Returns all the available global cluster policies
Returns all the available global cluster policies
Query Parameters
List global cluster policies owned by specified owner
Responses
- 200
- 401
- 403
- 500
A list of global cluster policies
- application/json
- Schema
- Example (from schema)
Schema
property name*stringproperty name*stringproperty name*stringproperty name*stringproperty name*stringproperty name*stringproperty name*stringproperty name*stringproperty name*stringproperty name*stringproperty name*stringproperty name*stringproperty name*stringproperty name*stringproperty name*stringproperty name*stringproperty name*stringproperty name*stringproperty name*stringproperty name*stringproperty name*stringproperty name*stringproperty name*stringproperty name*stringproperty name*stringproperty name*stringproperty name*stringproperty name*stringproperty name*stringproperty name*stringproperty name*string
items undefined[]
metadata
ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create.
annotations object
Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations
labels object
Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels
managedFields undefined[]
ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn't need to set or understand this field. A workflow can be the user's name, a controller's name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.
ownerReferences undefined[]
List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.
spec
ClusterPolicySpec defines the specification of a policy in a cluster or namespace
policy
Policy details
kuberbac
KubeRBAC holds the kubernetes rbac details
roleRef
RoleRef is a reference to the Role or ClusterRole within the target cluster - must exist if no rules are specified
rules undefined[]
Rules is rules Leave blank to specify only a binding is to be created
subjects undefined[]
Subjects / principles who the rules apply to - user - group - serviceaccount Note only a service account can specify the namespace
kyverno
Kyverno holds the spec for a kyverno policy
rules undefined[]
context undefined[]
apiCall
service
data undefined[]
configMap
imageRegistry
variable
exclude
all undefined[]
resources
annotations object
namespaceSelector
A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects.
matchExpressions undefined[]
matchExpressions is a list of label selector requirements. The requirements are ANDed.
matchLabels object
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
selector
A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects.
matchExpressions undefined[]
matchExpressions is a list of label selector requirements. The requirements are ANDed.
matchLabels object
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
subjects undefined[]
any undefined[]
resources
annotations object
namespaceSelector
A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects.
matchExpressions undefined[]
matchExpressions is a list of label selector requirements. The requirements are ANDed.
matchLabels object
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
selector
A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects.
matchExpressions undefined[]
matchExpressions is a list of label selector requirements. The requirements are ANDed.
matchLabels object
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
subjects undefined[]
resources
annotations object
namespaceSelector
A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects.
matchExpressions undefined[]
matchExpressions is a list of label selector requirements. The requirements are ANDed.
matchLabels object
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
selector
A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects.
matchExpressions undefined[]
matchExpressions is a list of label selector requirements. The requirements are ANDed.
matchLabels object
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
subjects undefined[]
generate
clone
cloneList
selector
A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects.
matchExpressions undefined[]
matchExpressions is a list of label selector requirements. The requirements are ANDed.
matchLabels object
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
imageExtractors object
items
match
all undefined[]
resources
annotations object
namespaceSelector
A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects.
matchExpressions undefined[]
matchExpressions is a list of label selector requirements. The requirements are ANDed.
matchLabels object
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
selector
A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects.
matchExpressions undefined[]
matchExpressions is a list of label selector requirements. The requirements are ANDed.
matchLabels object
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
subjects undefined[]
any undefined[]
resources
annotations object
namespaceSelector
A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects.
matchExpressions undefined[]
matchExpressions is a list of label selector requirements. The requirements are ANDed.
matchLabels object
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
selector
A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects.
matchExpressions undefined[]
matchExpressions is a list of label selector requirements. The requirements are ANDed.
matchLabels object
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
subjects undefined[]
resources
annotations object
namespaceSelector
A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects.
matchExpressions undefined[]
matchExpressions is a list of label selector requirements. The requirements are ANDed.
matchLabels object
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
selector
A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects.
