mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-05 15:37:19 +00:00
Code Activity

feat: add cli docs command (#8179)

Browse source 
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
This commit is contained in:
Charles-Edouard Brétéché 2023-08-30 13:26:26 +02:00 committed by GitHub
parent 8840be78ce
commit e248757798
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
23 changed files with 1243 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

69
cmd/cli/kubectl-kyverno/docs/docs.go Normal file
View file

@ -0,0 +1,69 @@
package docs
import (
"errors"
"fmt"
"log"
"os"
"path"
"path/filepath"
"strings"
"time"
"github.com/spf13/cobra"
"github.com/spf13/cobra/doc"
)
const fmTemplate = `---
date: %s
title: "%s"
weight: 35
---
`
func websitePrepender(filename string) string {
now := time.Now().Format(time.RFC3339)
name := filepath.Base(filename)
base := strings.TrimSuffix(name, path.Ext(name))
return fmt.Sprintf(fmTemplate, now, strings.Replace(base, "_", " ", -1))
}
func identity(s string) string {
return s
}
func empty(s string) string {
return ""
}
func Command(root *cobra.Command) *cobra.Command {
var path string
var website bool
cmd := &cobra.Command{
Use: "docs",
Short: "Generates documentation.",
Example: "",
RunE: func(_ *cobra.Command, args []string) error {
prepender := empty
linkHandler := identity
if website {
prepender = websitePrepender
}
if _, err := os.Stat(path); errors.Is(err, os.ErrNotExist) {
if err := os.MkdirAll(path, os.ModeDir|os.ModePerm); err != nil {
return err
}
}
return doc.GenMarkdownTreeCustom(root, path, prepender, linkHandler)
},
}
cmd.Flags().StringVarP(&path, "output", "o", ".", "Output path")
cmd.Flags().BoolVar(&website, "website", false, "Website version")
if err := cmd.MarkFlagDirname("output"); err != nil {
log.Println("WARNING", err)
}
if err := cmd.MarkFlagRequired("output"); err != nil {
log.Println("WARNING", err)
}
return cmd
}

10
cmd/cli/kubectl-kyverno/main.go
View file

@ -8,6 +8,7 @@ import (
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apply" "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apply"
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/create" "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/create"
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/docs"
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/jp" "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/jp"
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/oci" "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/oci"
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/test" "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/test"
@ -48,7 +49,14 @@ func enableExperimental() bool {
} }
func registerCommands(cli *cobra.Command) { func registerCommands(cli *cobra.Command) {
cli.AddCommand(version.Command(), create.Command(), apply.Command(), test.Command(), jp.Command()) cli.AddCommand(
apply.Command(),
create.Command(),
docs.Command(cli),
jp.Command(),
test.Command(),
version.Command(),
)
if enableExperimental() { if enableExperimental() {
cli.AddCommand(oci.Command()) cli.AddCommand(oci.Command())
} }

38
docs/user/cli/kyverno.md Normal file
View file

@ -0,0 +1,38 @@
## kyverno
Kubernetes Native Policy Management
### Synopsis
To enable experimental commands, KYVERNO_EXPERIMENTAL should be configured with true or 1.
### Options
```
--add_dir_header If true, adds the file directory to the header of the log messages
--alsologtostderr log to standard error as well as files (no effect when -logtostderr=true)
-h, --help help for kyverno
--log_backtrace_at traceLocation when logging hits line file:N, emit a stack trace (default :0)
--log_dir string If non-empty, write log files in this directory (no effect when -logtostderr=true)
--log_file string If non-empty, use this log file (no effect when -logtostderr=true)
--log_file_max_size uint Defines the maximum size a log file can grow to (no effect when -logtostderr=true). Unit is megabytes. If the value is 0, the maximum file size is unlimited. (default 1800)
--logtostderr log to standard error instead of files (default true)
--one_output If true, only write logs to their native severity level (vs also writing to each lower severity level; no effect when -logtostderr=true)
--skip_headers If true, avoid header prefixes in the log messages
--skip_log_headers If true, avoid headers when opening log files (no effect when -logtostderr=true)
--stderrthreshold severity logs at or above this threshold go to stderr when writing to files and stderr (no effect when -logtostderr=true or -alsologtostderr=false) (default 2)
-v, --v Level number for the log level verbosity
--vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging
```
### SEE ALSO
* [kyverno apply](kyverno_apply.md) - Applies policies on resources.
* [kyverno completion](kyverno_completion.md) - Generate the autocompletion script for the specified shell
* [kyverno create](kyverno_create.md) - Provides a command-line interface to help with the creation of various Kyverno resources.
* [kyverno docs](kyverno_docs.md) - Generates documentation.
* [kyverno jp](kyverno_jp.md) - Provides a command-line interface to JMESPath, enhanced with Kyverno specific custom functions.
* [kyverno test](kyverno_test.md) - Run tests from directory.
* [kyverno version](kyverno_version.md) - Shows current version of kyverno.
###### Auto generated by spf13/cobra on 30-Aug-2023

