← Back to index Esc
Kind
GlobalContextEntry
Group
kyverno.io
Version
v2
apiVersion: kyverno.io/v2 kind: GlobalContextEntry metadata: name: example
View raw schema
apiVersion string
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
kind string
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
metadata object
spec object required
Spec declares policy exception behaviors.
apiCall object
Stores results from an API call which will be cached. Mutually exclusive with KubernetesResource. This can be used to make calls to external (non-Kubernetes API server) services. It can also be used to make calls to the Kubernetes API server in such cases: 1. A POST is needed to create a resource. 2. Finer-grained control is needed. Example: To restrict the number of resources cached.
data []object
The data object specifies the POST data sent to the server. Only applicable when the method field is set to POST.
key string required
Key is a unique identifier for the data value
value object required
Value is the data value
method string
Method is the HTTP request type (GET or POST). Defaults to GET.
enum: GET, POST
refreshInterval string
RefreshInterval defines the interval in duration at which to poll the APICall. The duration is a sequence of decimal numbers, each with optional fraction and a unit suffix, such as "300ms", "1.5h" or "2h45m". Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h".
format: duration
retryLimit integer
RetryLimit defines the number of times the APICall should be retried in case of failure.
minimum: 1
service object
Service is an API call to a JSON web service. This is used for non-Kubernetes API server calls. It's mutually exclusive with the URLPath field.
caBundle string
CABundle is a PEM encoded CA bundle which will be used to validate the server certificate.
headers []object
Headers is a list of optional HTTP headers to be included in the request.
key string required
Key is the header key
value string required
Value is the header value
url string required
URL is the JSON web service URL. A typical form is `https://{service}.{namespace}:{port}/{path}`.
urlPath string
URLPath is the URL path to be used in the HTTP GET or POST request to the Kubernetes API server (e.g. "/api/v1/namespaces" or "/apis/apps/v1/deployments"). The format required is the same format used by the `kubectl get --raw` command. See https://kyverno.io/docs/writing-policies/external-data-sources/#variables-from-kubernetes-api-server-calls for details. It's mutually exclusive with the Service field.
kubernetesResource object
Stores a list of Kubernetes resources which will be cached. Mutually exclusive with APICall.
group string
Group defines the group of the resource.
namespace string
Namespace defines the namespace of the resource. Leave empty for cluster scoped resources. If left empty for namespaced resources, all resources from all namespaces will be cached.
resource string required
Resource defines the type of the resource. Requires the pluralized form of the resource kind in lowercase. (Ex., "deployments")
version string required
Version defines the version of the resource.
projections []object
Projections defines the list of JMESPath expressions to extract values from the cached resource.
jmesPath string required
JMESPath is the JMESPath expression to extract the value from the cached resource.
name string required
Name is the name to use for the extracted value in the context.
status object
Status contains globalcontextentry runtime data.
conditions []object
lastTransitionTime string required
lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
format: date-time
message string required
message is a human readable message indicating details about the transition. This may be an empty string.
maxLength: 32768
observedGeneration integer
observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.
format: int64
minimum: 0
reason string required
reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
minLength: 1
maxLength: 1024
status string required
status of the condition, one of True, False, Unknown.
enum: True, False, Unknown
type string required
type of condition in CamelCase or in foo.example.com/CamelCase.
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
maxLength: 316
lastRefreshTime string
Indicates the time when the globalcontextentry was last refreshed successfully for the API Call
format: date-time
Copied!