APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
Spec declares policy behaviors.
Conditions defines the conditions used to select the resources which will be cleaned up.
[...{
key?: null | bool | number | string | [...] | {
...
}
message?: string
operator?: "Equals" | "NotEquals" | "AnyIn" | "AllIn" | "AnyNotIn" | "AllNotIn" | "GreaterThanOrEquals" | "GreaterThan" | "LessThanOrEquals" | "LessThan" | "DurationGreaterThanOrEquals" | "DurationGreaterThan" | "DurationLessThanOrEquals" | "DurationLessThan"
value?: null | bool | number | string | [...] | {
...
}
}]AllConditions enable variable-based conditional rule execution. This is useful for finer control of when an rule is applied. A condition can reference object data using JMESPath notation. Here, all of the conditions need to pass.
[...{
key?: null | bool | number | string | [...] | {
...
}
message?: string
operator?: "Equals" | "NotEquals" | "AnyIn" | "AllIn" | "AnyNotIn" | "AllNotIn" | "GreaterThanOrEquals" | "GreaterThan" | "LessThanOrEquals" | "LessThan" | "DurationGreaterThanOrEquals" | "DurationGreaterThan" | "DurationLessThanOrEquals" | "DurationLessThan"
value?: null | bool | number | string | [...] | {
...
}
}]AnyConditions enable variable-based conditional rule execution. This is useful for finer control of when an rule is applied. A condition can reference object data using JMESPath notation. Here, at least one of the conditions need to pass.
[...matchN(1, [{
configMap!: _
}, {
apiCall!: _
}, {
imageRegistry!: _
}, {
variable!: _
}, {
globalReference!: _
}]) & {
apiCall?: {
data?: [...{
key!: string
value!: null | bool | number | string | [...] | {
...
}
}]
default?: null | bool | number | string | [...] | {
...
}
jmesPath?: string
method?: "GET" | "POST"
service?: {
caBundle?: string
headers?: [...{
key!: string
value!: string
}]
url!: string
}
urlPath?: string
}
configMap?: {
name!: string
namespace?: string
}
globalReference?: {
jmesPath?: string
name!: string
}
imageRegistry?: {
imageRegistryCredentials?: {
allowInsecureRegistry?: bool
providers?: [..."default" | "amazon" | "azure" | "google" | "github"]
secrets?: [...string]
}
jmesPath?: string
reference!: string
}
name!: string
variable?: {
default?: null | bool | number | string | [...] | {
...
}
jmesPath?: string
value?: null | bool | number | string | [...] | {
...
}
}
}]Context defines variables and data sources that can be used during rule execution.
ExcludeResources defines when cleanuppolicy should not be applied. The exclude criteria can include resource information (e.g. kind, name, namespace, labels) and admission review request information like the name or role.
[...{
clusterRoles?: [...string]
resources?: matchN(0, [null | bool | number | string | [...] | {
name!: _
names!: _
}]) & {
annotations?: {
[string]: string
}
kinds?: [...string]
name?: string
names?: [...string]
namespaceSelector?: {
matchExpressions?: [...{
key!: string
operator!: string
values?: [...string]
}]
matchLabels?: {
[string]: string
}
}
namespaces?: [...string]
operations?: [..."CREATE" | "CONNECT" | "UPDATE" | "DELETE"]
selector?: {
matchExpressions?: [...{
key!: string
operator!: string
values?: [...string]
}]
matchLabels?: {
[string]: string
}
}
}
roles?: [...string]
subjects?: [...{
apiGroup?: string
kind!: string
name!: string
namespace?: string
}]
}]All allows specifying resources which will be ANDed
[...{
clusterRoles?: [...string]
resources?: matchN(0, [null | bool | number | string | [...] | {
name!: _
names!: _
}]) & {
annotations?: {
[string]: string
}
kinds?: [...string]
name?: string
names?: [...string]
namespaceSelector?: {
matchExpressions?: [...{
key!: string
operator!: string
values?: [...string]
}]
matchLabels?: {
[string]: string
}
}
namespaces?: [...string]
operations?: [..."CREATE" | "CONNECT" | "UPDATE" | "DELETE"]
selector?: {
matchExpressions?: [...{
key!: string
operator!: string
values?: [...string]
}]
matchLabels?: {
[string]: string
}
}
}
roles?: [...string]
subjects?: [...{
apiGroup?: string
kind!: string
name!: string
namespace?: string
}]
}]Any allows specifying resources which will be ORed
MatchResources defines when cleanuppolicy should be applied. The match criteria can include resource information (e.g. kind, name, namespace, labels) and admission review request information like the user name or role. At least one kind is required.
[...{
clusterRoles?: [...string]
resources?: matchN(0, [null | bool | number | string | [...] | {
name!: _
names!: _
}]) & {
annotations?: {
[string]: string
}
kinds?: [...string]
name?: string
names?: [...string]
namespaceSelector?: {
matchExpressions?: [...{
key!: string
operator!: string
values?: [...string]
}]
matchLabels?: {
[string]: string
}
}
namespaces?: [...string]
operations?: [..."CREATE" | "CONNECT" | "UPDATE" | "DELETE"]
selector?: {
matchExpressions?: [...{
key!: string
operator!: string
values?: [...string]
}]
matchLabels?: {
[string]: string
}
}
}
roles?: [...string]
subjects?: [...{
apiGroup?: string
kind!: string
name!: string
namespace?: string
}]
}]All allows specifying resources which will be ANDed
[...{
clusterRoles?: [...string]
resources?: matchN(0, [null | bool | number | string | [...] | {
name!: _
names!: _
}]) & {
annotations?: {
[string]: string
}
kinds?: [...string]
name?: string
names?: [...string]
namespaceSelector?: {
matchExpressions?: [...{
key!: string
operator!: string
values?: [...string]
}]
matchLabels?: {
[string]: string
}
}
namespaces?: [...string]
operations?: [..."CREATE" | "CONNECT" | "UPDATE" | "DELETE"]
selector?: {
matchExpressions?: [...{
key!: string
operator!: string
values?: [...string]
}]
matchLabels?: {
[string]: string
}
}
}
roles?: [...string]
subjects?: [...{
apiGroup?: string
kind!: string
name!: string
namespace?: string
}]
}]Any allows specifying resources which will be ORed
Status contains policy runtime data.
[...{
lastTransitionTime!: time.Time
message!: strings.MaxRunes(32768)
observedGeneration?: int & >=0 & <=9223372036854775807
reason!: strings.MaxRunes(1024) & strings.MinRunes(1) & {
=~"^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$"
}
status!: "True" | "False" | "Unknown"
type!: strings.MaxRunes(316) & {
=~"^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$"
}
}]
ClusterCleanupPolicy defines rule for resource cleanup.