mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-09 17:37:12 +00:00
Code Activity
kyverno/docs/user/crd/kyverno.v2alpha1.html
shuting 0548d09c21
feat: add status.autogen (#12109) 
* feat: add status.autogen

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* chore: update codegen

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* chore: update codegen

Signed-off-by: ShutingZhao <shuting@nirmata.com>

---------

Signed-off-by: ShutingZhao <shuting@nirmata.com>
2025-02-07 22:22:49 +05:30

1900 lines
31 KiB
HTML
Raw Blame History

<html lang="en">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/4.3.1/css/bootstrap.min.css">
<style>
.bg-blue {
color: #ffffff;
background-color: #1589dd;
}
</style>
</head>
<body>
<div class="container">
<h2 id="kyverno-io-v2alpha1">Package: <span style="font-family: monospace">kyverno.io/v2alpha1</span></h2>
<p></p>
<h3>Resource Types:</h3>
<ul><li>
<a href="#kyverno-io-v2alpha1-CELPolicyException">CELPolicyException</a>
</li><li>
<a href="#kyverno-io-v2alpha1-GlobalContextEntry">GlobalContextEntry</a>
</li><li>
<a href="#kyverno-io-v2alpha1-ValidatingPolicy">ValidatingPolicy</a>
</li></ul>
<H3 id="kyverno-io-v2alpha1-CELPolicyException">CELPolicyException
</H3>
<p><p>PolicyException declares resources to be excluded from specified policies.</p>
</p>
<table class="table table-striped">
<thead class="thead-dark">
<tr>
<th>Field</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><code>apiVersion</code></br>string</td>
<td><code>kyverno.io/v2alpha1</code></td>
</tr>
<tr>
<td><code>kind</code></br>string</td>
<td><code>CELPolicyException</code></td>
</tr>
<tr>
<td><code>metadata</code>
<span style="color:blue;"> *</span>
</br>
<span style="font-family: monospace">meta/v1.ObjectMeta</span>
</td>
<td>
Refer to the Kubernetes API documentation for the fields of the
<code>metadata</code> field.
</td>
</tr>
<tr>
<td><code>spec</code>
<span style="color:blue;"> *</span>
</br>
<a href="#kyverno-io-v2alpha1-CELPolicyExceptionSpec">
<span style="font-family: monospace">CELPolicyExceptionSpec</span>
</a>
</td>
<td>
<p>Spec declares policy exception behaviors.</p>
<br/>
<br/>
<table>
<tr>
<td><code>policyRefs</code>
<span style="color:blue;"> *</span>
</br>
<a href="#kyverno-io-v2alpha1-PolicyRef">
<span style="font-family: monospace">[]PolicyRef</span>
</a>
</td>
<td>
<p>PolicyRefs identifies the policies to which the exception is applied.</p>
</td>
</tr>
<tr>
<td><code>matchConditions</code>
</br>
<span style="font-family: monospace">[]admissionregistration/v1.MatchCondition</span>
</td>
<td>
<p>MatchConditions is a list of CEL expressions that must be met for a resource to be excluded.</p>
</td>
</tr>
</table>
</td>
</tr>
</tbody>
</table>
<H3 id="kyverno-io-v2alpha1-GlobalContextEntry">GlobalContextEntry
</H3>
<p><p>GlobalContextEntry declares resources to be cached.</p>
</p>
<table class="table table-striped">
<thead class="thead-dark">
<tr>
<th>Field</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><code>apiVersion</code></br>string</td>
<td><code>kyverno.io/v2alpha1</code></td>
</tr>
<tr>
<td><code>kind</code></br>string</td>
<td><code>GlobalContextEntry</code></td>
</tr>
<tr>
<td><code>metadata</code>
<span style="color:blue;"> *</span>
</br>
<span style="font-family: monospace">meta/v1.ObjectMeta</span>
</td>
<td>
Refer to the Kubernetes API documentation for the fields of the
<code>metadata</code> field.
</td>
</tr>
<tr>
<td><code>spec</code>
<span style="color:blue;"> *</span>
</br>
<a href="#kyverno-io-v2alpha1-GlobalContextEntrySpec">
<span style="font-family: monospace">GlobalContextEntrySpec</span>
</a>
</td>
<td>
<p>Spec declares policy exception behaviors.</p>
<br/>
<br/>
<table>
<tr>
<td><code>kubernetesResource</code>
<span style="color:blue;"> *</span>
</br>
<a href="#kyverno-io-v2alpha1-KubernetesResource">
<span style="font-family: monospace">KubernetesResource</span>
</a>
</td>
<td>
<p>Stores a list of Kubernetes resources which will be cached.
