule execution.
properties:
key:
description: Key is the context entry (using JMESPath) for conditional rule evaluation.
x-kubernetes-preserve-unknown-fields: true
operator:
description: Operator is the operation to perform. Valid operators are Equals, NotEquals, In and NotIn.
enum:
- Equals
- NotEquals
- In
- NotIn
- GreaterThanOrEquals
- GreaterThan
- LessThanOrEquals
- LessThan
- DurationGreaterThanOrEquals
- DurationGreaterThan
- DurationLessThanOrEquals
- DurationLessThan
type: string
value:
description: Value is the conditional value, or set of values. The values can be fixed set or can be variables declared using using JMESPath.
x-kubernetes-preserve-unknown-fields: true
type: object
type: array
type: object
x-kubernetes-preserve-unknown-fields: true
type: object
x-kubernetes-preserve-unknown-fields: true
type: object
type: array
overlay:
description: Overlay specifies an overlay pattern to modify resources. DEPRECATED. Use PatchStrategicMerge instead. Scheduled for removal in release 1.5+.
x-kubernetes-preserve-unknown-fields: true
@ -1043,122 +1046,125 @@ spec:
x-kubernetes-preserve-unknown-fields: true
type: object
foreach:
description: ForEach applies policy rule checks to nested elements.
properties:
anyPattern:
description: AnyPattern specifies list of validation patterns. At least one of the patterns must be satisfied for the validation rule to succeed.
x-kubernetes-preserve-unknown-fields: true
context:
description: Context defines variables and data sources that can be used during rule execution.
items:
description: ContextEntry adds variables and data sources to a rule Context. Either a ConfigMap reference or a APILookup must be provided.
description: ForEach applies policy rule changes to nested elements.
items:
description: ForEach applies policy rule checks to nested elements.
properties:
anyPattern:
description: AnyPattern specifies list of validation patterns. At least one of the patterns must be satisfied for the validation rule to succeed.
x-kubernetes-preserve-unknown-fields: true
context:
description: Context defines variables and data sources that can be used during rule execution.
items:
description: ContextEntry adds variables and data sources to a rule Context. Either a ConfigMap reference or a APILookup must be provided.
properties:
apiCall:
description: APICall defines an HTTP request to the Kubernetes API server. The JSON data retrieved is stored in the context.
properties:
jmesPath:
description: JMESPath is an optional JSON Match Expression that can be used to transform the JSON response returned from the API server. For example a JMESPath of "items | length(@)" applied to the API server response to the URLPath "/apis/apps/v1/deployments" will return the total count of deployments across all namespaces.
type: string
urlPath:
description: URLPath is the URL path to be used in the HTTP GET request to the Kubernetes API server (e.g. "/api/v1/namespaces" or "/apis/apps/v1/deployments"). The format required is the same format used by the `kubectl get --raw` command.
type: string
required:
- urlPath
type: object
configMap:
description: ConfigMap is the ConfigMap reference.
properties:
name:
description: Name is the ConfigMap name.
type: string
namespace:
description: Namespace is the ConfigMap namespace.
type: string
required:
- name
type: object
name:
description: Name is the variable name.
type: string
type: object
type: array
deny:
description: Deny defines conditions used to pass or fail a validation rule.
properties:
apiCall:
description: APICall defines an HTTP request to the Kubernetes API server. The JSON data retrieved is stored in the context.
properties:
jmesPath:
description: JMESPath is an optional JSON Match Expression that can be used to transform the JSON response returned from the API server. For example a JMESPath of "items | length(@)" applied to the API server response to the URLPath "/apis/apps/v1/deployments" will return the total count of deployments across all namespaces.
type: string
urlPath:
description: URLPath is the URL path to be used in the HTTP GET request to the Kubernetes API server (e.g. "/api/v1/namespaces" or "/apis/apps/v1/deployments"). The format required is the same format used by the `kubectl get --raw` command.
type: string
required:
- urlPath
type: object
configMap:
description: ConfigMap is the ConfigMap reference.
properties:
name:
description: Name is the ConfigMap name.
type: string
namespace:
description: Namespace is the ConfigMap namespace.
type: string
required:
- name
type: object
name:
description: Name is the variable name.
type: string
conditions:
description: 'Multiple conditions can be declared under an `any` or `all` statement. A direct list of conditions (without `any` or `all` statements) is also supported for backwards compatibility but will be deprecated in the next major release. See: https://kyverno.io/docs/writing-policies/validate/#deny-rules'
x-kubernetes-preserve-unknown-fields: true
type: object
type: array
deny:
description: Deny defines conditions used to pass or fail a validation rule.
properties:
conditions:
description: 'Multiple conditions can be declared under an `any` or `all` statement. A direct list of conditions (without `any` or `all` statements) is also supported for backwards compatibility but will be deprecated in the next major release. See: https://kyverno.io/docs/writing-policies/validate/#deny-rules'
x-kubernetes-preserve-unknown-fields: true
type: object
list:
description: List specifies a JMESPath expression that results in one or more elements to which the validation logic is applied.
type: string
pattern:
description: Pattern specifies an overlay-style pattern used to check resources.
x-kubernetes-preserve-unknown-fields: true
preconditions:
description: 'Preconditions are used to determine if a policy rule should be applied by evaluating a set of conditions. The declaration can contain nested `any` or `all` statements. See: https://kyverno.io/docs/writing-policies/preconditions/'
properties:
all:
description: AllConditions enable variable-based conditional rule execution. This is useful for finer control of when an rule is applied. A condition can reference object data using JMESPath notation. Here, all of the conditions need to pass
items:
description: Condition defines variable-based conditional criteria for rule execution.
properties:
key:
description: Key is the context entry (using JMESPath) for conditional rule evaluation.
x-kubernetes-preserve-unknown-fields: true
operator:
description: Operator is the operation to perform. Valid operators are Equals, NotEquals, In and NotIn.
enum:
- Equals
- NotEquals
- In
- NotIn
- GreaterThanOrEquals
- GreaterThan
- LessThanOrEquals
- LessThan
- DurationGreaterThanOrEquals
- DurationGreaterThan
- DurationLessThanOrEquals
- DurationLessThan
type: string
value:
description: Value is the conditional value, or set of values. The values can be fixed set or can be variables declared using using JMESPath.
x-kubernetes-preserve-unknown-fields: true
type: object
type: array
any:
description: AnyConditions enable variable-based conditional rule execution. This is useful for finer control of when an rule is applied. A condition can reference object data using JMESPath notation. Here, at least one of the conditions need to pass
items:
description: Condition defines variable-based conditional criteria for rule execution.
properties:
key:
description: Key is the context entry (using JMESPath) for conditional rule evaluation.
x-kubernetes-preserve-unknown-fields: true
operator:
description: Operator is the operation to perform. Valid operators are Equals, NotEquals, In and NotIn.
enum:
- Equals
- NotEquals
- In
- NotIn
- GreaterThanOrEquals
- GreaterThan
- LessThanOrEquals
- LessThan
- DurationGreaterThanOrEquals
- DurationGreaterThan
- DurationLessThanOrEquals
- DurationLessThan
type: string
value:
description: Value is the conditional value, or set of values. The values can be fixed set or can be variables declared using using JMESPath.
x-kubernetes-preserve-unknown-fields: true
type: object
type: array
type: object
x-kubernetes-preserve-unknown-fields: true
type: object
list:
description: List specifies a JMESPath expression that results in one or more elements to which the validation logic is applied.
type: string
pattern:
description: Pattern specifies an overlay-style pattern used to check resources.
x-kubernetes-preserve-unknown-fields: true
preconditions:
description: 'Preconditions are used to determine if a policy rule should be applied by evaluating a set of conditions. The declaration can contain nested `any` or `all` statements. See: https://kyverno.io/docs/writing-policies/preconditions/'
properties:
all:
description: AllConditions enable variable-based conditional rule execution. This is useful for finer control of when an rule is applied. A condition can reference object data using JMESPath notation. Here, all of the conditions need to pass
items:
description: Condition defines variable-based conditional criteria for rule execution.
properties:
key:
description: Key is the context entry (using JMESPath) for conditional rule evaluation.
x-kubernetes-preserve-unknown-fields: true
operator:
description: Operator is the operation to perform. Valid operators are Equals, NotEquals, In and NotIn.
enum:
- Equals
- NotEquals
- In
- NotIn
- GreaterThanOrEquals
- GreaterThan
- LessThanOrEquals
- LessThan
- DurationGreaterThanOrEquals
- DurationGreaterThan
- DurationLessThanOrEquals
- DurationLessThan
type: string
value:
description: Value is the conditional value, or set of values. The values can be fixed set or can be variables declared using using JMESPath.
x-kubernetes-preserve-unknown-fields: true
type: object
type: array
any:
description: AnyConditions enable variable-based conditional rule execution. This is useful for finer control of when an rule is applied. A condition can reference object data using JMESPath notation. Here, at least one of the conditions need to pass
items:
description: Condition defines variable-based conditional criteria for rule execution.
properties:
key:
description: Key is the context entry (using JMESPath) for conditional rule evaluation.
x-kubernetes-preserve-unknown-fields: true
operator:
description: Operator is the operation to perform. Valid operators are Equals, NotEquals, In and NotIn.
enum:
- Equals
- NotEquals
- In
- NotIn
- GreaterThanOrEquals
- GreaterThan
- LessThanOrEquals
- LessThan
- DurationGreaterThanOrEquals
- DurationGreaterThan
- DurationLessThanOrEquals
- DurationLessThan
type: string
value:
description: Value is the conditional value, or set of values. The values can be fixed set or can be variables declared using using JMESPath.
