mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-28 18:38:40 +00:00
Code Activity

Add PodSecurity description (#4475)

Browse source 
Signed-off-by: ShutingZhao <shuting@nirmata.com>

Signed-off-by: ShutingZhao <shuting@nirmata.com>
This commit is contained in:
shuting 2022-09-01 17:03:41 +08:00 committed by GitHub
parent 1e25bfd16f
commit c1b1cbb7da
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
7 changed files with 35 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
api/kyverno/v1/common_types.go
View file

@ -321,6 +321,8 @@ type Validation struct {
PodSecurity *PodSecurity `json:"podSecurity,omitempty" yaml:"podSecurity,omitempty"`
}
// PodSecurity applies exemptions for Kubernetes Pod Security admission
// by specifying exclusions for Pod Security Standards controls.
type PodSecurity struct {
// Level defines the Pod Security Standard level to be applied to workloads.
// Allowed values are privileged, baseline, and restricted.
@ -336,6 +338,8 @@ type PodSecurity struct {
// Exclude specifies the Pod Security Standard controls to be excluded.
Exclude []PodSecurityStandard `json:"exclude,omitempty" yaml:"exclude,omitempty"`
}
// PodSecurityStandard specifies the Pod Security Standard controls to be excluded.
type PodSecurityStandard struct {
// ControlName specifies the name of the Pod Security Standard control.
// See: https://kubernetes.io/docs/concepts/security/pod-security-standards/

4
charts/kyverno/templates/crds.yaml
View file

@ -1456,6 +1456,7 @@ spec:
exclude:
description: Exclude specifies the Pod Security Standard controls to be excluded.
items:
description: PodSecurityStandard specifies the Pod Security Standard controls to be excluded.
properties:
controlName:
description: 'ControlName specifies the name of the Pod Security Standard control. See: https://kubernetes.io/docs/concepts/security/pod-security-standards/'
@ -3140,6 +3141,7 @@ spec:
exclude:
description: Exclude specifies the Pod Security Standard controls to be excluded.
items:
description: PodSecurityStandard specifies the Pod Security Standard controls to be excluded.
properties:
controlName:
description: 'ControlName specifies the name of the Pod Security Standard control. See: https://kubernetes.io/docs/concepts/security/pod-security-standards/'
@ -5643,6 +5645,7 @@ spec:
exclude:
description: Exclude specifies the Pod Security Standard controls to be excluded.
items:
description: PodSecurityStandard specifies the Pod Security Standard controls to be excluded.
properties:
controlName:
description: 'ControlName specifies the name of the Pod Security Standard control. See: https://kubernetes.io/docs/concepts/security/pod-security-standards/'
@ -7327,6 +7330,7 @@ spec:
exclude:
description: Exclude specifies the Pod Security Standard controls to be excluded.
items:
description: PodSecurityStandard specifies the Pod Security Standard controls to be excluded.
properties:
controlName:
description: 'ControlName specifies the name of the Pod Security Standard control. See: https://kubernetes.io/docs/concepts/security/pod-security-standards/'

4
config/crds/kyverno.io_clusterpolicies.yaml
View file

@ -2298,6 +2298,8 @@ spec:
description: Exclude specifies the Pod Security Standard
controls to be excluded.
items:
description: PodSecurityStandard specifies the Pod
Security Standard controls to be excluded.
properties:
controlName:
description: 'ControlName specifies the name of
@ -5079,6 +5081,8 @@ spec:
description: Exclude specifies the Pod Security
Standard controls to be excluded.
items:
description: PodSecurityStandard specifies the
Pod Security Standard controls to be excluded.
properties:
controlName:
description: 'ControlName specifies the name

4
config/crds/kyverno.io_policies.yaml
View file

@ -2299,6 +2299,8 @@ spec:
description: Exclude specifies the Pod Security Standard
controls to be excluded.
items:
description: PodSecurityStandard specifies the Pod
Security Standard controls to be excluded.
properties:
controlName:
description: 'ControlName specifies the name of
@ -5081,6 +5083,8 @@ spec:
description: Exclude specifies the Pod Security
Standard controls to be excluded.
items:
description: PodSecurityStandard specifies the
Pod Security Standard controls to be excluded.
properties:
controlName:
description: 'ControlName specifies the name

8
config/install.yaml
View file

@ -2315,6 +2315,8 @@ spec:
description: Exclude specifies the Pod Security Standard
controls to be excluded.
items:
description: PodSecurityStandard specifies the Pod
Security Standard controls to be excluded.
properties:
controlName:
description: 'ControlName specifies the name of
@ -5096,6 +5098,8 @@ spec:
description: Exclude specifies the Pod Security
Standard controls to be excluded.
items:
description: PodSecurityStandard specifies the
Pod Security Standard controls to be excluded.
properties:
controlName:
description: 'ControlName specifies the name
@ -8860,6 +8864,8 @@ spec:
description: Exclude specifies the Pod Security Standard
controls to be excluded.
items:
description: PodSecurityStandard specifies the Pod
Security Standard controls to be excluded.
properties:
controlName:
description: 'ControlName specifies the name of
@ -11642,6 +11648,8 @@ spec:
description: Exclude specifies the Pod Security
Standard controls to be excluded.
items:
description: PodSecurityStandard specifies the
Pod Security Standard controls to be excluded.
properties:
controlName:
description: 'ControlName specifies the name

8
config/install_debug.yaml
View file

@ -2313,6 +2313,8 @@ spec:
description: Exclude specifies the Pod Security Standard
controls to be excluded.
items:
description: PodSecurityStandard specifies the Pod
Security Standard controls to be excluded.
properties:
controlName:
description: 'ControlName specifies the name of
@ -5094,6 +5096,8 @@ spec:
description: Exclude specifies the Pod Security
Standard controls to be excluded.
items:
description: PodSecurityStandard specifies the
Pod Security Standard controls to be excluded.
properties:
controlName:
description: 'ControlName specifies the name
@ -8854,6 +8858,8 @@ spec:
description: Exclude specifies the Pod Security Standard
controls to be excluded.
items:
description: PodSecurityStandard specifies the Pod
Security Standard controls to be excluded.
properties:
controlName:
description: 'ControlName specifies the name of
@ -11636,6 +11642,8 @@ spec:
description: Exclude specifies the Pod Security
Standard controls to be excluded.
items:
description: PodSecurityStandard specifies the
Pod Security Standard controls to be excluded.
properties:
controlName:
description: 'ControlName specifies the name

3
docs/crd/v1/index.html
View file

@ -2535,6 +2535,8 @@ github.com/sigstore/k8s-manifest-sigstore/pkg/k8smanifest.ObjectReferenceList
<a href="#kyverno.io/v1.Validation">Validation</a>)
</p>
<p>
<p>PodSecurity applies exemptions for Kubernetes Pod Security admission
by specifying exclusions for Pod Security Standards controls.</p>
</p>
<table class="table table-striped">
<thead class="thead-dark">
@ -2592,6 +2594,7 @@ Allowed values are v1.19, v1.20, v1.21, v1.22, v1.23, v1.24, v1.25, latest. Defa
<a href="#kyverno.io/v1.PodSecurity">PodSecurity</a>)
</p>
<p>
<p>PodSecurityStandard specifies the Pod Security Standard controls to be excluded.</p>
</p>
<table class="table table-striped">
<thead class="thead-dark">