139
docs/user/cli/kyverno_apply.md Normal file
View file

@ -0,0 +1,139 @@
## kyverno apply
Applies policies on resources.
```
kyverno apply [flags]
```
### Examples
```
To apply on a resource:
kyverno apply /path/to/policy.yaml /path/to/folderOfPolicies --resource=/path/to/resource1 --resource=/path/to/resource2
To apply on a folder of resources:
kyverno apply /path/to/policy.yaml /path/to/folderOfPolicies --resource=/path/to/resources/
To apply on a cluster:
kyverno apply /path/to/policy.yaml /path/to/folderOfPolicies --cluster
To apply policies from a gitSourceURL on a cluster:
Example: Taking github.com as a gitSourceURL here. Some other standards gitSourceURL are: gitlab.com , bitbucket.org , etc.
kyverno apply https://github.com/kyverno/policies/openshift/ --git-branch main --cluster
To apply policy with variables:
1. To apply single policy with variable on single resource use flag "set".
Example:
kyverno apply /path/to/policy.yaml --resource /path/to/resource.yaml --set <variable1>=<value1>,<variable2>=<value2>
2. To apply multiple policy with variable on multiple resource use flag "values_file".
Example:
kyverno apply /path/to/policy1.yaml /path/to/policy2.yaml --resource /path/to/resource1.yaml --resource /path/to/resource2.yaml -f /path/to/value.yaml
Format of value.yaml:
policies:
- name: <policy1 name>
rules:
- name: <rule1 name>
values:
<context variable1 in policy1 rule1>: <value>
<context variable2 in policy1 rule1>: <value>
- name: <rule2 name>
values:
<context variable1 in policy1 rule2>: <value>
<context variable2 in policy1 rule2>: <value>
resources:
- name: <resource1 name>
values:
<variable1 in policy1>: <value>
<variable2 in policy1>: <value>
- name: <resource2 name>
values:
<variable1 in policy1>: <value>
<variable2 in policy1>: <value>
- name: <policy2 name>
resources:
- name: <resource1 name>
values:
<variable1 in policy2>: <value>
<variable2 in policy2>: <value>
- name: <resource2 name>
values:
<variable1 in policy2>: <value>
<variable2 in policy2>: <value>
namespaceSelector:
- name: <namespace1 name>
labels:
<label key>: <label value>
- name: <namespace2 name>
labels:
<label key>: <label value>
# If policy is matching on Kind/Subresource, then this is required
subresources:
- subresource:
name: <name of subresource>
kind: <kind of subresource>
group: <group of subresource>
version: <version of subresource>
parentResource:
name: <name of parent resource>
kind: <kind of parent resource>
group: <group of parent resource>
version: <version of parent resource>
More info: https://kyverno.io/docs/kyverno-cli/
```
### Options
```
--audit-warn If set to true, will flag audit policies as warnings instead of failures
-c, --cluster Checks if policies should be applied to cluster in the current context
--context string The name of the kubeconfig context to use
--detailed-results If set to true, display detailed results
-b, --git-branch string test git repository branch
-h, --help help for apply
--kubeconfig string path to kubeconfig file with authorization and master location information
-n, --namespace string Optional Policy parameter passed with cluster flag
-o, --output string Prints the mutated resources in provided file/directory
-p, --policy-report Generates policy report when passed (default policyviolation)
--registry If set to true, access the image registry using local docker credentials to populate external data
--remove-color Remove any color from output
-r, --resource strings Path to resource files
-s, --set strings Variables that are required
-i, --stdin Optional mutate policy parameter to pipe directly through to kubectl
-t, --table Show results in table format
-u, --userinfo string Admission Info including Roles, Cluster Roles and Subjects
-f, --values-file string File containing values for policy variables
--warn-exit-code int Set the exit code for warnings; if failures or errors are found, will exit 1
--warn-no-pass Specify if warning exit code should be raised if no objects satisfied a policy; can be used together with --warn-exit-code flag
```
### Options inherited from parent commands
```
--add_dir_header If true, adds the file directory to the header of the log messages
--alsologtostderr log to standard error as well as files (no effect when -logtostderr=true)
--log_backtrace_at traceLocation when logging hits line file:N, emit a stack trace (default :0)
--log_dir string If non-empty, write log files in this directory (no effect when -logtostderr=true)
--log_file string If non-empty, use this log file (no effect when -logtostderr=true)
--log_file_max_size uint Defines the maximum size a log file can grow to (no effect when -logtostderr=true). Unit is megabytes. If the value is 0, the maximum file size is unlimited. (default 1800)
--logtostderr log to standard error instead of files (default true)
--one_output If true, only write logs to their native severity level (vs also writing to each lower severity level; no effect when -logtostderr=true)
--skip_headers If true, avoid header prefixes in the log messages
--skip_log_headers If true, avoid headers when opening log files (no effect when -logtostderr=true)
--stderrthreshold severity logs at or above this threshold go to stderr when writing to files and stderr (no effect when -logtostderr=true or -alsologtostderr=false) (default 2)
-v, --v Level number for the log level verbosity
--vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging
```
### SEE ALSO
* [kyverno](kyverno.md) - Kubernetes Native Policy Management
###### Auto generated by spf13/cobra on 30-Aug-2023

43
docs/user/cli/kyverno_completion.md Normal file
View file

@ -0,0 +1,43 @@
## kyverno completion
Generate the autocompletion script for the specified shell
### Synopsis
Generate the autocompletion script for kyverno for the specified shell.
See each sub-command's help for details on how to use the generated script.
### Options
```
-h, --help help for completion
```
### Options inherited from parent commands
```
--add_dir_header If true, adds the file directory to the header of the log messages
--alsologtostderr log to standard error as well as files (no effect when -logtostderr=true)
--log_backtrace_at traceLocation when logging hits line file:N, emit a stack trace (default :0)
--log_dir string If non-empty, write log files in this directory (no effect when -logtostderr=true)
--log_file string If non-empty, use this log file (no effect when -logtostderr=true)
--log_file_max_size uint Defines the maximum size a log file can grow to (no effect when -logtostderr=true). Unit is megabytes. If the value is 0, the maximum file size is unlimited. (default 1800)
--logtostderr log to standard error instead of files (default true)
--one_output If true, only write logs to their native severity level (vs also writing to each lower severity level; no effect when -logtostderr=true)
--skip_headers If true, avoid header prefixes in the log messages
--skip_log_headers If true, avoid headers when opening log files (no effect when -logtostderr=true)
--stderrthreshold severity logs at or above this threshold go to stderr when writing to files and stderr (no effect when -logtostderr=true or -alsologtostderr=false) (default 2)
-v, --v Level number for the log level verbosity
--vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging
```
### SEE ALSO
* [kyverno](kyverno.md) - Kubernetes Native Policy Management
* [kyverno completion bash](kyverno_completion_bash.md) - Generate the autocompletion script for bash
* [kyverno completion fish](kyverno_completion_fish.md) - Generate the autocompletion script for fish
* [kyverno completion powershell](kyverno_completion_powershell.md) - Generate the autocompletion script for powershell
* [kyverno completion zsh](kyverno_completion_zsh.md) - Generate the autocompletion script for zsh
###### Auto generated by spf13/cobra on 30-Aug-2023

62
docs/user/cli/kyverno_completion_bash.md Normal file
View file

@ -0,0 +1,62 @@
## kyverno completion bash
Generate the autocompletion script for bash
### Synopsis
Generate the autocompletion script for the bash shell.
This script depends on the 'bash-completion' package.
If it is not installed already, you can install it via your OS's package manager.
To load completions in your current shell session:
source <(kyverno completion bash)
To load completions for every new session, execute once:
#### Linux:
kyverno completion bash > /etc/bash_completion.d/kyverno
#### macOS:
kyverno completion bash > $(brew --prefix)/etc/bash_completion.d/kyverno
You will need to start a new shell for this setup to take effect.
```
kyverno completion bash
```
### Options
```
-h, --help help for bash
--no-descriptions disable completion descriptions
```
### Options inherited from parent commands
```
--add_dir_header If true, adds the file directory to the header of the log messages
--alsologtostderr log to standard error as well as files (no effect when -logtostderr=true)
--log_backtrace_at traceLocation when logging hits line file:N, emit a stack trace (default :0)
--log_dir string If non-empty, write log files in this directory (no effect when -logtostderr=true)
--log_file string If non-empty, use this log file (no effect when -logtostderr=true)
--log_file_max_size uint Defines the maximum size a log file can grow to (no effect when -logtostderr=true). Unit is megabytes. If the value is 0, the maximum file size is unlimited. (default 1800)
--logtostderr log to standard error instead of files (default true)
--one_output If true, only write logs to their native severity level (vs also writing to each lower severity level; no effect when -logtostderr=true)
--skip_headers If true, avoid header prefixes in the log messages
--skip_log_headers If true, avoid headers when opening log files (no effect when -logtostderr=true)
--stderrthreshold severity logs at or above this threshold go to stderr when writing to files and stderr (no effect when -logtostderr=true or -alsologtostderr=false) (default 2)
-v, --v Level number for the log level verbosity
--vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging
```
### SEE ALSO
* [kyverno completion](kyverno_completion.md) - Generate the autocompletion script for the specified shell
###### Auto generated by spf13/cobra on 30-Aug-2023

