Discover modules > cue.dev/x/kyverno > clustercleanuppolicy > v2beta1
v0.4.0
#ClusterCleanupPolicy: ¶

ClusterCleanupPolicy defines rule for resource cleanup.

apiVersion: "kyverno.io/v2beta1" ¶

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

kind: "ClusterCleanupPolicy" ¶

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata!: ¶
name!: string ¶
namespace?: string ¶
labels?: [string]: string ¶
annotations?: [string]: string ¶
spec!: ¶

Spec declares policy behaviors.

conditions?: ¶

Conditions defines the conditions used to select the resources which will be cleaned up.

all?:
click to see definition
[...{
	key?: null | bool | number | string | [...] | {
		...
	}
	message?:  string
	operator?: "Equals" | "NotEquals" | "AnyIn" | "AllIn" | "AnyNotIn" | "AllNotIn" | "GreaterThanOrEquals" | "GreaterThan" | "LessThanOrEquals" | "LessThan" | "DurationGreaterThanOrEquals" | "DurationGreaterThan" | "DurationLessThanOrEquals" | "DurationLessThan"
	value?: null | bool | number | string | [...] | {
		...
	}
}]
¶

AllConditions enable variable-based conditional rule execution. This is useful for finer control of when an rule is applied. A condition can reference object data using JMESPath notation. Here, all of the conditions need to pass.

any?:
click to see definition
[...{
	key?: null | bool | number | string | [...] | {
		...
	}
	message?:  string
	operator?: "Equals" | "NotEquals" | "AnyIn" | "AllIn" | "AnyNotIn" | "AllNotIn" | "GreaterThanOrEquals" | "GreaterThan" | "LessThanOrEquals" | "LessThan" | "DurationGreaterThanOrEquals" | "DurationGreaterThan" | "DurationLessThanOrEquals" | "DurationLessThan"
	value?: null | bool | number | string | [...] | {
		...
	}
}]
¶

AnyConditions enable variable-based conditional rule execution. This is useful for finer control of when an rule is applied. A condition can reference object data using JMESPath notation. Here, at least one of the conditions need to pass.

context?:
click to see definition
[...matchN(1, [{
	configMap!: _
}, {
	apiCall!: _
}, {
	imageRegistry!: _
}, {
	variable!: _
}, {
	globalReference!: _
}]) & {
	apiCall?: {
		data?: [...{
			key!: string
			value!: null | bool | number | string | [...] | {
				...
			}
		}]
		default?: null | bool | number | string | [...] | {
			...
		}
		jmesPath?: string
		method?:   "GET" | "POST"
		service?: {
			caBundle?: string
			headers?: [...{
				key!:   string
				value!: string
			}]
			url!: string
		}
		urlPath?: string
	}
	configMap?: {
		name!:      string
		namespace?: string
	}
	globalReference?: {
		jmesPath?: string
		name!:     string
	}
	imageRegistry?: {
		imageRegistryCredentials?: {
			allowInsecureRegistry?: bool
			providers?: [..."default" | "amazon" | "azure" | "google" | "github"]
			secrets?: [...string]
		}
		jmesPath?:  string
		reference!: string
	}
	name!: string
	variable?: {
		default?: null | bool | number | string | [...] | {
			...
		}
		jmesPath?: string
		value?: null | bool | number | string | [...] | {
			...
		}
	}
}]
¶

Context defines variables and data sources that can be used during rule execution.

exclude?: ¶

ExcludeResources defines when cleanuppolicy should not be applied. The exclude criteria can include resource information (e.g. kind, name, namespace, labels) and admission review request information like the name or role.

all?:
click to see definition
[...{
	clusterRoles?: [...string]
	resources?: matchN(0, [null | bool | number | string | [...] | {
		name!:  _
		names!: _
	}]) & {
		annotations?: {
			[string]: string
		}
		kinds?: [...string]
		name?: string
		names?: [...string]
		namespaceSelector?: {
			matchExpressions?: [...{
				key!:      string
				operator!: string
				values?: [...string]
			}]
			matchLabels?: {
				[string]: string
			}
		}
		namespaces?: [...string]
		operations?: [..."CREATE" | "CONNECT" | "UPDATE" | "DELETE"]
		selector?: {
			matchExpressions?: [...{
				key!:      string
				operator!: string
				values?: [...string]
			}]
			matchLabels?: {
				[string]: string
			}
		}
	}
	roles?: [...string]
	subjects?: [...{
		apiGroup?:  string
		kind!:      string
		name!:      string
		namespace?: string
	}]
}]
¶

