From 8a4d9941de375eeca266331bae2283ea7218d031 Mon Sep 17 00:00:00 2001 From: Khaled Emara Date: Mon, 5 Feb 2024 13:24:37 +0200 Subject: [PATCH] feat: add globalcontext loader and interface (#9602) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * feat(globalcontext): add interface Signed-off-by: Khaled Emara * fix(globalcontext): package import path Signed-off-by: Khaled Emara * design(contextloader): move globalcontext from Load to init Signed-off-by: Khaled Emara * fix(globalcontext): remove pointer Signed-off-by: Khaled Emara * design(globalcontext): create specific Store Signed-off-by: Khaled Emara * codegen Signed-off-by: Charles-Edouard Brétéché --------- Signed-off-by: Khaled Emara Signed-off-by: Charles-Edouard Brétéché Co-authored-by: Charles-Edouard Brétéché --- api/kyverno/v1/common_types.go | 3 + api/kyverno/v1/zz_generated.deepcopy.go | 5 + .../kyverno.io_cleanuppolicies.yaml | 48 ++ .../kyverno.io_clustercleanuppolicies.yaml | 48 ++ .../kyverno.io_clusterpolicies.yaml | 308 ++++++++ .../kyverno.io/kyverno.io_policies.yaml | 308 ++++++++ cmd/background-controller/main.go | 4 +- cmd/cleanup-controller/main.go | 3 +- .../data/crds/kyverno.io_clusterpolicies.yaml | 308 ++++++++ .../data/crds/kyverno.io_policies.yaml | 308 ++++++++ cmd/internal/engine.go | 4 +- cmd/kyverno/main.go | 5 +- cmd/reports-controller/main.go | 4 +- .../kyverno/kyverno.io_cleanuppolicies.yaml | 48 ++ .../kyverno.io_clustercleanuppolicies.yaml | 48 ++ .../kyverno/kyverno.io_clusterpolicies.yaml | 308 ++++++++ config/crds/kyverno/kyverno.io_policies.yaml | 308 ++++++++ config/install-latest-testing.yaml | 712 ++++++++++++++++++ docs/user/crd/index.html | 17 + docs/user/crd/kyverno.v1.html | 128 ++++ .../kyverno/v1/contextentry.go | 19 +- .../kyverno/v1/globalcontextentryreference.go | 48 ++ pkg/client/applyconfigurations/utils.go | 2 + pkg/controllers/webhook/controller.go | 35 + pkg/engine/context/loaders/globalcontext.go | 142 ++++ pkg/engine/factories/contextloaderfactory.go | 18 +- 26 files changed, 3178 insertions(+), 11 deletions(-) create mode 100644 pkg/client/applyconfigurations/kyverno/v1/globalcontextentryreference.go create mode 100644 pkg/engine/context/loaders/globalcontext.go diff --git a/api/kyverno/v1/common_types.go b/api/kyverno/v1/common_types.go index 41b409fb30..906572b59f 100644 --- a/api/kyverno/v1/common_types.go +++ b/api/kyverno/v1/common_types.go @@ -95,6 +95,9 @@ type ContextEntry struct { // Variable defines an arbitrary JMESPath context variable that can be defined inline. Variable *Variable `json:"variable,omitempty" yaml:"variable,omitempty"` + + // GlobalContextEntryReference is a reference to a cached global context entry. + GlobalReference *GlobalContextEntryReference `json:"globalReference,omitempty" yaml:"globalReference,omitempty"` } // Variable defines an arbitrary JMESPath context variable that can be defined inline. diff --git a/api/kyverno/v1/zz_generated.deepcopy.go b/api/kyverno/v1/zz_generated.deepcopy.go index b7556e4804..4dde45af8d 100755 --- a/api/kyverno/v1/zz_generated.deepcopy.go +++ b/api/kyverno/v1/zz_generated.deepcopy.go @@ -483,6 +483,11 @@ func (in *ContextEntry) DeepCopyInto(out *ContextEntry) { *out = new(Variable) (*in).DeepCopyInto(*out) } + if in.GlobalReference != nil { + in, out := &in.GlobalReference, &out.GlobalReference + *out = new(GlobalContextEntryReference) + **out = **in + } return } diff --git a/charts/kyverno/charts/crds/templates/kyverno.io/kyverno.io_cleanuppolicies.yaml b/charts/kyverno/charts/crds/templates/kyverno.io/kyverno.io_cleanuppolicies.yaml index 16560318a4..1c770d8c25 100644 --- a/charts/kyverno/charts/crds/templates/kyverno.io/kyverno.io_cleanuppolicies.yaml +++ b/charts/kyverno/charts/crds/templates/kyverno.io/kyverno.io_cleanuppolicies.yaml @@ -221,6 +221,22 @@ spec: required: - name type: object + globalReference: + description: GlobalContextEntryReference is a reference to a + cached global context entry. + properties: + jmesPath: + description: JMESPath is an optional JSON Match Expression + that can be used to transform the JSON response returned + from the server. For example a JMESPath of "items | length(@)" + applied to the API server response for the URLPath "/apis/apps/v1/deployments" + will return the total count of deployments across all + namespaces. + type: string + name: + description: Name of the global context entry + type: string + type: object imageRegistry: description: ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image details. @@ -1462,6 +1478,22 @@ spec: required: - name type: object + globalReference: + description: GlobalContextEntryReference is a reference to a + cached global context entry. + properties: + jmesPath: + description: JMESPath is an optional JSON Match Expression + that can be used to transform the JSON response returned + from the server. For example a JMESPath of "items | length(@)" + applied to the API server response for the URLPath "/apis/apps/v1/deployments" + will return the total count of deployments across all + namespaces. + type: string + name: + description: Name of the global context entry + type: string + type: object imageRegistry: description: ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image details. @@ -2703,6 +2735,22 @@ spec: required: - name type: object + globalReference: + description: GlobalContextEntryReference is a reference to a + cached global context entry. + properties: + jmesPath: + description: JMESPath is an optional JSON Match Expression + that can be used to transform the JSON response returned + from the server. For example a JMESPath of "items | length(@)" + applied to the API server response for the URLPath "/apis/apps/v1/deployments" + will return the total count of deployments across all + namespaces. + type: string + name: + description: Name of the global context entry + type: string + type: object imageRegistry: description: ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image details. diff --git a/charts/kyverno/charts/crds/templates/kyverno.io/kyverno.io_clustercleanuppolicies.yaml b/charts/kyverno/charts/crds/templates/kyverno.io/kyverno.io_clustercleanuppolicies.yaml index 404652a486..0e1b3499e7 100644 --- a/charts/kyverno/charts/crds/templates/kyverno.io/kyverno.io_clustercleanuppolicies.yaml +++ b/charts/kyverno/charts/crds/templates/kyverno.io/kyverno.io_clustercleanuppolicies.yaml @@ -221,6 +221,22 @@ spec: required: - name type: object + globalReference: + description: GlobalContextEntryReference is a reference to a + cached global context entry. + properties: + jmesPath: + description: JMESPath is an optional JSON Match Expression + that can be used to transform the JSON response returned + from the server. For example a JMESPath of "items | length(@)" + applied to the API server response for the URLPath "/apis/apps/v1/deployments" + will return the total count of deployments across all + namespaces. + type: string + name: + description: Name of the global context entry + type: string + type: object imageRegistry: description: ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image details. @@ -1462,6 +1478,22 @@ spec: required: - name type: object + globalReference: + description: GlobalContextEntryReference is a reference to a + cached global context entry. + properties: + jmesPath: + description: JMESPath is an optional JSON Match Expression + that can be used to transform the JSON response returned + from the server. For example a JMESPath of "items | length(@)" + applied to the API server response for the URLPath "/apis/apps/v1/deployments" + will return the total count of deployments across all + namespaces. + type: string + name: + description: Name of the global context entry + type: string + type: object imageRegistry: description: ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image details. @@ -2703,6 +2735,22 @@ spec: required: - name type: object + globalReference: + description: GlobalContextEntryReference is a reference to a + cached global context entry. + properties: + jmesPath: + description: JMESPath is an optional JSON Match Expression + that can be used to transform the JSON response returned + from the server. For example a JMESPath of "items | length(@)" + applied to the API server response for the URLPath "/apis/apps/v1/deployments" + will return the total count of deployments across all + namespaces. + type: string + name: + description: Name of the global context entry + type: string + type: object imageRegistry: description: ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image details. diff --git a/charts/kyverno/charts/crds/templates/kyverno.io/kyverno.io_clusterpolicies.yaml b/charts/kyverno/charts/crds/templates/kyverno.io/kyverno.io_clusterpolicies.yaml index e2d25caff5..46bb9fab0f 100644 --- a/charts/kyverno/charts/crds/templates/kyverno.io/kyverno.io_clusterpolicies.yaml +++ b/charts/kyverno/charts/crds/templates/kyverno.io/kyverno.io_clusterpolicies.yaml @@ -267,6 +267,23 @@ spec: required: - name type: object + globalReference: + description: GlobalContextEntryReference is a reference + to a cached global context entry. + properties: + jmesPath: + description: JMESPath is an optional JSON Match Expression + that can be used to transform the JSON response + returned from the server. For example a JMESPath + of "items | length(@)" applied to the API server + response for the URLPath "/apis/apps/v1/deployments" + will return the total count of deployments across + all namespaces. + type: string + name: + description: Name of the global context entry + type: string + type: object imageRegistry: description: ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image details. @@ -1975,6 +1992,25 @@ spec: required: - name type: object + globalReference: + description: GlobalContextEntryReference is + a reference to a cached global context entry. + properties: + jmesPath: + description: JMESPath is an optional JSON + Match Expression that can be used to transform + the JSON response returned from the server. + For example a JMESPath of "items | length(@)" + applied to the API server response for + the URLPath "/apis/apps/v1/deployments" + will return the total count of deployments + across all namespaces. + type: string + name: + description: Name of the global context + entry + type: string + type: object imageRegistry: description: ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image @@ -2308,6 +2344,25 @@ spec: required: - name type: object + globalReference: + description: GlobalContextEntryReference is + a reference to a cached global context entry. + properties: + jmesPath: + description: JMESPath is an optional JSON + Match Expression that can be used to transform + the JSON response returned from the server. + For example a JMESPath of "items | length(@)" + applied to the API server response for + the URLPath "/apis/apps/v1/deployments" + will return the total count of deployments + across all namespaces. + type: string + name: + description: Name of the global context + entry + type: string + type: object imageRegistry: description: ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image @@ -2873,6 +2928,25 @@ spec: required: - name type: object + globalReference: + description: GlobalContextEntryReference is + a reference to a cached global context entry. + properties: + jmesPath: + description: JMESPath is an optional JSON + Match Expression that can be used to transform + the JSON response returned from the server. + For example a JMESPath of "items | length(@)" + applied to the API server response for + the URLPath "/apis/apps/v1/deployments" + will return the total count of deployments + across all namespaces. + type: string + name: + description: Name of the global context + entry + type: string + type: object imageRegistry: description: ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image @@ -4686,6 +4760,23 @@ spec: required: - name type: object + globalReference: + description: GlobalContextEntryReference is a reference + to a cached global context entry. + properties: + jmesPath: + description: JMESPath is an optional JSON Match + Expression that can be used to transform the + JSON response returned from the server. For + example a JMESPath of "items | length(@)" applied + to the API server response for the URLPath "/apis/apps/v1/deployments" + will return the total count of deployments across + all namespaces. + type: string + name: + description: Name of the global context entry + type: string + type: object imageRegistry: description: ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image details. @@ -6472,6 +6563,27 @@ spec: required: - name type: object + globalReference: + description: GlobalContextEntryReference + is a reference to a cached global context + entry. + properties: + jmesPath: + description: JMESPath is an optional + JSON Match Expression that can be + used to transform the JSON response + returned from the server. For example + a JMESPath of "items | length(@)" + applied to the API server response + for the URLPath "/apis/apps/v1/deployments" + will return the total count of deployments + across all namespaces. + type: string + name: + description: Name of the global context + entry + type: string + type: object imageRegistry: description: ImageRegistry defines requests to an OCI/Docker V2 registry to fetch @@ -6820,6 +6932,27 @@ spec: required: - name type: object + globalReference: + description: GlobalContextEntryReference + is a reference to a cached global context + entry. + properties: + jmesPath: + description: JMESPath is an optional + JSON Match Expression that can be + used to transform the JSON response + returned from the server. For example + a JMESPath of "items | length(@)" + applied to the API server response + for the URLPath "/apis/apps/v1/deployments" + will return the total count of deployments + across all namespaces. + type: string + name: + description: Name of the global context + entry + type: string + type: object imageRegistry: description: ImageRegistry defines requests to an OCI/Docker V2 registry to fetch @@ -7415,6 +7548,27 @@ spec: required: - name type: object + globalReference: + description: GlobalContextEntryReference + is a reference to a cached global context + entry. + properties: + jmesPath: + description: JMESPath is an optional + JSON Match Expression that can be + used to transform the JSON response + returned from the server. For example + a JMESPath of "items | length(@)" + applied to the API server response + for the URLPath "/apis/apps/v1/deployments" + will return the total count of deployments + across all namespaces. + type: string + name: + description: Name of the global context + entry + type: string + type: object imageRegistry: description: ImageRegistry defines requests to an OCI/Docker V2 registry to fetch @@ -9378,6 +9532,23 @@ spec: required: - name type: object + globalReference: + description: GlobalContextEntryReference is a reference + to a cached global context entry. + properties: + jmesPath: + description: JMESPath is an optional JSON Match Expression + that can be used to transform the JSON response + returned from the server. For example a JMESPath + of "items | length(@)" applied to the API server + response for the URLPath "/apis/apps/v1/deployments" + will return the total count of deployments across + all namespaces. + type: string + name: + description: Name of the global context entry + type: string + type: object imageRegistry: description: ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image details. @@ -10660,6 +10831,25 @@ spec: required: - name type: object + globalReference: + description: GlobalContextEntryReference is + a reference to a cached global context entry. + properties: + jmesPath: + description: JMESPath is an optional JSON + Match Expression that can be used to transform + the JSON response returned from the server. + For example a JMESPath of "items | length(@)" + applied to the API server response for + the URLPath "/apis/apps/v1/deployments" + will return the total count of deployments + across all namespaces. + type: string + name: + description: Name of the global context + entry + type: string + type: object imageRegistry: description: ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image @@ -10993,6 +11183,25 @@ spec: required: - name type: object + globalReference: + description: GlobalContextEntryReference is + a reference to a cached global context entry. + properties: + jmesPath: + description: JMESPath is an optional JSON + Match Expression that can be used to transform + the JSON response returned from the server. + For example a JMESPath of "items | length(@)" + applied to the API server response for + the URLPath "/apis/apps/v1/deployments" + will return the total count of deployments + across all namespaces. + type: string + name: + description: Name of the global context + entry + type: string + type: object imageRegistry: description: ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image @@ -11737,6 +11946,25 @@ spec: required: - name type: object + globalReference: + description: GlobalContextEntryReference is + a reference to a cached global context entry. + properties: + jmesPath: + description: JMESPath is an optional JSON + Match Expression that can be used to transform + the JSON response returned from the server. + For example a JMESPath of "items | length(@)" + applied to the API server response for + the URLPath "/apis/apps/v1/deployments" + will return the total count of deployments + across all namespaces. + type: string + name: + description: Name of the global context + entry + type: string + type: object imageRegistry: description: ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image @@ -13524,6 +13752,23 @@ spec: required: - name type: object + globalReference: + description: GlobalContextEntryReference is a reference + to a cached global context entry. + properties: + jmesPath: + description: JMESPath is an optional JSON Match + Expression that can be used to transform the + JSON response returned from the server. For + example a JMESPath of "items | length(@)" applied + to the API server response for the URLPath "/apis/apps/v1/deployments" + will return the total count of deployments across + all namespaces. + type: string + name: + description: Name of the global context entry + type: string + type: object imageRegistry: description: ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image details. @@ -15310,6 +15555,27 @@ spec: required: - name type: object + globalReference: + description: GlobalContextEntryReference + is a reference to a cached global context + entry. + properties: + jmesPath: + description: JMESPath is an optional + JSON Match Expression that can be + used to transform the JSON response + returned from the server. For example + a JMESPath of "items | length(@)" + applied to the API server response + for the URLPath "/apis/apps/v1/deployments" + will return the total count of deployments + across all namespaces. + type: string + name: + description: Name of the global context + entry + type: string + type: object imageRegistry: description: ImageRegistry defines requests to an OCI/Docker V2 registry to fetch @@ -15658,6 +15924,27 @@ spec: required: - name type: object + globalReference: + description: GlobalContextEntryReference + is a reference to a cached global context + entry. + properties: + jmesPath: + description: JMESPath is an optional + JSON Match Expression that can be + used to transform the JSON response + returned from the server. For example + a JMESPath of "items | length(@)" + applied to the API server response + for the URLPath "/apis/apps/v1/deployments" + will return the total count of deployments + across all namespaces. + type: string + name: + description: Name of the global context + entry + type: string + type: object imageRegistry: description: ImageRegistry defines requests to an OCI/Docker V2 registry to fetch @@ -16253,6 +16540,27 @@ spec: required: - name type: object + globalReference: + description: GlobalContextEntryReference + is a reference to a cached global context + entry. + properties: + jmesPath: + description: JMESPath is an optional + JSON Match Expression that can be + used to transform the JSON response + returned from the server. For example + a JMESPath of "items | length(@)" + applied to the API server response + for the URLPath "/apis/apps/v1/deployments" + will return the total count of deployments + across all namespaces. + type: string + name: + description: Name of the global context + entry + type: string + type: object imageRegistry: description: ImageRegistry defines requests to an OCI/Docker V2 registry to fetch diff --git a/charts/kyverno/charts/crds/templates/kyverno.io/kyverno.io_policies.yaml b/charts/kyverno/charts/crds/templates/kyverno.io/kyverno.io_policies.yaml index 71026e00ca..54b590b29c 100644 --- a/charts/kyverno/charts/crds/templates/kyverno.io/kyverno.io_policies.yaml +++ b/charts/kyverno/charts/crds/templates/kyverno.io/kyverno.io_policies.yaml @@ -268,6 +268,23 @@ spec: required: - name type: object + globalReference: + description: GlobalContextEntryReference is a reference + to a cached global context entry. + properties: + jmesPath: + description: JMESPath is an optional JSON Match Expression + that can be used to transform the JSON response + returned from the server. For example a JMESPath + of "items | length(@)" applied to the API server + response for the URLPath "/apis/apps/v1/deployments" + will return the total count of deployments across + all namespaces. + type: string + name: + description: Name of the global context entry + type: string + type: object imageRegistry: description: ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image details. @@ -1976,6 +1993,25 @@ spec: required: - name type: object + globalReference: + description: GlobalContextEntryReference is + a reference to a cached global context entry. + properties: + jmesPath: + description: JMESPath is an optional JSON + Match Expression that can be used to transform + the JSON response returned from the server. + For example a JMESPath of "items | length(@)" + applied to the API server response for + the URLPath "/apis/apps/v1/deployments" + will return the total count of deployments + across all namespaces. + type: string + name: + description: Name of the global context + entry + type: string + type: object imageRegistry: description: ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image @@ -2309,6 +2345,25 @@ spec: required: - name type: object + globalReference: + description: GlobalContextEntryReference is + a reference to a cached global context entry. + properties: + jmesPath: + description: JMESPath is an optional JSON + Match Expression that can be used to transform + the JSON response returned from the server. + For example a JMESPath of "items | length(@)" + applied to the API server response for + the URLPath "/apis/apps/v1/deployments" + will return the total count of deployments + across all namespaces. + type: string + name: + description: Name of the global context + entry + type: string + type: object imageRegistry: description: ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image @@ -2874,6 +2929,25 @@ spec: required: - name type: object + globalReference: + description: GlobalContextEntryReference is + a reference to a cached global context entry. + properties: + jmesPath: + description: JMESPath is an optional JSON + Match Expression that can be used to transform + the JSON response returned from the server. + For example a JMESPath of "items | length(@)" + applied to the API server response for + the URLPath "/apis/apps/v1/deployments" + will return the total count of deployments + across all namespaces. + type: string + name: + description: Name of the global context + entry + type: string + type: object imageRegistry: description: ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image @@ -4688,6 +4762,23 @@ spec: required: - name type: object + globalReference: + description: GlobalContextEntryReference is a reference + to a cached global context entry. + properties: + jmesPath: + description: JMESPath is an optional JSON Match + Expression that can be used to transform the + JSON response returned from the server. For + example a JMESPath of "items | length(@)" applied + to the API server response for the URLPath "/apis/apps/v1/deployments" + will return the total count of deployments across + all namespaces. + type: string + name: + description: Name of the global context entry + type: string + type: object imageRegistry: description: ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image details. @@ -6474,6 +6565,27 @@ spec: required: - name type: object + globalReference: + description: GlobalContextEntryReference + is a reference to a cached global context + entry. + properties: + jmesPath: + description: JMESPath is an optional + JSON Match Expression that can be + used to transform the JSON response + returned from the server. For example + a JMESPath of "items | length(@)" + applied to the API server response + for the URLPath "/apis/apps/v1/deployments" + will return the total count of deployments + across all namespaces. + type: string + name: + description: Name of the global context + entry + type: string + type: object imageRegistry: description: ImageRegistry defines requests to an OCI/Docker V2 registry to fetch @@ -6822,6 +6934,27 @@ spec: required: - name type: object + globalReference: + description: GlobalContextEntryReference + is a reference to a cached global context + entry. + properties: + jmesPath: + description: JMESPath is an optional + JSON Match Expression that can be + used to transform the JSON response + returned from the server. For example + a JMESPath of "items | length(@)" + applied to the API server response + for the URLPath "/apis/apps/v1/deployments" + will return the total count of deployments + across all namespaces. + type: string + name: + description: Name of the global context + entry + type: string + type: object imageRegistry: description: ImageRegistry defines requests to an OCI/Docker V2 registry to fetch @@ -7417,6 +7550,27 @@ spec: required: - name type: object + globalReference: + description: GlobalContextEntryReference + is a reference to a cached global context + entry. + properties: + jmesPath: + description: JMESPath is an optional + JSON Match Expression that can be + used to transform the JSON response + returned from the server. For example + a JMESPath of "items | length(@)" + applied to the API server response + for the URLPath "/apis/apps/v1/deployments" + will return the total count of deployments + across all namespaces. + type: string + name: + description: Name of the global context + entry + type: string + type: object imageRegistry: description: ImageRegistry defines requests to an OCI/Docker V2 registry to fetch @@ -9381,6 +9535,23 @@ spec: required: - name type: object + globalReference: + description: GlobalContextEntryReference is a reference + to a cached global context entry. + properties: + jmesPath: + description: JMESPath is an optional JSON Match Expression + that can be used to transform the JSON response + returned from the server. For example a JMESPath + of "items | length(@)" applied to the API server + response for the URLPath "/apis/apps/v1/deployments" + will return the total count of deployments across + all namespaces. + type: string + name: + description: Name of the global context entry + type: string + type: object imageRegistry: description: ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image details. @@ -10663,6 +10834,25 @@ spec: required: - name type: object + globalReference: + description: GlobalContextEntryReference is + a reference to a cached global context entry. + properties: + jmesPath: + description: JMESPath is an optional JSON + Match Expression that can be used to transform + the JSON response returned from the server. + For example a JMESPath of "items | length(@)" + applied to the API server response for + the URLPath "/apis/apps/v1/deployments" + will return the total count of deployments + across all namespaces. + type: string + name: + description: Name of the global context + entry + type: string + type: object imageRegistry: description: ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image @@ -10996,6 +11186,25 @@ spec: required: - name type: object + globalReference: + description: GlobalContextEntryReference is + a reference to a cached global context entry. + properties: + jmesPath: + description: JMESPath is an optional JSON + Match Expression that can be used to transform + the JSON response returned from the server. + For example a JMESPath of "items | length(@)" + applied to the API server response for + the URLPath "/apis/apps/v1/deployments" + will return the total count of deployments + across all namespaces. + type: string + name: + description: Name of the global context + entry + type: string + type: object imageRegistry: description: ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image @@ -11740,6 +11949,25 @@ spec: required: - name type: object + globalReference: + description: GlobalContextEntryReference is + a reference to a cached global context entry. + properties: + jmesPath: + description: JMESPath is an optional JSON + Match Expression that can be used to transform + the JSON response returned from the server. + For example a JMESPath of "items | length(@)" + applied to the API server response for + the URLPath "/apis/apps/v1/deployments" + will return the total count of deployments + across all namespaces. + type: string + name: + description: Name of the global context + entry + type: string + type: object imageRegistry: description: ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image @@ -13527,6 +13755,23 @@ spec: required: - name type: object + globalReference: + description: GlobalContextEntryReference is a reference + to a cached global context entry. + properties: + jmesPath: + description: JMESPath is an optional JSON Match + Expression that can be used to transform the + JSON response returned from the server. For + example a JMESPath of "items | length(@)" applied + to the API server response for the URLPath "/apis/apps/v1/deployments" + will return the total count of deployments across + all namespaces. + type: string + name: + description: Name of the global context entry + type: string + type: object imageRegistry: description: ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image details. @@ -15313,6 +15558,27 @@ spec: required: - name type: object + globalReference: + description: GlobalContextEntryReference + is a reference to a cached global context + entry. + properties: + jmesPath: + description: JMESPath is an optional + JSON Match Expression that can be + used to transform the JSON response + returned from the server. For example + a JMESPath of "items | length(@)" + applied to the API server response + for the URLPath "/apis/apps/v1/deployments" + will return the total count of deployments + across all namespaces. + type: string + name: + description: Name of the global context + entry + type: string + type: object imageRegistry: description: ImageRegistry defines requests to an OCI/Docker V2 registry to fetch @@ -15661,6 +15927,27 @@ spec: required: - name type: object + globalReference: + description: GlobalContextEntryReference + is a reference to a cached global context + entry. + properties: + jmesPath: + description: JMESPath is an optional + JSON Match Expression that can be + used to transform the JSON response + returned from the server. For example + a JMESPath of "items | length(@)" + applied to the API server response + for the URLPath "/apis/apps/v1/deployments" + will return the total count of deployments + across all namespaces. + type: string + name: + description: Name of the global context + entry + type: string + type: object imageRegistry: description: ImageRegistry defines requests to an OCI/Docker V2 registry to fetch @@ -16256,6 +16543,27 @@ spec: required: - name type: object + globalReference: + description: GlobalContextEntryReference + is a reference to a cached global context + entry. + properties: + jmesPath: + description: JMESPath is an optional + JSON Match Expression that can be + used to transform the JSON response + returned from the server. For example + a JMESPath of "items | length(@)" + applied to the API server response + for the URLPath "/apis/apps/v1/deployments" + will return the total count of deployments + across all namespaces. + type: string + name: + description: Name of the global context + entry + type: string + type: object imageRegistry: description: ImageRegistry defines requests to an OCI/Docker V2 registry to fetch diff --git a/cmd/background-controller/main.go b/cmd/background-controller/main.go index 7a7819550a..7c4387c5f1 100644 --- a/cmd/background-controller/main.go +++ b/cmd/background-controller/main.go @@ -155,12 +155,13 @@ func main() { eventGenerator, event.Workers, ) + gcstore := store.New() gceController := internal.NewController( globalcontextcontroller.ControllerName, globalcontextcontroller.NewController( kyvernoInformer.Kyverno().V2alpha1().GlobalContextEntries(), setup.KyvernoDynamicClient, - store.New(), + gcstore, maxAPICallResponseLength, ), globalcontextcontroller.Workers, @@ -184,6 +185,7 @@ func main() { setup.KyvernoClient, setup.RegistrySecretLister, apicall.NewAPICallConfiguration(maxAPICallResponseLength), + gcstore, ) // start informers and wait for cache sync if !internal.StartInformersAndWaitForCacheSync(signalCtx, setup.Logger, kyvernoInformer) { diff --git a/cmd/cleanup-controller/main.go b/cmd/cleanup-controller/main.go index 3649ead3b6..507995bde7 100644 --- a/cmd/cleanup-controller/main.go +++ b/cmd/cleanup-controller/main.go @@ -161,12 +161,13 @@ func main() { eventGenerator, event.Workers, ) + gcstore := store.New() gceController := internal.NewController( globalcontextcontroller.ControllerName, globalcontextcontroller.NewController( kyvernoInformer.Kyverno().V2alpha1().GlobalContextEntries(), setup.KyvernoDynamicClient, - store.New(), + gcstore, maxAPICallResponseLength, ), globalcontextcontroller.Workers, diff --git a/cmd/cli/kubectl-kyverno/data/crds/kyverno.io_clusterpolicies.yaml b/cmd/cli/kubectl-kyverno/data/crds/kyverno.io_clusterpolicies.yaml index 8211d5224a..b56aad1554 100644 --- a/cmd/cli/kubectl-kyverno/data/crds/kyverno.io_clusterpolicies.yaml +++ b/cmd/cli/kubectl-kyverno/data/crds/kyverno.io_clusterpolicies.yaml @@ -261,6 +261,23 @@ spec: required: - name type: object + globalReference: + description: GlobalContextEntryReference is a reference + to a cached global context entry. + properties: + jmesPath: + description: JMESPath is an optional JSON Match Expression + that can be used to transform the JSON response + returned from the server. For example a JMESPath + of "items | length(@)" applied to the API server + response for the URLPath "/apis/apps/v1/deployments" + will return the total count of deployments across + all namespaces. + type: string + name: + description: Name of the global context entry + type: string + type: object imageRegistry: description: ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image details. @@ -1969,6 +1986,25 @@ spec: required: - name type: object + globalReference: + description: GlobalContextEntryReference is + a reference to a cached global context entry. + properties: + jmesPath: + description: JMESPath is an optional JSON + Match Expression that can be used to transform + the JSON response returned from the server. + For example a JMESPath of "items | length(@)" + applied to the API server response for + the URLPath "/apis/apps/v1/deployments" + will return the total count of deployments + across all namespaces. + type: string + name: + description: Name of the global context + entry + type: string + type: object imageRegistry: description: ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image @@ -2302,6 +2338,25 @@ spec: required: - name type: object + globalReference: + description: GlobalContextEntryReference is + a reference to a cached global context entry. + properties: + jmesPath: + description: JMESPath is an optional JSON + Match Expression that can be used to transform + the JSON response returned from the server. + For example a JMESPath of "items | length(@)" + applied to the API server response for + the URLPath "/apis/apps/v1/deployments" + will return the total count of deployments + across all namespaces. + type: string + name: + description: Name of the global context + entry + type: string + type: object imageRegistry: description: ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image @@ -2867,6 +2922,25 @@ spec: required: - name type: object + globalReference: + description: GlobalContextEntryReference is + a reference to a cached global context entry. + properties: + jmesPath: + description: JMESPath is an optional JSON + Match Expression that can be used to transform + the JSON response returned from the server. + For example a JMESPath of "items | length(@)" + applied to the API server response for + the URLPath "/apis/apps/v1/deployments" + will return the total count of deployments + across all namespaces. + type: string + name: + description: Name of the global context + entry + type: string + type: object imageRegistry: description: ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image @@ -4680,6 +4754,23 @@ spec: required: - name type: object + globalReference: + description: GlobalContextEntryReference is a reference + to a cached global context entry. + properties: + jmesPath: + description: JMESPath is an optional JSON Match + Expression that can be used to transform the + JSON response returned from the server. For + example a JMESPath of "items | length(@)" applied + to the API server response for the URLPath "/apis/apps/v1/deployments" + will return the total count of deployments across + all namespaces. + type: string + name: + description: Name of the global context entry + type: string + type: object imageRegistry: description: ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image details. @@ -6466,6 +6557,27 @@ spec: required: - name type: object + globalReference: + description: GlobalContextEntryReference + is a reference to a cached global context + entry. + properties: + jmesPath: + description: JMESPath is an optional + JSON Match Expression that can be + used to transform the JSON response + returned from the server. For example + a JMESPath of "items | length(@)" + applied to the API server response + for the URLPath "/apis/apps/v1/deployments" + will return the total count of deployments + across all namespaces. + type: string + name: + description: Name of the global context + entry + type: string + type: object imageRegistry: description: ImageRegistry defines requests to an OCI/Docker V2 registry to fetch @@ -6814,6 +6926,27 @@ spec: required: - name type: object + globalReference: + description: GlobalContextEntryReference + is a reference to a cached global context + entry. + properties: + jmesPath: + description: JMESPath is an optional + JSON Match Expression that can be + used to transform the JSON response + returned from the server. For example + a JMESPath of "items | length(@)" + applied to the API server response + for the URLPath "/apis/apps/v1/deployments" + will return the total count of deployments + across all namespaces. + type: string + name: + description: Name of the global context + entry + type: string + type: object imageRegistry: description: ImageRegistry defines