x-kubernetes-preserve-unknown-fields: true
type: object
type: array
type: object
x-kubernetes-preserve-unknown-fields: true
type: object
type: array
message:
description: Message specifies a custom message to be displayed on failure.
type: string
@ -1306,7 +1312,7 @@ metadata:
app.kubernetes.io/managed-by: Kustomize
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: v1.5.0-rc1
app.kubernetes.io/version: v1.5.0-rc2
name: clusterpolicyreports.wgpolicyk8s.io
spec:
group: wgpolicyk8s.io
@ -1799,7 +1805,7 @@ metadata:
app.kubernetes.io/managed-by: Kustomize
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: v1.5.0-rc1
app.kubernetes.io/version: v1.5.0-rc2
name: clusterreportchangerequests.kyverno.io
spec:
group: kyverno.io
@ -2292,7 +2298,7 @@ metadata:
app.kubernetes.io/managed-by: Kustomize
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: v1.5.0-rc1
app.kubernetes.io/version: v1.5.0-rc2
name: generaterequests.kyverno.io
spec:
group: kyverno.io
@ -2473,7 +2479,7 @@ metadata:
app.kubernetes.io/managed-by: Kustomize
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: v1.5.0-rc1
app.kubernetes.io/version: v1.5.0-rc2
name: policies.kyverno.io
spec:
group: kyverno.io
@ -3351,111 +3357,114 @@ spec:
properties:
foreach:
description: ForEach applies policy rule changes to nested elements.
properties:
context:
description: Context defines variables and data sources that can be used during rule execution.
items:
description: ContextEntry adds variables and data sources to a rule Context. Either a ConfigMap reference or a APILookup must be provided.
items:
description: ForEach applies policy rule changes to nested elements.
properties:
context:
description: Context defines variables and data sources that can be used during rule execution.
items:
description: ContextEntry adds variables and data sources to a rule Context. Either a ConfigMap reference or a APILookup must be provided.
properties:
apiCall:
description: APICall defines an HTTP request to the Kubernetes API server. The JSON data retrieved is stored in the context.
properties:
jmesPath:
description: JMESPath is an optional JSON Match Expression that can be used to transform the JSON response returned from the API server. For example a JMESPath of "items | length(@)" applied to the API server response to the URLPath "/apis/apps/v1/deployments" will return the total count of deployments across all namespaces.
type: string
urlPath:
description: URLPath is the URL path to be used in the HTTP GET request to the Kubernetes API server (e.g. "/api/v1/namespaces" or "/apis/apps/v1/deployments"). The format required is the same format used by the `kubectl get --raw` command.
type: string
required:
- urlPath
type: object
configMap:
description: ConfigMap is the ConfigMap reference.
properties:
name:
description: Name is the ConfigMap name.
type: string
namespace:
description: Namespace is the ConfigMap namespace.
type: string
required:
- name
type: object
name:
description: Name is the variable name.
type: string
type: object
type: array
list:
description: List specifies a JMESPath expression that results in one or more elements to which the validation logic is applied.
type: string
patchStrategicMerge:
description: PatchStrategicMerge is a strategic merge patch used to modify resources. See https://kubernetes.io/docs/tasks/manage-kubernetes-objects/update-api-object-kubectl-patch/ and https://kubectl.docs.kubernetes.io/references/kustomize/patchesstrategicmerge/.
x-kubernetes-preserve-unknown-fields: true
preconditions:
description: 'Preconditions are used to determine if a policy rule should be applied by evaluating a set of conditions. The declaration can contain nested `any` or `all` statements. See: https://kyverno.io/docs/writing-policies/preconditions/'
properties:
apiCall:
description: APICall defines an HTTP request to the Kubernetes API server. The JSON data retrieved is stored in the context.
properties:
jmesPath:
description: JMESPath is an optional JSON Match Expression that can be used to transform the JSON response returned from the API server. For example a JMESPath of "items | length(@)" applied to the API server response to the URLPath "/apis/apps/v1/deployments" will return the total count of deployments across all namespaces.
type: string
urlPath:
description: URLPath is the URL path to be used in the HTTP GET request to the Kubernetes API server (e.g. "/api/v1/namespaces" or "/apis/apps/v1/deployments"). The format required is the same format used by the `kubectl get --raw` command.
type: string
required:
- urlPath
type: object
configMap:
description: ConfigMap is the ConfigMap reference.
properties:
name:
description: Name is the ConfigMap name.
type: string
namespace:
description: Namespace is the ConfigMap namespace.
type: string
required:
- name
type: object
name:
description: Name is the variable name.
type: string
all:
description: AllConditions enable variable-based conditional rule execution. This is useful for finer control of when an rule is applied. A condition can reference object data using JMESPath notation. Here, all of the conditions need to pass
items:
description: Condition defines variable-based conditional criteria for rule execution.
