forge/clusterforge
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
2de30c9613
clusterforge/kyverno/CustomResourceDefinition_imagevalidatingpolicies.policies.kyverno.io.yaml
ClusterForge 033556c928 Cast commit
2025-10-06 09:34:03 +00:00

1022 lines
44 KiB
YAML
Raw Blame History

---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.17.3
labels:
app.kubernetes.io/component: crds
app.kubernetes.io/instance: kyverno
app.kubernetes.io/part-of: kyverno-crds
app.kubernetes.io/version: 3.4.1
name: imagevalidatingpolicies.policies.kyverno.io
spec:
group: policies.kyverno.io
names:
categories:
- kyverno
kind: ImageValidatingPolicy
listKind: ImageValidatingPolicyList
plural: imagevalidatingpolicies
shortNames:
- ivpol
singular: imagevalidatingpolicy
scope: Cluster
versions:
- additionalPrinterColumns:
- jsonPath: .metadata.creationTimestamp
name: AGE
type: date
- jsonPath: .status.conditionStatus.ready
name: READY
type: string
name: v1alpha1
schema:
openAPIV3Schema:
properties:
apiVersion:
type: string
kind:
type: string
metadata:
type: object
spec:
properties:
attestations:
items:
properties:
intoto:
properties:
type:
type: string
required:
- type
type: object
name:
type: string
referrer:
properties:
type:
type: string
required:
- type
type: object
required:
- name
type: object
type: array
attestors:
items:
properties:
cosign:
properties:
annotations:
additionalProperties:
type: string
type: object
certificate:
properties:
cert:
oneOf:
- required:
- value
- required:
- expression
properties:
expression:
type: string
value:
type: string
type: object
certChain:
oneOf:
- required:
- value
- required:
- expression
properties:
expression:
type: string
value:
type: string
type: object
type: object
ctlog:
properties:
ctLogPubKey:
type: string
insecureIgnoreSCT:
type: boolean
insecureIgnoreTlog:
type: boolean
rekorPubKey:
type: string
tsaCertChain:
type: string
url:
type: string
type: object
key:
properties:
data:
type: string
expression:
type: string
hashAlgorithm:
type: string
kms:
type: string
type: object
keyless:
properties:
identities:
items:
properties:
issuer:
type: string
issuerRegExp:
type: string
subject:
type: string
subjectRegExp:
type: string
type: object
type: array
roots:
type: string
required:
- identities
type: object
source:
properties:
PullSecrets:
items:
properties:
name:
default: ""
type: string
type: object
x-kubernetes-map-type: atomic
type: array
repository:
type: string
tagPrefix:
type: string
type: object
tuf:
properties:
mirror:
type: string
root:
properties:
data:
type: string
path:
type: string
type: object
type: object
type: object
name:
type: string
notary:
properties:
certs:
oneOf:
- required:
- value
- required:
- expression
properties:
expression:
type: string
value:
type: string
type: object
tsaCerts:
oneOf:
- required:
- value
- required:
- expression
properties:
expression:
type: string
value:
type: string
type: object
type: object
required:
- name
type: object
type: array
auditAnnotations:
items:
properties:
key:
type: string
valueExpression:
type: string
required:
- key
- valueExpression
type: object
type: array
x-kubernetes-list-type: atomic
autogen:
properties:
podControllers:
properties:
controllers:
items:
type: string
type: array
type: object
type: object
credentials:
properties:
allowInsecureRegistry:
type: boolean
providers:
items:
enum:
- default
- amazon
- azure
- google
- github
type: string
type: array
secrets:
items:
type: string
type: array
type: object
evaluation:
properties:
admission:
properties:
enabled:
default: true
type: boolean
type: object
background:
properties:
enabled:
default: true
type: boolean
type: object
mode:
type: string
type: object
failurePolicy:
enum:
- Ignore
- Fail
type: string
images:
items:
properties:
expression:
type: string
name:
type: string
required:
- expression
- name
type: object
type: array
matchConditions:
items:
properties:
expression:
type: string
name:
type: string
required:
- expression
- name
type: object
type: array
matchConstraints:
properties:
excludeResourceRules:
items:
properties:
apiGroups:
items:
type: string
type: array
x-kubernetes-list-type: atomic
apiVersions:
items:
type: string
type: array
x-kubernetes-list-type: atomic
operations:
items:
type: string
type: array
x-kubernetes-list-type: atomic
resourceNames:
items:
type: string
type: array
x-kubernetes-list-type: atomic
resources:
items:
type: string
type: array
x-kubernetes-list-type: atomic
scope:
type: string
type: object
x-kubernetes-map-type: atomic