requests to an OCI/Docker V2 registry to fetch @@ -7409,6 +7542,27 @@ spec: required: - name type: object + globalReference: + description: GlobalContextEntryReference + is a reference to a cached global context + entry. + properties: + jmesPath: + description: JMESPath is an optional + JSON Match Expression that can be + used to transform the JSON response + returned from the server. For example + a JMESPath of "items | length(@)" + applied to the API server response + for the URLPath "/apis/apps/v1/deployments" + will return the total count of deployments + across all namespaces. + type: string + name: + description: Name of the global context + entry + type: string + type: object imageRegistry: description: ImageRegistry defines requests to an OCI/Docker V2 registry to fetch @@ -9372,6 +9526,23 @@ spec: required: - name type: object + globalReference: + description: GlobalContextEntryReference is a reference + to a cached global context entry. + properties: + jmesPath: + description: JMESPath is an optional JSON Match Expression + that can be used to transform the JSON response + returned from the server. For example a JMESPath + of "items | length(@)" applied to the API server + response for the URLPath "/apis/apps/v1/deployments" + will return the total count of deployments across + all namespaces. + type: string + name: + description: Name of the global context entry + type: string + type: object imageRegistry: description: ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image details. @@ -10654,6 +10825,25 @@ spec: required: - name type: object + globalReference: + description: GlobalContextEntryReference is + a reference to a cached global context entry. + properties: + jmesPath: + description: JMESPath is an optional JSON + Match Expression that can be used to transform + the JSON response returned from the server. + For example a JMESPath of "items | length(@)" + applied to the API server response for + the URLPath "/apis/apps/v1/deployments" + will return the total count of deployments + across all namespaces. + type: string + name: + description: Name of the global context + entry + type: string + type: object imageRegistry: description: ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image @@ -10987,6 +11177,25 @@ spec: required: - name type: object + globalReference: + description: GlobalContextEntryReference is + a reference to a cached global context entry. + properties: + jmesPath: + description: JMESPath is an optional JSON + Match Expression that can be used to transform + the JSON response returned from the server. + For example a JMESPath of "items | length(@)" + applied to the API server response for + the URLPath "/apis/apps/v1/deployments" + will return the total count of deployments + across all namespaces. + type: string + name: + description: Name of the global context + entry + type: string + type: object imageRegistry: description: ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image @@ -11731,6 +11940,25 @@ spec: required: - name type: object + globalReference: + description: GlobalContextEntryReference is + a reference to a cached global context entry. + properties: + jmesPath: + description: JMESPath is an optional JSON + Match Expression that can be used to transform + the JSON response returned from the server. + For example a JMESPath of "items | length(@)" + applied to the API server response for + the URLPath "/apis/apps/v1/deployments" + will return the total count of deployments + across all namespaces. + type: string + name: + description: Name of the global context + entry + type: string + type: object imageRegistry: description: ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image @@ -13518,6 +13746,23 @@ spec: required: - name type: object + globalReference: + description: GlobalContextEntryReference is a reference + to a cached global context entry. + properties: + jmesPath: + description: JMESPath is an optional JSON Match + Expression that can be used to transform the + JSON response returned from the server. For + example a JMESPath of "items | length(@)" applied + to the API server response for the URLPath "/apis/apps/v1/deployments" + will return the total count of deployments across + all namespaces. + type: string + name: + description: Name of the global context entry + type: string + type: object imageRegistry: description: ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image details. @@ -15304,6 +15549,27 @@ spec: required: - name type: object + globalReference: + description: GlobalContextEntryReference + is a reference to a cached global context + entry. + properties: + jmesPath: + description: JMESPath is an optional + JSON Match Expression that can be + used to transform the JSON response + returned from the server. For example + a JMESPath of "items | length(@)" + applied to the API server response + for the URLPath "/apis/apps/v1/deployments" + will return the total count of deployments + across all namespaces. + type: string + name: + description: Name of the global context + entry + type: string + type: object imageRegistry: description: ImageRegistry defines requests to an OCI/Docker V2 registry to fetch @@ -15652,6 +15918,27 @@ spec: required: - name type: object + globalReference: + description: GlobalContextEntryReference + is a reference to a cached global context + entry. + properties: + jmesPath: + description: JMESPath is an optional + JSON Match Expression that can be + used to transform the JSON response + returned from the server. For example + a JMESPath of "items | length(@)" + applied to the API server response + for the URLPath "/apis/apps/v1/deployments" + will return the total count of deployments + across all namespaces. + type: string + name: + description: Name of the global context + entry + type: string + type: object imageRegistry: description: ImageRegistry defines requests to an OCI/Docker V2 registry to fetch @@ -16247,6 +16534,27 @@ spec: required: - name type: object + globalReference: + description: GlobalContextEntryReference + is a reference to a cached global context + entry. + properties: + jmesPath: + description: JMESPath is an optional + JSON Match Expression that can be + used to transform the JSON response + returned from the server. For example + a JMESPath of "items | length(@)" + applied to the API server response + for the URLPath "/apis/apps/v1/deployments" + will return the total count of deployments + across all namespaces. + type: string + name: + description: Name of the global context + entry + type: string + type: object imageRegistry: description: ImageRegistry defines requests to an OCI/Docker V2 registry to fetch diff --git a/cmd/cli/kubectl-kyverno/data/crds/kyverno.io_policies.yaml b/cmd/cli/kubectl-kyverno/data/crds/kyverno.io_policies.yaml index 10bc7926d4..ad1025d101 100644 --- a/cmd/cli/kubectl-kyverno/data/crds/kyverno.io_policies.yaml +++ b/cmd/cli/kubectl-kyverno/data/crds/kyverno.io_policies.yaml @@ -262,6 +262,23 @@ spec: required: - name type: object + globalReference: + description: GlobalContextEntryReference is a reference + to a cached global context entry. + properties: + jmesPath: + description: JMESPath is an optional JSON Match Expression + that can be used to transform the JSON response + returned from the server. For example a JMESPath + of "items | length(@)" applied to the API server + response for the URLPath "/apis/apps/v1/deployments" + will return the total count of deployments across + all namespaces. + type: string + name: + description: Name of the global context entry + type: string + type: object imageRegistry: description: ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image details. @@ -1970,6 +1987,25 @@ spec: required: - name type: object + globalReference: + description: GlobalContextEntryReference is + a reference to a cached global context entry. + properties: + jmesPath: + description: JMESPath is an optional JSON + Match Expression that can be used to transform + the JSON response returned from the server. + For example a JMESPath of "items | length(@)" + applied to the API server response for + the URLPath "/apis/apps/v1/deployments" + will return the total count of deployments + across all namespaces. + type: string + name: + description: Name of the global context + entry + type: string + type: object imageRegistry: description: ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image @@ -2303,6 +2339,25 @@ spec: required: - name type: object + globalReference: + description: GlobalContextEntryReference is + a reference to a cached global context entry. + properties: + jmesPath: + description: JMESPath is an optional JSON + Match Expression that can be used to transform + the JSON response returned from the server. + For example a JMESPath of "items | length(@)" + applied to the API server response for + the URLPath "/apis/apps/v1/deployments" + will return the total count of deployments + across all namespaces. + type: string + name: + description: Name of the global context + entry + type: string + type: object imageRegistry: description: ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image @@ -2868,6 +2923,25 @@ spec: required: - name type: object + globalReference: + description: GlobalContextEntryReference is + a reference to a cached global context entry. + properties: + jmesPath: + description: JMESPath is an optional JSON + Match Expression that can be used to transform + the JSON response returned from the server. + For example a JMESPath of "items | length(@)" + applied to the API server response for + the URLPath "/apis/apps/v1/deployments" + will return the total count of deployments + across all namespaces. + type: string + name: + description: Name of the global context + entry + type: string + type: object imageRegistry: description: ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image @@ -4682,6 +4756,23 @@ spec: required: - name type: object + globalReference: + description: GlobalContextEntryReference is a reference + to a cached global context entry. + properties: + jmesPath: + description: JMESPath is an optional JSON Match + Expression that can be used to transform the + JSON response returned from the server. For + example a JMESPath of "items | length(@)" applied + to the API server response for the URLPath "/apis/apps/v1/deployments" + will return the total count of deployments across + all namespaces. + type: string + name: + description: Name of the global context entry + type: string + type: object imageRegistry: description: ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image details. @@ -6468,6 +6559,27 @@ spec: required: - name type: object + globalReference: + description: GlobalContextEntryReference + is a reference to a cached global context + entry. + properties: + jmesPath: + description: JMESPath is an optional + JSON Match Expression that can be + used to transform the JSON response + returned from the server. For example + a JMESPath of "items | length(@)" + applied to the API server response + for the URLPath "/apis/apps/v1/deployments" + will return the total count of deployments + across all namespaces. + type: string + name: + description: Name of the global context + entry + type: string + type: object imageRegistry: description: ImageRegistry defines requests to an OCI/Docker V2 registry to fetch @@ -6816,6 +6928,27 @@ spec: required: - name type: object + globalReference: + description: GlobalContextEntryReference + is a reference to a cached global context + entry. + properties: + jmesPath: + description: JMESPath is an optional + JSON Match Expression that can be + used to transform the JSON response + returned from the server. For example + a JMESPath of "items | length(@)" + applied to the API server response + for the URLPath "/apis/apps/v1/deployments" + will return the total count of deployments + across all namespaces. + type: string + name: + description: Name of the global context + entry + type: string + type: object imageRegistry: description: ImageRegistry defines requests to an OCI/Docker V2 registry to fetch @@ -7411,6 +7544,27 @@ spec: required: - name type: object + globalReference: + description: GlobalContextEntryReference + is a reference to a cached global context + entry. + properties: + jmesPath: + description: JMESPath is an optional + JSON Match Expression that can be + used to transform the JSON response + returned from the server. For example + a JMESPath of "items | length(@)" + applied to the API server response + for the URLPath "/apis/apps/v1/deployments" + will return the total count of deployments + across all namespaces. + type: string + name: + description: Name of the global context + entry + type: string + type: object imageRegistry: description: ImageRegistry defines requests to an OCI/Docker V2 registry to fetch @@ -9375,6 +9529,23 @@ spec: required: - name type: object + globalReference: + description: GlobalContextEntryReference is a reference + to a cached global context entry. + properties: + jmesPath: + description: JMESPath is an optional JSON Match Expression + that can be used to transform the JSON response + returned from the server. For example a JMESPath + of "items | length(@)" applied to the API server + response for the URLPath "/apis/apps/v1/deployments" + will return the total count of deployments across + all namespaces. + type: string + name: + description: Name of the global context entry + type: string + type: object imageRegistry: description: ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image details. @@ -10657,6 +10828,25 @@ spec: required: - name type: object + globalReference: + description: GlobalContextEntryReference is + a reference to a cached global context entry. + properties: + jmesPath: + description: JMESPath is an optional JSON + Match Expression that can be used to transform + the JSON response returned from the server. + For example a JMESPath of "items | length(@)" + applied to the API server response for + the URLPath "/apis/apps/v1/deployments" + will return the total count of deployments + across all namespaces. + type: string + name: + description: Name of the global context + entry + type: string + type: object imageRegistry: description: ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image @@ -10990,6 +11180,25 @@ spec: required: - name type: object + globalReference: + description: GlobalContextEntryReference is + a reference to a cached global context entry. + properties: + jmesPath: + description: JMESPath is an optional JSON + Match Expression that can be used to transform + the JSON response returned from the server. + For example a JMESPath of "items | length(@)" + applied to the API server response for + the URLPath "/apis/apps/v1/deployments" + will return the total count of deployments + across all namespaces. + type: string + name: + description: Name of the global context + entry + type: string + type: object imageRegistry: description: ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image @@ -11734,6 +11943,25 @@ spec: required: - name type: object + globalReference: + description: GlobalContextEntryReference is + a reference to a cached global context entry. + properties: + jmesPath: + description: JMESPath is an optional JSON + Match Expression that can be used to transform + the JSON response returned from the server. + For example a JMESPath of "items | length(@)" + applied to the API server response for + the URLPath "/apis/apps/v1/deployments" + will return the total count of deployments + across all namespaces. + type: string + name: + description: Name of the global context + entry + type: string + type: object imageRegistry: description: ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image @@ -13521,6 +13749,23 @@ spec: required: - name type: object + globalReference: + description: GlobalContextEntryReference is a reference + to a cached global context entry. + properties: + jmesPath: + description: JMESPath is an optional JSON Match + Expression that can be used to transform the + JSON response returned from the server. For + example a JMESPath of "items | length(@)" applied + to the API server response for the URLPath "/apis/apps/v1/deployments" + will return the total count of deployments across + all namespaces. + type: string + name: + description: Name of the global context entry + type: string + type: object imageRegistry: description: ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image details. @@ -15307,6 +15552,27 @@ spec: required: - name type: object + globalReference: + description: GlobalContextEntryReference + is a reference to a cached global context + entry. + properties: + jmesPath: + description: JMESPath is an optional + JSON Match Expression that can be + used to transform the JSON response + returned from the server. For example + a JMESPath of "items | length(@)" + applied to the API server response + for the URLPath "/apis/apps/v1/deployments" + will return the total count of deployments + across all namespaces. + type: string + name: + description: Name of the global context + entry + type: string + type: object imageRegistry: description: ImageRegistry defines requests to an OCI/Docker V2 registry to fetch @@ -15655,6 +15921,27 @@ spec: required: - name type: object + globalReference: + description: GlobalContextEntryReference + is a reference to a cached global context + entry. + properties: + jmesPath: + description: JMESPath is an optional + JSON Match Expression that can be + used to transform the JSON response + returned from the server. For example + a JMESPath of "items | length(@)" + applied to the API server response + for the URLPath "/apis/apps/v1/deployments" + will return the total count of deployments + across all namespaces. + type: string + name: + description: Name of the global context + entry + type: string + type: object imageRegistry: description: ImageRegistry defines requests to an OCI/Docker V2 registry to fetch @@ -16250,6 +16537,27 @@ spec: required: - name type: object + globalReference: + description: GlobalContextEntryReference + is a reference to a cached global context + entry. + properties: + jmesPath: + description: JMESPath is an optional + JSON Match Expression that can be + used to transform the JSON response + returned from the server. For example + a JMESPath of "items | length(@)" + applied to the API server response + for the URLPath "/apis/apps/v1/deployments" + will return the total count of deployments + across all namespaces. + type: string + name: + description: Name of the global context + entry + type: string + type: object imageRegistry: description: ImageRegistry defines requests to an OCI/Docker V2 registry to fetch diff --git a/cmd/internal/engine.go b/cmd/internal/engine.go index 0e451e606b..f1754a73f5 100644 --- a/cmd/internal/engine.go +++ b/cmd/internal/engine.go @@ -14,6 +14,7 @@ import ( "github.com/kyverno/kyverno/pkg/engine/adapters" engineapi "github.com/kyverno/kyverno/pkg/engine/api" "github.com/kyverno/kyverno/pkg/engine/apicall" + "github.com/kyverno/kyverno/pkg/engine/context/loaders" "github.com/kyverno/kyverno/pkg/engine/context/resolvers" "github.com/kyverno/kyverno/pkg/engine/factories" "github.com/kyverno/kyverno/pkg/engine/jmespath" @@ -36,6 +37,7 @@ func NewEngine( kyvernoClient versioned.Interface, secretLister corev1listers.SecretNamespaceLister, apiCallConfig apicall.APICallConfiguration, + gctxStore loaders.Store, ) engineapi.Engine { configMapResolver := NewConfigMapResolver(ctx, logger, kubeClient, 15*time.Minute) exceptionsSelector := NewExceptionSelector(ctx, logger, kyvernoClient, 15*time.Minute) @@ -48,7 +50,7 @@ func