properties:
key:
description: Key is the context entry (using JMESPath) for conditional rule evaluation.
x-kubernetes-preserve-unknown-fields: true
operator:
description: Operator is the operation to perform. Valid operators are Equals, NotEquals, In and NotIn.
enum:
- Equals
- NotEquals
- In
- NotIn
- GreaterThanOrEquals
- GreaterThan
- LessThanOrEquals
- LessThan
- DurationGreaterThanOrEquals
- DurationGreaterThan
- DurationLessThanOrEquals
- DurationLessThan
type: string
value:
description: Value is the conditional value, or set of values. The values can be fixed set or can be variables declared using using JMESPath.
x-kubernetes-preserve-unknown-fields: true
type: object
type: array
any:
description: AnyConditions enable variable-based conditional rule execution. This is useful for finer control of when an rule is applied. A condition can reference object data using JMESPath notation. Here, at least one of the conditions need to pass
items:
description: Condition defines variable-based conditional criteria for rule execution.
properties:
key:
description: Key is the context entry (using JMESPath) for conditional rule evaluation.
x-kubernetes-preserve-unknown-fields: true
operator:
description: Operator is the operation to perform. Valid operators are Equals, NotEquals, In and NotIn.
enum:
- Equals
- NotEquals
- In
- NotIn
- GreaterThanOrEquals
- GreaterThan
- LessThanOrEquals
- LessThan
- DurationGreaterThanOrEquals
- DurationGreaterThan
- DurationLessThanOrEquals
- DurationLessThan
type: string
value:
description: Value is the conditional value, or set of values. The values can be fixed set or can be variables declared using using JMESPath.
x-kubernetes-preserve-unknown-fields: true
type: object
type: array
type: object
type: array
list:
description: List specifies a JMESPath expression that results in one or more elements to which the validation logic is applied.
type: string
patchStrategicMerge:
description: PatchStrategicMerge is a strategic merge patch used to modify resources. See https://kubernetes.io/docs/tasks/manage-kubernetes-objects/update-api-object-kubectl-patch/ and https://kubectl.docs.kubernetes.io/references/kustomize/patchesstrategicmerge/.
x-kubernetes-preserve-unknown-fields: true
preconditions:
description: 'Preconditions are used to determine if a policy rule should be applied by evaluating a set of conditions. The declaration can contain nested `any` or `all` statements. See: https://kyverno.io/docs/writing-policies/preconditions/'
properties:
all:
description: AllConditions enable variable-based conditional rule execution. This is useful for finer control of when an rule is applied. A condition can reference object data using JMESPath notation. Here, all of the conditions need to pass
items:
description: Condition defines variable-based conditional criteria for rule execution.
properties:
key:
description: Key is the context entry (using JMESPath) for conditional rule evaluation.
x-kubernetes-preserve-unknown-fields: true
operator:
description: Operator is the operation to perform. Valid operators are Equals, NotEquals, In and NotIn.
enum:
- Equals
- NotEquals
- In
- NotIn
- GreaterThanOrEquals
- GreaterThan
- LessThanOrEquals
- LessThan
- DurationGreaterThanOrEquals
- DurationGreaterThan
- DurationLessThanOrEquals
- DurationLessThan
type: string
value:
description: Value is the conditional value, or set of values. The values can be fixed set or can be variables declared using using JMESPath.
x-kubernetes-preserve-unknown-fields: true
type: object
type: array
any:
description: AnyConditions enable variable-based conditional rule execution. This is useful for finer control of when an rule is applied. A condition can reference object data using JMESPath notation. Here, at least one of the conditions need to pass
items:
description: Condition defines variable-based conditional criteria for rule execution.
properties:
key:
description: Key is the context entry (using JMESPath) for conditional rule evaluation.
x-kubernetes-preserve-unknown-fields: true
operator:
description: Operator is the operation to perform. Valid operators are Equals, NotEquals, In and NotIn.
enum:
- Equals
- NotEquals
- In
- NotIn
- GreaterThanOrEquals
- GreaterThan
- LessThanOrEquals
- LessThan
- DurationGreaterThanOrEquals
- DurationGreaterThan
- DurationLessThanOrEquals
- DurationLessThan
type: string
value:
description: Value is the conditional value, or set of values. The values can be fixed set or can be variables declared using using JMESPath.
x-kubernetes-preserve-unknown-fields: true
type: object
type: array
type: object
x-kubernetes-preserve-unknown-fields: true
type: object
x-kubernetes-preserve-unknown-fields: true
type: object
type: array
overlay:
description: Overlay specifies an overlay pattern to modify resources. DEPRECATED. Use PatchStrategicMerge instead. Scheduled for removal in release 1.5+.
x-kubernetes-preserve-unknown-fields: true
@ -3505,122 +3514,125 @@ spec:
x-kubernetes-preserve-unknown-fields: true
type: object
foreach:
description: ForEach applies policy rule checks to nested elements.