type: array
x-kubernetes-list-type: atomic
matchPolicy:
type: string
namespaceSelector:
properties:
matchExpressions:
items:
properties:
key:
type: string
operator:
type: string
values:
items:
type: string
type: array
x-kubernetes-list-type: atomic
required:
- key
- operator
type: object
type: array
x-kubernetes-list-type: atomic
matchLabels:
additionalProperties:
type: string
type: object
type: object
x-kubernetes-map-type: atomic
objectSelector:
properties:
matchExpressions:
items:
properties:
key:
type: string
operator:
type: string
values:
items:
type: string
type: array
x-kubernetes-list-type: atomic
required:
- key
- operator
type: object
type: array
x-kubernetes-list-type: atomic
matchLabels:
additionalProperties:
type: string
type: object
type: object
x-kubernetes-map-type: atomic
resourceRules:
items:
properties:
apiGroups:
items:
type: string
type: array
x-kubernetes-list-type: atomic
apiVersions:
items:
type: string
type: array
x-kubernetes-list-type: atomic
operations:
items:
type: string
type: array
x-kubernetes-list-type: atomic
resourceNames:
items:
type: string
type: array
x-kubernetes-list-type: atomic
resources:
items:
type: string
type: array
x-kubernetes-list-type: atomic
scope:
type: string
type: object
x-kubernetes-map-type: atomic
type: array
x-kubernetes-list-type: atomic
type: object
x-kubernetes-map-type: atomic
matchImageReferences:
items:
oneOf:
- required:
- glob
- required:
- expression
properties:
expression:
type: string
glob:
type: string
type: object
type: array
validationActions:
items:
enum:
- Deny
- Audit
- Warn
type: string
type: array
x-kubernetes-list-type: set
validationConfigurations:
default: {}
properties:
mutateDigest:
default: true
type: boolean
required:
default: true
type: boolean
verifyDigest:
default: true
type: boolean
type: object
validations:
items:
properties:
expression:
type: string
message:
type: string
messageExpression:
type: string
reason:
type: string
required:
- expression
type: object
type: array
x-kubernetes-list-type: atomic
variables:
items:
properties:
expression:
type: string
name:
type: string
required:
- expression
- name
type: object
x-kubernetes-map-type: atomic
type: array
webhookConfiguration:
properties:
timeoutSeconds:
format: int32
type: integer
type: object
required:
- attestors
- validations
type: object
status:
properties:
autogen:
properties:
configs:
additionalProperties:
properties:
spec:
properties:
attestations:
items:
properties:
intoto:
properties:
type:
type: string
required:
- type
type: object
name:
type: string
referrer:
properties:
type:
type: string
required:
- type
type: object
required:
- name
type: object
type: array
attestors:
items:
properties:
cosign:
properties:
annotations:
additionalProperties:
type: string
type: object
certificate:
properties:
cert:
oneOf:
- required:
- value
- required:
- expression
properties:
expression:
type: string
value:
type: string
type: object
certChain:
oneOf:
- required:
- value
- required:
- expression
properties:
expression:
type: string
value:
type: string
type: object
type: object
ctlog:
properties:
ctLogPubKey:
type: string
insecureIgnoreSCT:
type: boolean
insecureIgnoreTlog:
type: boolean
rekorPubKey:
type: string
tsaCertChain:
type: string
url:
type: string
type: object
key:
properties:
data:
type: string
expression:
type: string
hashAlgorithm:
type: string
kms:
type: string
type: object
keyless:
properties:
identities:
items:
properties:
issuer:
type: string
issuerRegExp:
type: string
subject:
type: string
subjectRegExp:
type: string
type: object
type: array
roots:
type: string
required:
- identities
type: object
source:
properties:
PullSecrets:
items:
properties:
name:
default: ""
type: string
type: object
x-kubernetes-map-type: atomic
type: array
repository:
type: string
tagPrefix:
type: string
type: object
tuf:
properties:
mirror:
type: string
root:
properties:
data:
type: string
path:
type: string
type: object
type: object
type: object
name:
type: string
notary:
properties:
certs:
oneOf:
- required:
- value
- required:
- expression
properties:
expression:
type: string
value:
type: string
type: object
tsaCerts:
oneOf:
- required:
- value
- required:
- expression
properties:
expression:
type: string
value:
type: string
type: object
type: object
required:
- name
type: object
type: array
auditAnnotations:
items:
properties:
key:
type: string
valueExpression:
type: string
required:
- key
- valueExpression
type: object
type: array
x-kubernetes-list-type: atomic
