mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-29 02:45:06 +00:00
Code Activity

tag v1.3.0-rc7

Browse source
This commit is contained in:
Shuting Zhao 2020-12-07 12:32:04 -08:00
parent d07058e90f
commit d8d90235f3
6 changed files with 3146 additions and 967 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
charts/kyverno/Chart.yaml
View file

@ -1,7 +1,7 @@
apiVersion: v1
name: kyverno
version: v1.3.0-rc6
appVersion: v1.3.0-rc6
version: v1.3.0-rc7
appVersion: v1.3.0-rc7
icon: https://github.com/kyverno/kyverno/blob/master/documentation/images/Kyverno_Horizontal.png
description: Kubernetes Native Policy Management
keywords:

1315
charts/kyverno/crds/crds.yaml
View file

File diff suppressed because it is too large Load diff

1319
definitions/install.yaml
View file

File diff suppressed because it is too large Load diff

1315
definitions/install_debug.yaml
View file

File diff suppressed because it is too large Load diff

4
definitions/kustomization.yaml
View file

@ -8,7 +8,7 @@ resources:
images:
- name: ghcr.io/kyverno/kyverno
newName: ghcr.io/kyverno/kyverno
newTag: v1.3.0-rc6
newTag: v1.3.0-rc7
- name: ghcr.io/kyverno/kyvernopre
newName: ghcr.io/kyverno/kyvernopre
newTag: v1.3.0-rc6
newTag: v1.3.0-rc7

