mirror of https://git.rancher.io/charts
377 lines
22 KiB
YAML
377 lines
22 KiB
YAML
apiVersion: apiextensions.k8s.io/v1
|
|
kind: CustomResourceDefinition
|
|
metadata:
|
|
annotations:
|
|
controller-gen.kubebuilder.io/version: v0.5.0
|
|
labels:
|
|
gatekeeper.sh/system: "yes"
|
|
name: assignmetadata.mutations.gatekeeper.sh
|
|
spec:
|
|
group: mutations.gatekeeper.sh
|
|
names:
|
|
kind: AssignMetadata
|
|
listKind: AssignMetadataList
|
|
plural: assignmetadata
|
|
singular: assignmetadata
|
|
preserveUnknownFields: false
|
|
scope: Cluster
|
|
versions:
|
|
- name: v1alpha1
|
|
schema:
|
|
openAPIV3Schema:
|
|
description: AssignMetadata is the Schema for the assignmetadata API.
|
|
properties:
|
|
apiVersion:
|
|
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
|
type: string
|
|
kind:
|
|
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
|
type: string
|
|
metadata:
|
|
properties:
|
|
name:
|
|
maxLength: 63
|
|
type: string
|
|
type: object
|
|
spec:
|
|
description: AssignMetadataSpec defines the desired state of AssignMetadata.
|
|
properties:
|
|
location:
|
|
type: string
|
|
match:
|
|
description: Match selects objects to apply mutations to.
|
|
properties:
|
|
excludedNamespaces:
|
|
items:
|
|
description: 'A string that supports globbing at its end. Ex: "kube-*" will match "kube-system" or "kube-public". The asterisk is required for wildcard matching.'
|
|
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\*|-\*)?$
|
|
type: string
|
|
type: array
|
|
kinds:
|
|
items:
|
|
description: Kinds accepts a list of objects with apiGroups and kinds fields that list the groups/kinds of objects to which the mutation will apply. If multiple groups/kinds objects are specified, only one match is needed for the resource to be in scope.
|
|
properties:
|
|
apiGroups:
|
|
description: APIGroups is the API groups the resources belong to. '*' is all groups. If '*' is present, the length of the slice must be one. Required.
|
|
items:
|
|
type: string
|
|
type: array
|
|
kinds:
|
|
items:
|
|
type: string
|
|
type: array
|
|
type: object
|
|
type: array
|
|
labelSelector:
|
|
description: A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects.
|
|
properties:
|
|
matchExpressions:
|
|
description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
|
|
items:
|
|
description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
|
|
properties:
|
|
key:
|
|
description: key is the label key that the selector applies to.
|
|
type: string
|
|
operator:
|
|
description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
|
|
type: string
|
|
values:
|
|
description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
|
|
items:
|
|
type: string
|
|
type: array
|
|
required:
|
|
- key
|
|
- operator
|
|
type: object
|
|
type: array
|
|
matchLabels:
|
|
additionalProperties:
|
|
type: string
|
|
description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
|
|
type: object
|
|
type: object
|
|
name:
|
|
description: 'Name is the name of an object. If defined, it will match against objects with the specified name. Name also supports a prefix-based glob. For example, `name: pod-*` would match both `pod-a` and `pod-b`.'
|
|
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\*|-\*)?$
|
|
type: string
|
|
namespaceSelector:
|
|
description: A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects.
|
|
properties:
|
|
matchExpressions:
|
|
description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
|
|
items:
|
|
description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
|
|
properties:
|
|
key:
|
|
description: key is the label key that the selector applies to.
|
|
type: string
|
|
operator:
|
|
description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
|
|
type: string
|
|
values:
|
|
description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
|
|
items:
|
|
type: string
|
|
type: array
|
|
required:
|
|
- key
|
|
- operator
|
|
type: object
|
|
type: array
|
|
matchLabels:
|
|
additionalProperties:
|
|
type: string
|
|
description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
|
|
type: object
|
|
type: object
|
|
namespaces:
|
|
items:
|
|
description: 'A string that supports globbing at its end. Ex: "kube-*" will match "kube-system" or "kube-public". The asterisk is required for wildcard matching.'
