kyverno.io/v2beta1
· Namespaced Resource
Policy
Policy declares validation, mutation, and generation behaviors for matching resources.
See: https://kyverno.io/docs/writing-policies/ for more information.
Click on Property Name to show the description, and Pink Types to expand schema.
Required properties are marked with *
Change History
Kyverno v1.13.4
Kyverno v1.13.3
Kyverno v1.13.2
Kyverno v1.13.1
+1
1 property has been added on this version
- .spec.emitWarning
Kyverno v1.13.0
+77~41
77 properties have been added on this version
- .spec.rules.context.apiCall.default
- .spec.rules.context.apiCall.service.headers
- .spec.rules.generate.foreach
- .spec.rules.generate.generateExisting
- .spec.rules.mutate.foreach.context.apiCall.default
- .spec.rules.mutate.foreach.context.apiCall.service.headers
- .spec.rules.mutate.mutateExistingOnPolicyUpdate
- .spec.rules.mutate.targets.context.apiCall.default
- .spec.rules.mutate.targets.context.apiCall.service.headers
- .spec.rules.mutate.targets.selector
- .spec.rules.validate.assert
- .spec.rules.validate.failureAction
- .spec.rules.validate.failureActionOverrides
- .spec.rules.validate.foreach.context.apiCall.default
- .spec.rules.validate.foreach.context.apiCall.service.headers
- .spec.rules.validate.manifests.attestors.entries.certificates.ctlog.tsaCertChain
- .spec.rules.validate.manifests.attestors.entries.keyless.ctlog.tsaCertChain
- .spec.rules.validate.manifests.attestors.entries.keyless.issuerRegExp
- .spec.rules.validate.manifests.attestors.entries.keyless.subjectRegExp
- .spec.rules.validate.manifests.attestors.entries.keys.ctlog.tsaCertChain
- .spec.rules.validate.manifests.attestors.entries.signatureAlgorithm
- .spec.rules.verifyImages.attestations.attestors.entries.certificates.ctlog.tsaCertChain
- .spec.rules.verifyImages.attestations.attestors.entries.keyless.ctlog.tsaCertChain
- .spec.rules.verifyImages.attestations.attestors.entries.keyless.issuerRegExp
- .spec.rules.verifyImages.attestations.attestors.entries.keyless.subjectRegExp
- .spec.rules.verifyImages.attestations.attestors.entries.keys.ctlog.tsaCertChain
- .spec.rules.verifyImages.attestations.attestors.entries.signatureAlgorithm
- .spec.rules.verifyImages.attestations.name
- .spec.rules.verifyImages.attestors.entries.certificates.ctlog.tsaCertChain
- .spec.rules.verifyImages.attestors.entries.keyless.ctlog.tsaCertChain
- .spec.rules.verifyImages.attestors.entries.keyless.issuerRegExp
- .spec.rules.verifyImages.attestors.entries.keyless.subjectRegExp
- .spec.rules.verifyImages.attestors.entries.keys.ctlog.tsaCertChain
- .spec.rules.verifyImages.attestors.entries.signatureAlgorithm
- .spec.rules.verifyImages.failureAction
- .spec.rules.verifyImages.validate
- .spec.webhookConfiguration.failurePolicy
- .spec.webhookConfiguration.timeoutSeconds
- .status.autogen.rules.context.apiCall.default
- .status.autogen.rules.context.apiCall.service.headers
- .status.autogen.rules.generate.foreach
- .status.autogen.rules.generate.generateExisting
- .status.autogen.rules.mutate.foreach.context.apiCall.default
- .status.autogen.rules.mutate.foreach.context.apiCall.service.headers
- .status.autogen.rules.mutate.mutateExistingOnPolicyUpdate
- .status.autogen.rules.mutate.targets.context.apiCall.default
- .status.autogen.rules.mutate.targets.context.apiCall.service.headers
- .status.autogen.rules.mutate.targets.selector
- .status.autogen.rules.reportProperties
- .status.autogen.rules.validate.allowExistingViolations
- .status.autogen.rules.validate.assert
- .status.autogen.rules.validate.failureAction
- .status.autogen.rules.validate.failureActionOverrides
- .status.autogen.rules.validate.foreach.context.apiCall.default
- .status.autogen.rules.validate.foreach.context.apiCall.service.headers
- .status.autogen.rules.validate.manifests.attestors.entries.certificates.ctlog.tsaCertChain
- .status.autogen.rules.validate.manifests.attestors.entries.keyless.ctlog.tsaCertChain
- .status.autogen.rules.validate.manifests.attestors.entries.keyless.issuerRegExp
- .status.autogen.rules.validate.manifests.attestors.entries.keyless.subjectRegExp
- .status.autogen.rules.validate.manifests.attestors.entries.keys.ctlog.tsaCertChain
- .status.autogen.rules.validate.manifests.attestors.entries.signatureAlgorithm
- .status.autogen.rules.verifyImages.attestations.attestors.entries.certificates.ctlog.tsaCertChain
- .status.autogen.rules.verifyImages.attestations.attestors.entries.keyless.ctlog.tsaCertChain