matchExpressions undefined[]
matchExpressions is a list of label selector requirements. The requirements are ANDed.
matchLabels object
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
subjects undefined[]
mutate
foreach undefined[]
context undefined[]
apiCall
service
data undefined[]
configMap
imageRegistry
variable
preconditions
all undefined[]
any undefined[]
targets undefined[]
validate
deny
foreach undefined[]
context undefined[]
apiCall
service
data undefined[]
configMap
imageRegistry
variable
deny
preconditions
all undefined[]
any undefined[]
manifests
attestors undefined[]
entries undefined[]
annotations object
certificates
rekor
keyless
additionalExtensions object
rekor
keys
rekor
secret
dryRun
ignoreFields undefined[]
objects undefined[]
podSecurity
exclude undefined[]
verifyImages undefined[]
additionalExtensions object
annotations object
attestations undefined[]
attestors undefined[]
entries undefined[]
annotations object
certificates
rekor
keyless
additionalExtensions object
rekor
keys
rekor
secret
conditions undefined[]
all undefined[]
any undefined[]
attestors undefined[]
entries undefined[]
annotations object
certificates
rekor
keyless
additionalExtensions object
rekor
keys
rekor
secret
validationFailureActionOverrides undefined[]
target
Target contains targeting information for this cluster policy
cluster
A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects.
matchExpressions undefined[]
matchExpressions is a list of label selector requirements. The requirements are ANDed.
matchLabels object
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
namespace
A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects.
matchExpressions undefined[]
matchExpressions is a list of label selector requirements. The requirements are ANDed.
matchLabels object
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
status
ClusterPolicyStatus defines the status of a cluster policy
conditions undefined[]
lastReconcile
lastSuccess
obsoleteResources undefined[]
routing undefined[]
lastReconcile
target
metadata
ListMeta describes metadata that synthetic resources must have, including lists and various status objects. A resource may have only one of {ObjectMeta, ListMeta}.
{
"apiVersion": "string",
"items": [
{
"apiVersion": "string",
"kind": "string",
"metadata": {
"annotations": {},
"clusterName": "string",
"creationTimestamp": "string",
"deletionGracePeriodSeconds": 0,
"deletionTimestamp": "string",
"finalizers": [
"string"
],
"generateName": "string",
"generation": 0,
"labels": {},
"managedFields": [
{
"apiVersion": "string",
"fieldsType": "string",
"fieldsV1": "string",
"manager": "string",
"operation": "string",
"subresource": "string",
"time": "string"
}
],
"name": "string",
"namespace": "string",
"ownerReferences": [
{
"apiVersion": "string",
"blockOwnerDeletion": true,
"controller": true,
"kind": "string",
"name": "string",
"uid": "string"
}
],
"resourceVersion": "string",
"selfLink": "string",
"uid": "string"
},
"spec": {
"policy": {
"kuberbac": {
"clusterScoped": true,
"clusterScopedRoleOverride": true,
"roleBindingNameOverride": "string",
"roleNameOverride": "string",
"roleRef": {
"apiGroup": "string",
"kind": "string",
"name": "string"
},
"rules": [
{
"apiGroups": [
"string"
],
"nonResourceURLs": [
"string"
],
"resourceNames": [
"string"
],
"resources": [
"string"
],
"verbs": [
"string"
]
}
],
"subjects": [
{
"apiGroup": "string",
"kind": "string",