53
docs/user/cli/kyverno_completion_fish.md Normal file
View file

@ -0,0 +1,53 @@
## kyverno completion fish
Generate the autocompletion script for fish
### Synopsis
Generate the autocompletion script for the fish shell.
To load completions in your current shell session:
kyverno completion fish | source
To load completions for every new session, execute once:
kyverno completion fish > ~/.config/fish/completions/kyverno.fish
You will need to start a new shell for this setup to take effect.
```
kyverno completion fish [flags]
```
### Options
```
-h, --help help for fish
--no-descriptions disable completion descriptions
```
### Options inherited from parent commands
```
--add_dir_header If true, adds the file directory to the header of the log messages
--alsologtostderr log to standard error as well as files (no effect when -logtostderr=true)
--log_backtrace_at traceLocation when logging hits line file:N, emit a stack trace (default :0)
--log_dir string If non-empty, write log files in this directory (no effect when -logtostderr=true)
--log_file string If non-empty, use this log file (no effect when -logtostderr=true)
--log_file_max_size uint Defines the maximum size a log file can grow to (no effect when -logtostderr=true). Unit is megabytes. If the value is 0, the maximum file size is unlimited. (default 1800)
--logtostderr log to standard error instead of files (default true)
--one_output If true, only write logs to their native severity level (vs also writing to each lower severity level; no effect when -logtostderr=true)
--skip_headers If true, avoid header prefixes in the log messages
--skip_log_headers If true, avoid headers when opening log files (no effect when -logtostderr=true)
--stderrthreshold severity logs at or above this threshold go to stderr when writing to files and stderr (no effect when -logtostderr=true or -alsologtostderr=false) (default 2)
-v, --v Level number for the log level verbosity
--vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging
```
### SEE ALSO
* [kyverno completion](kyverno_completion.md) - Generate the autocompletion script for the specified shell
###### Auto generated by spf13/cobra on 30-Aug-2023

50
docs/user/cli/kyverno_completion_powershell.md Normal file
View file

@ -0,0 +1,50 @@
## kyverno completion powershell
Generate the autocompletion script for powershell
### Synopsis
Generate the autocompletion script for powershell.
To load completions in your current shell session:
kyverno completion powershell | Out-String | Invoke-Expression
To load completions for every new session, add the output of the above command
to your powershell profile.
```
kyverno completion powershell [flags]
```
### Options
```
-h, --help help for powershell
--no-descriptions disable completion descriptions
```
### Options inherited from parent commands
```
--add_dir_header If true, adds the file directory to the header of the log messages
--alsologtostderr log to standard error as well as files (no effect when -logtostderr=true)
--log_backtrace_at traceLocation when logging hits line file:N, emit a stack trace (default :0)
--log_dir string If non-empty, write log files in this directory (no effect when -logtostderr=true)
--log_file string If non-empty, use this log file (no effect when -logtostderr=true)
--log_file_max_size uint Defines the maximum size a log file can grow to (no effect when -logtostderr=true). Unit is megabytes. If the value is 0, the maximum file size is unlimited. (default 1800)
--logtostderr log to standard error instead of files (default true)
--one_output If true, only write logs to their native severity level (vs also writing to each lower severity level; no effect when -logtostderr=true)
--skip_headers If true, avoid header prefixes in the log messages
--skip_log_headers If true, avoid headers when opening log files (no effect when -logtostderr=true)
--stderrthreshold severity logs at or above this threshold go to stderr when writing to files and stderr (no effect when -logtostderr=true or -alsologtostderr=false) (default 2)
-v, --v Level number for the log level verbosity
--vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging
```
### SEE ALSO
* [kyverno completion](kyverno_completion.md) - Generate the autocompletion script for the specified shell
###### Auto generated by spf13/cobra on 30-Aug-2023

64
docs/user/cli/kyverno_completion_zsh.md Normal file
View file

@ -0,0 +1,64 @@
## kyverno completion zsh
Generate the autocompletion script for zsh
### Synopsis
Generate the autocompletion script for the zsh shell.
If shell completion is not already enabled in your environment you will need
to enable it. You can execute the following once:
echo "autoload -U compinit; compinit" >> ~/.zshrc
To load completions in your current shell session:
source <(kyverno completion zsh)
To load completions for every new session, execute once:
#### Linux:
kyverno completion zsh > "${fpath[1]}/_kyverno"
#### macOS:
kyverno completion zsh > $(brew --prefix)/share/zsh/site-functions/_kyverno
You will need to start a new shell for this setup to take effect.
```
kyverno completion zsh [flags]
```
### Options
```
-h, --help help for zsh
--no-descriptions disable completion descriptions
```
### Options inherited from parent commands
```
--add_dir_header If true, adds the file directory to the header of the log messages
--alsologtostderr log to standard error as well as files (no effect when -logtostderr=true)
--log_backtrace_at traceLocation when logging hits line file:N, emit a stack trace (default :0)
--log_dir string If non-empty, write log files in this directory (no effect when -logtostderr=true)
--log_file string If non-empty, use this log file (no effect when -logtostderr=true)
--log_file_max_size uint Defines the maximum size a log file can grow to (no effect when -logtostderr=true). Unit is megabytes. If the value is 0, the maximum file size is unlimited. (default 1800)
--logtostderr log to standard error instead of files (default true)
--one_output If true, only write logs to their native severity level (vs also writing to each lower severity level; no effect when -logtostderr=true)
--skip_headers If true, avoid header prefixes in the log messages
--skip_log_headers If true, avoid headers when opening log files (no effect when -logtostderr=true)
--stderrthreshold severity logs at or above this threshold go to stderr when writing to files and stderr (no effect when -logtostderr=true or -alsologtostderr=false) (default 2)
-v, --v Level number for the log level verbosity
--vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging
```
### SEE ALSO
* [kyverno completion](kyverno_completion.md) - Generate the autocompletion script for the specified shell
###### Auto generated by spf13/cobra on 30-Aug-2023

