From 911bebcf4d43f2f6d4802608ebb11c0d57d4d254 Mon Sep 17 00:00:00 2001 From: Prateek Pandey Date: Thu, 9 Dec 2021 20:14:29 +0530 Subject: [PATCH] [docs]: sync api docs with latest api changes (#2808) Signed-off-by: prateekpandey14 --- Makefile | 2 +- docs/crd/v1/index.html | 2444 ++++++++++++++++++++++++++++++++++++---- 2 files changed, 2219 insertions(+), 227 deletions(-) diff --git a/Makefile b/Makefile index 6b3889bf71..1dab311433 100644 --- a/Makefile +++ b/Makefile @@ -146,7 +146,7 @@ docker-push-kyverno: docker-buildx-builder ################################## generate-api-docs: - go run github.com/ahmetb/gen-crd-api-reference-docs -api-dir ./api -config documentation/api/config.json -template-dir documentation/api/template -out-file documentation/index.html + go run gen-crd-api-reference-docs -api-dir ./api -config docs/config.json -template-dir docs/template -out-file docs/crd/v1/index.html ################################## diff --git a/docs/crd/v1/index.html b/docs/crd/v1/index.html index 0ff69db9f3..e9af06927e 100644 --- a/docs/crd/v1/index.html +++ b/docs/crd/v1/index.html @@ -20,12 +20,226 @@ background-color: #1589dd;
  • kyverno.io/v1
    • +
  • +kyverno.io/v1alpha1 +
    • +
  • +kyverno.io/v1alpha2 +
    • +
  • +wgpolicyk8s.io/v1alpha1 +
    • +
  • +wgpolicyk8s.io/v1alpha2 +

    • kyverno.io/v1

    Resource Types:
    +

    APICall +

    +

    +(Appears on: +ContextEntry) +

    +

    +

    APICall defines an HTTP request to the Kubernetes API server. The JSON +data retrieved is stored in the context. An APICall contains a URLPath +used to perform the HTTP GET request and an optional JMESPath used to +transform the retrieved JSON data.

    +

    + + + + + + + + + + + + + + + + + +
    FieldDescription
    +urlPath
    + +string + +    		 +

    URLPath is the URL path to be used in the HTTP GET request to the +Kubernetes API server (e.g. “/api/v1/namespaces” or “/apis/apps/v1/deployments”). +The format required is the same format used by the kubectl get --raw command.

    +
    +jmesPath
    + +string + +    		 +(Optional) +

    JMESPath is an optional JSON Match Expression that can be used to +transform the JSON response returned from the API server. For example +a JMESPath of “items | length(@)” applied to the API server response +to the URLPath “/apis/apps/v1/deployments” will return the total count +of deployments across all namespaces.

    +
    +
    +

    AdmissionRequestInfoObject +

    +

    +(Appears on: +GenerateRequestContext) +

    +

    +

    AdmissionRequestInfoObject stores the admission request and operation details

    +

    + + + + + + + + + + + + + + + + + +
    FieldDescription
    +admissionRequest
    + +string + +    		 +(Optional) +
    +operation
    + + +Kubernetes admission/v1beta1.Operation + + +    		 +(Optional) +
    +
    +

    AnyAllConditions +

    +

    +(Appears on: +Attestation, +ForEachMutation, +ForEachValidation) +

    +

    +

    AnyAllConditions consists of conditions wrapped denoting a logical criteria to be fulfilled. +AnyConditions get fulfilled when at least one of its sub-conditions passes. +AllConditions get fulfilled only when all of its sub-conditions pass.

    +

    + + + + + + + + + + + + + + + + + +
    FieldDescription
    +any
    + + +[]Condition + + +    		 +(Optional) +

    AnyConditions enable variable-based conditional rule execution. This is useful for +finer control of when an rule is applied. A condition can reference object data +using JMESPath notation. +Here, at least one of the conditions need to pass

    +
    +all
    + + +[]Condition + + +    		 +(Optional) +

    AllConditions enable variable-based conditional rule execution. This is useful for +finer control of when an rule is applied. A condition can reference object data +using JMESPath notation. +Here, all of the conditions need to pass

    +
    +
    +

    Attestation +

    +

    +(Appears on: +ImageVerification) +

    +

    +

    Attestation are checks for signed in-toto Statements that are used to verify the image. +See https://github.com/in-toto/attestation. Kyverno fetches signed attestations from the +OCI registry and decodes them into a list of Statements.

    +

    + + + + + + + + + + + + + + + + + +
    FieldDescription
    +predicateType
    + +string + +    		 +

    PredicateType defines the type of Predicate contained within the Statement.

    +
    +conditions
    + + +[]AnyAllConditions + + +    		 +(Optional) +

    Conditions are used to verify attributes within a Predicate. If no Conditions are specified +the attestation check is satisfied as long there are predicates that match the predicate type.

    +
    +

    CloneFrom

    @@ -127,6 +341,22 @@ each rule can validate, mutate, or generate resources.

