--- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.17.3 labels: app.kubernetes.io/component: crds app.kubernetes.io/instance: kyverno app.kubernetes.io/part-of: kyverno-crds app.kubernetes.io/version: 3.4.1 name: imagevalidatingpolicies.policies.kyverno.io spec: group: policies.kyverno.io names: categories: - kyverno kind: ImageValidatingPolicy listKind: ImageValidatingPolicyList plural: imagevalidatingpolicies shortNames: - ivpol singular: imagevalidatingpolicy scope: Cluster versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: AGE type: date - jsonPath: .status.conditionStatus.ready name: READY type: string name: v1alpha1 schema: openAPIV3Schema: properties: apiVersion: type: string kind: type: string metadata: type: object spec: properties: attestations: items: properties: intoto: properties: type: type: string required: - type type: object name: type: string referrer: properties: type: type: string required: - type type: object required: - name type: object type: array attestors: items: properties: cosign: properties: annotations: additionalProperties: type: string type: object certificate: properties: cert: oneOf: - required: - value - required: - expression properties: expression: type: string value: type: string type: object certChain: oneOf: - required: - value - required: - expression properties: expression: type: string value: type: string type: object type: object ctlog: properties: ctLogPubKey: type: string insecureIgnoreSCT: type: boolean insecureIgnoreTlog: type: boolean rekorPubKey: type: string tsaCertChain: type: string url: type: string type: object key: properties: data: type: string expression: type: string hashAlgorithm: type: string kms: type: string type: object keyless: properties: identities: items: properties: issuer: type: string issuerRegExp: type: string subject: type: string subjectRegExp: type: string type: object type: array roots: type: string required: - identities type: object source: properties: PullSecrets: items: properties: name: default: "" type: string type: object x-kubernetes-map-type: atomic type: array repository: type: string tagPrefix: type: string type: object tuf: properties: mirror: type: string root: properties: data: type: string path: type: string type: object type: object type: object name: type: string notary: properties: certs: oneOf: - required: - value - required: - expression properties: expression: type: string value: type: string type: object tsaCerts: oneOf: - required: - value - required: - expression properties: expression: type: string value: type: string type: object type: object required: - name type: object type: array auditAnnotations: items: properties: key: type: string valueExpression: type: string required: - key - valueExpression type: object type: array x-kubernetes-list-type: atomic autogen: properties: podControllers: properties: controllers: items: type: string type: array type: object type: object credentials: properties: allowInsecureRegistry: type: boolean providers: items: enum: - default - amazon - azure - google - github type: string type: array secrets: items: type: string type: array type: object evaluation: properties: admission: properties: enabled: default: true type: boolean type: object background: properties: enabled: default: true type: boolean type: object mode: type: string type: object failurePolicy: enum: - Ignore - Fail type: string images: items: properties: expression: type: string name: type: string required: - expression - name type: object type: array matchConditions: items: properties: expression: type: string name: type: string required: - expression - name type: object type: array matchConstraints: properties: excludeResourceRules: items: properties: apiGroups: items: type: string type: array x-kubernetes-list-type: atomic apiVersions: items: type: string type: array x-kubernetes-list-type: atomic operations: items: type: string type: array x-kubernetes-list-type: atomic resourceNames: items: type: string type: array x-kubernetes-list-type: atomic resources: items: type: string type: array x-kubernetes-list-type: atomic scope: type: string type: object x-kubernetes-map-type: atomic type: array x-kubernetes-list-type: atomic matchPolicy: type: string namespaceSelector: properties: matchExpressions: items: properties: key: type: string operator: type: string values: items: type: string type: array x-kubernetes-list-type: atomic required: - key - operator type: object type: array x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object x-kubernetes-map-type: atomic objectSelector: properties: matchExpressions: items: properties: key: type: string operator: type: string values: items: type: string type: array x-kubernetes-list-type: atomic required: - key - operator type: object type: array x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object x-kubernetes-map-type: atomic resourceRules: items: properties: apiGroups: items: type: string type: array x-kubernetes-list-type: atomic apiVersions: items: type: string type: array x-kubernetes-list-type: atomic operations: items: type: string type: array x-kubernetes-list-type: atomic resourceNames: items: type: string type: array x-kubernetes-list-type: atomic resources: items: type: string type: array x-kubernetes-list-type: atomic scope: type: string type: object x-kubernetes-map-type: atomic type: array x-kubernetes-list-type: atomic type: object x-kubernetes-map-type: atomic matchImageReferences: items: oneOf: - required: - glob - required: - expression properties: expression: type: string glob: type: string type: object type: array validationActions: items: enum: - Deny - Audit - Warn type: string type: array x-kubernetes-list-type: set validationConfigurations: default: {} properties: mutateDigest: default: true type: boolean required: default: true type: boolean verifyDigest: default: true type: boolean type: object validations: items: properties: expression: type: string message: type: string messageExpression: type: string reason: type: string required: - expression type: object type: array x-kubernetes-list-type: atomic variables: items: properties: expression: type: string name: type: string required: - expression - name type: object x-kubernetes-map-type: atomic type: array webhookConfiguration: properties: timeoutSeconds: format: int32 type: integer type: object required: - attestors - validations type: object status: properties: autogen: properties: configs: additionalProperties: properties: spec: properties: attestations: items: properties: intoto: properties: type: type: string required: - type type: object name: type: string referrer: properties: type: type: string required: - type type: object required: - name type: object type: array attestors: items: properties: cosign: properties: annotations: additionalProperties: type: string type: object certificate: properties: cert: oneOf: - required: - value - required: - expression properties: expression: type: string value: type: string type: object certChain: oneOf: - required: - value - required: - expression properties: expression: type: string value: type: string type: object type: object ctlog: properties: ctLogPubKey: type: string insecureIgnoreSCT: type: boolean insecureIgnoreTlog: type: boolean rekorPubKey: type: string tsaCertChain: type: string url: type: string type: object key: properties: data: type: string expression: type: string hashAlgorithm: type: string kms: type: string type: object keyless: properties: identities: items: properties: issuer: type: string issuerRegExp: type: string subject: type: string subjectRegExp: type: string type: object type: array roots: type: string required: - identities type: object source: properties: PullSecrets: items: properties: name: default: "" type: string type: object x-kubernetes-map-type: atomic type: array repository: type: string tagPrefix: type: string type: object tuf: properties: mirror: type: string root: properties: data: type: string path: type: string type: object type: object type: object name: type: string notary: properties: certs: oneOf: - required: - value - required: - expression properties: expression: type: string value: type: string type: object tsaCerts: oneOf: - required: - value - required: - expression properties: expression: type: string value: type: string type: object type: object required: - name type: object type: array auditAnnotations: items: properties: key: type: string valueExpression: type: string required: - key - valueExpression type: object type: array x-kubernetes-list-type: atomic autogen: properties: podControllers: properties: controllers: items: type: string type: array type: object type: object credentials: properties: allowInsecureRegistry: type: boolean providers: items: enum: - default - amazon - azure - google - github type: string type: array secrets: items: type: string type: array type: object evaluation: properties: admission: properties: enabled: default: true type: boolean type: object background: properties: enabled: default: true type: boolean type: object mode: type: string type: object failurePolicy: enum: - Ignore - Fail type: string images: items: properties: expression: type: string name: type: string required: - expression - name type: object type: array matchConditions: items: properties: expression: type: string name: type: string required: - expression - name type: object type: array matchConstraints: properties: excludeResourceRules: items: properties: apiGroups: items: type: string type: array x-kubernetes-list-type: atomic apiVersions: items: type: string type: array x-kubernetes-list-type: atomic operations: items: type: string type: array x-kubernetes-list-type: atomic resourceNames: items: type: string type: array x-kubernetes-list-type: atomic resources: items: type: string type: array x-kubernetes-list-type: atomic scope: type: string type: object x-kubernetes-map-type: atomic type: array x-kubernetes-list-type: atomic matchPolicy: type: string namespaceSelector: properties: matchExpressions: items: properties: key: type: string operator: type: string values: items: type: string type: array x-kubernetes-list-type: atomic required: - key - operator type: object type: array x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object x-kubernetes-map-type: atomic objectSelector: properties: matchExpressions: items: properties: key: type: string operator: type: string values: items: type: string type: array x-kubernetes-list-type: atomic required: - key - operator type: object type: array x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object x-kubernetes-map-type: atomic resourceRules: items: properties: apiGroups: items: type: string type: array x-kubernetes-list-type: atomic apiVersions: items: type: string type: array x-kubernetes-list-type: atomic operations: items: type: string type: array x-kubernetes-list-type: atomic resourceNames: items: type: string type: array x-kubernetes-list-type: atomic resources: items: type: string type: array x-kubernetes-list-type: atomic scope: type: string type: object x-kubernetes-map-type: atomic type: array x-kubernetes-list-type: atomic type: object x-kubernetes-map-type: atomic matchImageReferences: items: oneOf: - required: - glob - required: - expression properties: expression: type: string glob: type: string type: object type: array validationActions: items: enum: - Deny - Audit - Warn type: string type: array x-kubernetes-list-type: set validationConfigurations: default: {} properties: mutateDigest: default: true type: boolean required: default: true type: boolean verifyDigest: default: true type: boolean type: object validations: items: properties: expression: type: string message: type: string messageExpression: type: string reason: type: string required: - expression type: object type: array x-kubernetes-list-type: atomic variables: items: properties: expression: type: string name: type: string required: - expression - name type: object x-kubernetes-map-type: atomic type: array webhookConfiguration: properties: timeoutSeconds: format: int32 type: integer type: object required: - attestors - validations type: object required: - spec type: object type: object type: object conditionStatus: properties: conditions: items: properties: lastTransitionTime: format: date-time type: string message: maxLength: 32768 type: string observedGeneration: format: int64 minimum: 0 type: integer reason: maxLength: 1024 minLength: 1 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ type: string status: enum: - "True" - "False" - Unknown type: string type: maxLength: 316 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string required: - lastTransitionTime - message - reason - status - type type: object type: array message: type: string ready: type: boolean type: object type: object required: - spec type: object served: true storage: true subresources: status: {}