- .status.autogen.rules.verifyImages.attestations.attestors.entries.keyless.issuerRegExp
- .status.autogen.rules.verifyImages.attestations.attestors.entries.keyless.subjectRegExp
- .status.autogen.rules.verifyImages.attestations.attestors.entries.keys.ctlog.tsaCertChain
- .status.autogen.rules.verifyImages.attestations.attestors.entries.signatureAlgorithm
- .status.autogen.rules.verifyImages.attestations.name
- .status.autogen.rules.verifyImages.attestors.entries.certificates.ctlog.tsaCertChain
- .status.autogen.rules.verifyImages.attestors.entries.keyless.ctlog.tsaCertChain
- .status.autogen.rules.verifyImages.attestors.entries.keyless.issuerRegExp
- .status.autogen.rules.verifyImages.attestors.entries.keyless.subjectRegExp
- .status.autogen.rules.verifyImages.attestors.entries.keys.ctlog.tsaCertChain
- .status.autogen.rules.verifyImages.attestors.entries.signatureAlgorithm
- .status.autogen.rules.verifyImages.cosignOCI11
- .status.autogen.rules.verifyImages.failureAction
- .status.autogen.rules.verifyImages.validate
41 properties have changed the description
- .spec.failurePolicy
- .spec.generateExisting
- .spec.mutateExistingOnPolicyUpdate
- .spec.rules.celPreconditions.expression
- .spec.rules.celPreconditions.name
- .spec.rules.context.apiCall.method
- .spec.rules.mutate.foreach.context.apiCall.method
- .spec.rules.mutate.targets.context.apiCall.method
- .spec.rules.validate.cel.auditAnnotations.key
- .spec.rules.validate.cel.auditAnnotations.valueExpression
- .spec.rules.validate.cel.expressions.expression
- .spec.rules.validate.cel.paramRef.name
- .spec.rules.validate.cel.paramRef.namespace
- .spec.rules.validate.cel.paramRef.parameterNotFoundAction
- .spec.rules.validate.cel.paramRef.selector
- .spec.rules.validate.foreach.context.apiCall.method
- .spec.rules.validate.manifests.attestors.entries.keys.signatureAlgorithm
- .spec.rules.verifyImages.attestations.attestors.entries.keys.signatureAlgorithm
- .spec.rules.verifyImages.attestors.entries.keys.signatureAlgorithm
- .spec.validationFailureAction
- .spec.validationFailureActionOverrides
- .spec.webhookConfiguration
- .spec.webhookTimeoutSeconds
- .status.autogen.rules.celPreconditions.expression
- .status.autogen.rules.celPreconditions.name
- .status.autogen.rules.context.apiCall.method
- .status.autogen.rules.mutate.foreach.context.apiCall.method
- .status.autogen.rules.mutate.targets.context.apiCall.method
- .status.autogen.rules.validate.cel.auditAnnotations.key
- .status.autogen.rules.validate.cel.auditAnnotations.valueExpression
- .status.autogen.rules.validate.cel.expressions.expression
- .status.autogen.rules.validate.cel.paramRef.name
- .status.autogen.rules.validate.cel.paramRef.namespace
- .status.autogen.rules.validate.cel.paramRef.parameterNotFoundAction
- .status.autogen.rules.validate.cel.paramRef.selector
- .status.autogen.rules.validate.foreach.context.apiCall.method
- .status.autogen.rules.validate.manifests.attestors.entries.keys.signatureAlgorithm
- .status.autogen.rules.verifyImages.attestations.attestors.entries.keys.signatureAlgorithm
- .status.autogen.rules.verifyImages.attestors.entries.keys.signatureAlgorithm
- .status.autogen.rules.verifyImages.type
- .status.conditions.type
Kyverno v1.12.7
Kyverno v1.12.6
Kyverno v1.12.5
Kyverno v1.12.4
Kyverno v1.12.3
Kyverno v1.12.2
Kyverno v1.12.1
~94
94 properties have changed the description
- .apiVersion
- .kind
- .spec.admission
- .spec.applyRules
- .spec.background
- .spec.failurePolicy
- .spec.generateExisting
- .spec.mutateExistingOnPolicyUpdate
- .spec.rules
- .spec.useServerSideApply
- .spec.validationFailureAction
- .spec.validationFailureActionOverrides
- .spec.webhookConfiguration
- .spec.webhookTimeoutSeconds
- .status.autogen.rules.celPreconditions
- .status.autogen.rules.context.apiCall
- .status.autogen.rules.context.globalReference.jmesPath
- .status.autogen.rules.context.imageRegistry
- .status.autogen.rules.context.variable.default
- .status.autogen.rules.context.variable.jmesPath
- .status.autogen.rules.exclude
- .status.autogen.rules.generate.clone
- .status.autogen.rules.generate.cloneList.selector
- .status.autogen.rules.generate.data
- .status.autogen.rules.generate.orphanDownstreamOnPolicyDelete
- .status.autogen.rules.generate.synchronize
- .status.autogen.rules.imageExtractors
- .status.autogen.rules.match
- .status.autogen.rules.mutate.foreach.context.apiCall
- .status.autogen.rules.mutate.foreach.context.globalReference.jmesPath
- .status.autogen.rules.mutate.foreach.context.imageRegistry
- .status.autogen.rules.mutate.foreach.context.variable.default
- .status.autogen.rules.mutate.foreach.context.variable.jmesPath
- .status.autogen.rules.mutate.foreach.list
- .status.autogen.rules.mutate.foreach.order
- .status.autogen.rules.mutate.foreach.patchStrategicMerge
- .status.autogen.rules.mutate.foreach.patchesJson6902
- .status.autogen.rules.mutate.foreach.preconditions
- .status.autogen.rules.mutate.patchStrategicMerge
- .status.autogen.rules.mutate.patchesJson6902
- .status.autogen.rules.mutate.targets.context.apiCall
- .status.autogen.rules.mutate.targets.context.globalReference.jmesPath
- .status.autogen.rules.mutate.targets.context.imageRegistry
- .status.autogen.rules.mutate.targets.context.variable.default
- .status.autogen.rules.mutate.targets.context.variable.jmesPath
- .status.autogen.rules.mutate.targets.preconditions
- .status.autogen.rules.preconditions
- .status.autogen.rules.skipBackgroundRequests
- .status.autogen.rules.validate.anyPattern
- .status.autogen.rules.validate.cel.auditAnnotations.key
- .status.autogen.rules.validate.cel.auditAnnotations.valueExpression
- .status.autogen.rules.validate.cel.expressions.expression
- .status.autogen.rules.validate.cel.expressions.message
- .status.autogen.rules.validate.cel.expressions.messageExpression
- .status.autogen.rules.validate.cel.expressions.reason
- .status.autogen.rules.validate.cel.paramKind.apiVersion
- .status.autogen.rules.validate.cel.paramKind.kind
- .status.autogen.rules.validate.cel.paramRef.name
- .status.autogen.rules.validate.cel.paramRef.namespace
- .status.autogen.rules.validate.cel.paramRef.parameterNotFoundAction
- .status.autogen.rules.validate.cel.paramRef.selector
- .status.autogen.rules.validate.cel.variables
- .status.autogen.rules.validate.deny.conditions
- .status.autogen.rules.validate.foreach.anyPattern
- .status.autogen.rules.validate.foreach.context.apiCall
- .status.autogen.rules.validate.foreach.context.globalReference.jmesPath
- .status.autogen.rules.validate.foreach.context.imageRegistry
- .status.autogen.rules.validate.foreach.context.variable.default
- .status.autogen.rules.validate.foreach.context.variable.jmesPath
- .status.autogen.rules.validate.foreach.deny.conditions
- .status.autogen.rules.validate.foreach.elementScope
- .status.autogen.rules.validate.foreach.list
- .status.autogen.rules.validate.foreach.preconditions
- .status.autogen.rules.validate.manifests.attestors.count
- .status.autogen.rules.validate.manifests.attestors.entries
- .status.autogen.rules.validate.manifests.repository
- .status.autogen.rules.validate.podSecurity
- .status.autogen.rules.verifyImages.attestations
- .status.autogen.rules.verifyImages.attestors.count
- .status.autogen.rules.verifyImages.attestors.entries
- .status.autogen.rules.verifyImages.imageReferences
- .status.autogen.rules.verifyImages.imageRegistryCredentials.providers
- .status.autogen.rules.verifyImages.imageRegistryCredentials.secrets
- .status.autogen.rules.verifyImages.mutateDigest
- .status.autogen.rules.verifyImages.repository
- .status.autogen.rules.verifyImages.skipImageReferences
- .status.autogen.rules.verifyImages.type
- .status.conditions.lastTransitionTime
- .status.conditions.message
- .status.conditions.observedGeneration
- .status.conditions.reason
- .status.conditions.type
- .status.rulecount
- .status.validatingadmissionpolicy.message
Kyverno v1.12.0
+17~88
17 properties have been added on this version
- .spec.rules.context.globalReference
- .spec.rules.generate.orphanDownstreamOnPolicyDelete
- .spec.rules.mutate.foreach.context.globalReference
- .spec.rules.mutate.targets.context.globalReference
- .spec.rules.validate.foreach.context.globalReference
- .spec.rules.validate.podSecurity.exclude.restrictedField
- .spec.rules.validate.podSecurity.exclude.values
- .spec.rules.verifyImages.skipImageReferences
- .spec.webhookConfiguration
- .status.autogen.rules.context.globalReference
- .status.autogen.rules.generate.orphanDownstreamOnPolicyDelete
- .status.autogen.rules.mutate.foreach.context.globalReference
- .status.autogen.rules.mutate.targets.context.globalReference
- .status.autogen.rules.validate.foreach.context.globalReference
- .status.autogen.rules.validate.podSecurity.exclude.restrictedField
- .status.autogen.rules.validate.podSecurity.exclude.values
- .status.autogen.rules.verifyImages.skipImageReferences
