kyverno.io/v1
·
Cluster-scoped Resource ClusterPolicy
ClusterPolicy declares validation, mutation, and generation behaviors for matching resources.
Click on Property Name to show the description, and Pink Types to expand schema.
Required properties are marked with *
Change History
Kyverno v1.13.2
Kyverno v1.13.1
Kyverno v1.13.0
+81~42
81 properties have been added on this version
- .spec.emitWarning
- .spec.rules.context.apiCall.default
- .spec.rules.context.apiCall.service.headers
- .spec.rules.generate.foreach
- .spec.rules.generate.generateExisting
- .spec.rules.mutate.foreach.context.apiCall.default
- .spec.rules.mutate.foreach.context.apiCall.service.headers
- .spec.rules.mutate.mutateExistingOnPolicyUpdate
- .spec.rules.mutate.targets.context.apiCall.default
- .spec.rules.mutate.targets.context.apiCall.service.headers
- .spec.rules.mutate.targets.selector
- .spec.rules.reportProperties
- .spec.rules.validate.allowExistingViolations
- .spec.rules.validate.assert
- .spec.rules.validate.failureAction
- .spec.rules.validate.failureActionOverrides
- .spec.rules.validate.foreach.context.apiCall.default
- .spec.rules.validate.foreach.context.apiCall.service.headers
- .spec.rules.validate.manifests.attestors.entries.certificates.ctlog.tsaCertChain
- .spec.rules.validate.manifests.attestors.entries.keyless.ctlog.tsaCertChain
- .spec.rules.validate.manifests.attestors.entries.keyless.issuerRegExp
- .spec.rules.validate.manifests.attestors.entries.keyless.subjectRegExp
- .spec.rules.validate.manifests.attestors.entries.keys.ctlog.tsaCertChain
- .spec.rules.validate.manifests.attestors.entries.signatureAlgorithm
- .spec.rules.verifyImages.attestations.attestors.entries.certificates.ctlog.tsaCertChain
- .spec.rules.verifyImages.attestations.attestors.entries.keyless.ctlog.tsaCertChain
- .spec.rules.verifyImages.attestations.attestors.entries.keyless.issuerRegExp
- .spec.rules.verifyImages.attestations.attestors.entries.keyless.subjectRegExp
- .spec.rules.verifyImages.attestations.attestors.entries.keys.ctlog.tsaCertChain
- .spec.rules.verifyImages.attestations.attestors.entries.signatureAlgorithm
- .spec.rules.verifyImages.attestations.name
- .spec.rules.verifyImages.attestors.entries.certificates.ctlog.tsaCertChain
- .spec.rules.verifyImages.attestors.entries.keyless.ctlog.tsaCertChain
- .spec.rules.verifyImages.attestors.entries.keyless.issuerRegExp
- .spec.rules.verifyImages.attestors.entries.keyless.subjectRegExp
- .spec.rules.verifyImages.attestors.entries.keys.ctlog.tsaCertChain
- .spec.rules.verifyImages.attestors.entries.signatureAlgorithm
- .spec.rules.verifyImages.cosignOCI11
- .spec.rules.verifyImages.failureAction
- .spec.rules.verifyImages.validate
- .spec.webhookConfiguration.failurePolicy
- .spec.webhookConfiguration.timeoutSeconds
- .status.autogen.rules.context.apiCall.default
- .status.autogen.rules.context.apiCall.service.headers
- .status.autogen.rules.generate.foreach
- .status.autogen.rules.generate.generateExisting
- .status.autogen.rules.mutate.foreach.context.apiCall.default
- .status.autogen.rules.mutate.foreach.context.apiCall.service.headers
- .status.autogen.rules.mutate.mutateExistingOnPolicyUpdate
- .status.autogen.rules.mutate.targets.context.apiCall.default
- .status.autogen.rules.mutate.targets.context.apiCall.service.headers
- .status.autogen.rules.mutate.targets.selector
- .status.autogen.rules.reportProperties
- .status.autogen.rules.validate.allowExistingViolations
- .status.autogen.rules.validate.assert
- .status.autogen.rules.validate.failureAction
- .status.autogen.rules.validate.failureActionOverrides
- .status.autogen.rules.validate.foreach.context.apiCall.default
- .status.autogen.rules.validate.foreach.context.apiCall.service.headers
- .status.autogen.rules.validate.manifests.attestors.entries.certificates.ctlog.tsaCertChain
- .status.autogen.rules.validate.manifests.attestors.entries.keyless.ctlog.tsaCertChain
- .status.autogen.rules.validate.manifests.attestors.entries.keyless.issuerRegExp
- .status.autogen.rules.validate.manifests.attestors.entries.keyless.subjectRegExp
- .status.autogen.rules.validate.manifests.attestors.entries.keys.ctlog.tsaCertChain
- .status.autogen.rules.validate.manifests.attestors.entries.signatureAlgorithm
- .status.autogen.rules.verifyImages.attestations.attestors.entries.certificates.ctlog.tsaCertChain
- .status.autogen.rules.verifyImages.attestations.attestors.entries.keyless.ctlog.tsaCertChain
- .status.autogen.rules.verifyImages.attestations.attestors.entries.keyless.issuerRegExp
- .status.autogen.rules.verifyImages.attestations.attestors.entries.keyless.subjectRegExp
- .status.autogen.rules.verifyImages.attestations.attestors.entries.keys.ctlog.tsaCertChain
- .status.autogen.rules.verifyImages.attestations.attestors.entries.signatureAlgorithm
- .status.autogen.rules.verifyImages.attestations.name
- .status.autogen.rules.verifyImages.attestors.entries.certificates.ctlog.tsaCertChain
- .status.autogen.rules.verifyImages.attestors.entries.keyless.ctlog.tsaCertChain