NewEngine( adapters.Client(client), factories.DefaultRegistryClientFactory(adapters.RegistryClient(rclient), secretLister), ivCache, - factories.DefaultContextLoaderFactory(configMapResolver, factories.WithAPICallConfig(apiCallConfig)), + factories.DefaultContextLoaderFactory(configMapResolver, factories.WithAPICallConfig(apiCallConfig), factories.WithGlobalContextStore(gctxStore)), exceptionsSelector, imageSignatureRepository, ) diff --git a/cmd/kyverno/main.go b/cmd/kyverno/main.go index 6fdb07b13f..719fa8ced9 100644 --- a/cmd/kyverno/main.go +++ b/cmd/kyverno/main.go @@ -149,6 +149,7 @@ func createrLeaderControllers( caInformer, kubeKyvernoInformer.Coordination().V1().Leases(), kubeInformer.Rbac().V1().ClusterRoles(), + kyvernoInformer.Kyverno().V2alpha1().GlobalContextEntries(), serverIP, int32(webhookTimeout), servicePort, @@ -356,12 +357,13 @@ func main() { logging.WithName("EventGenerator"), strings.Split(omitEvents, ",")..., ) + gcstore := store.New() gceController := internal.NewController( globalcontextcontroller.ControllerName, globalcontextcontroller.NewController( kyvernoInformer.Kyverno().V2alpha1().GlobalContextEntries(), setup.KyvernoDynamicClient, - store.New(), + gcstore, maxAPICallResponseLength, ), globalcontextcontroller.Workers, @@ -411,6 +413,7 @@ func main() { setup.KyvernoClient, setup.RegistrySecretLister, apicall.NewAPICallConfiguration(maxAPICallResponseLength), + gcstore, ) // create non leader controllers nonLeaderControllers, nonLeaderBootstrap := createNonLeaderControllers( diff --git a/cmd/reports-controller/main.go b/cmd/reports-controller/main.go index ce7ad14eb2..6ec0525065 100644 --- a/cmd/reports-controller/main.go +++ b/cmd/reports-controller/main.go @@ -285,12 +285,13 @@ func main() { eventGenerator, event.Workers, ) + gcstore := store.New() gceController := internal.NewController( globalcontextcontroller.ControllerName, globalcontextcontroller.NewController( kyvernoInformer.Kyverno().V2alpha1().GlobalContextEntries(), setup.KyvernoDynamicClient, - store.New(), + gcstore, maxAPICallResponseLength, ), globalcontextcontroller.Workers, @@ -309,6 +310,7 @@ func main() { setup.KyvernoClient, setup.RegistrySecretLister, apicall.NewAPICallConfiguration(maxAPICallResponseLength), + gcstore, ) // start informers and wait for cache sync if !internal.StartInformersAndWaitForCacheSync(ctx, setup.Logger, kyvernoInformer) { diff --git a/config/crds/kyverno/kyverno.io_cleanuppolicies.yaml b/config/crds/kyverno/kyverno.io_cleanuppolicies.yaml index b1319e9be2..80334db6b8 100644 --- a/config/crds/kyverno/kyverno.io_cleanuppolicies.yaml +++ b/config/crds/kyverno/kyverno.io_cleanuppolicies.yaml @@ -215,6 +215,22 @@ spec: required: - name type: object + globalReference: + description: GlobalContextEntryReference is a reference to a + cached global context entry. + properties: + jmesPath: + description: JMESPath is an optional JSON Match Expression + that can be used to transform the JSON response returned + from the server. For example a JMESPath of "items | length(@)" + applied to the API server response for the URLPath "/apis/apps/v1/deployments" + will return the total count of deployments across all + namespaces. + type: string + name: + description: Name of the global context entry + type: string + type: object imageRegistry: description: ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image details. @@ -1456,6 +1472,22 @@ spec: required: - name type: object + globalReference: + description: GlobalContextEntryReference is a reference to a + cached global context entry. + properties: + jmesPath: + description: JMESPath is an optional JSON Match Expression + that can be used to transform the JSON response returned + from the server. For example a JMESPath of "items | length(@)" + applied to the API server response for the URLPath "/apis/apps/v1/deployments" + will return the total count of deployments across all + namespaces. + type: string + name: + description: Name of the global context entry + type: string + type: object imageRegistry: description: ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image details. @@ -2697,6 +2729,22 @@ spec: required: - name type: object + globalReference: + description: GlobalContextEntryReference is a reference to a + cached global context entry. + properties: + jmesPath: + description: JMESPath is an optional JSON Match Expression + that can be used to transform the JSON response returned + from the server. For example a JMESPath of "items | length(@)" + applied to the API server response for the URLPath "/apis/apps/v1/deployments" + will return the total count of deployments across all + namespaces. + type: string + name: + description: Name of the global context entry + type: string + type: object imageRegistry: description: ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image details. diff --git a/config/crds/kyverno/kyverno.io_clustercleanuppolicies.yaml b/config/crds/kyverno/kyverno.io_clustercleanuppolicies.yaml index f074c60f17..39e13e6cbe 100644 --- a/config/crds/kyverno/kyverno.io_clustercleanuppolicies.yaml +++ b/config/crds/kyverno/kyverno.io_clustercleanuppolicies.yaml @@ -215,6 +215,22 @@ spec: required: - name type: object + globalReference: + description: GlobalContextEntryReference is a reference to a + cached global context entry. + properties: + jmesPath: + description: JMESPath is an optional JSON Match Expression + that can be used to transform the JSON response returned + from the server. For example a JMESPath of "items | length(@)" + applied to the API server response for the URLPath "/apis/apps/v1/deployments" + will return the total count of deployments across all + namespaces. + type: string + name: + description: Name of the global context entry + type: string + type: object imageRegistry: description: ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image details. @@ -1456,6 +1472,22 @@ spec: required: - name type: object + globalReference: + description: GlobalContextEntryReference is a reference to a + cached global context entry. + properties: + jmesPath: + description: JMESPath is an optional JSON Match Expression + that can be used to transform the JSON response returned + from the server. For example a JMESPath of "items | length(@)" + applied to the API server response for the URLPath "/apis/apps/v1/deployments" + will return the total count of deployments across all + namespaces. + type: string + name: + description: Name of the global context entry + type: string + type: object imageRegistry: description: ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image details. @@ -2697,6 +2729,22 @@ spec: required: - name type: object + globalReference: + description: GlobalContextEntryReference is a reference to a + cached global context entry. + properties: + jmesPath: + description: JMESPath is an optional JSON Match Expression + that can be used to transform the JSON response returned + from the server. For example a JMESPath of "items | length(@)" + applied to the API server response for the URLPath "/apis/apps/v1/deployments" + will return the total count of deployments across all + namespaces. + type: string + name: + description: Name of the global context entry + type: string + type: object imageRegistry: description: ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image details. diff --git a/config/crds/kyverno/kyverno.io_clusterpolicies.yaml b/config/crds/kyverno/kyverno.io_clusterpolicies.yaml index 8211d5224a..b56aad1554 100644 --- a/config/crds/kyverno/kyverno.io_clusterpolicies.yaml +++ b/config/crds/kyverno/kyverno.io_clusterpolicies.yaml @@ -261,6 +261,23 @@ spec: required: - name type: object + globalReference: + description: GlobalContextEntryReference is a reference + to a cached global context entry. + properties: + jmesPath: + description: JMESPath is an optional JSON Match Expression + that can be used to transform the JSON response + returned from the server. For example a JMESPath + of "items | length(@)" applied to the API server + response for the URLPath "/apis/apps/v1/deployments" + will return the total count of deployments across + all namespaces. + type: string + name: + description: Name of the global context entry + type: string + type: object imageRegistry: description: ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image details. @@ -1969,6 +1986,25 @@ spec: required: - name type: object + globalReference: + description: GlobalContextEntryReference is + a reference to a cached global context entry. + properties: + jmesPath: + description: JMESPath is an optional JSON + Match Expression that can be used to transform + the JSON response returned from the server. + For example a JMESPath of "items | length(@)" + applied to the API server response for + the URLPath "/apis/apps/v1/deployments" + will return the total count of deployments + across all namespaces. + type: string + name: + description: Name of the global context + entry + type: string + type: object imageRegistry: description: ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image @@ -2302,6 +2338,25 @@ spec: required: - name type: object + globalReference: + description: GlobalContextEntryReference is + a reference to a cached global context entry. + properties: + jmesPath: + description: JMESPath is an optional JSON + Match Expression that can be used to transform + the JSON response returned from the server. + For example a JMESPath of "items | length(@)" + applied to the API server response for + the URLPath "/apis/apps/v1/deployments" + will return the total count of deployments + across all namespaces. + type: string + name: + description: Name of the global context + entry + type: string + type: object imageRegistry: description: ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image @@ -2867,6 +2922,25 @@ spec: required: - name type: object + globalReference: + description: GlobalContextEntryReference is + a reference to a cached global context entry. + properties: + jmesPath: + description: JMESPath is an optional JSON + Match Expression that can be used to transform + the JSON response returned from the server. + For example a JMESPath of "items | length(@)" + applied to the API server response for + the URLPath "/apis/apps/v1/deployments" + will return the total count of deployments + across all namespaces. + type: string + name: + description: Name of the global context + entry + type: string + type: object imageRegistry: description: ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image @@ -4680,6 +4754,23 @@ spec: required: - name type: object + globalReference: + description: GlobalContextEntryReference is a reference + to a cached global context entry. + properties: + jmesPath: + description: JMESPath is an optional JSON Match + Expression that can be used to transform the + JSON response returned from the server. For + example a JMESPath of "items | length(@)" applied + to the API server response for the URLPath "/apis/apps/v1/deployments" + will return the total count of deployments across + all namespaces. + type: string + name: + description: Name of the global context entry + type: string + type: object imageRegistry: description: ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image details. @@ -6466,6 +6557,27 @@ spec: required: - name type: object + globalReference: + description: GlobalContextEntryReference + is a reference to a cached global context + entry. + properties: + jmesPath: + description: JMESPath is an optional + JSON Match Expression that can be + used to transform the JSON response + returned from the server. For example + a JMESPath of "items | length(@)" + applied to the API server response + for the URLPath "/apis/apps/v1/deployments" + will return the total count of deployments + across all namespaces. + type: string + name: + description: Name of the global context + entry + type: string + type: object imageRegistry: description: ImageRegistry defines requests to an OCI/Docker V2 registry to fetch @@ -6814,6 +6926,27 @@ spec: required: - name type: object + globalReference: + description: GlobalContextEntryReference + is a reference to a cached global context + entry. + properties: + jmesPath: + description: JMESPath is an optional + JSON Match Expression that can be + used to transform the JSON response + returned from the server. For example + a JMESPath of "items | length(@)" + applied to the API server response + for the URLPath "/apis/apps/v1/deployments" + will return the total count of deployments + across all namespaces. + type: string + name: + description: Name of the global context + entry + type: string + type: object imageRegistry: description: ImageRegistry defines requests to an OCI/Docker V2 registry to fetch @@ -7409,6 +7542,27 @@ spec: required: - name type: object + globalReference: + description: GlobalContextEntryReference + is a reference to a cached global context + entry. + properties: + jmesPath: + description: JMESPath is an optional + JSON Match Expression that can be + used to transform the JSON response + returned from the server. For example + a JMESPath of "items | length(@)" + applied to the API server response + for the URLPath "/apis/apps/v1/deployments" + will return the total count of deployments + across all namespaces. + type: string + name: + description: Name of the global context + entry + type: string + type: object imageRegistry: description: ImageRegistry defines requests to an OCI/Docker V2 registry to fetch @@ -9372,6 +9526,23 @@ spec: required: - name type: object + globalReference: + description: GlobalContextEntryReference is a reference + to a cached global context entry. + properties: + jmesPath: + description: JMESPath is an optional JSON Match Expression + that can be used to transform the JSON response + returned from the server. For example a JMESPath + of "items | length(@)" applied to the API server + response for the URLPath "/apis/apps/v1/deployments" + will return the total count of deployments across + all namespaces. + type: string + name: + description: Name of the global context entry + type: string + type: object imageRegistry: description: ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image details. @@ -10654,6 +10825,25 @@ spec: required: - name type: object + globalReference: + description: GlobalContextEntryReference is + a reference to a cached global context entry. + properties: + jmesPath: + description: JMESPath is an optional JSON + Match Expression that can be used to transform + the JSON response returned from the server. + For example a JMESPath of "items | length(@)" + applied to the API server response for + the URLPath "/apis/apps/v1/deployments" + will return the total count of deployments + across all namespaces. + type: string + name: + description: Name of the global context + entry + type: string + type: object imageRegistry: description: ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image @@ -10987,6 +11177,25 @@ spec: required: - name type: object + globalReference: + description: GlobalContextEntryReference is + a reference to a cached global context entry. + properties: + jmesPath: + description: JMESPath is an optional JSON + Match Expression that can be used to transform + the JSON response returned from the server. + For example a JMESPath of "items | length(@)" + applied to the API server response for + the URLPath "/apis/apps/v1/deployments" + will return the total count of deployments + across all namespaces. + type: string + name: + description: Name of the global context + entry + type: string + type: object imageRegistry: description: ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image @@ -11731,6 +11940,25 @@ spec: required: - name type: object + globalReference: + description: GlobalContextEntryReference is + a reference to a cached global context entry. + properties: + jmesPath: + description: JMESPath is an optional JSON + Match Expression that can be used to transform + the JSON response returned from the server. + For example a JMESPath of "items | length(@)" + applied to the API server response for + the URLPath "/apis/apps/v1/deployments" + will return the total count of deployments + across all namespaces. + type: string + name: + description: Name of the global context + entry + type: string + type: object imageRegistry: description: ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image @@ -13518,6 +13746,23 @@ spec: required: - name type: object + globalReference: + description: GlobalContextEntryReference is a reference + to a cached global context entry. + properties: + jmesPath: + description: JMESPath is an optional JSON Match + Expression that can be used to transform the + JSON response returned from the server. For + example a JMESPath of "items | length(@)" applied + to the API server response for the URLPath "/apis/apps/v1/deployments" + will return the total count of deployments across + all namespaces. + type: string + name: + description: Name of the global context entry + type: string + type: object imageRegistry: description: ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image details. @@ -15304,6 +15549,27 @@ spec: required: - name type: object + globalReference: + description: GlobalContextEntryReference + is a reference to a cached global context + entry. + properties: + jmesPath: + description: JMESPath is an optional + JSON Match Expression that can be + used to transform the JSON response + returned from the server. For example + a JMESPath of "items | length(@)" + applied to the API server response + for the URLPath "/apis/apps/v1/deployments" + will return the total count of deployments + across all namespaces. + type: string + name: + description: Name of the global context + entry + type: string + type: object imageRegistry: description: ImageRegistry defines requests to an OCI/Docker V2 registry to fetch @@ -15652,6 +15918,27 @@ spec: required: - name type: object + globalReference: + description: GlobalContextEntryReference + is a reference to a cached global context + entry. + properties: + jmesPath: + description: JMESPath is an optional + JSON Match Expression that can be + used to transform the JSON response + returned from the server. For example + a JMESPath of "items | length(@)" + applied to the API server response + for the URLPath "/apis/apps/v1/deployments" + will return the total count of deployments + across all namespaces. + type: string + name: + description: Name of the global context + entry + type: string + type: object imageRegistry: description: ImageRegistry defines requests to an OCI/Docker V2 registry to fetch @@ -16247,6 +16534,27 @@ spec: required: - name type: object + globalReference: + description: GlobalContextEntryReference + is a reference to a cached global context + entry. + properties: + jmesPath: + description: JMESPath is an optional + JSON Match Expression that can be + used to transform the JSON response + returned from the server. For example + a JMESPath of "items | length(@)" + applied to the API server response + for the URLPath "/apis/apps/v1/deployments" + will return the total count of deployments + across all namespaces. + type: string + name: + description: Name of the global context + entry + type: string + type: object imageRegistry: description: ImageRegistry defines requests to an OCI/Docker V2 registry to fetch diff --git a/config/crds/kyverno/kyverno.io_policies.yaml b/config/crds/kyverno/kyverno.io_policies.yaml index 10bc7926d4..ad1025d101 100644 --- a/config/crds/kyverno/kyverno.io_policies.yaml +++ b/config/crds/kyverno/kyverno.io_policies.yaml @@ -262,6 +262,23 @@ spec: required: - name type: object + globalReference: + description: GlobalContextEntryReference is a reference + to a cached global context entry. + properties: + jmesPath: + description: JMESPath is an optional JSON Match Expression + that can be used to transform the JSON response + returned from the server. For example a JMESPath + of "items | length(@)" applied to the API