properties:
anyPattern:
description: AnyPattern specifies list of validation patterns. At least one of the patterns must be satisfied for the validation rule to succeed.
x-kubernetes-preserve-unknown-fields: true
context:
description: Context defines variables and data sources that can be used during rule execution.
items:
description: ContextEntry adds variables and data sources to a rule Context. Either a ConfigMap reference or a APILookup must be provided.
description: ForEach applies policy rule changes to nested elements.
items:
description: ForEach applies policy rule checks to nested elements.
properties:
anyPattern:
description: AnyPattern specifies list of validation patterns. At least one of the patterns must be satisfied for the validation rule to succeed.
x-kubernetes-preserve-unknown-fields: true
context:
description: Context defines variables and data sources that can be used during rule execution.
items:
description: ContextEntry adds variables and data sources to a rule Context. Either a ConfigMap reference or a APILookup must be provided.
properties:
apiCall:
description: APICall defines an HTTP request to the Kubernetes API server. The JSON data retrieved is stored in the context.
properties:
jmesPath:
description: JMESPath is an optional JSON Match Expression that can be used to transform the JSON response returned from the API server. For example a JMESPath of "items | length(@)" applied to the API server response to the URLPath "/apis/apps/v1/deployments" will return the total count of deployments across all namespaces.
type: string
urlPath:
description: URLPath is the URL path to be used in the HTTP GET request to the Kubernetes API server (e.g. "/api/v1/namespaces" or "/apis/apps/v1/deployments"). The format required is the same format used by the `kubectl get --raw` command.
type: string
required:
- urlPath
type: object
configMap:
description: ConfigMap is the ConfigMap reference.
properties:
name:
description: Name is the ConfigMap name.
type: string
namespace:
description: Namespace is the ConfigMap namespace.
type: string
required:
- name
type: object
name:
description: Name is the variable name.
type: string
type: object
type: array
deny:
description: Deny defines conditions used to pass or fail a validation rule.
properties:
apiCall:
description: APICall defines an HTTP request to the Kubernetes API server. The JSON data retrieved is stored in the context.
properties:
jmesPath:
description: JMESPath is an optional JSON Match Expression that can be used to transform the JSON response returned from the API server. For example a JMESPath of "items | length(@)" applied to the API server response to the URLPath "/apis/apps/v1/deployments" will return the total count of deployments across all namespaces.
type: string
urlPath:
description: URLPath is the URL path to be used in the HTTP GET request to the Kubernetes API server (e.g. "/api/v1/namespaces" or "/apis/apps/v1/deployments"). The format required is the same format used by the `kubectl get --raw` command.
type: string
required:
- urlPath
type: object
configMap:
description: ConfigMap is the ConfigMap reference.
properties:
name:
description: Name is the ConfigMap name.
type: string
namespace:
description: Namespace is the ConfigMap namespace.
type: string
required:
- name
type: object
name:
description: Name is the variable name.
type: string
conditions:
description: 'Multiple conditions can be declared under an `any` or `all` statement. A direct list of conditions (without `any` or `all` statements) is also supported for backwards compatibility but will be deprecated in the next major release. See: https://kyverno.io/docs/writing-policies/validate/#deny-rules'
x-kubernetes-preserve-unknown-fields: true
type: object
type: array
deny:
description: Deny defines conditions used to pass or fail a validation rule.
properties:
conditions:
description: 'Multiple conditions can be declared under an `any` or `all` statement. A direct list of conditions (without `any` or `all` statements) is also supported for backwards compatibility but will be deprecated in the next major release. See: https://kyverno.io/docs/writing-policies/validate/#deny-rules'
x-kubernetes-preserve-unknown-fields: true
type: object
list:
description: List specifies a JMESPath expression that results in one or more elements to which the validation logic is applied.
type: string
pattern:
description: Pattern specifies an overlay-style pattern used to check resources.
x-kubernetes-preserve-unknown-fields: true
preconditions:
description: 'Preconditions are used to determine if a policy rule should be applied by evaluating a set of conditions. The declaration can contain nested `any` or `all` statements. See: https://kyverno.io/docs/writing-policies/preconditions/'
properties:
all:
description: AllConditions enable variable-based conditional rule execution. This is useful for finer control of when an rule is applied. A condition can reference object data using JMESPath notation. Here, all of the conditions need to pass
items:
description: Condition defines variable-based conditional criteria for rule execution.
properties:
key:
description: Key is the context entry (using JMESPath) for conditional rule evaluation.
x-kubernetes-preserve-unknown-fields: true
operator:
description: Operator is the operation to perform. Valid operators are Equals, NotEquals, In and NotIn.
