-
Notifications
You must be signed in to change notification settings - Fork 220
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat: Update Kyverno CRDs to current v1.13.0 (#407)
- Loading branch information
Showing
17 changed files
with
24,062 additions
and
14,430 deletions.
There are no files selected for viewing
Large diffs are not rendered by default.
Oops, something went wrong.
Large diffs are not rendered by default.
Oops, something went wrong.
Large diffs are not rendered by default.
Oops, something went wrong.
Large diffs are not rendered by default.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,270 @@ | ||
| { | ||
| "description": "ClusterEphemeralReport is the Schema for the ClusterEphemeralReports API", | ||
| "properties": { | ||
| "apiVersion": { | ||
| "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", | ||
| "type": "string" | ||
| }, | ||
| "kind": { | ||
| "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", | ||
| "type": "string" | ||
| }, | ||
| "metadata": { | ||
| "type": "object" | ||
| }, | ||
| "spec": { | ||
| "properties": { | ||
| "owner": { | ||
| "description": "Owner is a reference to the report owner (e.g. a Deployment, Namespace, or Node)", | ||
| "properties": { | ||
| "apiVersion": { | ||
| "description": "API version of the referent.", | ||
| "type": "string" | ||
| }, | ||
| "blockOwnerDeletion": { | ||
| "description": "If true, AND if the owner has the \"foregroundDeletion\" finalizer, then\nthe owner cannot be deleted from the key-value store until this\nreference is removed.\nSee https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion\nfor how the garbage collector interacts with this field and enforces the foreground deletion.\nDefaults to false.\nTo set this field, a user needs \"delete\" permission of the owner,\notherwise 422 (Unprocessable Entity) will be returned.", | ||
| "type": "boolean" | ||
| }, | ||
| "controller": { | ||
| "description": "If true, this reference points to the managing controller.", | ||
| "type": "boolean" | ||
| }, | ||
| "kind": { | ||
| "description": "Kind of the referent.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", | ||
| "type": "string" | ||
| }, | ||
| "name": { | ||
| "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names", | ||
| "type": "string" | ||
| }, | ||
| "uid": { | ||
| "description": "UID of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids", | ||
| "type": "string" | ||
| } | ||
| }, | ||
| "required": [ | ||
| "apiVersion", | ||
| "kind", | ||
| "name", | ||
| "uid" | ||
| ], | ||
| "type": "object", | ||
| "x-kubernetes-map-type": "atomic", | ||
| "additionalProperties": false | ||
| }, | ||
| "results": { | ||
| "description": "PolicyReportResult provides result details", | ||
| "items": { | ||
| "description": "PolicyReportResult provides the result for an individual policy", | ||
| "properties": { | ||
| "category": { | ||
| "description": "Category indicates policy category", | ||
| "type": "string" | ||
| }, | ||
| "message": { | ||
| "description": "Description is a short user friendly message for the policy rule", | ||
| "type": "string" | ||
| }, | ||
| "policy": { | ||
| "description": "Policy is the name or identifier of the policy", | ||
| "type": "string" | ||
| }, | ||
| "properties": { | ||
| "additionalProperties": { | ||
| "type": "string" | ||
| }, | ||
| "description": "Properties provides additional information for the policy rule", | ||
| "type": "object" | ||
| }, | ||
| "resourceSelector": { | ||
| "description": "SubjectSelector is an optional label selector for checked Kubernetes resources.\nFor example, a policy result may apply to all pods that match a label.\nEither a Subject or a SubjectSelector can be specified.\nIf neither are provided, the result is assumed to be for the policy report scope.", | ||
| "properties": { | ||
| "matchExpressions": { | ||
| "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", | ||
| "items": { | ||
| "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", | ||
| "properties": { | ||
| "key": { | ||
| "description": "key is the label key that the selector applies to.", | ||
| "type": "string" | ||
| }, | ||
| "operator": { | ||
| "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", | ||
| "type": "string" | ||
| }, | ||
| "values": { | ||
| "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", | ||
| "items": { | ||
| "type": "string" | ||
| }, | ||
| "type": "array", | ||
| "x-kubernetes-list-type": "atomic" | ||
| } | ||
| }, | ||
| "required": [ | ||
| "key", | ||
| "operator" | ||
| ], | ||
| "type": "object", | ||
| "additionalProperties": false | ||
| }, | ||
| "type": "array", | ||
| "x-kubernetes-list-type": "atomic" | ||
| }, | ||
| "matchLabels": { | ||
| "additionalProperties": { | ||
| "type": "string" | ||
| }, | ||
| "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", | ||
| "type": "object" | ||
| } | ||
| }, | ||
| "type": "object", | ||
| "x-kubernetes-map-type": "atomic", | ||
| "additionalProperties": false | ||
| }, | ||
