Package v1beta2 contains API Schema definitions for the policy v1beta2 API group
Package v1beta2 contains API Schema definitions for the policy v1beta2 API group
ClusterPolicyReport is the Schema for the clusterpolicyreports API
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
apiVersion string |
reports.x-k8s.io/v1beta2 |
||
kind string |
ClusterPolicyReport |
||
metadata ObjectMeta |
Refer to Kubernetes API documentation for fields of metadata. |
||
source string |
Source is an identifier for the source e.g. a policy engine that manages this report. Use this field if all the results are produced by a single policy engine. If the results are produced by multiple sources e.g. different engines or scanners, then use the Source field at the PolicyReportResult level. |
||
scope ObjectReference |
Scope is an optional reference to the report scope (e.g. a Deployment, Namespace, or Node) | ||
scopeSelector LabelSelector |
ScopeSelector is an optional selector for multiple scopes (e.g. Pods). Either one of, or none of, but not both of, Scope or ScopeSelector should be specified. |
||
configuration PolicyReportConfiguration |
Configuration is an optional field which can be used to specify a contract between PolicyReport generators and consumers |
||
summary PolicyReportSummary |
PolicyReportSummary provides a summary of results | ||
results PolicyReportResult array |
PolicyReportResult provides result details |
ClusterPolicyReportList contains a list of ClusterPolicyReport
| Field | Description | Default | Validation |
|---|---|---|---|
apiVersion string |
reports.x-k8s.io/v1beta2 |
||
kind string |
ClusterPolicyReportList |
||
metadata ListMeta |
Refer to Kubernetes API documentation for fields of metadata. |
||
items ClusterPolicyReport array |
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
maxResults integer |
MaxResults is the maximum number of results contained in the report | ||
statusFilter StatusFilter array |
StatusFilter indicates that the PolicyReport contains only those reports with statuses specified in this list | Enum: [pass fail warn error skip] |
PolicyReport is the Schema for the policyreports API
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
apiVersion string |
reports.x-k8s.io/v1beta2 |
||
kind string |
PolicyReport |
||
metadata ObjectMeta |
Refer to Kubernetes API documentation for fields of metadata. |
||
source string |
Source is an identifier for the source e.g. a policy engine that manages this report. Use this field if all the results are produced by a single policy engine. If the results are produced by multiple sources e.g. different engines or scanners, then use the Source field at the PolicyReportResult level. |
||
scope ObjectReference |
Scope is an optional reference to the report scope (e.g. a Deployment, Namespace, or Node) | ||
scopeSelector LabelSelector |
ScopeSelector is an optional selector for multiple scopes (e.g. Pods). Either one of, or none of, but not both of, Scope or ScopeSelector should be specified. |
||
configuration PolicyReportConfiguration |
Configuration is an optional field which can be used to specify a contract between PolicyReport generators and consumers |
||
summary PolicyReportSummary |
PolicyReportSummary provides a summary of results | ||
results PolicyReportResult array |
PolicyReportResult provides result details |
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
limits Limits |
PolicyReportList contains a list of PolicyReport
| Field | Description | Default | Validation |
|---|---|---|---|
apiVersion string |
reports.x-k8s.io/v1beta2 |
||
kind string |
PolicyReportList |
||
metadata ListMeta |
Refer to Kubernetes API documentation for fields of metadata. |
||
items PolicyReport array |
PolicyReportResult provides the result for an individual policy
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
source string |
Source is an identifier for the policy engine that manages this report If the Source is specified at this level, it will override the Source field set at the PolicyReport level |
||
policy string |
Policy is the name or identifier of the policy | ||
rule string |
Rule is the name or identifier of the rule within the policy | ||
category string |
Category indicates policy category | ||
severity PolicyResultSeverity |
Severity indicates policy check result criticality | Enum: [critical high low medium info] |
|
timestamp Timestamp |
Timestamp indicates the time the result was found | ||
result PolicyResult |
Result indicates the outcome of the policy rule execution | Enum: [pass fail warn error skip] |
|
scored boolean |
Scored indicates if this result is scored | ||
resources ObjectReference array |
Subjects is an optional reference to the checked Kubernetes resources | ||
resourceSelector LabelSelector |
ResourceSelector is an optional label selector for checked Kubernetes resources. For example, a policy result may apply to all pods that match a label. Either a Subject or a ResourceSelector can be specified. If neither are provided, the result is assumed to be for the policy report scope. |
||
message string |
Description is a short user friendly message for the policy rule | ||
properties object (keys:string, values:string) |
Properties provides additional information for the policy rule |
PolicyReportSummary provides a status count summary
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
pass integer |
Pass provides the count of policies whose requirements were met | ||
fail integer |
Fail provides the count of policies whose requirements were not met | ||
warn integer |
Warn provides the count of non-scored policies whose requirements were not met | ||
error integer |
Error provides the count of policies that could not be evaluated | ||
skip integer |
Skip indicates the count of policies that were not selected for evaluation |
Underlying type: string
PolicyResult has one of the following values:
- pass: the policy requirements are met
- fail: the policy requirements are not met
- warn: the policy requirements are not met and the policy is not scored
- error: the policy could not be evaluated
- skip: the policy was not selected based on user inputs or applicability
Validation:
- Enum: [pass fail warn error skip]
Appears in:
Underlying type: string
PolicyResultSeverity has one of the following values:
- critical
- high
- low
- medium
- info
Validation:
- Enum: [critical high low medium info]
Appears in:
Underlying type: string
StatusFilter is used by PolicyReport generators to write only those reports whose status is specified by the filters
Validation:
- Enum: [pass fail warn error skip]
Appears in: