admissionregistration.v1alpha1.mutatingAdmissionPolicyBindingSpec

"MutatingAdmissionPolicyBindingSpec is the specification of the MutatingAdmissionPolicyBinding."

Index

• fn withPolicyName(policyName)
• obj matchResources
  • fn withExcludeResourceRules(excludeResourceRules)
  • fn withExcludeResourceRulesMixin(excludeResourceRules)
  • fn withMatchPolicy(matchPolicy)
  • fn withResourceRules(resourceRules)
  • fn withResourceRulesMixin(resourceRules)
  • obj matchResources.namespaceSelector
    • fn withMatchExpressions(matchExpressions)
    • fn withMatchExpressionsMixin(matchExpressions)
    • fn withMatchLabels(matchLabels)
    • fn withMatchLabelsMixin(matchLabels)
  • obj matchResources.objectSelector
    • fn withMatchExpressions(matchExpressions)
    • fn withMatchExpressionsMixin(matchExpressions)
    • fn withMatchLabels(matchLabels)
    • fn withMatchLabelsMixin(matchLabels)
• obj paramRef
  • fn withName(name)
  • fn withNamespace(namespace)
  • fn withParameterNotFoundAction(parameterNotFoundAction)
  • obj paramRef.selector
    • fn withMatchExpressions(matchExpressions)
    • fn withMatchExpressionsMixin(matchExpressions)
    • fn withMatchLabels(matchLabels)
    • fn withMatchLabelsMixin(matchLabels)

Fields

fn withPolicyName

withPolicyName(policyName)

"policyName references a MutatingAdmissionPolicy name which the MutatingAdmissionPolicyBinding binds to. If the referenced resource does not exist, this binding is considered invalid and will be ignored Required."

obj matchResources

"MatchResources decides whether to run the admission control policy on an object based on whether it meets the match criteria. The exclude rules take precedence over include rules (if a resource matches both, it is excluded)"

fn matchResources.withExcludeResourceRules

withExcludeResourceRules(excludeResourceRules)

"ExcludeResourceRules describes what operations on what resources/subresources the ValidatingAdmissionPolicy should not care about. The exclude rules take precedence over include rules (if a resource matches both, it is excluded)"

fn matchResources.withExcludeResourceRulesMixin

withExcludeResourceRulesMixin(excludeResourceRules)

"ExcludeResourceRules describes what operations on what resources/subresources the ValidatingAdmissionPolicy should not care about. The exclude rules take precedence over include rules (if a resource matches both, it is excluded)"

Note: This function appends passed data to existing values

fn matchResources.withMatchPolicy

withMatchPolicy(matchPolicy)

"matchPolicy defines how the \"MatchResources\" list is used to match incoming requests. Allowed values are \"Exact\" or \"Equivalent\".\n\n- Exact: match a request only if it exactly matches a specified rule. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, but \"rules\" only included apiGroups:[\"apps\"], apiVersions:[\"v1\"], resources: [\"deployments\"], a request to apps/v1beta1 or extensions/v1beta1 would not be sent to the ValidatingAdmissionPolicy.\n\n- Equivalent: match a request if modifies a resource listed in rules, even via another API group or version. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, and \"rules\" only included apiGroups:[\"apps\"], apiVersions:[\"v1\"], resources: [\"deployments\"], a request to apps/v1beta1 or extensions/v1beta1 would be converted to apps/v1 and sent to the ValidatingAdmissionPolicy.\n\nDefaults to \"Equivalent\

fn matchResources.withResourceRules

withResourceRules(resourceRules)

"ResourceRules describes what operations on what resources/subresources the ValidatingAdmissionPolicy matches. The policy cares about an operation if it matches any Rule."

fn matchResources.withResourceRulesMixin

withResourceRulesMixin(resourceRules)

"ResourceRules describes what operations on what resources/subresources the ValidatingAdmissionPolicy matches. The policy cares about an operation if it matches any Rule."

Note: This function appends passed data to existing values

obj matchResources.namespaceSelector

"A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects."

fn matchResources.namespaceSelector.withMatchExpressions

withMatchExpressions(matchExpressions)

"matchExpressions is a list of label selector requirements. The requirements are ANDed."

fn matchResources.namespaceSelector.withMatchExpressionsMixin

withMatchExpressionsMixin(matchExpressions)

"matchExpressions is a list of label selector requirements. The requirements are ANDed."

Note: This function appends passed data to existing values

fn matchResources.namespaceSelector.withMatchLabels

withMatchLabels(matchLabels)

"matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed."

fn matchResources.namespaceSelector.withMatchLabelsMixin

withMatchLabelsMixin(matchLabels)

"matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed."

Note: This function appends passed data to existing values

obj matchResources.objectSelector

"A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects."

fn matchResources.objectSelector.withMatchExpressions

withMatchExpressions(matchExpressions)

"matchExpressions is a list of label selector requirements. The requirements are ANDed."

fn matchResources.objectSelector.withMatchExpressionsMixin

withMatchExpressionsMixin(matchExpressions)

"matchExpressions is a list of label selector requirements. The requirements are ANDed."

Note: This function appends passed data to existing values

fn matchResources.objectSelector.withMatchLabels

withMatchLabels(matchLabels)

"matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed."

fn matchResources.objectSelector.withMatchLabelsMixin

withMatchLabelsMixin(matchLabels)

"matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed."

Note: This function appends passed data to existing values

obj paramRef

"ParamRef describes how to locate the params to be used as input to expressions of rules applied by a policy binding."

fn paramRef.withName

withName(name)

"name is the name of the resource being referenced.\n\nname and selector are mutually exclusive properties. If one is set, the other must be unset."

fn paramRef.withNamespace

withNamespace(namespace)

"namespace is the namespace of the referenced resource. Allows limiting the search for params to a specific namespace. Applies to both name and selector fields.\n\nA per-namespace parameter may be used by specifying a namespace-scoped paramKind in the policy and leaving this field empty.\n\n- If paramKind is cluster-scoped, this field MUST be unset. Setting this field results in a configuration error.\n\n- If paramKind is namespace-scoped, the namespace of the object being evaluated for admission will be used when this field is left unset. Take care that if this is left empty the binding must not match any cluster-scoped resources, which will result in an error."

fn paramRef.withParameterNotFoundAction

withParameterNotFoundAction(parameterNotFoundAction)

"parameterNotFoundAction controls the behavior of the binding when the resource exists, and name or selector is valid, but there are no parameters matched by the binding. If the value is set to Allow, then no matched parameters will be treated as successful validation by the binding. If set to Deny, then no matched parameters will be subject to the failurePolicy of the policy.\n\nAllowed values are Allow or Deny Default to Deny"

obj paramRef.selector

"A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects."

fn paramRef.selector.withMatchExpressions

withMatchExpressions(matchExpressions)

"matchExpressions is a list of label selector requirements. The requirements are ANDed."

fn paramRef.selector.withMatchExpressionsMixin

withMatchExpressionsMixin(matchExpressions)

"matchExpressions is a list of label selector requirements. The requirements are ANDed."

Note: This function appends passed data to existing values

fn paramRef.selector.withMatchLabels

withMatchLabels(matchLabels)

"matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed."

fn paramRef.selector.withMatchLabelsMixin

withMatchLabelsMixin(matchLabels)

"matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed."

Note: This function appends passed data to existing values