| "resources": { | ||
| "description": "Subjects is an optional reference to the checked Kubernetes resources", | ||
| "items": { | ||
| "description": "ObjectReference contains enough information to let you inspect or modify the referred object.", | ||
| "properties": { | ||
| "apiVersion": { | ||
| "description": "API version of the referent.", | ||
| "type": "string" | ||
| }, | ||
| "fieldPath": { | ||
| "description": "If referring to a piece of an object instead of an entire object, this string\nshould contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].\nFor example, if the object reference is to a container within a pod, this would take on a value like:\n\"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered\nthe event) or if no container name is specified \"spec.containers[2]\" (container with\nindex 2 in this pod). This syntax is chosen only to have some well-defined way of\nreferencing a part of an object.", | ||
| "type": "string" | ||
| }, | ||
| "kind": { | ||
| "description": "Kind of the referent.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", | ||
| "type": "string" | ||
| }, | ||
| "name": { | ||
| "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", | ||
| "type": "string" | ||
| }, | ||
| "namespace": { | ||
| "description": "Namespace of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", | ||
| "type": "string" | ||
| }, | ||
| "resourceVersion": { | ||
| "description": "Specific resourceVersion to which this reference is made, if any.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency", | ||
| "type": "string" | ||
| }, | ||
| "uid": { | ||
| "description": "UID of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids", | ||
| "type": "string" | ||
| } | ||
| }, | ||
| "type": "object", | ||
| "x-kubernetes-map-type": "atomic", | ||
| "additionalProperties": false | ||
| }, | ||
| "type": "array" | ||
| }, | ||
| "result": { | ||
| "description": "Result indicates the outcome of the policy rule execution", | ||
| "enum": [ | ||
| "pass", | ||
| "fail", | ||
| "warn", | ||
| "error", | ||
| "skip" | ||
| ], | ||
| "type": "string" | ||
| }, | ||
| "rule": { | ||
| "description": "Rule is the name or identifier of the rule within the policy", | ||
| "type": "string" | ||
| }, | ||
| "scored": { | ||
| "description": "Scored indicates if this result is scored", | ||
| "type": "boolean" | ||
| }, | ||
| "severity": { | ||
| "description": "Severity indicates policy check result criticality", | ||
| "enum": [ | ||
| "critical", | ||
| "high", | ||
| "low", | ||
| "medium", | ||
| "info" | ||
| ], | ||
| "type": "string" | ||
| }, | ||
| "source": { | ||
| "description": "Source is an identifier for the policy engine that manages this report", | ||
| "type": "string" | ||
| }, | ||
| "timestamp": { | ||
| "description": "Timestamp indicates the time the result was found", | ||
| "properties": { | ||
| "nanos": { | ||
| "description": "Non-negative fractions of a second at nanosecond resolution. Negative\nsecond values with fractions must still have non-negative nanos values\nthat count forward in time. Must be from 0 to 999,999,999\ninclusive. This field may be limited in precision depending on context.", | ||
| "format": "int32", | ||
| "type": "integer" | ||
| }, | ||
| "seconds": { | ||
| "description": "Represents seconds of UTC time since Unix epoch\n1970-01-01T00:00:00Z. Must be from 0001-01-01T00:00:00Z to\n9999-12-31T23:59:59Z inclusive.", | ||
| "format": "int64", | ||
| "type": "integer" | ||
| } | ||
| }, | ||
| "required": [ | ||
| "nanos", | ||
| "seconds" | ||
| ], | ||
| "type": "object", | ||
| "additionalProperties": false | ||
| }, | ||
| "additionalProperties": false | ||
| }, | ||
| "required": [ | ||
| "policy" | ||
| ], | ||
| "type": "object", | ||
| "additionalProperties": false | ||
| }, | ||
| "type": "array" | ||
| }, | ||
| "summary": { | ||
| "description": "PolicyReportSummary provides a summary of results", | ||
| "properties": { | ||
| "error": { | ||
| "description": "Error provides the count of policies that could not be evaluated", | ||
| "type": "integer" | ||
| }, | ||
| "fail": { | ||
| "description": "Fail provides the count of policies whose requirements were not met", | ||
| "type": "integer" | ||
| }, | ||
| "pass": { | ||
| "description": "Pass provides the count of policies whose requirements were met", | ||
| "type": "integer" | ||
| }, | ||
| "skip": { | ||
| "description": "Skip indicates the count of policies that were not selected for evaluation", | ||
| "type": "integer" | ||
| }, | ||
| "warn": { | ||
| "description": "Warn provides the count of non-scored policies whose requirements were not met", | ||
| "type": "integer" | ||
| } | ||
| }, | ||
| "type": "object", | ||
| "additionalProperties": false | ||
| } | ||
| }, | ||
| "required": [ | ||
| "owner" | ||
| ], | ||
| "type": "object", | ||
| "additionalProperties": false | ||
| } | ||
| }, | ||
| "required": [ | ||
| "spec" | ||
| ], | ||
| "type": "object" | ||
| } |
Oops, something went wrong.