Mutually exclusive with APICall.</p>
</td>
</tr>
<tr>
<td><code>apiCall</code>
<span style="color:blue;"> *</span>
</br>
<a href="#kyverno-io-v2alpha1-ExternalAPICall">
<span style="font-family: monospace">ExternalAPICall</span>
</a>
</td>
<td>
<p>Stores results from an API call which will be cached.
Mutually exclusive with KubernetesResource.
This can be used to make calls to external (non-Kubernetes API server) services.
It can also be used to make calls to the Kubernetes API server in such cases:</p>
<ol>
<li>A POST is needed to create a resource.</li>
<li>Finer-grained control is needed. Example: To restrict the number of resources cached.</li>
</ol>
</td>
</tr>
</table>
</td>
</tr>
<tr>
<td><code>status</code>
</br>
<a href="#kyverno-io-v2alpha1-GlobalContextEntryStatus">
<span style="font-family: monospace">GlobalContextEntryStatus</span>
</a>
</td>
<td>
<p>Status contains globalcontextentry runtime data.</p>
</td>
</tr>
</tbody>
</table>
<H3 id="kyverno-io-v2alpha1-ValidatingPolicy">ValidatingPolicy
</H3>
<p></p>
<table class="table table-striped">
<thead class="thead-dark">
<tr>
<th>Field</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><code>apiVersion</code></br>string</td>
<td><code>kyverno.io/v2alpha1</code></td>
</tr>
<tr>
<td><code>kind</code></br>string</td>
<td><code>ValidatingPolicy</code></td>
</tr>
<tr>
<td><code>metadata</code>
<span style="color:blue;"> *</span>
</br>
<span style="font-family: monospace">meta/v1.ObjectMeta</span>
</td>
<td>
Refer to the Kubernetes API documentation for the fields of the
<code>metadata</code> field.
</td>
</tr>
<tr>
<td><code>spec</code>
<span style="color:blue;"> *</span>
</br>
<a href="#kyverno-io-v2alpha1-ValidatingPolicySpec">
<span style="font-family: monospace">ValidatingPolicySpec</span>
</a>
</td>
<td>
<br/>
<br/>
<table>
<tr>
<td><code>ValidatingAdmissionPolicySpec</code>
<span style="color:blue;"> *</span>
</br>
<span style="font-family: monospace">admissionregistration/v1.ValidatingAdmissionPolicySpec</span>
</td>
<td>
<p>(Members of <code>ValidatingAdmissionPolicySpec</code> are embedded into this type.)</p>
</td>
</tr>
<tr>
<td><code>validationActions</code>
<span style="color:blue;"> *</span>
</br>
<span style="font-family: monospace">[]admissionregistration/v1.ValidationAction</span>
</td>
<td>
<p>ValidationAction specifies the action to be taken when the matched resource violates the policy.