88 properties have changed the description
- .apiVersion
- .kind
- .spec.admission
- .spec.applyRules
- .spec.background
- .spec.failurePolicy
- .spec.generateExisting
- .spec.mutateExistingOnPolicyUpdate
- .spec.rules
- .spec.schemaValidation
- .spec.useServerSideApply
- .spec.validationFailureAction
- .spec.validationFailureActionOverrides
- .spec.webhookTimeoutSeconds
- .status.autogen.rules.celPreconditions
- .status.autogen.rules.context.apiCall
- .status.autogen.rules.context.imageRegistry
- .status.autogen.rules.context.variable.default
- .status.autogen.rules.context.variable.jmesPath
- .status.autogen.rules.exclude
- .status.autogen.rules.generate.clone
- .status.autogen.rules.generate.cloneList.selector
- .status.autogen.rules.generate.data
- .status.autogen.rules.generate.synchronize
- .status.autogen.rules.imageExtractors
- .status.autogen.rules.match
- .status.autogen.rules.mutate.foreach.context.apiCall
- .status.autogen.rules.mutate.foreach.context.imageRegistry
- .status.autogen.rules.mutate.foreach.context.variable.default
- .status.autogen.rules.mutate.foreach.context.variable.jmesPath
- .status.autogen.rules.mutate.foreach.list
- .status.autogen.rules.mutate.foreach.order
- .status.autogen.rules.mutate.foreach.patchStrategicMerge
- .status.autogen.rules.mutate.foreach.patchesJson6902
- .status.autogen.rules.mutate.foreach.preconditions
- .status.autogen.rules.mutate.patchStrategicMerge
- .status.autogen.rules.mutate.patchesJson6902
- .status.autogen.rules.mutate.targets.context.apiCall
- .status.autogen.rules.mutate.targets.context.imageRegistry
- .status.autogen.rules.mutate.targets.context.variable.default
- .status.autogen.rules.mutate.targets.context.variable.jmesPath
- .status.autogen.rules.mutate.targets.preconditions
- .status.autogen.rules.preconditions
- .status.autogen.rules.skipBackgroundRequests
- .status.autogen.rules.validate.anyPattern
- .status.autogen.rules.validate.cel.auditAnnotations.key
- .status.autogen.rules.validate.cel.auditAnnotations.valueExpression
- .status.autogen.rules.validate.cel.expressions.expression
- .status.autogen.rules.validate.cel.expressions.message
- .status.autogen.rules.validate.cel.expressions.messageExpression
- .status.autogen.rules.validate.cel.expressions.reason
- .status.autogen.rules.validate.cel.paramKind.apiVersion
- .status.autogen.rules.validate.cel.paramKind.kind
- .status.autogen.rules.validate.cel.paramRef.name
- .status.autogen.rules.validate.cel.paramRef.namespace
- .status.autogen.rules.validate.cel.paramRef.parameterNotFoundAction
- .status.autogen.rules.validate.cel.paramRef.selector
- .status.autogen.rules.validate.cel.variables
- .status.autogen.rules.validate.deny.conditions
- .status.autogen.rules.validate.foreach.anyPattern
- .status.autogen.rules.validate.foreach.context.apiCall
- .status.autogen.rules.validate.foreach.context.imageRegistry
- .status.autogen.rules.validate.foreach.context.variable.default
- .status.autogen.rules.validate.foreach.context.variable.jmesPath
- .status.autogen.rules.validate.foreach.deny.conditions
- .status.autogen.rules.validate.foreach.elementScope
- .status.autogen.rules.validate.foreach.list
- .status.autogen.rules.validate.foreach.preconditions
- .status.autogen.rules.validate.manifests.attestors.count
- .status.autogen.rules.validate.manifests.attestors.entries
- .status.autogen.rules.validate.manifests.repository
- .status.autogen.rules.validate.podSecurity
- .status.autogen.rules.verifyImages.attestations
- .status.autogen.rules.verifyImages.attestors.count
- .status.autogen.rules.verifyImages.attestors.entries
- .status.autogen.rules.verifyImages.imageReferences
- .status.autogen.rules.verifyImages.imageRegistryCredentials.providers
- .status.autogen.rules.verifyImages.imageRegistryCredentials.secrets
- .status.autogen.rules.verifyImages.mutateDigest
- .status.autogen.rules.verifyImages.repository
- .status.autogen.rules.verifyImages.type
- .status.conditions.lastTransitionTime
- .status.conditions.message
- .status.conditions.observedGeneration
- .status.conditions.reason
- .status.conditions.type
- .status.rulecount
- .status.validatingadmissionpolicy.message
Kyverno v1.11.5
~88
88 properties have changed the description
- .apiVersion
- .kind
- .spec.admission
- .spec.applyRules
- .spec.background
- .spec.failurePolicy
- .spec.generateExisting
- .spec.mutateExistingOnPolicyUpdate
- .spec.rules
- .spec.schemaValidation
- .spec.useServerSideApply
- .spec.validationFailureAction