enum:
- Equals
- NotEquals
- In
- NotIn
- GreaterThanOrEquals
- GreaterThan
- LessThanOrEquals
- LessThan
- DurationGreaterThanOrEquals
- DurationGreaterThan
- DurationLessThanOrEquals
- DurationLessThan
type: string
value:
description: Value is the conditional value, or set of values. The values can be fixed set or can be variables declared using using JMESPath.
x-kubernetes-preserve-unknown-fields: true
type: object
type: array
any:
description: AnyConditions enable variable-based conditional rule execution. This is useful for finer control of when an rule is applied. A condition can reference object data using JMESPath notation. Here, at least one of the conditions need to pass
items:
description: Condition defines variable-based conditional criteria for rule execution.
properties:
key:
description: Key is the context entry (using JMESPath) for conditional rule evaluation.
x-kubernetes-preserve-unknown-fields: true
operator:
description: Operator is the operation to perform. Valid operators are Equals, NotEquals, In and NotIn.
enum:
- Equals
- NotEquals
- In
- NotIn
- GreaterThanOrEquals
- GreaterThan
- LessThanOrEquals
- LessThan
- DurationGreaterThanOrEquals
- DurationGreaterThan
- DurationLessThanOrEquals
- DurationLessThan
type: string
value:
description: Value is the conditional value, or set of values. The values can be fixed set or can be variables declared using using JMESPath.
x-kubernetes-preserve-unknown-fields: true
type: object
type: array
type: object
x-kubernetes-preserve-unknown-fields: true
type: object
list:
description: List specifies a JMESPath expression that results in one or more elements to which the validation logic is applied.
type: string
pattern:
description: Pattern specifies an overlay-style pattern used to check resources.
x-kubernetes-preserve-unknown-fields: true
preconditions:
description: 'Preconditions are used to determine if a policy rule should be applied by evaluating a set of conditions. The declaration can contain nested `any` or `all` statements. See: https://kyverno.io/docs/writing-policies/preconditions/'
properties:
all:
description: AllConditions enable variable-based conditional rule execution. This is useful for finer control of when an rule is applied. A condition can reference object data using JMESPath notation. Here, all of the conditions need to pass
items:
description: Condition defines variable-based conditional criteria for rule execution.
properties:
key:
description: Key is the context entry (using JMESPath) for conditional rule evaluation.
x-kubernetes-preserve-unknown-fields: true
operator:
description: Operator is the operation to perform. Valid operators are Equals, NotEquals, In and NotIn.
enum:
- Equals
- NotEquals
- In
- NotIn
- GreaterThanOrEquals
- GreaterThan
- LessThanOrEquals
- LessThan
- DurationGreaterThanOrEquals
- DurationGreaterThan
- DurationLessThanOrEquals
- DurationLessThan
type: string
value:
description: Value is the conditional value, or set of values. The values can be fixed set or can be variables declared using using JMESPath.
x-kubernetes-preserve-unknown-fields: true
type: object
type: array
any:
description: AnyConditions enable variable-based conditional rule execution. This is useful for finer control of when an rule is applied. A condition can reference object data using JMESPath notation. Here, at least one of the conditions need to pass
items:
description: Condition defines variable-based conditional criteria for rule execution.
properties:
key:
description: Key is the context entry (using JMESPath) for conditional rule evaluation.
x-kubernetes-preserve-unknown-fields: true
operator:
description: Operator is the operation to perform. Valid operators are Equals, NotEquals, In and NotIn.
enum:
- Equals
- NotEquals
- In
- NotIn
- GreaterThanOrEquals
- GreaterThan
- LessThanOrEquals
- LessThan
- DurationGreaterThanOrEquals
- DurationGreaterThan
- DurationLessThanOrEquals
- DurationLessThan
type: string
value:
description: Value is the conditional value, or set of values. The values can be fixed set or can be variables declared using using JMESPath.
x-kubernetes-preserve-unknown-fields: true
type: object
type: array
type: object
x-kubernetes-preserve-unknown-fields: true
type: object
type: array
message:
description: Message specifies a custom message to be displayed on failure.