- .status.autogen.rules.verifyImages.attestors.entries.keyless.issuerRegExp
- .status.autogen.rules.verifyImages.attestors.entries.keyless.subjectRegExp
- .status.autogen.rules.verifyImages.attestors.entries.keys.ctlog.tsaCertChain
- .status.autogen.rules.verifyImages.attestors.entries.signatureAlgorithm
- .status.autogen.rules.verifyImages.cosignOCI11
- .status.autogen.rules.verifyImages.failureAction
- .status.autogen.rules.verifyImages.validate
42 properties have changed the description
- .spec.failurePolicy
- .spec.generateExisting
- .spec.mutateExistingOnPolicyUpdate
- .spec.rules.celPreconditions.expression
- .spec.rules.celPreconditions.name
- .spec.rules.context.apiCall.method
- .spec.rules.mutate.foreach.context.apiCall.method
- .spec.rules.mutate.targets.context.apiCall.method
- .spec.rules.validate.cel.auditAnnotations.key
- .spec.rules.validate.cel.auditAnnotations.valueExpression
- .spec.rules.validate.cel.expressions.expression
- .spec.rules.validate.cel.paramRef.name
- .spec.rules.validate.cel.paramRef.namespace
- .spec.rules.validate.cel.paramRef.parameterNotFoundAction
- .spec.rules.validate.cel.paramRef.selector
- .spec.rules.validate.foreach.context.apiCall.method
- .spec.rules.validate.manifests.attestors.entries.keys.signatureAlgorithm
- .spec.rules.verifyImages.attestations.attestors.entries.keys.signatureAlgorithm
- .spec.rules.verifyImages.attestors.entries.keys.signatureAlgorithm
- .spec.rules.verifyImages.type
- .spec.validationFailureAction
- .spec.validationFailureActionOverrides
- .spec.webhookConfiguration
- .spec.webhookTimeoutSeconds
- .status.autogen.rules.celPreconditions.expression
- .status.autogen.rules.celPreconditions.name
- .status.autogen.rules.context.apiCall.method
- .status.autogen.rules.mutate.foreach.context.apiCall.method
- .status.autogen.rules.mutate.targets.context.apiCall.method
- .status.autogen.rules.validate.cel.auditAnnotations.key
- .status.autogen.rules.validate.cel.auditAnnotations.valueExpression
- .status.autogen.rules.validate.cel.expressions.expression
- .status.autogen.rules.validate.cel.paramRef.name
- .status.autogen.rules.validate.cel.paramRef.namespace
- .status.autogen.rules.validate.cel.paramRef.parameterNotFoundAction
- .status.autogen.rules.validate.cel.paramRef.selector
- .status.autogen.rules.validate.foreach.context.apiCall.method
- .status.autogen.rules.validate.manifests.attestors.entries.keys.signatureAlgorithm
- .status.autogen.rules.verifyImages.attestations.attestors.entries.keys.signatureAlgorithm
- .status.autogen.rules.verifyImages.attestors.entries.keys.signatureAlgorithm
- .status.autogen.rules.verifyImages.type
- .status.conditions.type
Kyverno v1.12.6
Kyverno v1.12.5
Kyverno v1.12.4
Kyverno v1.12.3
Kyverno v1.12.2
Kyverno v1.12.1
~94
94 properties have changed the description
- .apiVersion
- .kind
- .spec.admission
- .spec.applyRules
- .spec.background
- .spec.failurePolicy
- .spec.generateExisting
- .spec.mutateExistingOnPolicyUpdate
- .spec.rules
- .spec.useServerSideApply
- .spec.validationFailureAction
- .spec.validationFailureActionOverrides
- .spec.webhookConfiguration
- .spec.webhookTimeoutSeconds
- .status.autogen.rules.celPreconditions
- .status.autogen.rules.context.apiCall
- .status.autogen.rules.context.globalReference.jmesPath
- .status.autogen.rules.context.imageRegistry
- .status.autogen.rules.context.variable.default
- .status.autogen.rules.context.variable.jmesPath
- .status.autogen.rules.exclude
- .status.autogen.rules.generate.clone
- .status.autogen.rules.generate.cloneList.selector
- .status.autogen.rules.generate.data
- .status.autogen.rules.generate.orphanDownstreamOnPolicyDelete
- .status.autogen.rules.generate.synchronize
- .status.autogen.rules.imageExtractors
- .status.autogen.rules.match
- .status.autogen.rules.mutate.foreach.context.apiCall
- .status.autogen.rules.mutate.foreach.context.globalReference.jmesPath
- .status.autogen.rules.mutate.foreach.context.imageRegistry
- .status.autogen.rules.mutate.foreach.context.variable.default
- .status.autogen.rules.mutate.foreach.context.variable.jmesPath
- .status.autogen.rules.mutate.foreach.list
- .status.autogen.rules.mutate.foreach.order
- .status.autogen.rules.mutate.foreach.patchStrategicMerge
- .status.autogen.rules.mutate.foreach.patchesJson6902
- .status.autogen.rules.mutate.foreach.preconditions
- .status.autogen.rules.mutate.patchStrategicMerge
- .status.autogen.rules.mutate.patchesJson6902
- .status.autogen.rules.mutate.targets.context.apiCall
- .status.autogen.rules.mutate.targets.context.globalReference.jmesPath
- .status.autogen.rules.mutate.targets.context.imageRegistry
- .status.autogen.rules.mutate.targets.context.variable.default
- .status.autogen.rules.mutate.targets.context.variable.jmesPath
- .status.autogen.rules.mutate.targets.preconditions
- .status.autogen.rules.preconditions
- .status.autogen.rules.skipBackgroundRequests
- .status.autogen.rules.validate.anyPattern
- .status.autogen.rules.validate.cel.auditAnnotations.key