    +failurePolicy
    + + +FailurePolicyType + + + + +(Optional) +

    FailurePolicy defines how unrecognized errors from the admission endpoint are handled. +Rules within the same policy share the same failure behavior. +Allowed values are Ignore or Fail. Defaults to Fail.

    + + + + validationFailureAction
    string @@ -153,6 +383,32 @@ Optional. Default value is “true”. The value must be set to “f uses variables that are only available in the admission review request (e.g. user name).

    + + +schemaValidation
    + +bool + + + +(Optional) +

    SchemaValidation skips policy validation checks. +Optional. The default value is set to “true”, it must be set to “false” to disable the validation checks.

    + + + + +webhookTimeoutSeconds
    + +int32 + + + +

    WebhookTimeoutSeconds specifies the maximum time in seconds allowed to apply this policy. +After the configured time expires, the admission request may fail, or may simply ignore the policy results, +based on the failure policy. The default timeout is 10s, the value must be between 1 and 30 seconds.

    + + @@ -177,8 +433,7 @@ PolicyStatus

    (Appears on: -Deny, -Rule) +AnyAllConditions)

    Condition defines variable-based conditional criteria for rule execution.

    @@ -212,7 +467,8 @@ ConditionOperator     -

    Operator is the operation to perform.

    +

    Operator is the operation to perform. Valid operators +are Equals, NotEquals, In, AnyIn, AllIn and NotIn, AnyNotIn, AllNotIn.

    @@ -265,6 +521,7 @@ string +

    Name is the ConfigMap name.

    @@ -275,6 +532,7 @@ string +

    Namespace is the ConfigMap namespace.

    @@ -284,10 +542,13 @@ string

    (Appears on: +ForEachMutation, +ForEachValidation, Rule)

    -

    ContextEntry adds variables and data sources to a rule Context

    +

    ContextEntry adds variables and data sources to a rule Context. Either a +ConfigMap reference or a APILookup must be provided.

    @@ -305,6 +566,7 @@ string @@ -317,6 +579,21 @@ ConfigMapReference + + + + @@ -326,11 +603,11 @@ ConfigMapReference

    (Appears on: +ForEachValidation, Validation)

    -

    Deny specifies a list of conditions. The validation rule fails, if any Condition -evaluates to “false”.

    +

    Deny specifies a list of conditions used to pass or fail a validation rule.

    +

    Name is the variable name.
    +

    ConfigMap is the ConfigMap reference.

    +
    +apiCall
    + + +APICall + + +    		 +

    APICall defines an HTTP request to the Kubernetes API server. The JSON +data retrieved is stored in the context.
    @@ -344,13 +621,14 @@ evaluates to “false”.

    @@ -376,6 +654,34 @@ which a policy rule is not applicable.

    + + + + + + + + @@ -399,7 +707,195 @@ ResourceDescription + + +
    conditions
    - -[]Condition - +k8s.io/apiextensions-apiserver/pkg/apis/apiextensions.JSON     		-

    Specifies set of condition to deny.

    +

    Multiple conditions can be declared under an any or all statement. A direct list +of conditions (without any or all statements) is also supported for backwards compatibility +but will be deprecated in the next major release. +See: https://kyverno.io/docs/writing-policies/validate/#deny-rules
    +any
    + + +ResourceFilters + + +    		 +(Optional) +

    Any allows specifying resources which will be ORed

    +
    +all
    + + +ResourceFilters + + +    		 +(Optional) +

    All allows specifying resources which will be ANDed

    +
    UserInfo
    @@ -385,7 +691,9 @@ UserInfo     		(Optional) -

    UserInfo contains information about the user performing the operation.

    +

    UserInfo contains information about the user performing the operation. +Specifying UserInfo directly under exclude is being deprecated. +Please specify under “any” or “all” instead.
    (Optional) -

    ResourceDescription contains information about the resource being created or modified.

    +

    ResourceDescription contains information about the resource being created or modified. +Specifying ResourceDescription directly under exclude is being deprecated. +Please specify under “any” or “all” instead.

    +
    +
    +

    FailurePolicyType +(string alias)

    +

    +(Appears on: +Spec) +

    +

    +

    FailurePolicyType specifies a failure policy that defines how unrecognized errors from the admission endpoint are handled.

    +

    +

    ForEachMutation +

    +

    +(Appears on: +Mutation) +

    +

    +

    ForEachMutation applies policy rule changes to nested elements.

    +

    + + + + + + + + + + + + + + + + + + + + + + + + + +
    FieldDescription
    +list
    + +string + +    		 +

    List specifies a JMESPath expression that results in one or more elements +to which the validation logic is applied.

    +
    +context
    + + +[]ContextEntry + + +    		 +(Optional) +

    Context defines variables and data sources that can be used during rule execution.

    +
    +preconditions
    + + +AnyAllConditions + + +    		 +(Optional) +

    AnyAllConditions are used to determine if a policy rule should be applied by evaluating a +set of conditions. The declaration can contain nested any or all statements. +See: https://kyverno.io/docs/writing-policies/preconditions/

    +
    +patchStrategicMerge
    + +k8s.io/apiextensions-apiserver/pkg/apis/apiextensions.JSON + +    		 +(Optional) +

    PatchStrategicMerge is a strategic merge patch used to modify resources. +See https://kubernetes.io/docs/tasks/manage-kubernetes-objects/update-api-object-kubectl-patch/ +and https://kubectl.docs.kubernetes.io/references/kustomize/patchesstrategicmerge/.