All allows specifying resources which will be ANDed

any?:
click to see definition
[...{
	clusterRoles?: [...string]
	resources?: matchN(0, [null | bool | number | string | [...] | {
		name!:  _
		names!: _
	}]) & {
		annotations?: {
			[string]: string
		}
		kinds?: [...string]
		name?: string
		names?: [...string]
		namespaceSelector?: {
			matchExpressions?: [...{
				key!:      string
				operator!: string
				values?: [...string]
			}]
			matchLabels?: {
				[string]: string
			}
		}
		namespaces?: [...string]
		operations?: [..."CREATE" | "CONNECT" | "UPDATE" | "DELETE"]
		selector?: {
			matchExpressions?: [...{
				key!:      string
				operator!: string
				values?: [...string]
			}]
			matchLabels?: {
				[string]: string
			}
		}
	}
	roles?: [...string]
	subjects?: [...{
		apiGroup?:  string
		kind!:      string
		name!:      string
		namespace?: string
	}]
}]
¶

Any allows specifying resources which will be ORed

match!: ¶

MatchResources defines when cleanuppolicy should be applied. The match criteria can include resource information (e.g. kind, name, namespace, labels) and admission review request information like the user name or role. At least one kind is required.

all?:
click to see definition
[...{
	clusterRoles?: [...string]
	resources?: matchN(0, [null | bool | number | string | [...] | {
		name!:  _
		names!: _
	}]) & {
		annotations?: {
			[string]: string
		}
		kinds?: [...string]
		name?: string
		names?: [...string]
		namespaceSelector?: {
			matchExpressions?: [...{
				key!:      string
				operator!: string
				values?: [...string]
			}]
			matchLabels?: {
				[string]: string
			}
		}
		namespaces?: [...string]
		operations?: [..."CREATE" | "CONNECT" | "UPDATE" | "DELETE"]
		selector?: {
			matchExpressions?: [...{
				key!:      string
				operator!: string
				values?: [...string]
			}]
			matchLabels?: {
				[string]: string
			}
		}
	}
	roles?: [...string]
	subjects?: [...{
		apiGroup?:  string
		kind!:      string
		name!:      string
		namespace?: string
	}]
}]
¶

All allows specifying resources which will be ANDed

any?:
click to see definition
[...{
	clusterRoles?: [...string]
	resources?: matchN(0, [null | bool | number | string | [...] | {
		name!:  _
		names!: _
	}]) & {
		annotations?: {
			[string]: string
		}
		kinds?: [...string]
		name?: string
		names?: [...string]
		namespaceSelector?: {
			matchExpressions?: [...{
				key!:      string
				operator!: string
				values?: [...string]
			}]
			matchLabels?: {
				[string]: string
			}
		}
		namespaces?: [...string]
		operations?: [..."CREATE" | "CONNECT" | "UPDATE" | "DELETE"]
		selector?: {
			matchExpressions?: [...{
				key!:      string
				operator!: string
				values?: [...string]
			}]
			matchLabels?: {
				[string]: string
			}
		}
	}
	roles?: [...string]
	subjects?: [...{
		apiGroup?:  string
		kind!:      string
		name!:      string
		namespace?: string
	}]
}]
¶

Any allows specifying resources which will be ORed

schedule!: string ¶

The schedule in Cron format

status?: ¶

Status contains policy runtime data.

conditions?:
click to see definition
[...{
	lastTransitionTime!: time.Time
	message!:            strings.MaxRunes(32768)
	observedGeneration?: int & >=0 & <=9223372036854775807
	reason!: strings.MaxRunes(1024) & strings.MinRunes(1) & {
		=~"^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$"
	}
	status!: "True" | "False" | "Unknown"
	type!: strings.MaxRunes(316) & {
		=~"^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$"
	}
}]
¶
lastExecutionTime?: time.Time ¶

Source files

  • schema.cue