- .status.autogen.rules.validate.cel.auditAnnotations.valueExpression
- .status.autogen.rules.validate.cel.expressions.expression
- .status.autogen.rules.validate.cel.expressions.message
- .status.autogen.rules.validate.cel.expressions.messageExpression
- .status.autogen.rules.validate.cel.expressions.reason
- .status.autogen.rules.validate.cel.paramKind.apiVersion
- .status.autogen.rules.validate.cel.paramKind.kind
- .status.autogen.rules.validate.cel.paramRef.name
- .status.autogen.rules.validate.cel.paramRef.namespace
- .status.autogen.rules.validate.cel.paramRef.parameterNotFoundAction
- .status.autogen.rules.validate.cel.paramRef.selector
- .status.autogen.rules.validate.cel.variables
- .status.autogen.rules.validate.deny.conditions
- .status.autogen.rules.validate.foreach.anyPattern
- .status.autogen.rules.validate.foreach.context.apiCall
- .status.autogen.rules.validate.foreach.context.globalReference.jmesPath
- .status.autogen.rules.validate.foreach.context.imageRegistry
- .status.autogen.rules.validate.foreach.context.variable.default
- .status.autogen.rules.validate.foreach.context.variable.jmesPath
- .status.autogen.rules.validate.foreach.deny.conditions
- .status.autogen.rules.validate.foreach.elementScope
- .status.autogen.rules.validate.foreach.list
- .status.autogen.rules.validate.foreach.preconditions
- .status.autogen.rules.validate.manifests.attestors.count
- .status.autogen.rules.validate.manifests.attestors.entries
- .status.autogen.rules.validate.manifests.repository
- .status.autogen.rules.validate.podSecurity
- .status.autogen.rules.verifyImages.attestations
- .status.autogen.rules.verifyImages.attestors.count
- .status.autogen.rules.verifyImages.attestors.entries
- .status.autogen.rules.verifyImages.imageReferences
- .status.autogen.rules.verifyImages.imageRegistryCredentials.providers
- .status.autogen.rules.verifyImages.imageRegistryCredentials.secrets
- .status.autogen.rules.verifyImages.mutateDigest
- .status.autogen.rules.verifyImages.repository
- .status.autogen.rules.verifyImages.skipImageReferences
- .status.autogen.rules.verifyImages.type
- .status.conditions.lastTransitionTime
- .status.conditions.message
- .status.conditions.observedGeneration
- .status.conditions.reason
- .status.conditions.type
- .status.rulecount
- .status.validatingadmissionpolicy.message
Kyverno v1.12.0
+17~88
17 properties have been added on this version
- .spec.rules.context.globalReference
- .spec.rules.generate.orphanDownstreamOnPolicyDelete
- .spec.rules.mutate.foreach.context.globalReference
- .spec.rules.mutate.targets.context.globalReference
- .spec.rules.validate.foreach.context.globalReference
- .spec.rules.validate.podSecurity.exclude.restrictedField
- .spec.rules.validate.podSecurity.exclude.values
- .spec.rules.verifyImages.skipImageReferences
- .spec.webhookConfiguration
- .status.autogen.rules.context.globalReference
- .status.autogen.rules.generate.orphanDownstreamOnPolicyDelete
- .status.autogen.rules.mutate.foreach.context.globalReference
- .status.autogen.rules.mutate.targets.context.globalReference
- .status.autogen.rules.validate.foreach.context.globalReference
- .status.autogen.rules.validate.podSecurity.exclude.restrictedField
- .status.autogen.rules.validate.podSecurity.exclude.values
- .status.autogen.rules.verifyImages.skipImageReferences
88 properties have changed the description
- .apiVersion
- .kind
- .spec.admission
- .spec.applyRules
- .spec.background
- .spec.failurePolicy
- .spec.generateExisting
- .spec.mutateExistingOnPolicyUpdate
- .spec.rules
- .spec.schemaValidation
- .spec.useServerSideApply
- .spec.validationFailureAction
- .spec.validationFailureActionOverrides
- .spec.webhookTimeoutSeconds
- .status.autogen.rules.celPreconditions
- .status.autogen.rules.context.apiCall
- .status.autogen.rules.context.imageRegistry
- .status.autogen.rules.context.variable.default
- .status.autogen.rules.context.variable.jmesPath
- .status.autogen.rules.exclude
- .status.autogen.rules.generate.clone
- .status.autogen.rules.generate.cloneList.selector
- .status.autogen.rules.generate.data
- .status.autogen.rules.generate.synchronize
- .status.autogen.rules.imageExtractors
- .status.autogen.rules.match
- .status.autogen.rules.mutate.foreach.context.apiCall
- .status.autogen.rules.mutate.foreach.context.imageRegistry
- .status.autogen.rules.mutate.foreach.context.variable.default
- .status.autogen.rules.mutate.foreach.context.variable.jmesPath
- .status.autogen.rules.mutate.foreach.list
- .status.autogen.rules.mutate.foreach.order
- .status.autogen.rules.mutate.foreach.patchStrategicMerge
- .status.autogen.rules.mutate.foreach.patchesJson6902
- .status.autogen.rules.mutate.foreach.preconditions
- .status.autogen.rules.mutate.patchStrategicMerge
- .status.autogen.rules.mutate.patchesJson6902
- .status.autogen.rules.mutate.targets.context.apiCall
- .status.autogen.rules.mutate.targets.context.imageRegistry
- .status.autogen.rules.mutate.targets.context.variable.default
- .status.autogen.rules.mutate.targets.context.variable.jmesPath