"name": "string",
"namespace": "string"
}
]
},
"kyverno": {
"applyRules": "string",
"background": true,
"failurePolicy": "string",
"generateExistingOnPolicyUpdate": true,
"mutateExistingOnPolicyUpdate": true,
"rules": [
{
"context": [
{
"apiCall": {
"jmesPath": "string",
"service": {
"caBundle": "string",
"data": [
{
"key": "string",
"value": "string"
}
],
"requestType": "string",
"urlPath": "string"
},
"urlPath": "string"
},
"configMap": {
"name": "string",
"namespace": "string"
},
"imageRegistry": {
"jmesPath": "string",
"reference": "string"
},
"name": "string",
"variable": {
"default": "string",
"jmesPath": "string",
"value": "string"
}
}
],
"exclude": {
"all": [
{
"clusterRoles": [
"string"
],
"resources": {
"annotations": {},
"kinds": [
"string"
],
"name": "string",
"names": [
"string"
],
"namespaceSelector": {
"matchExpressions": [
{
"key": "string",
"operator": "string",
"values": [
"string"
]
}
],
"matchLabels": {}
},
"namespaces": [
"string"
],
"selector": {
"matchExpressions": [
{
"key": "string",
"operator": "string",
"values": [
"string"
]
}
],
"matchLabels": {}
}
},
"roles": [
"string"
],
"subjects": [
{
"apiGroup": "string",
"kind": "string",
"name": "string",
"namespace": "string"
}
]
}
],
"any": [
{
"clusterRoles": [
"string"
],
"resources": {
"annotations": {},
"kinds": [
"string"
],
"name": "string",
"names": [
"string"
],
"namespaceSelector": {
"matchExpressions": [
{
"key": "string",
"operator": "string",
"values": [
"string"
]
}
],
"matchLabels": {}
},
"namespaces": [
"string"
],
"selector": {
"matchExpressions": [
{
"key": "string",
"operator": "string",
"values": [
"string"
]
}
],
"matchLabels": {}
}
},
"roles": [
"string"
],
"subjects": [
{
"apiGroup": "string",
"kind": "string",
"name": "string",
"namespace": "string"
}
]
}
],
"clusterRoles": [
"string"
],
"resources": {
"annotations": {},
"kinds": [
"string"
],
"name": "string",
"names": [
"string"
],
"namespaceSelector": {
"matchExpressions": [
{
"key": "string",
"operator": "string",
"values": [
"string"
]
}
],
"matchLabels": {}
},
"namespaces": [
"string"
],
"selector": {
"matchExpressions": [
{
"key": "string",
"operator": "string",
"values": [
"string"
]
}
],
"matchLabels": {}
}
},
"roles": [
"string"
],
"subjects": [
{
"apiGroup": "string",
"kind": "string",
"name": "string",
"namespace": "string"
}
]
},
"generate": {
"apiVersion": "string",
"clone": {
"name": "string",
"namespace": "string"
},
"cloneList": {
"kinds": [
"string"
],
"namespace": "string",
"selector": {
"matchExpressions": [
{
"key": "string",
"operator": "string",
"values": [
"string"
]
}
],
"matchLabels": {}
}
},
"data": "string",
"kind": "string",
"name": "string",
"namespace": "string",
"synchronize": true
},
"imageExtractors": {},
"match": {
"all": [
{
"clusterRoles": [
"string"
],
"resources": {
"annotations": {},
"kinds": [
"string"
],
"name": "string",
"names": [
"string"
],
"namespaceSelector": {
"matchExpressions": [
{
"key": "string",
"operator": "string",
"values": [
"string"
]
}
],
"matchLabels": {}
},
"namespaces": [
"string"
],
"selector": {
"matchExpressions": [
{
"key": "string",
"operator": "string",
"values": [
"string"
]
}
],
"matchLabels": {}
}
},
"roles": [
"string"
],
"subjects": [
{
"apiGroup": "string",
"kind": "string",
"name": "string",
"namespace": "string"
}
]
}
],
"any": [
{
"clusterRoles": [
"string"
],
"resources": {
"annotations": {},
"kinds": [
"string"
],
"name": "string",
"names": [
"string"
],