    +
    +
    +

    ForEachValidation +

    +

    +(Appears on: +Validation) +

    +

    +

    ForEachValidation applies policy rule checks to nested elements.

    +

    + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + @@ -533,6 +1029,19 @@ RequestInfo (Optional) + + + +
    FieldDescription
    +list
    + +string + +    		 +

    List specifies a JMESPath expression that results in one or more elements +to which the validation logic is applied.

    +
    +context
    + + +[]ContextEntry + + +    		 +(Optional) +

    Context defines variables and data sources that can be used during rule execution.

    +
    +preconditions
    + + +AnyAllConditions + + +    		 +(Optional) +

    AnyAllConditions are used to determine if a policy rule should be applied by evaluating a +set of conditions. The declaration can contain nested any or all statements. +See: https://kyverno.io/docs/writing-policies/preconditions/

    +
    +pattern
    + +k8s.io/apiextensions-apiserver/pkg/apis/apiextensions.JSON + +    		 +(Optional) +

    Pattern specifies an overlay-style pattern used to check resources.

    +
    +anyPattern
    + +k8s.io/apiextensions-apiserver/pkg/apis/apiextensions.JSON + +    		 +(Optional) +

    AnyPattern specifies list of validation patterns. At least one of the patterns +must be satisfied for the validation rule to succeed.

    +
    +deny
    + + +Deny + + +    		 +(Optional) +

    Deny defines conditions used to pass or fail a validation rule.
    +admissionRequestInfo
    + + +AdmissionRequestInfoObject + + +    		 +(Optional) +
    @@ -739,6 +1248,100 @@ resource will be created with default data only.

    +

    ImageVerification +

    +

    +(Appears on: +Rule) +

    +

    +

    ImageVerification validates that images that match the specified pattern +are signed with the supplied public key. Once the image is verified it is +mutated to include the SHA digest retrieved during the registration.

    +

    + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    FieldDescription
    +image
    + +string + +    		 +

    Image is the image name consisting of the registry address, repository, image, and tag. +Wildcards (‘*’ and ‘?’) are allowed. See: https://kubernetes.io/docs/concepts/containers/images.

    +
    +key
    + +string + +    		 +

    Key is the PEM encoded public key that the image or attestation is signed with.

    +
    +roots
    + +string + +    		 +

    Roots is the PEM encoded Root certificate chain used for keyless signing

    +
    +subject
    + +string + +    		 +

    Subject is the verified identity used for keyless signing, for example the email address

    +
    +repository
    + +string + +    		 +

    Repository is an optional alternate OCI repository to use for image signatures that match this rule. +If specified Repository will override the default OCI image repository configured for the installation.

    +
    +attestations
    + + +[]Attestation + + +    		 +

    Attestations are optional checks for signed in-toto Statements used to verify the image. +See https://github.com/in-toto/attestation. Kyverno fetches signed attestations from the +OCI registry and decodes them into a list of Statement declarations.

    +
    +

    MatchResources

    @@ -759,6 +1362,34 @@ which a policy rule is applicable.

    +any
    + + +ResourceFilters + + + + +(Optional) +

    Any allows specifying resources which will be ORed

    + + + + +all
    + + +ResourceFilters + + + + +(Optional) +

    All allows specifying resources which will be ANDed

    + + + + UserInfo
    @@ -768,7 +1399,9 @@ UserInfo (Optional) -

    UserInfo contains information about the user performing the operation.

    +

    UserInfo contains information about the user performing the operation. +Specifying UserInfo directly under match is being deprecated. +Please specify under “any” or “all” instead.

    @@ -781,7 +1414,11 @@ ResourceDescription     -

    ResourceDescription contains information about the resource being created or modified.

    +(Optional) +

    ResourceDescription contains information about the resource being created or modified. +Requires at least one tag to be specified when under MatchResources. +Specifying ResourceDescription directly under match is being deprecated. +Please specify under “any” or “all” instead.

    @@ -861,6 +1498,20 @@ string See     https://tools.ietf.org/html/rfc6902 and https://kubectl.docs.kubernetes.io/references/kustomize/patchesjson6902/.

    + + +foreach
    + + +[]ForEachMutation + + + + +(Optional) +

    ForEachMutation applies policy rule changes to nested elements.

    + +
    @@ -958,7 +1609,7 @@ Spec -

    Spec defines policy behaviors and contains one or rules.

    +

    Spec defines policy behaviors and contains one or more rules.



    @@ -978,6 +1629,22 @@ each rule can validate, mutate, or generate resources.

    + + + + + + + + + + + +
    +failurePolicy
    + + +FailurePolicyType + + +    		 +(Optional) +

    FailurePolicy defines how unrecognized errors from the admission endpoint are handled. +Rules within the same policy share the same failure behavior. +Allowed values are Ignore or Fail. Defaults to Fail.

