Updates the cluster policy
Updates the cluster policy
Path Parameters
Workspace to use
The name of the cluster policy you wish or update
Query Parameters
Set to 'All' to perform a server-side dry run of updating this resource
Set to 'true' to override read-only (has no effect unless used by Wayfinder admin)
Use an explicit owner for this resource - this must match the owner used on create, if set
Use server-side apply for this update instead of overwriting the whole object
- application/json
Request Body required
The specification for the cluster policy you are updating
property name*stringproperty name*stringproperty name*stringproperty name*stringproperty name*stringproperty name*stringproperty name*stringproperty name*stringproperty name*stringproperty name*stringproperty name*stringproperty name*stringproperty name*stringproperty name*stringproperty name*stringproperty name*stringproperty name*stringproperty name*stringproperty name*stringproperty name*stringproperty name*stringproperty name*stringproperty name*stringproperty name*stringproperty name*stringproperty name*stringproperty name*stringproperty name*stringproperty name*stringproperty name*stringproperty name*string
metadata
ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create.
annotations object
Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations
labels object
Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels
managedFields undefined[]
ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn't need to set or understand this field. A workflow can be the user's name, a controller's name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.
ownerReferences undefined[]
List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.
spec
ClusterPolicySpec defines the specification of a policy in a cluster or namespace
policy
Policy details
kuberbac
KubeRBAC holds the kubernetes rbac details
roleRef
RoleRef is a reference to the Role or ClusterRole within the target cluster - must exist if no rules are specified
rules undefined[]
Rules is rules Leave blank to specify only a binding is to be created
subjects undefined[]
Subjects / principles who the rules apply to - user - group - serviceaccount Note only a service account can specify the namespace
kyverno
Kyverno holds the spec for a kyverno policy
rules undefined[]
context undefined[]
apiCall
service
data undefined[] required
configMap
imageRegistry
variable
exclude
all undefined[]
resources
annotations object
namespaceSelector
A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects.
matchExpressions undefined[]
matchExpressions is a list of label selector requirements. The requirements are ANDed.
matchLabels object
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
selector
A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects.
matchExpressions undefined[]
matchExpressions is a list of label selector requirements. The requirements are ANDed.
matchLabels object
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
subjects undefined[]
any undefined[]
resources
annotations object
namespaceSelector
A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects.
matchExpressions undefined[]
matchExpressions is a list of label selector requirements. The requirements are ANDed.
matchLabels object
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
selector
A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects.
matchExpressions undefined[]
matchExpressions is a list of label selector requirements. The requirements are ANDed.
matchLabels object
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
subjects undefined[]
resources
annotations object
namespaceSelector
A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects.
matchExpressions undefined[]
matchExpressions is a list of label selector requirements. The requirements are ANDed.
matchLabels object
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
selector
A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects.
matchExpressions undefined[]
matchExpressions is a list of label selector requirements. The requirements are ANDed.
matchLabels object
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
subjects undefined[]
generate
clone
cloneList
selector
A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects.
matchExpressions undefined[]
matchExpressions is a list of label selector requirements. The requirements are ANDed.
matchLabels object
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
imageExtractors object
items
match
all undefined[]
resources
annotations object
namespaceSelector
A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects.
matchExpressions undefined[]
matchExpressions is a list of label selector requirements. The requirements are ANDed.
matchLabels object
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
selector
A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects.
matchExpressions undefined[]
matchExpressions is a list of label selector requirements. The requirements are ANDed.
matchLabels object
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
subjects undefined[]
any undefined[]
resources
annotations object
namespaceSelector
A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects.
matchExpressions undefined[]
matchExpressions is a list of label selector requirements. The requirements are ANDed.
matchLabels object
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
selector
A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects.
matchExpressions undefined[]
matchExpressions is a list of label selector requirements. The requirements are ANDed.
matchLabels object
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
subjects undefined[]
resources
annotations object
namespaceSelector
A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects.
matchExpressions undefined[]
matchExpressions is a list of label selector requirements. The requirements are ANDed.
matchLabels object
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
selector
A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects.
matchExpressions undefined[]
matchExpressions is a list of label selector requirements. The requirements are ANDed.