"namespaceSelector": {
"matchExpressions": [
{
"key": "string",
"operator": "string",
"values": [
"string"
]
}
],
"matchLabels": {}
},
"namespaces": [
"string"
],
"selector": {
"matchExpressions": [
{
"key": "string",
"operator": "string",
"values": [
"string"
]
}
],
"matchLabels": {}
}
},
"roles": [
"string"
],
"subjects": [
{
"apiGroup": "string",
"kind": "string",
"name": "string",
"namespace": "string"
}
]
}
],
"clusterRoles": [
"string"
],
"resources": {
"annotations": {},
"kinds": [
"string"
],
"name": "string",
"names": [
"string"
],
"namespaceSelector": {
"matchExpressions": [
{
"key": "string",
"operator": "string",
"values": [
"string"
]
}
],
"matchLabels": {}
},
"namespaces": [
"string"
],
"selector": {
"matchExpressions": [
{
"key": "string",
"operator": "string",
"values": [
"string"
]
}
],
"matchLabels": {}
}
},
"roles": [
"string"
],
"subjects": [
{
"apiGroup": "string",
"kind": "string",
"name": "string",
"namespace": "string"
}
]
},
"mutate": {
"foreach": [
{
"context": [
{
"apiCall": {
"jmesPath": "string",
"service": {
"caBundle": "string",
"data": [
{
"key": "string",
"value": "string"
}
],
"requestType": "string",
"urlPath": "string"
},
"urlPath": "string"
},
"configMap": {
"name": "string",
"namespace": "string"
},
"imageRegistry": {
"jmesPath": "string",
"reference": "string"
},
"name": "string",
"variable": {
"default": "string",
"jmesPath": "string",
"value": "string"
}
}
],
"foreach": "string",
"list": "string",
"patchStrategicMerge": "string",
"patchesJson6902": "string",
"preconditions": {
"all": [
{
"key": "string",
"operator": "string",
"value": "string"
}
],
"any": [
{
"key": "string",
"operator": "string",
"value": "string"
}
]
}
}
],
"patchStrategicMerge": "string",
"patchesJson6902": "string",
"targets": [
{
"apiVersion": "string",
"kind": "string",
"name": "string",
"namespace": "string"
}
]
},
"name": "string",
"preconditions": "string",
"validate": {
"anyPattern": "string",
"deny": {
"conditions": "string"
},
"foreach": [
{
"anyPattern": "string",
"context": [
{
"apiCall": {
"jmesPath": "string",
"service": {
"caBundle": "string",
"data": [
{
"key": "string",
"value": "string"
}
],
"requestType": "string",
"urlPath": "string"
},
"urlPath": "string"
},
"configMap": {
"name": "string",
"namespace": "string"
},
"imageRegistry": {
"jmesPath": "string",
"reference": "string"
},
"name": "string",
"variable": {
"default": "string",
"jmesPath": "string",
"value": "string"
}
}
],
"deny": {
"conditions": "string"
},
"elementScope": true,
"foreach": "string",
"list": "string",
"pattern": "string",
"preconditions": {
"all": [
{
"key": "string",
"operator": "string",
"value": "string"
}
],
"any": [
{
"key": "string",
"operator": "string",
"value": "string"
}
]
}
}
],
"manifests": {
"annotationDomain": "string",
"attestors": [
{
"count": 0,
"entries": [
{
"annotations": {},
"attestor": "string",
"certificates": {
"cert": "string",
"certChain": "string",
"rekor": {
"url": "string"
}
},
"keyless": {
"additionalExtensions": {},
"issuer": "string",
"rekor": {
"url": "string"
},
"roots": "string",
"subject": "string"
},
"keys": {
"kms": "string",
"publicKeys": "string",
"rekor": {
"url": "string"
},
"secret": {
"name": "string",
"namespace": "string"
},
"signatureAlgorithm": "string"
},
"repository": "string"
}
]
}
],
"dryRun": {
"enable": true,
"namespace": "string"
},
"ignoreFields": [
{
"fields": [
"string"
],
"objects": [
{
"group": "string",
"kind": "string",