41
docs/user/cli/kyverno_create.md Normal file
View file

@ -0,0 +1,41 @@
## kyverno create
Provides a command-line interface to help with the creation of various Kyverno resources.
```
kyverno create [flags]
```
### Options
```
-h, --help help for create
```
### Options inherited from parent commands
```
--add_dir_header If true, adds the file directory to the header of the log messages
--alsologtostderr log to standard error as well as files (no effect when -logtostderr=true)
--log_backtrace_at traceLocation when logging hits line file:N, emit a stack trace (default :0)
--log_dir string If non-empty, write log files in this directory (no effect when -logtostderr=true)
--log_file string If non-empty, use this log file (no effect when -logtostderr=true)
--log_file_max_size uint Defines the maximum size a log file can grow to (no effect when -logtostderr=true). Unit is megabytes. If the value is 0, the maximum file size is unlimited. (default 1800)
--logtostderr log to standard error instead of files (default true)
--one_output If true, only write logs to their native severity level (vs also writing to each lower severity level; no effect when -logtostderr=true)
--skip_headers If true, avoid header prefixes in the log messages
--skip_log_headers If true, avoid headers when opening log files (no effect when -logtostderr=true)
--stderrthreshold severity logs at or above this threshold go to stderr when writing to files and stderr (no effect when -logtostderr=true or -alsologtostderr=false) (default 2)
-v, --v Level number for the log level verbosity
--vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging
```
### SEE ALSO
* [kyverno](kyverno.md) - Kubernetes Native Policy Management
* [kyverno create metrics-config](kyverno_create_metrics-config.md) - Create a Kyverno metrics-config file.
* [kyverno create test](kyverno_create_test.md) - Create a Kyverno test file.
* [kyverno create user-info](kyverno_create_user-info.md) - Create a Kyverno user-info file.
* [kyverno create values](kyverno_create_values.md) - Create a Kyverno values file.
###### Auto generated by spf13/cobra on 30-Aug-2023

48
docs/user/cli/kyverno_create_metrics-config.md Normal file
View file

@ -0,0 +1,48 @@
## kyverno create metrics-config
Create a Kyverno metrics-config file.
```
kyverno create metrics-config [flags]
```
### Examples
```
kyverno create metrics-config -i ns-included-1 -i ns-included-2 -e ns-excluded
```
### Options
```
-e, --exclude strings Excluded namespaces
-h, --help help for metrics-config
-i, --include strings Included namespaces
-n, --name string Name (default "kyverno-metrics")
--namespace string Namespace (default "kyverno")
-o, --output string Output path (uses standard console output if not set)
```
### Options inherited from parent commands
```
--add_dir_header If true, adds the file directory to the header of the log messages
--alsologtostderr log to standard error as well as files (no effect when -logtostderr=true)
--log_backtrace_at traceLocation when logging hits line file:N, emit a stack trace (default :0)
--log_dir string If non-empty, write log files in this directory (no effect when -logtostderr=true)
--log_file string If non-empty, use this log file (no effect when -logtostderr=true)
--log_file_max_size uint Defines the maximum size a log file can grow to (no effect when -logtostderr=true). Unit is megabytes. If the value is 0, the maximum file size is unlimited. (default 1800)
--logtostderr log to standard error instead of files (default true)
--one_output If true, only write logs to their native severity level (vs also writing to each lower severity level; no effect when -logtostderr=true)
--skip_headers If true, avoid header prefixes in the log messages
--skip_log_headers If true, avoid headers when opening log files (no effect when -logtostderr=true)
--stderrthreshold severity logs at or above this threshold go to stderr when writing to files and stderr (no effect when -logtostderr=true or -alsologtostderr=false) (default 2)
-v, --v Level number for the log level verbosity
--vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging
```
### SEE ALSO
* [kyverno create](kyverno_create.md) - Provides a command-line interface to help with the creation of various Kyverno resources.
###### Auto generated by spf13/cobra on 30-Aug-2023

51
docs/user/cli/kyverno_create_test.md Normal file
View file

@ -0,0 +1,51 @@
## kyverno create test
Create a Kyverno test file.
```
kyverno create test [flags]
```
### Examples
```
kyverno create test -p policy.yaml -r resource.yaml -f values.yaml --pass policy-name,rule-name,resource-name,resource-namespace,resource-kind
```
### Options
```
--fail fail Expected fail results
-h, --help help for test
-n, --name string Test name (default "test-name")
-o, --output string Output path (uses standard console output if not set)
--pass pass Expected pass results
-p, --policy strings List of policy files
-r, --resource strings List of resource files
--skip skip Expected skip results
-f, --values string Values file
```
### Options inherited from parent commands
```
--add_dir_header If true, adds the file directory to the header of the log messages
--alsologtostderr log to standard error as well as files (no effect when -logtostderr=true)
--log_backtrace_at traceLocation when logging hits line file:N, emit a stack trace (default :0)
--log_dir string If non-empty, write log files in this directory (no effect when -logtostderr=true)
--log_file string If non-empty, use this log file (no effect when -logtostderr=true)
--log_file_max_size uint Defines the maximum size a log file can grow to (no effect when -logtostderr=true). Unit is megabytes. If the value is 0, the maximum file size is unlimited. (default 1800)
--logtostderr log to standard error instead of files (default true)
--one_output If true, only write logs to their native severity level (vs also writing to each lower severity level; no effect when -logtostderr=true)
--skip_headers If true, avoid header prefixes in the log messages
--skip_log_headers If true, avoid headers when opening log files (no effect when -logtostderr=true)
--stderrthreshold severity logs at or above this threshold go to stderr when writing to files and stderr (no effect when -logtostderr=true or -alsologtostderr=false) (default 2)
-v, --v Level number for the log level verbosity
--vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging
```
### SEE ALSO
* [kyverno create](kyverno_create.md) - Provides a command-line interface to help with the creation of various Kyverno resources.
###### Auto generated by spf13/cobra on 30-Aug-2023

