package v2alpha1 import ( "time" "strings" ) // GlobalContextEntry declares resources to be cached. #GlobalContextEntry: { _embeddedResource // APIVersion defines the versioned schema of this representation // of an object. // Servers should convert recognized schemas to the latest // internal value, and // may reject unrecognized values. // More info: // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources "apiVersion"?: string // Kind is a string value representing the REST resource this // object represents. // Servers may infer this from the endpoint the client submits // requests to. // Cannot be updated. // In CamelCase. // More info: // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds "kind"?: string "metadata"?: {} // Spec declares policy exception behaviors. "spec"!: matchN(1, [{ "kubernetesResource"!: _ }, { "apiCall"!: _ }]) & { // Stores results from an API call which will be cached. // Mutually exclusive with KubernetesResource. // This can be used to make calls to external (non-Kubernetes API // server) services. // It can also be used to make calls to the Kubernetes API server // in such cases: // 1. A POST is needed to create a resource. // 2. Finer-grained control is needed. Example: To restrict the // number of resources cached. "apiCall"?: { // The data object specifies the POST data sent to the server. // Only applicable when the method field is set to POST. "data"?: [...{ // Key is a unique identifier for the data value "key"!: string // Value is the data value "value"!: null | bool | number | string | [...] | { ... } }] // Method is the HTTP request type (GET or POST). Defaults to GET. "method"?: "GET" | "POST" // RefreshInterval defines the interval in duration at which to // poll the APICall. // The duration is a sequence of decimal numbers, each with // optional fraction and a unit suffix, // such as "300ms", "1.5h" or "2h45m". Valid time units are "ns", // "us" (or "µs"), "ms", "s", "m", "h". "refreshInterval"?: string // RetryLimit defines the number of times the APICall should be // retried in case of failure. "retryLimit"?: int & >=1 // Service is an API call to a JSON web service. // This is used for non-Kubernetes API server calls. // It's mutually exclusive with the URLPath field. "service"?: { // CABundle is a PEM encoded CA bundle which will be used to // validate // the server certificate. "caBundle"?: string // Headers is a list of optional HTTP headers to be included in // the request. "headers"?: [...{ // Key is the header key "key"!: string // Value is the header value "value"!: string }] // URL is the JSON web service URL. A typical form is // `https://{service}.{namespace}:{port}/{path}`. "url"!: string } // URLPath is the URL path to be used in the HTTP GET or POST // request to the // Kubernetes API server (e.g. "/api/v1/namespaces" or // "/apis/apps/v1/deployments"). // The format required is the same format used by the `kubectl get // --raw` command. // See // https://kyverno.io/docs/writing-policies/external-data-sources/#variables-from-kubernetes-api-server-calls // for details. // It's mutually exclusive with the Service field. "urlPath"?: string } // Stores a list of Kubernetes resources which will be cached. // Mutually exclusive with APICall. "kubernetesResource"?: { // Group defines the group of the resource. "group"?: string // Namespace defines the namespace of the resource. Leave empty // for cluster scoped resources. // If left empty for namespaced resources, all resources from all // namespaces will be cached. "namespace"?: string // Resource defines the type of the resource. // Requires the pluralized form of the resource kind in lowercase. // (Ex., "deployments") "resource"!: string // Version defines the version of the resource. "version"!: string } } // Status contains globalcontextentry runtime data. "status"?: { "conditions"?: [...{ // lastTransitionTime is the last time the condition transitioned // from one status to another. // This should be when the underlying condition changed. If that // is not known, then using the time when the API field changed // is acceptable. "lastTransitionTime"!: time.Time // message is a human readable message indicating details about // the transition. // This may be an empty string. "message"!: strings.MaxRunes( 32768) // observedGeneration represents the .metadata.generation that the // condition was set based upon. // For instance, if .metadata.generation is currently 12, but the // .status.conditions[x].observedGeneration is 9, the condition // is out of date // with respect to the current state of the instance. "observedGeneration"?: int64 & int & >=0 // reason contains a programmatic identifier indicating the reason // for the condition's last transition. // Producers of specific condition types may define expected // values and meanings for this field, // and whether the values are considered a guaranteed API. // The value should be a CamelCase string. // This field may not be empty. "reason"!: strings.MaxRunes( 1024) & strings.MinRunes( 1) & =~"^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$" // status of the condition, one of True, False, Unknown. "status"!: "True" | "False" | "Unknown" // type of condition in CamelCase or in foo.example.com/CamelCase. "type"!: strings.MaxRunes( 316) & =~"^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$" }] // Indicates the time when the globalcontextentry was last // refreshed successfully for the API Call "lastRefreshTime"?: time.Time // Deprecated in favor of Conditions "ready"?: bool } _embeddedResource: { "apiVersion"!: string "kind"!: string "metadata"?: { ... } } apiVersion: "kyverno.io/v2alpha1" kind: "GlobalContextEntry" metadata!: { "name"!: string "namespace"?: string "labels"?: { [string]: string } "annotations"?: { [string]: string } ... } }