mirror of
https://github.com/kyverno/kyverno.git
synced 2025-03-07 00:17:13 +00:00
204 lines
8.4 KiB
YAML
Executable file
204 lines
8.4 KiB
YAML
Executable file
|
|
---
|
|
apiVersion: apiextensions.k8s.io/v1beta1
|
|
kind: CustomResourceDefinition
|
|
metadata:
|
|
annotations:
|
|
controller-gen.kubebuilder.io/version: v0.2.5
|
|
creationTimestamp: null
|
|
name: clusterpolicyreports.policy.kubernetes.io
|
|
spec:
|
|
additionalPrinterColumns:
|
|
- JSONPath: .scope.kind
|
|
name: Kind
|
|
priority: 1
|
|
type: string
|
|
- JSONPath: .scope.name
|
|
name: Name
|
|
priority: 1
|
|
type: string
|
|
- JSONPath: .summary.pass
|
|
name: Pass
|
|
type: integer
|
|
- JSONPath: .summary.fail
|
|
name: Fail
|
|
type: integer
|
|
- JSONPath: .summary.warn
|
|
name: Warn
|
|
type: integer
|
|
- JSONPath: .summary.error
|
|
name: Error
|
|
type: integer
|
|
- JSONPath: .summary.skip
|
|
name: Skip
|
|
type: integer
|
|
- JSONPath: .metadata.creationTimestamp
|
|
name: Age
|
|
type: date
|
|
group: policy.kubernetes.io
|
|
names:
|
|
kind: ClusterPolicyReport
|
|
listKind: ClusterPolicyReportList
|
|
plural: clusterpolicyreports
|
|
singular: clusterpolicyreport
|
|
scope: Namespaced
|
|
subresources: {}
|
|
validation:
|
|
openAPIV3Schema:
|
|
description: ClusterPolicyReport is the Schema for the clusterpolicyreports
|
|
API
|
|
properties:
|
|
apiVersion:
|
|
description: 'APIVersion defines the versioned schema of this representation
|
|
of an object. Servers should convert recognized schemas to the latest
|
|
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
|
type: string
|
|
kind:
|
|
description: 'Kind is a string value representing the REST resource this
|
|
object represents. Servers may infer this from the endpoint the client
|
|
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
|
type: string
|
|
metadata:
|
|
type: object
|
|
results:
|
|
description: PolicyReportResult provides result details
|
|
items:
|
|
description: PolicyReportResult provides the result for an individual
|
|
policy or rule
|
|
properties:
|
|
data:
|
|
additionalProperties:
|
|
type: string
|
|
description: Data provides additional information for the policy rule
|
|
type: object
|
|
message:
|
|
description: Message is a short user friendly description of the policy
|
|
rule
|
|
type: string
|
|
policy:
|
|
description: Policy is the name of the policy
|
|
type: string
|
|
resource:
|
|
description: Resource is an optional reference to the resource check
|
|
bu the policy rule
|
|
properties:
|
|
apiVersion:
|
|
description: API version of the referent.
|
|
type: string
|
|
fieldPath:
|
|
description: 'If referring to a piece of an object instead of
|
|
an entire object, this string should contain a valid JSON/Go
|
|
field access statement, such as desiredState.manifest.containers[2].
|
|
For example, if the object reference is to a container within
|
|
a pod, this would take on a value like: "spec.containers{name}"
|
|
(where "name" refers to the name of the container that triggered
|
|
the event) or if no container name is specified "spec.containers[2]"
|
|
(container with index 2 in this pod). This syntax is chosen
|
|
only to have some well-defined way of referencing a part of
|
|
an object. TODO: this design is not final and this field is
|
|
subject to change in the future.'
|
|
type: string
|
|
kind:
|
|
description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
|
type: string
|
|
name:
|
|
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
|
|
type: string
|
|
namespace:
|
|
description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
|
|
type: string
|
|
resourceVersion:
|
|
description: 'Specific resourceVersion to which this reference
|
|
is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
|
|
type: string
|
|
uid:
|
|
description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
|
|
type: string
|
|
type: object
|
|
rule:
|
|
description: Rule is the name of the policy rule
|
|
type: string
|
|
scored:
|
|
description: Scored indicates if this policy rule is scored
|
|
type: boolean
|
|
status:
|
|
description: Status indicates the result of the policy rule check
|
|
enum:
|
|
- Pass
|
|
- Fail
|
|
- Warn
|
|
- Error
|
|
- Skip
|
|
type: string
|
|
required:
|
|
- policy
|
|
type: object
|
|
type: array
|
|
scope:
|
|
description: Scope is an optional reference to the report scope (e.g. a
|
|
Deployment, Namespace, or Node)
|
|
properties:
|
|
apiVersion:
|
|
description: API version of the referent.
|
|
type: string
|
|
fieldPath:
|
|
description: 'If referring to a piece of an object instead of an entire
|
|
object, this string should contain a valid JSON/Go field access statement,
|
|
such as desiredState.manifest.containers[2]. For example, if the object
|
|
reference is to a container within a pod, this would take on a value
|
|
like: "spec.containers{name}" (where "name" refers to the name of
|
|
the container that triggered the event) or if no container name is
|
|
specified "spec.containers[2]" (container with index 2 in this pod).
|
|
This syntax is chosen only to have some well-defined way of referencing
|
|
a part of an object. TODO: this design is not final and this field
|
|
is subject to change in the future.'
|
|
type: string
|
|
kind:
|
|
description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
|
type: string
|
|
name:
|
|
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
|
|
type: string
|
|
namespace:
|
|
description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
|
|
type: string
|
|
resourceVersion:
|
|
description: 'Specific resourceVersion to which this reference is made,
|
|
if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
|
|
type: string
|
|
uid:
|
|
description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
|
|
type: string
|
|
type: object
|
|
summary:
|
|
description: PolicyReportSummary provides a summary of results
|
|
properties:
|
|
error:
|
|
type: integer
|
|
fail:
|
|
type: integer
|
|
pass:
|
|
type: integer
|
|
skip:
|
|
type: integer
|
|
warn:
|
|
type: integer
|
|
required:
|
|
- error
|
|
- fail
|
|
- pass
|
|
- skip
|
|
- warn
|
|
type: object
|
|
type: object
|
|
version: v1alpha1
|
|
versions:
|
|
- name: v1alpha1
|
|
served: true
|
|
storage: true
|
|
status:
|
|
acceptedNames:
|
|
kind: ""
|
|
plural: ""
|
|
conditions: []
|
|
storedVersions: []
|