48
docs/user/cli/kyverno_create_user-info.md Normal file
View file

@ -0,0 +1,48 @@
## kyverno create user-info
Create a Kyverno user-info file.
```
kyverno create user-info [flags]
```
### Examples
```
kyverno create user-info -u molybdenum@somecorp.com -g basic-user -c admin
```
### Options
```
-c, --cluster-role strings Cluster role
-g, --group strings Group
-h, --help help for user-info
-o, --output string Output path (uses standard console output if not set)
-r, --role strings Role
-u, --username string User name
```
### Options inherited from parent commands
```
--add_dir_header If true, adds the file directory to the header of the log messages
--alsologtostderr log to standard error as well as files (no effect when -logtostderr=true)
--log_backtrace_at traceLocation when logging hits line file:N, emit a stack trace (default :0)
--log_dir string If non-empty, write log files in this directory (no effect when -logtostderr=true)
--log_file string If non-empty, use this log file (no effect when -logtostderr=true)
--log_file_max_size uint Defines the maximum size a log file can grow to (no effect when -logtostderr=true). Unit is megabytes. If the value is 0, the maximum file size is unlimited. (default 1800)
--logtostderr log to standard error instead of files (default true)
--one_output If true, only write logs to their native severity level (vs also writing to each lower severity level; no effect when -logtostderr=true)
--skip_headers If true, avoid header prefixes in the log messages
--skip_log_headers If true, avoid headers when opening log files (no effect when -logtostderr=true)
--stderrthreshold severity logs at or above this threshold go to stderr when writing to files and stderr (no effect when -logtostderr=true or -alsologtostderr=false) (default 2)
-v, --v Level number for the log level verbosity
--vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging
```
### SEE ALSO
* [kyverno create](kyverno_create.md) - Provides a command-line interface to help with the creation of various Kyverno resources.
###### Auto generated by spf13/cobra on 30-Aug-2023

48
docs/user/cli/kyverno_create_values.md Normal file
View file

@ -0,0 +1,48 @@
## kyverno create values
Create a Kyverno values file.
```
kyverno create values [flags]
```
### Examples
```
kyverno create values -g request.mode=dev -n prod,env=prod --rule policy,rule,env=demo --resource policy,resource,env=demo
```
### Options
```
-g, --global strings Global value
-h, --help help for values
-n, --ns-selector stringArray Namespace selector
-o, --output string Output path (uses standard console output if not set)
--resource stringArray Policy resource values
--rule stringArray Policy rule values
```
### Options inherited from parent commands
```
--add_dir_header If true, adds the file directory to the header of the log messages
--alsologtostderr log to standard error as well as files (no effect when -logtostderr=true)
--log_backtrace_at traceLocation when logging hits line file:N, emit a stack trace (default :0)
--log_dir string If non-empty, write log files in this directory (no effect when -logtostderr=true)
--log_file string If non-empty, use this log file (no effect when -logtostderr=true)
--log_file_max_size uint Defines the maximum size a log file can grow to (no effect when -logtostderr=true). Unit is megabytes. If the value is 0, the maximum file size is unlimited. (default 1800)
--logtostderr log to standard error instead of files (default true)
--one_output If true, only write logs to their native severity level (vs also writing to each lower severity level; no effect when -logtostderr=true)
--skip_headers If true, avoid header prefixes in the log messages
--skip_log_headers If true, avoid headers when opening log files (no effect when -logtostderr=true)
--stderrthreshold severity logs at or above this threshold go to stderr when writing to files and stderr (no effect when -logtostderr=true or -alsologtostderr=false) (default 2)
-v, --v Level number for the log level verbosity
--vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging
```
### SEE ALSO
* [kyverno create](kyverno_create.md) - Provides a command-line interface to help with the creation of various Kyverno resources.
###### Auto generated by spf13/cobra on 30-Aug-2023

39
docs/user/cli/kyverno_docs.md Normal file
View file

@ -0,0 +1,39 @@
## kyverno docs
Generates documentation.
```
kyverno docs [flags]
```
### Options
```
-h, --help help for docs
-o, --output string Output path (default ".")
--website Website version
```
### Options inherited from parent commands
```
--add_dir_header If true, adds the file directory to the header of the log messages
--alsologtostderr log to standard error as well as files (no effect when -logtostderr=true)
--log_backtrace_at traceLocation when logging hits line file:N, emit a stack trace (default :0)
--log_dir string If non-empty, write log files in this directory (no effect when -logtostderr=true)
--log_file string If non-empty, use this log file (no effect when -logtostderr=true)
--log_file_max_size uint Defines the maximum size a log file can grow to (no effect when -logtostderr=true). Unit is megabytes. If the value is 0, the maximum file size is unlimited. (default 1800)
--logtostderr log to standard error instead of files (default true)
--one_output If true, only write logs to their native severity level (vs also writing to each lower severity level; no effect when -logtostderr=true)
--skip_headers If true, avoid header prefixes in the log messages
--skip_log_headers If true, avoid headers when opening log files (no effect when -logtostderr=true)
--stderrthreshold severity logs at or above this threshold go to stderr when writing to files and stderr (no effect when -logtostderr=true or -alsologtostderr=false) (default 2)
-v, --v Level number for the log level verbosity
--vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging
```
### SEE ALSO
* [kyverno](kyverno.md) - Kubernetes Native Policy Management
###### Auto generated by spf13/cobra on 30-Aug-2023

45
docs/user/cli/kyverno_jp.md Normal file
View file

@ -0,0 +1,45 @@
## kyverno jp
Provides a command-line interface to JMESPath, enhanced with Kyverno specific custom functions.
### Synopsis
Provides a command-line interface to JMESPath, enhanced with Kyverno specific custom functions.
For more information visit: https://kyverno.io/docs/writing-policies/jmespath/.
```
kyverno jp [flags]
```
### Options
```
-h, --help help for jp
```
### Options inherited from parent commands
```
--add_dir_header If true, adds the file directory to the header of the log messages
--alsologtostderr log to standard error as well as files (no effect when -logtostderr=true)
--log_backtrace_at traceLocation when logging hits line file:N, emit a stack trace (default :0)
--log_dir string If non-empty, write log files in this directory (no effect when -logtostderr=true)
--log_file string If non-empty, use this log file (no effect when -logtostderr=true)
--log_file_max_size uint Defines the maximum size a log file can grow to (no effect when -logtostderr=true). Unit is megabytes. If the value is 0, the maximum file size is unlimited. (default 1800)
--logtostderr log to standard error instead of files (default true)
--one_output If true, only write logs to their native severity level (vs also writing to each lower severity level; no effect when -logtostderr=true)
--skip_headers If true, avoid header prefixes in the log messages
--skip_log_headers If true, avoid headers when opening log files (no effect when -logtostderr=true)
--stderrthreshold severity logs at or above this threshold go to stderr when writing to files and stderr (no effect when -logtostderr=true or -alsologtostderr=false) (default 2)
-v, --v Level number for the log level verbosity
--vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging
```
### SEE ALSO
* [kyverno](kyverno.md) - Kubernetes Native Policy Management
* [kyverno jp function](kyverno_jp_function.md) - Provides function informations
* [kyverno jp parse](kyverno_jp_parse.md) - Parses jmespath expression and shows corresponding AST
* [kyverno jp query](kyverno_jp_query.md) - Provides a command-line interface to JMESPath, enhanced with Kyverno specific custom functions
###### Auto generated by spf13/cobra on 30-Aug-2023