156
definitions/release/install.yaml
View file

@ -57,13 +57,16 @@ spec:
name).
type: boolean
rules:
description: Rules is a list of Rule instances
description: Rules is a list of Rule instances. A Policy contains
multiple rules and each rule can validate, mutate, or generate resources.
items:
description: Rule defines a validation, mutation, or generation
control for matching resources.
control for matching resources. Each rules contains a match declaration
to select resources, and an optional exclude declaration to specify
which resources to exclude.
properties:
context:
description: Context defines data sources and variables that
description: Context defines variables and data sources that
can be used during rule execution.
items:
description: ContextEntry adds variables and data sources
@ -82,8 +85,10 @@ spec:
type: object
type: array
exclude:
description: ExcludeResources selects resources to which the
policy rule should not be applied.
description: ExcludeResources defines when this policy rule
should not be applied. The exclude criteria can include resource
information (e.g. kind, name, namespace, labels) and admission
review request information like the name or role.
properties:
clusterRoles:
description: ClusterRoles is the list of cluster-wide role
@ -98,10 +103,11 @@ spec:
annotations:
additionalProperties:
type: string
description: Annotations is a map of annotations (string
key-value pairs). Annotation values supports wildcard
characters "*" (matches zero or many characters) and
"?" (at least one character).
description: Annotations is a map of annotations (key-value
pairs of type string). Annotation keys and values
support the wildcard characters "*" (matches zero
or many characters) and "?" (matches at least one
character).
type: object
kinds:
description: Kinds is a list of resource kinds.
@ -121,7 +127,13 @@ spec:
type: string
type: array
selector:
description: Selector is a label selector.
description: 'Selector is a label selector. Label keys
and values in `matchLabels` support the wildcard characters
`*` (matches zero or many characters) and `?` (matches
one character). Wildcards allows writing label selectors
like ["storage.k8s.io/*": "*"]. Note that using ["*"
: "*"] matches any key and value but does not match
an empty label set.'
properties:
matchExpressions:
description: matchExpressions is a list of label
@ -211,7 +223,7 @@ spec:
type: array
type: object
generate:
description: Generation creates new resources.
description: Generation is used to create new resources.
properties:
apiVersion:
description: APIVersion specifies resource apiVersion.
@ -249,8 +261,11 @@ spec:
type: boolean
type: object
match:
description: MatchResources selects resources to which the policy
rule should be applied. At least one kind is required.
description: MatchResources defines when this policy rule should
be applied. The match criteria can include resource information
(e.g. kind, name, namespace, labels) and admission review
request information like the user name or role. At least one
kind is required.
properties:
clusterRoles:
description: ClusterRoles is the list of cluster-wide role
@ -265,10 +280,11 @@ spec:
annotations:
additionalProperties:
type: string
description: Annotations is a map of annotations (string
key-value pairs). Annotation values supports wildcard
characters "*" (matches zero or many characters) and
"?" (at least one character).
description: Annotations is a map of annotations (key-value
pairs of type string). Annotation keys and values
support the wildcard characters "*" (matches zero
or many characters) and "?" (matches at least one
character).
type: object
kinds:
description: Kinds is a list of resource kinds.
@ -288,7 +304,13 @@ spec:
type: string
type: array
selector:
description: Selector is a label selector.
description: 'Selector is a label selector. Label keys
and values in `matchLabels` support the wildcard characters
`*` (matches zero or many characters) and `?` (matches
one character). Wildcards allows writing label selectors
like ["storage.k8s.io/*": "*"]. Note that using ["*"
: "*"] matches any key and value but does not match
an empty label set.'
properties:
matchExpressions:
description: matchExpressions is a list of label
@ -378,7 +400,7 @@ spec:
type: array
type: object
mutate:
description: Mutation modifies matching resources.
description: Mutation is used to modify matching resources.
properties:
overlay:
description: Overlay specifies an overlay pattern to modify
@ -418,12 +440,14 @@ spec:
type: string
type: object
name:
description: Name is a label to identify the rule, Must be unique
within the policy.
description: Name is a label to identify the rule, It must be
unique within the policy.
type: string
preconditions:
description: Conditions enabled variable-based conditional rule
execution.
description: Conditions enable variable-based conditional rule
execution. This is useful for finer control of when an rule
is applied. A condition can reference object data using JMESPath
notation.
items:
description: Condition defines variable-based conditional
criteria for rule execution.
@ -448,7 +472,7 @@ spec:
type: object
type: array
validate:
description: Validation checks matching resources.
description: Validation is used to validate matching resources.
properties:
anyPattern:
description: AnyPattern specifies list of validation patterns.
@ -940,10 +964,8 @@ spec:
kind: ClusterReportChangeRequest
listKind: ClusterReportChangeRequestList
plural: clusterreportchangerequests
shortNames:
- crcr
singular: clusterreportchangerequest
scope: Namespaced
scope: Cluster
versions:
- additionalPrinterColumns:
- jsonPath: .scope.kind
@ -1489,7 +1511,7 @@ spec:
metadata:
type: object
spec:
description: Spec declares policy behaviors.
description: Spec defines policy behaviors and contains one or rules.
properties:
background:
description: Background controls if rules are applied to existing
@ -1499,13 +1521,16 @@ spec:
name).
type: boolean
rules:
description: Rules is a list of Rule instances