matchLabels object
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
subjects undefined[]
mutate
foreach undefined[]
context undefined[]
apiCall
service
data undefined[] required
configMap
imageRegistry
variable
preconditions
all undefined[]
any undefined[]
targets undefined[]
validate
deny
foreach undefined[]
context undefined[]
apiCall
service
data undefined[] required
configMap
imageRegistry
variable
deny
preconditions
all undefined[]
any undefined[]
manifests
attestors undefined[]
entries undefined[]
annotations object
certificates
rekor
keyless
additionalExtensions object
rekor
keys
rekor
secret
dryRun
ignoreFields undefined[]
objects undefined[]
podSecurity
exclude undefined[]
verifyImages undefined[]
additionalExtensions object
annotations object
attestations undefined[]
attestors undefined[] required
entries undefined[]
annotations object
certificates
rekor
keyless
additionalExtensions object
rekor
keys
rekor
secret
conditions undefined[]
all undefined[]
any undefined[]
attestors undefined[]
entries undefined[]
annotations object
certificates
rekor
keyless
additionalExtensions object
rekor
keys
rekor
secret
validationFailureActionOverrides undefined[]
target required
Target contains targeting information for this cluster policy
cluster
A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects.
matchExpressions undefined[]
matchExpressions is a list of label selector requirements. The requirements are ANDed.
matchLabels object
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
namespace
A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects.
matchExpressions undefined[]
matchExpressions is a list of label selector requirements. The requirements are ANDed.
matchLabels object
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
status
ClusterPolicyStatus defines the status of a cluster policy
conditions undefined[]
lastReconcile
lastSuccess
obsoleteResources undefined[]
routing undefined[]
lastReconcile
target required
Responses
- 200
- 400
- 401
- 403
- 500
Contains the cluster policy definition
- application/json
- Schema
- Example (from schema)
Schema
property name*stringproperty name*stringproperty name*stringproperty name*stringproperty name*stringproperty name*stringproperty name*stringproperty name*stringproperty name*stringproperty name*stringproperty name*stringproperty name*stringproperty name*stringproperty name*stringproperty name*stringproperty name*stringproperty name*stringproperty name*stringproperty name*stringproperty name*stringproperty name*stringproperty name*stringproperty name*stringproperty name*stringproperty name*stringproperty name*stringproperty name*stringproperty name*stringproperty name*stringproperty name*stringproperty name*string
metadata
ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create.
annotations object
Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations
labels object
Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels
managedFields undefined[]
ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn't need to set or understand this field. A workflow can be the user's name, a controller's name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.
ownerReferences undefined[]
List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.
spec
ClusterPolicySpec defines the specification of a policy in a cluster or namespace
policy
Policy details
kuberbac
KubeRBAC holds the kubernetes rbac details
roleRef
RoleRef is a reference to the Role or ClusterRole within the target cluster - must exist if no rules are specified
rules undefined[]
Rules is rules Leave blank to specify only a binding is to be created
subjects undefined[]
Subjects / principles who the rules apply to - user - group - serviceaccount Note only a service account can specify the namespace
kyverno
Kyverno holds the spec for a kyverno policy
rules undefined[]
context undefined[]
apiCall
service
data undefined[]
configMap
imageRegistry
variable
exclude
all undefined[]
resources
annotations object
namespaceSelector
A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects.
matchExpressions undefined[]
matchExpressions is a list of label selector requirements. The requirements are ANDed.
matchLabels object
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
selector
A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects.
matchExpressions undefined[]
matchExpressions is a list of label selector requirements. The requirements are ANDed.
matchLabels object
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
subjects undefined[]
any undefined[]
resources
annotations object
namespaceSelector
A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects.
matchExpressions undefined[]
matchExpressions is a list of label selector requirements. The requirements are ANDed.
matchLabels object
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
selector
A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects.
matchExpressions undefined[]
matchExpressions is a list of label selector requirements. The requirements are ANDed.
matchLabels object
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
subjects undefined[]
resources
annotations object
namespaceSelector
A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects.
matchExpressions undefined[]
matchExpressions is a list of label selector requirements. The requirements are ANDed.
matchLabels object
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
selector
A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects.
matchExpressions undefined[]
matchExpressions is a list of label selector requirements. The requirements are ANDed.
matchLabels object
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
subjects undefined[]
generate
clone
cloneList
selector
A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects.
matchExpressions undefined[]
matchExpressions is a list of label selector requirements. The requirements are ANDed.
matchLabels object
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
imageExtractors object
items
match
all undefined[]
resources
annotations object
namespaceSelector
A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects.
matchExpressions undefined[]
matchExpressions is a list of label selector requirements. The requirements are ANDed.
matchLabels object
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
selector
A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects.
matchExpressions undefined[]
matchExpressions is a list of label selector requirements. The requirements are ANDed.
matchLabels object
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
subjects undefined[]
any undefined[]
resources
annotations object
namespaceSelector
A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects.
matchExpressions undefined[]
matchExpressions is a list of label selector requirements. The requirements are ANDed.
matchLabels object
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
selector
A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects.
matchExpressions undefined[]
matchExpressions is a list of label selector requirements. The requirements are ANDed.
matchLabels object
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
subjects undefined[]
resources
annotations object
namespaceSelector
A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects.
matchExpressions undefined[]
matchExpressions is a list of label selector requirements. The requirements are ANDed.
matchLabels object
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
selector
A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects.
matchExpressions undefined[]
matchExpressions is a list of label selector requirements. The requirements are ANDed.
matchLabels object
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
subjects undefined[]
mutate
foreach undefined[]
context undefined[]
apiCall
service
data undefined[]
configMap
imageRegistry
variable
preconditions
all undefined[]
any undefined[]
targets undefined[]
validate
deny
foreach undefined[]
context undefined[]
apiCall
service
data undefined[]
configMap
imageRegistry
variable
deny
preconditions
all undefined[]
any undefined[]
manifests
attestors undefined[]
entries undefined[]
annotations object
certificates
rekor
keyless
additionalExtensions object
rekor
keys
rekor
secret
dryRun
ignoreFields undefined[]
objects undefined[]
podSecurity
exclude undefined[]
verifyImages undefined[]
additionalExtensions object
annotations object
attestations undefined[]
attestors undefined[]
entries undefined[]
annotations object
certificates
rekor
keyless
additionalExtensions object
rekor
keys
rekor
secret
conditions undefined[]
all undefined[]
any undefined[]
attestors undefined[]
entries undefined[]
annotations object
certificates
rekor
keyless
additionalExtensions object
rekor
keys
rekor
secret
validationFailureActionOverrides undefined[]
target
Target contains targeting information for this cluster policy
cluster
A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects.
matchExpressions undefined[]
matchExpressions is a list of label selector requirements. The requirements are ANDed.
matchLabels object
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
namespace
A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects.
matchExpressions undefined[]
matchExpressions is a list of label selector requirements. The requirements are ANDed.
matchLabels object
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