52
docs/user/cli/kyverno_jp_function.md Normal file
View file

@ -0,0 +1,52 @@
## kyverno jp function
Provides function informations
### Synopsis
Provides function informations
For more information visit: https://kyverno.io/docs/writing-policies/jmespath/
```
kyverno jp function [function_name]... [flags]
```
### Examples
```
# List functions
kyverno jp function
# Get function infos
kyverno jp function <function name>
```
### Options
```
-h, --help help for function
```
### Options inherited from parent commands
```
--add_dir_header If true, adds the file directory to the header of the log messages
--alsologtostderr log to standard error as well as files (no effect when -logtostderr=true)
--log_backtrace_at traceLocation when logging hits line file:N, emit a stack trace (default :0)
--log_dir string If non-empty, write log files in this directory (no effect when -logtostderr=true)
--log_file string If non-empty, use this log file (no effect when -logtostderr=true)
--log_file_max_size uint Defines the maximum size a log file can grow to (no effect when -logtostderr=true). Unit is megabytes. If the value is 0, the maximum file size is unlimited. (default 1800)
--logtostderr log to standard error instead of files (default true)
--one_output If true, only write logs to their native severity level (vs also writing to each lower severity level; no effect when -logtostderr=true)
--skip_headers If true, avoid header prefixes in the log messages
--skip_log_headers If true, avoid headers when opening log files (no effect when -logtostderr=true)
--stderrthreshold severity logs at or above this threshold go to stderr when writing to files and stderr (no effect when -logtostderr=true or -alsologtostderr=false) (default 2)
-v, --v Level number for the log level verbosity
--vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging
```
### SEE ALSO
* [kyverno jp](kyverno_jp.md) - Provides a command-line interface to JMESPath, enhanced with Kyverno specific custom functions.
###### Auto generated by spf13/cobra on 30-Aug-2023

62
docs/user/cli/kyverno_jp_parse.md Normal file
View file

@ -0,0 +1,62 @@
## kyverno jp parse
Parses jmespath expression and shows corresponding AST
### Synopsis
Parses jmespath expression and shows corresponding AST
For more information visit: https://kyverno.io/docs/writing-policies/jmespath/
```
kyverno jp parse [-f file|expression]... [flags]
```
### Examples
```
# Parse expression
kyverno jp parse 'request.object.metadata.name | truncate(@, `9`)'
# Parse expression from a file
kyverno jp parse -f my-file
# Parse expression from stdin
kyverno jp parse
# Parse multiple expressionxs
kyverno jp parse -f my-file1 -f my-file-2 'request.object.metadata.name | truncate(@, `9`)'
# Cat into
cat my-file | kyverno jp parse
```
### Options
```
-f, --file strings Read input from a JSON or YAML file instead of stdin
-h, --help help for parse
```
### Options inherited from parent commands
```
--add_dir_header If true, adds the file directory to the header of the log messages
--alsologtostderr log to standard error as well as files (no effect when -logtostderr=true)
--log_backtrace_at traceLocation when logging hits line file:N, emit a stack trace (default :0)
--log_dir string If non-empty, write log files in this directory (no effect when -logtostderr=true)
--log_file string If non-empty, use this log file (no effect when -logtostderr=true)
--log_file_max_size uint Defines the maximum size a log file can grow to (no effect when -logtostderr=true). Unit is megabytes. If the value is 0, the maximum file size is unlimited. (default 1800)
--logtostderr log to standard error instead of files (default true)
--one_output If true, only write logs to their native severity level (vs also writing to each lower severity level; no effect when -logtostderr=true)
--skip_headers If true, avoid header prefixes in the log messages
--skip_log_headers If true, avoid headers when opening log files (no effect when -logtostderr=true)
--stderrthreshold severity logs at or above this threshold go to stderr when writing to files and stderr (no effect when -logtostderr=true or -alsologtostderr=false) (default 2)
-v, --v Level number for the log level verbosity
--vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging
```
### SEE ALSO
* [kyverno jp](kyverno_jp.md) - Provides a command-line interface to JMESPath, enhanced with Kyverno specific custom functions.
###### Auto generated by spf13/cobra on 30-Aug-2023

65
docs/user/cli/kyverno_jp_query.md Normal file
View file

@ -0,0 +1,65 @@
## kyverno jp query
Provides a command-line interface to JMESPath, enhanced with Kyverno specific custom functions
### Synopsis
Provides a command-line interface to JMESPath, enhanced with Kyverno specific custom functions
For more information visit: https://kyverno.io/docs/writing-policies/jmespath/
```
kyverno jp query [-i input] [-q query|query]... [flags]
```
### Examples
```
# Evaluate query
kyverno jp query -i object.yaml 'request.object.metadata.name | truncate(@, `9`)'
# Evaluate query
kyverno jp query -i object.yaml -q query-file
# Evaluate multiple queries
kyverno jp query -i object.yaml -q query-file-1 -q query-file-2 'request.object.metadata.name | truncate(@, `9`)'
# Cat query into
cat query-file | kyverno jp query -i object.yaml
# Cat object into
cat object.yaml | kyverno jp query -q query-file
```
### Options
```
-c, --compact Produce compact JSON output that omits non essential whitespace
-h, --help help for query
-i, --input string Read input from a JSON or YAML file instead of stdin
-q, --query strings Read JMESPath expression from the specified file
-u, --unquoted If the final result is a string, it will be printed without quotes
```
### Options inherited from parent commands
```
--add_dir_header If true, adds the file directory to the header of the log messages
--alsologtostderr log to standard error as well as files (no effect when -logtostderr=true)
--log_backtrace_at traceLocation when logging hits line file:N, emit a stack trace (default :0)
--log_dir string If non-empty, write log files in this directory (no effect when -logtostderr=true)
--log_file string If non-empty, use this log file (no effect when -logtostderr=true)
--log_file_max_size uint Defines the maximum size a log file can grow to (no effect when -logtostderr=true). Unit is megabytes. If the value is 0, the maximum file size is unlimited. (default 1800)
--logtostderr log to standard error instead of files (default true)
--one_output If true, only write logs to their native severity level (vs also writing to each lower severity level; no effect when -logtostderr=true)
--skip_headers If true, avoid header prefixes in the log messages
--skip_log_headers If true, avoid headers when opening log files (no effect when -logtostderr=true)
--stderrthreshold severity logs at or above this threshold go to stderr when writing to files and stderr (no effect when -logtostderr=true or -alsologtostderr=false) (default 2)
-v, --v Level number for the log level verbosity
--vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging
```
### SEE ALSO
* [kyverno jp](kyverno_jp.md) - Provides a command-line interface to JMESPath, enhanced with Kyverno specific custom functions.
###### Auto generated by spf13/cobra on 30-Aug-2023

