constraints.gatekeeper.sh/v1beta1
GDCHRestrictedService
GDCHRestrictedService lets you restrict which service can be used on GDC air-gapped appliance. When applied, the policy prevents the use of the APIs that it references.
Field | Description |
---|---|
apiVersion string |
constraints.gatekeeper.sh/v1beta1 |
kind string |
GDCHRestrictedService |
metadata ObjectMeta |
Refer to Kubernetes API documentation for fields of metadata . |
spec GDCHRestrictedServiceSpec |
|
status GDCHRestrictedServiceStatus |
GDCHRestrictedServiceSpec
GDCHRestrictedServiceSpec defines the desired state for a GDCHRestrictedService.
Appears in: - GDCHRestrictedService
Field | Description |
---|---|
match Match |
Refer to the dedicated page for fields of match . |
parameters Parameters |
The parameters of the policy. |
Parameters
Parameters define the parameters of a GDCHRestrictedService.
Appears in: - GDCHRestrictedServiceSpec
Field | Description |
---|---|
disabledOperations string array |
The API operations that are disabled by the GDCHRestrictedService policy. Supported values: CREATE and UPDATE . |
GDCHRestrictedServiceStatus
GDCHRestrictedServiceStatus defines the observed state of the GDCHRestrictedService policy.
Appears in: - GDCHRestrictedService
Field | Description |
---|---|
auditTimestamp Timestamp |
The last time an audit item was generated. |
enforced boolean |
Whether the policy is currently enforced or not. |
violations Violation array |
List of recent observed policy violations. |
Violation
Violation represents an event where an attempted violation of the policy happened.
Appears in: - GDCHRestrictedServiceStatus
Field | Description |
---|---|
enforcementAction string |
The enforcement action that was taken against this violation. This is often deny . |
message string |
The message that was given to the client who performed the action that triggered the violation. |
group string |
The API group to which the resource that triggered the violation belongs. |
version string |
The API version to which the resource that triggered the violation belongs. |
kind string |
The API kind of the resource that triggered the violation. |
name string |
The name of the resource that triggered the violation. |