- .spec.validationFailureActionOverrides
- .spec.webhookTimeoutSeconds
- .status.autogen.rules.celPreconditions
- .status.autogen.rules.context.apiCall
- .status.autogen.rules.context.imageRegistry
- .status.autogen.rules.context.variable.default
- .status.autogen.rules.context.variable.jmesPath
- .status.autogen.rules.exclude
- .status.autogen.rules.generate.clone
- .status.autogen.rules.generate.cloneList.selector
- .status.autogen.rules.generate.data
- .status.autogen.rules.generate.synchronize
- .status.autogen.rules.imageExtractors
- .status.autogen.rules.match
- .status.autogen.rules.mutate.foreach.context.apiCall
- .status.autogen.rules.mutate.foreach.context.imageRegistry
- .status.autogen.rules.mutate.foreach.context.variable.default
- .status.autogen.rules.mutate.foreach.context.variable.jmesPath
- .status.autogen.rules.mutate.foreach.list
- .status.autogen.rules.mutate.foreach.order
- .status.autogen.rules.mutate.foreach.patchStrategicMerge
- .status.autogen.rules.mutate.foreach.patchesJson6902
- .status.autogen.rules.mutate.foreach.preconditions
- .status.autogen.rules.mutate.patchStrategicMerge
- .status.autogen.rules.mutate.patchesJson6902
- .status.autogen.rules.mutate.targets.context.apiCall
- .status.autogen.rules.mutate.targets.context.imageRegistry
- .status.autogen.rules.mutate.targets.context.variable.default
- .status.autogen.rules.mutate.targets.context.variable.jmesPath
- .status.autogen.rules.mutate.targets.preconditions
- .status.autogen.rules.preconditions
- .status.autogen.rules.skipBackgroundRequests
- .status.autogen.rules.validate.anyPattern
- .status.autogen.rules.validate.cel.auditAnnotations.key
- .status.autogen.rules.validate.cel.auditAnnotations.valueExpression
- .status.autogen.rules.validate.cel.expressions.expression
- .status.autogen.rules.validate.cel.expressions.message
- .status.autogen.rules.validate.cel.expressions.messageExpression
- .status.autogen.rules.validate.cel.expressions.reason
- .status.autogen.rules.validate.cel.paramKind.apiVersion
- .status.autogen.rules.validate.cel.paramKind.kind
- .status.autogen.rules.validate.cel.paramRef.name
- .status.autogen.rules.validate.cel.paramRef.namespace
- .status.autogen.rules.validate.cel.paramRef.parameterNotFoundAction
- .status.autogen.rules.validate.cel.paramRef.selector
- .status.autogen.rules.validate.cel.variables
- .status.autogen.rules.validate.deny.conditions
- .status.autogen.rules.validate.foreach.anyPattern
- .status.autogen.rules.validate.foreach.context.apiCall
- .status.autogen.rules.validate.foreach.context.imageRegistry
- .status.autogen.rules.validate.foreach.context.variable.default
- .status.autogen.rules.validate.foreach.context.variable.jmesPath
- .status.autogen.rules.validate.foreach.deny.conditions
- .status.autogen.rules.validate.foreach.elementScope
- .status.autogen.rules.validate.foreach.list
- .status.autogen.rules.validate.foreach.preconditions
- .status.autogen.rules.validate.manifests.attestors.count
- .status.autogen.rules.validate.manifests.attestors.entries
- .status.autogen.rules.validate.manifests.repository
- .status.autogen.rules.validate.podSecurity
- .status.autogen.rules.verifyImages.attestations
- .status.autogen.rules.verifyImages.attestors.count
- .status.autogen.rules.verifyImages.attestors.entries
- .status.autogen.rules.verifyImages.imageReferences
- .status.autogen.rules.verifyImages.imageRegistryCredentials.providers
- .status.autogen.rules.verifyImages.imageRegistryCredentials.secrets
- .status.autogen.rules.verifyImages.mutateDigest
- .status.autogen.rules.verifyImages.repository
- .status.autogen.rules.verifyImages.type
- .status.conditions.lastTransitionTime
- .status.conditions.message
- .status.conditions.observedGeneration
- .status.conditions.reason
- .status.conditions.type
- .status.rulecount
- .status.validatingadmissionpolicy.message
Kyverno v1.11.4
Kyverno v1.11.3
Kyverno v1.11.2
+2~6
2 properties have been added on this version
- .spec.rules.skipBackgroundRequests
- .status.autogen.rules.skipBackgroundRequests
6 properties have changed the description
- .spec.rules.validate.manifests.attestors.entries.keys.signatureAlgorithm
- .spec.rules.verifyImages.attestations.attestors.entries.keys.signatureAlgorithm
- .spec.rules.verifyImages.attestors.entries.keys.signatureAlgorithm
- .status.autogen.rules.validate.manifests.attestors.entries.keys.signatureAlgorithm
- .status.autogen.rules.verifyImages.attestations.attestors.entries.keys.signatureAlgorithm