176
docs/user/cli/kyverno_test.md Normal file
View file

@ -0,0 +1,176 @@
## kyverno test
Run tests from directory.
### Synopsis
The test command provides a facility to test resources against policies by comparing expected results, declared ahead of time in a test manifest file, to actual results reported by Kyverno. Users provide the path to the folder containing a kyverno-test.yaml file where the location could be on a local filesystem or a remote git repository.
```
kyverno test <path_to_folder_Containing_test.yamls> [flags]
kyverno test <path_to_gitRepository_with_dir> --git-branch <branchName>
kyverno test --manifest-mutate > kyverno-test.yaml
kyverno test --manifest-validate > kyverno-test.yaml
```
### Examples
```
# Test a git repository containing Kyverno test cases.
kyverno test https://github.com/kyverno/policies/pod-security --git-branch main
<snip>
Executing require-non-root-groups...
applying 1 policy to 2 resources...
│───│─────────────────────────│──────────────────────────│──────────────────────────────────│────────│
│ # │ POLICY │ RULE │ RESOURCE │ RESULT │
│───│─────────────────────────│──────────────────────────│──────────────────────────────────│────────│
│ 1 │ require-non-root-groups │ check-runasgroup │ default/Pod/fs-group0 │ Pass │
│ 2 │ require-non-root-groups │ check-supplementalGroups │ default/Pod/fs-group0 │ Pass │
│ 3 │ require-non-root-groups │ check-fsGroup │ default/Pod/fs-group0 │ Pass │
│ 4 │ require-non-root-groups │ check-supplementalGroups │ default/Pod/supplemental-groups0 │ Pass │
│ 5 │ require-non-root-groups │ check-fsGroup │ default/Pod/supplemental-groups0 │ Pass │
│ 6 │ require-non-root-groups │ check-runasgroup │ default/Pod/supplemental-groups0 │ Pass │
│───│─────────────────────────│──────────────────────────│──────────────────────────────────│────────│
<snip>
# Test a local folder containing test cases.
kyverno test .
Executing limit-containers-per-pod...
applying 1 policy to 4 resources...
│───│──────────────────────────│──────────────────────────────────────│─────────────────────────────│────────│
│ # │ POLICY │ RULE │ RESOURCE │ RESULT │
│───│──────────────────────────│──────────────────────────────────────│─────────────────────────────│────────│
│ 1 │ limit-containers-per-pod │ limit-containers-per-pod-bare │ default/Pod/myapp-pod-1 │ Pass │
│ 2 │ limit-containers-per-pod │ limit-containers-per-pod-bare │ default/Pod/myapp-pod-2 │ Pass │
│ 3 │ limit-containers-per-pod │ limit-containers-per-pod-controllers │ default/Deployment/mydeploy │ Pass │
│ 4 │ limit-containers-per-pod │ limit-containers-per-pod-cronjob │ default/CronJob/mycronjob │ Pass │
│───│──────────────────────────│──────────────────────────────────────│─────────────────────────────│────────│
Test Summary: 4 tests passed and 0 tests failed
# Test some specific test cases out of many test cases in a local folder.
kyverno test . --test-case-selector "policy=disallow-latest-tag, rule=require-image-tag, resource=test-require-image-tag-pass"
Executing test-simple...
applying 1 policy to 1 resource...
│───│─────────────────────│───────────────────│─────────────────────────────────────────│────────│
│ # │ POLICY │ RULE │ RESOURCE │ RESULT │
│───│─────────────────────│───────────────────│─────────────────────────────────────────│────────│
│ 1 │ disallow-latest-tag │ require-image-tag │ default/Pod/test-require-image-tag-pass │ Pass │
│───│─────────────────────│───────────────────│─────────────────────────────────────────│────────│
Test Summary: 1 tests passed and 0 tests failed
**TEST FILE STRUCTURE**:
The kyverno-test.yaml has four parts:
"policies" --> List of policies which are applied.
"resources" --> List of resources on which the policies are applied.
"variables" --> Variable file path containing variables referenced in the policy (OPTIONAL).
"results" --> List of results expected after applying the policies to the resources.
** TEST FILE FORMAT**:
name: <test_name>
policies:
- <path/to/policy1.yaml>
- <path/to/policy2.yaml>
resources:
- <path/to/resource1.yaml>
- <path/to/resource2.yaml>
variables: <variable_file> (OPTIONAL)
results:
- policy: <name> (For Namespaced [Policy] files, format is <policy_namespace>/<policy_name>)
rule: <name>
resource: <name>
namespace: <name> (OPTIONAL)
kind: <name>
patchedResource: <path/to/patched/resource.yaml> (For mutate policies/rules only)
result: <pass|fail|skip>
**VARIABLES FILE FORMAT**:
policies:
- name: <policy_name>
rules:
- name: <rule_name>
# Global variable values
values:
foo: bar
resources:
- name: <resource_name_1>
# Resource-specific variable values
values:
foo: baz
- name: <resource_name_2>
values:
foo: bin
# If policy is matching on Kind/Subresource, then this is required
subresources:
- subresource:
name: <name of subresource>
kind: <kind of subresource>
group: <group of subresource>
version: <version of subresource>
parentResource:
name: <name of parent resource>
kind: <kind of parent resource>
group: <group of parent resource>
version: <version of parent resource>
**RESULT DESCRIPTIONS**:
pass --> The resource is either validated by the policy or, if a mutation, equals the state of the patched resource.
fail --> The resource fails validation or the patched resource generated by Kyverno is not equal to the input resource provided by the user.
skip --> The rule is not applied.
For more information visit https://kyverno.io/docs/kyverno-cli/#test
```
### Options
```
--detailed-results If set to true, display detailed results
--fail-only If set to true, display all the failing test only as output for the test command
-f, --file-name string test filename (default "kyverno-test.yaml")
-b, --git-branch string test github repository branch
-h, --help help for test
--registry If set to true, access the image registry using local docker credentials to populate external data
--remove-color Remove any color from output
-t, --test-case-selector string run some specific test cases by passing a string argument in double quotes to this flag like - "policy=<policy_name>, rule=<rule_name>, resource=<resource_name". The argument could be any combination of policy, rule and resource.
```
### Options inherited from parent commands
```
--add_dir_header If true, adds the file directory to the header of the log messages
--alsologtostderr log to standard error as well as files (no effect when -logtostderr=true)
--log_backtrace_at traceLocation when logging hits line file:N, emit a stack trace (default :0)
--log_dir string If non-empty, write log files in this directory (no effect when -logtostderr=true)
--log_file string If non-empty, use this log file (no effect when -logtostderr=true)
--log_file_max_size uint Defines the maximum size a log file can grow to (no effect when -logtostderr=true). Unit is megabytes. If the value is 0, the maximum file size is unlimited. (default 1800)
--logtostderr log to standard error instead of files (default true)
--one_output If true, only write logs to their native severity level (vs also writing to each lower severity level; no effect when -logtostderr=true)
--skip_headers If true, avoid header prefixes in the log messages
--skip_log_headers If true, avoid headers when opening log files (no effect when -logtostderr=true)
--stderrthreshold severity logs at or above this threshold go to stderr when writing to files and stderr (no effect when -logtostderr=true or -alsologtostderr=false) (default 2)
-v, --v Level number for the log level verbosity
--vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging
```
### SEE ALSO
* [kyverno](kyverno.md) - Kubernetes Native Policy Management
###### Auto generated by spf13/cobra on 30-Aug-2023