|
|
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\*|-\*)?$
|
|
type: string
|
|
type: array
|
|
scope:
|
|
description: ResourceScope is an enum defining the different scopes available to a custom resource
|
|
type: string
|
|
type: object
|
|
parameters:
|
|
properties:
|
|
assign:
|
|
description: Assign.value holds the value to be assigned
|
|
properties:
|
|
fromMetadata:
|
|
description: FromMetadata assigns a value from the specified metadata field.
|
|
properties:
|
|
field:
|
|
description: Field specifies which metadata field provides the assigned value. Valid fields are `namespace` and `name`.
|
|
type: string
|
|
type: object
|
|
value:
|
|
description: Value is a constant value that will be assigned to `location`
|
|
x-kubernetes-preserve-unknown-fields: true
|
|
type: object
|
|
type: object
|
|
type: object
|
|
status:
|
|
description: AssignMetadataStatus defines the observed state of AssignMetadata.
|
|
properties:
|
|
byPod:
|
|
description: 'INSERT ADDITIONAL STATUS FIELD - define observed state of cluster Important: Run "make" to regenerate code after modifying this file'
|
|
items:
|
|
description: MutatorPodStatusStatus defines the observed state of MutatorPodStatus.
|
|
properties:
|
|
enforced:
|
|
type: boolean
|
|
errors:
|
|
items:
|
|
description: MutatorError represents a single error caught while adding a mutator to a system.
|
|
properties:
|
|
message:
|
|
type: string
|
|
type:
|
|
description: Type indicates a specific class of error for use by controller code. If not present, the error should be treated as not matching any known type.
|
|
type: string
|
|
required:
|
|
- message
|
|
type: object
|
|
type: array
|
|
id:
|
|
type: string
|
|
mutatorUID:
|
|
description: Storing the mutator UID allows us to detect drift, such as when a mutator has been recreated after its CRD was deleted out from under it, interrupting the watch
|
|
type: string
|
|
observedGeneration:
|
|
format: int64
|
|
type: integer
|
|
operations:
|
|
items:
|
|
type: string
|
|
type: array
|
|
type: object
|
|
type: array
|
|
type: object
|
|
type: object
|
|
served: true
|
|
storage: false
|
|
subresources:
|
|
status: {}
|
|
- name: v1beta1
|
|
schema:
|
|
openAPIV3Schema:
|
|
description: AssignMetadata is the Schema for the assignmetadata API.
|
|
properties:
|
|
apiVersion:
|
|
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
|
type: string
|
|
kind:
|
|
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
|
type: string
|
|
metadata:
|
|
type: object
|
|
spec:
|
|
description: AssignMetadataSpec defines the desired state of AssignMetadata.
|
|
properties:
|
|
location:
|
|
type: string
|
|
match:
|
|
description: Match selects objects to apply mutations to.
|
|
properties:
|
|
excludedNamespaces:
|
|
items:
|
|
description: 'A string that supports globbing at its end. Ex: "kube-*" will match "kube-system" or "kube-public". The asterisk is required for wildcard matching.'
|
|
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\*|-\*)?$
|
|
type: string
|
|
type: array
|
|
kinds:
|
|
items:
|
|
description: Kinds accepts a list of objects with apiGroups and kinds fields that list the groups/kinds of objects to which the mutation will apply. If multiple groups/kinds objects are specified, only one match is needed for the resource to be in scope.
|
|
properties:
|
|
apiGroups:
|
|
description: APIGroups is the API groups the resources belong to. '*' is all groups. If '*' is present, the length of the slice must be one. Required.
|
|
items:
|
|
type: string
|
|
type: array
|
|
kinds:
|
|
items:
|
|
type: string
|
|
type: array
|
|
type: object
|
|
type: array
|
|
labelSelector:
|
|
description: A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects.