- .status.autogen.rules.mutate.targets.preconditions
- .status.autogen.rules.preconditions
- .status.autogen.rules.skipBackgroundRequests
- .status.autogen.rules.validate.anyPattern
- .status.autogen.rules.validate.cel.auditAnnotations.key
- .status.autogen.rules.validate.cel.auditAnnotations.valueExpression
- .status.autogen.rules.validate.cel.expressions.expression
- .status.autogen.rules.validate.cel.expressions.message
- .status.autogen.rules.validate.cel.expressions.messageExpression
- .status.autogen.rules.validate.cel.expressions.reason
- .status.autogen.rules.validate.cel.paramKind.apiVersion
- .status.autogen.rules.validate.cel.paramKind.kind
- .status.autogen.rules.validate.cel.paramRef.name
- .status.autogen.rules.validate.cel.paramRef.namespace
- .status.autogen.rules.validate.cel.paramRef.parameterNotFoundAction
- .status.autogen.rules.validate.cel.paramRef.selector
- .status.autogen.rules.validate.cel.variables
- .status.autogen.rules.validate.deny.conditions
- .status.autogen.rules.validate.foreach.anyPattern
- .status.autogen.rules.validate.foreach.context.apiCall
- .status.autogen.rules.validate.foreach.context.imageRegistry
- .status.autogen.rules.validate.foreach.context.variable.default
- .status.autogen.rules.validate.foreach.context.variable.jmesPath
- .status.autogen.rules.validate.foreach.deny.conditions
- .status.autogen.rules.validate.foreach.elementScope
- .status.autogen.rules.validate.foreach.list
- .status.autogen.rules.validate.foreach.preconditions
- .status.autogen.rules.validate.manifests.attestors.count
- .status.autogen.rules.validate.manifests.attestors.entries
- .status.autogen.rules.validate.manifests.repository
- .status.autogen.rules.validate.podSecurity
- .status.autogen.rules.verifyImages.attestations
- .status.autogen.rules.verifyImages.attestors.count
- .status.autogen.rules.verifyImages.attestors.entries
- .status.autogen.rules.verifyImages.imageReferences
- .status.autogen.rules.verifyImages.imageRegistryCredentials.providers
- .status.autogen.rules.verifyImages.imageRegistryCredentials.secrets
- .status.autogen.rules.verifyImages.mutateDigest
- .status.autogen.rules.verifyImages.repository
- .status.autogen.rules.verifyImages.type
- .status.conditions.lastTransitionTime
- .status.conditions.message
- .status.conditions.observedGeneration
- .status.conditions.reason
- .status.conditions.type
- .status.rulecount
- .status.validatingadmissionpolicy.message
Kyverno v1.11.5
~88
88 properties have changed the description
- .apiVersion
- .kind
- .spec.admission
- .spec.applyRules
- .spec.background
- .spec.failurePolicy
- .spec.generateExisting
- .spec.mutateExistingOnPolicyUpdate
- .spec.rules
- .spec.schemaValidation
- .spec.useServerSideApply
- .spec.validationFailureAction
- .spec.validationFailureActionOverrides
- .spec.webhookTimeoutSeconds
- .status.autogen.rules.celPreconditions
- .status.autogen.rules.context.apiCall
- .status.autogen.rules.context.imageRegistry
- .status.autogen.rules.context.variable.default
- .status.autogen.rules.context.variable.jmesPath
- .status.autogen.rules.exclude
- .status.autogen.rules.generate.clone
- .status.autogen.rules.generate.cloneList.selector
- .status.autogen.rules.generate.data
- .status.autogen.rules.generate.synchronize
- .status.autogen.rules.imageExtractors
- .status.autogen.rules.match
- .status.autogen.rules.mutate.foreach.context.apiCall
- .status.autogen.rules.mutate.foreach.context.imageRegistry
- .status.autogen.rules.mutate.foreach.context.variable.default
- .status.autogen.rules.mutate.foreach.context.variable.jmesPath
- .status.autogen.rules.mutate.foreach.list
- .status.autogen.rules.mutate.foreach.order
- .status.autogen.rules.mutate.foreach.patchStrategicMerge
- .status.autogen.rules.mutate.foreach.patchesJson6902
- .status.autogen.rules.mutate.foreach.preconditions
- .status.autogen.rules.mutate.patchStrategicMerge
- .status.autogen.rules.mutate.patchesJson6902
- .status.autogen.rules.mutate.targets.context.apiCall
- .status.autogen.rules.mutate.targets.context.imageRegistry
- .status.autogen.rules.mutate.targets.context.variable.default
- .status.autogen.rules.mutate.targets.context.variable.jmesPath
- .status.autogen.rules.mutate.targets.preconditions
- .status.autogen.rules.preconditions
- .status.autogen.rules.skipBackgroundRequests
- .status.autogen.rules.validate.anyPattern
- .status.autogen.rules.validate.cel.auditAnnotations.key
- .status.autogen.rules.validate.cel.auditAnnotations.valueExpression
- .status.autogen.rules.validate.cel.expressions.expression
- .status.autogen.rules.validate.cel.expressions.message
- .status.autogen.rules.validate.cel.expressions.messageExpression
- .status.autogen.rules.validate.cel.expressions.reason
- .status.autogen.rules.validate.cel.paramKind.apiVersion
- .status.autogen.rules.validate.cel.paramKind.kind
- .status.autogen.rules.validate.cel.paramRef.name
- .status.autogen.rules.validate.cel.paramRef.namespace
- .status.autogen.rules.validate.cel.paramRef.parameterNotFoundAction
- .status.autogen.rules.validate.cel.paramRef.selector
- .status.autogen.rules.validate.cel.variables
- .status.autogen.rules.validate.deny.conditions
- .status.autogen.rules.validate.foreach.anyPattern
- .status.autogen.rules.validate.foreach.context.apiCall
- .status.autogen.rules.validate.foreach.context.imageRegistry
- .status.autogen.rules.validate.foreach.context.variable.default
- .status.autogen.rules.validate.foreach.context.variable.jmesPath
- .status.autogen.rules.validate.foreach.deny.conditions
- .status.autogen.rules.validate.foreach.elementScope
- .status.autogen.rules.validate.foreach.list
- .status.autogen.rules.validate.foreach.preconditions
- .status.autogen.rules.validate.manifests.attestors.count
- .status.autogen.rules.validate.manifests.attestors.entries
- .status.autogen.rules.validate.manifests.repository
- .status.autogen.rules.validate.podSecurity
- .status.autogen.rules.verifyImages.attestations
- .status.autogen.rules.verifyImages.attestors.count
- .status.autogen.rules.verifyImages.attestors.entries
- .status.autogen.rules.verifyImages.imageReferences
- .status.autogen.rules.verifyImages.imageRegistryCredentials.providers
- .status.autogen.rules.verifyImages.imageRegistryCredentials.secrets
- .status.autogen.rules.verifyImages.mutateDigest
- .status.autogen.rules.verifyImages.repository
- .status.autogen.rules.verifyImages.type
- .status.conditions.lastTransitionTime
- .status.conditions.message
- .status.conditions.observedGeneration
- .status.conditions.reason
- .status.conditions.type
- .status.rulecount
- .status.validatingadmissionpolicy.message
Kyverno v1.11.4
Kyverno v1.11.3
Kyverno v1.11.2
+2~6
2 properties have been added on this version
- .spec.rules.skipBackgroundRequests
- .status.autogen.rules.skipBackgroundRequests
6 properties have changed the description
- .spec.rules.validate.manifests.attestors.entries.keys.signatureAlgorithm
- .spec.rules.verifyImages.attestations.attestors.entries.keys.signatureAlgorithm
- .spec.rules.verifyImages.attestors.entries.keys.signatureAlgorithm
- .status.autogen.rules.validate.manifests.attestors.entries.keys.signatureAlgorithm
- .status.autogen.rules.verifyImages.attestations.attestors.entries.keys.signatureAlgorithm
- .status.autogen.rules.verifyImages.attestors.entries.keys.signatureAlgorithm
Kyverno v1.11.1
Kyverno v1.11.0
+79~23
79 properties have been added on this version
- .spec.admission
- .spec.rules.celPreconditions
- .spec.rules.context.imageRegistry.imageRegistryCredentials
- .spec.rules.generate.uid
- .spec.rules.mutate.foreach.context.imageRegistry.imageRegistryCredentials
- .spec.rules.mutate.targets.context.imageRegistry.imageRegistryCredentials
- .spec.rules.mutate.targets.uid
- .spec.rules.validate.cel
- .spec.rules.validate.foreach.context.imageRegistry.imageRegistryCredentials
- .spec.rules.validate.manifests.attestors.entries.certificates.ctlog
- .spec.rules.validate.manifests.attestors.entries.certificates.rekor.ignoreTlog
- .spec.rules.validate.manifests.attestors.entries.certificates.rekor.pubkey
- .spec.rules.validate.manifests.attestors.entries.keyless.ctlog
- .spec.rules.validate.manifests.attestors.entries.keyless.rekor.ignoreTlog
- .spec.rules.validate.manifests.attestors.entries.keyless.rekor.pubkey
- .spec.rules.validate.manifests.attestors.entries.keys.ctlog
- .spec.rules.validate.manifests.attestors.entries.keys.rekor.ignoreTlog
- .spec.rules.validate.manifests.attestors.entries.keys.rekor.pubkey
- .spec.rules.verifyImages.attestations.attestors.entries.certificates.ctlog
- .spec.rules.verifyImages.attestations.attestors.entries.certificates.rekor.ignoreTlog
- .spec.rules.verifyImages.attestations.attestors.entries.certificates.rekor.pubkey
- .spec.rules.verifyImages.attestations.attestors.entries.keyless.ctlog
- .spec.rules.verifyImages.attestations.attestors.entries.keyless.rekor.ignoreTlog
- .spec.rules.verifyImages.attestations.attestors.entries.keyless.rekor.pubkey
- .spec.rules.verifyImages.attestations.attestors.entries.keys.ctlog
- .spec.rules.verifyImages.attestations.attestors.entries.keys.rekor.ignoreTlog
- .spec.rules.verifyImages.attestations.attestors.entries.keys.rekor.pubkey
- .spec.rules.verifyImages.attestations.type
- .spec.rules.verifyImages.attestors.entries.certificates.ctlog
- .spec.rules.verifyImages.attestors.entries.certificates.rekor.ignoreTlog
- .spec.rules.verifyImages.attestors.entries.certificates.rekor.pubkey
- .spec.rules.verifyImages.attestors.entries.keyless.ctlog
- .spec.rules.verifyImages.attestors.entries.keyless.rekor.ignoreTlog
- .spec.rules.verifyImages.attestors.entries.keyless.rekor.pubkey
- .spec.rules.verifyImages.attestors.entries.keys.ctlog
- .spec.rules.verifyImages.attestors.entries.keys.rekor.ignoreTlog
- .spec.rules.verifyImages.attestors.entries.keys.rekor.pubkey
- .spec.rules.verifyImages.imageRegistryCredentials
- .spec.rules.verifyImages.useCache
- .spec.useServerSideApply
- .status.autogen.rules.celPreconditions