    +
    validationFailureAction
    string @@ -1004,6 +1671,32 @@ Optional. Default value is “true”. The value must be set to “f uses variables that are only available in the admission review request (e.g. user name).
    +schemaValidation
    + +bool + +    		 +(Optional) +

    SchemaValidation skips policy validation checks. +Optional. The default value is set to “true”, it must be set to “false” to disable the validation checks.

    +
    +webhookTimeoutSeconds
    + +int32 + +    		 +

    WebhookTimeoutSeconds specifies the maximum time in seconds allowed to apply this policy. +After the configured time expires, the admission request may fail, or may simply ignore the policy results, +based on the failure policy. The default timeout is 10s, the value must be between 1 and 30 seconds.

    +
    @@ -1018,7 +1711,8 @@ PolicyStatus (Optional) -

    Status contains policy runtime information.

    +

    Status contains policy runtime information. +Deprecated. Policy metrics are available via the metrics endpoint

    @@ -1032,7 +1726,9 @@ PolicyStatus Policy)

    -

    PolicyStatus mostly contains runtime information related to policy execution.

    +

    PolicyStatus mostly contains runtime information related to policy execution. +Deprecated. Policy metrics are now available via the “/metrics” endpoint. +See: https://kyverno.io/docs/monitoring-kyverno-with-prometheus-metrics/

    @@ -1044,100 +1740,13 @@ PolicyStatus - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -1206,7 +1815,8 @@ Kubernetes authentication/v1.UserInfo

    (Appears on: ExcludeResources, -MatchResources) +MatchResources, +ResourceFilter)

    ResourceDescription contains criteria used to match resources.

    @@ -1246,6 +1856,20 @@ string + + + + + + + +
    -averageExecutionTime
    +ready
    -string +bool     		-(Optional) -

    AvgExecutionTime is the average time taken to process the policy rules on a resource.

    -
    -violationCount
    - -int - -    		 -(Optional) -

    ViolationCount is the total count of policy failure results for this policy.

    -
    -rulesFailedCount
    - -int - -    		 -(Optional) -

    RulesFailedCount is the total count of policy execution errors for this policy.

    -
    -rulesAppliedCount
    - -int - -    		 -(Optional) -

    RulesAppliedCount is the total number of times this policy was applied.

    -
    -resourcesBlockedCount
    - -int - -    		 -(Optional) -

    ResourcesBlockedCount is the total count of admission review requests that were blocked by this policy.

    -
    -resourcesMutatedCount
    - -int - -    		 -(Optional) -

    ResourcesMutatedCount is the total count of resources that were mutated by this policy.

    -
    -resourcesGeneratedCount
    - -int - -    		 -(Optional) -

    ResourcesGeneratedCount is the total count of resources that were generated by this policy.

    -
    -ruleStatus
    - - -[]RuleStats - - -    		 -(Optional) -

    Rules provides per rule statistics

    +

    Ready indicates if the policy is ready to serve the admission request
    +names
    + +[]string + +    		 +(Optional) +

    Names are the names of the resources. Each name supports wildcard characters +“*” (matches zero or many characters) and “?” (at least one character). +NOTE: “Name” is being deprecated in favor of “Names”.

    +
    namespaces
    []string @@ -1288,9 +1912,80 @@ Wildcards allows writing label selectors like [“storage.k8s.io/” using [”” : “”] matches any key and value but does not match an empty label set.
    +namespaceSelector
    + + +Kubernetes meta/v1.LabelSelector + + +    		 +(Optional) +

    NamespaceSelector is a label selector for the resource namespace. Label keys and values +in matchLabels support the wildcard characters * (matches zero or many characters) +and ? (matches one character).Wildcards allows writing label selectors like +[“storage.k8s.io/”: “”]. Note that using [”” : “”] matches any key and value but +does not match an empty label set.

    +
    +

    ResourceFilter +

    +

    +

    ResourceFilter allow users to “AND” or “OR” between resources

    +

    + + + + + + + + + + + + + + + + + +
    FieldDescription
    +UserInfo
    + + +UserInfo + + +    		 +(Optional) +

    UserInfo contains information about the user performing the operation.

    +
    +resources
    + + +ResourceDescription + + +    		 +

    ResourceDescription contains information about the resource being created or modified.

    +
    +
    +

    ResourceFilters +([]github.com/kyverno/kyverno/api/kyverno/v1.ResourceFilter alias)

    +

    +(Appears on: +ExcludeResources, +MatchResources) +

    +

    +

    ResourceFilters is a slice of ResourceFilter

    +

    ResourceSpec

    @@ -1439,16 +2134,16 @@ and admission review request information like the name or role.

    preconditions
    - -[]Condition - +k8s.io/apiextensions-apiserver/pkg/apis/apiextensions.JSON (Optional) -

    Conditions enable variable-based conditional rule execution. This is useful for -finer control of when an rule is applied. A condition can reference object data -using JMESPath notation.

