KRM API constraints.gatekeeper.sh/v1beta1

constraints.gatekeeper.sh/v1beta1

GDCHRestrictedService

GDCHRestrictedService lets you restrict which service can be used on GDC air-gapped appliance. When applied, the policy prevents the use of the APIs that it references.

Field Description
apiVersion string constraints.gatekeeper.sh/v1beta1
kind string GDCHRestrictedService
metadata ObjectMeta Refer to Kubernetes API documentation for fields of metadata.
spec GDCHRestrictedServiceSpec
status GDCHRestrictedServiceStatus

GDCHRestrictedServiceSpec

GDCHRestrictedServiceSpec defines the desired state for a GDCHRestrictedService.

Appears in: - GDCHRestrictedService

Field Description
match Match Refer to the dedicated page for fields of match.
parameters Parameters The parameters of the policy.

Parameters

Parameters define the parameters of a GDCHRestrictedService.

Appears in: - GDCHRestrictedServiceSpec

Field Description
disabledOperations string array The API operations that are disabled by the GDCHRestrictedService policy. Supported values: CREATE and UPDATE.

GDCHRestrictedServiceStatus

GDCHRestrictedServiceStatus defines the observed state of the GDCHRestrictedService policy.

Appears in: - GDCHRestrictedService

Field Description
auditTimestamp Timestamp The last time an audit item was generated.
enforced boolean Whether the policy is currently enforced or not.
violations Violation array List of recent observed policy violations.

Violation

Violation represents an event where an attempted violation of the policy happened.

Appears in: - GDCHRestrictedServiceStatus

Field Description
enforcementAction string The enforcement action that was taken against this violation. This is often deny.
message string The message that was given to the client who performed the action that triggered the violation.
group string The API group to which the resource that triggered the violation belongs.
version string The API version to which the resource that triggered the violation belongs.
kind string The API kind of the resource that triggered the violation.
name string The name of the resource that triggered the violation.