Required.</p>
</td>
</tr>
<tr>
<td><code>webhookConfiguration</code>
</br>
<a href="#kyverno-io-v2alpha1-WebhookConfiguration">
<span style="font-family: monospace">WebhookConfiguration</span>
</a>
</td>
<td>
<p>WebhookConfiguration defines the configuration for the webhook.</p>
</td>
</tr>
</table>
</td>
</tr>
<tr>
<td><code>status</code>
</br>
<a href="#kyverno-io-v2alpha1-PolicyStatus">
<span style="font-family: monospace">PolicyStatus</span>
</a>
</td>
<td>
<p>Status contains policy runtime data.</p>
</td>
</tr>
</tbody>
</table>
<H3 id="kyverno-io-v2alpha1-AutogenRule">AutogenRule
</H3>
<p>
(<em>Appears in:</em>
<a href="#kyverno-io-v2alpha1-AutogenStatus">AutogenStatus</a>)
</p>
<p></p>
<table class="table table-striped">
<thead class="thead-dark">
<tr>
<th>Field</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><code>matchConstraints</code>
<span style="color:blue;"> *</span>
</br>
<span style="font-family: monospace">admissionregistration/v1.MatchResources</span>
</td>
<td>
</td>
</tr>
<tr>
<td><code>matchConditions</code>
<span style="color:blue;"> *</span>
</br>
<span style="font-family: monospace">[]admissionregistration/v1.MatchCondition</span>
</td>
<td>
</td>
</tr>
<tr>
<td><code>validations</code>
<span style="color:blue;"> *</span>
</br>
<span style="font-family: monospace">[]admissionregistration/v1.Validation</span>
</td>
<td>
</td>
</tr>
<tr>
<td><code>auditAnnotations</code>
<span style="color:blue;"> *</span>
</br>
<span style="font-family: monospace">[]admissionregistration/v1.AuditAnnotation</span>
</td>
<td>
</td>
</tr>
<tr>
<td><code>variables</code>
<span style="color:blue;"> *</span>
</br>
<span style="font-family: monospace">[]admissionregistration/v1.Variable</span>
</td>
<td>
</td>
</tr>
</tbody>
</table>
<H3 id="kyverno-io-v2alpha1-AutogenStatus">AutogenStatus
</H3>
<p>
(<em>Appears in:</em>
<a href="#kyverno-io-v2alpha1-PolicyStatus">PolicyStatus</a>)
</p>
<p><p>AutogenStatus contains autogen status information.</p>
</p>
<table class="table table-striped">
<thead class="thead-dark">
<tr>
<th>Field</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><code>rules</code>
<span style="color:blue;"> *</span>
</br>
<a href="#kyverno-io-v2alpha1-AutogenRule">
<span style="font-family: monospace">[]AutogenRule</span>
</a>
</td>
<td>
<p>Rules is a list of Rule instances. It contains auto generated rules added for pod controllers</p>
</td>
</tr>
</tbody>
</table>
<H3 id="kyverno-io-v2alpha1-CELPolicyExceptionSpec">CELPolicyExceptionSpec
</H3>
<p>
(<em>Appears in:</em>
<a href="#kyverno-io-v2alpha1-CELPolicyException">CELPolicyException</a>)
</p>
<p><p>PolicyExceptionSpec stores policy exception spec</p>
</p>
<table class="table table-striped">
<thead class="thead-dark">
<tr>
<th>Field</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><code>policyRefs</code>
<span style="color:blue;"> *</span>
</br>
<a href="#kyverno-io-v2alpha1-PolicyRef">
<span style="font-family: monospace">[]PolicyRef</span>
</a>
</td>
<td>
<p>PolicyRefs identifies the policies to which the exception is applied.</p>
</td>
</tr>
<tr>
<td><code>matchConditions</code>
</br>
<span style="font-family: monospace">[]admissionregistration/v1.MatchCondition</span>
</td>
<td>
<p>MatchConditions is a list of CEL expressions that must be met for a resource to be excluded.</p>
</td>
</tr>
</tbody>
</table>
<H3 id="kyverno-io-v2alpha1-ExternalAPICall">ExternalAPICall
</H3>
<p>
(<em>Appears in:</em>
<a href="#kyverno-io-v2alpha1-GlobalContextEntrySpec">GlobalContextEntrySpec</a>)
</p>
<p></p>
<table class="table table-striped">
<thead class="thead-dark">
<tr>
<th>Field</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><code>APICall</code>
<span style="color:blue;"> *</span>
</br>
<a href="#kyverno-io-v1-APICall">
<span style="font-family: monospace">APICall</span>
</a>
</td>
<td>
<p>(Members of <code>APICall</code> are embedded into this type.)</p>
</td>
</tr>
<tr>
<td><code>refreshInterval</code>
<span style="color:blue;"> *</span>
</br>
<span style="font-family: monospace">meta/v1.Duration</span>
</td>
<td>
<p>RefreshInterval defines the interval in duration at which to poll the APICall.