server + response for the URLPath "/apis/apps/v1/deployments" + will return the total count of deployments across + all namespaces. + type: string + name: + description: Name of the global context entry + type: string + type: object imageRegistry: description: ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image details. @@ -1970,6 +1987,25 @@ spec: required: - name type: object + globalReference: + description: GlobalContextEntryReference is + a reference to a cached global context entry. + properties: + jmesPath: + description: JMESPath is an optional JSON + Match Expression that can be used to transform + the JSON response returned from the server. + For example a JMESPath of "items | length(@)" + applied to the API server response for + the URLPath "/apis/apps/v1/deployments" + will return the total count of deployments + across all namespaces. + type: string + name: + description: Name of the global context + entry + type: string + type: object imageRegistry: description: ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image @@ -2303,6 +2339,25 @@ spec: required: - name type: object + globalReference: + description: GlobalContextEntryReference is + a reference to a cached global context entry. + properties: + jmesPath: + description: JMESPath is an optional JSON + Match Expression that can be used to transform + the JSON response returned from the server. + For example a JMESPath of "items | length(@)" + applied to the API server response for + the URLPath "/apis/apps/v1/deployments" + will return the total count of deployments + across all namespaces. + type: string + name: + description: Name of the global context + entry + type: string + type: object imageRegistry: description: ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image @@ -2868,6 +2923,25 @@ spec: required: - name type: object + globalReference: + description: GlobalContextEntryReference is + a reference to a cached global context entry. + properties: + jmesPath: + description: JMESPath is an optional JSON + Match Expression that can be used to transform + the JSON response returned from the server. + For example a JMESPath of "items | length(@)" + applied to the API server response for + the URLPath "/apis/apps/v1/deployments" + will return the total count of deployments + across all namespaces. + type: string + name: + description: Name of the global context + entry + type: string + type: object imageRegistry: description: ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image @@ -4682,6 +4756,23 @@ spec: required: - name type: object + globalReference: + description: GlobalContextEntryReference is a reference + to a cached global context entry. + properties: + jmesPath: + description: JMESPath is an optional JSON Match + Expression that can be used to transform the + JSON response returned from the server. For + example a JMESPath of "items | length(@)" applied + to the API server response for the URLPath "/apis/apps/v1/deployments" + will return the total count of deployments across + all namespaces. + type: string + name: + description: Name of the global context entry + type: string + type: object imageRegistry: description: ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image details. @@ -6468,6 +6559,27 @@ spec: required: - name type: object + globalReference: + description: GlobalContextEntryReference + is a reference to a cached global context + entry. + properties: + jmesPath: + description: JMESPath is an optional + JSON Match Expression that can be + used to transform the JSON response + returned from the server. For example + a JMESPath of "items | length(@)" + applied to the API server response + for the URLPath "/apis/apps/v1/deployments" + will return the total count of deployments + across all namespaces. + type: string + name: + description: Name of the global context + entry + type: string + type: object imageRegistry: description: ImageRegistry defines requests to an OCI/Docker V2 registry to fetch @@ -6816,6 +6928,27 @@ spec: required: - name type: object + globalReference: + description: GlobalContextEntryReference + is a reference to a cached global context + entry. + properties: + jmesPath: + description: JMESPath is an optional + JSON Match Expression that can be + used to transform the JSON response + returned from the server. For example + a JMESPath of "items | length(@)" + applied to the API server response + for the URLPath "/apis/apps/v1/deployments" + will return the total count of deployments + across all namespaces. + type: string + name: + description: Name of the global context + entry + type: string + type: object imageRegistry: description: ImageRegistry defines requests to an OCI/Docker V2 registry to fetch @@ -7411,6 +7544,27 @@ spec: required: - name type: object + globalReference: + description: GlobalContextEntryReference + is a reference to a cached global context + entry. + properties: + jmesPath: + description: JMESPath is an optional + JSON Match Expression that can be + used to transform the JSON response + returned from the server. For example + a JMESPath of "items | length(@)" + applied to the API server response + for the URLPath "/apis/apps/v1/deployments" + will return the total count of deployments + across all namespaces. + type: string + name: + description: Name of the global context + entry + type: string + type: object imageRegistry: description: ImageRegistry defines requests to an OCI/Docker V2 registry to fetch @@ -9375,6 +9529,23 @@ spec: required: - name type: object + globalReference: + description: GlobalContextEntryReference is a reference + to a cached global context entry. + properties: + jmesPath: + description: JMESPath is an optional JSON Match Expression + that can be used to transform the JSON response + returned from the server. For example a JMESPath + of "items | length(@)" applied to the API server + response for the URLPath "/apis/apps/v1/deployments" + will return the total count of deployments across + all namespaces. + type: string + name: + description: Name of the global context entry + type: string + type: object imageRegistry: description: ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image details. @@ -10657,6 +10828,25 @@ spec: required: - name type: object + globalReference: + description: GlobalContextEntryReference is + a reference to a cached global context entry. + properties: + jmesPath: + description: JMESPath is an optional JSON + Match Expression that can be used to transform + the JSON response returned from the server. + For example a JMESPath of "items | length(@)" + applied to the API server response for + the URLPath "/apis/apps/v1/deployments" + will return the total count of deployments + across all namespaces. + type: string + name: + description: Name of the global context + entry + type: string + type: object imageRegistry: description: ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image @@ -10990,6 +11180,25 @@ spec: required: - name type: object + globalReference: + description: GlobalContextEntryReference is + a reference to a cached global context entry. + properties: + jmesPath: + description: JMESPath is an optional JSON + Match Expression that can be used to transform + the JSON response returned from the server. + For example a JMESPath of "items | length(@)" + applied to the API server response for + the URLPath "/apis/apps/v1/deployments" + will return the total count of deployments + across all namespaces. + type: string + name: + description: Name of the global context + entry + type: string + type: object imageRegistry: description: ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image @@ -11734,6 +11943,25 @@ spec: required: - name type: object + globalReference: + description: GlobalContextEntryReference is + a reference to a cached global context entry. + properties: + jmesPath: + description: JMESPath is an optional JSON + Match Expression that can be used to transform + the JSON response returned from the server. + For example a JMESPath of "items | length(@)" + applied to the API server response for + the URLPath "/apis/apps/v1/deployments" + will return the total count of deployments + across all namespaces. + type: string + name: + description: Name of the global context + entry + type: string + type: object imageRegistry: description: ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image @@ -13521,6 +13749,23 @@ spec: required: - name type: object + globalReference: + description: GlobalContextEntryReference is a reference + to a cached global context entry. + properties: + jmesPath: + description: JMESPath is an optional JSON Match + Expression that can be used to transform the + JSON response returned from the server. For + example a JMESPath of "items | length(@)" applied + to the API server response for the URLPath "/apis/apps/v1/deployments" + will return the total count of deployments across + all namespaces. + type: string + name: + description: Name of the global context entry + type: string + type: object imageRegistry: description: ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image details. @@ -15307,6 +15552,27 @@ spec: required: - name type: object + globalReference: + description: GlobalContextEntryReference + is a reference to a cached global context + entry. + properties: + jmesPath: + description: JMESPath is an optional + JSON Match Expression that can be + used to transform the JSON response + returned from the server. For example + a JMESPath of "items | length(@)" + applied to the API server response + for the URLPath "/apis/apps/v1/deployments" + will return the total count of deployments + across all namespaces. + type: string + name: + description: Name of the global context + entry + type: string + type: object imageRegistry: description: ImageRegistry defines requests to an OCI/Docker V2 registry to fetch @@ -15655,6 +15921,27 @@ spec: required: - name type: object + globalReference: + description: GlobalContextEntryReference + is a reference to a cached global context + entry. + properties: + jmesPath: + description: JMESPath is an optional + JSON Match Expression that can be + used to transform the JSON response + returned from the server. For example + a JMESPath of "items | length(@)" + applied to the API server response + for the URLPath "/apis/apps/v1/deployments" + will return the total count of deployments + across all namespaces. + type: string + name: + description: Name of the global context + entry + type: string + type: object imageRegistry: description: ImageRegistry defines requests to an OCI/Docker V2 registry to fetch @@ -16250,6 +16537,27 @@ spec: required: - name type: object + globalReference: + description: GlobalContextEntryReference + is a reference to a cached global context + entry. + properties: + jmesPath: + description: JMESPath is an optional + JSON Match Expression that can be + used to transform the JSON response + returned from the server. For example + a JMESPath of "items | length(@)" + applied to the API server response + for the URLPath "/apis/apps/v1/deployments" + will return the total count of deployments + across all namespaces. + type: string + name: + description: Name of the global context + entry + type: string + type: object imageRegistry: description: ImageRegistry defines requests to an OCI/Docker V2 registry to fetch diff --git a/config/install-latest-testing.yaml b/config/install-latest-testing.yaml index 1f0b30654f..701e80b53e 100644 --- a/config/install-latest-testing.yaml +++ b/config/install-latest-testing.yaml @@ -1655,6 +1655,22 @@ spec: required: - name type: object + globalReference: + description: GlobalContextEntryReference is a reference to a + cached global context entry. + properties: + jmesPath: + description: JMESPath is an optional JSON Match Expression + that can be used to transform the JSON response returned + from the server. For example a JMESPath of "items | length(@)" + applied to the API server response for the URLPath "/apis/apps/v1/deployments" + will return the total count of deployments across all + namespaces. + type: string + name: + description: Name of the global context entry + type: string + type: object imageRegistry: description: ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image details. @@ -2896,6 +2912,22 @@ spec: required: - name type: object + globalReference: + description: GlobalContextEntryReference is a reference to a + cached global context entry. + properties: + jmesPath: + description: JMESPath is an optional JSON Match Expression + that can be used to transform the JSON response returned + from the server. For example a JMESPath of "items | length(@)" + applied to the API server response for the URLPath "/apis/apps/v1/deployments" + will return the total count of deployments across all + namespaces. + type: string + name: + description: Name of the global context entry + type: string + type: object imageRegistry: description: ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image details. @@ -4137,6 +4169,22 @@ spec: required: - name type: object + globalReference: + description: GlobalContextEntryReference is a reference to a + cached global context entry. + properties: + jmesPath: + description: JMESPath is an optional JSON Match Expression + that can be used to transform the JSON response returned + from the server. For example a JMESPath of "items | length(@)" + applied to the API server response for the URLPath "/apis/apps/v1/deployments" + will return the total count of deployments across all + namespaces. + type: string + name: + description: Name of the global context entry + type: string + type: object imageRegistry: description: ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image details. @@ -6635,6 +6683,22 @@ spec: required: - name type: object + globalReference: + description: GlobalContextEntryReference is a reference to a + cached global context entry. + properties: + jmesPath: + description: JMESPath is an optional JSON Match Expression + that can be used to transform the JSON response returned + from the server. For example a JMESPath of "items | length(@)" + applied to the API server response for the URLPath "/apis/apps/v1/deployments" + will return the total count of deployments across all + namespaces. + type: string + name: + description: Name of the global context entry + type: string + type: object imageRegistry: description: ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image details. @@ -7876,6 +7940,22 @@ spec: required: - name type: object + globalReference: + description: GlobalContextEntryReference is a reference to a + cached global context entry. + properties: + jmesPath: + description: JMESPath is an optional JSON Match Expression + that can be used to transform the JSON response returned + from the server. For example a JMESPath of "items | length(@)" + applied to the API server response for the URLPath "/apis/apps/v1/deployments" + will return the total count of deployments across all + namespaces. + type: string + name: + description: Name of the global context entry + type: string + type: object imageRegistry: description: ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image details. @@ -9117,6 +9197,22 @@ spec: required: - name type: object + globalReference: + description: GlobalContextEntryReference is a reference to a + cached global context entry. + properties: + jmesPath: + description: JMESPath is an optional JSON Match Expression + that can be used to transform the JSON response returned + from the server. For example a JMESPath of "items | length(@)" + applied to the API server response for the URLPath "/apis/apps/v1/deployments" + will return the total count of deployments across all + namespaces. + type: string + name: + description: Name of the global context entry + type: string + type: object imageRegistry: description: ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image details. @@ -10431,6 +10527,23 @@ spec: required: - name type: object + globalReference: + description: GlobalContextEntryReference is a reference + to a cached global context entry. + properties: + jmesPath: + description: JMESPath is an optional JSON Match Expression + that can be used to transform the JSON response + returned from the server. For example a JMESPath + of "items | length(@)" applied to the API server + response for the URLPath "/apis/apps/v1/deployments" + will return the total count of deployments across + all namespaces. + type: string + name: + description: Name of the global context entry + type: string + type: object imageRegistry: description: ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image details. @@ -12139,6 +12252,25 @@ spec: required: - name type: object + globalReference: + description: GlobalContextEntryReference is + a reference to a cached global context entry. + properties: + jmesPath: + description: JMESPath is an optional JSON + Match Expression that can be used to transform + the JSON response returned from the server. + For example a JMESPath of "items | length(@)" + applied to the API server response for + the URLPath "/apis/apps/v1/deployments" + will return the total count of deployments + across all namespaces. + type: string + name: + description: Name of the global context + entry + type: string + type: object imageRegistry: description: ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image @@ -12472,6 +12604,25 @@ spec: required: - name type: object + globalReference: + description: GlobalContextEntryReference is + a reference to a cached global context entry. + properties: + jmesPath: + description: JMESPath is an optional JSON + Match Expression that can be used to transform + the JSON response returned from the server. + For example a JMESPath of "items | length(@)" + applied to the API server response for + the URLPath "/apis/apps/v1/deployments" + will return the total count of deployments + across all namespaces. + type: string + name: + description: Name of the global context + entry + type: string + type: object imageRegistry: description: ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image @@ -13037,6 +13188,25 @@ spec: required: - name type: object + globalReference: + description: GlobalContextEntryReference is + a reference to a cached global context entry. + properties: + jmesPath: + description: JMESPath is an optional JSON + Match Expression that can be used to transform + the JSON response returned from the server. + For example a JMESPath of "items | length(@)" + applied to the API server response for + the URLPath "/apis/apps/v1/deployments" + will return the total count of deployments + across all namespaces. + type: string + name: + description: Name of the global context + entry + type: string + type: object imageRegistry: description: ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image @@ -14850,6 +15020,23 @@ spec: required: - name type: object + globalReference: + description: GlobalContextEntryReference is a reference + to a cached global context entry. + properties: + jmesPath: + description: JMESPath is an optional JSON Match + Expression that can be used to transform the + JSON response returned from the server. For + example a JMESPath of "items | length(@)" applied + to the API server response for the URLPath "/apis/apps/v1/deployments" + will return the total count of deployments across + all namespaces. + type: string + name: + description: Name of the global context entry + type: string + type: object imageRegistry: description: ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image details. @@ -16636,6 +16823,27 @@ spec: required: - name type: object + globalReference: + description: GlobalContextEntryReference + is a reference to a cached global context + entry. + properties: + jmesPath: + description: JMESPath is an optional + JSON