status
ClusterPolicyStatus defines the status of a cluster policy
conditions undefined[]
lastReconcile
lastSuccess
obsoleteResources undefined[]
routing undefined[]
lastReconcile
target
{
"apiVersion": "string",
"kind": "string",
"metadata": {
"annotations": {},
"clusterName": "string",
"creationTimestamp": "string",
"deletionGracePeriodSeconds": 0,
"deletionTimestamp": "string",
"finalizers": [
"string"
],
"generateName": "string",
"generation": 0,
"labels": {},
"managedFields": [
{
"apiVersion": "string",
"fieldsType": "string",
"fieldsV1": "string",
"manager": "string",
"operation": "string",
"subresource": "string",
"time": "string"
}
],
"name": "string",
"namespace": "string",
"ownerReferences": [
{
"apiVersion": "string",
"blockOwnerDeletion": true,
"controller": true,
"kind": "string",
"name": "string",
"uid": "string"
}
],
"resourceVersion": "string",
"selfLink": "string",
"uid": "string"
},
"spec": {
"policy": {
"kuberbac": {
"clusterScoped": true,
"clusterScopedRoleOverride": true,
"roleBindingNameOverride": "string",
"roleNameOverride": "string",
"roleRef": {
"apiGroup": "string",
"kind": "string",
"name": "string"
},
"rules": [
{
"apiGroups": [
"string"
],
"nonResourceURLs": [
"string"
],
"resourceNames": [
"string"
],
"resources": [
"string"
],
"verbs": [
"string"
]
}
],
"subjects": [
{
"apiGroup": "string",
"kind": "string",
"name": "string",
"namespace": "string"
}
]
},
"kyverno": {
"applyRules": "string",
"background": true,
"failurePolicy": "string",
"generateExistingOnPolicyUpdate": true,
"mutateExistingOnPolicyUpdate": true,
"rules": [
{
"context": [
{
"apiCall": {
"jmesPath": "string",
"service": {
"caBundle": "string",
"data": [
{
"key": "string",
"value": "string"
}
],
"requestType": "string",
"urlPath": "string"
},
"urlPath": "string"
},
"configMap": {
"name": "string",
"namespace": "string"
},
"imageRegistry": {
"jmesPath": "string",
"reference": "string"
},
"name": "string",
"variable": {
"default": "string",
"jmesPath": "string",
"value": "string"
}
}
],
"exclude": {
"all": [
{
"clusterRoles": [
"string"
],
"resources": {
"annotations": {},
"kinds": [
"string"
],
"name": "string",
"names": [
"string"
],
"namespaceSelector": {
"matchExpressions": [
{
"key": "string",
"operator": "string",
"values": [
"string"
]
}
],
"matchLabels": {}
},
"namespaces": [
"string"
],
"selector": {
"matchExpressions": [
{
"key": "string",
"operator": "string",
"values": [
"string"
]
}
],
"matchLabels": {}
}
},
"roles": [
"string"
],
"subjects": [
{
"apiGroup": "string",
"kind": "string",
"name": "string",
"namespace": "string"
}
]
}
],
"any": [
{
"clusterRoles": [
"string"
],
"resources": {
"annotations": {},
"kinds": [
"string"
],
"name": "string",
"names": [
"string"
],
"namespaceSelector": {
"matchExpressions": [
{
"key": "string",
"operator": "string",
"values": [
"string"
]
}
],
"matchLabels": {}
},
"namespaces": [
"string"
],
"selector": {
"matchExpressions": [
{
"key": "string",
"operator": "string",
"values": [
"string"
]
}
],
"matchLabels": {}
}
},
"roles": [
"string"
],
"subjects": [
{
"apiGroup": "string",
"kind": "string",
"name": "string",
"namespace": "string"
}
]
}
],
"clusterRoles": [
"string"
],
"resources": {
"annotations": {},
"kinds": [
"string"
],
"name": "string",
"names": [
"string"
],
"namespaceSelector": {
"matchExpressions": [
{
"key": "string",
"operator": "string",
"values": [
"string"
]
}
],
"matchLabels": {}
},
"namespaces": [
"string"
],
"selector": {
"matchExpressions": [
{
"key": "string",
"operator": "string",
"values": [
"string"
]
}
],
"matchLabels": {}
}
},
"roles": [
"string"
],
"subjects": [
{
"apiGroup": "string",
"kind": "string",
"name": "string",
"namespace": "string"
}
]
},
"generate": {
"apiVersion": "string",
"clone": {
"name": "string",
"namespace": "string"
},
"cloneList": {
"kinds": [
"string"
],
"namespace": "string",
"selector": {
"matchExpressions": [
{
"key": "string",
"operator": "string",
"values": [
"string"
]
}
],
"matchLabels": {}
}
},
"data": "string",
"kind": "string",
"name": "string",
"namespace": "string",
"synchronize": true
},
"imageExtractors": {},
"match": {
"all": [
{
"clusterRoles": [
"string"
],
"resources": {
"annotations": {},
"kinds": [
"string"
],
"name": "string",
"names": [
"string"
],
"namespaceSelector": {
"matchExpressions": [
{
"key": "string",
"operator": "string",
"values": [
"string"
]
}
],
"matchLabels": {}
},
"namespaces": [
"string"
],
"selector": {
"matchExpressions": [
{
"key": "string",
"operator": "string",
"values": [
"string"
]
}
],
"matchLabels": {}
}
},
"roles": [
"string"
],
"subjects": [
{
"apiGroup": "string",
"kind": "string",
"name": "string",
"namespace": "string"
}
]
}
],
"any": [
{
"clusterRoles": [
"string"
],
"resources": {
"annotations": {},
"kinds": [
"string"
],
"name": "string",
"names": [
"string"
],
"namespaceSelector": {
"matchExpressions": [
{
"key": "string",
"operator": "string",
"values": [
"string"
]
}
],
"matchLabels": {}
},
"namespaces": [
"string"
],
"selector": {
"matchExpressions": [
{
"key": "string",
"operator": "string",
"values": [
"string"
]
}
],
"matchLabels": {}
}
},
"roles": [
"string"
],
"subjects": [
{
"apiGroup": "string",
"kind": "string",
"name": "string",
"namespace": "string"
}
]
}
],
"clusterRoles": [
"string"
],
"resources": {
"annotations": {},
"kinds": [
"string"
],
"name": "string",
"names": [
"string"
],
"namespaceSelector": {
"matchExpressions": [
{
"key": "string",
"operator": "string",
"values": [
"string"
]
}
],
"matchLabels": {}
},
"namespaces": [
"string"
],
"selector": {
"matchExpressions": [
{
"key": "string",
"operator": "string",
"values": [
"string"
]
}
],
"matchLabels": {}
}
},
"roles": [
"string"
],
"subjects": [
{
"apiGroup": "string",
"kind": "string",
"name": "string",
"namespace": "string"
}
]
},
"mutate": {
"foreach": [
{
"context": [
{
"apiCall": {
"jmesPath": "string",
"service": {
"caBundle": "string",
"data": [
{
"key": "string",
"value": "string"
}
],
"requestType": "string",
"urlPath": "string"
},
"urlPath": "string"
},
"configMap": {
"name": "string",
"namespace": "string"
},
"imageRegistry": {
"jmesPath": "string",
"reference": "string"
},
"name": "string",
"variable": {
"default": "string",
"jmesPath": "string",
"value": "string"
}
}
],
"foreach": "string",
"list": "string",
"patchStrategicMerge": "string",
"patchesJson6902": "string",
"preconditions": {
"all": [
{
"key": "string",
"operator": "string",
"value": "string"
}
],
"any": [
{
"key": "string",
"operator": "string",
"value": "string"
}
]
}
}
],
"patchStrategicMerge": "string",
"patchesJson6902": "string",
"targets": [
{
"apiVersion": "string",
"kind": "string",
"name": "string",
"namespace": "string"
}
]
},
"name": "string",
"preconditions": "string",
"validate": {
"anyPattern": "string",
"deny": {
"conditions": "string"
},
"foreach": [
{
"anyPattern": "string",
"context": [
{
"apiCall": {
"jmesPath": "string",
"service": {
"caBundle": "string",
"data": [
{
"key": "string",
"value": "string"
}
],
"requestType": "string",
"urlPath": "string"
},
"urlPath": "string"
},
"configMap": {
"name": "string",
"namespace": "string"
},
"imageRegistry": {
"jmesPath": "string",
"reference": "string"
},
"name": "string",
"variable": {
"default": "string",
"jmesPath": "string",
"value": "string"
}
}
],
"deny": {
"conditions": "string"
},
"elementScope": true,
"foreach": "string",
"list": "string",
"pattern": "string",
"preconditions": {
"all": [
{
"key": "string",
"operator": "string",
"value": "string"
}
],
"any": [
{
"key": "string",
"operator": "string",
"value": "string"
}
]
}
}
],
"manifests": {
"annotationDomain": "string",
"attestors": [
{
"count": 0,
"entries": [
{
"annotations": {},
"attestor": "string",
"certificates": {
"cert": "string",
"certChain": "string",
"rekor": {
"url": "string"
}
},
"keyless": {
"additionalExtensions": {},
"issuer": "string",
"rekor": {
"url": "string"
},
