Package: kyverno.io/v2alpha1

Resource Types:

CleanupPolicy
ClusterCleanupPolicy
GlobalContextEntry
PolicyException

CleanupPolicy

CleanupPolicy defines a rule for resource cleanup.

Field Description

apiVersion
string kyverno.io/v2alpha1

kind
string CleanupPolicy

metadata *
meta/v1.ObjectMeta Refer to the Kubernetes API documentation for the fields of the metadata field.

spec *
github.com/kyverno/kyverno/api/kyverno/v2beta1.CleanupPolicySpec

Spec declares policy behaviors.

`context` []ContextEntry	Context defines variables and data sources that can be used during rule execution.
`match` * github.com/kyverno/kyverno/api/kyverno/v2beta1.MatchResources	MatchResources defines when cleanuppolicy should be applied. The match criteria can include resource information (e.g. kind, name, namespace, labels) and admission review request information like the user name or role. At least one kind is required.
`exclude` github.com/kyverno/kyverno/api/kyverno/v2beta1.MatchResources	ExcludeResources defines when cleanuppolicy should not be applied. The exclude criteria can include resource information (e.g. kind, name, namespace, labels) and admission review request information like the name or role.
`schedule` * string	The schedule in Cron format
`conditions` github.com/kyverno/kyverno/api/kyverno/v2beta1.AnyAllConditions	Conditions defines the conditions used to select the resources which will be cleaned up.

status
github.com/kyverno/kyverno/api/kyverno/v2beta1.CleanupPolicyStatus

Status contains policy runtime data.

ClusterCleanupPolicy

ClusterCleanupPolicy defines rule for resource cleanup.

Field Description

apiVersion
string kyverno.io/v2alpha1

kind
string ClusterCleanupPolicy

metadata *
meta/v1.ObjectMeta Refer to the Kubernetes API documentation for the fields of the metadata field.

spec *
github.com/kyverno/kyverno/api/kyverno/v2beta1.CleanupPolicySpec

Spec declares policy behaviors.

`context` []ContextEntry	Context defines variables and data sources that can be used during rule execution.
`match` * github.com/kyverno/kyverno/api/kyverno/v2beta1.MatchResources	MatchResources defines when cleanuppolicy should be applied. The match criteria can include resource information (e.g. kind, name, namespace, labels) and admission review request information like the user name or role. At least one kind is required.
`exclude` github.com/kyverno/kyverno/api/kyverno/v2beta1.MatchResources	ExcludeResources defines when cleanuppolicy should not be applied. The exclude criteria can include resource information (e.g. kind, name, namespace, labels) and admission review request information like the name or role.
`schedule` * string	The schedule in Cron format
`conditions` github.com/kyverno/kyverno/api/kyverno/v2beta1.AnyAllConditions	Conditions defines the conditions used to select the resources which will be cleaned up.

status
github.com/kyverno/kyverno/api/kyverno/v2beta1.CleanupPolicyStatus

Status contains policy runtime data.

GlobalContextEntry

GlobalContextEntry declares resources to be cached.

Field Description

apiVersion
string kyverno.io/v2alpha1

kind
string GlobalContextEntry

metadata *
meta/v1.ObjectMeta Refer to the Kubernetes API documentation for the fields of the metadata field.

spec *
GlobalContextEntrySpec

Spec declares policy exception behaviors.

kubernetesResource *
KubernetesResource

Stores a list of Kubernetes resources which will be cached. Mutually exclusive with APICall.

apiCall *
ExternalAPICall

Stores results from an API call which will be cached. Mutually exclusive with KubernetesResource. This can be used to make calls to external (non-Kubernetes API server) services. It can also be used to make calls to the Kubernetes API server in such cases:

A POST is needed to create a resource.
Finer-grained control is needed. Example: To restrict the number of resources cached.

status
GlobalContextEntryStatus

Status contains globalcontextentry runtime data.

PolicyException

PolicyException declares resources to be excluded from specified policies.

Field Description

apiVersion
string kyverno.io/v2alpha1

kind
string PolicyException

metadata *
meta/v1.ObjectMeta Refer to the Kubernetes API documentation for the fields of the metadata field.

spec *
github.com/kyverno/kyverno/api/kyverno/v2beta1.PolicyExceptionSpec

Spec declares policy exception behaviors.

`background` * bool	Background controls if exceptions are applied to existing policies during a background scan. Optional. Default value is "true". The value must be set to "false" if the policy rule uses variables that are only available in the admission review request (e.g. user name).
`match` * github.com/kyverno/kyverno/api/kyverno/v2beta1.MatchResources	Match defines match clause used to check if a resource applies to the exception
`conditions` github.com/kyverno/kyverno/api/kyverno/v2beta1.AnyAllConditions	Conditions are used to determine if a resource applies to the exception by evaluating a set of conditions. The declaration can contain nested `any` or `all` statements.
`exceptions` * []github.com/kyverno/kyverno/api/kyverno/v2beta1.Exception	Exceptions is a list policy/rules to be excluded
`podSecurity` []PodSecurityStandard	PodSecurity specifies the Pod Security Standard controls to be excluded. Applicable only to policies that have validate.podSecurity subrule.

ExternalAPICall

(Appears in: GlobalContextEntrySpec)

Field	Description
`APICall` * APICall	(Members of `APICall` are embedded into this type.)
`refreshInterval` * meta/v1.Duration	RefreshInterval defines the interval in duration at which to poll the APICall. The duration is a sequence of decimal numbers, each with optional fraction and a unit suffix, such as "300ms", "1.5h" or "2h45m". Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h".

GlobalContextEntrySpec

(Appears in: GlobalContextEntry)

GlobalContextEntrySpec stores policy exception spec

Field	Description
`kubernetesResource` * KubernetesResource	Stores a list of Kubernetes resources which will be cached. Mutually exclusive with APICall.
`apiCall` * ExternalAPICall	Stores results from an API call which will be cached. Mutually exclusive with KubernetesResource. This can be used to make calls to external (non-Kubernetes API server) services. It can also be used to make calls to the Kubernetes API server in such cases: A POST is needed to create a resource. Finer-grained control is needed. Example: To restrict the number of resources cached.

GlobalContextEntryStatus

(Appears in: GlobalContextEntry)

Field	Description
`ready` * bool	Deprecated in favor of Conditions
`conditions` []meta/v1.Condition
`lastRefreshTime` meta/v1.Time	Indicates the time when the globalcontextentry was last refreshed successfully for the API Call

KubernetesResource

(Appears in: GlobalContextEntrySpec)

KubernetesResource stores infos about kubernetes resource that should be cached

Field	Description
`group` * string	Group defines the group of the resource.
`version` * string	Version defines the version of the resource.
`resource` * string	Resource defines the type of the resource. Requires the pluralized form of the resource kind in lowercase. (Ex., "deployments")
`namespace` string	Namespace defines the namespace of the resource. Leave empty for cluster scoped resources. If left empty for namespaced resources, all resources from all namespaces will be cached.