Match Expression that can be + used to transform the JSON response + returned from the server. For example + a JMESPath of "items | length(@)" + applied to the API server response + for the URLPath "/apis/apps/v1/deployments" + will return the total count of deployments + across all namespaces. + type: string + name: + description: Name of the global context + entry + type: string + type: object imageRegistry: description: ImageRegistry defines requests to an OCI/Docker V2 registry to fetch @@ -16984,6 +17192,27 @@ spec: required: - name type: object + globalReference: + description: GlobalContextEntryReference + is a reference to a cached global context + entry. + properties: + jmesPath: + description: JMESPath is an optional + JSON Match Expression that can be + used to transform the JSON response + returned from the server. For example + a JMESPath of "items | length(@)" + applied to the API server response + for the URLPath "/apis/apps/v1/deployments" + will return the total count of deployments + across all namespaces. + type: string + name: + description: Name of the global context + entry + type: string + type: object imageRegistry: description: ImageRegistry defines requests to an OCI/Docker V2 registry to fetch @@ -17579,6 +17808,27 @@ spec: required: - name type: object + globalReference: + description: GlobalContextEntryReference + is a reference to a cached global context + entry. + properties: + jmesPath: + description: JMESPath is an optional + JSON Match Expression that can be + used to transform the JSON response + returned from the server. For example + a JMESPath of "items | length(@)" + applied to the API server response + for the URLPath "/apis/apps/v1/deployments" + will return the total count of deployments + across all namespaces. + type: string + name: + description: Name of the global context + entry + type: string + type: object imageRegistry: description: ImageRegistry defines requests to an OCI/Docker V2 registry to fetch @@ -19542,6 +19792,23 @@ spec: required: - name type: object + globalReference: + description: GlobalContextEntryReference is a reference + to a cached global context entry. + properties: + jmesPath: + description: JMESPath is an optional JSON Match Expression + that can be used to transform the JSON response + returned from the server. For example a JMESPath + of "items | length(@)" applied to the API server + response for the URLPath "/apis/apps/v1/deployments" + will return the total count of deployments across + all namespaces. + type: string + name: + description: Name of the global context entry + type: string + type: object imageRegistry: description: ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image details. @@ -20824,6 +21091,25 @@ spec: required: - name type: object + globalReference: + description: GlobalContextEntryReference is + a reference to a cached global context entry. + properties: + jmesPath: + description: JMESPath is an optional JSON + Match Expression that can be used to transform + the JSON response returned from the server. + For example a JMESPath of "items | length(@)" + applied to the API server response for + the URLPath "/apis/apps/v1/deployments" + will return the total count of deployments + across all namespaces. + type: string + name: + description: Name of the global context + entry + type: string + type: object imageRegistry: description: ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image @@ -21157,6 +21443,25 @@ spec: required: - name type: object + globalReference: + description: GlobalContextEntryReference is + a reference to a cached global context entry. + properties: + jmesPath: + description: JMESPath is an optional JSON + Match Expression that can be used to transform + the JSON response returned from the server. + For example a JMESPath of "items | length(@)" + applied to the API server response for + the URLPath "/apis/apps/v1/deployments" + will return the total count of deployments + across all namespaces. + type: string + name: + description: Name of the global context + entry + type: string + type: object imageRegistry: description: ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image @@ -21901,6 +22206,25 @@ spec: required: - name type: object + globalReference: + description: GlobalContextEntryReference is + a reference to a cached global context entry. + properties: + jmesPath: + description: JMESPath is an optional JSON + Match Expression that can be used to transform + the JSON response returned from the server. + For example a JMESPath of "items | length(@)" + applied to the API server response for + the URLPath "/apis/apps/v1/deployments" + will return the total count of deployments + across all namespaces. + type: string + name: + description: Name of the global context + entry + type: string + type: object imageRegistry: description: ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image @@ -23688,6 +24012,23 @@ spec: required: - name type: object + globalReference: + description: GlobalContextEntryReference is a reference + to a cached global context entry. + properties: + jmesPath: + description: JMESPath is an optional JSON Match + Expression that can be used to transform the + JSON response returned from the server. For + example a JMESPath of "items | length(@)" applied + to the API server response for the URLPath "/apis/apps/v1/deployments" + will return the total count of deployments across + all namespaces. + type: string + name: + description: Name of the global context entry + type: string + type: object imageRegistry: description: ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image details. @@ -25474,6 +25815,27 @@ spec: required: - name type: object + globalReference: + description: GlobalContextEntryReference + is a reference to a cached global context + entry. + properties: + jmesPath: + description: JMESPath is an optional + JSON Match Expression that can be + used to transform the JSON response + returned from the server. For example + a JMESPath of "items | length(@)" + applied to the API server response + for the URLPath "/apis/apps/v1/deployments" + will return the total count of deployments + across all namespaces. + type: string + name: + description: Name of the global context + entry + type: string + type: object imageRegistry: description: ImageRegistry defines requests to an OCI/Docker V2 registry to fetch @@ -25822,6 +26184,27 @@ spec: required: - name type: object + globalReference: + description: GlobalContextEntryReference + is a reference to a cached global context + entry. + properties: + jmesPath: + description: JMESPath is an optional + JSON Match Expression that can be + used to transform the JSON response + returned from the server. For example + a JMESPath of "items | length(@)" + applied to the API server response + for the URLPath "/apis/apps/v1/deployments" + will return the total count of deployments + across all namespaces. + type: string + name: + description: Name of the global context + entry + type: string + type: object imageRegistry: description: ImageRegistry defines requests to an OCI/Docker V2 registry to fetch @@ -26417,6 +26800,27 @@ spec: required: - name type: object + globalReference: + description: GlobalContextEntryReference + is a reference to a cached global context + entry. + properties: + jmesPath: + description: JMESPath is an optional + JSON Match Expression that can be + used to transform the JSON response + returned from the server. For example + a JMESPath of "items | length(@)" + applied to the API server response + for the URLPath "/apis/apps/v1/deployments" + will return the total count of deployments + across all namespaces. + type: string + name: + description: Name of the global context + entry + type: string + type: object imageRegistry: description: ImageRegistry defines requests to an OCI/Docker V2 registry to fetch @@ -28611,6 +29015,23 @@ spec: required: - name type: object + globalReference: + description: GlobalContextEntryReference is a reference + to a cached global context entry. + properties: + jmesPath: + description: JMESPath is an optional JSON Match Expression + that can be used to transform the JSON response + returned from the server. For example a JMESPath + of "items | length(@)" applied to the API server + response for the URLPath "/apis/apps/v1/deployments" + will return the total count of deployments across + all namespaces. + type: string + name: + description: Name of the global context entry + type: string + type: object imageRegistry: description: ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image details. @@ -30319,6 +30740,25 @@ spec: required: - name type: object + globalReference: + description: GlobalContextEntryReference is + a reference to a cached global context entry. + properties: + jmesPath: + description: JMESPath is an optional JSON + Match Expression that can be used to transform + the JSON response returned from the server. + For example a JMESPath of "items | length(@)" + applied to the API server response for + the URLPath "/apis/apps/v1/deployments" + will return the total count of deployments + across all namespaces. + type: string + name: + description: Name of the global context + entry + type: string + type: object imageRegistry: description: ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image @@ -30652,6 +31092,25 @@ spec: required: - name type: object + globalReference: + description: GlobalContextEntryReference is + a reference to a cached global context entry. + properties: + jmesPath: + description: JMESPath is an optional JSON + Match Expression that can be used to transform + the JSON response returned from the server. + For example a JMESPath of "items | length(@)" + applied to the API server response for + the URLPath "/apis/apps/v1/deployments" + will return the total count of deployments + across all namespaces. + type: string + name: + description: Name of the global context + entry + type: string + type: object imageRegistry: description: ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image @@ -31217,6 +31676,25 @@ spec: required: - name type: object + globalReference: + description: GlobalContextEntryReference is + a reference to a cached global context entry. + properties: + jmesPath: + description: JMESPath is an optional JSON + Match Expression that can be used to transform + the JSON response returned from the server. + For example a JMESPath of "items | length(@)" + applied to the API server response for + the URLPath "/apis/apps/v1/deployments" + will return the total count of deployments + across all namespaces. + type: string + name: + description: Name of the global context + entry + type: string + type: object imageRegistry: description: ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image @@ -33031,6 +33509,23 @@ spec: required: - name type: object + globalReference: + description: GlobalContextEntryReference is a reference + to a cached global context entry. + properties: + jmesPath: + description: JMESPath is an optional JSON Match + Expression that can be used to transform the + JSON response returned from the server. For + example a JMESPath of "items | length(@)" applied + to the API server response for the URLPath "/apis/apps/v1/deployments" + will return the total count of deployments across + all namespaces. + type: string + name: + description: Name of the global context entry + type: string + type: object imageRegistry: description: ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image details. @@ -34817,6 +35312,27 @@ spec: required: - name type: object + globalReference: + description: GlobalContextEntryReference + is a reference to a cached global context + entry. + properties: + jmesPath: + description: JMESPath is an optional + JSON Match Expression that can be + used to transform the JSON response + returned from the server. For example + a JMESPath of "items | length(@)" + applied to the API server response + for the URLPath "/apis/apps/v1/deployments" + will return the total count of deployments + across all namespaces. + type: string + name: + description: Name of the global context + entry + type: string + type: object imageRegistry: description: ImageRegistry defines requests to an OCI/Docker V2 registry to fetch @@ -35165,6 +35681,27 @@ spec: required: - name type: object + globalReference: + description: GlobalContextEntryReference + is a reference to a cached global context + entry. + properties: + jmesPath: + description: JMESPath is an optional + JSON Match Expression that can be + used to transform the JSON response + returned from the server. For example + a JMESPath of "items | length(@)" + applied to the API server response + for the URLPath "/apis/apps/v1/deployments" + will return the total count of deployments + across all namespaces. + type: string + name: + description: Name of the global context + entry + type: string + type: object imageRegistry: description: ImageRegistry defines requests to an OCI/Docker V2 registry to fetch @@ -35760,6 +36297,27 @@ spec: required: - name type: object + globalReference: + description: GlobalContextEntryReference + is a reference to a cached global context + entry. + properties: + jmesPath: + description: JMESPath is an optional + JSON Match Expression that can be + used to transform the JSON response + returned from the server. For example + a JMESPath of "items | length(@)" + applied to the API server response + for the URLPath "/apis/apps/v1/deployments" + will return the total count of deployments + across all namespaces. + type: string + name: + description: Name of the global context + entry + type: string + type: object imageRegistry: description: ImageRegistry defines requests to an OCI/Docker V2 registry to fetch @@ -37724,6 +38282,23 @@ spec: required: - name type: object + globalReference: + description: GlobalContextEntryReference is a reference + to a cached global context entry. + properties: + jmesPath: + description: JMESPath is an optional JSON Match Expression + that can be used to transform the JSON response + returned from the server. For example a JMESPath + of "items | length(@)" applied to the API server + response for the URLPath "/apis/apps/v1/deployments" + will return the total count of deployments across + all namespaces. + type: string + name: + description: Name of the global context entry + type: string + type: object imageRegistry: description: ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image details. @@ -39006,6 +39581,25 @@ spec: required: - name type: object + globalReference: + description: GlobalContextEntryReference is + a reference to a cached global context entry. + properties: + jmesPath: + description: JMESPath is an optional JSON + Match Expression that can be used to transform + the JSON response returned from the server. + For example a JMESPath of "items | length(@)" + applied to the API server response for + the URLPath "/apis/apps/v1/deployments" + will return the total count of deployments + across all namespaces. + type: string + name: + description: Name of the global context + entry + type: string + type: object imageRegistry: description: ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image @@ -39339,6 +39933,25 @@ spec: required: - name type: object + globalReference: + description: GlobalContextEntryReference is + a reference to a cached global context entry. + properties: + jmesPath: + description: JMESPath is an optional JSON + Match Expression that can be used to transform + the JSON response returned from the server. + For example a JMESPath of "items | length(@)" + applied to the API server response for + the URLPath "/apis/apps/v1/deployments" + will return the total count of deployments + across all namespaces. + type: string + name: + description: Name of the global context + entry + type: string + type: object imageRegistry: description: ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image @@ -40083,6 +40696,25 @@ spec: required: - name type: object + globalReference: + description: GlobalContextEntryReference is + a reference to a cached global context entry. + properties: + jmesPath: + description: JMESPath is an optional JSON + Match Expression that can be used to transform + the JSON response returned from the server. + For example a JMESPath of "items | length(@)" + applied to the API server response for + the URLPath "/apis/apps/v1/deployments" + will return the total count of deployments + across all namespaces. + type: string + name: + description: Name of the global context + entry + type: string + type: object imageRegistry: description: ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image @@ -41870,6 +42502,23 @@ spec: required: - name type: object + globalReference: + description: GlobalContextEntryReference is a reference + to a cached global context entry. + properties: + jmesPath: + description: JMESPath is an optional JSON Match + Expression that can be used to transform the + JSON response returned from the server. For + example a JMESPath of "items | length(@)" applied + to the API server response for the URLPath "/apis/apps/v1/deployments" + will return the total count of deployments across + all namespaces. + type: string + name: + description: Name of the global context entry + type: string + type: object imageRegistry: description: ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image details. @@ -43656,6 +44305,27 @@ spec: required: - name type: object + globalReference: + description: GlobalContextEntryReference + is a reference to a cached global context + entry. + properties: + jmesPath: + description: JMESPath is an optional + JSON Match Expression that can be + used to transform the JSON response + returned from the server. For example + a JMESPath of "items | length(@)" + applied to the API server response + for the URLPath "/apis/apps/v1/deployments" + will return the total count of deployments + across all namespaces. + type: string + name: + description: Name of the global context + entry + type: string + type: object imageRegistry: description: ImageRegistry defines requests to an OCI/Docker V2 registry to fetch @@ -44004,6 +44674,27 @@ spec: required: - name type: object + globalReference: + description: GlobalContextEntryReference + is a reference to a cached global context + entry. + properties: + jmesPath: + description: JMESPath is an optional + JSON Match Expression that can be + used to transform the JSON response + returned from the server. For example + a JMESPath of "items | length(@)" + applied to the API server response + for the URLPath "/apis/apps/v1/deployments" + will return the total count of deployments + across all namespaces. + type: string + name: + description: Name of the global context + entry + type: string + type: object imageRegistry: description: ImageRegistry defines requests to an OCI/Docker V2 registry to fetch @@ -44599,6 +45290,27 @@ spec: required: - name type: object + globalReference: + description: GlobalContextEntryReference + is a reference to a cached global context + entry. + properties: + jmesPath: + description: JMESPath is an optional + JSON Match Expression that can be + used to transform the JSON response + returned from the server. For example + a JMESPath of "items | length(@)" + applied to the API server response + for the URLPath "/apis/apps/v1/deployments" + will return the total count of deployments + across all namespaces. + type: string + name: + description: Name of the global context + entry + type: string + type: object imageRegistry: description: ImageRegistry defines requests to an OCI/Docker V2 registry to fetch diff --git a/docs/user/crd/index.html b/docs/user/crd/index.html index 3acb04aff7..055b4524ca 100644 --- a/docs/user/crd/index.html +++ b/docs/user/crd/index.html @@ -1522,6 +1522,19 @@ Variable