    +

    Preconditions are used to determine if a policy rule should be applied by evaluating a +set of conditions. The declaration can contain nested any or all statements. A direct list +of conditions (without any or all statements is supported for backwards compatibility but +will be deprecated in the next major release. +See: https://kyverno.io/docs/writing-policies/preconditions/

    @@ -1493,119 +2188,18 @@ Generation

    Generation is used to create new resources.

    - - -
    -

    RuleStats -

    -

    -(Appears on: -PolicyStatus) -

    -

    -

    RuleStats provides statistics for an individual rule within a policy.

    -

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -1645,6 +2239,22 @@ each rule can validate, mutate, or generate resources.

    + + + + + + + + + + + +
    FieldDescription
    -ruleName
    +verifyImages
    -string - -    		 -

    Name is the rule name.

    -
    -averageExecutionTime
    - -string + +[]ImageVerification +     		(Optional) -

    ExecutionTime is the average time taken to execute this rule.

    -
    -violationCount
    - -int - -    		 -(Optional) -

    ViolationCount is the total count of policy failure results for this rule.

    -
    -failedCount
    - -int - -    		 -(Optional) -

    FailedCount is the total count of policy error results for this rule.

    -
    -appliedCount
    - -int - -    		 -(Optional) -

    AppliedCount is the total number of times this rule was applied.

    -
    -resourcesBlockedCount
    - -int - -    		 -(Optional) -

    ResourcesBlockedCount is the total count of admission review requests that were blocked by this rule.

    -
    -resourcesMutatedCount
    - -int - -    		 -(Optional) -

    ResourcesMutatedCount is the total count of resources that were mutated by this rule.

    -
    -resourcesGeneratedCount
    - -int - -    		 -(Optional) -

    ResourcesGeneratedCount is the total count of resources that were generated by this rule.

    +

    VerifyImages is used to verify image signatures and mutate them to add a digest
    +failurePolicy
    + + +FailurePolicyType + + +    		 +(Optional) +

    FailurePolicy defines how unrecognized errors from the admission endpoint are handled. +Rules within the same policy share the same failure behavior. +Allowed values are Ignore or Fail. Defaults to Fail.

    +
    validationFailureAction
    string @@ -1671,6 +2281,32 @@ Optional. Default value is “true”. The value must be set to “f uses variables that are only available in the admission review request (e.g. user name).
    +schemaValidation
    + +bool + +    		 +(Optional) +

    SchemaValidation skips policy validation checks. +Optional. The default value is set to “true”, it must be set to “false” to disable the validation checks.

    +
    +webhookTimeoutSeconds
    + +int32 + +    		 +

    WebhookTimeoutSeconds specifies the maximum time in seconds allowed to apply this policy. +After the configured time expires, the admission request may fail, or may simply ignore the policy results, +based on the failure policy. The default timeout is 10s, the value must be between 1 and 30 seconds.

    +
    @@ -1679,7 +2315,8 @@ uses variables that are only available in the admission review request (e.g. use

    (Appears on: ExcludeResources, -MatchResources) +MatchResources, +ResourceFilter)

    UserInfo contains information about the user performing the operation.

    @@ -1764,6 +2401,20 @@ string +foreach
    + + +[]ForEachValidation + + + + +(Optional) +

    ForEach applies policy rule changes to nested elements.

    + + + + pattern
    k8s.io/apiextensions-apiserver/pkg/apis/apiextensions.JSON @@ -1798,7 +2449,7 @@ Deny (Optional) -

    Deny defines conditions to fail the validation rule.

    +

    Deny defines conditions used to pass or fail a validation rule.

    @@ -1825,7 +2476,7 @@ string     -

    Specifies violated rule name.

    +

    Name specifies violated rule name.

    @@ -1836,7 +2487,7 @@ string -

    Specifies violated rule type.

    +

    Type specifies violated rule type.

    @@ -1848,23 +2499,1364 @@ string (Optional) -

    Specifies violation message.

    +

    Message specifies violation message.

    -check
    +status
    + +string + + + +

    Status shows the rule response status

    + + + + +
    +

    kyverno.io/v1alpha1

    +

    +

    Package v1alpha1 contains API Schema definitions for the policy v1alpha1 API group

    +

    +Resource Types: + +
    +

    ClusterReportChangeRequest +

    +

    +

    ClusterReportChangeRequest is the Schema for the ClusterReportChangeRequests API

    +

    + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    FieldDescription
    +metadata
    + + +Kubernetes meta/v1.ObjectMeta + + +    		 +Refer to the Kubernetes API documentation for the fields of the +metadata field. +
    +scope
    + + +Kubernetes core/v1.ObjectReference + + +    		 +(Optional) +

    Scope is an optional reference to the report scope (e.g. a Deployment, Namespace, or Node)

    +
    +scopeSelector
    + + +Kubernetes meta/v1.LabelSelector + + +    		 +(Optional) +

    ScopeSelector is an optional selector for multiple scopes (e.g. Pods). +Either one of, or none of, but not both of, Scope or ScopeSelector should be specified.