- .status.autogen.rules.context.imageRegistry.imageRegistryCredentials
- .status.autogen.rules.generate.uid
- .status.autogen.rules.mutate.foreach.context.imageRegistry.imageRegistryCredentials
- .status.autogen.rules.mutate.targets.context.imageRegistry.imageRegistryCredentials
- .status.autogen.rules.mutate.targets.uid
- .status.autogen.rules.validate.cel
- .status.autogen.rules.validate.foreach.context.imageRegistry.imageRegistryCredentials
- .status.autogen.rules.validate.manifests.attestors.entries.certificates.ctlog
- .status.autogen.rules.validate.manifests.attestors.entries.certificates.rekor.ignoreTlog
- .status.autogen.rules.validate.manifests.attestors.entries.certificates.rekor.pubkey
- .status.autogen.rules.validate.manifests.attestors.entries.keyless.ctlog
- .status.autogen.rules.validate.manifests.attestors.entries.keyless.rekor.ignoreTlog
- .status.autogen.rules.validate.manifests.attestors.entries.keyless.rekor.pubkey
- .status.autogen.rules.validate.manifests.attestors.entries.keys.ctlog
- .status.autogen.rules.validate.manifests.attestors.entries.keys.rekor.ignoreTlog
- .status.autogen.rules.validate.manifests.attestors.entries.keys.rekor.pubkey
- .status.autogen.rules.verifyImages.attestations.attestors.entries.certificates.ctlog
- .status.autogen.rules.verifyImages.attestations.attestors.entries.certificates.rekor.ignoreTlog
- .status.autogen.rules.verifyImages.attestations.attestors.entries.certificates.rekor.pubkey
- .status.autogen.rules.verifyImages.attestations.attestors.entries.keyless.ctlog
- .status.autogen.rules.verifyImages.attestations.attestors.entries.keyless.rekor.ignoreTlog
- .status.autogen.rules.verifyImages.attestations.attestors.entries.keyless.rekor.pubkey
- .status.autogen.rules.verifyImages.attestations.attestors.entries.keys.ctlog
- .status.autogen.rules.verifyImages.attestations.attestors.entries.keys.rekor.ignoreTlog
- .status.autogen.rules.verifyImages.attestations.attestors.entries.keys.rekor.pubkey
- .status.autogen.rules.verifyImages.attestations.type
- .status.autogen.rules.verifyImages.attestors.entries.certificates.ctlog
- .status.autogen.rules.verifyImages.attestors.entries.certificates.rekor.ignoreTlog
- .status.autogen.rules.verifyImages.attestors.entries.certificates.rekor.pubkey
- .status.autogen.rules.verifyImages.attestors.entries.keyless.ctlog
- .status.autogen.rules.verifyImages.attestors.entries.keyless.rekor.ignoreTlog
- .status.autogen.rules.verifyImages.attestors.entries.keyless.rekor.pubkey
- .status.autogen.rules.verifyImages.attestors.entries.keys.ctlog
- .status.autogen.rules.verifyImages.attestors.entries.keys.rekor.ignoreTlog
- .status.autogen.rules.verifyImages.attestors.entries.keys.rekor.pubkey
- .status.autogen.rules.verifyImages.imageRegistryCredentials
- .status.autogen.rules.verifyImages.useCache
- .status.validatingadmissionpolicy
23 properties have changed the description
- .spec.rules.validate.manifests.attestors.entries.attestor
- .spec.rules.validate.manifests.attestors.entries.certificates
- .spec.rules.validate.manifests.attestors.entries.keyless.rekor
- .spec.rules.validate.manifests.attestors.entries.keyless.subject
- .spec.rules.validate.manifests.attestors.entries.keys
- .spec.rules.verifyImages.additionalExtensions
- .spec.rules.verifyImages.annotations
- .spec.rules.verifyImages.attestations.attestors
- .spec.rules.verifyImages.attestations.predicateType
- .spec.rules.verifyImages.attestors.entries.attestor
- .spec.rules.verifyImages.attestors.entries.certificates
- .spec.rules.verifyImages.attestors.entries.keyless.rekor
- .spec.rules.verifyImages.attestors.entries.keyless.subject
- .spec.rules.verifyImages.attestors.entries.keys
- .spec.rules.verifyImages.image
- .spec.rules.verifyImages.issuer
- .spec.rules.verifyImages.key
- .spec.rules.verifyImages.roots
- .spec.rules.verifyImages.subject
- .status.autogen
- .status.conditions
- .status.ready
- .status.rulecount
Kyverno v1.10.7
Kyverno v1.10.6
Kyverno v1.10.5
Kyverno v1.10.4
Kyverno v1.10.3
Kyverno v1.10.2
Kyverno v1.10.1
Kyverno v1.10.0
+52~9
52 properties have been added on this version
- .spec.generateExisting
- .spec.rules.context.apiCall.data
- .spec.rules.context.apiCall.method
- .spec.rules.context.apiCall.service
- .spec.rules.exclude.all.resources.operations
- .spec.rules.exclude.any.resources.operations
- .spec.rules.exclude.resources.operations
- .spec.rules.match.all.resources.operations
- .spec.rules.match.any.resources.operations
- .spec.rules.match.resources.operations
- .spec.rules.mutate.foreach.context.apiCall.data
- .spec.rules.mutate.foreach.context.apiCall.method
- .spec.rules.mutate.foreach.context.apiCall.service
- .spec.rules.mutate.foreach.order
- .spec.rules.mutate.foreach.preconditions.all.message
- .spec.rules.mutate.foreach.preconditions.any.message
- .spec.rules.mutate.targets.context
- .spec.rules.mutate.targets.preconditions
- .spec.rules.validate.foreach.context.apiCall.data
- .spec.rules.validate.foreach.context.apiCall.method
- .spec.rules.validate.foreach.context.apiCall.service