"roots": "string",
"subject": "string"
},
"keys": {
"kms": "string",
"publicKeys": "string",
"rekor": {
"url": "string"
},
"secret": {
"name": "string",
"namespace": "string"
},
"signatureAlgorithm": "string"
},
"repository": "string"
}
]
}
],
"dryRun": {
"enable": true,
"namespace": "string"
},
"ignoreFields": [
{
"fields": [
"string"
],
"objects": [
{
"group": "string",
"kind": "string",
"name": "string",
"namespace": "string",
"version": "string"
}
]
}
],
"repository": "string"
},
"message": "string",
"pattern": "string",
"podSecurity": {
"exclude": [
{
"controlName": "string",
"images": [
"string"
]
}
],
"level": "string",
"version": "string"
}
},
"verifyImages": [
{
"additionalExtensions": {},
"annotations": {},
"attestations": [
{
"attestors": [
{
"count": 0,
"entries": [
{
"annotations": {},
"attestor": "string",
"certificates": {
"cert": "string",
"certChain": "string",
"rekor": {
"url": "string"
}
},
"keyless": {
"additionalExtensions": {},
"issuer": "string",
"rekor": {
"url": "string"
},
"roots": "string",
"subject": "string"
},
"keys": {
"kms": "string",
"publicKeys": "string",
"rekor": {
"url": "string"
},
"secret": {
"name": "string",
"namespace": "string"
},
"signatureAlgorithm": "string"
},
"repository": "string"
}
]
}
],
"conditions": [
{
"all": [
{
"key": "string",
"operator": "string",
"value": "string"
}
],
"any": [
{
"key": "string",
"operator": "string",
"value": "string"
}
]
}
],
"predicateType": "string"
}
],
"attestors": [
{
"count": 0,
"entries": [
{
"annotations": {},
"attestor": "string",
"certificates": {
"cert": "string",
"certChain": "string",
"rekor": {
"url": "string"
}
},
"keyless": {
"additionalExtensions": {},
"issuer": "string",
"rekor": {
"url": "string"
},
"roots": "string",
"subject": "string"
},
"keys": {
"kms": "string",
"publicKeys": "string",
"rekor": {
"url": "string"
},
"secret": {
"name": "string",
"namespace": "string"
},
"signatureAlgorithm": "string"
},
"repository": "string"
}
]
}
],
"image": "string",
"imageReferences": [
"string"
],
"issuer": "string",
"key": "string",
"mutateDigest": true,
"repository": "string",
"required": true,
"roots": "string",
"subject": "string",
"verifyDigest": true
}
]
}
],
"schemaValidation": true,
"validationFailureAction": "string",
"validationFailureActionOverrides": [
{
"action": "string",
"namespaces": [
"string"
]
}
],
"webhookTimeoutSeconds": 0
},
"type": "string"
},
"target": {
"cluster": {
"matchExpressions": [
{
"key": "string",
"operator": "string",
"values": [
"string"
]
}
],
"matchLabels": {}
},
"namespace": {
"matchExpressions": [
{
"key": "string",
"operator": "string",
"values": [
"string"
]
}
],
"matchLabels": {}
}
}
},
"status": {
"cloudResourcesCreated": true,
"conditions": [
{
"detail": "string",
"lastTransitionTime": "string",
"message": "string",
"name": "string",
"negativePolarity": true,
"observedGeneration": 0,
"reason": "string",
"status": "string",
"type": "string"
}
],
"detail": "string",
"lastReconcile": {
"generation": 0,
"time": "string"
},
"lastSuccess": {
"generation": 0,
"time": "string"
},
"message": "string",
"obsoleteResources": [
{
"kind": "string",
"name": "string"
}
],
"routing": [
{
"error": "string",
"lastReconcile": {
"generation": 0,
"time": "string"
},
"status": "string",
"target": {
"group": "string",
"kind": "string",
"name": "string",
"namespace": "string",
"version": "string"
}
}
],
"status": "string",
"wayfinderVersion": "string"
}
}
Validation error of supplied parameters/body
- application/json
- Schema
- Example (from schema)
Schema
fieldErrors undefined[]
{
"code": 0,
"fieldErrors": [
{
"errCode": "string",
"field": "string",
"message": "string"
}
],
"message": "string"
}
If not authenticated
If authenticated but not authorized
A generic API error containing the cause of the error
- application/json
- Schema
- Example (from schema)
Schema
{
"code": 0,
"detail": "string",
"message": "string",
"uri": "string",
"verb": "string"
}