Package: kyverno.io/v2alpha1

Resource Types:

CleanupPolicy

CleanupPolicy defines a rule for resource cleanup.

Field Description
apiVersion
string		 kyverno.io/v2alpha1
kind
string		 CleanupPolicy
metadata *
meta/v1.ObjectMeta 		Refer to the Kubernetes API documentation for the fields of the metadata field.
spec *
github.com/kyverno/kyverno/api/kyverno/v2beta1.CleanupPolicySpec

Spec declares policy behaviors.



context
[]ContextEntry

Context defines variables and data sources that can be used during rule execution.
match *
github.com/kyverno/kyverno/api/kyverno/v2beta1.MatchResources

MatchResources defines when cleanuppolicy should be applied. The match criteria can include resource information (e.g. kind, name, namespace, labels) and admission review request information like the user name or role. At least one kind is required.
exclude
github.com/kyverno/kyverno/api/kyverno/v2beta1.MatchResources

ExcludeResources defines when cleanuppolicy should not be applied. The exclude criteria can include resource information (e.g. kind, name, namespace, labels) and admission review request information like the name or role.
schedule *
string

The schedule in Cron format
conditions
github.com/kyverno/kyverno/api/kyverno/v2beta1.AnyAllConditions

Conditions defines the conditions used to select the resources which will be cleaned up.
status
github.com/kyverno/kyverno/api/kyverno/v2beta1.CleanupPolicyStatus

Status contains policy runtime data.

ClusterCleanupPolicy

ClusterCleanupPolicy defines rule for resource cleanup.

Field Description
apiVersion
string		 kyverno.io/v2alpha1
kind
string		 ClusterCleanupPolicy
metadata *
meta/v1.ObjectMeta 		Refer to the Kubernetes API documentation for the fields of the metadata field.
spec *
github.com/kyverno/kyverno/api/kyverno/v2beta1.CleanupPolicySpec

Spec declares policy behaviors.



context
[]ContextEntry

Context defines variables and data sources that can be used during rule execution.
match *
github.com/kyverno/kyverno/api/kyverno/v2beta1.MatchResources

MatchResources defines when cleanuppolicy should be applied. The match criteria can include resource information (e.g. kind, name, namespace, labels) and admission review request information like the user name or role. At least one kind is required.
exclude
github.com/kyverno/kyverno/api/kyverno/v2beta1.MatchResources

ExcludeResources defines when cleanuppolicy should not be applied. The exclude criteria can include resource information (e.g. kind, name, namespace, labels) and admission review request information like the name or role.
schedule *
string

The schedule in Cron format
conditions
github.com/kyverno/kyverno/api/kyverno/v2beta1.AnyAllConditions

Conditions defines the conditions used to select the resources which will be cleaned up.
status
github.com/kyverno/kyverno/api/kyverno/v2beta1.CleanupPolicyStatus

Status contains policy runtime data.

GlobalContextEntry

GlobalContextEntry declares resources to be cached.

Field Description
apiVersion
string		 kyverno.io/v2alpha1
kind
string		 GlobalContextEntry
metadata *
meta/v1.ObjectMeta 		Refer to the Kubernetes API documentation for the fields of the metadata field.
spec *
GlobalContextEntrySpec

Spec declares policy exception behaviors.



kubernetesResource *
KubernetesResource

KubernetesResource stores infos about kubernetes resource that should be cached
apiCall *
ExternalAPICall

APICall stores infos about API call that should be cached
status
GlobalContextEntryStatus

Status contains globalcontextentry runtime data.

PolicyException

PolicyException declares resources to be excluded from specified policies.

Field Description
apiVersion
string		 kyverno.io/v2alpha1
kind
string		 PolicyException
metadata *
meta/v1.ObjectMeta 		Refer to the Kubernetes API documentation for the fields of the metadata field.
spec *
github.com/kyverno/kyverno/api/kyverno/v2beta1.PolicyExceptionSpec

Spec declares policy exception behaviors.



background *
bool

Background controls if exceptions are applied to existing policies during a background scan. Optional. Default value is "true". The value must be set to "false" if the policy rule uses variables that are only available in the admission review request (e.g. user name).
match *
github.com/kyverno/kyverno/api/kyverno/v2beta1.MatchResources

Match defines match clause used to check if a resource applies to the exception
conditions
github.com/kyverno/kyverno/api/kyverno/v2beta1.AnyAllConditions

Conditions are used to determine if a resource applies to the exception by evaluating a set of conditions. The declaration can contain nested any or all statements.
exceptions *
[]github.com/kyverno/kyverno/api/kyverno/v2beta1.Exception

Exceptions is a list policy/rules to be excluded
podSecurity
[]PodSecurityStandard

PodSecurity specifies the Pod Security Standard controls to be excluded. Applicable only to policies that have validate.podSecurity subrule.

ExternalAPICall

(Appears in: GlobalContextEntrySpec)

ExternalAPICall stores infos about API call that should be cached

Field Description
APICall *
APICall

(Members of APICall are embedded into this type.)
refreshInterval *
meta/v1.Duration

RefreshInterval defines the interval in duration at which to poll the APICall

GlobalContextEntrySpec

(Appears in: GlobalContextEntry)

GlobalContextEntrySpec stores policy exception spec

Field Description
kubernetesResource *
KubernetesResource

KubernetesResource stores infos about kubernetes resource that should be cached
apiCall *
ExternalAPICall

APICall stores infos about API call that should be cached

GlobalContextEntryStatus

(Appears in: GlobalContextEntry)

Field Description
ready *
bool

Deprecated in favor of Conditions
conditions
[]meta/v1.Condition

KubernetesResource

(Appears in: GlobalContextEntrySpec)

KubernetesResource stores infos about kubernetes resource that should be cached

Field Description
group *
string

Group defines the group of the resource
version *
string

Version defines the version of the resource
resource *
string

Resource defines the type of the resource
namespace *
string

Namespace defines the namespace of the resource. Leave empty for cluster scoped resources.