k8c.io/api/v3@v3.0.0-20230904060738-b0a93889c0b6/crd/enterprise/kcp/ee.kubermatic.k8c.io_constraints.yaml (about) 1 # This file has been generated by hack/update-codegen.sh, DO NOT EDIT. 2 3 apiVersion: apiextensions.k8s.io/v1 4 kind: CustomResourceDefinition 5 metadata: 6 annotations: 7 controller-gen.kubebuilder.io/version: v0.12.0 8 name: constraints.ee.kubermatic.k8c.io 9 spec: 10 group: ee.kubermatic.k8c.io 11 names: 12 kind: Constraint 13 listKind: ConstraintList 14 plural: constraints 15 singular: constraint 16 scope: Cluster 17 versions: 18 - additionalPrinterColumns: 19 - jsonPath: .metadata.creationTimestamp 20 name: Age 21 type: date 22 name: v1 23 schema: 24 openAPIV3Schema: 25 description: Constraint specifies a kubermatic wrapper for the gatekeeper constraints. 26 properties: 27 apiVersion: 28 description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' 29 type: string 30 cluster: 31 description: Cluster is the reference to the cluster that this Constraint belongs to. 32 properties: 33 name: 34 description: Name of the Cluster object. 35 type: string 36 required: 37 - name 38 type: object 39 constraintType: 40 description: ConstraintType specifies the type of gatekeeper constraint that the constraint applies to 41 type: string 42 disabled: 43 description: Disabled is the flag for disabling OPA constraints 44 type: boolean 45 enforcementAction: 46 description: EnforcementAction defines the action to take in response to a constraint being violated. By default, EnforcementAction is set to deny as the default behavior is to deny admission requests with any violation. 47 type: string 48 kind: 49 description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 50 type: string 51 match: 52 description: Match contains the constraint to resource matching data 53 properties: 54 excludedNamespaces: 55 description: ExcludedNamespaces is a list of namespace names. If defined, a constraint will only apply to resources not in a listed namespace. 56 items: 57 type: string 58 type: array 59 kinds: 60 description: Kinds accepts a list of objects with apiGroups and kinds fields that list the groups/kinds of objects to which the constraint will apply. If multiple groups/kinds objects are specified, only one match is needed for the resource to be in scope 61 items: 62 description: ConstraintMatchKind specifies the resource Kind(s) and APIGroup(s). 63 properties: 64 apiGroups: 65 description: APIGroups specifies the APIGroups of the resources 66 items: 67 type: string 68 type: array 69 kinds: 70 description: Kinds specifies the kinds of the resources 71 items: 72 type: string 73 type: array 74 type: object 75 type: array 76 labelSelector: 77 description: LabelSelector is a standard Kubernetes label selector. 78 properties: 79 matchExpressions: 80 description: matchExpressions is a list of label selector requirements. The requirements are ANDed. 81 items: 82 description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. 83 properties: 84 key: 85 description: key is the label key that the selector applies to. 86 type: string 87 operator: 88 description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. 89 type: string 90 values: 91 description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. 92 items: 93 type: string 94 type: array 95 required: 96 - key 97 - operator 98 type: object 99 type: array 100 matchLabels: 101 additionalProperties: 102 type: string 103 description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. 104 type: object 105 type: object 106 x-kubernetes-map-type: atomic 107 namespaceSelector: 108 description: NamespaceSelector is a standard Kubernetes namespace selector. If defined, make sure to add Namespaces to your configs.config.gatekeeper.sh object to ensure namespaces are synced into OPA 109 properties: 110 matchExpressions: 111 description: matchExpressions is a list of label selector requirements. The requirements are ANDed. 112 items: 113 description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. 114 properties: 115 key: 116 description: key is the label key that the selector applies to. 117 type: string 118 operator: 119 description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. 120 type: string 121 values: 122 description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. 123 items: 124 type: string 125 type: array 126 required: 127 - key 128 - operator 129 type: object 130 type: array 131 matchLabels: 132 additionalProperties: 133 type: string 134 description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. 135 type: object 136 type: object 137 x-kubernetes-map-type: atomic 138 namespaces: 139 description: Namespaces is a list of namespace names. If defined, a constraint will only apply to resources in a listed namespace. 140 items: 141 type: string 142 type: array 143 scope: 144 description: Scope accepts *, Cluster, or Namespaced which determines if cluster-scoped and/or namesapced-scoped resources are selected. (defaults to *) 145 type: string 146 type: object 147 metadata: 148 type: object 149 parameters: 150 description: "Parameters specifies the parameters used by the constraint template REGO. It supports both the legacy rawJSON parameters, in which all the parameters are set in a JSON string, and regular parameters like in Gatekeeper Constraints. If rawJSON is set, during constraint syncing to the user cluster, the other parameters are ignored Example with rawJSON parameters: \n parameters: rawJSON: '{\"labels\":[\"gatekeeper\"]}' \n And with regular parameters: \n parameters: labels: [\"gatekeeper\"]" 151 x-kubernetes-preserve-unknown-fields: true 152 selector: 153 description: Selector specifies the cluster selection filters 154 properties: 155 labelSelector: 156 description: LabelSelector selects the Clusters to which the Constraint applies based on their labels 157 properties: 158 matchExpressions: 159 description: matchExpressions is a list of label selector requirements. The requirements are ANDed. 160 items: 161 description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. 162 properties: 163 key: 164 description: key is the label key that the selector applies to. 165 type: string 166 operator: 167 description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. 168 type: string 169 values: 170 description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. 171 items: 172 type: string 173 type: array 174 required: 175 - key 176 - operator 177 type: object 178 type: array 179 matchLabels: 180 additionalProperties: 181 type: string 182 description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. 183 type: object 184 type: object 185 x-kubernetes-map-type: atomic 186 providers: 187 description: Providers is a list of cloud providers to which the Constraint applies to. Empty means all providers are selected. 188 items: 189 description: CloudProvider defines the cloud provider where the a cluster's nodes are running. Note that these constants may match the machine-controller's constant, but don't have to. Use the functions in the helper package to translate between the two. 190 enum: 191 - alibaba 192 - anexia 193 - aws 194 - azure 195 - bringyourown 196 - digitalocean 197 - gcp 198 - hetzner 199 - kubevirt 200 - nutanix 201 - openstack 202 - packet 203 - vmwareclouddirector 204 - vsphere 205 type: string 206 type: array 207 type: object 208 required: 209 - cluster 210 - constraintType 211 type: object 212 served: true 213 storage: true 214 subresources: {}