open-cluster-management.io/governance-policy-propagator@v0.13.0/deploy/crds/kustomize/policy.open-cluster-management.io_policies.yaml (about) 1 --- 2 apiVersion: apiextensions.k8s.io/v1 3 kind: CustomResourceDefinition 4 metadata: 5 annotations: 6 controller-gen.kubebuilder.io/version: v0.14.0 7 name: policies.policy.open-cluster-management.io 8 spec: 9 group: policy.open-cluster-management.io 10 names: 11 kind: Policy 12 listKind: PolicyList 13 plural: policies 14 shortNames: 15 - plc 16 singular: policy 17 scope: Namespaced 18 versions: 19 - additionalPrinterColumns: 20 - jsonPath: .spec.remediationAction 21 name: Remediation action 22 type: string 23 - jsonPath: .status.compliant 24 name: Compliance state 25 type: string 26 - jsonPath: .metadata.creationTimestamp 27 name: Age 28 type: date 29 name: v1 30 schema: 31 openAPIV3Schema: 32 description: Policy is the Schema for the policies API 33 properties: 34 apiVersion: 35 description: |- 36 APIVersion defines the versioned schema of this representation of an object. 37 Servers should convert recognized schemas to the latest internal value, and 38 may reject unrecognized values. 39 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources 40 type: string 41 kind: 42 description: |- 43 Kind is a string value representing the REST resource this object represents. 44 Servers may infer this from the endpoint the client submits requests to. 45 Cannot be updated. 46 In CamelCase. 47 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds 48 type: string 49 metadata: 50 type: object 51 spec: 52 description: PolicySpec defines the desired state of Policy 53 properties: 54 copyPolicyMetadata: 55 description: |- 56 If set to true (default), all the policy's labels and annotations will be copied to the replicated policy. 57 If set to false, only the policy framework specific policy labels and annotations will be copied to the 58 replicated policy. 59 type: boolean 60 dependencies: 61 description: PolicyDependencies that apply to each template in this 62 Policy 63 items: 64 description: |- 65 Each PolicyDependency defines an object reference which must be in a certain compliance 66 state before the policy should be created. 67 properties: 68 apiVersion: 69 description: |- 70 APIVersion defines the versioned schema of this representation of an object. 71 Servers should convert recognized schemas to the latest internal value, and 72 may reject unrecognized values. 73 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources 74 type: string 75 compliance: 76 description: The ComplianceState (at path .status.compliant) 77 required before the policy should be created 78 enum: 79 - Compliant 80 - Pending 81 - NonCompliant 82 type: string 83 kind: 84 description: |- 85 Kind is a string value representing the REST resource this object represents. 86 Servers may infer this from the endpoint the client submits requests to. 87 Cannot be updated. 88 In CamelCase. 89 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds 90 type: string 91 name: 92 description: The name of the object to be checked 93 type: string 94 namespace: 95 description: The namespace of the object to be checked (optional) 96 type: string 97 required: 98 - compliance 99 - name 100 type: object 101 type: array 102 disabled: 103 description: This provides the ability to enable and disable your 104 policies. 105 type: boolean 106 policy-templates: 107 description: Used to create one or more policies to apply to a managed 108 cluster 109 items: 110 description: PolicyTemplate template for custom security policy 111 properties: 112 extraDependencies: 113 description: Additional PolicyDependencies that only apply to 114 this template 115 items: 116 description: |- 117 Each PolicyDependency defines an object reference which must be in a certain compliance 118 state before the policy should be created. 119 properties: 120 apiVersion: 121 description: |- 122 APIVersion defines the versioned schema of this representation of an object. 123 Servers should convert recognized schemas to the latest internal value, and 124 may reject unrecognized values. 125 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources 126 type: string 127 compliance: 128 description: The ComplianceState (at path .status.compliant) 129 required before the policy should be created 130 enum: 131 - Compliant 132 - Pending 133 - NonCompliant 134 type: string 135 kind: 136 description: |- 137 Kind is a string value representing the REST resource this object represents. 138 Servers may infer this from the endpoint the client submits requests to. 139 Cannot be updated. 140 In CamelCase. 141 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds 142 type: string 143 name: 144 description: The name of the object to be checked 145 type: string 146 namespace: 147 description: The namespace of the object to be checked 148 (optional) 149 type: string 150 required: 151 - compliance 152 - name 153 type: object 154 type: array 155 ignorePending: 156 description: Ignore this template's Pending status when calculating 157 the overall Policy status 158 type: boolean 159 objectDefinition: 160 description: A Kubernetes object defining the policy to apply 161 to a managed cluster 162 type: object 163 x-kubernetes-preserve-unknown-fields: true 164 required: 165 - objectDefinition 166 type: object 167 type: array 168 remediationAction: 169 description: This value (Enforce or Inform) will override the remediationAction 170 on each template 171 enum: 172 - Inform 173 - inform 174 - Enforce 175 - enforce 176 type: string 177 required: 178 - disabled 179 - policy-templates 180 type: object 181 status: 182 description: PolicyStatus defines the observed state of Policy 183 properties: 184 compliant: 185 description: ComplianceState shows the state of enforcement 186 enum: 187 - Compliant 188 - Pending 189 - NonCompliant 190 type: string 191 details: 192 items: 193 description: DetailsPerTemplate defines compliance details and history 194 properties: 195 compliant: 196 description: ComplianceState shows the state of enforcement 197 type: string 198 history: 199 items: 200 description: ComplianceHistory defines compliance details 201 history 202 properties: 203 eventName: 204 type: string 205 lastTimestamp: 206 format: date-time 207 type: string 208 message: 209 type: string 210 type: object 211 type: array 212 templateMeta: 213 type: object 214 x-kubernetes-preserve-unknown-fields: true 215 type: object 216 type: array 217 placement: 218 items: 219 description: Placement defines the placement results 220 properties: 221 decisions: 222 items: 223 description: PlacementDecision defines the decision made by 224 controller 225 properties: 226 clusterName: 227 type: string 228 clusterNamespace: 229 type: string 230 type: object 231 type: array 232 placement: 233 type: string 234 placementBinding: 235 type: string 236 placementRule: 237 type: string 238 policySet: 239 type: string 240 type: object 241 type: array 242 status: 243 items: 244 description: CompliancePerClusterStatus defines compliance per cluster 245 status 246 properties: 247 clustername: 248 type: string 249 clusternamespace: 250 type: string 251 compliant: 252 description: ComplianceState shows the state of enforcement 253 type: string 254 type: object 255 type: array 256 type: object 257 required: 258 - metadata 259 - spec 260 type: object 261 served: true 262 storage: true 263 subresources: 264 status: {}