apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: name: clusterpolicies.kyverno.io spec: group: kyverno.io versions: - name: v1 served: true storage: true scope: Cluster names: kind: ClusterPolicy plural: clusterpolicies singular: clusterpolicy shortNames: - cpol subresources: status: {} validation: openAPIV3Schema: properties: status: {} spec: required: - rules properties: # default values to be handled by user validationFailureAction: type: string enum: - enforce # blocks the resorce api-reques if a rule fails. - audit # allows resource creation and reports the failed validation rules as violations. Default background: type: boolean rules: type: array items: type: object required: - name - match properties: name: type: string match: type: object required: - resources properties: roles: type: array items: type: string clusterRoles: type: array items: type: string subjects: type: array items: type: object required: - kind - name properties: kind: type: string apiGroup: type: string name: type: string namespace: type: string resources: type: object minProperties: 1 properties: kinds: type: array items: type: string name: type: string namespaces: type: array items: type: string annotations: type: object additionalProperties: type: string selector: properties: matchLabels: type: object additionalProperties: type: string matchExpressions: type: array items: type: object required: - key - operator properties: key: type: string operator: type: string values: type: array items: type: string exclude: type: object properties: roles: type: array items: type: string clusterRoles: type: array items: type: string subjects: type: array items: type: object required: - kind - name properties: kind: type: string apiGroup: type: string name: type: string namespace: type: string resources: type: object properties: kinds: type: array items: type: string name: type: string namespaces: type: array items: type: string annotations: type: object additionalProperties: type: string selector: properties: matchLabels: type: object additionalProperties: type: string matchExpressions: type: array items: type: object required: - key - operator properties: key: type: string operator: type: string values: type: array items: type: string preconditions: type: array items: type: object required: - key # can be of any type - operator # typed - value # can be of any type mutate: type: object properties: overlay: {} patchStrategicMerge: {} patchesJson6902: type: string patches: type: array items: type: object required: - path - op properties: path: type: string op: type: string enum: - add - replace - remove value: {} validate: type: object properties: message: type: string pattern: {} anyPattern: {} deny: properties: conditions: type: array items: type: object required: - key # can be of any type - operator # typed - value # can be of any type properties: operator: type: string enum: - Equal - Equals - NotEqual - NotEquals - In - NotIn key: type: string value: anyOf: - type: string - type: array items: {} generate: type: object required: - kind - name properties: apiVersion: type: string kind: type: string name: type: string namespace: type: string synchronize: type: boolean clone: type: object required: - namespace - name properties: namespace: type: string name: type: string data: {} --- apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: name: policies.kyverno.io spec: group: kyverno.io versions: - name: v1 served: true storage: true scope: Namespaced names: kind: Policy plural: policies singular: policy shortNames: - pol subresources: status: {} validation: openAPIV3Schema: properties: status: {} spec: required: - rules properties: # default values to be handled by user validationFailureAction: type: string enum: - enforce # blocks the resorce api-reques if a rule fails. - audit # allows resource creation and reports the failed validation rules as violations. Default background: type: boolean rules: type: array items: type: object required: - name - match properties: name: type: string match: type: object required: - resources properties: roles: type: array items: type: string clusterRoles: type: array items: type: string subjects: type: array items: type: object required: - kind - name properties: kind: type: string apiGroup: type: string name: type: string namespace: type: string resources: type: object minProperties: 1 properties: kinds: type: array items: type: string name: type: string selector: properties: matchLabels: type: object additionalProperties: type: string matchExpressions: type: array items: type: object required: - key - operator properties: key: type: string operator: type: string values: type: array items: type: string exclude: type: object properties: roles: type: array items: type: string clusterRoles: type: array items: type: string subjects: type: array items: type: object required: - kind - name properties: kind: type: string apiGroup: type: string name: type: string namespace: type: string resources: type: object properties: kinds: type: array items: type: string name: type: string selector: properties: matchLabels: type: object additionalProperties: type: string matchExpressions: type: array items: type: object required: - key - operator properties: key: type: string operator: type: string values: type: array items: type: string preconditions: type: array items: type: object required: - key # can be of any type - operator # typed - value # can be of any type mutate: type: object properties: overlay: {} patchStrategicMerge: {} patchesJson6902: type: string patches: type: array items: type: object required: - path - op properties: path: type: string op: type: string enum: - add - replace - remove value: {} validate: type: object properties: message: type: string pattern: {} anyPattern: {} deny: properties: conditions: type: array items: type: object required: - key # can be of any type - operator # typed - value # can be of any type properties: operator: type: string enum: - Equal - Equals - NotEqual - NotEquals - In - NotIn key: type: string value: anyOf: - type: string - type: array items: {} generate: type: object required: - kind - name properties: apiVersion: type: string kind: type: string name: type: string namespace: type: string synchronize: type: boolean clone: type: object required: - namespace - name properties: namespace: type: string name: type: string data: {} --- apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: name: clusterpolicyviolations.kyverno.io spec: group: kyverno.io versions: - name: v1 served: true storage: true scope: Cluster names: kind: ClusterPolicyViolation plural: clusterpolicyviolations singular: clusterpolicyviolation shortNames: - cpolv subresources: status: {} additionalPrinterColumns: - name: Policy type: string description: The policy that resulted in the violation JSONPath: .spec.policy - name: ResourceKind type: string description: The resource kind that cause the violation JSONPath: .spec.resource.kind - name: ResourceName type: string description: The resource name that caused the violation JSONPath: .spec.resource.name - name: Age type: date JSONPath: .metadata.creationTimestamp validation: openAPIV3Schema: properties: spec: required: - policy - resource - rules properties: policy: type: string resource: type: object required: - kind - name properties: kind: type: string name: type: string rules: type: array items: type: object required: - name - type - message properties: name: type: string type: type: string message: type: string --- apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: name: policyviolations.kyverno.io spec: group: kyverno.io versions: - name: v1 served: true storage: true scope: Namespaced names: kind: PolicyViolation plural: policyviolations singular: policyviolation shortNames: - polv subresources: status: {} additionalPrinterColumns: - name: Policy type: string description: The policy that resulted in the violation JSONPath: .spec.policy - name: ResourceKind type: string description: The resource kind that cause the violation JSONPath: .spec.resource.kind - name: ResourceName type: string description: The resource name that caused the violation JSONPath: .spec.resource.name - name: Age type: date JSONPath: .metadata.creationTimestamp validation: openAPIV3Schema: properties: spec: required: - policy - resource - rules properties: policy: type: string resource: type: object required: - kind - name properties: kind: type: string name: type: string rules: type: array items: type: object required: - name - type - message properties: name: type: string type: type: string message: type: string --- apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: name: generaterequests.kyverno.io spec: group: kyverno.io versions: - name: v1 served: true storage: true scope: Namespaced names: kind: GenerateRequest plural: generaterequests singular: generaterequest shortNames: - gr subresources: status: {} additionalPrinterColumns: - name: Policy type: string description: The policy that resulted in the violation JSONPath: .spec.policy - name: ResourceKind type: string description: The resource kind that cause the violation JSONPath: .spec.resource.kind - name: ResourceName type: string description: The resource name that caused the violation JSONPath: .spec.resource.name - name: ResourceNamespace type: string description: The resource namespace that caused the violation JSONPath: .spec.resource.namespace - name: status type : string description: Current state of generate request JSONPath: .status.state - name: Age type: date JSONPath: .metadata.creationTimestamp validation: openAPIV3Schema: properties: spec: required: - policy - resource properties: policy: type: string resource: type: object required: - kind - name properties: kind: type: string name: type: string namespace: type: string --- apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.2.4 name: clusterpolicyreports.policy.kubernetes.io spec: additionalPrinterColumns: - JSONPath: .scope.kind name: Kind priority: 1 type: string - JSONPath: .scope.name name: Name priority: 1 type: string - JSONPath: .summary.pass name: Pass type: integer - JSONPath: .summary.fail name: Fail type: integer - JSONPath: .summary.warn name: Warn type: integer - JSONPath: .summary.error name: Error type: integer - JSONPath: .summary.skip name: Skip type: integer - JSONPath: .metadata.creationTimestamp name: Age type: date group: policy.kubernetes.io names: kind: ClusterPolicyReport listKind: ClusterPolicyReportList plural: clusterpolicyreports singular: clusterpolicyreport shortNames: - cpolr scope: Namespaced subresources: {} validation: openAPIV3Schema: description: ClusterPolicyReport is the Schema for the clusterpolicyreports API properties: apiVersion: description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object results: description: PolicyReportResult provides result details items: description: PolicyReportResult provides the result for an individual policy properties: data: additionalProperties: type: string description: Data provides additional information for the policy rule type: object message: description: Message is a short user friendly description of the policy rule type: string policy: description: Policy is the name of the policy type: string resourceSelector: description: ResourceSelector is an optional selector for policy results that apply to multiple resources. For example, a policy result may apply to all pods that match a label. Either a Resource or a ResourceSelector can be specified. If neither are provided, the result is assumed to be for the policy report scope. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. items: type: string type: array required: - key - operator type: object type: array matchLabels: additionalProperties: type: string description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object resources: description: Resources is an optional reference to the resource checked by the policy and rule items: description: 'ObjectReference contains enough information to let you inspect or modify the referred object. --- New uses of this type are discouraged because of difficulty describing its usage when embedded in APIs. 1. Ignored fields. It includes many fields which are not generally honored. For instance, ResourceVersion and FieldPath are both very rarely valid in actual usage. 2. Invalid usage help. It is impossible to add specific help for individual usage. In most embedded usages, there are particular restrictions like, "must refer only to types A and B" or "UID not honored" or "name must be restricted". Those cannot be well described when embedded. 3. Inconsistent validation. Because the usages are different, the validation rules are different by usage, which makes it hard for users to predict what will happen. 4. The fields are both imprecise and overly precise. Kind is not a precise mapping to a URL. This can produce ambiguity during interpretation and require a REST mapping. In most cases, the dependency is on the group,resource tuple and the version of the actual struct is irrelevant. 5. We cannot easily change it. Because this type is embedded in many locations, updates to this type will affect numerous schemas. Don''t make new APIs embed an underspecified API type they do not control. Instead of using this type, create a locally provided and used type that is well-focused on your reference. For example, ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 .' properties: apiVersion: description: API version of the referent. type: string fieldPath: description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.' type: string kind: description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string resourceVersion: description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' type: string uid: description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' type: string type: object type: array rule: description: Rule is the name of the policy rule type: string scored: description: Scored indicates if this policy rule is scored type: boolean status: description: Status indicates the result of the policy rule check enum: - Pass - Fail - Warn - Error - Skip type: string required: - policy type: object type: array scope: description: Scope is an optional reference to the policy report scope. For example. the report may be for all resources in a namespace, a for a node, or cluster-wide. properties: apiVersion: description: API version of the referent. type: string fieldPath: description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.' type: string kind: description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string resourceVersion: description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' type: string uid: description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' type: string type: object scopeSelector: description: ScopeSelector is an optional selector for multiple scopes (e.g. Pods). Either one of, or none of, but not both of, Scope or ScopeSelector should be specified. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. items: type: string type: array required: - key - operator type: object type: array matchLabels: additionalProperties: type: string description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object summary: description: PolicyReportSummary provides a summary of results properties: error: description: Error provides the count of policies that could not be evaluated type: integer fail: description: Fail provides the count of policies whose requirements were not met type: integer pass: description: Pass provides the count of policies whose requirements were met type: integer skip: description: Skip indicates the count of policies that were not selected for evaluation type: integer warn: description: Warn provides the count of unscored policies whose requirements were not met type: integer required: - error - fail - pass - skip - warn type: object type: object version: v1alpha1 versions: - name: v1alpha1 served: true storage: true status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.2.4 name: policyreports.policy.kubernetes.io spec: additionalPrinterColumns: - JSONPath: .scope.kind name: Kind priority: 1 type: string - JSONPath: .scope.name name: Name priority: 1 type: string - JSONPath: .summary.pass name: Pass type: integer - JSONPath: .summary.fail name: Fail type: integer - JSONPath: .summary.warn name: Warn type: integer - JSONPath: .summary.error name: Error type: integer - JSONPath: .summary.skip name: Skip type: integer - JSONPath: .metadata.creationTimestamp name: Age type: date group: policy.kubernetes.io names: kind: PolicyReport listKind: PolicyReportList plural: policyreports singular: policyreport shortNames: - polr scope: Namespaced subresources: {} validation: openAPIV3Schema: description: PolicyReport is the Schema for the policyreports API properties: apiVersion: description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object results: description: PolicyReportResult provides result details items: description: PolicyReportResult provides the result for an individual policy properties: data: additionalProperties: type: string description: Data provides additional information for the policy rule type: object message: description: Message is a short user friendly description of the policy rule type: string policy: description: Policy is the name of the policy type: string resourceSelector: description: ResourceSelector is an optional selector for policy results that apply to multiple resources. For example, a policy result may apply to all pods that match a label. Either a Resource or a ResourceSelector can be specified. If neither are provided, the result is assumed to be for the policy report scope. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. items: type: string type: array required: - key - operator type: object type: array matchLabels: additionalProperties: type: string description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object resources: description: Resources is an optional reference to the resource checked by the policy and rule items: description: 'ObjectReference contains enough information to let you inspect or modify the referred object. --- New uses of this type are discouraged because of difficulty describing its usage when embedded in APIs. 1. Ignored fields. It includes many fields which are not generally honored. For instance, ResourceVersion and FieldPath are both very rarely valid in actual usage. 2. Invalid usage help. It is impossible to add specific help for individual usage. In most embedded usages, there are particular restrictions like, "must refer only to types A and B" or "UID not honored" or "name must be restricted". Those cannot be well described when embedded. 3. Inconsistent validation. Because the usages are different, the validation rules are different by usage, which makes it hard for users to predict what will happen. 4. The fields are both imprecise and overly precise. Kind is not a precise mapping to a URL. This can produce ambiguity during interpretation and require a REST mapping. In most cases, the dependency is on the group,resource tuple and the version of the actual struct is irrelevant. 5. We cannot easily change it. Because this type is embedded in many locations, updates to this type will affect numerous schemas. Don''t make new APIs embed an underspecified API type they do not control. Instead of using this type, create a locally provided and used type that is well-focused on your reference. For example, ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 .' properties: apiVersion: description: API version of the referent. type: string fieldPath: description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.' type: string kind: description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string resourceVersion: description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' type: string uid: description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' type: string type: object type: array rule: description: Rule is the name of the policy rule type: string scored: description: Scored indicates if this policy rule is scored type: boolean status: description: Status indicates the result of the policy rule check enum: - Pass - Fail - Warn - Error - Skip type: string required: - policy type: object type: array scope: description: Scope is an optional reference to the report scope (e.g. a Deployment, Namespace, or Node) properties: apiVersion: description: API version of the referent. type: string fieldPath: description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.' type: string kind: description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string resourceVersion: description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' type: string uid: description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' type: string type: object scopeSelector: description: ScopeSelector is an optional selector for multiple scopes (e.g. Pods). Either one of, or none of, but not both of, Scope or ScopeSelector should be specified. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. items: type: string type: array required: - key - operator type: object type: array matchLabels: additionalProperties: type: string description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object summary: description: PolicyReportSummary provides a summary of results properties: error: description: Error provides the count of policies that could not be evaluated type: integer fail: description: Fail provides the count of policies whose requirements were not met type: integer pass: description: Pass provides the count of policies whose requirements were met type: integer skip: description: Skip indicates the count of policies that were not selected for evaluation type: integer warn: description: Warn provides the count of unscored policies whose requirements were not met type: integer required: - error - fail - pass - skip - warn type: object type: object version: v1alpha1 versions: - name: v1alpha1 served: true storage: true status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: []