Variable defines an arbitrary JMESPath context variable that can be defined inline.

+ + +globalReference
+ + +GlobalContextEntryReference + + + + +

GlobalContextEntryReference is a reference to a cached global context entry.

+ +
@@ -1995,6 +2008,10 @@ CloneList

GlobalContextEntryReference

+(Appears on: +ContextEntry) +

+

diff --git a/docs/user/crd/kyverno.v1.html b/docs/user/crd/kyverno.v1.html index 514d8a2ae7..53073b8200 100644 --- a/docs/user/crd/kyverno.v1.html +++ b/docs/user/crd/kyverno.v1.html @@ -3074,6 +3074,37 @@ details.

+ + + + + + + + @@ -3992,6 +4023,103 @@ resource will be created with default data only.

+ +
globalReference + + * + +
+ + + + + + GlobalContextEntryReference + + + + 		+ + +

GlobalContextEntryReference is a reference to a cached global context entry.

+ + + + + +
+ + +

GlobalContextEntryReference +

+ + +

+ (Appears in: + ContextEntry) +

+ + +

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
FieldDescription
name + + * + +
+ + + + + string + + + 		+ + +

Name of the global context entry

+ + + + + +
jmesPath + + * + +
+ + + + + string + + + 		+ + +

JMESPath is an optional JSON Match Expression that can be used to +transform the JSON response returned from the server. For example +a JMESPath of "items | length(@)" applied to the API server response +for the URLPath "/apis/apps/v1/deployments" will return the total count +of deployments across all namespaces.