- .status.autogen.rules.verifyImages.attestors.entries.keys.signatureAlgorithm
Kyverno v1.11.1
Kyverno v1.11.0
+79~18
79 properties have been added on this version
- .spec.admission
- .spec.rules.celPreconditions
- .spec.rules.context.imageRegistry.imageRegistryCredentials
- .spec.rules.generate.uid
- .spec.rules.mutate.foreach.context.imageRegistry.imageRegistryCredentials
- .spec.rules.mutate.targets.context.imageRegistry.imageRegistryCredentials
- .spec.rules.mutate.targets.uid
- .spec.rules.validate.cel
- .spec.rules.validate.foreach.context.imageRegistry.imageRegistryCredentials
- .spec.rules.validate.manifests.attestors.entries.certificates.ctlog
- .spec.rules.validate.manifests.attestors.entries.certificates.rekor.ignoreTlog
- .spec.rules.validate.manifests.attestors.entries.certificates.rekor.pubkey
- .spec.rules.validate.manifests.attestors.entries.keyless.ctlog
- .spec.rules.validate.manifests.attestors.entries.keyless.rekor.ignoreTlog
- .spec.rules.validate.manifests.attestors.entries.keyless.rekor.pubkey
- .spec.rules.validate.manifests.attestors.entries.keys.ctlog
- .spec.rules.validate.manifests.attestors.entries.keys.rekor.ignoreTlog
- .spec.rules.validate.manifests.attestors.entries.keys.rekor.pubkey
- .spec.rules.verifyImages.attestations.attestors.entries.certificates.ctlog
- .spec.rules.verifyImages.attestations.attestors.entries.certificates.rekor.ignoreTlog
- .spec.rules.verifyImages.attestations.attestors.entries.certificates.rekor.pubkey
- .spec.rules.verifyImages.attestations.attestors.entries.keyless.ctlog
- .spec.rules.verifyImages.attestations.attestors.entries.keyless.rekor.ignoreTlog
- .spec.rules.verifyImages.attestations.attestors.entries.keyless.rekor.pubkey
- .spec.rules.verifyImages.attestations.attestors.entries.keys.ctlog
- .spec.rules.verifyImages.attestations.attestors.entries.keys.rekor.ignoreTlog
- .spec.rules.verifyImages.attestations.attestors.entries.keys.rekor.pubkey
- .spec.rules.verifyImages.attestations.type
- .spec.rules.verifyImages.attestors.entries.certificates.ctlog
- .spec.rules.verifyImages.attestors.entries.certificates.rekor.ignoreTlog
- .spec.rules.verifyImages.attestors.entries.certificates.rekor.pubkey
- .spec.rules.verifyImages.attestors.entries.keyless.ctlog
- .spec.rules.verifyImages.attestors.entries.keyless.rekor.ignoreTlog
- .spec.rules.verifyImages.attestors.entries.keyless.rekor.pubkey
- .spec.rules.verifyImages.attestors.entries.keys.ctlog
- .spec.rules.verifyImages.attestors.entries.keys.rekor.ignoreTlog
- .spec.rules.verifyImages.attestors.entries.keys.rekor.pubkey
- .spec.rules.verifyImages.imageRegistryCredentials
- .spec.rules.verifyImages.useCache
- .spec.useServerSideApply
- .status.autogen.rules.celPreconditions
- .status.autogen.rules.context.imageRegistry.imageRegistryCredentials
- .status.autogen.rules.generate.uid
- .status.autogen.rules.mutate.foreach.context.imageRegistry.imageRegistryCredentials
- .status.autogen.rules.mutate.targets.context.imageRegistry.imageRegistryCredentials
- .status.autogen.rules.mutate.targets.uid
- .status.autogen.rules.validate.cel
- .status.autogen.rules.validate.foreach.context.imageRegistry.imageRegistryCredentials
- .status.autogen.rules.validate.manifests.attestors.entries.certificates.ctlog
- .status.autogen.rules.validate.manifests.attestors.entries.certificates.rekor.ignoreTlog
- .status.autogen.rules.validate.manifests.attestors.entries.certificates.rekor.pubkey
- .status.autogen.rules.validate.manifests.attestors.entries.keyless.ctlog
- .status.autogen.rules.validate.manifests.attestors.entries.keyless.rekor.ignoreTlog
- .status.autogen.rules.validate.manifests.attestors.entries.keyless.rekor.pubkey
- .status.autogen.rules.validate.manifests.attestors.entries.keys.ctlog
- .status.autogen.rules.validate.manifests.attestors.entries.keys.rekor.ignoreTlog
- .status.autogen.rules.validate.manifests.attestors.entries.keys.rekor.pubkey
- .status.autogen.rules.verifyImages.attestations.attestors.entries.certificates.ctlog
- .status.autogen.rules.verifyImages.attestations.attestors.entries.certificates.rekor.ignoreTlog
- .status.autogen.rules.verifyImages.attestations.attestors.entries.certificates.rekor.pubkey
- .status.autogen.rules.verifyImages.attestations.attestors.entries.keyless.ctlog
- .status.autogen.rules.verifyImages.attestations.attestors.entries.keyless.rekor.ignoreTlog