    +
    +summary
    + + +PolicyReportSummary + + +    		 +(Optional) +

    PolicyReportSummary provides a summary of results

    +
    +results
    + + +[]PolicyReportResult + + +    		 +(Optional) +

    PolicyReportResult provides result details

    +
    +
    +

    ReportChangeRequest +

    +

    +

    ReportChangeRequest is the Schema for the ReportChangeRequests API

    +

    + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    FieldDescription
    +metadata
    + + +Kubernetes meta/v1.ObjectMeta + + +    		 +Refer to the Kubernetes API documentation for the fields of the +metadata field. +
    +scope
    + + +Kubernetes core/v1.ObjectReference + + +    		 +(Optional) +

    Scope is an optional reference to the report scope (e.g. a Deployment, Namespace, or Node)

    +
    +scopeSelector
    + + +Kubernetes meta/v1.LabelSelector + + +    		 +(Optional) +

    ScopeSelector is an optional selector for multiple scopes (e.g. Pods). +Either one of, or none of, but not both of, Scope or ScopeSelector should be specified.

    +
    +summary
    + + +PolicyReportSummary + + +    		 +(Optional) +

    PolicyReportSummary provides a summary of results

    +
    +results
    + + +[]PolicyReportResult + + +    		 +(Optional) +

    PolicyReportResult provides result details

    +
    +
    +

    kyverno.io/v1alpha2

    +

    +

    Package v1alpha2 contains API Schema definitions for the policy v1alpha2 API group

    +

    +Resource Types: + +
    +

    ClusterReportChangeRequest +

    +

    +

    ClusterReportChangeRequest is the Schema for the ClusterReportChangeRequests API

    +

    + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    FieldDescription
    +metadata
    + + +Kubernetes meta/v1.ObjectMeta + + +    		 +Refer to the Kubernetes API documentation for the fields of the +metadata field. +
    +scope
    + + +Kubernetes core/v1.ObjectReference + + +    		 +(Optional) +

    Scope is an optional reference to the report scope (e.g. a Deployment, Namespace, or Node)

    +
    +scopeSelector
    + + +Kubernetes meta/v1.LabelSelector + + +    		 +(Optional) +

    ScopeSelector is an optional selector for multiple scopes (e.g. Pods). +Either one of, or none of, but not both of, Scope or ScopeSelector should be specified.

    +
    +summary
    + + +PolicyReportSummary + + +    		 +(Optional) +

    PolicyReportSummary provides a summary of results

    +
    +results
    + + +[]PolicyReportResult + + +    		 +(Optional) +

    PolicyReportResult provides result details

    +
    +
    +

    ReportChangeRequest +

    +

    +

    ReportChangeRequest is the Schema for the ReportChangeRequests API

    +

    + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    FieldDescription
    +metadata
    + + +Kubernetes meta/v1.ObjectMeta + + +    		 +Refer to the Kubernetes API documentation for the fields of the +metadata field. +
    +scope
    + + +Kubernetes core/v1.ObjectReference + + +    		 +(Optional) +

    Scope is an optional reference to the report scope (e.g. a Deployment, Namespace, or Node)

    +
    +scopeSelector
    + + +Kubernetes meta/v1.LabelSelector + + +    		 +(Optional) +

    ScopeSelector is an optional selector for multiple scopes (e.g. Pods). +Either one of, or none of, but not both of, Scope or ScopeSelector should be specified.

    +
    +summary
    + + +PolicyReportSummary + + +    		 +(Optional) +

    PolicyReportSummary provides a summary of results

    +
    +results
    + + +[]PolicyReportResult + + +    		 +(Optional) +

    PolicyReportResult provides result details

    +
    +
    +

    wgpolicyk8s.io/v1alpha1

    +

    +

    Package v1alpha1 contains API Schema definitions for the policy v1alpha1 API group

    +

    +Resource Types: + +
    +

    ClusterPolicyReport +

    +

    +

    ClusterPolicyReport is the Schema for the clusterpolicyreports API

    +

    + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    FieldDescription
    +apiVersion
    +string    		 + +wgpolicyk8s.io/v1alpha1 + +
    +kind
    +string +    		ClusterPolicyReport
    +metadata
    + + +Kubernetes meta/v1.ObjectMeta + + +    		 +Refer to the Kubernetes API documentation for the fields of the +metadata field. +
    +scope
    + + +Kubernetes core/v1.ObjectReference + + +    		 +(Optional) +

    Scope is an optional reference to the report scope (e.g. a Deployment, Namespace, or Node)

    +
    +scopeSelector
    + + +Kubernetes meta/v1.LabelSelector + + +    		 +(Optional) +

    ScopeSelector is an optional selector for multiple scopes (e.g. Pods). +Either one of, or none of, but not both of, Scope or ScopeSelector should be specified.