- .spec.rules.validate.foreach.preconditions.all.message
- .spec.rules.validate.foreach.preconditions.any.message
- .spec.rules.verifyImages.attestations.conditions.all.message
- .spec.rules.verifyImages.attestations.conditions.any.message
- .spec.rules.verifyImages.type
- .spec.validationFailureActionOverrides.namespaceSelector
- .status.autogen.rules.context.apiCall.data
- .status.autogen.rules.context.apiCall.method
- .status.autogen.rules.context.apiCall.service
- .status.autogen.rules.exclude.all.resources.operations
- .status.autogen.rules.exclude.any.resources.operations
- .status.autogen.rules.exclude.resources.operations
- .status.autogen.rules.match.all.resources.operations
- .status.autogen.rules.match.any.resources.operations
- .status.autogen.rules.match.resources.operations
- .status.autogen.rules.mutate.foreach.context.apiCall.data
- .status.autogen.rules.mutate.foreach.context.apiCall.method
- .status.autogen.rules.mutate.foreach.context.apiCall.service
- .status.autogen.rules.mutate.foreach.order
- .status.autogen.rules.mutate.foreach.preconditions.all.message
- .status.autogen.rules.mutate.foreach.preconditions.any.message
- .status.autogen.rules.mutate.targets.context
- .status.autogen.rules.mutate.targets.preconditions
- .status.autogen.rules.validate.foreach.context.apiCall.data
- .status.autogen.rules.validate.foreach.context.apiCall.method
- .status.autogen.rules.validate.foreach.context.apiCall.service
- .status.autogen.rules.validate.foreach.preconditions.all.message
- .status.autogen.rules.validate.foreach.preconditions.any.message
- .status.autogen.rules.verifyImages.attestations.conditions.all.message
- .status.autogen.rules.verifyImages.attestations.conditions.any.message
- .status.autogen.rules.verifyImages.type
9 properties have changed the description
- .spec.generateExistingOnPolicyUpdate
- .spec.rules.context.apiCall
- .spec.rules.mutate.foreach.context.apiCall
- .spec.rules.validate.foreach.context.apiCall
- .spec.rules.validate.podSecurity.version
- .status.autogen.rules.context.apiCall
- .status.autogen.rules.mutate.foreach.context.apiCall
- .status.autogen.rules.validate.foreach.context.apiCall
- .status.autogen.rules.validate.podSecurity.version
Kyverno v1.9.5
Kyverno v1.9.4
Kyverno v1.9.3
Kyverno v1.9.2
Kyverno v1.9.1
Kyverno v1.9.0
+23~8
23 properties have been added on this version
- .spec.rules.mutate.foreach.foreach
- .spec.rules.validate.foreach.foreach
- .spec.rules.validate.manifests.attestors.entries.keys.kms
- .spec.rules.validate.manifests.attestors.entries.keys.secret
- .spec.rules.validate.manifests.attestors.entries.keys.signatureAlgorithm
- .spec.rules.verifyImages.attestations.attestors.entries.keys.kms
- .spec.rules.verifyImages.attestations.attestors.entries.keys.secret
- .spec.rules.verifyImages.attestations.attestors.entries.keys.signatureAlgorithm
- .spec.rules.verifyImages.attestors.entries.keys.kms
- .spec.rules.verifyImages.attestors.entries.keys.secret
- .spec.rules.verifyImages.attestors.entries.keys.signatureAlgorithm
- .status.autogen.rules.mutate.foreach.foreach
- .status.autogen.rules.validate.foreach.foreach
- .status.autogen.rules.validate.manifests.attestors.entries.keys.kms
- .status.autogen.rules.validate.manifests.attestors.entries.keys.secret
- .status.autogen.rules.validate.manifests.attestors.entries.keys.signatureAlgorithm
- .status.autogen.rules.verifyImages.attestations.attestors.entries.keys.kms
- .status.autogen.rules.verifyImages.attestations.attestors.entries.keys.secret
- .status.autogen.rules.verifyImages.attestations.attestors.entries.keys.signatureAlgorithm
- .status.autogen.rules.verifyImages.attestors.entries.keys.kms
- .status.autogen.rules.verifyImages.attestors.entries.keys.secret
- .status.autogen.rules.verifyImages.attestors.entries.keys.signatureAlgorithm
- .status.rulecount
8 properties have changed the description
- .spec.failurePolicy
- .spec.rules.validate.manifests.attestors.entries.keys.publicKeys
- .spec.rules.verifyImages.attestations.attestors.entries.keys.publicKeys
- .spec.rules.verifyImages.attestors.entries.keys.publicKeys
- .spec.validationFailureAction
- .status.autogen.rules.validate.manifests.attestors.entries.keys.publicKeys
- .status.autogen.rules.verifyImages.attestations.attestors.entries.keys.publicKeys
- .status.autogen.rules.verifyImages.attestors.entries.keys.publicKeys
Kyverno v1.8.5
Kyverno v1.8.4
Kyverno v1.8.3
+2
2 properties have been added on this version
- .spec.rules.verifyImages.attestations.attestors
- .status.autogen.rules.verifyImages.attestations.attestors
Kyverno v1.8.2
~1
1 property has changed the description
- .spec.schemaValidation
Kyverno v1.8.1
Kyverno v1.8.0
+5~3
5 properties have been added on this version
- .spec.applyRules
- .spec.rules.generate.cloneList
- .spec.rules.validate.manifests
- .spec.rules.validate.podSecurity
- .status.autogen
3 properties have changed the description
- .spec.failurePolicy
- .spec.generateExistingOnPolicyUpdate
- .spec.validationFailureAction