type: string
@ -3768,7 +3780,7 @@ metadata:
app.kubernetes.io/managed-by: Kustomize
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: v1.5.0-rc1
app.kubernetes.io/version: v1.5.0-rc2
name: policyreports.wgpolicyk8s.io
spec:
group: wgpolicyk8s.io
@ -4261,7 +4273,7 @@ metadata:
app.kubernetes.io/managed-by: Kustomize
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: v1.5.0-rc1
app.kubernetes.io/version: v1.5.0-rc2
name: reportchangerequests.kyverno.io
spec:
group: kyverno.io

66
definitions/install.yaml
View file

@ -8,7 +8,7 @@ metadata:
app.kubernetes.io/managed-by: Kustomize
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: v1.5.0-rc1
app.kubernetes.io/version: v1.5.0-rc2
name: kyverno
---
apiVersion: apiextensions.k8s.io/v1
@ -23,7 +23,7 @@ metadata:
app.kubernetes.io/managed-by: Kustomize
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: v1.5.0-rc1
app.kubernetes.io/version: v1.5.0-rc2
name: clusterpolicies.kyverno.io
spec:
group: kyverno.io
@ -2074,7 +2074,7 @@ metadata:
app.kubernetes.io/managed-by: Kustomize
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: v1.5.0-rc1
app.kubernetes.io/version: v1.5.0-rc2
name: clusterpolicyreports.wgpolicyk8s.io
spec:
group: wgpolicyk8s.io
@ -2755,7 +2755,7 @@ metadata:
app.kubernetes.io/managed-by: Kustomize
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: v1.5.0-rc1
app.kubernetes.io/version: v1.5.0-rc2
name: clusterreportchangerequests.kyverno.io
spec:
group: kyverno.io
@ -3436,7 +3436,7 @@ metadata:
app.kubernetes.io/managed-by: Kustomize
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: v1.5.0-rc1
app.kubernetes.io/version: v1.5.0-rc2
name: generaterequests.kyverno.io
spec:
group: kyverno.io
@ -3632,7 +3632,7 @@ metadata:
app.kubernetes.io/managed-by: Kustomize
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: v1.5.0-rc1
app.kubernetes.io/version: v1.5.0-rc2
name: policies.kyverno.io
spec:
group: kyverno.io
@ -5685,7 +5685,7 @@ metadata:
app.kubernetes.io/managed-by: Kustomize
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: v1.5.0-rc1
app.kubernetes.io/version: v1.5.0-rc2
name: policyreports.wgpolicyk8s.io
spec:
group: wgpolicyk8s.io
@ -6364,7 +6364,7 @@ metadata:
app.kubernetes.io/managed-by: Kustomize
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: v1.5.0-rc1
app.kubernetes.io/version: v1.5.0-rc2
name: reportchangerequests.kyverno.io
spec:
group: kyverno.io
@ -7043,7 +7043,7 @@ metadata:
app.kubernetes.io/managed-by: Kustomize
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: v1.5.0-rc1
app.kubernetes.io/version: v1.5.0-rc2
name: kyverno-service-account
namespace: kyverno
---
@ -7057,7 +7057,7 @@ metadata:
app.kubernetes.io/managed-by: Kustomize
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: v1.5.0-rc1
app.kubernetes.io/version: v1.5.0-rc2
rbac.authorization.k8s.io/aggregate-to-admin: "true"
name: kyverno:admin-policies
rules:
@ -7079,7 +7079,7 @@ metadata:
app.kubernetes.io/managed-by: Kustomize
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: v1.5.0-rc1
app.kubernetes.io/version: v1.5.0-rc2
rbac.authorization.k8s.io/aggregate-to-admin: "true"
name: kyverno:admin-policyreport
rules:
@ -7101,7 +7101,7 @@ metadata:
app.kubernetes.io/managed-by: Kustomize
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: v1.5.0-rc1
app.kubernetes.io/version: v1.5.0-rc2
rbac.authorization.k8s.io/aggregate-to-admin: "true"
name: kyverno:admin-reportchangerequest
rules:
@ -7123,7 +7123,7 @@ metadata:
app.kubernetes.io/managed-by: Kustomize
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: v1.5.0-rc1
app.kubernetes.io/version: v1.5.0-rc2
name: kyverno:customresources
rules:
- apiGroups:
@ -7169,7 +7169,7 @@ metadata:
app.kubernetes.io/managed-by: Kustomize
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: v1.5.0-rc1
app.kubernetes.io/version: v1.5.0-rc2
name: kyverno:generatecontroller
rules:
- apiGroups:
@ -7204,7 +7204,7 @@ metadata:
app.kubernetes.io/managed-by: Kustomize
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: v1.5.0-rc1
app.kubernetes.io/version: v1.5.0-rc2
name: kyverno:leaderelection
rules:
- apiGroups:
@ -7228,7 +7228,7 @@ metadata:
app.kubernetes.io/managed-by: Kustomize
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: v1.5.0-rc1
app.kubernetes.io/version: v1.5.0-rc2
name: kyverno:policycontroller
rules:
- apiGroups:
@ -7251,7 +7251,7 @@ metadata:
app.kubernetes.io/managed-by: Kustomize