The duration is a sequence of decimal numbers, each with optional fraction and a unit suffix,
such as &quot;300ms&quot;, &quot;1.5h&quot; or &quot;2h45m&quot;. Valid time units are &quot;ns&quot;, &quot;us&quot; (or &quot;µs&quot;), &quot;ms&quot;, &quot;s&quot;, &quot;m&quot;, &quot;h&quot;.</p>
</td>
</tr>
<tr>
<td><code>retryLimit</code>
</br>
<span style="font-family: monospace">int</span>
</td>
<td>
<p>RetryLimit defines the number of times the APICall should be retried in case of failure.</p>
</td>
</tr>
</tbody>
</table>
<H3 id="kyverno-io-v2alpha1-GlobalContextEntrySpec">GlobalContextEntrySpec
</H3>
<p>
(<em>Appears in:</em>
<a href="#kyverno-io-v2alpha1-GlobalContextEntry">GlobalContextEntry</a>)
</p>
<p><p>GlobalContextEntrySpec stores policy exception spec</p>
</p>
<table class="table table-striped">
<thead class="thead-dark">
<tr>
<th>Field</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><code>kubernetesResource</code>
<span style="color:blue;"> *</span>
</br>
<a href="#kyverno-io-v2alpha1-KubernetesResource">
<span style="font-family: monospace">KubernetesResource</span>
</a>
</td>
<td>
<p>Stores a list of Kubernetes resources which will be cached.
Mutually exclusive with APICall.</p>
</td>
</tr>
<tr>
<td><code>apiCall</code>
<span style="color:blue;"> *</span>
</br>
<a href="#kyverno-io-v2alpha1-ExternalAPICall">
<span style="font-family: monospace">ExternalAPICall</span>
</a>
</td>
<td>
<p>Stores results from an API call which will be cached.
Mutually exclusive with KubernetesResource.
This can be used to make calls to external (non-Kubernetes API server) services.
It can also be used to make calls to the Kubernetes API server in such cases:</p>
<ol>
<li>A POST is needed to create a resource.</li>
<li>Finer-grained control is needed. Example: To restrict the number of resources cached.</li>
</ol>
</td>
</tr>
</tbody>
</table>
<H3 id="kyverno-io-v2alpha1-GlobalContextEntryStatus">GlobalContextEntryStatus
</H3>
<p>
(<em>Appears in:</em>
<a href="#kyverno-io-v2alpha1-GlobalContextEntry">GlobalContextEntry</a>)
</p>
<p></p>
<table class="table table-striped">
<thead class="thead-dark">
<tr>
<th>Field</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><code>ready</code>
<span style="color:blue;"> *</span>
</br>
<span style="font-family: monospace">bool</span>
</td>
<td>
<p>Deprecated in favor of Conditions</p>
</td>
</tr>
<tr>
<td><code>conditions</code>
</br>
<span style="font-family: monospace">[]meta/v1.Condition</span>
</td>
<td>
</td>
</tr>
<tr>
<td><code>lastRefreshTime</code>
</br>
<span style="font-family: monospace">meta/v1.Time</span>
</td>
<td>
<p>Indicates the time when the globalcontextentry was last refreshed successfully for the API Call</p>
</td>
</tr>
</tbody>
</table>
<H3 id="kyverno-io-v2alpha1-KubernetesResource">KubernetesResource
</H3>
<p>
(<em>Appears in:</em>
<a href="#kyverno-io-v2alpha1-GlobalContextEntrySpec">GlobalContextEntrySpec</a>)
</p>
<p><p>KubernetesResource stores infos about kubernetes resource that should be cached</p>
</p>
<table class="table table-striped">
<thead class="thead-dark">
<tr>
<th>Field</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><code>group</code>
<span style="color:blue;"> *</span>
</br>
<span style="font-family: monospace">string</span>
</td>
<td>
<p>Group defines the group of the resource.</p>
</td>
</tr>
<tr>
<td><code>version</code>
<span style="color:blue;"> *</span>
</br>
<span style="font-family: monospace">string</span>
</td>
<td>
<p>Version defines the version of the resource.</p>
</td>
</tr>
<tr>
<td><code>resource</code>
<span style="color:blue;"> *</span>
</br>
<span style="font-family: monospace">string</span>
</td>
<td>
<p>Resource defines the type of the resource.
Requires the pluralized form of the resource kind in lowercase. (Ex., &quot;deployments&quot;)</p>
</td>
</tr>
<tr>
<td><code>namespace</code>
</br>
<span style="font-family: monospace">string</span>
</td>
<td>
<p>Namespace defines the namespace of the resource. Leave empty for cluster scoped resources.
If left empty for namespaced resources, all resources from all namespaces will be cached.</p>
</td>
</tr>
</tbody>
</table>
<H3 id="kyverno-io-v2alpha1-PolicyRef">PolicyRef
</H3>
<p>
(<em>Appears in:</em>
<a href="#kyverno-io-v2alpha1-CELPolicyExceptionSpec">CELPolicyExceptionSpec</a>)
</p>
<p></p>
<table class="table table-striped">
<thead class="thead-dark">
<tr>
<th>Field</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><code>name</code>
<span style="color:blue;"> *</span>
</br>
<span style="font-family: monospace">string</span>
</td>
<td>
<p>Name is the name of the policy</p>
</td>
</tr>
<tr>
<td><code>kind</code>
<span style="color:blue;"> *</span>
</br>
<span style="font-family: monospace">string</span>
</td>
<td>
<p>Kind is the kind of the policy</p>
</td>
</tr>
</tbody>
</table>
<H3 id="kyverno-io-v2alpha1-PolicyStatus">PolicyStatus
</H3>
<p>
(<em>Appears in:</em>
<a href="#kyverno-io-v2alpha1-ValidatingPolicy">ValidatingPolicy</a>)
</p>
<p></p>
<table class="table table-striped">
<thead class="thead-dark">
<tr>
<th>Field</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><code>ready</code>
</br>
<span style="font-family: monospace">bool</span>
</td>
<td>
<p>The ready of a policy is a high-level summary of where the policy is in its lifecycle.
The conditions array, the reason and message fields contain more detail about the policy's status.</p>
</td>
</tr>
<tr>
<td><code>conditions</code>
</br>
<span style="font-family: monospace">[]meta/v1.Condition</span>
</td>
<td>
</td>
</tr>
<tr>
<td><code>autogen</code>
</br>
<a href="#kyverno-io-v2alpha1-AutogenStatus">
<span style="font-family: monospace">AutogenStatus</span>
</a>
</td>
<td>
</td>
</tr>
</tbody>
</table>
<H3 id="kyverno-io-v2alpha1-ValidatingPolicySpec">ValidatingPolicySpec
</H3>
<p>
(<em>Appears in:</em>
<a href="#kyverno-io-v2alpha1-ValidatingPolicy">ValidatingPolicy</a>)
</p>
<p><p>ValidatingPolicySpec is the specification of the desired behavior of the ValidatingPolicy.</p>
</p>
<table class="table table-striped">
<thead class="thead-dark">
<tr>
<th>Field</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><code>ValidatingAdmissionPolicySpec</code>
<span style="color:blue;"> *</span>
</br>
<span style="font-family: monospace">admissionregistration/v1.ValidatingAdmissionPolicySpec</span>
</td>
<td>
<p>(Members of <code>ValidatingAdmissionPolicySpec</code> are embedded into this type.)</p>
</td>
</tr>
<tr>
<td><code>validationActions</code>
<span style="color:blue;"> *</span>
</br>
<span style="font-family: monospace">[]admissionregistration/v1.ValidationAction</span>
</td>
<td>
<p>ValidationAction specifies the action to be taken when the matched resource violates the policy.
Required.</p>
</td>
</tr>
<tr>
<td><code>webhookConfiguration</code>
</br>
<a href="#kyverno-io-v2alpha1-WebhookConfiguration">
<span style="font-family: monospace">WebhookConfiguration</span>
</a>
</td>
<td>
<p>WebhookConfiguration defines the configuration for the webhook.</p>
</td>
</tr>
</tbody>
</table>
<H3 id="kyverno-io-v2alpha1-WebhookConfiguration">WebhookConfiguration
</H3>
<p>
(<em>Appears in:</em>
<a href="#kyverno-io-v2alpha1-ValidatingPolicySpec">ValidatingPolicySpec</a>)
</p>
<p></p>
<table class="table table-striped">
<thead class="thead-dark">
<tr>
<th>Field</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><code>timeoutSeconds</code>
<span style="color:blue;"> *</span>
</br>
<span style="font-family: monospace">int32</span>
</td>
<td>
<p>TimeoutSeconds specifies the maximum time in seconds allowed to apply this policy.
After the configured time expires, the admission request may fail, or may simply ignore the policy results,
based on the failure policy. The default timeout is 10s, the value must be between 1 and 30 seconds.</p>
</td>
</tr>
</tbody>
</table>
<hr />
</div>
</body>
</html>
View git blame Copy permalink