    +
    +summary
    + + +PolicyReportSummary + + +    		 +(Optional) +

    PolicyReportSummary provides a summary of results

    +
    +results
    + + +[]PolicyReportResult + + +    		 +(Optional) +

    PolicyReportResult provides result details

    +
    +
    +

    PolicyReport +

    +

    +

    PolicyReport is the Schema for the policyreports API

    +

    + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    FieldDescription
    +apiVersion
    +string    		 + +wgpolicyk8s.io/v1alpha1 + +
    +kind
    +string +    		PolicyReport
    +metadata
    + + +Kubernetes meta/v1.ObjectMeta + + +    		 +Refer to the Kubernetes API documentation for the fields of the +metadata field. +
    +scope
    + + +Kubernetes core/v1.ObjectReference + + +    		 +(Optional) +

    Scope is an optional reference to the report scope (e.g. a Deployment, Namespace, or Node)

    +
    +scopeSelector
    + + +Kubernetes meta/v1.LabelSelector + + +    		 +(Optional) +

    ScopeSelector is an optional selector for multiple scopes (e.g. Pods). +Either one of, or none of, but not both of, Scope or ScopeSelector should be specified.

    +
    +summary
    + + +PolicyReportSummary + + +    		 +(Optional) +

    PolicyReportSummary provides a summary of results

    +
    +results
    + + +[]PolicyReportResult + + +    		 +(Optional) +

    PolicyReportResult provides result details

    +
    +
    +

    PolicyReportResult +

    +

    +(Appears on: +ClusterPolicyReport, +PolicyReport, +ClusterReportChangeRequest, +ReportChangeRequest) +

    +

    +

    PolicyReportResult provides the result for an individual policy

    +

    + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    FieldDescription
    +policy
    + +string + +    		 +

    Policy is the name of the policy

    +
    +rule
    string     		(Optional) +

    Rule is the name of the policy rule

    +
    +resources
    + + +[]Kubernetes core/v1.ObjectReference + + +    		 +(Optional) +

    Resources is an optional reference to the resource checked by the policy and rule

    +
    +resourceSelector
    + + +Kubernetes meta/v1.LabelSelector + + +    		 +(Optional) +

    ResourceSelector is an optional selector for policy results that apply to multiple resources. +For example, a policy result may apply to all pods that match a label. +Either a Resource or a ResourceSelector can be specified. If neither are provided, the +result is assumed to be for the policy report scope.

    +
    +message
    + +string + +    		 +

    Message is a short user friendly description of the policy rule

    +
    +status
    + + +PolicyStatus + + +    		 +

    Status indicates the result of the policy rule check

    +
    +scored
    + +bool + +    		 +

    Scored indicates if this policy rule is scored

    +
    +data
    + +map[string]string + +    		 +

    Data provides additional information for the policy rule

    +
    +category
    + +string + +    		 +(Optional) +

    Category indicates policy category

    +
    +severity
    + + +PolicySeverity + + +    		 +(Optional) +

    Severity indicates policy severity
    +

    PolicyReportSummary +

    +

    +(Appears on: +ClusterPolicyReport, +PolicyReport, +ClusterReportChangeRequest, +ReportChangeRequest) +

    +

    +

    PolicyReportSummary provides a status count summary

    +

    + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    FieldDescription
    +pass
    + +int + +    		 +(Optional) +

    Pass provides the count of policies whose requirements were met

    +
    +fail
    + +int + +    		 +(Optional) +

    Fail provides the count of policies whose requirements were not met

    +
    +warn
    + +int + +    		 +(Optional) +

    Warn provides the count of unscored policies whose requirements were not met

    +
    +error
    + +int + +    		 +(Optional) +

    Error provides the count of policies that could not be evaluated

    +
    +skip
    + +int + +    		 +(Optional) +

    Skip indicates the count of policies that were not selected for evaluation

    +
    +
    +

    PolicySeverity +(string alias)

    +

    +(Appears on: +PolicyReportResult) +

    +

    +

    PolicySeverity has one of the following values: +- high +- low +- medium

    +

    +

    PolicyStatus +(string alias)

    +

    +(Appears on: +PolicyReportResult) +

    +

    +

    PolicyStatus has one of the following values: +- pass: indicates that the policy requirements are met +- fail: indicates that the policy requirements are not met +- warn: indicates that the policy requirements and not met, and the policy is not scored +- error: indicates that the policy could not be evaluated +- skip: indicates that the policy was not selected based on user inputs or applicability

    +

    +

    wgpolicyk8s.io/v1alpha2

    +

    +

    Package v1alpha2 contains API Schema definitions for the policy v1alpha2 API group

    +

    +Resource Types: + +
    +

    ClusterPolicyReport +

    +

    +

    ClusterPolicyReport is the Schema for the clusterpolicyreports API

    +

    + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    FieldDescription
    +apiVersion
    +string    		 + +wgpolicyk8s.io/v1alpha2 + +
    +kind
    +string +    		ClusterPolicyReport
    +metadata
    + + +Kubernetes meta/v1.ObjectMeta + + +    		 +Refer to the Kubernetes API documentation for the fields of the +metadata field. +
    +scope
    + + +Kubernetes core/v1.ObjectReference + + +    		 +(Optional) +

    Scope is an optional reference to the report scope (e.g. a Deployment, Namespace, or Node)

    +
    +scopeSelector
    + + +Kubernetes meta/v1.LabelSelector + + +    		 +(Optional) +

    ScopeSelector is an optional selector for multiple scopes (e.g. Pods). +Either one of, or none of, but not both of, Scope or ScopeSelector should be specified.