description: Rules is a list of Rule instances. A Policy contains
multiple rules and each rule can validate, mutate, or generate resources.
items:
description: Rule defines a validation, mutation, or generation
control for matching resources.
control for matching resources. Each rules contains a match declaration
to select resources, and an optional exclude declaration to specify
which resources to exclude.
properties:
context:
description: Context defines data sources and variables that
description: Context defines variables and data sources that
can be used during rule execution.
items:
description: ContextEntry adds variables and data sources
@ -1524,8 +1549,10 @@ spec:
type: object
type: array
exclude:
description: ExcludeResources selects resources to which the
policy rule should not be applied.
description: ExcludeResources defines when this policy rule
should not be applied. The exclude criteria can include resource
information (e.g. kind, name, namespace, labels) and admission
review request information like the name or role.
properties:
clusterRoles:
description: ClusterRoles is the list of cluster-wide role
@ -1540,10 +1567,11 @@ spec:
annotations:
additionalProperties:
type: string
description: Annotations is a map of annotations (string
key-value pairs). Annotation values supports wildcard
characters "*" (matches zero or many characters) and
"?" (at least one character).
description: Annotations is a map of annotations (key-value
pairs of type string). Annotation keys and values
support the wildcard characters "*" (matches zero
or many characters) and "?" (matches at least one
character).
type: object
kinds:
description: Kinds is a list of resource kinds.
@ -1563,7 +1591,13 @@ spec:
type: string
type: array
selector:
description: Selector is a label selector.
description: 'Selector is a label selector. Label keys
and values in `matchLabels` support the wildcard characters
`*` (matches zero or many characters) and `?` (matches
one character). Wildcards allows writing label selectors
like ["storage.k8s.io/*": "*"]. Note that using ["*"
: "*"] matches any key and value but does not match
an empty label set.'
properties:
matchExpressions:
description: matchExpressions is a list of label
@ -1653,7 +1687,7 @@ spec:
type: array
type: object
generate:
description: Generation creates new resources.
description: Generation is used to create new resources.
properties:
apiVersion:
description: APIVersion specifies resource apiVersion.
@ -1691,8 +1725,11 @@ spec:
type: boolean
type: object
match:
description: MatchResources selects resources to which the policy
rule should be applied. At least one kind is required.
description: MatchResources defines when this policy rule should
be applied. The match criteria can include resource information
(e.g. kind, name, namespace, labels) and admission review
request information like the user name or role. At least one
kind is required.
properties:
clusterRoles:
description: ClusterRoles is the list of cluster-wide role
@ -1707,10 +1744,11 @@ spec:
annotations:
additionalProperties:
type: string
description: Annotations is a map of annotations (string
key-value pairs). Annotation values supports wildcard
characters "*" (matches zero or many characters) and
"?" (at least one character).
description: Annotations is a map of annotations (key-value
pairs of type string). Annotation keys and values
support the wildcard characters "*" (matches zero
or many characters) and "?" (matches at least one
character).
type: object
kinds:
description: Kinds is a list of resource kinds.
@ -1730,7 +1768,13 @@ spec:
type: string
type: array
selector:
description: Selector is a label selector.
description: 'Selector is a label selector. Label keys
and values in `matchLabels` support the wildcard characters
`*` (matches zero or many characters) and `?` (matches
one character). Wildcards allows writing label selectors
like ["storage.k8s.io/*": "*"]. Note that using ["*"
: "*"] matches any key and value but does not match
an empty label set.'
properties:
matchExpressions:
description: matchExpressions is a list of label
@ -1820,7 +1864,7 @@ spec:
type: array
type: object
mutate:
description: Mutation modifies matching resources.
description: Mutation is used to modify matching resources.
properties:
overlay:
description: Overlay specifies an overlay pattern to modify
@ -1860,12 +1904,14 @@ spec:
type: string
type: object
name:
description: Name is a label to identify the rule, Must be unique
within the policy.
description: Name is a label to identify the rule, It must be
unique within the policy.
type: string
preconditions:
description: Conditions enabled variable-based conditional rule
execution.
description: Conditions enable variable-based conditional rule
execution. This is useful for finer control of when an rule
is applied. A condition can reference object data using JMESPath
notation.
items:
description: Condition defines variable-based conditional
criteria for rule execution.
@ -1890,7 +1936,7 @@ spec:
type: object
type: array
validate:
description: Validation checks matching resources.
description: Validation is used to validate matching resources.
properties:
anyPattern:
description: AnyPattern specifies list of validation patterns.
@ -1946,7 +1992,7 @@ spec:
type: string
type: object
status:
description: Status contains policy runtime data.
description: Status contains policy runtime information.
properties:
averageExecutionTime:
description: AvgExecutionTime is the average time taken to process
@ -3017,7 +3063,7 @@ spec:
fieldPath: metadata.namespace
- name: KYVERNO_SVC
value: kyverno-svc
image: ghcr.io/kyverno/kyverno:v1.3.0-rc6
image: ghcr.io/kyverno/kyverno:v1.3.0-rc7
imagePullPolicy: Always
livenessProbe:
failureThreshold: 4
@ -3060,7 +3106,7 @@ spec:
runAsNonRoot: true
runAsUser: 1000
initContainers:
- image: ghcr.io/kyverno/kyvernopre:v1.3.0-rc6
- image: ghcr.io/kyverno/kyvernopre:v1.3.0-rc7
imagePullPolicy: Always
name: kyverno-pre
securityContext: