mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-09 09:26:54 +00:00
Code Activity
kyverno/docs/user/crd/kyverno.v2alpha1.html
shuting 97ed53f6bb
feat: register webhook configurations for validatingpolicies (#11892) 
* feat: add spec.webhookConfiguration

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* chore: refactor build webhook for kyverno policies

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* chore: update yamls

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* chore: add listers

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* feat: update api

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* chore: remove matchPolicy

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* chore: update crd yaml

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* chore: add short name

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* chore: update deepcopy

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* chore: upadte spec

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* chore: fix description

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* chore: add missing files

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* feat: register webhook for validatingpolicies

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* chore: fix import

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* chore: add unit tests

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* chore: update docs

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* chore: update manifests

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* chore: update unit tests

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* chore: update manifests

Signed-off-by: ShutingZhao <shuting@nirmata.com>

---------

Signed-off-by: ShutingZhao <shuting@nirmata.com>
2025-01-17 11:33:47 +02:00

1089 lines
18 KiB
HTML
Raw Blame History

<html lang="en">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/4.3.1/css/bootstrap.min.css">
<style>
.bg-blue {
color: #ffffff;
background-color: #1589dd;
}
</style>
</head>
<body>
<div class="container">
<h2 id="kyverno-io-v2alpha1">Package: <span style="font-family: monospace">kyverno.io/v2alpha1</span></h2>
<p></p>
<h3>Resource Types:</h3>
<ul><li>
<a href="#kyverno-io-v2alpha1-GlobalContextEntry">GlobalContextEntry</a>
</li><li>
<a href="#kyverno-io-v2alpha1-ValidatingPolicy">ValidatingPolicy</a>
</li></ul>
<H3 id="kyverno-io-v2alpha1-GlobalContextEntry">GlobalContextEntry
</H3>
<p><p>GlobalContextEntry declares resources to be cached.</p>
</p>
<table class="table table-striped">
<thead class="thead-dark">
<tr>
<th>Field</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><code>apiVersion</code></br>string</td>
<td><code>kyverno.io/v2alpha1</code></td>
</tr>
<tr>
<td><code>kind</code></br>string</td>
<td><code>GlobalContextEntry</code></td>
</tr>
<tr>
<td><code>metadata</code>
<span style="color:blue;"> *</span>
</br>
<span style="font-family: monospace">meta/v1.ObjectMeta</span>
</td>
<td>
Refer to the Kubernetes API documentation for the fields of the
<code>metadata</code> field.
</td>
</tr>
<tr>
<td><code>spec</code>
<span style="color:blue;"> *</span>
</br>
<a href="#kyverno-io-v2alpha1-GlobalContextEntrySpec">
<span style="font-family: monospace">GlobalContextEntrySpec</span>
</a>
</td>
<td>
<p>Spec declares policy exception behaviors.</p>
<br/>
<br/>
<table>
<tr>
<td><code>kubernetesResource</code>
<span style="color:blue;"> *</span>
</br>
<a href="#kyverno-io-v2alpha1-KubernetesResource">
<span style="font-family: monospace">KubernetesResource</span>
</a>
</td>
<td>
<p>Stores a list of Kubernetes resources which will be cached.
Mutually exclusive with APICall.</p>
</td>
</tr>
<tr>
<td><code>apiCall</code>
<span style="color:blue;"> *</span>
</br>
<a href="#kyverno-io-v2alpha1-ExternalAPICall">
<span style="font-family: monospace">ExternalAPICall</span>
</a>
</td>
<td>
<p>Stores results from an API call which will be cached.
Mutually exclusive with KubernetesResource.
This can be used to make calls to external (non-Kubernetes API server) services.
It can also be used to make calls to the Kubernetes API server in such cases:</p>
<ol>
<li>A POST is needed to create a resource.</li>
<li>Finer-grained control is needed. Example: To restrict the number of resources cached.</li>
</ol>
</td>
</tr>
</table>
</td>
</tr>
<tr>
<td><code>status</code>
</br>
<a href="#kyverno-io-v2alpha1-GlobalContextEntryStatus">
<span style="font-family: monospace">GlobalContextEntryStatus</span>
</a>
</td>
<td>
<p>Status contains globalcontextentry runtime data.</p>
</td>
</tr>
</tbody>
</table>
<H3 id="kyverno-io-v2alpha1-ValidatingPolicy">ValidatingPolicy
</H3>
<p></p>
<table class="table table-striped">
<thead class="thead-dark">
<tr>
<th>Field</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><code>apiVersion</code></br>string</td>
<td><code>kyverno.io/v2alpha1</code></td>
</tr>
<tr>
<td><code>kind</code></br>string</td>
<td><code>ValidatingPolicy</code></td>
</tr>
<tr>
<td><code>metadata</code>
<span style="color:blue;"> *</span>
</br>
<span style="font-family: monospace">meta/v1.ObjectMeta</span>
</td>
<td>
Refer to the Kubernetes API documentation for the fields of the
<code>metadata</code> field.
</td>
</tr>
<tr>
<td><code>spec</code>
<span style="color:blue;"> *</span>
</br>
<a href="#kyverno-io-v2alpha1-ValidatingPolicySpec">
<span style="font-family: monospace">ValidatingPolicySpec</span>
</a>
</td>
<td>
<br/>
<br/>
<table>
<tr>
<td><code>ValidatingAdmissionPolicySpec</code>
<span style="color:blue;"> *</span>
</br>
<span style="font-family: monospace">admissionregistration/v1.ValidatingAdmissionPolicySpec</span>
</td>
<td>
<p>(Members of <code>ValidatingAdmissionPolicySpec</code> are embedded into this type.)</p>
</td>
</tr>
<tr>
<td><code>webhookConfiguration</code>
</br>
<a href="#kyverno-io-v2alpha1-WebhookConfiguration">
<span style="font-family: monospace">WebhookConfiguration</span>
</a>
</td>
<td>
<p>WebhookConfiguration defines the configuration for the webhook.</p>
</td>
</tr>
</table>
</td>
</tr>
</tbody>
</table>
<H3 id="kyverno-io-v2alpha1-ExternalAPICall">ExternalAPICall
</H3>
<p>
(<em>Appears in:</em>
<a href="#kyverno-io-v2alpha1-GlobalContextEntrySpec">GlobalContextEntrySpec</a>)
</p>
<p></p>
<table class="table table-striped">
<thead class="thead-dark">
<tr>
<th>Field</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><code>APICall</code>
<span style="color:blue;"> *</span>
</br>
<a href="#kyverno-io-v1-APICall">
<span style="font-family: monospace">APICall</span>
</a>
</td>
<td>
<p>(Members of <code>APICall</code> are embedded into this type.)</p>
</td>
</tr>
<tr>
<td><code>refreshInterval</code>
<span style="color:blue;"> *</span>
</br>
<span style="font-family: monospace">meta/v1.Duration</span>
</td>
<td>
<p>RefreshInterval defines the interval in duration at which to poll the APICall.
The duration is a sequence of decimal numbers, each with optional fraction and a unit suffix,
such as &quot;300ms&quot;, &quot;1.5h&quot; or &quot;2h45m&quot;. Valid time units are &quot;ns&quot;, &quot;us&quot; (or &quot;µs&quot;), &quot;ms&quot;, &quot;s&quot;, &quot;m&quot;, &quot;h&quot;.</p>
</td>
</tr>
<tr>
<td><code>retryLimit</code>
</br>
<span style="font-family: monospace">int</span>
</td>
<td>
<p>RetryLimit defines the number of times the APICall should be retried in case of failure.</p>
</td>
</tr>
</tbody>
</table>
<H3 id="kyverno-io-v2alpha1-GlobalContextEntrySpec">GlobalContextEntrySpec
</H3>
<p>
(<em>Appears in:</em>
<a href="#kyverno-io-v2alpha1-GlobalContextEntry">GlobalContextEntry</a>)
</p>
<p><p>GlobalContextEntrySpec stores policy exception spec</p>
</p>
<table class="table table-striped">
<thead class="thead-dark">
<tr>
<th>Field</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><code>kubernetesResource</code>
<span style="color:blue;"> *</span>
</br>
<a href="#kyverno-io-v2alpha1-KubernetesResource">
<span style="font-family: monospace">KubernetesResource</span>
</a>
</td>
<td>
<p>Stores a list of Kubernetes resources which will be cached.
Mutually exclusive with APICall.</p>
</td>
</tr>
<tr>
<td><code>apiCall</code>
<span style="color:blue;"> *</span>
</br>
<a href="#kyverno-io-v2alpha1-ExternalAPICall">
<span style="font-family: monospace">ExternalAPICall</span>
</a>
</td>
<td>
<p>Stores results from an API call which will be cached.
Mutually exclusive with KubernetesResource.
This can be used to make calls to external (non-Kubernetes API server) services.
It can also be used to make calls to the Kubernetes API server in such cases:</p>
<ol>
<li>A POST is needed to create a resource.</li>
<li>Finer-grained control is needed. Example: To restrict the number of resources cached.</li>
</ol>
</td>
</tr>
</tbody>
</table>
<H3 id="kyverno-io-v2alpha1-GlobalContextEntryStatus">GlobalContextEntryStatus
</H3>
<p>
(<em>Appears in:</em>
<a href="#kyverno-io-v2alpha1-GlobalContextEntry">GlobalContextEntry</a>)
</p>
<p></p>
<table class="table table-striped">
<thead class="thead-dark">
<tr>
<th>Field</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><code>ready</code>
<span style="color:blue;"> *</span>
</br>
<span style="font-family: monospace">bool</span>
</td>
<td>
<p>Deprecated in favor of Conditions</p>
</td>
</tr>
<tr>
<td><code>conditions</code>
</br>
<span style="font-family: monospace">[]meta/v1.Condition</span>
</td>
<td>
</td>
</tr>
<tr>
<td><code>lastRefreshTime</code>
</br>
<span style="font-family: monospace">meta/v1.Time</span>
</td>
<td>
<p>Indicates the time when the globalcontextentry was last refreshed successfully for the API Call</p>
</td>
</tr>
</tbody>
</table>
<H3 id="kyverno-io-v2alpha1-KubernetesResource">KubernetesResource
</H3>
<p>
(<em>Appears in:</em>
<a href="#kyverno-io-v2alpha1-GlobalContextEntrySpec">GlobalContextEntrySpec</a>)
</p>
<p><p>KubernetesResource stores infos about kubernetes resource that should be cached</p>
</p>
<table class="table table-striped">
<thead class="thead-dark">
<tr>
<th>Field</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><code>group</code>
<span style="color:blue;"> *</span>
</br>
<span style="font-family: monospace">string</span>
</td>
<td>
<p>Group defines the group of the resource.</p>
</td>
</tr>
<tr>
<td><code>version</code>
<span style="color:blue;"> *</span>
</br>
<span style="font-family: monospace">string</span>
</td>
<td>
<p>Version defines the version of the resource.</p>
</td>
</tr>
<tr>
<td><code>resource</code>
<span style="color:blue;"> *</span>
</br>
<span style="font-family: monospace">string</span>
</td>
<td>
<p>Resource defines the type of the resource.
Requires the pluralized form of the resource kind in lowercase. (Ex., &quot;deployments&quot;)</p>
</td>
</tr>
<tr>
<td><code>namespace</code>
</br>
<span style="font-family: monospace">string</span>
</td>
<td>
<p>Namespace defines the namespace of the resource. Leave empty for cluster scoped resources.
If left empty for namespaced resources, all resources from all namespaces will be cached.</p>
</td>
</tr>
</tbody>
</table>
<H3 id="kyverno-io-v2alpha1-ValidatingPolicySpec">ValidatingPolicySpec
</H3>
<p>
(<em>Appears in:</em>
<a href="#kyverno-io-v2alpha1-ValidatingPolicy">ValidatingPolicy</a>)
</p>
<p><p>ValidatingPolicySpec is the specification of the desired behavior of the ValidatingPolicy.</p>
</p>
<table class="table table-striped">
<thead class="thead-dark">
<tr>
<th>Field</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><code>ValidatingAdmissionPolicySpec</code>
<span style="color:blue;"> *</span>
</br>
<span style="font-family: monospace">admissionregistration/v1.ValidatingAdmissionPolicySpec</span>
</td>
<td>
<p>(Members of <code>ValidatingAdmissionPolicySpec</code> are embedded into this type.)</p>
</td>
</tr>
<tr>
<td><code>webhookConfiguration</code>
</br>
<a href="#kyverno-io-v2alpha1-WebhookConfiguration">
<span style="font-family: monospace">WebhookConfiguration</span>
</a>
</td>
<td>
<p>WebhookConfiguration defines the configuration for the webhook.</p>
</td>
</tr>
</tbody>
</table>
<H3 id="kyverno-io-v2alpha1-WebhookConfiguration">WebhookConfiguration
</H3>
<p>
(<em>Appears in:</em>
<a href="#kyverno-io-v2alpha1-ValidatingPolicySpec">ValidatingPolicySpec</a>)
</p>
<p></p>
<table class="table table-striped">
<thead class="thead-dark">
<tr>
<th>Field</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><code>timeoutSeconds</code>
<span style="color:blue;"> *</span>
</br>
<span style="font-family: monospace">int32</span>
</td>
<td>
<p>TimeoutSeconds specifies the maximum time in seconds allowed to apply this policy.
After the configured time expires, the admission request may fail, or may simply ignore the policy results,
based on the failure policy. The default timeout is 10s, the value must be between 1 and 30 seconds.</p>
</td>
</tr>
</tbody>
</table>
<hr />
</div>
</body>
</html>
View git blame Copy permalink