autogen:
properties:
podControllers:
properties:
controllers:
items:
type: string
type: array
type: object
type: object
credentials:
properties:
allowInsecureRegistry:
type: boolean
providers:
items:
enum:
- default
- amazon
- azure
- google
- github
type: string
type: array
secrets:
items:
type: string
type: array
type: object
evaluation:
properties:
admission:
properties:
enabled:
default: true
type: boolean
type: object
background:
properties:
enabled:
default: true
type: boolean
type: object
mode:
type: string
type: object
failurePolicy:
enum:
- Ignore
- Fail
type: string
images:
items:
properties:
expression:
type: string
name:
type: string
required:
- expression
- name
type: object
type: array
matchConditions:
items:
properties:
expression:
type: string
name:
type: string
required:
- expression
- name
type: object
type: array
matchConstraints:
properties:
excludeResourceRules:
items:
properties:
apiGroups:
items:
type: string
type: array
x-kubernetes-list-type: atomic
apiVersions:
items:
type: string
type: array
x-kubernetes-list-type: atomic
operations:
items:
type: string
type: array
x-kubernetes-list-type: atomic
resourceNames:
items:
type: string
type: array
x-kubernetes-list-type: atomic
resources:
items:
type: string
type: array
x-kubernetes-list-type: atomic
scope:
type: string
type: object
x-kubernetes-map-type: atomic
type: array
x-kubernetes-list-type: atomic
matchPolicy:
type: string
namespaceSelector:
properties:
matchExpressions:
items:
properties:
key:
type: string
operator:
type: string
values:
items:
type: string
type: array
x-kubernetes-list-type: atomic
required:
- key
- operator
type: object
type: array
x-kubernetes-list-type: atomic
matchLabels:
additionalProperties:
type: string
type: object
type: object
x-kubernetes-map-type: atomic
objectSelector:
properties:
matchExpressions:
items:
properties:
key:
type: string
operator:
type: string
values:
items:
type: string
type: array
x-kubernetes-list-type: atomic
required:
- key
- operator
type: object
type: array
x-kubernetes-list-type: atomic
matchLabels:
additionalProperties:
type: string
type: object
type: object
x-kubernetes-map-type: atomic
resourceRules:
items:
properties:
apiGroups:
items:
type: string
type: array
x-kubernetes-list-type: atomic
apiVersions:
items:
type: string
type: array
x-kubernetes-list-type: atomic
operations:
items:
type: string
type: array
x-kubernetes-list-type: atomic
resourceNames:
items:
type: string
type: array
x-kubernetes-list-type: atomic
resources:
items:
type: string
type: array
x-kubernetes-list-type: atomic
scope:
type: string
type: object
x-kubernetes-map-type: atomic
type: array
x-kubernetes-list-type: atomic
type: object
x-kubernetes-map-type: atomic
matchImageReferences:
items:
oneOf:
- required:
- glob
- required:
- expression
properties:
expression:
type: string
glob:
type: string
type: object
type: array
validationActions:
items:
enum:
- Deny
- Audit
- Warn
type: string
type: array
x-kubernetes-list-type: set
validationConfigurations:
default: {}
properties:
mutateDigest:
default: true
type: boolean
required:
default: true
type: boolean
verifyDigest:
default: true
type: boolean
type: object
validations:
items:
properties:
expression:
type: string
message:
type: string
messageExpression:
type: string
reason:
type: string
required:
- expression
type: object
type: array
x-kubernetes-list-type: atomic
variables:
items:
properties:
expression:
type: string
name:
type: string
required:
- expression
- name
type: object
x-kubernetes-map-type: atomic
type: array
webhookConfiguration:
properties:
timeoutSeconds:
format: int32
type: integer
type: object
required:
- attestors
- validations
type: object
required:
- spec
type: object
type: object
type: object
conditionStatus:
properties:
conditions:
items:
properties:
lastTransitionTime:
format: date-time
type: string
message:
maxLength: 32768
type: string
observedGeneration:
format: int64
minimum: 0
type: integer
reason:
maxLength: 1024
minLength: 1
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
type: string
status:
enum:
- "True"
- "False"
- Unknown
type: string
type:
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string
required:
- lastTransitionTime
- message
- reason
- status
- type
type: object
type: array
message:
type: string
ready:
type: boolean
type: object
type: object
required:
- spec
type: object
served: true
storage: true
subresources:
status: {}
Reference in New Issue View Git Blame Copy Permalink