- .status.autogen.rules.verifyImages.attestations.attestors.entries.keyless.rekor.pubkey
- .status.autogen.rules.verifyImages.attestations.attestors.entries.keys.ctlog
- .status.autogen.rules.verifyImages.attestations.attestors.entries.keys.rekor.ignoreTlog
- .status.autogen.rules.verifyImages.attestations.attestors.entries.keys.rekor.pubkey
- .status.autogen.rules.verifyImages.attestations.type
- .status.autogen.rules.verifyImages.attestors.entries.certificates.ctlog
- .status.autogen.rules.verifyImages.attestors.entries.certificates.rekor.ignoreTlog
- .status.autogen.rules.verifyImages.attestors.entries.certificates.rekor.pubkey
- .status.autogen.rules.verifyImages.attestors.entries.keyless.ctlog
- .status.autogen.rules.verifyImages.attestors.entries.keyless.rekor.ignoreTlog
- .status.autogen.rules.verifyImages.attestors.entries.keyless.rekor.pubkey
- .status.autogen.rules.verifyImages.attestors.entries.keys.ctlog
- .status.autogen.rules.verifyImages.attestors.entries.keys.rekor.ignoreTlog
- .status.autogen.rules.verifyImages.attestors.entries.keys.rekor.pubkey
- .status.autogen.rules.verifyImages.imageRegistryCredentials
- .status.autogen.rules.verifyImages.useCache
- .status.validatingadmissionpolicy
18 properties have changed the description
- .spec.rules.preconditions
- .spec.rules.validate.deny.conditions
- .spec.rules.validate.manifests.attestors.entries.attestor
- .spec.rules.validate.manifests.attestors.entries.certificates
- .spec.rules.validate.manifests.attestors.entries.keyless.rekor
- .spec.rules.validate.manifests.attestors.entries.keyless.subject
- .spec.rules.validate.manifests.attestors.entries.keys
- .spec.rules.verifyImages.attestations.attestors
- .spec.rules.verifyImages.attestations.predicateType
- .spec.rules.verifyImages.attestors.entries.attestor
- .spec.rules.verifyImages.attestors.entries.certificates
- .spec.rules.verifyImages.attestors.entries.keyless.rekor
- .spec.rules.verifyImages.attestors.entries.keyless.subject
- .spec.rules.verifyImages.attestors.entries.keys
- .status.autogen
- .status.conditions
- .status.ready
- .status.rulecount
Kyverno v1.10.7
Kyverno v1.10.6
Kyverno v1.10.5
Kyverno v1.10.4
Kyverno v1.10.3
Kyverno v1.10.2
Kyverno v1.10.1
Kyverno v1.10.0
+54~9
54 properties have been added on this version
- .spec.generateExisting
- .spec.rules.context.apiCall.data
- .spec.rules.context.apiCall.method
- .spec.rules.context.apiCall.service
- .spec.rules.exclude.all.resources.operations
- .spec.rules.exclude.any.resources.operations
- .spec.rules.match.all.resources.operations
- .spec.rules.match.any.resources.operations
- .spec.rules.mutate.foreach.context.apiCall.data
- .spec.rules.mutate.foreach.context.apiCall.method
- .spec.rules.mutate.foreach.context.apiCall.service
- .spec.rules.mutate.foreach.order
- .spec.rules.mutate.foreach.preconditions.all.message
- .spec.rules.mutate.foreach.preconditions.any.message
- .spec.rules.mutate.targets.context
- .spec.rules.mutate.targets.preconditions
- .spec.rules.preconditions.all.message
- .spec.rules.preconditions.any.message
- .spec.rules.validate.deny.conditions.all.message
- .spec.rules.validate.deny.conditions.any.message
- .spec.rules.validate.foreach.context.apiCall.data
- .spec.rules.validate.foreach.context.apiCall.method
- .spec.rules.validate.foreach.context.apiCall.service
- .spec.rules.validate.foreach.preconditions.all.message
- .spec.rules.validate.foreach.preconditions.any.message
- .spec.rules.verifyImages.attestations.conditions.all.message
- .spec.rules.verifyImages.attestations.conditions.any.message
- .spec.rules.verifyImages.type
- .spec.validationFailureActionOverrides.namespaceSelector
- .status.autogen.rules.context.apiCall.data
- .status.autogen.rules.context.apiCall.method
- .status.autogen.rules.context.apiCall.service
- .status.autogen.rules.exclude.all.resources.operations
- .status.autogen.rules.exclude.any.resources.operations
- .status.autogen.rules.exclude.resources.operations
- .status.autogen.rules.match.all.resources.operations
- .status.autogen.rules.match.any.resources.operations
- .status.autogen.rules.match.resources.operations
- .status.autogen.rules.mutate.foreach.context.apiCall.data
- .status.autogen.rules.mutate.foreach.context.apiCall.method
- .status.autogen.rules.mutate.foreach.context.apiCall.service
- .status.autogen.rules.mutate.foreach.order
- .status.autogen.rules.mutate.foreach.preconditions.all.message
- .status.autogen.rules.mutate.foreach.preconditions.any.message
