APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
matchN(1, [{
kubernetesResource!: _
}, {
apiCall!: _
}]) & {
apiCall?: {
data?: [...{
key!: string
value!: null | bool | number | string | [...] | {
...
}
}]
method?: "GET" | "POST"
refreshInterval?: string
retryLimit?: int & >=1
service?: {
caBundle?: string
headers?: [...{
key!: string
value!: string
}]
url!: string
}
urlPath?: string
}
kubernetesResource?: {
group?: string
namespace?: string
resource!: string
version!: string
}
}Spec declares policy exception behaviors.
Stores results from an API call which will be cached. Mutually exclusive with KubernetesResource. This can be used to make calls to external (non-Kubernetes API server) services. It can also be used to make calls to the Kubernetes API server in such cases: 1. A POST is needed to create a resource. 2. Finer-grained control is needed. Example: To restrict the number of resources cached.
RefreshInterval defines the interval in duration at which to poll the APICall. The duration is a sequence of decimal numbers, each with optional fraction and a unit suffix, such as "300ms", "1.5h" or "2h45m". Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h".
RetryLimit defines the number of times the APICall should be retried in case of failure.
Service is an API call to a JSON web service. This is used for non-Kubernetes API server calls. It's mutually exclusive with the URLPath field.
URLPath is the URL path to be used in the HTTP GET or POST request to the Kubernetes API server (e.g. "/api/v1/namespaces" or "/apis/apps/v1/deployments"). The format required is the same format used by the `kubectl get --raw` command. See https://kyverno.io/docs/writing-policies/external-data-sources/#variables-from-kubernetes-api-server-calls for details. It's mutually exclusive with the Service field.
Stores a list of Kubernetes resources which will be cached. Mutually exclusive with APICall.
Namespace defines the namespace of the resource. Leave empty for cluster scoped resources. If left empty for namespaced resources, all resources from all namespaces will be cached.
Status contains globalcontextentry runtime data.
[...{
lastTransitionTime!: time.Time
message!: strings.MaxRunes(32768)
observedGeneration?: int & >=0 & <=9223372036854775807
reason!: strings.MaxRunes(1024) & strings.MinRunes(1) & {
=~"^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$"
}
status!: "True" | "False" | "Unknown"
type!: strings.MaxRunes(316) & {
=~"^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$"
}
}]Indicates the time when the globalcontextentry was last refreshed successfully for the API Call
GlobalContextEntry declares resources to be cached.