"name": "string",
"namespace": "string",
"version": "string"
}
]
}
],
"repository": "string"
},
"message": "string",
"pattern": "string",
"podSecurity": {
"exclude": [
{
"controlName": "string",
"images": [
"string"
]
}
],
"level": "string",
"version": "string"
}
},
"verifyImages": [
{
"additionalExtensions": {},
"annotations": {},
"attestations": [
{
"attestors": [
{
"count": 0,
"entries": [
{
"annotations": {},
"attestor": "string",
"certificates": {
"cert": "string",
"certChain": "string",
"rekor": {
"url": "string"
}
},
"keyless": {
"additionalExtensions": {},
"issuer": "string",
"rekor": {
"url": "string"
},
"roots": "string",
"subject": "string"
},
"keys": {
"kms": "string",
"publicKeys": "string",
"rekor": {
"url": "string"
},
"secret": {
"name": "string",
"namespace": "string"
},
"signatureAlgorithm": "string"
},
"repository": "string"
}
]
}
],
"conditions": [
{
"all": [
{
"key": "string",
"operator": "string",
"value": "string"
}
],
"any": [
{
"key": "string",
"operator": "string",
"value": "string"
}
]
}
],
"predicateType": "string"
}
],
"attestors": [
{
"count": 0,
"entries": [
{
"annotations": {},
"attestor": "string",
"certificates": {
"cert": "string",
"certChain": "string",
"rekor": {
"url": "string"
}
},
"keyless": {
"additionalExtensions": {},
"issuer": "string",
"rekor": {
"url": "string"
},
"roots": "string",
"subject": "string"
},
"keys": {
"kms": "string",
"publicKeys": "string",
"rekor": {
"url": "string"
},
"secret": {
"name": "string",
"namespace": "string"
},
"signatureAlgorithm": "string"
},
"repository": "string"
}
]
}
],
"image": "string",
"imageReferences": [
"string"
],
"issuer": "string",
"key": "string",
"mutateDigest": true,
"repository": "string",
"required": true,
"roots": "string",
"subject": "string",
"verifyDigest": true
}
]
}
],
"schemaValidation": true,
"validationFailureAction": "string",
"validationFailureActionOverrides": [
{
"action": "string",
"namespaces": [
"string"
]
}
],
"webhookTimeoutSeconds": 0
},
"type": "string"
},
"target": {
"cluster": {
"matchExpressions": [
{
"key": "string",
"operator": "string",
"values": [
"string"
]
}
],
"matchLabels": {}
},
"namespace": {
"matchExpressions": [
{
"key": "string",
"operator": "string",
"values": [
"string"
]
}
],
"matchLabels": {}
}
}
},
"status": {
"cloudResourcesCreated": true,
"conditions": [
{
"detail": "string",
"lastTransitionTime": "string",
"message": "string",
"name": "string",
"negativePolarity": true,
"observedGeneration": 0,
"reason": "string",
"status": "string",
"type": "string"
}
],
"detail": "string",
"lastReconcile": {
"generation": 0,
"time": "string"
},
"lastSuccess": {
"generation": 0,
"time": "string"
},
"message": "string",
"obsoleteResources": [
{
"kind": "string",
"name": "string"
}
],
"routing": [
{
"error": "string",
"lastReconcile": {
"generation": 0,
"time": "string"
},
"status": "string",
"target": {
"group": "string",
"kind": "string",
"name": "string",
"namespace": "string",
"version": "string"
}
}
],
"status": "string",
"wayfinderVersion": "string"
}
}
],
"kind": "string",
"metadata": {
"continue": "string",
"remainingItemCount": 0,
"resourceVersion": "string",
"selfLink": "string"
}
}
If not authenticated
If authenticated but not authorized
A generic API error containing the cause of the error
- application/json
- Schema
- Example (from schema)
Schema
{
"code": 0,
"detail": "string",
"message": "string",
"uri": "string",
"verb": "string"
}