- .status.autogen.rules.mutate.targets.context
- .status.autogen.rules.mutate.targets.preconditions
- .status.autogen.rules.validate.foreach.context.apiCall.data
- .status.autogen.rules.validate.foreach.context.apiCall.method
- .status.autogen.rules.validate.foreach.context.apiCall.service
- .status.autogen.rules.validate.foreach.preconditions.all.message
- .status.autogen.rules.validate.foreach.preconditions.any.message
- .status.autogen.rules.verifyImages.attestations.conditions.all.message
- .status.autogen.rules.verifyImages.attestations.conditions.any.message
- .status.autogen.rules.verifyImages.type
9 properties have changed the description
- .spec.generateExistingOnPolicyUpdate
- .spec.rules.context.apiCall
- .spec.rules.mutate.foreach.context.apiCall
- .spec.rules.validate.foreach.context.apiCall
- .spec.rules.validate.podSecurity.version
- .status.autogen.rules.context.apiCall
- .status.autogen.rules.mutate.foreach.context.apiCall
- .status.autogen.rules.validate.foreach.context.apiCall
- .status.autogen.rules.validate.podSecurity.version
Kyverno v1.9.5
Kyverno v1.9.4
Kyverno v1.9.3
Kyverno v1.9.2
Kyverno v1.9.1
Kyverno v1.9.0
+23~11
23 properties have been added on this version
- .spec.rules.mutate.foreach.foreach
- .spec.rules.validate.foreach.foreach
- .spec.rules.validate.manifests.attestors.entries.keys.kms
- .spec.rules.validate.manifests.attestors.entries.keys.secret
- .spec.rules.validate.manifests.attestors.entries.keys.signatureAlgorithm
- .spec.rules.verifyImages.attestations.attestors.entries.keys.kms
- .spec.rules.verifyImages.attestations.attestors.entries.keys.secret
- .spec.rules.verifyImages.attestations.attestors.entries.keys.signatureAlgorithm
- .spec.rules.verifyImages.attestors.entries.keys.kms
- .spec.rules.verifyImages.attestors.entries.keys.secret
- .spec.rules.verifyImages.attestors.entries.keys.signatureAlgorithm
- .status.autogen.rules.mutate.foreach.foreach
- .status.autogen.rules.validate.foreach.foreach
- .status.autogen.rules.validate.manifests.attestors.entries.keys.kms
- .status.autogen.rules.validate.manifests.attestors.entries.keys.secret
- .status.autogen.rules.validate.manifests.attestors.entries.keys.signatureAlgorithm
- .status.autogen.rules.verifyImages.attestations.attestors.entries.keys.kms
- .status.autogen.rules.verifyImages.attestations.attestors.entries.keys.secret
- .status.autogen.rules.verifyImages.attestations.attestors.entries.keys.signatureAlgorithm
- .status.autogen.rules.verifyImages.attestors.entries.keys.kms
- .status.autogen.rules.verifyImages.attestors.entries.keys.secret
- .status.autogen.rules.verifyImages.attestors.entries.keys.signatureAlgorithm
- .status.rulecount
11 properties have changed the description
- .spec.rules.preconditions.all
- .spec.rules.preconditions.any
- .spec.rules.validate.deny.conditions.all
- .spec.rules.validate.deny.conditions.any
- .spec.rules.validate.manifests.attestors.entries.keys.publicKeys
- .spec.rules.verifyImages.attestations.attestors.entries.keys.publicKeys
- .spec.rules.verifyImages.attestors.entries.keys.publicKeys
- .spec.validationFailureAction
- .status.autogen.rules.validate.manifests.attestors.entries.keys.publicKeys
- .status.autogen.rules.verifyImages.attestations.attestors.entries.keys.publicKeys
- .status.autogen.rules.verifyImages.attestors.entries.keys.publicKeys
Kyverno v1.8.5
Kyverno v1.8.4
Kyverno v1.8.3
+2
2 properties have been added on this version
- .spec.rules.verifyImages.attestations.attestors
- .status.autogen.rules.verifyImages.attestations.attestors
Kyverno v1.8.2
~1
1 property has changed the description
- .spec.schemaValidation
Kyverno v1.8.1
Kyverno v1.8.0
Policy was first seen on this version of Kyverno
Kyverno v1.7.5
Kyverno v1.7.4
Kyverno v1.7.3
Kyverno v1.7.2
Kyverno v1.7.1
Kyverno v1.7.0
Kyverno v1.6.10
Kyverno v1.6.3
Kyverno v1.6.2
Kyverno v1.6.1
Kyverno v1.6.0
Kyverno v1.5.8
Kyverno v1.5.7
Kyverno v1.5.6
Kyverno v1.5.5
Kyverno v1.5.4
Kyverno v1.5.3
Kyverno v1.5.2
Kyverno v1.5.1
Kyverno v1.5.0
Kyverno v1.4.3
Kyverno v1.4.2
Kyverno v1.4.1
Kyverno v1.4.0
Kyverno v1.3.6
Kyverno v1.3.5
Kyverno v1.3.4
Kyverno v1.3.3
Kyverno v1.3.2
Kyverno v1.3.1
Kyverno v1.3.0
Kyverno v1.2.1
Kyverno v1.2.0
Kyverno v1.1.12
Kyverno v1.1.11
Kyverno v1.1.10
Kyverno v1.1.9
Kyverno v1.1.8
We don't have any examples of Policy yet 😕
But the good news is, you can help us by contributing examples on GitHub
No links for Policy yet
You can help us by adding useful links on GitHub