Kyverno v1.7.5
Kyverno v1.7.4
Kyverno v1.7.3
Kyverno v1.7.2
Kyverno v1.7.1
Kyverno v1.7.0
+14~24
14 properties have been added on this version
- .spec.generateExistingOnPolicyUpdate
- .spec.mutateExistingOnPolicyUpdate
- .spec.rules.context.variable
- .spec.rules.imageExtractors
- .spec.rules.mutate.foreach.context.variable
- .spec.rules.mutate.targets
- .spec.rules.validate.foreach.context.variable
- .spec.rules.verifyImages.additionalExtensions
- .spec.rules.verifyImages.attestors
- .spec.rules.verifyImages.imageReferences
- .spec.rules.verifyImages.mutateDigest
- .spec.rules.verifyImages.required
- .spec.rules.verifyImages.verifyDigest
- .status.conditions
24 properties have changed the description
- .spec.rules.exclude.all.resources.name
- .spec.rules.exclude.all.resources.names
- .spec.rules.exclude.any.resources.name
- .spec.rules.exclude.any.resources.names
- .spec.rules.exclude.resources
- .spec.rules.match.all.resources.name
- .spec.rules.match.all.resources.names
- .spec.rules.match.any.resources.name
- .spec.rules.match.any.resources.names
- .spec.rules.match.resources.name
- .spec.rules.match.resources.names
- .spec.rules.mutate.foreach
- .spec.rules.validate.foreach
- .spec.rules.verifyImages.annotations
- .spec.rules.verifyImages.attestations.conditions.all.value
- .spec.rules.verifyImages.attestations.conditions.any.value
- .spec.rules.verifyImages.image
- .spec.rules.verifyImages.issuer
- .spec.rules.verifyImages.key
- .spec.rules.verifyImages.repository
- .spec.rules.verifyImages.roots
- .spec.rules.verifyImages.subject
- .spec.validationFailureActionOverrides
- .status.ready
Kyverno v1.6.10
Kyverno v1.6.3
Kyverno v1.6.2
Kyverno v1.6.1
Kyverno v1.6.0
+10-2~4
10 properties have been added on this version
- .spec.rules.context.imageRegistry
- .spec.rules.mutate.foreach.context.imageRegistry
- .spec.rules.mutate.foreach.patchesJson6902
- .spec.rules.validate.foreach.context.imageRegistry
- .spec.rules.validate.foreach.elementScope
- .spec.rules.verifyImages.annotations
- .spec.rules.verifyImages.issuer
- .spec.rules.verifyImages.roots
- .spec.rules.verifyImages.subject
- .spec.validationFailureActionOverrides
2 properties have been removed on this version
- .spec.rules.mutate.overlay
- .spec.rules.mutate.patches
4 properties have changed the description
- .spec.rules.mutate.foreach
- .spec.rules.validate.foreach.preconditions
- .spec.rules.verifyImages.attestations.conditions.all.operator
- .spec.rules.verifyImages.attestations.conditions.any.operator
Kyverno v1.5.8
Kyverno v1.5.7
Kyverno v1.5.6
Kyverno v1.5.5
Kyverno v1.5.4
Kyverno v1.5.3
Kyverno v1.5.2
Kyverno v1.5.1
Kyverno v1.5.0
+7-8~3
7 properties have been added on this version
- .spec.failurePolicy
- .spec.rules.mutate.foreach
- .spec.rules.validate.foreach
- .spec.rules.verifyImages.attestations
- .spec.rules.verifyImages.repository
- .spec.webhookTimeoutSeconds
- .status.ready
8 properties have been removed on this version
- .status.averageExecutionTime
- .status.resourcesBlockedCount
- .status.resourcesGeneratedCount
- .status.resourcesMutatedCount
- .status.ruleStatus
- .status.rulesAppliedCount
- .status.rulesFailedCount
- .status.violationCount
3 properties have changed the description
- .spec.rules.exclude.resources
- .spec.rules.match.resources
- .spec.rules.verifyImages.key
Kyverno v1.4.3
+1
1 property has been added on this version
- .spec.schemaValidation
Kyverno v1.4.2
+7~2
7 properties have been added on this version
- .spec.rules.exclude.all
- .spec.rules.exclude.any
- .spec.rules.exclude.resources.names
- .spec.rules.match.all
- .spec.rules.match.any
- .spec.rules.match.resources.names
- .spec.rules.verifyImages
2 properties have changed the description
- .spec.rules.preconditions
- .spec.rules.validate.deny
Kyverno v1.4.1
Kyverno v1.4.0
Kyverno v1.3.6
Kyverno v1.3.5
Kyverno v1.3.4
-6~4
6 properties have been removed on this version
- .spec.rules.preconditions.key
- .spec.rules.preconditions.operator
- .spec.rules.preconditions.value
- .spec.rules.validate.deny.conditions.key
- .spec.rules.validate.deny.conditions.operator
- .spec.rules.validate.deny.conditions.value
4 properties have changed the description
- .spec.rules.exclude.resources.namespaceSelector
- .spec.rules.match.resources
- .spec.rules.preconditions
- .spec.rules.validate.deny.conditions
Kyverno v1.3.3
Kyverno v1.3.2
+3~2
3 properties have been added on this version
- .spec.rules.context.apiCall
- .spec.rules.exclude.resources.namespaceSelector
- .spec.rules.match.resources.namespaceSelector
2 properties have changed the description
- .spec.rules.context.configMap
- .spec.rules.context.name
Kyverno v1.3.1
Kyverno v1.3.0
ClusterPolicy was first seen on this version of Kyverno
Kyverno v1.2.1
Kyverno v1.2.0
Kyverno v1.1.12
Kyverno v1.1.11
Kyverno v1.1.10
Kyverno v1.1.9
Kyverno v1.1.8
We don't have any examples of ClusterPolicy yet 😕
But the good news is, you can help us by contributing examples on GitHub
No links for ClusterPolicy yet
You can help us by adding useful links on GitHub