k8c.io/api/v3@v3.0.0-20230904060738-b0a93889c0b6/crd/enterprise/seed/kubermatic.k8c.io_constraints.yaml (about) 1 # This file has been generated by hack/update-codegen.sh, DO NOT EDIT. 2 3 apiVersion: apiextensions.k8s.io/v1 4 kind: CustomResourceDefinition 5 metadata: 6 annotations: 7 controller-gen.kubebuilder.io/version: v0.12.0 8 name: constraints.kubermatic.k8c.io 9 spec: 10 group: kubermatic.k8c.io 11 names: 12 categories: 13 - kkpee 14 kind: Constraint 15 listKind: ConstraintList 16 plural: constraints 17 singular: constraint 18 scope: Namespaced 19 versions: 20 - additionalPrinterColumns: 21 - jsonPath: .spec.cluster.name 22 name: Cluster 23 type: string 24 - jsonPath: .metadata.creationTimestamp 25 name: Age 26 type: date 27 name: v1 28 schema: 29 openAPIV3Schema: 30 description: "Constraint specifies a kubermatic wrapper for the gatekeeper constraints. \n Note that this resource is part of a KKP Enterprise feature and is not used in the Community Edition." 31 properties: 32 apiVersion: 33 description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' 34 type: string 35 kind: 36 description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 37 type: string 38 metadata: 39 type: object 40 spec: 41 description: ConstraintSpec specifies the data for the constraint. 42 properties: 43 cluster: 44 description: Cluster is the reference to the cluster that this Constraint belongs to. 45 properties: 46 name: 47 description: Name of the Cluster object. 48 type: string 49 required: 50 - name 51 type: object 52 constraintType: 53 description: ConstraintType specifies the type of gatekeeper constraint that the constraint applies to 54 type: string 55 disabled: 56 description: Disabled is the flag for disabling OPA constraints 57 type: boolean 58 enforcementAction: 59 description: EnforcementAction defines the action to take in response to a constraint being violated. By default, EnforcementAction is set to deny as the default behavior is to deny admission requests with any violation. 60 type: string 61 match: 62 description: Match contains the constraint to resource matching data 63 properties: 64 excludedNamespaces: 65 description: ExcludedNamespaces is a list of namespace names. If defined, a constraint will only apply to resources not in a listed namespace. 66 items: 67 type: string 68 type: array 69 kinds: 70 description: Kinds accepts a list of objects with apiGroups and kinds fields that list the groups/kinds of objects to which the constraint will apply. If multiple groups/kinds objects are specified, only one match is needed for the resource to be in scope 71 items: 72 description: ConstraintMatchKind specifies the resource Kind(s) and APIGroup(s). 73 properties: 74 apiGroups: 75 description: APIGroups specifies the APIGroups of the resources 76 items: 77 type: string 78 type: array 79 kinds: 80 description: Kinds specifies the kinds of the resources 81 items: 82 type: string 83 type: array 84 type: object 85 type: array 86 labelSelector: 87 description: LabelSelector is a standard Kubernetes label selector. 88 properties: 89 matchExpressions: 90 description: matchExpressions is a list of label selector requirements. The requirements are ANDed. 91 items: 92 description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. 93 properties: 94 key: 95 description: key is the label key that the selector applies to. 96 type: string 97 operator: 98 description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. 99 type: string 100 values: 101 description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. 102 items: 103 type: string 104 type: array 105 required: 106 - key 107 - operator 108 type: object 109 type: array 110 matchLabels: 111 additionalProperties: 112 type: string 113 description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. 114 type: object 115 type: object 116 x-kubernetes-map-type: atomic 117 namespaceSelector: 118 description: NamespaceSelector is a standard Kubernetes namespace selector. If defined, make sure to add Namespaces to your configs.config.gatekeeper.sh object to ensure namespaces are synced into OPA 119 properties: 120 matchExpressions: 121 description: matchExpressions is a list of label selector requirements. The requirements are ANDed. 122 items: 123 description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. 124 properties: 125 key: 126 description: key is the label key that the selector applies to. 127 type: string 128 operator: 129 description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. 130 type: string 131 values: 132 description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. 133 items: 134 type: string 135 type: array 136 required: 137 - key 138 - operator 139 type: object 140 type: array 141 matchLabels: 142 additionalProperties: 143 type: string 144 description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. 145 type: object 146 type: object 147 x-kubernetes-map-type: atomic 148 namespaces: 149 description: Namespaces is a list of namespace names. If defined, a constraint will only apply to resources in a listed namespace. 150 items: 151 type: string 152 type: array 153 scope: 154 description: Scope accepts *, Cluster, or Namespaced which determines if cluster-scoped and/or namesapced-scoped resources are selected. (defaults to *) 155 type: string 156 type: object 157 parameters: 158 description: "Parameters specifies the parameters used by the constraint template REGO. It supports both the legacy rawJSON parameters, in which all the parameters are set in a JSON string, and regular parameters like in Gatekeeper Constraints. If rawJSON is set, during constraint syncing to the user cluster, the other parameters are ignored Example with rawJSON parameters: \n parameters: rawJSON: '{\"labels\":[\"gatekeeper\"]}' \n And with regular parameters: \n parameters: labels: [\"gatekeeper\"]" 159 x-kubernetes-preserve-unknown-fields: true 160 selector: 161 description: Selector specifies the cluster selection filters 162 properties: 163 labelSelector: 164 description: LabelSelector selects the Clusters to which the Constraint applies based on their labels 165 properties: 166 matchExpressions: 167 description: matchExpressions is a list of label selector requirements. The requirements are ANDed. 168 items: 169 description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. 170 properties: 171 key: 172 description: key is the label key that the selector applies to. 173 type: string 174 operator: 175 description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. 176 type: string 177 values: 178 description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. 179 items: 180 type: string 181 type: array 182 required: 183 - key 184 - operator 185 type: object 186 type: array 187 matchLabels: 188 additionalProperties: 189 type: string 190 description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. 191 type: object 192 type: object 193 x-kubernetes-map-type: atomic 194 providers: 195 description: Providers is a list of cloud providers to which the Constraint applies to. Empty means all providers are selected. 196 items: 197 description: CloudProvider defines the cloud provider where the a cluster's nodes are running. Note that these constants may match the machine-controller's constant, but don't have to. Use the functions in the helper package to translate between the two. 198 enum: 199 - alibaba 200 - anexia 201 - aws 202 - azure 203 - bringyourown 204 - digitalocean 205 - gcp 206 - hetzner 207 - kubevirt 208 - nutanix 209 - openstack 210 - packet 211 - vmwareclouddirector 212 - vsphere 213 type: string 214 type: array 215 type: object 216 required: 217 - cluster 218 - constraintType 219 type: object 220 type: object 221 served: true 222 storage: true 223 subresources: {}