UpdateRequest
kyverno.io / v2
apiVersion: kyverno.io/v2
kind: UpdateRequest
metadata:
name: example
apiVersion
string
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
kind
string
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
metadata
object
spec object
ResourceSpec is the information to identify the trigger resource.
context object required
Context represents admission request context.
It is used upon admission review only and is shared across rules within the same UR.
admissionRequestInfo object
AdmissionRequestInfoObject stores the admission request and operation details
admissionRequest object
AdmissionRequest describes the admission.Attributes for the admission request.
dryRun
boolean
dryRun indicates that modifications will definitely not be persisted for this request.
Defaults to false.
kind object required
kind is the fully-qualified type of object being submitted (for example, v1.Pod or autoscaling.v1.Scale)
group
string required
kind
string required
version
string required
name
string
name is the name of the object as presented in the request. On a CREATE operation, the client may omit name and
rely on the server to generate the name. If that is the case, this field will contain an empty string.
namespace
string
namespace is the namespace associated with the request (if any).
object
object
object is the object from the incoming request.
oldObject
object
oldObject is the existing object. Only populated for DELETE and UPDATE requests.
operation
string required
operation is the operation being performed. This may be different than the operation
requested. e.g. a patch can result in either a CREATE or UPDATE Operation.
options
object
options is the operation option structure of the operation being performed.
e.g. `meta.k8s.io/v1.DeleteOptions` or `meta.k8s.io/v1.CreateOptions`. This may be
different than the options the caller provided. e.g. for a patch request the performed
Operation might be a CREATE, in which case the Options will a
`meta.k8s.io/v1.CreateOptions` even though the caller provided `meta.k8s.io/v1.PatchOptions`.
requestKind object
requestKind is the fully-qualified type of the original API request (for example, v1.Pod or autoscaling.v1.Scale).
If this is specified and differs from the value in "kind", an equivalent match and conversion was performed.
For example, if deployments can be modified via apps/v1 and apps/v1beta1, and a webhook registered a rule of
`apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]` and `matchPolicy: Equivalent`,
an API request to apps/v1beta1 deployments would be converted and sent to the webhook
with `kind: {group:"apps", version:"v1", kind:"Deployment"}` (matching the rule the webhook registered for),
and `requestKind: {group:"apps", version:"v1beta1", kind:"Deployment"}` (indicating the kind of the original API request).
See documentation for the "matchPolicy" field in the webhook configuration type for more details.
group
string required
kind
string required
version
string required
requestResource object
requestResource is the fully-qualified resource of the original API request (for example, v1.pods).
If this is specified and differs from the value in "resource", an equivalent match and conversion was performed.
For example, if deployments can be modified via apps/v1 and apps/v1beta1, and a webhook registered a rule of
`apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]` and `matchPolicy: Equivalent`,
an API request to apps/v1beta1 deployments would be converted and sent to the webhook
with `resource: {group:"apps", version:"v1", resource:"deployments"}` (matching the resource the webhook registered for),
and `requestResource: {group:"apps", version:"v1beta1", resource:"deployments"}` (indicating the resource of the original API request).
See documentation for the "matchPolicy" field in the webhook configuration type.
group
string required
resource
string required
version
string required
requestSubResource
string
requestSubResource is the name of the subresource of the original API request, if any (for example, "status" or "scale")
If this is specified and differs from the value in "subResource", an equivalent match and conversion was performed.
See documentation for the "matchPolicy" field in the webhook configuration type.
resource object required
resource is the fully-qualified resource being requested (for example, v1.pods)
group
string required
resource
string required
version
string required
subResource
string
subResource is the subresource being requested, if any (for example, "status" or "scale")
uid
string required
uid is an identifier for the individual request/response. It allows us to distinguish instances of requests which are
otherwise identical (parallel requests, requests when earlier requests did not modify etc)
The UID is meant to track the round trip (request/response) between the KAS and the WebHook, not the user request.
It is suitable for correlating log entries between the webhook and apiserver, for either auditing or debugging.
userInfo object required
userInfo is information about the requesting user
extra
object
Any additional information provided by the authenticator.
groups
[]string
The names of groups this user is a part of.
uid
string
A unique value that identifies this user across time. If this user is
deleted and another user by the same name is added, they will have
different UIDs.
username
string
The name that uniquely identifies this user among all active users.
operation
string
Operation is the type of resource operation being checked for admission control
userInfo object
RequestInfo contains permission info carried in an admission request.
clusterRoles
[]string
ClusterRoles is a list of possible clusterRoles send the request.
roles
[]string
Roles is a list of possible role send the request.
synchronize
boolean
DryRun indicates that modifications will definitely not be persisted for this request.
Defaults to false.
userInfo object
UserInfo is the userInfo carried in the admission request.
extra
object
Any additional information provided by the authenticator.
groups
[]string
The names of groups this user is a part of.
uid
string
A unique value that identifies this user across time. If this user is
deleted and another user by the same name is added, they will have
different UIDs.
username
string
The name that uniquely identifies this user among all active users.
deleteDownstream
boolean required
DeleteDownstream represents whether the downstream needs to be deleted.
Deprecated
policy
string required
Specifies the name of the policy.
requestType
string
Type represents request type for background processing
enum:
mutate, generate, cel-generate, cel-mutateresource object required
ResourceSpec is the information to identify the trigger resource.
apiVersion
string
APIVersion specifies resource apiVersion.
kind
string
Kind specifies resource kind.
name
string
Name specifies the resource name.
namespace
string
Namespace specifies resource namespace.
uid
string
UID specifies the resource uid.
rule
string required
Rule is the associate rule name of the current UR.
ruleContext []object
RuleContext is the associate context to apply rules.
optional
cacheRestore
boolean
CacheRestore indicates whether the cache should be restored.
deleteDownstream
boolean required
DeleteDownstream represents whether the downstream needs to be deleted.
rule
string required
Rule is the associate rule name of the current UR.
synchronize
boolean
Synchronize represents the sync behavior of the corresponding rule
Optional. Defaults to "false" if not specified.
trigger object required
ResourceSpec is the information to identify the trigger resource.
apiVersion
string
APIVersion specifies resource apiVersion.
kind
string
Kind specifies resource kind.
name
string
Name specifies the resource name.
namespace
string
Namespace specifies resource namespace.
uid
string
UID specifies the resource uid.
synchronize
boolean
Synchronize represents the sync behavior of the corresponding rule
Optional. Defaults to "false" if not specified.
Deprecated, will be removed in 1.14.
status object
Status contains statistics related to update request.
generatedResources []object
This will track the resources that are updated by the generate Policy.
Will be used during clean up resources.
apiVersion
string
APIVersion specifies resource apiVersion.
kind
string
Kind specifies resource kind.
name
string
Name specifies the resource name.
namespace
string
Namespace specifies resource namespace.
uid
string
UID specifies the resource uid.
message
string
Specifies request status message.
retryCount
integer
state
string required
State represents state of the update request.
No matches. Try .spec.context for an exact path