37
docs/user/cli/kyverno_version.md Normal file
View file

@ -0,0 +1,37 @@
## kyverno version
Shows current version of kyverno.
```
kyverno version [flags]
```
### Options
```
-h, --help help for version
```
### Options inherited from parent commands
```
--add_dir_header If true, adds the file directory to the header of the log messages
--alsologtostderr log to standard error as well as files (no effect when -logtostderr=true)
--log_backtrace_at traceLocation when logging hits line file:N, emit a stack trace (default :0)
--log_dir string If non-empty, write log files in this directory (no effect when -logtostderr=true)
--log_file string If non-empty, use this log file (no effect when -logtostderr=true)
--log_file_max_size uint Defines the maximum size a log file can grow to (no effect when -logtostderr=true). Unit is megabytes. If the value is 0, the maximum file size is unlimited. (default 1800)
--logtostderr log to standard error instead of files (default true)
--one_output If true, only write logs to their native severity level (vs also writing to each lower severity level; no effect when -logtostderr=true)
--skip_headers If true, avoid header prefixes in the log messages
--skip_log_headers If true, avoid headers when opening log files (no effect when -logtostderr=true)
--stderrthreshold severity logs at or above this threshold go to stderr when writing to files and stderr (no effect when -logtostderr=true or -alsologtostderr=false) (default 2)
-v, --v Level number for the log level verbosity
--vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging
```
### SEE ALSO
* [kyverno](kyverno.md) - Kubernetes Native Policy Management
###### Auto generated by spf13/cobra on 30-Aug-2023

2
go.mod
View file

@ -173,6 +173,7 @@ require (
github.com/common-nighthawk/go-figure v0.0.0-20210622060536-734e95fb86be // indirect github.com/common-nighthawk/go-figure v0.0.0-20210622060536-734e95fb86be // indirect
github.com/containerd/stargz-snapshotter/estargz v0.14.3 // indirect github.com/containerd/stargz-snapshotter/estargz v0.14.3 // indirect
github.com/coreos/go-oidc/v3 v3.6.0 // indirect github.com/coreos/go-oidc/v3 v3.6.0 // indirect
github.com/cpuguy83/go-md2man/v2 v2.0.2 // indirect
github.com/cyberphone/json-canonicalization v0.0.0-20230710064741-aa7fe85c7dbd // indirect github.com/cyberphone/json-canonicalization v0.0.0-20230710064741-aa7fe85c7dbd // indirect
github.com/davecgh/go-spew v1.1.1 // indirect github.com/davecgh/go-spew v1.1.1 // indirect
github.com/decred/dcrd/dcrec/secp256k1/v4 v4.2.0 // indirect github.com/decred/dcrd/dcrec/secp256k1/v4 v4.2.0 // indirect
@ -315,6 +316,7 @@ require (
github.com/r3labs/diff v1.1.0 // indirect github.com/r3labs/diff v1.1.0 // indirect
github.com/rcrowley/go-metrics v0.0.0-20201227073835-cf1acfcdf475 // indirect github.com/rcrowley/go-metrics v0.0.0-20201227073835-cf1acfcdf475 // indirect
github.com/rivo/uniseg v0.4.4 // indirect github.com/rivo/uniseg v0.4.4 // indirect
github.com/russross/blackfriday/v2 v2.1.0 // indirect
github.com/ryanuber/go-glob v1.0.0 // indirect github.com/ryanuber/go-glob v1.0.0 // indirect
github.com/sassoftware/relic v7.2.1+incompatible // indirect github.com/sassoftware/relic v7.2.1+incompatible // indirect
github.com/secure-systems-lab/go-securesystemslib v0.7.0 // indirect github.com/secure-systems-lab/go-securesystemslib v0.7.0 // indirect

2
go.sum
View file

@ -366,6 +366,7 @@ github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f/go.mod h1:E3G3o1h8I7cfc
github.com/cpuguy83/go-md2man v1.0.10/go.mod h1:SmD6nW6nTyfqj6ABTjUi3V3JVMnlJmwcJI5acqYI6dE= github.com/cpuguy83/go-md2man v1.0.10/go.mod h1:SmD6nW6nTyfqj6ABTjUi3V3JVMnlJmwcJI5acqYI6dE=
github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
github.com/cpuguy83/go-md2man/v2 v2.0.2 h1:p1EgwI/C7NhT0JmVkwCD2ZBK8j4aeHQX2pMHHBfMQ6w=
github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY= github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY=
github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
@ -1318,6 +1319,7 @@ github.com/rogpeppe/go-internal v1.10.0 h1:TMyTOH3F/DB16zRVcYyreMH6GnZZrwQVAoYjR
github.com/rs/cors v1.7.0/go.mod h1:gFx+x8UowdsKA9AchylcLynDq+nNFfI8FkUZdN/jGCU= github.com/rs/cors v1.7.0/go.mod h1:gFx+x8UowdsKA9AchylcLynDq+nNFfI8FkUZdN/jGCU=
github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g= github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g=
github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk=
github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
github.com/ryancurrah/gomodguard v1.2.0/go.mod h1:rNqbC4TOIdUDcVMSIpNNAzTbzXAZa6W5lnUepvuMMgQ= github.com/ryancurrah/gomodguard v1.2.0/go.mod h1:rNqbC4TOIdUDcVMSIpNNAzTbzXAZa6W5lnUepvuMMgQ=
github.com/ryanrolds/sqlclosecheck v0.3.0/go.mod h1:1gREqxyTGR3lVtpngyFo3hZAgk0KCtEdgEkHwDbigdA= github.com/ryanrolds/sqlclosecheck v0.3.0/go.mod h1:1gREqxyTGR3lVtpngyFo3hZAgk0KCtEdgEkHwDbigdA=