1package v2alpha1
2
3import (
4 "time"
5 "strings"
6)
7
8// GlobalContextEntry declares resources to be cached.
9#GlobalContextEntry: {
10 _embeddedResource
11
12 // APIVersion defines the versioned schema of this representation
13 // of an object.
14 // Servers should convert recognized schemas to the latest
15 // internal value, and
16 // may reject unrecognized values.
17 // More info:
18 // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
19 "apiVersion"?: string
20
21 // Kind is a string value representing the REST resource this
22 // object represents.
23 // Servers may infer this from the endpoint the client submits
24 // requests to.
25 // Cannot be updated.
26 // In CamelCase.
27 // More info:
28 // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
29 "kind"?: string
30 "metadata"?: {}
31
32 // Spec declares policy exception behaviors.
33 "spec"!: matchN(1, [{
34 "kubernetesResource"!: _
35 }, {
36 "apiCall"!: _
37 }]) & {
38 // Stores results from an API call which will be cached.
39 // Mutually exclusive with KubernetesResource.
40 // This can be used to make calls to external (non-Kubernetes API
41 // server) services.
42 // It can also be used to make calls to the Kubernetes API server
43 // in such cases:
44 // 1. A POST is needed to create a resource.
45 // 2. Finer-grained control is needed. Example: To restrict the
46 // number of resources cached.
47 "apiCall"?: {
48 // The data object specifies the POST data sent to the server.
49 // Only applicable when the method field is set to POST.
50 "data"?: [...{
51 // Key is a unique identifier for the data value
52 "key"!: string
53
54 // Value is the data value
55 "value"!: null | bool | number | string | [...] | {
56 ...
57 }
58 }]
59
60 // Method is the HTTP request type (GET or POST). Defaults to GET.
61 "method"?: "GET" | "POST"
62
63 // RefreshInterval defines the interval in duration at which to
64 // poll the APICall.
65 // The duration is a sequence of decimal numbers, each with
66 // optional fraction and a unit suffix,
67 // such as "300ms", "1.5h" or "2h45m". Valid time units are "ns",
68 // "us" (or "µs"), "ms", "s", "m", "h".
69 "refreshInterval"?: string
70
71 // RetryLimit defines the number of times the APICall should be
72 // retried in case of failure.
73 "retryLimit"?: int & >=1
74
75 // Service is an API call to a JSON web service.
76 // This is used for non-Kubernetes API server calls.
77 // It's mutually exclusive with the URLPath field.
78 "service"?: {
79 // CABundle is a PEM encoded CA bundle which will be used to
80 // validate
81 // the server certificate.
82 "caBundle"?: string
83
84 // Headers is a list of optional HTTP headers to be included in
85 // the request.
86 "headers"?: [...{
87 // Key is the header key
88 "key"!: string
89
90 // Value is the header value
91 "value"!: string
92 }]
93
94 // URL is the JSON web service URL. A typical form is
95 // `https://{service}.{namespace}:{port}/{path}`.
96 "url"!: string
97 }
98
99 // URLPath is the URL path to be used in the HTTP GET or POST
100 // request to the
101 // Kubernetes API server (e.g. "/api/v1/namespaces" or
102 // "/apis/apps/v1/deployments").
103 // The format required is the same format used by the `kubectl get
104 // --raw` command.
105 // See
106 // https://kyverno.io/docs/writing-policies/external-data-sources/#variables-from-kubernetes-api-server-calls
107 // for details.
108 // It's mutually exclusive with the Service field.
109 "urlPath"?: string
110 }
111
112 // Stores a list of Kubernetes resources which will be cached.
113 // Mutually exclusive with APICall.
114 "kubernetesResource"?: {
115 // Group defines the group of the resource.
116 "group"?: string
117
118 // Namespace defines the namespace of the resource. Leave empty
119 // for cluster scoped resources.
120 // If left empty for namespaced resources, all resources from all
121 // namespaces will be cached.
122 "namespace"?: string
123
124 // Resource defines the type of the resource.
125 // Requires the pluralized form of the resource kind in lowercase.
126 // (Ex., "deployments")
127 "resource"!: string
128
129 // Version defines the version of the resource.
130 "version"!: string
131 }
132 }
133
134 // Status contains globalcontextentry runtime data.
135 "status"?: {
136 "conditions"?: [...{
137 // lastTransitionTime is the last time the condition transitioned
138 // from one status to another.
139 // This should be when the underlying condition changed. If that
140 // is not known, then using the time when the API field changed
141 // is acceptable.
142 "lastTransitionTime"!: time.Time
143
144 // message is a human readable message indicating details about
145 // the transition.
146 // This may be an empty string.
147 "message"!: strings.MaxRunes(
148 32768)
149
150 // observedGeneration represents the .metadata.generation that the
151 // condition was set based upon.
152 // For instance, if .metadata.generation is currently 12, but the
153 // .status.conditions[x].observedGeneration is 9, the condition
154 // is out of date
155 // with respect to the current state of the instance.
156 "observedGeneration"?: int64 & int & >=0
157
158 // reason contains a programmatic identifier indicating the reason
159 // for the condition's last transition.
160 // Producers of specific condition types may define expected
161 // values and meanings for this field,
162 // and whether the values are considered a guaranteed API.
163 // The value should be a CamelCase string.
164 // This field may not be empty.
165 "reason"!: strings.MaxRunes(
166 1024) & strings.MinRunes(
167 1) & =~"^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$"
168
169 // status of the condition, one of True, False, Unknown.
170 "status"!: "True" | "False" | "Unknown"
171
172 // type of condition in CamelCase or in foo.example.com/CamelCase.
173 "type"!: strings.MaxRunes(
174 316) & =~"^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$"
175 }]
176
177 // Indicates the time when the globalcontextentry was last
178 // refreshed successfully for the API Call
179 "lastRefreshTime"?: time.Time
180
181 // Deprecated in favor of Conditions
182 "ready"?: bool
183 }
184
185 _embeddedResource: {
186 "apiVersion"!: string
187 "kind"!: string
188 "metadata"?: {
189 ...
190 }
191 }
192 apiVersion: "kyverno.io/v2alpha1"
193 kind: "GlobalContextEntry"
194 metadata!: {
195 "name"!: string
196 "namespace"?: string
197 "labels"?: {
198 [string]: string
199 }
200 "annotations"?: {
201 [string]: string
202 }
203 ...
204 }
205}