|
|
properties:
|
|
matchExpressions:
|
|
description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
|
|
items:
|
|
description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
|
|
properties:
|
|
key:
|
|
description: key is the label key that the selector applies to.
|
|
type: string
|
|
operator:
|
|
description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
|
|
type: string
|
|
values:
|
|
description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
|
|
items:
|
|
type: string
|
|
type: array
|
|
required:
|
|
- key
|
|
- operator
|
|
type: object
|
|
type: array
|
|
matchLabels:
|
|
additionalProperties:
|
|
type: string
|
|
description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
|
|
type: object
|
|
type: object
|
|
name:
|
|
description: 'Name is the name of an object. If defined, it will match against objects with the specified name. Name also supports a prefix-based glob. For example, `name: pod-*` would match both `pod-a` and `pod-b`.'
|
|
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\*|-\*)?$
|
|
type: string
|
|
namespaceSelector:
|
|
description: A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects.
|
|
properties:
|
|
matchExpressions:
|
|
description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
|
|
items:
|
|
description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
|
|
properties:
|
|
key:
|
|
description: key is the label key that the selector applies to.
|
|
type: string
|
|
operator:
|
|
description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
|
|
type: string
|
|
values:
|
|
description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
|
|
items:
|
|
type: string
|
|
type: array
|
|
required:
|
|
- key
|
|
- operator
|
|
type: object
|
|
type: array
|
|
matchLabels:
|
|
additionalProperties:
|
|
type: string
|
|
description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
|
|
type: object
|
|
type: object
|
|
namespaces:
|
|
items:
|
|
description: 'A string that supports globbing at its end. Ex: "kube-*" will match "kube-system" or "kube-public". The asterisk is required for wildcard matching.'
|
|
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\*|-\*)?$
|
|
type: string
|
|
type: array
|
|
scope:
|
|
description: ResourceScope is an enum defining the different scopes available to a custom resource
|
|
type: string
|
|
type: object
|
|
parameters:
|
|
properties:
|
|
assign:
|
|
description: Assign.value holds the value to be assigned
|
|
properties:
|
|
fromMetadata:
|
|
description: FromMetadata assigns a value from the specified metadata field.
|
|
properties:
|
|
field:
|
|
description: Field specifies which metadata field provides the assigned value. Valid fields are `namespace` and `name`.
|
|
type: string
|
|
type: object
|
|
value:
|
|
description: Value is a constant value that will be assigned to `location`
|
|
x-kubernetes-preserve-unknown-fields: true
|
|
type: object
|
|
type: object
|
|
type: object
|
|
status:
|
|
description: AssignMetadataStatus defines the observed state of AssignMetadata.
|
|
properties:
|
|
byPod:
|
|
description: 'INSERT ADDITIONAL STATUS FIELD - define observed state of cluster Important: Run "make" to regenerate code after modifying this file'
|
|
items:
|
|
description: MutatorPodStatusStatus defines the observed state of MutatorPodStatus.
|
|
properties:
|
|
enforced:
|
|
type: boolean
|
|
errors:
|
|
items:
|
|
description: MutatorError represents a single error caught while adding a mutator to a system.
|
|
properties:
|
|
message:
|
|
type: string
|
|
type:
|
|
description: Type indicates a specific class of error for use by controller code. If not present, the error should be treated as not matching any known type.
|
|
type: string
|
|
required:
|
|
- message
|
|
type: object
|
|
type: array
|
|
id:
|
|
type: string
|
|
mutatorUID:
|
|
description: Storing the mutator UID allows us to detect drift, such as when a mutator has been recreated after its CRD was deleted out from under it, interrupting the watch
|
|
type: string
|
|
observedGeneration:
|
|
format: int64
|
|
type: integer
|
|
operations:
|
|
items:
|
|
type: string
|
|
type: array
|
|
type: object
|
|
type: array
|
|
type: object
|
|
type: object
|
|
served: true
|
|
storage: true
|
|
subresources:
|
|
status: {}
|