Discover modules > cue.dev/x/kyverno > globalcontextentry > v2alpha1
v0.4.0
#GlobalContextEntry: ¶

GlobalContextEntry declares resources to be cached.

apiVersion: "kyverno.io/v2alpha1" ¶

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

kind: "GlobalContextEntry" ¶

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata!: ¶
name!: string ¶
namespace?: string ¶
labels?: [string]: string ¶
annotations?: [string]: string ¶
spec!:
click to see definition
matchN(1, [{
	kubernetesResource!: _
}, {
	apiCall!: _
}]) & {
	apiCall?: {
		data?: [...{
			key!: string
			value!: null | bool | number | string | [...] | {
				...
			}
		}]
		method?:          "GET" | "POST"
		refreshInterval?: string
		retryLimit?:      int & >=1
		service?: {
			caBundle?: string
			headers?: [...{
				key!:   string
				value!: string
			}]
			url!: string
		}
		urlPath?: string
	}
	kubernetesResource?: {
		group?:     string
		namespace?: string
		resource!:  string
		version!:   string
	}
}
¶

Spec declares policy exception behaviors.

apiCall?: ¶

Stores results from an API call which will be cached. Mutually exclusive with KubernetesResource. This can be used to make calls to external (non-Kubernetes API server) services. It can also be used to make calls to the Kubernetes API server in such cases: 1. A POST is needed to create a resource. 2. Finer-grained control is needed. Example: To restrict the number of resources cached.

data?:
click to see definition
[...{
	key!: string
	value!: null | bool | number | string | [...] | {
		...
	}
}]
¶

The data object specifies the POST data sent to the server. Only applicable when the method field is set to POST.

method?: "GET" | "POST" ¶

Method is the HTTP request type (GET or POST). Defaults to GET.

refreshInterval?: string ¶

RefreshInterval defines the interval in duration at which to poll the APICall. The duration is a sequence of decimal numbers, each with optional fraction and a unit suffix, such as "300ms", "1.5h" or "2h45m". Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h".

retryLimit?: int & >=1 ¶

RetryLimit defines the number of times the APICall should be retried in case of failure.

service?: ¶

Service is an API call to a JSON web service. This is used for non-Kubernetes API server calls. It's mutually exclusive with the URLPath field.

caBundle?: string ¶

CABundle is a PEM encoded CA bundle which will be used to validate the server certificate.

headers?: [...{ key!: string value!: string }] ¶

Headers is a list of optional HTTP headers to be included in the request.

url!: string ¶

URL is the JSON web service URL. A typical form is `https://{service}.{namespace}:{port}/{path}`.

urlPath?: string ¶

URLPath is the URL path to be used in the HTTP GET or POST request to the Kubernetes API server (e.g. "/api/v1/namespaces" or "/apis/apps/v1/deployments"). The format required is the same format used by the `kubectl get --raw` command. See https://kyverno.io/docs/writing-policies/external-data-sources/#variables-from-kubernetes-api-server-calls for details. It's mutually exclusive with the Service field.

kubernetesResource?: ¶

Stores a list of Kubernetes resources which will be cached. Mutually exclusive with APICall.

group?: string ¶

Group defines the group of the resource.

namespace?: string ¶

Namespace defines the namespace of the resource. Leave empty for cluster scoped resources. If left empty for namespaced resources, all resources from all namespaces will be cached.

resource!: string ¶

Resource defines the type of the resource. Requires the pluralized form of the resource kind in lowercase. (Ex., "deployments")

version!: string ¶

Version defines the version of the resource.

status?: ¶

Status contains globalcontextentry runtime data.

conditions?:
click to see definition
[...{
	lastTransitionTime!: time.Time
	message!:            strings.MaxRunes(32768)
	observedGeneration?: int & >=0 & <=9223372036854775807
	reason!: strings.MaxRunes(1024) & strings.MinRunes(1) & {
		=~"^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$"
	}
	status!: "True" | "False" | "Unknown"
	type!: strings.MaxRunes(316) & {
		=~"^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$"
	}
}]
¶
lastRefreshTime?: time.Time ¶

Indicates the time when the globalcontextentry was last refreshed successfully for the API Call

ready?: bool ¶

Deprecated in favor of Conditions

Source files

  • schema.cue