+ + + + + +
diff --git a/pkg/client/applyconfigurations/kyverno/v1/contextentry.go b/pkg/client/applyconfigurations/kyverno/v1/contextentry.go index 157d70b8b0..556bccc6d0 100644 --- a/pkg/client/applyconfigurations/kyverno/v1/contextentry.go +++ b/pkg/client/applyconfigurations/kyverno/v1/contextentry.go @@ -21,11 +21,12 @@ package v1 // ContextEntryApplyConfiguration represents an declarative configuration of the ContextEntry type for use // with apply. type ContextEntryApplyConfiguration struct { - Name *string `json:"name,omitempty"` - ConfigMap *ConfigMapReferenceApplyConfiguration `json:"configMap,omitempty"` - APICall *ContextAPICallApplyConfiguration `json:"apiCall,omitempty"` - ImageRegistry *ImageRegistryApplyConfiguration `json:"imageRegistry,omitempty"` - Variable *VariableApplyConfiguration `json:"variable,omitempty"` + Name *string `json:"name,omitempty"` + ConfigMap *ConfigMapReferenceApplyConfiguration `json:"configMap,omitempty"` + APICall *ContextAPICallApplyConfiguration `json:"apiCall,omitempty"` + ImageRegistry *ImageRegistryApplyConfiguration `json:"imageRegistry,omitempty"` + Variable *VariableApplyConfiguration `json:"variable,omitempty"` + GlobalReference *GlobalContextEntryReferenceApplyConfiguration `json:"globalReference,omitempty"` } // ContextEntryApplyConfiguration constructs an declarative configuration of the ContextEntry type for use with @@ -73,3 +74,11 @@ func (b *ContextEntryApplyConfiguration) WithVariable(value *VariableApplyConfig b.Variable = value return b } + +// WithGlobalReference sets the GlobalReference field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the GlobalReference field is set to the value of the last call. +func (b *ContextEntryApplyConfiguration) WithGlobalReference(value *GlobalContextEntryReferenceApplyConfiguration) *ContextEntryApplyConfiguration { + b.GlobalReference = value + return b +} diff --git a/pkg/client/applyconfigurations/kyverno/v1/globalcontextentryreference.go b/pkg/client/applyconfigurations/kyverno/v1/globalcontextentryreference.go new file mode 100644 index 0000000000..fb44f0551c --- /dev/null +++ b/pkg/client/applyconfigurations/kyverno/v1/globalcontextentryreference.go @@ -0,0 +1,48 @@ +/* +Copyright The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1 + +// GlobalContextEntryReferenceApplyConfiguration represents an declarative configuration of the GlobalContextEntryReference type for use +// with apply. +type GlobalContextEntryReferenceApplyConfiguration struct { + Name *string `json:"name,omitempty"` + JMESPath *string `json:"jmesPath,omitempty"` +} + +// GlobalContextEntryReferenceApplyConfiguration constructs an declarative configuration of the GlobalContextEntryReference type for use with +// apply. +func GlobalContextEntryReference() *GlobalContextEntryReferenceApplyConfiguration { + return &GlobalContextEntryReferenceApplyConfiguration{} +} + +// WithName sets the Name field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Name field is set to the value of the last call. +func (b *GlobalContextEntryReferenceApplyConfiguration) WithName(value string) *GlobalContextEntryReferenceApplyConfiguration { + b.Name = &value + return b +} + +// WithJMESPath sets the JMESPath field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the JMESPath field is set to the value of the last call. +func (b *GlobalContextEntryReferenceApplyConfiguration) WithJMESPath(value string) *GlobalContextEntryReferenceApplyConfiguration { + b.JMESPath = &value + return b +} diff --git a/pkg/client/applyconfigurations/utils.go b/pkg/client/applyconfigurations/utils.go index 2987fb1055..cdb649ab3f 100644 --- a/pkg/client/applyconfigurations/utils.go +++ b/pkg/client/applyconfigurations/utils.go @@ -85,6 +85,8 @@ func ForKind(kind schema.GroupVersionKind) interface{} { return &kyvernov1.ForEachValidationApplyConfiguration{} case v1.SchemeGroupVersion.WithKind("Generation"): return &kyvernov1.GenerationApplyConfiguration{} + case v1.SchemeGroupVersion.WithKind("GlobalContextEntryReference"): + return &kyvernov1.GlobalContextEntryReferenceApplyConfiguration{} case v1.SchemeGroupVersion.WithKind("ImageExtractorConfig"): return &kyvernov1.ImageExtractorConfigApplyConfiguration{} case v1.SchemeGroupVersion.WithKind("ImageRegistry"): diff --git a/pkg/controllers/webhook/controller.go b/pkg/controllers/webhook/controller.go index 1da11e40d3..b3f87711cf 100644 --- a/pkg/controllers/webhook/controller.go +++ b/pkg/controllers/webhook/controller.go @@ -10,11 +10,14 @@ import ( "github.com/go-logr/logr" "github.com/kyverno/kyverno/api/kyverno" kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1" + kyvernov2alpha1 "github.com/kyverno/kyverno/api/kyverno/v2alpha1" "github.com/kyverno/kyverno/ext/wildcard" "github.com/kyverno/kyverno/pkg/autogen" "github.com/kyverno/kyverno/pkg/client/clientset/versioned" kyvernov1informers "github.com/kyverno/kyverno/pkg/client/informers/externalversions/kyverno/v1" + kyvernov2alpha1informers "github.com/kyverno/kyverno/pkg/client/informers/externalversions/kyverno/v2alpha1" kyvernov1listers "github.com/kyverno/kyverno/pkg/client/listers/kyverno/v1" + kyvernov2alpha1listers "github.com/kyverno/kyverno/pkg/client/listers/kyverno/v2alpha1" "github.com/kyverno/kyverno/pkg/clients/dclient" "github.com/kyverno/kyverno/pkg/config" "github.com/kyverno/kyverno/pkg/controllers" @@ -91,6 +94,7 @@ type controller struct { secretLister corev1listers.SecretLister leaseLister coordinationv1listers.LeaseLister clusterroleLister rbacv1listers.ClusterRoleLister + gctxentryLister kyvernov2alpha1listers.GlobalContextEntryLister // queue queue workqueue.RateLimitingInterface @@ -123,6 +127,7 @@ func NewController( secretInformer corev1informers.SecretInformer, leaseInformer coordinationv1informers.LeaseInformer, clusterroleInformer rbacv1informers.ClusterRoleInformer, + gctxentryInformer kyvernov2alpha1informers.GlobalContextEntryInformer, server string, defaultTimeout int32, servicePort int32, @@ -147,6 +152,7 @@ func NewController( secretLister: secretInformer.Lister(), leaseLister: leaseInformer.Lister(), clusterroleLister: clusterroleInformer.Lister(), + gctxentryLister: gctxentryInformer.Lister(), queue: queue, server: server, defaultTimeout: defaultTimeout, @@ -417,6 +423,15 @@ func (c *controller) reconcileMutatingWebhookConfiguration(ctx context.Context, return err } +func (c *controller) isGlobalContextEntryReady(name string, gctxentries []*kyvernov2alpha1.GlobalContextEntry) bool { + for _, gctxentry := range gctxentries { + if gctxentry.Name == name { + return gctxentry.Status.Ready + } + } + return false +} + func (c *controller) updatePolicyStatuses(ctx context.Context) error { c.lock.Lock() defer c.lock.Unlock() @@ -424,6 +439,10 @@ func (c *controller) updatePolicyStatuses(ctx context.Context) error { if err != nil { return err } + gctxentries, err := c.gctxentryLister.List(labels.Everything()) + if err != nil { + return err + } updateStatusFunc := func(policy kyvernov1.PolicyInterface) error { policyKey, err := cache.MetaNamespaceKeyFunc(policy) if err != nil { @@ -438,6 +457,22 @@ func (c *controller) updatePolicyStatuses(ctx context.Context) error { } } } + // If there are global context entries under , check if they are ready + if ready { + for _, rule := range policy.GetSpec().Rules { + if rule.Context == nil { + continue + } + for _, ctxEntry := range rule.Context { + if ctxEntry.GlobalReference != nil { + if !c.isGlobalContextEntryReady(ctxEntry.GlobalReference.Name, gctxentries) { + ready, message = false, "Not ready yet" + break + } + } + } + } + } status := policy.GetStatus() status.SetReady(ready, message) status.Autogen.Rules = nil diff --git a/pkg/engine/context/loaders/globalcontext.go b/pkg/engine/context/loaders/globalcontext.go new file mode 100644 index 0000000000..fb767c6b36 --- /dev/null +++ b/pkg/engine/context/loaders/globalcontext.go @@ -0,0 +1,142 @@ +package loaders + +import ( + "context" + "encoding/json" + "fmt" + + "github.com/go-logr/logr" + kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1" + enginecontext "github.com/kyverno/kyverno/pkg/engine/context" + "github.com/kyverno/kyverno/pkg/engine/jmespath" + "github.com/kyverno/kyverno/pkg/engine/variables" + "github.com/kyverno/kyverno/pkg/globalcontext/store" +) + +type Store interface { + Get(key string) (store.Entry, bool) +} + +type gctxLoader struct { + ctx context.Context //nolint:containedctx + logger logr.Logger + entry kyvernov1.ContextEntry + enginectx enginecontext.Interface + jp jmespath.Interface + gctxStore Store + data []byte +} + +func NewGCTXLoader( + ctx context.Context, + logger logr.Logger, + entry kyvernov1.ContextEntry, + enginectx enginecontext.Interface, + jp jmespath.Interface, + gctxStore Store, +) enginecontext.Loader { + return &gctxLoader{ + ctx: ctx, + logger: logger, + entry: entry, + enginectx: enginectx, + jp: jp, + gctxStore: gctxStore, + } +} + +func (g *gctxLoader) HasLoaded() bool { + data, ok := g.gctxStore.Get(g.entry.Name) + if ok { + g.logger.Error(fmt.Errorf("failed to get data from global context store"), "failed to get data from global context store") + return false + } + if data == nil { + return false + } + return true +} + +func (g *gctxLoader) LoadData() error { + contextData, err := g.loadGctxData() + if err != nil { + g.logger.Error(err, "failed to marshal APICall data for context entry") + return fmt.Errorf("failed to marshal APICall data for context entry %s: %w", g.entry.Name, err) + } + + err = g.enginectx.AddContextEntry(g.entry.Name, contextData) + if err != nil { + g.logger.Error(err, "failed to add resource cache results for context entry") + return fmt.Errorf("failed to add resource cache results for context entry %s: %w", g.entry.Name, err) + } + + g.logger.V(6).Info("added context data", "name", g.entry.Name, "contextData", contextData) + g.data = contextData + return nil +} + +func (g *gctxLoader) loadGctxData() ([]byte, error) { + var data interface{} + var err error + if g.entry.GlobalReference == nil { + g.logger.Error(err, "context entry does not have resource cache") + return nil, fmt.Errorf("resource cache not found") + } + rc, err := variables.SubstituteAllInType(g.logger, g.enginectx, g.entry.GlobalReference) + if err != nil { + return nil, err + } + g.logger.V(6).Info("variables substituted", "resourcecache", rc) + + storeEntry, ok := g.gctxStore.Get(rc.Name) + if !ok { + err := fmt.Errorf("failed to fetch entry key=%s", rc.Name) + g.logger.Error(err, "") + return nil, err + } + data, err = storeEntry.Get() + if err != nil { + g.logger.Error(err, "failed to fetch data from entry") + return nil, err + } + + jsonData, err := json.Marshal(data) + if err != nil { + return nil, err + } + g.logger.V(6).Info("fetched json data", "name", g.entry.Name, "jsondata", jsonData) + + if g.entry.GlobalReference.JMESPath == "" { + err := g.enginectx.AddContextEntry(g.entry.Name, jsonData) + if err != nil { + g.logger.Error(err, "failed to add resource data to context entry") + return nil, fmt.Errorf("failed to add resource data to context entry %s: %w", g.entry.Name, err) + } + + return jsonData, nil + } + + path, err := variables.SubstituteAll(g.logger, g.enginectx, rc.JMESPath) + if err != nil { + g.logger.Error(err, "failed to substitute variables in context entry") + return nil, fmt.Errorf("failed to substitute variables in context entry %s JMESPath %s: %w", g.entry.Name, rc.JMESPath, err) + } + + results, err := g.applyJMESPathJSON(path.(string), jsonData) + if err != nil { + g.logger.Error(err, "failed to apply JMESPath for context entry") + return nil, fmt.Errorf("failed to apply JMESPath %s for context entry %s: %w", path, g.entry.Name, err) + } + g.logger.V(6).Info("applied jmespath expression", "name", g.entry.Name, "results", results) + + return json.Marshal(results) +} + +func (a *gctxLoader) applyJMESPathJSON(jmesPath string, jsonData []byte) (interface{}, error) { + var data interface{} + err := json.Unmarshal(jsonData, &data) + if err != nil { + return nil, fmt.Errorf("failed to unmarshal JSON: %s, error: %w", string(jsonData), err) + } + return a.jp.Search(jmesPath, data) +} diff --git a/pkg/engine/factories/contextloaderfactory.go b/pkg/engine/factories/contextloaderfactory.go index 539f092f72..a64023c8b1 100644 --- a/pkg/engine/factories/contextloaderfactory.go +++ b/pkg/engine/factories/contextloaderfactory.go @@ -42,11 +42,18 @@ func WithAPICallConfig(config apicall.APICallConfiguration) ContextLoaderFactory } } +func WithGlobalContextStore(gctxStore loaders.Store) ContextLoaderFactoryOptions { + return func(cl *contextLoader) { + cl.gctxStore = gctxStore + } +} + type contextLoader struct { logger logr.Logger cmResolver engineapi.ConfigmapResolver initializers []engineapi.Initializer apiCallConfig apicall.APICallConfiguration + gctxStore loaders.Store } func (l *contextLoader) Load( @@ -63,7 +70,7 @@ func (l *contextLoader) Load( } } for _, entry := range contextEntries { - loader, err := l.newLoader(ctx, jp, client, rclientFactory, entry, jsonContext) + loader, err := l.newLoader(ctx, jp, client, rclientFactory, entry, jsonContext, l.gctxStore) if err != nil { return fmt.Errorf("failed to create deferred loader for context entry %s", entry.Name) } @@ -89,6 +96,7 @@ func (l *contextLoader) newLoader( rclientFactory engineapi.RegistryClientFactory, entry kyvernov1.ContextEntry, jsonContext enginecontext.Interface, + gctx loaders.Store, ) (enginecontext.DeferredLoader, error) { if entry.ConfigMap != nil { if l.cmResolver != nil { @@ -106,6 +114,14 @@ func (l *contextLoader) newLoader( l.logger.Info("disabled loading of APICall context entry", "name", entry.Name) return nil, nil } + } else if entry.GlobalReference != nil { + if gctx != nil { + ldr := loaders.NewGCTXLoader(ctx, l.logger, entry, jsonContext, jp, gctx) + return enginecontext.NewDeferredLoader(entry.Name, ldr, l.logger) + } else { + l.logger.Info("disabled loading of GlobalContext context entry", "name", entry.Name) + return nil, nil + } } else if entry.ImageRegistry != nil { if rclientFactory != nil { ldr := loaders.NewImageDataLoader(ctx, l.logger, entry, jsonContext, jp, rclientFactory)