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: v1.5.0-rc1
app.kubernetes.io/version: v1.5.0-rc2
name: kyverno:userinfo
rules:
- apiGroups:
@ -7277,7 +7277,7 @@ metadata:
app.kubernetes.io/managed-by: Kustomize
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: v1.5.0-rc1
app.kubernetes.io/version: v1.5.0-rc2
name: kyverno:webhook
rules:
- apiGroups:
@ -7329,7 +7329,7 @@ metadata:
app.kubernetes.io/managed-by: Kustomize
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: v1.5.0-rc1
app.kubernetes.io/version: v1.5.0-rc2
name: kyverno:customresources
roleRef:
apiGroup: rbac.authorization.k8s.io
@ -7350,7 +7350,7 @@ metadata:
app.kubernetes.io/managed-by: Kustomize
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: v1.5.0-rc1
app.kubernetes.io/version: v1.5.0-rc2
name: kyverno:generatecontroller
roleRef:
apiGroup: rbac.authorization.k8s.io
@ -7371,7 +7371,7 @@ metadata:
app.kubernetes.io/managed-by: Kustomize
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: v1.5.0-rc1
app.kubernetes.io/version: v1.5.0-rc2
name: kyverno:leaderelection
roleRef:
apiGroup: rbac.authorization.k8s.io
@ -7392,7 +7392,7 @@ metadata:
app.kubernetes.io/managed-by: Kustomize
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: v1.5.0-rc1
app.kubernetes.io/version: v1.5.0-rc2
name: kyverno:policycontroller
roleRef:
apiGroup: rbac.authorization.k8s.io
@ -7413,7 +7413,7 @@ metadata:
app.kubernetes.io/managed-by: Kustomize
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: v1.5.0-rc1
app.kubernetes.io/version: v1.5.0-rc2
name: kyverno:userinfo
roleRef:
apiGroup: rbac.authorization.k8s.io
@ -7434,7 +7434,7 @@ metadata:
app.kubernetes.io/managed-by: Kustomize
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: v1.5.0-rc1
app.kubernetes.io/version: v1.5.0-rc2
name: kyverno:webhook
roleRef:
apiGroup: rbac.authorization.k8s.io
@ -7459,7 +7459,7 @@ metadata:
app.kubernetes.io/managed-by: Kustomize
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: v1.5.0-rc1
app.kubernetes.io/version: v1.5.0-rc2
name: kyverno
namespace: kyverno
---
@ -7476,7 +7476,7 @@ metadata:
app.kubernetes.io/managed-by: Kustomize
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: v1.5.0-rc1
app.kubernetes.io/version: v1.5.0-rc2
name: kyverno-metrics
namespace: kyverno
---
@ -7490,7 +7490,7 @@ metadata:
app.kubernetes.io/managed-by: Kustomize
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: v1.5.0-rc1
app.kubernetes.io/version: v1.5.0-rc2
name: kyverno-svc
namespace: kyverno
spec:
@ -7512,7 +7512,7 @@ metadata:
app.kubernetes.io/managed-by: Kustomize
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: v1.5.0-rc1
app.kubernetes.io/version: v1.5.0-rc2
name: kyverno-svc-metrics
namespace: kyverno
spec:
@ -7534,7 +7534,7 @@ metadata:
app.kubernetes.io/managed-by: Kustomize
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: v1.5.0-rc1
app.kubernetes.io/version: v1.5.0-rc2
name: kyverno
namespace: kyverno
spec:
@ -7557,7 +7557,7 @@ spec:
app.kubernetes.io/managed-by: Kustomize
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: v1.5.0-rc1
app.kubernetes.io/version: v1.5.0-rc2
spec:
affinity:
podAntiAffinity:
@ -7586,7 +7586,7 @@ spec:
fieldPath: metadata.namespace
- name: KYVERNO_SVC
value: kyverno-svc
image: ghcr.io/kyverno/kyverno:v1.5.0-rc1
image: ghcr.io/kyverno/kyverno:v1.5.0-rc2
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 2
@ -7638,7 +7638,7 @@ spec:
valueFrom:
fieldRef:
fieldPath: metadata.namespace
image: ghcr.io/kyverno/kyvernopre:v1.5.0-rc1
image: ghcr.io/kyverno/kyvernopre:v1.5.0-rc2
imagePullPolicy: IfNotPresent
name: kyverno-pre
resources:
@ -7670,7 +7670,7 @@ metadata:
app.kubernetes.io/managed-by: Kustomize
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: v1.5.0-rc1
app.kubernetes.io/version: v1.5.0-rc2
name: kyverno
namespace: kyverno
spec:

1354
definitions/release/install.yaml
View file

File diff suppressed because it is too large Load diff

4
definitions/release/kustomization.yaml
View file

@ -9,6 +9,6 @@ transformers:
images:
- name: ghcr.io/kyverno/kyverno
newTag: v1.5.0-rc1
newTag: v1.5.0-rc2
- name: ghcr.io/kyverno/kyvernopre
newTag: v1.5.0-rc1
newTag: v1.5.0-rc2

2
definitions/release/labels.yaml
View file

@ -4,7 +4,7 @@ kind: LabelTransformer
metadata:
name: labelTransformer
labels:
app.kubernetes.io/version: v1.5.0-rc1
app.kubernetes.io/version: v1.5.0-rc2
fieldSpecs:
- path: metadata/labels
create: true