open-cluster-management.io/governance-policy-propagator@v0.13.0/deploy/crds/policy.open-cluster-management.io_policies.yaml (about) 1 --- 2 apiVersion: apiextensions.k8s.io/v1 3 kind: CustomResourceDefinition 4 metadata: 5 annotations: 6 controller-gen.kubebuilder.io/version: v0.14.0 7 name: policies.policy.open-cluster-management.io 8 spec: 9 group: policy.open-cluster-management.io 10 names: 11 kind: Policy 12 listKind: PolicyList 13 plural: policies 14 shortNames: 15 - plc 16 singular: policy 17 scope: Namespaced 18 versions: 19 - additionalPrinterColumns: 20 - jsonPath: .spec.remediationAction 21 name: Remediation action 22 type: string 23 - jsonPath: .status.compliant 24 name: Compliance state 25 type: string 26 - jsonPath: .metadata.creationTimestamp 27 name: Age 28 type: date 29 name: v1 30 schema: 31 openAPIV3Schema: 32 description: Policy is the Schema for the policies API 33 properties: 34 apiVersion: 35 description: |- 36 APIVersion defines the versioned schema of this representation of an object. 37 Servers should convert recognized schemas to the latest internal value, and 38 may reject unrecognized values. 39 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources 40 type: string 41 kind: 42 description: |- 43 Kind is a string value representing the REST resource this object represents. 44 Servers may infer this from the endpoint the client submits requests to. 45 Cannot be updated. 46 In CamelCase. 47 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds 48 type: string 49 metadata: 50 type: object 51 spec: 52 description: PolicySpec defines the desired state of Policy 53 properties: 54 copyPolicyMetadata: 55 description: |- 56 If set to true (default), all the policy's labels and annotations will be copied to the replicated policy. 57 If set to false, only the policy framework specific policy labels and annotations will be copied to the 58 replicated policy. 59 type: boolean 60 dependencies: 61 description: PolicyDependencies that apply to each template in this 62 Policy 63 items: 64 description: |- 65 Each PolicyDependency defines an object reference which must be in a certain compliance 66 state before the policy should be created. 67 oneOf: 68 - properties: 69 kind: 70 enum: 71 - CertificatePolicy 72 - ConfigurationPolicy 73 - IamPolicy 74 namespace: 75 maxLength: 0 76 - not: 77 properties: 78 kind: 79 pattern: ^(?:(?:Certificate|Configuration|Iam)Policy)$ 80 properties: 81 apiVersion: 82 description: |- 83 APIVersion defines the versioned schema of this representation of an object. 84 Servers should convert recognized schemas to the latest internal value, and 85 may reject unrecognized values. 86 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources 87 type: string 88 compliance: 89 description: The ComplianceState (at path .status.compliant) 90 required before the policy should be created 91 enum: 92 - Compliant 93 - Pending 94 - NonCompliant 95 type: string 96 kind: 97 description: |- 98 Kind is a string value representing the REST resource this object represents. 99 Servers may infer this from the endpoint the client submits requests to. 100 Cannot be updated. 101 In CamelCase. 102 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds 103 type: string 104 name: 105 description: The name of the object to be checked 106 type: string 107 namespace: 108 description: The namespace of the object to be checked (optional) 109 type: string 110 required: 111 - compliance 112 - name 113 type: object 114 type: array 115 disabled: 116 description: This provides the ability to enable and disable your 117 policies. 118 type: boolean 119 policy-templates: 120 description: Used to create one or more policies to apply to a managed 121 cluster 122 items: 123 description: PolicyTemplate template for custom security policy 124 properties: 125 extraDependencies: 126 description: Additional PolicyDependencies that only apply to 127 this template 128 items: 129 description: |- 130 Each PolicyDependency defines an object reference which must be in a certain compliance 131 state before the policy should be created. 132 oneOf: 133 - properties: 134 kind: 135 enum: 136 - CertificatePolicy 137 - ConfigurationPolicy 138 - IamPolicy 139 namespace: 140 maxLength: 0 141 - not: 142 properties: 143 kind: 144 pattern: ^(?:(?:Certificate|Configuration|Iam)Policy)$ 145 properties: 146 apiVersion: 147 description: |- 148 APIVersion defines the versioned schema of this representation of an object. 149 Servers should convert recognized schemas to the latest internal value, and 150 may reject unrecognized values. 151 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources 152 type: string 153 compliance: 154 description: The ComplianceState (at path .status.compliant) 155 required before the policy should be created 156 enum: 157 - Compliant 158 - Pending 159 - NonCompliant 160 type: string 161 kind: 162 description: |- 163 Kind is a string value representing the REST resource this object represents. 164 Servers may infer this from the endpoint the client submits requests to. 165 Cannot be updated. 166 In CamelCase. 167 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds 168 type: string 169 name: 170 description: The name of the object to be checked 171 type: string 172 namespace: 173 description: The namespace of the object to be checked 174 (optional) 175 type: string 176 required: 177 - compliance 178 - name 179 type: object 180 type: array 181 ignorePending: 182 description: Ignore this template's Pending status when calculating 183 the overall Policy status 184 type: boolean 185 objectDefinition: 186 description: A Kubernetes object defining the policy to apply 187 to a managed cluster 188 type: object 189 x-kubernetes-preserve-unknown-fields: true 190 required: 191 - objectDefinition 192 type: object 193 type: array 194 remediationAction: 195 description: This value (Enforce or Inform) will override the remediationAction 196 on each template 197 enum: 198 - Inform 199 - inform 200 - Enforce 201 - enforce 202 type: string 203 required: 204 - disabled 205 - policy-templates 206 type: object 207 status: 208 description: PolicyStatus defines the observed state of Policy 209 properties: 210 compliant: 211 description: ComplianceState shows the state of enforcement 212 enum: 213 - Compliant 214 - Pending 215 - NonCompliant 216 type: string 217 details: 218 items: 219 description: DetailsPerTemplate defines compliance details and history 220 properties: 221 compliant: 222 description: ComplianceState shows the state of enforcement 223 type: string 224 history: 225 items: 226 description: ComplianceHistory defines compliance details 227 history 228 properties: 229 eventName: 230 type: string 231 lastTimestamp: 232 format: date-time 233 type: string 234 message: 235 type: string 236 type: object 237 type: array 238 templateMeta: 239 type: object 240 x-kubernetes-preserve-unknown-fields: true 241 type: object 242 type: array 243 placement: 244 items: 245 description: Placement defines the placement results 246 properties: 247 decisions: 248 items: 249 description: PlacementDecision defines the decision made by 250 controller 251 properties: 252 clusterName: 253 type: string 254 clusterNamespace: 255 type: string 256 type: object 257 type: array 258 placement: 259 type: string 260 placementBinding: 261 type: string 262 placementRule: 263 type: string 264 policySet: 265 type: string 266 type: object 267 type: array 268 status: 269 items: 270 description: CompliancePerClusterStatus defines compliance per cluster 271 status 272 properties: 273 clustername: 274 type: string 275 clusternamespace: 276 type: string 277 compliant: 278 description: ComplianceState shows the state of enforcement 279 type: string 280 type: object 281 type: array 282 type: object 283 required: 284 - metadata 285 - spec 286 type: object 287 served: true 288 storage: true 289 subresources: 290 status: {}