    +
    +summary
    + + +PolicyReportSummary + + +    		 +(Optional) +

    PolicyReportSummary provides a summary of results

    +
    +results
    + + +[]PolicyReportResult + + +    		 +(Optional) +

    PolicyReportResult provides result details

    +
    +
    +

    PolicyReport +

    +

    +

    PolicyReport is the Schema for the policyreports API

    +

    + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    FieldDescription
    +apiVersion
    +string    		 + +wgpolicyk8s.io/v1alpha2 + +
    +kind
    +string +    		PolicyReport
    +metadata
    + + +Kubernetes meta/v1.ObjectMeta + + +    		 +Refer to the Kubernetes API documentation for the fields of the +metadata field. +
    +scope
    + + +Kubernetes core/v1.ObjectReference + + +    		 +(Optional) +

    Scope is an optional reference to the report scope (e.g. a Deployment, Namespace, or Node)

    +
    +scopeSelector
    + + +Kubernetes meta/v1.LabelSelector + + +    		 +(Optional) +

    ScopeSelector is an optional selector for multiple scopes (e.g. Pods). +Either one of, or none of, but not both of, Scope or ScopeSelector should be specified.

    +
    +summary
    + + +PolicyReportSummary + + +    		 +(Optional) +

    PolicyReportSummary provides a summary of results

    +
    +results
    + + +[]PolicyReportResult + + +    		 +(Optional) +

    PolicyReportResult provides result details

    +
    +
    +

    PolicyReportResult +

    +

    +(Appears on: +ClusterPolicyReport, +PolicyReport, +ClusterReportChangeRequest, +ReportChangeRequest) +

    +

    +

    PolicyReportResult provides the result for an individual policy

    +

    + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    FieldDescription
    +source
    + +string + +    		 +(Optional) +

    Source is an identifier for the policy engine that manages this report

    +
    +policy
    + +string + +    		 +

    Policy is the name of the policy

    +
    +rule
    + +string + +    		 +(Optional) +

    Rule is the name of the policy rule

    +
    +resources
    + + +[]Kubernetes core/v1.ObjectReference + + +    		 +(Optional) +

    Resources is an optional reference to the resource checked by the policy and rule

    +
    +resourceSelector
    + + +Kubernetes meta/v1.LabelSelector + + +    		 +(Optional) +

    ResourceSelector is an optional selector for policy results that apply to multiple resources. +For example, a policy result may apply to all pods that match a label. +Either a Resource or a ResourceSelector can be specified. If neither are provided, the +result is assumed to be for the policy report scope.

    +
    +message
    + +string + +    		 +

    Message is a short user friendly description of the policy rule

    +
    +result
    + + +PolicyResult + + +    		 +

    Result indicates the outcome of the policy rule execution

    +
    +scored
    + +bool + +    		 +

    Scored indicates if this policy rule is scored

    +
    +properties
    + +map[string]string + +    		 +

    Properties provides additional information for the policy rule

    +
    +timestamp
    + + +Kubernetes meta/v1.Timestamp + + +    		 +

    Timestamp indicates the time the result was found

    +
    +category
    + +string + +    		 +(Optional) +

    Category indicates policy category

    +
    +severity
    + + +PolicySeverity + + +    		 +(Optional) +

    Severity indicates policy severity

    +
    +
    +

    PolicyReportSummary +

    +

    +(Appears on: +ClusterPolicyReport, +PolicyReport, +ClusterReportChangeRequest, +ReportChangeRequest) +

    +

    +

    PolicyReportSummary provides a status count summary

    +

    + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    FieldDescription
    +pass
    + +int + +    		 +(Optional) +

    Pass provides the count of policies whose requirements were met

    +
    +fail
    + +int + +    		 +(Optional) +

    Fail provides the count of policies whose requirements were not met

    +
    +warn
    + +int + +    		 +(Optional) +

    Warn provides the count of unscored policies whose requirements were not met

    +
    +error
    + +int + +    		 +(Optional) +

    Error provides the count of policies that could not be evaluated

    +
    +skip
    + +int + +    		 +(Optional) +

    Skip indicates the count of policies that were not selected for evaluation

    +
    +
    +

    PolicyResult +(string alias)

    +

    +(Appears on: +PolicyReportResult) +

    +

    +

    PolicyResult has one of the following values: +- pass: indicates that the policy requirements are met +- fail: indicates that the policy requirements are not met +- warn: indicates that the policy requirements and not met, and the policy is not scored +- error: indicates that the policy could not be evaluated +- skip: indicates that the policy was not selected based on user inputs or applicability

    +

    +

    PolicySeverity +(string alias)

    +

    +(Appears on: +PolicyReportResult) +

    +

    +

    PolicySeverity has one of the following values: +- high +- low +- medium

    +